paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove reporting user and configuration

Browse Source
This commit is contained in:
sadnub
2023-10-15 12:24:50 -04:00
parent f78a787adb
commit cd25a9568b
4 changed files with 0 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.devcontainer/entrypoint.sh
View File

@@ -114,7 +114,6 @@ EOF
"${VIRTUAL_ENV}"/bin/python manage.py load_community_scripts "${VIRTUAL_ENV}"/bin/python manage.py load_community_scripts
"${VIRTUAL_ENV}"/bin/python manage.py reload_nats "${VIRTUAL_ENV}"/bin/python manage.py reload_nats
"${VIRTUAL_ENV}"/bin/python manage.py create_natsapi_conf "${VIRTUAL_ENV}"/bin/python manage.py create_natsapi_conf
"${VIRTUAL_ENV}"/bin/python manage.py setup_reporting_permissions
"${VIRTUAL_ENV}"/bin/python manage.py create_installer_user "${VIRTUAL_ENV}"/bin/python manage.py create_installer_user
"${VIRTUAL_ENV}"/bin/python manage.py post_update_tasks "${VIRTUAL_ENV}"/bin/python manage.py post_update_tasks

53
api/tacticalrmm/ee/reporting/management/commands/setup_reporting_permissions.py
View File

@@ -1,53 +0,0 @@
"""
Copyright (c) 2023-present Amidaware Inc.
This file is subject to the EE License Agreement.
For details, see: https://license.tacticalrmm.com/ee
"""
from django.conf import settings as djangosettings
from django.core.management.base import BaseCommand
from psycopg import connect
from ...constants import REPORTING_MODELS
class Command(BaseCommand):
help = "Setup reporting user and permissions"
def handle(self, *args, **kwargs) -> None:
try:
trmm_db_conn = djangosettings.DATABASES["default"]
trmm_reporting_conn = djangosettings.DATABASES["reporting"]
conn = connect(
dbname=trmm_db_conn["NAME"], # type: ignore
user=trmm_db_conn["USER"], # type: ignore
host=trmm_db_conn["HOST"], # type: ignore
password=trmm_db_conn["PASSWORD"], # type: ignore
port=trmm_db_conn["PORT"], # type: ignore
)
cursor = conn.cursor()
sql_commands = """"""
# need to create reporting user
if djangosettings.DOCKER_BUILD:
try:
cursor.execute(
f"""CREATE USER {trmm_reporting_conn["USER"]} WITH PASSWORD '{trmm_reporting_conn["PASSWORD"]}';"""
)
conn.commit()
except Exception as error:
cursor.execute("ROLLBACK")
conn.commit()
self.stderr.write(str(error))
sql_commands += f"""GRANT CONNECT ON DATABASE {trmm_db_conn["NAME"]} TO {trmm_reporting_conn["USER"]};
GRANT USAGE ON SCHEMA public TO {trmm_reporting_conn["USER"]};"""
for model, app in REPORTING_MODELS:
sql_commands += f"""GRANT SELECT ON {app}_{model.lower()} TO {trmm_reporting_conn["USER"]};\n""" # type: ignore
cursor.execute(sql_commands)
cursor.execute("COMMIT")
cursor.close()
conn.close()
except Exception as error:
self.stderr.write(str(error))

19
install.sh
View File

@@ -114,8 +114,6 @@ ADMINURL=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 70 | head -n 1)
MESHPASSWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 25 | head -n 1) MESHPASSWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 25 | head -n 1)
pgusername=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1) pgusername=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1)
pgpw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) pgpw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
pgreportingusername=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1)
pgreportingpw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
meshusername=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1) meshusername=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1)
MESHPGUSER=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1) MESHPGUSER=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1)
MESHPGPWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) MESHPGPWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
@@ -334,11 +332,6 @@ sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE meshcentral TO ${MESH
sudo -u postgres psql -c "ALTER DATABASE meshcentral OWNER TO ${MESHPGUSER}" sudo -u postgres psql -c "ALTER DATABASE meshcentral OWNER TO ${MESHPGUSER}"
sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${MESHPGUSER}" sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${MESHPGUSER}"
print_green 'Creating reporting user'
sudo -u postgres psql -c "CREATE USER ${pgreportingusername} WITH PASSWORD '${pgreportingpw}'"
sudo -u postgres psql -c "GRANT CONNECT ON DATABASE tacticalrmm TO ${pgreportingusername}"
sudo -u postgres psql -c "GRANT USAGE ON SCHEMA public TO ${pgreportingusername}"
print_green 'Cloning repos' print_green 'Cloning repos'
sudo mkdir /rmm sudo mkdir /rmm
@@ -467,17 +460,6 @@ DATABASES = {
'PASSWORD': '${pgpw}', 'PASSWORD': '${pgpw}',
'HOST': 'localhost', 'HOST': 'localhost',
'PORT': '5432', 'PORT': '5432',
},
'reporting': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'tacticalrmm',
'USER': '${pgreportingusername}',
'PASSWORD': '${pgreportingpw}',
'HOST': 'localhost',
'PORT': '5432',
'OPTIONS': {
'options': '-c default_transaction_read_only=on'
}
} }
} }
@@ -526,7 +508,6 @@ python manage.py create_natsapi_conf
python manage.py create_uwsgi_conf python manage.py create_uwsgi_conf
python manage.py load_chocos python manage.py load_chocos
python manage.py load_community_scripts python manage.py load_community_scripts
python manage.py setup_reporting_permissions
WEB_VERSION=$(python manage.py get_config webversion) WEB_VERSION=$(python manage.py get_config webversion)
printf >&2 "${YELLOW}%0.s*${NC}" {1..80} printf >&2 "${YELLOW}%0.s*${NC}" {1..80}
printf >&2 "\n" printf >&2 "\n"

30
update.sh
View File

@@ -347,35 +347,6 @@ nats_api='/usr/local/bin/nats-api'
sudo cp /rmm/natsapi/bin/${natsapi} $nats_api sudo cp /rmm/natsapi/bin/${natsapi} $nats_api
sudo chown ${USER}:${USER} $nats_api sudo chown ${USER}:${USER} $nats_api
sudo chmod +x $nats_api sudo chmod +x $nats_api
echo 'Checking for reporting connection'
CHECK_REPORTING_DB_CONNECTION=$(grep 'reporting' /rmm/api/tacticalrmm/tacticalrmm/local_settings.py)
if ! [[ $CHECK_REPORTING_DB_CONNECTION ]]; then
pgreportingusername=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1)
pgreportingpw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
echo 'Creating reporting user'
sudo -u postgres psql -c "CREATE USER ${pgreportingusername} WITH PASSWORD '${pgreportingpw}'"
sudo -u postgres psql -c "GRANT CONNECT ON DATABASE tacticalrmm TO ${pgreportingusername}"
sudo -u postgres psql -c "GRANT USAGE ON SCHEMA public TO ${pgreportingusername}"
echo 'Creating reporting connection'
reportingconnection="$(
cat <<EOF
DATABASES['reporting'] = {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'tacticalrmm',
'USER': '${pgreportingusername}',
'PASSWORD': '${pgreportingpw}',
'HOST': 'localhost',
'PORT': '5432',
'OPTIONS': {
'options': '-c default_transaction_read_only=on'
}
}
EOF
)"
echo "${reportingconnection}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py >/dev/null
fi
if [[ "${CURRENT_PIP_VER}" != "${LATEST_PIP_VER}" ]] || [[ "$force" = true ]]; then if [[ "${CURRENT_PIP_VER}" != "${LATEST_PIP_VER}" ]] || [[ "$force" = true ]]; then
rm -rf /rmm/api/env rm -rf /rmm/api/env
@@ -414,7 +385,6 @@ python manage.py create_installer_user
python manage.py create_natsapi_conf python manage.py create_natsapi_conf
python manage.py create_uwsgi_conf python manage.py create_uwsgi_conf
python manage.py clear_redis_celery_locks python manage.py clear_redis_celery_locks
python manage.py setup_reporting_permissions
python manage.py post_update_tasks python manage.py post_update_tasks
API=$(python manage.py get_config api) API=$(python manage.py get_config api)
WEB_VERSION=$(python manage.py get_config webversion) WEB_VERSION=$(python manage.py get_config webversion)