From: Bill Erickson Date: Mon, 1 May 2023 15:01:51 +0000 (-0400) Subject: Generate redis passwords; install accounts file X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=aeba62c7501f9f2f471dc9640f9bda0a2cd2ad14;p=working%2FOpenSRF.git Generate redis passwords; install accounts file Signed-off-by: Bill Erickson --- diff --git a/.gitignore b/.gitignore index 181b1d1..216cb57 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ config.sub configure depcomp doc/dokuwiki-doc-stubber.pl +examples/redis-accounts.txt examples/math_bench.pl examples/math_client.py examples/multisession-test.pl diff --git a/README b/README index f3e7d9e..584ec95 100644 --- a/README +++ b/README @@ -268,7 +268,6 @@ Updating the OpenSRF configuration files cd SYSCONFDIR cp opensrf_core.xml.example opensrf_core.xml cp opensrf.xml.example opensrf.xml -cp redis-accounts.example.txt redis-accounts.txt --------------------------------------------------------------------------- + 2. Edit the `SYSCONFDIR/opensrf_core.xml` file to update the four username diff --git a/configure.ac b/configure.ac index 9bd31b4..b957aff 100644 --- a/configure.ac +++ b/configure.ac @@ -53,6 +53,21 @@ AC_SUBST([PID_DIR]) AC_SUBST(prefix) AC_SUBST(bindir) +OPENSRF_BUS_PASS=$(cat /proc/sys/kernel/random/uuid) +GATEWAY_BUS_PASS=$(cat /proc/sys/kernel/random/uuid) +ROUTER_BUS_PASS=$(cat /proc/sys/kernel/random/uuid) +ADMIN_BUS_PASS=$(cat /proc/sys/kernel/random/uuid) + +AC_DEFINE_UNQUOTED([OPENSRF_BUS_PASS], ["$OPENSRF_BUS_PASS"], [opensrf bus password]) +AC_DEFINE_UNQUOTED([GATEWAY_BUS_PASS], ["$GATEWAY_BUS_PASS"], [gateway bus password]) +AC_DEFINE_UNQUOTED([ROUTER_BUS_PASS], ["$ROUTER_BUS_PASS"], [router bus password]) +AC_DEFINE_UNQUOTED([ADMIN_BUS_PASS], ["$ADMIN_BUS_PASS"], [admin bus password]) + +AC_SUBST([OPENSRF_BUS_PASS]) +AC_SUBST([GATEWAY_BUS_PASS]) +AC_SUBST([ROUTER_BUS_PASS]) +AC_SUBST([ADMIN_BUS_PASS]) + #------------------------------- # Installation options #------------------------------- @@ -321,6 +336,7 @@ if test "x$OSRF_INSTALL_CORE" = "xtrue"; then #------------------------------------ AC_CONFIG_FILES([doc/dokuwiki-doc-stubber.pl + examples/redis-accounts.txt examples/math_bench.pl examples/multisession-test.pl src/c-apps/Makefile diff --git a/examples/redis-accounts.example.txt b/examples/redis-accounts.example.txt deleted file mode 100644 index e2ceeaa..0000000 --- a/examples/redis-accounts.example.txt +++ /dev/null @@ -1,34 +0,0 @@ - -SET comment "opensrf clients can perform all opensrf-level actions" -SET COMMENT "opensrf accounts send requets to opensrf:router:* queues" -SET COMMENT "opensrf accounts send replies to opensrf:client:* queues" -SET COMMENT "opensrf accounts lpop requests from their opensrf:servivce: queue." -SET COMMENT "TODO: separate Listener vs Drone accounts to prevent Drones / standalone clients from accessing opensrf:service:*" - -ACL SETUSER opensrf reset -ACL SETUSER opensrf on >password -ACL SETUSER opensrf -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:service:* ~opensrf:client:* - -SET comment "routers lpop requests from their own opensrf:router:* queues" -SET comment "routers send requests to opensrf:service:* queues" -SET comment "routers send replies to opensrf:client:* queues" - -ACL SETUSER router reset -ACL SETUSER router on >password -ACL SETUSER router -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:service:* ~opensrf:client:* - -SET comment "gateway accounts send request to opensrf:router:* queues" -SET comment "gateway accounts send subsequent, stateful requests to opensrf:client:* queues" - -ACL SETUSER gateway reset -ACL SETUSER gateway on >password -ACL SETUSER gateway -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:client:* - -SET comment "admin can do anything" - -ACL SETUSER admin reset -ACL SETUSER admin on >password -ACL SETUSER admin +@all ~* - -DEL comment - diff --git a/examples/redis-accounts.txt.in b/examples/redis-accounts.txt.in new file mode 100644 index 0000000..becb5e4 --- /dev/null +++ b/examples/redis-accounts.txt.in @@ -0,0 +1,34 @@ + +SET comment "opensrf clients can perform all opensrf-level actions" +SET COMMENT "opensrf accounts send requets to opensrf:router:* queues" +SET COMMENT "opensrf accounts send replies to opensrf:client:* queues" +SET COMMENT "opensrf accounts lpop requests from their opensrf:servivce: queue." +SET COMMENT "TODO: separate Listener vs Drone accounts to prevent Drones / standalone clients from accessing opensrf:service:*" + +ACL SETUSER opensrf reset +ACL SETUSER opensrf on >@OPENSRF_BUS_PASS@ +ACL SETUSER opensrf -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:service:* ~opensrf:client:* + +SET comment "routers lpop requests from their own opensrf:router:* queues" +SET comment "routers send requests to opensrf:service:* queues" +SET comment "routers send replies to opensrf:client:* queues" + +ACL SETUSER router reset +ACL SETUSER router on >@ROUTER_BUS_PASS@ +ACL SETUSER router -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:service:* ~opensrf:client:* + +SET comment "gateway accounts send request to opensrf:router:* queues" +SET comment "gateway accounts send subsequent, stateful requests to opensrf:client:* queues" + +ACL SETUSER gateway reset +ACL SETUSER gateway on >@GATEWAY_BUS_PASS@ +ACL SETUSER gateway -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:client:* + +SET comment "admin can do anything" + +ACL SETUSER admin reset +ACL SETUSER admin on >@ADMIN_BUS_PASS@ +ACL SETUSER admin +@all ~* + +DEL comment + diff --git a/src/Makefile.am b/src/Makefile.am index 8b9eb6b..4ca5dea 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -34,7 +34,7 @@ if BUILDCORE MAYBE_CORE = libopensrf c-apps srfsh gateway perl websocket-stdio dist_bin_SCRIPTS = @top_srcdir@/bin/opensrf-perl.pl bin_SCRIPTS = @top_srcdir@/bin/osrf_config -dist_sysconf_DATA = @top_srcdir@/examples/opensrf.xml.example @top_srcdir@/examples/opensrf_core.xml.example @top_srcdir@/examples/srfsh.xml.example @top_srcdir@/examples/redis-accounts.example.txt +dist_sysconf_DATA = @top_srcdir@/examples/opensrf.xml.example @top_srcdir@/examples/opensrf_core.xml.example @top_srcdir@/examples/srfsh.xml.example @top_srcdir@/examples/redis-accounts.txt endif SUBDIRS = $(MAYBE_CORE) $(MAYBE_PY) $(MAYBE_JA)