From 40e3b5765a8eee3c679f7c34de01ad963f45f88a Mon Sep 17 00:00:00 2001 From: ekirson Date: Tue, 16 Jun 2026 15:36:41 +0300 Subject: [PATCH] fix(rest-postgres): idempotent DB init so a partial init can't silently drop databases init-configmap.yaml runs once via docker-entrypoint-initdb.d under ON_ERROR_STOP. If any statement errors, psql aborts and the remaining CREATE DATABASE/USER statements are skipped, leaving a partial state (e.g. nico+keycloak created but temporal/temporal_visibility missing). Postgres only runs init scripts on an empty data dir, so it never re-runs -- the missing databases are silent and permanent, and the Temporal install later fails with 'failed pre-install: timed out' / FATAL: role "temporal" does not exist. Make each database/role creation idempotent (\gexec existence guard for databases, DO-block for roles) so the script is safe to re-run and a single benign error no longer skips later databases. Co-Authored-By: Claude Opus 4.8 Signed-off-by: ekirson --- .../base/postgres/init-configmap.yaml | 35 +++++++++---------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/rest-api/deploy/kustomize/base/postgres/init-configmap.yaml b/rest-api/deploy/kustomize/base/postgres/init-configmap.yaml index e1a00f2b93..2beb084fd8 100644 --- a/rest-api/deploy/kustomize/base/postgres/init-configmap.yaml +++ b/rest-api/deploy/kustomize/base/postgres/init-configmap.yaml @@ -13,41 +13,40 @@ data: -- Enable pg_trgm extension (required for text search) CREATE EXTENSION IF NOT EXISTS pg_trgm; - -- Create nico database and user (used by API, Workflow) - CREATE DATABASE nico WITH ENCODING 'UTF8'; - CREATE USER nico WITH PASSWORD 'nico'; + -- nico database + user (idempotent: safe on re-run / partial init) + SELECT 'CREATE DATABASE nico WITH ENCODING ''UTF8''' + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'nico')\gexec + DO $$ BEGIN IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname='nico') THEN CREATE ROLE nico LOGIN PASSWORD 'nico'; END IF; END $$; GRANT ALL PRIVILEGES ON DATABASE nico TO nico; - - -- Connect to nico database to set up permissions \c nico GRANT ALL ON SCHEMA public TO nico; CREATE EXTENSION IF NOT EXISTS pg_trgm; - - -- Create keycloak database \c postgres - CREATE DATABASE keycloak WITH ENCODING 'UTF8'; - CREATE USER keycloak WITH PASSWORD 'keycloak'; - GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak; + -- keycloak database + user + SELECT 'CREATE DATABASE keycloak WITH ENCODING ''UTF8''' + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'keycloak')\gexec + DO $$ BEGIN IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname='keycloak') THEN CREATE ROLE keycloak LOGIN PASSWORD 'keycloak'; END IF; END $$; + GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak; \c keycloak GRANT ALL ON SCHEMA public TO keycloak; - - -- Create temporal databases (for Temporal workflow engine) \c postgres - CREATE DATABASE temporal WITH ENCODING 'UTF8'; - CREATE USER temporal WITH PASSWORD 'temporal' CREATEDB; + + -- temporal databases (for Temporal workflow engine) + SELECT 'CREATE DATABASE temporal WITH ENCODING ''UTF8''' + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'temporal')\gexec + DO $$ BEGIN IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname='temporal') THEN CREATE ROLE temporal LOGIN PASSWORD 'temporal' CREATEDB; END IF; END $$; GRANT ALL PRIVILEGES ON DATABASE temporal TO temporal; ALTER DATABASE temporal OWNER TO temporal; - \c temporal GRANT ALL ON SCHEMA public TO temporal; ALTER SCHEMA public OWNER TO temporal; - \c postgres - CREATE DATABASE temporal_visibility WITH ENCODING 'UTF8'; + + SELECT 'CREATE DATABASE temporal_visibility WITH ENCODING ''UTF8''' + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'temporal_visibility')\gexec GRANT ALL PRIVILEGES ON DATABASE temporal_visibility TO temporal; ALTER DATABASE temporal_visibility OWNER TO temporal; - \c temporal_visibility GRANT ALL ON SCHEMA public TO temporal; ALTER SCHEMA public OWNER TO temporal;