Skip to content

Instantly share code, notes, and snippets.

@dana-at-cp
Created July 29, 2019 20:22
Show Gist options
  • Save dana-at-cp/7326999b4e4b8594f2329215a4ca2141 to your computer and use it in GitHub Desktop.
Save dana-at-cp/7326999b4e4b8594f2329215a4ca2141 to your computer and use it in GitHub Desktop.
Gaia FTW cloud-init user data for config_system management images
#!/bin/bash
# gaia-mgmt-ftw-user-data.sh
# all set to admin123
SIC_KEY='admin123'
ADMIN_HASH='$6$0rVzHRkDOMwsB9cP$dm60oGLtEfgNGZK.WiiECa4FP3MPBbhob.oG.a33LyoEZvlbfL.5AFRzKmzRB4OQq0rgDF4JymvibXz3hNB2z/'
ADMIN_PW='admin123'
FTW_LOG=/var/log/ftw.log
BLINK_CONF=/home/admin/blink.conf
NEWSYS_CONF=/home/admin/newsys.conf
# Gaia first time wizard for a management server
if [ -e "/bin/blink_config" ]; then
echo "Configuring Image Using Blink_Config" | tee /dev/console >> $FTW_LOG
echo "TODO: Implement management server configuration via Blink" | tee /dev/console >> $FTW_LOG
#blink_config -t $BLINK_CONF
#sed -i 's:download_info=".*":download_info="true":g' $BLINK_CONF
#sed -i 's:upload_info=".*":upload_info="true":g' $BLINK_CONF
#sed -i "s:ftw_sic_key='':ftw_sic_key='$SIC_KEY':g" $BLINK_CONF
#sed -i "s:admin_hash='':admin_hash='$ADMIN_HASH':g" $BLINK_CONF
#sed -i "s:admin_password_regular='':admin_password_regular='$ADMIN_PW':g" $BLINK_CONF
#echo "##### BLINK CONF #####" >> $FTW_LOG
#cat $BLINK_CONF >> $FTW_LOG
#echo "##### END BLINK CONF #####" >> $FTW_LOG
#blink_config -f $BLINK_CONF --dry-run >> $FTW_LOG 2>&1
#blink_config -f $BLINK_CONF >> $FTW_LOG 2>&1
else
echo "Configuring Image Using Config_System" | tee /dev/console >> $FTW_LOG
config_system -t $NEWSYS_CONF
sed -i 's:install_security_gw=:install_security_gw="false":g' $NEWSYS_CONF
# IMPORTANT: There is a typo in the template file so don't change the next line
sed -i 's:install_security_managment=:install_security_managment="true":g' $NEWSYS_CONF
sed -i 's:install_mgmt_primary=:install_mgmt_primary="true":g' $NEWSYS_CONF
sed -i 's:download_info=".*":download_info="true":g' $NEWSYS_CONF
sed -i 's:upload_info=".*":upload_info="true":g' $NEWSYS_CONF
sed -i 's:mgmt_admin_radio=:mgmt_admin_radio="gaia_admin":g' $NEWSYS_CONF
sed -i 's:mgmt_gui_clients_radio=:mgmt_gui_clients_radio="any":g' $NEWSYS_CONF
sed -i "s:admin_hash='':admin_hash='$ADMIN_HASH':g" $NEWSYS_CONF
sed -i 's:reboot_if_required=:reboot_if_required="false":g' $NEWSYS_CONF
echo "##### NEWSYS CONF #####" >> $FTW_LOG
cat $NEWSYS_CONF >> $FTW_LOG
echo "##### END NEWSYS CONF #####" >> $FTW_LOG
config_system -f $NEWSYS_CONF --dry-run >> $FTW_LOG 2>&1
config_system -f $NEWSYS_CONF >> $FTW_LOG 2>&1
fi
# more clish customization below
clish -c "lock database override"
clish -c "set user admin shell /bin/bash" -s
# allow incoming web API calls from anywhere
if [ ! -d /home/admin/bin ]; then
mkdir /home/admin/bin
fi
cat << 'EOF' > /home/admin/bin/open-web-api.sh
#!/bin/bash
# open-web-api.sh
LOG_FILE=/var/log/open-web-api.log
start_time=$(date)
echo "$start_time" > $LOG_FILE
while true; do
api_status=$(api status |grep "Overall API Status" |awk -F ": " '{ print $2 }')
if [ "$api_status" == "Started" ]; then
echo "API has been started" >> $LOG_FILE
api_access=$(api status |grep "Access" |awk -F "ip " '{ print $2 }' |tr -d '[:space:]')
if [ "$api_access" == "127.0.0.1" ]; then
echo "API access set to localhost only" >> $LOG_FILE
mgmt_cli -r true set api-settings accepted-api-calls-from "All IP addresses" --domain 'System Data' --format json >> $LOG_FILE 2>&1
api restart >> $LOG_FILE 2>&1
else
api_access=$(api status |grep "Access")
echo "$api_access" >> $LOG_FILE
fi
break
else
echo "API not started" >> $LOG_FILE
sleep 5
fi
done
exit 0
EOF
chmod +x /home/admin/bin/open-web-api.sh
cat << 'EOL' >> /etc/rc.local
# Allow incoming web API calls
/home/admin/bin/open-web-api.sh &
EOL
shutdown -r now
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment