paulmataruso/docker-zulip
1
0
Fork 0
mirror of https://github.com/zulip/docker-zulip.git synced 2025-11-05 06:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improved the secret generation and persistence

Browse Source 
Zulip secrets are now linked to the data dir
This commit is contained in:
Alexander Trost
2017-04-05 15:22:46 +02:00
parent 540e061396
commit fb4cebffa9
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.yml
View File

@@ -37,7 +37,7 @@ services:
SETTING_REDIS_HOST: "redis" SETTING_REDIS_HOST: "redis"
SECRETS_email_password: "123456789" SECRETS_email_password: "123456789"
SECRETS_rabbitmq_password: "zulip" SECRETS_rabbitmq_password: "zulip"
SECRETS_secret_key: "REPLCAE_WITH_SECURE_SECRET_KEY" SECRETS_secret_key: "REPLACE_WITH_SECURE_SECRET_KEY"
SETTING_EXTERNAL_HOST: "example.com" SETTING_EXTERNAL_HOST: "example.com"
SETTING_ZULIP_ADMINISTRATOR: "admin@example.com" SETTING_ZULIP_ADMINISTRATOR: "admin@example.com"
SETTING_ADMIN_DOMAIN: "example.com" SETTING_ADMIN_DOMAIN: "example.com"

22
docker-entrypoint.sh
View File

@@ -215,12 +215,15 @@ configureCerts() {
} }
secretsConfiguration() { secretsConfiguration() {
echo "Setting Zulip secrets ..." echo "Setting Zulip secrets ..."
if [ ! -e "/etc/zulip/zulip-secrets.conf" ]; then if [ ! -e "$DATA_DIR/zulip-secrets.conf" ]; then
echo "Generating Zulip secrets ..." echo "Generating Zulip secrets ..."
/root/zulip/scripts/setup/generate_secrets.py --production /root/zulip/scripts/setup/generate_secrets.py --production
mv "/etc/zulip/zulip-secrets.conf" "$DATA_DIR/zulip-secrets.conf" || {
echo "Couldn't move the generate zulip secrets to the data dir."; exit 1;
}
echo "Secrets generation succeeded." echo "Secrets generation succeeded."
else else
echo "Secrets already generated." echo "Secrets already generated/existing."
fi fi
set +e set +e
local SECRETS=($(env | sed -nr "s/SECRETS_([0-9A-Z_a-z-]*).*/\1/p")) local SECRETS=($(env | sed -nr "s/SECRETS_([0-9A-Z_a-z-]*).*/\1/p"))
@@ -231,17 +234,26 @@ secretsConfiguration() {
echo "Empty secret for key \"$SECRET_KEY\"." echo "Empty secret for key \"$SECRET_KEY\"."
continue continue
fi fi
grep -q "$SECRET_KEY" /etc/zulip/zulip-secrets.conf grep -q "$SECRET_KEY" "$DATA_DIR/zulip-secrets.conf"
if (($? > 0)); then if (($? > 0)); then
echo "$SECRET_KEY = $SECRET_VAR" >> /etc/zulip/zulip-secrets.conf echo "$SECRET_KEY = $SECRET_VAR" >> "$DATA_DIR/zulip-secrets.conf"
echo "Secret added for \"$SECRET_KEY\"." echo "Secret added for \"$SECRET_KEY\"."
else else
sed -i -r "s~#?$SECRET_KEY[ ]*=.*~$SECRET_KEY = $SECRET_VAR~g" /etc/zulip/zulip-secrets.conf sed -i -r "s~#?$SECRET_KEY[ ]*=.*~$SECRET_KEY = $SECRET_VAR~g" "$DATA_DIR/zulip-secrets.conf"
echo "Secret found for \"$SECRET_KEY\"." echo "Secret found for \"$SECRET_KEY\"."
fi fi
done done
set -e set -e
unset SECRET_KEY SECRET_VAR key unset SECRET_KEY SECRET_VAR key
if [ -e "/etc/zulip/zulip-secrets.conf" ]; then
rm "/etc/zulip/zulip-secrets.conf"
fi
echo "Linking secrets from data dir to etc zulip ..."
ln -s "$DATA_DIR/zulip-secrets.conf" "/etc/zulip/zulip-secrets.conf" || {
echo "Couldn't link existing zulip secrets to etc zulip.";
exit 1;
}
echo "Linked existing secrets from data dir to etc zulip."
echo "Zulip secrets configuration succeeded." echo "Zulip secrets configuration succeeded."
} }
databaseConfiguration() { databaseConfiguration() {