🐎 Improves startup time by storing internal authentication

Author: frenck

influxdb/rootfs/etc/cont-init.d/20-system-users.sh

@@ -6,6 +6,16 @@
 # shellcheck disable=SC1091
 source /usr/lib/hassio-addons/base.sh
 
+declare secret
+
+# If secret file exists, skip this script
+if hass.file_exists "/data/secret"; then
+    exit 0
+fi
+
+# Generate secret based on the Hass.io token
+secret="${HASSIO_TOKEN:21:32}"
+
 exec 3< <(influxd)
 
 sleep 3
@@ -23,27 +33,30 @@ if [[ "$i" = 0 ]]; then
 fi
 
 influx -execute \
-    "CREATE USER chronograf WITH PASSWORD '${HASSIO_TOKEN}'" \
+    "CREATE USER chronograf WITH PASSWORD '${secret}'" \
          &> /dev/null || true
 
 influx -execute \
-    "SET PASSWORD FOR chronograf = '${HASSIO_TOKEN}'" \
+    "SET PASSWORD FOR chronograf = '${secret}'" \
          &> /dev/null || true
 
 influx -execute \
     "GRANT ALL PRIVILEGES TO chronograf" \
         &> /dev/null || true
 
 influx -execute \
-    "CREATE USER kapacitor WITH PASSWORD '${HASSIO_TOKEN}'" \
+    "CREATE USER kapacitor WITH PASSWORD '${secret}'" \
         &> /dev/null || true
 
 influx -execute \
-    "SET PASSWORD FOR kapacitor = '${HASSIO_TOKEN}'" \
+    "SET PASSWORD FOR kapacitor = '${secret}'" \
         &> /dev/null || true
 
 influx -execute \
     "GRANT ALL PRIVILEGES TO kapacitor" \
         &> /dev/null || true
 
 kill "$(pgrep influxd)" >/dev/null 2>&1
+
+# Save secret for future use
+echo "${secret}" > /data/secret

influxdb/rootfs/etc/cont-init.d/30-kapacitor.sh

@@ -6,5 +6,9 @@
 # shellcheck disable=SC1091
 source /usr/lib/hassio-addons/base.sh
 
-sed -i "s/password.*/password = \"${HASSIO_TOKEN}\"/" \
+declare secret
+
+secret=$(</data/secret)
+
+sed -i "s/password.*/password = \"${secret}\"/" \
     /etc/kapacitor/kapacitor.conf

influxdb/rootfs/etc/services.d/chronograf/run

@@ -8,20 +8,23 @@
 source /usr/lib/hassio-addons/base.sh
 
 declare -a options
+declare secret
 
 # Wait for InfluxDB to become available
 s6-svwait -u -t 5000 /var/run/s6/services/influxdb
 
 # Wait for Kapacitor to become available
 s6-svwait -u -t 5000 /var/run/s6/services/kapacitor
 
+secret=$(</data/secret)
+
 # Wait for InfluxDB...
 hass.log.info "Chronograf is waiting until InfluxDB is available..."
 for i in {1800..0}; do
     if influx \
         -execute "SHOW DATABASES" \
         -username "chronograf" \
-        -password "${HASSIO_TOKEN}" \
+        -password "${secret}" \
         > /dev/null 2>&1; then
         break;
     fi
@@ -40,7 +43,7 @@ options+=(--bolt-path=/data/chronograf.db)
 options+=(--influxdb-url="http://localhost:8086")
 
 options+=(--influxdb-username="chronograf")
-options+=(--influxdb-password="${HASSIO_TOKEN}")
+options+=(--influxdb-password="${secret}")
 options+=(--kapacitor-url="http://localhost:9092")
 
 # Find the matching Chronograph log level

influxdb/rootfs/etc/services.d/kapacitor/run

@@ -6,16 +6,20 @@
 # shellcheck disable=SC1091
 source /usr/lib/hassio-addons/base.sh
 
+declare secret
+
 # Wait for InfluxDB to become available
 s6-svwait -u -t 5000 /var/run/s6/services/influxdb
 
+secret=$(</data/secret)
+
 # Wait for InfluxDB...
 hass.log.info "Kapacitor is waiting until InfluxDB is available..."
 for i in {1800..0}; do
     if influx \
         -execute "SHOW DATABASES" \
         -username "kapacitor" \
-        -password "${HASSIO_TOKEN}" \
+        -password "${secret}" \
         > /dev/null 2>&1; then
         break;
     fi