Merge branch '5-prepare-user-and-db-for-monitoring' into 'main'

Resolve "Prepare user and db for monitoring"

Closes #5

See merge request cm/rnd/cytomine/tools/envs/postgis-ce!6

Author: jgillardcytomine

Dockerfile

@@ -29,32 +29,34 @@ ARG IMAGE_VERSION
 ARG IMAGE_REVISION
 ARG POSTGIS_VERSION
 
-#set default user (and default DB name) to docker by default
-ENV POSTGRES_USER=docker
+# set default superadmin user postgres + set defaults for component specific databass sdb and user
 ENV APPENGINE_DB=appengine
 ENV APPENGINE_USER=appengine
-ENV APPENGINE_PASSWORD=password
 
-# database init
-RUN mkdir -p /etc/postgres/conf.d /docker-entrypoint-cytomine.d/ /docker-entrypoint-initdb.d/
-COPY files/initdb-cytomine-extensions.sql /docker-entrypoint-initdb.d/11_cytomine-extensions.sql
-COPY files/initdb-cytomine-user-appengine.sh /docker-entrypoint-initdb.d/14_cytomine_user_appengine.sh
+# database init. Warning: those are only run if data volume is empty
+RUN mkdir -p /etc/postgres/conf.d /docker-entrypoint-cytomine.d/ /docker-entrypoint-initdb.d/ /checks/
+COPY files/initdb/initdb-cytomine-extensions.sql /docker-entrypoint-initdb.d/11_cytomine-extensions.sql
 
 # default configuration
-COPY files/postgres.conf /etc/postgres/postgres.conf
-COPY files/postgres.default.conf /etc/postgres/00-default.conf
-COPY files/check-backup-folder.sh /docker-entrypoint-cytomine.d/550-check-backup-folder.sh
-COPY files/start-crond.sh /docker-entrypoint-cytomine.d/600-start-crond.sh
+COPY files/conf/postgres.conf /etc/postgres/postgres.conf
+COPY files/conf/postgres.default.conf /etc/postgres/00-default.conf
+
+# entry points. Triggered at every container starts
+COPY files/scripts/check-backup-folder.sh /docker-entrypoint-cytomine.d/550-check-backup-folder.sh
+COPY files/scripts/start-crond.sh /docker-entrypoint-cytomine.d/600-start-crond.sh
+COPY files/scripts/check_dbs_users.sh /docker-entrypoint-cytomine.d/700-check_dbs_users.sh
+COPY files/checks /checks
 
 # backup and restore scripts
-COPY files/backup-cron-job /backup-cron-job
-COPY files/cytomine-postgis-backup.sh /usr/local/bin/backup
-COPY files/cytomine-postgis-restore.sh /usr/local/bin/restore
+COPY files/scripts/backup-cron-job /backup-cron-job
+COPY files/scripts/cytomine-postgis-backup.sh /usr/local/bin/backup
+COPY files/scripts/cytomine-postgis-restore.sh /usr/local/bin/restore
 
-RUN chmod +x /usr/local/bin/backup /usr/local/bin/restore /docker-entrypoint-cytomine.d/*.sh && \
+RUN chmod +x /usr/local/bin/backup /usr/local/bin/restore /docker-entrypoint-cytomine.d/*.sh /checks/*.sh && \
     chmod 0644 /backup-cron-job && \
     chmod u+s /usr/bin/crontab && \
-    crontab /backup-cron-job
+    crontab /backup-cron-job && \
+    chmod 0700 /checks -R
 
 COPY --from=entrypoint-scripts --chmod=774 /cytomine-entrypoint.sh /usr/local/bin/
 COPY --from=entrypoint-scripts --chmod=774 /envsubst-on-templates-and-move.sh /docker-entrypoint-cytomine.d/500-envsubst-on-templates-and-move.sh

files/checks/check-user.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+CHECK_NAME="$1"
+USER="$2"
+PASSWORD="$3"
+DB="$4"
+ADD_DB_EXTENSIONS="$5"
+
+echo "Starting '${CHECK_NAME}'."
+
+if [ -z "$USER" ] || [ -z "$PASSWORD" ] || [ -z "$DB" ]; then
+  echo "$0" "Skipping '${CHECK_NAME}' pre-configuration because * env variables are empty or undefined"
+  exit
+fi
+
+echo "$0" "Creating database '$DB' using user '$POSTGRES_USER'. An error is expected if it already exists.";
+
+# DB
+psql -U "$POSTGRES_USER" -c "CREATE DATABASE $DB" >/dev/null
+
+if [ "$ADD_DB_EXTENSIONS" -ne "0" ]; then
+   echo "Loading PostGIS extensions into $DB"
+   # extracted from postgis initdb script
+   psql -U "$POSTGRES_USER" --dbname="$DB" <<-'EOSQL'
+            CREATE EXTENSION IF NOT EXISTS postgis;
+            CREATE EXTENSION IF NOT EXISTS postgis_topology;
+            -- Reconnect to update pg_setting.resetval
+            -- See https://github.com/postgis/docker-postgis/issues/288
+            \c
+            CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
+            CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
+EOSQL
+   echo "Loading ltree into $DB"
+   psql -U "$POSTGRES_USER" --dbname="$DB" <<-'EOSQL'
+            CREATE EXTENSION IF NOT EXISTS ltree;
+EOSQL
+fi
+
+# Grants
+echo "$0" "Grant roles to '$USER' for database '$DB'. A notice is expected if they already exist.";
+
+psql -U "$POSTGRES_USER" >/dev/null <<- EOSQL
+DO
+\$do\$
+BEGIN
+   IF EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$USER') THEN
+      RAISE NOTICE 'Role "$USER" already exists. Skipping.';
+   ELSE
+      CREATE ROLE $USER LOGIN PASSWORD '$PASSWORD';
+      ALTER ROLE $USER SET client_encoding TO 'utf8';
+      ALTER ROLE $USER SET timezone TO 'UTC';
+      GRANT ALL PRIVILEGES ON DATABASE $DB TO $USER;
+      ALTER DATABASE $DB OWNER TO $USER;
+      RAISE NOTICE 'Database "$DB" and user "$USER" created.';
+   END IF;
+END
+\$do\$;
+EOSQL

files/postgres.conf renamed to files/conf/postgres.conf

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+echo $0 "Databases check. Wainting for pg_isready -U $POSTGRES_USER"
+
+wait_for_db() {
+  sleep 2
+  until pg_isready -U "$POSTGRES_USER"; do
+    >&2 echo $0 "Postgres is unavailable - sleeping for 3 seconds."
+    sleep 2
+  done
+
+  echo $0 "Postgres is up - executing command"
+
+  sh /checks/check-user.sh "check-cytomine" "$POSTGRES_USER" "$POSTGRES_PASSWORD" "$POSTGRES_DB" "1"
+  sh /checks/check-user.sh "check-appengine" "$APPENGINE_USER" "$APPENGINE_PASSWORD" "$APPENGINE_DB" "0"
+}
+
+# This will be executed in background as we need the database server to be ready.
+wait_for_db &
+
+# executing next entrypoint, even if there are running background tasks. It will allow Postgres to start.
+exec "$@"