Open mikaelparkefelt opened 3 weeks ago
Last comment in the discussion:
And, you're welcome to open a feature request issue on this repo for this, if it's something you'd like us to consider adding.
Hey @mikaelparkefelt thanks for opening this feature request. We can look into adding features to the step-ca container entrypoint to configure the CA to use PostgreSQL but in the meantime, I actually configure my step-ca container after the initial setup with this bash snipit from my automation scripts.
It should be a stopgap for users that want to automate launching step-ca with PostgreSQL support. You will need jq
and sponge
for it to work. I bootstrap my step-ca container and let it configure itself with BadgerDB and then I set it up to use PostgreSQL after the fact. You will want to adjust the if statements below to fit your needs and change ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json
to the path to the ca.json
file after it has been created.
You need to restart the step-ca container once the ca.json
is adjusted to use PostgreSQL. It should be safe to remove the BadgerDB directory after everything has been setup to use PostgreSQL. I have those lines commented out in my example below.
Please note that this creates a fresh database in PostgreSQL and there is no path to import your existing BadgerDB currently.
# Update ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json to use PostgreSQL
if [ "${STEPCA_DATABASE}" = "postgres" ]; then
CURRENT_STEPCA_DB_TYPE=$(jq -r .db.type < ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json)
if [ "${CURRENT_STEPCA_DB_TYPE}" != "postgresql" ]; then
cat ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json | jq -r --arg STEPCA_POSTGRES_USER ${STEPCA_POSTGRES_USER} \
--arg STEPCA_POSTGRES_PASSWORD ${STEPCA_POSTGRES_PASSWORD} \
--arg STEPCA_POSTGRES_HOST ${STEPCA_POSTGRES_HOST} \
--arg STEPCA_POSTGRES_PORT ${STEPCA_POSTGRES_PORT} \
'.db = {"type": "postgresql", "dataSource": "postgresql://\($STEPCA_POSTGRES_USER):\($STEPCA_POSTGRES_PASSWORD)@\($STEPCA_POSTGRES_HOST):\($STEPCA_POSTGRES_PORT)/", "database": "stepca"}'\
|sponge ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json
# podman restart ${SELFHOST_APP_NAME}-app
# rm -rf ${SELFHOST_APP_DATA_DIR}/stepca/db
fi
fi
@jdoss Hi,
Thanks for your response.... I'm using Ansible to automate the init step and configuration of Step-CA.
I have figure out that I can run step ca init <arguments>
first and change the configuration to connect to the PostgreSQL DB.
Then I run a set of commands to recreate all provisioners with customization to recreate the init things that was not added to the database in the initial configuration.
It work but it is not very easy to understand and maintain.
So the feature is very important to me that there is a initial configuration that will use any of the supported database.
Then for the next problem I have had is that you use the same password every where and it needs to be a command to change a them in an easy way. For Providers it it not very simple and the instructions has a lot of steps and there should be only one command that will change the password for them.
Please tell me how to automate the change of password for the providers?
Discussed in https://github.com/smallstep/certificates/discussions/1428