[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] Generate a random password for the icinga/icingaweb databases

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Mon Aug 7 15:13:27 BST 2023



Mike Gabriel pushed to branch master at Debian Edu / debian-edu-config


Commits:
67ea7417 by Guido Berhoerster at 2023-08-07T14:11:55+00:00
Generate a random password for the icinga/icingaweb databases

Closes: #1040015

- - - - -


1 changed file:

- share/debian-edu-config/tools/edu-icinga-setup


Changes:

=====================================
share/debian-edu-config/tools/edu-icinga-setup
=====================================
@@ -34,6 +34,11 @@ FIRSTUSERNAME="$RET"
 # run 'mysql_secure_installation'.)
 
 setup_icinga() {
+	# Generate random password (alphanumeric ASCII characters only in order
+	# to avoid problems with quoting below)
+	password="$(LC_ALL=C tr -cd '[:alnum:]' < /dev/urandom | dd bs=1 count=16 2>/dev/null)"
+	[ -n "${password}" ] || exit 1
+
 	# Delete anonymous users
 	mysql -e "DELETE FROM mysql.user WHERE User='';"
 	# Ensure the root user can not log in remotely
@@ -55,7 +60,7 @@ setup_icinga() {
 	GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
 	ON icingadb.*
 	TO 'icinga2'@'localhost'
-	IDENTIFIED BY 'v64nhbe27dfBjR3T';
+	IDENTIFIED BY '${password}';
 	FLUSH PRIVILEGES;
 	"
 	# Install the MySQL schema required for the Icinga 2 database
@@ -63,7 +68,7 @@ setup_icinga() {
 
 	# Adjust the Icinga 2 MySQL IDO configuration
 	#sed -i "/user/ s%icinga2%$FIRSTUSERNAME%" "/etc/icinga2/features-available/ido-mysql.conf"
-	sed -i "/password/ s%\".*\"%\"v64nhbe27dfBjR3T\"%" "/etc/icinga2/features-available/ido-mysql.conf"
+	sed -i "/password/s/.*/  password = \"${password}\",/" /etc/icinga2/features-available/ido-mysql.conf
 	sed -i '/database/ s%icinga2%icingadb%' /etc/icinga2/features-available/ido-mysql.conf
 
 	# Enable ido-mysql feature
@@ -75,7 +80,7 @@ setup_icinga() {
 	GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
 	ON icingaweb2.*
 	TO 'icingaweb2'@'localhost'
-	IDENTIFIED BY 'v64nhbe27dfBjR3T';
+	IDENTIFIED BY '${password}';
 	FLUSH PRIVILEGES;
 	"
 	# Install the MySQL schema required for the Icinga Web 2 database
@@ -147,7 +152,7 @@ setup_icinga() {
 	port = ""
 	dbname = "icingaweb2"
 	username = "icingaweb2"
-	password = "v64nhbe27dfBjR3T"
+	password = "${password}"
 	charset = ""
 	use_ssl = "0"
 
@@ -158,7 +163,7 @@ setup_icinga() {
 	port = ""
 	dbname = "icingadb"
 	username = "icinga2"
-	password = "v64nhbe27dfBjR3T"
+	password = "${password}"
 	charset = ""
 	use_ssl = "0"
 	EOF



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/67ea74172d0eb5a95d9eb50fab0d6da07324a07e

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/67ea74172d0eb5a95d9eb50fab0d6da07324a07e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230807/f01eaa02/attachment-0001.htm>


More information about the debian-edu-commits mailing list