79 lines
2.6 KiB

  1. #!/bin/bash
  2. ## Init is run on host
  3. ## For now it is run every time the script is launched, but
  4. ## it should be launched only once after build.
  5. ## Accessible variables are:
  6. ## - SERVICE_NAME Name of current service
  7. ## - DOCKER_BASE_IMAGE Base image from which this service might be built if any
  8. ## - SERVICE_DATASTORE Location on host of the DATASTORE of this service
  9. ## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
  10. set -e
  11. service_def=$(get_compose_service_def "$SERVICE_NAME")
  12. admin_keys=$(echo "$service_def" | shyaml -y get-value options.admin 2>/dev/null) || {
  13. err "You must specify a ${WHITE}admin${NORMAL} struct in ${DARKYELLOW}$SERVICE_NAME${NORMAL}'s options"
  14. exit 1
  15. }
  16. [ "$(echo "$admin_keys" | shyaml -y get-type 2>/dev/null)" == "struct" ] || {
  17. err "Invalid value type for ${WHITE}admin${NORMAL} in" \
  18. "${DARKYELLOW}$SERVICE_NAME${NORMAL}'s options, please provide a struct"
  19. exit 1
  20. }
  21. rebuild-config() {
  22. rm -rf "$SERVICE_CONFIGSTORE/etc/rsync/keys/admin"
  23. mkdir -p "$host_path_key"
  24. while read-0 ident keys; do
  25. ident=$(e "$ident" | shyaml get-value)
  26. if ! [[ "$ident" =~ ^[a-zA-Z0-9._-]+$ ]]; then
  27. err "Invalid identifier '$ident'," \
  28. "please use only alphanumerical char, dots, dash or underscores."
  29. exit 1
  30. fi
  31. debug "Setting access keys for ${ident}"
  32. [ "$(echo "$keys" | shyaml -y get-type 2>/dev/null)" == "sequence" ] || {
  33. err "Invalid value type for ${WHITE}admin.$ident${NORMAL}, please provide a sequence"
  34. echo " Received: '$keys'" >&2
  35. exit 1
  36. }
  37. while read-0 key; do
  38. echo "command=\"/usr/local/sbin/ssh-admin-cmd-validate \\\"$ident\\\"\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $key"
  39. done < <(echo "$keys" | shyaml get-values-0) | file_put "$host_path_key/$ident/.ssh/authorized_keys"
  40. done < <(echo "$admin_keys" | shyaml -y key-values-0)
  41. e "$control_users" > "$CONTROL_USERS_FILE"
  42. }
  43. local_path_key=/etc/rsync/keys/admin
  44. host_path_key="$SERVICE_CONFIGSTORE${local_path_key}"
  45. CONTROL_USERS_FILE="$SERVICE_DATASTORE/.control-pass"
  46. ## Was it already properly propagated to database ?
  47. control_users=$(H "${admin_keys}" "$(declare -f "rebuild-config")")
  48. init-config-add "\
  49. $SERVICE_NAME:
  50. volumes:
  51. - $host_path_key:$local_path_key
  52. labels:
  53. - compose.config_hash=$control_users
  54. "
  55. if [ -e "$CONTROL_USERS_FILE" ] && [ "$control_users" == "$(cat "$CONTROL_USERS_FILE")" ]; then
  56. exit 0
  57. fi
  58. rebuild-config