-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #104 from crowdsecurity/fix_upgrade_process_pkg
Generate API key when upgrade also
- Loading branch information
Showing
2 changed files
with
54 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -57,32 +57,44 @@ START=0 | |
|
|
||
| systemctl is-active --quiet crowdsec | ||
|
|
||
| if [ "$?" -eq "0" ] ; then | ||
| START=1 | ||
| echo "cscli/crowdsec is present, generating API key" | ||
| unique=`date +%s` | ||
| API_KEY=`sudo cscli -oraw bouncers add cloudflareBouncer-${unique}` | ||
| if [ $? -eq 1 ] ; then | ||
| echo "failed to create API token, service won't be started." | ||
| START=0 | ||
| API_KEY="<API_KEY>" | ||
| else | ||
| echo "API Key : ${API_KEY}" | ||
| if [ "$1" == "1" ] ; then | ||
| type cscli > /dev/null | ||
| if [ "$?" -eq "0" ] ; then | ||
| must_generate=$(grep -s '${API_KEY}' /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml | wc -l) | ||
| if [ "$must_generate" -eq "1" ] ; then | ||
| START=1 | ||
| echo "cscli/crowdsec is present, generating API key" | ||
| unique=`date +%s` | ||
| API_KEY=`sudo cscli -oraw bouncers add cloudflareBouncer-${unique}` | ||
| if [ $? -eq 1 ] ; then | ||
| echo "failed to create API token, service won't be started." | ||
| START=0 | ||
| API_KEY="<API_KEY>" | ||
| else | ||
| echo "API Key : ${API_KEY}" | ||
| fi | ||
| TMP=`mktemp -p /tmp/` | ||
| cp /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml ${TMP} | ||
| API_KEY=${API_KEY} envsubst < ${TMP} > /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml | ||
| rm ${TMP} | ||
| else | ||
| echo "Not generating API key because already present" | ||
| fi | ||
| fi | ||
| else | ||
| START=1 | ||
| fi | ||
|
|
||
| TMP=`mktemp -p /tmp/` | ||
| cp /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml ${TMP} | ||
| API_KEY=${API_KEY} envsubst < ${TMP} > /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml | ||
| rm ${TMP} | ||
|
|
||
| echo "If this is fresh install or you've installed the package maintainer's version of configuration, please configure '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'." | ||
| echo "Configuration can be autogenerated using 'sudo crowdsec-cloudflare-bouncer -g <CF_TOKEN_1>,<CF_TOKEN_2> -o /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'." | ||
| echo "After configuration run the command 'sudo systemctl start crowdsec-cloudflare-bouncer.service' to start the bouncer" | ||
| echo "Don't forget to (re)generate CrowdSec API key if it is installed on another server or/and if you have upgraded and installed the package maintainer's version." | ||
|
|
||
| if [ ${START} -eq 0 ] ; then | ||
| echo "no api key was generated, you can generate one on your LAPI Server by running 'cscli bouncers add <bouncer_name>' and add it to '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'" | ||
| fi | ||
|
|
||
| echo "please enter your Cloudflare account ID and Token path in '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml' and start the bouncer via 'sudo systemctl start crowdsec-cloudflare-bouncer' " | ||
|
|
||
|
|
||
|
|
||
| %changelog | ||
| * Fri Sep 10 2021 Kevin Kadosh <[email protected]> | ||
|
|
||