From 5de35a8ae4e76f283abf159f84bfa9c9b17efddb Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 21 Mar 2020 05:13:02 +0100
Subject: Add ASEC database to ADEI namespace

---
 .../projects/adei/templates/01-asec-secret.yml.j2  | 40 +++++++++++++++++++
 setup/projects/adei/vars/apps.yml                  |  1 +
 setup/projects/adei/vars/asec.yml                  | 46 ++++++++++++++++++++++
 setup/projects/adei/vars/phpmyadmin.yml            |  2 +-
 setup/projects/adei/vars/script.yml                |  2 +
 setup/projects/adei/vars/volumes.yml               |  8 ++++
 6 files changed, 98 insertions(+), 1 deletion(-)
 create mode 100644 setup/projects/adei/templates/01-asec-secret.yml.j2
 create mode 100644 setup/projects/adei/vars/asec.yml

diff --git a/setup/projects/adei/templates/01-asec-secret.yml.j2 b/setup/projects/adei/templates/01-asec-secret.yml.j2
new file mode 100644
index 0000000..17272aa
--- /dev/null
+++ b/setup/projects/adei/templates/01-asec-secret.yml.j2
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: asec-secret
+  labels:
+    app: asec
+  annotations:
+    descriptions: "ASEC Secrets"
+objects:
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    annotations:
+      template.openshift.io/expose-asec_password: '{.data[''asec-password'']}'
+      template.openshift.io/expose-root_password: '{.data[''root-password'']}'
+      template.openshift.io/expose-service_password: '{.data[''service-password'']}'
+    name: asec
+  stringData:
+    asec-password: "${ASEC_PASSWORD}"
+    root-password: "${ROOT_PASSWORD}"
+    service-password: "${SERVICE_PASSWORD}"
+parameters:
+- description: Password for the service users
+  displayName: Service Connection Password
+  from: '[a-zA-Z0-9]{16}'
+  generate: expression
+  name: SERVICE_PASSWORD
+  required: true
+- description: Password for the asec user
+  displayName: ASEC password
+  from: '[a-zA-Z0-9]{16}'
+  generate: expression
+  name: ASEC_PASSWORD
+  required: true
+- description: Password for the root users
+  displayName: DB Admin Password
+  from: '[a-zA-Z0-9]{16}'
+  generate: expression
+  name: ROOT_PASSWORD
+  required: true
diff --git a/setup/projects/adei/vars/apps.yml b/setup/projects/adei/vars/apps.yml
index bc4ed1e..5152bde 100644
--- a/setup/projects/adei/vars/apps.yml
+++ b/setup/projects/adei/vars/apps.yml
@@ -1,5 +1,6 @@
 apps:
   mysql:                { provision: true, instantiate: true }
+  asec:                 { provision: true, instantiate: true }
   galera:               { provision: false, instantiate: false }
 #  simple_mysql:        { provision: false, instantiate: false }
   phpmyadmin:           { provision: true, instantiate: true }
diff --git a/setup/projects/adei/vars/asec.yml b/setup/projects/adei/vars/asec.yml
new file mode 100644
index 0000000..b81e8e4
--- /dev/null
+++ b/setup/projects/adei/vars/asec.yml
@@ -0,0 +1,46 @@
+asec:
+  options:
+    delete: false
+
+  pods:
+    asec_master:
+      kind: StatefulSet
+      sa: "adeidb"
+      service: { ports: [ 3306 ] }
+      network: { host: "{{ ands_hostnet_db | default(false) }}" }
+      sched: { replicas: 1, strategy: "Recreate", selector: { hostid: "3" } }
+      groups: [ "adei_asec" ]
+      labels: { 'service': 'asec-mysql' }
+      pvc: { 'asec_master': {} }
+      images:
+        - image: "chsa/mysql:5.7"
+          command: [ "run-mysqld-master" ]
+          env:
+            - { name: "MYSQL_ROOT_PASSWORD", value: "secret@asec/root-password" } 
+            - { name: "MYSQL_USER", value: "asec" }
+            - { name: "MYSQL_USER_PRIV_SUPER", value: "1" }
+            - { name: "MYSQL_PASSWORD", value: "secret@asec/asec-password" } 
+            - { name: "MYSQL_DATABASE", value: "asec" }
+            - { name: "MYSQL_EXTRADB", value: "%" }
+            - { name: "MYSQL_MASTER_USER", value: "replication" }
+            - { name: "MYSQL_MASTER_PASSWORD", value: "secret@asec/service-password" }
+            - { name: "MYSQL_PMA_PASSWORD", value: "secret@adei/pma-password" } 
+            - { name: "MYSQL_MAX_CONNECTIONS", value: "500" }
+            - { name: "MYSQL_INNODB_BUFFER_POOL_SIZE", value: "4G" }
+            - { name: "MYSQL_INNODB_BUFFER_POOL_INSTANCES", value: "8" }
+            - { name: "MYSQL_INNODB_LOG_FILE_SIZE", value: "2G" }
+            - { name: "MYSQL_INNODB_LOG_BUFFER_SIZE", value: "16M" }
+            - { name: "MYSQL_SYNC_BINLOG", value: "0" }
+            - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "25000" }
+            - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "32" }
+            - { name: "MYSQL_INNODB_FLUSH_LOG_TYPE", value: "2" }
+            - { name: "MYSQL_INNODB_FLUSH_METHOD", value: "O_DIRECT" }
+            - { name: "MYSQL_INNODB_FLUSH_LOG_TIMEOUT", value: "300" }
+            - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" }
+#            - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" }
+          mappings: 
+            - { name: "asec_master", mount: "/var/lib/mysql/data" }
+          resources: {  request: { cpu: 1000m, mem: 4Gi }, limit: { cpu: 2000m, mem: 8Gi } }
+          probes:
+            - { type: "liveness", port: 3306 }
+            - { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" }
diff --git a/setup/projects/adei/vars/phpmyadmin.yml b/setup/projects/adei/vars/phpmyadmin.yml
index 7a2bc40..323ea05 100644
--- a/setup/projects/adei/vars/phpmyadmin.yml
+++ b/setup/projects/adei/vars/phpmyadmin.yml
@@ -8,7 +8,7 @@ phpmyadmin:
           env:
             - { name: "DB_SERVICE_HOST", value: "mysql-master.adei.svc.cluster.local" }
             - { name: "DB_SERVICE_PORT", value: "3306" } 
-            - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local" }
+            - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local,asec-master.adei.svc.cluster.local,asec-slave.adei.svc.cluster.local" }
 #            - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
 #            - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" }
           probes:
diff --git a/setup/projects/adei/vars/script.yml b/setup/projects/adei/vars/script.yml
index a767369..7bd935c 100644
--- a/setup/projects/adei/vars/script.yml
+++ b/setup/projects/adei/vars/script.yml
@@ -8,3 +8,5 @@ oc:
   - apps: ".*" 
   - oc: "expose svc/mysql-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name mysql-ingress"
     resource: "svc/mysql-ingress"
+  - oc: "expose svc/asec-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name asec-ingress"
+    resource: "svc/asec-ingress"
diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml
index 1d61230..a17cadb 100644
--- a/setup/projects/adei/vars/volumes.yml
+++ b/setup/projects/adei/vars/volumes.yml
@@ -2,6 +2,7 @@ gids:
   adei: { id: 6001, users: [ 'csa' ]  }
   adei_db: { id: 6002 }
   adei_data: { id: 6003 }
+  adei_asec: { id: 6005 }
 
 volumes:
   adei_host: { volume: "hostraid",  path: "/adei",       write: true }                  # mysql
@@ -14,11 +15,15 @@ volumes:
   adei_tmp:  { volume: "temporary", path: "/adei/tmp",   write: true }                  # per-setup temporary files
   adei_log:  { volume: "temporary", path: "/adei/log",   write: true }                  # per-replica (should be fine) temporary files
 #  adei_db:   { volume: "databases", path: "/adei",       write: true }                  # mysql
+  sync_cfg:  { volume: "openshift", path: "/adei/sync",  write: true }
+
 
 # This is not part of volumes and the permissions should be always provisioned using files on adei_host 'osv'
 local_volumes:
   adei_master:  { volume: "hostraid", path: "/adei/mysql_master",       nodes: [3],            write: true }
   adei_slave:   { volume: "hostraid", path: "/adei/mysql_slave",        nodes: [1, 2],         write: true }
+  asec_master:  { volume: "hostraid", path: "/adei/asec_master",        nodes: [3],            write: true }
+  asec_slave:   { volume: "hostraid", path: "/adei/asec_slave",         nodes: [1, 2],         write: true }
   adei_galera:  { volume: "hostraid", path: "/adei/galera",                                    write: true }
 
 files:
@@ -37,4 +42,7 @@ files:
   - { osv: "adei_host",path: "galera",          state: "directory", group: "adei_db", mode: "02775" }
   - { osv: "adei_host",path: "mysql_master",    state: "directory", group: "adei_db", mode: "02775" }
   - { osv: "adei_host",path: "mysql_slave",     state: "directory", group: "adei_db", mode: "02775" }
+  - { osv: "adei_host",path: "asec_master",     state: "directory", group: "adei_asec", mode: "02775" }
+  - { osv: "adei_host",path: "asec_slave",      state: "directory", group: "adei_asec", mode: "02775" }
+  - { osv: "sync_cfg", path: "asec",            state: "directory", group: "adei_asec", mode: "02775" }
 #  - { osv: "adei_db",  path: "mysql",   state: "directory", group: "adei_db", mode: "02775" }
-- 
cgit v1.2.1