Defining ZendHQ Access During Docker Container Startup

When starting ZendHQ Docker containers, define groups and users at startup to prevent unauthorized access.

Important Save sensitive values in your container ENV or in a secure vault.

Use an /entrypoint.d/ script to initialize the ZendHQ databases, define the groups, their permissions, and initial users.

Edit the following example script according to your needs and define users and groups and their permissions. For more information on roles, see ZendHQ Role Management.

#!/bin/bash
# This file is /entrypoint.d/zendhqd-user-init.sh

set -e

zendhq_path=/opt/zend/zendphp
zendhqd="${zendhq_path}/bin/zendhqd"
zendhqctl="${zendhq_path}/bin/zendhqctl"

# Initialize the databases, if it's not initialised yet.
"$zendhqd" -a zendhqd -c "${zendhq_path}/etc/zendhqd.ini" --init-only

# Define a developer group
"$zendhqctl" access group add devel -c "Developer group"

# Assign permissions to the developer group
"$zendhqctl" access group set-permissions devel +rw zray,jq
"$zendhqctl" access group set-permissions devel +r mon,ct

# Define a user, read the password from an environment variable,
# and assign the user to the developer group
"$zendhqctl" access user add john -p "${ZENDHQD_USER_JOHN}" -g devel