63 lines
2.0 KiB
Bash
63 lines
2.0 KiB
Bash
#!/usr/bin/bash
|
|
|
|
set -euxo pipefail
|
|
|
|
CONFIG=/etc/ironic-inspector/ironic-inspector.conf
|
|
|
|
export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
|
|
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
|
|
|
|
# shellcheck disable=SC1091
|
|
. /bin/tls-common.sh
|
|
# shellcheck disable=SC1091
|
|
. /bin/ironic-common.sh
|
|
# shellcheck disable=SC1091
|
|
. /bin/auth-common.sh
|
|
|
|
if [[ "$USE_IRONIC_INSPECTOR" == "false" ]]; then
|
|
echo "FATAL: ironic-inspector is disabled via USE_IRONIC_INSPECTOR"
|
|
exit 1
|
|
fi
|
|
|
|
wait_for_interface_or_ip
|
|
|
|
IRONIC_INSPECTOR_PORT=${IRONIC_INSPECTOR_ACCESS_PORT}
|
|
if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
|
|
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]] && [[ "${IRONIC_INSPECTOR_PRIVATE_PORT}" != "unix" ]]; then
|
|
IRONIC_INSPECTOR_PORT=$IRONIC_INSPECTOR_PRIVATE_PORT
|
|
fi
|
|
else
|
|
export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
|
|
fi
|
|
|
|
export IRONIC_INSPECTOR_BASE_URL="${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_PORT}"
|
|
export IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"
|
|
|
|
build_j2_config()
|
|
{
|
|
local CONFIG_FILE="$1"
|
|
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$CONFIG_FILE.j2"
|
|
}
|
|
|
|
# Merge with the original configuration file from the package.
|
|
build_j2_config "$CONFIG" | crudini --merge "$CONFIG"
|
|
|
|
configure_inspector_auth
|
|
|
|
configure_client_basic_auth ironic "${CONFIG}"
|
|
|
|
ironic-inspector-dbsync --config-file "${CONFIG}" upgrade
|
|
|
|
if [[ "$INSPECTOR_REVERSE_PROXY_SETUP" == "false" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
|
|
# shellcheck disable=SC2034
|
|
inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
|
|
kill $(pgrep ironic)
|
|
done &
|
|
fi
|
|
|
|
# Make sure ironic traffic bypasses any proxies
|
|
export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
|
|
|
|
# shellcheck disable=SC2086
|
|
exec /usr/bin/ironic-inspector
|