Initial code commit

entrypoint.sh

@@ -0,0 +1,139 @@
+#!/bin/bash
+
+# |*******************************************************************|
+# | Setup script                                                      |
+# |                                                                   |
+# | Author: Alan Bridgeman                                            |
+# | Created: 2024-03-30                                               |
+# |                                                                   |
+# | COPYRIGHT © 2024 Bridgeman Accessible/Alan Bridgeman.             |
+# |                                                                   |
+# | This work is presented AS IS, with no warranty of any kind.       |
+# | Any modification or use of this script is at the user's own risk. |
+# |*******************************************************************|
+
+# The `entrypoint.sh` script is responsible for setting up the Vault server. 
+# It enables the AppRole auth method, creates a policy, and a role. 
+# It then retrieves the role_id and secret_id and stores them in a file (`/role_vars/.env`).
+
+# Start and wait for the vault to get started
+start_and_wait_for_vault() {
+    echo "+----------------+"
+    echo "| Starting Vault |"
+    echo "+----------------+"
+
+    # Start the vault server (in the background)
+    vault server -config=/vault/config/vault-config.hcl & #-dev &
+
+    echo "+------------------------------+"
+    echo "| Wait for Vault to be Started |"
+    echo "+------------------------------+"
+
+    # Wait for the vault server to start
+    retries=0
+    poll_lock=false
+    while [ "$poll_lock" = false ] && [ $retries -lt 10 ]; do
+        # Sleep for 5 seconds (give some time before check and re-checking)
+        # Note, we put this at the top of the loop so that there is no extra delay once we get the status
+        sleep 5
+
+        echo "Attempt $((retries + 1)) to check if vault has started"
+
+        # Attempt to get the vault status
+        vault status
+
+        # Check if the exit code of the `vault status` command (last command) is 0 (success)
+        poll_lock=$(test $? -ne 1 && echo "true" || echo "false")
+
+        # Increment the retries counter
+        retries=$((retries + 1))
+    done
+
+    # If the vault server did not start, exit with an error
+    if [ "$poll_lock" = false ]; then
+        echo "Failed to start vault server"
+        exit 1
+    fi
+}
+
+# Function to initialize vault (inculding creating the root token and unseal keys)
+#init_vault() {
+#    echo "*----------------------*"
+#    echo "| Initialization Vault |"
+#    echo "*----------------------*"
+#
+#    # Initialize the vault
+#    init_output=$(vault operator init -format=json)
+#
+#    # Parse the unseal keys and root token from the initialization response
+#    unseal_keys=$(echo $init_output | jq -r '.unseal_keys_b64[]')
+#    root_token=$(echo $init_output | jq -r '.root_token')
+#
+#    mkdir /vault/creds
+#    touch /vault/creds/unseal-keys && echo "$unseal_keys" > /vault/creds/unseal-keys
+#    touch /vault/creds/root-token && echo "$root_token" > /vault/creds/root-token
+#}
+
+# Function to check if the vault is unsealed
+#is_vault_unsealed() {
+#    seal_status=$(vault status -format=json | jq -r '.sealed')
+#    if [[ $seal_status == "false" ]]; then
+#        return 0
+#    else
+#        return 1
+#    fi
+#}
+
+# Function to unseal the vault
+#unseal_vault() {
+#    echo "*-----------------*"
+#    echo "| Unsealing Vault |"
+#    echo "*-----------------*"
+#
+#    # Use each key to unseal the vault
+#    for key in $unseal_keys; do
+#        vault operator unseal $key
+#
+#        # If the vault is now unsealed break/escape from the loop
+#        if is_vault_unsealed; then
+#            echo "Vault is unsealed"
+#            break
+#        fi
+#    done
+#}
+
+# Function to setup the secrets engine
+#setup_secrets_engine() {
+#    echo "*---------------------------*"
+#    echo "| Setting up secrets engine |"
+#    echo "*---------------------------*"
+#
+#    vault login $root_token
+#    vault secrets enable -path secret kv
+#}
+
+#setup_app_role_access() {
+#    echo "*----------------------------*"
+#    echo "| Setting up App Role access |"
+#    echo "*----------------------------*" 
+#
+#    # Run the custom entrypoint Python script
+#    python3 /entrypoint.py $root_token
+#}
+
+start_and_wait_for_vault
+
+python3 /setup-scripts/prod-setup.py
+
+#init_vault
+#unseal_vault
+#setup_secrets_engine
+#setup_app_role_access
+
+# Start the snapshot server in the background
+# This is a custom server that is used to manually trigger and then return the snapshot over HTTP
+python3 /snapshot-server/server.py > /var/log/snapshot-server.log 2>&1 &
+
+# Keep the container running
+# By "following" the log file
+tail -f /vault/logs/vault-audit.log