Skip to content

Update entrypoint script #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MatteoGioioso wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update entrypoint script #18

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
125d4c6
Update entrypoint script
Apr 25, 2022
ffbb421
updat entrypoint script
Jul 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pgpool.docker/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ function generate_certs() {
echo -e "\n" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
echo "ssl_key = '${PGPOOL_INSTALL_DIR}/tls/tls.key'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
echo "ssl_cert = '${PGPOOL_INSTALL_DIR}/tls/tls.crt'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
echo "ssl_ca_cert = '${PGPOOL_INSTALL_DIR}/tls/root.crt'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
Copy link
Collaborator

@pengbo0328 pengbo0328 May 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MatteoGioioso Sorry for the late response.
If root.crt doesn't exist, you should skip this step.

if [[ -f "${PGPOOL_INSTALL_DIR}/tls/root.crt" ]]; then
    echo "ssl_ca_cert = '${PGPOOL_INSTALL_DIR}/tls/root.crt'" >> ${PGPOOL_INSTALL_DIR}/etc/pgpool.conf
fi

If user doesn't provide their own certs, this docker image will generate a self-signed certificate.
Could you add the commands to generate the root CA in

pgpool2_on_k8s/pgpool.docker/entrypoint.sh

Line 153 in 125d4c6

echo "Generating self-signed certificate..."

Copy link
Author

@MatteoGioioso MatteoGioioso Jul 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pengbo0328 hey, so sorry for the long wait.

If root.crt doesn't exist, you should skip this step.

Yes, I will do

Could you add the commands to generate the root CA in

Correct me if I am wrong, but the CA is needed only in case PostgreSQL has certificates as well and we want to verify-ca or verify-full from pgpool. If the user does not provide its own certs then we should just generate the self-signed pairs without the CA;

Copy link
Author

@MatteoGioioso MatteoGioioso Nov 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pengbo0328 Hello, any update on this? Thanks

Copy link
Collaborator

@pengbo0328 pengbo0328 Nov 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MatteoGioioso Sorry for the late response.

Correct me if I am wrong, but the CA is needed only in case PostgreSQL has certificates as well and we want to verify-ca or verify-full from pgpool. If the user does not provide its own certs then we should just generate the self-signed pairs without the CA;

Yes. You are correct.
Let's generate the self-signed pairs without the CA if users don't provide their own certs.

}

validate_pgpool_settings() {
Expand Down