feat(security): Change entrypoint scripts to use env overrides from c…

…ompose env files

All env. variables of entrypoint scripts are populated from the env files of compose builder

Signed-off-by: Jim Wang <[email protected]>

cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh

@@ -35,18 +35,17 @@ vault_ready()
   fi
 }
 
-# env settings
-. /edgex-init/.env-consul
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Consul"
 
 echo "$(date) Consul waits on Vault to be initialized"
-# check the http status code from Vault using EDGEX_VAULT_HOST and EDGEX_VAULT_PORT as input to the function call
-vault_inited=$(vault_ready "${EDGEX_VAULT_HOST}" "${EDGEX_VAULT_PORT}")
+# check the http status code from Vault using SECRETSTORE_HOST and SECRETSTORE_PORT as input to the function call
+vault_inited=$(vault_ready "${SECRETSTORE_HOST}" "${SECRETSTORE_PORT}")
 until [ "$vault_inited" -eq 1 ]; do
-    echo "$(date) waiting for Vault to be initialized";
+    echo "$(date) waiting for Vault ${SECRETSTORE_HOST}:${SECRETSTORE_PORT} to be initialized";
     sleep 1;
-    vault_inited=$(vault_ready "${EDGEX_VAULT_HOST}" "${EDGEX_VAULT_PORT}")
+    vault_inited=$(vault_ready "${SECRETSTORE_HOST}" "${SECRETSTORE_PORT}")
 done
 
 # only in json format according to Consul's documentation
@@ -68,12 +67,14 @@ echo "$(date) Starting edgex-consul..."
 exec docker-entrypoint.sh agent -ui -bootstrap -server -client 0.0.0.0 &
 
 # wait for the consul port
-echo "$(date) Executing dockerize on Consul with waiting on its own port tcp://${CONSUL_HOST}:${CONSUL_PORT}"
-/edgex-init/dockerize -wait tcp://"${CONSUL_HOST}":"$CONSUL_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize on Consul with waiting on its own port \
+  tcp://${REGISTRY_HOST}:${STAGEGATE_CONSUL_PORT}"
+/edgex-init/dockerize -wait tcp://"${REGISTRY_HOST}":"${STAGEGATE_CONSUL_PORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # Signal that Consul is ready for services blocked waiting on Consul
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="${CONSUL_READY_PORT}" --host="${CONSUL_HOST}"
+  --port="${STAGEGATE_CONSUL_READYPORT}" --host="${REGISTRY_HOST}"
 if [ $? -ne 0 ]; then
     echo "$(date) failed to gating the consul ready port, exits"
 fi

cmd/security-bootstrapper/entrypoint-scripts/kong_wait_install.sh

@@ -22,24 +22,25 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-kong
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Kong"
 
 # gating on the ready-to-run port
-echo "$(date) Executing dockerize with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize with waiting on tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_READY_TORUNPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_READY_TORUNPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) Kong waits on Postgres to be initialized"
-/edgex-init/dockerize -wait tcp://"${POSTGRES_HOST}":"$POSTGRES_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
-
-echo "$(date) Executing dockerize with waiting on file:${POSTGRES_PASSWORD_FILE}"
-/edgex-init/dockerize -wait file://"${POSTGRES_PASSWORD_FILE}" -timeout "${WAIT_TIMEOUT_DURATION}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_PG_HOST}":"${STAGEGATE_PG_READYPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
+echo "$(date) Executing dockerize with waiting on file:${KONG_PG_PASSWORD_FILE}"
+/edgex-init/dockerize -wait file://"${KONG_PG_PASSWORD_FILE}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # double check and make sure the postgres is setup with that password and ready
-passwd=$(cat "${POSTGRES_PASSWORD_FILE}")
+passwd=$(cat "${KONG_PG_PASSWORD_FILE}")
 pg_inited=0
 until [ $pg_inited -eq 1 ]; do
   status=$(/edgex-init/security-bootstrapper --confdir=/edgex-init/res pingPgDb \
@@ -51,15 +52,14 @@ until [ $pg_inited -eq 1 ]; do
     fi
   fi
   if [ $pg_inited -ne 1 ]; then
-    echo "$(date) waiting for ${POSTGRES_HOST} to be initialized"
+    echo "$(date) waiting for ${STAGEGATE_PG_HOST} to be initialized"
     sleep 1
   fi
 done
 
 echo "$(date) Check point: postgres db is ready for kong"
 
 # in kong's docker, we use KONG_PG_PASSWORD_FILE instead of KONG_PG_PASSWORD for better security
-KONG_PG_PASSWORD_FILE=${POSTGRES_PASSWORD_FILE}
 export KONG_PG_PASSWORD_FILE
 
 # remove env KONG_PG_PASSWORD: only use KONG_PG_PASSWORD_FILE

cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh

@@ -22,34 +22,35 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-postgres
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Postgres"
 
 # Postgres is waiting for BOOTSTRAP_PORT
-echo "$(date) Executing dockerize on Postgres with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_BOOSTRAPPER_STARTED_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_BOOSTRAPPER_STARTED_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize on Postgres with waiting on \
+  tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_BOOTSTRAPPER_STARTPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_BOOTSTRAPPER_STARTPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) Postgres waits on Vault to be initialized"
 
 vault_inited=0
 until [ $vault_inited -eq 1 ]; do
   status=$(/edgex-init/security-bootstrapper --confdir=/edgex-init/res getHttpStatus \
-    --url=http://"${EDGEX_VAULT_HOST}":"$EDGEX_VAULT_PORT"/v1/sys/health | tail -n 1)
+    --url=http://"${SECRETSTORE_HOST}":"${SECRETSTORE_PORT}"/v1/sys/health | tail -n 1)
   if [ ${#status} -gt 0 ] && [[ "${status}" != *ERROR* ]]; then
-    echo "$(date) ${EDGEX_VAULT_HOST} status code = ${status}"
+    echo "$(date) ${SECRETSTORE_HOST}:${SECRETSTORE_PORT} status code = ${status}"
     if [ "$status" -eq 200 ]; then
       vault_inited=1
     fi
   fi
   if [ $vault_inited -ne 1 ]; then
-    echo "$(date) waiting for ${EDGEX_VAULT_HOST} to be initialized"
+    echo "$(date) waiting for ${SECRETSTORE_HOST} to be initialized"
     sleep 1
   fi
 done
 
-echo "$(date) ${EDGEX_VAULT_HOST} is ready"
+echo "$(date) ${SECRETSTORE_HOST} is ready"
 
 # if password already in then re-use
 if [ -n "${POSTGRES_PASSWORD_FILE}" ] && [ -f "${POSTGRES_PASSWORD_FILE}" ]; then
@@ -82,16 +83,16 @@ until [ $pg_inited -eq 1 ]; do
     fi
   fi
   if [ $pg_inited -ne 1 ]; then
-    echo "$(date) waiting for ${POSTGRES_HOST} to be initialized"
+    echo "$(date) waiting for ${STAGEGATE_PG_HOST} to be initialized"
     sleep 1
   fi
 done
 
-echo "$(date) ${POSTGRES_HOST} is initialized"
+echo "$(date) ${STAGEGATE_PG_HOST} is initialized"
 
 # Signal that Postgres is ready for services blocked waiting on Postgres
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="$POSTGRES_READY_PORT" --host="${POSTGRES_HOST}"
+  --port="${STAGEGATE_PG_READYPORT}" --host="${STAGEGATE_PG_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the postgres ready port, exits"
 fi

cmd/security-bootstrapper/entrypoint-scripts/proxy_setup_wait_install.sh

@@ -22,33 +22,35 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-proxy-setup
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on proxy-setup"
 
 # gating on the ready-to-run port
-echo "$(date) Executing dockerize on ${PROXY_SETUP_HOST} with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize for ${PROXY_SETUP_HOST} with waiting on \
+  tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_READY_TORUNPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_READY_TORUNPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) ${PROXY_SETUP_HOST} waits on Kong to be initialized"
 
 kong_inited=0
 until [ $kong_inited -eq 1 ]; do
   status=$(/edgex-init/security-bootstrapper --confdir=/edgex-init/res getHttpStatus \
-    --url=http://"${KONG_HOST}":"$KONG_STATUS_PORT"/status | tail -n 1)
+    --url=http://"${API_GATEWAY_HOST}":"${API_GATEWAY_STATUS_PORT}"/status | tail -n 1)
   if [ ${#status} -gt 0 ] && [[ "${status}" != *ERROR* ]]; then
-    echo "$(date) ${KONG_HOST}:$KONG_STATUS_PORT status code = ${status}"
+    echo "$(date) ${API_GATEWAY_HOST}:${API_GATEWAY_STATUS_PORT} status code = ${status}"
     if [ "$status" -eq 200 ]; then
       kong_inited=1
     fi
   fi
   if [ $kong_inited -ne 1 ]; then
-    echo "$(date) waiting for ${KONG_HOST} to be initialized"
+    echo "$(date) waiting for ${API_GATEWAY_HOST} to be initialized"
     sleep 1
   fi
 done
 
-echo "$(date) ${KONG_HOST} is ready"
+echo "$(date) ${API_GATEWAY_HOST} is ready"
 
+echo "$(date) Starting ${PROXY_SETUP_HOST} ..."
 exec /edgex/security-proxy-setup --init=true

cmd/security-bootstrapper/entrypoint-scripts/ready_to_run_wait_install.sh

@@ -27,14 +27,14 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-others
+# env settings are populated from env files of docker-compose
 
 echo "Script for waiting on security bootstrapping ready-to-run"
 
 # gating on the ready-to-run port
-echo "$(date) Executing dockerize with $@ waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize with $@ waiting on tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_READY_TORUNPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_READY_TORUNPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) Starting $@ ..."
 exec "$@"

cmd/security-bootstrapper/entrypoint-scripts/redis_wait_install.sh

@@ -22,18 +22,19 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-redis
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Redis"
 
 # gating on the TokensReadyPort
-echo "$(date) Executing dockerize on Redis with waiting on TokensReadyPort tcp://${VAULTWORKER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${VAULTWORKER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize on Redis with waiting on TokensReadyPort \
+  tcp://${STAGEGATE_VAULTWORKER_HOST}:${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_VAULTWORKER_HOST}":"${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # the bootstrap-redis needs the connection from Redis db to set it up.
 # Hence, here bootstrap-redis runs in background and then starts the Redis db.
-echo "$(date) ${VAULTWORKER_HOST} tokens ready, bootstrapping redis..."
+echo "$(date) ${STAGEGATE_VAULTWORKER_HOST} tokens ready, bootstrapping redis..."
 /edgex-init/bootstrap-redis/security-bootstrap-redis --confdir=/edgex-init/bootstrap-redis/res &
 redis_bootstrapper_pid=$!
 
@@ -54,7 +55,7 @@ fi
 
 # Signal that Redis is ready for services blocked waiting on Redis
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="$REDIS_READY_PORT" --host="${REDIS_HOST}"
+  --port="${STAGEGATE_REDIS_READYPORT}" --host="${DATABASES_PRIMARY_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the redis ready port, exits"
 fi

cmd/security-bootstrapper/entrypoint-scripts/vault_wait_install.sh

@@ -22,10 +22,9 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-vault
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Vault"
 
 DEFAULT_VAULT_LOCAL_CONFIG='
 listener "tcp" { 
@@ -47,8 +46,11 @@ export VAULT_LOCAL_CONFIG
 echo "$(date) VAULT_LOCAL_CONFIG: ${VAULT_LOCAL_CONFIG}"
 
 if [ "$1" = 'server' ]; then
-  echo "$(date) Executing dockerize on vault $* with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_BOOSTRAPPER_STARTED_PORT"
-  /edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_BOOSTRAPPER_STARTED_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+  echo "$(date) Executing dockerize on vault $* with waiting on \
+    tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_BOOTSTRAPPER_STARTPORT}"
+  /edgex-init/dockerize \
+    -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_BOOTSTRAPPER_STARTPORT}" \
+    -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
   echo "$(date) Starting edgex-vault..."
   exec /usr/local/bin/docker-entrypoint.sh server -log-level=info