Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dev branch #354

Draft
wants to merge 15 commits into
base: dev-branch
Choose a base branch
from
Draft

Dev branch #354

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
ecdc6a4
Add files via upload
Ty9000 Dec 17, 2019
9431908
Add files via upload
Ty9000 Dec 17, 2019
750b368
Add files via upload
Ty9000 Dec 17, 2019
2f439d5
Add files via upload
Ty9000 Dec 17, 2019
c0f4232
Add files via upload
Ty9000 Dec 17, 2019
65f4ed3
Add files via upload
Ty9000 Dec 18, 2019
ba59756
Add files via upload
Ty9000 Dec 18, 2019
bf7d80d
Add files via upload
Ty9000 Dec 18, 2019
d8da9cd
Add files via upload
Ty9000 Dec 18, 2019
010a4d4
Add files via upload
Ty9000 Dec 18, 2019
0fd2124
Add files via upload
Ty9000 Dec 18, 2019
8ca6ae8
Add files via upload
Ty9000 Dec 19, 2019
a8578d5
Add files via upload
Ty9000 Jan 16, 2020
b29588b
Add files via upload
Ty9000 Jan 16, 2020
16a2e07
Add files via upload
Ty9000 Jan 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 83 additions & 4 deletions bin/installfog.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ help() {
echo -e "\t\t[-D </directory/to/document/root/>] [-c <ssl-path>]"
echo -e "\t\t[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]"
echo -e "\t\t[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]"
echo -e "\t\t[-v </loc/server/cert.pem>] [-k </loc/server/key.key>] [-t </loc/CA/chain.pem>]"
echo -e "\t\t[-p <http://OCSP.domain.com/ocsp>]"
echo -e "\t-h -? --help\t\t\tDisplay this info"
echo -e "\t-o --oldcopy\t\t\tCopy back old data"
echo -e "\t-d --no-defaults\t\tDon't guess defaults"
Expand Down Expand Up @@ -63,9 +65,13 @@ help() {
echo -e "\t-P --no-pxedefault\t\tDo not overwrite pxe default file"
echo -e "\t-F --no-vhost\t\tDo not overwrite vhost file"
echo -e "\t-A --arm-support\t\tDo not overwrite vhost file"
echo -e "\t-v --server-cert\t\tSpecify the location of the server's certificate"
echo -e "\t-k --server-key\t\tSpecify the location of the server's certificate key"
echo -e "\t-t --external-CA\t\tSpecify the location of the CA chain certificate"
echo -e "\t-p --ocsp\t\t\tSpecify the URI of the OCSP server"
exit 0
}
optspec="h?odEUHSCKYyXxTPFAf:c:-:W:D:B:s:e:b:"
optspec="h?odEUHSCKYyXxTPFAf:c:-:W:D:B:s:e:b:v:t:k:p:"
while getopts "$optspec" o; do
case $o in
-)
Expand Down Expand Up @@ -182,7 +188,39 @@ while getopts "$optspec" o; do
arm-support)
sarmsupport=1
;;
*)
server-cert)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 9
fi
sserverCert="${OPTARG}"
;;
server-key)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 10
fi
sserverKey="${OPTARG}"
;;
external-CA)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 11
fi
sexternalCA="${OPTARG}"
;;
ocsp)
if [[ -z $OPTARG ]]; then
echo "--$OPTARG requires a URI to follow"
help
exit 12
fi
socsp="${OPTARG}"
;;
*)
if [[ $OPTERR == 1 && ${optspec:0:1} != : ]]; then
echo "Unknown option: --${OPTARG}"
help
Expand Down Expand Up @@ -299,6 +337,38 @@ while getopts "$optspec" o; do
A)
sarmsupport=1
;;
v)
if [[ ! -f $OPTARG ]]; then
echo "-$OPTARG requires a file to follow"
help
exit 9
fi
sserverCert="${OPTARG}"
;;
k)
if [[ ! -f $OPTARG ]]; then
echo "--$OPTARG requires a file to follow"
help
exit 10
fi
sserverKey="${OPTARG}"
;;
t)
if [[ ! -f $OPTARG ]]; then
echo "-$OPTARG requires a file to follow"
help
exit 11
fi
sexternalCA="${OPTARG}"
;;
p)
if [[ -z $OPTARG ]]; then
echo "--$OPTARG requires a URI to follow"
help
exit 12
fi
socsp="${OPTARG}"
;;
:)
echo "Option -$OPTARG requires a value"
help
Expand Down Expand Up @@ -382,6 +452,14 @@ echo "Done"
[[ -z $httpproto ]] && httpproto="http"
[[ -z $armsupport ]] && armsupport=0
[[ -z $fogpriorconfig ]] && fogpriorconfig="$fogprogramdir/.fogsettings"
[[ -n $sserverCert ]] && serverCert=$sserverCert
[[ -n $sserverKey ]] && serverKey=$sserverKey
[[ -n $sexternalCA ]] && externalCA=$sexternalCA

[[ ! -z "$sserverCert" && ( -z "$sserverKey" || -z "$sexternalCA" ) ]] && { printf "\nMissing server certificate key and/or CA certificate(s)\n\n"; exit; }
[[ ! -z "$sserverKey" && ( -z "$sserverCert" || -z "$sexternalCA" ) ]] && { printf "\nMissing server certificate and/or CA cerificate(s)\n\n"; exit; }
[[ ! -z "$sexternalCA" && ( -z "$sserverCert" || -z "$sserverKey" ) ]] && { printf "\nMissing server certificate and/or server certificate key\n\n"; exit; }

#clearScreen
if [[ -z $* || $* != +(-h|-?|--help|--uninstall) ]]; then
echo > "$workingdir/error_logs/foginstall.log"
Expand All @@ -390,7 +468,7 @@ fi
displayBanner
echo -e " Version: $version Installer/Updater\n"
checkSELinux
checkFirewall
rulesFirewall
case $doupdate in
1)
if [[ -f $fogpriorconfig ]]; then
Expand Down Expand Up @@ -421,6 +499,7 @@ esac
[[ -n $ssslpath ]] && sslpath=$ssslpath
[[ -n $srecreateCA ]] && recreateCA=$srecreateCA
[[ -n $srecreateKeys ]] && recreateKeys=$srecreateKeys
[[ -n $socsp ]] && ocsp=$socsp

[[ -f $fogpriorconfig ]] && grep -l webroot $fogpriorconfig >>$workingdir/error_logs/fog_error_${version}.log 2>&1
case $? in
Expand Down Expand Up @@ -630,7 +709,7 @@ while [[ -z $blGo ]]; do
echo
echo " This can be done by opening a web browser and going to:"
echo
echo " ${httpproto}://${ipaddress}${webroot}management"
echo " ${httpproto}://${hostname}${webroot}management"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Ty9000 You probably changed to hostname because you use a proper SSL certificate with hostname in it. I think we'll stick to IP address for now because we cannot rely on people having a proper DNS configuration for their server. We'd probably need to ask during setup.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right! That's my bad. I'm just so used to having DNS as being authoritative, I made those changes for my own sanity.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we provide both instances:
This can be done by opening a browser to either on or the other......

If you built your own certificate you can test this by using the hostname.
${httpproto}://${ipaddress}${webroot}management
${httpproto}://${hostname}${webroot}management

echo
echo " Default User Information"
echo " Username: fog"
Expand Down
Loading