From 77417196470cc6bcaeb9084c86df4c2ea2878096 Mon Sep 17 00:00:00 2001
From: Tobias Sommer <tso@spaceapplications.com>
Date: Wed, 15 May 2019 16:01:33 +0200
Subject: [PATCH] Add intial work on docker-entrypoint-always.d

---
 .idea/vcs.xml                                 |  6 ++
 9.4/alpine/.docker-env.local                  | 37 +++++++++++
 9.4/alpine/docker-compose.local.yml           | 17 +++++
 .../configure_pg_hba.sh                       | 14 +++++
 .../configure_rights.sh                       | 19 ++++++
 .../docker-entrypoint-always.d/setup_db.sh    |  9 +++
 9.4/alpine/docker-entrypoint.sh               | 63 +++++++++++++------
 7 files changed, 147 insertions(+), 18 deletions(-)
 create mode 100644 .idea/vcs.xml
 create mode 100644 9.4/alpine/.docker-env.local
 create mode 100644 9.4/alpine/docker-compose.local.yml
 create mode 100644 9.4/alpine/docker-entrypoint-always.d/configure_pg_hba.sh
 create mode 100644 9.4/alpine/docker-entrypoint-always.d/configure_rights.sh
 create mode 100644 9.4/alpine/docker-entrypoint-always.d/setup_db.sh

diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000000..94a25f7f4c
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/9.4/alpine/.docker-env.local b/9.4/alpine/.docker-env.local
new file mode 100644
index 0000000000..897126dd32
--- /dev/null
+++ b/9.4/alpine/.docker-env.local
@@ -0,0 +1,37 @@
+MASTER_DB_HOST=192.168.14.11
+MASTER_DB_PORT=5432
+MASTER_DB_REPLICATION_PASSWORD=WjH5Dn1W
+DB_NAME=msod
+
+DB_USER=django_user
+DB_PASSWORD=123
+
+ALFRESCO_HOST=http://10.1.10.37
+ALFRESCO_PORT=8180
+ALFRESCO_PASSWORD=admin
+ALFRESCO_USERNAME=admin
+
+CENTRAL_TOOL_BASE_URL=http://web-central:8000
+CENTRAL_TOOL_API_SCHEMA_URL=/issdb/m2m/api/schema/
+CENTRAL_TOOL_API_AUTH_USER=admin
+CENTRAL_TOOL_API_AUTH_PASSWORD=admin
+
+CENTRAL_TOOL_PM_EXCHANGE_ENDPOINT=/issdb/api/central-exchanged-planning-models/
+
+# production only
+DOMAIN_NAME=auth.iss-db.spaceapplications.com
+AUTH_SSO_PUBLIC_KEY=a.cert
+AUTH_SSO_PRIVATE_KEY=a.key
+RAVEN_DSN=
+
+# set to 1 to create empty database (without replication)
+CREATE_EMPTY_DB=
+
+EXTRA_ALLOWED_HOSTS=localhost,*
+
+ISS_DB=1
+
+DEPLOYMENT_ENVIRONMENT=production
+
+SILK=
+AGENCY_NAME=NASA
\ No newline at end of file
diff --git a/9.4/alpine/docker-compose.local.yml b/9.4/alpine/docker-compose.local.yml
new file mode 100644
index 0000000000..1d81ba00d8
--- /dev/null
+++ b/9.4/alpine/docker-compose.local.yml
@@ -0,0 +1,17 @@
+version: '3'
+services:
+
+  db:
+    container_name: db
+    image: postgres/always
+    env_file: .docker-env.local
+#    environment:
+#      - POSTGRES_DB=msod
+    volumes:
+      - /var/iss-db/postgres/db/data:/var/lib/postgresql/data:rw
+      - /var/iss-db/postgres/db/backup:/var/iss-db/backup:rw
+      - /home/tso/Projects/postgres/9.4/alpine/docker-entrypoint.sh:/docker-entrypoint.sh
+      - /home/tso/Projects/postgres/9.4/alpine/docker-entrypoint-always.d:/docker-entrypoint-always.d
+    ports:
+      - ${DB_LT_PORT:-127.0.0.1:8432}:5432
+    restart: unless-stopped
diff --git a/9.4/alpine/docker-entrypoint-always.d/configure_pg_hba.sh b/9.4/alpine/docker-entrypoint-always.d/configure_pg_hba.sh
new file mode 100644
index 0000000000..c35c92f593
--- /dev/null
+++ b/9.4/alpine/docker-entrypoint-always.d/configure_pg_hba.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Configure pg_hba.conf
+
+# NASA might require narrowed down list of allowed ips
+allowed_ips="all"
+
+# Echo multiline to file, overwrite existing pg_hba.conf
+{
+    echo "# Local access to db enabled if system user is postgres"
+    echo "local all postgres peer"
+    echo
+    echo "# External access to db requires password and is only enabled for $DB_USER"
+    echo "host msod $DB_USER $allowed_ips md5"
+} > "$PGDATA/pg_hba.conf"
diff --git a/9.4/alpine/docker-entrypoint-always.d/configure_rights.sh b/9.4/alpine/docker-entrypoint-always.d/configure_rights.sh
new file mode 100644
index 0000000000..9016feb026
--- /dev/null
+++ b/9.4/alpine/docker-entrypoint-always.d/configure_rights.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# TODO: Setup msodreporter settings here
+
+# Create a non-superuser user without rights to 1) create databases 2) create users
+#/usr/bin/createuser "$DB_USER" -D -R
+
+echo "Creating user $DB_USER if it doesn't exists"
+psql -tc "SELECT 1 FROM pg_user WHERE usename = '$DB_USER'"  \
+    | grep -q 1 && echo "User ${DB_USER} already exists"  \
+    || psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASSWORD';"
+
+psql -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO $DB_USER;"
+psql -c "GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO $DB_USER;"
+psql -c "GRANT ALL PRIVILEGES ON SCHEMA public TO $DB_USER;"
+
+# TODO: Do the below?
+#REVOKE CREATE ON SCHEMA public FROM public;
+
diff --git a/9.4/alpine/docker-entrypoint-always.d/setup_db.sh b/9.4/alpine/docker-entrypoint-always.d/setup_db.sh
new file mode 100644
index 0000000000..c841235da0
--- /dev/null
+++ b/9.4/alpine/docker-entrypoint-always.d/setup_db.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+if [ "${CREATE_EMPTY_DB}" == "1" ]; then
+    echo "${PURPLE}Creating empty database${END}"
+    # create DB if it doesn't already exist
+    psql -tc "SELECT 1 FROM pg_database WHERE datname = '${DB_NAME}'"  \
+  | grep -q 1 && echo "Database ${DB_NAME} already exists"  \
+  || psql -c "CREATE DATABASE ${DB_NAME}"
+fi
\ No newline at end of file
diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh
index 8f9cfcc92c..f8935d67cb 100755
--- a/9.4/alpine/docker-entrypoint.sh
+++ b/9.4/alpine/docker-entrypoint.sh
@@ -24,6 +24,29 @@ file_env() {
 	unset "$fileVar"
 }
 
+# Extraction of script execution function
+# usage: do_script /path/file.sh
+do_script() {
+    case "$1" in
+        *.sh)
+            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+            # https://github.com/docker-library/postgres/pull/452
+            if [ -x "$1" ]; then
+                echo "$0: running $1"
+                "$1"
+            else
+                echo "$0: sourcing $1"
+                . "$1"
+            fi
+            ;;
+        *.sql)    echo "$0: running $1"; "${psql[@]}" -f "$1"; echo ;;
+        *.sql.gz) echo "$0: running $1"; gunzip -c "$1" | "${psql[@]}"; echo ;;
+        *)        echo "$0: ignoring $1" ;;
+    esac
+    echo
+}
+
+
 if [ "${1:0:1}" = '-' ]; then
 	set -- postgres "$@"
 fi
@@ -143,23 +166,7 @@ if [ "$1" = 'postgres' ]; then
 
 		echo
 		for f in /docker-entrypoint-initdb.d/*; do
-			case "$f" in
-				*.sh)
-					# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
-					# https://github.com/docker-library/postgres/pull/452
-					if [ -x "$f" ]; then
-						echo "$0: running $f"
-						"$f"
-					else
-						echo "$0: sourcing $f"
-						. "$f"
-					fi
-					;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
-				*)        echo "$0: ignoring $f" ;;
-			esac
-			echo
+			do_script "$f"
 		done
 
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
@@ -168,9 +175,29 @@ if [ "$1" = 'postgres' ]; then
 		unset PGPASSWORD
 
 		echo
-		echo 'PostgreSQL init process complete; ready for start up.'
+		echo 'PostgreSQL initialisation process complete'
 		echo
 	fi
+
+    echo
+    echo 'PostgreSQL doing default configuration'
+    echo
+
+	# Start
+	pg_ctl -D "$PGDATA" \
+			-o "-c listen_addresses=''" \
+			-w start
+
+    for f in /docker-entrypoint-always.d/*; do
+        do_script "$f"
+    done
+
+    # End
+    pg_ctl -D "$PGDATA" -m fast -w stop
+
+    echo
+    echo 'PostgreSQL default configuration process complete'
+    echo
 fi
 
 exec "$@"