Modify postgres role to be more customizable #403
Conversation
Currently, you can't open the port for postgres to allow ansible to interact and run queries from outside the container. This will open the port to localhost only and allow you to directly communicate with the postgres intance. This is needed for another PR, so we can run a query against the instance. Also, added username and password variables, so this can be added into the accounts.yml
|
What is the point of doing localhost bindings? |
|
You can always access docker networks from the host even when there are no bindings. As you have access to the internal networking. |
Is there an easy pattern to know where to connect to? To give an example. We have firefly here and we want to create a new database for firefly, we want to create a username and password for firefly on that database as well. Then we can use this to connect to the database. My question from that is how we can run those queries from the host box (Ansible) to the container that is running postgres? In this case we listen on the normal 5432 port for localhost and then now we can just connect to postgres using localhost:5432 without looking anything up on the box and setting a fact. Again, unless you already have a pattern for this that maybe I missed |
|
Anything on the host can access the docker container through its container IP as everything is routed. In Saltbox, my fork of Cloudbox, we have a script that makes container names resolve to the container IP for ease of use since IPs can change as containers are restarted and what not. Linking the script for reference. https://github.com/saltyorg/Saltbox/blob/master/roles/docker/files/docker-update-hosts |
|
@saltydk This would be great! I checked and i don't have this updated with the basic install of cloudbox. Is this something that needs to be added? For now, I will remove the published port in here, but keep the username and password. I need to add default values anyway. I'll wait and see what you say about this host thing and how we can add something like this, so we can easily help setup services that depend on other services. |
|
Because there is no development done on Cloudbox anymore, for anything new you'll have to use my fork instead. The script would work fine with Cloudbox if added manually though. |
|
@saltydk I see. So, is this repo also being used for saltbox? I'll have to switch over to that instead and do development work based on that. Was just looking at it now and its definitely way more up to date. |
|
This community repo? If so, no. But if anything here is missing when you swap over we're usually quick to add it as needed. Our community repo is here: https://github.com/saltyorg/Sandbox |
|
The discord is linked on the Saltbox repository if you want to ask questions directly. |
Currently, you can't open the port for postgres to allow ansible to
interact and run queries from outside the container. This will open the
port to localhost only and allow you to directly communicate with the
postgres intance. This is needed for another PR, so we can run a query
against the instance.
Also, added username and password variables, so this can be added into
the accounts.yml
Please review this template and edit it as appropriate. It's not been provided as a thing to ignore. If there are things that don't apply, remove them. Don't just check boxes for the sake of checking boxes. Remove this paragraph and the related thing below.
Description
Please see commit
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.
postgres.userandpostgres.passwordto accounts.ymlss -nltupto ensure that its only listening on port 5432 on localhostnc -zv mydomain 5432from an external box to ensure we can't hit that portNew Role Checklist:
[COMMUNITY REPO ROOT]/.github/workflows/ci.ymlcommunity.yml