Add init script for setting up cdn database

2024-11-13 14:52:17 +01:00 · 2024-11-13 14:52:17 +01:00 · 206e450c99
commit 206e450c99
parent 3cc1b602fd
4 changed files with 77 additions and 23 deletions
--- a/global/overlay/etc/puppet/modules/cdn/files/db/init-cdn-db.sh
+++ b/global/overlay/etc/puppet/modules/cdn/files/db/init-cdn-db.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 set -e
 . /conf/init-cdn-db.conf
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER cdn WITH PASSWORD \'"$cdn_password"\';
 	CREATE DATABASE cdn;
 	GRANT ALL PRIVILEGES ON DATABASE cdn TO cdn;
 EOSQL
--- a/global/overlay/etc/puppet/modules/cdn/manifests/db.pp
+++ b/global/overlay/etc/puppet/modules/cdn/manifests/db.pp
@ -6,6 +6,7 @@ class cdn::db(
  $db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef })
  if $db_secrets {
    file { '/opt/sunet-cdn':
      ensure => directory,
      owner  => 'root',
@ -20,7 +21,45 @@ class cdn::db(
      mode   => '0750',
    }
-  sunet::nftables::docker_expose { 'expose postgres-db' :
+    file { '/opt/sunet-cdn/db':
      ensure => directory,
      owner  => 'root',
      group  => 'root',
      mode   => '0750',
    }
    # User/group 999 matches postgres user in container
    file { '/opt/sunet-cdn/db/conf':
      ensure => directory,
      owner  => '999',
      group  => '999',
      mode   => '0750',
    }
    file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d':
      ensure => directory,
      owner  => '999',
      group  => '999',
      mode   => '0750',
    }
    file { '/opt/sunet-cdn/db/conf/init-cdn-db.conf':
      ensure => directory,
      owner  => '999',
      group  => '999',
      mode   => '0640',
      content => template('cdn/db/init-cdn-db.conf.erb'),
    }
    file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d/init-cdn-db.sh':
      ensure => directory,
      owner  => '999',
      group  => '999',
      mode   => '0750',
      content => file('cdn/db/init-cdn-db.sh'),
    }
    sunet::nftables::docker_expose { 'postgres-db' :
      allow_clients => '127.0.0.1',
      port          => 5432,
      iif           => $facts['networking']['primary'],
@ -34,3 +73,4 @@ class cdn::db(
      description      => 'SUNET CDN DB',
    }
  }
 }
--- a/global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb
@ -5,5 +5,7 @@ services:
      - POSTGRES_PASSWORD=<%= @db_secrets['postgres_password'] %>
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - /opt/sunet-cdn/db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.dh
      - /opt/sunet-cdn/db/conf:/conf
 volumes:
  postgres_data:
--- a/global/overlay/etc/puppet/modules/cdn/templates/db/init-cdn-db.conf.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/db/init-cdn-db.conf.erb
@ -0,0 +1,2 @@
 # File sourced by init-cdn-db.sh
 cdn_password="<%= @db_secrets['cdn_password'] %>"
		`@ -0,0 +1,2 @@`
							`# File sourced by init-cdn-db.sh`
							`cdn_password="<%= @db_secrets['cdn_password'] %>"`