Remove DB credentials from config.php
Better validation when config.php does not exist Update docs and quote password only populate legacy vars in config_to_json drop .travis.yml config copy remove credentials from config.php.default Check for existance of .env instead of config.php in python scripts legacy credential cleanup tiny cleanups consistent env for artisan server and artisan dusk
This commit is contained in:
parent
b9bd2b3d08
commit
5f0388f0e3
|
@ -1,4 +1,3 @@
|
|||
APP_URL=http://localhost:8000
|
||||
APP_KEY=base64:FSjpEaK3F9HnO40orj7FlbRI0loi1vtB3dVBcB9XaDk=
|
||||
APP_ENV=testing
|
||||
APP_DEBUG=true
|
||||
|
|
|
@ -27,7 +27,6 @@ before_install:
|
|||
- sudo apt-get -qq update
|
||||
- sudo apt-get install -y snmp fping python3-pip python3-setuptools
|
||||
- mysql -e 'CREATE DATABASE librenms_phpunit_78hunjuybybh CHARACTER SET utf8 COLLATE utf8_unicode_ci;'
|
||||
- cp tests/config/config.test.php config.php
|
||||
|
||||
install:
|
||||
- travis_retry composer install --no-interaction --prefer-dist --no-suggest
|
||||
|
|
|
@ -450,6 +450,9 @@ class Config
|
|||
}
|
||||
|
||||
self::populateTime();
|
||||
|
||||
// populate legacy DB credentials, just in case something external uses them. Maybe remove this later
|
||||
self::populateLegacyDbCredentials();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -488,42 +491,6 @@ class Config
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get just the database connection settings from config.php
|
||||
*
|
||||
* @return array (keys: db_host, db_port, db_name, db_user, db_pass, db_socket)
|
||||
*/
|
||||
public static function getDatabaseSettings()
|
||||
{
|
||||
// Do not access global $config in this function!
|
||||
|
||||
$keys = $config = [
|
||||
'db_host' => '',
|
||||
'db_port' => '',
|
||||
'db_name' => '',
|
||||
'db_user' => '',
|
||||
'db_pass' => '',
|
||||
'db_socket' => '',
|
||||
];
|
||||
|
||||
if (is_file(__DIR__ . '/../config.php')) {
|
||||
include __DIR__ . '/../config.php';
|
||||
}
|
||||
|
||||
// Check for testing database
|
||||
if (isset($config['test_db_name'])) {
|
||||
putenv('DB_TEST_DATABASE=' . $config['test_db_name']);
|
||||
}
|
||||
if (isset($config['test_db_user'])) {
|
||||
putenv('DB_TEST_USERNAME=' . $config['test_db_user']);
|
||||
}
|
||||
if (isset($config['test_db_pass'])) {
|
||||
putenv('DB_TEST_PASSWORD=' . $config['test_db_pass']);
|
||||
}
|
||||
|
||||
return array_intersect_key($config, $keys); // return only the db settings
|
||||
}
|
||||
|
||||
/**
|
||||
* Locate the actual path of a binary
|
||||
*
|
||||
|
@ -565,4 +532,16 @@ class Config
|
|||
self::set('time.year', $now - 31536000); // time() - (365 * 24 * 60 * 60);
|
||||
self::set('time.twoyear', $now - 63072000); // time() - (2 * 365 * 24 * 60 * 60);
|
||||
}
|
||||
|
||||
public static function populateLegacyDbCredentials()
|
||||
{
|
||||
$db = config('database.default');
|
||||
|
||||
self::set('db_host', config("database.connections.$db.host", 'localhost'));
|
||||
self::set('db_name', config("database.connections.$db.database", 'librenms'));
|
||||
self::set('db_user', config("database.connections.$db.username", 'librenms'));
|
||||
self::set('db_pass', config("database.connections.$db.password"));
|
||||
self::set('db_port', config("database.connections.$db.port", 3306));
|
||||
self::set('db_socket', config("database.connections.$db.unix_socket"));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -100,7 +100,7 @@ class OS
|
|||
|
||||
// remove previously cached os settings and replace with user settings
|
||||
$config = ['os' => []]; // local $config variable, not global
|
||||
include "$install_dir/config.php"; // FIXME load db settings too or don't load config.php
|
||||
@include "$install_dir/config.php"; // FIXME load db settings too or don't load config.php
|
||||
Config::set('os', $config['os']);
|
||||
|
||||
// load the os defs fresh from cache (merges with existing OS settings)
|
||||
|
|
|
@ -107,7 +107,7 @@ class Database extends BaseValidation
|
|||
|
||||
private function checkMysqlEngine(Validator $validator)
|
||||
{
|
||||
$db = Config::get('db_name', 'librenms');
|
||||
$db = \config('database.connections.'.\config('database.default').'.database');
|
||||
$query = "SELECT `TABLE_NAME` FROM information_schema.tables WHERE `TABLE_SCHEMA` = '$db' && `ENGINE` != 'InnoDB'";
|
||||
$tables = dbFetchRows($query);
|
||||
if (!empty($tables)) {
|
||||
|
|
|
@ -44,13 +44,12 @@ class User extends BaseValidation
|
|||
{
|
||||
// Check we are running this as the root user
|
||||
$username = $validator->getUsername();
|
||||
$lnms_username = Config::get('user');
|
||||
$lnms_username = Config::get('user', 'librenms');
|
||||
$lnms_groupname = Config::get('group', $lnms_username); // if group isn't set, fall back to user
|
||||
|
||||
if (!($username === 'root' || $username === $lnms_username)) {
|
||||
if (isCli()) {
|
||||
$validator->fail('You need to run this script as root' .
|
||||
(Config::has('user') ? ' or ' . $lnms_username : ''));
|
||||
$validator->fail("You need to run this script as $lnms_username or root");
|
||||
} elseif (function_exists('posix_getgrnam')) {
|
||||
$lnms_group = posix_getgrnam($lnms_groupname);
|
||||
if (!in_array($username, $lnms_group['members'])) {
|
||||
|
@ -73,7 +72,7 @@ class User extends BaseValidation
|
|||
}
|
||||
|
||||
// Let's test the user configured if we have it
|
||||
if (Config::has('user')) {
|
||||
if ($lnms_username) {
|
||||
$dir = Config::get('install_dir');
|
||||
$log_dir = Config::get('log_dir', "$dir/logs");
|
||||
$rrd_dir = Config::get('rrd_dir', "$dir/rrd");
|
||||
|
|
|
@ -39,12 +39,12 @@ class CheckInstalled
|
|||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$installed = !config('librenms.install') && file_exists(base_path('config.php'));
|
||||
$installed = !config('librenms.install') && file_exists(base_path('.env'));
|
||||
$is_install_route = $request->is('install*');
|
||||
|
||||
if (!$installed && !$is_install_route) {
|
||||
// no config.php does so let's redirect to the install
|
||||
return redirect(route('install'));
|
||||
return redirect()->route('install');
|
||||
} elseif ($installed && $is_install_route) {
|
||||
throw new AuthorizationException('This should only be called during install');
|
||||
}
|
||||
|
|
|
@ -2,19 +2,13 @@
|
|||
|
||||
## Have a look in misc/config_definitions.json for examples of settings you can set here. DO NOT EDIT misc/config_definitions.json!
|
||||
|
||||
### Database config
|
||||
$config['db_host'] = 'localhost';
|
||||
$config['db_user'] = 'USERNAME';
|
||||
$config['db_pass'] = 'PASSWORD';
|
||||
$config['db_name'] = 'librenms';
|
||||
|
||||
// This is the user LibreNMS will run as
|
||||
//Please ensure this user is created and has the correct permissions to your install
|
||||
$config['user'] = 'librenms';
|
||||
|
||||
### This should *only* be set if you want to *force* a particular hostname/port
|
||||
### It will prevent the web interface being usable form any other hostname
|
||||
$config['base_url'] = "/";
|
||||
#$config['base_url'] = "/";
|
||||
|
||||
### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir
|
||||
### and that your web server has permission to talk to rrdcached.
|
||||
|
|
|
@ -9,9 +9,6 @@
|
|||
*/
|
||||
|
||||
use Illuminate\Support\Str;
|
||||
use LibreNMS\Config;
|
||||
|
||||
$fallback_db_config = Config::getDatabaseSettings();
|
||||
|
||||
return [
|
||||
|
||||
|
@ -26,7 +23,7 @@ return [
|
|||
|
|
||||
*/
|
||||
|
||||
'default' => env('DB_CONNECTION', env('DBTEST') ? 'testing' : 'mysql'),
|
||||
'default' => env('DB_CONNECTION', env('APP_ENV') == 'testing' ? 'testing' : 'mysql'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
@ -56,13 +53,12 @@ return [
|
|||
|
||||
'mysql' => [
|
||||
'driver' => 'mysql',
|
||||
'url' => env('DATABASE_URL'),
|
||||
'host' => env('DB_HOST', $fallback_db_config['db_host']),
|
||||
'port' => env('DB_PORT', $fallback_db_config['db_port']),
|
||||
'database' => env('DB_DATABASE', $fallback_db_config['db_name']),
|
||||
'username' => env('DB_USERNAME', $fallback_db_config['db_user']),
|
||||
'password' => env('DB_PASSWORD', $fallback_db_config['db_pass']),
|
||||
'unix_socket' => env('DB_SOCKET', $fallback_db_config['db_socket']),
|
||||
'host' => env('DB_HOST', 'localhost'),
|
||||
'port' => env('DB_PORT', ''),
|
||||
'database' => env('DB_DATABASE', 'librenms'),
|
||||
'username' => env('DB_USERNAME', 'librenms'),
|
||||
'password' => env('DB_PASSWORD', ''),
|
||||
'unix_socket' => env('DB_SOCKET', ''),
|
||||
'charset' => 'utf8',
|
||||
'collation' => 'utf8_unicode_ci',
|
||||
'prefix' => '',
|
||||
|
|
|
@ -13,5 +13,8 @@ $init_modules = ['nodb'];
|
|||
require __DIR__ . '/includes/init.php';
|
||||
|
||||
if (isCli()) {
|
||||
// fill in db variables for legacy external scripts
|
||||
Config::populateLegacyDbCredentials();
|
||||
|
||||
echo Config::toJson();
|
||||
}
|
||||
|
|
|
@ -185,7 +185,7 @@ if __name__ == '__main__':
|
|||
logger = LNMS.logger_get_logger(LOG_FILE, debug=_DEBUG)
|
||||
|
||||
install_dir = os.path.dirname(os.path.realpath(__file__))
|
||||
LNMS.check_for_file(install_dir + '/config.php')
|
||||
LNMS.check_for_file(install_dir + '/.env')
|
||||
config = json.loads(LNMS.get_config_data(install_dir))
|
||||
|
||||
discovery_path = config['install_dir'] + '/discovery.php'
|
||||
|
|
|
@ -76,14 +76,14 @@ Enable debug output to troubleshoot issues
|
|||
|
||||
Config option: `mysql`
|
||||
|
||||
This is default option with LibreNMS so you should have already have
|
||||
the configuration setup.
|
||||
This is default option with LibreNMS so you should have already have the configuration setup in your
|
||||
environment file (.env).
|
||||
|
||||
```php
|
||||
$config['db_host'] = "HOSTNAME";
|
||||
$config['db_user'] = "DBUSER";
|
||||
$config['db_pass'] = "DBPASS";
|
||||
$config['db_name'] = "DBNAME";
|
||||
```dotenv
|
||||
DB_HOST=HOSTNAME
|
||||
DB_DATABASE=DBNAME
|
||||
DB_USERNAME=DBUSER
|
||||
DB_PASSWORD="DBPASS"
|
||||
```
|
||||
|
||||
# Active Directory Authentication
|
||||
|
|
|
@ -28,22 +28,25 @@ Log files created by LibreNMS will be stored within this directory.
|
|||
|
||||
# Database config
|
||||
|
||||
These are the configuration options you will need to use to specify to get started.
|
||||
Set these variables either in .env or in the environment.
|
||||
|
||||
```php
|
||||
$config['db_host'] = '127.0.0.1';
|
||||
$config['db_port'] = 3306;
|
||||
$config['db_user'] = '';
|
||||
$config['db_pass'] = '';
|
||||
$config['db_name'] = '';
|
||||
```dotenv
|
||||
DB_HOST=127.0.0.1
|
||||
DB_DATABASE=librenms
|
||||
DB_USERNAME=DBUSER
|
||||
DB_PASSWORD="DBPASS"
|
||||
```
|
||||
|
||||
If you use a unix socket, you can specify it with these options:
|
||||
Use non-standard port:
|
||||
|
||||
```php
|
||||
$config['db_host'] = NULL;
|
||||
$config['db_port'] = NULL;
|
||||
$config['db_socket'] = '/run/mysqld/mysqld.sock';
|
||||
```dotenv
|
||||
DB_PORT=3306
|
||||
```
|
||||
|
||||
Use a unix socket:
|
||||
|
||||
```dotenv
|
||||
DB_SOCKET=/run/mysqld/mysqld.sock
|
||||
```
|
||||
|
||||
# Core
|
||||
|
|
|
@ -531,20 +531,11 @@ menu similarly to device types.
|
|||
|
||||
If you've changed your database credentials then you will need to
|
||||
update LibreNMS with those new details.
|
||||
Please edit both `config.php` and `.env`
|
||||
|
||||
config.php:
|
||||
|
||||
```php
|
||||
$config['db_host'] = '';
|
||||
$config['db_user'] = '';
|
||||
$config['db_pass'] = '';
|
||||
$config['db_name'] = '';
|
||||
```
|
||||
Please edit `.env`
|
||||
|
||||
[.env](../Support/Environment-Variables.md#database):
|
||||
|
||||
```bash
|
||||
```dotenv
|
||||
DB_HOST=
|
||||
DB_DATABASE=
|
||||
DB_USERNAME=
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* db-update.inc.php
|
||||
*
|
||||
* Run database update/deploy for installer
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* @package LibreNMS
|
||||
* @link http://librenms.org
|
||||
* @copyright 2017 Tony Murray
|
||||
* @author Tony Murray <murraytony@gmail.com>
|
||||
*/
|
||||
|
||||
$init_modules = ['web', 'nodb'];
|
||||
require \LibreNMS\Config::get('install_dir') . '/includes/init.php';
|
||||
var_dump(session()->all()); exit;
|
||||
|
||||
if (file_exists(\LibreNMS\Config::get('install_dir') . '/config.php')) {
|
||||
echo("This should only be called during install");
|
||||
exit;
|
||||
}
|
||||
|
||||
header("Content-type: text/plain");
|
||||
header('X-Accel-Buffering: no');
|
||||
|
||||
|
||||
\LibreNMS\DB\Eloquent::setConnection(
|
||||
'setup',
|
||||
session('dbhost'),
|
||||
session('dbuser'),
|
||||
session('dbpass'),
|
||||
session('dbname'),
|
||||
session('dbport')
|
||||
);
|
||||
|
||||
echo "Starting Update...\n";
|
||||
try {
|
||||
$ret = \Artisan::call('migrate', ['--seed' => true, '--force' => true, '--database' => 'setup']);
|
||||
|
||||
echo \Artisan::output();
|
||||
|
||||
if ($ret == 0 && \LibreNMS\DB\Schema::isCurrent()) {
|
||||
echo "\n\nSuccess!";
|
||||
} else {
|
||||
echo "\n\nError!";
|
||||
http_response_code(500);
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n\nError!";
|
||||
http_response_code(500);
|
||||
}
|
||||
|
|
@ -177,7 +177,7 @@ if __name__ == '__main__':
|
|||
logger = LNMS.logger_get_logger(LOG_FILE, debug=_DEBUG)
|
||||
|
||||
install_dir = os.path.dirname(os.path.realpath(__file__))
|
||||
LNMS.check_for_file(install_dir + '/config.php')
|
||||
LNMS.check_for_file(install_dir + '/.env')
|
||||
config = json.loads(LNMS.get_config_data(install_dir))
|
||||
|
||||
poller_path = config['install_dir'] + '/poller.php'
|
||||
|
|
|
@ -192,7 +192,7 @@ if __name__ == '__main__':
|
|||
logger = LNMS.logger_get_logger(LOG_FILE, debug=_DEBUG)
|
||||
|
||||
install_dir = os.path.dirname(os.path.realpath(__file__))
|
||||
LNMS.check_for_file(install_dir + '/config.php')
|
||||
LNMS.check_for_file(install_dir + '/.env')
|
||||
config = json.loads(LNMS.get_config_data(install_dir))
|
||||
|
||||
service_path = config['install_dir'] + '/check-services.php'
|
||||
|
|
|
@ -58,7 +58,12 @@ if (getenv('DBTEST')) {
|
|||
// create testing table if needed
|
||||
$db_config = \config("database.connections.testing");
|
||||
$connection = new PDO("mysql:host={$db_config['host']}", $db_config['username'], $db_config['password']);
|
||||
$connection->query("CREATE DATABASE IF NOT EXISTS {$db_config['database']} CHARACTER SET utf8 COLLATE utf8_unicode_ci");
|
||||
$result = $connection->query("CREATE DATABASE IF NOT EXISTS {$db_config['database']} CHARACTER SET utf8 COLLATE utf8_unicode_ci");
|
||||
if ($connection->errorCode() == '42000') {
|
||||
echo implode(' ', $connection->errorInfo()) . PHP_EOL;
|
||||
echo "Either create database {$db_config['database']} or populate DB_TEST_USERNAME and DB_TEST_PASSWORD in your .env with credentials that can" . PHP_EOL;
|
||||
exit(1);
|
||||
}
|
||||
unset($connection); // close connection
|
||||
|
||||
// sqlite db file
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
<?php
|
||||
|
||||
## Have a look in misc/config_definitions.json for examples of settings you can set here. DO NOT EDIT misc/config_definitions.json!
|
||||
|
||||
### Database config
|
||||
$config['db_host'] = '127.0.0.1';
|
||||
$config['db_user'] = 'root';
|
||||
$config['db_pass'] = '';
|
||||
$config['db_name'] = 'librenms_phpunit_78hunjuybybh';
|
||||
|
||||
// This is the user LibreNMS will run as
|
||||
//Please ensure this user is created and has the correct permissions to your install
|
||||
$config['user'] = 'librenms';
|
||||
|
||||
### This should *only* be set if you want to *force* a particular hostname/port
|
||||
### It will prevent the web interface being usable form any other hostname
|
||||
$config['base_url'] = "/";
|
||||
|
||||
### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir
|
||||
### and that your web server has permission to talk to rrdcached.
|
||||
#$config['rrdcached'] = "unix:/var/run/rrdcached.sock";
|
||||
|
||||
### Default community
|
||||
$config['snmp']['community'] = array("public");
|
||||
|
||||
### Authentication Model
|
||||
$config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth
|
||||
#$config['http_auth_guest'] = "guest"; # remember to configure this user if you use http-auth
|
||||
|
||||
### List of RFC1918 networks to allow scanning-based discovery
|
||||
#$config['nets'][] = "10.0.0.0/8";
|
||||
#$config['nets'][] = "172.16.0.0/12";
|
||||
#$config['nets'][] = "192.168.0.0/16";
|
||||
|
||||
# Uncomment the next line to disable daily updates
|
||||
#$config['update'] = 0;
|
||||
|
||||
# Number in days of how long to keep old rrd files. 0 disables this feature
|
||||
$config['rrd_purge'] = 0;
|
||||
|
||||
# Uncomment to submit callback stats via proxy
|
||||
#$config['callback_proxy'] = "hostname:port";
|
||||
|
||||
# Enable the in-built billing extension
|
||||
$config['enable_billing'] = 1;
|
||||
|
||||
# Enable the in-built services support (Nagios plugins)
|
||||
$config['show_services'] = 1;
|
|
@ -75,7 +75,7 @@ register_shutdown_function(function () {
|
|||
if (!$precheck_complete) {
|
||||
// use this in case composer autoloader isn't available
|
||||
spl_autoload_register(function ($class) {
|
||||
include str_replace('\\', '/', $class) . '.php';
|
||||
@include str_replace('\\', '/', $class) . '.php';
|
||||
});
|
||||
print_header(version_info());
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue