diff --git a/assets/db_service/reset_root_pw.sh b/assets/db_service/reset_root_pw.sh
index 56274d51ee73c218ab81365d614a8f31c1b28178..ccbd713be7fcfcc5259daf00feb1e7c9a8145085 100644
--- a/assets/db_service/reset_root_pw.sh
+++ b/assets/db_service/reset_root_pw.sh
@@ -2,17 +2,11 @@
### Reset the root password
set -e
-pw_file=/var/lib/mysql/.pw_file
-if [ ! -f "$pw_file" ];then
- echo $MYSQL_ROOT_PASSWORD > $pw_file
-fi
-root_pw=$(cat $pw_file)
echo "USE mysql; FLUSH PRIVILEGES; ALTER USER "\
"'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASSWORD'; "\
"ALTER USER 'root'@'%' IDENTIFIED BY '$MYSQL_ROOT_PASSWORD'; "\
"ALTER USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD'; "\
"FLUSH PRIVILEGES;" > /tmp/my.sql
-mysql -p$root_pw -u root < /tmp/my.sql
-echo $MYSQL_ROOT_PASSWORD > $pw_file
+mysql -u root < /tmp/my.sql
rm /tmp/my.sql
diff --git a/assets/playbooks/db-server-playbook.yml b/assets/playbooks/db-server-playbook.yml
index a0116671b4a5be8777f5048db6c0b463fc29defe..52bf749eba63fed437bf5dd40029015c79484745 100644
--- a/assets/playbooks/db-server-playbook.yml
+++ b/assets/playbooks/db-server-playbook.yml
@@ -16,9 +16,23 @@
-p {{ db_port }}:3306
-e MYSQL_ROOT_PASSWORD='{{ root_passwd }}'
-v /root/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z
- -v /root/reset_root_pw.sh:/docker-entrypoint-initdb.d/001_reset_passwords.sh:z
-v /root/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z
-t mariadb:latest
+ - skip_tables_cmd: >
+ --net {{ project_name }} -v
+ /opt/freva/{{project_name}}/db_service:/var/lib/mysql:z
+ --name {{ db_name }} -e HOST={{ db_host }}
+ -e NUM_BACKUPS=7
+ -e PROJECT={{ project_name }}
+ -e MYSQL_USER={{db_user}}
+ -e MYSQL_PASSWORD='{{db_passwd}}'
+ -e MYSQL_DATABASE={{db_db}}
+ -e BACKUP_DIR=/var/lib/mysql/backup
+ -p {{ db_port }}:3306
+ -e MYSQL_ROOT_PASSWORD='{{ root_passwd }}'
+ -v /root/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z
+ -v /root/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z
+ -t mariadb:latest mysqld_safe --skip-grant-tables
- continer_name: "{{ db_name }}"
- vault_name: "{{project_name}}-vault"
tasks:
@@ -69,7 +83,7 @@
become: true
- name: Copying auxillary files to target machine
become: true
- copy: src="{{ asset_dir }}/db_service/reset_root_pw.sh" dest=/root/
+ copy: src="{{ asset_dir }}/db_service/reset_root_pw.sh" dest=/tmp/
- name: Copying systemd files
copy:
src: "{{ asset_dir }}/scripts/{{ item }}"
@@ -84,6 +98,21 @@
repo: https://gitlab.dkrz.de/freva/freva-service-config.git
dest: /root/freva-service-config
update: true
+ - name: Preparing the root password reset I
+ become: true
+ shell: /usr/local/bin/docker-or-podman run -d {{skip_tables_cmd}}
+ - pause: seconds=2
+ - name: Preparing the root password reset II
+ become: true
+ shell: /usr/local/bin/docker-or-podman cp /tmp/reset_root_pw.sh {{db_name}}:/tmp
+ - name: Resetting the root password
+ become: true
+ shell: /usr/local/bin/docker-or-podman exec -it {{db_name}} bash /tmp/reset_root_pw.sh
+ - name: Deleting temp. container
+ become: true
+ shell: |
+ /usr/local/bin/docker-or-podman stop {{db_name}}
+ /usr/local/bin/docker-or-podman rm {{db_name}}
- name: Creating the mysql docker container
shell: /usr/local/bin/docker-or-podman run -d {{docker_cmd}}
become: true
@@ -97,17 +126,14 @@
shell: sh /tmp/create_cron.sh "{{ db_name }}" "{{db_email}}"
when: cron.stat.exists == true
- name: Deleting auxillary files
+ become: true
file:
state: absent
path: "{{ item }}"
with_items:
- /tmp/create_systemd.py
- /tmp/create_cron.sh
- - name: Resetting the passwords
- become: true
- shell: >
- /usr/local/bin/docker-or-podman exec -it {{db_name}}
- /bin/bash /docker-entrypoint-initdb.d/001_reset_passwords.sh
+ - /tmp/reset_root_pw.sh
- name: Restarting docker container
become: true
shell: systemctl restart "{{ db_name }}"
diff --git a/assets/scripts/docker-or-podman b/assets/scripts/docker-or-podman
index 0dc19db021f14c28f0f7969cb9bdc4a629eba097..fb9be897edf50614ad6d88feccc3bf87837ec483 100755
--- a/assets/scripts/docker-or-podman
+++ b/assets/scripts/docker-or-podman
@@ -19,7 +19,7 @@ def get_ids(username: Optional[str]) -> Dict[str, int]:
return dict(uid=user.pw_uid, gid=user.pw_gid)
-def parse_args() -> List[str]:
+def parse_args(cont_cmd: str) -> List[str]:
"""Parse the commandline arguments."""
app = argparse.ArgumentParser(prog=sys.argv[0], description="Docker/Podman wrapper")
@@ -31,6 +31,7 @@ def parse_args() -> List[str]:
default=None,
)
args, container_args = app.parse_known_args()
+ ipv6_enable = ["--net", "slirp4netns:allow_host_loopback=true,enable_ipv6=true"]
arguments = [args.command]
for key, value in get_ids(args.username).items():
if args.command == "build" and value:
@@ -38,6 +39,8 @@ def parse_args() -> List[str]:
elif args.command == "run" and value:
arguments.append("-e")
arguments.append(f"{key.upper()}={value}")
+ if args.command == "run" and cont_cmd == "podman":
+ arguments += ipv6_enable
return arguments + container_args
@@ -91,7 +94,7 @@ def write_command_to_disk(
if __name__ == "__main__":
container_cmd = get_container_cmd()
- command = container_cmd + parse_args()
+ command = container_cmd + parse_args(container_cmd[0])
write_command_to_disk(command)
try:
subprocess.run(command, check=True)
diff --git a/assets/web/freva_web.conf b/assets/web/freva_web.conf
index 170ad515b632e8c0ed7414d8573f42c3e349f665..0d3bac673d694d4d1b31a11a15fd894756edc833 100644
--- a/assets/web/freva_web.conf
+++ b/assets/web/freva_web.conf
@@ -163,7 +163,7 @@ Group www-data
</IfModule>
-ServerName www-regiklim.dkrz.de
+ServerName ${FREVA_HOST}
ServerAdmin you@example.com
ServerSignature Off
@@ -189,6 +189,7 @@ SSLCryptoDevice builtin
ProxyPass /static/ !
ProxyPass / http://${FREVA_HOST}:8000/
ProxyPassReverse / http://${FREVA_HOST}:8000/
+ RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
SSLEngine on
Alias /static /srv/static/
Alias /robots.txt /srv/static/robots.txt
diff --git a/src/freva_deployment/__init__.py b/src/freva_deployment/__init__.py
index bc6b36d7e8c158376d33b027a7ff8057f06493ad..4b44f7c79eb487431c966c4b437f5679d147243c 100644
--- a/src/freva_deployment/__init__.py
+++ b/src/freva_deployment/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "2205.1.15"
+__version__ = "2207.0.0"
AVAILABLE_PYTHON_VERSIONS = ["3.7", "3.8", "3.9", "3.10"]
AVAILABLE_CONDA_ARCHS = [
"Linux-x86_64",