Files
step-ca_postgres/init.sh

50 lines
1.6 KiB
Bash
Executable File

#!/bin/sh
set -e
CONFIG_FILE="/home/step/config/ca.json"
MARKER="/home/step/.postgres-configured"
POSTGRES_PASSWORD=$(cat /run/secrets/postgres_password)
# If already configured, start normally with PostgreSQL
if [ -f "$MARKER" ]; then
echo "✅ PostgreSQL already configured, starting step-ca..."
echo $(cat $CONFIG_FILE)
exec step-ca "$CONFIG_FILE"
fi
# If ca.json does not exist yet, perform full initialization
if [ ! -f "$CONFIG_FILE" ]; then
echo "🔄 Running step ca init (with Badger temporarily)..."
# Use Docker secrets directly (mounted at /run/secrets/password)
step ca init \
--name="${DOCKER_STEPCA_INIT_NAME}" \
--dns="${DOCKER_STEPCA_INIT_DNS_NAMES}" \
--address=:9000 \
--provisioner="${DOCKER_STEPCA_INIT_PROVISIONER_NAME}" \
--password-file=/run/secrets/password \
--provisioner-password-file=/run/secrets/password \
--ssh \
--acme \
--remote-management\
--admin-subject="${DOCKER_STEPCA_INIT_ADMIN_SUBJECT}"
echo "✅ Init complete, certificates generated"
touch "$MARKER"
fi
# Now modify ca.json to use PostgreSQL
echo "🔧 Replacing Badger with PostgreSQL in ca.json..."
jq --arg datasource "postgresql://stepca:${POSTGRES_PASSWORD}@postgres:5432/stepca?sslmode=disable" \
'del(.db) | . + {db: {type: "postgresql", dataSource: $datasource}}' \
"$CONFIG_FILE" > "${CONFIG_FILE}.tmp"
mv "${CONFIG_FILE}.tmp" "$CONFIG_FILE"
# Mark as configured
touch "$MARKER"
echo "✅ PostgreSQL configured, starting step-ca with PostgreSQL backend..."
exec step-ca "$CONFIG_FILE" --password-file=/run/secrets/password