modify repo to use env vars instead of secrets

5a643640 · Sam · a82c8a55 · 5a643640 · 5a643640 · 5a643640
Commit 5a643640 authored Feb 24, 2022 by Sam
--- a/.env
+++ b/.env
-# BASIC CONFIG
 CKAN_VERSION=2.9
 PYTHON_VERSION=3.9
 MAINTAINER=sam.woodcock@protonmail.com
 INTERNAL_REG=registry.envidat.ch/envidat
 EXTERNAL_REG=docker.io
-
-# INJECTED SECRETS
-CKAN_CONFIG_FILE=ckan.ini
-CKAN_DB_INIT_PASS_FILE=.postgres.secret
-CKAN_DB_SECRET_FILE=.db.secret
-CKAN_SOLR_CREDS_FILE=.solr.secret
--- a/.gitignore
+++ b/.gitignore
-*.secret
+.db.env
+.solr.env
 ckan.ini
 production.ini
\ No newline at end of file
--- a/ckan-entrypoint.sh
+++ b/ckan-entrypoint.sh
@@ -9,20 +9,15 @@ abort () {
    exit 1
 }

-if [ -z "$CKAN_CONFIG_PATH" ]; then
-    if [ -f "/run/secrets/ckan_config" ]; then
-        echo "Linking existing config to $CONFIG"
-        ln -sf /run/secrets/ckan_config "$CONFIG"
-        echo "Extracting CKAN_SQLALCHEMY_URL"
-        CKAN_SQLALCHEMY_URL=$(awk -F " = " '/sqlalchemy.url/ {print $2;exit;}' "$CONFIG")
-        SOLR_USER=$(awk -F " = " '/solr_user/ {print $2;exit;}' "$CONFIG")
-        SOLR_PASS=$(awk -F " = " '/solr_password/ {print $2;exit;}' "$CONFIG")
-    else
-        abort "ERROR: CKAN_CONFIG_PATH specified, but file doesn't exist."
-    fi
-
+if [ -f "/home/ckan/ckan.ini" ]; then
+    echo "Linking existing config to $CONFIG"
+    ln -sf /home/ckan/ckan.ini "$CONFIG"
+    echo "Extracting CKAN_SQLALCHEMY_URL"
+    CKAN_SQLALCHEMY_URL=$(awk -F " = " '/sqlalchemy.url/ {print $2;exit;}' "$CONFIG")
+    SOLR_USER=$(awk -F " = " '/solr_user/ {print $2;exit;}' "$CONFIG")
+    SOLR_PASS=$(awk -F " = " '/solr_password/ {print $2;exit;}' "$CONFIG")
 else
-    abort "ERROR: No CKAN config file provided."
+    abort "ERROR: No ckan.ini file found."
 fi

 # Wait for PostgreSQL

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,16 +5,6 @@ volumes:
  pg_data:
  solr_data:

-secrets:
-  ckan_config:
-    file: ./${CKAN_CONFIG_FILE:-/dev/null}
-  db_init_pass:
-    file: ./${CKAN_DB_INIT_PASS_FILE:-/dev/null}
-  db_env_secret:
-    file: ./${CKAN_DB_SECRET_FILE:-/dev/null}
-  solr_creds:
-    file: ./${CKAN_SOLR_CREDS_FILE:-/dev/null}
-
 networks:
  ckan-internal:
    external: true
@@ -38,10 +28,9 @@ services:
      - "8989:5000"
    env_file:
      - .env
-    secrets:
-      - ckan_config
    volumes:
      - ckan_storage:/var/lib/ckan
+      - ./ckan.ini:/home/ckan/ckan.ini
    networks:
      - ckan-internal

@@ -55,10 +44,8 @@ services:
        - MAINTAINER=${MAINTAINER}
    environment:
      - PGDATA=/var/lib/postgresql/data/db
-      - POSTGRES_PASSWORD_FILE=/run/secrets/db_init_pass
-    secrets:
-      - db_init_pass
-      - db_env_secret
+    env_file:
+      - .db.env
    volumes:
      - pg_data:/var/lib/postgresql/data
      - /etc/hosts:/etc/hosts:ro
@@ -88,8 +75,8 @@ services:
      args:
        - EXTERNAL_REG=${EXTERNAL_REG}
        - MAINTAINER=${MAINTAINER}
-    secrets:
-      - solr_creds
+    env_file:
+      - .solr.env
    networks:
      - ckan-internal
    depends_on:

--- a/init_solr/init.sh
+++ b/init_solr/init.sh
@@ -5,11 +5,8 @@ abort () {
    exit 1
 }

-if [ -f "/run/secrets/solr_creds" ]; then
-    echo "Found solr credentials secret, sourcing..."
-    . "/run/secrets/solr_creds"
-else
-    abort "ERROR: Solr credentials secret not found."
+if [ -z "$SOLR_CKAN_PASS" ]; then
+    abort "ERROR: Solr passwords not set in environment."
 fi

 echo "Sleeping 5 seconds."

--- a/postgresql/docker-entrypoint-initdb.d/00_init_secrets.sh
+++ b/postgresql/docker-entrypoint-initdb.d/00_init_secrets.sh
-#!/bin/bash
-set -eo pipefail
-
-
-if [[ -f "/run/secrets/db_env_secret" ]]; then
-    echo "db_env_secret secret found, sourcing..."
-    source /run/secrets/db_env_secret
-else
-    echo "db_env_secret secret not found."
-fi
\ No newline at end of file