ita-social-projects · DmyMi · Sep 9, 2021 · Sep 8, 2021 · Sep 8, 2021
diff --git a/MSSQL/configure-db.sh b/MSSQL/configure-db.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# Wait 60 seconds for SQL Server to start up by ensuring that 
+# calling SQLCMD does not return an error code, which will ensure that sqlcmd is accessible
+# and that system and user databases return "0" which means all databases are in an "online" state
+# https://docs.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-databases-transact-sql?view=sql-server-2017 
+
+DBSTATUS=1
+ERRCODE=1
+i=0
+
+while [[ $DBSTATUS -ne 0 ]] && [[ $i -lt 60 ]] && [[ $ERRCODE -ne 0 ]]; do
+	i=$i+10
+	DBSTATUS=$(/opt/mssql-tools/bin/sqlcmd -h -1 -t 1 -U sa -P $SA_PASSWORD -Q "SET NOCOUNT ON; Select SUM(state) from sys.databases")
+	ERRCODE=$?
+	sleep 10
+done
+
+if [ $DBSTATUS -ne 0 ] OR [ $ERRCODE -ne 0 ]; then 
+	echo "SQL Server took more than 60 seconds to start up or one or more databases are not in an ONLINE state"
+	exit 1
+fi
+
+# Run the setup script to create the DB and the schema in the DB
+/opt/mssql-tools/bin/sqlcmd \
+    -v OOS_API_PASS=${OOS_API_PASS} \
+    -v OOS_AUTH_PASS=${OOS_AUTH_PASS} \
+    -S localhost \
+    -U sa \
+    -P $SA_PASSWORD \
+    -d master \
+    -i /usr/config/configure-db.sql
diff --git a/MSSQL/configure-db.sql b/MSSQL/configure-db.sql
@@ -0,0 +1,29 @@
+USE [master]
+GO
+
+IF DB_ID('OutOfSchool') IS NOT NULL
+  set noexec on               -- prevent creation when already exists
+
+CREATE DATABASE [OutOfSchool];
+GO
+
+USE [OutOfSchool]
+GO
+
+ALTER DATABASE [OutOfSchool] COLLATE Ukrainian_100_CI_AS;
+
+CREATE LOGIN [oos_api] WITH PASSWORD = '$(OOS_API_PASS)';
+
+CREATE LOGIN [oos_auth] WITH PASSWORD = '$(OOS_AUTH_PASS)';
+
+CREATE USER [oos_api] FOR LOGIN [oos_api] WITH DEFAULT_SCHEMA=[dbo];
+
+CREATE USER [oos_auth] FOR LOGIN [oos_auth] WITH DEFAULT_SCHEMA=[dbo];
+GO
+
+-- TODO: Think about better permissions
+EXEC sp_AddRoleMember 'db_datareader', 'oos_api';
+EXEC sp_AddRoleMember 'db_datawriter', 'oos_api';
+EXEC sp_AddRoleMember 'db_datareader', 'oos_auth';
+EXEC sp_AddRoleMember 'db_datawriter', 'oos_auth';
+EXEC sp_AddRoleMember 'db_ddladmin', 'oos_auth';
diff --git a/MSSQL/entrypoint.sh b/MSSQL/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# Start the script to create the DB and user
+/bin/bash /usr/config/configure-db.sh &
+
+# Start SQL Server
+/opt/mssql/bin/sqlservr
diff --git a/OutOfSchool/OutOfSchool.IdentityServer/appsettings.Compose.json b/OutOfSchool/OutOfSchool.IdentityServer/appsettings.Compose.json
@@ -1,6 +1,6 @@
 {
   "ConnectionStrings": {
-    "DefaultConnection": "Server=sql-server; Database=Master;User Id=SA;Password=Oos-password1"
+    "DefaultConnection": "Server=sql-server; Database=OutOfSchool;User Id=oos_auth;Password=Oos-password1"
   },
   "IdentityAccessConfig": {
     "AdditionalIdentityClients": [

diff --git a/OutOfSchool/OutOfSchool.WebApi/appsettings.Compose.json b/OutOfSchool/OutOfSchool.WebApi/appsettings.Compose.json
@@ -8,6 +8,6 @@
     }
   },
   "ConnectionStrings": {
-    "DefaultConnection": "Server=sql-server; Database=Master;User Id=SA;Password=Oos-password1"
+    "DefaultConnection": "Server=sql-server; Database=OutOfSchool;User Id=oos_api;Password=Oos-password1"
   }
 }
diff --git a/create-local-ssl.ps1 b/create-local-ssl.ps1
@@ -12,7 +12,10 @@ if ($null -eq (Get-Command "openssl.exe" -ErrorAction SilentlyContinue))
 $Https = ".\https"
 
 if (-Not (Test-Path -Path $Https)) {
-    mkdir $Https
+
+    New-Item -Type Directory -Path "$Https\ca-certificates"
+    New-Item -Type File -Path "$Https\ca-certificates\type" -Value "ca-certificates"
+
     $Env:Passphrase=-join ((0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 128  | ForEach-Object {[char]$_})
     $subj="/C=UA/ST=Kyiv/L=Kyiv/O=SS/OU=ITA/CN=$Domain/emailAddress=admin@$Domain/"
     openssl req `
@@ -32,7 +35,9 @@ if (-Not (Test-Path -Path $Https)) {
         -in $Https\${Domain}.key `
         -out $Https\${Domain}.key `
         -passin env:Passphrase
-
+
+    Copy-Item "$Https\${Domain}.crt" -Destination "$Https\ca-certificates"
+
     $LocalCert = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object { $_.Subject -match "CN=$Domain" }
     if ($LocalCert) {
         certutil -delstore -f "ROOT" ${LocalCert}.Thumbprint

diff --git a/create-local-ssl.sh b/create-local-ssl.sh
@@ -23,7 +23,8 @@ if [ ! -d "./https" ]; then
         exit 1
     fi
 
-    mkdir ./https
+    mkdir -p ./https/ca-certificates
+    echo "ca-certificates" > ./https/ca-certificates/type
     # Generate a passphrase
     export PASSPHRASE=$(head -c 500 /dev/urandom | LC_CTYPE=C tr -dc 'a-z0-9A-Z' | head -c 128; echo)
     fail_if_error $?
@@ -64,6 +65,8 @@ if [ ! -d "./https" ]; then
         -passin env:PASSPHRASE
     fail_if_error $?
 
+    cp ./https/${DOMAIN}.crt ./https/ca-certificates/
+
     if [[ $OSTYPE == 'darwin'* ]]; then
         sudo security find-certificate -a /Library/Keychains/System.keychain | awk -F'"' '/alis/{print $4}' | grep ${DOMAIN} -q
         if [ $? -eq 0 ];then

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
@@ -3,6 +3,8 @@ services:
   sql-server:
     environment:
       SA_PASSWORD: Oos-password1
+      OOS_API_PASS: Oos-password1
+      OOS_AUTH_PASS: Oos-password1
   elasticsearch:
     # Expose ports directly for local debug
     ports:
@@ -31,6 +33,9 @@ services:
     environment:
       ASPNETCORE_ENVIRONMENT: Compose
       Email__Enabled: "false"
+      SERVICE_BINDING_ROOT: /platform/bindings
+    volumes:
+      - ./https/ca-certificates:/platform/bindings/my-certificates
   webapi-server:
     # Expose ports directly for local debug
     ports:
@@ -40,6 +45,9 @@ services:
       Elasticsearch__Url: "http://elasticsearch:9200/"
       Elasticsearch__User: user
       Elasticsearch__Password: pass
+      SERVICE_BINDING_ROOT: /platform/bindings
+    volumes:
+      - ./https/ca-certificates:/platform/bindings/my-certificates
     depends_on:
       - "identity-server"
   nginx:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,15 +1,20 @@
 version: '3.4'
 services:
 # === SQL SERVER ===
-# TODO: Configure volumes
   sql-server:
     image: mcr.microsoft.com/mssql/server:${SQL_VERSION}
+    command: /bin/bash ./usr/config/entrypoint.sh
     environment:
       ACCEPT_EULA: Y
       TZ: Europe/Kiev
       MSSQL_COLLATION: Ukrainian_100_CI_AS
     ports:
       - 1433:1433
+    volumes:
+      - sql-data:/var/opt/mssql
+      - ./MSSQL/entrypoint.sh:/usr/config/entrypoint.sh:ro
+      - ./MSSQL/configure-db.sh:/usr/config/configure-db.sh:ro
+      - ./MSSQL/configure-db.sql:/usr/config/configure-db.sql:ro
     networks:
       - db
 # === ELASTICSEARCH ===
@@ -81,6 +86,8 @@ services:
       - web
 # === VOLUMES ===
 volumes:
+  sql-data:
+    driver: local
   es-data:
     driver: local
   api-logs: