Installation and configuration¶
Installation¶
Important
First need to do setting up the environment. All commands are executed only from superuser.
Mode superuser:
sudo -i
Save the list of previously installed packages before starting the installation, this will allow you to painlessly restore the system in case of damage. Run the following commands to do this:
mkdir -p /tmp/rollback/otp-sender pip3 freeze > /tmp/rollback/otp-sender/pip_before.txt
After that, directory
/tmp/rollback/otp_senderwill contain filepip_before.txtwith list of installed applications.Install package OTPsender:
from Python package repository:
pip3 install otp-sender
Save the list of installed packages after installation to be able to roll back changes:
pip3 freeze > /tmp/rollback/otp-sender/pip_after.txt
Note
To install OTPsender on Astra Linux (Smolensk) do following:
Connect the provided repository with AccentOS packages.
Install the package with the command:
sudo apt install -y aos-otp-sender
Configuration¶
Add two-factor authentication feature in the configuration file
keystone.conf:[auth] methods = external,password,token,oauth1,totp
Then restart the keystone service:
systemctl restart keystone.service
Perform initial configuration of the module:
openstack aos configure -n otp_sender
Create directory for logs with the required permissions:
mkdir -p /var/log/aos/otp-sender chown -R aos:aos /var/log/aos/otp-sender
Copy sample configuration file, if using non-standard parameters, edit them (for details, see Configuration file):
cp /etc/aos/aos.conf.example /etc/aos/aos.conf cp /etc/aos/otp_sender.conf.example /etc/aos/otp_sender.conf
Edit section
[redis]of the config fileetc/aos/aos.conf:[redis] url = redis://:password@localhost:6379/0
Create user in OpenStack for API services:
openstack user create --domain default --project service --project-domain default --password password --or-show aos
Assign user service role:
openstack role add --user aos --user-domain default --project service --project-domain default service
Enable and start systemd services:
systemctl daemon-reload systemctl enable aos-otp-sender-api.service aos-otp-sender-worker.service systemctl start aos-otp-sender-api.service aos-otp-sender-worker.service
Create OTPsender API service:
openstack service create --name otp-sender --description "OTPsender Service" otp-sender
Create endpoints:
openstack endpoint create --region RegionOne otp-sender internal http://controller:9367 openstack endpoint create --region RegionOne otp-sender admin http://controller:9367 openstack endpoint create --region RegionOne otp-sender public http://controller:9367
Note
It is necessary to make settings in accordance with instruction for successful sending of messages by the OTPsender module via Telegram.
Note
It is necessary to make settings in accordance with instruction for successful sending of messages by the OTPsender module via e-mail.
Configuration file¶
Note
Config file allows to override sections and parameters of common file aos.conf for specific module.
Note
There are no lines with the level logging by default in the file cloud_manager.conf.example, it is specified if necessary. Level logging is set by default in the general configuration file. More information about the configuration files can be found in the corresponding section.
Configuration file is presented in ini format and consists of the following sections and parameters:
| Section | Parameter | Description | Default value |
|---|---|---|---|
| api | logfile | Path to log file of aos-otp-sender-api service. | |
| password | Password for authorization in the mail service. | ||
| port | Port for connecting to SMTP server. | 465 | |
| smtp_server | SMTP server for sending mail. | ||
| username | Username in the mail service. | ||
| telegram | api_hash | Telegram application hash obtained by instructions. | |
| telegram | api_id | Telegram application id obtained by instructions. | |
| telegram | session | Telegram session received by otp-sender-manage init-tg-session utility. |