This is an automated email from the ASF dual-hosted git repository.
ocket8888 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 7b178b5 Add `.py` file extension to Python Postinstall script (#6103)
7b178b5 is described below
commit 7b178b5c6422280079d26e0f60036aebaf9a0f86
Author: Zach Hoffman <[email protected]>
AuthorDate: Mon Aug 16 11:58:01 2021 -0600
Add `.py` file extension to Python Postinstall script (#6103)
* Remove adduser.pl from CDN in a Box since Postinstall creates the user
* Rename _postinstall to _postinstall.py
* Get TO admin username and password hash from config.json
---
.github/actions/tp-integration-tests/entrypoint.sh | 11 ++++-
infrastructure/cdn-in-a-box/traffic_ops/Dockerfile | 1 -
infrastructure/cdn-in-a-box/traffic_ops/adduser.pl | 54 ----------------------
infrastructure/cdn-in-a-box/traffic_ops/run-go.sh | 3 --
.../install/bin/{_postinstall => _postinstall.py} | 2 +-
traffic_ops/install/bin/postinstall | 4 +-
traffic_ops/install/bin/postinstall.test.sh | 22 +++------
7 files changed, 18 insertions(+), 79 deletions(-)
diff --git a/.github/actions/tp-integration-tests/entrypoint.sh
b/.github/actions/tp-integration-tests/entrypoint.sh
index af98b95..afd3b8f 100755
--- a/.github/actions/tp-integration-tests/entrypoint.sh
+++ b/.github/actions/tp-integration-tests/entrypoint.sh
@@ -40,10 +40,17 @@ PHYS="aloc"
COORD="acoord"
CDN="zcdn"
CG="acg"
+to_admin_username="$(jq -r '.params.login.username'
"${GITHUB_WORKSPACE}/traffic_portal/test/integration/config.json")"
+to_admin_password="$(jq -r '.params.login.password'
"${GITHUB_WORKSPACE}/traffic_portal/test/integration/config.json")"
+password_hash="$(<<PYTHON_COMMANDS
PYTHONPATH="${GITHUB_WORKSPACE}/traffic_ops/install/bin" python
+import _postinstall
+print(_postinstall.hash_pass('${to_admin_password}'))
+PYTHON_COMMANDS
+)"
<<QUERY psql
INSERT INTO tm_user (username, role, tenant_id, local_passwd)
- VALUES ('admin', 1, 1,
-
'SCRYPT:16384:8:1:vVw4X6mhoEMQXVGB/ENaXJEcF4Hdq34t5N8lapIjDQEAS4hChfMJMzwwmHfXByqUtjmMemapOPsDQXG+BAX/hA==:vORiLhCm1EtEQJULvPFteKbAX2DgxanPhHdrYN8VzhZBNF81NRxxpo7ig720KcrjH1XFO6BUTDAYTSBGU9KO3Q=='
+ VALUES ('${to_admin_username}', 1, 1,
+ '${password_hash}'
);
INSERT INTO division(name) VALUES('${DIVISION}');
INSERT INTO region(name, division) VALUES('${REGION}', 1);
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile
b/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile
index 5f83a6c..d58c916 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile
+++ b/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile
@@ -112,7 +112,6 @@ COPY
infrastructure/cdn-in-a-box/enroller/server_template.json \
infrastructure/cdn-in-a-box/dns/set-dns.sh \
infrastructure/cdn-in-a-box/traffic_ops/set-to-ips-from-dns.sh \
infrastructure/cdn-in-a-box/traffic_ops/generate-certs.sh \
- infrastructure/cdn-in-a-box/traffic_ops/adduser.pl \
infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh \
infrastructure/cdn-in-a-box/variables.env \
/
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/adduser.pl
b/infrastructure/cdn-in-a-box/traffic_ops/adduser.pl
deleted file mode 100755
index 31dba2d..0000000
--- a/infrastructure/cdn-in-a-box/traffic_ops/adduser.pl
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/usr/bin/env perl
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# adduser.pl creates the sql necessary to add a user to the database for
traffic_ops login.
-# Usage: adduser.pl <username> <password> <role>
-# -- the password is encrypted appropriately to be compatible with Traffic
Ops.
-#
-use strict;
-use Crypt::ScryptKDF qw{ scrypt_hash };
-
-if ($#ARGV < 2) {
- die "Usage: $ARGV[0] USERNAME PASSWORD [ROLE] [TENANT] [EMAIL]
[FULL_NAME]\n";
-}
-
-my $username = shift // $ENV{TO_ADMIN_USER};
-my $password = shift or die "Password is required\n";
-my $role = shift // 'admin';
-my $tenant = shift // 'root';
-my $email = shift // $ENV{TO_EMAIL};
-my $full_name = shift // $ENV{TO_ADMIN_FULL_NAME};
-
-# Skip the insert if the admin 'username' is already there.
-my $hashed_passwd = hash_pass( $password );
-print <<"EOSQL";
-INSERT INTO tm_user (username, role, local_passwd, confirm_local_passwd,
tenant_id, email, full_name)
- VALUES ('$username',
- (SELECT id FROM role WHERE name = '$role'),
- '$hashed_passwd',
- '$hashed_passwd',
- (SELECT id FROM tenant WHERE name='$tenant'),
- '$email',
- '$full_name')
- ON CONFLICT (username) DO UPDATE SET local_passwd='$hashed_passwd',
confirm_local_passwd='$hashed_passwd';
-EOSQL
-
-sub hash_pass {
- my $pass = shift;
- return scrypt_hash($pass, \64, 16384, 8, 1, 64);
-}
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
b/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
index d585b0b..d29eed1 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
@@ -121,9 +121,6 @@ done
cd /opt/traffic_ops/app;
-# Add admin user -- all other users should be created using the API
-/adduser.pl "$TO_ADMIN_USER" "$TO_ADMIN_PASSWORD" "admin" "root" | psql -v
ON_ERROR_STOP=1 -U "$DB_USER" -h "$DB_SERVER" -d "$DB_NAME";
-
(
maxtries=10
for ((tries = 0; tries < maxtries; tries++)); do
diff --git a/traffic_ops/install/bin/_postinstall
b/traffic_ops/install/bin/_postinstall.py
similarity index 99%
rename from traffic_ops/install/bin/_postinstall
rename to traffic_ops/install/bin/_postinstall.py
index 3567d7b..24a357c 100755
--- a/traffic_ops/install/bin/_postinstall
+++ b/traffic_ops/install/bin/_postinstall.py
@@ -20,7 +20,7 @@
from __future__ import print_function
"""
-This script is meant as a drop-in replacement for the old _postinstall Perl
script.
+This script is meant as a drop-in replacement for the old _postinstall.pl Perl
script.
It does, however, offer several more command-line flags not present in the
original, to aid in
testing.
diff --git a/traffic_ops/install/bin/postinstall
b/traffic_ops/install/bin/postinstall
index 6f6e930..71295af 100755
--- a/traffic_ops/install/bin/postinstall
+++ b/traffic_ops/install/bin/postinstall
@@ -28,7 +28,7 @@ done
# above options don't require any of the extra processing -- just kick off the
script with
# options intact.
if [[ -v action && "$action" == "bypass" ]]; then
- /opt/traffic_ops/install/bin/_postinstall "$@"
+ /opt/traffic_ops/install/bin/_postinstall.py "$@"
exit
fi
@@ -40,7 +40,7 @@ if [[ ! $(su - postgres psql -w -c 'show is_superuser'
</dev/null 2>/dev/null) =
exit 1
fi
-/opt/traffic_ops/install/bin/_postinstall "$@"
+/opt/traffic_ops/install/bin/_postinstall.py "$@"
# should all be owned by trafops user
chown -R trafops:trafops /opt/traffic_ops
diff --git a/traffic_ops/install/bin/postinstall.test.sh
b/traffic_ops/install/bin/postinstall.test.sh
index 2871f9c..a53bc1b 100755
--- a/traffic_ops/install/bin/postinstall.test.sh
+++ b/traffic_ops/install/bin/postinstall.test.sh
@@ -46,10 +46,10 @@ python_version="${python_version:-3}";
python_bin="${python_bin:-/usr/bin/python${python_version}}";
if [[ ! -x "$python_bin" && "$python_version" -ge 3 ]]; then
- echo "Python 3.6+ is required to run - or test - _postinstall" >&2;
+ echo "Python 3.6+ is required to run - or test - _postinstall.py" >&2;
exit 1;
elif [[ ! -x "$python_bin" && "$python_version" == 2 ]]; then
- echo "Python ${python_version} is required to run - or test -
_postinstall against Python 2" >&2;
+ echo "Python ${python_version} is required to run - or test -
_postinstall.py against Python 2" >&2;
fi
readonly TO_PASSWORD=twelve;
@@ -62,13 +62,7 @@ from __future__ import print_function
import importlib
import sys
from os.path import dirname, join
-module_name = '_postinstall'
-if sys.version_info.major >= 3:
- from importlib.machinery import SourceFileLoader
- Scrypt = SourceFileLoader(module_name, join(dirname(__file__),
module_name)).load_module(module_name).Scrypt
-else:
- import imp
- Scrypt = imp.load_source(module_name, join(dirname(__file__),
module_name)).Scrypt
+from _postinstall import Scrypt
passwd = '${TO_PASSWORD}'
n = 2 ** 10
@@ -120,15 +114,11 @@ EOF
from __future__ import print_function
import subprocess
import sys
+import _postinstall
from os.path import dirname, join
-module_name = '_postinstall'
download_tool = '/does/not/exist'
root = '${ROOT_DIR}'
-if sys.version_info.major >= 3:
- import importlib
- from importlib.machinery import SourceFileLoader
- _postinstall = SourceFileLoader(module_name, join(dirname(__file__),
module_name)).load_module(module_name)
_postinstall.exec_psql('N/A', 'N/A', '--version')
TESTS
@@ -136,7 +126,7 @@ TESTS
mkdir -p "$ROOT_DIR/opt/traffic_ops/install/data/json";
mkdir "$ROOT_DIR/opt/traffic_ops/install/bin";
-# defaults.json is used as input into the `--cfile` option of _postinstall
+# defaults.json is used as input into the `--cfile` option of _postinstall.py
# for testing purposes
cat <<- EOF > "$ROOT_DIR/defaults.json"
{
@@ -359,7 +349,7 @@ cat <<- EOF > "$ROOT_DIR/defaults.json"
}
EOF
-"$python_bin" "$MY_DIR/_postinstall" --no-root --root-directory="$ROOT_DIR"
--no-restart-to --no-database --ops-user="$(whoami)" --ops-group="$(id -gn)"
--automatic --cfile="$ROOT_DIR/defaults.json" --debug > >(tee -a
"$ROOT_DIR/stdout") 2> >(tee -a "$ROOT_DIR/stderr" >&2);
+"$python_bin" "$MY_DIR/_postinstall.py" --no-root --root-directory="$ROOT_DIR"
--no-restart-to --no-database --ops-user="$(whoami)" --ops-group="$(id -gn)"
--automatic --cfile="$ROOT_DIR/defaults.json" --debug > >(tee -a
"$ROOT_DIR/stdout") 2> >(tee -a "$ROOT_DIR/stderr" >&2);
if grep -q 'ERROR' $ROOT_DIR/stdout; then
echo "Errors found in script logs" >&2;
