Add init script for setting up cdn database

global/overlay/etc/puppet/modules/cdn/files/db/init-cdn-db.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+. /conf/init-cdn-db.conf
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+	CREATE USER cdn WITH PASSWORD \'"$cdn_password"\';
+	CREATE DATABASE cdn;
+	GRANT ALL PRIVILEGES ON DATABASE cdn TO cdn;
+EOSQL

global/overlay/etc/puppet/modules/cdn/manifests/db.pp

@@ -6,31 +6,71 @@ class cdn::db(
 
   $db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef })
 
-  file { '/opt/sunet-cdn':
-    ensure => directory,
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0755',
-  }
+  if $db_secrets {
+    file { '/opt/sunet-cdn':
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0755',
+    }
 
-  file { '/opt/sunet-cdn/compose':
-    ensure => directory,
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0750',
-  }
+    file { '/opt/sunet-cdn/compose':
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0750',
+    }
 
-  sunet::nftables::docker_expose { 'expose postgres-db' :
-    allow_clients => '127.0.0.1',
-    port          => 5432,
-    iif           => $facts['networking']['primary'],
-  }
+    file { '/opt/sunet-cdn/db':
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0750',
+    }
 
-  sunet::docker_compose { 'sunet-cdn-db':
-    content          => template('cdn/db/docker-compose.yml.erb'),
-    service_name     => 'cdn-db',
-    compose_dir      => '/opt/sunet-cdn/compose',
-    compose_filename => 'docker-compose.yml',
-    description      => 'SUNET CDN DB',
+    # User/group 999 matches postgres user in container
+    file { '/opt/sunet-cdn/db/conf':
+      ensure => directory,
+      owner  => '999',
+      group  => '999',
+      mode   => '0750',
+    }
+
+    file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d':
+      ensure => directory,
+      owner  => '999',
+      group  => '999',
+      mode   => '0750',
+    }
+
+    file { '/opt/sunet-cdn/db/conf/init-cdn-db.conf':
+      ensure => directory,
+      owner  => '999',
+      group  => '999',
+      mode   => '0640',
+      content => template('cdn/db/init-cdn-db.conf.erb'),
+    }
+
+    file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d/init-cdn-db.sh':
+      ensure => directory,
+      owner  => '999',
+      group  => '999',
+      mode   => '0750',
+      content => file('cdn/db/init-cdn-db.sh'),
+    }
+
+    sunet::nftables::docker_expose { 'postgres-db' :
+      allow_clients => '127.0.0.1',
+      port          => 5432,
+      iif           => $facts['networking']['primary'],
+    }
+
+    sunet::docker_compose { 'sunet-cdn-db':
+      content          => template('cdn/db/docker-compose.yml.erb'),
+      service_name     => 'cdn-db',
+      compose_dir      => '/opt/sunet-cdn/compose',
+      compose_filename => 'docker-compose.yml',
+      description      => 'SUNET CDN DB',
+    }
   }
 }

global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb

@@ -5,5 +5,7 @@ services:
       - POSTGRES_PASSWORD=<%= @db_secrets['postgres_password'] %>
     volumes:
       - postgres_data:/var/lib/postgresql/data
+      - /opt/sunet-cdn/db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.dh
+      - /opt/sunet-cdn/db/conf:/conf
 volumes:
   postgres_data:

global/overlay/etc/puppet/modules/cdn/templates/db/init-cdn-db.conf.erb

@@ -0,0 +1,2 @@
+# File sourced by init-cdn-db.sh
+cdn_password="<%= @db_secrets['cdn_password'] %>"