merge conflicts

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -31,6 +31,7 @@ body:
       label: Version
       description: What version are you running?
       options:
+        - v0.18.0      
         - v0.17.1      
         - v0.17.0
         - v0.16.3

README.md

@@ -17,7 +17,7 @@
 
 <p align="center">
   <a href="https://github.com/gravitl/netmaker/releases">
-    <img src="https://img.shields.io/badge/Version-0.17.1-informational?style=flat-square" />
+    <img src="https://img.shields.io/badge/Version-0.18.0-informational?style=flat-square" />
   </a>
   <a href="https://hub.docker.com/r/gravitl/netmaker/tags">
     <img src="https://img.shields.io/docker/pulls/gravitl/netmaker?label=downloads" />

compose/docker-compose.ee.yml

@@ -3,14 +3,14 @@ version: "3.4"
 services:
   netmaker:
     container_name: netmaker
-    image: gravitl/netmaker:v0.17.1-ee
+    image: gravitl/netmaker:v0.18.0-ee
     restart: always
     volumes:
       - dnsconfig:/root/config/dnsconfig
       - sqldata:/root/data
-      - mosquitto_data:/etc/netmaker
     environment:
       SERVER_NAME: "broker.NETMAKER_BASE_DOMAIN"
+      STUN_DOMAIN: "stun.NETMAKER_BASE_DOMAIN"
       SERVER_HOST: "SERVER_PUBLIC_IP"
       SERVER_API_CONN_STRING: "api.NETMAKER_BASE_DOMAIN:443"
       COREDNS_ADDR: "SERVER_PUBLIC_IP"
@@ -24,17 +24,20 @@ services:
       NODE_ID: "netmaker-server-1"
       MQ_HOST: "mq"
       MQ_PORT: "443"
+      STUN_PORT: "3478"
       MQ_SERVER_PORT: "1883"
       VERBOSITY: "1"
       METRICS_EXPORTER: "on"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
       NETMAKER_ACCOUNT_ID: "YOUR_ACCOUNT_ID"
-      MQ_ADMIN_PASSWORD: "REPLACE_MQ_ADMIN_PASSWORD"
+      MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
+      MQ_USERNAME: "REPLACE_MQ_USERNAME"
     ports:
       - "51821-51830:51821-51830/udp"
+      - "3478:3478/udp"
   netmaker-ui:
     container_name: netmaker-ui
-    image: gravitl/netmaker-ui:v0.17.1
+    image: gravitl/netmaker-ui:v0.18.0
     depends_on:
       - netmaker
     links:
@@ -70,11 +73,11 @@ services:
     restart: unless-stopped
     command: ["/mosquitto/config/wait.sh"]
     environment:
-      NETMAKER_SERVER_HOST: "https://api.NETMAKER_BASE_DOMAIN"
+      MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
+      MQ_USERNAME: "REPLACE_MQ_USERNAME"
     volumes:
       - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
       - /root/wait.sh:/mosquitto/config/wait.sh
-      - mosquitto_data:/mosquitto/data
       - mosquitto_logs:/mosquitto/log
     ports:
       - "1883:1883"
@@ -125,7 +128,6 @@ volumes:
   caddy_conf: {}
   sqldata: {}
   dnsconfig: {}
-  mosquitto_data: {}
   mosquitto_logs: {}
   prometheus_data: {}
   grafana_data: {}

compose/docker-compose.reference.yml

@@ -3,7 +3,7 @@ version: "3.4"
 services:
   netmaker: # The Primary Server for running Netmaker
     container_name: netmaker
-    image: gravitl/netmaker:v0.17.1
+    image: gravitl/netmaker:v0.18.0
     restart: always
     volumes: # Volume mounts necessary for sql, coredns, and mqtt
       - dnsconfig:/root/config/dnsconfig
@@ -40,7 +40,7 @@ services:
       - "51821-51830:51821-51830/udp" # wireguard ports
   netmaker-ui:  # The Netmaker UI Component
     container_name: netmaker-ui
-    image: gravitl/netmaker-ui:v0.17.1
+    image: gravitl/netmaker-ui:v0.18.0
     depends_on:
       - netmaker
     links:

compose/docker-compose.yml

@@ -3,12 +3,11 @@ version: "3.4"
 services:
   netmaker:
     container_name: netmaker
-    image: gravitl/netmaker:v0.17.1
+    image: gravitl/netmaker:v0.18.0
     restart: always
     volumes:
       - dnsconfig:/root/config/dnsconfig
       - sqldata:/root/data
-      - mosquitto_data:/etc/netmaker
     environment:
       BROKER_NAME: "broker.NETMAKER_BASE_DOMAIN"
       SERVER_NAME: "NETMAKER_BASE_DOMAIN"
@@ -28,7 +27,8 @@ services:
       MQ_PORT: "443"
       MQ_SERVER_PORT: "1883"
       VERBOSITY: "1"
-      MQ_ADMIN_PASSWORD: "REPLACE_MQ_ADMIN_PASSWORD"
+      MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
+      MQ_USERNAME: "REPLACE_MQ_USERNAME"
       STUN_PORT: "3478"
       PROXY: "on"
     ports:
@@ -36,7 +36,7 @@ services:
       - "3478:3478/udp"
   netmaker-ui:
     container_name: netmaker-ui
-    image: gravitl/netmaker-ui:v0.17.1
+    image: gravitl/netmaker-ui:v0.18.0
     depends_on:
       - netmaker
     links:
@@ -72,16 +72,15 @@ services:
     restart: unless-stopped
     command: ["/mosquitto/config/wait.sh"]
     environment:
-      NETMAKER_SERVER_HOST: "https://api.NETMAKER_BASE_DOMAIN"
+      MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
+      MQ_USERNAME: "REPLACE_MQ_USERNAME"
     volumes:
       - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
       - /root/wait.sh:/mosquitto/config/wait.sh
-      - mosquitto_data:/mosquitto/data
       - mosquitto_logs:/mosquitto/log
 volumes:
   caddy_data: {}
   caddy_conf: {}
   sqldata: {}
   dnsconfig: {}
-  mosquitto_data: {}
   mosquitto_logs: {}

config/config.go

@@ -67,7 +67,8 @@ type ServerConfig struct {
 	Server                string `yaml:"server"`
 	Broker                string `yam:"broker"`
 	PublicIPService       string `yaml:"publicipservice"`
-	MQAdminPassword       string `yaml:"mqadminpassword"`
+	MQPassword            string `yaml:"mqpassword"`
+	MQUserName            string `yaml:"mqusername"`
 	MetricsExporter       string `yaml:"metrics_exporter"`
 	BasicAuth             string `yaml:"basic_auth"`
 	LicenseValue          string `yaml:"license_value"`

controllers/docs.go

@@ -10,7 +10,7 @@
 //
 //	Schemes: https
 //	BasePath: /
-//	Version: 0.17.1
+//	Version: 0.18.0
 //	Host: netmaker.io
 //
 //	Consumes:

controllers/hosts.go

@@ -195,10 +195,6 @@ func deleteHost(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	if err = mq.DeleteMqClient(currHost.ID.String()); err != nil {
-		logger.Log(0, "error removing DynSec credentials for host:", currHost.Name, err.Error())
-	}
-
 	apiHostData := currHost.ConvertNMHostToAPI()
 	logger.Log(2, r.Header.Get("user"), "removed host", currHost.Name)
 	w.WriteHeader(http.StatusOK)

controllers/node.go

@@ -580,8 +580,6 @@ func createNode(w http.ResponseWriter, r *http.Request) {
 	}
 	server := servercfg.GetServerInfo()
 	server.TrafficKey = key
-	// consume password before hashing for mq client creation
-	hostPassword := data.Host.HostPass
 	data.Node.Server = servercfg.GetServer()
 	if !logic.HostExists(&data.Host) {
 		logic.CheckHostPorts(&data.Host)
@@ -609,18 +607,6 @@ func createNode(w http.ResponseWriter, r *http.Request) {
 			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 			return
 		}
-	} else {
-		// Create client for this host in Mq
-		if err := mq.CreateMqClient(&mq.MqClient{
-			ID:       data.Host.ID.String(),
-			Text:     data.Host.Name,
-			Password: hostPassword,
-			Networks: []string{networkName},
-		}); err != nil {
-			logger.Log(0, fmt.Sprintf("failed to create DynSec client: %v", err.Error()))
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-			return
-		}
 	}
 
 	err = logic.AssociateNodeToHost(&data.Node, &data.Host)

controllers/server.go

@@ -6,8 +6,10 @@ import (
 	"strings"
 
 	"github.com/gorilla/mux"
+	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/models"
+	"github.com/gravitl/netmaker/mq"
 	"github.com/gravitl/netmaker/servercfg"
 )
 
@@ -19,6 +21,35 @@ func serverHandlers(r *mux.Router) {
 	}))
 	r.HandleFunc("/api/server/getconfig", allowUsers(http.HandlerFunc(getConfig))).Methods(http.MethodGet)
 	r.HandleFunc("/api/server/getserverinfo", authorize(true, false, "node", http.HandlerFunc(getServerInfo))).Methods(http.MethodGet)
+	r.HandleFunc("/api/server/status", http.HandlerFunc(getStatus)).Methods(http.MethodGet)
+}
+
+// swagger:route GET /api/server/status server getStatus
+//
+// Get the server configuration.
+//
+//			Schemes: https
+//
+//			Security:
+//	  		oauth
+//
+//			Responses:
+//				200: serverConfigResponse
+func getStatus(w http.ResponseWriter, r *http.Request) {
+	// TODO
+	// - check health of broker
+	type status struct {
+		DB     bool `json:"db_connected"`
+		Broker bool `json:"broker_connected"`
+	}
+
+	currentServerStatus := status{
+		DB:     database.IsConnected(),
+		Broker: mq.IsConnected(),
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(&currentServerStatus)
 }
 
 // allowUsers - allow all authenticated (valid) users - only used by getConfig, may be able to remove during refactor

database/database.go

@@ -80,6 +80,8 @@ const (
 	FETCH_ALL = "fetchall"
 	// CLOSE_DB - graceful close of db const
 	CLOSE_DB = "closedb"
+	// isconnected
+	isConnected = "isconnected"
 )
 
 func getCurrentDB() map[string]interface{} {
@@ -241,3 +243,8 @@ func initializeUUID() error {
 func CloseDB() {
 	getCurrentDB()[CLOSE_DB].(func())()
 }
+
+// IsConnected - tell if the database is connected or not
+func IsConnected() bool {
+	return getCurrentDB()[isConnected].(func() bool)()
+}

database/postgres.go

@@ -22,6 +22,7 @@ var PG_FUNCTIONS = map[string]interface{}{
 	DELETE_ALL:   pgDeleteAllRecords,
 	FETCH_ALL:    pgFetchRecords,
 	CLOSE_DB:     pgCloseDB,
+	isConnected:  pgIsConnected,
 }
 
 func getPGConnString() string {
@@ -135,3 +136,8 @@ func pgFetchRecords(tableName string) (map[string]string, error) {
 func pgCloseDB() {
 	PGDB.Close()
 }
+
+func pgIsConnected() bool {
+	stats := PGDB.Stats()
+	return stats.OpenConnections > 0
+}

database/rqlite.go

@@ -20,6 +20,7 @@ var RQLITE_FUNCTIONS = map[string]interface{}{
 	DELETE_ALL:   rqliteDeleteAllRecords,
 	FETCH_ALL:    rqliteFetchRecords,
 	CLOSE_DB:     rqliteCloseDB,
+	isConnected:  rqliteConnected,
 }
 
 func initRqliteDatabase() error {
@@ -104,3 +105,8 @@ func rqliteFetchRecords(tableName string) (map[string]string, error) {
 func rqliteCloseDB() {
 	RQliteDatabase.Close()
 }
+
+func rqliteConnected() bool {
+	leader, err := RQliteDatabase.Leader()
+	return err == nil && len(leader) > 0
+}

database/sqlite.go

@@ -25,6 +25,7 @@ var SQLITE_FUNCTIONS = map[string]interface{}{
 	DELETE_ALL:   sqliteDeleteAllRecords,
 	FETCH_ALL:    sqliteFetchRecords,
 	CLOSE_DB:     sqliteCloseDB,
+	isConnected:  sqliteConnected,
 }
 
 func initSqliteDB() error {
@@ -135,3 +136,8 @@ func sqliteFetchRecords(tableName string) (map[string]string, error) {
 func sqliteCloseDB() {
 	SqliteDB.Close()
 }
+
+func sqliteConnected() bool {
+	stats := SqliteDB.Stats()
+	return stats.OpenConnections > 0
+}

docker/mosquitto.conf

@@ -7,5 +7,4 @@ listener 1883
 protocol websockets
 allow_anonymous false
 
-plugin /usr/lib/mosquitto_dynamic_security.so
-plugin_opt_config_file /mosquitto/data/dynamic-security.json
+password_file /mosquitto/password.txt

docker/wait.sh

@@ -1,18 +1,13 @@
 #!/bin/ash
 
-wait_for_netmaker() {
-  echo "SERVER: ${NETMAKER_SERVER_HOST}"
-  until curl --output /dev/null --silent --fail --head \
-    --location "${NETMAKER_SERVER_HOST}/api/server/health"; do
-    echo "Waiting for netmaker server to startup"
-    sleep 1
-  done
+encrypt_password() {
+  echo "${MQ_USERNAME}:${MQ_PASSWORD}" > /mosquitto/password.txt
+  mosquitto_passwd -U /mosquitto/password.txt
 }
 
 main(){
- # wait for netmaker to startup
- apk add curl
- wait_for_netmaker
+
+ encrypt_password
  echo "Starting MQ..."
  # Run the main container command.
  /docker-entrypoint.sh

k8s/client/netclient-daemonset.yaml

@@ -16,7 +16,7 @@ spec:
       hostNetwork: true
       containers:
       - name: netclient
-        image: gravitl/netclient:v0.17.1
+        image: gravitl/netclient:v0.18.0
         env:
         - name: TOKEN
           value: "TOKEN_VALUE"

k8s/client/netclient.yaml

@@ -28,7 +28,7 @@ spec:
       #           - "<node label value>"
       containers:
       - name: netclient
-        image: gravitl/netclient:v0.17.1
+        image: gravitl/netclient:v0.18.0
         env:
         - name: TOKEN
           value: "TOKEN_VALUE"

k8s/server/netmaker-server.yaml

@@ -81,7 +81,7 @@ spec:
           value: "Kubernetes"
         - name: VERBOSITY
           value: "3"
-        image: gravitl/netmaker:v0.17.1
+        image: gravitl/netmaker:v0.18.0
         imagePullPolicy: Always
         name: netmaker
         ports:

k8s/server/netmaker-ui.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
       - name: netmaker-ui
-        image: gravitl/netmaker-ui:v0.17.1
+        image: gravitl/netmaker-ui:v0.18.0
         ports:
         - containerPort: 443
         env:

main.go

@@ -119,11 +119,6 @@ func startControllers() {
 			logger.Log(0, "error occurred initializing DNS: ", err.Error())
 		}
 	}
-	if servercfg.IsMessageQueueBackend() {
-		if err := mq.Configure(); err != nil {
-			logger.FatalLog("failed to configure MQ: ", err.Error())
-		}
-	}
 
 	//Run Rest Server
 	if servercfg.IsRestBackend() {
@@ -169,6 +164,9 @@ func startControllers() {
 // Should we be using a context vice a waitgroup????????????
 func runMessageQueue(wg *sync.WaitGroup) {
 	defer wg.Done()
+	brokerHost, secure := servercfg.GetMessageQueueEndpoint()
+	logger.Log(0, "connecting to mq broker at", brokerHost, "with TLS?", fmt.Sprintf("%v", secure))
+	mq.SetupMQTT()
 	ctx, cancel := context.WithCancel(context.Background())
 
 	if servercfg.IsMessageQueueBackend() { // connect to external broker

models/structs.go

@@ -229,6 +229,8 @@ type ServerConfig struct {
 	DNSMode     string `yaml:"dnsmode"`
 	Version     string `yaml:"version"`
 	MQPort      string `yaml:"mqport"`
+	MQUserName  string `yaml:"mq_username"`
+	MQPassword  string `yaml:"mq_password"`
 	Server      string `yaml:"server"`
 	Broker      string `yaml:"broker"`
 	Is_EE       bool   `yaml:"isee"`

mq/dynsec.go

@@ -1,214 +0,0 @@
-package mq
-
-import (
-	"crypto/sha512"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"os"
-	"time"
-
-	mqtt "github.com/eclipse/paho.mqtt.golang"
-	"github.com/gravitl/netmaker/functions"
-	"github.com/gravitl/netmaker/logger"
-	"github.com/gravitl/netmaker/logic"
-	"github.com/gravitl/netmaker/netclient/ncutils"
-	"github.com/gravitl/netmaker/servercfg"
-	"golang.org/x/crypto/pbkdf2"
-)
-
-// mq client for admin
-var mqAdminClient mqtt.Client
-
-const (
-	// constant for client command
-	CreateClientCmd = "createClient"
-	// constant for disable command
-	DisableClientCmd = "disableClient"
-	// constant for delete client command
-	DeleteClientCmd = "deleteClient"
-	// constant for modify client command
-	ModifyClientCmd = "modifyClient"
-
-	// constant for create role command
-	CreateRoleCmd = "createRole"
-	// constant for delete role command
-	DeleteRoleCmd = "deleteRole"
-
-	// constant for admin user name
-	mqAdminUserName = "Netmaker-Admin"
-	// constant for server user name
-	mqNetmakerServerUserName = "Netmaker-Server"
-	// constant for exporter user name
-	mqExporterUserName = "Netmaker-Exporter"
-
-	// DynamicSecSubTopic - constant for dynamic security subscription topic
-	dynamicSecSubTopic = "$CONTROL/dynamic-security/#"
-	// DynamicSecPubTopic - constant for dynamic security subscription topic
-	dynamicSecPubTopic = "$CONTROL/dynamic-security/v1"
-)
-
-// struct for dynamic security file
-type dynJSON struct {
-	Clients    []client         `json:"clients"`
-	Roles      []role           `json:"roles"`
-	DefaultAcl defaultAccessAcl `json:"defaultACLAccess"`
-}
-
-// struct for client role
-type clientRole struct {
-	Rolename string `json:"rolename"`
-}
-
-// struct for MQ client
-type client struct {
-	Username   string       `json:"username"`
-	TextName   string       `json:"textName"`
-	Password   string       `json:"password"`
-	Salt       string       `json:"salt"`
-	Iterations int          `json:"iterations"`
-	Roles      []clientRole `json:"roles"`
-}
-
-// struct for MQ role
-type role struct {
-	Rolename string `json:"rolename"`
-	Acls     []Acl  `json:"acls"`
-}
-
-// struct for default acls
-type defaultAccessAcl struct {
-	PublishClientSend    bool `json:"publishClientSend"`
-	PublishClientReceive bool `json:"publishClientReceive"`
-	Subscribe            bool `json:"subscribe"`
-	Unsubscribe          bool `json:"unsubscribe"`
-}
-
-// MqDynSecGroup - struct for MQ client group
-type MqDynSecGroup struct {
-	Groupname string `json:"groupname"`
-	Priority  int    `json:"priority"`
-}
-
-// MqDynSecRole - struct for MQ client role
-type MqDynSecRole struct {
-	Rolename string `json:"rolename"`
-	Priority int    `json:"priority"`
-}
-
-// Acl - struct for MQ acls
-type Acl struct {
-	AclType  string `json:"acltype"`
-	Topic    string `json:"topic"`
-	Priority int    `json:"priority,omitempty"`
-	Allow    bool   `json:"allow"`
-}
-
-// MqDynSecCmd - struct for MQ dynamic security command
-type MqDynSecCmd struct {
-	Command         string          `json:"command"`
-	Username        string          `json:"username"`
-	Password        string          `json:"password"`
-	RoleName        string          `json:"rolename,omitempty"`
-	Acls            []Acl           `json:"acls,omitempty"`
-	Clientid        string          `json:"clientid"`
-	Textname        string          `json:"textname"`
-	Textdescription string          `json:"textdescription"`
-	Groups          []MqDynSecGroup `json:"groups"`
-	Roles           []MqDynSecRole  `json:"roles"`
-}
-
-// MqDynsecPayload - struct for dynamic security command payload
-type MqDynsecPayload struct {
-	Commands []MqDynSecCmd `json:"commands"`
-}
-
-// encodePasswordToPBKDF2 - encodes the given password with PBKDF2 hashing for MQ
-func encodePasswordToPBKDF2(password string, salt string, iterations int, keyLength int) string {
-	binaryEncoded := pbkdf2.Key([]byte(password), []byte(salt), iterations, keyLength, sha512.New)
-	return base64.StdEncoding.EncodeToString(binaryEncoded)
-}
-
-// Configure - configures the dynamic initial configuration for MQ
-func Configure() error {
-
-	logger.Log(0, "Configuring MQ...")
-	dynConfig := dynConfigInI
-	path := functions.GetNetmakerPath() + ncutils.GetSeparator() + dynamicSecurityFile
-
-	password := servercfg.GetMqAdminPassword()
-	if password == "" {
-		return errors.New("MQ admin password not provided")
-	}
-	if logic.CheckIfFileExists(path) {
-		data, err := os.ReadFile(path)
-		if err == nil {
-			var cfg dynJSON
-			err = json.Unmarshal(data, &cfg)
-			if err == nil {
-				logger.Log(0, "MQ config exists already, So Updating Existing Config...")
-				dynConfig = cfg
-			}
-		}
-	}
-	exporter := false
-	for i, cI := range dynConfig.Clients {
-		if cI.Username == mqAdminUserName || cI.Username == mqNetmakerServerUserName {
-			salt := logic.RandomString(12)
-			hashed := encodePasswordToPBKDF2(password, salt, 101, 64)
-			cI.Password = hashed
-			cI.Iterations = 101
-			cI.Salt = base64.StdEncoding.EncodeToString([]byte(salt))
-			dynConfig.Clients[i] = cI
-		} else if servercfg.Is_EE && cI.Username == mqExporterUserName {
-			exporter = true
-			exporterPassword := servercfg.GetLicenseKey()
-			salt := logic.RandomString(12)
-			hashed := encodePasswordToPBKDF2(exporterPassword, salt, 101, 64)
-			cI.Password = hashed
-			cI.Iterations = 101
-			cI.Salt = base64.StdEncoding.EncodeToString([]byte(salt))
-			dynConfig.Clients[i] = cI
-		}
-	}
-	if servercfg.Is_EE && !exporter {
-		exporterPassword := servercfg.GetLicenseKey()
-		salt := logic.RandomString(12)
-		hashed := encodePasswordToPBKDF2(exporterPassword, salt, 101, 64)
-		exporterMQClient.Password = hashed
-		exporterMQClient.Iterations = 101
-		exporterMQClient.Salt = base64.StdEncoding.EncodeToString([]byte(salt))
-		dynConfig.Clients = append(dynConfig.Clients, exporterMQClient)
-	}
-	data, err := json.MarshalIndent(dynConfig, "", " ")
-	if err != nil {
-		return err
-	}
-	return os.WriteFile(path, data, 0755)
-}
-
-// publishes the message to dynamic security topic
-func publishEventToDynSecTopic(payload MqDynsecPayload) error {
-
-	d, err := json.Marshal(payload)
-	if err != nil {
-		return err
-	}
-	var connecterr error
-	if token := mqAdminClient.Publish(dynamicSecPubTopic, 2, false, d); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
-		if token.Error() == nil {
-			connecterr = errors.New("connect timeout")
-		} else {
-			connecterr = token.Error()
-		}
-	}
-	return connecterr
-}
-
-// watchDynSecTopic - message handler for dynamic security responses
-func watchDynSecTopic(client mqtt.Client, msg mqtt.Message) {
-
-	logger.Log(1, fmt.Sprintf("----->WatchDynSecTopic Message: %+v", string(msg.Payload())))
-
-}

mq/dynsec_clients.go

@@ -1,47 +0,0 @@
-package mq
-
-// MqClient - type for taking in an MQ client's data
-type MqClient struct {
-	ID       string
-	Text     string
-	Password string
-	Networks []string
-}
-
-// DeleteMqClient - removes a client from the DynSec system
-func DeleteMqClient(hostID string) error {
-
-	event := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command:  DeleteClientCmd,
-				Username: hostID,
-			},
-		},
-	}
-	return publishEventToDynSecTopic(event)
-}
-
-// CreateMqClient - creates an MQ DynSec client
-func CreateMqClient(client *MqClient) error {
-
-	event := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command:  CreateClientCmd,
-				Username: client.ID,
-				Password: client.Password,
-				Textname: client.Text,
-				Roles: []MqDynSecRole{
-					{
-						Rolename: genericRole,
-						Priority: -1,
-					},
-				},
-				Groups: make([]MqDynSecGroup, 0),
-			},
-		},
-	}
-
-	return publishEventToDynSecTopic(event)
-}

mq/dynsec_helper.go

@@ -1,187 +0,0 @@
-package mq
-
-import (
-	"errors"
-	"time"
-
-	mqtt "github.com/eclipse/paho.mqtt.golang"
-	"github.com/gravitl/netmaker/servercfg"
-)
-
-const (
-	// constant for admin role
-	adminRole = "admin"
-	// constant for generic role
-	genericRole = "generic"
-
-	// const for dynamic security file
-	dynamicSecurityFile = "dynamic-security.json"
-)
-
-var (
-	// default configuration of dynamic security
-	dynConfigInI = dynJSON{
-		Clients: []client{
-			{
-				Username:   mqAdminUserName,
-				TextName:   "netmaker admin user",
-				Password:   "",
-				Salt:       "",
-				Iterations: 0,
-				Roles: []clientRole{
-					{
-						Rolename: adminRole,
-					},
-				},
-			},
-			{
-				Username:   mqNetmakerServerUserName,
-				TextName:   "netmaker server user",
-				Password:   "",
-				Salt:       "",
-				Iterations: 0,
-				Roles: []clientRole{
-					{
-						Rolename: genericRole,
-					},
-				},
-			},
-			exporterMQClient,
-		},
-		Roles: []role{
-			{
-				Rolename: adminRole,
-				Acls:     fetchAdminAcls(),
-			},
-			{
-				Rolename: genericRole,
-				Acls:     fetchGenericAcls(),
-			},
-		},
-		DefaultAcl: defaultAccessAcl{
-			PublishClientSend:    false,
-			PublishClientReceive: true,
-			Subscribe:            false,
-			Unsubscribe:          true,
-		},
-	}
-
-	exporterMQClient = client{
-		Username:   mqExporterUserName,
-		TextName:   "netmaker metrics exporter",
-		Password:   "",
-		Salt:       "",
-		Iterations: 101,
-		Roles: []clientRole{
-			{
-				Rolename: genericRole,
-			},
-		},
-	}
-)
-
-// GetAdminClient - fetches admin client of the MQ
-func GetAdminClient() (mqtt.Client, error) {
-	opts := mqtt.NewClientOptions()
-	setMqOptions(mqAdminUserName, servercfg.GetMqAdminPassword(), opts)
-	mqclient := mqtt.NewClient(opts)
-	var connecterr error
-	if token := mqclient.Connect(); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
-		if token.Error() == nil {
-			connecterr = errors.New("connect timeout")
-		} else {
-			connecterr = token.Error()
-		}
-	}
-	return mqclient, connecterr
-}
-
-// genericAcls - fetches generice role related acls
-func fetchGenericAcls() []Acl {
-	return []Acl{
-		{
-			AclType:  "publishClientSend",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "publishClientReceive",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "subscribePattern",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "unsubscribePattern",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-	}
-}
-
-// fetchAdminAcls - fetches admin role related acls
-func fetchAdminAcls() []Acl {
-	return []Acl{
-		{
-			AclType:  "publishClientSend",
-			Topic:    "$CONTROL/dynamic-security/#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "publishClientReceive",
-			Topic:    "$CONTROL/dynamic-security/#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "subscribePattern",
-			Topic:    "$CONTROL/dynamic-security/#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "publishClientReceive",
-			Topic:    "$SYS/#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "subscribePattern",
-			Topic:    "$SYS/#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "publishClientReceive",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "subscribePattern",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "unsubscribePattern",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-		{
-			AclType:  "publishClientSend",
-			Topic:    "#",
-			Priority: -1,
-			Allow:    true,
-		},
-	}
-}

mq/mq.go

@@ -2,7 +2,6 @@ package mq
 
 import (
 	"context"
-	"fmt"
 	"time"
 
 	mqtt "github.com/eclipse/paho.mqtt.golang"
@@ -23,39 +22,6 @@ var peer_force_send = 0
 
 var mqclient mqtt.Client
 
-// SetUpAdminClient - sets up admin client for the MQ
-func SetUpAdminClient() {
-	opts := mqtt.NewClientOptions()
-	setMqOptions(mqAdminUserName, servercfg.GetMqAdminPassword(), opts)
-	mqAdminClient = mqtt.NewClient(opts)
-	opts.SetOnConnectHandler(func(client mqtt.Client) {
-		if token := client.Subscribe(dynamicSecSubTopic, 2, mqtt.MessageHandler(watchDynSecTopic)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
-			client.Disconnect(240)
-			logger.Log(0, fmt.Sprintf("Dynamic security client subscription failed: %v ", token.Error()))
-		}
-
-		opts.SetOrderMatters(true)
-		opts.SetResumeSubs(true)
-	})
-	tperiod := time.Now().Add(10 * time.Second)
-	for {
-		if token := mqAdminClient.Connect(); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
-			logger.Log(2, "Admin: unable to connect to broker, retrying ...")
-			if time.Now().After(tperiod) {
-				if token.Error() == nil {
-					logger.FatalLog("Admin: could not connect to broker, token timeout, exiting ...")
-				} else {
-					logger.FatalLog("Admin: could not connect to broker, exiting ...", token.Error().Error())
-				}
-			}
-		} else {
-			break
-		}
-		time.Sleep(2 * time.Second)
-	}
-
-}
-
 func setMqOptions(user, password string, opts *mqtt.ClientOptions) {
 	broker, _ := servercfg.GetMessageQueueEndpoint()
 	opts.AddBroker(broker)
@@ -73,7 +39,7 @@ func setMqOptions(user, password string, opts *mqtt.ClientOptions) {
 // SetupMQTT creates a connection to broker and return client
 func SetupMQTT() {
 	opts := mqtt.NewClientOptions()
-	setMqOptions(mqNetmakerServerUserName, servercfg.GetMqAdminPassword(), opts)
+	setMqOptions(servercfg.GetMqUserName(), servercfg.GetMqPassword(), opts)
 	opts.SetOnConnectHandler(func(client mqtt.Client) {
 		if token := client.Subscribe("ping/#", 2, mqtt.MessageHandler(Ping)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
 			client.Disconnect(240)
@@ -129,3 +95,8 @@ func Keepalive(ctx context.Context) {
 		}
 	}
 }
+
+// IsConnected - function for determining if the mqclient is connected or not
+func IsConnected() bool {
+	return mqclient != nil && mqclient.IsConnected()
+}

scripts/nm-quick-interactive.sh

@@ -188,9 +188,7 @@ NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
 COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
 SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
 MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
-MQ_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
 DOMAIN_TYPE=""
-
 echo "-----------------------------------------------------"
 echo "Would you like to use your own domain for netmaker, or an auto-generated domain?"
 echo "To use your own domain, add a Wildcard DNS record (e.x: *.netmaker.example.com) pointing to $SERVER_PUBLIC_IP"
@@ -267,6 +265,49 @@ else
   EMAIL="$GET_EMAIL"
 fi
 
+wait_seconds 1
+
+unset GET_MQ_USERNAME
+unset GET_MQ_PASSWORD
+unset CONFIRM_MQ_PASSWORD
+echo "Enter Credentials For MQ..."
+read -p "MQ Username (click 'enter' to use 'netmaker'): " GET_MQ_USERNAME
+if [ -z "$GET_MQ_USERNAME" ]; then
+  echo "using default username for mq"
+  MQ_USERNAME="netmaker"
+else
+  MQ_USERNAME="$GET_MQ_USERNAME"
+fi
+
+select domain_option in "Auto Generated Password" "Input Your Own Password"; do
+	case $REPLY in
+	1)
+	echo "generating random password for mq"
+	MQ_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
+	break
+	;;      
+    2)
+	while true
+    do
+        echo "Enter your Password For MQ: " 
+        read -s GET_MQ_PASSWORD
+        echo "Enter your password again to confirm: "
+        read -s CONFIRM_MQ_PASSWORD
+        if [ ${GET_MQ_PASSWORD} != ${CONFIRM_MQ_PASSWORD} ]; then
+            echo "wrong password entered, try again..."
+            continue
+        fi
+		MQ_PASSWORD="$GET_MQ_PASSWORD"
+        echo "MQ Password Saved Successfully!!"
+        break
+    done
+      break
+      ;;
+    *) echo "invalid option $REPLY";;
+  esac
+done
+
+
 wait_seconds 2
 
 echo "-----------------------------------------------------------------"
@@ -301,8 +342,9 @@ if [ "$INSTALL_TYPE" = "ee" ]; then
 	CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile-EE"
 fi
 
-wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -O /root/Caddyfile $CADDY_URL && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh && chmod +x /root/wait.sh
-
+wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -O /root/Caddyfile $CADDY_URL
+wget -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh
+chmod +x /root/wait.sh
 mkdir -p /etc/netmaker
 
 echo "Setting docker-compose and Caddyfile..."
@@ -312,7 +354,8 @@ sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile
 sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
 sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
 sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
-sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml 
+sed -i "s/REPLACE_MQ_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml
+sed -i "s/REPLACE_MQ_USERNAME/$MQ_USERNAME/g" /root/docker-compose.yml 
 if [ "$INSTALL_TYPE" = "ee" ]; then
 	sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml
 	sed -i "s/YOUR_ACCOUNT_ID/$ACCOUNT_ID/g" /root/docker-compose.yml

scripts/nm-quick.sh

@@ -1,304 +0,0 @@
-#!/bin/bash
-echo "checking for root permissions..."
-
-echo "setting flags..."
-
-while getopts d:e:m:v:c: flag
-do
-    case "${flag}" in
-    	d) domain=${OPTARG};;
-        e) email=${OPTARG};;
-        m) addmesh=${OPTARG};;
-        v) addvpn=${OPTARG};;
-        c) num_clients=${OPTARG};;
-    esac
-done
-
-echo "checking for root permissions..."
-
-
-if [ $EUID -ne 0 ]; then
-   echo "This script must be run as root" 
-   exit 1
-fi
-
-
-
-
-echo "checking dependencies..."
-
-declare -A osInfo;
-osInfo[/etc/debian_version]="apt-get install -y"u
-osInfo[/etc/alpine-release]="apk --update add"
-osInfo[/etc/centos-release]="yum install -y"
-osInfo[/etc/fedora-release]="dnf install -y"
-
-for f in ${!osInfo[@]}
-do
-    if [[ -f $f ]];then
-        install_cmd=${osInfo[$f]}
-    fi
-done
-
-if [ -f /etc/debian_version ]; then
-	apt update
-elif [ -f /etc/alpine-release ]; then
-  apk update
-elif [ -f /etc/centos-release ]; then
-	yum update
-elif [ -f /etc/fedora-release ]; then
-	dnf update
-fi
-
-dependencies=( "docker.io" "docker-compose" "wireguard" "jq" )
-
-for dependency in ${dependencies[@]}; do
-    is_installed=$(dpkg-query -W --showformat='${Status}\n' ${dependency} | grep "install ok installed")
-
-    if [ "${is_installed}" == "install ok installed" ]; then
-        echo "    " ${dependency} is installed
-    else
-            echo "    " ${dependency} is not installed. Attempting install.
-            ${install_cmd} ${dependency}
-            sleep 5
-            is_installed=$(dpkg-query -W --showformat='${Status}\n' ${dependency} | grep "install ok installed")
-            if [ "${is_installed}" == "install ok installed" ]; then
-                echo "    " ${dependency} is installed
-            elif [ -x "$(command -v ${dependency})" ]; then
-                echo "    " ${dependency} is installed
-            else
-                echo "    " failed to install ${dependency}. Exiting.
-                exit 1
-            fi
-    fi
-done
-
-set -e
-
-NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
-COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
-SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
-MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
-EMAIL="$(echo $RANDOM | md5sum  | head -c 32)@email.com"
-MQ_ADMIN_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 64 ; echo '')
-if [ -n "$domain" ]; then
-  NETMAKER_BASE_DOMAIN=$domain
-fi
-
-if [ -n "$email" ]; then
-  EMAIL=$email
-fi
-
-if [ -n "$addmesh" ]; then
-  MESH_SETUP=$addmesh
-else
-  MESH_SETUP="true"
-fi
-
-if [ -n "$addvpn" ]; then
-  VPN_SETUP=$addvpn
-else
-  VPN_SETUP="false"
-fi
-
-if [ -n "$num_clients" ]; then
-  NUM_CLIENTS=$num_clients
-else
-  NUM_CLIENTS=5
-fi
-
-
-echo "   ----------------------------"
-echo "                SETUP ARGUMENTS"
-echo "   ----------------------------"
-echo "        domain: $NETMAKER_BASE_DOMAIN"
-echo "         email: $EMAIL"
-echo "    coredns ip: $COREDNS_IP"
-echo "     public ip: $SERVER_PUBLIC_IP"
-echo "    master key: $MASTER_KEY"
-echo "   setup mesh?: $MESH_SETUP"
-echo "    setup vpn?: $VPN_SETUP"
-if [ "${VPN_SETUP}" == "true" ]; then
-echo "     # clients: $NUM_CLIENTS"
-fi
-echo "   ----------------------------"
-
-sleep 5
-
-echo "setting mosquitto.conf..."
-
-wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf
-wget -q -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile
-wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh
-chmod +x /root/wait.sh
-echo "setting docker-compose..."
-
-mkdir -p /etc/netmaker
-
-wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml
-sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
-sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile
-sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
-sed -i "s/COREDNS_IP/$COREDNS_IP/g" /root/docker-compose.yml
-sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
-sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
-sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_ADMIN_PASSWORD/g" /root/docker-compose.yml
-echo "starting containers..."
-
-docker-compose -f /root/docker-compose.yml up -d
-
-test_connection() {
-
-echo "testing Caddy setup (please be patient, this may take 1-2 minutes)"
-for i in 1 2 3 4 5 6 7 8
-do
-curlresponse=$(curl -vIs https://api.${NETMAKER_BASE_DOMAIN} 2>&1)
-
-if [[ "$i" == 8 ]]; then
-  echo "    Caddy is having an issue setting up certificates, please investigate (docker logs caddy)"
-  echo "    exiting..."
-  exit 1
-elif [[ "$curlresponse" == *"failed to verify the legitimacy of the server"* ]]; then
-  echo "    certificates not yet configured, retrying..."
-
-elif [[ "$curlresponse" == *"left intact"* ]]; then
-  echo "    certificates ok"
-  break
-else
-  secs=$(($i*5+10))
-  echo "    issue establishing connection...retrying in $secs seconds..."       
-fi
-sleep $secs
-done
-}
-
-set +e
-test_connection
-
-
-cat << "EOF"
-
-                                                                                         
- __   __     ______     ______   __    __     ______     __  __     ______     ______    
-/\ "-.\ \   /\  ___\   /\__  _\ /\ "-./  \   /\  __ \   /\ \/ /    /\  ___\   /\  == \   
-\ \ \-.  \  \ \  __\   \/_/\ \/ \ \ \-./\ \  \ \  __ \  \ \  _"-.  \ \  __\   \ \  __<   
- \ \_\\"\_\  \ \_____\    \ \_\  \ \_\ \ \_\  \ \_\ \_\  \ \_\ \_\  \ \_____\  \ \_\ \_\ 
-  \/_/ \/_/   \/_____/     \/_/   \/_/  \/_/   \/_/\/_/   \/_/\/_/   \/_____/   \/_/ /_/ 
-                                                                                         													 
-
-EOF
-
-
-echo "visit https://dashboard.$NETMAKER_BASE_DOMAIN to log in"
-echo "visit https://grafana.$NETMAKER_BASE_DOMAIN to view metrics on grafana dashboard"
-echo "visit https://prometheus.$NETMAKER_BASE_DOMAIN to view metrics on prometheus" 
-sleep 7
-
-setup_mesh() {( set -e
-echo "creating netmaker network (10.101.0.0/16)"
-
-curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"netmaker"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks
-
-sleep 5
-
-echo "creating netmaker access key"
-
-curlresponse=$(curl -s -d '{"uses":99999,"name":"netmaker-key"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks/netmaker/keys)
-ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse})
-
-sleep 5
-
-echo "configuring netmaker server as ingress gateway"
-
-curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker)
-SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
-
-curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker/$SERVER_ID/createingress
-
-sleep 5
-
-echo "finished configuring server and network. You can now add clients."
-echo ""
-echo "For Linux, Mac, Windows, and FreeBSD:"
-echo "        1. Install the netclient: https://docs.netmaker.org/netclient.html#installation"
-echo "        2. Join the network: netclient join -t $ACCESS_TOKEN"
-echo ""
-echo "For Android and iOS clients, perform the following steps:"
-echo "        1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN"
-echo "        2. Navigate to \"EXTERNAL CLIENTS\" tab"
-echo "        3. Select the gateway and create clients"
-echo "        4. Scan the QR Code from WireGuard app in iOS or Android"
-echo ""
-echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
-)}
-
-setup_vpn() {( set -e
-echo "creating vpn network (10.201.0.0/16)"
-
-curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"10.201.255.254"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks
-
-sleep 5
-
-echo "configuring netmaker server as vpn inlet..."
-
-curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
-SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
-
-curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/createingress
-
-echo "waiting 5 seconds for server to apply configuration..."
-
-sleep 5
-
-
-echo "configuring netmaker server vpn gateway..."
-
-[ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)')
-
-echo "gateway iface: $GATEWAY_IFACE"
-
-curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
-SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
-
-EGRESS_JSON=$( jq -n \
-                  --arg gw "$GATEWAY_IFACE" \
-                  '{ranges: ["0.0.0.0/0"], interface: $gw}' )
-
-echo "egress json: $EGRESS_JSON"
-curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/creategateway
-
-sleep 3
-
-echo "creating client configs..."
-
-for ((a=1; a <= $NUM_CLIENTS; a++))
-do
-        CLIENT_JSON=$( jq -n \
-                  --arg clientid "vpnclient-$a" \
-                  '{clientid: $clientid}' )
-
-        curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/extclients/vpn/$SERVER_ID
-        sleep 2
-done
-
-echo "finished configuring vpn server."
-echo ""
-echo "To configure clients, perform the following steps:"
-echo "        1. log into dashboard.$NETMAKER_BASE_DOMAIN"
-echo "        2. Navigate to \"EXTERNAL CLIENTS\" tab"
-echo "        3. Download or scan a client config (vpnclient-x) to the appropriate device"
-echo "        4. Follow the steps for your system to configure WireGuard on the appropriate device"
-echo "        5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients."
-
-)}
-
-if [ "${MESH_SETUP}" != "false" ]; then
-        setup_mesh
-fi
-
-if [ "${VPN_SETUP}" == "true" ]; then
-        setup_vpn
-fi
-
-echo ""
-echo "Netmaker setup is now complete. You are ready to begin using Netmaker."

servercfg/serverconf.go

@@ -89,6 +89,8 @@ func GetServerInfo() models.ServerConfig {
 	var cfg models.ServerConfig
 	cfg.Server = GetServer()
 	cfg.Broker = GetBroker()
+	cfg.MQUserName = GetMqUserName()
+	cfg.MQPassword = GetMqPassword()
 	cfg.API = GetAPIConnString()
 	cfg.CoreDNSAddr = GetCoreDNSAddr()
 	cfg.APIPort = GetAPIPort()
@@ -590,13 +592,24 @@ func GetMQServerPort() string {
 	return port
 }
 
-// GetMqAdminPassword - fetches the MQ Admin password
-func GetMqAdminPassword() string {
+// GetMqPassword - fetches the MQ password
+func GetMqPassword() string {
 	password := ""
-	if os.Getenv("MQ_ADMIN_PASSWORD") != "" {
-		password = os.Getenv("MQ_ADMIN_PASSWORD")
-	} else if config.Config.Server.MQAdminPassword != "" {
-		password = config.Config.Server.MQAdminPassword
+	if os.Getenv("MQ_PASSWORD") != "" {
+		password = os.Getenv("MQ_PASSWORD")
+	} else if config.Config.Server.MQPassword != "" {
+		password = config.Config.Server.MQPassword
+	}
+	return password
+}
+
+// GetMqUserName - fetches the MQ username
+func GetMqUserName() string {
+	password := ""
+	if os.Getenv("MQ_USERNAME") != "" {
+		password = os.Getenv("MQ_USERNAME")
+	} else if config.Config.Server.MQUserName != "" {
+		password = config.Config.Server.MQUserName
 	}
 	return password
 }

swagger.yaml

@@ -718,7 +718,7 @@ info:
 
         API calls must be authenticated via a header of the format -H “Authorization: Bearer <YOUR_SECRET_KEY>” There are two methods to obtain YOUR_SECRET_KEY: 1. Using the masterkey. By default, this value is “secret key,” but you should change this on your instance and keep it secure. This value can be set via env var at startup or in a config file (config/environments/< env >.yaml). See the [Netmaker](https://docs.netmaker.org/index.html) documentation for more details. 2. Using a JWT received for a node. This can be retrieved by calling the /api/nodes/<network>/authenticate endpoint, as documented below.
     title: Netmaker
-    version: 0.17.1
+    version: 0.18.0
 paths:
     /api/dns:
         get: