mirror of https://github.com/samply/bridgehead.git
feat: Add token-manager to beam
This commit is contained in:
parent
e9eccd5cab
commit
cd36ab455b
|
@ -51,6 +51,8 @@ services:
|
||||||
KEYCLOAK_ADMIN_GROUP: "${KEYCLOAK_ADMIN_GROUP}"
|
KEYCLOAK_ADMIN_GROUP: "${KEYCLOAK_ADMIN_GROUP}"
|
||||||
TOKEN_MANAGER_PASSWORD: "${TOKEN_MANAGER_OPAL_PASSWORD}"
|
TOKEN_MANAGER_PASSWORD: "${TOKEN_MANAGER_OPAL_PASSWORD}"
|
||||||
EXPORTER_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
|
EXPORTER_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
|
||||||
|
BEAM_APP_ID: token-manager.${PROXY_ID}
|
||||||
|
BEAM_SECRET: ${TOKEN_MANAGER_SECRET}
|
||||||
secrets:
|
secrets:
|
||||||
- opal-cert.pem
|
- opal-cert.pem
|
||||||
- opal-key.pem
|
- opal-key.pem
|
||||||
|
@ -106,6 +108,7 @@ services:
|
||||||
beam-proxy:
|
beam-proxy:
|
||||||
environment:
|
environment:
|
||||||
APP_datashield-connect_KEY: ${DATASHIELD_CONNECT_SECRET}
|
APP_datashield-connect_KEY: ${DATASHIELD_CONNECT_SECRET}
|
||||||
|
APP_token-manager_KEY: ${TOKEN_MANAGER_SECRET}
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
opal-cert.pem:
|
opal-cert.pem:
|
||||||
|
|
|
@ -9,6 +9,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
|
||||||
OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
|
OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
|
||||||
RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")"
|
RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")"
|
||||||
DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||||
|
TOKEN_MANAGER_SECRET="$(echo \"This is a salt string to generate one consistent password as the Token Manger secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||||
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
|
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
|
||||||
mkdir -p /tmp/bridgehead/
|
mkdir -p /tmp/bridgehead/
|
||||||
chown -R bridgehead:docker /tmp/bridgehead/
|
chown -R bridgehead:docker /tmp/bridgehead/
|
||||||
|
|
Loading…
Reference in New Issue