Installation and configuration

Installation

Important

First need to do setting up the environment. All commands are executed only from superuser.

Mode superuser:

sudo -i
  1. Save the list of previously installed packages before starting the installation, this will allow you to painlessly restore the system in case of damage. Run the following commands to do this:

    mkdir -p /tmp/rollback/otp-sender
    pip3 freeze > /tmp/rollback/otp-sender/pip_before.txt
    

    After that, directory /tmp/rollback/otp_sender will contain file pip_before.txt with list of installed applications.

  2. Install package OTPsender:

    • from Python package repository:

      pip3 install otp-sender
      
  3. Save the list of installed packages after installation to be able to roll back changes:

    pip3 freeze > /tmp/rollback/otp-sender/pip_after.txt
    

Note

To install OTPsender on Astra Linux (Smolensk) do following:

  1. Connect the provided repository with AccentOS packages.

  2. Install the package with the command:

    sudo apt install -y aos-otp-sender
    

Configuration

  1. Add two-factor authentication feature in the configuration file keystone.conf:

    [auth]
    methods = external,password,token,oauth1,totp
    
  2. Then restart the keystone service:

    systemctl restart keystone.service
    
  3. Perform initial configuration of the module:

    openstack aos configure -n otp_sender
    
  4. Create directory for logs with the required permissions:

    mkdir -p /var/log/aos/otp-sender
    chown -R aos:aos /var/log/aos/otp-sender
    
  5. Copy sample configuration file, if using non-standard parameters, edit them (for details, see Configuration file):

    cp /etc/aos/aos.conf.example /etc/aos/aos.conf
    cp /etc/aos/otp_sender.conf.example /etc/aos/otp_sender.conf
    
  6. Edit section [redis] of the config file etc/aos/aos.conf:

    [redis]
    url = redis://:password@localhost:6379/0
    
  7. Create user in OpenStack for API services:

    openstack user create --domain default --project service --project-domain default --password password --or-show aos
    
  8. Assign user service role:

    openstack role add --user aos --user-domain default --project service --project-domain default service
    
  9. Enable and start systemd services:

    systemctl daemon-reload
    systemctl enable aos-otp-sender-api.service aos-otp-sender-worker.service
    systemctl start aos-otp-sender-api.service aos-otp-sender-worker.service
    
  10. Create OTPsender API service:

    openstack service create --name otp-sender --description "OTPsender Service" otp-sender
    
  11. Create endpoints:

    openstack endpoint create --region RegionOne otp-sender internal http://controller:9367
    openstack endpoint create --region RegionOne otp-sender admin http://controller:9367
    openstack endpoint create --region RegionOne otp-sender public http://controller:9367
    

Note

It is necessary to make settings in accordance with instruction for successful sending of messages by the OTPsender module via Telegram.

Note

It is necessary to make settings in accordance with instruction for successful sending of messages by the OTPsender module via e-mail.

Configuration file

Note

Config file allows to override sections and parameters of common file aos.conf for specific module.

Note

There are no lines with the level logging by default in the file cloud_manager.conf.example, it is specified if necessary. Level logging is set by default in the general configuration file. More information about the configuration files can be found in the corresponding section.

Configuration file is presented in ini format and consists of the following sections and parameters:

Section Parameter Description Default value
api host OTP Sender api service host. 0.0.0.0
api logfile Path to log file of aos-scheduler-api service.  
api num_workers OTP Sender api service num gunicorn workers. 3
api port OTP Sender api service port. 9367
api threads OTP Sender api service num gunicorn threads. 10
email password Password for authorization in the mail service.  
email port Port for connecting to SMTP server. 465
email smtp_server SMTP server for sending mail.  
email username Username in the mail service.  
telegram api_hash Telegram application hash obtained by instructions.  
telegram api_id Telegram application id obtained by instructions.  
telegram session Telegram session received by otp-sender-manage init-tg-session utility.