#!/bin/bash # Azure PostgreSQL Setup Script for CMDB Insight # Creates PostgreSQL Flexible Server and configures it for production set -e # Configuration RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg" SERVER_NAME="zdl-cmdb-insight-prd-psql" ADMIN_USER="cmdbadmin" LOCATION="westeurope" KEY_VAULT="zdl-cmdb-insight-prd-kv" BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp" echo "🐘 Setting up Azure PostgreSQL for CMDB Insight..." echo "" # Step 1: Generate secure password echo "🔐 Step 1: Generating secure password..." ADMIN_PASSWORD=$(openssl rand -base64 32) echo "✅ Password generated (will be stored in Key Vault)" echo "" # Step 2: Create PostgreSQL Flexible Server echo "📦 Step 2: Creating PostgreSQL Flexible Server..." az postgres flexible-server create \ --resource-group $RESOURCE_GROUP \ --name $SERVER_NAME \ --location $LOCATION \ --admin-user $ADMIN_USER \ --admin-password $ADMIN_PASSWORD \ --sku-name Standard_B1ms \ --tier Burstable \ --storage-size 32 \ --version 15 \ --public-access 0.0.0.0 \ --high-availability Disabled \ --output none if [ $? -eq 0 ]; then echo "✅ PostgreSQL server created: ${SERVER_NAME}.postgres.database.azure.com" else echo "❌ Failed to create PostgreSQL server" exit 1 fi # Step 3: Create database echo "" echo "📊 Step 3: Creating database..." echo " Note: Single database is used by default (contains all tables)" az postgres flexible-server db create \ --resource-group $RESOURCE_GROUP \ --server-name $SERVER_NAME \ --database-name cmdb_insight \ --output none echo "✅ Database created: cmdb_insight" # Step 4: Configure firewall (allow Azure services) echo "" echo "🔥 Step 4: Configuring firewall rules..." az postgres flexible-server firewall-rule create \ --resource-group $RESOURCE_GROUP \ --name $SERVER_NAME \ --rule-name AllowAzureServices \ --start-ip-address 0.0.0.0 \ --end-ip-address 0.0.0.0 \ --output none echo "✅ Firewall rule created (allows Azure services)" # Step 5: Store credentials in Key Vault echo "" echo "🔐 Step 5: Storing credentials in Key Vault..." az keyvault secret set \ --vault-name $KEY_VAULT \ --name DatabasePassword \ --value "$ADMIN_PASSWORD" \ --output none # Create connection string CONNECTION_STRING="postgresql://${ADMIN_USER}:${ADMIN_PASSWORD}@${SERVER_NAME}.postgres.database.azure.com:5432/cmdb_insight?sslmode=require" az keyvault secret set \ --vault-name $KEY_VAULT \ --name DatabaseUrl \ --value "$CONNECTION_STRING" \ --output none echo "✅ Credentials stored in Key Vault" # Step 6: Configure App Service app settings echo "" echo "⚙️ Step 6: Configuring App Service app settings..." # Get Key Vault URL KV_URL=$(az keyvault show --name $KEY_VAULT --query properties.vaultUri -o tsv) # Configure database settings az webapp config appsettings set \ --name $BACKEND_APP_NAME \ --resource-group $RESOURCE_GROUP \ --settings \ DATABASE_TYPE=postgres \ DATABASE_HOST="${SERVER_NAME}.postgres.database.azure.com" \ DATABASE_PORT=5432 \ DATABASE_NAME=cmdb_insight \ DATABASE_USER=$ADMIN_USER \ DATABASE_PASSWORD="@Microsoft.KeyVault(SecretUri=${KV_URL}secrets/DatabasePassword/)" \ DATABASE_SSL=true \ --output none echo "✅ App settings configured" # Summary echo "" echo "✅ PostgreSQL setup completed successfully!" echo "" echo "📋 Summary:" echo " Server: ${SERVER_NAME}.postgres.database.azure.com" echo " Admin User: $ADMIN_USER" echo " Database: cmdb_insight (single database for all data)" echo " Password: Stored in Key Vault ($KEY_VAULT)" echo "" echo "⚠️ Next Steps:" echo " 1. Grant Key Vault access to App Service (if not done yet)" echo " 2. Restart the backend app to connect to PostgreSQL:" echo " az webapp restart --name $BACKEND_APP_NAME --resource-group $RESOURCE_GROUP" echo " 3. Check logs to verify connection:" echo " az webapp log tail --name $BACKEND_APP_NAME --resource-group $RESOURCE_GROUP" echo ""