/
README.cloud.gov
138 lines (82 loc) · 4.96 KB
/
README.cloud.gov
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
foo
cf target -o doi-onrr -s dev # unnecessary login will prompt you for org ans space
# Login
cf login -a api.fr.cloud.gov --sso
#create hasura one time set up doesn't need to be done again.
cf set-space-role mojo.nichols@onrr.gov doi-onrr dev SpaceDeveloper
cf create-service aws-rds medium-psql onrr-psql
cf services
# sandbox or dev or prod-a or prod-b
export DB_ENV=sandbox && export DB_PORT=7222 || export DB_ENV=dev && export DB_PORT=7223 || export DB_ENV=nrrd-a && export DB_PORT=7724 || export DB_ENV=nrrd-b && export DB_PORT=7725
# README doesn't show how to get DATABASE URL or PORT - This is because we put these in config of hasura and then on the next step (bind-service they get crated.
cf push hasura-$DB_ENV -c 'graphql-engine --database-url $DATABASE_URL serve --server-port $PORT' --docker-image hasura/graphql-engine:v1.2.2 --health-check-type none --no-start
cf bind-service hasura-$DB_ENV $DB_ENV-psql
cf set-env hasura-$DB_ENV HASURA_GRAPHQL_ADMIN_SECRET' 'SUPER SECRET PASSWORD THAT IS NOT THIS'
cf start hasura-$DB_ENV
cf set-env hasura-$DB_ENV HASURA_GRAPHQL_ENABLE_CONSOLE true
cf set-env hasura-$DB_ENV HASURA_GRAPHQL_UNAUTHORIZED_ROLE public
cf restage hasura-$DB_ENV
cf env hasura-$DB_ENV # to see the password for our Hasura instance!
#DB maintaince.
# Choose DB environment:
# 1) dev
# 2) sandbox
# 3) prod
#create tunnel to postgres to run node scripts against it. The exported variables can be put into login init so that this doesn't have to be done each time.
myapp_guid=$(cf app --guid hasura-$DB_ENV)
creds=$(cf curl /v2/apps/$myapp_guid/env | jq -r '[.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .username, .password] | join(":")')\n
dbname=$(cf curl /v2/apps/$myapp_guid/env | jq -r '.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .db_name')\n
tunnel=$(cf curl /v2/apps/$myapp_guid/env | jq -r '[.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .host, .port] | join(":")')
cf ssh -N -L $DB_PORT:$tunnel hasura-$DB_ENV
#Leave ssh tunnel running open new terminal
myapp_guid=$(cf app --guid hasura-$DB_ENV)
creds=$(cf curl /v2/apps/$myapp_guid/env | jq -r '[.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .username, .password] | join(":")')
dbname=$(cf curl /v2/apps/$myapp_guid/env | jq -r '.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .db_name')
psql postgres://$creds@localhost:$DB_PORT/$dbname
echo $creds # username:password
#export DB_USER=<username>
#export DB_PASSWORD=<password>
echo $creds # username:password
export DB_USER=<username>
export DB_PASSWORD=<password>
export DB_USER=`echo -n $creds | cut -d: -f1`
export DB_PASSWORD=`echo -n $creds | cut -d: -f2`
export DB_DATABASE=$dbname
export DB_HOST=localhost
#
# trouble shooting...
cf logs <APP_NAME> --recent
cf env $DB_ENV
#you must restage if you drop schema
#BACK UP Restoring from database:
# in this example port 7222 has tunnel to psql-sandbox (source)
# port 7223 has port to psql-onrr (target)
export DATE=`date +'%F_%T'`
pg_dump postgres://$creds@localhost:$DB_PORT/$dbname -F t -f psql-backup.$DATE.pg
#drop existing db I'm not sure this is required in all cases
psql postgres://$creds@localhost:7223/$dbname
cgawsbr...od8py3w7sukk91mnq=> drop owned by current_user cascade;
cgawsbr...od8py3w7sukk91mnq=> create schema public;
cgawsbr...od8py3w7sukk91mnq=> quit
$time pg_restore --user=$DB_USER --port=$DB_PORT --host=$DB_HOST --clean --no-owner --no-acl --dbname=$DB_DATABASE psql-backup.$DATE.pg
Password: <ENTER PASSWORD>
.....
# New objects won't be seen by hasura so if new objects be sure to restage:
cf restage hasura-$DB_ENV (where we are in the shell configure for hasura-onrr
update location set fips_code=concat('0',fips_code) where length(fips_code)=4
#recover if hassura keeps crashing
export DB_ENV=<db_env to recover> && export DB_PORT=7726
cf push hasura-recover -f manifest.staging.yml
cf bind-service hasura-recover $DB_ENV-psql
#create tunnel to postgres to run node scripts against it. The exported variables can be put into login init so that this doesn't have to be done each time.
myapp_guid=$(cf app --guid hasura-recover)
creds=$(cf curl /v2/apps/$myapp_guid/env | jq -r '[.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .username, .password] | join(":")')\n
dbname=$(cf curl /v2/apps/$myapp_guid/env | jq -r '.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .db_name')\n
tunnel=$(cf curl /v2/apps/$myapp_guid/env | jq -r '[.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .host, .port] | join(":")')
cf ssh -N -L $DB_PORT:$tunnel hasura-recover
#Leave ssh tunnel running open new terminal
myapp_guid=$(cf app --guid hasura-recover)
creds=$(cf curl /v2/apps/$myapp_guid/env | jq -r '[.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .username, .password] | join(":")')
dbname=$(cf curl /v2/apps/$myapp_guid/env | jq -r '.system_env_json.VCAP_SERVICES."aws-rds"[0].credentials | .db_name')
psql postgres://$creds@localhost:$DB_PORT/$dbname
# do repairs here or restore see above