apc-p15-tool/pkg/app/cmd_install.go

package app

import (
	"apc-p15-tool/pkg/apcssh"
	"context"
	"errors"
	"fmt"
)

// cmdInstall is the app's command to create apc p15 file content from key and cert
// pem files and upload the p15 to the specified APC UPS
func (app *app) cmdInstall(cmdCtx context.Context, args []string) error {
	// extra args == error
	if len(args) != 0 {
		return fmt.Errorf("install: failed, %w (%d)", ErrExtraArgs, len(args))
	}

	// must have username
	if app.config.install.username == nil || *app.config.install.username == "" {
		return errors.New("install: failed, username not specified")
	}

	// must have password
	if app.config.install.password == nil || *app.config.install.password == "" {
		return errors.New("install: failed, password not specified")
	}

	// must have fingerprint
	if app.config.install.fingerprint == nil || *app.config.install.fingerprint == "" {
		return errors.New("install: failed, fingerprint not specified")
	}

	keyPem, certPem, err := app.config.install.keyCertPemCfg.GetPemBytes("install")
	if err != nil {
		return err
	}

	// host to install on must be specified
	if app.config.install.hostAndPort == nil || *app.config.install.hostAndPort == "" {
		return errors.New("install: failed, apc host not specified")
	}

	// validation done

	// make p15 file
	keyP15, keyCertP15, err := app.pemToAPCP15(keyPem, certPem, "install")
	if err != nil {
		return err
	}

	// log warning if insecure cipher
	if app.config.install.insecureCipher != nil && *app.config.install.insecureCipher {
		app.stdLogger.Println("WARNING: install: insecure ciphers are enabled (--insecurecipher). SSH with an insecure cipher is NOT secure and should NOT be used.")
	}

	// make APC SSH client
	cfg := &apcssh.Config{
		Hostname:          *app.config.install.hostAndPort,
		Username:          *app.config.install.username,
		Password:          *app.config.install.password,
		ServerFingerprint: *app.config.install.fingerprint,
		InsecureCipher:    *app.config.install.insecureCipher,
	}

	client, err := apcssh.New(cfg)
	if err != nil {
		return fmt.Errorf("install: failed to connect to host (%w)", err)
	}

	// install SSL Cert
	err = client.InstallSSLCert(keyP15, certPem, keyCertP15)
	if err != nil {
		return fmt.Errorf("install: failed to send file to ups over scp (%w)", err)
	}

	// installed
	app.stdLogger.Printf("install: apc p15 file installed on %s", *app.config.install.hostAndPort)

	// restart UPS webUI
	if app.config.install.restartWebUI != nil && *app.config.install.restartWebUI {
		app.stdLogger.Println("install: sending restart command")

		err = client.RestartWebUI()
		if err != nil {
			return fmt.Errorf("install: failed to send webui restart command (%w)", err)
		}

		app.stdLogger.Println("install: sent webui restart command")
	}

	return nil
}
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`package app`

			`import (`
ssh: breakout ups ssh to its own package This was done for clearer separation of function. A subsequent update will (hopefully) make the SSL command more robust so it works for both NMC2 and NMC3. The method for sending shell commands was also updated to use an interactive shell instead. This allows capturing responses of the commands which will be needed to deduce if devices are NMC2 or NMC3. 2024-06-07 02:51:12 +00:00			`"apc-p15-tool/pkg/apcssh"`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`"context"`
			`"errors"`
			`"fmt"`
			`)`

			`// cmdInstall is the app's command to create apc p15 file content from key and cert`
			`// pem files and upload the p15 to the specified APC UPS`
			`func (app *app) cmdInstall(cmdCtx context.Context, args []string) error {`
			`// extra args == error`
			`if len(args) != 0 {`
			`return fmt.Errorf("install: failed, %w (%d)", ErrExtraArgs, len(args))`
			`}`

			`// must have username`
			`if app.config.install.username == nil \|\| *app.config.install.username == "" {`
			`return errors.New("install: failed, username not specified")`
			`}`

			`// must have password`
			`if app.config.install.password == nil \|\| *app.config.install.password == "" {`
			`return errors.New("install: failed, password not specified")`
			`}`

			`// must have fingerprint`
			`if app.config.install.fingerprint == nil \|\| *app.config.install.fingerprint == "" {`
			`return errors.New("install: failed, fingerprint not specified")`
			`}`

create/install: add support for key pem in args 2024-02-02 23:35:22 +00:00			`keyPem, certPem, err := app.config.install.keyCertPemCfg.GetPemBytes("install")`
			`if err != nil {`
			`return err`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`}`

			`// host to install on must be specified`
			`if app.config.install.hostAndPort == nil \|\| *app.config.install.hostAndPort == "" {`
			`return errors.New("install: failed, apc host not specified")`
			`}`

			`// validation done`

			`// make p15 file`
install: add support for native ssl command The code should auto-select the native ssl method if the ssl command is available on the UPS. If this fails, install will drop back to the original install method used by this tool (which works on NMC2). 2024-06-07 02:51:12 +00:00			`keyP15, keyCertP15, err := app.pemToAPCP15(keyPem, certPem, "install")`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`if err != nil {`
			`return err`
			`}`

apcssh: remove logging For sanity and consistency, centralize logging in the app with the app's loggers. 2024-06-07 02:51:13 +00:00			`// log warning if insecure cipher`
			`if app.config.install.insecureCipher != nil && *app.config.install.insecureCipher {`
			`app.stdLogger.Println("WARNING: install: insecure ciphers are enabled (--insecurecipher). SSH with an insecure cipher is NOT secure and should NOT be used.")`
			`}`

ssh: breakout ups ssh to its own package This was done for clearer separation of function. A subsequent update will (hopefully) make the SSL command more robust so it works for both NMC2 and NMC3. The method for sending shell commands was also updated to use an interactive shell instead. This allows capturing responses of the commands which will be needed to deduce if devices are NMC2 or NMC3. 2024-06-07 02:51:12 +00:00			`// make APC SSH client`
			`cfg := &apcssh.Config{`
			`Hostname: *app.config.install.hostAndPort,`
			`Username: *app.config.install.username,`
			`Password: *app.config.install.password,`
			`ServerFingerprint: *app.config.install.fingerprint,`
			`InsecureCipher: *app.config.install.insecureCipher,`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`}`

ssh: breakout ups ssh to its own package This was done for clearer separation of function. A subsequent update will (hopefully) make the SSL command more robust so it works for both NMC2 and NMC3. The method for sending shell commands was also updated to use an interactive shell instead. This allows capturing responses of the commands which will be needed to deduce if devices are NMC2 or NMC3. 2024-06-07 02:51:12 +00:00			`client, err := apcssh.New(cfg)`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`if err != nil {`
			`return fmt.Errorf("install: failed to connect to host (%w)", err)`
			`}`

ssh: breakout ups ssh to its own package This was done for clearer separation of function. A subsequent update will (hopefully) make the SSL command more robust so it works for both NMC2 and NMC3. The method for sending shell commands was also updated to use an interactive shell instead. This allows capturing responses of the commands which will be needed to deduce if devices are NMC2 or NMC3. 2024-06-07 02:51:12 +00:00			`// install SSL Cert`
install: add support for native ssl command The code should auto-select the native ssl method if the ssl command is available on the UPS. If this fails, install will drop back to the original install method used by this tool (which works on NMC2). 2024-06-07 02:51:12 +00:00			`err = client.InstallSSLCert(keyP15, certPem, keyCertP15)`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`if err != nil {`
ssh: breakout ups ssh to its own package This was done for clearer separation of function. A subsequent update will (hopefully) make the SSL command more robust so it works for both NMC2 and NMC3. The method for sending shell commands was also updated to use an interactive shell instead. This allows capturing responses of the commands which will be needed to deduce if devices are NMC2 or NMC3. 2024-06-07 02:51:12 +00:00			`return fmt.Errorf("install: failed to send file to ups over scp (%w)", err)`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`}`

add optional webui restart 2024-02-05 23:25:55 +00:00			`// installed`
simplify logging 2024-02-03 16:38:31 +00:00			`app.stdLogger.Printf("install: apc p15 file installed on %s", *app.config.install.hostAndPort)`
add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00
add optional webui restart 2024-02-05 23:25:55 +00:00			`// restart UPS webUI`
			`if app.config.install.restartWebUI != nil && *app.config.install.restartWebUI {`
			`app.stdLogger.Println("install: sending restart command")`

ssh: breakout ups ssh to its own package This was done for clearer separation of function. A subsequent update will (hopefully) make the SSL command more robust so it works for both NMC2 and NMC3. The method for sending shell commands was also updated to use an interactive shell instead. This allows capturing responses of the commands which will be needed to deduce if devices are NMC2 or NMC3. 2024-06-07 02:51:12 +00:00			`err = client.RestartWebUI()`
add optional webui restart 2024-02-05 23:25:55 +00:00			`if err != nil {`
			`return fmt.Errorf("install: failed to send webui restart command (%w)", err)`
			`}`

			`app.stdLogger.Println("install: sent webui restart command")`
			`}`

add install function install pem files directly to an apc ups 2024-02-02 23:35:21 +00:00			`return nil`
			`}`