Update install/uninstall scripts for encrypted IAM config
This commit is contained in:
@@ -379,29 +379,25 @@ if [[ "$SKIP_SYSTEMD" != true ]]; then
|
|||||||
echo " ---------------"
|
echo " ---------------"
|
||||||
if systemctl is-active --quiet myfsio; then
|
if systemctl is-active --quiet myfsio; then
|
||||||
echo " [OK] MyFSIO is running"
|
echo " [OK] MyFSIO is running"
|
||||||
|
echo ""
|
||||||
IAM_FILE="$DATA_DIR/.myfsio.sys/config/iam.json"
|
echo " ============================================"
|
||||||
if [[ -f "$IAM_FILE" ]]; then
|
echo " ADMIN CREDENTIALS (save these securely!)"
|
||||||
echo ""
|
echo " ============================================"
|
||||||
echo " ============================================"
|
CRED_OUTPUT=$(journalctl -u myfsio --no-pager -n 50 2>/dev/null | grep -A 5 "FIRST RUN - ADMIN CREDENTIALS")
|
||||||
echo " ADMIN CREDENTIALS (save these securely!)"
|
ACCESS_KEY=$(echo "$CRED_OUTPUT" | grep "Access Key:" | head -1 | sed 's/.*Access Key: //' | awk '{print $1}')
|
||||||
echo " ============================================"
|
SECRET_KEY=$(echo "$CRED_OUTPUT" | grep "Secret Key:" | head -1 | sed 's/.*Secret Key: //' | awk '{print $1}')
|
||||||
if command -v jq &>/dev/null; then
|
if [[ -n "$ACCESS_KEY" && "$ACCESS_KEY" != *"from"* && -n "$SECRET_KEY" && "$SECRET_KEY" != *"from"* ]]; then
|
||||||
ACCESS_KEY=$(jq -r '.users[0].access_key' "$IAM_FILE" 2>/dev/null)
|
echo " Access Key: $ACCESS_KEY"
|
||||||
SECRET_KEY=$(jq -r '.users[0].secret_key' "$IAM_FILE" 2>/dev/null)
|
echo " Secret Key: $SECRET_KEY"
|
||||||
else
|
else
|
||||||
ACCESS_KEY=$(grep -o '"access_key"[[:space:]]*:[[:space:]]*"[^"]*"' "$IAM_FILE" | head -1 | sed 's/.*"\([^"]*\)"$/\1/')
|
echo " [!] Could not extract credentials from service logs."
|
||||||
SECRET_KEY=$(grep -o '"secret_key"[[:space:]]*:[[:space:]]*"[^"]*"' "$IAM_FILE" | head -1 | sed 's/.*"\([^"]*\)"$/\1/')
|
echo " Check startup output: journalctl -u myfsio --no-pager | grep -A 5 'ADMIN CREDENTIALS'"
|
||||||
fi
|
echo " Or reset credentials: $INSTALL_DIR/myfsio reset-cred"
|
||||||
if [[ -n "$ACCESS_KEY" && -n "$SECRET_KEY" ]]; then
|
|
||||||
echo " Access Key: $ACCESS_KEY"
|
|
||||||
echo " Secret Key: $SECRET_KEY"
|
|
||||||
else
|
|
||||||
echo " [!] Could not parse credentials from $IAM_FILE"
|
|
||||||
echo " Check the file manually or view service logs."
|
|
||||||
fi
|
|
||||||
echo " ============================================"
|
|
||||||
fi
|
fi
|
||||||
|
echo " ============================================"
|
||||||
|
echo ""
|
||||||
|
echo " NOTE: The IAM config file is encrypted at rest."
|
||||||
|
echo " Credentials are only shown on first run or after reset."
|
||||||
else
|
else
|
||||||
echo " [WARNING] MyFSIO may not have started correctly"
|
echo " [WARNING] MyFSIO may not have started correctly"
|
||||||
echo " Check logs with: journalctl -u myfsio -f"
|
echo " Check logs with: journalctl -u myfsio -f"
|
||||||
@@ -427,12 +423,13 @@ echo " API: http://$(hostname -I 2>/dev/null | awk '{print $1}' || echo "local
|
|||||||
echo " UI: http://$(hostname -I 2>/dev/null | awk '{print $1}' || echo "localhost"):$UI_PORT/ui"
|
echo " UI: http://$(hostname -I 2>/dev/null | awk '{print $1}' || echo "localhost"):$UI_PORT/ui"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Credentials:"
|
echo "Credentials:"
|
||||||
echo " Admin credentials were shown above (if service was started)."
|
echo " Admin credentials are shown on first service start (see above)."
|
||||||
echo " You can also find them in: $DATA_DIR/.myfsio.sys/config/iam.json"
|
echo " The IAM config is encrypted at rest and cannot be read directly."
|
||||||
|
echo " To reset credentials: $INSTALL_DIR/myfsio reset-cred"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Configuration Files:"
|
echo "Configuration Files:"
|
||||||
echo " Environment: $INSTALL_DIR/myfsio.env"
|
echo " Environment: $INSTALL_DIR/myfsio.env"
|
||||||
echo " IAM Users: $DATA_DIR/.myfsio.sys/config/iam.json"
|
echo " IAM Users: $DATA_DIR/.myfsio.sys/config/iam.json (encrypted)"
|
||||||
echo " Bucket Policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
|
echo " Bucket Policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
|
||||||
echo " Secret Key: $DATA_DIR/.myfsio.sys/config/.secret (auto-generated)"
|
echo " Secret Key: $DATA_DIR/.myfsio.sys/config/.secret (auto-generated)"
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
@@ -230,11 +230,14 @@ if [[ "$KEEP_DATA" == true ]]; then
|
|||||||
echo ""
|
echo ""
|
||||||
echo "Preserved files include:"
|
echo "Preserved files include:"
|
||||||
echo " - All buckets and objects"
|
echo " - All buckets and objects"
|
||||||
echo " - IAM configuration: $DATA_DIR/.myfsio.sys/config/iam.json"
|
echo " - IAM configuration: $DATA_DIR/.myfsio.sys/config/iam.json (encrypted at rest)"
|
||||||
echo " - Bucket policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
|
echo " - Bucket policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
|
||||||
echo " - Secret key: $DATA_DIR/.myfsio.sys/config/.secret"
|
echo " - Secret key: $DATA_DIR/.myfsio.sys/config/.secret"
|
||||||
echo " - Encryption keys: $DATA_DIR/.myfsio.sys/keys/ (if encryption was enabled)"
|
echo " - Encryption keys: $DATA_DIR/.myfsio.sys/keys/ (if encryption was enabled)"
|
||||||
echo ""
|
echo ""
|
||||||
|
echo "NOTE: The IAM config is encrypted and requires the SECRET_KEY to read."
|
||||||
|
echo " Keep the .secret file intact for reinstallation."
|
||||||
|
echo ""
|
||||||
echo "To reinstall MyFSIO with existing data:"
|
echo "To reinstall MyFSIO with existing data:"
|
||||||
echo " ./install.sh --data-dir $DATA_DIR"
|
echo " ./install.sh --data-dir $DATA_DIR"
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
Reference in New Issue
Block a user