search

concourse / concourse-docker

Offical concourse/concourse Docker image.
Apache License 2.0
241 stars 153 forks source link

Put ./keys/generate into the docker image #60

Open Grimeton opened 4 years ago

Grimeton commented 4 years ago

Hi,

put the file into the docker image so that one can do a one-stop-shop key generation. I don't want to pull down a git repo to generate keys that are needed inside a docker image.

Cu

A script like this, from the top of my head:

#!/usr/bin/env bash
set -o nounset
declare __BASEDIRECTORY="/keys"
declare -a __SUBDIRECTORIES=("web" "worker")
declare -a __RSA_KEYS=( "/keys/web/session_signing_key" )
declare -a __SSH_KEYS=( "/keys/web/tsa_host_key" "/keys/worker/worker_key" )

for __SUBDIRECTORY in "${__SUBDIRECTORIES[@]}"; do

    if [[ ! -d "${__BASEDIRECTORY}/${__SUBDIRECTORY}" ]]; then
        mkdir -p "${__BASEDIRECTORY}/${__SUBDIRECTORY}"
    fi

done

for __KEY in "${__RSA_KEYS[@]}"; do

    if [[ ! -f "${__KEY}" ]]; then
        generate-key -t rsa -f "${__KEY}"
    fi

done

for __KEY in "${__SSH_KEYS[@]}"; do
    if [[ ! -f "${__KEY}" ]]; then
        generate-key -t ssh -f "${__KEY}"
    fi
done

This is what I put together to auto generate the keys on the outside...

#!/usr/bin/env bash
set -o nounset
declare __BASEDIRECTORY="/srv/containers/tools/concourse/config/keys"
declare -a __SUBDIRECTORIES=("web" "worker")
declare -a __RSA_KEYS=( "/web/session_signing_key" )
declare -a __SSH_KEYS=( "/web/tsa_host_key" "/worker/worker_key" )

for __SUBDIRECTORY in "${__SUBDIRECTORIES[@]}"; do

    if [[ ! -d "${__BASEDIRECTORY}/${__SUBDIRECTORY}" ]]; then
        mkdir -p "${__BASEDIRECTORY}/${__SUBDIRECTORY}"
    fi

done

for __KEY in "${__RSA_KEYS[@]}"; do

    if [[ ! -f "${__BASEDIRECTORY}/${__KEY}" ]]; then
        docker run --rm -v "${__BASEDIRECTORY}:/keys" concourse/concourse generate-key -t rsa -f "/keys/${__KEY}"
    fi

done

for __KEY in "${__SSH_KEYS[@]}"; do
    if [[ ! -f "${__BASEDIRECTORY}/${__KEY}" ]]; then
        docker run --rm -v "${__BASEDIRECTORY}:/keys" concourse/concourse generate-key -t ssh -f "/keys/${__KEY}"
    fi
done

cp "${__BASEDIRECTORY}/worker/worker_key.pub" "${__BASEDIRECTORY}/web/authorized_worker_keys"
cp "${__BASEDIRECTORY}/web/tsa_host_key.pub" "${__BASEDIRECTORY}/worker/tsa_host_key.pub"