Compare commits
2 commits
61f47320a7
...
206e450c99
Author | SHA1 | Date | |
---|---|---|---|
Patrik Lundin | 206e450c99 | ||
Patrik Lundin | 3cc1b602fd |
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
. /conf/init-cdn-db.conf
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
CREATE USER cdn WITH PASSWORD \'"$cdn_password"\';
|
||||
CREATE DATABASE cdn;
|
||||
GRANT ALL PRIVILEGES ON DATABASE cdn TO cdn;
|
||||
EOSQL
|
|
@ -6,6 +6,7 @@ class cdn::db(
|
|||
|
||||
$db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef })
|
||||
|
||||
if $db_secrets {
|
||||
file { '/opt/sunet-cdn':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
|
@ -20,7 +21,45 @@ class cdn::db(
|
|||
mode => '0750',
|
||||
}
|
||||
|
||||
sunet::nftables::docker_expose { 'expose postgres-db' :
|
||||
file { '/opt/sunet-cdn/db':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0750',
|
||||
}
|
||||
|
||||
# User/group 999 matches postgres user in container
|
||||
file { '/opt/sunet-cdn/db/conf':
|
||||
ensure => directory,
|
||||
owner => '999',
|
||||
group => '999',
|
||||
mode => '0750',
|
||||
}
|
||||
|
||||
file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d':
|
||||
ensure => directory,
|
||||
owner => '999',
|
||||
group => '999',
|
||||
mode => '0750',
|
||||
}
|
||||
|
||||
file { '/opt/sunet-cdn/db/conf/init-cdn-db.conf':
|
||||
ensure => directory,
|
||||
owner => '999',
|
||||
group => '999',
|
||||
mode => '0640',
|
||||
content => template('cdn/db/init-cdn-db.conf.erb'),
|
||||
}
|
||||
|
||||
file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d/init-cdn-db.sh':
|
||||
ensure => directory,
|
||||
owner => '999',
|
||||
group => '999',
|
||||
mode => '0750',
|
||||
content => file('cdn/db/init-cdn-db.sh'),
|
||||
}
|
||||
|
||||
sunet::nftables::docker_expose { 'postgres-db' :
|
||||
allow_clients => '127.0.0.1',
|
||||
port => 5432,
|
||||
iif => $facts['networking']['primary'],
|
||||
|
@ -33,4 +72,5 @@ class cdn::db(
|
|||
compose_filename => 'docker-compose.yml',
|
||||
description => 'SUNET CDN DB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,5 +5,7 @@ services:
|
|||
- POSTGRES_PASSWORD=<%= @db_secrets['postgres_password'] %>
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
- /opt/sunet-cdn/db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.dh
|
||||
- /opt/sunet-cdn/db/conf:/conf
|
||||
volumes:
|
||||
postgres_data:
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
# File sourced by init-cdn-db.sh
|
||||
cdn_password="<%= @db_secrets['cdn_password'] %>"
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
cdn::db-secrets:
|
||||
postgres_password: ENC[PKCS7,MIIDCAYJKoZIhvcNAQcDoIIC+TCCAvUCAQAxggKQMIICjAIBADB0MFwxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLTArBgNVBAMMJGludGVybmFsLXN0bzMtdGVzdC1kYi0xLmNkbi5zdW5ldC5zZQIUbbUXduFvDLw3OUVWiGrIvFBkkJMwDQYJKoZIhvcNAQEBBQAEggIAGKLk12OT5zsVKd04qsLkFtawdauLYUERXUC3d9FtZNVpwCFDNMnSsruUfasOvyvdaRbm8AUk/nAGuBNjD9HJj8J45KfQUEAPstnZPHndkF51LwU1twFrZvcSnvFANvxh61MzccMz6NVQL5CXsw4IWMDNhUbkhO5cRfxc0SOVugeTZ74BWwpEww9uKVPtfPRKCgJayBq1o/fyQblGsjJbmu/dRCm32gcdZu1lqfDU0DLsnjk14GJpqpP5h6sEfSrdXyFcWzFzdjtLZLL6TfUWYNYX6CnjjRMv1zZ73877DPXt+vvi0Nvqld5CDTXM9ggDWwZKvluVGn7sTyZdwtWLvs1qK4nui7NLfENtBrUi/GOWsxoFa9tmfeeX/cticzzQcUdDNkfaDgmBa/C7lyjlkwyDGvhYdBHycSEJJ8rxncjBGKl79mpWlK0YTsppgD5eXWZSK7gC3PecRqQ7Jri3aBAWymlM7wfJYP8Z5ocEEq7+BLKSk0Z+Npj8PqJkQ0mw96QC5kNY2LfnGTPbBPpyBZRfZh3F2x1fLN+JQN+IgMpzLW2Oce5HWlPn9iTgCiZU/7mRDJKe8wI4gSg+Mf6hWqlC+NIcMOdAcrfvobzx3PVDHletTd0xgdgGEJpOvtpkYCqcdDbFX4kyEntMaMmp32XBcgsUy1b09uHMB2klzncwXAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQereGW4ZbKx3BV6f/PqkgSYAwcqDeq645K3JJOx9su/j9qDcAGxJN1CqIJjkYFBI+/2euykTaCvIqUMhljoDjeJeE]
|
||||
cdn_password: ENC[PKCS7,MIIDCAYJKoZIhvcNAQcDoIIC+TCCAvUCAQAxggKQMIICjAIBADB0MFwxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLTArBgNVBAMMJGludGVybmFsLXN0bzMtdGVzdC1kYi0xLmNkbi5zdW5ldC5zZQIUbbUXduFvDLw3OUVWiGrIvFBkkJMwDQYJKoZIhvcNAQEBBQAEggIAdeN61oxrXS1J3qqYVotSQx1xMhBmcq73UsFhJ3glLWTbSeXhna57E/zmVkjTGmfH6+mBqw8rM6ewxQ6XfKRC7rAOtM3g7B5uqblzXReUP9b8QeksI6/6qeTSua7qgTP3UnGNSHNVbRcwbwQbwgQBrrrWP5IcxiEkNVnjv37GzpL54kNE4VSS/2jsQkSWom0uGKFfFBm0Rkg6hQor7wb/Vi+f6BbbxZvVDBXQDGuwHp3YE+Odb/zTUEDVtYUI2t/19iYKS/yjSmG1K2QEpj6vaav7IzbhDkCZu+6JTvWZ96tARdSlllkOACFvpdFCNrODHrmVrZduQ7XriohySTxLe43M0bm4a63V5ghKatAd9uAXku5tTU0QFzC+bHc2pGH7rYznGgfhi0+PqslHmWJoH+H3rMOz4FFaywajByAe1XWBKT9MBiKrihKrqC9yInIaDcRA0PMZv6HhBnpUcI1X+wqMvd9qiNi5mTXyv+kPZbZHNmV4u+gO7xlk4XDvE70OOx7x13ICQ50KwjXbBrIKpowj+3I8GciZRjGsn3B+1wAn8clJ5iQ2gORQ2WGa2s9dJKwANi6ByAL1GR0/fMabMajYLvOTrLemrCA2MTbInAfuUTohlEjc145oubHNm2VmnQDZ1mAvvRayPlbsVGx3Q0cm1RwSl+MjzKmKBOK+JtMwXAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQwWjF6Qsi2kSEbp3R3QVnE4AwAwLkN8LkiyghIdctO32a37wWJ2m43/gh7l0aHuxrNAQS/qK3odCfoUoy/GjRWawc]
|
||||
|
|
Loading…
Reference in a new issue