[Fixing #8] External PostgreSQL Database support (#47)

* fixing issue #8

README.md

@@ -43,8 +43,9 @@ If you want to go straight for a production installation follow the [installatio
 
 Furhter docs:
 - [https-ingress](docs/https-ingress.md)
-- [access-geonode-database-from-outside-of-kubernetes](docs/external-database-access.md)
+- [access-geonode-database-from-outside-of-kubernetes](docs/access-geonode-database-from-outside.md)
 - [configure-nginx-ingress-body-size-timeout](docs/nginx-ingress-class.md)
+- [run-with-external-postgresql-database](docs/external-database.md)
 
 Install
 -------

deployment/geonode/templates/_helpers.tpl

@@ -1,4 +1,5 @@
 
+
 # define pod names (equal service names)
 {{- define "geoserver_pod_name" -}}
 {{ .Release.Name }}-{{ .Values.geoserver.pod_name }}
@@ -9,24 +10,68 @@
 {{- end -}}
 
 {{- define "postgres_pod_name" -}}
-{{ .Release.Name }}-{{ .Values.postgres.pod_name }}
+{{ .Release.Name }}-{{ .Values.postgres.operator_manifest.pod_name }}
 {{- end -}}
 
 {{- define "nginx_pod_name" -}}
 {{ .Release.Name }}-{{ .Values.nginx.pod_name }}
 {{- end -}}
 
 
+
+# Database definitions
+
+
+{{- define "database_hostname" -}}
+{{- if (index .Values "postgres-operator" "enabled") -}}
+{{ include "postgres_pod_name" . }}
+{{- else if .Values.postgres.external_postgres.enabled -}}
+{{- .Values.postgres.external_postgres.hostname -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "database_port" -}}
+{{- if (index .Values "postgres-operator" "enabled") -}}
+5432
+{{- else if .Values.postgres.external_postgres.enabled -}}
+{{ .Values.postgres.external_postgres.port }}
+{{- end -}}
+{{- end -}}
+
+# secret key reference for the password of user:  .Values.postgres.username
+{{- define "database_postgres_password_secret_key_ref" -}}
+{{- if (index .Values "postgres-operator" "enabled") -}}
+"{{ .Values.postgres.username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do"
+{{- else if .Values.postgres.external_postgres.enabled -}}
+"{{ .Release.Name }}-postgres-external-secrets"
+{{- end -}}
+{{- end -}}
+
+# secret key reference for the password of user:  .Values.postgres.geonodedatabase_and_username
+{{- define "database_geonode_password_secret_key_ref" -}}
+{{- if (index .Values "postgres-operator" "enabled") -}}
+"{{ .Values.postgres.geonode_databasename_and_username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do"
+{{- else if .Values.postgres.external_postgres.enabled -}}
+"{{ .Release.Name }}-geonode-external-secrets"
+{{- end -}}
+{{- end -}}
+
+# secret key reference for the password of user: .Values.postgres.geodatabasename_and_username
+{{- define "database_geodata_password_secret_key_ref" -}}
+{{- if (index .Values "postgres-operator" "enabled") -}}
+"{{ .Values.postgres.geodata_databasename_and_username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do"
+{{- else if .Values.postgres.external_postgres.enabled -}}
+"{{ .Release.Name }}-geodata-external-secrets"
+{{- end -}}
+{{- end -}}
+
 # Volume names
 {{- define "persistant_volume_name" -}}
 persistence
 {{- end -}}
 
 
 # ports and endpoints
-{{- define "database_port" -}}
-5432
-{{- end -}}
 
 {{- define "rabbit_host" -}}
 {{ .Release.Name }}-rabbitmq:5672

deployment/geonode/templates/geonode/geonode-deploy.yaml

@@ -1,3 +1,18 @@
+# check if external and postgres-operator database backends are active
+{{ $postgres_operator := index .Values "postgres-operator" "enabled" }}
+{{ $postgres_operator_ui := index .Values "postgres-operator-ui" "enabled"}}
+# check if multiple database backends are active
+{{ if and .Values.postgres.external_postgres.enabled $postgres_operator }}
+  {{- fail "Error, two Database backends enabled, check .Values.postgres.external_postgres or .Values.postgres-operator ..." }}
+{{ else if  and (not .Values.postgres.external_postgres.enabled) (not $postgres_operator) }}
+  {{- fail "Error, no Database backend is enabled, check .Values.postgres.external_postgres or .Values.postgres-operator ..." }}
+{{ end }}
+# check if operator ui is activated even postgres-operator is disabled
+{{ if and ($postgres_operator_ui) (not $postgres_operator) }}
+  {{- fail "Error, postgres-operator-ui enabled even postgres-operator ist disabled ..." }}
+{{ end }}
+
+
 # geonode stateful set
 apiVersion: apps/v1
 kind: StatefulSet
@@ -29,7 +44,7 @@ spec:
         args:
         - -timeout=60s
         - -wait
-        - tcp://{{ include "postgres_pod_name" . }}:{{ include "database_port" .}}
+        - tcp://{{ include "database_hostname" . }}:{{ include "database_port" . }}
         - -wait
         - tcp://{{ include "rabbit_host" .}}
 
@@ -43,7 +58,7 @@ spec:
         - -c
         - |
           # install dockerize...
-          wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+          wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
             && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
             && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
@@ -78,18 +93,18 @@ spec:
         env:
         - name: GEONODE_DATABASE_PASSWORD
           valueFrom:
-            secretKeyRef:
-              name:  {{ .Values.postgres.geonodedatabase }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do
+            secretKeyRef: 
+              name: {{ include "database_geonode_password_secret_key_ref" . }}
               key: password
         - name: GEONODE_GEODATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.postgres.geodatabasename }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do
+              name: {{ include "database_geodata_password_secret_key_ref" . }}
               key: password
         - name: POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.postgres.username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do
+              name: {{ include "database_postgres_password_secret_key_ref" . }}
               key: password
         - name: GEODATABASE_URL
           value: "postgis://$(GEONODE_GEODATABASE):$(GEONODE_GEODATABASE_PASSWORD)@$(DATABASE_HOST):$(DATABASE_PORT)/$(GEONODE_GEODATABASE)"
@@ -144,7 +159,7 @@ spec:
         - -c
         - |
           # install dockerize...
-          wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+          wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
             && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
             && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
@@ -164,35 +179,33 @@ spec:
           cat /usr/src/geonode/geonode/geonode-k8s-settings.py >> /usr/src/geonode/geonode/settings.py
 
           # Setup
-          touch /usr/src/geonode/invoke.log
-          dockerize -stdout /usr/src/geonode/invoke.log /usr/src/geonode/entrypoint.sh celery-cmd
+          touch /var/log/celery.log
+          dockerize -stdout /var/log/celery.log /usr/src/geonode/entrypoint.sh celery-cmd
 
         envFrom:
           - configMapRef:
               name: {{ include "geonode_pod_name" . }}-env
 
         env:
-        - name: IS_CELERY
-          value: 'True'
         - name: GEONODE_DATABASE_PASSWORD
           valueFrom:
-            secretKeyRef:
-              name:  {{ .Values.postgres.geonodedatabase }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do
+            secretKeyRef: 
+              name: {{ include "database_geonode_password_secret_key_ref" . }}
               key: password
         - name: GEONODE_GEODATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.postgres.geodatabasename }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do
+              name: {{ include "database_geodata_password_secret_key_ref" . }}
               key: password
         - name: POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.postgres.username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do
+              name: {{ include "database_postgres_password_secret_key_ref" . }}
               key: password
         - name: GEODATABASE_URL
           value: "postgis://$(GEONODE_GEODATABASE):$(GEONODE_GEODATABASE_PASSWORD)@$(DATABASE_HOST):$(DATABASE_PORT)/$(GEONODE_GEODATABASE)"
         - name: DATABASE_URL
-          value: "postgis://$(GEONODE_DATABASE):$(GEONODE_DATABASE_PASSWORD)@$(DATABASE_HOST):$(DATABASE_PORT)/$(GEONODE_DATABASE)"        
+          value: "postgis://$(GEONODE_DATABASE):$(GEONODE_DATABASE_PASSWORD)@$(DATABASE_HOST):$(DATABASE_PORT)/$(GEONODE_DATABASE)"
 
         ports:
         - containerPort: 5555
@@ -265,3 +278,4 @@ spec:
         # Using an emptyDir to cache compiled statics... it will survive container crashes, but not pod restarts
         - name: cache-volume
           emptyDir: {}
+

deployment/geonode/templates/geonode/geonode-entrypoint-sh-conf.yaml

@@ -45,8 +45,8 @@ data:
     echo MONITORING_HOST_NAME=$MONITORING_HOST_NAME
     echo MONITORING_SERVICE_NAME=$MONITORING_SERVICE_NAME
     echo MONITORING_DATA_TTL=$MONITORING_DATA_TTL
-
-    invoke waitfordbs
+    # deactivated until https://github.com/GeoNode/geonode/pull/11340 is merged
+    #invoke waitfordbs
 
     cmd="$@"
 
@@ -61,7 +61,8 @@ data:
         if [ ${FORCE_REINIT} = "true" ]  || [ ${FORCE_REINIT} = "True" ] || [ ! -e "/mnt/volumes/statics/geonode_init.lock" ]; then
             invoke updategeoip
             invoke fixtures
-            invoke monitoringfixture
+            # currently not implemented in geonode-k8s
+            # invoke monitoringfixture
             invoke initialized
             invoke updateadmin
         fi

deployment/geonode/templates/geonode/geonode-env.yaml

@@ -191,11 +191,11 @@ data:
   SENTRY_ENVIRONMENT: {{ .Values.geonode.sentry.environment | quote }}
 
   # Database Settings
-  DATABASE_HOST: "{{ include "postgres_pod_name" . }}"
-  DATABASE_PORT: "{{ include "database_port" .}}"
+  DATABASE_HOST: {{ include "database_hostname" . | quote }}
+  DATABASE_PORT: {{ include "database_port" . | quote }}
 
-  POSTGRES_USER: {{ .Values.postgres.username }}
-  GEONODE_DATABASE: {{ .Values.postgres.geonodedatabase | quote }}
-  GEONODE_GEODATABASE: {{ .Values.postgres.geodatabasename | quote }}
+  POSTGRES_USER: {{ .Values.postgres.username | quote }}
+  GEONODE_DATABASE: {{ .Values.postgres.geonode_databasename_and_username | quote }}
+  GEONODE_GEODATABASE: {{ .Values.postgres.geodata_databasename_and_username | quote }}
   GEONODE_DATABASE_SCHEMA: {{ .Values.postgres.schema }}
   GEONODE_GEODATABASE_SCHEMA: {{ .Values.postgres.schema }}

deployment/geonode/templates/geonode/geonode-tasks-py-conf.yaml

@@ -84,12 +84,12 @@ data:
             "monitoring_host_name": os.environ.get("MONITORING_HOST_NAME", "geonode"),
             "monitoring_service_name": os.environ.get("MONITORING_SERVICE_NAME", "local-geonode"),
             "monitoring_data_ttl": os.environ.get("MONITORING_DATA_TTL", 7),
-            "geonode_geodb_passwd": os.environ.get("GEONODE_GEODATABASE_PASSWORD", "geonode_data"),
-            "default_backend_datastore": os.environ.get("DEFAULT_BACKEND_DATASTORE", "datastore"),
-            "geonode_db_passwd": os.environ.get("GEONODE_DATABASE_PASSWORD", "geonode"),
-            "geonode_geodb": os.environ.get("GEONODE_GEODATABASE", "geonode_data"),
-            "db_url": os.environ.get("DATABASE_URL", "postgis://geonode:geonode@db:5432/geonode"),
-            "geodb_url": os.environ.get("GEODATABASE_URL", "postgis://geonode:geonode@db:5432/geonode_data"),
+            "geonode_geodb_passwd": os.environ.get("GEONODE_GEODATABASE_PASSWORD"),
+            "default_backend_datastore": os.environ.get("DEFAULT_BACKEND_DATASTORE"),
+            "geonode_db_passwd": os.environ.get("GEONODE_DATABASE_PASSWORD"),
+            "geonode_geodb": os.environ.get("GEONODE_GEODATABASE"),
+            "db_url": os.environ.get("DATABASE_URL"),
+            "geodb_url": os.environ.get("GEODATABASE_URL"),
             "geonode_db": os.environ.get("GEONODE_DATABASE"),
             "gs_loc": os.environ.get('GEOSERVER_LOCATION'),
             "gs_web_ui_loc": os.environ.get("GEOSERVER_WEB_UI_LOCATION"),
@@ -664,8 +664,8 @@ data:
     def _set_geoserver_database_store():
         ''' checks if a db store is already created in geoserver, if not create one '''
         print("Check if geoserver store is already set up ...")
-        geoserver_base_url = os.getenv('GEOSERVER_LOCATION', 'geonode-geoserver:8080/geoserver')
-        geoserver_password = os.getenv('GEOSERVER_ADMIN_PASSWORD', 'geoserver')
+        geoserver_base_url = os.getenv('GEOSERVER_LOCATION')
+        geoserver_password = os.getenv('GEOSERVER_ADMIN_PASSWORD')
         url = '{}rest/workspaces/{}/datastores/'.format(geoserver_base_url,GEOSERVER_WORKSPACE_NAME)
         headers = {'Content-Type': 'text/xml'}
         auth = (GEOSERVER_USERNAME, geoserver_password)
@@ -681,24 +681,24 @@ data:
             print("could not get datastore information from geoserver, trying to create ...")
 
         print("setup new datastore ...")
-        db_user = database = os.getenv('GEONODE_GEODATABASE', 'geogeonode')
-        db_password = os.getenv('GEONODE_GEODATABASE_PASSWORD', 'geogeonode')
-        db_host = os.getenv('DATABASE_HOST', 'geonode-postgresql')
-
+        db_user = database = os.getenv('GEONODE_GEODATABASE')
+        db_password = os.getenv('GEONODE_GEODATABASE_PASSWORD')
+        db_host = os.getenv('DATABASE_HOST')
+        db_port = os.getenv('DATABASE_PORT')
         url = '{}rest/workspaces/{}/datastores'.format(geoserver_base_url,GEOSERVER_WORKSPACE_NAME)
         data = """
               <dataStore>
                 <name>{}</name>
                 <connectionParameters>
                   <host>{}</host>
-                  <port>5432</port>
+                  <port>{}</port>
                   <database>{}</database>
                   <user>{}</user>
                   <passwd>{}</passwd>
                   <dbtype>postgis</dbtype>
                 </connectionParameters>
               </dataStore>
-            """.format(GEOSERVER_STORE_NAME, db_host, database, db_user, db_password)
+            """.format(GEOSERVER_STORE_NAME, db_host, db_port, database, db_user, db_password)
         try:
             r = requests.post(url, headers=headers, auth=auth,data=data)
             print("created ...")

deployment/geonode/templates/geoserver/geoserver-deploy.yaml

@@ -55,7 +55,8 @@ spec:
         - sh
         - -c
         - |
-          {{`sed -i "s/db:5432/{{DATABASE_HOST}}:5432/g" /templates/geofence/geofence-datasource-ovr.properties.j2`}}
+          TMP_DB_PORT={{ include "database_port" . }}
+          {{`sed -i 's/db:5432/{{ DATABASE_HOST }}:$TMP_DB_PORT/g' /templates/geofence/geofence-datasource-ovr.properties.j2`}}
           /usr/local/tomcat/tmp/entrypoint.sh
 
         ports:
@@ -70,7 +71,7 @@ spec:
           - name: GEONODE_GEODATABASE_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ .Values.postgres.geodatabasename }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do
+                name: {{ include "database_geodata_password_secret_key_ref" . }}
                 key: password
 
         volumeMounts:

deployment/geonode/templates/geoserver/geoserver-env.yaml

@@ -15,9 +15,9 @@ data:
   GEOSERVER_JAVA_OPTS: "-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
   NGINX_BASE_URL: "{{ include "public_url" . }}/"
 
-  DATABASE_HOST: "{{ include "postgres_pod_name" . }}"
+  DATABASE_HOST: "{{ include "database_hostname" . }}"
   DATABASE_PORT: "{{ include "database_port" . }}"
-  GEONODE_GEODATABASE: {{ .Values.postgres.geodatabasename | quote  }}
+  GEONODE_GEODATABASE: {{ .Values.postgres.geonode_databasename_and_username | quote  }}
   GEONODE_GEODATABASE_SCHEMA: {{ .Values.postgres.schema | quote }}
 
   GEOSERVER_ADMIN_USER: {{ .Values.geoserver.admin_username | quote }}

deployment/geonode/templates/geoserver/geoserver-svc.yaml

@@ -9,6 +9,6 @@ spec:
     org.geonode.instance: "{{ include "geoserver_pod_name" . }}"
   ports:
   - targetPort: {{ .Values.geoserver.port }}
-    port: 8080
+    port: {{ .Values.geoserver.port }}
     name: http
   type: ClusterIP

deployment/geonode/templates/postgres/geonode-manifest.yaml

@@ -1,3 +1,6 @@
+
+{{ $postgres_operator := index .Values "postgres-operator" "enabled" }}
+{{ if $postgres_operator }}
 apiVersion: "acid.zalan.do/v1"
 kind: postgresql
 metadata:
@@ -10,29 +13,30 @@ spec:
   users:
     {{ .Values.postgres.username }}:
     - superuser
-    {{ .Values.postgres.geonodedatabase }}:
+    {{ .Values.postgres.geonode_databasename_and_username }}:
     - superuser
     - createdb
     - login
-    {{ .Values.postgres.geodatabasename }}:
+    {{ .Values.postgres.geodata_databasename_and_username }}:
     - superuser
     - createdb
     - login
   databases:
-    {{ .Values.postgres.geonodedatabase }}: {{ .Values.postgres.geonodedatabase }}
-    {{ .Values.postgres.geodatabasename }}: {{ .Values.postgres.geodatabasename }}
+    {{ .Values.postgres.geonode_databasename_and_username }}: {{ .Values.postgres.geonode_databasename_and_username }}
+    {{ .Values.postgres.geodata_databasename_and_username }}: {{ .Values.postgres.geodata_databasename_and_username }}
   preparedDatabases:
-    {{ .Values.postgres.geodatabasename }}:
+    {{ .Values.postgres.geodata_databasename_and_username }}:
       schemas:
         {{ .Values.postgres.schema }}: {}
       extensions:
         pg_partman: {{ .Values.postgres.schema }}
         postgis: {{ .Values.postgres.schema }}
-    {{ .Values.postgres.geonodedatabase }}:
+    {{ .Values.postgres.geodata_databasename_and_username }}:
       schemas:
         {{ .Values.postgres.schema }}: {}
       extensions:
         pg_partman: {{ .Values.postgres.schema }}
         postgis: {{ .Values.postgres.schema }}
   postgresql:
     version: {{ .Values.postgres.operator_manifest.postgres_version | quote }}
+{{ end }}