This repository has been archived by the owner on Aug 9, 2024. It is now read-only.
forked from appuio/dbaas-mariadb-apb
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from amazeeio/read-only-replica
Read replica support
- Loading branch information
Showing
5 changed files
with
278 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
#!/usr/bin/env bash | ||
set -euo pipefail | ||
set -x | ||
|
||
if [[ -z "$KUBECONFIG" ]] || [[ $(realpath "$KUBECONFIG") = $(realpath "$HOME/.kube/config") ]]; then | ||
echo -e '\nThis script runs oc commands, and you are using the global ~/.kube/config.' \ | ||
'If you are okay with this, hit enter to confirm.' \ | ||
'Or use an alternative $KUBECONFIG.\n'\ | ||
'e.g. export KUBECONFIG=$(mktemp --tmpdir kubeconfig.XXXXXXXX)\n' | ||
read | ||
fi | ||
|
||
# start minishift with the appropriate components | ||
minishift start --cpus=4 --memory=8GB | ||
minishift openshift component add service-catalog | ||
minishift openshift component add automation-service-broker | ||
|
||
# give developer cluster-admin for apb builds/installs | ||
oc login -u system:admin | ||
oc adm policy add-cluster-role-to-user cluster-admin developer | ||
oc login -u developer | ||
# perform build | ||
oc new-build -n openshift --binary=true --name dbaas-mariadb-apb | ||
oc start-build -n openshift --follow --from-dir . dbaas-mariadb-apb | ||
|
||
# wait for ASB to be deployed | ||
while oc get pod -n openshift-automation-service-broker | grep deploy > /dev/null; do | ||
sleep 5 | ||
done | ||
|
||
# notify the broker to search for available APBs | ||
# this executes asynchronously and may take a minute to finish | ||
while ! apb --kubeconfig="$KUBECONFIG" broker bootstrap; do | ||
sleep 5 | ||
done | ||
# verify that the broker found the new APB | ||
while ! apb --kubeconfig="$KUBECONFIG" broker catalog | grep dbaas-mariadb; do | ||
sleep 5 | ||
done | ||
# notify the service catalog web UI to update its catalog | ||
apb --kubeconfig="$KUBECONFIG" catalog relist | ||
|
||
# install the mariadb cluster | ||
export TILLER_NAMESPACE=tiller | ||
oc new-project $TILLER_NAMESPACE | ||
export HELM_VERSION=v2.14.3 # get this from: helm -c --short | ||
oc process -f https://github.com/openshift/origin/raw/master/examples/helm/tiller-template.yaml -p TILLER_NAMESPACE="${TILLER_NAMESPACE}" -p HELM_VERSION="${HELM_VERSION}" | oc create -f - | ||
while ! oc get pod -n tiller | grep '1/1'; do | ||
sleep 5 | ||
done | ||
oc new-project mariadb-cluster | ||
oc adm policy add-scc-to-user anyuid -z default | ||
oc policy add-role-to-user cluster-admin "system:serviceaccount:${TILLER_NAMESPACE}:tiller" | ||
helm install --name dbcluster stable/mariadb | ||
|
||
# bind the secrets into deployment pods | ||
updatedBrokerConfig=$( | ||
# get the current configmap | ||
oc -n openshift-automation-service-broker get cm broker-config -o json --export | | ||
# pull out the broker-config field, which is raw YAML | ||
jq -r '.data."broker-config"' | | ||
# translate this YAML to JSON | ||
ruby -ryaml -rjson -e 'puts YAML.load(ARGF).to_json' | | ||
# append the secrets config to this JSON | ||
jq '. += {secrets: [{title: "DBaaS database credentials", secret: "lagoon-dbaas-db-credentials", apb_name: "localregistry-dbaas-mariadb-apb"}]}' | | ||
# convert back to YAML | ||
ruby -ryaml -rjson -e 'puts JSON.load(ARGF).to_yaml' | | ||
# escape the double quotes in preparation for insertion back into the configmap | ||
sed 's/"/\\"/g' | ||
) | ||
# replace the existing configmap with the new one containing the secrets binding | ||
oc -n openshift-automation-service-broker get cm broker-config -o json --export | jq -r ".data.\"broker-config\" = \"$updatedBrokerConfig\"" | oc -n openshift-automation-service-broker replace -f - | ||
# rollout the service with the new configmap | ||
oc -n openshift-automation-service-broker rollout latest dc/openshift-automation-service-broker | ||
# wait on the rollout | ||
oc -n openshift-automation-service-broker rollout status dc/openshift-automation-service-broker | ||
|
||
mariadb_root_password=$(oc -n mariadb-cluster get secret dbcluster-mariadb -o json | jq -r '.data."mariadb-root-password"' | base64 -d) | ||
|
||
# insert the required secrets into the right place | ||
oc -n openshift-automation-service-broker apply -f - <<EOF | ||
--- | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: lagoon-dbaas-db-credentials | ||
type: Opaque | ||
stringData: | ||
production_mariadb_hostname: dbcluster-mariadb.mariadb-cluster.svc.cluster.local | ||
production_mariadb_readreplica_hostname: dbcluster-mariadb.mariadb-cluster.svc.cluster.local | ||
production_mariadb_password: $mariadb_root_password | ||
production_mariadb_port: '3306' | ||
production_mariadb_user: root | ||
development_mariadb_hostname: dbcluster-mariadb.mariadb-cluster.svc.cluster.local | ||
development_mariadb_readreplica_hostname: dbcluster-mariadb.mariadb-cluster.svc.cluster.local | ||
development_mariadb_password: $mariadb_root_password | ||
development_mariadb_port: '3306' | ||
development_mariadb_user: root | ||
EOF | ||
|
||
# switch back to myproject | ||
oc project myproject |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
#!/usr/bin/env bats | ||
|
||
provision() { | ||
run svcat provision test-dbaas \ | ||
--class localregistry-dbaas-mariadb-apb \ | ||
--plan $1 \ | ||
--wait | ||
echo "$output" | ||
[[ $status -eq 0 ]] | ||
} | ||
|
||
bind() { | ||
run svcat bind test-dbaas \ | ||
--name test-dbaas-binding \ | ||
--secret-name test-dbaas-secret \ | ||
--wait | ||
echo "$output" | ||
[[ $status -eq 0 ]] | ||
} | ||
|
||
check_secret() { | ||
run bash -c ' | ||
set -euo pipefail | ||
data=$(oc get secret test-dbaas-secret -o json --export | jq -e ".data") | ||
echo Secret data: | ||
echo "$data" | ||
echo "$data" | jq -e "select( | ||
.DB_HOST? and | ||
.DB_READREPLICA_HOST? and | ||
.DB_NAME? and | ||
.DB_PASSWORD? and | ||
.DB_PORT? and | ||
.DB_TYPE? and | ||
.DB_USER? | ||
)" | ||
' | ||
echo "$output" | ||
[[ $status -eq 0 ]] | ||
} | ||
|
||
unbind() { | ||
run svcat unbind test-dbaas \ | ||
--wait | ||
echo "$output" | ||
[[ $status -eq 0 ]] | ||
} | ||
|
||
deprovision() { | ||
run svcat deprovision test-dbaas \ | ||
--wait | ||
echo "$output" | ||
[[ $status -eq 0 ]] | ||
} | ||
|
||
@test "provision a service (development)" { | ||
provision development | ||
} | ||
|
||
@test "bind the secret (development)" { | ||
bind | ||
} | ||
|
||
@test "check the contents of the secret (development)" { | ||
check_secret | ||
} | ||
|
||
@test "unbind the secret (development)" { | ||
unbind | ||
} | ||
|
||
@test "deprovision the service (development)" { | ||
deprovision | ||
} | ||
|
||
@test "provision a service (production)" { | ||
provision production | ||
} | ||
|
||
@test "bind the secret (production)" { | ||
bind | ||
} | ||
|
||
@test "check the contents of the secret (production)" { | ||
check_secret | ||
} | ||
|
||
@test "unbind the secret (production)" { | ||
unbind | ||
} | ||
|
||
@test "deprovision the service (production)" { | ||
deprovision | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters