build and config: add timescaledb

Timescale database is used to store report data
NethServer · Aug 21, 2024 · 99ae329 · 99ae329
1 parent d681636
commit 99ae329
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 3 deletions.
diff --git a/build-images.sh b/build-images.sh
@@ -9,12 +9,13 @@ images=()
 repobase="${REPOBASE:-ghcr.io/nethserver}"
 # Configure the image name
 reponame="nethsecurity-controller"
-controller_version="0.0.33"
+controller_version="report"
 promtail_version=2.7.1
 loki_version=2.9.4
 prometheus_version=2.50.1
 grafana_version=10.3.3
 webssh_version=1.6.2
+timescale_version="latest-pg16"
 
 # Create a new empty container for webssh
 echo "Build webssh container" # from https://github.com/huashengdun/webssh
@@ -74,8 +75,8 @@ buildah add "${container}" ui/dist /ui
 # Setup the entrypoint, ask to reserve one TCP port with the label and set a rootless container
 buildah config --entrypoint=/ \
     --label="org.nethserver.authorizations=traefik@any:routeadm node:tunadm" \
-    --label="org.nethserver.tcp-ports-demand=10" \
-    --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$controller_version ghcr.io/nethserver/nethsecurity-api:$controller_version ghcr.io/nethserver/nethsecurity-ui:$controller_version ghcr.io/nethserver/nethsecurity-proxy:$controller_version docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version ghcr.io/nethserver/webssh:${IMAGETAG:-latest}" \
+    --label="org.nethserver.tcp-ports-demand=11" \
+    --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$controller_version ghcr.io/nethserver/nethsecurity-api:$controller_version ghcr.io/nethserver/nethsecurity-ui:$controller_version ghcr.io/nethserver/nethsecurity-proxy:$controller_version docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version ghcr.io/nethserver/webssh:${IMAGETAG:-latest} docker.io/timescale/timescaledb:$timescale_version" \
     "${container}"
 # Commit the image
 buildah commit "${container}" "${repobase}/${reponame}"

diff --git a/imageroot/actions/create-module/20initialize b/imageroot/actions/create-module/20initialize
@@ -19,11 +19,13 @@ promtail_port=$(($start+4))
 # port 8 is reserved for prometheus
 # port 9 is reserved for grafana
 webssh_port=$(($start+9))
+db_port=$(($start+10))
 
 num=$(echo $MODULE_ID | sed 's/nethsecurity\-controller//')
 
 jwt_secret=$(uuidgen | sha256sum | awk '{print $1}')
 reg_secret=$(uuidgen | sha256sum | awk '{print $1}')
+db_secret=$(uuidgen | sha256sum | awk '{print $1}')
 
 cat << EOF > network.env
 OVPN_UDP_PORT=$ovpn_udp_port
@@ -41,6 +43,12 @@ EOF
 cat << EOF > secret.env
 SECRET_JWT=$jwt_secret
 REGISTRATION_TOKEN=$reg_secret
+POSTGRES_PASSWORD=$db_secret
+EOF
+
+cat << EOF > db.env
+POSTGRES_USER=report
+REPORT_DB_URI=postgres://report:$db_secret@127.0.0.1:$db_port/report
 EOF
 
 mkdir -p clients
diff --git a/imageroot/systemd/user/api.service b/imageroot/systemd/user/api.service
@@ -25,6 +25,7 @@ ExecStart=/usr/bin/podman run \
     --env-file=%S/state/config.env \
     --env-file=%S/state/promtail.env \
     --env-file=%S/state/subscription.env \
+    --env-file=%S/state/db.env \
     ${NETHSECURITY_API_IMAGE}
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/api.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/api.ctr-id

diff --git a/imageroot/systemd/user/timescale.service b/imageroot/systemd/user/timescale.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=Podman timescale.service
+BindsTo=controller.service
+Before=api.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+EnvironmentFile=%S/state/secret.env
+WorkingDirectory=%S/state
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/timescale.pid %t/timescale.ctr-id
+ExecStartPre=/usr/bin/mkdir -vp %S/state/timescale.d
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/timescale.pid \
+    --cidfile %t/timescale.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name timescale \
+    --volume=timescale-data:/var/lib/postgresql/data:z \
+    --env-file=%S/state/db.env \
+    --network=host \
+    ${TIMESCALE_IMAGE} -p ${POSTGRES_PASSWORD}
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/timescale.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/timescale.ctr-id
+PIDFile=%t/timescale.pid
+Type=forking
+
+[Install]
+WantedBy=default.target