4.3.  Automated Installation (AutoDeploy)

The feature AutoDeploy simplifies the automated installation and configuration of LiveConfig. On the first start LiveConfig checks if the file /etc/liveconfig/autodeploy.json exists. This file may contain a JSON object, the following configuration options are supported:

Key Version Value Description
version 2.7.0 Number: 1 Version number of the file format. Needs to be 1.
admin 2.7.0 JSON object Settings for the admin account:
  • password (String): PBKDF2 password hash (see example code below)

  • change-password (Boolean): force password change by user on first login

lcdefaults 2.7.0 JSON object Key/value pairs which will be saved into the table LCDEFAULTS (see Section 4.1, “ LiveConfig default values ”). IMPORTANT: these values always have to be entered as string (with quotes)!
licensekey 2.7.0 String License key (for automated license activation)
include 2.7.0 JSON object Fetch additional AutoDeploy data. This will be merged with the contents of autodeploy.json, existing settings will be overwritten by fetched values:
  • url (String): URL to fetch AutoDeploy data from. The Content-Type must be application/json.

services 2.7.2 JSON object pre-configure services with LiveConfig:
  • web (JSON object): pre-configure web server. Example:

    [...]
    "web": {
        "apache": {
            "ips": "192.168.0.1"
        },
        "nginx": {
            "ips": [ "192.168.0.2", "192.168.0.3" ]
        }
    }
    [...]

    Optionally you can set ips to "*" to configure that service on all detected IPs on that server.

Security

As this file may contain sensitive informations, it should belong to the user root:root and be only accessible by him (mode 0600).

Example

{
    "version": 1,
    "admin": {
        "password": "{PBKDF2}32e6$ldzp8GDnr9s=$lfmOwnQ52MQ4bGJZgo6HuQ==",
        "change-password": true
    },
    "lcdefaults": {
        "login.help.url": "https://example.org/cms/help/login",
        "mail.aliases.limit": "20"
    },
    "licensekey": "XXXXX-XXXXX-XXXXX",
    "services": {
        "web": {
            "apache": {
                "ips":  "*"
            }
        }
    }
}

Creating PBKDF2 password hashes

The following PHP code shows the generation of PBKDF2 password hashes for LiveConfig:

<?php
# Example code for creating PBKDF2 password hashes for LiveConfig

$password = "LiVeCoNfIg";

$iterations = rand(10000,65535);
$salt = openssl_random_pseudo_bytes(8);
$hash = hash_pbkdf2("sha1", $password, $salt, $iterations, 16, true);

$data = '{PBKDF2}' . dechex($iterations) . '$' . base64_encode($salt) . '$' . base64_encode($hash);

print "Hash: $data\n";

?>

Loading AutoDeploy settings via HTTP(S)

Using the include option, AutoDeploy settings can be loaded from a URL. The minimal settings in autodeploy.json have to look like this:

{
    "version": 1,
    "include": {
        "url": "https://intra.example.org/liveconfig/autodeploy.php"
    }
}

The called URL must respond with a single JSON object with Content-Type application/json. The returned data then is merged with autodeploy.json.

The corresponding server can be identified by the clients' IP address (e.g. PHP: $_SERVER['REMOTE_ADDR']) and so can be configured individually (particularly license code and initialization password).

Prev   Next   Up   Home