A complete working ADEI templte, v1-alpha

author: Suren A. Chilingaryan <csa@suren.me> 2018-02-25 23:37:04 +0100
committer: Suren A. Chilingaryan <csa@suren.me> 2018-02-25 23:37:04 +0100
commit: 4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a (patch)
tree: 8abb0a5a80eb7e155975dbd884f3ea0b6f955f9f
parent: 93c950b8e2f06a62bb4b7b0f463eec125118aafc (diff)
download: ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.tar.gz
ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.tar.bz2
ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.tar.xz
ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.zip
10 files changed, 105 insertions, 21 deletions
diff --git a/roles/ands_kaas/tasks/search.yml b/roles/ands_kaas/tasks/search.yml
index e54c42b..9844ee8 100644
--- a/roles/ands_kaas/tasks/search.yml
+++ b/roles/ands_kaas/tasks/search.yml
@@ -12,5 +12,5 @@
     local_path: "{{ osv_path }}"
     remote_path: "{{ hostvars[inventory_hostname][pvar] }}"
   when:
-    - osv in kaas_openshift_volumes
+    - osv in (kaas_project_config.volumes | default(kaas_openshift_volumes))
     - hostvars[inventory_hostname][pvar] is defined
diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
index 49dab3f..9782f75 100644
--- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2
+++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
@@ -183,8 +183,9 @@ objects:
               {{ type }}:
                 timeoutSeconds: {{ probe.timeout | default(1) }}
                 initialDelaySeconds: {{ probe.delay | default(10) }}
-            {% if (probe.cmd is defined) %}
-                command: "{{ probe.cmd }}"
+            {% if (probe.command is defined) %}
+                exec:
+                  command: {{ probe.command | to_json }}
             {% elif (probe.path is defined) %}
                 httpGet: 
                   path: {{ probe.path }}
@@ -196,5 +197,13 @@ objects:
           {% endfor %}
         {% endfor %}
       {% endif %}
+      {% if img.hooks is defined %}
+              lifecycle:
+        {% for hook in img.hooks %}
+                {{ hook.type }}:
+                  exec:
+                    command: {{ hook.command | to_json }}
+        {% endfor %}
+      {% endif %}
     {% endfor %}
 {% endfor %}
diff --git a/setup/projects/adei/files/adei_init/mysql/adei.sql b/setup/projects/adei/files/adei_init/mysql/adei.sql
new file mode 100644
index 0000000..a17fcfe
--- /dev/null
+++ b/setup/projects/adei/files/adei_init/mysql/adei.sql
@@ -0,0 +1 @@
+GRANT ALL ON `adei_%`.* TO 'adei'@'%';
diff --git a/setup/projects/adei/files/adei_init/mysql/initdb.sh b/setup/projects/adei/files/adei_init/mysql/initdb.sh
new file mode 100644
index 0000000..f877520
--- /dev/null
+++ b/setup/projects/adei/files/adei_init/mysql/initdb.sh
@@ -0,0 +1,16 @@
+(
+    dir=$(dirname $0)
+    cd $dir
+
+    # Waiting until server is initialized
+    e=1
+    while [ $e -ne 0 ]; do
+        sleep 5
+        MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'
+        e=$?
+    done
+
+
+    cat adei.sql | awk "{ gsub(/@PWD@/, \"$PMA_PASSWORD\"); print }" | MYSQL_PWD="$MYSQL_ROOT_PASSWORD" mysql -u root -h $HOSTNAME
+    #cat pma.sql | awk "{ gsub(/@PWD@/, \"$PMA_PASSWORD\"); print }" | MYSQL_PWD="$MYSQL_ROOT_PASSWORD" mysql -u root -h $HOSTNAME
+)
diff --git a/setup/projects/adei/files/adei_init/mysql/pma.sql b/setup/projects/adei/files/adei_init/mysql/pma.sql
new file mode 100644
index 0000000..884284f
--- /dev/null
+++ b/setup/projects/adei/files/adei_init/mysql/pma.sql
@@ -0,0 +1,17 @@
+GRANT ALL ON `adei_%`.* TO 'adei'@'%';
+
+CREATE USER IF NOT EXISTS 'pma'@'%' IDENTIFIED BY '@PWD@';
+ALTER USER 'pma'@'%' IDENTIFIED BY '@PWD@';
+
+GRANT USAGE ON mysql.* TO 'pma'@'%';
+GRANT SELECT (
+Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
+Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
+File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
+Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
+Execute_priv, Repl_slave_priv, Repl_client_priv
+) ON mysql.user TO 'pma'@'%';
+GRANT SELECT ON mysql.db TO 'pma'@'%';
+#GRANT SELECT ON mysql.host TO 'pma'@'%';
+GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'%';
diff --git a/setup/projects/adei/templates/01-secret.yml.j2 b/setup/projects/adei/templates/01-secret.yml.j2
new file mode 100644
index 0000000..f310ec9
--- /dev/null
+++ b/setup/projects/adei/templates/01-secret.yml.j2
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: adei-build
+  labels:
+    app: adei
+  annotations:
+    descriptions: "ADEI Secrets"
+objects:
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    annotations:
+      template.openshift.io/expose-adei_password: '{.data[''adei-password'']}'
+      template.openshift.io/expose-pma_password: '{.data[''pma-password'']}'
+    name: adei
+  stringData:
+    adei-password: "{{ kaas_project_config.adei_password }}"
+    pma-password: "${PMA_PASSWORD}"
+parameters:
+- description: Password for the PMA connection user.
+  displayName: PMA Connection Password
+  from: '[a-zA-Z0-9]{16}'
+  generate: expression
+  name: PMA_PASSWORD
+  required: true
diff --git a/setup/projects/adei/vars/globals.yml b/setup/projects/adei/vars/globals.yml
index 72262e5..21f4db1 100644
--- a/setup/projects/adei/vars/globals.yml
+++ b/setup/projects/adei/vars/globals.yml
@@ -12,9 +12,12 @@ adei_pod_env:
     - name: "MYSQL_USER"
       value: "adei"
     - name: "MYSQL_PASSWORD"
-      value: "adei"
+      valueFrom: 
+        secretKeyRef:
+          name: "adei"
+          key: "adei-password"
     - name: "MYSQL_DATABASE"
-      value: "adei"
+      value: "adei_${setup}"
     - name: "ADEI_PORTS"
       value: "8080"
     - name: "ADEI_ENABLED_SETUPS"
@@ -165,17 +168,17 @@ adei_frontends:
       vols: "{{ adei_pod_vols }}"
       mounts: "{{ adei_dbg_mounts | union(adei_pod_mounts) }}"
       groups: [ "adei" ]
-      enabled: false
       configure: true
+      enabled: true
     logs:
       name: "adei-${setup}-logs"
       node: "adei-${setup}-logs.{{ adei_domain }}"  
-      replicas: "${enabled_logs}"
+      replicas: "${enable_logs}"
       env: "{{ adei_pod_env | union(adei_log_env) }}"
       vols: "{{ adei_pod_vols }}"
       mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
       groups: [ "adei" ]
-      enabled: false
+      enabled: true
     cacher:
       name: "adei-${setup}-cacher"
       replicas: "${cache_replicas}"
@@ -188,21 +191,21 @@ adei_frontends:
     archive_cacher:
       name: "adei-${setup}-archive-cacher"
       replicas: "1"
-      cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh -m archive" ]
+      cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh",  "-m",  "archive" ]
       env: "{{ adei_pod_env | union(adei_arc_cache_env) }}"
       vols: "{{ adei_pod_vols }}"
       mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
       groups: [ "adei" ]
-      enabled: false
+      enabled: true
     log_cacher:
       name: "adei-${setup}-log-cacher"
-      replicas: "${enabled_logs}"
+      replicas: "${enable_logs}"
       cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh" ]
       env: "{{ adei_pod_env | union(adei_log_cache_env) }}"
       vols: "{{ adei_pod_vols }}"
       mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
       groups: [ "adei" ]
-      enabled: false
+      enabled: true
     update:
       name: "adei-${setup}-update"
       cron: "${update_schedule}"
@@ -220,7 +223,7 @@ adei_frontends:
       vols: "{{ adei_pod_vols }}"
       mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
       groups: [ "adei" ]
-      enabled: false
+      enabled: true
     clean:
       name: "adei-${setup}-clean"
       cron: "${clean_schedule}"
@@ -229,4 +232,4 @@ adei_frontends:
       vols: "{{ adei_pod_vols }}"
       mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
       groups: [ "adei" ]
-      enabled: false
+      enabled: true
diff --git a/setup/projects/adei/vars/pods.yml b/setup/projects/adei/vars/pods.yml
index c0b943c..5278c44 100644
--- a/setup/projects/adei/vars/pods.yml
+++ b/setup/projects/adei/vars/pods.yml
@@ -5,16 +5,23 @@ pods:
     selector: { master: 1 }
     groups: [ "adei_db" ]
     images:
-      - image: "openshift/mysql-56-centos7"
+      - image: "centos/mysql-57-centos7"
         env:
             - { name: "MYSQL_USER", value: "adei" }
-            - { name: "MYSQL_PASSWORD", value: "adei" } 
+            - { name: "MYSQL_PASSWORD", value: "secret@adei/adei-password" } 
+            - { name: "MYSQL_ROOT_PASSWORD", value: "secret@adei/adei-password" } 
             - { name: "MYSQL_DATABASE", value: "adei" }
+            - { name: "PMA_PASSWORD", value: "secret@adei/pma-password" } 
         mappings: 
-            - { name: "adei_etc", path: "mysql", mount: "/etc/mysql" }
+            - { name: "adei_init", mount: "/var/lib/init" }
             - { name: "adei_db", path: "mysql", mount: "/var/lib/mysql/data" }
         probes:
             - { port: 3306 }
+#            - { type: "liveness", port: 3306 }
+#            - { type: "readiness", command: [/bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE, -e 'SELECT 1'] }
+        hooks:
+            - { type: "postStart", command: [ "/bin/bash", "/var/lib/init/mysql/initdb.sh" ] }
+
   phpmyadmin:
     service: { host: "phpmyadmin.{{ openshift_master_default_subdomain }}", ports: [ 80/8080 ] }
     sched: { replicas: 1 }
@@ -23,14 +30,12 @@ pods:
         env:
             - { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" }
             - { name: "DB_SERVICE_PORT", value: "3306" } 
-            - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
-            - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "adei" }
+#            - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
+#            - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" }
             - { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" }
         probes:
             - { port: 8080, path: '/' }
 
-
-
 #oc:
 #  - template: "[0-3]*"
 #  - template: "[4-6]*"
diff --git a/setup/projects/adei/vars/secrets.yml b/setup/projects/adei/vars/secrets.yml
new file mode 100644
index 0000000..09d7404
--- /dev/null
+++ b/setup/projects/adei/vars/secrets.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+34353236316663633066306139633563623564323261343039346536333934656263343539376138
+3439306637386530373339396638613965383265366633390a343837383862353965393361366432
+39356537356430393232616332336366643138653931633738353938653334613165326263346566
+3139323437346663660a633665303662666237616665383564636639323763383335373538306533
+62616134363866353565323237353334653331373665636664636366643336613137
diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml
index 3a0fe4d..69d291c 100644
--- a/setup/projects/adei/vars/volumes.yml
+++ b/setup/projects/adei/vars/volumes.yml
@@ -1,4 +1,5 @@
 volumes:
+  adei_init: { volume: "openshift", path: "/adei/init" }                # mysql
   adei_etc: { volume: "openshift", path: "/adei/etc" }                  # mysql
   adei_src: { volume: "openshift", path: "/adei/src", write: true }     # prod & debug (init creates setup links)
   adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true }     # per-setup configs (ADEI/wiki modifies setup)
author	Suren A. Chilingaryan <csa@suren.me>	2018-02-25 23:37:04 +0100
committer	Suren A. Chilingaryan <csa@suren.me>	2018-02-25 23:37:04 +0100
commit	4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a (patch)
tree	8abb0a5a80eb7e155975dbd884f3ea0b6f955f9f
parent	93c950b8e2f06a62bb4b7b0f463eec125118aafc (diff)
download	ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.tar.gz ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.tar.bz2 ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.tar.xz ands-4e5b055d02f7ab1f618fb2426cfff9ebc1c9678a.zip