1+ #! /bin/bash
2+ # Prepare the environment and config file for the Krill daemon.
3+ # This script supports several scenarios:
4+ # A. The operator wants to run the Krill daemon using the default setup:
5+ # We have to fix a couple of things before running the Krill daemon:
6+ # - Krill doesn't know the FQDN at which it's HTTPS, RSYNC and RRDP
7+ # endpoints are published but needs to include that FQDN in data that
8+ # it produces. Configure it based on env var KRILL_FQDN.
9+ # - Krill doesn't have a default API token value, we have to supply one.
10+ # Generate one and announce it, if no KRILL_AUTH_TOKEN env var was
11+ # supplied by the operator.
12+ #
13+ # B: The operator wants to control the Krill daemon configuration themselves.
14+ # They do this by Docker mounting their own krill.conf over the
15+ # /var/krill/data/krill.conf path.
16+ #
17+ # C: The operator wants to run some other command in the container, e.g.
18+ # krill_admin.
19+ #
20+ set -e
21+ KRILL_CONF=/var/krill/data/krill.conf
22+ KRILL_FQDN=" ${KRILL_FQDN:- localhost: 3000} "
23+ KRILL_AUTH_TOKEN=" ${KRILL_AUTH_TOKEN:- None} "
24+ KRILL_LOG_LEVEL=" ${KRILL_LOG_LEVEL:- warn} "
25+ KRILL_USE_TA=" ${KRILL_USE_TA:- false} "
26+
27+ MAGIC=" # DO NOT TOUCH, THIS LINE IS MANAGED BY DOCKER KRILL"
28+ LOG_PREFIX=" docker-krill:"
29+
30+ log_warning () {
31+ echo >&2 " ${LOG_PREFIX} Warning! $* "
32+ }
33+
34+ log_info () {
35+ echo " ${LOG_PREFIX} $* "
36+ }
37+
38+ if [ " $1 " == " krilld" ; then
39+ # Does the opreator want to use their own API token? If so they must
40+ # supply the KRILL_AUTH_TOKEN env var.
41+ if [ " ${KRILL_AUTH_TOKEN} " == " None" ; then
42+ # Generate a unique hard to guess authorisation token and export it
43+ # so that the Krill daemon uses it (unless overriden by the Krill
44+ # daemon config file). Only do this if the operator didn't already
45+ # supply a token when launching the Docker container.
46+ export KRILL_AUTH_TOKEN=$( uuidgen)
47+ fi
48+
49+ # Announce the token in the Docker logs so that clients can obtain it.
50+ log_info " Securing Krill daemon with token ${KRILL_AUTH_TOKEN} "
51+
52+ log_info " Configuring ${KRILL_CONF} .."
53+ # If the config file was persisted and the container was recreated with
54+ # different arguments to docker run there may still be some lines in the
55+ # config file that we added before which are now no longer correct. Remove
56+ # any lines that we added.
57+ if ! sed -i " /.\\ +${MAGIC} /d" ${KRILL_CONF} 2> /dev/null; then
58+ log_warning " Cannot write to ${KRILL_CONF} . You can ignore this warning if you mounted your own config file over ${KRILL_CONF} ."
59+ else
60+ # Append to the default Krilld config file to direct clients of the
61+ # RSYNC and RRDP endpoints to the correct FQDN. We cannot know know the
62+ # FQDN which clients use to reach us so the operator must inform this
63+ # script via a "-e KRILL_FQDN=some.domain.name" argument to
64+ # "docker run". If KRILL_FQDN is not set assume that the user is
65+ # managing the Krill configuration themselves.
66+ cat << EOF >> ${KRILL_CONF}
67+ rsync_base = "rsync://${KRILL_FQDN} /repo/" ${MAGIC}
68+ service_uri = "https://${KRILL_FQDN} /" ${MAGIC}
69+ log_level = "${KRILL_LOG_LEVEL} " ${MAGIC}
70+ use_ta = ${KRILL_USE_TA} ${MAGIC}
71+ EOF
72+
73+ log_info " Dumping ${KRILL_CONF} config file"
74+ cat ${KRILL_CONF}
75+ log_info " End of dump"
76+ fi
77+
78+
79+ fi
80+
81+ # Launch the command supplied either by the default CMD (krilld) in the
82+ # Dockerfile or that given by the operator when invoking Docker run. Use exec
83+ # to ensure krilld runs as PID 1 as required by Docker for proper signal
84+ # handling. This also allows this Docker image to be used to run krill_admin
85+ # instead of krilld.
86+ exec " $@ "
0 commit comments