Skip to content
Snippets Groups Projects
Commit 26c860ae authored by root's avatar root
Browse files

update configure script

parent 70f89f30
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
access.ips
+ 6
8
View file @ 26c860ae
# These are IP addresses and Networks that will be used to build access lists for services
# Nework 172.22.0.0/16 is internal network of the docker. if you want the services to be accessible from other/external networks you will need to put coresponding network address to each and every service you want to be accessible from this networks
# For example 0.0.0.0/0 enables access from whole IPv4 internet and ::/0 enables access from whole IPv6
### HAProxy Stats - Start ### ### HAProxy Stats - Start ###
172.22.0.0/16 #172.22.0.0/16
### HAProxy Stats - End ### ### HAProxy Stats - End ###
### Nifi Management - Start ### ### Nifi Management - Start ###
172.22.0.0/16
0.0.0.0/0 0.0.0.0/0
::/0 ::/0
### Nifi Management - End ### ### Nifi Management - End ###
### Nifi ports - Start ### ### Nifi ports - Start ###
172.22.0.0/16
0.0.0.0/0 0.0.0.0/0
::/0 ::/0
### Nifi ports - End ### ### Nifi ports - End ###
### ODFE - Start ### ### ODFE - Start ###
172.22.0.0/16 #172.22.0.0/16
### ODFE - End ### ### ODFE - End ###
### KeyCloak - Start ### ### KeyCloak - Start ###
172.22.0.0/16
0.0.0.0/0 0.0.0.0/0
::/0 ::/0
### KeyCloak - End ### ### KeyCloak - End ###
### TheHive - Start ### ### TheHive - Start ###
172.22.0.0/16
0.0.0.0/0 0.0.0.0/0
::/0 ::/0
### TheHive - End ### ### TheHive - End ###
### Cortex - Start ### ### Cortex - Start ###
172.22.0.0/16
0.0.0.0/0 0.0.0.0/0
::/0 ::/0
### Cortex - End ### ### Cortex - End ###
### MISP - Start ### ### MISP - Start ###
172.22.0.0/16
0.0.0.0/0 0.0.0.0/0
::/0 ::/0
### MISP - End ### ### MISP - End ###
......
configure.sh
+ 13
14
View file @ 26c860ae
#!/bin/bash #!/bin/bash
set -e set -e
clear
wait () { wait () {
secs=${1} secs=${1}
...@@ -10,13 +11,15 @@ wait () { ...@@ -10,13 +11,15 @@ wait () {
done done
} }
echo "By default, all services except HAProxy stats and ODFE are public! Do you want to modify accesses to the services?" echo "By default, all services except HAProxy stats and ODFE are public!"
echo "The configuration file: access.ips is used to configure external access to the services"
echo "Do you want to modify/edit this file now?"
read -p "(yes|no) [no] : " MODIFY read -p "(yes|no) [no] : " MODIFY
MODIFY=${MODIFY:-no} MODIFY=${MODIFY:-no}
case $MODIFY in case $MODIFY in
yes|Yes|YES ) yes|Yes|YES )
echo modify echo modify
echo "please enter(command) which editor want to use for modification(it should be installed already and you should be able to use it)" echo "please enter(command) which editor you want to use for editing this file"
read -p "[vi] : " EDITOR read -p "[vi] : " EDITOR
EDITOR=${EDITOR:-vi} EDITOR=${EDITOR:-vi}
if [[ ( $EDITOR = "vi" ) || $EDITOR = "vim" ]]; then if [[ ( $EDITOR = "vi" ) || $EDITOR = "vim" ]]; then
...@@ -26,7 +29,7 @@ case $MODIFY in ...@@ -26,7 +29,7 @@ case $MODIFY in
echo -e "\t 2. modify file based on your needs" echo -e "\t 2. modify file based on your needs"
echo -e "\t 3. to save changes use followng sequence: 'Esc : wq' and press enter" echo -e "\t 3. to save changes use followng sequence: 'Esc : wq' and press enter"
echo "to discurd changes, use: 'Esc : q!' and press enter" echo "to discurd changes, use: 'Esc : q!' and press enter"
wait 15 read -p "press enter to continue ..." CONTINUE
$EDITOR access.ips $EDITOR access.ips
else else
echo "$EDITOR not found. install it and start over" echo "$EDITOR not found. install it and start over"
...@@ -46,7 +49,6 @@ case $MODIFY in ...@@ -46,7 +49,6 @@ case $MODIFY in
;; ;;
* ) * )
echo "Unknown answer, not modifing access rules!" echo "Unknown answer, not modifing access rules!"
wait 5
;; ;;
esac esac
...@@ -56,7 +58,7 @@ if [ $? -gt 0 ]; then ...@@ -56,7 +58,7 @@ if [ $? -gt 0 ]; then
exit 1 exit 1
else else
echo "access restrictions configured successfully" echo "access restrictions configured successfully"
wait 5 echo ""
fi fi
...@@ -65,11 +67,8 @@ if [ -f group_vars/all/variables.yml ]; then ...@@ -65,11 +67,8 @@ if [ -f group_vars/all/variables.yml ]; then
cat group_vars/all/variables.yml cat group_vars/all/variables.yml
else else
echo "set FQDN which will be used to access the soctools services. (the DNS record should already be in place.)" echo "set FQDN which will be used to access the soctools services. (the DNS record should already be in place.)"
read -p 'soctoolsproxy: ' soctoolsproxy read -p "[$(hostname -f)]: " soctoolsproxy
if [ -z $soctoolsproxy ]; then soctoolsproxy=${soctoolsproxy:-$(hostname -f)}
echo "Error: Empty string for soctoolsproxy! exiting..."
exit 1
fi
echo echo
echo "Organization's top level domain (will be used as organization name and organization domain in different services)" echo "Organization's top level domain (will be used as organization name and organization domain in different services)"
read -p 'domain: ' domain read -p 'domain: ' domain
...@@ -87,7 +86,8 @@ else ...@@ -87,7 +86,8 @@ else
echo "DN - Distinguished Name of the user, for user certificate" echo "DN - Distinguished Name of the user, for user certificate"
echo "CN - Common Name of the user, for user certificate" echo "CN - Common Name of the user, for user certificate"
echo "Email will be generated automatically in Username@Domain format becouse of format restrictions in some services" echo "Email will be generated automatically in Username@Domain format becouse of format restrictions in some services"
wait 10 echo ""
echo ""
for i in firstname lastname username; do for i in firstname lastname username; do
read -p "${i}: " $i read -p "${i}: " $i
if [ -z $i ]; then if [ -z $i ]; then
...@@ -101,7 +101,6 @@ else ...@@ -101,7 +101,6 @@ else
echo echo
echo echo
echo echo
wait 2
echo "Please check the gethered variables and type 'yes' if everything is correct: " echo "Please check the gethered variables and type 'yes' if everything is correct: "
echo "soctoolsproxy: $soctoolsproxy" echo "soctoolsproxy: $soctoolsproxy"
echo "domain: $domain" echo "domain: $domain"
...@@ -112,7 +111,6 @@ else ...@@ -112,7 +111,6 @@ else
echo "CN: $CN" echo "CN: $CN"
echo echo
echo echo
wait 10
read -p "Correct? type 'yes' or 'no': " ANSWER read -p "Correct? type 'yes' or 'no': " ANSWER
if [ $ANSWER = "yes" ]; then if [ $ANSWER = "yes" ]; then
if ! [ -f group_vars/all/variables.template ]; then if ! [ -f group_vars/all/variables.template ]; then
...@@ -132,7 +130,8 @@ else ...@@ -132,7 +130,8 @@ else
echo echo
echo echo
echo "variables file generated (group_vars/all/variables.yml)" echo "variables file generated (group_vars/all/variables.yml)"
wait 2 echo "We have configured for you following config files: access.ips, group_vars/all/variables.yml and we have also generated HAProxy Access Control Lists in the following directory: roles/haproxy/files"
echo ""
echo "move to next command to deploy the soctools cluster." echo "move to next command to deploy the soctools cluster."
echo 'Thank You!' echo 'Thank You!'
fi fi
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment