refactor (build/gql-server): Introduce Hasura override config and a file to store Adm Password (#20993)

* Introduce Hasura override config and a password file * Add message when set a password to Hasura * add logs to inspect errors * fix config file name * test changing key file owner * test without override file * fix print status * store password as env var * changes suggested in PR
2024-08-30 11:49:58 -03:00 · 2024-08-30 11:49:58 -03:00 · acff8ba0f8
commit acff8ba0f8
parent 664dc2d8f2
4 changed files with 20 additions and 11 deletions
--- a/build/packages-template/bbb-graphql-server/after-install.sh
+++ b/build/packages-template/bbb-graphql-server/after-install.sh
@ -24,14 +24,18 @@ case "$1" in
  echo "Postgresql configured"
 #Generate a random password to Hasura to improve security
-  HASURA_ADM_PASSWORD=$(grep '^HASURA_GRAPHQL_ADMIN_SECRET=' /etc/default/bbb-graphql-server | cut -d '=' -f 2)
+if [ ! -f /usr/share/bbb-graphql-server/admin-secret ]; then
-  if [ "$HASURA_ADM_PASSWORD" = "bigbluebutton" ]; then
+  mkdir -p /usr/share/bbb-graphql-server
-    echo "Set a random password to Hasura replacing the default 'bigbluebutton'"
+  chmod 700  /usr/share/bbb-graphql-server/
  HASURA_RANDOM_ADM_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g' | sed 's/+//g' | sed 's/\///g')
-    sed -i "s/HASURA_GRAPHQL_ADMIN_SECRET=bigbluebutton/HASURA_GRAPHQL_ADMIN_SECRET=$HASURA_RANDOM_ADM_PASSWORD/g" /etc/default/bbb-graphql-server
+  echo "HASURA_GRAPHQL_ADMIN_SECRET=$HASURA_RANDOM_ADM_PASSWORD" > /usr/share/bbb-graphql-server/admin-secret
-    HASURA_ADM_PASSWORD="$HASURA_RANDOM_ADM_PASSWORD"
+  chown bigbluebutton:bigbluebutton /usr/share/bbb-graphql-server/admin-secret
  chmod 600 /usr/share/bbb-graphql-server/admin-secret
  echo "Set a random password to Hasura at /usr/share/bbb-graphql-server/admin-secret"
 fi
 #Set admin secret for Hasura CLI
 HASURA_ADM_PASSWORD=$(grep '^HASURA_GRAPHQL_ADMIN_SECRET=' /usr/share/bbb-graphql-server/admin-secret | cut -d '=' -f 2)
 sed -i "s/^admin_secret: .*/admin_secret: $HASURA_ADM_PASSWORD/g" /usr/share/bbb-graphql-server/config.yaml
  if [ ! -f /.dockerenv ]; then
--- a/build/packages-template/bbb-graphql-server/bbb-graphql-server.service
+++ b/build/packages-template/bbb-graphql-server/bbb-graphql-server.service
@ -11,6 +11,10 @@ User=bigbluebutton
 Group=bigbluebutton
 WorkingDirectory=/usr/local/bin
 EnvironmentFile=/etc/default/bbb-graphql-server
 # Optional file (the service should not fail if the file does not exist)
 EnvironmentFile=-/etc/bigbluebutton/bbb-graphql-server.env
 # Load Hasura password
 EnvironmentFile=/usr/share/bbb-graphql-server/admin-secret
 ExecStart=/usr/local/bin/hasura-graphql-engine serve
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=always
@ -22,4 +26,3 @@ LimitNOFILE=4096
 [Install]
 WantedBy=multi-user.target bigbluebutton.target
--- a/build/packages-template/bbb-graphql-server/hasura-config.env
+++ b/build/packages-template/bbb-graphql-server/hasura-config.env
@ -8,7 +8,6 @@ HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
 HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100
 HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
 HASURA_GRAPHQL_SERVER_PORT=8085
 HASURA_GRAPHQL_ADMIN_SECRET=bigbluebutton
 HASURA_GRAPHQL_ENABLE_TELEMETRY=false
 HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE=10
 HASURA_GRAPHQL_AUTH_HOOK=http://127.0.0.1:8901/userInfo
--- a/docs/docs/administration/configuration-files.md
+++ b/docs/docs/administration/configuration-files.md
@ -25,6 +25,9 @@ Starting with BigBlueButton 2.3 many of the configuration files have local overr
 | /usr/share/bbb-apps-akka/conf/application.conf                          | /etc/bigbluebutton/bbb-apps-akka.conf            |                                                                                  |
 | /usr/share/bbb-fsesl-akka/conf/application.conf                         | /etc/bigbluebutton/bbb-fsesl-akka.conf           |                                                                                  |
 | /var/bigbluebutton/html5-client/private/config/settings.yml             | /etc/bigbluebutton/bbb-html5.yml                 | Arrays are merged by replacement (as of 2.4-rc-5)                                |
 | /etc/default/bbb-graphql-server                                         | /etc/bigbluebutton/bbb-graphql-server.env        | It can replace any Hasura config but HASURA_GRAPHQL_ADMIN_SECRET                 |
 | /usr/share/bbb-graphql-server/admin-secret                              |                                                  | Stores Hasura admin password (HASURA_GRAPHQL_ADMIN_SECRET), it can be edited     |
 | /usr/share/bbb-graphql-middleware/config.yml                            | /etc/bigbluebutton/bbb-graphql-middleware.yml    |                                                                                  |
 | /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml         | /etc/bigbluebutton/turn-stun-servers.xml         | Replaces the original file                                                       |
 | /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml              | /etc/bigbluebutton/bbb-webrtc-sfu/production.yml | Arrays are merged by replacement                                                 |
 | /usr/local/bigbluebutton/bbb-pads/config/settings.json                  | /etc/bigbluebutton/bbb-pads.json                 | Arrays are merged by replacement                                                 |