diff options
Diffstat (limited to 'setup')
| -rw-r--r-- | setup/projects/adei/files/adei_init/mysql/adei.sql | 1 | ||||
| -rw-r--r-- | setup/projects/adei/files/adei_init/mysql/initdb.sh | 16 | ||||
| -rw-r--r-- | setup/projects/adei/files/adei_init/mysql/pma.sql | 17 | ||||
| -rw-r--r-- | setup/projects/adei/templates/01-secret.yml.j2 | 26 | ||||
| -rw-r--r-- | setup/projects/adei/vars/globals.yml | 25 | ||||
| -rw-r--r-- | setup/projects/adei/vars/pods.yml | 19 | ||||
| -rw-r--r-- | setup/projects/adei/vars/secrets.yml | 6 | ||||
| -rw-r--r-- | setup/projects/adei/vars/volumes.yml | 1 |
8 files changed, 93 insertions, 18 deletions
diff --git a/setup/projects/adei/files/adei_init/mysql/adei.sql b/setup/projects/adei/files/adei_init/mysql/adei.sql new file mode 100644 index 0000000..a17fcfe --- /dev/null +++ b/setup/projects/adei/files/adei_init/mysql/adei.sql @@ -0,0 +1 @@ +GRANT ALL ON `adei_%`.* TO 'adei'@'%'; diff --git a/setup/projects/adei/files/adei_init/mysql/initdb.sh b/setup/projects/adei/files/adei_init/mysql/initdb.sh new file mode 100644 index 0000000..f877520 --- /dev/null +++ b/setup/projects/adei/files/adei_init/mysql/initdb.sh @@ -0,0 +1,16 @@ +( + dir=$(dirname $0) + cd $dir + + # Waiting until server is initialized + e=1 + while [ $e -ne 0 ]; do + sleep 5 + MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' + e=$? + done + + + cat adei.sql | awk "{ gsub(/@PWD@/, \"$PMA_PASSWORD\"); print }" | MYSQL_PWD="$MYSQL_ROOT_PASSWORD" mysql -u root -h $HOSTNAME + #cat pma.sql | awk "{ gsub(/@PWD@/, \"$PMA_PASSWORD\"); print }" | MYSQL_PWD="$MYSQL_ROOT_PASSWORD" mysql -u root -h $HOSTNAME +) diff --git a/setup/projects/adei/files/adei_init/mysql/pma.sql b/setup/projects/adei/files/adei_init/mysql/pma.sql new file mode 100644 index 0000000..884284f --- /dev/null +++ b/setup/projects/adei/files/adei_init/mysql/pma.sql @@ -0,0 +1,17 @@ +GRANT ALL ON `adei_%`.* TO 'adei'@'%'; + +CREATE USER IF NOT EXISTS 'pma'@'%' IDENTIFIED BY '@PWD@'; +ALTER USER 'pma'@'%' IDENTIFIED BY '@PWD@'; + +GRANT USAGE ON mysql.* TO 'pma'@'%'; +GRANT SELECT ( +Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv, +Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, +File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, +Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, +Execute_priv, Repl_slave_priv, Repl_client_priv +) ON mysql.user TO 'pma'@'%'; +GRANT SELECT ON mysql.db TO 'pma'@'%'; +#GRANT SELECT ON mysql.host TO 'pma'@'%'; +GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'%'; diff --git a/setup/projects/adei/templates/01-secret.yml.j2 b/setup/projects/adei/templates/01-secret.yml.j2 new file mode 100644 index 0000000..f310ec9 --- /dev/null +++ b/setup/projects/adei/templates/01-secret.yml.j2 @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Template +metadata: + name: adei-build + labels: + app: adei + annotations: + descriptions: "ADEI Secrets" +objects: +- apiVersion: v1 + kind: Secret + metadata: + annotations: + template.openshift.io/expose-adei_password: '{.data[''adei-password'']}' + template.openshift.io/expose-pma_password: '{.data[''pma-password'']}' + name: adei + stringData: + adei-password: "{{ kaas_project_config.adei_password }}" + pma-password: "${PMA_PASSWORD}" +parameters: +- description: Password for the PMA connection user. + displayName: PMA Connection Password + from: '[a-zA-Z0-9]{16}' + generate: expression + name: PMA_PASSWORD + required: true diff --git a/setup/projects/adei/vars/globals.yml b/setup/projects/adei/vars/globals.yml index 72262e5..21f4db1 100644 --- a/setup/projects/adei/vars/globals.yml +++ b/setup/projects/adei/vars/globals.yml @@ -12,9 +12,12 @@ adei_pod_env: - name: "MYSQL_USER" value: "adei" - name: "MYSQL_PASSWORD" - value: "adei" + valueFrom: + secretKeyRef: + name: "adei" + key: "adei-password" - name: "MYSQL_DATABASE" - value: "adei" + value: "adei_${setup}" - name: "ADEI_PORTS" value: "8080" - name: "ADEI_ENABLED_SETUPS" @@ -165,17 +168,17 @@ adei_frontends: vols: "{{ adei_pod_vols }}" mounts: "{{ adei_dbg_mounts | union(adei_pod_mounts) }}" groups: [ "adei" ] - enabled: false configure: true + enabled: true logs: name: "adei-${setup}-logs" node: "adei-${setup}-logs.{{ adei_domain }}" - replicas: "${enabled_logs}" + replicas: "${enable_logs}" env: "{{ adei_pod_env | union(adei_log_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" groups: [ "adei" ] - enabled: false + enabled: true cacher: name: "adei-${setup}-cacher" replicas: "${cache_replicas}" @@ -188,21 +191,21 @@ adei_frontends: archive_cacher: name: "adei-${setup}-archive-cacher" replicas: "1" - cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh -m archive" ] + cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh", "-m", "archive" ] env: "{{ adei_pod_env | union(adei_arc_cache_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" groups: [ "adei" ] - enabled: false + enabled: true log_cacher: name: "adei-${setup}-log-cacher" - replicas: "${enabled_logs}" + replicas: "${enable_logs}" cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh" ] env: "{{ adei_pod_env | union(adei_log_cache_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" groups: [ "adei" ] - enabled: false + enabled: true update: name: "adei-${setup}-update" cron: "${update_schedule}" @@ -220,7 +223,7 @@ adei_frontends: vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" groups: [ "adei" ] - enabled: false + enabled: true clean: name: "adei-${setup}-clean" cron: "${clean_schedule}" @@ -229,4 +232,4 @@ adei_frontends: vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" groups: [ "adei" ] - enabled: false + enabled: true diff --git a/setup/projects/adei/vars/pods.yml b/setup/projects/adei/vars/pods.yml index c0b943c..5278c44 100644 --- a/setup/projects/adei/vars/pods.yml +++ b/setup/projects/adei/vars/pods.yml @@ -5,16 +5,23 @@ pods: selector: { master: 1 } groups: [ "adei_db" ] images: - - image: "openshift/mysql-56-centos7" + - image: "centos/mysql-57-centos7" env: - { name: "MYSQL_USER", value: "adei" } - - { name: "MYSQL_PASSWORD", value: "adei" } + - { name: "MYSQL_PASSWORD", value: "secret@adei/adei-password" } + - { name: "MYSQL_ROOT_PASSWORD", value: "secret@adei/adei-password" } - { name: "MYSQL_DATABASE", value: "adei" } + - { name: "PMA_PASSWORD", value: "secret@adei/pma-password" } mappings: - - { name: "adei_etc", path: "mysql", mount: "/etc/mysql" } + - { name: "adei_init", mount: "/var/lib/init" } - { name: "adei_db", path: "mysql", mount: "/var/lib/mysql/data" } probes: - { port: 3306 } +# - { type: "liveness", port: 3306 } +# - { type: "readiness", command: [/bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE, -e 'SELECT 1'] } + hooks: + - { type: "postStart", command: [ "/bin/bash", "/var/lib/init/mysql/initdb.sh" ] } + phpmyadmin: service: { host: "phpmyadmin.{{ openshift_master_default_subdomain }}", ports: [ 80/8080 ] } sched: { replicas: 1 } @@ -23,14 +30,12 @@ pods: env: - { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" } - { name: "DB_SERVICE_PORT", value: "3306" } - - { name: "DB_SERVICE_CONTROL_USER", value: "pma" } - - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "adei" } +# - { name: "DB_SERVICE_CONTROL_USER", value: "pma" } +# - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" } - { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" } probes: - { port: 8080, path: '/' } - - #oc: # - template: "[0-3]*" # - template: "[4-6]*" diff --git a/setup/projects/adei/vars/secrets.yml b/setup/projects/adei/vars/secrets.yml new file mode 100644 index 0000000..09d7404 --- /dev/null +++ b/setup/projects/adei/vars/secrets.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +34353236316663633066306139633563623564323261343039346536333934656263343539376138 +3439306637386530373339396638613965383265366633390a343837383862353965393361366432 +39356537356430393232616332336366643138653931633738353938653334613165326263346566 +3139323437346663660a633665303662666237616665383564636639323763383335373538306533 +62616134363866353565323237353334653331373665636664636366643336613137 diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml index 3a0fe4d..69d291c 100644 --- a/setup/projects/adei/vars/volumes.yml +++ b/setup/projects/adei/vars/volumes.yml @@ -1,4 +1,5 @@ volumes: + adei_init: { volume: "openshift", path: "/adei/init" } # mysql adei_etc: { volume: "openshift", path: "/adei/etc" } # mysql adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links) adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup) |