From cbd7e68124bcc0bdebc6bc75598f96ec7eb4bebc Mon Sep 17 00:00:00 2001 From: Schnitzel Date: Tue, 19 Mar 2019 15:04:31 -0500 Subject: [PATCH] move generate-ssh-key-fingerprint into initdb of api-db --- ...77-api-db-generate-ssh-key-fingerprints.sh | 18 --------- services/api-db/Dockerfile | 2 + .../04-generate-ssh-key-fingerprints.sh | 38 +++++++++++++++++++ services/api-db/rerun_initdb.sh | 13 +++++-- 4 files changed, 49 insertions(+), 22 deletions(-) delete mode 100755 helpers/577-api-db-generate-ssh-key-fingerprints.sh create mode 100755 services/api-db/docker-entrypoint-initdb.d/04-generate-ssh-key-fingerprints.sh diff --git a/helpers/577-api-db-generate-ssh-key-fingerprints.sh b/helpers/577-api-db-generate-ssh-key-fingerprints.sh deleted file mode 100755 index adeaaa74cf..0000000000 --- a/helpers/577-api-db-generate-ssh-key-fingerprints.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -eu -o pipefail - -# disable globbing -set -f; -# set field separator to NL (only) -IFS=$'\n'; -# get all ssh keys from api-db into a bash array -SSHKEY_RECORDS=( $(mysql -u$MARIADB_USER -p$MARIADB_PASSWORD -h$HOSTNAME $MARIADB_DATABASE --batch -sse "select id, key_type, key_value from ssh_key") ); - -for SSHKEY_RECORD in "${SSHKEY_RECORDS[@]}"; -do - RECORD_ID=$(awk '{print $1}' <<< "$SSHKEY_RECORD"); - SSHKEY=$(awk '{print $2, $3}' <<< "$SSHKEY_RECORD"); - FINGERPRINT=$(ssh-keygen -lE sha256 -f - <<< "$SSHKEY" | awk '{print $2}'); - mysql -u$MARIADB_USER -p$MARIADB_PASSWORD -h$HOSTNAME $MARIADB_DATABASE -e "UPDATE ssh_key SET key_fingerprint = '$FINGERPRINT' WHERE id = $RECORD_ID"; -done; diff --git a/services/api-db/Dockerfile b/services/api-db/Dockerfile index c8f5bd2f1e..3f65575402 100644 --- a/services/api-db/Dockerfile +++ b/services/api-db/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE_REPO FROM ${IMAGE_REPO:-lagoon}/mariadb +RUN apk add --no-cache openssh-keygen + ENV MARIADB_DATABASE=infrastructure \ MARIADB_USER=api \ MARIADB_PASSWORD=api \ diff --git a/services/api-db/docker-entrypoint-initdb.d/04-generate-ssh-key-fingerprints.sh b/services/api-db/docker-entrypoint-initdb.d/04-generate-ssh-key-fingerprints.sh new file mode 100755 index 0000000000..924f860699 --- /dev/null +++ b/services/api-db/docker-entrypoint-initdb.d/04-generate-ssh-key-fingerprints.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -eu -o pipefail + +# disable globbing +set -f; +# set field separator to NL (only) +IFS=$'\n'; + +DUPLICATE_SSHKEY_RECORDS=( $(mysql infrastructure --batch -sse "SELECT count(*) count, key_value FROM ssh_key GROUP BY key_value HAVING count > 1") ); + +if [ ${#DUPLICATE_SSHKEY_RECORDS[@]} -ne 0 ]; then + echo "====== FOUND DUPLICATE SSH KEYS IN LAGOON API DATABASE!" + for DUPLICATE_SSHKEY_RECORD in "${DUPLICATE_SSHKEY_RECORDS[@]}"; + do + echo "" + echo $(awk '{print $2}' <<< "$DUPLICATE_SSHKEY_RECORD"); + done; + echo "" + echo "====== PLEASE REMOVE DUPLICATED SSH KEYS AND RUN INITIALIZATION OF DB AGAIN" + #exit 1 +fi + +echo "=== Starting SSH KEY Fingerprint generation" + +# get all ssh keys which have no fingerprint yet from api-db into a bash array +SSHKEY_RECORDS=( $(mysql infrastructure --batch -sse "SELECT id, key_type, key_value FROM ssh_key WHERE key_fingerprint is NULL") ); + +for SSHKEY_RECORD in "${SSHKEY_RECORDS[@]}"; +do + RECORD_ID=$(awk '{print $1}' <<< "$SSHKEY_RECORD"); + SSHKEY=$(awk '{print $2, $3}' <<< "$SSHKEY_RECORD"); + FINGERPRINT=$(ssh-keygen -lE sha256 -f - <<< "$SSHKEY" | awk '{print $2}'); + echo "Adding SSH Key Fingerprint for SSH KEY '$RECORD_ID': $FINGERPRINT" + mysql infrastructure -e "UPDATE ssh_key SET key_fingerprint = '$FINGERPRINT' WHERE id = $RECORD_ID"; +done; + +echo "=== Finished SSH KEY Fingerprint generation" diff --git a/services/api-db/rerun_initdb.sh b/services/api-db/rerun_initdb.sh index 2690dc95d3..b482adfedb 100755 --- a/services/api-db/rerun_initdb.sh +++ b/services/api-db/rerun_initdb.sh @@ -1,5 +1,10 @@ -#!/bin/sh +#!/bin/bash -INITDB_DIR="/docker-entrypoint-initdb.d" - -for sql_file in `ls $INITDB_DIR`; do mysql --verbose < "$INITDB_DIR/$sql_file" ; done +for f in `ls /docker-entrypoint-initdb.d/*`; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; cat $f| tee | mysql --verbose; echo ;; + *) echo "$0: ignoring $f" ;; + esac +echo +done \ No newline at end of file