diff --git a/comanage-registry-basic-auth/docker-comanage-entrypoint b/comanage-registry-basic-auth/docker-comanage-entrypoint index 15418f4..fae8f19 100755 --- a/comanage-registry-basic-auth/docker-comanage-entrypoint +++ b/comanage-registry-basic-auth/docker-comanage-entrypoint @@ -26,6 +26,43 @@ else OUTPUT=/dev/null fi +# Configuration details that may be injected through environment +# variables or the contents of files. + +injectable_config_vars=( + COMANAGE_REGISTRY_DATASOURCE + COMANAGE_REGISTRY_DATABASE + COMANAGE_REGISTRY_DATABASE_HOST + COMANAGE_REGISTRY_DATABASE_USER + COMANAGE_REGISTRY_DATABASE_USER_PASSWORD + COMANAGE_REGISTRY_EMAIL_FROM + COMANAGE_REGISTRY_EMAIL_TRANSPORT + COMANAGE_REGISTRY_EMAIL_HOST + COMANAGE_REGISTRY_EMAIL_PORT + COMANAGE_REGISTRY_EMAIL_ACCOUNT + COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD + COMANAGE_REGISTRY_SECURITY_SALT + COMANAGE_REGISTRY_SECURITY_SEED + HTTPS_CERT_FILE + HTTPS_PRIVKEY_FILE + HTTPS_CHAIN_FILE +) + +# If the file associated with a configuration variable is present then +# read the value from it into the appropriate variable. So for example +# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its +# value points to a file on the file system then read the contents +# of that file into the variable COMANAGE_REGISTRY_DATASOURCE. + +for config_var in "${injectable_config_vars[@]}" +do + eval file_name=\$"${config_var}_FILE"; + + if [ -e "$file_name" ]; then + declare "${config_var}"=`cat $file_name` + fi +done + # Make sure the directory structure we need is available # in the data volume for $COMANAGE_REGISTRY_DIR/local mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config" @@ -33,54 +70,50 @@ mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin" mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public" mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img" -# If the COmanage Registry configuration files database.php and email.php -# do not exist create simple versions to aid people evaluating the tool. -if [ ! -f "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then - cat >> "$COMANAGE_REGISTRY_DIR/local/Config/database.php" <<"EOF" +# If the COmanage Registry database configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then + cat >> "$COMANAGE_REGISTRY_DIR/local/Config/database.php" < 'Database/Postgres', + public \$default = array( + 'datasource' => '${COMANAGE_REGISTRY_DATASOURCE:-Database/Postgres}', 'persistent' => false, - 'host' => 'comanage-registry-database', - 'login' => 'registry_user', - 'password' => 'password', - 'database' => 'registry', + 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}', + 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}', + 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}', + 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}', 'prefix' => 'cm_', ); } EOF - fi -if [ ! -f "$COMANAGE_REGISTRY_DIR/local/Config/email.php" ]; then - cat >> "$COMANAGE_REGISTRY_DIR/local/Config/email.php" <<"EOF" +# If the COmanage Registry email configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php" + +if [ ! -e "$email_config" ]; then + cat >> "$email_config" < 'Smtp', - 'host' => 'tls://smtp.gmail.com', - 'port' => 465, - 'username' => 'somebody@gmail.com', - 'password' => 'password' + public \$default = array( + 'from' => ${COMANAGE_REGISTRY_EMAIL_FROM:-array('account@gmail.com' => 'Registry')}, + 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}', + 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}', + 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465}, + 'username' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT:-account@gmail.com}', + 'password' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD:-password}' ); } EOF - -fi - -# If the basic auth password file does not exist create a simple version to -# aid people evaluating the tool. -if [ ! -f "/etc/apache2/passwords" ]; then - cat >> /etc/apache2/passwords <<"EOF" -registry.admin:$apr1$qqrvav7G$nSHYErU4ljDPmO1wNBG6e0 -EOF - fi # Loop until we are able to open a connection to the database. @@ -160,10 +193,21 @@ if [ $setup_already -eq 0 ]; then --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \ --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \ --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1 + AUTO_GENERATED_SECURITY=1 fi popd > "$OUTPUT" 2>&1 +# If COmanage Registry CakePHP security salt and seed have been +# injected and the files do not otherwise exist create them. +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" +fi + +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" +fi + # We always run upgradeVersion since it will not make any changes # if the current and target versions are the same or if # an upgrade from the current to the target version is not allowed. @@ -177,6 +221,37 @@ popd > "$OUTPUT" 2>&1 # set the ownership of those files appropriately. chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" +# If defined use configured location of Apache HTTP Server +# HTTPS certificate, key, and CA chain files. +if [ -n "$HTTPS_CERT_FILE" ]; then + rm -f /etc/apache2/cert.pem + cp "$HTTPS_CERT_FILE" /etc/apache2/cert.pem + chown www-data /etc/apache2/cert.pem + chmod 0644 /etc/apache2/cert.pem +fi + +if [ -n "$HTTPS_PRIVKEY_FILE" ]; then + rm -f /etc/apache2/privkey.pem + cp "$HTTPS_PRIVKEY_FILE" /etc/apache2/privkey.pem + chown www-data /etc/apache2/privkey.pem + chmod 0600 /etc/apache2/privkey.pem +fi + +if [ -n "$HTTPS_CHAIN_FILE" ]; then + rm -f /etc/apache2/chain.pem + cp "$HTTPS_CHAIN_FILE" /etc/apache2/chain.pem + chown www-data /etc/apache2/chain.pem + chmod 0644 /etc/apache2/chain.pem +fi + +# If the basic auth password file does not exist create a simple version to +# aid people evaluating the tool. +if [ ! -f "/etc/apache2/passwords" ]; then + cat >> /etc/apache2/passwords <<"EOF" +registry.admin:$apr1$qqrvav7G$nSHYErU4ljDPmO1wNBG6e0 +EOF + +fi # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then diff --git a/comanage-registry-mod-auth-openidc/docker-comanage-entrypoint b/comanage-registry-mod-auth-openidc/docker-comanage-entrypoint index 95f10c9..2a8e487 100755 --- a/comanage-registry-mod-auth-openidc/docker-comanage-entrypoint +++ b/comanage-registry-mod-auth-openidc/docker-comanage-entrypoint @@ -26,6 +26,96 @@ else OUTPUT=/dev/null fi +# Configuration details that may be injected through environment +# variables or the contents of files. + +injectable_config_vars=( + COMANAGE_REGISTRY_DATASOURCE + COMANAGE_REGISTRY_DATABASE + COMANAGE_REGISTRY_DATABASE_HOST + COMANAGE_REGISTRY_DATABASE_USER + COMANAGE_REGISTRY_DATABASE_USER_PASSWORD + COMANAGE_REGISTRY_EMAIL_FROM + COMANAGE_REGISTRY_EMAIL_TRANSPORT + COMANAGE_REGISTRY_EMAIL_HOST + COMANAGE_REGISTRY_EMAIL_PORT + COMANAGE_REGISTRY_EMAIL_ACCOUNT + COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD + COMANAGE_REGISTRY_SECURITY_SALT + COMANAGE_REGISTRY_SECURITY_SEED + HTTPS_CERT_FILE + HTTPS_PRIVKEY_FILE + HTTPS_CHAIN_FILE +) + +# If the file associated with a configuration variable is present then +# read the value from it into the appropriate variable. So for example +# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its +# value points to a file on the file system then read the contents +# of that file into the variable COMANAGE_REGISTRY_DATASOURCE. + +for config_var in "${injectable_config_vars[@]}" +do + eval file_name=\$"${config_var}_FILE"; + + if [ -e "$file_name" ]; then + declare "${config_var}"=`cat $file_name` + fi +done + +# Make sure the directory structure we need is available +# in the data volume for $COMANAGE_REGISTRY_DIR/local +mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img" + +# If the COmanage Registry database configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then + cat >> "$COMANAGE_REGISTRY_DIR/local/Config/database.php" < '${COMANAGE_REGISTRY_DATASOURCE:-Database/Postgres}', + 'persistent' => false, + 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}', + 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}', + 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}', + 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}', + 'prefix' => 'cm_', + ); + +} +EOF +fi + +# If the COmanage Registry email configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php" + +if [ ! -e "$email_config" ]; then + cat >> "$email_config" < ${COMANAGE_REGISTRY_EMAIL_FROM:-array('account@gmail.com' => 'Registry')}, + 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}', + 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}', + 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465}, + 'username' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT:-account@gmail.com}', + 'password' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD:-password}' + ); +} +EOF +fi + # Loop until we are able to open a connection to the database. DATABASE_TEST_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/DatabaseTestShell.php" @@ -103,10 +193,21 @@ if [ $setup_already -eq 0 ]; then --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \ --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \ --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1 + AUTO_GENERATED_SECURITY=1 fi popd > "$OUTPUT" 2>&1 +# If COmanage Registry CakePHP security salt and seed have been +# injected and the files do not otherwise exist create them. +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" +fi + +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" +fi + # We always run upgradeVersion since it will not make any changes # if the current and target versions are the same or if # an upgrade from the current to the target version is not allowed. @@ -120,12 +221,28 @@ popd > "$OUTPUT" 2>&1 # set the ownership of those files appropriately. chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" -# Make sure the directory structure we need is available -# in the data volume for $COMANAGE_REGISTRY_DIR/local -mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img" +# If defined use configured location of Apache HTTP Server +# HTTPS certificate, key, and CA chain files. +if [ -n "$HTTPS_CERT_FILE" ]; then + rm -f /etc/apache2/cert.pem + cp "$HTTPS_CERT_FILE" /etc/apache2/cert.pem + chown www-data /etc/apache2/cert.pem + chmod 0644 /etc/apache2/cert.pem +fi + +if [ -n "$HTTPS_PRIVKEY_FILE" ]; then + rm -f /etc/apache2/privkey.pem + cp "$HTTPS_PRIVKEY_FILE" /etc/apache2/privkey.pem + chown www-data /etc/apache2/privkey.pem + chmod 0600 /etc/apache2/privkey.pem +fi + +if [ -n "$HTTPS_CHAIN_FILE" ]; then + rm -f /etc/apache2/chain.pem + cp "$HTTPS_CHAIN_FILE" /etc/apache2/chain.pem + chown www-data /etc/apache2/chain.pem + chmod 0644 /etc/apache2/chain.pem +fi # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then diff --git a/comanage-registry-shibboleth-sp/docker-comanage-entrypoint b/comanage-registry-shibboleth-sp/docker-comanage-entrypoint index 95f10c9..2a8e487 100755 --- a/comanage-registry-shibboleth-sp/docker-comanage-entrypoint +++ b/comanage-registry-shibboleth-sp/docker-comanage-entrypoint @@ -26,6 +26,96 @@ else OUTPUT=/dev/null fi +# Configuration details that may be injected through environment +# variables or the contents of files. + +injectable_config_vars=( + COMANAGE_REGISTRY_DATASOURCE + COMANAGE_REGISTRY_DATABASE + COMANAGE_REGISTRY_DATABASE_HOST + COMANAGE_REGISTRY_DATABASE_USER + COMANAGE_REGISTRY_DATABASE_USER_PASSWORD + COMANAGE_REGISTRY_EMAIL_FROM + COMANAGE_REGISTRY_EMAIL_TRANSPORT + COMANAGE_REGISTRY_EMAIL_HOST + COMANAGE_REGISTRY_EMAIL_PORT + COMANAGE_REGISTRY_EMAIL_ACCOUNT + COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD + COMANAGE_REGISTRY_SECURITY_SALT + COMANAGE_REGISTRY_SECURITY_SEED + HTTPS_CERT_FILE + HTTPS_PRIVKEY_FILE + HTTPS_CHAIN_FILE +) + +# If the file associated with a configuration variable is present then +# read the value from it into the appropriate variable. So for example +# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its +# value points to a file on the file system then read the contents +# of that file into the variable COMANAGE_REGISTRY_DATASOURCE. + +for config_var in "${injectable_config_vars[@]}" +do + eval file_name=\$"${config_var}_FILE"; + + if [ -e "$file_name" ]; then + declare "${config_var}"=`cat $file_name` + fi +done + +# Make sure the directory structure we need is available +# in the data volume for $COMANAGE_REGISTRY_DIR/local +mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img" + +# If the COmanage Registry database configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then + cat >> "$COMANAGE_REGISTRY_DIR/local/Config/database.php" < '${COMANAGE_REGISTRY_DATASOURCE:-Database/Postgres}', + 'persistent' => false, + 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}', + 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}', + 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}', + 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}', + 'prefix' => 'cm_', + ); + +} +EOF +fi + +# If the COmanage Registry email configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php" + +if [ ! -e "$email_config" ]; then + cat >> "$email_config" < ${COMANAGE_REGISTRY_EMAIL_FROM:-array('account@gmail.com' => 'Registry')}, + 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}', + 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}', + 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465}, + 'username' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT:-account@gmail.com}', + 'password' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD:-password}' + ); +} +EOF +fi + # Loop until we are able to open a connection to the database. DATABASE_TEST_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/DatabaseTestShell.php" @@ -103,10 +193,21 @@ if [ $setup_already -eq 0 ]; then --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \ --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \ --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1 + AUTO_GENERATED_SECURITY=1 fi popd > "$OUTPUT" 2>&1 +# If COmanage Registry CakePHP security salt and seed have been +# injected and the files do not otherwise exist create them. +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" +fi + +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" +fi + # We always run upgradeVersion since it will not make any changes # if the current and target versions are the same or if # an upgrade from the current to the target version is not allowed. @@ -120,12 +221,28 @@ popd > "$OUTPUT" 2>&1 # set the ownership of those files appropriately. chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" -# Make sure the directory structure we need is available -# in the data volume for $COMANAGE_REGISTRY_DIR/local -mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img" +# If defined use configured location of Apache HTTP Server +# HTTPS certificate, key, and CA chain files. +if [ -n "$HTTPS_CERT_FILE" ]; then + rm -f /etc/apache2/cert.pem + cp "$HTTPS_CERT_FILE" /etc/apache2/cert.pem + chown www-data /etc/apache2/cert.pem + chmod 0644 /etc/apache2/cert.pem +fi + +if [ -n "$HTTPS_PRIVKEY_FILE" ]; then + rm -f /etc/apache2/privkey.pem + cp "$HTTPS_PRIVKEY_FILE" /etc/apache2/privkey.pem + chown www-data /etc/apache2/privkey.pem + chmod 0600 /etc/apache2/privkey.pem +fi + +if [ -n "$HTTPS_CHAIN_FILE" ]; then + rm -f /etc/apache2/chain.pem + cp "$HTTPS_CHAIN_FILE" /etc/apache2/chain.pem + chown www-data /etc/apache2/chain.pem + chmod 0644 /etc/apache2/chain.pem +fi # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then diff --git a/comanage-registry/docker-comanage-entrypoint b/comanage-registry/docker-comanage-entrypoint index 95f10c9..2a8e487 100755 --- a/comanage-registry/docker-comanage-entrypoint +++ b/comanage-registry/docker-comanage-entrypoint @@ -26,6 +26,96 @@ else OUTPUT=/dev/null fi +# Configuration details that may be injected through environment +# variables or the contents of files. + +injectable_config_vars=( + COMANAGE_REGISTRY_DATASOURCE + COMANAGE_REGISTRY_DATABASE + COMANAGE_REGISTRY_DATABASE_HOST + COMANAGE_REGISTRY_DATABASE_USER + COMANAGE_REGISTRY_DATABASE_USER_PASSWORD + COMANAGE_REGISTRY_EMAIL_FROM + COMANAGE_REGISTRY_EMAIL_TRANSPORT + COMANAGE_REGISTRY_EMAIL_HOST + COMANAGE_REGISTRY_EMAIL_PORT + COMANAGE_REGISTRY_EMAIL_ACCOUNT + COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD + COMANAGE_REGISTRY_SECURITY_SALT + COMANAGE_REGISTRY_SECURITY_SEED + HTTPS_CERT_FILE + HTTPS_PRIVKEY_FILE + HTTPS_CHAIN_FILE +) + +# If the file associated with a configuration variable is present then +# read the value from it into the appropriate variable. So for example +# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its +# value points to a file on the file system then read the contents +# of that file into the variable COMANAGE_REGISTRY_DATASOURCE. + +for config_var in "${injectable_config_vars[@]}" +do + eval file_name=\$"${config_var}_FILE"; + + if [ -e "$file_name" ]; then + declare "${config_var}"=`cat $file_name` + fi +done + +# Make sure the directory structure we need is available +# in the data volume for $COMANAGE_REGISTRY_DIR/local +mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public" +mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img" + +# If the COmanage Registry database configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then + cat >> "$COMANAGE_REGISTRY_DIR/local/Config/database.php" < '${COMANAGE_REGISTRY_DATASOURCE:-Database/Postgres}', + 'persistent' => false, + 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}', + 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}', + 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}', + 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}', + 'prefix' => 'cm_', + ); + +} +EOF +fi + +# If the COmanage Registry email configuration file does not exist +# then try to create it from injected information with reasonable defaults +# that aid simple evaluation deployments. +email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php" + +if [ ! -e "$email_config" ]; then + cat >> "$email_config" < ${COMANAGE_REGISTRY_EMAIL_FROM:-array('account@gmail.com' => 'Registry')}, + 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}', + 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}', + 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465}, + 'username' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT:-account@gmail.com}', + 'password' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD:-password}' + ); +} +EOF +fi + # Loop until we are able to open a connection to the database. DATABASE_TEST_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/DatabaseTestShell.php" @@ -103,10 +193,21 @@ if [ $setup_already -eq 0 ]; then --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \ --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \ --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1 + AUTO_GENERATED_SECURITY=1 fi popd > "$OUTPUT" 2>&1 +# If COmanage Registry CakePHP security salt and seed have been +# injected and the files do not otherwise exist create them. +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" +fi + +if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" +fi + # We always run upgradeVersion since it will not make any changes # if the current and target versions are the same or if # an upgrade from the current to the target version is not allowed. @@ -120,12 +221,28 @@ popd > "$OUTPUT" 2>&1 # set the ownership of those files appropriately. chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" -# Make sure the directory structure we need is available -# in the data volume for $COMANAGE_REGISTRY_DIR/local -mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public" -mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img" +# If defined use configured location of Apache HTTP Server +# HTTPS certificate, key, and CA chain files. +if [ -n "$HTTPS_CERT_FILE" ]; then + rm -f /etc/apache2/cert.pem + cp "$HTTPS_CERT_FILE" /etc/apache2/cert.pem + chown www-data /etc/apache2/cert.pem + chmod 0644 /etc/apache2/cert.pem +fi + +if [ -n "$HTTPS_PRIVKEY_FILE" ]; then + rm -f /etc/apache2/privkey.pem + cp "$HTTPS_PRIVKEY_FILE" /etc/apache2/privkey.pem + chown www-data /etc/apache2/privkey.pem + chmod 0600 /etc/apache2/privkey.pem +fi + +if [ -n "$HTTPS_CHAIN_FILE" ]; then + rm -f /etc/apache2/chain.pem + cp "$HTTPS_CHAIN_FILE" /etc/apache2/chain.pem + chown www-data /etc/apache2/chain.pem + chmod 0644 /etc/apache2/chain.pem +fi # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then