Skip to content
This repository was archived by the owner on Feb 24, 2021. It is now read-only.

Commit 66591ae

Browse files
andresrinivasanandresrinivasan
committed
feat: Add security-bootstrap-redis service
Signed-off-by: André Srinivasan <[email protected]>
1 parent 95dbcc0 commit 66591ae

File tree

6 files changed

+103
-46
lines changed

6 files changed

+103
-46
lines changed

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,3 +84,5 @@ support-notifications-client/
8484
support-notifications/
8585
support-rulesengine/
8686
support-scheduler/
87+
88+
docker-compose-nexus-dev.yml

compose-builder/README.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,6 @@ This folder contains the following environment files:
6161
This file contains the common environment overrides used by all Edgex services.
6262
- **common-security.env**
6363
This file contains the common security related environment overrides used by many Edgex services.
64-
- **database-security.env**
65-
This file contains the database specific security related environment overrides used by a few Edgex services.
6664

6765
### Makefile
6866

compose-builder/add-security.yml

Lines changed: 27 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,6 @@ services:
7171
image: ${CORE_EDGEX_REPOSITORY}/docker-edgex-secrets-setup-go${ARCH}:${CORE_EDGEX_VERSION}${DEV}
7272
container_name: edgex-secrets-setup
7373
hostname: edgex-secrets-setup
74-
env_file:
75-
- database-security.env
7674
read_only: true
7775
tmpfs:
7876
- /tmp
@@ -87,8 +85,6 @@ services:
8785
image: ${CORE_EDGEX_REPOSITORY}/docker-edgex-security-secretstore-setup-go${ARCH}:${CORE_EDGEX_VERSION}${DEV}
8886
container_name: edgex-vault-worker
8987
hostname: edgex-vault-worker
90-
env_file:
91-
- database-security.env
9288
environment:
9389
SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
9490
read_only: true
@@ -106,6 +102,28 @@ services:
106102
- consul
107103
- vault
108104

105+
security-bootstrap-database:
106+
image: ${CORE_EDGEX_REPOSITORY}/docker-edgex-security-bootstrap-redis-go${ARCH}:${CORE_EDGEX_VERSION}${DEV}
107+
container_name: edgex-security-bootstrap-database
108+
hostname: edgex-security-bootstrap-database
109+
env_file:
110+
- common.env
111+
- common-security.env
112+
environment:
113+
SERVICE_HOST: edgex-security-bootstrap-redis
114+
read_only: true
115+
networks:
116+
- edgex-network
117+
tmpfs:
118+
- /run
119+
- /vault
120+
volumes:
121+
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
122+
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
123+
depends_on:
124+
- vault-worker
125+
- database
126+
109127
# containers for reverse proxy
110128
kong-db:
111129
image: postgres:${POSTGRES_VERSION}
@@ -227,23 +245,6 @@ services:
227245

228246
# end of containers for reverse proxy
229247

230-
database:
231-
env_file:
232-
- database-security.env
233-
command: |
234-
/bin/sh -c "
235-
until [ -r $${REDIS5_PASSWORD_PATHNAME} ] && [ -s $${REDIS5_PASSWORD_PATHNAME} ]; do sleep 1; done
236-
exec /usr/local/bin/docker-entrypoint.sh --requirepass `cat $${REDIS5_PASSWORD_PATHNAME}` \
237-
--dir /data \
238-
--save 900 1 \
239-
--save 300 10 \
240-
--save 60 10000
241-
"
242-
volumes:
243-
- /tmp/edgex/secrets/edgex-redis:/tmp/edgex/secrets/edgex-redis:z
244-
depends_on:
245-
- vault-worker
246-
247248
notifications:
248249
env_file:
249250
- common-security.env
@@ -254,6 +255,7 @@ services:
254255
- /tmp/edgex/secrets/edgex-support-notifications:/tmp/edgex/secrets/edgex-support-notifications:ro,z
255256
depends_on:
256257
- vault-worker
258+
- security-bootstrap-database
257259

258260
metadata:
259261
env_file:
@@ -265,6 +267,7 @@ services:
265267
- /tmp/edgex/secrets/edgex-core-metadata:/tmp/edgex/secrets/edgex-core-metadata:ro,z
266268
depends_on:
267269
- vault-worker
270+
- security-bootstrap-database
268271

269272
data:
270273
env_file:
@@ -276,6 +279,7 @@ services:
276279
- /tmp/edgex/secrets/edgex-core-data:/tmp/edgex/secrets/edgex-core-data:ro,z
277280
depends_on:
278281
- vault-worker
282+
- security-bootstrap-database
279283

280284
command:
281285
env_file:
@@ -287,6 +291,7 @@ services:
287291
- /tmp/edgex/secrets/edgex-core-command:/tmp/edgex/secrets/edgex-core-command:ro,z
288292
depends_on:
289293
- vault-worker
294+
- security-bootstrap-database
290295

291296
scheduler:
292297
env_file:
@@ -298,3 +303,4 @@ services:
298303
- /tmp/edgex/secrets/edgex-support-scheduler:/tmp/edgex/secrets/edgex-support-scheduler:ro,z
299304
depends_on:
300305
- vault-worker
306+
- security-bootstrap-database

compose-builder/database-security.env

Lines changed: 0 additions & 1 deletion
This file was deleted.

releases/nightly-build/compose-files/docker-compose-nexus-arm64.yml

Lines changed: 37 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ services:
6363
- consul
6464
- database
6565
- metadata
66+
- security-bootstrap-database
6667
- vault-worker
6768
environment:
6869
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -120,6 +121,7 @@ services:
120121
- consul
121122
- database
122123
- metadata
124+
- security-bootstrap-database
123125
- vault-worker
124126
environment:
125127
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -150,13 +152,7 @@ services:
150152
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
151153
- /tmp/edgex/secrets/edgex-core-data:/tmp/edgex/secrets/edgex-core-data:ro,z
152154
database:
153-
command: "/bin/sh -c \"\nuntil [ -r $${REDIS5_PASSWORD_PATHNAME} ] && [ -s $${REDIS5_PASSWORD_PATHNAME}\
154-
\ ]; do sleep 1; done\nexec /usr/local/bin/docker-entrypoint.sh --requirepass\
155-
\ `cat $${REDIS5_PASSWORD_PATHNAME}` \\\n --dir /data \\\n --save 900 1 \\\
156-
\n --save 300 10 \\\n --save 60 10000\n\"\n"
157155
container_name: edgex-redis
158-
depends_on:
159-
- vault-worker
160156
environment:
161157
CLIENTS_COMMAND_HOST: edgex-core-command
162158
CLIENTS_COREDATA_HOST: edgex-core-data
@@ -168,7 +164,6 @@ services:
168164
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
169165
DATABASES_PRIMARY_HOST: edgex-redis
170166
EDGEX_SECURITY_SECRET_STORE: "false"
171-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
172167
REGISTRY_HOST: edgex-core-consul
173168
hostname: edgex-redis
174169
image: redis:6.0.9-alpine
@@ -179,7 +174,6 @@ services:
179174
read_only: true
180175
volumes:
181176
- db-data:/data:z
182-
- /tmp/edgex/secrets/edgex-redis:/tmp/edgex/secrets/edgex-redis:z
183177
device-rest:
184178
container_name: edgex-device-rest
185179
depends_on:
@@ -356,6 +350,7 @@ services:
356350
- consul
357351
- database
358352
- notifications
353+
- security-bootstrap-database
359354
- vault-worker
360355
environment:
361356
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -390,6 +385,7 @@ services:
390385
depends_on:
391386
- consul
392387
- database
388+
- security-bootstrap-database
393389
- vault-worker
394390
environment:
395391
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -442,6 +438,7 @@ services:
442438
depends_on:
443439
- consul
444440
- database
441+
- security-bootstrap-database
445442
- vault-worker
446443
environment:
447444
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -472,11 +469,41 @@ services:
472469
volumes:
473470
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
474471
- /tmp/edgex/secrets/edgex-support-scheduler:/tmp/edgex/secrets/edgex-support-scheduler:ro,z
472+
security-bootstrap-database:
473+
container_name: edgex-security-bootstrap-database
474+
depends_on:
475+
- database
476+
- vault-worker
477+
environment:
478+
CLIENTS_COMMAND_HOST: edgex-core-command
479+
CLIENTS_COREDATA_HOST: edgex-core-data
480+
CLIENTS_DATA_HOST: edgex-core-data
481+
CLIENTS_METADATA_HOST: edgex-core-metadata
482+
CLIENTS_NOTIFICATIONS_HOST: edgex-support-notifications
483+
CLIENTS_RULESENGINE_HOST: edgex-kuiper
484+
CLIENTS_SCHEDULER_HOST: edgex-support-scheduler
485+
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
486+
DATABASES_PRIMARY_HOST: edgex-redis
487+
EDGEX_SECURITY_SECRET_STORE: "true"
488+
REGISTRY_HOST: edgex-core-consul
489+
SECRETSTORE_HOST: edgex-vault
490+
SECRETSTORE_ROOTCACERTPATH: /tmp/edgex/secrets/ca/ca.pem
491+
SECRETSTORE_SERVERNAME: edgex-vault
492+
SERVICE_HOST: edgex-security-bootstrap-redis
493+
hostname: edgex-security-bootstrap-database
494+
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-bootstrap-redis-go-arm64:master
495+
networks:
496+
edgex-network: {}
497+
read_only: true
498+
tmpfs:
499+
- /run
500+
- /vault
501+
volumes:
502+
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
503+
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
475504
security-secrets-setup:
476505
command: generate
477506
container_name: edgex-secrets-setup
478-
environment:
479-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
480507
hostname: edgex-secrets-setup
481508
image: nexus3.edgexfoundry.org:10004/docker-edgex-secrets-setup-go-arm64:master
482509
read_only: true
@@ -553,7 +580,6 @@ services:
553580
- security-secrets-setup
554581
- vault
555582
environment:
556-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
557583
SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
558584
hostname: edgex-vault-worker
559585
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-secretstore-setup-go-arm64:master

releases/nightly-build/compose-files/docker-compose-nexus.yml

Lines changed: 37 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ services:
6363
- consul
6464
- database
6565
- metadata
66+
- security-bootstrap-database
6667
- vault-worker
6768
environment:
6869
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -120,6 +121,7 @@ services:
120121
- consul
121122
- database
122123
- metadata
124+
- security-bootstrap-database
123125
- vault-worker
124126
environment:
125127
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -150,13 +152,7 @@ services:
150152
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
151153
- /tmp/edgex/secrets/edgex-core-data:/tmp/edgex/secrets/edgex-core-data:ro,z
152154
database:
153-
command: "/bin/sh -c \"\nuntil [ -r $${REDIS5_PASSWORD_PATHNAME} ] && [ -s $${REDIS5_PASSWORD_PATHNAME}\
154-
\ ]; do sleep 1; done\nexec /usr/local/bin/docker-entrypoint.sh --requirepass\
155-
\ `cat $${REDIS5_PASSWORD_PATHNAME}` \\\n --dir /data \\\n --save 900 1 \\\
156-
\n --save 300 10 \\\n --save 60 10000\n\"\n"
157155
container_name: edgex-redis
158-
depends_on:
159-
- vault-worker
160156
environment:
161157
CLIENTS_COMMAND_HOST: edgex-core-command
162158
CLIENTS_COREDATA_HOST: edgex-core-data
@@ -168,7 +164,6 @@ services:
168164
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
169165
DATABASES_PRIMARY_HOST: edgex-redis
170166
EDGEX_SECURITY_SECRET_STORE: "false"
171-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
172167
REGISTRY_HOST: edgex-core-consul
173168
hostname: edgex-redis
174169
image: redis:6.0.9-alpine
@@ -179,7 +174,6 @@ services:
179174
read_only: true
180175
volumes:
181176
- db-data:/data:z
182-
- /tmp/edgex/secrets/edgex-redis:/tmp/edgex/secrets/edgex-redis:z
183177
device-rest:
184178
container_name: edgex-device-rest
185179
depends_on:
@@ -356,6 +350,7 @@ services:
356350
- consul
357351
- database
358352
- notifications
353+
- security-bootstrap-database
359354
- vault-worker
360355
environment:
361356
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -390,6 +385,7 @@ services:
390385
depends_on:
391386
- consul
392387
- database
388+
- security-bootstrap-database
393389
- vault-worker
394390
environment:
395391
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -442,6 +438,7 @@ services:
442438
depends_on:
443439
- consul
444440
- database
441+
- security-bootstrap-database
445442
- vault-worker
446443
environment:
447444
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -472,11 +469,41 @@ services:
472469
volumes:
473470
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
474471
- /tmp/edgex/secrets/edgex-support-scheduler:/tmp/edgex/secrets/edgex-support-scheduler:ro,z
472+
security-bootstrap-database:
473+
container_name: edgex-security-bootstrap-database
474+
depends_on:
475+
- database
476+
- vault-worker
477+
environment:
478+
CLIENTS_COMMAND_HOST: edgex-core-command
479+
CLIENTS_COREDATA_HOST: edgex-core-data
480+
CLIENTS_DATA_HOST: edgex-core-data
481+
CLIENTS_METADATA_HOST: edgex-core-metadata
482+
CLIENTS_NOTIFICATIONS_HOST: edgex-support-notifications
483+
CLIENTS_RULESENGINE_HOST: edgex-kuiper
484+
CLIENTS_SCHEDULER_HOST: edgex-support-scheduler
485+
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
486+
DATABASES_PRIMARY_HOST: edgex-redis
487+
EDGEX_SECURITY_SECRET_STORE: "true"
488+
REGISTRY_HOST: edgex-core-consul
489+
SECRETSTORE_HOST: edgex-vault
490+
SECRETSTORE_ROOTCACERTPATH: /tmp/edgex/secrets/ca/ca.pem
491+
SECRETSTORE_SERVERNAME: edgex-vault
492+
SERVICE_HOST: edgex-security-bootstrap-redis
493+
hostname: edgex-security-bootstrap-database
494+
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-bootstrap-redis-go:master
495+
networks:
496+
edgex-network: {}
497+
read_only: true
498+
tmpfs:
499+
- /run
500+
- /vault
501+
volumes:
502+
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
503+
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
475504
security-secrets-setup:
476505
command: generate
477506
container_name: edgex-secrets-setup
478-
environment:
479-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
480507
hostname: edgex-secrets-setup
481508
image: nexus3.edgexfoundry.org:10004/docker-edgex-secrets-setup-go:master
482509
read_only: true
@@ -553,7 +580,6 @@ services:
553580
- security-secrets-setup
554581
- vault
555582
environment:
556-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
557583
SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
558584
hostname: edgex-vault-worker
559585
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-secretstore-setup-go:master

0 commit comments

Comments
 (0)