From dfee9c08ab7e6fe31c24afb9debf7318e6d45b44 Mon Sep 17 00:00:00 2001 From: Sietse Snel <s.t.snel@uu.nl> Date: Sun, 12 Jan 2025 20:54:06 +0100 Subject: [PATCH] Docker setup: extract params DB passwords --- docker/.env | 2 ++ docker/docker-compose-separate-msl-api.yml | 2 ++ docker/docker-compose.yml | 2 ++ docker/images/ckan/ckan-entrypoint.sh | 1 - docker/images/msl-api/msl-api-entrypoint.sh | 6 +++++- docker/images/msl-api/msl-api.env | 2 +- 6 files changed, 12 insertions(+), 3 deletions(-) diff --git a/docker/.env b/docker/.env index ae371de..0d02510 100644 --- a/docker/.env +++ b/docker/.env @@ -11,6 +11,7 @@ # Image: ckan CKAN_SITE_ID=default +CKAN_DATABASE_PASSWORD=defaultpassword # Hostname, IP address and port of the catalog EPOS_MSL_HOST=epos-msl.ckan @@ -50,5 +51,6 @@ POSTGRES_PORT=5432 DATASTORE_READONLY_PASSWORD=datastore MYSQL_ROOT_PASSWORD=testtest +MSLAPI_DB_PASSWORD=testtest FAST_API_TOKEN=notokenspecified diff --git a/docker/docker-compose-separate-msl-api.yml b/docker/docker-compose-separate-msl-api.yml index 21aa008..8b0db60 100644 --- a/docker/docker-compose-separate-msl-api.yml +++ b/docker/docker-compose-separate-msl-api.yml @@ -83,6 +83,7 @@ services: - FAST_API_TOKEN=${FAST_API_TOKEN} - EPOS_MSL_HOST=${EPOS_MSL_HOST} - EPOS_MSL_HOST_PORT=${EPOS_MSL_HOST_PORT} + - MSLAPI_DB_PASSWORD=${MSLAPI_DB_PASSWORD} ports: - "80" volumes: @@ -99,6 +100,7 @@ services: - FAST_API_TOKEN=${FAST_API_TOKEN} - EPOS_MSL_HOST=${EPOS_MSL_HOST} - EPOS_MSL_HOST_PORT=${EPOS_MSL_HOST_PORT} + - MSLAPI_DB_PASSWORD=${MSLAPI_DB_PASSWORD} volumes: - ckan_api_key:/ckan_api_key - mslapi_signal:/signal diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 4a63508..001bf84 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -37,6 +37,7 @@ services: - CKAN_SOLR_URL=http://solr:8983/solr/ckan - CKAN_REDIS_URL=redis://redis:6379/1 - CKAN_SITE_URL=${CKAN_SITE_URL} + - CKAN_DATABASE_PASSWORD=${CKAN_DATABASE_PASSWORD} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} volumes: - ckan_api_key:/ckan_api_key @@ -86,6 +87,7 @@ services: - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - EPOS_MSL_HOST=${EPOS_MSL_HOST} - EPOS_MSL_HOST_PORT=${EPOS_MSL_HOST_PORT} + - MSLAPI_DB_PASSWORD=${MSLAPI_DB_PASSWORD} - MSLAPI_ROLE=BOTH volumes: - ckan_api_key:/ckan_api_key diff --git a/docker/images/ckan/ckan-entrypoint.sh b/docker/images/ckan/ckan-entrypoint.sh index b5e8514..7ebb3dd 100644 --- a/docker/images/ckan/ckan-entrypoint.sh +++ b/docker/images/ckan/ckan-entrypoint.sh @@ -42,7 +42,6 @@ else echo "Initializing configuration ..." export BEAKER_SESSION_SECRET=$(openssl rand -base64 32) export SECRET_TOKEN_VALUE=$(openssl rand -base64 32) export APP_INSTANCE_UUID=$(uuidgen --name "$EPOS_MSL_FQDN" --namespace "@url" --sha1) - export CKAN_DATABASE_PASSWORD=$(pwgen -n 16 -N 1) export CKAN_MSL_VOCABULARIES_ENDPOINT="https://${EPOS_MSL_FQDN}/webservice/api/vocabularies" perl -pi.bak -e '$beaker_session_secret=$ENV{BEAKER_SESSION_SECRET}; s/BEAKER_SESSION_SECRET/$beaker_session_secret/ge' "$CKAN_CONFIG_FILE" perl -pi.bak -e '$secret_token=$ENV{SECRET_TOKEN_VALUE}; s/SECRET_TOKEN_VALUE/$secret_token/ge' "$CKAN_CONFIG_FILE" diff --git a/docker/images/msl-api/msl-api-entrypoint.sh b/docker/images/msl-api/msl-api-entrypoint.sh index 5adc324..72d1f8e 100644 --- a/docker/images/msl-api/msl-api-entrypoint.sh +++ b/docker/images/msl-api/msl-api-entrypoint.sh @@ -36,7 +36,7 @@ else then # Initialize the MSL-API database mysql -u root "-p$MYSQL_ROOT_PASSWORD" -h mslapi_db -e " CREATE DATABASE mslapi; -CREATE USER 'msl'@'%' IDENTIFIED BY 'msl'; +CREATE USER 'msl'@'%' IDENTIFIED BY '$MSLAPI_DB_PASSWORD'; GRANT ALL PRIVILEGES ON mslapi.* TO 'msl'@'%'; FLUSH PRIVILEGES; " @@ -54,6 +54,10 @@ FLUSH PRIVILEGES; # Also configure the FAST-API key, which is passed via an environment variable perl -pi.bak -e '$fast_api_token=$ENV{FAST_API_TOKEN}; s/PUT_FASTAPI_TOKEN_HERE/"$fast_api_token"/ge' "/var/www/msl_api/.env" + # Configure MSL-API DB password here + perl -pi.bak -e '$mslapi_db_password=$ENV{MSLAPI_DB_PASSWORD}; s/PUT_MYSQL_PASSWORD_HERE/"$mslapi_db_password"/ge' \ + "/var/www/msl_api/.env" + # Configure App and and asset URL if [ "$EPOS_MSL_HOST_PORT" -eq "443" ] then export APP_ASSET_URL="https://${EPOS_MSL_HOST}" diff --git a/docker/images/msl-api/msl-api.env b/docker/images/msl-api/msl-api.env index e53bd19..46cfeb4 100644 --- a/docker/images/msl-api/msl-api.env +++ b/docker/images/msl-api/msl-api.env @@ -13,7 +13,7 @@ DB_HOST=mslapi_db DB_PORT=3306 DB_DATABASE=mslapi DB_USERNAME=msl -DB_PASSWORD=msl +DB_PASSWORD=PUT_MYSQL_PASSWORD_HERE BROADCAST_DRIVER=log CACHE_DRIVER=file