claude-memory / resume: unblock terragrunt apply (var defaults + psql -d postgres)
Two pre-existing apply failures uncovered during the Phase 4 mass apply, unrelated to the auth refactor but blocking 100% rollout. claude-memory: - `var.claude_memory_db_password` had no default and wasn't passed by terragrunt → fall back to Vault `secret/claude-memory.db_password` via `coalesce(var.x, data.vault.data["db_password"])`. - db-init Job was failing with `database "root" does not exist` because psql defaults the database name to the user when -d is omitted. Added `-d postgres` to all five psql invocations. resume: - `var.resume_database_url` had no default and wasn't passed → default to empty string. Vault carries the real value at `secret/resume.database_url` consumed at the deployment env-var level; the variable here just needs a value to satisfy the apply. Also: priority-pass had lost most of its TF state (only 3 of 8 resources tracked); imported namespace/service/pvc/deployment/ingress/tls-secret to re-bind state with live K8s resources. No code change needed there. Verified after re-apply: - claude-memory.viktorbarzin.me → 200 (auth=none, native MCP responses) - priority-pass.viktorbarzin.me → 302 → authentik (auth=required) - resume.viktorbarzin.me → 302 → authentik public outpost (auth=public) - 6 of 7 previously-failing applies now green; only vault remains, blocked by an unrelated helm chart immutable-StatefulSet-field issue. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
a168277213
commit
9be0672aa3
2 changed files with 12 additions and 6 deletions
|
|
@ -6,6 +6,7 @@ variable "postgresql_host" { type = string }
|
|||
variable "claude_memory_db_password" {
|
||||
type = string
|
||||
sensitive = true
|
||||
default = "" # falls back to Vault `secret/claude-memory.db_password` below
|
||||
}
|
||||
|
||||
data "vault_kv_secret_v2" "secrets" {
|
||||
|
|
@ -112,11 +113,13 @@ resource "kubernetes_job" "db_init" {
|
|||
"sh", "-c",
|
||||
<<-EOT
|
||||
set -e
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -tc "SELECT 1 FROM pg_roles WHERE rolname='claude_memory'" | grep -q 1 || \
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -c "CREATE ROLE claude_memory WITH LOGIN PASSWORD '${var.claude_memory_db_password}'"
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -tc "SELECT 1 FROM pg_database WHERE datname='claude_memory'" | grep -q 1 || \
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -c "CREATE DATABASE claude_memory OWNER claude_memory"
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -c "GRANT ALL PRIVILEGES ON DATABASE claude_memory TO claude_memory"
|
||||
# -d postgres: psql defaults database name to username; root user
|
||||
# doesn't have a root-named database, so be explicit.
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -d postgres -tc "SELECT 1 FROM pg_roles WHERE rolname='claude_memory'" | grep -q 1 || \
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -d postgres -c "CREATE ROLE claude_memory WITH LOGIN PASSWORD '${coalesce(var.claude_memory_db_password, data.vault_kv_secret_v2.secrets.data["db_password"])}'"
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -d postgres -tc "SELECT 1 FROM pg_database WHERE datname='claude_memory'" | grep -q 1 || \
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -d postgres -c "CREATE DATABASE claude_memory OWNER claude_memory"
|
||||
PGPASSWORD='${data.vault_kv_secret_v2.secrets.data["dbaas_root_password"]}' psql -h ${var.postgresql_host} -U root -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE claude_memory TO claude_memory"
|
||||
echo "Database init complete"
|
||||
EOT
|
||||
]
|
||||
|
|
|
|||
|
|
@ -2,7 +2,10 @@ variable "tls_secret_name" {
|
|||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
variable "resume_database_url" { type = string }
|
||||
variable "resume_database_url" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
variable "nfs_server" { type = string }
|
||||
variable "mail_host" { type = string }
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue