X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=bootstrap-user;h=d1bbaa5e5968f1886b320c000944186003e71ede;hb=c42ac8c37981e754dba23ec179cbaf74b6eed87e;hp=dc6079cb26edf79140051fcc2fd8102ac034dfa9;hpb=81dc8132d05121442ac1396d094b67e793ab38b0;p=infra.git diff --git a/bootstrap-user b/bootstrap-user index dc6079c..d1bbaa5 100755 --- a/bootstrap-user +++ b/bootstrap-user @@ -76,6 +76,15 @@ function register { --data-urlencode "process=Weiter" \ --data-urlencode "csrf=$csrf" > /dev/null } +function check_error { + cat > $folder/page_output + cat $folder/page_output >> $folder/log + if grep -q "error-msgs" $folder/page_output; then + cat $folder/page_output + exit 1 + fi +} + if ! type curl > /dev/null; then echo "requires curl" >&2 exit 1 @@ -128,7 +137,7 @@ sudo lxc-attach -n gigi -- systemctl stop gigi-proxy.service csrf=$(mcurl login -c $folder/cookie-jar | csrf) open-jar $folder/cookie-jar -mcurl login -c $folder/cookie-jar --data-urlencode "username=$adminEmail" --data-urlencode "password=$adminPw" --data-urlencode "csrf=$csrf" &>/dev/null +mcurl login -c $folder/cookie-jar --data-urlencode "username=$adminEmail" --data-urlencode "password=$adminPw" --data-urlencode "csrf=$csrf" | check_error open-jar $folder/cookie-jar echo "Creating organisation" @@ -140,16 +149,18 @@ if ! grep -q '^[0-9]\+$' <<< $mgmOid; then fi printf "Management Organisation id is \"%s\"\n" "$mgmOid" -echo "add self as orgadmin for organisation" -csrf=$(mcurl orga/$mgmOid | csrf "head -n 2" "tail -n 1") -mcurl orga/$mgmOid --data-urlencode "email=$adminEmail" --data-urlencode "master=y" --data-urlencode "do_affiliate=Add" --data-urlencode "csrf=$csrf" &>/dev/null -echo "adding org-domain" +printf "adding org-domain for org %s: %s\n" "$mgmOid" "$hostname" csrf=$(mcurl orga/$mgmOid | csrf "head -n 4" "tail -n 1") domainName="$hostname" -mcurl orga/$mgmOid -d "domain=$domainName&addDomain=action&csrf=$csrf" &> /dev/null +mcurl orga/$mgmOid -d "domain=$domainName&addDomain=action&csrf=$csrf" | check_error + +echo "using SQL to add self as orgadmin for organisation" +sudo lxc-attach -n postgres-primary -- su -c "psql -d gigi" postgres < /dev/null +csrf=$(mcurl account/details -v | csrf "tail -1") +mcurl account/details -v -d "orgaForm=orga&org%3A$mgmOid&csrf=$csrf" | check_error echo "Configuring pings for the domain" domain=$(mcurl "account/domains" | grep "/account/domains/" | sed "s_.*/\([0-9]\+\)'.*_\1_") @@ -174,7 +185,7 @@ setfacl -m user:puppet:r $folder/self-priv cp --preserve=all $folder/self-priv modules/gigi/files/gigi.key sudo lxc-attach -n front-nginx -- puppet agent --test --verbose -mcurl "account/domains/$domain" -d "HTTPType=y&SSLType=y&ssl-type-0=direct&ssl-port-0=443&ssl-type-1=direct&ssl-port-1=&ssl-type-2=direct&ssl-port-2=&ssl-type-3=direct&ssl-port-3=&csrf=$csrf" > /dev/null +mcurl "account/domains/$domain" -d "HTTPType=y&SSLType=y&ssl-type-0=direct&ssl-port-0=443&ssl-type-1=direct&ssl-port-1=&ssl-type-2=direct&ssl-port-2=&ssl-type-3=direct&ssl-port-3=&csrf=$csrf" | check_error echo "Pings configured... waiting" sleep 5 @@ -189,7 +200,7 @@ function issue { openssl req -newkey rsa:4096 -subj "/CN=blabla" -nodes -out $folder/req -keyout $folder/priv encoded=$(tr '\n' '?' < $folder/req | sed "s/=/%3D/g;s/+/%2B/g;s/\?/%0A/g") - mcurl account/certs/new -d "CSR=$encoded&process=Next&csrf=$csrf" > /dev/null + mcurl account/certs/new -d "CSR=$encoded&process=Next&csrf=$csrf" | check_error serial=$(mcurl account/certs/new -d "$options&OU=&hash_alg=SHA256&validFrom=now&validity=2y&login=1&description=&process=Issue+Certificate&csrf=$csrf" -v 2>&1 | tee $folder/certlog | grep "< Location: " | sed "s_.*/\([a-f0-9]*\)[^0-9]*_\1_") echo "Certificate: $serial"