verbis-admin
/
bridgehead
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support retrieving credentials for vault from /etc/bridgehead/vault.conf

This commit is contained in:
Martin Lablans 2022-05-13 14:11:14 +02:00
parent 4b5af787e5
commit 1692395ffc
3 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bridgehead
View File

@ -46,7 +46,7 @@ source /etc/bridgehead/site.conf
case "$ACTION" in case "$ACTION" in
start) start)
checkRequirements checkRequirements
fetchVarsFromVault /etc/bridgehead/site.conf /etc/bridgehead/$PROJECT.env fetchVarsFromVault /etc/bridgehead/site.conf /etc/bridgehead/$PROJECT.env || exit 1
exec docker-compose -f ./$PROJECT/docker-compose.yml --env-file /etc/bridgehead/$PROJECT.env up exec docker-compose -f ./$PROJECT/docker-compose.yml --env-file /etc/bridgehead/$PROJECT.env up
;; ;;
stop) stop)

24
lib/functions.sh
View File

@ -37,7 +37,29 @@ fetchVarsFromVault() {
return 0 return 0
fi fi
eval $(docker run --rm -ti -e BW_MASTERPASS -e BW_CLIENTID -e BW_CLIENTSECRET samply/bridgehead-vaultfetcher $VARS_TO_FETCH | sed 's/\r//g') log INFO "Fetching secrets from vault ..."
[ -e /etc/bridgehead/vault.conf ] && source /etc/bridgehead/vault.conf
if [ -z "$BW_MASTERPASS" ] || [ -z "$BW_CLIENTID" ] || [ -z "$BW_CLIENTSECRET" ]; then
log ERROR "Please supply correct credentials in /etc/bridgehead/vault.conf."
return 1
fi
set +e
PASS=$(BW_MASTERPASS="$BW_MASTERPASS" BW_CLIENTID="$BW_CLIENTID" BW_CLIENTSECRET="$BW_CLIENTSECRET" docker run --rm -ti -e BW_MASTERPASS -e BW_CLIENTID -e BW_CLIENTSECRET samply/bridgehead-vaultfetcher $VARS_TO_FETCH)
RET=$?
if [ $RET -ne 0 ]; then
echo "Code: $RET"
echo $PASS
return $RET
fi
eval $(echo -e "$PASS" | sed 's/\r//g')
set -e
return 0 return 0
} }

7
lib/prerequisites.sh
View File

@ -69,6 +69,13 @@ if [ ! -e "certs/traefik.crt" ]; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365 openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365
fi fi
if [ -e /etc/bridgehead/vault.conf ]; then
if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."
exit 1
fi
fi
log INFO "Success - all prerequisites are met!" log INFO "Success - all prerequisites are met!"
exit 0 exit 0