mirror of
https://github.com/akuker/RASCSI.git
synced 2024-12-27 01:31:42 +00:00
Break out frontend and backend auth options into stand alone options (#925)
* Break out frontend and backend auth options into stand alone options * Improve the token auth checks when installing clients
This commit is contained in:
parent
99a1c7cdbc
commit
ade656e38b
@ -22,7 +22,7 @@ USER pi
|
|||||||
COPY --chown=pi:pi . .
|
COPY --chown=pi:pi . .
|
||||||
|
|
||||||
# Standalone RaSCSI web UI
|
# Standalone RaSCSI web UI
|
||||||
RUN ./easyinstall.sh --run_choice=11 --skip-token
|
RUN ./easyinstall.sh --run_choice=11
|
||||||
|
|
||||||
# Wired network bridge
|
# Wired network bridge
|
||||||
RUN ./easyinstall.sh --run_choice=6 --headless
|
RUN ./easyinstall.sh --run_choice=6 --headless
|
||||||
|
@ -21,7 +21,7 @@ COPY --chown=pi:pi . .
|
|||||||
RUN patch -p0 < docker/rascsi/cfilesystem.patch
|
RUN patch -p0 < docker/rascsi/cfilesystem.patch
|
||||||
|
|
||||||
# Install RaSCSI standalone
|
# Install RaSCSI standalone
|
||||||
RUN ./easyinstall.sh --run_choice=10 --cores=`nproc` --skip-token
|
RUN ./easyinstall.sh --run_choice=10 --cores=`nproc`
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
WORKDIR /home/pi
|
WORKDIR /home/pi
|
||||||
|
131
easyinstall.sh
131
easyinstall.sh
@ -157,8 +157,18 @@ function installRaScsi() {
|
|||||||
cleanupOutdatedManPage "scsimon.1"
|
cleanupOutdatedManPage "scsimon.1"
|
||||||
cleanupOutdatedManPage "rasdump.1"
|
cleanupOutdatedManPage "rasdump.1"
|
||||||
cleanupOutdatedManPage "sasidump.1"
|
cleanupOutdatedManPage "sasidump.1"
|
||||||
|
|
||||||
# install
|
# install
|
||||||
sudo make install CONNECT_TYPE="${CONNECT_TYPE:-FULLSPEC}" </dev/null
|
sudo make install CONNECT_TYPE="${CONNECT_TYPE:-FULLSPEC}" </dev/null
|
||||||
|
|
||||||
|
# update launch parameters
|
||||||
|
if [[ -f $SECRET_FILE ]]; then
|
||||||
|
sudo sed -i "\@^ExecStart.*@ s@@& -F $VIRTUAL_DRIVER_PATH -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service"
|
||||||
|
echo "Secret token file $SECRET_FILE detected. Using it to enable back-end authentication."
|
||||||
|
else
|
||||||
|
sudo sed -i "\@^ExecStart.*@ s@@& -F $VIRTUAL_DRIVER_PATH@" "$SYSTEMD_PATH/rascsi.service"
|
||||||
|
fi
|
||||||
|
echo "Configured rascsi.service to use $VIRTUAL_DRIVER_PATH as default image dir."
|
||||||
}
|
}
|
||||||
|
|
||||||
function preparePythonCommon() {
|
function preparePythonCommon() {
|
||||||
@ -280,7 +290,7 @@ function backupRaScsiService() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Offers the choice of enabling token-based authentication for RaSCSI
|
# Offers the choice of enabling token-based authentication for RaSCSI, or disables it if enabled
|
||||||
function configureTokenAuth() {
|
function configureTokenAuth() {
|
||||||
if [[ -f "$HOME/.rascsi_secret" ]]; then
|
if [[ -f "$HOME/.rascsi_secret" ]]; then
|
||||||
sudo rm "$HOME/.rascsi_secret"
|
sudo rm "$HOME/.rascsi_secret"
|
||||||
@ -289,46 +299,34 @@ function configureTokenAuth() {
|
|||||||
|
|
||||||
if [[ -f $SECRET_FILE ]]; then
|
if [[ -f $SECRET_FILE ]]; then
|
||||||
sudo rm "$SECRET_FILE"
|
sudo rm "$SECRET_FILE"
|
||||||
echo "Removed RaSCSI token file"
|
echo "RaSCSI token file $SECRET_FILE already exists. Do you want to disable authentication? (y/N)"
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $SKIP_TOKEN ]]; then
|
|
||||||
echo "Skipping RaSCSI token setup"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -z $TOKEN ]]; then
|
|
||||||
echo ""
|
|
||||||
echo "Do you want to protect your RaSCSI installation with a password? [y/N]"
|
|
||||||
read REPLY
|
read REPLY
|
||||||
|
|
||||||
if ! [[ $REPLY =~ ^[Yy]$ ]]; then
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||||
return 0
|
sudo sed -i 's@-P '"$SECRET_FILE"'@@' "$SYSTEMD_PATH/rascsi.service"
|
||||||
|
return
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -n "Enter the password that you want to use: "
|
echo -n "Enter the token password for protecting RaSCSI: "
|
||||||
read -r TOKEN
|
read -r TOKEN
|
||||||
fi
|
|
||||||
|
|
||||||
echo "$TOKEN" > "$SECRET_FILE"
|
echo "$TOKEN" > "$SECRET_FILE"
|
||||||
|
|
||||||
# Make the secret file owned and only readable by root
|
# Make the secret file owned and only readable by root
|
||||||
sudo chown root:root "$SECRET_FILE"
|
sudo chown root:root "$SECRET_FILE"
|
||||||
sudo chmod 600 "$SECRET_FILE"
|
sudo chmod 600 "$SECRET_FILE"
|
||||||
|
|
||||||
|
sudo sed -i "s@^ExecStart.*@& -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service"
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "Configured RaSCSI to use $SECRET_FILE for authentication. This file is readable by root only."
|
echo "Configured RaSCSI to use $SECRET_FILE for authentication. This file is readable by root only."
|
||||||
echo "Make note of your password: you will need it to use rasctl and other RaSCSI clients."
|
echo "Make note of your password: you will need it to use rasctl and other RaSCSI clients."
|
||||||
|
echo "If you have RaSCSI clients installed, please re-run the installation scripts, or update the systemd config manually."
|
||||||
}
|
}
|
||||||
|
|
||||||
# Modifies and installs the rascsi service
|
# Enables and starts the rascsi service
|
||||||
function enableRaScsiService() {
|
function enableRaScsiService() {
|
||||||
if [ ! -z "$TOKEN" ]; then
|
|
||||||
sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service"
|
|
||||||
else
|
|
||||||
sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH@" "$SYSTEMD_PATH/rascsi.service"
|
|
||||||
fi
|
|
||||||
echo "Configured rascsi.service to use $VIRTUAL_DRIVER_PATH as default image dir."
|
|
||||||
|
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
sudo systemctl restart rsyslog
|
sudo systemctl restart rsyslog
|
||||||
sudo systemctl enable rascsi # optional - start rascsi at boot
|
sudo systemctl enable rascsi # optional - start rascsi at boot
|
||||||
@ -338,10 +336,16 @@ function enableRaScsiService() {
|
|||||||
|
|
||||||
# Modifies and installs the rascsi-web service
|
# Modifies and installs the rascsi-web service
|
||||||
function installWebInterfaceService() {
|
function installWebInterfaceService() {
|
||||||
|
if [[ -f "$SECRET_FILE" && -z "$TOKEN" ]] ; then
|
||||||
|
echo ""
|
||||||
|
echo "Secret token file $SECRET_FILE detected. You must enter the password, or press Ctrl+C to cancel installation."
|
||||||
|
read -r TOKEN
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Installing the rascsi-web.service configuration..."
|
echo "Installing the rascsi-web.service configuration..."
|
||||||
sudo cp -f "$WEB_INSTALL_PATH/service-infra/rascsi-web.service" "$SYSTEMD_PATH/rascsi-web.service"
|
sudo cp -f "$WEB_INSTALL_PATH/service-infra/rascsi-web.service" "$SYSTEMD_PATH/rascsi-web.service"
|
||||||
sudo sed -i /^ExecStart=/d "$SYSTEMD_PATH/rascsi-web.service"
|
sudo sed -i /^ExecStart=/d "$SYSTEMD_PATH/rascsi-web.service"
|
||||||
echo "$TOKEN"
|
|
||||||
if [ ! -z "$TOKEN" ]; then
|
if [ ! -z "$TOKEN" ]; then
|
||||||
sudo sed -i "8 i ExecStart=$WEB_INSTALL_PATH/start.sh --password=$TOKEN" "$SYSTEMD_PATH/rascsi-web.service"
|
sudo sed -i "8 i ExecStart=$WEB_INSTALL_PATH/start.sh --password=$TOKEN" "$SYSTEMD_PATH/rascsi-web.service"
|
||||||
# Make the service file readable by root only, to protect the token string
|
# Make the service file readable by root only, to protect the token string
|
||||||
@ -934,6 +938,12 @@ function installMacproxy {
|
|||||||
|
|
||||||
# updates configuration files and installs packages needed for the OLED screen script
|
# updates configuration files and installs packages needed for the OLED screen script
|
||||||
function installRaScsiScreen() {
|
function installRaScsiScreen() {
|
||||||
|
if [[ -f "$SECRET_FILE" && -z "$TOKEN" ]] ; then
|
||||||
|
echo ""
|
||||||
|
echo "Secret token file $SECRET_FILE detected. You must enter the password, or press Ctrl+C to cancel installation."
|
||||||
|
read -r TOKEN
|
||||||
|
fi
|
||||||
|
|
||||||
echo "IMPORTANT: This configuration requires a OLED screen to be installed onto your RaSCSI board."
|
echo "IMPORTANT: This configuration requires a OLED screen to be installed onto your RaSCSI board."
|
||||||
echo "See wiki for more information: https://github.com/akuker/RASCSI/wiki/OLED-Status-Display-(Optional)"
|
echo "See wiki for more information: https://github.com/akuker/RASCSI/wiki/OLED-Status-Display-(Optional)"
|
||||||
echo ""
|
echo ""
|
||||||
@ -964,16 +974,6 @@ function installRaScsiScreen() {
|
|||||||
SCREEN_HEIGHT="32"
|
SCREEN_HEIGHT="32"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$TOKEN" ]; then
|
|
||||||
echo ""
|
|
||||||
echo "Did you protect your RaSCSI installation with a token password? [y/N]"
|
|
||||||
read -r REPLY
|
|
||||||
if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
|
|
||||||
echo -n "Enter the password that you configured with RaSCSI at the time of installation: "
|
|
||||||
read -r TOKEN
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
stopRaScsiScreen
|
stopRaScsiScreen
|
||||||
disableRaScsiCtrlBoardService
|
disableRaScsiCtrlBoardService
|
||||||
updateRaScsiGit
|
updateRaScsiGit
|
||||||
@ -1026,6 +1026,12 @@ function installRaScsiScreen() {
|
|||||||
|
|
||||||
# updates configuration files and installs packages needed for the CtrlBoard script
|
# updates configuration files and installs packages needed for the CtrlBoard script
|
||||||
function installRaScsiCtrlBoard() {
|
function installRaScsiCtrlBoard() {
|
||||||
|
if [[ -f "$SECRET_FILE" && -z "$TOKEN" ]] ; then
|
||||||
|
echo ""
|
||||||
|
echo "Secret token file $SECRET_FILE detected. You must enter the password, or press Ctrl+C to cancel installation."
|
||||||
|
read -r TOKEN
|
||||||
|
fi
|
||||||
|
|
||||||
echo "IMPORTANT: This configuration requires a RaSCSI Control Board connected to your RaSCSI board."
|
echo "IMPORTANT: This configuration requires a RaSCSI Control Board connected to your RaSCSI board."
|
||||||
echo "See wiki for more information: https://github.com/akuker/RASCSI/wiki/RaSCSI-Control-Board"
|
echo "See wiki for more information: https://github.com/akuker/RASCSI/wiki/RaSCSI-Control-Board"
|
||||||
echo ""
|
echo ""
|
||||||
@ -1042,16 +1048,6 @@ function installRaScsiCtrlBoard() {
|
|||||||
ROTATION="180"
|
ROTATION="180"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$TOKEN" ]; then
|
|
||||||
echo ""
|
|
||||||
echo "Did you protect your RaSCSI installation with a token password? [y/N]"
|
|
||||||
read -r REPLY
|
|
||||||
if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
|
|
||||||
echo -n "Enter the password that you configured with RaSCSI at the time of installation: "
|
|
||||||
read -r TOKEN
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
stopRaScsiCtrlBoard
|
stopRaScsiCtrlBoard
|
||||||
updateRaScsiGit
|
updateRaScsiGit
|
||||||
|
|
||||||
@ -1148,6 +1144,13 @@ function enableWebInterfaceAuth {
|
|||||||
|
|
||||||
if [ $(getent group "$AUTH_GROUP") ]; then
|
if [ $(getent group "$AUTH_GROUP") ]; then
|
||||||
echo "The '$AUTH_GROUP' group already exists."
|
echo "The '$AUTH_GROUP' group already exists."
|
||||||
|
echo "Do you want to disable Web Interface authentication? (y/N)"
|
||||||
|
read -r REPLY
|
||||||
|
if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
|
||||||
|
sudo groupdel "$AUTH_GROUP"
|
||||||
|
echo "The '$AUTH_GROUP' group has been deleted."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
echo "Creating the '$AUTH_GROUP' group."
|
echo "Creating the '$AUTH_GROUP' group."
|
||||||
sudo groupadd "$AUTH_GROUP"
|
sudo groupadd "$AUTH_GROUP"
|
||||||
@ -1175,7 +1178,6 @@ function runChoice() {
|
|||||||
sudoCheck
|
sudoCheck
|
||||||
createImagesDir
|
createImagesDir
|
||||||
createCfgDir
|
createCfgDir
|
||||||
configureTokenAuth
|
|
||||||
stopOldWebInterface
|
stopOldWebInterface
|
||||||
updateRaScsiGit
|
updateRaScsiGit
|
||||||
installPackages
|
installPackages
|
||||||
@ -1196,7 +1198,6 @@ function runChoice() {
|
|||||||
cachePipPackages
|
cachePipPackages
|
||||||
installRaScsiWebInterface
|
installRaScsiWebInterface
|
||||||
installWebInterfaceService
|
installWebInterfaceService
|
||||||
enableWebInterfaceAuth
|
|
||||||
showRaScsiScreenStatus
|
showRaScsiScreenStatus
|
||||||
showRaScsiCtrlBoardStatus
|
showRaScsiCtrlBoardStatus
|
||||||
showRaScsiStatus
|
showRaScsiStatus
|
||||||
@ -1217,7 +1218,6 @@ function runChoice() {
|
|||||||
sudoCheck
|
sudoCheck
|
||||||
createImagesDir
|
createImagesDir
|
||||||
createCfgDir
|
createCfgDir
|
||||||
configureTokenAuth
|
|
||||||
updateRaScsiGit
|
updateRaScsiGit
|
||||||
installPackages
|
installPackages
|
||||||
stopRaScsiScreen
|
stopRaScsiScreen
|
||||||
@ -1306,7 +1306,6 @@ function runChoice() {
|
|||||||
echo "- Install manpages to /usr/local/man"
|
echo "- Install manpages to /usr/local/man"
|
||||||
sudoCheck
|
sudoCheck
|
||||||
createImagesDir
|
createImagesDir
|
||||||
configureTokenAuth
|
|
||||||
updateRaScsiGit
|
updateRaScsiGit
|
||||||
installPackagesStandalone
|
installPackagesStandalone
|
||||||
stopRaScsi
|
stopRaScsi
|
||||||
@ -1322,21 +1321,36 @@ function runChoice() {
|
|||||||
echo "- Add and modify systemd services"
|
echo "- Add and modify systemd services"
|
||||||
echo "- Modify and enable Apache2 and Nginx web service"
|
echo "- Modify and enable Apache2 and Nginx web service"
|
||||||
echo "- Create directories and change permissions"
|
echo "- Create directories and change permissions"
|
||||||
echo "- Modify user groups and permissions"
|
|
||||||
echo "- Create a self-signed certificate in /etc/ssl"
|
echo "- Create a self-signed certificate in /etc/ssl"
|
||||||
sudoCheck
|
sudoCheck
|
||||||
createCfgDir
|
createCfgDir
|
||||||
configureTokenAuth
|
|
||||||
updateRaScsiGit
|
updateRaScsiGit
|
||||||
installPackages
|
installPackages
|
||||||
preparePythonCommon
|
preparePythonCommon
|
||||||
cachePipPackages
|
cachePipPackages
|
||||||
installRaScsiWebInterface
|
installRaScsiWebInterface
|
||||||
enableWebInterfaceAuth
|
|
||||||
echo "Configuring RaSCSI Web Interface stand-alone - Complete!"
|
echo "Configuring RaSCSI Web Interface stand-alone - Complete!"
|
||||||
echo "Launch the Web Interface with the 'start.sh' script. To use a custom port for the web server: 'start.sh --web-port=8081"
|
echo "Launch the Web Interface with the 'start.sh' script. To use a custom port for the web server: 'start.sh --web-port=8081"
|
||||||
;;
|
;;
|
||||||
12)
|
12)
|
||||||
|
echo "Enabling or disabling RaSCSI back-end authentication"
|
||||||
|
echo "This script will make the following changes to your system:"
|
||||||
|
echo "- Modify user groups and permissions"
|
||||||
|
sudoCheck
|
||||||
|
stopRaScsi
|
||||||
|
configureTokenAuth
|
||||||
|
enableRaScsiService
|
||||||
|
echo "Enabling or disabling RaSCSI back-end authentication - Complete!"
|
||||||
|
;;
|
||||||
|
13)
|
||||||
|
echo "Enabling or disabling Web Interface authentication"
|
||||||
|
echo "This script will make the following changes to your system:"
|
||||||
|
echo "- Modify user groups and permissions"
|
||||||
|
sudoCheck
|
||||||
|
enableWebInterfaceAuth
|
||||||
|
echo "Enabling or disabling Web Interface authentication - Complete!"
|
||||||
|
;;
|
||||||
|
14)
|
||||||
echo "Installing / Updating RaSCSI Control Board UI"
|
echo "Installing / Updating RaSCSI Control Board UI"
|
||||||
echo "This script will make the following changes to your system:"
|
echo "This script will make the following changes to your system:"
|
||||||
echo "- Install additional packages with apt-get"
|
echo "- Install additional packages with apt-get"
|
||||||
@ -1349,7 +1363,7 @@ function runChoice() {
|
|||||||
showRaScsiCtrlBoardStatus
|
showRaScsiCtrlBoardStatus
|
||||||
echo "Installing / Updating RaSCSI Control Board UI - Complete!"
|
echo "Installing / Updating RaSCSI Control Board UI - Complete!"
|
||||||
;;
|
;;
|
||||||
13)
|
15)
|
||||||
shareImagesWithNetatalk
|
shareImagesWithNetatalk
|
||||||
echo "Configuring AppleShare File Server - Complete!"
|
echo "Configuring AppleShare File Server - Complete!"
|
||||||
;;
|
;;
|
||||||
@ -1366,7 +1380,7 @@ function runChoice() {
|
|||||||
function readChoice() {
|
function readChoice() {
|
||||||
choice=-1
|
choice=-1
|
||||||
|
|
||||||
until [ $choice -ge "0" ] && [ $choice -le "13" ]; do
|
until [ $choice -ge "0" ] && [ $choice -le "15" ]; do
|
||||||
echo -n "Enter your choice (0-13) or CTRL-C to exit: "
|
echo -n "Enter your choice (0-13) or CTRL-C to exit: "
|
||||||
read -r choice
|
read -r choice
|
||||||
done
|
done
|
||||||
@ -1395,9 +1409,11 @@ function showMenu() {
|
|||||||
echo "ADVANCED OPTIONS"
|
echo "ADVANCED OPTIONS"
|
||||||
echo " 10) compile and install RaSCSI stand-alone"
|
echo " 10) compile and install RaSCSI stand-alone"
|
||||||
echo " 11) configure the RaSCSI Web Interface stand-alone"
|
echo " 11) configure the RaSCSI Web Interface stand-alone"
|
||||||
|
echo " 12) enable or disable RaSCSI back-end authentication"
|
||||||
|
echo " 13) enable or disable RaSCSI Web Interface authentication"
|
||||||
echo "EXPERIMENTAL FEATURES"
|
echo "EXPERIMENTAL FEATURES"
|
||||||
echo " 12) install or update RaSCSI Control Board UI (requires hardware)"
|
echo " 14) install or update RaSCSI Control Board UI (requires hardware)"
|
||||||
echo " 13) share the images dir over AppleShare (requires Netatalk)"
|
echo " 15) share the images dir over AppleShare (requires Netatalk)"
|
||||||
}
|
}
|
||||||
|
|
||||||
# parse arguments passed to the script
|
# parse arguments passed to the script
|
||||||
@ -1433,9 +1449,6 @@ while [ "$1" != "" ]; do
|
|||||||
fi
|
fi
|
||||||
TOKEN=$VALUE
|
TOKEN=$VALUE
|
||||||
;;
|
;;
|
||||||
-s | --skip-token)
|
|
||||||
SKIP_TOKEN=1
|
|
||||||
;;
|
|
||||||
-h | --headless)
|
-h | --headless)
|
||||||
HEADLESS=1
|
HEADLESS=1
|
||||||
;;
|
;;
|
||||||
|
Loading…
Reference in New Issue
Block a user