-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstartup.sh
85 lines (75 loc) · 3.19 KB
/
startup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash
# External volume directory
EXT_VOL_CERT_DIR="/opt/stackql/srv/credentials"
# Fallback local directory
LOCAL_CERT_DIR="/usr/local/certs"
# Directory to hold certificates
CERT_DIR=""
# Function to check and set the CERT_DIR
set_cert_dir() {
# Check if external volume directory is accessible
if [ -d "$EXT_VOL_CERT_DIR" ] && [ -w "$EXT_VOL_CERT_DIR" ]; then
echo "Using external volume for certificates."
CERT_DIR="$EXT_VOL_CERT_DIR"
else
echo "External volume is not accessible. Using local directory for certificates."
# Create local directory if it does not exist
mkdir -p "$LOCAL_CERT_DIR"
CERT_DIR="$LOCAL_CERT_DIR"
fi
}
# Check if certificates and keys are present in the environment variables or the directory
check_certs_and_keys() {
local server_cert="$CERT_DIR/server_cert.pem"
local server_key="$CERT_DIR/server_key.pem"
local client_cert="$CERT_DIR/client_cert.pem"
if [ -z "$SERVER_CERT" ] || [ -z "$SERVER_KEY" ] || [ -z "$CLIENT_CERT" ]; then
if [ ! -f "$server_cert" ] || [ ! -f "$server_key" ] || [ ! -f "$client_cert" ]; then
echo "Certificates or keys are missing."
exit 1
fi
else
echo "$SERVER_CERT" | base64 -d > "$server_cert"
echo "$SERVER_KEY" | base64 -d > "$server_key"
echo "$CLIENT_CERT" | base64 -d > "$client_cert"
fi
# Set permissions for the certificates and keys
chmod 600 "$server_cert" "$server_key" "$client_cert"
}
# Function to start StackQL with or without mTLS
start_stackql() {
# Initialize debug arguments
local debug_args=""
# Check if DEBUG mode is enabled
if [ "$DEBUG" = "true" ]; then
debug_args="--loglevel=debug --pgsrv.loglevel=DEBUG"
fi
if [ "$SECURE_MODE" = "true" ]; then
echo "Running with mTLS..."
set_cert_dir
check_certs_and_keys
CLIENT_CA_ENCODED=$(base64 -w 0 "$CERT_DIR/client_cert.pem")
# Start the server with TLS configuration and potentially debug arguments
/srv/stackql/stackql srv --approot=/srv/stackql/.stackql \
--pgsrv.port=$PGSRV_PORT \
--sqlBackend="{\"dbEngine\": \"postgres_tcp\", \"sqlDialect\": \"postgres\", \"dsn\": \"postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}\"}" \
--pgsrv.tls="{ \
\"keyFilePath\": \"$CERT_DIR/server_key.pem\", \
\"certFilePath\": \"$CERT_DIR/server_cert.pem\", \
\"clientCAs\": [\"$CLIENT_CA_ENCODED\"] \
}" $debug_args
else
echo "Running without mTLS..."
# Start the server without TLS configuration but with potentially debug arguments
/srv/stackql/stackql srv --approot=/srv/stackql/.stackql \
--pgsrv.port=$PGSRV_PORT \
--sqlBackend="{\"dbEngine\": \"postgres_tcp\", \"sqlDialect\": \"postgres\", \"dsn\": \"postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}\"}" $debug_args
fi
}
# Start PostgreSQL if running locally
if [ "$POSTGRES_HOST" = "127.0.0.1" ]; then
echo "Running in local mode..."
/usr/local/bin/docker-entrypoint.sh postgres &
fi
# Start StackQL
start_stackql