add support for built-in unit tls

2022-06-23 10:10:43 -06:00 · 2022-06-23 10:10:43 -06:00 · 8bc52f2cea
parent d5093201ee
commit 8bc52f2cea
1 changed files with 53 additions and 16 deletions
--- a/docker/launch-netbox.sh
+++ b/docker/launch-netbox.sh
@ -1,8 +1,35 @@
 #!/bin/bash

-UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}"
 UNIT_SOCKET="/opt/unit/unit.sock"

+put_config() {
+  RET=$(
+    curl \
+    --silent \
+    --write-out '%{http_code}' \
+    --request PUT \
+    --data-binary "@$1" \
+    --unix-socket $UNIT_SOCKET \
+    http://localhost/$2
+  )
+  RET_BODY=${RET::-3}
+  RET_STATUS=$(echo $RET | tail -c 4)
+
+  echo $RET
+
+  if [ "$RET_STATUS" -ne "200" ]; then
+      echo "⚠️ Error: Failed to load configuration from $1"
+      ( echo "HTTP response status code is '$RET_STATUS'"
+        echo "$RET_BODY"
+      ) | sed 's/^/  /'
+
+      kill "$(cat /opt/unit/unit.pid)"
+      return 1
+  fi
+
+  return 0
+}
+
 load_configuration() {
  MAX_WAIT=10
  WAIT_COUNT=0
@ -22,27 +49,37 @@ load_configuration() {
  # this curl call will get a reply once unit is fully launched
  curl --silent --output /dev/null --request GET --unix-socket $UNIT_SOCKET http://localhost/

-  echo "⚙️ Applying configuration from $UNIT_CONFIG"
+  if [[ -n "$UNIT_CONFIG" ]] && [[ -s "$UNIT_CONFIG" ]]; then
+    echo "⚠️ The UNIT_CONFIG environment variable is deprecated. All *.pem and *.json files in /etc/unit will be loaded automatically when UNIT_CONFIG is undefined."
+    echo "⚙️ Applying configuration from UNIT_CONFIG environment variable: $UNIT_CONFIG"
+    put_config $UNIT_CONFIG "config" || return 1
+  else
+    echo "🔍 Looking for certificate bundles in /etc/unit/..."
+    for f in $(find /etc/unit/ -type f -name "*.pem"); do
+      echo "⚙️ Uploading certificates bundle: $f"
+      put_config $f "certificates/$(basename $f .pem)" || return 1
+    done

-  RESP_CODE=$(
-    curl \
-      --silent \
-      --output /dev/null \
-      --write-out '%{http_code}' \
-      --request PUT \
-      --data-binary "@${UNIT_CONFIG}" \
-      --unix-socket $UNIT_SOCKET \
-      http://localhost/config
-  )
-  if [ "$RESP_CODE" != "200" ]; then
-    echo "⚠️ Could no load Unit configuration"
-    kill "$(cat /opt/unit/unit.pid)"
-    return 1
+    echo "🔍 Looking for configuration snippets in /etc/unit/..."
+    for f in $(find /etc/unit/ -type f -name "*.json"); do
+      echo "⚙️ Applying configuration $f";
+      put_config $f "config" || return 1
+    done
+
+    # warn on filetypes we don't know what to do with
+    for f in $(find /etc/unit/ -type f -not -name "*.json" -not -name "*.pem"); do
+      echo "↩️ Ignoring $f";
+    done
  fi

  echo "✅ Unit configuration loaded successfully"
 }

+if [ -n "$(ls -A /opt/unit/state)" ]; then
+  echo "💣 Clearing previous unit state from /opt/unit/state"
+  rm -r /opt/unit/state/*
+fi
+
 load_configuration &

 exec unitd \