Merge pull request #104 from crowdsecurity/fix_upgrade_process_pkg

Generate API key when upgrade also
crowdsecurity · Jun 20, 2022 · 4813a91 · 4813a91
2 parents 5af435b + 5c1a2ab
commit 4813a91
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 37 deletions.
diff --git a/debian/postinst b/debian/postinst
@@ -4,37 +4,42 @@ systemctl daemon-reload
 
 START=0
 
-if [ "$1" = "configure" ] && [ "$2" = "" ]; then
+if [ "$1" = "configure" ]; then
 
  type cscli
 
  if [ "$?" -eq "0" ] ; then
- START=1
- echo "cscli/crowdsec is present, generating API key"
- unique=`date +%s`
- API_KEY=`cscli -oraw bouncers add CloudflareBouncer-${unique}`
- if [ $? -eq 1 ] ; then
- echo "failed to create API token, service won't be started."
- START=0
- API_KEY="<API_KEY>"
+ must_generate=$(grep -s '${API_KEY}' /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml | wc -l)
+ if [ "$must_generate" -eq "1" ] ; then
+ START=1
+ echo "cscli/crowdsec is present, generating API key"
+ unique=`date +%s`
+ API_KEY=`cscli -oraw bouncers add CloudflareBouncer-${unique}`
+ if [ $? -eq 1 ] ; then
+ echo "failed to create API token, service won't be started."
+ START=0
+ API_KEY='${API_KEY}'
+ else
+ echo "API Key : ${API_KEY}"
+ fi
+
+ TMP=`mktemp -p /tmp/`
+ cp /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml ${TMP}
+ API_KEY=${API_KEY} envsubst < ${TMP} > /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml
+ rm ${TMP}
  else
- echo "API Key : ${API_KEY}"
+ echo "Not generating API key because already present"
  fi
-
- TMP=`mktemp -p /tmp/`
- cp /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml ${TMP}
- API_KEY=${API_KEY} envsubst < ${TMP} > /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml
- rm ${TMP}
  fi
 else
  START=1
 fi
 
 
-echo "If this is fresh install or you've installed the package maintainer's version of configuration"
-echo "Please configure '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'."
-echo "Configuration can be autogenerated using crowdsec-cloudflare-bouncer -g <CF_TOKEN_1>,<CF_TOKEN_2> -o /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml"
-echo "After configuration run the command 'systemctl start crowdsec-cloudflare-bouncer.service' to start the bouncer"
+echo "If this is fresh install or you've installed the package maintainer's version of configuration, please configure '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'."
+echo "Configuration can be autogenerated using 'sudo crowdsec-cloudflare-bouncer -g <CF_TOKEN_1>,<CF_TOKEN_2> -o /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'."
+echo "After configuration run the command 'sudo systemctl start crowdsec-cloudflare-bouncer.service' to start the bouncer"
+echo "Don't forget to (re)generate CrowdSec API key if it is installed on another server or/and if you have upgraded and installed the package maintainer's version."
 
 if [ ${START} -eq 0 ] ; then
  echo "no api key was generated, you can generate one on your LAPI Server by running 'cscli bouncers add <bouncer_name>' and add it to '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'"

diff --git a/rpm/SPECS/crowdsec-cloudflare-bouncer.spec b/rpm/SPECS/crowdsec-cloudflare-bouncer.spec
@@ -57,32 +57,44 @@ START=0
 
 systemctl is-active --quiet crowdsec
 
-if [ "$?" -eq "0" ] ; then
- START=1
- echo "cscli/crowdsec is present, generating API key"
- unique=`date +%s`
- API_KEY=`sudo cscli -oraw bouncers add cloudflareBouncer-${unique}`
- if [ $? -eq 1 ] ; then
- echo "failed to create API token, service won't be started."
- START=0
- API_KEY="<API_KEY>"
- else
- echo "API Key : ${API_KEY}"
+if [ "$1" == "1" ] ; then
+ type cscli > /dev/null
+ if [ "$?" -eq "0" ] ; then
+ must_generate=$(grep -s '${API_KEY}' /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml | wc -l)
+ if [ "$must_generate" -eq "1" ] ; then
+ START=1
+ echo "cscli/crowdsec is present, generating API key"
+ unique=`date +%s`
+ API_KEY=`sudo cscli -oraw bouncers add cloudflareBouncer-${unique}`
+ if [ $? -eq 1 ] ; then
+ echo "failed to create API token, service won't be started."
+ START=0
+ API_KEY="<API_KEY>"
+ else
+ echo "API Key : ${API_KEY}"
+ fi
+ TMP=`mktemp -p /tmp/`
+ cp /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml ${TMP}
+ API_KEY=${API_KEY} envsubst < ${TMP} > /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml
+ rm ${TMP}
+ else
+ echo "Not generating API key because already present"
+ fi
  fi
+else
+ START=1
 fi
 
-TMP=`mktemp -p /tmp/`
-cp /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml ${TMP}
-API_KEY=${API_KEY} envsubst < ${TMP} > /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml
-rm ${TMP}
+
+echo "If this is fresh install or you've installed the package maintainer's version of configuration, please configure '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'."
+echo "Configuration can be autogenerated using 'sudo crowdsec-cloudflare-bouncer -g <CF_TOKEN_1>,<CF_TOKEN_2> -o /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'."
+echo "After configuration run the command 'sudo systemctl start crowdsec-cloudflare-bouncer.service' to start the bouncer"
+echo "Don't forget to (re)generate CrowdSec API key if it is installed on another server or/and if you have upgraded and installed the package maintainer's version."
 
 if [ ${START} -eq 0 ] ; then
  echo "no api key was generated, you can generate one on your LAPI Server by running 'cscli bouncers add <bouncer_name>' and add it to '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml'"
 fi
 
-echo "please enter your Cloudflare account ID and Token path in '/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml' and start the bouncer via 'sudo systemctl start crowdsec-cloudflare-bouncer' "
-
-
 
 %changelog
 * Fri Sep 10 2021 Kevin Kadosh <kevin@crowdsec.net>