Skip to content
This repository was archived by the owner on Feb 24, 2021. It is now read-only.

Commit 8cf134d

Browse files
andresrinivasanandresrinivasan
committed
feat: Add security-bootstrap-redis service
Signed-off-by: André Srinivasan <[email protected]>
1 parent 81512dc commit 8cf134d

File tree

6 files changed

+103
-38
lines changed

6 files changed

+103
-38
lines changed

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,3 +84,5 @@ support-notifications-client/
8484
support-notifications/
8585
support-rulesengine/
8686
support-scheduler/
87+
88+
docker-compose-nexus-dev.yml

compose-builder/README.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,6 @@ This folder contains the following environment files:
6161
This file contains the common environment overrides used by all Edgex services.
6262
- **common-security.env**
6363
This file contains the common security related environment overrides used by many Edgex services.
64-
- **database-security.env**
65-
This file contains the database specific security related environment overrides used by a few Edgex services.
6664

6765
### Makefile
6866

compose-builder/add-security.yml

Lines changed: 27 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,6 @@ services:
7171
image: ${CORE_EDGEX_REPOSITORY}/docker-edgex-secrets-setup-go${ARCH}:${CORE_EDGEX_VERSION}${DEV}
7272
container_name: edgex-secrets-setup
7373
hostname: edgex-secrets-setup
74-
env_file:
75-
- database-security.env
7674
read_only: true
7775
tmpfs:
7876
- /tmp
@@ -87,8 +85,6 @@ services:
8785
image: ${CORE_EDGEX_REPOSITORY}/docker-edgex-security-secretstore-setup-go${ARCH}:${CORE_EDGEX_VERSION}${DEV}
8886
container_name: edgex-vault-worker
8987
hostname: edgex-vault-worker
90-
env_file:
91-
- database-security.env
9288
environment:
9389
SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
9490
read_only: true
@@ -106,6 +102,28 @@ services:
106102
- consul
107103
- vault
108104

105+
security-bootstrap-database:
106+
image: ${CORE_EDGEX_REPOSITORY}/docker-edgex-security-bootstrap-redis-go${ARCH}:${CORE_EDGEX_VERSION}${DEV}
107+
container_name: edgex-security-bootstrap-database
108+
hostname: edgex-security-bootstrap-database
109+
env_file:
110+
- common.env
111+
- common-security.env
112+
environment:
113+
SERVICE_HOST: edgex-security-bootstrap-redis
114+
read_only: true
115+
networks:
116+
- edgex-network
117+
tmpfs:
118+
- /run
119+
- /vault
120+
volumes:
121+
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
122+
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
123+
depends_on:
124+
- vault-worker
125+
- database
126+
109127
# containers for reverse proxy
110128
kong-db:
111129
image: postgres:${POSTGRES_VERSION}
@@ -228,19 +246,6 @@ services:
228246
# end of containers for reverse proxy
229247

230248
database:
231-
env_file:
232-
- database-security.env
233-
command: |
234-
/bin/sh -c "
235-
until [ -r $${REDIS5_PASSWORD_PATHNAME} ] && [ -s $${REDIS5_PASSWORD_PATHNAME} ]; do sleep 1; done
236-
exec /usr/local/bin/docker-entrypoint.sh --requirepass `cat $${REDIS5_PASSWORD_PATHNAME}` \
237-
--dir /data \
238-
--save 900 1 \
239-
--save 300 10 \
240-
--save 60 10000
241-
"
242-
volumes:
243-
- /tmp/edgex/secrets/edgex-redis:/tmp/edgex/secrets/edgex-redis:z
244249
depends_on:
245250
- vault-worker
246251

@@ -254,6 +259,7 @@ services:
254259
- /tmp/edgex/secrets/edgex-support-notifications:/tmp/edgex/secrets/edgex-support-notifications:ro,z
255260
depends_on:
256261
- vault-worker
262+
- security-bootstrap-database
257263

258264
metadata:
259265
env_file:
@@ -265,6 +271,7 @@ services:
265271
- /tmp/edgex/secrets/edgex-core-metadata:/tmp/edgex/secrets/edgex-core-metadata:ro,z
266272
depends_on:
267273
- vault-worker
274+
- security-bootstrap-database
268275

269276
data:
270277
env_file:
@@ -276,6 +283,7 @@ services:
276283
- /tmp/edgex/secrets/edgex-core-data:/tmp/edgex/secrets/edgex-core-data:ro,z
277284
depends_on:
278285
- vault-worker
286+
- security-bootstrap-database
279287

280288
command:
281289
env_file:
@@ -287,6 +295,7 @@ services:
287295
- /tmp/edgex/secrets/edgex-core-command:/tmp/edgex/secrets/edgex-core-command:ro,z
288296
depends_on:
289297
- vault-worker
298+
- security-bootstrap-database
290299

291300
scheduler:
292301
env_file:
@@ -298,3 +307,4 @@ services:
298307
- /tmp/edgex/secrets/edgex-support-scheduler:/tmp/edgex/secrets/edgex-support-scheduler:ro,z
299308
depends_on:
300309
- vault-worker
310+
- security-bootstrap-database

compose-builder/database-security.env

Lines changed: 0 additions & 1 deletion
This file was deleted.

releases/nightly-build/compose-files/docker-compose-nexus-arm64.yml

Lines changed: 37 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ services:
6363
- consul
6464
- database
6565
- metadata
66+
- security-bootstrap-database
6667
- vault-worker
6768
environment:
6869
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -120,6 +121,7 @@ services:
120121
- consul
121122
- database
122123
- metadata
124+
- security-bootstrap-database
123125
- vault-worker
124126
environment:
125127
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -150,10 +152,6 @@ services:
150152
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
151153
- /tmp/edgex/secrets/edgex-core-data:/tmp/edgex/secrets/edgex-core-data:ro,z
152154
database:
153-
command: "/bin/sh -c \"\nuntil [ -r $${REDIS5_PASSWORD_PATHNAME} ] && [ -s $${REDIS5_PASSWORD_PATHNAME}\
154-
\ ]; do sleep 1; done\nexec /usr/local/bin/docker-entrypoint.sh --requirepass\
155-
\ `cat $${REDIS5_PASSWORD_PATHNAME}` \\\n --dir /data \\\n --save 900 1 \\\
156-
\n --save 300 10 \\\n --save 60 10000\n\"\n"
157155
container_name: edgex-redis
158156
depends_on:
159157
- vault-worker
@@ -168,7 +166,6 @@ services:
168166
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
169167
DATABASES_PRIMARY_HOST: edgex-redis
170168
EDGEX_SECURITY_SECRET_STORE: "false"
171-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
172169
REGISTRY_HOST: edgex-core-consul
173170
hostname: edgex-redis
174171
image: redis:6.0-alpine
@@ -179,7 +176,6 @@ services:
179176
read_only: true
180177
volumes:
181178
- db-data:/data:z
182-
- /tmp/edgex/secrets/edgex-redis:/tmp/edgex/secrets/edgex-redis:z
183179
device-rest:
184180
container_name: edgex-device-rest
185181
depends_on:
@@ -356,6 +352,7 @@ services:
356352
- consul
357353
- database
358354
- notifications
355+
- security-bootstrap-database
359356
- vault-worker
360357
environment:
361358
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -390,6 +387,7 @@ services:
390387
depends_on:
391388
- consul
392389
- database
390+
- security-bootstrap-database
393391
- vault-worker
394392
environment:
395393
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -442,6 +440,7 @@ services:
442440
depends_on:
443441
- consul
444442
- database
443+
- security-bootstrap-database
445444
- vault-worker
446445
environment:
447446
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -472,11 +471,41 @@ services:
472471
volumes:
473472
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
474473
- /tmp/edgex/secrets/edgex-support-scheduler:/tmp/edgex/secrets/edgex-support-scheduler:ro,z
474+
security-bootstrap-database:
475+
container_name: edgex-security-bootstrap-database
476+
depends_on:
477+
- database
478+
- vault-worker
479+
environment:
480+
CLIENTS_COMMAND_HOST: edgex-core-command
481+
CLIENTS_COREDATA_HOST: edgex-core-data
482+
CLIENTS_DATA_HOST: edgex-core-data
483+
CLIENTS_METADATA_HOST: edgex-core-metadata
484+
CLIENTS_NOTIFICATIONS_HOST: edgex-support-notifications
485+
CLIENTS_RULESENGINE_HOST: edgex-kuiper
486+
CLIENTS_SCHEDULER_HOST: edgex-support-scheduler
487+
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
488+
DATABASES_PRIMARY_HOST: edgex-redis
489+
EDGEX_SECURITY_SECRET_STORE: "true"
490+
REGISTRY_HOST: edgex-core-consul
491+
SECRETSTORE_HOST: edgex-vault
492+
SECRETSTORE_ROOTCACERTPATH: /tmp/edgex/secrets/ca/ca.pem
493+
SECRETSTORE_SERVERNAME: edgex-vault
494+
SERVICE_HOST: edgex-security-bootstrap-redis
495+
hostname: edgex-security-bootstrap-database
496+
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-bootstrap-redis-go-arm64:master
497+
networks:
498+
edgex-network: {}
499+
read_only: true
500+
tmpfs:
501+
- /run
502+
- /vault
503+
volumes:
504+
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
505+
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
475506
security-secrets-setup:
476507
command: generate
477508
container_name: edgex-secrets-setup
478-
environment:
479-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
480509
hostname: edgex-secrets-setup
481510
image: nexus3.edgexfoundry.org:10004/docker-edgex-secrets-setup-go-arm64:master
482511
read_only: true
@@ -553,7 +582,6 @@ services:
553582
- security-secrets-setup
554583
- vault
555584
environment:
556-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
557585
SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
558586
hostname: edgex-vault-worker
559587
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-secretstore-setup-go-arm64:master

releases/nightly-build/compose-files/docker-compose-nexus.yml

Lines changed: 37 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ services:
6363
- consul
6464
- database
6565
- metadata
66+
- security-bootstrap-database
6667
- vault-worker
6768
environment:
6869
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -120,6 +121,7 @@ services:
120121
- consul
121122
- database
122123
- metadata
124+
- security-bootstrap-database
123125
- vault-worker
124126
environment:
125127
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -150,10 +152,6 @@ services:
150152
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
151153
- /tmp/edgex/secrets/edgex-core-data:/tmp/edgex/secrets/edgex-core-data:ro,z
152154
database:
153-
command: "/bin/sh -c \"\nuntil [ -r $${REDIS5_PASSWORD_PATHNAME} ] && [ -s $${REDIS5_PASSWORD_PATHNAME}\
154-
\ ]; do sleep 1; done\nexec /usr/local/bin/docker-entrypoint.sh --requirepass\
155-
\ `cat $${REDIS5_PASSWORD_PATHNAME}` \\\n --dir /data \\\n --save 900 1 \\\
156-
\n --save 300 10 \\\n --save 60 10000\n\"\n"
157155
container_name: edgex-redis
158156
depends_on:
159157
- vault-worker
@@ -168,7 +166,6 @@ services:
168166
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
169167
DATABASES_PRIMARY_HOST: edgex-redis
170168
EDGEX_SECURITY_SECRET_STORE: "false"
171-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
172169
REGISTRY_HOST: edgex-core-consul
173170
hostname: edgex-redis
174171
image: redis:6.0-alpine
@@ -179,7 +176,6 @@ services:
179176
read_only: true
180177
volumes:
181178
- db-data:/data:z
182-
- /tmp/edgex/secrets/edgex-redis:/tmp/edgex/secrets/edgex-redis:z
183179
device-rest:
184180
container_name: edgex-device-rest
185181
depends_on:
@@ -356,6 +352,7 @@ services:
356352
- consul
357353
- database
358354
- notifications
355+
- security-bootstrap-database
359356
- vault-worker
360357
environment:
361358
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -390,6 +387,7 @@ services:
390387
depends_on:
391388
- consul
392389
- database
390+
- security-bootstrap-database
393391
- vault-worker
394392
environment:
395393
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -442,6 +440,7 @@ services:
442440
depends_on:
443441
- consul
444442
- database
443+
- security-bootstrap-database
445444
- vault-worker
446445
environment:
447446
CLIENTS_COMMAND_HOST: edgex-core-command
@@ -472,11 +471,41 @@ services:
472471
volumes:
473472
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
474473
- /tmp/edgex/secrets/edgex-support-scheduler:/tmp/edgex/secrets/edgex-support-scheduler:ro,z
474+
security-bootstrap-database:
475+
container_name: edgex-security-bootstrap-database
476+
depends_on:
477+
- database
478+
- vault-worker
479+
environment:
480+
CLIENTS_COMMAND_HOST: edgex-core-command
481+
CLIENTS_COREDATA_HOST: edgex-core-data
482+
CLIENTS_DATA_HOST: edgex-core-data
483+
CLIENTS_METADATA_HOST: edgex-core-metadata
484+
CLIENTS_NOTIFICATIONS_HOST: edgex-support-notifications
485+
CLIENTS_RULESENGINE_HOST: edgex-kuiper
486+
CLIENTS_SCHEDULER_HOST: edgex-support-scheduler
487+
CLIENTS_VIRTUALDEVICE_HOST: edgex-device-virtual
488+
DATABASES_PRIMARY_HOST: edgex-redis
489+
EDGEX_SECURITY_SECRET_STORE: "true"
490+
REGISTRY_HOST: edgex-core-consul
491+
SECRETSTORE_HOST: edgex-vault
492+
SECRETSTORE_ROOTCACERTPATH: /tmp/edgex/secrets/ca/ca.pem
493+
SECRETSTORE_SERVERNAME: edgex-vault
494+
SERVICE_HOST: edgex-security-bootstrap-redis
495+
hostname: edgex-security-bootstrap-database
496+
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-bootstrap-redis-go:master
497+
networks:
498+
edgex-network: {}
499+
read_only: true
500+
tmpfs:
501+
- /run
502+
- /vault
503+
volumes:
504+
- /tmp/edgex/secrets/ca:/tmp/edgex/secrets/ca:ro,z
505+
- /tmp/edgex/secrets/edgex-security-bootstrap-redis:/tmp/edgex/secrets/edgex-security-bootstrap-redis:ro,z
475506
security-secrets-setup:
476507
command: generate
477508
container_name: edgex-secrets-setup
478-
environment:
479-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
480509
hostname: edgex-secrets-setup
481510
image: nexus3.edgexfoundry.org:10004/docker-edgex-secrets-setup-go:master
482511
read_only: true
@@ -553,7 +582,6 @@ services:
553582
- security-secrets-setup
554583
- vault
555584
environment:
556-
REDIS5_PASSWORD_PATHNAME: /tmp/edgex/secrets/edgex-redis/redis5-password
557585
SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
558586
hostname: edgex-vault-worker
559587
image: nexus3.edgexfoundry.org:10004/docker-edgex-security-secretstore-setup-go:master

0 commit comments

Comments
 (0)