airship/porthole
Code Issues Proposed changes

Fix backup/restore bug for remote backup disabled case

Browse Source 
Currently, if you try to start an on-demand container using the
"utilscli dbutils" command, on a site where remote backup has been
disabled, then the on-demand container will get a container create error
saying that it cannot read the backup-user secret (which does not get
generated when remote backup is disabled).

This patchset disables the reading of variables from the backup-user
secret (aka, the rgw secret) if remote backup is disabled.

Change-Id: I326a5b812f6b13d7dd42f4d3e339ba0d37eef538
This commit is contained in:
Parsons, Cliff (cp769u) 2020-07-17 22:16:55 +00:00
parent 8be19b8fe4
commit bfaeab4597
3 changed files with 51 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
View File

@ -8,10 +8,11 @@ if [[ $ETCD_POD_NAMESPACE == "" ]]; then
exit 1 exit 1
fi fi
export ETCD_RGW_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.rgw_secret }}
export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }} export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }}
export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility) export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility)
export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d) export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
export ETCD_REMOTE_BACKUP_ENABLED=$(echo $ETCD_REMOTE_BACKUP_ENABLED | sed 's/"//g')
if [[ $NODE == "" ]];then if [[ $NODE == "" ]];then
echo "Cannot find node to run ondemand job from." echo "Cannot find node to run ondemand job from."
@ -23,7 +24,9 @@ if [[ $ETCD_IMAGE_NAME == "" ]]; then
exit 1 exit 1
fi fi
cat <<EOF | kubectl create -n $ETCD_POD_NAMESPACE -f - export TMP_FILE=$(mktemp -p /tmp)
cat > $TMP_FILE << EOF
--- ---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -89,6 +92,11 @@ spec:
name: ${ETCD_CONF_SECRET} name: ${ETCD_CONF_SECRET}
- name: OS_IDENTITY_API_VERSION - name: OS_IDENTITY_API_VERSION
value: "3" value: "3"
EOF
if $ETCD_REMOTE_BACKUP_ENABLED; then
export ETCD_RGW_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.rgw_secret }}
cat >> $TMP_FILE << EOF
- name: OS_AUTH_URL - name: OS_AUTH_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -124,6 +132,10 @@ spec:
secretKeyRef: secretKeyRef:
name: ${ETCD_RGW_SECRET} name: ${ETCD_RGW_SECRET}
key: OS_PASSWORD key: OS_PASSWORD
EOF
fi
cat >> $TMP_FILE << EOF
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
@ -175,3 +187,6 @@ spec:
hostPath: hostPath:
path: /var/lib/etcd path: /var/lib/etcd
EOF EOF
kubectl create -n $ETCD_POD_NAMESPACE -f $TMP_FILE
rm -rf $TMP_FILE

19
charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
View File

@ -8,17 +8,20 @@ if [[ $MARIADB_POD_NAMESPACE == "" ]]; then
exit 1 exit 1
fi fi
export MARIADB_RGW_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.rgw_secret }}
export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }} export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }}
export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility) export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility)
export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d) export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
export MARIADB_REMOTE_BACKUP_ENABLED=$(echo $MARIADB_REMOTE_BACKUP_ENABLED | sed 's/"//g')
if [[ $MARIADB_IMAGE_NAME == "" ]]; then if [[ $MARIADB_IMAGE_NAME == "" ]]; then
echo "Cannot find the utility image for populating MARIADB_IMAGE_NAME variable." echo "Cannot find the utility image for populating MARIADB_IMAGE_NAME variable."
exit 1 exit 1
fi fi
cat <<EOF | kubectl create -n $MARIADB_POD_NAMESPACE -f - export TMP_FILE=$(mktemp -p /tmp)
cat > $TMP_FILE << EOF
--- ---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -101,6 +104,11 @@ spec:
name: ${MARIADB_CONF_SECRET} name: ${MARIADB_CONF_SECRET}
- name: OS_IDENTITY_API_VERSION - name: OS_IDENTITY_API_VERSION
value: "3" value: "3"
EOF
if $MARIADB_REMOTE_BACKUP_ENABLED; then
export MARIADB_RGW_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.rgw_secret }}
cat >> $TMP_FILE << EOF
- name: OS_AUTH_URL - name: OS_AUTH_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -136,6 +144,10 @@ spec:
secretKeyRef: secretKeyRef:
name: ${MARIADB_RGW_SECRET} name: ${MARIADB_RGW_SECRET}
key: OS_PASSWORD key: OS_PASSWORD
EOF
fi
cat >> $TMP_FILE << EOF
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
@ -176,3 +188,6 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: mariadb-backup-data claimName: mariadb-backup-data
EOF EOF
kubectl create -n $MARIADB_POD_NAMESPACE -f $TMP_FILE
rm -rf $TMP_FILE

19
charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
View File

@ -8,17 +8,20 @@ if [[ $POSTGRESQL_POD_NAMESPACE == "" ]]; then
exit 1 exit 1
fi fi
export POSTGRESQL_RGW_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.rgw_secret }}
export POSTGRESQL_CONF_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.conf_secret }} export POSTGRESQL_CONF_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.conf_secret }}
export POSTGRESQL_IMAGE_NAME=$(kubectl get cronjob -n ucp postgresql-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep postgresql-utility) export POSTGRESQL_IMAGE_NAME=$(kubectl get cronjob -n ucp postgresql-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep postgresql-utility)
export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d) export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
export POSTGRESQL_REMOTE_BACKUP_ENABLED=$(echo $POSTGRESQL_REMOTE_BACKUP_ENABLED | sed 's/"//g')
if [[ $POSTGRESQL_IMAGE_NAME == "" ]]; then if [[ $POSTGRESQL_IMAGE_NAME == "" ]]; then
echo "Cannot find the utility image for populating POSTGRESQL_IMAGE_NAME variable." echo "Cannot find the utility image for populating POSTGRESQL_IMAGE_NAME variable."
exit 1 exit 1
fi fi
cat <<EOF | kubectl create -n $POSTGRESQL_POD_NAMESPACE -f - export TMP_FILE=$(mktemp -p /tmp)
cat > $TMP_FILE << EOF
--- ---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -104,6 +107,11 @@ spec:
name: ${POSTGRESQL_CONF_SECRET} name: ${POSTGRESQL_CONF_SECRET}
- name: OS_IDENTITY_API_VERSION - name: OS_IDENTITY_API_VERSION
value: "3" value: "3"
EOF
if $POSTGRESQL_REMOTE_BACKUP_ENABLED; then
export POSTGRESQL_RGW_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.rgw_secret }}
cat >> $TMP_FILE << EOF
- name: OS_AUTH_URL - name: OS_AUTH_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -139,6 +147,10 @@ spec:
secretKeyRef: secretKeyRef:
name: ${POSTGRESQL_RGW_SECRET} name: ${POSTGRESQL_RGW_SECRET}
key: OS_PASSWORD key: OS_PASSWORD
EOF
fi
cat >> $TMP_FILE << EOF
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
@ -180,3 +192,6 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: postgresql-backup-data claimName: postgresql-backup-data
EOF EOF
kubectl create -n $POSTGRESQL_POD_NAMESPACE -f $TMP_FILE
rm -rf $TMP_FILE