From dfee9c08ab7e6fe31c24afb9debf7318e6d45b44 Mon Sep 17 00:00:00 2001
From: Sietse Snel <s.t.snel@uu.nl>
Date: Sun, 12 Jan 2025 20:54:06 +0100
Subject: [PATCH] Docker setup: extract params DB passwords

---
 docker/.env                                 | 2 ++
 docker/docker-compose-separate-msl-api.yml  | 2 ++
 docker/docker-compose.yml                   | 2 ++
 docker/images/ckan/ckan-entrypoint.sh       | 1 -
 docker/images/msl-api/msl-api-entrypoint.sh | 6 +++++-
 docker/images/msl-api/msl-api.env           | 2 +-
 6 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/docker/.env b/docker/.env
index ae371de..0d02510 100644
--- a/docker/.env
+++ b/docker/.env
@@ -11,6 +11,7 @@
 
 # Image: ckan
 CKAN_SITE_ID=default
+CKAN_DATABASE_PASSWORD=defaultpassword
 
 # Hostname, IP address and port of the catalog
 EPOS_MSL_HOST=epos-msl.ckan
@@ -50,5 +51,6 @@ POSTGRES_PORT=5432
 DATASTORE_READONLY_PASSWORD=datastore
 
 MYSQL_ROOT_PASSWORD=testtest
+MSLAPI_DB_PASSWORD=testtest
 
 FAST_API_TOKEN=notokenspecified
diff --git a/docker/docker-compose-separate-msl-api.yml b/docker/docker-compose-separate-msl-api.yml
index 21aa008..8b0db60 100644
--- a/docker/docker-compose-separate-msl-api.yml
+++ b/docker/docker-compose-separate-msl-api.yml
@@ -83,6 +83,7 @@ services:
       -  FAST_API_TOKEN=${FAST_API_TOKEN}
       -  EPOS_MSL_HOST=${EPOS_MSL_HOST}
       -  EPOS_MSL_HOST_PORT=${EPOS_MSL_HOST_PORT}
+      -  MSLAPI_DB_PASSWORD=${MSLAPI_DB_PASSWORD}
     ports:
       - "80"
     volumes:
@@ -99,6 +100,7 @@ services:
       -  FAST_API_TOKEN=${FAST_API_TOKEN}
       -  EPOS_MSL_HOST=${EPOS_MSL_HOST}
       -  EPOS_MSL_HOST_PORT=${EPOS_MSL_HOST_PORT}
+      -  MSLAPI_DB_PASSWORD=${MSLAPI_DB_PASSWORD}
     volumes:
       -  ckan_api_key:/ckan_api_key
       -  mslapi_signal:/signal
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 4a63508..001bf84 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -37,6 +37,7 @@ services:
        - CKAN_SOLR_URL=http://solr:8983/solr/ckan
        - CKAN_REDIS_URL=redis://redis:6379/1
        - CKAN_SITE_URL=${CKAN_SITE_URL}
+       - CKAN_DATABASE_PASSWORD=${CKAN_DATABASE_PASSWORD}
        - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      volumes:
        - ckan_api_key:/ckan_api_key
@@ -86,6 +87,7 @@ services:
       -  MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
       -  EPOS_MSL_HOST=${EPOS_MSL_HOST}
       -  EPOS_MSL_HOST_PORT=${EPOS_MSL_HOST_PORT}
+      -  MSLAPI_DB_PASSWORD=${MSLAPI_DB_PASSWORD}
       -  MSLAPI_ROLE=BOTH
     volumes:
       -  ckan_api_key:/ckan_api_key
diff --git a/docker/images/ckan/ckan-entrypoint.sh b/docker/images/ckan/ckan-entrypoint.sh
index b5e8514..7ebb3dd 100644
--- a/docker/images/ckan/ckan-entrypoint.sh
+++ b/docker/images/ckan/ckan-entrypoint.sh
@@ -42,7 +42,6 @@ else echo "Initializing configuration ..."
      export BEAKER_SESSION_SECRET=$(openssl rand -base64 32)
      export SECRET_TOKEN_VALUE=$(openssl rand -base64 32)
      export APP_INSTANCE_UUID=$(uuidgen --name "$EPOS_MSL_FQDN" --namespace "@url" --sha1)
-     export CKAN_DATABASE_PASSWORD=$(pwgen -n 16 -N 1)
      export CKAN_MSL_VOCABULARIES_ENDPOINT="https://${EPOS_MSL_FQDN}/webservice/api/vocabularies"
      perl -pi.bak -e '$beaker_session_secret=$ENV{BEAKER_SESSION_SECRET}; s/BEAKER_SESSION_SECRET/$beaker_session_secret/ge' "$CKAN_CONFIG_FILE"
      perl -pi.bak -e '$secret_token=$ENV{SECRET_TOKEN_VALUE}; s/SECRET_TOKEN_VALUE/$secret_token/ge' "$CKAN_CONFIG_FILE"
diff --git a/docker/images/msl-api/msl-api-entrypoint.sh b/docker/images/msl-api/msl-api-entrypoint.sh
index 5adc324..72d1f8e 100644
--- a/docker/images/msl-api/msl-api-entrypoint.sh
+++ b/docker/images/msl-api/msl-api-entrypoint.sh
@@ -36,7 +36,7 @@ else
     then # Initialize the MSL-API database
 	 mysql -u root "-p$MYSQL_ROOT_PASSWORD" -h mslapi_db -e "
 CREATE DATABASE mslapi;
-CREATE USER 'msl'@'%' IDENTIFIED BY 'msl';
+CREATE USER 'msl'@'%' IDENTIFIED BY '$MSLAPI_DB_PASSWORD';
 GRANT ALL PRIVILEGES ON mslapi.* TO 'msl'@'%';
 FLUSH PRIVILEGES;
 "
@@ -54,6 +54,10 @@ FLUSH PRIVILEGES;
 	 # Also configure the FAST-API key, which is passed via an environment variable
 	 perl -pi.bak -e '$fast_api_token=$ENV{FAST_API_TOKEN}; s/PUT_FASTAPI_TOKEN_HERE/"$fast_api_token"/ge' "/var/www/msl_api/.env"
 
+	 # Configure MSL-API DB password here
+	 perl -pi.bak -e '$mslapi_db_password=$ENV{MSLAPI_DB_PASSWORD}; s/PUT_MYSQL_PASSWORD_HERE/"$mslapi_db_password"/ge' \
+		 "/var/www/msl_api/.env"
+
 	 # Configure App and and asset URL
 	 if [ "$EPOS_MSL_HOST_PORT" -eq "443" ]
          then export APP_ASSET_URL="https://${EPOS_MSL_HOST}"
diff --git a/docker/images/msl-api/msl-api.env b/docker/images/msl-api/msl-api.env
index e53bd19..46cfeb4 100644
--- a/docker/images/msl-api/msl-api.env
+++ b/docker/images/msl-api/msl-api.env
@@ -13,7 +13,7 @@ DB_HOST=mslapi_db
 DB_PORT=3306
 DB_DATABASE=mslapi
 DB_USERNAME=msl
-DB_PASSWORD=msl
+DB_PASSWORD=PUT_MYSQL_PASSWORD_HERE
 
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file