dana-at-cp/gaia-mgmt-ftw-user-data.sh

## gaia-mgmt-ftw-user-data.sh
#!/bin/bash

# gaia-mgmt-ftw-user-data.sh

# all set to admin123
SIC_KEY='admin123'
ADMIN_HASH='$6$0rVzHRkDOMwsB9cP$dm60oGLtEfgNGZK.WiiECa4FP3MPBbhob.oG.a33LyoEZvlbfL.5AFRzKmzRB4OQq0rgDF4JymvibXz3hNB2z/'
ADMIN_PW='admin123'

FTW_LOG=/var/log/ftw.log
BLINK_CONF=/home/admin/blink.conf
NEWSYS_CONF=/home/admin/newsys.conf

# Gaia first time wizard for a management server
if [ -e "/bin/blink_config" ]; then
  echo "Configuring Image Using Blink_Config" | tee /dev/console >> $FTW_LOG
  echo "TODO: Implement management server configuration via Blink" | tee /dev/console >> $FTW_LOG
  #blink_config -t $BLINK_CONF
  #sed -i 's:download_info=".*":download_info="true":g' $BLINK_CONF
  #sed -i 's:upload_info=".*":upload_info="true":g' $BLINK_CONF
  #sed -i "s:ftw_sic_key='':ftw_sic_key='$SIC_KEY':g" $BLINK_CONF
  #sed -i "s:admin_hash='':admin_hash='$ADMIN_HASH':g" $BLINK_CONF
  #sed -i "s:admin_password_regular='':admin_password_regular='$ADMIN_PW':g" $BLINK_CONF
  #echo "##### BLINK CONF #####" >> $FTW_LOG
  #cat $BLINK_CONF >> $FTW_LOG
  #echo "##### END BLINK CONF #####" >> $FTW_LOG
  #blink_config -f $BLINK_CONF --dry-run >> $FTW_LOG 2>&1
  #blink_config -f $BLINK_CONF >> $FTW_LOG 2>&1
else
  echo "Configuring Image Using Config_System" | tee /dev/console >> $FTW_LOG
  config_system -t $NEWSYS_CONF
  sed -i 's:install_security_gw=:install_security_gw="false":g' $NEWSYS_CONF
  # IMPORTANT: There is a typo in the template file so don't change the next line
  sed -i 's:install_security_managment=:install_security_managment="true":g' $NEWSYS_CONF
  sed -i 's:install_mgmt_primary=:install_mgmt_primary="true":g' $NEWSYS_CONF
  sed -i 's:download_info=".*":download_info="true":g' $NEWSYS_CONF
  sed -i 's:upload_info=".*":upload_info="true":g' $NEWSYS_CONF
  sed -i 's:mgmt_admin_radio=:mgmt_admin_radio="gaia_admin":g' $NEWSYS_CONF
  sed -i 's:mgmt_gui_clients_radio=:mgmt_gui_clients_radio="any":g' $NEWSYS_CONF
  sed -i "s:admin_hash='':admin_hash='$ADMIN_HASH':g" $NEWSYS_CONF
  sed -i 's:reboot_if_required=:reboot_if_required="false":g' $NEWSYS_CONF
  echo "##### NEWSYS CONF #####" >> $FTW_LOG
  cat $NEWSYS_CONF >> $FTW_LOG
  echo "##### END NEWSYS CONF #####" >> $FTW_LOG
  config_system -f $NEWSYS_CONF --dry-run >> $FTW_LOG 2>&1
  config_system -f $NEWSYS_CONF >> $FTW_LOG 2>&1
fi

# more clish customization below
clish -c "lock database override"
clish -c "set user admin shell /bin/bash" -s

# allow incoming web API calls from anywhere
if [ ! -d /home/admin/bin ]; then
  mkdir /home/admin/bin
fi
cat << 'EOF' > /home/admin/bin/open-web-api.sh
#!/bin/bash

# open-web-api.sh

LOG_FILE=/var/log/open-web-api.log

start_time=$(date)

echo "$start_time" > $LOG_FILE

while true; do
  api_status=$(api status |grep "Overall API Status" |awk -F ": " '{ print $2 }')
  if [ "$api_status" == "Started" ]; then
    echo "API has been started" >> $LOG_FILE
    api_access=$(api status |grep "Access" |awk -F "ip " '{ print $2 }' |tr -d '[:space:]')
    if [ "$api_access" == "127.0.0.1" ]; then
      echo "API access set to localhost only" >> $LOG_FILE
      mgmt_cli -r true set api-settings accepted-api-calls-from "All IP addresses" --domain 'System Data' --format json >> $LOG_FILE 2>&1
      api restart >> $LOG_FILE 2>&1
    else
      api_access=$(api status |grep "Access")
      echo "$api_access" >> $LOG_FILE
    fi
    break
  else
    echo "API not started" >> $LOG_FILE
    sleep 5
  fi
done

exit 0
EOF

chmod +x /home/admin/bin/open-web-api.sh

cat << 'EOL' >> /etc/rc.local

# Allow incoming web API calls
/home/admin/bin/open-web-api.sh &
EOL

shutdown -r now
	#!/bin/bash

	# gaia-mgmt-ftw-user-data.sh

	# all set to admin123
	SIC_KEY='admin123'
	ADMIN_HASH='$6$0rVzHRkDOMwsB9cP$dm60oGLtEfgNGZK.WiiECa4FP3MPBbhob.oG.a33LyoEZvlbfL.5AFRzKmzRB4OQq0rgDF4JymvibXz3hNB2z/'
	ADMIN_PW='admin123'

	FTW_LOG=/var/log/ftw.log
	BLINK_CONF=/home/admin/blink.conf
	NEWSYS_CONF=/home/admin/newsys.conf

	# Gaia first time wizard for a management server
	if [ -e "/bin/blink_config" ]; then
	echo "Configuring Image Using Blink_Config" \| tee /dev/console >> $FTW_LOG
	echo "TODO: Implement management server configuration via Blink" \| tee /dev/console >> $FTW_LOG
	#blink_config -t $BLINK_CONF
	#sed -i 's:download_info=".*":download_info="true":g' $BLINK_CONF
	#sed -i 's:upload_info=".*":upload_info="true":g' $BLINK_CONF
	#sed -i "s:ftw_sic_key='':ftw_sic_key='$SIC_KEY':g" $BLINK_CONF
	#sed -i "s:admin_hash='':admin_hash='$ADMIN_HASH':g" $BLINK_CONF
	#sed -i "s:admin_password_regular='':admin_password_regular='$ADMIN_PW':g" $BLINK_CONF
	#echo "##### BLINK CONF #####" >> $FTW_LOG
	#cat $BLINK_CONF >> $FTW_LOG
	#echo "##### END BLINK CONF #####" >> $FTW_LOG
	#blink_config -f $BLINK_CONF --dry-run >> $FTW_LOG 2>&1
	#blink_config -f $BLINK_CONF >> $FTW_LOG 2>&1
	else
	echo "Configuring Image Using Config_System" \| tee /dev/console >> $FTW_LOG
	config_system -t $NEWSYS_CONF
	sed -i 's:install_security_gw=:install_security_gw="false":g' $NEWSYS_CONF
	# IMPORTANT: There is a typo in the template file so don't change the next line
	sed -i 's:install_security_managment=:install_security_managment="true":g' $NEWSYS_CONF
	sed -i 's:install_mgmt_primary=:install_mgmt_primary="true":g' $NEWSYS_CONF
	sed -i 's:download_info=".*":download_info="true":g' $NEWSYS_CONF
	sed -i 's:upload_info=".*":upload_info="true":g' $NEWSYS_CONF
	sed -i 's:mgmt_admin_radio=:mgmt_admin_radio="gaia_admin":g' $NEWSYS_CONF
	sed -i 's:mgmt_gui_clients_radio=:mgmt_gui_clients_radio="any":g' $NEWSYS_CONF
	sed -i "s:admin_hash='':admin_hash='$ADMIN_HASH':g" $NEWSYS_CONF
	sed -i 's:reboot_if_required=:reboot_if_required="false":g' $NEWSYS_CONF
	echo "##### NEWSYS CONF #####" >> $FTW_LOG
	cat $NEWSYS_CONF >> $FTW_LOG
	echo "##### END NEWSYS CONF #####" >> $FTW_LOG
	config_system -f $NEWSYS_CONF --dry-run >> $FTW_LOG 2>&1
	config_system -f $NEWSYS_CONF >> $FTW_LOG 2>&1
	fi

	# more clish customization below
	clish -c "lock database override"
	clish -c "set user admin shell /bin/bash" -s

	# allow incoming web API calls from anywhere
	if [ ! -d /home/admin/bin ]; then
	mkdir /home/admin/bin
	fi
	cat << 'EOF' > /home/admin/bin/open-web-api.sh
	#!/bin/bash

	# open-web-api.sh

	LOG_FILE=/var/log/open-web-api.log

	start_time=$(date)

	echo "$start_time" > $LOG_FILE

	while true; do
	api_status=$(api status \|grep "Overall API Status" \|awk -F ": " '{ print $2 }')
	if [ "$api_status" == "Started" ]; then
	echo "API has been started" >> $LOG_FILE
	api_access=$(api status \|grep "Access" \|awk -F "ip " '{ print $2 }' \|tr -d '[:space:]')
	if [ "$api_access" == "127.0.0.1" ]; then
	echo "API access set to localhost only" >> $LOG_FILE
	mgmt_cli -r true set api-settings accepted-api-calls-from "All IP addresses" --domain 'System Data' --format json >> $LOG_FILE 2>&1
	api restart >> $LOG_FILE 2>&1
	else
	api_access=$(api status \|grep "Access")
	echo "$api_access" >> $LOG_FILE
	fi
	break
	else
	echo "API not started" >> $LOG_FILE
	sleep 5
	fi
	done

	exit 0
	EOF

	chmod +x /home/admin/bin/open-web-api.sh

	cat << 'EOL' >> /etc/rc.local

	# Allow incoming web API calls
	/home/admin/bin/open-web-api.sh &
	EOL

	shutdown -r now