Open kopeboy opened 1 year ago
Hi there! You can run the database in the same deployment. Here is what the YAML looks like to do that! Be sure to selected Advanced Options and change the Database Host to : db
---
version: "2.0"
services:
drupal:
image: drupal
depends_on:
- db
expose:
- port: 80
to:
- global: true
env:
- MYSQL_DATABASE_HOST=db
- MYSQL_DATABASE_NAME=drupal
- MYSQL_DATABASE_USER=myuser
- MYSQL_DATABASE_PASSWORD=mypassword
db:
image: mysql:8
env:
- MYSQL_DATABASE=drupal
- MYSQL_USER=myuser
- MYSQL_PASSWORD=mypassword
- MYSQL_RANDOM_ROOT_PASSWORD=yes
expose:
- port: 3306
to:
- service: drupal
profiles:
compute:
drupal:
resources:
cpu:
units: 1.0
memory:
size: 1Gi
storage:
size: 1Gi
db:
resources:
cpu:
units: 0.5
memory:
size: 512Mi
storage:
size: 1Gi
placement:
akash:
attributes:
host: akash
signedBy:
anyOf:
- "akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63"
- "akash18qa2a2ltfyvkyj0ggj3hkvuj6twzyumuaru9s4"
pricing:
drupal:
denom: uakt
amount: 10000
db:
denom: uakt
amount: 5000
deployment:
drupal:
akash:
profile: drupal
count: 1
db:
akash:
profile: db
count: 1
Thanks. Is the storage defined like above persistent? Also, how to provide the env variables in a secure way and ensure that the provider can never access them?
Thanks. Is the storage defined like above persistent?
No - you can add that as required easily with the SDL Builder by Cloudmos. Just import the above SDL.
Also, how to provide the env variables in a secure way and ensure that the provider can never access them?
Run a Hashivault Server and try this :
Create a policy in Vault to allow read access to the necessary secrets:
path "secret/data/db" {
capabilities = ["read"]
}
This policy allows read access to the db secret. Create a role in Vault that maps to the policy:
$ vault write auth/token/roles/my-role allowed_policies=my-policy
This creates a role named my-role that maps to the my-policy policy. Create a token for the role:
$ vault token create -role=my-role
Now adapt the SDL to point at your Hashivault Server
version: "2.0"
services:
drupal:
image: drupal
depends_on:
- db
expose:
- port: 80
to:
- global: true
environment:
- MYSQL_DATABASE_HOST=db
- MYSQL_DATABASE_NAME=drupal
- MYSQL_DATABASE_USER=${MYSQL_USER}
- MYSQL_DATABASE_PASSWORD=${MYSQL_PASSWORD}
command: ["sh", "-c", "export MYSQL_USER=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_USER": "\(.*\)", "MYSQL_PASSWORD.*$/\1/'); export MYSQL_PASSWORD=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_PASSWORD": "\(.*\)".*$/\1/'); apache2-foreground"]
env:
VAULT_TOKEN: <VAULT_TOKEN>
VAULT_ADDRESS: <VAULT_ADDRESS>
db:
image: mysql:8
environment:
- MYSQL_DATABASE=drupal
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_RANDOM_ROOT_PASSWORD=yes
expose:
- port: 3306
to:
- service: drupal
command: ["sh", "-c", "export MYSQL_USER=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_USER": "\(.*\)", "MYSQL_PASSWORD.*$/\1/'); export MYSQL_PASSWORD=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_PASSWORD": "\(.*\)".*$/\1/'); docker-entrypoint.sh mysqld"]
env:
VAULT_TOKEN: <VAULT_TOKEN>
VAULT_ADDRESS: <VAULT_ADDRESS>
profiles:
compute:
drupal:
resources:
cpu:
units: 1.0
memory:
size: 1Gi
storage:
size: 1Gi
db:
resources:
cpu:
units: 0.5
memory:
size: 512Mi
storage:
size: 1Gi
placement:
akash:
attributes:
host: akash
signedBy:
anyOf:
- "akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63"
- "akash18qa2a2ltfyvkyj0ggj3hkvuj6twzyumuaru9s4"
pricing:
drupal:
denom: uakt
amount: 10000
db:
denom: uakt
amount: 5000
deployment:
drupal:
akash:
profile: drupal
count: 1
db:
akash:
profile: db
count: 1
I have just deployed the official awesome-akash Drupal image (which I guess is the same as the official Docker Drupal image), but when I head over to my provider's URL to install Drupal, I cannot setup the database. Isn't the database setup included in the image?! If it IS: where do I see/configure the database name/user/password? If it is NOT: the pre-configured Drupal deployment is incomplete and doesn't work out of the box as is missing a database service.