Fix variable substitution in users_database.yml to preserve password hashes
- Modified load_env_file_safely to prevent expansion of $ in .env values - Updated localize_users_database_file to handle nested variables correctly - Added fresh template copying in deploy-core.sh to ensure reliable processing - Fixed password hash corruption during deployment
This commit is contained in:
Kelin
55
docker-compose/core/deploy-core.sh
Executable file
55
docker-compose/core/deploy-core.sh
Executable file
@@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
# Deploy core stack script
|
||||
# Run from /opt/stacks/core/
|
||||
|
||||
set -e
|
||||
|
||||
# Source common functions
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
REPO_DIR="/home/kelin/EZ-Homelab" # Fixed repo path since script runs from /opt/stacks/core
|
||||
source "$REPO_DIR/scripts/common.sh"
|
||||
|
||||
log_info "Deploying core stack..."
|
||||
|
||||
# Load environment
|
||||
load_env_file_safely .env
|
||||
|
||||
# Copy fresh templates
|
||||
cp "$REPO_DIR/docker-compose/core/authelia/secrets/users_database.yml" "./authelia/secrets/users_database.yml"
|
||||
|
||||
# Localize labels in compose file (only replaces variables in labels, not environment sections)
|
||||
localize_compose_labels docker-compose.yml
|
||||
|
||||
# Localize config files - Process all YAML config files (excluding docker-compose.yml)
|
||||
# This performs FULL variable replacement on config files like:
|
||||
# - authelia/config/configuration.yml
|
||||
# - authelia/secrets/users_database.yml <- HANDLED SPECIALLY to preserve password hashes
|
||||
# - traefik/dynamic/*.yml
|
||||
#
|
||||
# Why exclude docker-compose.yml?
|
||||
# - It was already processed above with localize_compose_labels (labels-only replacement)
|
||||
# - Config files need full replacement (including nested variables) while compose labels
|
||||
# should only have selective replacement to avoid Docker interpreting $ characters
|
||||
#
|
||||
# The localize_config_file function uses envsubst with recursive expansion to handle
|
||||
# nested variables like ${AUTHELIA_ADMIN_PASSWORD_HASH} or ${SERVICE_NAME}.${DOMAIN}
|
||||
# The localize_users_database_file function handles password hashes specially to avoid corruption
|
||||
for config_file in $(find . -name "*.yml" -o -name "*.yaml" | grep -v docker-compose.yml); do
|
||||
if [[ "$config_file" == *"users_database.yml" ]]; then
|
||||
localize_users_database_file "$config_file"
|
||||
else
|
||||
localize_config_file "$config_file"
|
||||
fi
|
||||
done
|
||||
|
||||
# Deploy
|
||||
run_cmd docker compose up -d
|
||||
|
||||
# Validate
|
||||
if docker ps | grep -q traefik && docker ps | grep -q authelia; then
|
||||
log_success "Core stack deployed successfully"
|
||||
exit 0
|
||||
else
|
||||
log_error "Core stack deployment failed"
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user