Skip to content
This repository was archived by the owner on Feb 24, 2021. It is now read-only.

Commit 8288957

Browse files
jim-wang-inteljim-wang-intel
authored
feat(security): Add redis config file related envs (#403)
* feat(security): Add redis config file related envs New env added for redis' conf files related Closes: #402 Address Bryon's comment about more standard temp. file system /run Added env changes from make build Signed-off-by: Jim Wang <[email protected]>
1 parent bad56a4 commit 8288957

8 files changed

+125
-83
lines changed

compose-builder/add-security.yml

+6
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ volumes:
2727
postgres-config:
2828
# non-shared volumes
2929
postgres-data:
30+
redis-config:
3031

3132
services:
3233
security-bootstrapper:
@@ -54,8 +55,13 @@ services:
5455
- common-sec-stage-gate.env
5556
environment:
5657
SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/edgex-security-bootstrap-redis/secrets-token.json
58+
DATABASECONFIG_PATH: /run/redis/conf
59+
DATABASECONFIG_NAME: redis.conf
60+
tmpfs:
61+
- /run
5762
volumes:
5863
- edgex-init:/edgex-init:ro,z
64+
- redis-config:/run/redis/conf:z
5965
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
6066
depends_on:
6167
- security-bootstrapper

compose-builder/common-sec-stage-gate.env

+1-1
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT=54322
2727
# this is intended to be the same as Database.Primary.Host/.Port for other services
2828
STAGEGATE_DATABASE_HOST=edgex-redis
2929
STAGEGATE_DATABASE_PORT=6379
30-
STAGEGATE_DATABASE_READYPORT=54323
30+
STAGEGATE_DATABASE_READYPORT=6379
3131
# this is intended to be the same as Registry.Host/.Port for other services
3232
STAGEGATE_REGISTRY_HOST=edgex-core-consul
3333
STAGEGATE_REGISTRY_PORT=8500

releases/nightly-build/compose-files/docker-compose-nexus-arm64.yml

+19-13
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ services:
9494
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
9595
STAGEGATE_DATABASE_HOST: edgex-redis
9696
STAGEGATE_DATABASE_PORT: '6379'
97-
STAGEGATE_DATABASE_READYPORT: '54323'
97+
STAGEGATE_DATABASE_READYPORT: '6379'
9898
STAGEGATE_KONGDB_HOST: kong-db
9999
STAGEGATE_KONGDB_PORT: '5432'
100100
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -136,7 +136,7 @@ services:
136136
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
137137
STAGEGATE_DATABASE_HOST: edgex-redis
138138
STAGEGATE_DATABASE_PORT: '6379'
139-
STAGEGATE_DATABASE_READYPORT: '54323'
139+
STAGEGATE_DATABASE_READYPORT: '6379'
140140
STAGEGATE_KONGDB_HOST: kong-db
141141
STAGEGATE_KONGDB_PORT: '5432'
142142
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -196,7 +196,7 @@ services:
196196
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
197197
STAGEGATE_DATABASE_HOST: edgex-redis
198198
STAGEGATE_DATABASE_PORT: '6379'
199-
STAGEGATE_DATABASE_READYPORT: '54323'
199+
STAGEGATE_DATABASE_READYPORT: '6379'
200200
STAGEGATE_KONGDB_HOST: kong-db
201201
STAGEGATE_KONGDB_PORT: '5432'
202202
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -239,6 +239,8 @@ services:
239239
CLIENTS_RULESENGINE_HOST: edgex-kuiper
240240
CLIENTS_SCHEDULER_HOST: edgex-support-scheduler
241241
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
242+
DATABASECONFIG_NAME: redis.conf
243+
DATABASECONFIG_PATH: /run/redis/conf
242244
DATABASES_PRIMARY_HOST: edgex-redis
243245
EDGEX_SECURITY_SECRET_STORE: "true"
244246
PROXY_SETUP_HOST: edgex-proxy-setup
@@ -250,7 +252,7 @@ services:
250252
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
251253
STAGEGATE_DATABASE_HOST: edgex-redis
252254
STAGEGATE_DATABASE_PORT: '6379'
253-
STAGEGATE_DATABASE_READYPORT: '54323'
255+
STAGEGATE_DATABASE_READYPORT: '6379'
254256
STAGEGATE_KONGDB_HOST: kong-db
255257
STAGEGATE_KONGDB_PORT: '5432'
256258
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -270,9 +272,12 @@ services:
270272
read_only: true
271273
security_opt:
272274
- no-new-privileges:true
275+
tmpfs:
276+
- /run
273277
volumes:
274278
- db-data:/data:z
275279
- edgex-init:/edgex-init:ro,z
280+
- redis-config:/run/redis/conf:z
276281
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
277282
device-rest:
278283
container_name: edgex-device-rest
@@ -354,7 +359,7 @@ services:
354359
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
355360
STAGEGATE_DATABASE_HOST: edgex-redis
356361
STAGEGATE_DATABASE_PORT: '6379'
357-
STAGEGATE_DATABASE_READYPORT: '54323'
362+
STAGEGATE_DATABASE_READYPORT: '6379'
358363
STAGEGATE_KONGDB_HOST: kong-db
359364
STAGEGATE_KONGDB_PORT: '5432'
360365
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -406,7 +411,7 @@ services:
406411
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
407412
STAGEGATE_DATABASE_HOST: edgex-redis
408413
STAGEGATE_DATABASE_PORT: '6379'
409-
STAGEGATE_DATABASE_READYPORT: '54323'
414+
STAGEGATE_DATABASE_READYPORT: '6379'
410415
STAGEGATE_KONGDB_HOST: kong-db
411416
STAGEGATE_KONGDB_PORT: '5432'
412417
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -469,7 +474,7 @@ services:
469474
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
470475
STAGEGATE_DATABASE_HOST: edgex-redis
471476
STAGEGATE_DATABASE_PORT: '6379'
472-
STAGEGATE_DATABASE_READYPORT: '54323'
477+
STAGEGATE_DATABASE_READYPORT: '6379'
473478
STAGEGATE_KONGDB_HOST: kong-db
474479
STAGEGATE_KONGDB_PORT: '5432'
475480
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -527,7 +532,7 @@ services:
527532
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
528533
STAGEGATE_DATABASE_HOST: edgex-redis
529534
STAGEGATE_DATABASE_PORT: '6379'
530-
STAGEGATE_DATABASE_READYPORT: '54323'
535+
STAGEGATE_DATABASE_READYPORT: '6379'
531536
STAGEGATE_KONGDB_HOST: kong-db
532537
STAGEGATE_KONGDB_PORT: '5432'
533538
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -581,7 +586,7 @@ services:
581586
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
582587
STAGEGATE_DATABASE_HOST: edgex-redis
583588
STAGEGATE_DATABASE_PORT: '6379'
584-
STAGEGATE_DATABASE_READYPORT: '54323'
589+
STAGEGATE_DATABASE_READYPORT: '6379'
585590
STAGEGATE_KONGDB_HOST: kong-db
586591
STAGEGATE_KONGDB_PORT: '5432'
587592
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -663,7 +668,7 @@ services:
663668
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
664669
STAGEGATE_DATABASE_HOST: edgex-redis
665670
STAGEGATE_DATABASE_PORT: '6379'
666-
STAGEGATE_DATABASE_READYPORT: '54323'
671+
STAGEGATE_DATABASE_READYPORT: '6379'
667672
STAGEGATE_KONGDB_HOST: kong-db
668673
STAGEGATE_KONGDB_PORT: '5432'
669674
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -702,7 +707,7 @@ services:
702707
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
703708
STAGEGATE_DATABASE_HOST: edgex-redis
704709
STAGEGATE_DATABASE_PORT: '6379'
705-
STAGEGATE_DATABASE_READYPORT: '54323'
710+
STAGEGATE_DATABASE_READYPORT: '6379'
706711
STAGEGATE_KONGDB_HOST: kong-db
707712
STAGEGATE_KONGDB_PORT: '5432'
708713
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -739,7 +744,7 @@ services:
739744
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
740745
STAGEGATE_DATABASE_HOST: edgex-redis
741746
STAGEGATE_DATABASE_PORT: '6379'
742-
STAGEGATE_DATABASE_READYPORT: '54323'
747+
STAGEGATE_DATABASE_READYPORT: '6379'
743748
STAGEGATE_KONGDB_HOST: kong-db
744749
STAGEGATE_KONGDB_PORT: '5432'
745750
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -812,7 +817,7 @@ services:
812817
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
813818
STAGEGATE_DATABASE_HOST: edgex-redis
814819
STAGEGATE_DATABASE_PORT: '6379'
815-
STAGEGATE_DATABASE_READYPORT: '54323'
820+
STAGEGATE_DATABASE_READYPORT: '6379'
816821
STAGEGATE_KONGDB_HOST: kong-db
817822
STAGEGATE_KONGDB_PORT: '5432'
818823
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -848,6 +853,7 @@ volumes:
848853
kuiper-data: {}
849854
postgres-config: {}
850855
postgres-data: {}
856+
redis-config: {}
851857
vault-config: {}
852858
vault-file: {}
853859
vault-logs: {}

releases/nightly-build/compose-files/docker-compose-nexus.yml

+19-13
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ services:
9494
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
9595
STAGEGATE_DATABASE_HOST: edgex-redis
9696
STAGEGATE_DATABASE_PORT: '6379'
97-
STAGEGATE_DATABASE_READYPORT: '54323'
97+
STAGEGATE_DATABASE_READYPORT: '6379'
9898
STAGEGATE_KONGDB_HOST: kong-db
9999
STAGEGATE_KONGDB_PORT: '5432'
100100
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -136,7 +136,7 @@ services:
136136
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
137137
STAGEGATE_DATABASE_HOST: edgex-redis
138138
STAGEGATE_DATABASE_PORT: '6379'
139-
STAGEGATE_DATABASE_READYPORT: '54323'
139+
STAGEGATE_DATABASE_READYPORT: '6379'
140140
STAGEGATE_KONGDB_HOST: kong-db
141141
STAGEGATE_KONGDB_PORT: '5432'
142142
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -196,7 +196,7 @@ services:
196196
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
197197
STAGEGATE_DATABASE_HOST: edgex-redis
198198
STAGEGATE_DATABASE_PORT: '6379'
199-
STAGEGATE_DATABASE_READYPORT: '54323'
199+
STAGEGATE_DATABASE_READYPORT: '6379'
200200
STAGEGATE_KONGDB_HOST: kong-db
201201
STAGEGATE_KONGDB_PORT: '5432'
202202
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -239,6 +239,8 @@ services:
239239
CLIENTS_RULESENGINE_HOST: edgex-kuiper
240240
CLIENTS_SCHEDULER_HOST: edgex-support-scheduler
241241
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
242+
DATABASECONFIG_NAME: redis.conf
243+
DATABASECONFIG_PATH: /run/redis/conf
242244
DATABASES_PRIMARY_HOST: edgex-redis
243245
EDGEX_SECURITY_SECRET_STORE: "true"
244246
PROXY_SETUP_HOST: edgex-proxy-setup
@@ -250,7 +252,7 @@ services:
250252
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
251253
STAGEGATE_DATABASE_HOST: edgex-redis
252254
STAGEGATE_DATABASE_PORT: '6379'
253-
STAGEGATE_DATABASE_READYPORT: '54323'
255+
STAGEGATE_DATABASE_READYPORT: '6379'
254256
STAGEGATE_KONGDB_HOST: kong-db
255257
STAGEGATE_KONGDB_PORT: '5432'
256258
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -270,9 +272,12 @@ services:
270272
read_only: true
271273
security_opt:
272274
- no-new-privileges:true
275+
tmpfs:
276+
- /run
273277
volumes:
274278
- db-data:/data:z
275279
- edgex-init:/edgex-init:ro,z
280+
- redis-config:/run/redis/conf:z
276281
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
277282
device-rest:
278283
container_name: edgex-device-rest
@@ -354,7 +359,7 @@ services:
354359
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
355360
STAGEGATE_DATABASE_HOST: edgex-redis
356361
STAGEGATE_DATABASE_PORT: '6379'
357-
STAGEGATE_DATABASE_READYPORT: '54323'
362+
STAGEGATE_DATABASE_READYPORT: '6379'
358363
STAGEGATE_KONGDB_HOST: kong-db
359364
STAGEGATE_KONGDB_PORT: '5432'
360365
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -406,7 +411,7 @@ services:
406411
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
407412
STAGEGATE_DATABASE_HOST: edgex-redis
408413
STAGEGATE_DATABASE_PORT: '6379'
409-
STAGEGATE_DATABASE_READYPORT: '54323'
414+
STAGEGATE_DATABASE_READYPORT: '6379'
410415
STAGEGATE_KONGDB_HOST: kong-db
411416
STAGEGATE_KONGDB_PORT: '5432'
412417
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -469,7 +474,7 @@ services:
469474
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
470475
STAGEGATE_DATABASE_HOST: edgex-redis
471476
STAGEGATE_DATABASE_PORT: '6379'
472-
STAGEGATE_DATABASE_READYPORT: '54323'
477+
STAGEGATE_DATABASE_READYPORT: '6379'
473478
STAGEGATE_KONGDB_HOST: kong-db
474479
STAGEGATE_KONGDB_PORT: '5432'
475480
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -527,7 +532,7 @@ services:
527532
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
528533
STAGEGATE_DATABASE_HOST: edgex-redis
529534
STAGEGATE_DATABASE_PORT: '6379'
530-
STAGEGATE_DATABASE_READYPORT: '54323'
535+
STAGEGATE_DATABASE_READYPORT: '6379'
531536
STAGEGATE_KONGDB_HOST: kong-db
532537
STAGEGATE_KONGDB_PORT: '5432'
533538
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -581,7 +586,7 @@ services:
581586
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
582587
STAGEGATE_DATABASE_HOST: edgex-redis
583588
STAGEGATE_DATABASE_PORT: '6379'
584-
STAGEGATE_DATABASE_READYPORT: '54323'
589+
STAGEGATE_DATABASE_READYPORT: '6379'
585590
STAGEGATE_KONGDB_HOST: kong-db
586591
STAGEGATE_KONGDB_PORT: '5432'
587592
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -663,7 +668,7 @@ services:
663668
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
664669
STAGEGATE_DATABASE_HOST: edgex-redis
665670
STAGEGATE_DATABASE_PORT: '6379'
666-
STAGEGATE_DATABASE_READYPORT: '54323'
671+
STAGEGATE_DATABASE_READYPORT: '6379'
667672
STAGEGATE_KONGDB_HOST: kong-db
668673
STAGEGATE_KONGDB_PORT: '5432'
669674
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -702,7 +707,7 @@ services:
702707
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
703708
STAGEGATE_DATABASE_HOST: edgex-redis
704709
STAGEGATE_DATABASE_PORT: '6379'
705-
STAGEGATE_DATABASE_READYPORT: '54323'
710+
STAGEGATE_DATABASE_READYPORT: '6379'
706711
STAGEGATE_KONGDB_HOST: kong-db
707712
STAGEGATE_KONGDB_PORT: '5432'
708713
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -739,7 +744,7 @@ services:
739744
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
740745
STAGEGATE_DATABASE_HOST: edgex-redis
741746
STAGEGATE_DATABASE_PORT: '6379'
742-
STAGEGATE_DATABASE_READYPORT: '54323'
747+
STAGEGATE_DATABASE_READYPORT: '6379'
743748
STAGEGATE_KONGDB_HOST: kong-db
744749
STAGEGATE_KONGDB_PORT: '5432'
745750
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -812,7 +817,7 @@ services:
812817
STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321'
813818
STAGEGATE_DATABASE_HOST: edgex-redis
814819
STAGEGATE_DATABASE_PORT: '6379'
815-
STAGEGATE_DATABASE_READYPORT: '54323'
820+
STAGEGATE_DATABASE_READYPORT: '6379'
816821
STAGEGATE_KONGDB_HOST: kong-db
817822
STAGEGATE_KONGDB_PORT: '5432'
818823
STAGEGATE_KONGDB_READYPORT: '54325'
@@ -848,6 +853,7 @@ volumes:
848853
kuiper-data: {}
849854
postgres-config: {}
850855
postgres-data: {}
856+
redis-config: {}
851857
vault-config: {}
852858
vault-file: {}
853859
vault-logs: {}

0 commit comments

Comments
 (0)