diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php index de33a0114..7036b1a31 100644 --- a/app/Actions/Database/StartPostgresql.php +++ b/app/Actions/Database/StartPostgresql.php @@ -52,9 +52,9 @@ class StartPostgresql $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; $this->ssl_certificate = SslHelper::generateSslCertificate( commonName: $this->database->uuid, - // additionalSans: ["IP:{$server->ip_address}"], // Issue is the server IP can be also be a domain/ hostname and we need to be sure what it is before setting it. resourceType: $this->database->getMorphClass(), resourceId: $this->database->id, + serverId: $server->id, caCert: $caCert->ssl_certificate, caKey: $caCert->ssl_private_key, ); @@ -106,60 +106,84 @@ class StartPostgresql ], ], ]; + if (filled($this->database->limits_cpuset)) { data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset); } + if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) { $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration(); } + if (count($this->database->ports_mappings_array) > 0) { $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array; } + + $docker_compose['services'][$container_name]['volumes'] ??= []; + if (count($persistent_storages) > 0) { - $docker_compose['services'][$container_name]['volumes'] = $persistent_storages; + $docker_compose['services'][$container_name]['volumes'] = array_merge( + $docker_compose['services'][$container_name]['volumes'], + $persistent_storages + ); } + if (count($persistent_file_volumes) > 0) { - $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) { - return "$item->fs_path:$item->mount_path"; - })->toArray(); + $docker_compose['services'][$container_name]['volumes'] = array_merge( + $docker_compose['services'][$container_name]['volumes'], + $persistent_file_volumes->map(function ($item) { + return "$item->fs_path:$item->mount_path"; + })->toArray() + ); } + if (count($volume_names) > 0) { $docker_compose['volumes'] = $volume_names; } + if (count($this->init_scripts) > 0) { foreach ($this->init_scripts as $init_script) { - $docker_compose['services'][$container_name]['volumes'][] = [ - 'type' => 'bind', - 'source' => $init_script, - 'target' => '/docker-entrypoint-initdb.d/'.basename($init_script), - 'read_only' => true, - ]; + $docker_compose['services'][$container_name]['volumes'] = array_merge( + $docker_compose['services'][$container_name]['volumes'], + [[ + 'type' => 'bind', + 'source' => $init_script, + 'target' => '/docker-entrypoint-initdb.d/'.basename($init_script), + 'read_only' => true, + ]] + ); } } - if ($this->database->enable_ssl) { - $docker_compose['services'][$container_name]['command'] = [ - 'postgres', - '-c', - 'ssl=on', - '-c', - 'ssl_cert_file=/etc/postgresql/ssl/internal.crt', - '-c', - 'ssl_key_file=/etc/postgresql/ssl/internal.key', - ]; - } + if (filled($this->database->postgres_conf)) { - $docker_compose['services'][$container_name]['volumes'][] = [ - 'type' => 'bind', - 'source' => $this->configuration_dir.'/custom-postgres.conf', - 'target' => '/etc/postgresql/postgresql.conf', - 'read_only' => true, - ]; + $docker_compose['services'][$container_name]['volumes'] = array_merge( + $docker_compose['services'][$container_name]['volumes'], + [[ + 'type' => 'bind', + 'source' => $this->configuration_dir.'/custom-postgres.conf', + 'target' => '/etc/postgresql/postgresql.conf', + 'read_only' => true, + ]] + ); $docker_compose['services'][$container_name]['command'] = [ 'postgres', '-c', 'config_file=/etc/postgresql/postgresql.conf', ]; } + + if ($this->database->enable_ssl) { + $docker_compose['services'][$container_name]['command'] = [ + 'postgres', + '-c', + 'ssl=on', + '-c', + 'ssl_cert_file=/var/lib/postgresql/certs/server.crt', + '-c', + 'ssl_key_file=/var/lib/postgresql/certs/server.key', + ]; + } + // Add custom docker run options $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options); $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network); @@ -173,7 +197,7 @@ class StartPostgresql $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull"; $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d"; if ($this->database->enable_ssl) { - $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->postgres_user}:{$this->database->postgres_user} /etc/postgresql/ssl/internal.key /etc/postgresql/ssl/internal.crt"); + $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->postgres_user}:{$this->database->postgres_user} /var/lib/postgresql/certs/server.key /var/lib/postgresql/certs/server.crt"); } $this->commands[] = "echo 'Database started.'"; @@ -284,16 +308,16 @@ class StartPostgresql } $this->database->fileStorages()->create([ - 'fs_path' => $this->configuration_dir.'/ssl/internal.crt', - 'mount_path' => '/etc/postgresql/ssl/internal.crt', + 'fs_path' => $this->configuration_dir.'/ssl/server.crt', + 'mount_path' => '/var/lib/postgresql/certs/server.crt', 'content' => $this->ssl_certificate->ssl_certificate, 'is_directory' => false, 'chmod' => '644', ]); $this->database->fileStorages()->create([ - 'fs_path' => $this->configuration_dir.'/ssl/internal.key', - 'mount_path' => '/etc/postgresql/ssl/internal.key', + 'fs_path' => $this->configuration_dir.'/ssl/server.key', + 'mount_path' => '/var/lib/postgresql/certs/server.key', 'content' => $this->ssl_certificate->ssl_private_key, 'is_directory' => false, 'chmod' => '600',