diff --git a/modules/vm/templates/entrypoint.sh.tpl b/modules/vm/templates/entrypoint.sh.tpl index 73e766d..c9bc2a2 100644 --- a/modules/vm/templates/entrypoint.sh.tpl +++ b/modules/vm/templates/entrypoint.sh.tpl @@ -155,7 +155,7 @@ HIGHEST_INSTANCE_ID=$${SORTED_INSTANCE_IDs[2]} ping_and_set_dns_record() { local dns_record="$1" echo "Pinging $dns_record" - if ping -c 3 "$dns_record"; then + if ping -c 5 "$dns_record"; then echo "Ping successful" else echo "Ping failed for $dns_record" @@ -211,7 +211,6 @@ graphdb.external-url=http://$${node_dns}:7200/ graphdb.rpc.address=$${node_dns}:7300 EOF -# TODO provide graphdb_external_address_fqdn cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties graphdb.auth.token.secret=$graphdb_cluster_token graphdb.connector.port=7201 @@ -317,19 +316,29 @@ echo "Finished GraphDB instance configuration" # # Cluster creation # +GRAPHDB_ADMIN_PASSWORD="$(az keyvault secret show --vault-name ${key_vault_name} --name graphdb-password --query "value" --output tsv)" check_gdb() { local gdb_address="$1:7200/protocol" - if curl -s --head --fail $gdb_address > /dev/null; then + if curl -s --head -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" --fail $gdb_address > /dev/null; then return 0 # Success, endpoint is available else return 1 # Endpoint not available yet fi } +# Waits for 3 DNS records to be available +wait_dns_records() { + ALL_FQDN_RECORDS=($(az network private-dns record-set list -z $DNS_ZONE_NAME --resource-group $RESOURCE_GROUP --query "[?contains(name, 'node')].fqdn" --output tsv)) + if [ "$${ALL_FQDN_RECORDS[@]}" -ne 3 ]; then + sleep 5 + wait_dns_records + fi +} + +wait_dns_records + if [ "$INSTANCE_ID" == "$${LOWEST_INSTANCE_ID}" ]; then - echo $ALL_FQDN_RECORDS - echo $${ALL_FQDN_RECORDS[@]} for record in "$${ALL_FQDN_RECORDS[@]}"; do echo $record # Removes the '.' at the end of the DNS address @@ -341,14 +350,31 @@ if [ "$INSTANCE_ID" == "$${LOWEST_INSTANCE_ID}" ]; then done echo "All GDB instances are available. Creating cluster" - - is_cluster=$(curl -s -o /dev/null -w "%%{http_code}" http://localhost:7200/rest/monitor/cluster) + # Checks if the cluster already exists + is_cluster=$(curl -s -o /dev/null -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" -w "%%{http_code}" http://localhost:7200/rest/monitor/cluster) if [ "$is_cluster" != 200 ]; then - curl -X POST -H 'Content-type: application/json' http://localhost:7200/rest/cluster/config -d "{\"nodes\": [\"node-1.$${DNS_ZONE_NAME}:7300\",\"node-2.$${DNS_ZONE_NAME}:7300\",\"node-3.$${DNS_ZONE_NAME}:7300\"]}" + curl -X POST -H 'Content-type: application/json' -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" http://localhost:7200/rest/cluster/config -d "{\"nodes\": [\"node-1.$${DNS_ZONE_NAME}:7300\",\"node-2.$${DNS_ZONE_NAME}:7300\",\"node-3.$${DNS_ZONE_NAME}:7300\"]}" else echo "Cluster exists" fi fi +# +# Change admin user password and enable security +# +security_enabled=$(curl -s -X GET --header 'Accept: application/json' -u "admin:$${GRAPHDB_ADMIN_PASSWORD}" 'http://localhost:7200/rest/security') + +# Check if GDB security is enabled +if [[ $security_enabled == "true" ]]; then + echo "Security is enabled" +else + # Set the admin password + curl --location --request PATCH 'http://localhost:7200/rest/security/users/admin' \ + --header 'Content-Type: application/json' \ + --data "{ \"password\": \"$${GRAPHDB_ADMIN_PASSWORD}\" }" + # Enable the security + curl -X POST --header 'Content-Type: application/json' --header 'Accept: */*' -d 'true' 'http://localhost:7200/rest/security' +fi + echo "Script completed."