fix(platform-services): provision ClickHouse, MinIO, and MongoDB resources via docker exec instead of host port access
This commit is contained in:
@@ -190,12 +190,6 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
|
||||
const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
|
||||
const containerName = this.getContainerName();
|
||||
|
||||
// Get container host port for connection from host (overlay network IPs not accessible from host)
|
||||
const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 27017);
|
||||
if (!hostPort) {
|
||||
throw new Error('Could not get MongoDB container host port');
|
||||
}
|
||||
|
||||
// Generate resource names and credentials
|
||||
const dbName = this.generateResourceName(userService.name);
|
||||
const username = this.generateResourceName(userService.name);
|
||||
@@ -203,32 +197,40 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
|
||||
|
||||
logger.info(`Provisioning MongoDB database '${dbName}' for service '${userService.name}'...`);
|
||||
|
||||
// Connect to MongoDB via localhost and the mapped host port
|
||||
const { MongoClient } = await import('npm:mongodb@6');
|
||||
const adminUri = `mongodb://${adminCreds.username}:${adminCreds.password}@127.0.0.1:${hostPort}/?authSource=admin`;
|
||||
// Use docker exec to provision inside the container (avoids host port mapping issues)
|
||||
const escapedPassword = password.replace(/'/g, "'\\''");
|
||||
const escapedAdminPassword = adminCreds.password.replace(/'/g, "'\\''");
|
||||
|
||||
const client = new MongoClient(adminUri);
|
||||
await client.connect();
|
||||
|
||||
try {
|
||||
// Create the database by switching to it (MongoDB creates on first write)
|
||||
const db = client.db(dbName);
|
||||
|
||||
// Create a collection to ensure the database exists
|
||||
await db.createCollection('_onebox_init');
|
||||
|
||||
// Create user with readWrite access to this database
|
||||
await db.command({
|
||||
createUser: username,
|
||||
pwd: password,
|
||||
roles: [{ role: 'readWrite', db: dbName }],
|
||||
// Create database and user via mongosh inside the container
|
||||
const mongoshScript = `
|
||||
db = db.getSiblingDB('${dbName}');
|
||||
db.createCollection('_onebox_init');
|
||||
db.createUser({
|
||||
user: '${username}',
|
||||
pwd: '${escapedPassword}',
|
||||
roles: [{ role: 'readWrite', db: '${dbName}' }]
|
||||
});
|
||||
print('PROVISION_SUCCESS');
|
||||
`;
|
||||
|
||||
logger.success(`MongoDB database '${dbName}' provisioned with user '${username}'`);
|
||||
} finally {
|
||||
await client.close();
|
||||
const result = await this.oneboxRef.docker.execInContainer(
|
||||
platformService.containerId,
|
||||
[
|
||||
'mongosh',
|
||||
'--username', adminCreds.username,
|
||||
'--password', escapedAdminPassword,
|
||||
'--authenticationDatabase', 'admin',
|
||||
'--quiet',
|
||||
'--eval', mongoshScript,
|
||||
]
|
||||
);
|
||||
|
||||
if (result.exitCode !== 0 || !result.stdout.includes('PROVISION_SUCCESS')) {
|
||||
throw new Error(`Failed to provision MongoDB database: exit code ${result.exitCode}, output: ${result.stdout.substring(0, 200)} ${result.stderr.substring(0, 200)}`);
|
||||
}
|
||||
|
||||
logger.success(`MongoDB database '${dbName}' provisioned with user '${username}'`);
|
||||
|
||||
// Build the credentials and env vars
|
||||
const credentials: Record<string, string> = {
|
||||
host: containerName,
|
||||
@@ -262,37 +264,33 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
|
||||
}
|
||||
|
||||
const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
|
||||
|
||||
// Get container host port for connection from host (overlay network IPs not accessible from host)
|
||||
const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 27017);
|
||||
if (!hostPort) {
|
||||
throw new Error('Could not get MongoDB container host port');
|
||||
}
|
||||
const escapedAdminPassword = adminCreds.password.replace(/'/g, "'\\''");
|
||||
|
||||
logger.info(`Deprovisioning MongoDB database '${resource.resourceName}'...`);
|
||||
|
||||
const { MongoClient } = await import('npm:mongodb@6');
|
||||
const adminUri = `mongodb://${adminCreds.username}:${adminCreds.password}@127.0.0.1:${hostPort}/?authSource=admin`;
|
||||
const mongoshScript = `
|
||||
db = db.getSiblingDB('${resource.resourceName}');
|
||||
try { db.dropUser('${credentials.username}'); } catch(e) { print('User drop failed: ' + e); }
|
||||
db.dropDatabase();
|
||||
print('DEPROVISION_SUCCESS');
|
||||
`;
|
||||
|
||||
const client = new MongoClient(adminUri);
|
||||
await client.connect();
|
||||
const result = await this.oneboxRef.docker.execInContainer(
|
||||
platformService.containerId,
|
||||
[
|
||||
'mongosh',
|
||||
'--username', adminCreds.username,
|
||||
'--password', escapedAdminPassword,
|
||||
'--authenticationDatabase', 'admin',
|
||||
'--quiet',
|
||||
'--eval', mongoshScript,
|
||||
]
|
||||
);
|
||||
|
||||
try {
|
||||
const db = client.db(resource.resourceName);
|
||||
|
||||
// Drop the user
|
||||
try {
|
||||
await db.command({ dropUser: credentials.username });
|
||||
logger.info(`Dropped MongoDB user '${credentials.username}'`);
|
||||
} catch (e) {
|
||||
logger.warn(`Could not drop MongoDB user: ${getErrorMessage(e)}`);
|
||||
}
|
||||
|
||||
// Drop the database
|
||||
await db.dropDatabase();
|
||||
logger.success(`MongoDB database '${resource.resourceName}' dropped`);
|
||||
} finally {
|
||||
await client.close();
|
||||
if (result.exitCode !== 0) {
|
||||
logger.warn(`MongoDB deprovision returned exit code ${result.exitCode}: ${result.stderr.substring(0, 200)}`);
|
||||
}
|
||||
|
||||
logger.success(`MongoDB database '${resource.resourceName}' dropped`);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user