gogoCHAD v0.0.2

2023-03-20 17:34:40 +09:00 · 2023-03-20 17:34:40 +09:00 · 65ede3d703
commit 65ede3d703
parent bf2787f0fd
2 changed files with 227 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,101 @@
-# gogoCHAD
+```sh
+█▀▀ █▀█ █▀▀ █▀█ █▀▀ █░█ ▄▀█ █▀▄
+█▄█ █▄█ █▄█ █▄█ █▄▄ █▀█ █▀█ █▄▀
+⣿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠛⠛⠛⠋⠉⠈⠉⠉⠉⠉⠛⠻⢿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣿⡿⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⢿⣿⣿⣿⣿
+⣿⣿⣿⣿⡏⣀⠀⠀⠀⠀⠀⠀⠀⣀⣤⣤⣤⣄⡀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿
+⣿⣿⣿⢏⣴⣿⣷⠀⠀⠀⠀⠀⢾⣿⣿⣿⣿⣿⣿⡆⠀⠀⠀⠀⠀⠀⠀⠈⣿⣿
+⣿⣿⣟⣾⣿⡟⠁⠀⠀⠀⠀⠀⢀⣾⣿⣿⣿⣿⣿⣷⢢⠀⠀⠀⠀⠀⠀⠀⢸⣿
+⣿⣿⣿⣿⣟⠀⡴⠄⠀⠀⠀⠀⠀⠀⠙⠻⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⣿
+⣿⣿⣿⠟⠻⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠶⢴⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⣿
+⣿⣁⡀⠀⠀⢰⢠⣦⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣿⣿⣿⣿⡄⠀⣴⣶⣿⡄⣿
+⣿⡋⠀⠀⠀⠎⢸⣿⡆⠀⠀⠀⠀⠀⠀⣴⣿⣿⣿⣿⣿⣿⣿⠗⢘⣿⣟⠛⠿⣼
+⣿⣿⠋⢀⡌⢰⣿⡿⢿⡀⠀⠀⠀⠀⠀⠙⠿⣿⣿⣿⣿⣿⡇⠀⢸⣿⣿⣧⢀⣼
+⣿⣿⣷⢻⠄⠘⠛⠋⠛⠃⠀⠀⠀⠀⠀⢿⣧⠈⠉⠙⠛⠋⠀⠀⠀⣿⣿⣿⣿⣿
+⣿⣿⣧⠀⠈⢸⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠟⠀⠀⠀⠀⢀⢃⠀⠀⢸⣿⣿⣿⣿
+⣿⣿⡿⠀⠴⢗⣠⣤⣴⡶⠶⠖⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡸⠀⣿⣿⣿⣿
+⣿⣿⣿⡀⢠⣾⣿⠏⠀⠠⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠛⠉⠀⣿⣿⣿⣿
+⣿⣿⣿⣧⠈⢹⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⣿⣿⣿⣿
+⣿⣿⣿⣿⡄⠈⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣾⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣿⣦⣄⣀⣀⣀⣀⠀⠀⠀⠀⠘⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡄⠀⠀⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠙⣿⣿⡟⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⠀⠁⠀⠀⠹⣿⠃⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⣿⣿⣿⣿⡿⠛⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⢐⣿⣿⣿⣿⣿⣿⣿⣿⣿
+⣿⣿⣿⣿⠿⠛⠉⠉⠁⠀⢻⣿⡇⠀⠀⠀⠀⠀⠀⢀⠈⣿⣿⡿⠉⠛⠛⠛⠉⠉
+⣿⡿⠋⠁⠀⠀⢀⣀⣠⡴⣸⣿⣇⡄⠀⠀⠀⠀⢀⡿⠄⠙⠛⠀⣀⣠⣤⣤⠄  # gogoCHAD by MOIS3Y
+```
+# Companion script for Quick access to a server with VM/DCImanager 6 installed
+
+Allows you to quickly and in one line access the server using the generated platform administrator key.
+- Safe
+- Reliable
+- No hassle
+
+## Features
+
+- It finds a guaranteed administrator himself
+- Generates a link for authorization
+- Container is very small based on Alpine Linux
+- Once accessed, container and image will be deleted
+- There is error handling if access cannot be obtained
+
+## Run with gogoCHAD:
+- Get instructions and generate a key pair to access the GO server.
+- Fill in the parameters in the configuration section
+- Give a name to the companion script like gogo
+- Give the script permission to execute chmod 754 gogo attributes should be [-rwxr-xr--]
+- Place the script in a directory that is on the path of the $PATH environment variable (echo $PATH)
+ The paths are separated by the symbol : you can put here for example /usr/local/bin/gogo
+- Restart terminal
+
+## The syntax to connect is:
+```sh
+      gogo --vm host.domain.zone 22
+      gogo --dci host.domain.zone 2222
+      gogo --bill host.domain.zone 22
+      gogo --vm 8.8.8.8 220122
+      gogo --dns 8.8.8.8  # (without specifying a port, the default port 22 will be used)
+```
+
+
+
+
+## Info:
+Environment variables are used as input to the container:
+| ENV | VM6 | DCI6 |
+| ------ | ------ |------ |
+| PLATFORM | vm   |dci    |
+| CLIENT_HOST |ip  |ip    |
+
+To obtain the VM/DCImanager access key, a container is downloaded to the client server,
+which connects to the platform stack makes a query to the database receives a list of 10
+finds the first guaranteed admin among them
+most likely it will be id 2 or 3.
+The container then makes a request to get the key
+passing admin id or email via internal authentication api.
+
+ After the container has completed and returns the output with access, it will automatically be deleted.
+ The command sent by this script also includes a command that will remove the image from
+ client server, so access leaves no trace on the server.
+ In addition, the container reads config.json with read-only permissions, while querying the database and
+ obtaining a key does not affect the operation of the platform and does not make changes.
+ 
+ Access to panels of the 5th generation remains the same if the client server listens only on port 443
+will have to remove it from the link.
+When the container is updated, you will need to replace the version tag in the configuration: 0.0.x
+
+
+
+
+### Known issues:
+
+- Sometimes the key for DCI/VMmanager 6 may work,
+therefore, this problem is solved by connecting by cookies.
+- If the client did not provide a port or access is denied, the access script will not work,
+you need to find out the correct port and ask to remove the firewall restrictions.
+Moreover, if these are panels of the 5th generation, you will receive an access link, but it will not work as expected
+this is due to the fact that the link is generated before the request to the client server.

-Companion script for QuickAccess helps to remotely access the web interface of VM/DCImanager 6.
-Also for 5th generation control panels
--- a/gogoCHAD.sh
+++ b/gogoCHAD.sh
@ -0,0 +1,127 @@
+#!/usr/bin/env bash
+
+# █▀▀ █▀█ █▄░█ █▀▀ █ █▀▀
+# █▄▄ █▄█ █░▀█ █▀░ █ █▄█
+# ---------------------------------------
+
+# REQUIRED:
+go_server="ssh.ispsystem.net"                   # set here GO server address
+key_path="/home/stepan/.ssh/ispkeys/ISP_ecdsa"  # set here fullpath to you private ssh_key
+key_username="s.zhukovskii"                     # set first half your name from corp email
+
+# UPGRADABLE OVER TIME
+image="mois3y/isp_support:0.0.2"                # set image helpfull image for access to VM/DCI
+
+# OPTIONAL:
+hide_output=">> /dev/null"                     # uncomment this line to hide image pull and rm info
+
+
+
+# █▀▄▀█ ▄▀█ █ █▄░█
+# █░▀░█ █▀█ █ █░▀█
+# ----------------------------
+
+# Check second arument (if empty set default 22 port)
+if ! [ -z $3 ]; then PORT=$3; else PORT=22; fi
+
+# Parse address
+address=$(echo $2 | egrep -o '[a-zA-Z0-9\.\-]+\.[a-zA-Z0-9\.\-]+')
+
+# SSH full command:
+ssh_run="ssh -t -i $key_path $key_username@$go_server go $address -p$PORT"
+
+# Access functions:
+access_vmdci() {
+    # bin command:
+    docker_pull="/usr/bin/docker pull $image $hide_output"
+    docker_rm="/usr/bin/docker image rm $image $hide_output" # delete image from client host
+    docker_run="/usr/bin/docker run"
+
+    # docker command params:
+    conf_file="/opt/ispsystem/$platform/config.json"
+    scripts_path="/root"
+
+    mount_conf="--mount type=bind,source=$conf_file,target=/app/config.json,readonly"
+    mount_host="--mount type=bind,source=$scripts_path,target=/app/host"
+
+    # start container:
+    container_params="$network $mount_conf $mount_host -e PLATFORM=$platform -e CLIENT_HOST=$address --rm $image"
+
+    # ENTRYPOINT:
+    echo "Сonnect to client server and get access to web UI please wait...."
+    $ssh_run "$docker_pull && $docker_run $container_params && $docker_rm"
+    echo "Сonnect to client server again with ssh session please wait...."
+    $ssh_run
+
+}
+
+access_fivegen() {
+    KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+    # bin command:
+    key_gen="/usr/local/mgr5/sbin/mgrctl -m $panel session.newkey key=$KEY"
+
+    # ENTRYPOINT:
+    echo "Сonnect to client server and get access to web UI please wait...."
+    $ssh_run "$key_gen"
+    echo ""
+    echo "Your access link:"
+    echo ""
+    echo "============================================================================="
+    echo "https://$address:1500/$panel?func=auth&key=$KEY"
+    echo "============================================================================="
+    echo ""
+    echo "Сonnect to client server again with ssh session please wait...."
+    echo ""
+    $ssh_run
+}
+
+
+if [[ "$1" == "--vm" ]]; then
+    platform="vm"
+    network="--network=vm_vm_box_net"
+    access_vmdci
+
+elif [[ "$1" == "--dci" ]]; then
+    platform="dci"
+    network="--network=dci_auth"
+    access_vmdci
+
+elif [[ "$1" == "--bill" ]]; then
+    panel="billmgr"
+    access_fivegen
+
+elif [[ "$1" == "--ip" ]]; then
+    panel="ipmgr"
+    access_fivegen
+
+elif [[ "$1" == "--dns" ]]; then
+    panel="dnsmgr"
+    access_fivegen
+
+elif [[ "$1" == "--vm5" ]]; then
+    panel="vmmgr"
+    access_fivegen
+
+elif [[ "$1" == "--dci5" ]]; then
+    panel="dcimgr"
+    access_fivegen
+
+else
+	cat <<- EOF
+============================================
+    Usage : access.sh host port --panel
+
+    Available Control panels:
+
+        --vm
+        --dci
+        --bill
+        --ip
+        --dns
+        --vm5
+        --dci5
+
+=============================================
+	EOF
+fi
+