Add postgres for NextMN db

doc/addressing.md

@@ -20,6 +20,7 @@
 | control   | docker-compose | `10.1.3.0/24` | `fd00:0:0:0:2::/80` | (N2 + N4) Management interfaces : NGAP + PFCP |
 | dataplane | docker-compose | `10.1.4.0/24` | `fd00:0:0:0:3::/80` | (N3 + N9) Dataplane backbone                  |
 | edge      | docker-compose | `10.1.5.0/24` | disabled            | (N6) Edges instances                          |
+| nextmndb  | docker-compose | `10.1.6.0/24` | `fd00:0:0:0:4::/80` | Internal databases for NextMN                 |
 | slice0    | free5gc        | `10.2.0.0/24` | disabled            | Slice 0                                       |
 | srgw0     | nextmn/srgw0   | `10.3.0.1/32` | `fc00:1::/32`       | srgw0 locators                                |
 | r0        | nextmn/r0      | disabled      | `fc00:2::/32`       | r0 locator                                    |
@@ -48,17 +49,21 @@
 | srgw0     | `nextmn-srv6`                 | dataplane | `10.1.4.131`    | `fd00:0:0:0:3:8000:0:2` | IPv6 routes to SR domain (rr)               |
 | srgw0     | `nextmn-srv6`                 | srgw0     | `10.3.0.1`      | disabled                | H.M.GTP4.D                                  |
 | srgw0     | `nextmn-srv6`                 | srgw0     | disabled        | `fc00:1:1::/48`         | End.M.GTP4.E                                |
+| srgw0     | `nextmn-srv6`                 | nextmndb  | auto            | auto                    |                                             |
 | r0        | `nextmn-srv6`                 | control   | auto            | `fd00:0:0:0:2:8000:0:4` |                                             |
 | r0        | `nextmn-srv6`                 | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:3` | IPv6 routes to SR domain (r1, rr)           |
 | r0        | `nextmn-srv6`                 | r0        | disabled        | `fc00:2:1::/48`         | End.DX4                                     |
 | r0        | `nextmn-srv6`                 | edge      | `10.1.5.129`    | disabled                | H.Encaps + Route to instance in edge0 (s0)  |
+| r0        | `nextmn-srv6`                 | nextmndb  | auto            | auto                    |                                             |
 | r1        | `nextmn-srv6`                 | control   | auto            | `fd00:0:0:0:2:8000:0:5` |                                             |
 | r1        | `nextmn-srv6`                 | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:4` | IPv6 routes to SR domain (r0, rr)           |
 | r1        | `nextmn-srv6`                 | r1        | disabled        | `fc00:3:1::/48`         | End.DX4                                     |
 | r1        | `nextmn-srv6`                 | edge      | `10.1.5.130`    | disabled                | H.Encaps + Route to instances in edge1 (s1) |
+| r1        | `nextmn-srv6`                 | nextmndb  | auto            | auto                    |                                             |
 | rr        | `nextmn-srv6`                 | control   | auto            | `fd00:0:0:0:2:8000:0:3` |                                             |
 | rr        | `nextmn-srv6`                 | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:3` | IPv6 routes to SR domain (srgw0, r0, r1)    |
 | rr        | `nextmn-srv6`                 | rr        | disabled        | `fc00:4:1::/48`         | End                                         |
+| rr        | `nextmn-srv6`                 | nextmndb  | auto            | auto                    |                                             |
 | s0        | `nginx`                       | edge      | `10.1.5.131`    | disabled                | Route to slice0 via r0                      |
 | s0        | `ngnix`                       | service   | `10.4.0.1`      | disabled                |                                             |
 | s1        | `nginx`                       | edge      | `10.1.5.132`    | disabled                | Route to slice0 via r1                      |
@@ -79,3 +84,4 @@
 | udr       | `free5gc-udr`                 | db        | auto            | disabled                |                                             |
 | populate  | `louisroyer/free5gc-populate` | db        | auto            | disabled                |                                             |
 | mongodb   | `mongodb`                     | db        | auto            | disabled                |                                             |
+| nextmndb  | `postgres`                    | nextmndb  | auto            | auto                    |                                             |

scripts/jinja/customize.py

@@ -11,6 +11,7 @@
 import os.path
 import functools
 import shutil
+import secrets
 
 class _Context:
     _context = {}
@@ -155,6 +156,20 @@ def volume_ro(s: str, s2: str) -> str:
     shutil.copy2(src=template, dst=build)
     return f'- ./{s}:{s2}:ro'
 
+@function
+def secret(s: str) -> str:
+    build, _ = build_and_template_dir()
+    build = os.path.join(build,'secrets',  s)
+    os.makedirs(os.path.dirname(build), exist_ok=True)
+    try:
+        with open(build, 'x') as f:
+            print(f'Creating new secret `{s}`')
+            f.write(secrets.token_hex(16))
+    except FileExistsError:
+        pass
+    return f'{os.path.join("./secrets", s)}'
+
+
 @function
 def ipv4(host: str, subnet: str, _context: _Context) -> str:
     try:

templates/compose.yaml.j2

@@ -354,6 +354,7 @@ services:
   {{ container_s(name='r0', image='louisroyer/dev-nextmn-srv6', restart='always', srv6=True, debug=True) }}
     depends_on:
       - srv6-ctrl
+      - nextmndb
     volumes:
       {{ volume_ro('nextmn/routes-to-nei.sh', '/usr/local/bin/routes-to-nei.sh') }}
     environment:
@@ -379,17 +380,23 @@ services:
           to: "{{ ipv4_subnet('slice0') }}"
           provider: "NextMN-ctrl"
           behavior: "H.Encaps"
+      POSTGRES_PASSWORD_FILE: /run/secrets/nextmndb_password
+      POSTGRES_HOST: "nextmndb.nextmndb"
+    secrets:
+      - nextmndb_password
     networks:
       control:
         ipv6_address: "{{ ipv6('r0', 'control') }}"
       dataplane:
         ipv6_address: "{{ ipv6('r0', 'dataplane') }}"
       edge:
         ipv4_address: "{{ ipv4('r0', 'edge') }}"
+      nextmndb:
 
   {{ container_s(name='r1', image='louisroyer/dev-nextmn-srv6', restart='always', srv6=True, debug=True ) }}
     depends_on:
       - srv6-ctrl
+      - nextmndb
     volumes:
       {{ volume_ro('nextmn/routes-to-nei.sh', '/usr/local/bin/routes-to-nei.sh') }}
     environment:
@@ -415,17 +422,23 @@ services:
           to: "{{ ipv4_subnet('slice0') }}"
           provider: "NextMN-ctrl"
           behavior: "H.Encaps"
+      POSTGRES_PASSWORD_FILE: /run/secrets/nextmndb_password
+      POSTGRES_HOST: "nextmndb.nextmndb"
+    secrets:
+      - nextmndb_password
     networks:
       control:
         ipv6_address: "{{ ipv6('r1', 'control') }}"
       dataplane:
         ipv6_address: "{{ ipv6('r1', 'dataplane') }}"
       edge:
         ipv4_address: "{{ ipv4('r1', 'edge') }}"
+      nextmndb:
 
   {{ container_s(name='rr', image='louisroyer/dev-nextmn-srv6', restart='always', srv6=True, debug=True ) }}
     depends_on:
       - srv6-ctrl
+      - nextmndb
     volumes:
       {{ volume_ro('nextmn/routes-to-nei.sh', '/usr/local/bin/routes-to-nei.sh') }}
     environment:
@@ -444,15 +457,21 @@ services:
         - prefix: "{{ ipv6_prefix('end', 'rr') }}"
           provider: "Linux"
           behavior: "End"
+      POSTGRES_PASSWORD_FILE: /run/secrets/nextmndb_password
+      POSTGRES_HOST: "nextmndb.nextmndb"
+    secrets:
+      - nextmndb_password
     networks:
       control:
         ipv6_address: "{{ ipv6('rr', 'control') }}"
       dataplane:
         ipv6_address: "{{ ipv6('rr', 'dataplane') }}"
+      nextmndb:
 
   {{ container_s(name='srgw0', image='louisroyer/dev-nextmn-srv6', restart='always', srv6=True, debug=True ) }}
     depends_on:
       - srv6-ctrl
+      - nextmndb
     volumes:
       {{ volume_ro('nextmn/routes-to-nei.sh', '/usr/local/bin/routes-to-nei.sh') }}
     environment:
@@ -491,13 +510,18 @@ services:
         - prefix: "{{ ipv6_prefix('end-m-gtp4-e', 'srgw0') }}"
           provider: "NextMN"
           behavior: "End.M.GTP4.E"
+      POSTGRES_PASSWORD_FILE: /run/secrets/nextmndb_password
+      POSTGRES_HOST: "nextmndb.nextmndb"
+    secrets:
+      - nextmndb_password
     networks:
       control:
         ipv4_address: "{{ ipv4('srgw0', 'control') }}"
         ipv6_address: "{{ ipv6('srgw0', 'control') }}"
       dataplane:
         ipv4_address: "{{ ipv4('srgw0', 'dataplane') }}"
         ipv6_address: "{{ ipv6('srgw0', 'dataplane') }}"
+      nextmndb:
 
   {{ container_s(name='srv6-ctrl', image='louisroyer/dev-nextmn-srv6-ctrl', restart='always') }}
     environment:
@@ -510,6 +534,14 @@ services:
         ipv4_address: "{{ ipv4('srv6-ctrl', 'control') }}"
         ipv6_address: "{{ ipv6('srv6-ctrl', 'control') }}"
 
+  {{ container_s(name='nextmndb', image='postgres', restart='always', command=False) }}
+    secrets:
+      - nextmndb_password
+    environment:
+      POSTGRES_PASSWORD_FILE: /run/secrets/nextmndb_password
+    networks:
+      nextmndb:
+
 
   {{ container_setup_s(name='s0') }}
     environment:
@@ -555,6 +587,9 @@ services:
       edge:
         ipv4_address: "{{ ipv4('s1', 'edge') }}"
 
+secrets:
+  nextmndb_password:
+    file: "{{ secret('nextmndb_password.txt') }}"
 
 networks:
   ran:
@@ -644,3 +679,19 @@ networks:
         - subnet: 10.1.5.0/24
           ip_range: 10.1.5.0/25
           gateway: 10.1.5.254
+  nextmndb:
+    name: nextmndb
+    enable_ipv6: false
+    driver: bridge
+    driver_opts:
+      com.docker.network.container_iface_prefix: nmndb-
+      com.docker.network.bridge.name: nmndb
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.1.6.0/24
+          ip_range: 10.1.6.0/25
+          gateway: 10.1.6.254
+        - subnet: fd00:0:0:0:4::/80
+          ip_range: fd00:0:0:0:4::/81
+          gateway: fd00::4:8000:0:1