After dump of certificates is there anyway to have script change either owner (chown) and/or mode (chmod)? #130
Comments
|
Maybe adding a flag to change permissions of the cert and key ? Currently it wirtes with static permissions at least for v2. Didin't look further into it. traefik-certs-dumper/dumper/v2/dumper.go Line 58 in 1e5c66d traefik-certs-dumper/dumper/v2/dumper.go Line 76 in 1e5c66d traefik-certs-dumper/dumper/v2/dumper.go Line 88 in 1e5c66d |
|
I was able to change the permissions via the "--post-hook" option: |
|
is it possible to go even further and execute a script with --post-hook? every time I try to execute a bash script it stops parsing when it encounters a firs space in the command. For example my script file (named posthook.sh) is: it always fails at scp. Also I did add scp to the container by modifying entrypoint: from apk add jq to apk add jq openssh-client. edit: the scp command by itself works flawlessly when executed inside the container (I have known_hosts and keys mapped inside the container) |
|
If someone comes across this and doesn't want tmpfile=$(mktemp)
cat <<EOF >$tmpfile
chown -R $UID:$(id -g) /shared/certs
kill 1
EOF
docker run --rm \
-v $tmpfile:/tmp/chownme \
ldez/traefik-certs-dumper file \
--source /data/acme.json \
--dest /shared/certs \
--watch --post-hook "sh /tmp/chownme"
rm $tmpfile(Of course, you'd need additional The reason for the heredoc'd script is that passing in The I'd also love an option to set the ownership of files generated after running this--but until then, I hope this workaround is useful to someone else~ |
Perhaps this is more of a request rather than a bug, however it would be great to have option to set owner:group and/or mode.
My usage case is running Collabora docker that inserts the certificates however the certs either need to be owned by the lool:lool user or have 644 permission (both the cert and key).
Thanks for considering this.
The text was updated successfully, but these errors were encountered: