Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate secrets when container is started #138

Closed
wants to merge 4 commits into from

Conversation

warrenvw
Copy link
Contributor

@warrenvw warrenvw commented May 25, 2018

See StackStorm/packer-st2#39.

Remaining tasks:

  • Remove the files containing secrets from the stackstorm-all image.
  • Create the files when the stackstorm-all image boots for the first time.

Copy link
Member

@arm4b arm4b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this change we auto-generate secrets once the container starts.

The problem is that we have several containers which all will start with random SSH keys and SSL certificates, making impossible to use StackStorm web UI in several load-balances instances and SSH to remote hosts.

That's why I mentioned previously: while it's easy to fix VM like Vagrant/OVA StackStorm/packer-st2#39 with this auto-generate on boot approach, I'd say we have no easy solution for containers.

Eg. the only way for now is to explicitly note that it's user obligation to pass/share their own SSH keys and SSL certs for prod use.

@warrenvw warrenvw added RFR and removed WIP RFR labels Jun 26, 2018
@@ -64,7 +64,7 @@ for f in /st2-docker/entrypoint.d/*; do
done

# 1ppc: launch entrypoint-1ppc.sh via dumb-init if $ST2_SERVICE is set
if [ ! -z ${ST2_SERVICE} ]; then
if [ ! -z ${ST2_SERVICE:-} ]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be better to make a positive test?

if [ -n "${ST2_SERVICE:-}" ]; then

@arm4b arm4b closed this in 6cc70fd Jul 17, 2020
@arm4b arm4b deleted the enh/generate-secrets branch July 17, 2020 16:16
transhapHigsn pushed a commit to DiligenceVault/st2-docker that referenced this pull request Jun 8, 2021
You can find the old deprecated version in `DEPRECATED/all-in-one` branch archive: https://github.com/StackStorm/st2-docker/tree/DEPRECATED/all-in-one

Closes StackStorm#22, closes StackStorm#23, closes StackStorm#26, closes StackStorm#29, closes StackStorm#34, closes StackStorm#41, closes StackStorm#43, closes StackStorm#92, closes StackStorm#112, closes StackStorm#117, closes StackStorm#125, closes StackStorm#133, closes StackStorm#141, closes StackStorm#145, closes StackStorm#151, closes StackStorm#163, closes StackStorm#187,
closes StackStorm#188, closes StackStorm#189, closes StackStorm#190
Closes StackStorm#162, closes StackStorm#138, closes StackStorm#108, closes StackStorm#102, closes StackStorm#65
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants