From eefb5580b3e792690e55eb6322bb34df5ced2830 Mon Sep 17 00:00:00 2001 From: metalicn20 Date: Tue, 22 Feb 2022 12:41:34 +0330 Subject: [PATCH 1/3] Add init-backup-user.sh to resources --- resources/postgres/init-backup-user.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 resources/postgres/init-backup-user.sh diff --git a/resources/postgres/init-backup-user.sh b/resources/postgres/init-backup-user.sh new file mode 100644 index 000000000..39b237627 --- /dev/null +++ b/resources/postgres/init-backup-user.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER $POSTGRES_BACKUP_USER WITH ENCRYPTED PASSWORD '$POSTGRES_BACKUP_PASSWORD'; + GRANT CONNECT ON DATABASE $POSTGRES_DB TO $POSTGRES_BACKUP_USER; + GRANT USAGE ON SCHEMA public TO $POSTGRES_BACKUP_USER; + ALTER DEFAULT PRIVILEGES IN SCHEMA public + GRANT SELECT ON TABLES TO $POSTGRES_BACKUP_USER; +EOSQL From 0e446bf1619db482b03868d9e97b10d5bc0f1314 Mon Sep 17 00:00:00 2001 From: metalicn20 Date: Tue, 22 Feb 2022 14:19:06 +0330 Subject: [PATCH 2/3] Add create backup user config to docker-compose.yml --- docker-compose.yml | 50 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b63803fdb..b3261dca7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -77,6 +77,21 @@ services: deploy: restart_policy: condition: on-failure + akhq: + image: tchiotludo/akhq + environment: + AKHQ_CONFIGURATION: | + akhq: + connections: + docker-kafka-server: + properties: + bootstrap.servers: "kafka-1:29092,kafka-2:29092,kafka-3:29092" + networks: + - default + depends_on: + - kafka-1 + - kafka-2 + - kafka-3 vault: image: vault volumes: @@ -89,6 +104,8 @@ services: - SMTP_PASS=${SMTP_PASS} - DB_USER=${DB_USER:-opex} - DB_PASS=${DB_PASS:-hiopex} + - DB_BACKUP_USER=${DB_USER:-opex_backup} + - DB_BACKUP_PASS=${DB_PASS:-hiopex} healthcheck: retries: 5 cap_add: @@ -127,32 +144,23 @@ services: - POSTGRES_USER=${DB_USER:-opex} - POSTGRES_PASSWORD=${DB_PASS:-hiopex} - POSTGRES_DB=opex_accountant + - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup} + - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex} volumes: + - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh - $DATA/accountant-data:/var/lib/postgresql/data/ networks: - default - akhq: - image: tchiotludo/akhq - environment: - AKHQ_CONFIGURATION: | - akhq: - connections: - docker-kafka-server: - properties: - bootstrap.servers: "kafka-1:29092,kafka-2:29092,kafka-3:29092" - networks: - - default - depends_on: - - kafka-1 - - kafka-2 - - kafka-3 postgres-eventlog: image: postgres:14-alpine environment: - POSTGRES_USER=${DB_USER:-opex} - POSTGRES_PASSWORD=${DB_PASS:-hiopex} - POSTGRES_DB=opex_eventlog + - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup} + - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex} volumes: + - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh - $DATA/eventlog-data:/var/lib/postgresql/data/ networks: - default @@ -162,7 +170,10 @@ services: - POSTGRES_USER=${DB_USER:-opex} - POSTGRES_PASSWORD=${DB_PASS:-hiopex} - POSTGRES_DB=opex_auth + - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup} + - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex} volumes: + - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh - $DATA/auth-data:/var/lib/postgresql/data/ networks: - default @@ -175,7 +186,10 @@ services: - POSTGRES_USER=${DB_USER:-opex} - POSTGRES_PASSWORD=${DB_PASS:-hiopex} - POSTGRES_DB=opex_wallet + - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup} + - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex} volumes: + - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh - $DATA/wallet-data:/var/lib/postgresql/data/ networks: - default @@ -188,7 +202,10 @@ services: - POSTGRES_USER=${DB_USER:-opex} - POSTGRES_PASSWORD=${DB_PASS:-hiopex} - POSTGRES_DB=opex_api + - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup} + - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex} volumes: + - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh - $DATA/api-data:/var/lib/postgresql/data/ networks: - default @@ -201,7 +218,10 @@ services: - POSTGRES_USER=${DB_USER:-opex} - POSTGRES_PASSWORD=${DB_PASS:-hiopex} - POSTGRES_DB=opex_bc_gateway + - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup} + - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex} volumes: + - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh - $DATA/bc-gateway-data:/var/lib/postgresql/data/ networks: - default From 989965279eb93073148c14d031359df973356bf7 Mon Sep 17 00:00:00 2001 From: metalicn20 Date: Tue, 22 Feb 2022 14:36:57 +0330 Subject: [PATCH 3/3] Add backup credentials to Jenkinsfile --- Jenkinsfile | 2 ++ dev.Jenkinsfile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index 050395f92..75ff7728a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -20,6 +20,8 @@ pipeline { SMTP_PASS = credentials("smtp-secret") DB_USER = 'opex' DB_PASS = credentials("db-secret") + DB_BACKUP_USER = 'opex_backup' + DB_BACKUP_PASSWORD = credentials("db-backup-secret") KEYCLOAK_ADMIN_URL = 'https://demo.opex.dev/auth' KEYCLOAK_FRONTEND_URL = 'https://demo.opex.dev/auth' COMPOSE_PROJECT_NAME = 'demo-core' diff --git a/dev.Jenkinsfile b/dev.Jenkinsfile index d0134e6b5..3a0dada0a 100644 --- a/dev.Jenkinsfile +++ b/dev.Jenkinsfile @@ -20,6 +20,8 @@ pipeline { SMTP_PASS = credentials("smtp-secret-dev") DB_USER = 'opex' DB_PASS = credentials("db-secret-dev") + DB_BACKUP_USER = 'opex_backup' + DB_BACKUP_PASSWORD = credentials("db-backup-secret-dev") KEYCLOAK_ADMIN_URL = 'https://demo.opex.dev:8443/auth' KEYCLOAK_FRONTEND_URL = 'https://demo.opex.dev:8443/auth' COMPOSE_PROJECT_NAME = 'dev-core'