From 4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sun, 25 Feb 2018 23:37:04 +0100
Subject: A complete working ADEI templte, v1-alpha
---
roles/ands_kaas/tasks/search.yml | 2 +-
roles/ands_kaas/templates/50-kaas-pods.yml.j2 | 13 +++++++++--
setup/projects/adei/files/adei_init/mysql/adei.sql | 1 +
.../projects/adei/files/adei_init/mysql/initdb.sh | 16 +++++++++++++
setup/projects/adei/files/adei_init/mysql/pma.sql | 17 ++++++++++++++
setup/projects/adei/templates/01-secret.yml.j2 | 26 ++++++++++++++++++++++
setup/projects/adei/vars/globals.yml | 25 ++++++++++++---------
setup/projects/adei/vars/pods.yml | 19 ++++++++++------
setup/projects/adei/vars/secrets.yml | 6 +++++
setup/projects/adei/vars/volumes.yml | 1 +
10 files changed, 105 insertions(+), 21 deletions(-)
create mode 100644 setup/projects/adei/files/adei_init/mysql/adei.sql
create mode 100644 setup/projects/adei/files/adei_init/mysql/initdb.sh
create mode 100644 setup/projects/adei/files/adei_init/mysql/pma.sql
create mode 100644 setup/projects/adei/templates/01-secret.yml.j2
create mode 100644 setup/projects/adei/vars/secrets.yml
diff --git a/roles/ands_kaas/tasks/search.yml b/roles/ands_kaas/tasks/search.yml
index e54c42b..9844ee8 100644
--- a/roles/ands_kaas/tasks/search.yml
+++ b/roles/ands_kaas/tasks/search.yml
@@ -12,5 +12,5 @@
local_path: "{{ osv_path }}"
remote_path: "{{ hostvars[inventory_hostname][pvar] }}"
when:
- - osv in kaas_openshift_volumes
+ - osv in (kaas_project_config.volumes | default(kaas_openshift_volumes))
- hostvars[inventory_hostname][pvar] is defined
diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
index 49dab3f..9782f75 100644
--- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2
+++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
@@ -183,8 +183,9 @@ objects:
{{ type }}:
timeoutSeconds: {{ probe.timeout | default(1) }}
initialDelaySeconds: {{ probe.delay | default(10) }}
- {% if (probe.cmd is defined) %}
- command: "{{ probe.cmd }}"
+ {% if (probe.command is defined) %}
+ exec:
+ command: {{ probe.command | to_json }}
{% elif (probe.path is defined) %}
httpGet:
path: {{ probe.path }}
@@ -196,5 +197,13 @@ objects:
{% endfor %}
{% endfor %}
{% endif %}
+ {% if img.hooks is defined %}
+ lifecycle:
+ {% for hook in img.hooks %}
+ {{ hook.type }}:
+ exec:
+ command: {{ hook.command | to_json }}
+ {% endfor %}
+ {% endif %}
{% endfor %}
{% endfor %}
diff --git a/setup/projects/adei/files/adei_init/mysql/adei.sql b/setup/projects/adei/files/adei_init/mysql/adei.sql
new file mode 100644
index 0000000..a17fcfe
--- /dev/null
+++ b/setup/projects/adei/files/adei_init/mysql/adei.sql
@@ -0,0 +1 @@
+GRANT ALL ON `adei_%`.* TO 'adei'@'%';
diff --git a/setup/projects/adei/files/adei_init/mysql/initdb.sh b/setup/projects/adei/files/adei_init/mysql/initdb.sh
new file mode 100644
index 0000000..f877520
--- /dev/null
+++ b/setup/projects/adei/files/adei_init/mysql/initdb.sh
@@ -0,0 +1,16 @@
+(
+ dir=$(dirname $0)
+ cd $dir
+
+ # Waiting until server is initialized
+ e=1
+ while [ $e -ne 0 ]; do
+ sleep 5
+ MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'
+ e=$?
+ done
+
+
+ cat adei.sql | awk "{ gsub(/@PWD@/, \"$PMA_PASSWORD\"); print }" | MYSQL_PWD="$MYSQL_ROOT_PASSWORD" mysql -u root -h $HOSTNAME
+ #cat pma.sql | awk "{ gsub(/@PWD@/, \"$PMA_PASSWORD\"); print }" | MYSQL_PWD="$MYSQL_ROOT_PASSWORD" mysql -u root -h $HOSTNAME
+)
diff --git a/setup/projects/adei/files/adei_init/mysql/pma.sql b/setup/projects/adei/files/adei_init/mysql/pma.sql
new file mode 100644
index 0000000..884284f
--- /dev/null
+++ b/setup/projects/adei/files/adei_init/mysql/pma.sql
@@ -0,0 +1,17 @@
+GRANT ALL ON `adei_%`.* TO 'adei'@'%';
+
+CREATE USER IF NOT EXISTS 'pma'@'%' IDENTIFIED BY '@PWD@';
+ALTER USER 'pma'@'%' IDENTIFIED BY '@PWD@';
+
+GRANT USAGE ON mysql.* TO 'pma'@'%';
+GRANT SELECT (
+Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
+Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
+File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
+Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
+Execute_priv, Repl_slave_priv, Repl_client_priv
+) ON mysql.user TO 'pma'@'%';
+GRANT SELECT ON mysql.db TO 'pma'@'%';
+#GRANT SELECT ON mysql.host TO 'pma'@'%';
+GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'%';
diff --git a/setup/projects/adei/templates/01-secret.yml.j2 b/setup/projects/adei/templates/01-secret.yml.j2
new file mode 100644
index 0000000..f310ec9
--- /dev/null
+++ b/setup/projects/adei/templates/01-secret.yml.j2
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Template
+metadata:
+ name: adei-build
+ labels:
+ app: adei
+ annotations:
+ descriptions: "ADEI Secrets"
+objects:
+- apiVersion: v1
+ kind: Secret
+ metadata:
+ annotations:
+ template.openshift.io/expose-adei_password: '{.data[''adei-password'']}'
+ template.openshift.io/expose-pma_password: '{.data[''pma-password'']}'
+ name: adei
+ stringData:
+ adei-password: "{{ kaas_project_config.adei_password }}"
+ pma-password: "${PMA_PASSWORD}"
+parameters:
+- description: Password for the PMA connection user.
+ displayName: PMA Connection Password
+ from: '[a-zA-Z0-9]{16}'
+ generate: expression
+ name: PMA_PASSWORD
+ required: true
diff --git a/setup/projects/adei/vars/globals.yml b/setup/projects/adei/vars/globals.yml
index 72262e5..21f4db1 100644
--- a/setup/projects/adei/vars/globals.yml
+++ b/setup/projects/adei/vars/globals.yml
@@ -12,9 +12,12 @@ adei_pod_env:
- name: "MYSQL_USER"
value: "adei"
- name: "MYSQL_PASSWORD"
- value: "adei"
+ valueFrom:
+ secretKeyRef:
+ name: "adei"
+ key: "adei-password"
- name: "MYSQL_DATABASE"
- value: "adei"
+ value: "adei_${setup}"
- name: "ADEI_PORTS"
value: "8080"
- name: "ADEI_ENABLED_SETUPS"
@@ -165,17 +168,17 @@ adei_frontends:
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_dbg_mounts | union(adei_pod_mounts) }}"
groups: [ "adei" ]
- enabled: false
configure: true
+ enabled: true
logs:
name: "adei-${setup}-logs"
node: "adei-${setup}-logs.{{ adei_domain }}"
- replicas: "${enabled_logs}"
+ replicas: "${enable_logs}"
env: "{{ adei_pod_env | union(adei_log_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
groups: [ "adei" ]
- enabled: false
+ enabled: true
cacher:
name: "adei-${setup}-cacher"
replicas: "${cache_replicas}"
@@ -188,21 +191,21 @@ adei_frontends:
archive_cacher:
name: "adei-${setup}-archive-cacher"
replicas: "1"
- cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh -m archive" ]
+ cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh", "-m", "archive" ]
env: "{{ adei_pod_env | union(adei_arc_cache_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
groups: [ "adei" ]
- enabled: false
+ enabled: true
log_cacher:
name: "adei-${setup}-log-cacher"
- replicas: "${enabled_logs}"
+ replicas: "${enable_logs}"
cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh" ]
env: "{{ adei_pod_env | union(adei_log_cache_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
groups: [ "adei" ]
- enabled: false
+ enabled: true
update:
name: "adei-${setup}-update"
cron: "${update_schedule}"
@@ -220,7 +223,7 @@ adei_frontends:
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
groups: [ "adei" ]
- enabled: false
+ enabled: true
clean:
name: "adei-${setup}-clean"
cron: "${clean_schedule}"
@@ -229,4 +232,4 @@ adei_frontends:
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
groups: [ "adei" ]
- enabled: false
+ enabled: true
diff --git a/setup/projects/adei/vars/pods.yml b/setup/projects/adei/vars/pods.yml
index c0b943c..5278c44 100644
--- a/setup/projects/adei/vars/pods.yml
+++ b/setup/projects/adei/vars/pods.yml
@@ -5,16 +5,23 @@ pods:
selector: { master: 1 }
groups: [ "adei_db" ]
images:
- - image: "openshift/mysql-56-centos7"
+ - image: "centos/mysql-57-centos7"
env:
- { name: "MYSQL_USER", value: "adei" }
- - { name: "MYSQL_PASSWORD", value: "adei" }
+ - { name: "MYSQL_PASSWORD", value: "secret@adei/adei-password" }
+ - { name: "MYSQL_ROOT_PASSWORD", value: "secret@adei/adei-password" }
- { name: "MYSQL_DATABASE", value: "adei" }
+ - { name: "PMA_PASSWORD", value: "secret@adei/pma-password" }
mappings:
- - { name: "adei_etc", path: "mysql", mount: "/etc/mysql" }
+ - { name: "adei_init", mount: "/var/lib/init" }
- { name: "adei_db", path: "mysql", mount: "/var/lib/mysql/data" }
probes:
- { port: 3306 }
+# - { type: "liveness", port: 3306 }
+# - { type: "readiness", command: [/bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE, -e 'SELECT 1'] }
+ hooks:
+ - { type: "postStart", command: [ "/bin/bash", "/var/lib/init/mysql/initdb.sh" ] }
+
phpmyadmin:
service: { host: "phpmyadmin.{{ openshift_master_default_subdomain }}", ports: [ 80/8080 ] }
sched: { replicas: 1 }
@@ -23,14 +30,12 @@ pods:
env:
- { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" }
- { name: "DB_SERVICE_PORT", value: "3306" }
- - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
- - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "adei" }
+# - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
+# - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" }
- { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" }
probes:
- { port: 8080, path: '/' }
-
-
#oc:
# - template: "[0-3]*"
# - template: "[4-6]*"
diff --git a/setup/projects/adei/vars/secrets.yml b/setup/projects/adei/vars/secrets.yml
new file mode 100644
index 0000000..09d7404
--- /dev/null
+++ b/setup/projects/adei/vars/secrets.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+34353236316663633066306139633563623564323261343039346536333934656263343539376138
+3439306637386530373339396638613965383265366633390a343837383862353965393361366432
+39356537356430393232616332336366643138653931633738353938653334613165326263346566
+3139323437346663660a633665303662666237616665383564636639323763383335373538306533
+62616134363866353565323237353334653331373665636664636366643336613137
diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml
index 3a0fe4d..69d291c 100644
--- a/setup/projects/adei/vars/volumes.yml
+++ b/setup/projects/adei/vars/volumes.yml
@@ -1,4 +1,5 @@
volumes:
+ adei_init: { volume: "openshift", path: "/adei/init" } # mysql
adei_etc: { volume: "openshift", path: "/adei/etc" } # mysql
adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links)
adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup)
--
cgit v1.2.3