diff --git a/doc/PXEN310-0000_TN_PXPortal_Integration.md b/doc/PXEN310-0000_TN_PXPortal_Integration.md index 8043fa2..a42df78 100644 --- a/doc/PXEN310-0000_TN_PXPortal_Integration.md +++ b/doc/PXEN310-0000_TN_PXPortal_Integration.md @@ -164,6 +164,7 @@ This repository contains: * __docker-compose.yml__: docker config of three PXPortal services * __conf__: dnsmasq and Nginx configuration * __webapp__: sources of portal webpage +* __setup.sh__: script to setup PXPortal ```{#plantuml title="ECA-captive tree"} @@ -178,18 +179,19 @@ This repository contains: +++ nginx.conf ++ docker-compose.yml ++ webapp +++ setup.sh } } @endsalt ``` -### 2. Run PXPortal +### 2. Running PXPortal for the first time ```bash # Go into ECA-captive folder cd ECA-captive # Start all services in daemon mode -docker-compose up -d +./setup.sh ``` @@ -208,62 +210,118 @@ docker-compose up -d \clearpage -## SSH Config +## startup.sh + +__startup.sh__ allows to: -Such as portal_service requires MAC addresses thanks to ARP command. But from a docker context, the command has to execute from the host in order to get MAC addresses from IP clients. This is _how to do this_ in few steps +* start PXPortal and perform some sanity checks +* setup ssh config and update environment varianles used by _docker-compose.yml_ file in order to execute arp commands from docker to host. (Required by portal_service to get MAC addresses from IP clients) +* check portal APIs are alive -### 1. Generate a docker SSH Public key +\clearpage ```bash -### On your HOST -# Launch portal_service shell -docker exec -it pxportal_service sh - -### On portal_service shell -# Generate a SSH key to be able to send ARP command from docker to host -ssh-keygen -# Display and copy ssh public key -cat /root/.ssh/id_rsa.pub - -### Exit portal_shell -# Edit HOST ssh authorized_keys -# and paste previous ssh public key of portal_service -vi ~/.ssh/authorized_keys -``` +#/bin/sh + +check_ping () { + echo "[-] ping $1" + echo $1 | xargs ping -c 1 > /dev/null + if [ "$?" -ne "0" ] + then + exit + fi +} -### 2. Update HOST IP address from portal_service +check_wget () { + echo "[-] wget $1" + echo $1 | xargs wget -q -O out > /dev/null + if [ "$?" -ne "0" ] + then + exit + fi +} -```bash -### On your HOST -# Launch portal_service shell -docker exec -it pxportal_service sh - -### On portal_service shell -# Show all network interfaces available -ifconfig -# Keep in memory the inet addr of eth0 -# HOST IP address from docker should be this IP address -# by remplacing last number by 1 -# EX: 172.20.0.2 => 172.20.0.1 = HOST_IP -# Check your ssh public key is set correctly -# and update known_hosts on first SSH connection -ssh [HOST_NAME]@[HOST_IP] -# EX ssh elta@172.20.0.1 -# Check ARP command can be run -ssh [HOST_NAME]@[HOST_IP] arp -n -# A list of IP with matching MAC will be appeared -# If not, try again from the beginning -``` +check_docker () { + local IS_RUN=$(docker ps | grep $1 | wc -l | xargs echo -n) + if [ "$IS_RUN" -ne "1" ] + then + echo "/!\ Docker $1 is not running" + echo " Run following command for more details" + echo " docker-compose up" + exit + fi +} -### 3. Update docker-compose.yml ARP_CMD +faildMsg () { + if [ "$1" -ne "0" ] + then + echo "---" + echo "/!\ Setup Failed" + echo " $2" + exit + fi +} -Update the environment variable __ARP_CMD__ in _your docker-compose.yml_ with the right HOST_NAME and HOST_IP found in step 2. +getGateway () { + local NETWORK_MODE=`docker inspect -f "{{ .HostConfig.NetworkMode }}" $1` + docker inspect -f "{{ .NetworkSettings.Networks.$NETWORK_MODE.Gateway }}" $1 +} -```bash -# Go into ECA-captive folder -cd ECA-captive -# Start all services in daemon mode +echo "[>] Starting PXPortal" docker-compose up -d +sleep 1 +check_docker pxportal_nginx +check_docker pxportal_dnsmasq +check_docker pxportal_service +echo "Gateway pxportal_service: $(getGateway pxportal_service)" +echo "Gateway pxportal_dnsmasq: $(getGateway pxportal_dnsmasq)" +echo "Gateway pxportal_nginx : $(getGateway pxportal_nginx)" + +echo "[>] Checking ssh keys" +docker exec pxportal_service cat /root/.ssh/id_rsa.pub > /dev/null +if [ "$?" -ne "0" ] +then + echo "[>] generating ssh keys" + docker exec pxportal_service ssh-keygen -N "" -f /root/.ssh/id_rsa +fi + +SSH_PUB=$(docker exec pxportal_service cat /root/.ssh/id_rsa.pub) +HAS_SSH=$(cat ~/.ssh/authorized_keys | grep "$SSH_PUB" | wc -l | xargs echo -n) +if [ "$HAS_SSH" -eq "0" ] +then + echo "[>] Copying public key into host authorized_keys" + echo $SSH_PUB >> ~/.ssh/authorized_keys +fi + +echo "[>] Try ARP command from docker" +GATEWAY=$(getGateway pxportal_service) +ARP_CMD_OPT='"StrictHostKeyChecking no"' +ARP_CMD="ssh -o $ARP_CMD_OPT $USER@$GATEWAY arp -n" + +echo $ARP_CMD | xargs docker exec pxportal_service +faildMsg $? "Failed to exec arp command from docker | check ssh config" + +echo "[>] Updating .env" +echo "# Updated at $(date)" > .env +echo "ARP_CMD=$ARP_CMD" >> .env + +echo "[>] Restarting PXPortal" +docker-compose up -d + +mkdir -p /tmp/pxportal-tst +cd /tmp/pxportal-tst + +echo "[>] Checking all" +check_ping "google.com" +check_ping "apple.com" +check_ping "portal.eca.aero" +check_ping "captive.eca.aero" + +check_wget "test.google.com" +check_wget "test.google.com/validate" + +echo "---" +echo "[!] Setup done with success" ``` \clearpage @@ -286,7 +344,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Host $remote_addr; - proxy_pass http://172.19.0.1:8031; + proxy_pass http://172.19.0.1:8031; } access_log captive-pxportal-access.log; @@ -339,8 +397,7 @@ services: - pxportal environment: - REDIRECT_TO=http://portal.eca.aero/index.html -# TO UPDATE FROM SSH Config part - - ARP_CMD=ssh elta@172.21.0.1 arp -n + - ARP_CMD=${ARP_CMD} ports: - "8889:8889" diff --git a/doc/PXEN310-0000_TN_PXPortal_Integration.pdf b/doc/PXEN310-0000_TN_PXPortal_Integration.pdf index e7bea46..c56d2bb 100644 Binary files a/doc/PXEN310-0000_TN_PXPortal_Integration.pdf and b/doc/PXEN310-0000_TN_PXPortal_Integration.pdf differ