Skip to content

Commit

Permalink
random password provisioning on boot/startup
Browse files Browse the repository at this point in the history 
During bootup of a new docker image, the redis
password might not match the nextcloud configuration.
Hence, we automatically update the nextcloud configuration.

For the MariaDB password the same method is applied.

Additionaly identical files have been moved to docker-common
to simplify changes in the future
  • Loading branch information
@Aeon512 @nachoparker
Aeon512 authored and nachoparker committed Feb 19, 2018
1 parent 648f53b commit a9a1809
Show file tree
Hide file tree
Showing 18 changed files with 76 additions and 160 deletions.
6 changes: 5 additions & 1 deletion changelog.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@

[v0.46.18](https://github.com/nextcloud/nextcloudpi/commit/a3b8829) (2018-02-18) ncp-web: disable event handler after poweroff
[v0.46.20](https://github.com/nextcloud/nextcloudpi/commit/494bb10) (2018-02-15) random password provisioning on boot/startup

[v0.46.19](https://github.com/nextcloud/nextcloudpi/commit/a57bedb) (2018-02-18) ncp-web: re-style poweroff menu

[v0.46.18](https://github.com/nextcloud/nextcloudpi/commit/9b78cd6) (2018-02-18) ncp-web: disable event handler after poweroff

[v0.46.17](https://github.com/nextcloud/nextcloudpi/commit/91686f2) (2018-02-10) Add dialog for shutdown.

Expand Down
2 changes: 1 addition & 1 deletion docker-armhf/debian-ncp/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ CMD /bin/bash

RUN mkdir -p /etc/services-available.d /etc/services-enabled.d

COPY docker-armhf/debian-ncp/run-parts.sh /
COPY docker-common/debian-ncp/run-parts.sh /
2 changes: 1 addition & 1 deletion docker-armhf/lamp/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \
rm /data/database/ib_logfile*; \
rm /usr/local/etc/lamp.sh

COPY docker/lamp/010lamp /etc/services-enabled.d/
COPY docker-common/lamp/010lamp /etc/services-enabled.d/

ENTRYPOINT ["/run-parts.sh"]

Expand Down
11 changes: 8 additions & 3 deletions docker-armhf/nextcloud/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,11 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \

# specific cleanup
apt-get purge -y wget ca-certificates; \
rm /usr/local/etc/nc-nextcloud.sh

COPY docker/nextcloud/020nextcloud /etc/services-enabled.d/
rm /usr/local/etc/nc-nextcloud.sh; \
sed -i -E "s/^requirepass .*/requirepass default/" /etc/redis/redis.conf; \
echo -e "[client]\npassword=default" > /root/.my.cnf; \
chmod 600 /root/.my.cnf

COPY docker-common/nextcloud/020nextcloud /etc/services-enabled.d/
COPY docker-common/nextcloud/ncp-provisioning.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/ncp-provisioning.sh
2 changes: 1 addition & 1 deletion docker-armhf/nextcloudpi/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ rm -rf /usr/share/doc/*; \
rm -f /var/log/alternatives.log /var/log/apt/*; \
rm /var/cache/debconf/*-old;

COPY docker-armhf/nextcloudpi/000ncp /etc/services-enabled.d/
COPY docker-common/nextcloudpi/000ncp /etc/services-enabled.d/

# 4443 - ncp-web
EXPOSE 80 443 4443
0 docker-armhf/debian-ncp/run-parts.sh → docker-common/debian-ncp/run-parts.sh
View file
File renamed without changes.
0 docker-armhf/lamp/010lamp → docker-common/lamp/010lamp
View file
File renamed without changes.
3 changes: 3 additions & 0 deletions docker-armhf/nextcloud/020nextcloud → docker-common/nextcloud/020nextcloud
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ OCC="$NCDIR/occ"
exit 0
}

echo "Provisioning"
/usr/local/bin/ncp-provisioning.sh

echo "Starting Redis"
mkdir -p /var/run/redis
chown redis /var/run/redis
Expand Down
46 changes: 46 additions & 0 deletions docker-common/nextcloud/ncp-provisioning.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#!/bin/bash

# this script runs at startup to provide an unique random passwords for each instance

## redis provisioning

REDISPASS="$( grep "^requirepass" /etc/redis/redis.conf | cut -f2 -d' ' )"

### IF redis password is the default one, generate a new one

[[ "$REDISPASS" == "default" ]] && {
REDISPASS="$( openssl rand -base64 32 )"
echo Provisioning Redis password
sed -i -E "s|^requirepass .*|requirepass $REDISPASS|" /etc/redis/redis.conf
}

### If there exists already a configuration adjust the password
test -f /data/app/config/config.php && {
echo Updating NextCloud config with Redis password $REDISPASS
sed -i "s|'password'.*|'password' => '$REDISPASS',|" /data/app/config/config.php
}

## mariaDB provisioning

DBADMIN=ncadmin
DBPASSWD=$( grep password /root/.my.cnf | cut -d= -f2 )
[[ "$DBPASSWD" == "default" ]] && {
DBPASSWD=$( openssl rand -base64 32 )
echo Provisioning MariaDB password
echo -e "[client]\npassword=$DBPASSWD" > /root/.my.cnf
chmod 600 /root/.my.cnf
mysql <<EOF
GRANT USAGE ON *.* TO '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD';
DROP USER '$DBADMIN'@'localhost';
CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD';
GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost;
EXIT
EOF
}

test -f /data/app/config/config.php && {
echo Updating NextCloud config with MariaDB password $DBPASSWD
sed -i "s|'dbpassword' =>.*|'dbpassword' => '$DBPASSWD',|" /data/app/config/config.php
}

exit 0
0 docker-armhf/nextcloudpi/000ncp → docker-common/nextcloudpi/000ncp
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion docker/debian-ncp/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ CMD /bin/bash

RUN mkdir -p /etc/services-available.d /etc/services-enabled.d

COPY docker/debian-ncp/run-parts.sh /
COPY docker-common/debian-ncp/run-parts.sh /
47 changes: 0 additions & 47 deletions docker/debian-ncp/run-parts.sh
View file

This file was deleted.

36 changes: 0 additions & 36 deletions docker/lamp/010lamp
View file

This file was deleted.

2 changes: 1 addition & 1 deletion docker/lamp/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \
rm /data/database/ib_logfile*; \
rm /usr/local/etc/lamp.sh

COPY docker/lamp/010lamp /etc/services-enabled.d/
COPY docker-common/lamp/010lamp /etc/services-enabled.d/

ENTRYPOINT ["/run-parts.sh"]

Expand Down
55 changes: 0 additions & 55 deletions docker/nextcloud/020nextcloud
View file

This file was deleted.

11 changes: 8 additions & 3 deletions docker/nextcloud/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,11 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \

# specific cleanup
apt-get purge -y wget ca-certificates; \
rm /usr/local/etc/nc-nextcloud.sh

COPY docker/nextcloud/020nextcloud /etc/services-enabled.d/
rm /usr/local/etc/nc-nextcloud.sh; \
sed -i -E "s/^requirepass .*/requirepass default/" /etc/redis/redis.conf; \
echo -e "[client]\npassword=default" > /root/.my.cnf; \
chmod 600 /root/.my.cnf

COPY docker-common/nextcloud/020nextcloud /etc/services-enabled.d/
COPY docker-common/nextcloud/ncp-provisioning.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/ncp-provisioning.sh
9 changes: 0 additions & 9 deletions docker/nextcloudpi/000ncp
View file

This file was deleted.

2 changes: 1 addition & 1 deletion docker/nextcloudpi/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ rm -rf /usr/share/doc/*; \
rm -f /var/log/alternatives.log /var/log/apt/*; \
rm /var/cache/debconf/*-old;

COPY docker/nextcloudpi/000ncp /etc/services-enabled.d/
COPY docker-common/nextcloudpi/000ncp /etc/services-enabled.d/

# 4443 - ncp-web
EXPOSE 80 443 4443

0 comments on commit a9a1809

Please sign in to comment.