Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve headless provisioning of SELKS on docker #421

Closed
wants to merge 4 commits into from
Closed

improve headless provisioning of SELKS on docker #421

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift click to select a range
4da17b6
docker: fix headless easy-setup provisioning
markuskont Oct 24, 2022
fc1170d
docker: add vagrantfile to test selks on docker
markuskont Oct 24, 2022
1d0acd0
docker: add compose to VM
markuskont Jun 28, 2023
2eeceee
docker: increase vagrant resources
markuskont Jun 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
docker: fix headless easy-setup provisioning 
Docker -ti expects a interactive terminal to be left open. That is
missing in automated provisioning, such as Vagrantfile scripts. This
patch detects missing terminal and adjust docker run flags accordingly.
  • Loading branch information
@markuskont
markuskont committed Jun 26, 2023
commit 4da17b6be355e9d3008f4003cd4a9cf3ca25a9f8
10 changes: 7 additions & 3 deletions docker/easy-setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 124,10 @@ _arg_es_memory=
_arg_ls_memory=
_arg_restart_mode=
_arg_print_options="off"
_arg_docker_run=

# -ti flag indicates a interactive terminal session which might break in automated provisioning scripts
[ -z "$PS1" ] || _arg_docker_run="-ti"


# Function that prints general usage of the script.
Expand Down Expand Up @@ -702,7 706,7 @@ SSLDIR="${BASEDIR}/containers-data/nginx/ssl"
function check_scirius_key_cert(){
# usage : check_scirius_key_cert [path_to_files] [filename_without_extension]
# example : check_scirius_key_cert [path_to_files] [filename_without_extension]
output=$(docker run --rm -it -v ${1}:/etc/nginx/ssl nginx /bin/bash -c "openssl x509 -in /etc/nginx/ssl/scirius.crt -pubkey -noout -outform pem | sha256sum; openssl pkey -in /etc/nginx/ssl/scirius.key -pubout -outform pem | sha256sum" || echo -e "${red}-${reset} Error while checking certificate against key")
output=$(docker run --rm ${_arg_docker_run} -v ${1}:/etc/nginx/ssl nginx /bin/bash -c "openssl x509 -in /etc/nginx/ssl/scirius.crt -pubkey -noout -outform pem | sha256sum; openssl pkey -in /etc/nginx/ssl/scirius.key -pubout -outform pem | sha256sum" || echo -e "${red}-${reset} Error while checking certificate against key")

SAVEIFS=$IFS # Save current IFS
IFS=$'\n' # Change IFS to new line
Expand All @@ -721,7 725,7 @@ function check_scirius_key_cert(){
fi
}
function generate_scirius_certificate(){
docker run --rm -it -v ${1}:/etc/nginx/ssl nginx openssl req -new -nodes -x509 -subj "/C=FR/ST=IDF/L=Paris/O=Stamus/CN=SELKS" -days 3650 -keyout /etc/nginx/ssl/scirius.key -out /etc/nginx/ssl/scirius.crt -extensions v3_ca && echo -e "${green} ${reset} Certificate generated successfully" || echo -e "${red}-${reset} Error while generating certificate with openssl"
docker run --rm ${_arg_docker_run} -v ${1}:/etc/nginx/ssl nginx openssl req -new -nodes -x509 -subj "/C=FR/ST=IDF/L=Paris/O=Stamus/CN=SELKS" -days 3650 -keyout /etc/nginx/ssl/scirius.key -out /etc/nginx/ssl/scirius.crt -extensions v3_ca && echo -e "${green} ${reset} Certificate generated successfully" || echo -e "${red}-${reset} Error while generating certificate with openssl"
check_scirius_key_cert ${1}
return $?
}
Expand Down Expand Up @@ -926,7 930,7 @@ fi
# Generate KEY FOR DJANGO #
###########################

output=$(docker run --rm -it python:3.9.5-slim-buster /bin/bash -c "python -c \"import secrets; print(secrets.token_urlsafe())\"")
output=$(docker run --rm ${_arg_docker_run} python:3.9.5-slim-buster /bin/bash -c "python -c \"import secrets; print(secrets.token_urlsafe())\"")

echo "SCIRIUS_SECRET_KEY=${output}" >> ${BASEDIR}/.env

Expand Down