From 2f5708b205072faf4ba4d545cb1efff29f9f241a Mon Sep 17 00:00:00 2001 From: UsualSpec <98665326+UsualSpec@users.noreply.github.com> Date: Mon, 1 Jul 2024 16:51:24 +0200 Subject: [PATCH] Move to remotehost via parameter --- client/README.md | 8 ++++---- client/deploy.sh | 2 +- client/deploy/cnConfig.sh | 3 --- client/deploy/create_client_cert.sh | 2 +- 4 files changed, 6 insertions(+), 9 deletions(-) delete mode 100644 client/deploy/cnConfig.sh diff --git a/client/README.md b/client/README.md index df1bf0d..ed321e9 100644 --- a/client/README.md +++ b/client/README.md @@ -5,8 +5,8 @@ This folder contains files needed for the client side of the autopower project: - `deploy.sh` A bash script which runs on the Raspberry Pi to setup the environment. This asks interactively for a device name and sets up all respective binaries, the database, firewall, Zabbix client for monitoring, etc -- `deploy/create_client_cert.sh` A script to generate certificates for the clients. Those need to be signed from a CA trusted by the server to allow encrypted connection. -- `serverIpConfig.sh` A bash script containing configuration parameters like the domain of the autopower server. Edit this to your needs. Also do the same to `deploy/cnConfig.sh` for the CN in the certificates. +- `deploy/create_client_cert.sh ` A script to generate certificates for the clients. Those need to be signed from a CA trusted by the server to allow encrypted connection. +- `serverIpConfig.sh` A bash script containing configuration parameters like the domain of the autopower server. Edit this to your needs. - `config/client_config.json.example`: Example config file for the client. This contains setting parameters like the uid of an autopower device. - `config/secrets.json.example`: Example config file which contains secrets like the path to certificates for the client. @@ -20,7 +20,7 @@ Afterwards compile the autopower client (mmclient) from this repository as descr You can also use the precompiled binaries from [GitHub releases](https://github.com/nsg-ethz/autopower/releases). -Now edit the `serverIpConfig.sh` script with the domain and IP of the autopower server and the `deploy/cnConfig.sh` file with the CN (usually the domain) of your server. +Now edit the `serverIpConfig.sh` script with the domain and IP of the autopower server. ### Setting up a Raspberry Pi @@ -42,7 +42,7 @@ First of all, flash an OS to the SD card of the Raspberry Pi. This project was t ### Deployment on the Pi -**Note:** This method uses a USB stick, but you can of course also copy the files via SFTP or SCP if you know the IP. +**Note:** This method uses a USB stick mounted at `/mnt`, but you can of course also copy the files via SFTP or SCP if you know the IP. **SSH Keys:** To add a SSH key for SSH connection to the Pi (e.g. if you did not use the Raspberry Pi imager), put your SSH Key into a file called `ssh_key.pub` in the `client/deploy/` folder. This will then be added to each Pis' `authorized_keys` file. diff --git a/client/deploy.sh b/client/deploy.sh index 8f365bd..52ad35b 100644 --- a/client/deploy.sh +++ b/client/deploy.sh @@ -48,7 +48,7 @@ cp config/secrets.json.example /etc/mmclient/secrets.json # replace magic string ßߧ$$$rplacePw$$$§ßß with actual password sed -i 's/ßߧ$$$rplacePw$$$§ßß/'"${PGPASSWORD}"'/' /etc/mmclient/secrets.json echo "Create client certificates..." -./deploy/create_client_cert.sh +./deploy/create_client_cert.sh "${REMOTEHOST}" mv client.key /etc/mmclient/client.key mv client.csr /etc/mmclient/client_"${DEVICENAME}".csr diff --git a/client/deploy/cnConfig.sh b/client/deploy/cnConfig.sh deleted file mode 100644 index 8b3de75..0000000 --- a/client/deploy/cnConfig.sh +++ /dev/null @@ -1,3 +0,0 @@ -# Edit the CN here - -CN="ee-tik-nsgvm057.ethz.ch" \ No newline at end of file diff --git a/client/deploy/create_client_cert.sh b/client/deploy/create_client_cert.sh index 1075778..13a8f9d 100755 --- a/client/deploy/create_client_cert.sh +++ b/client/deploy/create_client_cert.sh @@ -4,7 +4,7 @@ # source: https://github.com/grpc/grpc/issues/9593 -source cnConfig.sh +CN="${1}" openssl genrsa -des3 -passout pass:1111 -out client.key 4096 openssl req -new -passin pass:1111 -key client.key -out client.csr -sha512 -subj "/C=CH/ST=Switzerland/L=Zuerich/O=ETH-Zuerich/OU=D-ITET/CN=${CN}"