Comments (1)
It is no longer possible to implement the ability to create users by their public key (via apps.secrets-config.proxy.admin.public-key
option). The new secrets-config CLI only allows generation of users with system-generated passwords.
apps.secrets-config.proxy.tls.snis
is no longer supported.
For the remaining apps.secrets-config.proxy.tls.cert
and apps.secrets-config.proxy.tls.key
, a simpler solution is to directly replace the nginx files. This can be done either:
- manually followed by reloading nginx
- via a Snap content interface. In this case, if the provider snap is connected after nginx startup, an nginx reload is required. If the provider snap is connected beforehands, nginx would start with the replaced key and certificate.
Overview of the nginx files:
sudo tree /var/snap/edgexfoundry/current/nginx/
/var/snap/edgexfoundry/current/nginx/
├── conf.d
│ ├── edgex-custom-rewrites.inc
│ └── edgex-default.conf
├── nginx.conf
├── nginx.crt
└── nginx.key
1 directory, 5 files
The path to private key and certificate are set in /var/snap/edgexfoundry/current/nginx/conf.d/edgex-default.conf
:
...
server {
listen 127.0.0.1:8000; # Snap listen insecure on localhost only
listen 8443 ssl;
ssl_certificate "/var/snap/edgexfoundry/current/nginx/nginx.crt";
ssl_certificate_key "/var/snap/edgexfoundry/current/nginx/nginx.key";
ssl_session_tickets off;
I will close this issue in favor of removing the secrets-config wrappers. The triggering of CLI commands via snap options is a complicated solution involving a conditional configuration logic because these are applied after services start rather than before like all config options. Moreover, it involves state management because we don't want to replace the files every time a snap option is changed. We do the state management right now with the help of a semaphore file.
from edgex-snap-hooks.
Related Issues (20)
- snapctl command error logs not returned to the caller
- Add logging functions with string formatting
- Warn function logs as syslog error
- Rename ProcessOptions to separate the functionality HOT 2
- Not possible to replace or remove env variables using options HOT 1
- Tests should cleanup snap options HOT 2
- snap `unset` is doing `set` with an empty value HOT 8
- Only using `unset apps` and `unset config` together will do the expected `unset apps`' job HOT 2
- Reject dot separator in config keys
- Setting a bad app key removes other keys from env file HOT 1
- Invalid .env files created and processed by snaps HOT 1
- Env files not removed after disabling app options
- Non-config options validation
- Upgrade snaps to use v2.2.0
- Add function to copy a directory
- Fail to write temp env file because of missing directory
- Env file created even when no environment variables are written HOT 2
- Dependency Dashboard
- Remove broken secrets-config wrapper snap options
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from edgex-snap-hooks.