Merge pull request #2193 from Emzy/ops/mysql-pw

Add random generated mysql passwords on prod install
2022-07-26 22:57:43 +00:00 · 2022-07-26 22:57:43 +00:00 · 3207e2a285
commit 3207e2a285
parent a30808a972 412a0ee577
8 changed files with 64 additions and 18 deletions
--- a/production/install
+++ b/production/install
@ -218,6 +218,21 @@ MYSQL_HOME=/mysql
 MYSQL_USER=mysql
 MYSQL_GROUP=mysql
 # mempool mysql user/password
 MEMPOOL_MAINNET_USER='mempool'
 MEMPOOL_TESTNET_USER='mempool_testnet'
 MEMPOOL_SIGNET_USER='mempool_signet'
 MEMPOOL_LIQUID_USER='mempool_liquid'
 MEMPOOL_LIQUIDTESTNET_USER='mempool_liquidtestnet'
 MEMPOOL_BISQ_USER='mempool_bisq'
 # generate random hex string
 MEMPOOL_MAINNET_PASS=$(head -150 /dev/urandom | ${MD5} | awk '{print $1}')
 MEMPOOL_TESTNET_PASS=$(head -150 /dev/urandom | ${MD5} | awk '{print $1}')
 MEMPOOL_SIGNET_PASS=$(head -150 /dev/urandom | ${MD5} | awk '{print $1}')
 MEMPOOL_LIQUID_PASS=$(head -150 /dev/urandom | ${MD5} | awk '{print $1}')
 MEMPOOL_LIQUIDTESTNET_PASS=$(head -150 /dev/urandom | ${MD5} | awk '{print $1}')
 MEMPOOL_BISQ_PASS=$(head -150 /dev/urandom | ${MD5} | awk '{print $1}')
 # mempool data folder and user/group
 MEMPOOL_HOME=/mempool
 MEMPOOL_USER=mempool
@ -1513,22 +1528,38 @@ esac
 mysql << _EOF_
 create database mempool;
-grant all on mempool.* to 'mempool'@'localhost' identified by 'mempool';
+grant all on mempool.* to '${MEMPOOL_MAINNET_USER}'@'localhost' identified by '${MEMPOOL_MAINNET_PASS}';
 create database mempool_testnet;
-grant all on mempool_testnet.* to 'mempool_testnet'@'localhost' identified by 'mempool_testnet';
+grant all on mempool_testnet.* to '${MEMPOOL_TESTNET_USER}'@'localhost' identified by '${MEMPOOL_TESTNET_PASS}';
 create database mempool_signet;
-grant all on mempool_signet.* to 'mempool_signet'@'localhost' identified by 'mempool_signet';
+grant all on mempool_signet.* to '${MEMPOOL_SIGNET_USER}'@'localhost' identified by '${MEMPOOL_SIGNET_PASS}';
 create database mempool_liquid;
-grant all on mempool_liquid.* to 'mempool_liquid'@'localhost' identified by 'mempool_liquid';
+grant all on mempool_liquid.* to '${MEMPOOL_LIQUID_USER}'@'localhost' identified by '${MEMPOOL_LIQUID_PASS}';
 create database mempool_liquidtestnet;
-grant all on mempool_liquidtestnet.* to 'mempool_liquidtestnet'@'localhost' identified by 'mempool_liquidtestnet';
+grant all on mempool_liquidtestnet.* to '${MEMPOOL_LIQUIDTESTNET_USER}'@'localhost' identified by '${MEMPOOL_LIQUIDTESTNET_PASS}';
 create database mempool_bisq;
-grant all on mempool_bisq.* to 'mempool_bisq'@'localhost' identified by 'mempool_bisq';
+grant all on mempool_bisq.* to '${MEMPOOL_BISQ_USER}'@'localhost' identified by '${MEMPOOL_BISQ_PASS}';
 _EOF_
 echo "[*] save MySQL credentials"
 cat > ${MEMPOOL_HOME}/mysql_credentials << _EOF_
 declare -x MEMPOOL_MAINNET_USER="${MEMPOOL_MAINNET_USER}"
 declare -x MEMPOOL_MAINNET_PASS="${MEMPOOL_MAINNET_PASS}"
 declare -x MEMPOOL_TESTNET_USER="${MEMPOOL_TESTNET_USER}"
 declare -x MEMPOOL_TESTNET_PASS="${MEMPOOL_TESTNET_PASS}"
 declare -x MEMPOOL_SIGNET_USER="${MEMPOOL_SIGNET_USER}"
 declare -x MEMPOOL_SIGNET_PASS="${MEMPOOL_SIGNET_PASS}"
 declare -x MEMPOOL_LIQUID_USER="${MEMPOOL_LIQUID_USER}"
 declare -x MEMPOOL_LIQUID_PASS="${MEMPOOL_LIQUID_PASS}"
 declare -x MEMPOOL_LIQUIDTESTNET_USER="${MEMPOOL_LIQUIDTESTNET_USER}"
 declare -x MEMPOOL_LIQUIDTESTNET_PASS="${MEMPOOL_LIQUIDTESTNET_PASS}"
 declare -x MEMPOOL_BISQ_USER="${MEMPOOL_BISQ_USER}"
 declare -x MEMPOOL_BISQ_PASS="${MEMPOOL_BISQ_PASS}"
 _EOF_
 ##### nginx
--- a/production/mempool-build-all
+++ b/production/mempool-build-all
@ -11,6 +11,9 @@ BITCOIN_RPC_PASS=$(grep '^rpcpassword' /bitcoin/bitcoin.conf | cut -d '=' -f2)
 ELEMENTS_RPC_USER=$(grep '^rpcuser' /elements/elements.conf | cut -d '=' -f2)
 ELEMENTS_RPC_PASS=$(grep '^rpcpassword' /elements/elements.conf | cut -d '=' -f2)
 # get mysql credentials
 . /mempool/mysql_credentials
 if [ -f "${LOCKFILE}" ];then
    echo "upgrade already running? check lockfile ${LOCKFILE}"
    exit 1
@ -73,6 +76,18 @@ build_backend()
 	-e "s!__BITCOIN_RPC_PASS__!${BITCOIN_RPC_PASS}!" \
 	-e "s!__ELEMENTS_RPC_USER__!${ELEMENTS_RPC_USER}!" \
 	-e "s!__ELEMENTS_RPC_PASS__!${ELEMENTS_RPC_PASS}!" \
        -e "s!__MEMPOOL_MAINNET_USER__!${MEMPOOL_MAINNET_USER}!" \
        -e "s!__MEMPOOL_MAINNET_PASS__!${MEMPOOL_MAINNET_PASS}!" \
        -e "s!__MEMPOOL_TESTNET_USER__!${MEMPOOL_TESTNET_USER}!" \
        -e "s!__MEMPOOL_TESTNET_PASS__!${MEMPOOL_TESTNET_PASS}!" \
        -e "s!__MEMPOOL_SIGNET_USER__!${MEMPOOL_SIGNET_USER}!" \
        -e "s!__MEMPOOL_SIGNET_PASS__!${MEMPOOL_SIGNET_PASS}!" \
        -e "s!__MEMPOOL_LIQUID_USER__!${MEMPOOL_LIQUID_USER}!" \
        -e "s!__MEMPOOL_LIQUID_PASS__!${MEMPOOL_LIQUID_PASS}!" \
        -e "s!__MEMPOOL_LIQUIDTESTNET_USER__!${LIQUIDTESTNET_USER}!" \
        -e "s!__MEMPOOL_LIQUIDTESTNET_PASS__!${MEMPOOL_LIQUIDTESTNET_PASS}!" \
        -e "s!__MEMPOOL_BISQ_USER__!${MEMPOOL_BISQ_USER}!" \
        -e "s!__MEMPOOL_BISQ_PASS__!${MEMPOOL_BISQ_PASS}!" \
 	"mempool-config.json"
    fi
    npm install --omit=dev --omit=optional || exit 1
--- a/production/mempool-config.bisq.json
+++ b/production/mempool-config.bisq.json
@ -21,8 +21,8 @@
    "ENABLED": false,
    "HOST": "127.0.0.1",
    "PORT": 3306,
-    "USERNAME": "mempool_bisq",
+    "USERNAME": "__MEMPOOL_BISQ_USER__",
-    "PASSWORD": "mempool_bisq",
+    "PASSWORD": "__MEMPOOL_BISQ_PASS__",
    "DATABASE": "mempool_bisq"
  },
  "STATISTICS": {
--- a/production/mempool-config.liquid.json
+++ b/production/mempool-config.liquid.json
@ -28,8 +28,8 @@
    "ENABLED": true,
    "HOST": "127.0.0.1",
    "PORT": 3306,
-    "USERNAME": "mempool_liquid",
+    "USERNAME": "__MEMPOOL_LIQUID_USER__",
-    "PASSWORD": "mempool_liquid",
+    "PASSWORD": "__MEMPOOL_LIQUID_PASS__",
    "DATABASE": "mempool_liquid"
  },
  "STATISTICS": {
--- a/production/mempool-config.liquidtestnet.json
+++ b/production/mempool-config.liquidtestnet.json
@ -28,8 +28,8 @@
    "ENABLED": true,
    "HOST": "127.0.0.1",
    "PORT": 3306,
-    "USERNAME": "mempool_liquidtestnet",
+    "USERNAME": "__MEMPOOL_LIQUIDTESTNET_USER__",
-    "PASSWORD": "mempool_liquidtestnet",
+    "PASSWORD": "__MEMPOOL_LIQUIDTESTNET_PASS__",
    "DATABASE": "mempool_liquidtestnet"
  },
  "STATISTICS": {
--- a/production/mempool-config.mainnet.json
+++ b/production/mempool-config.mainnet.json
@ -32,8 +32,8 @@
    "ENABLED": true,
    "HOST": "127.0.0.1",
    "PORT": 3306,
-    "USERNAME": "mempool",
+    "USERNAME": "__MEMPOOL_MAINNET_USER__",
-    "PASSWORD": "mempool",
+    "PASSWORD": "__MEMPOOL_MAINNET_PASS__",
    "DATABASE": "mempool"
  },
  "STATISTICS": {
--- a/production/mempool-config.signet.json
+++ b/production/mempool-config.signet.json
@ -24,8 +24,8 @@
    "ENABLED": true,
    "HOST": "127.0.0.1",
    "PORT": 3306,
-    "USERNAME": "mempool_signet",
+    "USERNAME": "__MEMPOOL_SIGNET_USER__",
-    "PASSWORD": "mempool_signet",
+    "PASSWORD": "__MEMPOOL_SIGNET_PASS__",
    "DATABASE": "mempool_signet"
  },
  "STATISTICS": {
--- a/production/mempool-config.testnet.json
+++ b/production/mempool-config.testnet.json
@ -24,8 +24,8 @@
    "ENABLED": true,
    "HOST": "127.0.0.1",
    "PORT": 3306,
-    "USERNAME": "mempool_testnet",
+    "USERNAME": "__MEMPOOL_TESTNET_USER__",
-    "PASSWORD": "mempool_testnet",
+    "PASSWORD": "__MEMPOOL_TESTNET_PASS__",
    "DATABASE": "mempool_testnet"
  },
  "STATISTICS": {