Merge pull request #27 from NethServer/noPasswordInEnv

Store admin password in separate file NethServer/dev#6969
NethServer · Jul 29, 2024 · cb29c17 · cb29c17
2 parents 8250a7c + 80441a0
commit cb29c17
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 6 deletions.
diff --git a/imageroot/actions/configure-module/20configure b/imageroot/actions/configure-module/20configure
@@ -42,11 +42,8 @@ password = data.get("admin_password", "")
 agent.set_env("TRAEFIK_HOST", host)
 agent.set_env("TRAEFIK_HTTP2HTTPS", h2hs)
 agent.set_env("TRAEFIK_LETS_ENCRYPT", le)
-agent.set_env("ADMIN_PASSWORD", password)
+agent.write_envfile("password.env", {"password": password})
 
-# Make sure everything is saved inside the environment file
-# just before starting systemd unit
-agent.dump_env()
 
 # Find default traefik instance for current node
 default_traefik_id = agent.resolve_agent_id('traefik@node')

diff --git a/imageroot/actions/get-configuration/20read b/imageroot/actions/get-configuration/20read
@@ -27,7 +27,11 @@ import agent
 # Prepare return variable
 config = {}
 
-config["admin_password"] =  os.environ.get("ADMIN_PASSWORD",'')
+if os.path.exists("password.env"):
+    config["admin_password"] = agent.read_envfile("password.env")["password"]
+else:
+    config["admin_password"] = ""
+
 config["host"] = os.environ.get("TRAEFIK_HOST",'')
 config["http2https"] =  os.environ.get("TRAEFIK_HTTP2HTTPS","False") == "True"
 config["lets_encrypt"] =  os.environ.get("TRAEFIK_LETS_ENCRYPT","False") == "True"

diff --git a/imageroot/systemd/user/collabora.service b/imageroot/systemd/user/collabora.service
@@ -13,7 +13,7 @@ ExecStart=/usr/bin/podman run --conmon-pidfile %t/collabora.pid \
     --replace -d --name  collabora --cap-add MKNOD \
     --env aliasgroup2=https://${TRAEFIK_HOST}:443 \
     --env username=admin \
-    --env password=${ADMIN_PASSWORD} \
+    --env-file=%S/state/password.env \
     --env "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:security.capabilities=false" \
     --env dictionnaries="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" \
     --publish 127.0.0.1:${TCP_PORT}:9980 \

diff --git a/imageroot/update-module.d/10upgrade_password b/imageroot/update-module.d/10upgrade_password
@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2024 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+import sys
+import agent
+import os
+
+# perform the upgrade from collabora:1.0.5
+
+# Get the ADMIN_PASSWORD environment variable
+admin_password = os.getenv('ADMIN_PASSWORD')
+
+if admin_password:
+    agent.write_envfile("password.env", {"password": admin_password})
+    agent.unset_env("ADMIN_PASSWORD")