From 2af1cf8a45620f10cc031c11a6976191bafdc9aa Mon Sep 17 00:00:00 2001 From: MDalprato Date: Mon, 23 Feb 2026 09:55:12 +0100 Subject: [PATCH 01/27] Refactor RabbitMQ configuration to use environment variables for user and password --- .../composes/gdrive_recording/env.sample | 6 +++-- .../composes/gdrive_snapshot/env.sample | 4 +++- .../composes/server/docker-compose.yaml | 22 +++++++++---------- installer_docker/installer.sh | 14 +++++++++--- installer_docker/installer_original.sh | 12 +++++++--- .../milesight/installer_milesight.sh | 12 +++++++--- installer_docker/recreate_env_file.sh | 9 ++++++++ installer_docker/uss_restore.sh | 6 ++++- 8 files changed, 61 insertions(+), 24 deletions(-) diff --git a/installer_docker/composes/gdrive_recording/env.sample b/installer_docker/composes/gdrive_recording/env.sample index 8d1bd0c..69244ad 100644 --- a/installer_docker/composes/gdrive_recording/env.sample +++ b/installer_docker/composes/gdrive_recording/env.sample @@ -1,9 +1,11 @@ PROCESS_NAME=google_drive_test -RMQ=amqp://hypernode:hypernode@127.0.0.1:5672 +RABBITMQ_DEFAULT_USER=hypernode +RABBITMQ_DEFAULT_PASS=hypernode +RMQ=amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@127.0.0.1:5672 DB_PORT=27017 GRI=ws://127.0.0.1:8181 RCLONE_CONFIG_BASE64=##### GDRIVE_REMOTE=gdrive GDRIVE_PATH=HYPERNODE RECORDING_DISK_SPACE=17000000 -RECORDING_PATH=/recording_files \ No newline at end of file +RECORDING_PATH=/recording_files diff --git a/installer_docker/composes/gdrive_snapshot/env.sample b/installer_docker/composes/gdrive_snapshot/env.sample index 6db0839..d2b9780 100644 --- a/installer_docker/composes/gdrive_snapshot/env.sample +++ b/installer_docker/composes/gdrive_snapshot/env.sample @@ -1,5 +1,7 @@ PROCESS_NAME=google_drive_test -RMQ=amqp://hypernode:hypernode@127.0.0.1:5672 +RABBITMQ_DEFAULT_USER=hypernode +RABBITMQ_DEFAULT_PASS=hypernode +RMQ=amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@127.0.0.1:5672 DB_PORT=27017 GRI=ws://127.0.0.1:8181 RCLONE_CONFIG_BASE64=#### diff --git a/installer_docker/composes/server/docker-compose.yaml b/installer_docker/composes/server/docker-compose.yaml index c5b1b45..d4ce424 100644 --- a/installer_docker/composes/server/docker-compose.yaml +++ b/installer_docker/composes/server/docker-compose.yaml @@ -5,8 +5,8 @@ services: networks: - hypernode-net environment: - RABBITMQ_DEFAULT_USER: hypernode - RABBITMQ_DEFAULT_PASS: hypernode + RABBITMQ_DEFAULT_USER: ${RABBITMQ_DEFAULT_USER:-hypernode} + RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS:-hypernode} volumes: - rabbitmq_data:/var/lib/rabbitmq ports: @@ -30,7 +30,7 @@ services: networks: - hypernode-net environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@messagebroker:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/gateway-db - SERVER_TIMEZONE=${SERVER_TIMEZONE:-Europe/Rome} - SERVER_NAME=${SERVER_NAME:-Hypernode Server} @@ -55,7 +55,7 @@ services: camera: image: artecoglobalcompany/usee_live_streamer:${DOCKER_TAG:-latest} environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@127.0.0.1:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@127.0.0.1:5672 - GATEWAY_URI=ws://127.0.0.1:8181 - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT:-27017}/camera-db - MACHINE=${MACHINE} @@ -74,7 +74,7 @@ services: metadata: image: artecoglobalcompany/usee_metadata_manager:${DOCKER_TAG:-latest} environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@127.0.0.1:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@127.0.0.1:5672 - GATEWAY_URI=ws://127.0.0.1:8181 - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT:-27017}/metadata-db - MACHINE=${MACHINE} @@ -95,7 +95,7 @@ services: networks: - hypernode-net environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@messagebroker:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/coretrust-db - CERT_PATH=/ssl - SERIAL_NUMBER=${SERIAL_NUMBER} @@ -128,7 +128,7 @@ services: # networks: # - hypernode-net # environment: - # - RABBITMQ_URI=amqp://hypernode:hypernode@messagebroker:5672 + # - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 # - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/storage-db # - STORAGE_PATH=/storage_files # - STORAGE_DISK_SPACE=${STORAGE_DISK_SPACE:-10000000} @@ -152,7 +152,7 @@ services: networks: - hypernode-net environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@messagebroker:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/recording-db - GATEWAY_URI=ws://webserver - RECORDING_PATH=/recording_files @@ -178,7 +178,7 @@ services: networks: - hypernode-net environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@messagebroker:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/event-db - MACHINE=${MACHINE} container_name: event @@ -199,7 +199,7 @@ services: networks: - hypernode-net environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@messagebroker:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/auth-db - MACHINE=${MACHINE} container_name: auth @@ -220,7 +220,7 @@ services: networks: - hypernode-net environment: - - RABBITMQ_URI=amqp://hypernode:hypernode@messagebroker:5672 + - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/snapshot-db - GATEWAY_URI=ws://webserver - SNAPSHOT_PATH=/snapshot_files diff --git a/installer_docker/installer.sh b/installer_docker/installer.sh index 899613f..7b9ccfb 100755 --- a/installer_docker/installer.sh +++ b/installer_docker/installer.sh @@ -27,6 +27,8 @@ SSL_PORT=443 DOCKER_TAG="latest" FORCE_INSTALL="false" DB_PORT=27017 +RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" +RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" PROCESS_NAME="--" remote_host="--" @@ -162,6 +164,8 @@ ENV_VARS=( DB_NAME PROCESS_NAME DATABASE_URI + RABBITMQ_DEFAULT_USER + RABBITMQ_DEFAULT_PASS RMQ GRI INSTALL_OPTION @@ -658,6 +662,10 @@ reuseExistingDbPort() { get_config() { + RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" + RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" + export RABBITMQ_DEFAULT_USER + export RABBITMQ_DEFAULT_PASS if [ "$HYPERNODE_ALREADY_INSTALLED" != "true" ]; then @@ -685,7 +693,7 @@ get_config() { # Install the complete suite (Gateway Mode) - RMQ="amqp://hypernode:hypernode@messagebroker:5672" + RMQ="amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@messagebroker:5672" export DB_NAME='uss_database' export RMQ @@ -705,7 +713,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} - export RMQ="amqps://hypernode:hypernode@$remote_host" + export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" printf "\nPROCESS_NAME set as $PROCESS_NAME" @@ -728,7 +736,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} - export RMQ="amqps://hypernode:hypernode@$remote_host" + export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" diff --git a/installer_docker/installer_original.sh b/installer_docker/installer_original.sh index 22da6c4..0786088 100755 --- a/installer_docker/installer_original.sh +++ b/installer_docker/installer_original.sh @@ -25,6 +25,8 @@ SSL_PORT=443 DOCKER_TAG="latest" FORCE_INSTALL="false" DB_PORT=27017 +RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" +RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" PROCESS_NAME="--" remote_host="--" @@ -417,6 +419,10 @@ getFirstDbPortFree() { get_config() { + RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" + RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" + export RABBITMQ_DEFAULT_USER + export RABBITMQ_DEFAULT_PASS if [ "$HYPERNODE_ALREADY_INSTALLED" != "true" ]; then @@ -444,7 +450,7 @@ get_config() { # Install the complete suite (Gateway Mode) - RMQ="amqp://hypernode:hypernode@messagebroker:5672" + RMQ="amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@messagebroker:5672" export DB_NAME='uss_database' export RMQ @@ -464,7 +470,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} - export RMQ="amqps://hypernode:hypernode@$remote_host" + export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" printf "\nPROCESS_NAME set as $PROCESS_NAME" @@ -487,7 +493,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} - export RMQ="amqps://hypernode:hypernode@$remote_host" + export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" diff --git a/installer_docker/milesight/installer_milesight.sh b/installer_docker/milesight/installer_milesight.sh index 62eb126..80b2f97 100755 --- a/installer_docker/milesight/installer_milesight.sh +++ b/installer_docker/milesight/installer_milesight.sh @@ -50,6 +50,8 @@ SSL_PORT=443 DOCKER_TAG="milesight" FORCE_INSTALL="false" DB_PORT=27017 +RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" +RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" PROCESS_NAME="--" remote_host="--" @@ -404,6 +406,10 @@ getFirstDbPortFree() { get_config() { + RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" + RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" + export RABBITMQ_DEFAULT_USER + export RABBITMQ_DEFAULT_PASS if [ "$HYPERNODE_ALREADY_INSTALLED" != "true" ]; then @@ -431,7 +437,7 @@ get_config() { # Install the complete suite (Gateway Mode) - RMQ="amqp://hypernode:hypernode@messagebroker:5672" + RMQ="amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@messagebroker:5672" export DB_NAME='uss_database' export RMQ @@ -451,7 +457,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} - export RMQ="amqps://hypernode:hypernode@$remote_host" + export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" printf "\nPROCESS_NAME set as $PROCESS_NAME" @@ -474,7 +480,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} - export RMQ="amqps://hypernode:hypernode@$remote_host" + export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" diff --git a/installer_docker/recreate_env_file.sh b/installer_docker/recreate_env_file.sh index 13f17be..5372e91 100644 --- a/installer_docker/recreate_env_file.sh +++ b/installer_docker/recreate_env_file.sh @@ -32,6 +32,8 @@ ENV_VARS=( DB_NAME PROCESS_NAME DATABASE_URI + RABBITMQ_DEFAULT_USER + RABBITMQ_DEFAULT_PASS RMQ GRI INSTALL_OPTION @@ -274,6 +276,13 @@ if [[ -n "$GATEWAY_CONTAINER" ]]; then fi fi +if [[ -z "${VALUES[RABBITMQ_DEFAULT_USER]:-}" && -n "${VALUES[RMQ]:-}" ]]; then + if [[ "${VALUES[RMQ]}" =~ ^[^:]+://([^:]+):([^@]+)@ ]]; then + VALUES[RABBITMQ_DEFAULT_USER]="${BASH_REMATCH[1]}" + VALUES[RABBITMQ_DEFAULT_PASS]="${BASH_REMATCH[2]}" + fi +fi + if [[ -n "$CORETRUST_CONTAINER" && -z "${VALUES[DB_PORT]:-}" ]]; then db_uri="$(get_env "$CORETRUST_CONTAINER" "DATABASE_URI")" VALUES[DB_PORT]="$(parse_db_port_from_uri "$db_uri")" diff --git a/installer_docker/uss_restore.sh b/installer_docker/uss_restore.sh index a1be57e..a70809b 100755 --- a/installer_docker/uss_restore.sh +++ b/installer_docker/uss_restore.sh @@ -44,6 +44,8 @@ ENV_VARS=( SNAPSHOT_DISK_SPACE DB_PORT DB_NAME + RABBITMQ_DEFAULT_USER + RABBITMQ_DEFAULT_PASS RMQ ) @@ -340,7 +342,9 @@ prompt_env_vars() { prompt_var "SNAPSHOT_DISK_SPACE" "SNAPSHOT_DISK_SPACE" prompt_var "DB_PORT" "DB_PORT" "27017" prompt_var "DB_NAME" "DB_NAME" "uss_database" - prompt_var "RMQ" "RMQ" "amqp://hypernode:hypernode@messagebroker:5672" + prompt_var "RABBITMQ_DEFAULT_USER" "RABBITMQ_DEFAULT_USER" "hypernode" + prompt_var "RABBITMQ_DEFAULT_PASS" "RABBITMQ_DEFAULT_PASS" "hypernode" "true" + prompt_var "RMQ" "RMQ" "amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@messagebroker:5672" write_env_file } From f53373f4d8db361468d0e06641d1219cdc80ea81 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Mon, 23 Feb 2026 10:00:13 +0100 Subject: [PATCH 02/27] Add database username and password environment variables for MongoDB connections --- .../composes/auth/docker-compose.yaml | 4 +-- .../composes/camera/docker-compose.yaml | 4 +-- .../composes/database/docker-compose.yaml | 3 ++ .../composes/event/docker-compose.yaml | 2 +- .../gdrive_recording/docker-compose.yaml | 4 +-- .../gdrive_snapshot/docker-compose.yaml | 4 +-- .../composes/metadata/docker-compose.yaml | 4 +-- .../composes/recording/docker-compose.yaml | 4 +-- .../composes/server/docker-compose.yaml | 18 +++++------ .../composes/snapshot/docker-compose.yaml | 4 +-- .../composes/storage/docker-compose.yaml | 4 +-- installer_docker/installer.sh | 13 ++++++-- installer_docker/installer_original.sh | 11 +++++-- .../milesight/installer_milesight.sh | 11 +++++-- installer_docker/native_service_update.sh | 6 ++-- installer_docker/recreate_env_file.sh | 32 ++++++++++++++++--- installer_docker/uss_restore.sh | 4 +++ 17 files changed, 93 insertions(+), 39 deletions(-) diff --git a/installer_docker/composes/auth/docker-compose.yaml b/installer_docker/composes/auth/docker-compose.yaml index 45a5f29..5592e8b 100644 --- a/installer_docker/composes/auth/docker-compose.yaml +++ b/installer_docker/composes/auth/docker-compose.yaml @@ -6,7 +6,7 @@ services: image: artecoglobalcompany/usee_id_verifier:${DOCKER_TAG:-latest} environment: - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/auth_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/auth_${PROCESS_NAME}?authSource=admin - SRV_INST_NAME=auth_${PROCESS_NAME} - MACHINE=${MACHINE} container_name: auth_${PROCESS_NAME} @@ -16,4 +16,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/composes/camera/docker-compose.yaml b/installer_docker/composes/camera/docker-compose.yaml index 1745b78..354c829 100644 --- a/installer_docker/composes/camera/docker-compose.yaml +++ b/installer_docker/composes/camera/docker-compose.yaml @@ -7,7 +7,7 @@ services: environment: - RABBITMQ_URI=${RMQ} - GATEWAY_URI=${GRI} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/camera_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/camera_${PROCESS_NAME}?authSource=admin - SRV_INST_NAME=camera_${PROCESS_NAME} - MACHINE=${MACHINE} container_name: camera_${PROCESS_NAME} @@ -17,4 +17,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/composes/database/docker-compose.yaml b/installer_docker/composes/database/docker-compose.yaml index 9aff769..f15fcb3 100644 --- a/installer_docker/composes/database/docker-compose.yaml +++ b/installer_docker/composes/database/docker-compose.yaml @@ -3,6 +3,9 @@ name: local_database_for_${DB_NAME:-uss_database} services: database: image: artecoglobalcompany/usee_database:${DOCKER_TAG:-latest} + environment: + - MONGO_INITDB_ROOT_USERNAME=${DB_USERNAME:-hypernode} + - MONGO_INITDB_ROOT_PASSWORD=${DB_PASSWORD:-hypernode} ports: - "${DB_PORT:-27017}:27017" volumes: diff --git a/installer_docker/composes/event/docker-compose.yaml b/installer_docker/composes/event/docker-compose.yaml index 31a46ad..b20d04e 100644 --- a/installer_docker/composes/event/docker-compose.yaml +++ b/installer_docker/composes/event/docker-compose.yaml @@ -6,7 +6,7 @@ services: image: artecoglobalcompany/usee_event_manager:${DOCKER_TAG:-latest} environment: - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/event_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/event_${PROCESS_NAME}?authSource=admin - SRV_INST_NAME=event_${PROCESS_NAME} - MACHINE=${MACHINE} container_name: event_${PROCESS_NAME} diff --git a/installer_docker/composes/gdrive_recording/docker-compose.yaml b/installer_docker/composes/gdrive_recording/docker-compose.yaml index d32d2c9..db0079e 100644 --- a/installer_docker/composes/gdrive_recording/docker-compose.yaml +++ b/installer_docker/composes/gdrive_recording/docker-compose.yaml @@ -22,7 +22,7 @@ services: - MOUNT_PATH=/recording_files - RCLONE_CACHE_DIR=/dev/shm/rclone-cache - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/gdrive_recording_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/gdrive_recording_${PROCESS_NAME}?authSource=admin - GATEWAY_URI=${GRI} - SRV_INST_NAME=gdrive_recording_${PROCESS_NAME} - RECORDING_DISK_SPACE=${RECORDING_DISK_SPACE:-10000000} @@ -34,4 +34,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/composes/gdrive_snapshot/docker-compose.yaml b/installer_docker/composes/gdrive_snapshot/docker-compose.yaml index 9e51732..a1a82ea 100644 --- a/installer_docker/composes/gdrive_snapshot/docker-compose.yaml +++ b/installer_docker/composes/gdrive_snapshot/docker-compose.yaml @@ -22,7 +22,7 @@ services: - MOUNT_PATH=/snapshot_files - RCLONE_CACHE_DIR=/dev/shm/rclone-cache - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/gdrive_snapshot_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/gdrive_snapshot_${PROCESS_NAME}?authSource=admin - GATEWAY_URI=${GRI} - SRV_INST_NAME=gdrive_snapshot_${PROCESS_NAME} - SNAPSHOT_DISK_SPACE=${SNAPSHOT_DISK_SPACE:-10000000} @@ -34,4 +34,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/composes/metadata/docker-compose.yaml b/installer_docker/composes/metadata/docker-compose.yaml index 83f759f..97e3f79 100644 --- a/installer_docker/composes/metadata/docker-compose.yaml +++ b/installer_docker/composes/metadata/docker-compose.yaml @@ -7,7 +7,7 @@ services: environment: - RABBITMQ_URI=${RMQ} - GATEWAY_URI=${GRI} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/metadata_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/metadata_${PROCESS_NAME}?authSource=admin - SRV_INST_NAME=metadata_${PROCESS_NAME} - MACHINE=${MACHINE} container_name: metadata_${PROCESS_NAME} @@ -17,4 +17,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/composes/recording/docker-compose.yaml b/installer_docker/composes/recording/docker-compose.yaml index 283ef3e..66e7adc 100644 --- a/installer_docker/composes/recording/docker-compose.yaml +++ b/installer_docker/composes/recording/docker-compose.yaml @@ -5,7 +5,7 @@ services: image: artecoglobalcompany/usee_media_recorder:${DOCKER_TAG:-latest} environment: - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/recording_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/recording_${PROCESS_NAME}?authSource=admin - SRV_INST_NAME=recording_${PROCESS_NAME} - RECORDING_PATH=/recording_files - GATEWAY_URI=${GRI} @@ -20,4 +20,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/composes/server/docker-compose.yaml b/installer_docker/composes/server/docker-compose.yaml index d4ce424..6feead5 100644 --- a/installer_docker/composes/server/docker-compose.yaml +++ b/installer_docker/composes/server/docker-compose.yaml @@ -31,7 +31,7 @@ services: - hypernode-net environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/gateway-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/gateway-db?authSource=admin - SERVER_TIMEZONE=${SERVER_TIMEZONE:-Europe/Rome} - SERVER_NAME=${SERVER_NAME:-Hypernode Server} - MACHINE=${MACHINE} @@ -57,7 +57,7 @@ services: environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@127.0.0.1:5672 - GATEWAY_URI=ws://127.0.0.1:8181 - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT:-27017}/camera-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT:-27017}/camera-db?authSource=admin - MACHINE=${MACHINE} container_name: camera restart: unless-stopped @@ -76,7 +76,7 @@ services: environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@127.0.0.1:5672 - GATEWAY_URI=ws://127.0.0.1:8181 - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT:-27017}/metadata-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT:-27017}/metadata-db?authSource=admin - MACHINE=${MACHINE} container_name: metadata restart: unless-stopped @@ -96,7 +96,7 @@ services: - hypernode-net environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/coretrust-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/coretrust-db?authSource=admin - CERT_PATH=/ssl - SERIAL_NUMBER=${SERIAL_NUMBER} - ARTECO_GLOBAL_EMAIL=${ARTECO_GLOBAL_EMAIL} @@ -129,7 +129,7 @@ services: # - hypernode-net # environment: # - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - # - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/storage-db + # - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/storage-db?authSource=admin # - STORAGE_PATH=/storage_files # - STORAGE_DISK_SPACE=${STORAGE_DISK_SPACE:-10000000} # container_name: storage @@ -153,7 +153,7 @@ services: - hypernode-net environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/recording-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/recording-db?authSource=admin - GATEWAY_URI=ws://webserver - RECORDING_PATH=/recording_files - RECORDING_DISK_SPACE=${RECORDING_DISK_SPACE:-10000000} @@ -179,7 +179,7 @@ services: - hypernode-net environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/event-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/event-db?authSource=admin - MACHINE=${MACHINE} container_name: event restart: unless-stopped @@ -200,7 +200,7 @@ services: - hypernode-net environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/auth-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/auth-db?authSource=admin - MACHINE=${MACHINE} container_name: auth restart: unless-stopped @@ -221,7 +221,7 @@ services: - hypernode-net environment: - RABBITMQ_URI=amqp://${RABBITMQ_DEFAULT_USER:-hypernode}:${RABBITMQ_DEFAULT_PASS:-hypernode}@messagebroker:5672 - - DATABASE_URI=mongodb://host.docker.internal:${DB_PORT:-27017}/snapshot-db + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/snapshot-db?authSource=admin - GATEWAY_URI=ws://webserver - SNAPSHOT_PATH=/snapshot_files - SNAPSHOT_DISK_SPACE=${SNAPSHOT_DISK_SPACE:-10000000} diff --git a/installer_docker/composes/snapshot/docker-compose.yaml b/installer_docker/composes/snapshot/docker-compose.yaml index e1577ad..e56dfbc 100644 --- a/installer_docker/composes/snapshot/docker-compose.yaml +++ b/installer_docker/composes/snapshot/docker-compose.yaml @@ -5,7 +5,7 @@ services: image: artecoglobalcompany/usee_snapshot_recorder:${DOCKER_TAG:-latest} environment: - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/snapshot_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/snapshot_${PROCESS_NAME}?authSource=admin - SNAPSHOT_PATH=/snapshot_files - GATEWAY_URI=${GRI} - SRV_INST_NAME=snapshot_${PROCESS_NAME} @@ -20,4 +20,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/composes/storage/docker-compose.yaml b/installer_docker/composes/storage/docker-compose.yaml index d412559..97143d0 100644 --- a/installer_docker/composes/storage/docker-compose.yaml +++ b/installer_docker/composes/storage/docker-compose.yaml @@ -5,7 +5,7 @@ services: image: artecoglobalcompany/usee_media_storage:${DOCKER_TAG:-latest} environment: - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://127.0.0.1:${DB_PORT}/storage_${PROCESS_NAME} + - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/storage_${PROCESS_NAME}?authSource=admin - SRV_INST_NAME=storage_${PROCESS_NAME} - STORAGE_PATH=/storage_files - STORAGE_DISK_SPACE=${STORAGE_DISK_SPACE:-10000000} @@ -19,4 +19,4 @@ services: driver: "json-file" options: max-size: "10m" - max-file: "5" \ No newline at end of file + max-file: "5" diff --git a/installer_docker/installer.sh b/installer_docker/installer.sh index 7b9ccfb..d394e01 100755 --- a/installer_docker/installer.sh +++ b/installer_docker/installer.sh @@ -27,6 +27,8 @@ SSL_PORT=443 DOCKER_TAG="latest" FORCE_INSTALL="false" DB_PORT=27017 +DB_USERNAME="${DB_USERNAME:-hypernode}" +DB_PASSWORD="${DB_PASSWORD:-hypernode}" RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" @@ -160,6 +162,8 @@ ENV_VARS=( STORAGE_DISK_SPACE SNAPSHOT_PATH SNAPSHOT_DISK_SPACE + DB_USERNAME + DB_PASSWORD DB_PORT DB_NAME PROCESS_NAME @@ -662,6 +666,11 @@ reuseExistingDbPort() { get_config() { + DB_USERNAME="${DB_USERNAME:-hypernode}" + DB_PASSWORD="${DB_PASSWORD:-hypernode}" + export DB_USERNAME + export DB_PASSWORD + RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" export RABBITMQ_DEFAULT_USER @@ -712,7 +721,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} - export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} + export DATABASE_URI=mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_NAME}:27017/${PROCESS_NAME}?authSource=admin export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" @@ -735,7 +744,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} - export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} + export DATABASE_URI=mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_NAME}:27017/${PROCESS_NAME}?authSource=admin export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" diff --git a/installer_docker/installer_original.sh b/installer_docker/installer_original.sh index 0786088..46f202f 100755 --- a/installer_docker/installer_original.sh +++ b/installer_docker/installer_original.sh @@ -25,6 +25,8 @@ SSL_PORT=443 DOCKER_TAG="latest" FORCE_INSTALL="false" DB_PORT=27017 +DB_USERNAME="${DB_USERNAME:-hypernode}" +DB_PASSWORD="${DB_PASSWORD:-hypernode}" RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" @@ -419,6 +421,11 @@ getFirstDbPortFree() { get_config() { + DB_USERNAME="${DB_USERNAME:-hypernode}" + DB_PASSWORD="${DB_PASSWORD:-hypernode}" + export DB_USERNAME + export DB_PASSWORD + RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" export RABBITMQ_DEFAULT_USER @@ -469,7 +476,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} - export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} + export DATABASE_URI=mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_NAME}:27017/${PROCESS_NAME}?authSource=admin export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" @@ -492,7 +499,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} - export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} + export DATABASE_URI=mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_NAME}:27017/${PROCESS_NAME}?authSource=admin export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" diff --git a/installer_docker/milesight/installer_milesight.sh b/installer_docker/milesight/installer_milesight.sh index 80b2f97..dadef6c 100755 --- a/installer_docker/milesight/installer_milesight.sh +++ b/installer_docker/milesight/installer_milesight.sh @@ -50,6 +50,8 @@ SSL_PORT=443 DOCKER_TAG="milesight" FORCE_INSTALL="false" DB_PORT=27017 +DB_USERNAME="${DB_USERNAME:-hypernode}" +DB_PASSWORD="${DB_PASSWORD:-hypernode}" RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" @@ -406,6 +408,11 @@ getFirstDbPortFree() { get_config() { + DB_USERNAME="${DB_USERNAME:-hypernode}" + DB_PASSWORD="${DB_PASSWORD:-hypernode}" + export DB_USERNAME + export DB_PASSWORD + RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" export RABBITMQ_DEFAULT_USER @@ -456,7 +463,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} - export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} + export DATABASE_URI=mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_NAME}:27017/${PROCESS_NAME}?authSource=admin export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" printf "\nGateway set as $remote_host" @@ -479,7 +486,7 @@ get_config() { export PROCESS_NAME=additional-${PROCESS_NAME} export DB_NAME=database-for-${PROCESS_NAME} - export DATABASE_URI=mongodb://${DB_NAME}:27017/${PROCESS_NAME} + export DATABASE_URI=mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_NAME}:27017/${PROCESS_NAME}?authSource=admin export RMQ="amqps://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@$remote_host" export GRI="wss://$remote_host" diff --git a/installer_docker/native_service_update.sh b/installer_docker/native_service_update.sh index f327ede..e96b39c 100755 --- a/installer_docker/native_service_update.sh +++ b/installer_docker/native_service_update.sh @@ -359,6 +359,8 @@ update_with_env_file() { DB_PORT="${DB_PORT:-27017}" DOCKER_TAG="${DOCKER_TAG:-latest}" + DB_USERNAME="${DB_USERNAME:-hypernode}" + DB_PASSWORD="${DB_PASSWORD:-hypernode}" if [[ -z "${PROCESS_NAME:-}" && -n "${DB_NAME:-}" ]]; then PROCESS_NAME="${DB_NAME#database-for-}" @@ -369,10 +371,10 @@ update_with_env_file() { fi if [[ -z "${DATABASE_URI:-}" && -n "${DB_NAME:-}" && -n "${PROCESS_NAME:-}" ]]; then - DATABASE_URI="mongodb://${DB_NAME}:27017/${PROCESS_NAME}" + DATABASE_URI="mongodb://${DB_USERNAME}:${DB_PASSWORD}@${DB_NAME}:27017/${PROCESS_NAME}?authSource=admin" fi - export DB_PORT DOCKER_TAG PROCESS_NAME DB_NAME DATABASE_URI + export DB_PORT DOCKER_TAG PROCESS_NAME DB_NAME DB_USERNAME DB_PASSWORD DATABASE_URI local service_name="" if [[ -n "$service_override" ]]; then diff --git a/installer_docker/recreate_env_file.sh b/installer_docker/recreate_env_file.sh index 5372e91..b04216b 100644 --- a/installer_docker/recreate_env_file.sh +++ b/installer_docker/recreate_env_file.sh @@ -28,6 +28,8 @@ ENV_VARS=( STORAGE_DISK_SPACE SNAPSHOT_PATH SNAPSHOT_DISK_SPACE + DB_USERNAME + DB_PASSWORD DB_PORT DB_NAME PROCESS_NAME @@ -204,14 +206,27 @@ get_port_mapping() { parse_db_port_from_uri() { local uri="$1" local port="" - if [[ "$uri" =~ mongodb://[^:/]+:([0-9]+) ]]; then - port="${BASH_REMATCH[1]}" - elif [[ "$uri" =~ mongodb://[^/]+/ ]]; then + if [[ "$uri" =~ mongodb://([^@/]+@)?[^:/]+:([0-9]+) ]]; then + port="${BASH_REMATCH[2]}" + elif [[ "$uri" =~ mongodb://([^@/]+@)?[^/]+/ ]]; then port="27017" fi printf "%s" "$port" } +parse_db_credentials_from_uri() { + local uri="$1" + local user="" + local pass="" + + if [[ "$uri" =~ mongodb://([^:/@]+):([^@]+)@ ]]; then + user="${BASH_REMATCH[1]}" + pass="${BASH_REMATCH[2]}" + fi + + printf "%s\t%s" "$user" "$pass" +} + get_container_for_service() { local service="$1" local container="${SERVICE_CONTAINER[$service]:-}" @@ -264,15 +279,22 @@ if [[ -n "$CORETRUST_CONTAINER" ]]; then fi if [[ -n "$GATEWAY_CONTAINER" ]]; then + local_db_uri="$(get_env "$GATEWAY_CONTAINER" "DATABASE_URI")" VALUES[SERVER_TIMEZONE]="$(get_env "$GATEWAY_CONTAINER" "SERVER_TIMEZONE")" VALUES[SERVER_NAME]="$(get_env "$GATEWAY_CONTAINER" "SERVER_NAME")" if [[ -z "${VALUES[LICENSE_PROVIDER_URL]:-}" ]]; then VALUES[LICENSE_PROVIDER_URL]="$(get_env "$GATEWAY_CONTAINER" "LICENSE_PROVIDER_URL")" fi VALUES[RMQ]="$(get_env "$GATEWAY_CONTAINER" "RABBITMQ_URI")" + if [[ -z "${VALUES[DB_USERNAME]:-}" || -z "${VALUES[DB_PASSWORD]:-}" ]]; then + db_user="" + db_password="" + IFS=$'\t' read -r db_user db_password <<< "$(parse_db_credentials_from_uri "$local_db_uri")" + VALUES[DB_USERNAME]="$db_user" + VALUES[DB_PASSWORD]="$db_password" + fi if [[ -z "${VALUES[DB_PORT]:-}" ]]; then - db_uri="$(get_env "$GATEWAY_CONTAINER" "DATABASE_URI")" - VALUES[DB_PORT]="$(parse_db_port_from_uri "$db_uri")" + VALUES[DB_PORT]="$(parse_db_port_from_uri "$local_db_uri")" fi fi diff --git a/installer_docker/uss_restore.sh b/installer_docker/uss_restore.sh index a70809b..d085111 100755 --- a/installer_docker/uss_restore.sh +++ b/installer_docker/uss_restore.sh @@ -42,6 +42,8 @@ ENV_VARS=( RECORDING_DISK_SPACE SNAPSHOT_PATH SNAPSHOT_DISK_SPACE + DB_USERNAME + DB_PASSWORD DB_PORT DB_NAME RABBITMQ_DEFAULT_USER @@ -340,6 +342,8 @@ prompt_env_vars() { prompt_var "RECORDING_DISK_SPACE" "RECORDING_DISK_SPACE" prompt_var "SNAPSHOT_PATH" "SNAPSHOT_PATH" "/snapshot" prompt_var "SNAPSHOT_DISK_SPACE" "SNAPSHOT_DISK_SPACE" + prompt_var "DB_USERNAME" "DB_USERNAME" "hypernode" + prompt_var "DB_PASSWORD" "DB_PASSWORD" "hypernode" "true" prompt_var "DB_PORT" "DB_PORT" "27017" prompt_var "DB_NAME" "DB_NAME" "uss_database" prompt_var "RABBITMQ_DEFAULT_USER" "RABBITMQ_DEFAULT_USER" "hypernode" From a1422e9b2cab24eba5348d9ce39c217c42266f77 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Mon, 23 Feb 2026 11:44:27 +0100 Subject: [PATCH 03/27] Add support for additional command-line options to set database and RabbitMQ credentials --- installer_docker/installer.sh | 187 +++++++++++++++++++--------------- 1 file changed, 104 insertions(+), 83 deletions(-) diff --git a/installer_docker/installer.sh b/installer_docker/installer.sh index d394e01..86b0a3e 100755 --- a/installer_docker/installer.sh +++ b/installer_docker/installer.sh @@ -257,111 +257,132 @@ execute_command() { } while [[ "$#" -gt 0 ]]; do - case "$1" in + case "$1" in + -fi|--force-install) - FORCE_INSTALL="true" - shift - ;; + FORCE_INSTALL="true" + shift + ;; -p|--port) - SSL_PORT="$2" - shift 2 - ;; + SSL_PORT="$2" + shift 2 + ;; -t|--tag) - DOCKER_TAG="$2" - shift 2 - ;; + DOCKER_TAG="$2" + shift 2 + ;; -m|--mode) - INSTALL_OPTION="$2" - shift 2 - ;; + INSTALL_OPTION="$2" + shift 2 + ;; -host|--host) - remote_host="$2" - shift 2 - ;; + remote_host="$2" + shift 2 + ;; -pn|--process-name) - PROCESS_NAME="$2" - shift 2 - ;; + PROCESS_NAME="$2" + shift 2 + ;; -sn|--serial-number) - SERIAL_NUMBER="$2" - export SERIAL_NUMBER - shift 2 - ;; + SERIAL_NUMBER="$2" + export SERIAL_NUMBER + shift 2 + ;; -tz|--timezone) - SERVER_TIMEZONE="$2" - export SERVER_TIMEZONE - shift 2 - ;; + SERVER_TIMEZONE="$2" + export SERVER_TIMEZONE + shift 2 + ;; -in|--internal-name) - SERVER_NAME="$2" - export SERVER_NAME - shift 2 - ;; + SERVER_NAME="$2" + export SERVER_NAME + shift 2 + ;; -email|--email) - ARTECO_GLOBAL_EMAIL="$2" - export ARTECO_GLOBAL_EMAIL - shift 2 - ;; + ARTECO_GLOBAL_EMAIL="$2" + export ARTECO_GLOBAL_EMAIL + shift 2 + ;; -pass|--password) - ARTECO_GLOBAL_PASSWORD="$2" - export ARTECO_GLOBAL_PASSWORD - shift 2 - ;; + ARTECO_GLOBAL_PASSWORD="$2" + export ARTECO_GLOBAL_PASSWORD + shift 2 + ;; -sip|--server-ip) - SERVER_IP_ADDRESS="$2" - export SERVER_IP_ADDRESS - shift 2 - ;; - + SERVER_IP_ADDRESS="$2" + export SERVER_IP_ADDRESS + shift 2 + ;; -cert-url|--certificate-provider-url) - CERTIFICATE_PROVIDER_URL="$2" - export CERTIFICATE_PROVIDER_URL - shift 2 - ;; + CERTIFICATE_PROVIDER_URL="$2" + export CERTIFICATE_PROVIDER_URL + shift 2 + ;; -dns-url|--dns-provider-url) - DNS_PROVIDER_URL="$2" - export DNS_PROVIDER_URL - shift 2 - ;; + DNS_PROVIDER_URL="$2" + export DNS_PROVIDER_URL + shift 2 + ;; -lic-url|--license-provider-url) - LICENSE_PROVIDER_URL="$2" - export LICENSE_PROVIDER_URL - shift 2 - ;; + LICENSE_PROVIDER_URL="$2" + export LICENSE_PROVIDER_URL + shift 2 + ;; -db|--deploy-branch) - DEPLOY_BRANCH="$2" - shift 2 - ;; + DEPLOY_BRANCH="$2" + shift 2 + ;; -rec-path|--recording-path) - RECORDING_PATH="$2" - export RECORDING_PATH - shift 2 - ;; + RECORDING_PATH="$2" + export RECORDING_PATH + shift 2 + ;; -rec-max-disk|--recording-max-disk) - RECORDING_DISK_SPACE="$2" - export RECORDING_DISK_SPACE - shift 2 - ;; + RECORDING_DISK_SPACE="$2" + export RECORDING_DISK_SPACE + shift 2 + ;; -storage-path|--storage-path) - STORAGE_PATH="$2" - export STORAGE_PATH - shift 2 - ;; + STORAGE_PATH="$2" + export STORAGE_PATH + shift 2 + ;; -storage-max-disk|--storage-max-disk) - STORAGE_DISK_SPACE="$2" - export STORAGE_DISK_SPACE - shift 2 - ;; + STORAGE_DISK_SPACE="$2" + export STORAGE_DISK_SPACE + shift 2 + ;; -snapshot-path|--snapshot-path) - SNAPSHOT_PATH="$2" - export SNAPSHOT_PATH - shift 2 - ;; + SNAPSHOT_PATH="$2" + export SNAPSHOT_PATH + shift 2 + ;; -snapshot-max-disk|--snapshot-max-disk) - SNAPSHOT_DISK_SPACE="$2" - export SNAPSHOT_DISK_SPACE - shift 2 - ;; + SNAPSHOT_DISK_SPACE="$2" + export SNAPSHOT_DISK_SPACE + shift 2 + ;; + -dbuser|--db-username) + DB_USERNAME="$2" + export DB_USERNAME + shift 2 + ;; + -dbpass|--db-password) + DB_PASSWORD="$2" + export DB_PASSWORD + shift 2 + ;; + -rmquser|--rabbitmq-username) + RABBITMQ_DEFAULT_USER="$2" + export RABBITMQ_DEFAULT_USER + shift 2 + ;; + -rmqpass|--rabbitmq-password) + RABBITMQ_DEFAULT_PASS="$2" + export RABBITMQ_DEFAULT_PASS + shift 2 + ;; + -h|--help) echo "Usage: installer.sh [options]" echo "" From cc38d710628e0f6a40e1eab1e4bdfdad9a375774 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Mon, 23 Feb 2026 14:45:26 +0100 Subject: [PATCH 04/27] Add health check script and WSL alias management for Docker --- .../HEALTHCHECK.md | 0 old_workflows/push_milesight.yml | 226 ------------------ .../install-docker-wsl-alias.ps1 | 0 .../uninstall-docker-wsl-alias.ps1 | 0 4 files changed, 226 deletions(-) rename HEALTHCHECK.md => installer_docker/HEALTHCHECK.md (100%) delete mode 100644 old_workflows/push_milesight.yml rename install-docker-wsl-alias.ps1 => wsl/install-docker-wsl-alias.ps1 (100%) rename uninstall-docker-wsl-alias.ps1 => wsl/uninstall-docker-wsl-alias.ps1 (100%) diff --git a/HEALTHCHECK.md b/installer_docker/HEALTHCHECK.md similarity index 100% rename from HEALTHCHECK.md rename to installer_docker/HEALTHCHECK.md diff --git a/old_workflows/push_milesight.yml b/old_workflows/push_milesight.yml deleted file mode 100644 index 5c41708..0000000 --- a/old_workflows/push_milesight.yml +++ /dev/null @@ -1,226 +0,0 @@ -name: Push USee Images - MILESIGHT (ARM64) - -on: - workflow_dispatch: - inputs: - BRANCH_BACKEND_REF: - description: "Checkout branch Backend (server)" - required: true - default: "release_candidate" - BRANCH_CONFIGURATOR_REF: - description: "Checkout branch Configurator (frontend)" - required: true - default: "release_candidate" - SERVICES: - description: 'Seleziona il servizio da buildare (o "all" per tutti)' - required: true - type: choice - options: - - all - - live_streamer - - id_verifier - - event_manager - - metadata - - suite_manager - - coretrust # 👈 nuovo servizio aggiunto - - media_recorder - - snapshot_recorder - - web_server - - port_broker - - message_broker - # - database - #- media_storage - - configurator - default: "all" - -jobs: - build_and_push: - runs-on: ubuntu-latest - env: - TAG: milesight # Tag fisso per build MILESIGHT - PLATFORMS: linux/arm64 # Architettura forzata ARM64 - - steps: - - name: Checkout deploy repo - uses: actions/checkout@v3 - with: - path: deploy - - # ------------------------ - # BACKEND REPO - # ------------------------ - - name: Checkout backend - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES != 'configurator' }} - uses: actions/checkout@v3 - with: - repository: Arteco-Global/hypernode-server - ref: ${{ github.event.inputs.BRANCH_BACKEND_REF }} - path: hypernode-server - token: ${{ secrets.GIT_PAT }} - - # ------------------------ - # FRONTEND REPO (CONFIGURATOR) - # ------------------------ - - name: Checkout frontend - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'configurator' }} - uses: actions/checkout@v3 - with: - repository: Arteco-Global/hypernode_server_gui - ref: ${{ github.event.inputs.BRANCH_CONFIGURATOR_REF }} - path: hypernode_server_gui - token: ${{ secrets.GIT_PAT }} - - # ------------------------ - # COMMON SETUP - # ------------------------ - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: DockerHub Login - run: | - echo "${{ secrets.DOCKER_TOKEN }}" \ - | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - - name: DockerHub check - run: docker info - - # ------------------------ - # BACKEND BUILDS - # ------------------------ - - name: BuildLiveStreamer - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'live_streamer' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/camera.Dockerfile \ - -t artecoglobalcompany/usee_live_streamer:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildIDVerifier - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'id_verifier' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/auth.Dockerfile \ - -t artecoglobalcompany/usee_id_verifier:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildEventManager - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'event_manager' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/event.Dockerfile \ - -t artecoglobalcompany/usee_event_manager:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildMetadataManager - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'metadata' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/metadata.Dockerfile \ - -t artecoglobalcompany/usee_metadata_manager:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildSuiteManager - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'suite_manager' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/gateway.Dockerfile \ - -t artecoglobalcompany/usee_suite_manager:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildCoreTrust # 👈 nuovo step aggiunto - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'coretrust' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/coretrust.Dockerfile \ - -t artecoglobalcompany/usee_coretrust:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildMediaRecorder - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'media_recorder' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/recording.Dockerfile \ - -t artecoglobalcompany/usee_media_recorder:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildSnapshotRecorder - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'snapshot_recorder' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/snapshot.Dockerfile \ - -t artecoglobalcompany/usee_snapshot_recorder:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildWebServer - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'web_server' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/webserver/nginx.Dockerfile \ - -t artecoglobalcompany/usee_web_server:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildPortBroker - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'port_broker' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/portbroker/portBroker.Dockerfile \ - -t artecoglobalcompany/usee_port_broker:${{ env.TAG }} \ - --push hypernode-server - - - name: BuildMessageBroker - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'message_broker' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode-server/docker/messagebroker/messageBroker.Dockerfile \ - -t artecoglobalcompany/usee_message_broker:${{ env.TAG }} \ - --push hypernode-server - - # - name: BuildDatabase - # if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'database' }} - # run: | - # docker buildx build \ - # --platform=${{ env.PLATFORMS }} \ - # -f hypernode-server/docker/database/database.Dockerfile \ - # --build-arg MONGO_VERSION=4.4.18 \ - # -t artecoglobalcompany/usee_database:${{ env.TAG }} \ - # --push hypernode-server - - # - name: BuildMediaStorage - # if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'media_storage' }} - # run: | - # docker buildx build \ - # --platform=${{ env.PLATFORMS }} \ - # -f hypernode-server/docker/storage.Dockerfile \ - # -t artecoglobalcompany/usee_media_storage:${{ env.TAG }} \ - # --push hypernode-server - - # ------------------------ - # FRONTEND CONFIGURATOR - # ------------------------ - - name: BuildConfigurator - if: ${{ inputs.SERVICES == 'all' || inputs.SERVICES == 'configurator' }} - run: | - docker buildx build \ - --platform=${{ env.PLATFORMS }} \ - -f hypernode_server_gui/configurator.Dockerfile \ - -t artecoglobalcompany/usee_configurator:${{ env.TAG }} \ - --push hypernode_server_gui diff --git a/install-docker-wsl-alias.ps1 b/wsl/install-docker-wsl-alias.ps1 similarity index 100% rename from install-docker-wsl-alias.ps1 rename to wsl/install-docker-wsl-alias.ps1 diff --git a/uninstall-docker-wsl-alias.ps1 b/wsl/uninstall-docker-wsl-alias.ps1 similarity index 100% rename from uninstall-docker-wsl-alias.ps1 rename to wsl/uninstall-docker-wsl-alias.ps1 From 13ef466ddf645cb550ee7b50980325bfba961ba8 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Thu, 12 Mar 2026 15:37:29 +0100 Subject: [PATCH 05/27] Add SERVER_SECRET support for gateway endpoints and update documentation --- README.md | 1 + installer_docker/RECREATE_ENV_FILE.md | 1 + installer_docker/UPDATE_PROCEDURE.md | 4 ++++ installer_docker/USS_RESTORE_HOW_TO.md | 1 + installer_docker/composes/server/docker-compose.yaml | 1 + installer_docker/installer.sh | 11 +++++++++++ installer_docker/synology/full/compose.yml | 3 ++- installer_docker/synology/server/compose.yaml | 1 + 8 files changed, 22 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b79868b..34bf38d 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ This repository contains the deployment tooling for the Arteco Hypernode video m - `--mode` to select the installation profile for the node you are deploying. - `--serial-number`, `--internal-name`, and `--timezone` to register the device metadata. - `--email` and `--password` to seed the administrator credentials. + - `--server-secret` to set the shared secret used by gateway endpoints (ALTCHA and reset protection). If omitted, a default value is applied by the installer. - `--deploy-branch` to choose which Git branch to load the remote compose bundles from (defaults to `main`). - Provider URLs (`--certificate-provider-url`, `--dns-provider-url`, `--license-provider-url`, `--update-provider-url`) when the deployment relies on external Arteco services. - Run the script with `--help` to view the full list of options and examples. diff --git a/installer_docker/RECREATE_ENV_FILE.md b/installer_docker/RECREATE_ENV_FILE.md index ce778f8..cc87daf 100644 --- a/installer_docker/RECREATE_ENV_FILE.md +++ b/installer_docker/RECREATE_ENV_FILE.md @@ -44,6 +44,7 @@ Parametri: - `SSL_PORT` viene letto dal mapping di `portbroker:443`. - `DOCKER_TAG` viene letto dall'immagine `messagebroker` (fallback `gateway`). - `DB_PORT` viene dedotto da `DATABASE_URI` del gateway/coretrust. +- `SERVER_SECRET` (se presente) viene ricavata dall'env del container `gateway`. - La variabile `MACHINE` viene aggiunta successivamente da `native_update.sh` o `uss_restore.sh` (che creano/leggono `machine.json`). - Lo script non modifica i container: è in sola lettura. diff --git a/installer_docker/UPDATE_PROCEDURE.md b/installer_docker/UPDATE_PROCEDURE.md index 40b2003..b792304 100644 --- a/installer_docker/UPDATE_PROCEDURE.md +++ b/installer_docker/UPDATE_PROCEDURE.md @@ -135,6 +135,10 @@ Generali: - `RMQ` - `GRI` +Per la suite `server` è inoltre raccomandato mantenere valorizzata: + +- `SERVER_SECRET` (usata dal gateway per protezione ALTCHA e endpoint reset) + Volumi obbligatori (se il servizio li usa): - `RECORDING_PATH` per `recording` diff --git a/installer_docker/USS_RESTORE_HOW_TO.md b/installer_docker/USS_RESTORE_HOW_TO.md index 7a6e692..0011ae0 100644 --- a/installer_docker/USS_RESTORE_HOW_TO.md +++ b/installer_docker/USS_RESTORE_HOW_TO.md @@ -83,6 +83,7 @@ Quando il file manca, lo script chiede questi valori: - `DB_PORT` (default `27017`) - `DB_NAME` (default `uss_database`) - `RMQ` (default `amqp://****:****@messagebroker:5672`) +- `SERVER_SECRET` (default `HYPERNODE_SERVER_SECRET`, usata da gateway per ALTCHA/reset) I valori vengono salvati con escaping sicuro per evitare problemi con caratteri speciali (es. `!`). diff --git a/installer_docker/composes/server/docker-compose.yaml b/installer_docker/composes/server/docker-compose.yaml index f3abca1..d173301 100644 --- a/installer_docker/composes/server/docker-compose.yaml +++ b/installer_docker/composes/server/docker-compose.yaml @@ -34,6 +34,7 @@ services: - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/gateway-db?authSource=admin - SERVER_TIMEZONE=${SERVER_TIMEZONE:-Europe/Rome} - SERVER_NAME=${SERVER_NAME:-Hypernode Server} + - SERVER_SECRET=${SERVER_SECRET:-HYPERNODE_SERVER_SECRET} - MACHINE=${MACHINE} - BACKUPS_PATH=/data/gateway/backups - LICENSE_PROVIDER_URL=${LICENSE_PROVIDER_URL} diff --git a/installer_docker/installer.sh b/installer_docker/installer.sh index 7bac663..55c32d8 100755 --- a/installer_docker/installer.sh +++ b/installer_docker/installer.sh @@ -31,6 +31,7 @@ DB_USERNAME="${DB_USERNAME:-hypernode}" DB_PASSWORD="${DB_PASSWORD:-hypernode}" RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" +SERVER_SECRET="${SERVER_SECRET:-HYPERNODE_SERVER_SECRET}" PROCESS_NAME="--" remote_host="--" @@ -170,6 +171,7 @@ ENV_VARS=( DATABASE_URI RABBITMQ_DEFAULT_USER RABBITMQ_DEFAULT_PASS + SERVER_SECRET RMQ GRI INSTALL_OPTION @@ -382,6 +384,11 @@ while [[ "$#" -gt 0 ]]; do export RABBITMQ_DEFAULT_PASS shift 2 ;; + -ssec|--server-secret) + SERVER_SECRET="$2" + export SERVER_SECRET + shift 2 + ;; -h|--help) echo "Usage: installer.sh [options]" @@ -416,6 +423,7 @@ while [[ "$#" -gt 0 ]]; do echo " -storage-max-disk, --storage-max-disk Set max disk space for storage in Kbytes (default: 10000000)" echo " -snapshot-path, --snapshot-path Set the path to save snapshots (default: /snapshot_files)" echo " -snapshot-max-disk, --snapshot-max-disk Set max disk space for snapshots in Kbytes (default: 10000000)" + echo " -ssec, --server-secret Set shared server secret for gateway reset/altcha" echo "" echo "Example:" echo " ./installer.sh --tag latest --force-install --port 443 --mode 1 --host example.com:443 --process-name cam1 --serial-number SN001 --timezone Europe/Rome --internal-name SRV1 --email test@example.com --password 1234 --server-ip 192.168.1.10 --certificate-provider-url https://cert.example.com --dns-provider-url https://dns.example.com --license-provider-url https://lic.example.com --update-provider-url https://upd.example.com --deploy-branch main --recording-path /recording_files --recording-max-disk 10000000 --storage-path /storage_files --storage-max-disk 10000000 --snapshot-path /snapshot_files --snapshot-max-disk 10000000" @@ -697,6 +705,9 @@ get_config() { export RABBITMQ_DEFAULT_USER export RABBITMQ_DEFAULT_PASS + SERVER_SECRET="${SERVER_SECRET:-HYPERNODE_SERVER_SECRET}" + export SERVER_SECRET + if [ "$HYPERNODE_ALREADY_INSTALLED" != "true" ]; then show_menu "install" diff --git a/installer_docker/synology/full/compose.yml b/installer_docker/synology/full/compose.yml index 582f445..321fefd 100644 --- a/installer_docker/synology/full/compose.yml +++ b/installer_docker/synology/full/compose.yml @@ -44,6 +44,7 @@ services: - DATABASE_URI=mongodb://database:27017/gateway-db - SERVER_TIMEZONE=Europe/Rome - SERVER_NAME=synology + - SERVER_SECRET=${SERVER_SECRET:-HYPERNODE_SERVER_SECRET} - BACKUPS_PATH=/data/gateway/backups - LICENSE_PROVIDER_URL=https://www.arteco-global.com/en/wp-json/sso-provider/login volumes: @@ -204,4 +205,4 @@ volumes: networks: hypernode-net: - driver: bridge \ No newline at end of file + driver: bridge diff --git a/installer_docker/synology/server/compose.yaml b/installer_docker/synology/server/compose.yaml index b825048..6e12e36 100755 --- a/installer_docker/synology/server/compose.yaml +++ b/installer_docker/synology/server/compose.yaml @@ -36,6 +36,7 @@ services: - DATABASE_URI=mongodb://uss_server_database:27017/gateway-db - SERVER_TIMEZONE=Europe/Rome - SERVER_NAME=synology + - SERVER_SECRET=${SERVER_SECRET:-HYPERNODE_SERVER_SECRET} - BACKUPS_PATH=/data/gateway/backups - LICENSE_PROVIDER_URL=https://www.arteco-global.com/en/wp-json/sso-provider/login container_name: gateway From 1353d7a0bf5d3544713b38f02ec34d9911b8cf91 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Thu, 16 Apr 2026 15:10:07 +0200 Subject: [PATCH 06/27] fix robe strane --- .../workflows/push_on_demand_split_native.yml | 70 +++++-------------- 1 file changed, 16 insertions(+), 54 deletions(-) diff --git a/.github/workflows/push_on_demand_split_native.yml b/.github/workflows/push_on_demand_split_native.yml index 11e984e..0f5d604 100644 --- a/.github/workflows/push_on_demand_split_native.yml +++ b/.github/workflows/push_on_demand_split_native.yml @@ -151,6 +151,11 @@ jobs: PLATFORM_SLUG: ${{ matrix.platform_slug }} steps: + - name: Checkout deploy repo + uses: actions/checkout@v3 + with: + path: deploy + - name: Resolve build parameters shell: bash run: | @@ -161,8 +166,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/camera.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_live_streamer" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -171,8 +174,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/auth.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_id_verifier" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -181,8 +182,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/event.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_event_manager" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -191,8 +190,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/metadata.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_metadata_manager" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -201,8 +198,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/gateway.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_suite_manager" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -211,8 +206,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/recording.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_media_recorder" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -221,8 +214,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/snapshot.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_snapshot_recorder" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -231,8 +222,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/webserver/nginx.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_web_server" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -241,8 +230,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/portbroker/portBroker.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_port_broker" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -251,8 +238,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/messagebroker/messageBroker.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_message_broker" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -261,8 +246,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/database/database.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_database" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=true" >> "$GITHUB_ENV" @@ -271,8 +254,6 @@ jobs: echo "DOCKERFILE=hypernode-server/docker/coretrust.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_coretrust" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode-server" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_BACKEND_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -281,8 +262,6 @@ jobs: echo "DOCKERFILE=hypernode_server_gui/configurator.Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/usee_configurator" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=hypernode_server_gui" >> "$GITHUB_ENV" - echo "SOURCE_PATH=hypernode_server_gui" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_CONFIGURATOR_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=true" >> "$GITHUB_ENV" echo "IS_EXPORT=false" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -291,8 +270,6 @@ jobs: echo "DOCKERFILE=arteco-export-service/Dockerfile" >> "$GITHUB_ENV" echo "IMAGE_NAME=artecoglobalcompany/arteco-export-service" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=arteco-export-service" >> "$GITHUB_ENV" - echo "SOURCE_PATH=arteco-export-service" >> "$GITHUB_ENV" - echo "SOURCE_REF=${{ github.event.inputs.BRANCH_EXPORT_REF }}" >> "$GITHUB_ENV" echo "IS_FRONTEND=false" >> "$GITHUB_ENV" echo "IS_EXPORT=true" >> "$GITHUB_ENV" echo "IS_DATABASE=false" >> "$GITHUB_ENV" @@ -304,34 +281,28 @@ jobs: esac - name: Checkout backend - if: ${{ env.SOURCE_PATH == 'hypernode-server' }} - uses: actions/checkout@v4 + uses: actions/checkout@v3 with: repository: Arteco-Global/hypernode-server ref: ${{ github.event.inputs.BRANCH_BACKEND_REF }} path: hypernode-server token: ${{ secrets.GIT_PAT }} - fetch-depth: 1 - name: Checkout frontend - if: ${{ env.SOURCE_PATH == 'hypernode_server_gui' }} - uses: actions/checkout@v4 + uses: actions/checkout@v3 with: repository: Arteco-Global/hypernode_server_gui ref: ${{ github.event.inputs.BRANCH_CONFIGURATOR_REF }} path: hypernode_server_gui token: ${{ secrets.GIT_PAT }} - fetch-depth: 1 - name: Checkout export service - if: ${{ env.SOURCE_PATH == 'arteco-export-service' }} - uses: actions/checkout@v4 + uses: actions/checkout@v3 with: repository: Arteco-Global/arteco-export-service ref: ${{ github.event.inputs.BRANCH_EXPORT_REF }} path: arteco-export-service token: ${{ secrets.GIT_PAT }} - fetch-depth: 1 - name: Compute image version shell: bash @@ -341,8 +312,12 @@ jobs: VERSION="" if [ "${TAG}" != "latest" ]; then VERSION="${TAG}" + elif [ "${IS_EXPORT:-false}" = "true" ]; then + VERSION="$(git -C arteco-export-service rev-parse --short HEAD)" + elif [ "${IS_FRONTEND}" = "true" ]; then + VERSION="$(git -C hypernode_server_gui rev-parse --short HEAD)" else - VERSION="$(git -C "${SOURCE_PATH}" rev-parse --short HEAD)" + VERSION="$(git -C hypernode-server rev-parse --short HEAD)" fi echo "IMAGE_VERSION=${VERSION}" >> "$GITHUB_ENV" @@ -354,25 +329,12 @@ jobs: set -euo pipefail BUILD_TIMESTAMP="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" - BACKEND_COMMIT_HASH="not_checked_out" - EXPORT_COMMIT_HASH="not_checked_out" - CONFIGURATOR_COMMIT_HASH="not_checked_out" - SOURCE_COMMIT_HASH="$(git -C "${SOURCE_PATH}" rev-parse --short HEAD)" - - if [ -d hypernode-server/.git ]; then - BACKEND_COMMIT_HASH="$(git -C hypernode-server rev-parse --short HEAD)" - fi - if [ -d arteco-export-service/.git ]; then - EXPORT_COMMIT_HASH="$(git -C arteco-export-service rev-parse --short HEAD)" - fi - if [ -d hypernode_server_gui/.git ]; then - CONFIGURATOR_COMMIT_HASH="$(git -C hypernode_server_gui rev-parse --short HEAD)" - fi - + BACKEND_COMMIT_HASH="$(git -C hypernode-server rev-parse --short HEAD)" + EXPORT_COMMIT_HASH="$(git -C arteco-export-service rev-parse --short HEAD)" + CONFIGURATOR_COMMIT_HASH="$(git -C hypernode_server_gui rev-parse --short HEAD)" BUILD_LABEL="tag=${TAG}|backend=${{ github.event.inputs.BRANCH_BACKEND_REF }}@${BACKEND_COMMIT_HASH}|export=${{ github.event.inputs.BRANCH_EXPORT_REF }}@${EXPORT_COMMIT_HASH}|configurator=${{ github.event.inputs.BRANCH_CONFIGURATOR_REF }}@${CONFIGURATOR_COMMIT_HASH}|services=${{ github.event.inputs.SERVICES }}|run=${{ github.run_number }}|built_at=${BUILD_TIMESTAMP}" echo "BUILD_LABEL=${BUILD_LABEL}" >> "$GITHUB_ENV" - echo "SOURCE_COMMIT_HASH=${SOURCE_COMMIT_HASH}" >> "$GITHUB_ENV" echo "Build label: ${BUILD_LABEL}" - name: DockerHub Login From 07e433852862f193e2ebc980a73e6286ad8169c1 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Wed, 22 Apr 2026 11:22:06 +0200 Subject: [PATCH 07/27] Aggiunto script edi_env_file.js --- installer_docker/edit_env_file.sh | 260 ++++++++++++++++++++++++++++++ 1 file changed, 260 insertions(+) create mode 100755 installer_docker/edit_env_file.sh diff --git a/installer_docker/edit_env_file.sh b/installer_docker/edit_env_file.sh new file mode 100755 index 0000000..c675679 --- /dev/null +++ b/installer_docker/edit_env_file.sh @@ -0,0 +1,260 @@ +#!/bin/bash + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +DEPLOY_DIR="$SCRIPT_DIR" +SYSTEM_ENV_DIR="/etc/.hypernode" + +TOTAL_CHANGES=0 +CHANGED_FILES=() +TARGET_FILES=() +OVERRIDE_KEYS=() +OVERRIDE_VALUES=() + +usage() { + cat <<'EOF' +Usage: edit_env_file.sh KEY=VALUE [KEY=VALUE ...] + +Aggiorna variabili env nei file env log Hypernode: + - .hypernode-install-env.log + - .hypernode-install-*-env.log + - eventuali repliche in /etc/.hypernode + - eventuali .original + +Esempio: + ./edit_env_file.sh DOCKER_TAG=latest ARTECO_GLOBAL_PASSWORD=pippo +EOF +} + +detect_deploy_dir() { + if [[ "$(basename "$SCRIPT_DIR")" == "installer_docker" ]]; then + DEPLOY_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" + else + DEPLOY_DIR="$SCRIPT_DIR" + fi +} + +to_rel_path() { + local abs="$1" + if [[ "$abs" == "$DEPLOY_DIR/"* ]]; then + printf '%s\n' "${abs#$DEPLOY_DIR/}" + else + printf '%s\n' "$abs" + fi +} + +parse_overrides() { + local arg + local key + local value + local i + local idx + + if [[ "$#" -eq 0 ]]; then + echo "Missing parameters." + usage + exit 1 + fi + + for arg in "$@"; do + if [[ "$arg" != *=* ]]; then + echo "Invalid parameter '$arg'. Expected KEY=VALUE." + usage + exit 1 + fi + + key="${arg%%=*}" + value="${arg#*=}" + + if [[ -z "$key" ]]; then + echo "Invalid parameter '$arg'. Key cannot be empty." + usage + exit 1 + fi + + if [[ ! "$key" =~ ^[A-Za-z_][A-Za-z0-9_]*$ ]]; then + echo "Invalid key '$key'." + usage + exit 1 + fi + + i=-1 + for idx in "${!OVERRIDE_KEYS[@]}"; do + if [[ "${OVERRIDE_KEYS[$idx]}" == "$key" ]]; then + i="$idx" + break + fi + done + + if [[ "$i" -lt 0 ]]; then + OVERRIDE_KEYS+=("$key") + OVERRIDE_VALUES+=("$value") + else + OVERRIDE_VALUES[$i]="$value" + fi + done +} + +get_override_value() { + local key="$1" + local idx + + for idx in "${!OVERRIDE_KEYS[@]}"; do + if [[ "${OVERRIDE_KEYS[$idx]}" == "$key" ]]; then + printf '%s' "${OVERRIDE_VALUES[$idx]}" + return 0 + fi + done + return 1 +} + +add_target_file() { + local file="$1" + local existing + + [[ -f "$file" ]] || return 0 + + for existing in "${TARGET_FILES[@]:-}"; do + if [[ "$existing" == "$file" ]]; then + return 0 + fi + done + TARGET_FILES+=("$file") +} + +collect_env_logs_from_dir() { + local dir="$1" + local file + + [[ -d "$dir" ]] || return 0 + + while IFS= read -r file; do + add_target_file "$file" + done < <( + find "$dir" -maxdepth 1 -type f \ + \( -name '.hypernode-install-env.log' \ + -o -name '.hypernode-install-*-env.log' \ + -o -name '.hypernode-install-env.log.original' \ + -o -name '.hypernode-install-*-env.log.original' \ + -o -name 'hypernode-install-env.log' \ + -o -name 'hypernode-install-*-env.log' \ + -o -name 'hypernode-install-env.log.original' \ + -o -name 'hypernode-install-*-env.log.original' \) \ + | sort + ) +} + +write_updated_file() { + local tmp_file="$1" + local dest_file="$2" + + if cp "$tmp_file" "$dest_file" 2>/dev/null; then + return 0 + fi + + if command -v sudo >/dev/null 2>&1; then + if sudo cp "$tmp_file" "$dest_file" 2>/dev/null; then + return 0 + fi + fi + + return 1 +} + +update_env_log_file() { + local file="$1" + local tmp_file + local report_file + local rel + local line_no + local old_value + local new_value + local change_count + local key + + tmp_file="$(mktemp)" + report_file="$(mktemp)" + rel="$(to_rel_path "$file")" + + : > "$tmp_file" + : > "$report_file" + + line_no=0 + while IFS= read -r old_value || [[ -n "$old_value" ]]; do + line_no=$((line_no + 1)) + new_value="$old_value" + + for key in "${OVERRIDE_KEYS[@]:-}"; do + if [[ "$new_value" =~ ^[[:space:]]*$key= ]]; then + new_value="$key=$(get_override_value "$key")" + break + fi + done + + if [[ "$old_value" != "$new_value" ]]; then + printf '%s\t%s\t%s\n' "$line_no" "$old_value" "$new_value" >> "$report_file" + fi + + printf '%s\n' "$new_value" >> "$tmp_file" + done < "$file" + + if cmp -s "$file" "$tmp_file"; then + rm -f "$tmp_file" "$report_file" + return 0 + fi + + if ! write_updated_file "$tmp_file" "$file"; then + echo "⚠️ Impossibile scrivere: $rel" + rm -f "$tmp_file" "$report_file" + return 0 + fi + + echo "✅ $rel" + while IFS=$'\t' read -r line_no old_value new_value; do + [[ -z "$line_no" ]] && continue + echo " - line $line_no: $old_value -> $new_value" + done < "$report_file" + + change_count="$(wc -l < "$report_file" | tr -d ' ')" + TOTAL_CHANGES=$((TOTAL_CHANGES + change_count)) + CHANGED_FILES+=("$rel") + + rm -f "$tmp_file" "$report_file" +} + +if [[ "${1:-}" == "-h" || "${1:-}" == "--help" ]]; then + usage + exit 0 +fi + +parse_overrides "$@" +detect_deploy_dir + +echo "" +echo "▶️ Aggiornamento env nei log in corso" +for key in "${OVERRIDE_KEYS[@]}"; do + echo " - $key=$(get_override_value "$key")" +done + +collect_env_logs_from_dir "$DEPLOY_DIR" +collect_env_logs_from_dir "$SYSTEM_ENV_DIR" + +if [[ "${#TARGET_FILES[@]}" -eq 0 ]]; then + echo "ℹ️ Nessun env log trovato in '$DEPLOY_DIR' o '$SYSTEM_ENV_DIR'." + exit 0 +fi + +for file in "${TARGET_FILES[@]}"; do + update_env_log_file "$file" +done + +echo "" +if [[ "${#CHANGED_FILES[@]}" -eq 0 ]]; then + echo "ℹ️ Nessuna modifica necessaria." + exit 0 +fi + +echo "🏁 Aggiornamento completato." +echo "File aggiornati: ${#CHANGED_FILES[@]}" +echo "Sostituzioni effettuate: $TOTAL_CHANGES" From b41d7c10aa5e61df36d050ba7714b43bb42f0660 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Wed, 22 Apr 2026 12:38:59 +0200 Subject: [PATCH 08/27] rimossi compose google drive inutili --- .../gdrive_recording/docker-compose.yaml | 37 ------------------- .../composes/gdrive_recording/env.sample | 11 ------ .../gdrive_snapshot/docker-compose.yaml | 37 ------------------- .../composes/gdrive_snapshot/env.sample | 11 ------ 4 files changed, 96 deletions(-) delete mode 100644 installer_docker/composes/gdrive_recording/docker-compose.yaml delete mode 100644 installer_docker/composes/gdrive_recording/env.sample delete mode 100644 installer_docker/composes/gdrive_snapshot/docker-compose.yaml delete mode 100644 installer_docker/composes/gdrive_snapshot/env.sample diff --git a/installer_docker/composes/gdrive_recording/docker-compose.yaml b/installer_docker/composes/gdrive_recording/docker-compose.yaml deleted file mode 100644 index db0079e..0000000 --- a/installer_docker/composes/gdrive_recording/docker-compose.yaml +++ /dev/null @@ -1,37 +0,0 @@ -version: "3.9" - -name: gdrive_recording_${PROCESS_NAME} - -services: - snapshot: - image: gdrive_recording:latest # <-- la tua immagine locale - container_name: gdrive_recording_${PROCESS_NAME} - privileged: true # necessario per FUSE - devices: - - /dev/fuse:/dev/fuse - cap_add: - - SYS_ADMIN - security_opt: - - apparmor:unconfined - tmpfs: - - /dev/shm:size=1g - environment: - - RCLONE_CONFIG_BASE64=${RCLONE_CONFIG_BASE64} - - GDRIVE_REMOTE=gdrive - - GDRIVE_PATH=HYPERNODE - - MOUNT_PATH=/recording_files - - RCLONE_CACHE_DIR=/dev/shm/rclone-cache - - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/gdrive_recording_${PROCESS_NAME}?authSource=admin - - GATEWAY_URI=${GRI} - - SRV_INST_NAME=gdrive_recording_${PROCESS_NAME} - - RECORDING_DISK_SPACE=${RECORDING_DISK_SPACE:-10000000} - - RECORDING_PATH=/recording_files - - MACHINE=${MACHINE} - network_mode: "host" - restart: unless-stopped - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "5" diff --git a/installer_docker/composes/gdrive_recording/env.sample b/installer_docker/composes/gdrive_recording/env.sample deleted file mode 100644 index 69244ad..0000000 --- a/installer_docker/composes/gdrive_recording/env.sample +++ /dev/null @@ -1,11 +0,0 @@ -PROCESS_NAME=google_drive_test -RABBITMQ_DEFAULT_USER=hypernode -RABBITMQ_DEFAULT_PASS=hypernode -RMQ=amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@127.0.0.1:5672 -DB_PORT=27017 -GRI=ws://127.0.0.1:8181 -RCLONE_CONFIG_BASE64=##### -GDRIVE_REMOTE=gdrive -GDRIVE_PATH=HYPERNODE -RECORDING_DISK_SPACE=17000000 -RECORDING_PATH=/recording_files diff --git a/installer_docker/composes/gdrive_snapshot/docker-compose.yaml b/installer_docker/composes/gdrive_snapshot/docker-compose.yaml deleted file mode 100644 index a1a82ea..0000000 --- a/installer_docker/composes/gdrive_snapshot/docker-compose.yaml +++ /dev/null @@ -1,37 +0,0 @@ -version: "3.9" - -name: gdrive_snapshot_${PROCESS_NAME} - -services: - snapshot: - image: gdrive_snapshot:latest # <-- la tua immagine locale - container_name: gdrive_snapshot_${PROCESS_NAME} - privileged: true # necessario per FUSE - devices: - - /dev/fuse:/dev/fuse - cap_add: - - SYS_ADMIN - security_opt: - - apparmor:unconfined - tmpfs: - - /dev/shm:size=1g - environment: - - RCLONE_CONFIG_BASE64=${RCLONE_CONFIG_BASE64} - - GDRIVE_REMOTE=gdrive - - GDRIVE_PATH=HYPERNODE - - MOUNT_PATH=/snapshot_files - - RCLONE_CACHE_DIR=/dev/shm/rclone-cache - - RABBITMQ_URI=${RMQ} - - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@127.0.0.1:${DB_PORT}/gdrive_snapshot_${PROCESS_NAME}?authSource=admin - - GATEWAY_URI=${GRI} - - SRV_INST_NAME=gdrive_snapshot_${PROCESS_NAME} - - SNAPSHOT_DISK_SPACE=${SNAPSHOT_DISK_SPACE:-10000000} - - SNAPSHOT_PATH=/snapshot_files - - MACHINE=${MACHINE} - network_mode: "host" - restart: unless-stopped - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "5" diff --git a/installer_docker/composes/gdrive_snapshot/env.sample b/installer_docker/composes/gdrive_snapshot/env.sample deleted file mode 100644 index d2b9780..0000000 --- a/installer_docker/composes/gdrive_snapshot/env.sample +++ /dev/null @@ -1,11 +0,0 @@ -PROCESS_NAME=google_drive_test -RABBITMQ_DEFAULT_USER=hypernode -RABBITMQ_DEFAULT_PASS=hypernode -RMQ=amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@127.0.0.1:5672 -DB_PORT=27017 -GRI=ws://127.0.0.1:8181 -RCLONE_CONFIG_BASE64=#### -GDRIVE_REMOTE=gdrive -GDRIVE_PATH=HYPERNODE -SNAPSHOT_DISK_SPACE=17000000 -SNAPSHOT_PATH=/snapshot_files From 13674e8581e5112a644e2bc97e382384090357e4 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Wed, 22 Apr 2026 15:01:33 +0200 Subject: [PATCH 09/27] Fix per edit_env_file --- installer_docker/edit_env_file.sh | 91 ++++++++++++++++++++++++++++++- 1 file changed, 90 insertions(+), 1 deletion(-) diff --git a/installer_docker/edit_env_file.sh b/installer_docker/edit_env_file.sh index c675679..66c392c 100755 --- a/installer_docker/edit_env_file.sh +++ b/installer_docker/edit_env_file.sh @@ -5,6 +5,8 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" DEPLOY_DIR="$SCRIPT_DIR" SYSTEM_ENV_DIR="/etc/.hypernode" +DEPLOY_BRANCH="${DEPLOY_BRANCH:-main}" +ABSOLUTE_PATH_BASE="https://raw.githubusercontent.com/Arteco-Global/hypernode_deploy/refs/heads" TOTAL_CHANGES=0 CHANGED_FILES=() @@ -35,6 +37,58 @@ detect_deploy_dir() { fi } +ensure_primary_env_log_exists() { + local env_file="${DEPLOY_DIR}/.hypernode-install-env.log" + local recreate_script="${DEPLOY_DIR}/recreate_env_file.sh" + local recreate_url="${ABSOLUTE_PATH_BASE}/${DEPLOY_BRANCH}/installer_docker/recreate_env_file.sh" + local restored_file="${DEPLOY_DIR}/_restored_hypernode-install-env.log" + + if [[ -f "$env_file" ]]; then + return 0 + fi + + echo "❌ Env file not found: $env_file" + echo "🔄 Provo a ricrearlo con recreate_env_file.sh..." + + if [[ ! -f "$recreate_script" ]]; then + echo "⬇️ Download recreate_env_file.sh da: $recreate_url" + if command -v wget >/dev/null 2>&1; then + wget -q -O "$recreate_script" "$recreate_url" || { + echo "❌ Download fallito: $recreate_url" + exit 1 + } + elif command -v curl >/dev/null 2>&1; then + curl -fsSL "$recreate_url" -o "$recreate_script" || { + echo "❌ Download fallito: $recreate_url" + exit 1 + } + else + echo "❌ Né wget né curl disponibili per scaricare recreate_env_file.sh" + exit 1 + fi + else + echo "ℹ️ Script già presente: $recreate_script" + fi + + echo "🔧 Rendo eseguibile: $recreate_script" + chmod +x "$recreate_script" 2>/dev/null || true + + echo "▶️ Eseguo recreate_env_file.sh (sovrascriverà l'output se esiste)" + if ! DEPLOY_BRANCH="$DEPLOY_BRANCH" "$recreate_script"; then + echo "❌ Ricostruzione env fallita." + exit 1 + fi + + if [[ ! -f "$restored_file" ]]; then + echo "❌ File ricostruito non trovato: $restored_file" + exit 1 + fi + + echo "📝 Sovrascrivo env file: $env_file" + mv "$restored_file" "$env_file" + echo "✅ Env file ricreato: $env_file" +} + to_rel_path() { local abs="$1" if [[ "$abs" == "$DEPLOY_DIR/"* ]]; then @@ -172,6 +226,9 @@ update_env_log_file() { local new_value local change_count local key + local existing_key + local found + local -a found_keys=() tmp_file="$(mktemp)" report_file="$(mktemp)" @@ -187,6 +244,17 @@ update_env_log_file() { for key in "${OVERRIDE_KEYS[@]:-}"; do if [[ "$new_value" =~ ^[[:space:]]*$key= ]]; then + found=0 + for existing_key in "${found_keys[@]:-}"; do + if [[ "$existing_key" == "$key" ]]; then + found=1 + break + fi + done + if [[ "$found" -eq 0 ]]; then + found_keys+=("$key") + fi + new_value="$key=$(get_override_value "$key")" break fi @@ -199,6 +267,22 @@ update_env_log_file() { printf '%s\n' "$new_value" >> "$tmp_file" done < "$file" + for key in "${OVERRIDE_KEYS[@]:-}"; do + found=0 + for existing_key in "${found_keys[@]:-}"; do + if [[ "$existing_key" == "$key" ]]; then + found=1 + break + fi + done + + if [[ "$found" -eq 0 ]]; then + new_value="$key=$(get_override_value "$key")" + printf '%s\n' "$new_value" >> "$tmp_file" + printf 'ADD\t\t%s\n' "$new_value" >> "$report_file" + fi + done + if cmp -s "$file" "$tmp_file"; then rm -f "$tmp_file" "$report_file" return 0 @@ -213,7 +297,11 @@ update_env_log_file() { echo "✅ $rel" while IFS=$'\t' read -r line_no old_value new_value; do [[ -z "$line_no" ]] && continue - echo " - line $line_no: $old_value -> $new_value" + if [[ "$line_no" == "ADD" ]]; then + echo " - added: $new_value" + else + echo " - line $line_no: $old_value -> $new_value" + fi done < "$report_file" change_count="$(wc -l < "$report_file" | tr -d ' ')" @@ -230,6 +318,7 @@ fi parse_overrides "$@" detect_deploy_dir +ensure_primary_env_log_exists echo "" echo "▶️ Aggiornamento env nei log in corso" From e3e75bf640817a3361c385b4942d4b89e1624fa7 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Wed, 22 Apr 2026 15:21:05 +0200 Subject: [PATCH 10/27] impedita modifica di alcuni parametri --- installer_docker/edit_env_file.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/installer_docker/edit_env_file.sh b/installer_docker/edit_env_file.sh index 66c392c..c3d0302 100755 --- a/installer_docker/edit_env_file.sh +++ b/installer_docker/edit_env_file.sh @@ -163,6 +163,18 @@ get_override_value() { return 1 } +is_insert_only_key() { + local key="$1" + case "$key" in + DB_USERNAME|DB_PASSWORD|RABBITMQ_DEFAULT_USER|RABBITMQ_DEFAULT_PASS|SERVER_SECRET) + return 0 + ;; + *) + return 1 + ;; + esac +} + add_target_file() { local file="$1" local existing @@ -255,6 +267,10 @@ update_env_log_file() { found_keys+=("$key") fi + if is_insert_only_key "$key"; then + break + fi + new_value="$key=$(get_override_value "$key")" break fi From 786b63d5ef1915f682514b287c7259064abedfae Mon Sep 17 00:00:00 2001 From: MDalprato Date: Thu, 23 Apr 2026 14:23:45 +0200 Subject: [PATCH 11/27] spostati md file nella cartella per ordine --- installer_docker/{ => README}/CONTAINER_VERSION_CHECK.md | 0 installer_docker/{ => README}/DELETE_SERVICE.md | 0 installer_docker/{ => README}/HEALTHCHECK.md | 0 installer_docker/{ => README}/INSTALL_UBUNTU_GNOME.md | 0 installer_docker/{ => README}/RECREATE_ENV_FILE.md | 0 installer_docker/{ => README}/SET_DOCKER_TAG.md | 0 installer_docker/{ => README}/UPDATE_PROCEDURE.md | 0 installer_docker/{ => README}/USS_RESTORE_HOW_TO.md | 0 8 files changed, 0 insertions(+), 0 deletions(-) rename installer_docker/{ => README}/CONTAINER_VERSION_CHECK.md (100%) rename installer_docker/{ => README}/DELETE_SERVICE.md (100%) rename installer_docker/{ => README}/HEALTHCHECK.md (100%) rename installer_docker/{ => README}/INSTALL_UBUNTU_GNOME.md (100%) rename installer_docker/{ => README}/RECREATE_ENV_FILE.md (100%) rename installer_docker/{ => README}/SET_DOCKER_TAG.md (100%) rename installer_docker/{ => README}/UPDATE_PROCEDURE.md (100%) rename installer_docker/{ => README}/USS_RESTORE_HOW_TO.md (100%) diff --git a/installer_docker/CONTAINER_VERSION_CHECK.md b/installer_docker/README/CONTAINER_VERSION_CHECK.md similarity index 100% rename from installer_docker/CONTAINER_VERSION_CHECK.md rename to installer_docker/README/CONTAINER_VERSION_CHECK.md diff --git a/installer_docker/DELETE_SERVICE.md b/installer_docker/README/DELETE_SERVICE.md similarity index 100% rename from installer_docker/DELETE_SERVICE.md rename to installer_docker/README/DELETE_SERVICE.md diff --git a/installer_docker/HEALTHCHECK.md b/installer_docker/README/HEALTHCHECK.md similarity index 100% rename from installer_docker/HEALTHCHECK.md rename to installer_docker/README/HEALTHCHECK.md diff --git a/installer_docker/INSTALL_UBUNTU_GNOME.md b/installer_docker/README/INSTALL_UBUNTU_GNOME.md similarity index 100% rename from installer_docker/INSTALL_UBUNTU_GNOME.md rename to installer_docker/README/INSTALL_UBUNTU_GNOME.md diff --git a/installer_docker/RECREATE_ENV_FILE.md b/installer_docker/README/RECREATE_ENV_FILE.md similarity index 100% rename from installer_docker/RECREATE_ENV_FILE.md rename to installer_docker/README/RECREATE_ENV_FILE.md diff --git a/installer_docker/SET_DOCKER_TAG.md b/installer_docker/README/SET_DOCKER_TAG.md similarity index 100% rename from installer_docker/SET_DOCKER_TAG.md rename to installer_docker/README/SET_DOCKER_TAG.md diff --git a/installer_docker/UPDATE_PROCEDURE.md b/installer_docker/README/UPDATE_PROCEDURE.md similarity index 100% rename from installer_docker/UPDATE_PROCEDURE.md rename to installer_docker/README/UPDATE_PROCEDURE.md diff --git a/installer_docker/USS_RESTORE_HOW_TO.md b/installer_docker/README/USS_RESTORE_HOW_TO.md similarity index 100% rename from installer_docker/USS_RESTORE_HOW_TO.md rename to installer_docker/README/USS_RESTORE_HOW_TO.md From b3755528b187521db1159fb71d8addcad1b111c0 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Thu, 23 Apr 2026 14:58:40 +0200 Subject: [PATCH 12/27] agigonrato recreate env per windows --- installer_docker/recreate_env_file.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/installer_docker/recreate_env_file.ps1 b/installer_docker/recreate_env_file.ps1 index d0ab14e..b6848cb 100644 --- a/installer_docker/recreate_env_file.ps1 +++ b/installer_docker/recreate_env_file.ps1 @@ -50,10 +50,14 @@ function Write-EnvFile { "STORAGE_DISK_SPACE", "SNAPSHOT_PATH", "SNAPSHOT_DISK_SPACE", + "DB_USERNAME", + "DB_PASSWORD", "DB_PORT", "DB_NAME", "PROCESS_NAME", "DATABASE_URI", + "RABBITMQ_DEFAULT_USER", + "RABBITMQ_DEFAULT_PASS", "RMQ", "GRI", "INSTALL_OPTION" From 99fa29d0ad854ce2f333a61651e66ee9236b1e12 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Thu, 23 Apr 2026 16:01:05 +0200 Subject: [PATCH 13/27] rimossa gestione SERVER_SECRET --- README.md | 1 - installer_docker/README/RECREATE_ENV_FILE.md | 1 - installer_docker/README/UPDATE_PROCEDURE.md | 4 ---- installer_docker/README/USS_RESTORE_HOW_TO.md | 1 - .../composes/server/docker-compose.yaml | 1 - installer_docker/edit_env_file.sh | 2 +- installer_docker/installer.sh | 13 +------------ installer_docker/synology/full/compose.yml | 1 - 8 files changed, 2 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 34bf38d..b79868b 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,6 @@ This repository contains the deployment tooling for the Arteco Hypernode video m - `--mode` to select the installation profile for the node you are deploying. - `--serial-number`, `--internal-name`, and `--timezone` to register the device metadata. - `--email` and `--password` to seed the administrator credentials. - - `--server-secret` to set the shared secret used by gateway endpoints (ALTCHA and reset protection). If omitted, a default value is applied by the installer. - `--deploy-branch` to choose which Git branch to load the remote compose bundles from (defaults to `main`). - Provider URLs (`--certificate-provider-url`, `--dns-provider-url`, `--license-provider-url`, `--update-provider-url`) when the deployment relies on external Arteco services. - Run the script with `--help` to view the full list of options and examples. diff --git a/installer_docker/README/RECREATE_ENV_FILE.md b/installer_docker/README/RECREATE_ENV_FILE.md index 3908584..43e3df6 100644 --- a/installer_docker/README/RECREATE_ENV_FILE.md +++ b/installer_docker/README/RECREATE_ENV_FILE.md @@ -62,7 +62,6 @@ Parametri: - `SSL_PORT` viene letto dal mapping di `portbroker:443`. - `DOCKER_TAG` viene letto dall'immagine `messagebroker` (fallback `gateway`). - `DB_PORT` viene dedotto da `DATABASE_URI` del gateway/coretrust. -- `SERVER_SECRET` (se presente) viene ricavata dall'env del container `gateway`. - La variabile `MACHINE` viene aggiunta successivamente da `native_update.sh` o `uss_restore.sh` (che creano/leggono `machine.json`). - Lo script non modifica i container: è in sola lettura. diff --git a/installer_docker/README/UPDATE_PROCEDURE.md b/installer_docker/README/UPDATE_PROCEDURE.md index 4b91e63..c406ae4 100644 --- a/installer_docker/README/UPDATE_PROCEDURE.md +++ b/installer_docker/README/UPDATE_PROCEDURE.md @@ -135,10 +135,6 @@ Generali: - `RMQ` - `GRI` -Per la suite `server` è inoltre raccomandato mantenere valorizzata: - -- `SERVER_SECRET` (usata dal gateway per protezione ALTCHA e endpoint reset) - Volumi obbligatori (se il servizio li usa): - `RECORDING_PATH` per `recording` diff --git a/installer_docker/README/USS_RESTORE_HOW_TO.md b/installer_docker/README/USS_RESTORE_HOW_TO.md index 0011ae0..7a6e692 100644 --- a/installer_docker/README/USS_RESTORE_HOW_TO.md +++ b/installer_docker/README/USS_RESTORE_HOW_TO.md @@ -83,7 +83,6 @@ Quando il file manca, lo script chiede questi valori: - `DB_PORT` (default `27017`) - `DB_NAME` (default `uss_database`) - `RMQ` (default `amqp://****:****@messagebroker:5672`) -- `SERVER_SECRET` (default `HYPERNODE_SERVER_SECRET`, usata da gateway per ALTCHA/reset) I valori vengono salvati con escaping sicuro per evitare problemi con caratteri speciali (es. `!`). diff --git a/installer_docker/composes/server/docker-compose.yaml b/installer_docker/composes/server/docker-compose.yaml index d128cd9..520a884 100644 --- a/installer_docker/composes/server/docker-compose.yaml +++ b/installer_docker/composes/server/docker-compose.yaml @@ -34,7 +34,6 @@ services: - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/gateway-db?authSource=admin - SERVER_TIMEZONE=${SERVER_TIMEZONE:-Europe/Rome} - SERVER_NAME=${SERVER_NAME:-Hypernode Server} - - SERVER_SECRET=${SERVER_SECRET:-HYPERNODE_SERVER_SECRET} - MACHINE=${MACHINE} - BACKUPS_PATH=/data/gateway/backups - LICENSE_PROVIDER_URL=${LICENSE_PROVIDER_URL} diff --git a/installer_docker/edit_env_file.sh b/installer_docker/edit_env_file.sh index c3d0302..b3dce12 100755 --- a/installer_docker/edit_env_file.sh +++ b/installer_docker/edit_env_file.sh @@ -166,7 +166,7 @@ get_override_value() { is_insert_only_key() { local key="$1" case "$key" in - DB_USERNAME|DB_PASSWORD|RABBITMQ_DEFAULT_USER|RABBITMQ_DEFAULT_PASS|SERVER_SECRET) + DB_USERNAME|DB_PASSWORD|RABBITMQ_DEFAULT_USER|RABBITMQ_DEFAULT_PASS) return 0 ;; *) diff --git a/installer_docker/installer.sh b/installer_docker/installer.sh index 14664a2..aab218b 100755 --- a/installer_docker/installer.sh +++ b/installer_docker/installer.sh @@ -31,7 +31,6 @@ DB_USERNAME="${DB_USERNAME:-hypernode}" DB_PASSWORD="${DB_PASSWORD:-hypernode}" RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-hypernode}" RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-hypernode}" -SERVER_SECRET="${SERVER_SECRET:-HYPERNODE_SERVER_SECRET}" PROCESS_NAME="--" remote_host="--" @@ -171,7 +170,6 @@ ENV_VARS=( DATABASE_URI RABBITMQ_DEFAULT_USER RABBITMQ_DEFAULT_PASS - SERVER_SECRET RMQ GRI INSTALL_OPTION @@ -462,12 +460,7 @@ while [[ "$#" -gt 0 ]]; do export RABBITMQ_DEFAULT_PASS shift 2 ;; - -ssec|--server-secret) - SERVER_SECRET="$2" - export SERVER_SECRET - shift 2 - ;; - + -h|--help) echo "Usage: installer.sh [options]" echo "" @@ -501,7 +494,6 @@ while [[ "$#" -gt 0 ]]; do echo " -storage-max-disk, --storage-max-disk Set max disk space for storage in Kbytes (default: 10000000)" echo " -snapshot-path, --snapshot-path Set the path to save snapshots (default: /snapshot_files)" echo " -snapshot-max-disk, --snapshot-max-disk Set max disk space for snapshots in Kbytes (default: 10000000)" - echo " -ssec, --server-secret Set shared server secret for gateway reset/altcha" echo "" echo "Example:" echo " ./installer.sh --tag latest --force-install --port 443 --mode 1 --host example.com:443 --process-name cam1 --serial-number SN001 --timezone Europe/Rome --internal-name SRV1 --email test@example.com --password 1234 --server-ip 192.168.1.10 --certificate-provider-url https://cert.example.com --dns-provider-url https://dns.example.com --license-provider-url https://lic.example.com --update-provider-url https://upd.example.com --deploy-branch main --recording-path /recording_files --recording-max-disk 10000000 --storage-path /storage_files --storage-max-disk 10000000 --snapshot-path /snapshot_files --snapshot-max-disk 10000000" @@ -784,9 +776,6 @@ get_config() { export RABBITMQ_DEFAULT_USER export RABBITMQ_DEFAULT_PASS - SERVER_SECRET="${SERVER_SECRET:-HYPERNODE_SERVER_SECRET}" - export SERVER_SECRET - if [ "$HYPERNODE_ALREADY_INSTALLED" != "true" ]; then show_menu "install" diff --git a/installer_docker/synology/full/compose.yml b/installer_docker/synology/full/compose.yml index 4c19352..22f60ce 100644 --- a/installer_docker/synology/full/compose.yml +++ b/installer_docker/synology/full/compose.yml @@ -44,7 +44,6 @@ services: - DATABASE_URI=mongodb://database:27017/gateway-db - SERVER_TIMEZONE=Europe/Rome - SERVER_NAME=synology - - SERVER_SECRET=${SERVER_SECRET:-HYPERNODE_SERVER_SECRET} - BACKUPS_PATH=/data/gateway/backups - LICENSE_PROVIDER_URL=https://www.arteco-global.com/en/wp-json/sso-provider/login volumes: From 94213409fb60ba1c220b72307b831aac7775d619 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 10:51:30 +0200 Subject: [PATCH 14/27] girato secret al server per capcha usando il machine --- installer_docker/composes/server/docker-compose.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/installer_docker/composes/server/docker-compose.yaml b/installer_docker/composes/server/docker-compose.yaml index 520a884..da6e268 100644 --- a/installer_docker/composes/server/docker-compose.yaml +++ b/installer_docker/composes/server/docker-compose.yaml @@ -34,9 +34,10 @@ services: - DATABASE_URI=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/gateway-db?authSource=admin - SERVER_TIMEZONE=${SERVER_TIMEZONE:-Europe/Rome} - SERVER_NAME=${SERVER_NAME:-Hypernode Server} - - MACHINE=${MACHINE} + - MACHINE=${MACHINE} # used to indentify a specific installation - BACKUPS_PATH=/data/gateway/backups - LICENSE_PROVIDER_URL=${LICENSE_PROVIDER_URL} + - HYPERNODE_SERVER_SECRET=${MACHINE} # used for the capcha generation container_name: gateway restart: unless-stopped depends_on: From 5271cc08e1ed3f0ce890b82311704c6eaeba4612 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 11:00:27 +0200 Subject: [PATCH 15/27] fix compose per export (path db senza auth !) --- installer_docker/composes/server/docker-compose.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/installer_docker/composes/server/docker-compose.yaml b/installer_docker/composes/server/docker-compose.yaml index da6e268..60a780b 100644 --- a/installer_docker/composes/server/docker-compose.yaml +++ b/installer_docker/composes/server/docker-compose.yaml @@ -272,8 +272,9 @@ services: - "5500:5500" environment: - PORT=5500 - - LOCAL_DB_CONNECTION=mongodb://host.docker.internal:${DB_PORT:-27017}/exports - REACT_APP_EXPORTS_TIMEZONE=${SERVER_TIMEZONE:-Europe/Rome} + - LOCAL_DB_CONNECTION=mongodb://${DB_USERNAME:-hypernode}:${DB_PASSWORD:-hypernode}@host.docker.internal:${DB_PORT:-27017}/exports?authSource=admin + volumes: - arteco_exports:/home/node/arteco-export-service/exports extra_hosts: From aca4dd368f0b9b79530635a7c1f88034da8b2538 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 14:06:50 +0200 Subject: [PATCH 16/27] test script per update --- .../update_for_userAndPasswordProtection.sh | 311 ++++++++++++++++++ 1 file changed, 311 insertions(+) create mode 100755 installer_docker/updates/update_for_userAndPasswordProtection.sh diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh new file mode 100755 index 0000000..67e975d --- /dev/null +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -0,0 +1,311 @@ +#!/usr/bin/env bash + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +INSTALLER_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" +DEPLOY_DIR="$(cd "${INSTALLER_DIR}/.." && pwd)" + +DEPLOY_BRANCH="${DEPLOY_BRANCH:-main}" +ABSOLUTE_PATH_BASE="https://raw.githubusercontent.com/Arteco-Global/hypernode_deploy/refs/heads" +NATIVE_UPDATE_URL="${ABSOLUTE_PATH_BASE}/${DEPLOY_BRANCH}/installer_docker/native_update.sh" + +ENV_FILE_DEFAULT="${PWD}/.hypernode-install-env.log" +if [[ ! -f "$ENV_FILE_DEFAULT" && -f "${DEPLOY_DIR}/.hypernode-install-env.log" ]]; then + ENV_FILE_DEFAULT="${DEPLOY_DIR}/.hypernode-install-env.log" +fi +ENV_FILE="${ENV_FILE:-$ENV_FILE_DEFAULT}" + +NEW_USER="hypernode" +OLD_DB_USER="hypernode" +OLD_DB_PASS="hypernode" +NATIVE_UPDATE_PATH="${PWD}/native_update.sh" + +log() { + printf '%s\n' "$*" +} + +warn() { + printf '⚠️ %s\n' "$*" +} + +die() { + printf '❌ %s\n' "$*" >&2 + exit 1 +} + +generate_password() { + if command -v openssl >/dev/null 2>&1; then + openssl rand -base64 48 | tr -dc 'A-Za-z0-9' | head -c 12 + return + fi + + tr -dc 'A-Za-z0-9' > "$tmp" + found=1 + fi + continue + fi + printf '%s\n' "$line" >> "$tmp" + done < "$ENV_FILE" + else + : + fi + + if [[ "$found" -eq 0 ]]; then + printf "%s='%s'\n" "$key" "$value" >> "$tmp" + fi + + mv "$tmp" "$ENV_FILE" +} + +update_uri_credentials() { + local key="$1" + local scheme_regex="$2" + local default_value="$3" + local current cleaned new_value + + current="$(get_env_raw_value "$key")" + cleaned="$(strip_quotes "$current")" + + if [[ -z "$cleaned" ]]; then + new_value="$default_value" + elif [[ "$cleaned" =~ ^(${scheme_regex})://[^@]+@(.+)$ ]]; then + new_value="${BASH_REMATCH[1]}://${NEW_USER}:${NEW_PASSWORD}@${BASH_REMATCH[2]}" + elif [[ "$cleaned" =~ ^(${scheme_regex})://(.+)$ ]]; then + new_value="${BASH_REMATCH[1]}://${NEW_USER}:${NEW_PASSWORD}@${BASH_REMATCH[2]}" + else + new_value="$default_value" + fi + + upsert_env_key "$key" "$new_value" +} + +ensure_env_updates() { + [[ -f "$ENV_FILE" ]] || touch "$ENV_FILE" + + upsert_env_key "RABBITMQ_DEFAULT_USER" "$NEW_USER" + upsert_env_key "RABBITMQ_DEFAULT_PASS" "$NEW_PASSWORD" + upsert_env_key "DB_USERNAME" "$NEW_USER" + upsert_env_key "DB_PASSWORD" "$NEW_PASSWORD" + + update_uri_credentials "RMQ" "amqp|amqps" "amqp://${NEW_USER}:${NEW_PASSWORD}@messagebroker:5672" + + local current_db_name="gateway-db" + local current_db_uri + current_db_uri="$(strip_quotes "$(get_env_raw_value "DATABASE_URI")")" + if [[ "$current_db_uri" =~ ^mongodb://[^@]+@[^/]+/([^?]+)(\?.*)?$ ]]; then + current_db_name="${BASH_REMATCH[1]}" + fi + + update_uri_credentials "DATABASE_URI" "mongodb" "mongodb://${NEW_USER}:${NEW_PASSWORD}@127.0.0.1:27017/${current_db_name}?authSource=admin" + update_uri_credentials "LOCAL_DB_CONNECTION" "mongodb" "mongodb://${NEW_USER}:${NEW_PASSWORD}@127.0.0.1:27017/exports?authSource=admin" +} + +find_mongo_containers() { + docker ps --format '{{.Names}} {{.Image}}' | awk ' + { + name=$1 + image=$2 + if (tolower(image) ~ /mongo/) { + print name + } + } + ' +} + +update_credentials_in_db_container() { + local container="$1" + local shell_bin="" + local db_cli="" + + if docker exec "$container" sh -lc 'command -v sh >/dev/null 2>&1'; then + shell_bin="sh" + elif docker exec "$container" bash -lc 'command -v bash >/dev/null 2>&1'; then + shell_bin="bash" + else + warn "Container $container senza shell supportata: skip" + return 1 + fi + + if ! db_cli="$(docker exec "$container" "$shell_bin" -lc 'if command -v mongosh >/dev/null 2>&1; then echo mongosh; elif command -v mongo >/dev/null 2>&1; then echo mongo; fi')"; then + warn "Impossibile rilevare client mongo in $container: skip" + return 1 + fi + + if [[ -z "$db_cli" ]]; then + warn "Nessun client mongo (mongosh/mongo) nel container $container: skip" + return 1 + fi + + docker exec \ + -e HN_NEW_USER="$NEW_USER" \ + -e HN_NEW_PASS="$NEW_PASSWORD" \ + -e HN_OLD_USER="$OLD_DB_USER" \ + -e HN_OLD_PASS="$OLD_DB_PASS" \ + "$container" "$shell_bin" -lc ' + set -e + js="var adminDb=db.getSiblingDB(\"admin\"); \ + var user=process.env.HN_NEW_USER; \ + var pass=process.env.HN_NEW_PASS; \ + var exists=adminDb.getUser(user); \ + if (exists) { adminDb.updateUser(user,{pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ + else { adminDb.createUser({user:user,pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ + var adminUser=adminDb.getUser(\"admin\"); \ + if (adminUser) { adminDb.updateUser(\"admin\",{pwd:pass}); } \ + print(\"ok\");" + + if command -v mongosh >/dev/null 2>&1; then + mongosh --quiet --host 127.0.0.1 --port 27017 \ + -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --eval "$js" + else + mongo --quiet --host 127.0.0.1 --port 27017 \ + -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --eval "$js" + fi + ' +} + +update_all_databases() { + local containers=() + local c + + if ! mapfile -t containers < <(find_mongo_containers); then + warn "Errore durante la ricerca dei container MongoDB" + return 1 + fi + + if [[ "${#containers[@]}" -eq 0 ]]; then + warn "Nessun container MongoDB rilevato in esecuzione" + return 0 + fi + + log "▶️ Aggiornamento credenziali DB su ${#containers[@]} container MongoDB" + for c in "${containers[@]}"; do + log " - $c" + if ! update_credentials_in_db_container "$c"; then + warn "Aggiornamento credenziali fallito su $c" + fi + done +} + +remove_messagebroker_and_volumes() { + local ids=() + local id + local volumes=() + local v + + if ! mapfile -t ids < <(docker ps -aq --filter name='(^|[-_])messagebroker($|[-_])'); then + warn "Impossibile enumerare container messagebroker" + return 1 + fi + + if [[ "${#ids[@]}" -eq 0 ]]; then + log "ℹ️ Nessun container messagebroker trovato" + return 0 + fi + + for id in "${ids[@]}"; do + mapfile -t volumes < <(docker inspect "$id" --format '{{range .Mounts}}{{if eq .Type "volume"}}{{.Name}}{{"\n"}}{{end}}{{end}}' | awk 'NF') + log "▶️ Rimozione container messagebroker: $id" + docker rm -f "$id" >/dev/null + + for v in "${volumes[@]}"; do + if [[ -n "$v" ]]; then + log " 🧹 Rimozione volume: $v" + docker volume rm "$v" >/dev/null 2>&1 || warn "Volume $v non rimosso (forse già assente/in uso)" + fi + done + done +} + +download_native_update() { + log "⬇️ Download native_update.sh da: $NATIVE_UPDATE_URL" + + if command -v wget >/dev/null 2>&1; then + wget -q -O "$NATIVE_UPDATE_PATH" "$NATIVE_UPDATE_URL" || die "Download fallito: $NATIVE_UPDATE_URL" + elif command -v curl >/dev/null 2>&1; then + curl -fsSL "$NATIVE_UPDATE_URL" -o "$NATIVE_UPDATE_PATH" || die "Download fallito: $NATIVE_UPDATE_URL" + else + die "Né wget né curl disponibili" + fi + + chmod +x "$NATIVE_UPDATE_PATH" +} + +prompt_and_run_update() { + local answer="" + + printf '\n✅ Preparazione completata.\n' + printf ' Nuova password generata: %s\n' "$NEW_PASSWORD" + printf '\nProcedere ora con native_update.sh? [y/N]: ' + read -r answer + + case "$answer" in + y|Y|yes|YES) + log "▶️ Avvio $NATIVE_UPDATE_PATH" + "$NATIVE_UPDATE_PATH" --env-file "$ENV_FILE" --deploy-branch "$DEPLOY_BRANCH" + ;; + *) + log "ℹ️ Update non avviato. Puoi eseguirlo manualmente con: $NATIVE_UPDATE_PATH --env-file $ENV_FILE --deploy-branch $DEPLOY_BRANCH" + ;; + esac +} + +main() { + [[ -f "$ENV_FILE" ]] || warn "Env file non trovato: $ENV_FILE (verrà creato)" + + if ! command -v docker >/dev/null 2>&1; then + die "Docker non disponibile" + fi + + NEW_PASSWORD="${NEW_PASSWORD:-$(generate_password)}" + [[ -n "$NEW_PASSWORD" ]] || die "Impossibile generare password dinamica" + + log "▶️ Password dinamica generata" + update_all_databases + remove_messagebroker_and_volumes + ensure_env_updates + download_native_update + prompt_and_run_update +} + +main "$@" From d2fb6a5f845a219f428d8f98c207919aff8fc79f Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 14:29:53 +0200 Subject: [PATCH 17/27] update script --- .../update_for_userAndPasswordProtection.sh | 33 +++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index 67e975d..01bdf5f 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -6,9 +6,9 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" INSTALLER_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" DEPLOY_DIR="$(cd "${INSTALLER_DIR}/.." && pwd)" -DEPLOY_BRANCH="${DEPLOY_BRANCH:-main}" +DEPLOY_BRANCH="${DEPLOY_BRANCH:-feature/userAndPasswordProtection}" ABSOLUTE_PATH_BASE="https://raw.githubusercontent.com/Arteco-Global/hypernode_deploy/refs/heads" -NATIVE_UPDATE_URL="${ABSOLUTE_PATH_BASE}/${DEPLOY_BRANCH}/installer_docker/native_update.sh" +NATIVE_UPDATE_URL="" ENV_FILE_DEFAULT="${PWD}/.hypernode-install-env.log" if [[ ! -f "$ENV_FILE_DEFAULT" && -f "${DEPLOY_DIR}/.hypernode-install-env.log" ]]; then @@ -34,6 +34,17 @@ die() { exit 1 } +usage() { + cat < Branch da usare per scaricare/avviare native_update.sh + (default: feature/userAndPasswordProtection) + -h, --help Mostra questo help +EOF +} + generate_password() { if command -v openssl >/dev/null 2>&1; then openssl rand -base64 48 | tr -dc 'A-Za-z0-9' | head -c 12 @@ -291,6 +302,24 @@ prompt_and_run_update() { } main() { + while [[ $# -gt 0 ]]; do + case "$1" in + --deploy-branch) + DEPLOY_BRANCH="$2" + shift 2 + ;; + -h|--help) + usage + exit 0 + ;; + *) + die "Parametro non riconosciuto: $1" + ;; + esac + done + + NATIVE_UPDATE_URL="${ABSOLUTE_PATH_BASE}/${DEPLOY_BRANCH}/installer_docker/native_update.sh" + [[ -f "$ENV_FILE" ]] || warn "Env file non trovato: $ENV_FILE (verrà creato)" if ! command -v docker >/dev/null 2>&1; then From 64c469deecbf2c1f8e94a0c2cf72ba08ab1e3092 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 14:44:10 +0200 Subject: [PATCH 18/27] fix script update --- installer_docker/updates/update_for_userAndPasswordProtection.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index 01bdf5f..90a8ded 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -134,6 +134,7 @@ update_uri_credentials() { ensure_env_updates() { [[ -f "$ENV_FILE" ]] || touch "$ENV_FILE" + upsert_env_key "DOCKER_TAG" "userAndPasswordProtection" upsert_env_key "RABBITMQ_DEFAULT_USER" "$NEW_USER" upsert_env_key "RABBITMQ_DEFAULT_PASS" "$NEW_PASSWORD" upsert_env_key "DB_USERNAME" "$NEW_USER" From f6d8c08e9cd14e7d598e9cea0d39d810217c4673 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 15:16:31 +0200 Subject: [PATCH 19/27] fixies script update --- .../update_for_userAndPasswordProtection.sh | 65 ++++++++++++++++--- 1 file changed, 55 insertions(+), 10 deletions(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index 90a8ded..9179efd 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -25,6 +25,10 @@ log() { printf '%s\n' "$*" } +log_db() { + printf '[DB] %s\n' "$*" +} + warn() { printf '⚠️ %s\n' "$*" } @@ -169,6 +173,13 @@ update_credentials_in_db_container() { local container="$1" local shell_bin="" local db_cli="" + local output="" + local inspect_image="" + local inspect_status="" + + inspect_image="$(docker inspect -f '{{.Config.Image}}' "$container" 2>/dev/null || true)" + inspect_status="$(docker inspect -f '{{.State.Status}}' "$container" 2>/dev/null || true)" + log_db "Container: $container | image: ${inspect_image:-unknown} | status: ${inspect_status:-unknown}" if docker exec "$container" sh -lc 'command -v sh >/dev/null 2>&1'; then shell_bin="sh" @@ -178,6 +189,7 @@ update_credentials_in_db_container() { warn "Container $container senza shell supportata: skip" return 1 fi + log_db "Shell rilevata in $container: $shell_bin" if ! db_cli="$(docker exec "$container" "$shell_bin" -lc 'if command -v mongosh >/dev/null 2>&1; then echo mongosh; elif command -v mongo >/dev/null 2>&1; then echo mongo; fi')"; then warn "Impossibile rilevare client mongo in $container: skip" @@ -189,12 +201,16 @@ update_credentials_in_db_container() { return 1 fi - docker exec \ - -e HN_NEW_USER="$NEW_USER" \ - -e HN_NEW_PASS="$NEW_PASSWORD" \ - -e HN_OLD_USER="$OLD_DB_USER" \ - -e HN_OLD_PASS="$OLD_DB_PASS" \ - "$container" "$shell_bin" -lc ' + log_db "Client DB rilevato in $container: $db_cli" + log_db "Tentativo update utenti su DB admin con credenziali correnti ${OLD_DB_USER}/********" + + if output="$( + docker exec \ + -e HN_NEW_USER="$NEW_USER" \ + -e HN_NEW_PASS="$NEW_PASSWORD" \ + -e HN_OLD_USER="$OLD_DB_USER" \ + -e HN_OLD_PASS="$OLD_DB_PASS" \ + "$container" "$shell_bin" -lc ' set -e js="var adminDb=db.getSiblingDB(\"admin\"); \ var user=process.env.HN_NEW_USER; \ @@ -214,11 +230,32 @@ update_credentials_in_db_container() { -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --eval "$js" fi ' + 2>&1 + )"; then + log_db "Update credenziali completato su $container" + if [[ -n "$output" ]]; then + while IFS= read -r line; do + [[ -n "$line" ]] && log_db "Output $container: $line" + done <<< "$output" + fi + return 0 + fi + + warn "Update credenziali fallito su $container" + if [[ -n "$output" ]]; then + while IFS= read -r line; do + [[ -n "$line" ]] && warn "[DB:$container] $line" + done <<< "$output" + fi + return 1 } update_all_databases() { local containers=() local c + local total=0 + local ok_count=0 + local fail_count=0 if ! mapfile -t containers < <(find_mongo_containers); then warn "Errore durante la ricerca dei container MongoDB" @@ -230,13 +267,21 @@ update_all_databases() { return 0 fi - log "▶️ Aggiornamento credenziali DB su ${#containers[@]} container MongoDB" + total="${#containers[@]}" + log "▶️ Aggiornamento credenziali DB su ${total} container MongoDB" for c in "${containers[@]}"; do - log " - $c" - if ! update_credentials_in_db_container "$c"; then - warn "Aggiornamento credenziali fallito su $c" + log_db "-----" + if update_credentials_in_db_container "$c"; then + ok_count=$((ok_count + 1)) + else + fail_count=$((fail_count + 1)) fi done + + log_db "Riepilogo update DB: total=${total}, ok=${ok_count}, fail=${fail_count}" + if [[ "$fail_count" -gt 0 ]]; then + warn "Alcuni database non sono stati aggiornati correttamente (${fail_count}/${total})" + fi } remove_messagebroker_and_volumes() { From a4868b3956ab85be3b930d4061830ffa73477702 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 15:50:38 +0200 Subject: [PATCH 20/27] fix ricerca DB --- .../update_for_userAndPasswordProtection.sh | 36 ++++++++++++++----- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index 9179efd..f0acf24 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +if [ -z "${BASH_VERSION:-}" ]; then + exec bash "$0" "$@" +fi + set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -158,15 +162,31 @@ ensure_env_updates() { } find_mongo_containers() { - docker ps --format '{{.Names}} {{.Image}}' | awk ' - { - name=$1 - image=$2 - if (tolower(image) ~ /mongo/) { - print name + local containers=() + + if mapfile -t containers < <( + docker ps --format '{{.Names}}|{{.Image}}|{{.Ports}}' | awk -F'|' ' + { + name=tolower($1) + image=tolower($2) + ports=tolower($3) + if (image ~ /mongo/ || + image ~ /database/ || + image ~ /usee_database/ || + name ~ /mongo/ || + name ~ /database/ || + name ~ /uss_database/ || + ports ~ /27017/) { + print $1 + } } - } - ' + ' | awk 'NF' | sort -u + ); then + printf '%s\n' "${containers[@]}" + return 0 + fi + + return 1 } update_credentials_in_db_container() { From b14d38ccd30309fa76f47f661a31849169b34f1d Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 15:54:39 +0200 Subject: [PATCH 21/27] rimossa auth per edit db --- .../update_for_userAndPasswordProtection.sh | 83 ++++++++++++++++--- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index f0acf24..da1dc74 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -21,8 +21,8 @@ fi ENV_FILE="${ENV_FILE:-$ENV_FILE_DEFAULT}" NEW_USER="hypernode" -OLD_DB_USER="hypernode" -OLD_DB_PASS="hypernode" +OLD_DB_USER="${OLD_DB_USER:-}" +OLD_DB_PASS="${OLD_DB_PASS:-}" NATIVE_UPDATE_PATH="${PWD}/native_update.sh" log() { @@ -194,6 +194,7 @@ update_credentials_in_db_container() { local shell_bin="" local db_cli="" local output="" + local retry_output="" local inspect_image="" local inspect_status="" @@ -222,7 +223,7 @@ update_credentials_in_db_container() { fi log_db "Client DB rilevato in $container: $db_cli" - log_db "Tentativo update utenti su DB admin con credenziali correnti ${OLD_DB_USER}/********" + log_db "Tentativo update utenti su DB admin senza autenticazione" if output="$( docker exec \ @@ -243,30 +244,88 @@ update_credentials_in_db_container() { print(\"ok\");" if command -v mongosh >/dev/null 2>&1; then - mongosh --quiet --host 127.0.0.1 --port 27017 \ - -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --eval "$js" + mongosh --quiet --host 127.0.0.1 --port 27017 --eval "$js" else - mongo --quiet --host 127.0.0.1 --port 27017 \ - -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --eval "$js" + mongo --quiet --host 127.0.0.1 --port 27017 --eval "$js" fi ' 2>&1 )"; then - log_db "Update credenziali completato su $container" - if [[ -n "$output" ]]; then + if grep -Eqi 'Authentication failed|MongoServerError|Error:' <<< "$output"; then + warn "Il comando DB su $container ha riportato errori nonostante exit code 0" + while IFS= read -r line; do + [[ -n "$line" ]] && warn "[DB:$container] $line" + done <<< "$output" + elif grep -Eiq '(^|[[:space:]])ok($|[[:space:]])' <<< "$output"; then + log_db "Update credenziali completato su $container" while IFS= read -r line; do [[ -n "$line" ]] && log_db "Output $container: $line" done <<< "$output" + return 0 + else + warn "Output inatteso dal comando DB su $container" + while IFS= read -r line; do + [[ -n "$line" ]] && warn "[DB:$container] $line" + done <<< "$output" fi - return 0 fi - warn "Update credenziali fallito su $container" + if [[ -n "$OLD_DB_USER" && -n "$OLD_DB_PASS" ]]; then + log_db "Retry su $container con autenticazione ${OLD_DB_USER}/********" + if retry_output="$( + docker exec \ + -e HN_NEW_USER="$NEW_USER" \ + -e HN_NEW_PASS="$NEW_PASSWORD" \ + -e HN_OLD_USER="$OLD_DB_USER" \ + -e HN_OLD_PASS="$OLD_DB_PASS" \ + "$container" "$shell_bin" -lc ' + set -e + js="var adminDb=db.getSiblingDB(\"admin\"); \ + var user=process.env.HN_NEW_USER; \ + var pass=process.env.HN_NEW_PASS; \ + var exists=adminDb.getUser(user); \ + if (exists) { adminDb.updateUser(user,{pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ + else { adminDb.createUser({user:user,pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ + var adminUser=adminDb.getUser(\"admin\"); \ + if (adminUser) { adminDb.updateUser(\"admin\",{pwd:pass}); } \ + print(\"ok\");" + + if command -v mongosh >/dev/null 2>&1; then + mongosh --quiet --host 127.0.0.1 --port 27017 \ + -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --eval "$js" + else + mongo --quiet --host 127.0.0.1 --port 27017 \ + -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --eval "$js" + fi + ' 2>&1 + )"; then + if grep -Eqi 'Authentication failed|MongoServerError|Error:' <<< "$retry_output"; then + warn "Retry autenticato su $container con output errore" + elif grep -Eiq '(^|[[:space:]])ok($|[[:space:]])' <<< "$retry_output"; then + log_db "Update credenziali completato su $container (retry autenticato)" + while IFS= read -r line; do + [[ -n "$line" ]] && log_db "Output $container: $line" + done <<< "$retry_output" + return 0 + fi + fi + + if [[ -n "$retry_output" ]]; then + while IFS= read -r line; do + [[ -n "$line" ]] && warn "[DB:$container] $line" + done <<< "$retry_output" + fi + else + log_db "Fallback autenticato disabilitato (OLD_DB_USER/OLD_DB_PASS non impostati)" + fi + if [[ -n "$output" ]]; then while IFS= read -r line; do - [[ -n "$line" ]] && warn "[DB:$container] $line" + [[ -n "$line" ]] && log_db "Output $container: $line" done <<< "$output" fi + + warn "Update credenziali fallito su $container" return 1 } From bf7ed060e6ce6e665b13516ee330a340f7eab302 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 15:57:27 +0200 Subject: [PATCH 22/27] fix update db interno --- .../update_for_userAndPasswordProtection.sh | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index da1dc74..40aacd9 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -241,6 +241,39 @@ update_credentials_in_db_container() { else { adminDb.createUser({user:user,pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ var adminUser=adminDb.getUser(\"admin\"); \ if (adminUser) { adminDb.updateUser(\"admin\",{pwd:pass}); } \ + var dbNames=adminDb.getMongo().getDBNames(); \ + for (var i=0;i/dev/null 2>&1; then @@ -288,6 +321,39 @@ update_credentials_in_db_container() { else { adminDb.createUser({user:user,pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ var adminUser=adminDb.getUser(\"admin\"); \ if (adminUser) { adminDb.updateUser(\"admin\",{pwd:pass}); } \ + var dbNames=adminDb.getMongo().getDBNames(); \ + for (var i=0;i/dev/null 2>&1; then From 5a9a2bee50e98005fc109b46ec9c96f422a713d0 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 15:58:57 +0200 Subject: [PATCH 23/27] fix bug update --- .../update_for_userAndPasswordProtection.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index 40aacd9..bc9ebf6 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -253,19 +253,19 @@ update_credentials_in_db_container() { continue; \ } \ var coll=targetDb.getCollection(\"microservicesInstanceConfiguration\"); \ - var cursor=coll.find({ broker: { \\$type: \"string\" } }, { broker: 1 }); \ + var cursor=coll.find({ broker: { \$type: \"string\" } }, { broker: 1 }); \ var updated=0; \ while (cursor.hasNext()) { \ var doc=cursor.next(); \ var broker=doc.broker; \ var newBroker=broker; \ if (/^(amqps?):\\/\\/[^@]+@(.+)$/.test(broker)) { \ - newBroker=broker.replace(/^(amqps?):\\/\\/[^@]+@(.+)$/, \"$1://\" + user + \":\" + pass + \"@$2\"); \ + newBroker=broker.replace(/^(amqps?):\\/\\/[^@]+@(.+)$/, \"\$1://\" + user + \":\" + pass + \"@\$2\"); \ } else if (/^(amqps?):\\/\\/(.+)$/.test(broker)) { \ - newBroker=broker.replace(/^(amqps?):\\/\\/(.+)$/, \"$1://\" + user + \":\" + pass + \"@$2\"); \ + newBroker=broker.replace(/^(amqps?):\\/\\/(.+)$/, \"\$1://\" + user + \":\" + pass + \"@\$2\"); \ } \ if (newBroker !== broker) { \ - coll.updateOne({ _id: doc._id }, { \\$set: { broker: newBroker } }); \ + coll.updateOne({ _id: doc._id }, { \$set: { broker: newBroker } }); \ updated++; \ } \ } \ @@ -333,19 +333,19 @@ update_credentials_in_db_container() { continue; \ } \ var coll=targetDb.getCollection(\"microservicesInstanceConfiguration\"); \ - var cursor=coll.find({ broker: { \\$type: \"string\" } }, { broker: 1 }); \ + var cursor=coll.find({ broker: { \$type: \"string\" } }, { broker: 1 }); \ var updated=0; \ while (cursor.hasNext()) { \ var doc=cursor.next(); \ var broker=doc.broker; \ var newBroker=broker; \ if (/^(amqps?):\\/\\/[^@]+@(.+)$/.test(broker)) { \ - newBroker=broker.replace(/^(amqps?):\\/\\/[^@]+@(.+)$/, \"$1://\" + user + \":\" + pass + \"@$2\"); \ + newBroker=broker.replace(/^(amqps?):\\/\\/[^@]+@(.+)$/, \"\$1://\" + user + \":\" + pass + \"@\$2\"); \ } else if (/^(amqps?):\\/\\/(.+)$/.test(broker)) { \ - newBroker=broker.replace(/^(amqps?):\\/\\/(.+)$/, \"$1://\" + user + \":\" + pass + \"@$2\"); \ + newBroker=broker.replace(/^(amqps?):\\/\\/(.+)$/, \"\$1://\" + user + \":\" + pass + \"@\$2\"); \ } \ if (newBroker !== broker) { \ - coll.updateOne({ _id: doc._id }, { \\$set: { broker: newBroker } }); \ + coll.updateOne({ _id: doc._id }, { \$set: { broker: newBroker } }); \ updated++; \ } \ } \ From 28921cd910a11f9da222d88646b2b4937f820a69 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 16:02:57 +0200 Subject: [PATCH 24/27] fix db --- .../update_for_userAndPasswordProtection.sh | 116 +++++++++++++++++- 1 file changed, 114 insertions(+), 2 deletions(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index bc9ebf6..e02eb58 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -24,6 +24,7 @@ NEW_USER="hypernode" OLD_DB_USER="${OLD_DB_USER:-}" OLD_DB_PASS="${OLD_DB_PASS:-}" NATIVE_UPDATE_PATH="${PWD}/native_update.sh" +DB_COMPOSE_URL="" log() { printf '%s\n' "$*" @@ -189,6 +190,88 @@ find_mongo_containers() { return 1 } +detect_compose_cmd() { + if command -v docker >/dev/null 2>&1 && docker compose version >/dev/null 2>&1; then + printf '%s' "docker compose" + return 0 + fi + if command -v docker-compose >/dev/null 2>&1; then + printf '%s' "docker-compose" + return 0 + fi + return 1 +} + +db_is_protected() { + local container="$1" + local shell_bin="${2:-sh}" + local out="" + + out="$( + docker exec "$container" "$shell_bin" -lc ' + if command -v mongosh >/dev/null 2>&1; then + mongosh --quiet --host 127.0.0.1 --port 27017 --eval "db.getSiblingDB(\"admin\").runCommand({usersInfo:1}); print(\"UNAUTH_OK\")" + else + mongo --quiet --host 127.0.0.1 --port 27017 --eval "db.getSiblingDB(\"admin\").runCommand({usersInfo:1}); print(\"UNAUTH_OK\")" + fi + ' 2>&1 || true + )" + + if grep -q 'UNAUTH_OK' <<< "$out"; then + return 1 + fi + + if grep -Eqi 'requires authentication|Authentication failed|Unauthorized|not authorized|command .* requires authentication' <<< "$out"; then + return 0 + fi + + return 1 +} + +recreate_database_service_for_container() { + local container="$1" + local compose_cmd="" + local project_name="" + local tmp_db_compose="" + + compose_cmd="$(detect_compose_cmd)" || { + warn "Né docker compose né docker-compose disponibili per il force-recreate DB" + return 1 + } + + if [[ -f "$ENV_FILE" ]]; then + set -a + # shellcheck disable=SC1090 + source "$ENV_FILE" + set +a + fi + + project_name="$(docker inspect -f '{{ index .Config.Labels "com.docker.compose.project" }}' "$container" 2>/dev/null || true)" + tmp_db_compose="$(mktemp)" + if ! curl -fsSL "$DB_COMPOSE_URL" -o "$tmp_db_compose"; then + warn "Impossibile scaricare compose DB: $DB_COMPOSE_URL" + rm -f "$tmp_db_compose" + return 1 + fi + + log_db "Force-recreate servizio database per applicare auth" + if [[ -n "$project_name" && "$project_name" != "" ]]; then + if ! $compose_cmd --project-name "$project_name" -f "$tmp_db_compose" up -d --force-recreate --remove-orphans; then + rm -f "$tmp_db_compose" + return 1 + fi + else + if ! $compose_cmd -f "$tmp_db_compose" up -d --force-recreate --remove-orphans; then + rm -f "$tmp_db_compose" + return 1 + fi + fi + + rm -f "$tmp_db_compose" + sleep 4 + return 0 +} + update_credentials_in_db_container() { local container="$1" local shell_bin="" @@ -294,7 +377,21 @@ update_credentials_in_db_container() { while IFS= read -r line; do [[ -n "$line" ]] && log_db "Output $container: $line" done <<< "$output" - return 0 + if db_is_protected "$container" "$shell_bin"; then + log_db "Protezione DB attiva su $container (accesso anonimo bloccato)" + return 0 + fi + + warn "DB ancora non protetto su $container dopo update utenti" + if recreate_database_service_for_container "$container"; then + if db_is_protected "$container" "$shell_bin"; then + log_db "Protezione DB attivata su $container dopo force-recreate" + return 0 + fi + fi + + warn "DB ancora non protetto su $container anche dopo force-recreate" + return 1 else warn "Output inatteso dal comando DB su $container" while IFS= read -r line; do @@ -372,7 +469,21 @@ update_credentials_in_db_container() { while IFS= read -r line; do [[ -n "$line" ]] && log_db "Output $container: $line" done <<< "$retry_output" - return 0 + if db_is_protected "$container" "$shell_bin"; then + log_db "Protezione DB attiva su $container (accesso anonimo bloccato)" + return 0 + fi + + warn "DB ancora non protetto su $container dopo retry autenticato" + if recreate_database_service_for_container "$container"; then + if db_is_protected "$container" "$shell_bin"; then + log_db "Protezione DB attivata su $container dopo force-recreate" + return 0 + fi + fi + + warn "DB ancora non protetto su $container anche dopo force-recreate" + return 1 fi fi @@ -510,6 +621,7 @@ main() { done NATIVE_UPDATE_URL="${ABSOLUTE_PATH_BASE}/${DEPLOY_BRANCH}/installer_docker/native_update.sh" + DB_COMPOSE_URL="${ABSOLUTE_PATH_BASE}/${DEPLOY_BRANCH}/installer_docker/composes/database/docker-compose.yaml" [[ -f "$ENV_FILE" ]] || warn "Env file non trovato: $ENV_FILE (verrà creato)" From 74559f79e69c9b6d9e6d9608f279b069a5bf9759 Mon Sep 17 00:00:00 2001 From: MDalprato Date: Fri, 24 Apr 2026 16:06:30 +0200 Subject: [PATCH 25/27] creazione user admin per db --- .../updates/update_for_userAndPasswordProtection.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index e02eb58..2a80697 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -323,7 +323,8 @@ update_credentials_in_db_container() { if (exists) { adminDb.updateUser(user,{pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ else { adminDb.createUser({user:user,pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ var adminUser=adminDb.getUser(\"admin\"); \ - if (adminUser) { adminDb.updateUser(\"admin\",{pwd:pass}); } \ + if (adminUser) { adminDb.updateUser(\"admin\",{pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ + else { adminDb.createUser({user:\"admin\",pwd:pass,roles:[{role:\"root\",db:\"admin\"}]}); } \ var dbNames=adminDb.getMongo().getDBNames(); \ for (var i=0;i Date: Fri, 24 Apr 2026 16:36:49 +0200 Subject: [PATCH 26/27] fixes --- .../update_for_userAndPasswordProtection.sh | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.sh b/installer_docker/updates/update_for_userAndPasswordProtection.sh index 2a80697..f598438 100755 --- a/installer_docker/updates/update_for_userAndPasswordProtection.sh +++ b/installer_docker/updates/update_for_userAndPasswordProtection.sh @@ -88,6 +88,27 @@ get_env_raw_value() { ' "$ENV_FILE" } +init_old_db_credentials_from_env() { + local env_db_user="" + local env_db_pass="" + + if [[ -n "$OLD_DB_USER" && -n "$OLD_DB_PASS" ]]; then + log_db "Credenziali OLD_DB_* fornite via env, uso quelle" + return 0 + fi + + env_db_user="$(strip_quotes "$(get_env_raw_value "DB_USERNAME")")" + env_db_pass="$(strip_quotes "$(get_env_raw_value "DB_PASSWORD")")" + + if [[ -n "$env_db_user" && -n "$env_db_pass" ]]; then + OLD_DB_USER="$env_db_user" + OLD_DB_PASS="$env_db_pass" + log_db "Credenziali fallback lette da .env: ${OLD_DB_USER}/********" + else + log_db "Nessuna credenziale DB trovata in .env: fallback autenticato disabilitato" + fi +} + upsert_env_key() { local key="$1" local value="$2" @@ -539,7 +560,10 @@ update_all_databases() { log_db "Riepilogo update DB: total=${total}, ok=${ok_count}, fail=${fail_count}" if [[ "$fail_count" -gt 0 ]]; then warn "Alcuni database non sono stati aggiornati correttamente (${fail_count}/${total})" + return 1 fi + + return 0 } remove_messagebroker_and_volumes() { @@ -635,7 +659,8 @@ main() { [[ -n "$NEW_PASSWORD" ]] || die "Impossibile generare password dinamica" log "▶️ Password dinamica generata" - update_all_databases + init_old_db_credentials_from_env + update_all_databases || die "Update DB fallito: interrompo per evitare disallineamento credenziali tra DB e .env" remove_messagebroker_and_volumes ensure_env_updates download_native_update From 00b14e92d6f7cda4fab39f3cc6775cee1c73aaed Mon Sep 17 00:00:00 2001 From: MDalprato Date: Mon, 27 Apr 2026 09:16:27 +0200 Subject: [PATCH 27/27] creato script update per ps1 --- .../update_for_userAndPasswordProtection.ps1 | 714 ++++++++++++++++++ 1 file changed, 714 insertions(+) create mode 100644 installer_docker/updates/update_for_userAndPasswordProtection.ps1 diff --git a/installer_docker/updates/update_for_userAndPasswordProtection.ps1 b/installer_docker/updates/update_for_userAndPasswordProtection.ps1 new file mode 100644 index 0000000..87e9a72 --- /dev/null +++ b/installer_docker/updates/update_for_userAndPasswordProtection.ps1 @@ -0,0 +1,714 @@ +param( + [string]$DeployBranch = $(if ([string]::IsNullOrWhiteSpace($env:DEPLOY_BRANCH)) { "feature/userAndPasswordProtection" } else { $env:DEPLOY_BRANCH }), + [string]$EnvFile = "", + [Alias("h")] + [switch]$Help +) + +$ErrorActionPreference = "Stop" +Set-StrictMode -Version Latest + +if ($Help) { + Write-Host @" +Usage: $(Split-Path -Leaf $PSCommandPath) [options] + +Options: + -DeployBranch Branch da usare per scaricare/avviare native_update.sh + (default: feature/userAndPasswordProtection) + -EnvFile Path dell'env file (default: .hypernode-install-env.log nella cwd, + fallback: root repo) + -Help Mostra questo help +"@ + exit 0 +} + +$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path +$InstallerDir = Split-Path -Parent $ScriptDir +$DeployDir = Split-Path -Parent $InstallerDir + +$AbsolutePathBase = "https://raw.githubusercontent.com/Arteco-Global/hypernode_deploy/refs/heads" +$NativeUpdateUrl = "$AbsolutePathBase/$DeployBranch/installer_docker/native_update.sh" +$DbComposeUrl = "$AbsolutePathBase/$DeployBranch/installer_docker/composes/database/docker-compose.yaml" + +$defaultEnv = Join-Path (Get-Location).Path ".hypernode-install-env.log" +if (-not (Test-Path $defaultEnv)) { + $fallbackEnv = Join-Path $DeployDir ".hypernode-install-env.log" + if (Test-Path $fallbackEnv) { + $defaultEnv = $fallbackEnv + } +} +if ([string]::IsNullOrWhiteSpace($EnvFile)) { + $EnvFile = $defaultEnv +} + +$NewUser = "hypernode" +$Script:NewPassword = "" +$Script:OldDbUser = if ([string]::IsNullOrWhiteSpace($env:OLD_DB_USER)) { "" } else { $env:OLD_DB_USER } +$Script:OldDbPass = if ([string]::IsNullOrWhiteSpace($env:OLD_DB_PASS)) { "" } else { $env:OLD_DB_PASS } +$NativeUpdatePath = Join-Path (Get-Location).Path "native_update.sh" + +function Log { + param([string]$Message) + Write-Host $Message +} + +function Log-Db { + param([string]$Message) + Write-Host "[DB] $Message" +} + +function Warn { + param([string]$Message) + Write-Host "[WARN] $Message" +} + +function Die { + param([string]$Message) + Write-Error $Message + exit 1 +} + +function Strip-Quotes { + param([string]$Value) + + if ([string]::IsNullOrEmpty($Value)) { + return "" + } + + $v = $Value.Trim() + if ($v.Length -ge 2) { + if (($v.StartsWith("\"") -and $v.EndsWith("\"")) -or ($v.StartsWith("'") -and $v.EndsWith("'"))) { + return $v.Substring(1, $v.Length - 2) + } + } + + return $v +} + +function Get-EnvRawValue { + param([string]$Key) + + if (-not (Test-Path $EnvFile)) { + return "" + } + + $value = "" + foreach ($line in [System.IO.File]::ReadAllLines($EnvFile)) { + if ($line -match "^\s*$([regex]::Escape($Key))=(.*)$") { + $value = $Matches[1] + } + } + + return $value +} + +function Upsert-EnvKey { + param( + [string]$Key, + [string]$Value + ) + + $escapedValue = $Value.Replace("'", "'\"'\"'") + $newLine = "$Key='$escapedValue'" + + $lines = New-Object System.Collections.Generic.List[string] + if (Test-Path $EnvFile) { + $lines.AddRange([System.IO.File]::ReadAllLines($EnvFile)) + } + + $newLines = New-Object System.Collections.Generic.List[string] + $found = $false + + foreach ($line in $lines) { + if ($line -match "^\s*$([regex]::Escape($Key))=") { + if (-not $found) { + $newLines.Add($newLine) + $found = $true + } + continue + } + $newLines.Add($line) + } + + if (-not $found) { + $newLines.Add($newLine) + } + + [System.IO.File]::WriteAllLines($EnvFile, $newLines) +} + +function Update-UriCredentials { + param( + [string]$Key, + [string]$SchemeRegex, + [string]$DefaultValue + ) + + $cleaned = Strip-Quotes (Get-EnvRawValue -Key $Key) + $newValue = $DefaultValue + + if (-not [string]::IsNullOrWhiteSpace($cleaned)) { + $rxWithCreds = "^($SchemeRegex)://[^@]+@(.+)$" + $rxNoCreds = "^($SchemeRegex)://(.+)$" + + if ($cleaned -match $rxWithCreds) { + $newValue = "$($Matches[1])://$NewUser:$Script:NewPassword@$($Matches[2])" + } elseif ($cleaned -match $rxNoCreds) { + $newValue = "$($Matches[1])://$NewUser:$Script:NewPassword@$($Matches[2])" + } + } + + Upsert-EnvKey -Key $Key -Value $newValue +} + +function Ensure-EnvUpdates { + if (-not (Test-Path $EnvFile)) { + New-Item -ItemType File -Path $EnvFile -Force | Out-Null + } + + Upsert-EnvKey -Key "DOCKER_TAG" -Value "userAndPasswordProtection" + Upsert-EnvKey -Key "RABBITMQ_DEFAULT_USER" -Value $NewUser + Upsert-EnvKey -Key "RABBITMQ_DEFAULT_PASS" -Value $Script:NewPassword + Upsert-EnvKey -Key "DB_USERNAME" -Value $NewUser + Upsert-EnvKey -Key "DB_PASSWORD" -Value $Script:NewPassword + + Update-UriCredentials -Key "RMQ" -SchemeRegex "amqp|amqps" -DefaultValue "amqp://$NewUser:$Script:NewPassword@messagebroker:5672" + + $currentDbName = "gateway-db" + $currentDbUri = Strip-Quotes (Get-EnvRawValue -Key "DATABASE_URI") + if ($currentDbUri -match "^mongodb://[^@]+@[^/]+/([^?]+)(\?.*)?$") { + $currentDbName = $Matches[1] + } + + Update-UriCredentials -Key "DATABASE_URI" -SchemeRegex "mongodb" -DefaultValue "mongodb://$NewUser:$Script:NewPassword@127.0.0.1:27017/$currentDbName?authSource=admin" + Update-UriCredentials -Key "LOCAL_DB_CONNECTION" -SchemeRegex "mongodb" -DefaultValue "mongodb://$NewUser:$Script:NewPassword@127.0.0.1:27017/exports?authSource=admin" +} + +function Generate-Password { + $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".ToCharArray() + $bytes = New-Object byte[] 24 + [System.Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($bytes) + + $result = New-Object System.Text.StringBuilder + for ($i = 0; $i -lt $bytes.Length -and $result.Length -lt 12; $i++) { + [void]$result.Append($chars[$bytes[$i] % $chars.Length]) + } + + while ($result.Length -lt 12) { + $b = New-Object byte[] 1 + [System.Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($b) + [void]$result.Append($chars[$b[0] % $chars.Length]) + } + + return $result.ToString() +} + +function Init-OldDbCredentialsFromEnv { + if (-not [string]::IsNullOrWhiteSpace($Script:OldDbUser) -and -not [string]::IsNullOrWhiteSpace($Script:OldDbPass)) { + Log-Db "Credenziali OLD_DB_* fornite via env, uso quelle" + return + } + + $envDbUser = Strip-Quotes (Get-EnvRawValue -Key "DB_USERNAME") + $envDbPass = Strip-Quotes (Get-EnvRawValue -Key "DB_PASSWORD") + + if (-not [string]::IsNullOrWhiteSpace($envDbUser) -and -not [string]::IsNullOrWhiteSpace($envDbPass)) { + $Script:OldDbUser = $envDbUser + $Script:OldDbPass = $envDbPass + Log-Db "Credenziali fallback lette da .env: $Script:OldDbUser/********" + } else { + Log-Db "Nessuna credenziale DB trovata in .env: fallback autenticato disabilitato" + } +} + +function Find-MongoContainers { + $rows = & docker ps --format "{{.Names}}|{{.Image}}|{{.Ports}}" 2>$null + if ($LASTEXITCODE -ne 0) { + throw "Errore durante docker ps" + } + + $set = New-Object 'System.Collections.Generic.HashSet[string]' + foreach ($row in @($rows)) { + if ([string]::IsNullOrWhiteSpace($row)) { + continue + } + + $parts = $row.Split("|", 3) + if ($parts.Count -lt 3) { + continue + } + + $name = [string]$parts[0] + $image = [string]$parts[1] + $ports = [string]$parts[2] + + $n = $name.ToLowerInvariant() + $i = $image.ToLowerInvariant() + $p = $ports.ToLowerInvariant() + + if ($i -match "mongo|database|usee_database" -or + $n -match "mongo|database|uss_database" -or + $p -match "27017") { + [void]$set.Add($name) + } + } + + return @($set) +} + +function Detect-ComposeCmd { + & docker compose version *> $null + if ($LASTEXITCODE -eq 0) { + return "docker_compose_v2" + } + + & docker-compose version *> $null + if ($LASTEXITCODE -eq 0) { + return "docker_compose_v1" + } + + return $null +} + +function Export-EnvFileToProcess { + if (-not (Test-Path $EnvFile)) { + return + } + + foreach ($line in [System.IO.File]::ReadAllLines($EnvFile)) { + if ([string]::IsNullOrWhiteSpace($line)) { + continue + } + if ($line -match '^\s*#') { + continue + } + if ($line -notmatch '^\s*([^=]+)=(.*)$') { + continue + } + + $key = $Matches[1].Trim() + $rawValue = $Matches[2] + if ([string]::IsNullOrWhiteSpace($key)) { + continue + } + + $cleanValue = Strip-Quotes $rawValue + [System.Environment]::SetEnvironmentVariable($key, $cleanValue, [System.EnvironmentVariableTarget]::Process) + } +} + +function Get-ContainerShell { + param([string]$Container) + + & docker exec $Container sh -lc "command -v sh >/dev/null 2>&1" *> $null + if ($LASTEXITCODE -eq 0) { + return "sh" + } + + & docker exec $Container bash -lc "command -v bash >/dev/null 2>&1" *> $null + if ($LASTEXITCODE -eq 0) { + return "bash" + } + + return "" +} + +function Db-IsProtected { + param( + [string]$Container, + [string]$ShellBin + ) + + $script = @' +if command -v mongosh >/dev/null 2>&1; then + mongosh --quiet --host 127.0.0.1 --port 27017 --eval "db.getSiblingDB(\"admin\").runCommand({usersInfo:1}); print(\"UNAUTH_OK\")" +else + mongo --quiet --host 127.0.0.1 --port 27017 --eval "db.getSiblingDB(\"admin\").runCommand({usersInfo:1}); print(\"UNAUTH_OK\")" +fi +'@ + + $out = & docker exec $Container $ShellBin -lc $script 2>&1 + $text = (@($out) -join [Environment]::NewLine) + + if ($text -match "UNAUTH_OK") { + return $false + } + + if ($text -match "requires authentication|Authentication failed|Unauthorized|not authorized|command .* requires authentication") { + return $true + } + + return $false +} + +function Recreate-DatabaseServiceForContainer { + param([string]$Container) + + $composeCmd = Detect-ComposeCmd + if ($null -eq $composeCmd) { + Warn "Né docker compose né docker-compose disponibili per il force-recreate DB" + return $false + } + + $projectName = (& docker inspect -f "{{ index .Config.Labels \"com.docker.compose.project\" }}" $Container 2>$null) + if ($LASTEXITCODE -ne 0) { + $projectName = "" + } + + $tmpDbCompose = Join-Path ([System.IO.Path]::GetTempPath()) ("db-compose-{0}.yaml" -f ([guid]::NewGuid().Guid)) + try { + Invoke-WebRequest -Uri $DbComposeUrl -OutFile $tmpDbCompose | Out-Null + } catch { + Warn "Impossibile scaricare compose DB: $DbComposeUrl" + if (Test-Path $tmpDbCompose) { Remove-Item -Force $tmpDbCompose } + return $false + } + + Log-Db "Force-recreate servizio database per applicare auth" + Export-EnvFileToProcess + + if (-not [string]::IsNullOrWhiteSpace($projectName) -and $projectName -ne "") { + if ($composeCmd -eq "docker_compose_v2") { + $cmd = @("compose", "--project-name", $projectName, "-f", $tmpDbCompose, "up", "-d", "--force-recreate", "--remove-orphans") + & docker @cmd + } else { + $cmd = @("--project-name", $projectName, "-f", $tmpDbCompose, "up", "-d", "--force-recreate", "--remove-orphans") + & docker-compose @cmd + } + } else { + $cmd = if ($composeCmd -eq "docker_compose_v2") { + @("compose", "-f", $tmpDbCompose, "up", "-d", "--force-recreate", "--remove-orphans") + } else { + @("-f", $tmpDbCompose, "up", "-d", "--force-recreate", "--remove-orphans") + } + + if ($composeCmd -eq "docker_compose_v2") { + & docker @cmd + } else { + & docker-compose @cmd + } + } + + $ok = ($LASTEXITCODE -eq 0) + Remove-Item -Force $tmpDbCompose -ErrorAction SilentlyContinue + Start-Sleep -Seconds 4 + return $ok +} + +function Invoke-DbCredentialUpdate { + param( + [string]$Container, + [string]$ShellBin, + [switch]$UseAuth + ) + + $shellScript = @' +set -e +cat > /tmp/hn_update_users.js <<'JS' +var adminDb=db.getSiblingDB("admin"); +var user=process.env.HN_NEW_USER; +var pass=process.env.HN_NEW_PASS; +var exists=adminDb.getUser(user); +if (exists) { adminDb.updateUser(user,{pwd:pass,roles:[{role:"root",db:"admin"}]}); } +else { adminDb.createUser({user:user,pwd:pass,roles:[{role:"root",db:"admin"}]}); } +var adminUser=adminDb.getUser("admin"); +if (adminUser) { adminDb.updateUser("admin",{pwd:pass,roles:[{role:"root",db:"admin"}]}); } +else { adminDb.createUser({user:"admin",pwd:pass,roles:[{role:"root",db:"admin"}]}); } +var dbNames=adminDb.getMongo().getDBNames(); +for (var i=0;i/dev/null 2>&1; then + if [ -n "$HN_OLD_USER" ] && [ -n "$HN_OLD_PASS" ]; then + mongosh --quiet --host 127.0.0.1 --port 27017 -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --file /tmp/hn_update_users.js + else + mongosh --quiet --host 127.0.0.1 --port 27017 --file /tmp/hn_update_users.js + fi +else + if [ -n "$HN_OLD_USER" ] && [ -n "$HN_OLD_PASS" ]; then + mongo --quiet --host 127.0.0.1 --port 27017 -u "$HN_OLD_USER" -p "$HN_OLD_PASS" --authenticationDatabase admin --file /tmp/hn_update_users.js + else + mongo --quiet --host 127.0.0.1 --port 27017 --file /tmp/hn_update_users.js + fi +fi +rm -f /tmp/hn_update_users.js +'@ + + $args = @("exec", "-e", "HN_NEW_USER=$NewUser", "-e", "HN_NEW_PASS=$Script:NewPassword") + + if ($UseAuth) { + $args += @("-e", "HN_OLD_USER=$Script:OldDbUser", "-e", "HN_OLD_PASS=$Script:OldDbPass") + } else { + $args += @("-e", "HN_OLD_USER=", "-e", "HN_OLD_PASS=") + } + + $args += @($Container, $ShellBin, "-lc", $shellScript) + + $out = & docker @args 2>&1 + $exitCode = $LASTEXITCODE + + return @{ + ExitCode = $exitCode + Output = (@($out) -join [Environment]::NewLine) + } +} + +function Update-CredentialsInDbContainer { + param([string]$Container) + + $inspectImage = (& docker inspect -f "{{.Config.Image}}" $Container 2>$null) + $inspectStatus = (& docker inspect -f "{{.State.Status}}" $Container 2>$null) + + Log-Db "Container: $Container | image: $(if ([string]::IsNullOrWhiteSpace($inspectImage)) { 'unknown' } else { $inspectImage }) | status: $(if ([string]::IsNullOrWhiteSpace($inspectStatus)) { 'unknown' } else { $inspectStatus })" + + $shellBin = Get-ContainerShell -Container $Container + if ([string]::IsNullOrWhiteSpace($shellBin)) { + Warn "Container $Container senza shell supportata: skip" + return $false + } + + Log-Db "Shell rilevata in $Container: $shellBin" + Log-Db "Tentativo update utenti su DB admin senza autenticazione" + + $firstTry = Invoke-DbCredentialUpdate -Container $Container -ShellBin $shellBin + $firstOut = [string]$firstTry.Output + + if ($firstTry.ExitCode -eq 0 -and $firstOut -notmatch "Authentication failed|MongoServerError|Error:") { + if ($firstOut -match "(^|\s)ok($|\s)") { + Log-Db "Update credenziali completato su $Container" + foreach ($line in @($firstOut -split "`r?`n")) { + if (-not [string]::IsNullOrWhiteSpace($line)) { + Log-Db "Output ${Container}: $line" + } + } + + if (Db-IsProtected -Container $Container -ShellBin $shellBin) { + Log-Db "Protezione DB attiva su $Container (accesso anonimo bloccato)" + return $true + } + + Warn "DB ancora non protetto su $Container dopo update utenti" + if (Recreate-DatabaseServiceForContainer -Container $Container) { + if (Db-IsProtected -Container $Container -ShellBin $shellBin) { + Log-Db "Protezione DB attivata su $Container dopo force-recreate" + return $true + } + } + + Warn "DB ancora non protetto su $Container anche dopo force-recreate" + return $false + } + + Warn "Output inatteso dal comando DB su $Container" + } + + if (-not [string]::IsNullOrWhiteSpace($firstOut)) { + foreach ($line in @($firstOut -split "`r?`n")) { + if (-not [string]::IsNullOrWhiteSpace($line)) { + Warn "[DB:$Container] $line" + } + } + } + + if (-not [string]::IsNullOrWhiteSpace($Script:OldDbUser) -and -not [string]::IsNullOrWhiteSpace($Script:OldDbPass)) { + Log-Db "Retry su $Container con autenticazione $Script:OldDbUser/********" + $retry = Invoke-DbCredentialUpdate -Container $Container -ShellBin $shellBin -UseAuth + $retryOut = [string]$retry.Output + + if ($retry.ExitCode -eq 0 -and $retryOut -notmatch "Authentication failed|MongoServerError|Error:" -and $retryOut -match "(^|\s)ok($|\s)") { + Log-Db "Update credenziali completato su $Container (retry autenticato)" + foreach ($line in @($retryOut -split "`r?`n")) { + if (-not [string]::IsNullOrWhiteSpace($line)) { + Log-Db "Output ${Container}: $line" + } + } + + if (Db-IsProtected -Container $Container -ShellBin $shellBin) { + Log-Db "Protezione DB attiva su $Container (accesso anonimo bloccato)" + return $true + } + + Warn "DB ancora non protetto su $Container dopo retry autenticato" + if (Recreate-DatabaseServiceForContainer -Container $Container) { + if (Db-IsProtected -Container $Container -ShellBin $shellBin) { + Log-Db "Protezione DB attivata su $Container dopo force-recreate" + return $true + } + } + + Warn "DB ancora non protetto su $Container anche dopo force-recreate" + return $false + } + + if (-not [string]::IsNullOrWhiteSpace($retryOut)) { + foreach ($line in @($retryOut -split "`r?`n")) { + if (-not [string]::IsNullOrWhiteSpace($line)) { + Warn "[DB:$Container] $line" + } + } + } + } else { + Log-Db "Fallback autenticato disabilitato (OLD_DB_USER/OLD_DB_PASS non impostati)" + } + + Warn "Update credenziali fallito su $Container" + return $false +} + +function Update-AllDatabases { + $containers = @() + try { + $containers = @(Find-MongoContainers) + } catch { + Warn "Errore durante la ricerca dei container MongoDB" + return $false + } + + if ($containers.Count -eq 0) { + Warn "Nessun container MongoDB rilevato in esecuzione" + return $true + } + + $total = $containers.Count + $okCount = 0 + $failCount = 0 + + Log "Aggiornamento credenziali DB su $total container MongoDB" + foreach ($c in $containers) { + Log-Db "-----" + if (Update-CredentialsInDbContainer -Container $c) { + $okCount++ + } else { + $failCount++ + } + } + + Log-Db "Riepilogo update DB: total=$total, ok=$okCount, fail=$failCount" + if ($failCount -gt 0) { + Warn "Alcuni database non sono stati aggiornati correttamente ($failCount/$total)" + return $false + } + + return $true +} + +function Remove-MessagebrokerAndVolumes { + $ids = @(& docker ps -aq --filter "name=(^|[-_])messagebroker($|[-_])" 2>$null) + if ($LASTEXITCODE -ne 0) { + Warn "Impossibile enumerare container messagebroker" + return + } + + $ids = @($ids | Where-Object { -not [string]::IsNullOrWhiteSpace($_) }) + if ($ids.Count -eq 0) { + Log "Nessun container messagebroker trovato" + return + } + + foreach ($id in $ids) { + $volumes = @(& docker inspect $id --format '{{range .Mounts}}{{if eq .Type "volume"}}{{.Name}}{{println}}{{end}}{{end}}' 2>$null) + $volumes = @($volumes | Where-Object { -not [string]::IsNullOrWhiteSpace($_) }) + + Log "Rimozione container messagebroker: $id" + & docker rm -f $id *> $null + + foreach ($v in $volumes) { + Log " Rimozione volume: $v" + & docker volume rm $v *> $null + if ($LASTEXITCODE -ne 0) { + Warn "Volume $v non rimosso (forse già assente/in uso)" + } + } + } +} + +function Download-NativeUpdate { + Log "Download native_update.sh da: $NativeUpdateUrl" + + try { + Invoke-WebRequest -Uri $NativeUpdateUrl -OutFile $NativeUpdatePath | Out-Null + } catch { + Die "Download fallito: $NativeUpdateUrl" + } +} + +function Prompt-AndRunUpdate { + Write-Host "" + Write-Host "Preparazione completata." + Write-Host "Nuova password generata: $Script:NewPassword" + + $answer = Read-Host "Procedere ora con native_update.sh? [y/N]" + if ($answer -match '^(y|yes)$') { + $bash = Get-Command bash -ErrorAction SilentlyContinue + if ($null -eq $bash) { + Warn "bash non trovato su Windows. Esegui manualmente: bash $NativeUpdatePath --env-file $EnvFile --deploy-branch $DeployBranch" + return + } + + Log "Avvio $NativeUpdatePath" + & $bash.Source $NativeUpdatePath --env-file $EnvFile --deploy-branch $DeployBranch + if ($LASTEXITCODE -ne 0) { + Die "native_update.sh terminato con errore" + } + } else { + Log "Update non avviato. Esegui manualmente: bash $NativeUpdatePath --env-file $EnvFile --deploy-branch $DeployBranch" + } +} + +if (-not (Test-Path $EnvFile)) { + Warn "Env file non trovato: $EnvFile (verrà creato)" +} + +& docker --version *> $null +if ($LASTEXITCODE -ne 0) { + Die "Docker non disponibile" +} + +$Script:NewPassword = if ([string]::IsNullOrWhiteSpace($env:NEW_PASSWORD)) { Generate-Password } else { $env:NEW_PASSWORD } +if ([string]::IsNullOrWhiteSpace($Script:NewPassword)) { + Die "Impossibile generare password dinamica" +} + +Log "Password dinamica generata" +Init-OldDbCredentialsFromEnv + +if (-not (Update-AllDatabases)) { + Die "Update DB fallito: interrompo per evitare disallineamento credenziali tra DB e .env" +} + +Remove-MessagebrokerAndVolumes +Ensure-EnvUpdates +Download-NativeUpdate +Prompt-AndRunUpdate