Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev branch #354

Draft
wants to merge 15 commits into
base: dev-branch
Choose a base branch
from
87 changes: 83 additions & 4 deletions bin/installfog.sh
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ help() {
echo -e "\t\t[-D </directory/to/document/root/>] [-c <ssl-path>]"
echo -e "\t\t[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]"
echo -e "\t\t[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]"
echo -e "\t\t[-v </loc/server/cert.pem>] [-k </loc/server/key.key>] [-t </loc/CA/chain.pem>]"
echo -e "\t\t[-p <http://OCSP.domain.com/ocsp>]"
echo -e "\t-h -? --help\t\t\tDisplay this info"
echo -e "\t-o --oldcopy\t\t\tCopy back old data"
echo -e "\t-d --no-defaults\t\tDon't guess defaults"
Expand Down Expand Up @@ -63,9 +65,13 @@ help() {
echo -e "\t-P --no-pxedefault\t\tDo not overwrite pxe default file"
echo -e "\t-F --no-vhost\t\tDo not overwrite vhost file"
echo -e "\t-A --arm-support\t\tDo not overwrite vhost file"
echo -e "\t-v --server-cert\t\tSpecify the location of the server's certificate"
echo -e "\t-k --server-key\t\tSpecify the location of the server's certificate key"
echo -e "\t-t --external-CA\t\tSpecify the location of the CA chain certificate"
echo -e "\t-p --ocsp\t\t\tSpecify the URI of the OCSP server"
exit 0
}
optspec="h?odEUHSCKYyXxTPFAf:c:-:W:D:B:s:e:b:"
optspec="h?odEUHSCKYyXxTPFAf:c:-:W:D:B:s:e:b:v:t:k:p:"
while getopts "$optspec" o; do
case $o in
-)
Expand Down Expand Up @@ -182,7 +188,39 @@ while getopts "$optspec" o; do
arm-support)
sarmsupport=1
;;
*)
server-cert)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 9
fi
sserverCert="${OPTARG}"
;;
server-key)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 10
fi
sserverKey="${OPTARG}"
;;
external-CA)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 11
fi
sexternalCA="${OPTARG}"
;;
ocsp)
if [[ -z $OPTARG ]]; then
echo "--$OPTARG requires a URI to follow"
help
exit 12
fi
socsp="${OPTARG}"
;;
*)
if [[ $OPTERR == 1 && ${optspec:0:1} != : ]]; then
echo "Unknown option: --${OPTARG}"
help
Expand Down Expand Up @@ -299,6 +337,38 @@ while getopts "$optspec" o; do
A)
sarmsupport=1
;;
v)
if [[ ! -f $OPTARG ]]; then
echo "-$OPTARG requires a file to follow"
help
exit 9
fi
sserverCert="${OPTARG}"
;;
k)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 10
fi
sserverKey="${OPTARG}"
;;
t)
if [[ ! -f $OPTARG ]]; then
echo "-$OPTARG requires a file to follow"
help
exit 11
fi
sexternalCA="${OPTARG}"
;;
p)
if [[ -z $OPTARG ]]; then
echo "--$OPTARG requires a URI to follow"
help
exit 12
fi
socsp="${OPTARG}"
;;
:)
echo "Option -$OPTARG requires a value"
help
Expand Down Expand Up @@ -382,6 +452,14 @@ echo "Done"
[[ -z $httpproto ]] && httpproto="http"
[[ -z $armsupport ]] && armsupport=0
[[ -z $fogpriorconfig ]] && fogpriorconfig="$fogprogramdir/.fogsettings"
[[ -n $sserverCert ]] && serverCert=$sserverCert
[[ -n $sserverKey ]] && serverKey=$sserverKey
[[ -n $sexternalCA ]] && externalCA=$sexternalCA

[[ ! -z "$sserverCert" && ( -z "$sserverKey" || -z "$sexternalCA" ) ]] && { printf "\nMissing server certificate key and/or CA certificate(s)\n\n"; exit; }
[[ ! -z "$sserverKey" && ( -z "$sserverCert" || -z "$sexternalCA" ) ]] && { printf "\nMissing server certificate and/or CA cerificate(s)\n\n"; exit; }
[[ ! -z "$sexternalCA" && ( -z "$sserverCert" || -z "$sserverKey" ) ]] && { printf "\nMissing server certificate and/or server certificate key\n\n"; exit; }

#clearScreen
if [[ -z $* || $* != +(-h|-?|--help|--uninstall) ]]; then
echo > "$workingdir/error_logs/foginstall.log"
Expand All @@ -390,7 +468,7 @@ fi
displayBanner
echo -e " Version: $version Installer/Updater\n"
checkSELinux
checkFirewall
rulesFirewall
case $doupdate in
1)
if [[ -f $fogpriorconfig ]]; then
Expand Down Expand Up @@ -421,6 +499,7 @@ esac
[[ -n $ssslpath ]] && sslpath=$ssslpath
[[ -n $srecreateCA ]] && recreateCA=$srecreateCA
[[ -n $srecreateKeys ]] && recreateKeys=$srecreateKeys
[[ -n $socsp ]] && ocsp=$socsp

[[ -f $fogpriorconfig ]] && grep -l webroot $fogpriorconfig >>$workingdir/error_logs/fog_error_${version}.log 2>&1
case $? in
Expand Down Expand Up @@ -630,7 +709,7 @@ while [[ -z $blGo ]]; do
echo
echo " This can be done by opening a web browser and going to:"
echo
echo " ${httpproto}://${ipaddress}${webroot}management"
echo " ${httpproto}://${hostname}${webroot}management"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Ty9000 You probably changed to hostname because you use a proper SSL certificate with hostname in it. I think we'll stick to IP address for now because we cannot rely on people having a proper DNS configuration for their server. We'd probably need to ask during setup.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right! That's my bad. I'm just so used to having DNS as being authoritative, I made those changes for my own sanity.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we provide both instances:
This can be done by opening a browser to either on or the other......

If you built your own certificate you can test this by using the hostname.
${httpproto}://${ipaddress}${webroot}management
${httpproto}://${hostname}${webroot}management

echo
echo " Default User Information"
echo " Username: fog"
Expand Down
Loading