Skip to content

Update entrypoint script #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MatteoGioioso wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update entrypoint script #18

MatteoGioioso wants to merge 2 commits into from

Conversation

@MatteoGioioso
Copy link

@MatteoGioioso MatteoGioioso commented Apr 25, 2022
edited
Loading

add support for ssl_ca_cert

#17

Update entrypoint script
125d4c6 
add support for ssl_ca_cert
pengbo0328
pengbo0328 reviewed May 24, 2022
View reviewed changes
pgpool.docker/entrypoint.sh Outdated
echo -e "\n" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
echo "ssl_key = '${PGPOOL_INSTALL_DIR}/tls/tls.key'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
echo "ssl_cert = '${PGPOOL_INSTALL_DIR}/tls/tls.crt'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
echo "ssl_ca_cert = '${PGPOOL_INSTALL_DIR}/tls/root.crt'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
Copy link
Collaborator

@pengbo0328 pengbo0328 May 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MatteoGioioso Sorry for the late response.
If root.crt doesn't exist, you should skip this step.

if [[ -f "${PGPOOL_INSTALL_DIR}/tls/root.crt" ]]; then
    echo "ssl_ca_cert = '${PGPOOL_INSTALL_DIR}/tls/root.crt'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
fi

If user doesn't provide their own certs, this docker image will generate a self-signed certificate.
Could you add the commands to generate the root CA in

pgpool2_on_k8s/pgpool.docker/entrypoint.sh

Line 153 in 125d4c6

echo "Generating self-signed certificate..."

Copy link
Author

@MatteoGioioso MatteoGioioso Jul 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pengbo0328 hey, so sorry for the long wait.

If root.crt doesn't exist, you should skip this step.

Yes, I will do

Could you add the commands to generate the root CA in

Correct me if I am wrong, but the CA is needed only in case PostgreSQL has certificates as well and we want to verify-ca or verify-full from pgpool. If the user does not provide its own certs then we should just generate the self-signed pairs without the CA;

Copy link
Author

@MatteoGioioso MatteoGioioso Nov 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pengbo0328 Hello, any update on this? Thanks

Copy link
Collaborator

@pengbo0328 pengbo0328 Nov 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MatteoGioioso Sorry for the late response.

Correct me if I am wrong, but the CA is needed only in case PostgreSQL has certificates as well and we want to verify-ca or verify-full from pgpool. If the user does not provide its own certs then we should just generate the self-signed pairs without the CA;

Yes. You are correct.
Let's generate the self-signed pairs without the CA if users don't provide their own certs.

updat entrypoint script
ffbb421 
if user does not provide root.crt we will not write the
paramenter in pgpool.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pengbo0328 pengbo0328 pengbo0328 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MatteoGioioso @pengbo0328