fix(*): set etcd keys safely in /bin/boot

Each etcd configuration key should be set-if-unset. Previously,
we were setting all of these defaults if one directory existed,
but it's safer to set each one individually if it is unset.

Author: carmstrong

controller/bin/boot

@@ -24,13 +24,16 @@ done
 # wait until etcd has discarded potentially stale values
 sleep $(($ETCD_TTL+1))
 
-# seed initial service configuration if necessary
-if ! etcdctl --no-sync -C $ETCD ls $ETCD_PATH >/dev/null 2>&1; then
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/protocol ${DEIS_PROTOCOL:-http} >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/secretKey ${DEIS_SECRET_KEY:-`openssl rand -base64 64 | tr -d '\n'`} >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/builderKey ${DEIS_BUILDER_KEY:-`openssl rand -base64 64 | tr -d '\n'`} >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/registrationEnabled 1 >/dev/null
-fi
+function etcd_safe_set {
+  if ! etcdctl --no-sync -C $ETCD get $ETCD_PATH/$1 >/dev/null 2>&1; then
+    etcdctl --no-sync -C $ETCD set $ETCD_PATH/$1 $2 >/dev/null
+  fi
+}
+
+etcd_safe_set protocol ${DEIS_PROTOCOL:-http}
+etcd_safe_set secretKey ${DEIS_SECRET_KEY:-`openssl rand -base64 64 | tr -d '\n'`}
+etcd_safe_set builderKey ${DEIS_BUILDER_KEY:-`openssl rand -base64 64 | tr -d '\n'`}
+etcd_safe_set registrationEnabled 1
 
 # wait for confd to run once and install initial templates
 until confd -onetime -node $ETCD -config-file /app/confd.toml 2>/dev/null; do

database/bin/boot

@@ -31,15 +31,18 @@ done
 # wait until etcd has discarded potentially stale values
 sleep $(($ETCD_TTL+1))
 
-# seed initial service configuration if necessary
-if ! etcdctl --no-sync -C $ETCD ls $ETCD_PATH >/dev/null 2>&1; then
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/engine postgresql_psycopg2 >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/adminUser ${PG_ADMIN_USER:-postgres} >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/adminPass ${PG_ADMIN_PASS:-changeme123} >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/user ${PG_USER_NAME:-deis} >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/password ${PG_USER_PASS:-changeme123} >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/name ${PG_USER_DB:-deis} >/dev/null
-fi
+function etcd_safe_set {
+  if ! etcdctl --no-sync -C $ETCD get $ETCD_PATH/$1 >/dev/null 2>&1; then
+    etcdctl --no-sync -C $ETCD set $ETCD_PATH/$1 $2 >/dev/null
+  fi
+}
+
+etcd_safe_set engine postgresql_psycopg2
+etcd_safe_set adminUser ${PG_ADMIN_USER:-postgres}
+etcd_safe_set adminPass ${PG_ADMIN_PASS:-changeme123}
+etcd_safe_set user ${PG_USER_NAME:-deis}
+etcd_safe_set password ${PG_USER_PASS:-changeme123}
+etcd_safe_set name ${PG_USER_DB:-deis}
 
 # wait for confd to run once and install initial templates
 until confd -onetime -node $ETCD -config-file /app/confd.toml; do

registry/bin/boot

@@ -27,11 +27,15 @@ done
 # wait until etcd has discarded potentially stale values
 sleep $(($ETCD_TTL+1))
 
+function etcd_safe_set {
+  if ! etcdctl --no-sync -C $ETCD get $ETCD_PATH/$1 >/dev/null 2>&1; then
+    etcdctl --no-sync -C $ETCD set $ETCD_PATH/$1 $2 >/dev/null
+  fi
+}
+
 # seed initial service configuration if necessary
-if ! etcdctl --no-sync -C $ETCD ls $ETCD_PATH >/dev/null 2>/dev/null; then
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/protocol http >/dev/null
-	etcdctl --no-sync -C $ETCD set $ETCD_PATH/secretKey ${REGISTRY_SECRET_KEY:-`openssl rand -base64 64 | tr -d '\n'`} >/dev/null
-fi
+etcd_safe_set protocol http
+etcd_safe_set secretKey ${REGISTRY_SECRET_KEY:-`openssl rand -base64 64 | tr -d '\n'`}
 
 # wait for confd to run once and install initial templates
 until confd -onetime -node $ETCD -config-file /app/confd.toml; do

router/bin/boot

@@ -24,19 +24,26 @@ done
 # wait until etcd has discarded potentially stale values
 sleep $(($ETCD_TTL+1))
 
-# seed initial service configuration if necessary
-if ! etcdctl --no-sync -C $ETCD ls /deis/services >/dev/null 2>&1; then
-  etcdctl --no-sync -C $ETCD mkdir /deis/services || true >/dev/null 2>&1
-  etcdctl --no-sync -C $ETCD mkdir /deis/domains || true >/dev/null 2>&1
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/port ${PORT:-80} >/dev/null
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/gzip on >/dev/null
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/gzipHttpVersion 1.0 >/dev/null
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/gzipCompLevel 2 >/dev/null
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/gzipProxied any >/dev/null
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/gzipVary on >/dev/null
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/gzipDisable "\"msie6\"" >/dev/null
-  etcdctl --no-sync -C $ETCD set $ETCD_PATH/gzipTypes "application/x-javascript, application/xhtml+xml, application/xml, application/xml+rss, application/json, text/css, text/javascript, text/plain, text/xml" >/dev/null
-fi
+function etcd_safe_mkdir {
+  etcdctl --no-sync -C $ETCD mkdir $1 || true >/dev/null 2>&1
+}
+
+function etcd_safe_set {
+  if ! etcdctl --no-sync -C $ETCD get $ETCD_PATH/$1 >/dev/null 2>&1; then
+    etcdctl --no-sync -C $ETCD set $ETCD_PATH/$1 $2 >/dev/null
+  fi
+}
+
+etcd_safe_mkdir /deis/services
+etcd_safe_mkdir /deis/domains
+etcd_safe_set port ${PORT:-80}
+etcd_safe_set gzip on
+etcd_safe_set gzipHttpVersion 1.0
+etcd_safe_set gzipCompLevel 2
+etcd_safe_set gzipProxied any
+etcd_safe_set gzipVary on
+etcd_safe_set gzipDisable "\"msie6\""
+etcd_safe_set gzipTypes "application/x-javascript, application/xhtml+xml, application/xml, application/xml+rss, application/json, text/css, text/javascript, text/plain, text/xml"
 
 # wait for confd to run once and install initial templates
 until confd -onetime -node $ETCD -config-file /app/confd.toml >/dev/null 2>/dev/null; do