Compare commits

...

2 commits

Author SHA1 Message Date
Patrik Lundin 206e450c99
Add init script for setting up cdn database 2024-11-13 14:52:17 +01:00
Patrik Lundin 3cc1b602fd
Add cdn user password 2024-11-13 14:35:18 +01:00
5 changed files with 78 additions and 23 deletions

View file

@ -0,0 +1,10 @@
#!/bin/bash
set -e
. /conf/init-cdn-db.conf
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
CREATE USER cdn WITH PASSWORD \'"$cdn_password"\';
CREATE DATABASE cdn;
GRANT ALL PRIVILEGES ON DATABASE cdn TO cdn;
EOSQL

View file

@ -6,6 +6,7 @@ class cdn::db(
$db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef })
if $db_secrets {
file { '/opt/sunet-cdn':
ensure => directory,
owner => 'root',
@ -20,7 +21,45 @@ class cdn::db(
mode => '0750',
}
sunet::nftables::docker_expose { 'expose postgres-db' :
file { '/opt/sunet-cdn/db':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0750',
}
# User/group 999 matches postgres user in container
file { '/opt/sunet-cdn/db/conf':
ensure => directory,
owner => '999',
group => '999',
mode => '0750',
}
file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d':
ensure => directory,
owner => '999',
group => '999',
mode => '0750',
}
file { '/opt/sunet-cdn/db/conf/init-cdn-db.conf':
ensure => directory,
owner => '999',
group => '999',
mode => '0640',
content => template('cdn/db/init-cdn-db.conf.erb'),
}
file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d/init-cdn-db.sh':
ensure => directory,
owner => '999',
group => '999',
mode => '0750',
content => file('cdn/db/init-cdn-db.sh'),
}
sunet::nftables::docker_expose { 'postgres-db' :
allow_clients => '127.0.0.1',
port => 5432,
iif => $facts['networking']['primary'],
@ -33,4 +72,5 @@ class cdn::db(
compose_filename => 'docker-compose.yml',
description => 'SUNET CDN DB',
}
}
}

View file

@ -5,5 +5,7 @@ services:
- POSTGRES_PASSWORD=<%= @db_secrets['postgres_password'] %>
volumes:
- postgres_data:/var/lib/postgresql/data
- /opt/sunet-cdn/db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.dh
- /opt/sunet-cdn/db/conf:/conf
volumes:
postgres_data:

View file

@ -0,0 +1,2 @@
# File sourced by init-cdn-db.sh
cdn_password="<%= @db_secrets['cdn_password'] %>"

View file

@ -1,3 +1,4 @@
---
cdn::db-secrets:
postgres_password: ENC[PKCS7,MIIDCAYJKoZIhvcNAQcDoIIC+TCCAvUCAQAxggKQMIICjAIBADB0MFwxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLTArBgNVBAMMJGludGVybmFsLXN0bzMtdGVzdC1kYi0xLmNkbi5zdW5ldC5zZQIUbbUXduFvDLw3OUVWiGrIvFBkkJMwDQYJKoZIhvcNAQEBBQAEggIAGKLk12OT5zsVKd04qsLkFtawdauLYUERXUC3d9FtZNVpwCFDNMnSsruUfasOvyvdaRbm8AUk/nAGuBNjD9HJj8J45KfQUEAPstnZPHndkF51LwU1twFrZvcSnvFANvxh61MzccMz6NVQL5CXsw4IWMDNhUbkhO5cRfxc0SOVugeTZ74BWwpEww9uKVPtfPRKCgJayBq1o/fyQblGsjJbmu/dRCm32gcdZu1lqfDU0DLsnjk14GJpqpP5h6sEfSrdXyFcWzFzdjtLZLL6TfUWYNYX6CnjjRMv1zZ73877DPXt+vvi0Nvqld5CDTXM9ggDWwZKvluVGn7sTyZdwtWLvs1qK4nui7NLfENtBrUi/GOWsxoFa9tmfeeX/cticzzQcUdDNkfaDgmBa/C7lyjlkwyDGvhYdBHycSEJJ8rxncjBGKl79mpWlK0YTsppgD5eXWZSK7gC3PecRqQ7Jri3aBAWymlM7wfJYP8Z5ocEEq7+BLKSk0Z+Npj8PqJkQ0mw96QC5kNY2LfnGTPbBPpyBZRfZh3F2x1fLN+JQN+IgMpzLW2Oce5HWlPn9iTgCiZU/7mRDJKe8wI4gSg+Mf6hWqlC+NIcMOdAcrfvobzx3PVDHletTd0xgdgGEJpOvtpkYCqcdDbFX4kyEntMaMmp32XBcgsUy1b09uHMB2klzncwXAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQereGW4ZbKx3BV6f/PqkgSYAwcqDeq645K3JJOx9su/j9qDcAGxJN1CqIJjkYFBI+/2euykTaCvIqUMhljoDjeJeE]
cdn_password: ENC[PKCS7,MIIDCAYJKoZIhvcNAQcDoIIC+TCCAvUCAQAxggKQMIICjAIBADB0MFwxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLTArBgNVBAMMJGludGVybmFsLXN0bzMtdGVzdC1kYi0xLmNkbi5zdW5ldC5zZQIUbbUXduFvDLw3OUVWiGrIvFBkkJMwDQYJKoZIhvcNAQEBBQAEggIAdeN61oxrXS1J3qqYVotSQx1xMhBmcq73UsFhJ3glLWTbSeXhna57E/zmVkjTGmfH6+mBqw8rM6ewxQ6XfKRC7rAOtM3g7B5uqblzXReUP9b8QeksI6/6qeTSua7qgTP3UnGNSHNVbRcwbwQbwgQBrrrWP5IcxiEkNVnjv37GzpL54kNE4VSS/2jsQkSWom0uGKFfFBm0Rkg6hQor7wb/Vi+f6BbbxZvVDBXQDGuwHp3YE+Odb/zTUEDVtYUI2t/19iYKS/yjSmG1K2QEpj6vaav7IzbhDkCZu+6JTvWZ96tARdSlllkOACFvpdFCNrODHrmVrZduQ7XriohySTxLe43M0bm4a63V5ghKatAd9uAXku5tTU0QFzC+bHc2pGH7rYznGgfhi0+PqslHmWJoH+H3rMOz4FFaywajByAe1XWBKT9MBiKrihKrqC9yInIaDcRA0PMZv6HhBnpUcI1X+wqMvd9qiNi5mTXyv+kPZbZHNmV4u+gO7xlk4XDvE70OOx7x13ICQ50KwjXbBrIKpowj+3I8GciZRjGsn3B+1wAn8clJ5iQ2gORQ2WGa2s9dJKwANi6ByAL1GR0/fMabMajYLvOTrLemrCA2MTbInAfuUTohlEjc145oubHNm2VmnQDZ1mAvvRayPlbsVGx3Q0cm1RwSl+MjzKmKBOK+JtMwXAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQwWjF6Qsi2kSEbp3R3QVnE4AwAwLkN8LkiyghIdctO32a37wWJ2m43/gh7l0aHuxrNAQS/qK3odCfoUoy/GjRWawc]