fix: Remove POSTGRES_PASSWORD variable in compose file (#483)

* fix: Remove POSTGRES_PASSWORD variable in compose file Fixes #482. Remove POSTGRES_PASSWORD variable in compose file. Signed-off-by: Lindsey Cheng <[email protected]> * fix: Remove POSTGRES_PASSWORD in docker-compose.yml Remove POSTGRES_PASSWORD in docker-compose.yml. Signed-off-by: Lindsey Cheng <[email protected]> --------- Signed-off-by: Lindsey Cheng <[email protected]>
edgexfoundry · Jan 20, 2025 · feff445 · feff445
1 parent 0224d88
commit feff445
Show file tree

Hide file tree

Showing 12 changed files with 98 additions and 97 deletions.
diff --git a/compose-builder/Makefile b/compose-builder/Makefile
@@ -1,6 +1,6 @@
 # /*******************************************************************************
 #  * Copyright 2023 Intel
-#  * Copyright 2024 IOTech Ltd
+#  * Copyright 2024-2025 IOTech Ltd
 #  *
 #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 #  * in compliance with the License. You may obtain a copy of the License at
@@ -802,7 +802,7 @@ ifeq (no-secty, $(filter no-secty,$(ARGS)))
 		COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml -f ${BROKER_YAML}
 	endif
 else
-	COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml -f add-postgres.yml -f add-secure-postgres.yml
+	COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml -f add-secure-postgres.yml
 
 	ifeq ($(BUS),) # if BUS not set, then we are using secure mqtt messagebus by default
 		IS_MQTT_BUS:=1
@@ -845,7 +845,6 @@ ifeq (taf-secty, $(filter taf-secty,$(ARGS)))
 		-f add-mqtt-messagebus.yml \
 		-f add-secure-mqtt-messagebus.yml \
 		-f add-secure-mqtt-broker.yml \
-		-f add-postgres.yml \
 		-f add-secure-postgres.yml
 
 	asc_http_export_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)"  ./gen_secure_compose_ext.sh app-http-export \
@@ -920,7 +919,6 @@ else
 				-f ${BROKER_YAML} \
 				-f ${TAF_BROKER_YAML} \
 				-f add-delayed-start-services.yml \
-				-f add-postgres.yml \
 				-f add-secure-postgres.yml
 
 			asc_mqtt_export_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)"  IS_MQTT_BUS="0" ./gen_secure_compose_ext.sh app-mqtt-export \
@@ -994,7 +992,7 @@ define COMPOSE_DOWN
 		-f add-security-proxy.yml \
 		-f add-delayed-start-services.yml \
 		-f add-postgres.yml \
-		-f add-secure-postgres.yml
+		-f add-secure-postgres.yml \
 		down $1
 endef
 

diff --git a/compose-builder/add-secure-postgres.yml b/compose-builder/add-secure-postgres.yml
@@ -1,5 +1,5 @@
 # /*******************************************************************************
-#  * Copyright 2024 IOTech Ltd
+#  * Copyright 2024-2025 IOTech Ltd
 #  *
 #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 #  * in compliance with the License. You may obtain a copy of the License at
@@ -19,18 +19,31 @@ volumes:
 services:
   database:
     entrypoint: ["/edgex-init/postgres_wait_install.sh"]
+    image: postgres:${POSTGRES_VERSION}
+    ports:
+      - "127.0.0.1:5432:5432"
+    container_name: edgex-postgres
+    hostname: edgex-postgres
+    read_only: true
+    restart: always
+    networks:
+      - edgex-network
     env_file:
       - common-security.env
       - common-sec-stage-gate.env
     environment:
       DATABASECONFIG_PATH: /tmp/postgres-init-scripts
       DATABASECONFIG_NAME: create-users.sh
+      POSTGRES_DB: edgex_db
+    security_opt:
+      - no-new-privileges:true
     tmpfs:
       - /run
       - /tmp
     volumes:
+      - /etc/localtime:/etc/localtime:ro
       - edgex-init:/edgex-init:ro
-      - postgres-data:/var/lib/postgresql/data
+      - db-data:/var/lib/postgresql/data
       - /tmp/edgex/secrets/security-bootstrapper-postgres:/tmp/edgex/secrets/security-bootstrapper-postgres:ro,z
     depends_on:
       - security-bootstrapper

diff --git a/docker-compose-arm64.yml b/docker-compose-arm64.yml
@@ -489,7 +489,6 @@ services:
       DATABASECONFIG_PATH: /tmp/postgres-init-scripts
       EDGEX_SECURITY_SECRET_STORE: "true"
       POSTGRES_DB: edgex_db
-      POSTGRES_PASSWORD: postgres
       PROXY_SETUP_HOST: edgex-security-proxy-setup
       SECRETSTORE_HOST: edgex-secret-store
       STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
@@ -529,15 +528,15 @@ services:
         read_only: true
         bind:
           create_host_path: true
-      - type: volume
-        source: postgres-data
-        target: /var/lib/postgresql/data
-        volume: {}
       - type: volume
         source: edgex-init
         target: /edgex-init
         read_only: true
         volume: {}
+      - type: volume
+        source: db-data
+        target: /var/lib/postgresql/data
+        volume: {}
       - type: bind
         source: /tmp/edgex/secrets/security-bootstrapper-postgres
         target: /tmp/edgex/secrets/security-bootstrapper-postgres
@@ -889,7 +888,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "2108837330944"
+          memory: "6353502339072"
     entrypoint:
       - /edgex-init/secretstore_wait_install.sh
     environment:
@@ -913,7 +912,7 @@ services:
       STAGEGATE_WAITFOR_TIMEOUT: 60s
     hostname: edgex-secret-store
     image: openbao/openbao:2.1
-    memswap_limit: "2108837330944"
+    memswap_limit: "6353502339072"
     networks:
       edgex-network: null
     ports:
@@ -1372,6 +1371,8 @@ networks:
     name: edgex_edgex-network
     driver: bridge
 volumes:
+  db-data:
+    name: edgex_db-data
   edgex-init:
     name: edgex_edgex-init
   kuiper-connections:
@@ -1390,8 +1391,6 @@ volumes:
     name: edgex_nginx-templates
   nginx-tls:
     name: edgex_nginx-tls
-  postgres-data:
-    name: edgex_postgres-data
   secret-store-config:
     name: edgex_secret-store-config
   secret-store-file:

diff --git a/docker-compose-with-app-sample-arm64.yml b/docker-compose-with-app-sample-arm64.yml
@@ -566,7 +566,6 @@ services:
       DATABASECONFIG_PATH: /tmp/postgres-init-scripts
       EDGEX_SECURITY_SECRET_STORE: "true"
       POSTGRES_DB: edgex_db
-      POSTGRES_PASSWORD: postgres
       PROXY_SETUP_HOST: edgex-security-proxy-setup
       SECRETSTORE_HOST: edgex-secret-store
       STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
@@ -606,15 +605,15 @@ services:
         read_only: true
         bind:
           create_host_path: true
-      - type: volume
-        source: postgres-data
-        target: /var/lib/postgresql/data
-        volume: {}
       - type: volume
         source: edgex-init
         target: /edgex-init
         read_only: true
         volume: {}
+      - type: volume
+        source: db-data
+        target: /var/lib/postgresql/data
+        volume: {}
       - type: bind
         source: /tmp/edgex/secrets/security-bootstrapper-postgres
         target: /tmp/edgex/secrets/security-bootstrapper-postgres
@@ -966,7 +965,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "2108837330944"
+          memory: "6353502339072"
     entrypoint:
       - /edgex-init/secretstore_wait_install.sh
     environment:
@@ -990,7 +989,7 @@ services:
       STAGEGATE_WAITFOR_TIMEOUT: 60s
     hostname: edgex-secret-store
     image: openbao/openbao:2.1
-    memswap_limit: "2108837330944"
+    memswap_limit: "6353502339072"
     networks:
       edgex-network: null
     ports:
@@ -1449,6 +1448,8 @@ networks:
     name: edgex_edgex-network
     driver: bridge
 volumes:
+  db-data:
+    name: edgex_db-data
   edgex-init:
     name: edgex_edgex-init
   kuiper-connections:
@@ -1467,8 +1468,6 @@ volumes:
     name: edgex_nginx-templates
   nginx-tls:
     name: edgex_nginx-tls
-  postgres-data:
-    name: edgex_postgres-data
   secret-store-config:
     name: edgex_secret-store-config
   secret-store-file:

diff --git a/docker-compose-with-app-sample.yml b/docker-compose-with-app-sample.yml
@@ -566,7 +566,6 @@ services:
       DATABASECONFIG_PATH: /tmp/postgres-init-scripts
       EDGEX_SECURITY_SECRET_STORE: "true"
       POSTGRES_DB: edgex_db
-      POSTGRES_PASSWORD: postgres
       PROXY_SETUP_HOST: edgex-security-proxy-setup
       SECRETSTORE_HOST: edgex-secret-store
       STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
@@ -606,15 +605,15 @@ services:
         read_only: true
         bind:
           create_host_path: true
-      - type: volume
-        source: postgres-data
-        target: /var/lib/postgresql/data
-        volume: {}
       - type: volume
         source: edgex-init
         target: /edgex-init
         read_only: true
         volume: {}
+      - type: volume
+        source: db-data
+        target: /var/lib/postgresql/data
+        volume: {}
       - type: bind
         source: /tmp/edgex/secrets/security-bootstrapper-postgres
         target: /tmp/edgex/secrets/security-bootstrapper-postgres
@@ -966,7 +965,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "2108837330944"
+          memory: "6353502339072"
     entrypoint:
       - /edgex-init/secretstore_wait_install.sh
     environment:
@@ -990,7 +989,7 @@ services:
       STAGEGATE_WAITFOR_TIMEOUT: 60s
     hostname: edgex-secret-store
     image: openbao/openbao:2.1
-    memswap_limit: "2108837330944"
+    memswap_limit: "6353502339072"
     networks:
       edgex-network: null
     ports:
@@ -1449,6 +1448,8 @@ networks:
     name: edgex_edgex-network
     driver: bridge
 volumes:
+  db-data:
+    name: edgex_db-data
   edgex-init:
     name: edgex_edgex-init
   kuiper-connections:
@@ -1467,8 +1468,6 @@ volumes:
     name: edgex_nginx-templates
   nginx-tls:
     name: edgex_nginx-tls
-  postgres-data:
-    name: edgex_postgres-data
   secret-store-config:
     name: edgex_secret-store-config
   secret-store-file:

diff --git a/docker-compose-zero-trust-arm64.yml b/docker-compose-zero-trust-arm64.yml
@@ -477,7 +477,6 @@ services:
       DATABASECONFIG_PATH: /tmp/postgres-init-scripts
       EDGEX_SECURITY_SECRET_STORE: "true"
       POSTGRES_DB: edgex_db
-      POSTGRES_PASSWORD: postgres
       PROXY_SETUP_HOST: edgex-security-proxy-setup
       SECRETSTORE_HOST: edgex-secret-store
       STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
@@ -517,15 +516,15 @@ services:
         read_only: true
         bind:
           create_host_path: true
-      - type: volume
-        source: postgres-data
-        target: /var/lib/postgresql/data
-        volume: {}
       - type: volume
         source: edgex-init
         target: /edgex-init
         read_only: true
         volume: {}
+      - type: volume
+        source: db-data
+        target: /var/lib/postgresql/data
+        volume: {}
       - type: bind
         source: /tmp/edgex/secrets/security-bootstrapper-postgres
         target: /tmp/edgex/secrets/security-bootstrapper-postgres
@@ -809,7 +808,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "2108837330944"
+          memory: "6353502339072"
     entrypoint:
       - /edgex-init/secretstore_wait_install.sh
     environment:
@@ -833,7 +832,7 @@ services:
       STAGEGATE_WAITFOR_TIMEOUT: 60s
     hostname: edgex-secret-store
     image: openbao/openbao:2.1
-    memswap_limit: "2108837330944"
+    memswap_limit: "6353502339072"
     networks:
       edgex-network: null
     ports:
@@ -1210,6 +1209,8 @@ networks:
     name: edgex_edgex-network
     driver: bridge
 volumes:
+  db-data:
+    name: edgex_db-data
   edgex-init:
     name: edgex_edgex-init
   kuiper-connections:
@@ -1224,8 +1225,6 @@ volumes:
     name: edgex_kuiper-plugins
   kuiper-sources:
     name: edgex_kuiper-sources
-  postgres-data:
-    name: edgex_postgres-data
   secret-store-config:
     name: edgex_secret-store-config
   secret-store-file: