|
|
|
@ -21,12 +21,6 @@ use Hackzilla\PasswordGenerator\RandomGenerator\Php7RandomGenerator; |
|
|
|
*/ |
|
|
|
class MariadbInstallCommand extends Command |
|
|
|
{ |
|
|
|
// destination for username and password
|
|
|
|
const MCP_LOG_FILE = '/root/mcp.log'; |
|
|
|
|
|
|
|
// length for password
|
|
|
|
const PASSWORD_LENGTH = 40; |
|
|
|
|
|
|
|
/** |
|
|
|
* The signature of the command. |
|
|
|
* |
|
|
|
@ -124,7 +118,7 @@ class MariadbInstallCommand extends Command |
|
|
|
$this->info('Mariadb installing...Success! \o/'); |
|
|
|
|
|
|
|
if ($this->option('remote') === true) { |
|
|
|
$this->removeAccess(); |
|
|
|
$this->remoteAccess(); |
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
@ -140,21 +134,27 @@ class MariadbInstallCommand extends Command |
|
|
|
{ |
|
|
|
$this->info('Mariadb remote...'); |
|
|
|
system('mkdir -p /etc/mysql/ssl'); |
|
|
|
system('hostname', $hostname); |
|
|
|
|
|
|
|
$this->info('Generating CA'); |
|
|
|
system('openssl genrsa 4096 > /etc/mysql/ssl/ca-key.pem'); |
|
|
|
system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$name.'-mysql-ca"'); |
|
|
|
system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$hostname.'-mysql-ca"'); |
|
|
|
|
|
|
|
$this->info('Generating Server Certificate'); |
|
|
|
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$name.'-mysql-server"'); |
|
|
|
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$hostname.'-mysql-server"'); |
|
|
|
system('openssl rsa -in /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-key.pem'); |
|
|
|
system('openssl x509 -req -in /etc/mysql/ssl/server-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/server-cert.pem'); |
|
|
|
|
|
|
|
$this->info('Generating Client Certificate'); |
|
|
|
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$name.'-mysql-server"'); |
|
|
|
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$hostname.'-mysql-server"'); |
|
|
|
system('openssl rsa -in /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-key.pem'); |
|
|
|
system('openssl x509 -req -in /etc/mysql/ssl/client-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/client-cert.pem'); |
|
|
|
|
|
|
|
if (!file_exist('/etc/mysql/ssl/ca-cert.pem') || !file_exist('/etc/mysql/ssl/client-cert.pem') || file_exist('/etc/mysql/ssl/client-key.pem')) { |
|
|
|
$this->error('Failed! Certificates not created!'); |
|
|
|
exit(); |
|
|
|
} |
|
|
|
|
|
|
|
$this->info('Validate Certificates'); |
|
|
|
system('openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem'); |
|
|
|
|
|
|
|
@ -169,14 +169,13 @@ ssl-key=/etc/mysql/ssl/server-key.pem |
|
|
|
[client] |
|
|
|
ssl-ca=/etc/mysql/ssl/ca-cert.pem |
|
|
|
ssl-cert=/etc/mysql/ssl/client-cert.pem |
|
|
|
ssl-key=/etc/mysql/ssl/client-key.pem |
|
|
|
EOF'); |
|
|
|
ssl-key=/etc/mysql/ssl/client-key.pem'); |
|
|
|
|
|
|
|
system('chown -R mysql:mysql /etc/mysql/ssl'); |
|
|
|
system('chmod 644 /etc/mysql/ssl/*cert*'); |
|
|
|
system('chmod 644 /etc/mysql/ssl/*key*'); |
|
|
|
|
|
|
|
system('service restart mariadb'); |
|
|
|
system('service restart mysql'); |
|
|
|
system('ufw allow mysql'); |
|
|
|
|
|
|
|
$this->info('Mariadb remote...Success! \o/'); |
|
|
|
|
