Custom SonarQube admin user ussing puppet

Question

I'm trying to config a SonarQube server using puppet.

My puppet manifests install software, deploy my custom sonar.properties, deploy ssl certificates, download and configure few plugins and, at last, start service.

The goal is config and reconfig SonarQube in automatic way.

During my postconfig step, I launch a puppet exec whith this SQL to set my own password form admin user.

"UPDATE users SET crypted_password='***********************************', salt='*******************************' where login='admin'

How I can calculate crypted_password and salt values for my password? (nowadays i use a fake sonar to change admin pass and look the value in db)

In pseudo code some like this...

crypted_password=crypt('pass')

Where crypt is

funcion crypt (anypass)
{
........
}

Thanks.

Lodewijk Bogaards · Accepted Answer · 2014-03-03T17:09:02.343

0

In the sonar-server's ruby source there is a ruby file for authentication by password: by_password.rb. Here you can see how Sonar encrypts passwords:

def password_digest(password, salt)
    digest = REST_AUTH_SITE_KEY
    REST_AUTH_DIGEST_STRETCHES.times do
        digest = secure_digest(digest, salt, password, REST_AUTH_SITE_KEY)
    end
    digest
end

secure_digest is defined as:

def secure_digest(*args)
    Digest::SHA1.hexdigest(args.flatten.join('--'))
end

So the encrypted password is the SHA1 of digest--salt--password--REST_AUTH_SITE_KEY repeated REST_AUTH_DIGEST_STRETCHES times. The values of REST_AUTH_SITE_KEY and REST_AUTH_DIGEST_STRETCHES are set in /web/WEB-INF/config/initializers/site_keys.rb and are empty string and 1 by default.

This is one way of achieving your goal. In my opinion a much better way is by creating a user via Sonar's REST API. However unfortunately it doesn't seem possible at the time (v4.1.2) to add a user to a group via the REST API.

edited Mar 03 '14 at 17:09

answered Mar 03 '14 at 13:36

Lodewijk Bogaards

19,777
3
28
52

Is posible create an admin user using REST API? If answer is yes, you are right and REST API is better choice. I i'll try with user properties (http://docs.codehaus.org/pages/viewpage.action?pageId=229743294) – icalvete Mar 03 '14 at 14:08
actually it doesn't seem to be possible. I've updated my answer to reflect this. – Lodewijk Bogaards Mar 03 '14 at 14:32
1

Once the user has been created it should be possible to add it to the administrators group using SQL. Something like this will work even if you don't know the ids (it's likely that the administrators group is 1 though) `INSERT INTO groups_users (user_id, group_id) SELECT users.id, groups.id FROM users, groups WHERE users.login='your_login_name' AND groups.name='sonar-administrators';` – pghalliday Aug 27 '14 at 09:11

Custom SonarQube admin user ussing puppet

1 Answers1