From bfaeab45974cdba4a71381246fae85e9aa18ff96 Mon Sep 17 00:00:00 2001 From: "Parsons, Cliff (cp769u)" Date: Fri, 17 Jul 2020 22:16:55 +0000 Subject: [PATCH] Fix backup/restore bug for remote backup disabled case Currently, if you try to start an on-demand container using the "utilscli dbutils" command, on a site where remote backup has been disabled, then the on-demand container will get a container create error saying that it cannot read the backup-user secret (which does not get generated when remote backup is disabled). This patchset disables the reading of variables from the backup-user secret (aka, the rgw secret) if remote backup is disabled. Change-Id: I326a5b812f6b13d7dd42f4d3e339ba0d37eef538 --- .../bin/utility/_etcd_ondemand_job.sh.tpl | 19 +++++++++++++++++-- .../bin/utility/_mariadb_ondemand_job.sh.tpl | 19 +++++++++++++++++-- .../bin/utility/_pg_ondemand_job.sh.tpl | 19 +++++++++++++++++-- 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl b/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl index fac5c187..4b557e76 100644 --- a/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl +++ b/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl @@ -8,10 +8,11 @@ if [[ $ETCD_POD_NAMESPACE == "" ]]; then exit 1 fi -export ETCD_RGW_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.rgw_secret }} export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }} export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility) export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d) +ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d) +export ETCD_REMOTE_BACKUP_ENABLED=$(echo $ETCD_REMOTE_BACKUP_ENABLED | sed 's/"//g') if [[ $NODE == "" ]];then echo "Cannot find node to run ondemand job from." @@ -23,7 +24,9 @@ if [[ $ETCD_IMAGE_NAME == "" ]]; then exit 1 fi -cat < $TMP_FILE << EOF --- apiVersion: batch/v1 kind: Job @@ -89,6 +92,11 @@ spec: name: ${ETCD_CONF_SECRET} - name: OS_IDENTITY_API_VERSION value: "3" +EOF + +if $ETCD_REMOTE_BACKUP_ENABLED; then + export ETCD_RGW_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.rgw_secret }} + cat >> $TMP_FILE << EOF - name: OS_AUTH_URL valueFrom: secretKeyRef: @@ -124,6 +132,10 @@ spec: secretKeyRef: name: ${ETCD_RGW_SECRET} key: OS_PASSWORD +EOF +fi + +cat >> $TMP_FILE << EOF volumeMounts: - name: pod-tmp mountPath: /tmp @@ -175,3 +187,6 @@ spec: hostPath: path: /var/lib/etcd EOF + +kubectl create -n $ETCD_POD_NAMESPACE -f $TMP_FILE +rm -rf $TMP_FILE diff --git a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl index dbaa1aba..f6adc645 100644 --- a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl +++ b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl @@ -8,17 +8,20 @@ if [[ $MARIADB_POD_NAMESPACE == "" ]]; then exit 1 fi -export MARIADB_RGW_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.rgw_secret }} export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }} export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility) export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d) +MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d) +export MARIADB_REMOTE_BACKUP_ENABLED=$(echo $MARIADB_REMOTE_BACKUP_ENABLED | sed 's/"//g') if [[ $MARIADB_IMAGE_NAME == "" ]]; then echo "Cannot find the utility image for populating MARIADB_IMAGE_NAME variable." exit 1 fi -cat < $TMP_FILE << EOF --- apiVersion: batch/v1 kind: Job @@ -101,6 +104,11 @@ spec: name: ${MARIADB_CONF_SECRET} - name: OS_IDENTITY_API_VERSION value: "3" +EOF + +if $MARIADB_REMOTE_BACKUP_ENABLED; then + export MARIADB_RGW_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.rgw_secret }} + cat >> $TMP_FILE << EOF - name: OS_AUTH_URL valueFrom: secretKeyRef: @@ -136,6 +144,10 @@ spec: secretKeyRef: name: ${MARIADB_RGW_SECRET} key: OS_PASSWORD +EOF +fi + +cat >> $TMP_FILE << EOF volumeMounts: - name: pod-tmp mountPath: /tmp @@ -176,3 +188,6 @@ spec: persistentVolumeClaim: claimName: mariadb-backup-data EOF + +kubectl create -n $MARIADB_POD_NAMESPACE -f $TMP_FILE +rm -rf $TMP_FILE diff --git a/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl b/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl index 74cb2c5f..93c15d63 100644 --- a/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl +++ b/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl @@ -8,17 +8,20 @@ if [[ $POSTGRESQL_POD_NAMESPACE == "" ]]; then exit 1 fi -export POSTGRESQL_RGW_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.rgw_secret }} export POSTGRESQL_CONF_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.conf_secret }} export POSTGRESQL_IMAGE_NAME=$(kubectl get cronjob -n ucp postgresql-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep postgresql-utility) export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d) +POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d) +export POSTGRESQL_REMOTE_BACKUP_ENABLED=$(echo $POSTGRESQL_REMOTE_BACKUP_ENABLED | sed 's/"//g') if [[ $POSTGRESQL_IMAGE_NAME == "" ]]; then echo "Cannot find the utility image for populating POSTGRESQL_IMAGE_NAME variable." exit 1 fi -cat < $TMP_FILE << EOF --- apiVersion: batch/v1 kind: Job @@ -104,6 +107,11 @@ spec: name: ${POSTGRESQL_CONF_SECRET} - name: OS_IDENTITY_API_VERSION value: "3" +EOF + +if $POSTGRESQL_REMOTE_BACKUP_ENABLED; then + export POSTGRESQL_RGW_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.rgw_secret }} + cat >> $TMP_FILE << EOF - name: OS_AUTH_URL valueFrom: secretKeyRef: @@ -139,6 +147,10 @@ spec: secretKeyRef: name: ${POSTGRESQL_RGW_SECRET} key: OS_PASSWORD +EOF +fi + +cat >> $TMP_FILE << EOF volumeMounts: - name: pod-tmp mountPath: /tmp @@ -180,3 +192,6 @@ spec: persistentVolumeClaim: claimName: postgresql-backup-data EOF + +kubectl create -n $POSTGRESQL_POD_NAMESPACE -f $TMP_FILE +rm -rf $TMP_FILE