diff options
| author | Victor Näslund <victor@sunet.se> | 2022-11-16 19:09:46 +0100 |
|---|---|---|
| committer | Victor Näslund <victor@sunet.se> | 2022-11-16 19:09:46 +0100 |
| commit | 43e87d84b15d12d52a4dcde6e80426cbd17e3d6f (patch) | |
| tree | 18cef29b77973053522a67677121789ebe032285 /data | |
| parent | 4a56b3aae4114db731eff725e2c6292371a9b8ae (diff) | |
auth and CLI done
Diffstat (limited to 'data')
| -rw-r--r-- | data/api_keys.txt | 2 | ||||
| -rw-r--r-- | data/collector-dev.soc.sunet.se.crt | 12 | ||||
| -rw-r--r-- | data/collector-dev.soc.sunet.se.key | 3 | ||||
| -rw-r--r-- | data/collector_container/Dockerfile | 15 | ||||
| -rw-r--r-- | data/collector_root_ca.crt | 13 | ||||
| -rw-r--r-- | data/mongodb_container/Dockerfile | 4 |
6 files changed, 41 insertions, 8 deletions
diff --git a/data/api_keys.txt b/data/api_keys.txt new file mode 100644 index 0000000..8cc5dd6 --- /dev/null +++ b/data/api_keys.txt @@ -0,0 +1,2 @@ +ca7dd92d5a83c9e92b935888d390e919f6b0d0511a569b5373a19c332880fcde;john +bb6b4de1e9839224daf4cdfd6aad5af667655fafc48d7622e80428436ffe0462;victor diff --git a/data/collector-dev.soc.sunet.se.crt b/data/collector-dev.soc.sunet.se.crt new file mode 100644 index 0000000..f75b2a1 --- /dev/null +++ b/data/collector-dev.soc.sunet.se.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBuzCCAW2gAwIBAgIUUARU/fxpFlGCHCwdw6rQS8gDkyAwBQYDK2VwMGsxCzAJ +BgNVBAYTAlNFMRMwEQYDVQQIDApTb21lLVN0YXRlMQ4wDAYDVQQKDAVTVU5FVDES +MBAGA1UECwwJU1VORVQgU09DMSMwIQYDVQQDDBpjb2xsZWN0b3ItZGV2LnNvYy5z +dW5ldC5zZTAeFw0yMjExMTYxNTI5NDVaFw0yNzExMTYxNTI5NDVaMDIxCzAJBgNV +BAYTAlNFMSMwIQYDVQQDDBpjb2xsZWN0b3ItZGV2LnNvYy5zdW5ldC5zZTAqMAUG +AytlcAMhALL1Lx4uRNrYjx3Z/Z41C1BruCOL6slqk2sqz2s0yghIo1wwWjALBgNV +HQ8EBAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNgYDVR0RBC8wLYIaY29sbGVj +dG9yLWRldi5zb2Muc3VuZXQuc2WCCWxvY2FsaG9zdIcEWS+5nzAFBgMrZXADQQBH +g3Yysjjch6OkG/Vo7PyDUg3NlDqbDMktucxDaHLgPkLF508fHNLUhh3LAWn376dr +RULOF42AyfSYQY1WpDgB +-----END CERTIFICATE----- diff --git a/data/collector-dev.soc.sunet.se.key b/data/collector-dev.soc.sunet.se.key new file mode 100644 index 0000000..dcb55bb --- /dev/null +++ b/data/collector-dev.soc.sunet.se.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIMbi6GqNxlAvNiRNgYa8hR1F0br8gFhPgJU1hru/n6PO +-----END PRIVATE KEY----- diff --git a/data/collector_container/Dockerfile b/data/collector_container/Dockerfile index 0641587..a35b2cb 100644 --- a/data/collector_container/Dockerfile +++ b/data/collector_container/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-20221024-slim@sha256:76cdda8fe5eb597ef5e712e4c9a9f5f1fb119e69f353daaa7bd6d0f6e66e541d +FROM debian:bullseye-20221114-slim@sha256:df172d92d287ec4d4a538e5db8026fcde5f91f5f90061423d69d6148ff05cc47 EXPOSE 8000 @@ -21,21 +21,24 @@ RUN apt-get update \ RUN find / -xdev -perm /6000 -type f -exec chmod a-s {} \; || true # Add user -RUN useradd collector -u 1500 -s /usr/sbin/nologin +RUN useradd soc_collector -u 1500 -s /usr/sbin/nologin COPY ./src /app/src COPY ./data/logging.json /app/logging.json +COPY ./data/collector-dev.soc.sunet.se.crt /app/collector-dev.soc.sunet.se.crt +COPY ./data/collector-dev.soc.sunet.se.key /app/collector-dev.soc.sunet.se.key +COPY ./data/collector_root_ca.crt /app/collector_root_ca.crt +COPY ./data/api_keys.txt /app/api_keys.txt WORKDIR /app/ -USER collector +USER soc_collector # Add healthcheck HEALTHCHECK --interval=2m --timeout=15s --retries=1 --start-period=30s \ - CMD sh ./src/collector/healthcheck.sh COLLECTOR || bash -c 'kill -s 15 1 && (sleep 7; kill -s 9 1)' - -ENTRYPOINT ["uvicorn", "src.collector.main:app", "--log-config", "./logging.json", "--host", "0.0.0.0", "--workers", "1", "--header", "server:collector"] + CMD sh ./src/soc_collector/healthcheck.sh COLLECTOR || bash -c 'kill -s 15 1 && (sleep 7; kill -s 9 1)' +ENTRYPOINT ["uvicorn", "src.soc_collector.main:app", "--log-config", "./logging.json", "--host", "0.0.0.0", "--port", "8000", "--ssl-keyfile", "./collector-dev.soc.sunet.se.key", "--ssl-certfile", "./collector-dev.soc.sunet.se.crt", "--ssl-version", "2", "--workers", "1", "--header", "server:collector"] diff --git a/data/collector_root_ca.crt b/data/collector_root_ca.crt new file mode 100644 index 0000000..b9cddf1 --- /dev/null +++ b/data/collector_root_ca.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB6zCCAZ2gAwIBAgIUXbzkTFrPe+rAKscqzHHB+Kr6oDQwBQYDK2VwMGsxCzAJ +BgNVBAYTAlNFMRMwEQYDVQQIDApTb21lLVN0YXRlMQ4wDAYDVQQKDAVTVU5FVDES +MBAGA1UECwwJU1VORVQgU09DMSMwIQYDVQQDDBpjb2xsZWN0b3ItZGV2LnNvYy5z +dW5ldC5zZTAeFw0yMjExMTYxNTI0NDdaFw0yNzExMTUxNTI0NDdaMGsxCzAJBgNV +BAYTAlNFMRMwEQYDVQQIDApTb21lLVN0YXRlMQ4wDAYDVQQKDAVTVU5FVDESMBAG +A1UECwwJU1VORVQgU09DMSMwIQYDVQQDDBpjb2xsZWN0b3ItZGV2LnNvYy5zdW5l +dC5zZTAqMAUGAytlcAMhAFBwDjb3i5fjxrbcFOMXTZfKnIDx6h9XiojAXPXD/VpD +o1MwUTAdBgNVHQ4EFgQUlY3rq7wlYJwaiTED1AJUTnevhxUwHwYDVR0jBBgwFoAU +lY3rq7wlYJwaiTED1AJUTnevhxUwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCL +9S14sR+y0AbHMTmC2BzuLmwPexK23VDgZemCRiBwR1DZ8x5Vzd/IR+WqmUaFhGPv +utaY9PGGHZoZtrbb5WEE +-----END CERTIFICATE----- diff --git a/data/mongodb_container/Dockerfile b/data/mongodb_container/Dockerfile index f37d2a3..e163593 100644 --- a/data/mongodb_container/Dockerfile +++ b/data/mongodb_container/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-20221024-slim@sha256:76cdda8fe5eb597ef5e712e4c9a9f5f1fb119e69f353daaa7bd6d0f6e66e541d +FROM debian:bullseye-20221114-slim@sha256:df172d92d287ec4d4a538e5db8026fcde5f91f5f90061423d69d6148ff05cc47 EXPOSE 27017 @@ -20,7 +20,7 @@ RUN find / -xdev -perm /6000 -type f -exec chmod a-s {} \; || true COPY ./data/mongodb_entrypoint.sh /mongodb_entrypoint.sh COPY ./data/init-mongodb.js /init-mongodb.js COPY ./data/healthcheck-mongodb.js /healthcheck-mongodb.js -COPY ./src/collector/healthcheck.sh /healthcheck.sh +COPY ./src/soc_collector/healthcheck.sh /healthcheck.sh USER mongodb |