support turning pki feature on and off via FEATURES=pki

Signed-off-by: Reuben Miller <reuben.d.miller@gmail.com>

images/common/utils/enroll/enroll.sh

@@ -34,6 +34,20 @@ if [ "$INHERIT_ENV" = 1 ]; then
     . /etc/container.env
 fi
 
+has_feature() { echo "${FEATURES:-}" | grep -qw "$1"; }
+
+if ! has_feature "pki"; then
+    echo "Enrolling device without mtls" >&2
+    if [ -z "$TEDGE_MQTT_DEVICE_TOPIC_ID" ]; then
+        TOPIC_ID="device/$(hostname)//"
+        echo "Setting mqtt.device_topic_id based on hostname: $TOPIC_ID" >&2
+        tedge config set mqtt.device_topic_id "$TOPIC_ID"
+    fi
+    exit 0
+fi
+
+echo "Enrolling device with mtls (using a local PKI)" >&2
+
 
 PROVISION_PASSWORD="${PROVISION_PASSWORD:-}"
 PROVISION_PASSWORD_FILE=${PROVISION_PASSWORD_FILE:-/etc/provisioner_password}

images/common/utils/init-pki/init-pki.sh

@@ -16,4 +16,12 @@ set -a
 . /etc/container.env
 set +a
 
-step-ca-init.sh
+has_feature() { echo "${FEATURES:-}" | grep -qw "$1"; }
+
+if has_feature "pki"; then
+    echo "Initializing pki" >&2
+    step-ca-init.sh
+else
+    echo "The 'pki' feature is not enabled" >&2
+fi
+

images/debian-systemd/docker-compose.yaml

@@ -27,6 +27,7 @@ services:
       - DEVICE_ID=${DEVICE_ID:-}
       - C8Y_BASEURL=${C8Y_BASEURL:-}
       - C8Y_USER=${C8Y_USER:-}
+      - FEATURES=${FEATURES:-"pki"}
       - PROVISION_PASSWORD=${PROVISION_PASSWORD:-dummy}
     volumes:
       - etc:/etc
@@ -44,6 +45,7 @@ services:
   child01:
     <<: *child-container
     environment:
+      - FEATURES=${FEATURES:-"pki"}
       - PROVISION_PASSWORD=${PROVISION_PASSWORD:-dummy}
     hostname: child01
     volumes:
@@ -54,6 +56,7 @@ services:
     <<: *child-device-systemd
     hostname: child02
     environment:
+      - FEATURES=${FEATURES:-"pki"}
       - PROVISION_PASSWORD=${PROVISION_PASSWORD:-dummy}
     volumes:
       - child02_etc:/etc