From 5006806e21883e1fa59c1a50e503878f8374886a Mon Sep 17 00:00:00 2001 From: Giacomo Sanchietti Date: Wed, 21 Aug 2024 15:13:15 +0200 Subject: [PATCH] build and action: add timescaledb Timescale database is used to store report data --- build-images.sh | 7 +++-- imageroot/actions/create-module/20initialize | 8 +++++ imageroot/systemd/timescale.service | 31 ++++++++++++++++++++ imageroot/systemd/user/api.service | 1 + 4 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 imageroot/systemd/timescale.service diff --git a/build-images.sh b/build-images.sh index 080daa5..5e432c5 100755 --- a/build-images.sh +++ b/build-images.sh @@ -9,12 +9,13 @@ images=() repobase="${REPOBASE:-ghcr.io/nethserver}" # Configure the image name reponame="nethsecurity-controller" -controller_version="0.0.33" +controller_version="report" promtail_version=2.7.1 loki_version=2.9.4 prometheus_version=2.50.1 grafana_version=10.3.3 webssh_version=1.6.2 +timescale_version="latest-pg16" # Create a new empty container for webssh echo "Build webssh container" # from https://github.com/huashengdun/webssh @@ -74,8 +75,8 @@ buildah add "${container}" ui/dist /ui # Setup the entrypoint, ask to reserve one TCP port with the label and set a rootless container buildah config --entrypoint=/ \ --label="org.nethserver.authorizations=traefik@any:routeadm node:tunadm" \ - --label="org.nethserver.tcp-ports-demand=10" \ - --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$controller_version ghcr.io/nethserver/nethsecurity-api:$controller_version ghcr.io/nethserver/nethsecurity-ui:$controller_version ghcr.io/nethserver/nethsecurity-proxy:$controller_version docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version ghcr.io/nethserver/webssh:${IMAGETAG:-latest}" \ + --label="org.nethserver.tcp-ports-demand=11" \ + --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$controller_version ghcr.io/nethserver/nethsecurity-api:$controller_version ghcr.io/nethserver/nethsecurity-ui:$controller_version ghcr.io/nethserver/nethsecurity-proxy:$controller_version docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version ghcr.io/nethserver/webssh:${IMAGETAG:-latest} docker.io/timescale/timescaledb:$timescale_version" \ "${container}" # Commit the image buildah commit "${container}" "${repobase}/${reponame}" diff --git a/imageroot/actions/create-module/20initialize b/imageroot/actions/create-module/20initialize index 6e40e1c..3313168 100755 --- a/imageroot/actions/create-module/20initialize +++ b/imageroot/actions/create-module/20initialize @@ -19,11 +19,13 @@ promtail_port=$(($start+4)) # port 8 is reserved for prometheus # port 9 is reserved for grafana webssh_port=$(($start+9)) +db_port=$(($start+10)) num=$(echo $MODULE_ID | sed 's/nethsecurity\-controller//') jwt_secret=$(uuidgen | sha256sum | awk '{print $1}') reg_secret=$(uuidgen | sha256sum | awk '{print $1}') +db_secret=$(uuidgen | sha256sum | awk '{print $1}') cat << EOF > network.env OVPN_UDP_PORT=$ovpn_udp_port @@ -41,6 +43,12 @@ EOF cat << EOF > secret.env SECRET_JWT=$jwt_secret REGISTRATION_TOKEN=$reg_secret +POSTGRES_PASSWORD=$db_secret +EOF + +cat << EOF > db.env +POSTGRES_USER=report +REPORT_DB_URI=postgres://report:$db_secret@127.0.0.1:$db_port/report EOF mkdir -p clients diff --git a/imageroot/systemd/timescale.service b/imageroot/systemd/timescale.service new file mode 100644 index 0000000..dffeb73 --- /dev/null +++ b/imageroot/systemd/timescale.service @@ -0,0 +1,31 @@ +[Unit] +Description=Podman timescale.service +BindsTo=controller.service +Before=api.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +EnvironmentFile=%S/state/environment +EnvironmentFile=%S/state/sercret.env +WorkingDirectory=%S/state +Restart=always +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/timescale.pid %t/timescale.ctr-id +ExecStartPre=/usr/bin/mkdir -vp %S/state/timescale.d +ExecStart=/usr/bin/podman run \ + --conmon-pidfile %t/timescale.pid \ + --cidfile %t/timescale.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/controller.pod-id \ + --replace -d --name timescale \ + --volume=timescale-data:/var/lib/postgresql/data:z \ + --env-file=%S/state/db.env \ + --network=host \ + ${TIMESCALE_IMAGE} -p ${POSTGRES_PASSWORD} +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/timescale.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/timescale.ctr-id +PIDFile=%t/timescale.pid +Type=forking + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/imageroot/systemd/user/api.service b/imageroot/systemd/user/api.service index bb50911..ac0b20d 100644 --- a/imageroot/systemd/user/api.service +++ b/imageroot/systemd/user/api.service @@ -25,6 +25,7 @@ ExecStart=/usr/bin/podman run \ --env-file=%S/state/config.env \ --env-file=%S/state/promtail.env \ --env-file=%S/state/subscription.env \ + --env-file=%S/state/db.env \ ${NETHSECURITY_API_IMAGE} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/api.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/api.ctr-id