my $routers = $conf->bootstrap->routers;
- # TODO pull logins for all clients in the conf, including
- # gateway and router.
- for my $router (@{$conf->bootstrap->routers}) {
+ my $admin_pass = `grep 'ACL SETUSER admin on >' $opt_bus_accounts | cut -d'>' -f2`;
+
+ chomp($admin_pass);
+
+ die "No password for Redis 'admin' account found in $opt_bus_accounts\n"
+ unless $admin_pass;
+ # Redis prefers the password be passed via ENV.
+ $ENV{REDISCLI_AUTH} = $admin_pass;
+
+ # Apply the bus accounts to all of our domains.
+ for my $router (@{$conf->bootstrap->routers}) {
my $domain = ref $router ? $router->{domain} : $router;
my $port = $conf->bootstrap->port;
msg("Resetting bus accounts for domain $domain");
- system("cat $opt_bus_accounts | redis-cli -h $domain -p $port > /dev/null");
+ # Grep out some noise. Avoid piping to /dev/null so we can
+ # see failures.
+ my $command = "redis-cli --user admin -h $domain -p $port | grep -v OK | grep -v ^1";
+
+ system("cat $opt_bus_accounts | $command");
}
}
ACL SETUSER gateway -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:client:*
SET comment "admin can do anything"
+SET comment "avoid reseting admin since that would break the account mid-script"
-ACL SETUSER admin reset
ACL SETUSER admin on >@ADMIN_BUS_PASS@
ACL SETUSER admin +@all ~*
-SET comment "disable the 'default' account"
+SET comment "disable the 'default' passwordless account"
ACL SETUSER default off
projects / working / OpenSRF.git / commitdiff