| Thomas Vachuska | 12bf445 | 2015-06-26 09:15:38 -0700 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | # ----------------------------------------------------------------------------- |
| 3 | # Enables secure access to ONOS console by removing default users & keys. |
| 4 | # ----------------------------------------------------------------------------- |
| 5 | |
| 6 | rm -f $(dirname $0)/onos |
| 7 | |
| 8 | set -e |
| 9 | |
| Thomas Vachuska | eff0e4e | 2015-08-11 00:26:24 -0700 | [diff] [blame^] | 10 | # Scan argument for user/password or other options... |
| 11 | while getopts u:p: o; do |
| 12 | case "$o" in |
| 13 | u) user=$OPTARG;; |
| 14 | p) password=$OPTARG;; |
| 15 | esac |
| 16 | done |
| 17 | password=${password:-user} # password defaults to the user name if not specified |
| 18 | let OPC=$OPTIND-1 |
| 19 | shift $OPC |
| 20 | |
| Thomas Vachuska | 12bf445 | 2015-06-26 09:15:38 -0700 | [diff] [blame] | 21 | cd $(dirname $0)/../apache-karaf-*/etc |
| 22 | USERS=users.properties |
| 23 | KEYS=keys.properties |
| 24 | |
| 25 | # Remove the built-in users and keys to secure the access implicitly. |
| 26 | egrep -v "^(karaf|onos)[ ]*=" $USERS > $USERS.new && mv $USERS.new $USERS |
| 27 | egrep -v "^(#karaf|onos)[ ]*=" $KEYS > $KEYS.new && mv $KEYS.new $KEYS |
| 28 | |
| 29 | # Remove any previous known keys for the local host. |
| 30 | ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:8101 |
| 31 | |
| Thomas Vachuska | eff0e4e | 2015-08-11 00:26:24 -0700 | [diff] [blame^] | 32 | # Swap the onos client to use the SSH variant. |
| Thomas Vachuska | 12bf445 | 2015-06-26 09:15:38 -0700 | [diff] [blame] | 33 | ln -s $(dirname $0)/onos-ssh $(dirname $0)/onos |
| Thomas Vachuska | eff0e4e | 2015-08-11 00:26:24 -0700 | [diff] [blame^] | 34 | |
| 35 | # If user and password options were given, setup the user/password. |
| 36 | if [ -n "$user" -a -n "$password" ]; then |
| 37 | echo "$user = $password,_g_:admingroup" >> $USERS |
| 38 | fi |