config.json in server update page

[SomeGuru]

Hi Ylian,

Could the server parse the config.json file and have fields that on the server tab thus allowing for optional enable, fill in fields, and then when saving it would backup the original Config.JSON file as current timedate-conf.json and then append the Config.json file with updates and automatically begin the process of rebooting the server to take advantage of the new changes.

This is an enhancement more than a need, but would like to explore the options.

[Ylianst]

Just to make this request clear. You would like to be able to edit the config.json from the web site? As it, show the entire config.json in a text box to edit?

[SomeGuru]

Ylianst,

Yes that would be a good start, however thinking more into this it would be best not to expose the full config.json file like that, but however have portions of the config that can be configured from the website and then applied down to the actual config.json file. This would allow for some of the ambiguity items to be entered into the configuration file correctly without human interaction.

Thoughts?

-SomeGuru

[Ylianst]

Yes, so, not just displaying the config.json, but having a UI to make it difficult to configure things incorrectly. By the way, this could also be interesting in light of the request to be able to change things in config.json without having to restart the server.

From a security perspective, the config.json is a "super-admin" task. If you are administrator on MeshCentral, you may be the admin for just one of the domains, not all of them. The "super-admin" is capable of config.json changes is above all others (and probably ssh access to the server). In a way, I was thinking the config.json should be edited by a separate page that is authenticated separately from users in the domains. Of course, the "My Server" tab makes you think that you can see what is going on with the server, but really it should be "My Server's Domain".

To summarize, there are 4 big levels:

• "Super-admin" - You can ssh to the server, create new MeshCentral domains, edit config.json.
• "Domain-admin" - This is the admin account in MeshCentral. You can create and kick users, etc.
• "Group-admin" - Your given the rights to manage users within a user group.
• "User" - You get to manage devices, but have no rights over other users or the server.

Thoughts? :)

-Ylian

[darryl-h]

I'm not sure if this fits here, or belongs in a separate feature request, (Please let me know!) however, I would also like this functionality built into meshctrl (This might work as a partial solution to your "Super-Admin" use case, which is what I'm targeting, mostly for automation)

Right now, my main concern is managing the domains aspect of the config.json, not so much the static things like db etc.

Currently, I'm using a much larger linux shell script with the linux package 'jq' to do simple management of the domains in the config.json with some basic features, but the core is:

List Domains:

ConfigFile=/opt/meshcentral/meshcentral-data/config.json
jq '.domains|keys|.[]' ${ConfigFile} | sed 's/"//g'

Find Domain

SearchDomain=Customer1
ConfigFile=/opt/meshcentral/meshcentral-data/config.json
jq '.domains|keys|.[]' ${ConfigFile} | sed 's/"//g' | grep -i ${SearchDomain}

Delete Domain

DomainName=Customer1
ConfigFile=/opt/meshcentral/meshcentral-data/config.json
jq "del(.domains.${DomainName})" ${ConfigFile}

Add Domain

CompanyName=ABC123
DomainName=Customer3
ConfigFile=/opt/meshcentral/meshcentral-data/config.json
jq --arg DomainName ${DomainName} --arg CompanyName "${CompanyName}" '.* { "domains": { ($DomainName): { "Title" : $CompanyName} } }' ${ConfigFile}

In my script, I backup the config file (YYYY_MM_DD-HH_MM_SS_config.json) just in case something (like automation or someone) does something horrible, it can be undone.

As always, thanks for all the hard work!

[Ylianst]

Published MeshCentral v0.4.4-r with an improved MeshCtrl. You can now use it to change the config.json domains. Let me know if that works for you.

[darryl-h]

Seems this doesn't work in Linux:

Demonstrate that config.json does exist

# ls -lah config.json
-rw-r--r-- 1 meshcentral meshcentral 1.6K Dec 12 16:20 config.json

If I try and run --show, it reports that it can't find config.json

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config --show
Unable to find config.json.

If I try and add a domain, the results are the same:

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config --adddomain "test123"
Unable to find config.json.

If I look in the config.json file, no new domain is added

[Ylianst]

I made improvements to meshctrl.js that will be in MeshCentral v0.4.5-t when I publish it later today. It should find the config.json now and you can now do:

node meshctrl.js listusers --filter 2fa
node meshctrl.js listusers --filter no2fa

This will list users with or without second factor authentication.

[Ylianst]

Published MeshCentral v0.4.5-t. Let me know if it works for you.

[darryl-h]

Looks like it is able to find the config file now, thanks Ylian!

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config --show
{
  "settings": {
    "Port": 443,
    "RedirPort": 80,
    "AllowFraming": true,
    "AllowLoginToken": true,
    "WANonly": true,
  },

---

Feature Request: Consider adding a 'listdomains" function Priority: Very low

This could be implemented something like this: (To demonstrate it's technically possible)

ConfigFile=/opt/meshcentral/meshcentral-data/config.json
jq '.domains|keys|.[]' ${ConfigFile} | sed 's/"//g'

User Story: For us, we intend to use Mesh Central with a lot of domains, listing the full config is certainly helpful, but can be accomplished by reading the file directly, some additional parsing would be helpful for our automation at least (No big deal for us, we have the script above to get this information right from the database)

---

Feature Request: Consider adding help to the Config action like AddDeviceGroup Priority: Very Very low

When the user does not provide any arguments with the action "config" perhaps meshctrl can show some additional guidance like it does for the action AddDeviceGroup?

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config
Done.

vs

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl AddDeviceGroup
Message group name, use --name [name]

As always, thanks for all your hard work!

[Ylianst]

Thanks for the excellent feedback. Just published MeshCentral v0.4.6-f with both suggestions implemented in MeshCtrl. You can now do:

node meshctrl.js config --showdomains

It will show all active domains skipping the default blank one. If you just type "config" you will now see the help for the config command. Let me know if it works for you.

[darryl-h]

Thanks for implementing --listdomains, works as expected, and the guidance is even better than AddDeviceGroup, awesome! :)

--listdomains working in 0.4.6-f

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config --listdomains
domain1
domain2

guidance for config

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config
Perform operations on the config.json file. Example usage:

  MeshCtrl config --show

Optional arguments:

  --show                        - Display the config.json file.
  --listdomains                 - Display non-default domains.
  --adddomain [domain]          - Add a domain.
  --removedomain [domain]       - Remove a domain.
  --settodomain [domain]        - Set values to the domain.
  --removefromdomain [domain]   - Remove values from the domain.

With adddomain, removedomain, settodomain and removefromdomain you can add the key and value pair. For example:

  --adddomain "MyDomain" --title "My Server Name" --newAccounts false
  --settodomain "MyDomain" --title "My Server Name"
  --removefromdomain "MyDomain" --title

---

Question: I can't figure out how to add password policy changes, or change/add the NewAccountEmailDomains using this new config method with settodomain, here's what I'm trying to accomplish:

Before:

    "domain1": {
      "Title": "test123",
      "UserQuota": 1048576,
      "MeshQuota": 248576,
      }

Expected

    "domain1": {
      "Title": "test123",
      "UserQuota": 1048576,
      "MeshQuota": 248576,
      "NewAccountEmailDomains": [
        "MyCompany.com"
      ],
      "PasswordRequirements": {
        "min": 8,
        "max": 128,
        "upper": 1,
        "lower": 1,
        "numeric": 1,
        "nonalpha": 1,
        "reset": 90,
        "force2factor": true
      }
    }

---

Bug: listusers reports invalid login (Let me know if I should file a new bug report for this)

Testing listusers reports invalid login

/usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl ListUsers
Invalid login.

Oddly, if i try and put my credentials in, it hangs

/usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl --loginuser root --loginpass test ListUsers

^C

[Ylianst]

Thanks for the excellent and detailed reports. I will take a look at this next time I get a chance.

[Ylianst]

Published MeshCentral v0.4.6-g with improvements to MeshCtrl, you can now do:

node meshctrl.js config --settodomain --passwordrequirements "{ \"min\": 8, \"max\": 32 }"
node meshctrl.js config --settodomain --loginkey "[\"key1\",\"key2\"]"

So you can set objects or arrays. MeshCtrl should validate the value type.

When using "config", MeshCtrl will just try to read the local config.json in the file system, but for most other commands, MeshCtrl will connect and login to your MeshCentral account. The user and password here are your MeshCentral username and password, not the Linux OS one.

node meshctrl.js --loginuser root --loginpass test ListUsers

The default connection URL is "wss://localhost:443", if that is not right, use --url to set the right one. If you still get stuck with listusers and other login commands, let me know.

[si458]

@SomeGuru is your original feature of showing config.json inside the My Server tab still relevant? i can do this, but i cant do the edit and restart feature

[SomeGuru]

Hi @si458

Yes, the idea was to have a more universal way of turning on and off features from within and the code would be implemented (generator) to the config.json correctly.

More of an ease of use for server administrators. I see all too often that people have implemented a bit of feature code in the wrong sections or improper syntax and that might alleviate a fair number of the issues we have on the board here...

The reboot could be manual as long as the config is properly modified.

Thanks, SomeGuru