Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modify postgres role to be more customizable #403

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

kungfoome
Copy link
Contributor

Currently, you can't open the port for postgres to allow ansible to
interact and run queries from outside the container. This will open the
port to localhost only and allow you to directly communicate with the
postgres intance. This is needed for another PR, so we can run a query
against the instance.

Also, added username and password variables, so this can be added into
the accounts.yml

Please review this template and edit it as appropriate. It's not been provided as a thing to ignore. If there are things that don't apply, remove them. Don't just check boxes for the sake of checking boxes. Remove this paragraph and the related thing below.

Description

Please see commit

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

  • Added postgres.user and postgres.password to accounts.yml
  • Ran ss -nltup to ensure that its only listening on port 5432 on localhost
  • Ran nc -zv mydomain 5432 from an external box to ensure we can't hit that port
  • Changed config to 0.0.0.0:5432:5432 and ran the above scripts. Found that *:5432 was now listening and that the port was open externally, which is expected.

New Role Checklist:

  • I have reviewed the Contribute page in the wiki
  • I have updated the header in any files I may have used as templates with my own information
  • I have added my new role to [COMMUNITY REPO ROOT]/.github/workflows/ci.yml
  • I have added my new role to community.yml
  • I have verified that any Docker images used are current and supported.
  • I have made corresponding changes to the documentation

Currently, you can't open the port for postgres to allow ansible to
interact and run queries from outside the container. This will open the
port to localhost only and allow you to directly communicate with the
postgres intance. This is needed for another PR, so we can run a query
against the instance.

Also, added username and password variables, so this can be added into
the accounts.yml
@saltydk
Copy link
Contributor

saltydk commented Jun 11, 2022

What is the point of doing localhost bindings?

@saltydk
Copy link
Contributor

saltydk commented Jun 11, 2022

You can always access docker networks from the host even when there are no bindings. As you have access to the internal networking.

@kungfoome
Copy link
Contributor Author

You can always access docker networks from the host even when there are no bindings. As you have access to the internal networking.

Is there an easy pattern to know where to connect to? To give an example. We have firefly here and we want to create a new database for firefly, we want to create a username and password for firefly on that database as well. Then we can use this to connect to the database.

My question from that is how we can run those queries from the host box (Ansible) to the container that is running postgres?

In this case we listen on the normal 5432 port for localhost and then now we can just connect to postgres using localhost:5432 without looking anything up on the box and setting a fact.

Again, unless you already have a pattern for this that maybe I missed

@saltydk
Copy link
Contributor

saltydk commented Jun 11, 2022

Anything on the host can access the docker container through its container IP as everything is routed. In Saltbox, my fork of Cloudbox, we have a script that makes container names resolve to the container IP for ease of use since IPs can change as containers are restarted and what not. Linking the script for reference. https://github.com/saltyorg/Saltbox/blob/master/roles/docker/files/docker-update-hosts

@kungfoome
Copy link
Contributor Author

@saltydk This would be great! I checked and i don't have this updated with the basic install of cloudbox. Is this something that needs to be added?

For now, I will remove the published port in here, but keep the username and password. I need to add default values anyway.

I'll wait and see what you say about this host thing and how we can add something like this, so we can easily help setup services that depend on other services.

@saltydk
Copy link
Contributor

saltydk commented Jun 11, 2022

Because there is no development done on Cloudbox anymore, for anything new you'll have to use my fork instead. The script would work fine with Cloudbox if added manually though.

@kungfoome
Copy link
Contributor Author

@saltydk I see. So, is this repo also being used for saltbox?

I'll have to switch over to that instead and do development work based on that. Was just looking at it now and its definitely way more up to date.

@saltydk
Copy link
Contributor

saltydk commented Jun 11, 2022

This community repo? If so, no. But if anything here is missing when you swap over we're usually quick to add it as needed. Our community repo is here: https://github.com/saltyorg/Sandbox

@saltydk
Copy link
Contributor

saltydk commented Jun 11, 2022

The discord is linked on the Saltbox repository if you want to ask questions directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants