Feature request: Environment variables for database setup in container #1875
Comments
|
Last comment in the discussion: |
|
Hey @mikaelparkefelt thanks for opening this feature request. We can look into adding features to the step-ca container entrypoint to configure the CA to use PostgreSQL but in the meantime, I actually configure my step-ca container after the initial setup with this bash snipit from my automation scripts. It should be a stopgap for users that want to automate launching step-ca with PostgreSQL support. You will need You need to restart the step-ca container once the Please note that this creates a fresh database in PostgreSQL and there is no path to import your existing BadgerDB currently. # Update ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json to use PostgreSQL
if [ "${STEPCA_DATABASE}" = "postgres" ]; then
CURRENT_STEPCA_DB_TYPE=$(jq -r .db.type < ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json)
if [ "${CURRENT_STEPCA_DB_TYPE}" != "postgresql" ]; then
cat ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json | jq -r --arg STEPCA_POSTGRES_USER ${STEPCA_POSTGRES_USER} \
--arg STEPCA_POSTGRES_PASSWORD ${STEPCA_POSTGRES_PASSWORD} \
--arg STEPCA_POSTGRES_HOST ${STEPCA_POSTGRES_HOST} \
--arg STEPCA_POSTGRES_PORT ${STEPCA_POSTGRES_PORT} \
'.db = {"type": "postgresql", "dataSource": "postgresql://\($STEPCA_POSTGRES_USER):\($STEPCA_POSTGRES_PASSWORD)@\($STEPCA_POSTGRES_HOST):\($STEPCA_POSTGRES_PORT)/", "database": "stepca"}'\
|sponge ${SELFHOST_APP_DATA_DIR}/stepca/config/ca.json
# podman restart ${SELFHOST_APP_NAME}-app
# rm -rf ${SELFHOST_APP_DATA_DIR}/stepca/db
fi
fi |
|
@jdoss Hi, Thanks for your response.... I have figure out that I can run It work but it is not very easy to understand and maintain. So the feature is very important to me that there is a initial configuration that will use any of the supported database. Then for the next problem I have had is that you use the same password every where and it needs to be a command to change a them in an easy way. For Providers it it not very simple and the instructions has a lot of steps and there should be only one command that will change the password for them. Please tell me how to automate the change of password for the providers? |
Discussed in #1428
Originally posted by btrepp June 11, 2023
Hi there,
First of, this tool is amazing, an ACME provider that I can easily manage private certificates, its a great missing piece for hobby labs!.
I've been integrating it with my k8s setup, and made some of the manifests/kustomizations https://git.sr.ht/~btrepp/environment/tree/main/item/dist/step-ca/latest/base
One of the issues I've encountered, is there doesn't seem to be an easy way to container the docker container to use a database instead of the badger DB. My motivation to do this is that I already have some postgres bases that use rsnapshot to ensure I have backups, at the moment with a StatefulSet/PVC provisioner it works okay, but its fairly easy to 'remove' your pvc and potentially lose your data :).
It would be great if the docker container could be pointed to databases as env vars (I've tried to look at the entry point, and it doesn't look like this is supported yet). That way it's easy to keep the data backed up if needed, plus also easy to run the step-ca as a deployment that could scale, and leave postgres as a stateful set for persistence.
The text was updated successfully, but these errors were encountered: