diff --git a/snap/local/helper-go/go.mod b/snap/local/helper-go/go.mod index 30b5ab93a0..86810744da 100644 --- a/snap/local/helper-go/go.mod +++ b/snap/local/helper-go/go.mod @@ -2,4 +2,4 @@ module github.com/edgexfoundry/edgex-go/snap/local/helper-go go 1.18 -require github.com/canonical/edgex-snap-hooks/v3 v3.0.0-20230112170125-c0580fb68dab +require github.com/canonical/edgex-snap-hooks/v3 v3.0.0-20230413215958-a96e2a6a0cc6 diff --git a/snap/local/helper-go/go.sum b/snap/local/helper-go/go.sum index 8119883486..6372fcbbd9 100644 --- a/snap/local/helper-go/go.sum +++ b/snap/local/helper-go/go.sum @@ -1,5 +1,7 @@ github.com/canonical/edgex-snap-hooks/v3 v3.0.0-20230112170125-c0580fb68dab h1:wpiKN0hX8tqeZNa4jPvgyrqP8ixm1Xu7lcQA3bypR7w= github.com/canonical/edgex-snap-hooks/v3 v3.0.0-20230112170125-c0580fb68dab/go.mod h1:RvJ48YbdBPZn7L8OcylOpKIlIJD+nMjo5D7WSnPYusY= +github.com/canonical/edgex-snap-hooks/v3 v3.0.0-20230413215958-a96e2a6a0cc6 h1:VTttaJT+dJBM94EU9c2fCewIv0y7m6PVI4D134Bk6d0= +github.com/canonical/edgex-snap-hooks/v3 v3.0.0-20230413215958-a96e2a6a0cc6/go.mod h1:qGZwprCZGZk2pA9BrleUtSrGrfHIaIz1356p8aqzuN4= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= diff --git a/snap/local/runtime-helpers/bin/service-config-overrides.sh b/snap/local/runtime-helpers/bin/source-env-file.sh similarity index 78% rename from snap/local/runtime-helpers/bin/service-config-overrides.sh rename to snap/local/runtime-helpers/bin/source-env-file.sh index 851addc4c3..57e65c88eb 100755 --- a/snap/local/runtime-helpers/bin/service-config-overrides.sh +++ b/snap/local/runtime-helpers/bin/source-env-file.sh @@ -8,18 +8,17 @@ BINPATH="${ARGV[0]}" # binary name == service name/key SERVICE=$(basename "$BINPATH") -if [ -z $ENV_FILE ]; then - ENV_FILE="$SNAP_DATA/config/$SERVICE/res/$SERVICE.env" -fi +ENV_FILE="$SNAP_DATA/config/$SERVICE/overrides.env" TAG="edgex-$SERVICE."$(basename "$0") if [ -f "$ENV_FILE" ]; then logger --tag=$TAG "sourcing $ENV_FILE" set -o allexport source "$ENV_FILE" set - set +o allexport + set +o allexport else logger --tag=$TAG --stderr "sourcing $ENV_FILE: not found!" fi exec "$@" + diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 1511a88406..22ba422aeb 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: edgexfoundry -base: core20 +base: core22 summary: EdgeX core, security, and supporting components description: Refer to https://snapcraft.io/edgexfoundry adopt-info: edgex-go @@ -38,13 +38,11 @@ confinement: strict apps: # edgex microservices consul: - adapter: full command: bin/start-consul.sh daemon: forking install-mode: disable plugs: [network, network-bind] redis: - adapter: full after: [security-bootstrapper-redis] command: bin/redis-server $CONFIG_FILE $DIR_ARG $SAVE_ARG $BIND_ARG environment: @@ -56,7 +54,6 @@ apps: install-mode: disable plugs: [network, network-bind] vault: - adapter: none command: bin/vault server --config $VAULT_CONFIG daemon: simple install-mode: disable @@ -67,7 +64,6 @@ apps: - network - network-bind vault-cli: - adapter: none command: bin/vault environment: VAULT_CONFIG: "$SNAP_DATA/config/security-secret-store/vault-config.hcl" @@ -76,12 +72,11 @@ apps: - network - network-bind security-secretstore-setup: - adapter: full after: [vault] command: >- bin/security-secretstore-setup --configDir $SNAP_DATA/config/security-secretstore-setup/res $VAULT_INTERVAL command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh post-stop-command: bin/security-secretstore-post-setup.sh daemon: oneshot install-mode: disable @@ -104,13 +99,12 @@ apps: start-timeout: 15m plugs: [network] security-proxy-auth: - adapter: none after: - security-secretstore-setup - consul command: bin/security-proxy-auth --configDir $SNAP_DATA/config/security-proxy-auth/res --configProvider --registry command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: SECRETSTORE_TOKENFILE: $SNAP_DATA/secrets/security-proxy-auth/secrets-token.json daemon: simple @@ -119,12 +113,11 @@ apps: stop-timeout: 10s # This is a simple one-shot service that creates a default TLS key and certificate for NGINX security-bootstrapper-nginx: - adapter: none after: - security-secretstore-setup command: bin/setup-nginx.sh command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh daemon: oneshot install-mode: disable # This is a simple service which calls into vault to retrieve the Redis password and then @@ -133,12 +126,11 @@ apps: # this service exits. In the Docker version, the customized redis' entrypoint.sh performs # the similar actions as described above. security-bootstrapper-redis: - adapter: none after: - security-secretstore-setup command: bin/setup-redis-acl.sh command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env SECRETSTORE_SERVERNAME: localhost @@ -150,12 +142,11 @@ apps: plugs: [network] # This is a one-shot service which sets up consul's ACL and prepare for creating consul's agent tokens later on security-consul-bootstrapper: - adapter: none after: - security-secretstore-setup command: bin/setup-consul-acl.sh command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env STAGEGATE_REGISTRY_HOST: localhost @@ -167,7 +158,6 @@ apps: install-mode: disable plugs: [network] core-data: - adapter: full after: - security-bootstrapper-redis - core-common-config-bootstrapper @@ -175,7 +165,7 @@ apps: - security-consul-bootstrapper command: bin/core-data --configDir $SNAP_DATA/config/core-data/res --configProvider --registry command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: SECRETSTORE_TOKENFILE: $SNAP_DATA/secrets/core-data/secrets-token.json daemon: simple @@ -186,7 +176,6 @@ apps: # https://github.com/edgexfoundry/edgex-go/issues/1306 stop-timeout: 10s core-metadata: - adapter: none after: - security-bootstrapper-redis - core-common-config-bootstrapper @@ -194,7 +183,7 @@ apps: - security-consul-bootstrapper command: bin/core-metadata --configDir $SNAP_DATA/config/core-metadata/res --configProvider --registry command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: SECRETSTORE_TOKENFILE: $SNAP_DATA/secrets/core-metadata/secrets-token.json UOM_UOMFILE: $SNAP_DATA/config/core-metadata/res/uom.yaml @@ -203,7 +192,6 @@ apps: plugs: [network, network-bind] stop-timeout: 10s core-command: - adapter: none after: - security-bootstrapper-redis - core-common-config-bootstrapper @@ -211,7 +199,7 @@ apps: - security-consul-bootstrapper command: bin/core-command --configDir $SNAP_DATA/config/core-command/res --configProvider --registry command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: SECRETSTORE_TOKENFILE: $SNAP_DATA/secrets/core-command/secrets-token.json daemon: simple @@ -219,7 +207,6 @@ apps: plugs: [network, network-bind] stop-timeout: 10s support-notifications: - adapter: none after: - security-bootstrapper-redis - core-common-config-bootstrapper @@ -227,7 +214,7 @@ apps: - security-consul-bootstrapper command: bin/support-notifications --configDir $SNAP_DATA/config/support-notifications/res --configProvider --registry command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: SECRETSTORE_TOKENFILE: $SNAP_DATA/secrets/support-notifications/secrets-token.json daemon: simple @@ -235,7 +222,6 @@ apps: plugs: [network, network-bind] stop-timeout: 10s support-scheduler: - adapter: none after: - security-bootstrapper-redis - core-common-config-bootstrapper @@ -243,7 +229,7 @@ apps: - security-consul-bootstrapper command: bin/support-scheduler --configDir $SNAP_DATA/config/support-scheduler/res --configProvider --registry command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh environment: SECRETSTORE_TOKENFILE: $SNAP_DATA/secrets/support-scheduler/secrets-token.json daemon: simple @@ -251,7 +237,6 @@ apps: plugs: [network, network-bind] stop-timeout: 10s nginx: - adapter: none after: - security-bootstrapper-nginx command: usr/nginx/sbin/nginx -e stderr -p $SNAP_COMMON/nginx -c $SNAP_DATA/nginx/nginx.conf @@ -259,7 +244,7 @@ apps: stop-command: usr/nginx/sbin/nginx -e stderr -p $SNAP_COMMON/nginx -c $SNAP_DATA/nginx/nginx.conf -s quit daemon: simple command-chain: - - bin/service-config-overrides.sh + - bin/source-env-file.sh install-mode: disable plugs: [network, network-bind] stop-timeout: 10s @@ -275,26 +260,21 @@ apps: plugs: [network] # helper commands the snap exposes secrets-config: - adapter: none command: bin/secrets-config --configDir $SNAP_DATA/config/secrets-config/res environment: SECRETSTORE_TOKENFOLDERPATH: $SNAP_DATA/config/security-secretstore-setup/res/ SECRETSTORE_TOKENFILE: resp-init.json plugs: [home, removable-media, network] redis-cli: - adapter: full command: bin/redis-cli plugs: [home, removable-media, network] consul-cli: - adapter: none command: bin/consul plugs: [network, network-bind] curl: - adapter: full command: usr/bin/curl plugs: [network] jq: - adapter: full command: usr/bin/jq plugs: [home, removable-media] @@ -377,10 +357,9 @@ parts: - zlib1g-dev override-build: | cp auto/configure . - snapcraftctl build + craftctl default stage-packages: - - libpcre3 - - libssl1.1 + - libssl-dev - zlib1g stage: - -usr/nginx/conf/nginx.conf @@ -402,9 +381,9 @@ parts: plugin: make after: [go-builder] override-build: | - cd $SNAPCRAFT_PART_SRC + cd $CRAFT_PART_SRC make build - install -DT ./helper-go $SNAPCRAFT_PART_INSTALL/bin/helper-go + install -DT ./helper-go $CRAFT_PART_INSTALL/bin/helper-go consul: plugin: nil @@ -434,7 +413,7 @@ parts: echo "$FILE_HASH $FILE_NAME" > sha256 sha256sum -c sha256 | grep OK - unzip $FILE_NAME -d $SNAPCRAFT_PART_INSTALL + unzip $FILE_NAME -d $CRAFT_PART_INSTALL organize: consul: bin/consul @@ -444,14 +423,14 @@ parts: source-depth: 1 plugin: make make-parameters: - - "PREFIX=$SNAPCRAFT_PART_INSTALL/" + - "PREFIX=$CRAFT_PART_INSTALL/" edgex-go: after: [go-builder] source: . plugin: make override-build: | - cd $SNAPCRAFT_PART_SRC + cd $CRAFT_PART_SRC if git describe ; then VERSION=$(git describe --tags --abbrev=0 | sed 's/v//') @@ -460,7 +439,7 @@ parts: fi # set the version of the snap - snapcraftctl set-version $VERSION + craftctl set version=$VERSION # write version to file for the build echo $VERSION > VERSION @@ -474,20 +453,20 @@ parts: security-proxy-auth security-secretstore-setup security-file-token-provider \ security-bootstrapper secrets-config core-common-config-bootstrapper; do - install -DT "./cmd/$service/$service" "$SNAPCRAFT_PART_INSTALL/bin/$service" + install -DT "./cmd/$service/$service" "$CRAFT_PART_INSTALL/bin/$service" case "$service" in "core-metadata") - install -DT "./cmd/core-metadata/res/configuration.yaml" "$SNAPCRAFT_PART_INSTALL/config/core-metadata/res/configuration.yaml" - install -DT "./cmd/core-metadata/res/uom.yaml" "$SNAPCRAFT_PART_INSTALL/config/core-metadata/res/uom.yaml" + install -DT "./cmd/core-metadata/res/configuration.yaml" "$CRAFT_PART_INSTALL/config/core-metadata/res/configuration.yaml" + install -DT "./cmd/core-metadata/res/uom.yaml" "$CRAFT_PART_INSTALL/config/core-metadata/res/uom.yaml" ;; "core-common-config-bootstrapper") install -DT "./cmd/core-common-config-bootstrapper/res/configuration.yaml" \ - "$SNAPCRAFT_PART_INSTALL/config/core-common-config-bootstrapper/res/configuration.yaml" + "$CRAFT_PART_INSTALL/config/core-common-config-bootstrapper/res/configuration.yaml" ;; "security-file-token-provider") install -DT "./cmd/security-secretstore-setup/res-file-token-provider/configuration.yaml" \ - "$SNAPCRAFT_PART_INSTALL/config/security-file-token-provider/res/configuration.yaml" + "$CRAFT_PART_INSTALL/config/security-file-token-provider/res/configuration.yaml" ;; # For security bootstrapping Redis, we only need the configuration file used for "configureRedis" # as part of the whole "security-bootstrapper". @@ -495,31 +474,31 @@ parts: # yaml file and thus here we install both files. "security-bootstrapper") install -DT "./cmd/security-bootstrapper/res-bootstrap-redis/configuration.yaml" \ - "$SNAPCRAFT_PART_INSTALL/config/security-bootstrapper/res-bootstrap-redis/configuration.yaml" + "$CRAFT_PART_INSTALL/config/security-bootstrapper/res-bootstrap-redis/configuration.yaml" install -DT "./cmd/security-bootstrapper/res/configuration.yaml" \ - "$SNAPCRAFT_PART_INSTALL/config/security-bootstrapper/res/configuration.yaml" + "$CRAFT_PART_INSTALL/config/security-bootstrapper/res/configuration.yaml" ;; # The security-secrets-config doesn't have a default configuration.yaml, but since it shares # the same config as proxy-setup, just use that one. "secrets-config") install -DT "./cmd/secrets-config/res/configuration.yaml" \ - "$SNAPCRAFT_PART_INSTALL/config/secrets-config/res/configuration.yaml" + "$CRAFT_PART_INSTALL/config/secrets-config/res/configuration.yaml" ;; *) - install -DT "./cmd/$service/res/configuration.yaml" "$SNAPCRAFT_PART_INSTALL/config/$service/res/configuration.yaml" + install -DT "./cmd/$service/res/configuration.yaml" "$CRAFT_PART_INSTALL/config/$service/res/configuration.yaml" esac done - install -DT "./Attribution.txt" "$SNAPCRAFT_PART_INSTALL/usr/share/doc/github.com/edgexfoundry/Attribution.txt" - install -DT "./LICENSE" "$SNAPCRAFT_PART_INSTALL/usr/share/doc/github.com/edgexfoundry/LICENSE" + install -DT "./Attribution.txt" "$CRAFT_PART_INSTALL/usr/share/doc/github.com/edgexfoundry/Attribution.txt" + install -DT "./LICENSE" "$CRAFT_PART_INSTALL/usr/share/doc/github.com/edgexfoundry/LICENSE" # install the json config files for security-file-token-provider # # note that the file contents are processed using the real # value of $SNAP_DATA using jq in the install hook cp "./cmd/security-file-token-provider/res/token-config.json" \ - "$SNAPCRAFT_PART_INSTALL/config/security-file-token-provider/res/token-config.json" + "$CRAFT_PART_INSTALL/config/security-file-token-provider/res/token-config.json" build-packages: - zip @@ -553,6 +532,6 @@ parts: echo "$FILE_HASH $FILE_NAME" > sha256 sha256sum -c sha256 | grep OK - unzip $FILE_NAME -d $SNAPCRAFT_PART_INSTALL + unzip $FILE_NAME -d $CRAFT_PART_INSTALL organize: vault: bin/vault