Browse Source

Make burnpaste endpoint configurable, improve tests, fix README

master
Teran McKinney 2 years ago
parent
commit
92bd03e682
  1. 35
      README.md
  2. 5
      debian-9.go
  3. 4
      ipxeplease.go
  4. 5
      ipxeplease.service
  5. 10
      main.go
  6. 13
      test.sh
  7. 4
      web.go

35
README.md

@ -1,39 +1,14 @@
# Decensor
# ipxeplease
golang file/asset manager for tagging and helping ensure data is replicated and not censored.
golang IPXE script generator, kinda.
You say: {"operating_system": "debian-9", "ssh_key": "ssh-rsa..."}, it makes a preseed and uploads it to a [burnpaste](https://github.com/teran-mckinney/burnpaste), then gives you back the ipxescript and the root password it generated.
## Installation
Fetch the code, then run `go build`
Or: `go get -v github.com/teran-mckinney/decensor`
## Upgrading
If you used Decensor from commit b8dd5ff51fdb6b391556e4534a84f77adb574451 (July 15th, 2019) or earlier, you'll need to run `decensor back_tag_all_assets` before doing any other operations.
## Usage
* decensor init
* decensor add_and_tag objectioablememe.png censoredtopic_1 censoredtopic_2
* decensor assets
* decensor tags
* decensor web :4444 # Browse to localhost:4444
Also see [decensor.service](decensor.service) for a sample Systemd service file.
### Get Bootstrap theme so web mode doesn't look awful
* curl -O https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
* decensor add bootstrap.min.css # File extension must end in .css when added for it to work in browsers due to the Content-Type.
## TODO
* Import/export?
## Consider
* Changing hash format to multihash for shorter SHA256SUMs?
Or: `go get -v github.com/teran-mckinney/ipxeplease`
## License

5
debian-9.go

@ -74,7 +74,8 @@ d-i finish-install/reboot_in_progress note
d-i preseed/late_command string apt-install openssh-server; in-target mkdir /root/.ssh; in-target sh -c "echo '{{.SSHKEY}}' > /root/.ssh/authorized_keys"; in-target systemctl enable serial-getty@ttyS0.service`
func debian9(ssh_key string) (IPXE, error) {
func debian9(ssh_key, burnpaste_endpoint string) (IPXE, error) {
// burnpaste_endpoint is a running burnpaste instance to store our preseed data.
var response IPXE
var return_script bytes.Buffer
var rendered_preseed bytes.Buffer
@ -95,7 +96,7 @@ func debian9(ssh_key string) (IPXE, error) {
tmpl.Execute(&rendered_preseed, preseed_arguments)
hash := md5.Sum(rendered_preseed.Bytes())
hash_hex := hex.EncodeToString(hash[:])
url, err := burnpaste.Write("http://localhost:2323", rendered_preseed.Bytes())
url, err := burnpaste.Write(burnpaste_endpoint, rendered_preseed.Bytes())
if err != nil {
return response, err
}

4
ipxeplease.go

@ -14,12 +14,12 @@ type IPXE struct {
const ErrorUnsupportedOS = "Unsupported operating system."
func ipxe(operating_system, ssh_key string) (IPXE, error) {
func ipxe(operating_system, ssh_key, burnpaste_endpoint string) (IPXE, error) {
switch operating_system {
case "coreos-stable":
return coreosStable(ssh_key)
case "debian-9":
return debian9(ssh_key)
return debian9(ssh_key, burnpaste_endpoint)
default:
return IPXE{}, errors.New(ErrorUnsupportedOS)
}

5
ipxeplease.service

@ -1,9 +1,12 @@
[Unit]
Description=ipxeplease
After=burnpaste.service
# Whatever burnpaste endpoint you put in (http://localhost:2323), it will have to be resolvable by whatever is booting.
[Service]
DynamicUser=yes
ExecStart=/usr/local/bin/ipxeplease web :4444
ExecStart=/usr/local/bin/ipxeplease web :4444 http://localhost:2323
ProtectSystem=strict
NoNewPrivileges=yes
Restart=on-failure

10
main.go

@ -15,7 +15,7 @@ func usage() {
fmt.Fprintln(os.Stderr, "Usage: ipxeplease <command> [argument]")
fmt.Fprintln(os.Stderr, "Command: ipxe <operating system> <ssh key>")
fmt.Fprintln(os.Stderr, "Command: list")
fmt.Fprintln(os.Stderr, "Command: web <port> (Example: :5555)")
fmt.Fprintln(os.Stderr, "Command: web <port> <burnpaste endpoint> (Example: :5555 http://localhost:2323)")
os.Exit(1)
}
@ -38,8 +38,8 @@ func main() {
}
switch os.Args[1] {
case "ipxe":
exactly_arguments(4)
ipxescript, err := ipxe(os.Args[2], os.Args[3])
exactly_arguments(5)
ipxescript, err := ipxe(os.Args[2], os.Args[3], os.Args[4])
fatal_error(err)
fmt.Fprintf(os.Stderr, "Root password: %s\n\n", *ipxescript.RootPassword)
fmt.Print(ipxescript.Script)
@ -49,8 +49,8 @@ func main() {
fatal_error(err)
print_list(our_list)
case "web":
exactly_arguments(3)
web(os.Args[2])
exactly_arguments(4)
web(os.Args[2], os.Args[3])
default:
usage()
}

13
test.sh

@ -13,8 +13,12 @@ go build
strip -s ipxeplease
./ipxeplease web :5555 http://localhost:2323 &
PID=$!
cleanup() {
echo "Cleaning up."
kill "$PID"
}
trap fail $(seq 1 64)
@ -26,3 +30,12 @@ fail() {
}
# Very unfinished
curl -s --show-error --fail "http://localhost:5555"/list || fail "Should be able to list.."
curl -s --show-error --fail "http://localhost:5555"/list | grep 'debian-9' || fail "debian-9 should be in list"
cleanup
./ipxeplease list
echo Success

4
web.go

@ -14,7 +14,7 @@ type IPXERequest struct {
SSHKey string `json:"ssh_key"`
}
func web(port string) {
func web(port, burnpaste_endpoint string) {
/* Statsd statistics. This works fine with or without. */
s, err := statsd.New(statsd.Prefix("ipxeplease"))
if err != nil {
@ -57,7 +57,7 @@ func web(port string) {
}
log.Printf("OS: %s, Key: %s", request.OperatingSystem, request.SSHKey)
ipxe_struct, err := ipxe(request.OperatingSystem, request.SSHKey)
ipxe_struct, err := ipxe(request.OperatingSystem, request.SSHKey, burnpaste_endpoint)
if err != nil {
log.Print(err)
statusCode := http.StatusInternalServerError

Loading…
Cancel
Save