You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
315 lines
14 KiB
315 lines
14 KiB
#!/bin/bash
|
|
|
|
echo ""
|
|
echo "----------------------------------------"
|
|
echo "Entgra IoT Server IP configuration tool"
|
|
echo "----------------------------------------"
|
|
|
|
##################################### IP configs related to core ####################################
|
|
|
|
echo ""
|
|
echo ">>> Step 1: Change current IP address of the IoT server"
|
|
|
|
echo ""
|
|
echo "Please enter the IoT Core IP that you need to replace (if you are trying out IoT server for the first time this will be localhost)"
|
|
read -r val1;
|
|
|
|
while [[ -z $val1 ]]; do #if $val1 is a zero length String
|
|
echo "Please enter the IoT Core IP that you need to replace (if you are trying out IoT server for the first time this will be localhost)"
|
|
read -r val1;
|
|
done
|
|
|
|
echo ""
|
|
echo "Please enter your current IP"
|
|
read -r val2;
|
|
|
|
while [[ -z $val2 ]]; do #if $val2 is a zero length String
|
|
echo "Please enter your current IP"
|
|
read -r val2;
|
|
done
|
|
|
|
echo "--------------------------------------"
|
|
echo "All your " + "$val1" + " IP's are replaced with " + "$val2" ;
|
|
echo "--------------------------------------"
|
|
|
|
echo "Changing <IoT_HOME>/conf/carbon.xml"
|
|
sed -i -e 's#\(<HostName>\)'"$val1"'\(</HostName>\)#\1'"$val2"'\2#g' ../conf/carbon.xml
|
|
sed -i -e 's#\(<MgtHostName>\)'"$val1"'\(</MgtHostName>\)#\1'"$val2"'\2#g' ../conf/carbon.xml
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/conf/identity/sso-idp-config.xml"
|
|
sed -i -e 's/'"$val1"'/'"$val2"'/g' ../conf/identity/sso-idp-config.xml
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/conf/iot-api-config.xml"
|
|
sed -i -e 's/'"$val1"'/'"$val2"'/g' ../conf/iot-api-config.xml
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/app-conf.json"
|
|
sed -i -e 's/"identityProvider.*/\"identityProviderUrl\"\ :\ "https\:\/\/'"$val2"':9443\/samlsso\"\,/' ../repository/deployment/server/jaggeryapps/devicemgt/app/conf/app-conf.json
|
|
sed -i -e 's/"acs.*/\"acs\"\ :\ "https\:\/\/'"$val2"':9443\/devicemgt\/uuf\/sso\/acs\"\,/' ../repository/deployment/server/jaggeryapps/devicemgt/app/conf/app-conf.json
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json"
|
|
sed -i -e 's/"androidAgentDownloadURL.*/\"androidAgentDownloadURL\":\ "https\:\/\/\%iot.manager.host\%\:\%iot.manager.https.port\%\/devicemgt\/public\/cdmf.unit.device.type.android.type-view\/assets\/android-agent.apk\",/' ../repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/repository/deployment/server/jaggeryapps/api-store/site/conf/site.json"
|
|
sed -i -e 's/"identityProvider.*/\"identityProviderURL\"\ :\ "https\:\/\/'"$val2"':9443\/samlsso\"\,/' ../repository/deployment/server/jaggeryapps/api-store/site/conf/site.json
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/conf/api-manager.xml"
|
|
if grep -q '<!-- Server URL of the API key manager -->' ../conf/api-manager.xml;
|
|
then
|
|
echo 'found'
|
|
sed -i -e 's|<!-- Server URL of the API key manager -->||' ../conf/api-manager.xml
|
|
fi
|
|
|
|
if grep -q "<ServerURL>https:\/\/\${carbon.local.ip}:\${mgt.transport.https.port}\${carbon.context}services\/<\/ServerURL>" ../conf/api-manager.xml;
|
|
then
|
|
echo 'found'
|
|
sed -i -e "s/<ServerURL>https:\/\/\${carbon.local.ip}:\${mgt.transport.https.port}\${carbon.context}services\/<\/ServerURL>//" ../conf/api-manager.xml
|
|
fi
|
|
|
|
if grep -q "<ServerURL>https:\/\/$val2:\${mgt.transport.https.port}\${carbon.context}services\/<\/ServerURL>" ../conf/api-manager.xml;
|
|
then
|
|
echo 'found'
|
|
sed -i -e "s/<ServerURL>https:\/\/$val2:\${mgt.transport.https.port}\${carbon.context}services\/<\/ServerURL>//" ../conf/api-manager.xml
|
|
fi
|
|
|
|
sed -i -e 's/<APIKeyValidator>/<APIKeyValidator><!-- Server URL of the API key manager --><ServerURL>https:\/\/'"$val2"'\:\$\{mgt\.transport\.https\.port\}\$\{carbon\.context\}services\/<\/ServerURL>/g' ../conf/api-manager.xml
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
if grep -q "<RevokeAPIURL>https:\/\/localhost:\${https.nio.port}\/revoke<\/RevokeAPIURL>" ../conf/api-manager.xml;
|
|
then
|
|
sed -i -e "s|<RevokeAPIURL>https:\/\/localhost:\${https.nio.port}\/revoke<\/RevokeAPIURL>|<RevokeAPIURL>https:\/\/$val2:\${https.nio.port}\/revoke<\/RevokeAPIURL>|" ../conf/api-manager.xml
|
|
fi
|
|
|
|
if grep -q "<RevokeAPIURL>https:\/\/$val1:\${https.nio.port}\/revoke<\/RevokeAPIURL>" ../conf/api-manager.xml;
|
|
then
|
|
sed -i -e "s|<RevokeAPIURL>https:\/\/$val1:\${https.nio.port}\/revoke<\/RevokeAPIURL>|<RevokeAPIURL>https:\/\/$val2:\${https.nio.port}\/revoke<\/RevokeAPIURL>|" ../conf/api-manager.xml
|
|
fi
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/conf/etc/webapp-publisher-config.xml"
|
|
sed -i -e 's#\(<EnabledUpdateApi>\)false\(</EnabledUpdateApi>\)#\1'"true"'\2#g' ../conf/etc/webapp-publisher-config.xml
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/bin/iot-server.sh"
|
|
sed -i -e 's/-Diot.manager.host.*/-Diot.manager.host="'"$val2"'" \\/' ../bin/iot-server.sh
|
|
sed -i -e 's/-Diot.core.host.*/-Diot.core.host="'"$val2"'" \\/' ../bin/iot-server.sh
|
|
sed -i -e 's/-Diot.keymanager.host.*/-Diot.keymanager.host="'"$val2"'" \\/' ../bin/iot-server.sh
|
|
sed -i -e 's/-Diot.gateway.host.*/-Diot.gateway.host="'"$val2"'" \\/' ../bin/iot-server.sh
|
|
echo "Completed!!"
|
|
|
|
#----------------------
|
|
echo ""
|
|
echo "Changing hostURL of <IoT_HOME>/wso2/broker/conf/broker.xml"
|
|
if grep -q '<property name="hostURL">https://'"$val1"':9443/services/OAuth2TokenValidationService</property>' ../wso2/broker/conf/broker.xml;
|
|
then
|
|
echo "found"
|
|
sed -i -e 's|<property name="hostURL">https:\/\/'"$val1"':9443\/services\/OAuth2TokenValidationService</\property>|<property name="hostURL">https:\/\/'"$val2"':9443\/services\/OAuth2TokenValidationService</\property>|' ../wso2/broker/conf/broker.xml
|
|
echo "Completed!!"
|
|
fi
|
|
|
|
#------------------------
|
|
echo ""
|
|
echo "Changing tokenEndpoint of <IoT_HOME>/wso2/broker/conf/broker.xml"
|
|
if grep -q '<property name="tokenEndpoint">https:\/\/'"$val1"':8243</\property>' ../wso2/broker/conf/broker.xml;
|
|
then
|
|
echo "found"
|
|
sed -i -e 's|<property name="tokenEndpoint">https:\/\/'"$val1"':8243</\property>|<property name="tokenEndpoint">https:\/\/'"$val2"':8243</\property>|' ../wso2/broker/conf/broker.xml
|
|
echo "Completed!!"
|
|
fi
|
|
|
|
#--------------------------
|
|
echo ""
|
|
echo "Changing deviceMgtServerUrl of <IoT_HOME>/wso2/broker/conf/broker.xml"
|
|
if grep -q '<property name="deviceMgtServerUrl">https:\/\/'"$val1"':8243</\property>' ../wso2/broker/conf/broker.xml;
|
|
then
|
|
echo "found"
|
|
sed -i -e 's|<property name="deviceMgtServerUrl">https:\/\/'"$val1"':8243</\property>|<property name="deviceMgtServerUrl">https:\/\/'"$val2"':8243</\property>|' ../wso2/broker/conf/broker.xml
|
|
echo "Completed!!"
|
|
fi
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/wso2/analytics/bin/wso2server.sh"
|
|
sed -i -e 's/-Diot.keymanager.host.*/-Diot.keymanager.host="'"$val2"'" \\/' ../wso2/analytics/bin/wso2server.sh
|
|
sed -i -e 's/-Diot.gateway.host.*/-Diot.gateway.host="'"$val2"'" \\/' ../wso2/analytics/bin/wso2server.sh
|
|
echo "Completed!!"
|
|
|
|
##################################### IP configs related to broker ####################################
|
|
echo ""
|
|
echo ""
|
|
echo ">>> Step 2: Change current IP address of the IoT Broker"
|
|
echo "-------------------------------------------------------"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/wso2/analytics/bin/wso2server.sh"
|
|
sed -i -e 's/-Dmqtt.broker.host.*/-Dmqtt.broker.host="'"$val2"'" \\/' ../wso2/analytics/bin/wso2server.sh
|
|
echo "Completed!!"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/bin/iot-server.sh"
|
|
sed -i -e 's/-Dmqtt.broker.host.*/-Dmqtt.broker.host="'"$val2"'" \\/' ../bin/iot-server.sh
|
|
echo "Completed!!"
|
|
|
|
echo "Changing <IoT_HOME>/wso2/broker/conf/carbon.xml"
|
|
sed -i -e 's#\(<HostName>\)'"$val1"'\(</HostName>\)#\1'"$val2"'\2#g' ../wso2/broker/conf/carbon.xml
|
|
sed -i -e 's#\(<MgtHostName>\)'"$val1"'\(</MgtHostName>\)#\1'"$val2"'\2#g' ../wso2/broker/conf/carbon.xml
|
|
echo "Completed!!"
|
|
|
|
##################################### IP configs related to analytics ####################################
|
|
|
|
echo ""
|
|
echo ""
|
|
echo ">>> Step 3: Change current IP address of the IoT Analytics"
|
|
echo "-------------------------------------------------------"
|
|
|
|
#--------------------
|
|
echo "Changing <IoT_HOME>/bin/iot-server.sh"
|
|
sed -i -e 's/-Diot.analytics.host.*/-Diot.analytics.host="'"$val2"'" \\/' ../bin/iot-server.sh
|
|
echo "Completed!!"
|
|
|
|
echo "Changing <IoT_HOME>/wso2/analytics/conf/carbon.xml"
|
|
sed -i -e 's#\(<HostName>\)'"$val1"'\(</HostName>\)#\1'"$val2"'\2#g' ../wso2/analytics/conf/carbon.xml
|
|
sed -i -e 's#\(<MgtHostName>\)'"$val1"'\(</MgtHostName>\)#\1'"$val2"'\2#g' ../wso2/analytics/conf/carbon.xml
|
|
echo "Completed!!"
|
|
|
|
echo ""
|
|
echo "-----------------------------------------------"
|
|
echo "Generating SSL certificates for the IoT Server"
|
|
echo "-----------------------------------------------"
|
|
echo ""
|
|
|
|
B_SUBJ=''
|
|
C_SUBJ=''
|
|
A_SUBJ=''
|
|
SAN_NAMES=''
|
|
slash='/'
|
|
equal='='
|
|
|
|
buildSubject(){
|
|
if [ "$1" = "CN" ]; then
|
|
echo "Please provide Common Name "
|
|
read -r val
|
|
while [[ -z $val ]]; do #if $val is a zero length String
|
|
echo "Common name(your server IP/hostname) cannot be null. Please enter the Common name."
|
|
read -r val;
|
|
done
|
|
if [ -n "$val" ]; then #This is true if $val is not empty (If $val is not a non zero length String)
|
|
if [ "$3" = "C" ]; then
|
|
C_SUBJ="$C_SUBJ$slash$1$equal$val"
|
|
return
|
|
elif [ "$3" = "B" ]; then
|
|
B_SUBJ="$B_SUBJ$slash$1$equal$val"
|
|
return
|
|
else
|
|
A_SUBJ="$A_SUBJ$slash$1$equal$val"
|
|
return
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
echo "Please provide ""$2"". Press Enter to skip."
|
|
read -r val;
|
|
if [ -n "$val" ]; then #If $val is not a zero length String; This is same as if[ -n $val]; then
|
|
if [ "$3" = "C" ]; then
|
|
C_SUBJ="$C_SUBJ$slash$1$equal$val"
|
|
return
|
|
elif [ "$3" = "B" ]; then
|
|
B_SUBJ="$B_SUBJ$slash$1$equal$val"
|
|
return
|
|
elif [ "$3" = "S" ]; then
|
|
SAN_NAMES="DNS:$val$4$SAN_NAMES"
|
|
buildSubject 'SAN' 'SAN' 'S' ','
|
|
return
|
|
else
|
|
A_SUBJ="$A_SUBJ$slash$1$equal$val"
|
|
return
|
|
fi
|
|
fi
|
|
}
|
|
|
|
if [ -d "tmp" ]; then
|
|
rm -rf tmp
|
|
fi
|
|
|
|
mkdir tmp
|
|
|
|
echo ''
|
|
echo '=======Enter Values for IoT Core SSL Certificate======='
|
|
|
|
buildSubject 'C' 'Country' 'C'
|
|
buildSubject 'ST' 'State' 'C'
|
|
buildSubject 'L' 'Location' 'C'
|
|
buildSubject 'O' 'Organization' 'C'
|
|
buildSubject 'OU' 'Organizational Unit' 'C'
|
|
buildSubject 'emailAddress' 'Email Address' 'C'
|
|
buildSubject 'CN' 'Common Name' 'C'
|
|
buildSubject 'SAN' 'SAN' 'S'
|
|
|
|
echo ""
|
|
echo 'Provided IoT Core SSL Subject : ' "$C_SUBJ"
|
|
|
|
echo 'If you have a different IoT Core Keystore password please enter it here. Press Enter to use the default password.'
|
|
read -r -s password
|
|
if [ -n "$password" ]; then
|
|
SSL_PASS=$password
|
|
else
|
|
SSL_PASS="wso2carbon"
|
|
fi
|
|
|
|
echo ""
|
|
echo "Generating SSL Certificate for IoT Core"
|
|
openssl genrsa -out ./tmp/c.key 4096
|
|
openssl req -new -key ./tmp/c.key -out ./tmp/c.csr -subj "$C_SUBJ"
|
|
if [ -z "$SAN_NAMES" ]; then
|
|
openssl x509 -req -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt
|
|
else
|
|
openssl x509 -req -extfile <(printf "subjectAltName=%s" "$SAN_NAMES") -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt
|
|
fi
|
|
|
|
echo "Export to PKCS12"
|
|
openssl pkcs12 -export -out ./tmp/CKEYSTORE.p12 -inkey ./tmp/c.key -in ./tmp/c.crt -name "wso2carbon" -password pass:$SSL_PASS
|
|
|
|
echo "Export PKCS12 to JKS"
|
|
keytool -importkeystore -srckeystore ./tmp/CKEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ../repository/resources/security/wso2carbon.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
|
|
keytool -importkeystore -srckeystore ./tmp/CKEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ../repository/resources/security/client-truststore.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
|
|
|
|
keytool -importkeystore -srckeystore ./tmp/CKEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ../wso2/broker/repository/resources/security/wso2carbon.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
|
|
keytool -importkeystore -srckeystore ./tmp/CKEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ../wso2/broker/repository/resources/security/client-truststore.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
|
|
|
|
keytool -importkeystore -srckeystore ./tmp/CKEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ../wso2/analytics/repository/resources/security/wso2carbon.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
|
|
keytool -importkeystore -srckeystore ./tmp/CKEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ../wso2/analytics/repository/resources/security/client-truststore.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
|
|
|
|
echo ""
|
|
echo "Setting up the public certificate for the default idp"
|
|
if hash tac; then
|
|
VAR=$(keytool -exportcert -alias wso2carbon -keystore ../repository/resources/security/wso2carbon.jks -rfc -storepass wso2carbon | tail -n +2 | tac | tail -n +2 | tac | tr -cd "[:print:]");
|
|
else
|
|
VAR=$(keytool -exportcert -alias wso2carbon -keystore ../repository/resources/security/wso2carbon.jks -rfc -storepass wso2carbon | tail -n +2 | tail -r | tail -n +2 | tail -r | tr -cd "[:print:]"); fi
|
|
|
|
echo ""
|
|
echo "Printing certificate"
|
|
echo "-----------------------"
|
|
echo "$VAR"
|
|
sed -i -e 's#<Certificate>.*#<Certificate>'"$VAR"'</Certificate>#g' ../conf/identity/identity-providers/iot_default.xml
|
|
|
|
echo ""
|
|
if [ -e "../conf/identity/identity-providers/iot_default.xml-e" ]; then
|
|
echo "IDP temp file exists, hence removing"
|
|
rm -f ../conf/identity/identity-providers/iot_default.xml-e
|
|
fi
|
|
|
|
echo ""
|
|
echo "Configuration Completed!!!"
|