Added automatic cluster creation and security enabling

modules/vm/templates/entrypoint.sh.tpl

@@ -155,7 +155,7 @@ HIGHEST_INSTANCE_ID=$${SORTED_INSTANCE_IDs[2]}
 ping_and_set_dns_record() {
 	local dns_record="$1"
 	echo "Pinging $dns_record"
-	if ping -c 3 "$dns_record"; then
+	if ping -c 5 "$dns_record"; then
     	echo "Ping successful"
 	else
 	  echo "Ping failed for $dns_record"
@@ -211,7 +211,6 @@ graphdb.external-url=http://$${node_dns}:7200/
 graphdb.rpc.address=$${node_dns}:7300
 EOF
 
-# TODO provide graphdb_external_address_fqdn
 cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties
 graphdb.auth.token.secret=$graphdb_cluster_token
 graphdb.connector.port=7201
@@ -317,19 +316,29 @@ echo "Finished GraphDB instance configuration"
 #
 # Cluster creation
 #
+GRAPHDB_ADMIN_PASSWORD="$(az keyvault secret show --vault-name ${key_vault_name} --name graphdb-password --query "value" --output tsv)"
 
 check_gdb() {
   local gdb_address="$1:7200/protocol"
-  if curl -s --head --fail $gdb_address > /dev/null; then
+  if curl -s --head -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" --fail $gdb_address > /dev/null; then
     return 0  # Success, endpoint is available
   else
     return 1  # Endpoint not available yet
   fi
 }
 
+# Waits for 3 DNS records to be available
+wait_dns_records() {
+  ALL_FQDN_RECORDS=($(az network private-dns record-set list -z $DNS_ZONE_NAME --resource-group $RESOURCE_GROUP --query "[?contains(name, 'node')].fqdn" --output tsv))
+  if [ "$${ALL_FQDN_RECORDS[@]}" -ne 3 ]; then
+    sleep 5
+    wait_dns_records
+  fi
+}
+
+wait_dns_records
+
 if [ "$INSTANCE_ID" == "$${LOWEST_INSTANCE_ID}" ]; then
-    echo $ALL_FQDN_RECORDS
-    echo $${ALL_FQDN_RECORDS[@]}
     for record in "$${ALL_FQDN_RECORDS[@]}"; do
       echo $record
       # Removes the '.' at the end of the DNS address
@@ -341,14 +350,31 @@ if [ "$INSTANCE_ID" == "$${LOWEST_INSTANCE_ID}" ]; then
     done
 
   echo "All GDB instances are available. Creating cluster"
-
-  is_cluster=$(curl -s -o /dev/null -w "%%{http_code}" http://localhost:7200/rest/monitor/cluster)
+  # Checks if the cluster already exists
+  is_cluster=$(curl -s -o /dev/null -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" -w "%%{http_code}" http://localhost:7200/rest/monitor/cluster)
 
   if [ "$is_cluster" != 200 ]; then
-    curl -X POST -H 'Content-type: application/json' http://localhost:7200/rest/cluster/config -d "{\"nodes\": [\"node-1.$${DNS_ZONE_NAME}:7300\",\"node-2.$${DNS_ZONE_NAME}:7300\",\"node-3.$${DNS_ZONE_NAME}:7300\"]}"
+    curl -X POST -H 'Content-type: application/json' -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" http://localhost:7200/rest/cluster/config -d "{\"nodes\": [\"node-1.$${DNS_ZONE_NAME}:7300\",\"node-2.$${DNS_ZONE_NAME}:7300\",\"node-3.$${DNS_ZONE_NAME}:7300\"]}"
   else
     echo "Cluster exists"
   fi
 fi
 
+#
+# Change admin user password and enable security
+#
+security_enabled=$(curl -s -X GET --header 'Accept: application/json' -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" 'http://localhost:7200/rest/security')
+
+# Check if GDB security is enabled
+if [[ $security_enabled == "true" ]]; then
+    echo "Security is enabled"
+else
+    # Set the admin password
+    curl --location --request PATCH 'http://localhost:7200/rest/security/users/admin' \
+    --header 'Content-Type: application/json' \
+    --data "{ \"password\": \"$${GRAPHDB_ADMIN_PASSWORD}\" }"
+    # Enable the security
+    curl -X POST --header 'Content-Type: application/json' --header 'Accept: */*' -d 'true' 'http://localhost:7200/rest/security'
+fi
+
 echo "Script completed."