fix magento aurora grants

Signed-off-by: Sébastien Allamand <[email protected]>

.projenrc.js

@@ -11,7 +11,7 @@ const project = new awscdk.AwsCdkTypeScriptApp({
   keywords: ['aws', 'constructs', 'cdk', 'ecs', 'magento', 'fargate', 'opensearch', 'efs', 'fsx'],
   description:
     'CDK Project to deploy Magento Applications on top of AWS ECS, FARGATE/EC2, EFS/FsX Ontap, RDS, OpenSearch, ElastiCashe',
-  cdkVersion: '2.165.0',
+  cdkVersion: '2.166.0',
   defaultReleaseBranch: 'main',
   license: 'MIT',
   name: 'magento-ecs-cdk',
@@ -111,11 +111,11 @@ const project = new awscdk.AwsCdkTypeScriptApp({
     //vpc_tag_name: 'ecsworkshop-base/BaseVPC', // TAG Name of the VPC to create the cluster into (or 'default' or comment to create new one)
     'enablePrivateLink': 'true', // this parameter seems to works only one
 
-    'createEFS': 'yes', //if yes CDK will create the EFS File System
-    'useEFS': 'yes', // if true, /bitnami/magento directory will be mapped to a new empty FSX volume.
+    'createEFS': 'no', //if yes CDK will create the EFS File System
+    'useEFS': 'no', // if true, /bitnami/magento directory will be mapped to a new empty FSX volume.
 
-    //useFSX: 'yes', // if yes, create en EC2 based cluster (required for FsX), if no create Fargate cluster
-    'ec2Cluster': 'no', // if yes, create en EC2 based cluster (required for FsX), if no create Fargate cluster
+    'useFSX': 'yes', // if yes, create en EC2 based cluster (required for FsX), if no create Fargate cluster
+    'ec2Cluster': 'yes', // if yes, create en EC2 based cluster (required for FsX), if no create Fargate cluster
 
     // You can customize Instances size
     // ec2InstanceType: 'c5.9xlarge',

Makefile

@@ -41,4 +41,10 @@ upgrade:
 #run npx projen build in this not-connected container to simulate gh action build
 local-test:
 	 docker run -ti -v $(PWD):/src -w /src allamand/eksutils zsh    
-
+
+local-magento:
+	cd docker && docker build -t magento .
+	docker rm magento
+	docker run -d --name magento --env MAGENTO_ADMIN_TASK=yes magento /opt/bitnami/scripts/magento/run.sh
+	sleep 2
+	docker logs magento -f

doc/troubleshoot.md

@@ -80,7 +80,7 @@ Configuration files are :
 If you get an error in magento, you can find corresponding log in
 
 ```
-/bitnami/magento/var/report/<error_id>
+/bitnami/magento/var/log/<error_id>
 ```
 
 If the error is like
@@ -114,6 +114,27 @@ You can connect to the Mysql DB from magento asks:
 mysql -h $MAGENTO_DATABASE_HOST -u $MAGENTO_DATABASE_USER -p$MAGENTO_DATABASE_PASSWORD $MAGENTO_DATABASE_NAME
 ```
 
+Some commands:
+
+```
+Select User, Host from mysql.user;
+
+SHOW GRANTS FOR 'magentouser'@'%';
+
+```
+
+```
+
+GRANT ALL PRIVILEGES ON . TO 'magentouser'@'%';
+
+mysql -h $MAGENTO_DATABASE_HOST -u $MAGENTO_DATABASE_USER -p$MAGENTO_DATABASE_PASSWORD $MAGENTO_DATABASE_NAME
+
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, 
+CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, 
+CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON magentodemo.* 
+TO 'magentouser'@'%';
+```
+
 ## Elasticsearch
 
 You can test the OpenSearch connection with curl:
@@ -132,16 +153,40 @@ curl -XPOST -u "$MAGENTO_ELASTICSEARCH_USER:$MAGENTO_ELASTICSEARCH_PASSWORD" "ht
 The stack is configured to delete the database cluster and OpenSearch cluster, and EFS file system. If you want to be able to keep the data, you will need to update the **removalPolicy** policies of those services in the CDK code.
 
 ```typescript
-    const db = new DatabaseCluster(this, 'ServerlessWordpressAuroraCluster', {
-      engine: DatabaseClusterEngine.AURORA_MYSQL,
+  ...
+
+    #Prevent db deletion
+    const db = new DatabaseCluster(this, 'MagentoAuroraCluster', {
+      engine: DatabaseClusterEngine.auroraMysql({ version: AuroraMysqlEngineVersion.VER_3_07_1 }),
       credentials: Credentials.fromPassword(DB_USER, secret),
+      writer: ClusterInstance.provisioned('Writer', {
+        instanceType: InstanceType.of(InstanceClass.R6G, InstanceSize.LARGE),
+        enablePerformanceInsights: true,
+        performanceInsightRetention: PerformanceInsightRetention.MONTHS_1,
+      }),
+      readers: [
+        ClusterInstance.provisioned('Reader', {
+          instanceType: InstanceType.of(InstanceClass.R6G, InstanceSize.LARGE),
+          enablePerformanceInsights: true,
+          performanceInsightRetention: PerformanceInsightRetention.MONTHS_1,
+        }),
+      ],
+      vpc,
+      vpcSubnets: { subnetType: SubnetType.PRIVATE_WITH_EGRESS },
+      securityGroups: [rdsSG],
+      defaultDatabaseName: DB_NAME,
       removalPolicy: RemovalPolicy.DESTROY, // <-- you can change this ----------------------------->
-      instanceProps: {
-        vpc: vpc,
-        securityGroups: [rdsSG],
+      backtrackWindow: Duration.hours(24), // Enable Backtrack with a 24-hour window
+      backup: {
+        retention: Duration.days(14),
+        preferredWindow: '03:00-04:00',
       },
-      defaultDatabaseName: DB_NAME,
+      cloudwatchLogsExports: ['error', 'general', 'slowquery'],
+      monitoringInterval: Duration.seconds(60),
+      storageEncrypted: true, // Ensure storage encryption for security
+      deletionProtection: false, // <-- you can change this ---------------------------->
     });
+
     ...
 
     const osDomain = new opensearch.Domain(this, 'Domain', {
@@ -161,6 +206,8 @@ The stack is configured to delete the database cluster and OpenSearch cluster, a
       encrypted: true,
       removalPolicy: RemovalPolicy.DESTROY,// <-- you can change this ---------------------------->
     });
+
+
 ```
 
 While we can't delete an ECS Capacity Provider when associated Autoscaling Group still exists, the first attempt to delete the stack may be finished in a `DELETE_FAILED` state. A second delete attempt should properly delete everything.

docker/entrypoint.sh

@@ -33,8 +33,27 @@ if [[ "$1" = "/opt/bitnami/scripts/magento/run.sh" || "$1" = "/opt/bitnami/scrip
     /opt/bitnami/scripts/php/setup.sh
     info "** Starting Magento setup mysql**"
     /opt/bitnami/scripts/mysql-client/setup.sh
-    info "** Starting Magento magento **"
 
+
+    info "** Fix Grant **"
+    if [[ "$MAGENTO_ADMIN_TASK" = "yes" ]]; then
+      # Wait for database to be ready (if necessary)
+      until mysql -h $MAGENTO_DATABASE_HOST -u $MAGENTO_DATABASE_USER -p$MAGENTO_DATABASE_PASSWORD -e "SELECT 1"; do
+        echo "Waiting for database connection..."
+        sleep 5
+      done
+
+      # Now apply your GRANT privileges
+      mysql -h $MAGENTO_DATABASE_HOST -u $MAGENTO_DATABASE_USER -p$MAGENTO_DATABASE_PASSWORD $MAGENTO_DATABASE_NAME <<EOF
+      GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, 
+      CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, 
+      CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON $MAGENTO_DATABASE_NAME.* 
+      TO '$MAGENTO_DATABASE_USER'@'%';
+      FLUSH PRIVILEGES;
+EOF
+    fi
+
+    info "** Starting Magento magento **"
     #Accelerate the boot for additional tasks by disabling setup:upgrade
      if [[ "$MAGENTO_ADMIN_TASK" = "no" ]]; then
        sed -i 's/        info "Upgrading database schema"/        info "DISABLE Upgrading database schema"/' /opt/bitnami/scripts/libmagento.sh