Integration with UCS/Database

From Univention Wiki

Revision as of 10:52, 21 November 2016 by Wiesenthal (talk | contribs)
Jump to: navigation, search


The App Center provides an integration into the Database Management Systems (DBMS) PostgreSQL and MySQL. This is particularly useful for Docker Apps. This is why the following text assumes a Docker App. Non-Docker Apps may just install the DBMS via apt through a dpkg dependency (although, except for variables clearly related to Docker, everything works for Non-Docker Apps, too).

A Docker App does not have to install its own database in the container. Instead, it may connect to the database on the Docker Host. For that, the following variables in the ini file can be set:

Database
One of "mysql" or "postgresql". If set, the database is installed and set up on the Host before installing the actual App.
DatabaseName
Name of the database within the DBMS. Defaults to the App ID.
DatabaseUser
Name of the database user within the DBMS with full access to the DatabaseName (and only to that!). Default to the App ID.
DatabasePasswordFile
Path to the password file both on the Host and in the Container. The file will contain the password without a newline character. The default will be /etc/[postgresql|mysql]-$appid.secret. The file will be readable only by root.
DockerEnvDatabaseHost
The Docker Container will be started with this variable's value as the environment variable containing the Host's name. Example: DockerEnvDatabaseHost=MYAPP_HOST will start with a Container with MYAPP_HOST=master.mydomain.intranet set in the environment. Defaults to DB_HOST.
DockerEnvDatabasePort
Same as DockerEnvDatabaseHost, but contains the port of the DBMS on the Host. Defaults to DB_PORT.
DockerEnvDatabaseName
Same as DockerEnvDatabaseHost, but contains the DatabaseName. Defaults to DB_NAME.
DockerEnvDatabaseUser
Same as DockerEnvDatabaseHost, but contains the DatabaseUser. Defaults to DB_USER.
DockerEnvDatabasePassword
Same as DockerEnvDatabaseHost, but contains the password to the database. Defaults to DB_PASSWORD.
DockerEnvDatabasePasswordFile
Same as DockerEnvDatabaseHost, but contains DatabasePasswordFile. If set, DockerEnvDatabasePassword is not used, i.e., the password will not show up in the environment. Instead, only the file contains information about the password.
Note
The App Center takes care of the firewall settings between Docker Container and Docker Host.
Important
For the App Appliance to work, it is necessary for Docker Apps to reconfigure their database connection in the Join Script. If the initial configuration is written in some "postinst routine" and left untouched, the connection will most likely fail as the hostname of the Docker Host will change.
Important
It is not possible to get "root" access to the database from within the App. The database connection is always configured to run as a dedicated user that has full access to "his" database, but none to other databases.

Example

ID=myapp
Database=postgresql

will install a PostgreSQL server on the Host, create a database user "myapp", create a database named "myapp" and make the user "myapp" its owner. The password is stored in /etc/postgresql-myapp.secret. In the Docker Container, one can configure the App to connect to: $DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT, which is something like: myapp:1234567890@master.mydomain.intranet:5432.

Alternatively,

ID=myapp
Database=mysql
DatabasePasswordFile=/opt/myapp/conf/database.secret
DockerEnvDatabaseHost=MYAPP_MYSQL_HOST
DockerEnvDatabasePort=MYAPP_MYSQL_PORT
DockerEnvDatabaseName=MYAPP_MYSQL_NAME
DockerEnvDatabaseUser=MYAPP_MYSQL_USER

installs MySQL, creates the database and the user and then sets

MYAPP_MYSQL_HOST=master.mydomain.intranet
MYAPP_MYSQL_PORT=3306
MYAPP_MYSQL_NAME=myapp
MYAPP_MYSQL_USER=myapp
DB_PASSWORD=1234567890

in the container.

Ideally, the password is already stored where the App expects it to be (otherwise setting DatabasePasswordFile does not make much sense). One could set DockerEnvDatabasePassword as well.

Personal tools