slught changes to the starting of the process
This commit is contained in:
+29
-72
@@ -6,7 +6,6 @@ cd "$SCRIPT_DIR"
|
|||||||
|
|
||||||
DOCKER_CMD=()
|
DOCKER_CMD=()
|
||||||
SECRETS_FILE="$SCRIPT_DIR/.mongo-secrets.env"
|
SECRETS_FILE="$SCRIPT_DIR/.mongo-secrets.env"
|
||||||
MONGO_VOLUME_NAME="$(basename "$SCRIPT_DIR" | tr '[:upper:]' '[:lower:]')_mongo_data"
|
|
||||||
|
|
||||||
ensure_mongo_secrets() {
|
ensure_mongo_secrets() {
|
||||||
if [ -f "$SECRETS_FILE" ]; then
|
if [ -f "$SECRETS_FILE" ]; then
|
||||||
@@ -16,8 +15,37 @@ ensure_mongo_secrets() {
|
|||||||
|
|
||||||
if [ -z "${MONGO_INITDB_ROOT_PASSWORD:-}" ]; then
|
if [ -z "${MONGO_INITDB_ROOT_PASSWORD:-}" ]; then
|
||||||
MONGO_INITDB_ROOT_PASSWORD="$(openssl rand -hex 24)"
|
MONGO_INITDB_ROOT_PASSWORD="$(openssl rand -hex 24)"
|
||||||
|
|
||||||
|
ensure_mongo_app_user() {
|
||||||
|
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" exec -T mongodb mongosh --quiet \
|
||||||
|
--username "$MONGO_INITDB_ROOT_USERNAME" \
|
||||||
|
--password "$MONGO_INITDB_ROOT_PASSWORD" \
|
||||||
|
--authenticationDatabase admin \
|
||||||
|
--eval '
|
||||||
|
const appDatabase = process.env.MONGO_DB_NAME || "Invario_Website";
|
||||||
|
const appUser = process.env.MONGO_APP_USER || "website_app";
|
||||||
|
const appPassword = process.env.MONGO_APP_PASSWORD;
|
||||||
|
|
||||||
|
if (!appPassword) {
|
||||||
|
throw new Error("Missing MONGO_APP_PASSWORD");
|
||||||
|
}
|
||||||
|
|
||||||
|
const appDb = db.getSiblingDB(appDatabase);
|
||||||
|
if (!appDb.getUser(appUser)) {
|
||||||
|
appDb.createUser({
|
||||||
|
user: appUser,
|
||||||
|
pwd: appPassword,
|
||||||
|
roles: [{ role: "readWrite", db: appDatabase }],
|
||||||
|
});
|
||||||
|
print("created app user");
|
||||||
|
} else {
|
||||||
|
print("app user already exists");
|
||||||
|
}
|
||||||
|
'
|
||||||
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
ensure_mongo_app_user
|
||||||
if [ -z "${MONGO_APP_PASSWORD:-}" ]; then
|
if [ -z "${MONGO_APP_PASSWORD:-}" ]; then
|
||||||
MONGO_APP_PASSWORD="$(openssl rand -hex 24)"
|
MONGO_APP_PASSWORD="$(openssl rand -hex 24)"
|
||||||
fi
|
fi
|
||||||
@@ -82,77 +110,6 @@ fi
|
|||||||
resolve_docker_cmd
|
resolve_docker_cmd
|
||||||
|
|
||||||
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" build website
|
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" build website
|
||||||
|
|
||||||
mongo_bootstrap_needed() {
|
|
||||||
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" exec -T mongodb mongosh --quiet --username "$MONGO_INITDB_ROOT_USERNAME" --password "$MONGO_INITDB_ROOT_PASSWORD" --authenticationDatabase admin --eval 'db.adminCommand({ ping: 1 }).ok' >/dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
bootstrap_mongo_users() {
|
|
||||||
echo "MongoDB bootstrap erforderlich; starte temporären Recovery-Modus ohne Auth..."
|
|
||||||
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" stop mongodb || true
|
|
||||||
"${DOCKER_CMD[@]}" run -d --rm \
|
|
||||||
--name invario-mongo-recovery \
|
|
||||||
--network host \
|
|
||||||
-v "${MONGO_VOLUME_NAME}:/data/db" \
|
|
||||||
mongo:7 \
|
|
||||||
mongod --dbpath /data/db --bind_ip 127.0.0.1 --port 27017 --noauth >/dev/null
|
|
||||||
|
|
||||||
trap '"${DOCKER_CMD[@]}" stop invario-mongo-recovery >/dev/null 2>&1 || true' EXIT
|
|
||||||
|
|
||||||
for _ in 1 2 3 4 5 6 7 8 9 10; do
|
|
||||||
if "${DOCKER_CMD[@]}" run --rm --network host mongo:7 mongosh --quiet mongodb://127.0.0.1:27017 --eval 'db.adminCommand({ ping: 1 }).ok' >/dev/null 2>&1; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
|
|
||||||
"${DOCKER_CMD[@]}" run --rm --network host --env-file "$SECRETS_FILE" mongo:7 mongosh --quiet mongodb://127.0.0.1:27017 --eval '
|
|
||||||
const appDatabase = process.env.MONGO_DB_NAME || "Invario_Website";
|
|
||||||
const rootUser = process.env.MONGO_INITDB_ROOT_USERNAME || "website_root";
|
|
||||||
const rootPassword = process.env.MONGO_INITDB_ROOT_PASSWORD;
|
|
||||||
const appUser = process.env.MONGO_APP_USER || "website_app";
|
|
||||||
const appPassword = process.env.MONGO_APP_PASSWORD;
|
|
||||||
|
|
||||||
if (!rootPassword || !appPassword) {
|
|
||||||
throw new Error("Missing Mongo bootstrap credentials");
|
|
||||||
}
|
|
||||||
|
|
||||||
const adminDb = db.getSiblingDB("admin");
|
|
||||||
try {
|
|
||||||
adminDb.createUser({
|
|
||||||
user: rootUser,
|
|
||||||
pwd: rootPassword,
|
|
||||||
roles: [{ role: "root", db: "admin" }],
|
|
||||||
});
|
|
||||||
} catch (error) {
|
|
||||||
if (!String(error).includes("already exists")) {
|
|
||||||
throw error;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
const appDb = db.getSiblingDB(appDatabase);
|
|
||||||
try {
|
|
||||||
appDb.createUser({
|
|
||||||
user: appUser,
|
|
||||||
pwd: appPassword,
|
|
||||||
roles: [{ role: "readWrite", db: appDatabase }],
|
|
||||||
});
|
|
||||||
} catch (error) {
|
|
||||||
if (!String(error).includes("already exists")) {
|
|
||||||
throw error;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'
|
|
||||||
|
|
||||||
"${DOCKER_CMD[@]}" stop invario-mongo-recovery >/dev/null
|
|
||||||
trap - EXIT
|
|
||||||
echo "MongoDB bootstrap abgeschlossen. Starte gesicherten Dienst erneut..."
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! mongo_bootstrap_needed; then
|
|
||||||
bootstrap_mongo_users
|
|
||||||
fi
|
|
||||||
|
|
||||||
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" up -d mongodb
|
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" up -d mongodb
|
||||||
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" up -d --no-deps website
|
"${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" up -d --no-deps website
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user