WSL/SLF GitLab Repository

Commit 5a643640 authored by Sam's avatar Sam
Browse files

modify repo to use env vars instead of secrets

parent a82c8a55
# BASIC CONFIG
CKAN_VERSION=2.9
PYTHON_VERSION=3.9
MAINTAINER=sam.woodcock@protonmail.com
INTERNAL_REG=registry.envidat.ch/envidat
EXTERNAL_REG=docker.io
# INJECTED SECRETS
CKAN_CONFIG_FILE=ckan.ini
CKAN_DB_INIT_PASS_FILE=.postgres.secret
CKAN_DB_SECRET_FILE=.db.secret
CKAN_SOLR_CREDS_FILE=.solr.secret
*.secret
.db.env
.solr.env
ckan.ini
production.ini
\ No newline at end of file
......@@ -9,20 +9,15 @@ abort () {
exit 1
}
if [ -z "$CKAN_CONFIG_PATH" ]; then
if [ -f "/run/secrets/ckan_config" ]; then
echo "Linking existing config to $CONFIG"
ln -sf /run/secrets/ckan_config "$CONFIG"
echo "Extracting CKAN_SQLALCHEMY_URL"
CKAN_SQLALCHEMY_URL=$(awk -F " = " '/sqlalchemy.url/ {print $2;exit;}' "$CONFIG")
SOLR_USER=$(awk -F " = " '/solr_user/ {print $2;exit;}' "$CONFIG")
SOLR_PASS=$(awk -F " = " '/solr_password/ {print $2;exit;}' "$CONFIG")
else
abort "ERROR: CKAN_CONFIG_PATH specified, but file doesn't exist."
fi
if [ -f "/home/ckan/ckan.ini" ]; then
echo "Linking existing config to $CONFIG"
ln -sf /home/ckan/ckan.ini "$CONFIG"
echo "Extracting CKAN_SQLALCHEMY_URL"
CKAN_SQLALCHEMY_URL=$(awk -F " = " '/sqlalchemy.url/ {print $2;exit;}' "$CONFIG")
SOLR_USER=$(awk -F " = " '/solr_user/ {print $2;exit;}' "$CONFIG")
SOLR_PASS=$(awk -F " = " '/solr_password/ {print $2;exit;}' "$CONFIG")
else
abort "ERROR: No CKAN config file provided."
abort "ERROR: No ckan.ini file found."
fi
# Wait for PostgreSQL
......
......@@ -5,16 +5,6 @@ volumes:
pg_data:
solr_data:
secrets:
ckan_config:
file: ./${CKAN_CONFIG_FILE:-/dev/null}
db_init_pass:
file: ./${CKAN_DB_INIT_PASS_FILE:-/dev/null}
db_env_secret:
file: ./${CKAN_DB_SECRET_FILE:-/dev/null}
solr_creds:
file: ./${CKAN_SOLR_CREDS_FILE:-/dev/null}
networks:
ckan-internal:
external: true
......@@ -38,10 +28,9 @@ services:
- "8989:5000"
env_file:
- .env
secrets:
- ckan_config
volumes:
- ckan_storage:/var/lib/ckan
- ./ckan.ini:/home/ckan/ckan.ini
networks:
- ckan-internal
......@@ -55,10 +44,8 @@ services:
- MAINTAINER=${MAINTAINER}
environment:
- PGDATA=/var/lib/postgresql/data/db
- POSTGRES_PASSWORD_FILE=/run/secrets/db_init_pass
secrets:
- db_init_pass
- db_env_secret
env_file:
- .db.env
volumes:
- pg_data:/var/lib/postgresql/data
- /etc/hosts:/etc/hosts:ro
......@@ -88,8 +75,8 @@ services:
args:
- EXTERNAL_REG=${EXTERNAL_REG}
- MAINTAINER=${MAINTAINER}
secrets:
- solr_creds
env_file:
- .solr.env
networks:
- ckan-internal
depends_on:
......
......@@ -5,11 +5,8 @@ abort () {
exit 1
}
if [ -f "/run/secrets/solr_creds" ]; then
echo "Found solr credentials secret, sourcing..."
. "/run/secrets/solr_creds"
else
abort "ERROR: Solr credentials secret not found."
if [ -z "$SOLR_CKAN_PASS" ]; then
abort "ERROR: Solr passwords not set in environment."
fi
echo "Sleeping 5 seconds."
......
#!/bin/bash
set -eo pipefail
if [[ -f "/run/secrets/db_env_secret" ]]; then
echo "db_env_secret secret found, sourcing..."
source /run/secrets/db_env_secret
else
echo "db_env_secret secret not found."
fi
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment