diff --git a/bin/syncFilesToAllSwarmNodes.sh b/bin/syncFilesToAllSwarmNodes.sh index 5c88fab..0e1b523 100644 --- a/bin/syncFilesToAllSwarmNodes.sh +++ b/bin/syncFilesToAllSwarmNodes.sh @@ -1,23 +1,14 @@ #!/bin/bash +# +# This script will sync specified directories of files to all nodes in the docker swarm. +# It must be run from a/the manager node. +# -#ensure dig is avail -command -v dig >/dev/null 2>&1 || { echo >&2 "ERROR: dig is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -#ensure sed is avail -command -v sed >/dev/null 2>&1 || { echo >&2 "ERROR: sed is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -#ensure awk is avail -command -v awk >/dev/null 2>&1 || { echo >&2 "ERROR: awk is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -#ensure scp is avail -command -v scp >/dev/null 2>&1 || { echo >&2 "ERROR: scp is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -#ensure realpath is avail -command -v realpath >/dev/null 2>&1 || { echo >&2 "ERROR: realpath is required, but doesn't appear to be installed. Aborting..."; exit 1; } IDfile=`realpath $4` + DisplayUsage() { echo "Usage:" @@ -71,7 +62,7 @@ fi pushd $1 > /dev/null -#check if specified config dir contains (some of) the needed sub-directories +#check if specified config dir contains the needed sub-directories if ! [ -d "$PWD/config/shib-idp/conf" ]; then echo "ERROR: the specified directory does not appear to contain a valid IdP config structure, terminating." exit 1 @@ -83,7 +74,6 @@ fi # transfer files -# # get list of other nodes in the swarm for n in `docker node ls | sed -n '1!p' | cut -f 1 -d ' '`; do #echo $n diff --git a/configBuilder.sh b/configBuilder.sh index 9cb1fb8..9836dad 100755 --- a/configBuilder.sh +++ b/configBuilder.sh @@ -290,10 +290,10 @@ echo "" echo "Would you like your Shibboleth IdP containers to utilize a " echo "Shibboleth config which has been \"burned\" (copied) into each " echo "container, or would you like your IdP containers to instead " -echo "mount their configuration from the container host's local filesystem?" +echo "mount their configuration from the container host's local filesystem or would you like to use a hybrid config utilizing secrets?" echo "" while [ ${BURNMOUNT} == "None" ]; do - echo -n "Please select your choice (please enter either \"burn\" or \"mount\"): " + echo -n "Please select your choice (please enter either \"burn\" or \"mount\" or \"hybrid\"): " read response case $response in Mount|mount|M|m) @@ -302,8 +302,11 @@ while [ ${BURNMOUNT} == "None" ]; do Burn|burn|B|b) BURNMOUNT=burn ;; + Hybrid|hybrid|H|h) + BURNMOUNT=hybrid + ;; *) - echo "You must choose either \"burn\" or \"mount\"." + echo "You must choose either \"burn\" or \"mount\" or \"hybrid\"." esac done #echo "Burn/Mount option choice is: $BURNMOUNT" @@ -466,7 +469,7 @@ sed -f docker_edit.sed Dockerfile.dist > Dockerfile rm -f docker_edit.sed -if [ ${BURNMOUNT} == "burn" ]; then +if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then echo "Configuring Docker for burned-in configuration." mv -f Dockerfile Dockerfile.setup @@ -500,6 +503,36 @@ command -v zip >/dev/null 2>&1 || { echo >&2 "ERROR: zip is required, but doesn' FILENAME=./shib-idp-config_`date +%m%d%Y-%H%M%S`.zip zip -r ${FILENAME} ./* > /dev/null + +# if the user chose a hybrid config, then generate a directory containing the config with secrets removed +# copy files +echo "" +echo "Creating sanitized config for hybrid build..." +echo "" +destPath=./ConfigNoSecrets +cp -rf `realpath ${PWD}`/. $destPath >/dev/null 2>>/dev/null + +# remove secrets +mv -f $destPath/config/shib-idp/conf/idp.properties $destPath/SECRETS/idp.properties > /dev/null +mv -f $destPath/config/shib-idp/conf/ldap.properties $destPath/SECRETS/ldap.properties > /dev/null +mv -f $destPath/credentials/shib-idp/sealer.jks $destPath/SECRETS/sealer.jks > /dev/null +mv -f $destPath/credentials/shib-idp/sealer.kver $destPath/SECRETS/sealer.kver > /dev/null +mv -f $destPath/credentials/shib-idp/idp-signing.key $destPath/SECRETS/idp-signing.key > /dev/null +mv -f $destPath/credentials/shib-idp/idp-signing.crt $destPath/SECRETS/idp-signing.crt > /dev/null +mv -f $destPath/credentials/shib-idp/idp-encryption.key $destPath/SECRETS/idp-encryption.key > /dev/null +mv -f $destPath/credentials/shib-idp/idp-encryption.crt $destPath/SECRETS/idp-encryption.crt > /dev/null +mv -f $destPath/config/shib-idp/conf/relying-party.xml $destPath/SECRETS/relying-party.xml > /dev/null +mv -f $destPath/config/shib-idp/conf/attribute-filter.xml $destPath/SECRETS/attribute-filter.xml > /dev/null +mv -f $destPath/config/shib-idp/conf/attribute-resolver.xml $destPath/SECRETS/attribute-resolver.xml > /dev/null +mv -f $destPath/config/shib-idp/conf/metadata-sources.xml $destPath/SECRETS/metadata-sources.xml > /dev/null + +echo "" +echo Your secrets were removed from the main config and stored in $destPath/SECRETS +echo "" + + + + ############################################################################################################################ ### notify user of next steps (docker build and docker run commands, based on burn/mount and chosen directory locations) ### ############################################################################################################################