make sure that setup_FTL_ProcessDNSSettings is the last thing called, else user set environment variables will be overridden when it sources setupVars.conf
Some additional tweaks
This commit is contained in:
parent
970c45c950
commit
e75e3800a2
|
@ -1,4 +1,13 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
|
||||||
|
# else it will get overridden itself when we source basic-install.sh
|
||||||
|
[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
|
||||||
|
|
||||||
|
# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
|
||||||
|
[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_REPLY_ADDR4" && export "FTLCONF_REPLY_ADDR4"="$ServerIP"
|
||||||
|
[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_REPLY_ADDR6" && export "FTLCONF_REPLY_ADDR6"="$ServerIPv6"
|
||||||
|
|
||||||
# Some of the bash_functions use utilities from Pi-hole's utils.sh
|
# Some of the bash_functions use utilities from Pi-hole's utils.sh
|
||||||
# shellcheck disable=SC2154
|
# shellcheck disable=SC2154
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
|
@ -356,28 +365,26 @@ load_web_password_secret() {
|
||||||
|
|
||||||
setup_web_password() {
|
setup_web_password() {
|
||||||
if [ -z "${WEBPASSWORD+x}" ] ; then
|
if [ -z "${WEBPASSWORD+x}" ] ; then
|
||||||
# ENV WEBPASSWORD is not set
|
# ENV WEBPASSWORD_OVERRIDE is not set
|
||||||
|
|
||||||
# Exit if setupvars already has a password
|
# Exit if setupvars already has a password
|
||||||
setup_var_exists "WEBPASSWORD" && return
|
setup_var_exists "WEBPASSWORD" && return
|
||||||
|
|
||||||
# Generate new random password
|
# Generate new random password
|
||||||
WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
|
WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
|
||||||
echo "Assigning random password: $WEBPASSWORD"
|
echo "Assigning random password: $WEBPASSWORD"
|
||||||
else
|
else
|
||||||
# ENV WEBPASSWORD is set an will be used
|
# ENV WEBPASSWORD_OVERRIDE is set and will be used
|
||||||
echo "::: Assigning password defined by Environment Variable"
|
echo "::: Assigning password defined by Environment Variable"
|
||||||
|
# WEBPASSWORD="$WEBPASSWORD"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
PASS="$WEBPASSWORD"
|
|
||||||
|
|
||||||
# Explicitly turn off bash printing when working with secrets
|
# Explicitly turn off bash printing when working with secrets
|
||||||
{ set +x; } 2>/dev/null
|
{ set +x; } 2>/dev/null
|
||||||
|
|
||||||
if [[ "$PASS" == "" ]] ; then
|
if [[ "$WEBPASSWORD" == "" ]] ; then
|
||||||
echo "" | pihole -a -p
|
echo "" | pihole -a -p
|
||||||
else
|
else
|
||||||
pihole -a -p "$PASS" "$PASS"
|
pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# To avoid printing this if conditional in bash debug, turn off debug above..
|
# To avoid printing this if conditional in bash debug, turn off debug above..
|
||||||
|
|
|
@ -1,14 +1,5 @@
|
||||||
#!/bin/bash -e
|
#!/bin/bash -e
|
||||||
|
|
||||||
# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
|
|
||||||
# else it will get overridden when we source bash_functions.sh
|
|
||||||
# (which then sources basic-install.sh)
|
|
||||||
[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
|
|
||||||
|
|
||||||
# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
|
|
||||||
[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_REPLY_ADDR4" && export "FTLCONF_REPLY_ADDR4"="$ServerIP"
|
|
||||||
[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_REPLY_ADDR6" && export "FTLCONF_REPLY_ADDR6"="$ServerIPv6"
|
|
||||||
|
|
||||||
# The below functions are all contained in bash_functions.sh
|
# The below functions are all contained in bash_functions.sh
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
. /bash_functions.sh
|
. /bash_functions.sh
|
||||||
|
@ -30,21 +21,6 @@ echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
|
||||||
validate_env || exit 1
|
validate_env || exit 1
|
||||||
ensure_basic_configuration
|
ensure_basic_configuration
|
||||||
|
|
||||||
# FTL setup
|
|
||||||
# ===========================
|
|
||||||
setup_FTL_upstream_DNS
|
|
||||||
[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
|
|
||||||
apply_FTL_Configs_From_Env
|
|
||||||
setup_FTL_User
|
|
||||||
setup_FTL_Interface
|
|
||||||
setup_FTL_CacheSize
|
|
||||||
setup_FTL_query_logging
|
|
||||||
setup_FTL_server || true
|
|
||||||
[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
|
|
||||||
[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
|
|
||||||
[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
|
|
||||||
setup_FTL_ProcessDNSSettings
|
|
||||||
|
|
||||||
# Web interface setup
|
# Web interface setup
|
||||||
# ===========================
|
# ===========================
|
||||||
setup_web_port
|
setup_web_port
|
||||||
|
@ -65,6 +41,22 @@ setup_lighttpd_bind
|
||||||
setup_admin_email
|
setup_admin_email
|
||||||
setup_blocklists
|
setup_blocklists
|
||||||
|
|
||||||
|
# FTL setup
|
||||||
|
# ===========================
|
||||||
|
setup_FTL_upstream_DNS
|
||||||
|
[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
|
||||||
|
apply_FTL_Configs_From_Env
|
||||||
|
setup_FTL_User
|
||||||
|
setup_FTL_Interface
|
||||||
|
setup_FTL_CacheSize
|
||||||
|
setup_FTL_query_logging
|
||||||
|
setup_FTL_server || true
|
||||||
|
[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
|
||||||
|
[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
|
||||||
|
[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
|
||||||
|
# The following must be called last! It will source setupVars.conf and override any env vars users pass in before they have been applied
|
||||||
|
setup_FTL_ProcessDNSSettings
|
||||||
|
|
||||||
test_configs
|
test_configs
|
||||||
|
|
||||||
[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
|
[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
|
||||||
|
|
|
@ -13,14 +13,14 @@ RUN apt-get update && \
|
||||||
RUN curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
|
RUN curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
|
||||||
chmod +x /usr/local/bin/docker-compose
|
chmod +x /usr/local/bin/docker-compose
|
||||||
|
|
||||||
COPY ./Dockerfile.sh /usr/local/bin/
|
COPY ./cmd.sh /usr/local/bin/
|
||||||
COPY Pipfile* /root/
|
COPY Pipfile* /root/
|
||||||
WORKDIR /root
|
WORKDIR /root
|
||||||
|
|
||||||
RUN pipenv install --system \
|
RUN pipenv install --system \
|
||||||
&& sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.8/site-packages/testinfra/backend/docker.py
|
&& sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.8/site-packages/testinfra/backend/docker.py
|
||||||
|
|
||||||
RUN echo "set -ex && Dockerfile.sh && \$@" > /usr/local/bin/entrypoint.sh
|
RUN echo "set -ex && cmd.sh && \$@" > /usr/local/bin/entrypoint.sh
|
||||||
RUN chmod +x /usr/local/bin/entrypoint.sh
|
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||||
ENTRYPOINT entrypoint.sh
|
ENTRYPOINT entrypoint.sh
|
||||||
CMD Dockerfile.sh
|
CMD cmd.sh
|
||||||
|
|
|
@ -5,9 +5,9 @@ import re
|
||||||
|
|
||||||
SETUPVARS_LOC='/etc/pihole/setupVars.conf'
|
SETUPVARS_LOC='/etc/pihole/setupVars.conf'
|
||||||
DNSMASQ_CONFIG_LOC = '/etc/dnsmasq.d/01-pihole.conf'
|
DNSMASQ_CONFIG_LOC = '/etc/dnsmasq.d/01-pihole.conf'
|
||||||
EVAL_SETUP_FTL_CACHESIZE='. ./bash_functions.sh ; eval `grep setup_FTL_CacheSize /start.sh`'
|
CMD_SETUP_FTL_CACHESIZE='. bash_functions.sh ; setup_FTL_CacheSize'
|
||||||
EVAL_SETUP_FTL_INTERFACE='. ./bash_functions.sh ; eval `grep setup_FTL_Interface /start.sh`'
|
CMD_SETUP_FTL_INTERFACE='. bash_functions.sh ; setup_FTL_Interface'
|
||||||
EVAL_SETUP_WEB_PASSWORD='. ./bash_functions.sh ; eval `grep setup_web_password /start.sh`'
|
CMD_SETUP_WEB_PASSWORD='. bash_functions.sh ; setup_web_password'
|
||||||
|
|
||||||
def _cat(file):
|
def _cat(file):
|
||||||
return 'cat {}'.format(file)
|
return 'cat {}'.format(file)
|
||||||
|
@ -76,7 +76,7 @@ def test_overrides_default_custom_cache_size(docker, slow, test_args, cache_size
|
||||||
def test_bad_input_to_custom_cache_size(docker, slow, test_args):
|
def test_bad_input_to_custom_cache_size(docker, slow, test_args):
|
||||||
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
||||||
|
|
||||||
docker.run(EVAL_SETUP_FTL_CACHESIZE)
|
docker.run(CMD_SETUP_FTL_CACHESIZE)
|
||||||
slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
|
slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
|
||||||
|
|
||||||
@pytest.mark.parametrize('test_args', [
|
@pytest.mark.parametrize('test_args', [
|
||||||
|
@ -85,7 +85,7 @@ def test_bad_input_to_custom_cache_size(docker, slow, test_args):
|
||||||
def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
|
def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
|
||||||
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
||||||
|
|
||||||
docker.run(EVAL_SETUP_FTL_CACHESIZE)
|
docker.run(CMD_SETUP_FTL_CACHESIZE)
|
||||||
slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
|
slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
|
||||||
|
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
|
||||||
])
|
])
|
||||||
def test_dns_interface_override_defaults(docker, slow, args_env, expected_stdout, expected_config_line):
|
def test_dns_interface_override_defaults(docker, slow, args_env, expected_stdout, expected_config_line):
|
||||||
''' When INTERFACE environment var is passed in, overwrite dnsmasq interface '''
|
''' When INTERFACE environment var is passed in, overwrite dnsmasq interface '''
|
||||||
function = docker.run(EVAL_SETUP_FTL_INTERFACE)
|
function = docker.run(CMD_SETUP_FTL_INTERFACE)
|
||||||
assert expected_stdout in function.stdout
|
assert expected_stdout in function.stdout
|
||||||
slow(lambda: expected_config_line + '\n' == docker.run('grep "^PIHOLE_INTERFACE" {}'.format(SETUPVARS_LOC)).stdout)
|
slow(lambda: expected_config_line + '\n' == docker.run('grep "^PIHOLE_INTERFACE" {}'.format(SETUPVARS_LOC)).stdout)
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ def test_debian_setup_php_env(docker, expected_lines, repeat_function):
|
||||||
|
|
||||||
def test_webpassword_random_generation(docker):
|
def test_webpassword_random_generation(docker):
|
||||||
''' When a user sets webPassword env the admin password gets set to that '''
|
''' When a user sets webPassword env the admin password gets set to that '''
|
||||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||||
assert 'assigning random password' in function.stdout.lower()
|
assert 'assigning random password' in function.stdout.lower()
|
||||||
|
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ def test_webpassword_random_generation(docker):
|
||||||
])
|
])
|
||||||
def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(docker, args_env, secure, setupvars_hash):
|
def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(docker, args_env, secure, setupvars_hash):
|
||||||
''' When a user sets webPassword env the admin password gets set or removed if empty '''
|
''' When a user sets webPassword env the admin password gets set or removed if empty '''
|
||||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||||
|
|
||||||
if secure:
|
if secure:
|
||||||
assert 'new password set' in function.stdout.lower()
|
assert 'new password set' in function.stdout.lower()
|
||||||
|
@ -150,7 +150,7 @@ def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(docker, ar
|
||||||
@pytest.mark.parametrize('test_args', ['-e WEBPASSWORD=login', '-e WEBPASSWORD=""'])
|
@pytest.mark.parametrize('test_args', ['-e WEBPASSWORD=login', '-e WEBPASSWORD=""'])
|
||||||
def test_env_always_updates_password(docker, args_env, test_args):
|
def test_env_always_updates_password(docker, args_env, test_args):
|
||||||
'''When a user sets the WEBPASSWORD environment variable, ensure it always sets the password'''
|
'''When a user sets the WEBPASSWORD environment variable, ensure it always sets the password'''
|
||||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||||
|
|
||||||
assert '::: Assigning password defined by Environment Variable' in function.stdout
|
assert '::: Assigning password defined by Environment Variable' in function.stdout
|
||||||
|
|
||||||
|
@ -159,7 +159,7 @@ def test_env_always_updates_password(docker, args_env, test_args):
|
||||||
def test_setupvars_trumps_random_password_if_set(docker, args_env, test_args):
|
def test_setupvars_trumps_random_password_if_set(docker, args_env, test_args):
|
||||||
'''If a password is already set in setupvars, and no password is set in the environment variable, do not generate a random password'''
|
'''If a password is already set in setupvars, and no password is set in the environment variable, do not generate a random password'''
|
||||||
docker.run('. /opt/pihole/utils.sh ; addOrEditKeyValPair {} WEBPASSWORD volumepass'.format(SETUPVARS_LOC))
|
docker.run('. /opt/pihole/utils.sh ; addOrEditKeyValPair {} WEBPASSWORD volumepass'.format(SETUPVARS_LOC))
|
||||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||||
|
|
||||||
assert 'Pre existing WEBPASSWORD found' in function.stdout
|
assert 'Pre existing WEBPASSWORD found' in function.stdout
|
||||||
assert docker.run(_grep('WEBPASSWORD=volumepass', SETUPVARS_LOC)).rc == 0
|
assert docker.run(_grep('WEBPASSWORD=volumepass', SETUPVARS_LOC)).rc == 0
|
||||||
|
|
Loading…
Reference in New Issue