Bridgeman-Accessible/custom-hashicorp-vault
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
custom-hashicorp-vault/entrypoint.sh
Alan Bridgeman 75d003a3be Initial code commit
2025-05-07 06:30:09 -05:00

139 lines
No EOL
4.6 KiB
Bash
Raw Blame History

#!/bin/bash
# |*******************************************************************|
# | Setup script |
# | |
# | Author: Alan Bridgeman |
# | Created: 2024-03-30 |
# | |
# | COPYRIGHT © 2024 Bridgeman Accessible/Alan Bridgeman. |
# | |
# | This work is presented AS IS, with no warranty of any kind. |
# | Any modification or use of this script is at the user's own risk. |
# |*******************************************************************|
# The `entrypoint.sh` script is responsible for setting up the Vault server.
# It enables the AppRole auth method, creates a policy, and a role.
# It then retrieves the role_id and secret_id and stores them in a file (`/role_vars/.env`).
# Start and wait for the vault to get started
start_and_wait_for_vault() {
echo "+----------------+"
echo "| Starting Vault |"
echo "+----------------+"
# Start the vault server (in the background)
vault server -config=/vault/config/vault-config.hcl & #-dev &
echo "+------------------------------+"
echo "| Wait for Vault to be Started |"
echo "+------------------------------+"
# Wait for the vault server to start
retries=0
poll_lock=false
while [ "$poll_lock" = false ] && [ $retries -lt 10 ]; do
# Sleep for 5 seconds (give some time before check and re-checking)
# Note, we put this at the top of the loop so that there is no extra delay once we get the status
sleep 5
echo "Attempt $((retries + 1)) to check if vault has started"
# Attempt to get the vault status
vault status
# Check if the exit code of the `vault status` command (last command) is 0 (success)
poll_lock=$(test $? -ne 1 && echo "true" || echo "false")
# Increment the retries counter
retries=$((retries + 1))
done
# If the vault server did not start, exit with an error
if [ "$poll_lock" = false ]; then
echo "Failed to start vault server"
exit 1
fi
}
# Function to initialize vault (inculding creating the root token and unseal keys)
#init_vault() {
# echo "*----------------------*"
# echo "| Initialization Vault |"
# echo "*----------------------*"
#
# # Initialize the vault
# init_output=$(vault operator init -format=json)
#
# # Parse the unseal keys and root token from the initialization response
# unseal_keys=$(echo $init_output | jq -r '.unseal_keys_b64[]')
# root_token=$(echo $init_output | jq -r '.root_token')
#
# mkdir /vault/creds
# touch /vault/creds/unseal-keys && echo "$unseal_keys" > /vault/creds/unseal-keys
# touch /vault/creds/root-token && echo "$root_token" > /vault/creds/root-token
#}
# Function to check if the vault is unsealed
#is_vault_unsealed() {
# seal_status=$(vault status -format=json | jq -r '.sealed')
# if [[ $seal_status == "false" ]]; then
# return 0
# else
# return 1
# fi
#}
# Function to unseal the vault
#unseal_vault() {
# echo "*-----------------*"
# echo "| Unsealing Vault |"
# echo "*-----------------*"
#
# # Use each key to unseal the vault
# for key in $unseal_keys; do
# vault operator unseal $key
#
# # If the vault is now unsealed break/escape from the loop
# if is_vault_unsealed; then
# echo "Vault is unsealed"
# break
# fi
# done
#}
# Function to setup the secrets engine
#setup_secrets_engine() {
# echo "*---------------------------*"
# echo "| Setting up secrets engine |"
# echo "*---------------------------*"
#
# vault login $root_token
# vault secrets enable -path secret kv
#}
#setup_app_role_access() {
# echo "*----------------------------*"
# echo "| Setting up App Role access |"
# echo "*----------------------------*"
#
# # Run the custom entrypoint Python script
# python3 /entrypoint.py $root_token
#}
start_and_wait_for_vault
python3 /setup-scripts/prod-setup.py
#init_vault
#unseal_vault
#setup_secrets_engine
#setup_app_role_access
# Start the snapshot server in the background
# This is a custom server that is used to manually trigger and then return the snapshot over HTTP
python3 /snapshot-server/server.py > /var/log/snapshot-server.log 2>&1 &
# Keep the container running
# By "following" the log file
tail -f /vault/logs/vault-audit.log
Reference in a new issue View git blame Copy permalink