[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] Generate a random password for the icinga/icingaweb databases
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Mon Aug 7 15:13:27 BST 2023
Mike Gabriel pushed to branch master at Debian Edu / debian-edu-config
Commits:
67ea7417 by Guido Berhoerster at 2023-08-07T14:11:55+00:00
Generate a random password for the icinga/icingaweb databases
Closes: #1040015
- - - - -
1 changed file:
- share/debian-edu-config/tools/edu-icinga-setup
Changes:
=====================================
share/debian-edu-config/tools/edu-icinga-setup
=====================================
@@ -34,6 +34,11 @@ FIRSTUSERNAME="$RET"
# run 'mysql_secure_installation'.)
setup_icinga() {
+ # Generate random password (alphanumeric ASCII characters only in order
+ # to avoid problems with quoting below)
+ password="$(LC_ALL=C tr -cd '[:alnum:]' < /dev/urandom | dd bs=1 count=16 2>/dev/null)"
+ [ -n "${password}" ] || exit 1
+
# Delete anonymous users
mysql -e "DELETE FROM mysql.user WHERE User='';"
# Ensure the root user can not log in remotely
@@ -55,7 +60,7 @@ setup_icinga() {
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
ON icingadb.*
TO 'icinga2'@'localhost'
- IDENTIFIED BY 'v64nhbe27dfBjR3T';
+ IDENTIFIED BY '${password}';
FLUSH PRIVILEGES;
"
# Install the MySQL schema required for the Icinga 2 database
@@ -63,7 +68,7 @@ setup_icinga() {
# Adjust the Icinga 2 MySQL IDO configuration
#sed -i "/user/ s%icinga2%$FIRSTUSERNAME%" "/etc/icinga2/features-available/ido-mysql.conf"
- sed -i "/password/ s%\".*\"%\"v64nhbe27dfBjR3T\"%" "/etc/icinga2/features-available/ido-mysql.conf"
+ sed -i "/password/s/.*/ password = \"${password}\",/" /etc/icinga2/features-available/ido-mysql.conf
sed -i '/database/ s%icinga2%icingadb%' /etc/icinga2/features-available/ido-mysql.conf
# Enable ido-mysql feature
@@ -75,7 +80,7 @@ setup_icinga() {
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
ON icingaweb2.*
TO 'icingaweb2'@'localhost'
- IDENTIFIED BY 'v64nhbe27dfBjR3T';
+ IDENTIFIED BY '${password}';
FLUSH PRIVILEGES;
"
# Install the MySQL schema required for the Icinga Web 2 database
@@ -147,7 +152,7 @@ setup_icinga() {
port = ""
dbname = "icingaweb2"
username = "icingaweb2"
- password = "v64nhbe27dfBjR3T"
+ password = "${password}"
charset = ""
use_ssl = "0"
@@ -158,7 +163,7 @@ setup_icinga() {
port = ""
dbname = "icingadb"
username = "icinga2"
- password = "v64nhbe27dfBjR3T"
+ password = "${password}"
charset = ""
use_ssl = "0"
EOF
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/67ea74172d0eb5a95d9eb50fab0d6da07324a07e
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/67ea74172d0eb5a95d9eb50fab0d6da07324a07e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230807/f01eaa02/attachment-0001.htm>
More information about the debian-edu-commits
mailing list