From 5f0388f0e364444c70e7d7eb2f405c42aafc9bc0 Mon Sep 17 00:00:00 2001 From: Tony Murray Date: Wed, 22 May 2019 13:31:24 -0500 Subject: [PATCH] Remove DB credentials from config.php Better validation when config.php does not exist Update docs and quote password only populate legacy vars in config_to_json drop .travis.yml config copy remove credentials from config.php.default Check for existance of .env instead of config.php in python scripts legacy credential cleanup tiny cleanups consistent env for artisan server and artisan dusk --- .env.dusk.testing | 1 - .travis.yml | 1 - LibreNMS/Config.php | 51 ++++++-------------- LibreNMS/Util/OS.php | 2 +- LibreNMS/Validations/Database.php | 2 +- LibreNMS/Validations/User.php | 7 ++- app/Http/Middleware/CheckInstalled.php | 4 +- config.php.default | 8 +--- config/database.php | 18 +++----- config_to_json.php | 3 ++ discovery-wrapper.py | 2 +- doc/Extensions/Authentication.md | 14 +++--- doc/Support/Configuration.md | 27 ++++++----- doc/Support/FAQ.md | 13 +----- includes/html/output/db-update.inc.php | 64 -------------------------- poller-wrapper.py | 2 +- services-wrapper.py | 2 +- tests/bootstrap.php | 7 ++- tests/config/config.test.php | 48 ------------------- validate.php | 2 +- 20 files changed, 67 insertions(+), 211 deletions(-) delete mode 100644 includes/html/output/db-update.inc.php delete mode 100755 tests/config/config.test.php diff --git a/.env.dusk.testing b/.env.dusk.testing index 9308ad4b7d..69a166e276 100644 --- a/.env.dusk.testing +++ b/.env.dusk.testing @@ -1,4 +1,3 @@ APP_URL=http://localhost:8000 -APP_KEY=base64:FSjpEaK3F9HnO40orj7FlbRI0loi1vtB3dVBcB9XaDk= APP_ENV=testing APP_DEBUG=true diff --git a/.travis.yml b/.travis.yml index 5a852431eb..919cee2b9c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,6 @@ before_install: - sudo apt-get -qq update - sudo apt-get install -y snmp fping python3-pip python3-setuptools - mysql -e 'CREATE DATABASE librenms_phpunit_78hunjuybybh CHARACTER SET utf8 COLLATE utf8_unicode_ci;' - - cp tests/config/config.test.php config.php install: - travis_retry composer install --no-interaction --prefer-dist --no-suggest diff --git a/LibreNMS/Config.php b/LibreNMS/Config.php index 0a056f6845..0d57f8fcc3 100644 --- a/LibreNMS/Config.php +++ b/LibreNMS/Config.php @@ -450,6 +450,9 @@ class Config } self::populateTime(); + + // populate legacy DB credentials, just in case something external uses them. Maybe remove this later + self::populateLegacyDbCredentials(); } /** @@ -488,42 +491,6 @@ class Config } } - /** - * Get just the database connection settings from config.php - * - * @return array (keys: db_host, db_port, db_name, db_user, db_pass, db_socket) - */ - public static function getDatabaseSettings() - { - // Do not access global $config in this function! - - $keys = $config = [ - 'db_host' => '', - 'db_port' => '', - 'db_name' => '', - 'db_user' => '', - 'db_pass' => '', - 'db_socket' => '', - ]; - - if (is_file(__DIR__ . '/../config.php')) { - include __DIR__ . '/../config.php'; - } - - // Check for testing database - if (isset($config['test_db_name'])) { - putenv('DB_TEST_DATABASE=' . $config['test_db_name']); - } - if (isset($config['test_db_user'])) { - putenv('DB_TEST_USERNAME=' . $config['test_db_user']); - } - if (isset($config['test_db_pass'])) { - putenv('DB_TEST_PASSWORD=' . $config['test_db_pass']); - } - - return array_intersect_key($config, $keys); // return only the db settings - } - /** * Locate the actual path of a binary * @@ -565,4 +532,16 @@ class Config self::set('time.year', $now - 31536000); // time() - (365 * 24 * 60 * 60); self::set('time.twoyear', $now - 63072000); // time() - (2 * 365 * 24 * 60 * 60); } + + public static function populateLegacyDbCredentials() + { + $db = config('database.default'); + + self::set('db_host', config("database.connections.$db.host", 'localhost')); + self::set('db_name', config("database.connections.$db.database", 'librenms')); + self::set('db_user', config("database.connections.$db.username", 'librenms')); + self::set('db_pass', config("database.connections.$db.password")); + self::set('db_port', config("database.connections.$db.port", 3306)); + self::set('db_socket', config("database.connections.$db.unix_socket")); + } } diff --git a/LibreNMS/Util/OS.php b/LibreNMS/Util/OS.php index e344e6f244..4449a6e286 100644 --- a/LibreNMS/Util/OS.php +++ b/LibreNMS/Util/OS.php @@ -100,7 +100,7 @@ class OS // remove previously cached os settings and replace with user settings $config = ['os' => []]; // local $config variable, not global - include "$install_dir/config.php"; // FIXME load db settings too or don't load config.php + @include "$install_dir/config.php"; // FIXME load db settings too or don't load config.php Config::set('os', $config['os']); // load the os defs fresh from cache (merges with existing OS settings) diff --git a/LibreNMS/Validations/Database.php b/LibreNMS/Validations/Database.php index bdb025cc73..b140f87282 100644 --- a/LibreNMS/Validations/Database.php +++ b/LibreNMS/Validations/Database.php @@ -107,7 +107,7 @@ class Database extends BaseValidation private function checkMysqlEngine(Validator $validator) { - $db = Config::get('db_name', 'librenms'); + $db = \config('database.connections.'.\config('database.default').'.database'); $query = "SELECT `TABLE_NAME` FROM information_schema.tables WHERE `TABLE_SCHEMA` = '$db' && `ENGINE` != 'InnoDB'"; $tables = dbFetchRows($query); if (!empty($tables)) { diff --git a/LibreNMS/Validations/User.php b/LibreNMS/Validations/User.php index a014527ac9..496a9cfbf2 100644 --- a/LibreNMS/Validations/User.php +++ b/LibreNMS/Validations/User.php @@ -44,13 +44,12 @@ class User extends BaseValidation { // Check we are running this as the root user $username = $validator->getUsername(); - $lnms_username = Config::get('user'); + $lnms_username = Config::get('user', 'librenms'); $lnms_groupname = Config::get('group', $lnms_username); // if group isn't set, fall back to user if (!($username === 'root' || $username === $lnms_username)) { if (isCli()) { - $validator->fail('You need to run this script as root' . - (Config::has('user') ? ' or ' . $lnms_username : '')); + $validator->fail("You need to run this script as $lnms_username or root"); } elseif (function_exists('posix_getgrnam')) { $lnms_group = posix_getgrnam($lnms_groupname); if (!in_array($username, $lnms_group['members'])) { @@ -73,7 +72,7 @@ class User extends BaseValidation } // Let's test the user configured if we have it - if (Config::has('user')) { + if ($lnms_username) { $dir = Config::get('install_dir'); $log_dir = Config::get('log_dir', "$dir/logs"); $rrd_dir = Config::get('rrd_dir', "$dir/rrd"); diff --git a/app/Http/Middleware/CheckInstalled.php b/app/Http/Middleware/CheckInstalled.php index d1fa9067fc..3a45ac1d89 100644 --- a/app/Http/Middleware/CheckInstalled.php +++ b/app/Http/Middleware/CheckInstalled.php @@ -39,12 +39,12 @@ class CheckInstalled */ public function handle($request, Closure $next) { - $installed = !config('librenms.install') && file_exists(base_path('config.php')); + $installed = !config('librenms.install') && file_exists(base_path('.env')); $is_install_route = $request->is('install*'); if (!$installed && !$is_install_route) { // no config.php does so let's redirect to the install - return redirect(route('install')); + return redirect()->route('install'); } elseif ($installed && $is_install_route) { throw new AuthorizationException('This should only be called during install'); } diff --git a/config.php.default b/config.php.default index 6a79fb8efb..b8aacd52db 100644 --- a/config.php.default +++ b/config.php.default @@ -2,19 +2,13 @@ ## Have a look in misc/config_definitions.json for examples of settings you can set here. DO NOT EDIT misc/config_definitions.json! -### Database config -$config['db_host'] = 'localhost'; -$config['db_user'] = 'USERNAME'; -$config['db_pass'] = 'PASSWORD'; -$config['db_name'] = 'librenms'; - // This is the user LibreNMS will run as //Please ensure this user is created and has the correct permissions to your install $config['user'] = 'librenms'; ### This should *only* be set if you want to *force* a particular hostname/port ### It will prevent the web interface being usable form any other hostname -$config['base_url'] = "/"; +#$config['base_url'] = "/"; ### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir ### and that your web server has permission to talk to rrdcached. diff --git a/config/database.php b/config/database.php index d2d65b2104..7a5723fc9f 100644 --- a/config/database.php +++ b/config/database.php @@ -9,9 +9,6 @@ */ use Illuminate\Support\Str; -use LibreNMS\Config; - -$fallback_db_config = Config::getDatabaseSettings(); return [ @@ -26,7 +23,7 @@ return [ | */ - 'default' => env('DB_CONNECTION', env('DBTEST') ? 'testing' : 'mysql'), + 'default' => env('DB_CONNECTION', env('APP_ENV') == 'testing' ? 'testing' : 'mysql'), /* |-------------------------------------------------------------------------- @@ -56,13 +53,12 @@ return [ 'mysql' => [ 'driver' => 'mysql', - 'url' => env('DATABASE_URL'), - 'host' => env('DB_HOST', $fallback_db_config['db_host']), - 'port' => env('DB_PORT', $fallback_db_config['db_port']), - 'database' => env('DB_DATABASE', $fallback_db_config['db_name']), - 'username' => env('DB_USERNAME', $fallback_db_config['db_user']), - 'password' => env('DB_PASSWORD', $fallback_db_config['db_pass']), - 'unix_socket' => env('DB_SOCKET', $fallback_db_config['db_socket']), + 'host' => env('DB_HOST', 'localhost'), + 'port' => env('DB_PORT', ''), + 'database' => env('DB_DATABASE', 'librenms'), + 'username' => env('DB_USERNAME', 'librenms'), + 'password' => env('DB_PASSWORD', ''), + 'unix_socket' => env('DB_SOCKET', ''), 'charset' => 'utf8', 'collation' => 'utf8_unicode_ci', 'prefix' => '', diff --git a/config_to_json.php b/config_to_json.php index 9f964929a1..f86793141b 100755 --- a/config_to_json.php +++ b/config_to_json.php @@ -13,5 +13,8 @@ $init_modules = ['nodb']; require __DIR__ . '/includes/init.php'; if (isCli()) { + // fill in db variables for legacy external scripts + Config::populateLegacyDbCredentials(); + echo Config::toJson(); } diff --git a/discovery-wrapper.py b/discovery-wrapper.py index 3885bccf43..2cc12a24cc 100755 --- a/discovery-wrapper.py +++ b/discovery-wrapper.py @@ -185,7 +185,7 @@ if __name__ == '__main__': logger = LNMS.logger_get_logger(LOG_FILE, debug=_DEBUG) install_dir = os.path.dirname(os.path.realpath(__file__)) - LNMS.check_for_file(install_dir + '/config.php') + LNMS.check_for_file(install_dir + '/.env') config = json.loads(LNMS.get_config_data(install_dir)) discovery_path = config['install_dir'] + '/discovery.php' diff --git a/doc/Extensions/Authentication.md b/doc/Extensions/Authentication.md index 92e0c4c0db..eb11064a7e 100644 --- a/doc/Extensions/Authentication.md +++ b/doc/Extensions/Authentication.md @@ -76,14 +76,14 @@ Enable debug output to troubleshoot issues Config option: `mysql` -This is default option with LibreNMS so you should have already have -the configuration setup. +This is default option with LibreNMS so you should have already have the configuration setup in your +environment file (.env). -```php -$config['db_host'] = "HOSTNAME"; -$config['db_user'] = "DBUSER"; -$config['db_pass'] = "DBPASS"; -$config['db_name'] = "DBNAME"; +```dotenv +DB_HOST=HOSTNAME +DB_DATABASE=DBNAME +DB_USERNAME=DBUSER +DB_PASSWORD="DBPASS" ``` # Active Directory Authentication diff --git a/doc/Support/Configuration.md b/doc/Support/Configuration.md index 567dc75aae..c0bbe69879 100644 --- a/doc/Support/Configuration.md +++ b/doc/Support/Configuration.md @@ -28,22 +28,25 @@ Log files created by LibreNMS will be stored within this directory. # Database config -These are the configuration options you will need to use to specify to get started. +Set these variables either in .env or in the environment. -```php -$config['db_host'] = '127.0.0.1'; -$config['db_port'] = 3306; -$config['db_user'] = ''; -$config['db_pass'] = ''; -$config['db_name'] = ''; +```dotenv +DB_HOST=127.0.0.1 +DB_DATABASE=librenms +DB_USERNAME=DBUSER +DB_PASSWORD="DBPASS" ``` -If you use a unix socket, you can specify it with these options: +Use non-standard port: -```php -$config['db_host'] = NULL; -$config['db_port'] = NULL; -$config['db_socket'] = '/run/mysqld/mysqld.sock'; +```dotenv +DB_PORT=3306 +``` + +Use a unix socket: + +```dotenv +DB_SOCKET=/run/mysqld/mysqld.sock ``` # Core diff --git a/doc/Support/FAQ.md b/doc/Support/FAQ.md index 3212df3bcb..5ad975d5e3 100644 --- a/doc/Support/FAQ.md +++ b/doc/Support/FAQ.md @@ -531,20 +531,11 @@ menu similarly to device types. If you've changed your database credentials then you will need to update LibreNMS with those new details. -Please edit both `config.php` and `.env` - -config.php: - -```php -$config['db_host'] = ''; -$config['db_user'] = ''; -$config['db_pass'] = ''; -$config['db_name'] = ''; -``` +Please edit `.env` [.env](../Support/Environment-Variables.md#database): -```bash +```dotenv DB_HOST= DB_DATABASE= DB_USERNAME= diff --git a/includes/html/output/db-update.inc.php b/includes/html/output/db-update.inc.php deleted file mode 100644 index 6dd0530504..0000000000 --- a/includes/html/output/db-update.inc.php +++ /dev/null @@ -1,64 +0,0 @@ -. - * - * @package LibreNMS - * @link http://librenms.org - * @copyright 2017 Tony Murray - * @author Tony Murray - */ - -$init_modules = ['web', 'nodb']; -require \LibreNMS\Config::get('install_dir') . '/includes/init.php'; -var_dump(session()->all()); exit; - -if (file_exists(\LibreNMS\Config::get('install_dir') . '/config.php')) { - echo("This should only be called during install"); - exit; -} - -header("Content-type: text/plain"); -header('X-Accel-Buffering: no'); - - -\LibreNMS\DB\Eloquent::setConnection( - 'setup', - session('dbhost'), - session('dbuser'), - session('dbpass'), - session('dbname'), - session('dbport') -); - -echo "Starting Update...\n"; -try { - $ret = \Artisan::call('migrate', ['--seed' => true, '--force' => true, '--database' => 'setup']); - - echo \Artisan::output(); - - if ($ret == 0 && \LibreNMS\DB\Schema::isCurrent()) { - echo "\n\nSuccess!"; - } else { - echo "\n\nError!"; - http_response_code(500); - } -} catch (Exception $e) { - echo $e->getMessage() . "\n\nError!"; - http_response_code(500); -} - diff --git a/poller-wrapper.py b/poller-wrapper.py index 9a08c0ec03..8ac94bd2f5 100755 --- a/poller-wrapper.py +++ b/poller-wrapper.py @@ -177,7 +177,7 @@ if __name__ == '__main__': logger = LNMS.logger_get_logger(LOG_FILE, debug=_DEBUG) install_dir = os.path.dirname(os.path.realpath(__file__)) - LNMS.check_for_file(install_dir + '/config.php') + LNMS.check_for_file(install_dir + '/.env') config = json.loads(LNMS.get_config_data(install_dir)) poller_path = config['install_dir'] + '/poller.php' diff --git a/services-wrapper.py b/services-wrapper.py index 21fb23e639..db00db589e 100755 --- a/services-wrapper.py +++ b/services-wrapper.py @@ -192,7 +192,7 @@ if __name__ == '__main__': logger = LNMS.logger_get_logger(LOG_FILE, debug=_DEBUG) install_dir = os.path.dirname(os.path.realpath(__file__)) - LNMS.check_for_file(install_dir + '/config.php') + LNMS.check_for_file(install_dir + '/.env') config = json.loads(LNMS.get_config_data(install_dir)) service_path = config['install_dir'] + '/check-services.php' diff --git a/tests/bootstrap.php b/tests/bootstrap.php index cb3ea93ad5..021abfc504 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -58,7 +58,12 @@ if (getenv('DBTEST')) { // create testing table if needed $db_config = \config("database.connections.testing"); $connection = new PDO("mysql:host={$db_config['host']}", $db_config['username'], $db_config['password']); - $connection->query("CREATE DATABASE IF NOT EXISTS {$db_config['database']} CHARACTER SET utf8 COLLATE utf8_unicode_ci"); + $result = $connection->query("CREATE DATABASE IF NOT EXISTS {$db_config['database']} CHARACTER SET utf8 COLLATE utf8_unicode_ci"); + if ($connection->errorCode() == '42000') { + echo implode(' ', $connection->errorInfo()) . PHP_EOL; + echo "Either create database {$db_config['database']} or populate DB_TEST_USERNAME and DB_TEST_PASSWORD in your .env with credentials that can" . PHP_EOL; + exit(1); + } unset($connection); // close connection // sqlite db file diff --git a/tests/config/config.test.php b/tests/config/config.test.php deleted file mode 100755 index 28eca4be35..0000000000 --- a/tests/config/config.test.php +++ /dev/null @@ -1,48 +0,0 @@ -