API tools faq
paste
Guest User

Untitled

a guest
Jun 24th, 2018
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.45 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env bash
  2. set -e
  3.  
  4. # ./docker_secret_update.sh --stack=hudx_local2 --service=lucee --secret=fr_admin_password --value=foobar
  5.  
  6. while :
  7. do
  8. case $1 in
  9. --stack=*)
  10. stack=${1#*=}
  11. shift
  12. ;;
  13. --service=*)
  14. service=${1#*=}
  15. shift
  16. ;;
  17. --secret=*)
  18. secret=${1#*=}
  19. shift
  20. ;;
  21. --value=*)
  22. value=${1#*=}
  23. shift
  24. ;;
  25. --) # End of all options
  26. shift
  27. break
  28. ;;
  29. -*)
  30. echo "WARN: Unknown option (ignored): $1" >&2
  31. shift
  32. ;;
  33. *) # no more options. Stop while loop
  34. break
  35. ;;
  36. esac
  37. done
  38.  
  39. if [ -z "$stack" ] || [ -z "$service" ] || [ -z "$secret" ] || [ -z "$value" ]; then
  40. echo "Must provide --stack <stack_name> --service <service_name> --secret <secret_nane> --value <secret_value>" 1>&2
  41. exit 1
  42. fi
  43.  
  44. # green echo
  45. function myecho {
  46. BLACK=`tput setaf 0`
  47. RED=`tput setaf 1`
  48. GREEN=`tput setaf 2`
  49. YELLOW=`tput setaf 3`
  50. BLUE=`tput setaf 4`
  51. MAGENTA=`tput setaf 5`
  52. CYAN=`tput setaf 6`
  53. WHITE=`tput setaf 7`
  54.  
  55. BOLD=`tput bold`
  56. RESET=`tput sgr0`
  57.  
  58. echo -e "${GREEN}$1${RESET}"
  59. }
  60.  
  61. secret_name=$secret
  62. secret_value=$value
  63.  
  64. new_secret_version=_v-$(uuidgen)
  65.  
  66. stack_service=${stack}_${service}
  67. stack_secret_name=${stack}_${secret_name}
  68.  
  69. stack_secret_name_old_version=$(docker service inspect --format "
  70. {{range .Spec.TaskTemplate.ContainerSpec.Secrets}}
  71. {{if eq .File.Name \"$secret_name\"}}
  72. {{.SecretName}}
  73. {{end}}
  74. {{end}}
  75. " "$stack_service" | tr -d '[:space:]' )
  76.  
  77. myecho "the existing service secret is named: $stack_secret_name_old_version"
  78.  
  79. # create new secret name; trim down to 64 characters (docker secret name limit)
  80. stack_secret_name_new_version=$( echo ${stack}_${secret_name}${new_secret_version} | cut -c1-64 )
  81.  
  82. myecho "creating new secret: $stack_secret_name_new_version"
  83. echo -n "$secret_value" | docker secret create "$stack_secret_name_new_version" - > /dev/null
  84.  
  85. myecho "remove old secret, add new, & bring up updated service"
  86. docker service update \
  87. --secret-rm "$stack_secret_name_old_version" \
  88. --secret-add src="$stack_secret_name_new_version",target="$secret_name" \
  89. "$stack_service"
  90.  
  91. myecho "find old secret versions"
  92. # todo: if we ever get into rolling back, will this cause problems?
  93. secrets_to_remove=$(
  94. docker secret ls --filter name="${stack_secret_name}_v-" --format='{{.Name}}' -q \
  95. | grep -v "$stack_secret_name_new_version"
  96. )
  97. myecho "clean up old secret versions"
  98. docker secret rm $secrets_to_remove || true
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!