tentakelfabrik
/
mcp
1
0
Fork 0
Code Issues 8 Pull Requests 0 Releases 4 Wiki Activity
Browse Source

adding #34

master
Björn 5 years ago
parent
df7645c21e
commit
f09af98a4a
2 changed files with 13 additions and 15 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -2
      app/Commands/MariadbClientInstallCommand.php
  2. +12
    -13
      app/Commands/MariadbInstallCommand.php

+ 1
- 2
app/Commands/MariadbClientInstallCommand.php View File

@ -91,8 +91,7 @@ class MariadbClientInstallCommand extends Command
[client] [client]
ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-ca=/etc/mysql/ssl/ca-cert.pem
ssl-cert=/etc/mysql/ssl/client-cert.pem ssl-cert=/etc/mysql/ssl/client-cert.pem
ssl-key=/etc/mysql/ssl/client-key.pem
EOF');
ssl-key=/etc/mysql/ssl/client-key.pem');
system('chown -R mysql:mysql /etc/mysql/ssl'); system('chown -R mysql:mysql /etc/mysql/ssl');
system('chmod 644 /etc/mysql/ssl/*cert*'); system('chmod 644 /etc/mysql/ssl/*cert*');


+ 12
- 13
app/Commands/MariadbInstallCommand.php View File

@ -21,12 +21,6 @@ use Hackzilla\PasswordGenerator\RandomGenerator\Php7RandomGenerator;
*/ */
class MariadbInstallCommand extends Command class MariadbInstallCommand extends Command
{ {
// destination for username and password
const MCP_LOG_FILE = '/root/mcp.log';
// length for password
const PASSWORD_LENGTH = 40;
/** /**
* The signature of the command. * The signature of the command.
* *
@ -124,7 +118,7 @@ class MariadbInstallCommand extends Command
$this->info('Mariadb installing...Success! \o/'); $this->info('Mariadb installing...Success! \o/');
if ($this->option('remote') === true) { if ($this->option('remote') === true) {
$this->removeAccess();
$this->remoteAccess();
} }
} else { } else {
@ -140,21 +134,27 @@ class MariadbInstallCommand extends Command
{ {
$this->info('Mariadb remote...'); $this->info('Mariadb remote...');
system('mkdir -p /etc/mysql/ssl'); system('mkdir -p /etc/mysql/ssl');
system('hostname', $hostname);
$this->info('Generating CA'); $this->info('Generating CA');
system('openssl genrsa 4096 > /etc/mysql/ssl/ca-key.pem'); system('openssl genrsa 4096 > /etc/mysql/ssl/ca-key.pem');
system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$name.'-mysql-ca"');
system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$hostname.'-mysql-ca"');
$this->info('Generating Server Certificate'); $this->info('Generating Server Certificate');
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$name.'-mysql-server"');
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$hostname.'-mysql-server"');
system('openssl rsa -in /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-key.pem'); system('openssl rsa -in /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-key.pem');
system('openssl x509 -req -in /etc/mysql/ssl/server-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/server-cert.pem'); system('openssl x509 -req -in /etc/mysql/ssl/server-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/server-cert.pem');
$this->info('Generating Client Certificate'); $this->info('Generating Client Certificate');
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$name.'-mysql-server"');
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$hostname.'-mysql-server"');
system('openssl rsa -in /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-key.pem'); system('openssl rsa -in /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-key.pem');
system('openssl x509 -req -in /etc/mysql/ssl/client-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/client-cert.pem'); system('openssl x509 -req -in /etc/mysql/ssl/client-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/client-cert.pem');
if (!file_exist('/etc/mysql/ssl/ca-cert.pem') || !file_exist('/etc/mysql/ssl/client-cert.pem') || file_exist('/etc/mysql/ssl/client-key.pem')) {
$this->error('Failed! Certificates not created!');
exit();
}
$this->info('Validate Certificates'); $this->info('Validate Certificates');
system('openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem'); system('openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem');
@ -169,14 +169,13 @@ ssl-key=/etc/mysql/ssl/server-key.pem
[client] [client]
ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-ca=/etc/mysql/ssl/ca-cert.pem
ssl-cert=/etc/mysql/ssl/client-cert.pem ssl-cert=/etc/mysql/ssl/client-cert.pem
ssl-key=/etc/mysql/ssl/client-key.pem
EOF');
ssl-key=/etc/mysql/ssl/client-key.pem');
system('chown -R mysql:mysql /etc/mysql/ssl'); system('chown -R mysql:mysql /etc/mysql/ssl');
system('chmod 644 /etc/mysql/ssl/*cert*'); system('chmod 644 /etc/mysql/ssl/*cert*');
system('chmod 644 /etc/mysql/ssl/*key*'); system('chmod 644 /etc/mysql/ssl/*key*');
system('service restart mariadb');
system('service restart mysql');
system('ufw allow mysql'); system('ufw allow mysql');
$this->info('Mariadb remote...Success! \o/'); $this->info('Mariadb remote...Success! \o/');


Write Preview
Loading…
Cancel
Save