From 09aa33c912eedfb84cd2f4ab5b37e2a3b1d2d576 Mon Sep 17 00:00:00 2001 From: juarez Date: Wed, 19 Jul 2023 13:45:14 +0200 Subject: [PATCH] Generate passwords only if modules are enabled --- ccp/modules/datashield-setup.sh | 16 ++++++++-------- ccp/modules/exporter-setup.sh | 6 +++--- ccp/modules/login-setup.sh | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ccp/modules/datashield-setup.sh b/ccp/modules/datashield-setup.sh index 15c0359..3ed0926 100644 --- a/ccp/modules/datashield-setup.sh +++ b/ccp/modules/datashield-setup.sh @@ -1,13 +1,13 @@ #!/bin/bash -if [ "$ENABLE_DATASHIELD" == true ];then +if [ "$ENABLE_DATASHIELD" == true ]; then log INFO "DataSHIELD setup detected -- will start DataSHIELD services." OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml" -fi -OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" -if [ ! -e "/etc/bridgehead/trusted-ca-certs/opal-cert.pem" ]; then - openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/trusted-ca-certs/opal-key.pem -out /etc/bridgehead/trusted-ca-certs/opal-cert.pem -days 3650 -subj "/CN=${HOST:-opal}/C=DE" - chmod g+r /etc/bridgehead/trusted-ca-certs/opal-key.pem - chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-key.pem - chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-cert.pem + OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + if [ ! -e "/etc/bridgehead/trusted-ca-certs/opal-cert.pem" ]; then + openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/trusted-ca-certs/opal-key.pem -out /etc/bridgehead/trusted-ca-certs/opal-cert.pem -days 3650 -subj "/CN=${HOST:-opal}/C=DE" + chmod g+r /etc/bridgehead/trusted-ca-certs/opal-key.pem + chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-key.pem + chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-cert.pem + fi fi diff --git a/ccp/modules/exporter-setup.sh b/ccp/modules/exporter-setup.sh index 323d8a4..0f05315 100644 --- a/ccp/modules/exporter-setup.sh +++ b/ccp/modules/exporter-setup.sh @@ -1,8 +1,8 @@ #!/bin/bash -if [ -n "$ENABLE_EXPORTER" ];then +if [ -n "$ENABLE_EXPORTER" ]; then log INFO "Exporter setup detected -- will start Exporter service." OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" + # TODO: Generate password in another way so that not all passwords are the same? + EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" fi -# TODO: Generate password in another way so that not all passwords are the same? -EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" diff --git a/ccp/modules/login-setup.sh b/ccp/modules/login-setup.sh index f3d0122..0ba0f98 100644 --- a/ccp/modules/login-setup.sh +++ b/ccp/modules/login-setup.sh @@ -1,7 +1,7 @@ #!/bin/bash -if [ "$ENABLE_LOGIN" == true ];then +if [ "$ENABLE_LOGIN" == true ]; then log INFO "Login setup detected -- will start Login services." OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml" + KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Keycloak. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" fi -KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Keycloak. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"