-
Notifications
You must be signed in to change notification settings - Fork 484
/
entrypoint.sh
58 lines (49 loc) · 2.38 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/usr/bin/dumb-init /bin/sh
# ----------------------------------------------------------------------------------
# Copyright (c) 2022 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ----------------------------------------------------------------------------------
set -e
# EDGEX_SECRETS_ROOT should default to /tmp/edgex/secrets
# unless changed in configuration.yaml or overridden by environment variable
EDGEX_SECRETS_ROOT=`yq -r .TokenFileProvider.OutputDir /res-file-token-provider/configuration.yaml`
if [ ! -z "${TOKENFILEPROVIDER_OUTPUTDIR}" ]; then
EDGEX_SECRETS_ROOT="${TOKENFILEPROVIDER_OUTPUTDIR}"
fi
# create token dir, and assign perms
mkdir -p /openbao/config/assets
chown -Rh 100:1000 /openbao/
echo "Initializing secret store..."
/security-secretstore-setup --secretStoreInterval=10
# default User and Group in case never set
if [ -z "${EDGEX_USER}" ]; then
EDGEX_USER="2002"
EDGEX_GROUP="2001"
fi
# /tmp/edgex/secrets need to be shared with all other services that need secrets and
# thus change the ownership to EDGEX_USER:EDGEX_GROUP
echo "$(date) Changing ownership of ${EDGEX_SECRETS_ROOT} to ${EDGEX_USER}:${EDGEX_GROUP}"
chown -Rh ${EDGEX_USER}:${EDGEX_GROUP} "${EDGEX_SECRETS_ROOT}"
EKUIPER_UID="${EDGEX_EKUIPER_USER_ID:-1001}"
EKUIPER_GID="${EDGEX_EKUIPER_GROUP_ID:-1001}"
echo "$(date) Changing ownership of ${EDGEX_SECRETS_ROOT}/rules-engine to ${EKUIPER_UID}:${EKUIPER_GID} to accommodate ekuiper."
chown -Rh ${EKUIPER_UID}:${EKUIPER_GID} "${EDGEX_SECRETS_ROOT}/rules-engine"
# Signal tokens ready port for other services waiting on
exec su-exec ${EDGEX_USER} /edgex-init/security-bootstrapper --configDir=/edgex-init/res listenTcp \
--port="${STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT}" --host="${STAGEGATE_SECRETSTORESETUP_HOST}"
if [ $? -ne 0 ]; then
echo "$(date) failed to gating the tokens ready port"
fi