Merge pull request #34 from samply/ldmpassword
Put LDM Password in cleartext in /etc/bridgehead/*.local.conf
This commit is contained in:
commit
ab3a5790de
|
@ -65,11 +65,10 @@ services:
|
||||||
- "blaze-data:/app/data"
|
- "blaze-data:/app/data"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}"
|
|
||||||
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/bbmri-localdatamanagement`)"
|
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/bbmri-localdatamanagement`)"
|
||||||
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/bbmri-localdatamanagement"
|
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/bbmri-localdatamanagement"
|
||||||
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
|
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
|
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
|
||||||
- "traefik.http.routers.blaze_ccp.tls=true"
|
- "traefik.http.routers.blaze_ccp.tls=true"
|
||||||
|
|
||||||
spot:
|
spot:
|
||||||
|
|
|
@ -65,6 +65,7 @@ case "$ACTION" in
|
||||||
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
|
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
|
||||||
checkRequirements
|
checkRequirements
|
||||||
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
|
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
|
||||||
|
export LDM_LOGIN=$(getLdmPassword)
|
||||||
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
|
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
|
||||||
;;
|
;;
|
||||||
stop)
|
stop)
|
||||||
|
|
|
@ -65,11 +65,10 @@ services:
|
||||||
- "blaze-data:/app/data"
|
- "blaze-data:/app/data"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}"
|
|
||||||
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
|
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
|
||||||
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
|
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
|
||||||
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
|
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
|
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
|
||||||
- "traefik.http.routers.blaze_ccp.tls=true"
|
- "traefik.http.routers.blaze_ccp.tls=true"
|
||||||
|
|
||||||
spot:
|
spot:
|
||||||
|
|
|
@ -11,6 +11,14 @@ detectCompose() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
getLdmPassword() {
|
||||||
|
if [ -n "$LDM_PASSWORD" ]; then
|
||||||
|
docker run --rm httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r'
|
||||||
|
else
|
||||||
|
echo -n ""
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
exitIfNotRoot() {
|
exitIfNotRoot() {
|
||||||
if [ "$EUID" -ne 0 ]; then
|
if [ "$EUID" -ne 0 ]; then
|
||||||
log "ERROR" "Please run as root"
|
log "ERROR" "Please run as root"
|
||||||
|
|
|
@ -34,16 +34,12 @@ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
|
# TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
|
||||||
if [ -z "$LDM_LOGIN" ]; then
|
if [ -z "$LDM_PASSWORD" ]; then
|
||||||
log "INFO" "Now generating a password for the local datamangement. Please safe the password for your ETL process!"
|
log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
|
||||||
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
|
||||||
|
|
||||||
log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd"
|
log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd"
|
||||||
parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n' | tr -d '\r')
|
echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
|
||||||
printf "##Localdatamanagement basic auth\n#User: $PROJECT\n#Password: $generated_passwd\n" >> /etc/bridgehead/${PROJECT}.local.conf;
|
|
||||||
|
|
||||||
log "INFO" "These credentials are now written to /etc/bridgehead/${PROJECT}.local.conf"
|
|
||||||
echo -n "LDM_LOGIN='${parsed_passwd}'" >> /etc/bridgehead/${PROJECT}.local.conf;
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log "INFO" "Register system units for bridgehead and bridgehead-update"
|
log "INFO" "Register system units for bridgehead and bridgehead-update"
|
||||||
|
|
Loading…
Reference in New Issue