samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generate passwords only if modules are enabled

This commit is contained in:
juarez 2023-07-19 13:45:14 +02:00
parent 5684307539
commit c03e85cfca
3 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ccp/modules/datashield-setup.sh
View File

@ -1,13 +1,13 @@
#!/bin/bash #!/bin/bash
if [ "$ENABLE_DATASHIELD" == true ];then if [ "$ENABLE_DATASHIELD" == true ]; then
log INFO "DataSHIELD setup detected -- will start DataSHIELD services." log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
fi OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" if [ ! -e "/etc/bridgehead/trusted-ca-certs/opal-cert.pem" ]; then
if [ ! -e "/etc/bridgehead/trusted-ca-certs/opal-cert.pem" ]; then openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/trusted-ca-certs/opal-key.pem -out /etc/bridgehead/trusted-ca-certs/opal-cert.pem -days 3650 -subj "/CN=${HOST:-opal}/C=DE"
openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/trusted-ca-certs/opal-key.pem -out /etc/bridgehead/trusted-ca-certs/opal-cert.pem -days 3650 -subj "/CN=${HOST:-opal}/C=DE" chmod g+r /etc/bridgehead/trusted-ca-certs/opal-key.pem
chmod g+r /etc/bridgehead/trusted-ca-certs/opal-key.pem chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-key.pem
chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-key.pem chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-cert.pem
chown bridgehead:docker /etc/bridgehead/trusted-ca-certs/opal-cert.pem fi
fi fi

6
ccp/modules/exporter-setup.sh
View File

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
if [ -n "$ENABLE_EXPORTER" ];then if [ -n "$ENABLE_EXPORTER" ]; then
log INFO "Exporter setup detected -- will start Exporter service." log INFO "Exporter setup detected -- will start Exporter service."
OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
# TODO: Generate password in another way so that not all passwords are the same?
EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
fi fi
# TODO: Generate password in another way so that not all passwords are the same?
EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"

4
ccp/modules/login-setup.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
if [ "$ENABLE_LOGIN" == true ];then if [ "$ENABLE_LOGIN" == true ]; then
log INFO "Login setup detected -- will start Login services." log INFO "Login setup detected -- will start Login services."
OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml"
KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Keycloak. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
fi fi
KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Keycloak. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"