Fix backup/restore bug for remote backup disabled case

Currently, if you try to start an on-demand container using the "utilscli dbutils" command, on a site where remote backup has been disabled, then the on-demand container will get a container create error saying that it cannot read the backup-user secret (which does not get generated when remote backup is disabled). This patchset disables the reading of variables from the backup-user secret (aka, the rgw secret) if remote backup is disabled. Change-Id: I326a5b812f6b13d7dd42f4d3e339ba0d37eef538
2020-07-17 22:16:55 +00:00 · 2020-07-17 22:16:55 +00:00 · bfaeab4597
commit bfaeab4597
parent 8be19b8fe4
3 changed files with 51 additions and 6 deletions
--- a/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
+++ b/charts/etcdctl-utility/templates/bin/utility/_etcd_ondemand_job.sh.tpl
@ -8,10 +8,11 @@ if [[ $ETCD_POD_NAMESPACE == "" ]]; then
  exit 1
 fi

-export ETCD_RGW_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.rgw_secret }}
 export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }}
 export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility)
 export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
+ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export ETCD_REMOTE_BACKUP_ENABLED=$(echo $ETCD_REMOTE_BACKUP_ENABLED | sed 's/"//g')

 if [[ $NODE == "" ]];then
  echo "Cannot find node to run ondemand job from."
@ -23,7 +24,9 @@ if [[ $ETCD_IMAGE_NAME == "" ]]; then
  exit 1
 fi

-cat <<EOF | kubectl create -n $ETCD_POD_NAMESPACE -f -
+export TMP_FILE=$(mktemp -p /tmp)
+
+cat > $TMP_FILE << EOF
 ---
 apiVersion: batch/v1
 kind: Job
@ -89,6 +92,11 @@ spec:
                  name: ${ETCD_CONF_SECRET}
            - name: OS_IDENTITY_API_VERSION
              value: "3"
+EOF
+
+if $ETCD_REMOTE_BACKUP_ENABLED; then
+  export ETCD_RGW_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.rgw_secret }}
+  cat >> $TMP_FILE << EOF
            - name: OS_AUTH_URL
              valueFrom:
                secretKeyRef:
@ -124,6 +132,10 @@ spec:
                secretKeyRef:
                  name: ${ETCD_RGW_SECRET}
                  key: OS_PASSWORD
+EOF
+fi
+
+cat >> $TMP_FILE << EOF
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
@ -175,3 +187,6 @@ spec:
          hostPath:
            path: /var/lib/etcd
 EOF
+
+kubectl create -n $ETCD_POD_NAMESPACE -f $TMP_FILE
+rm -rf $TMP_FILE
--- a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
+++ b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl
@ -8,17 +8,20 @@ if [[ $MARIADB_POD_NAMESPACE == "" ]]; then
  exit 1
 fi

-export MARIADB_RGW_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.rgw_secret }}
 export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }}
 export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility)
 export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
+MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export MARIADB_REMOTE_BACKUP_ENABLED=$(echo $MARIADB_REMOTE_BACKUP_ENABLED | sed 's/"//g')

 if [[ $MARIADB_IMAGE_NAME == "" ]]; then
  echo "Cannot find the utility image for populating MARIADB_IMAGE_NAME variable."
  exit 1
 fi

-cat <<EOF | kubectl create -n $MARIADB_POD_NAMESPACE -f -
+export TMP_FILE=$(mktemp -p /tmp)
+
+cat > $TMP_FILE << EOF
 ---
 apiVersion: batch/v1
 kind: Job
@ -101,6 +104,11 @@ spec:
                  name: ${MARIADB_CONF_SECRET}
            - name: OS_IDENTITY_API_VERSION
              value: "3"
+EOF
+
+if $MARIADB_REMOTE_BACKUP_ENABLED; then
+  export MARIADB_RGW_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.rgw_secret }}
+  cat >> $TMP_FILE << EOF
            - name: OS_AUTH_URL
              valueFrom:
                secretKeyRef:
@ -136,6 +144,10 @@ spec:
                secretKeyRef:
                  name: ${MARIADB_RGW_SECRET}
                  key: OS_PASSWORD
+EOF
+fi
+
+cat >> $TMP_FILE << EOF
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
@ -176,3 +188,6 @@ spec:
          persistentVolumeClaim:
            claimName: mariadb-backup-data
 EOF
+
+kubectl create -n $MARIADB_POD_NAMESPACE -f $TMP_FILE
+rm -rf $TMP_FILE
--- a/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
+++ b/charts/postgresql-utility/templates/bin/utility/_pg_ondemand_job.sh.tpl
@ -8,17 +8,20 @@ if [[ $POSTGRESQL_POD_NAMESPACE == "" ]]; then
  exit 1
 fi

-export POSTGRESQL_RGW_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.rgw_secret }}
 export POSTGRESQL_CONF_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.conf_secret }}
 export POSTGRESQL_IMAGE_NAME=$(kubectl get cronjob -n ucp postgresql-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep postgresql-utility)
 export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
+POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
+export POSTGRESQL_REMOTE_BACKUP_ENABLED=$(echo $POSTGRESQL_REMOTE_BACKUP_ENABLED | sed 's/"//g')

 if [[ $POSTGRESQL_IMAGE_NAME == "" ]]; then
  echo "Cannot find the utility image for populating POSTGRESQL_IMAGE_NAME variable."
  exit 1
 fi

-cat <<EOF | kubectl create -n $POSTGRESQL_POD_NAMESPACE -f -
+export TMP_FILE=$(mktemp -p /tmp)
+
+cat > $TMP_FILE << EOF
 ---
 apiVersion: batch/v1
 kind: Job
@ -104,6 +107,11 @@ spec:
                  name: ${POSTGRESQL_CONF_SECRET}
            - name: OS_IDENTITY_API_VERSION
              value: "3"
+EOF
+
+if $POSTGRESQL_REMOTE_BACKUP_ENABLED; then
+  export POSTGRESQL_RGW_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.rgw_secret }}
+  cat >> $TMP_FILE << EOF
            - name: OS_AUTH_URL
              valueFrom:
                secretKeyRef:
@ -139,6 +147,10 @@ spec:
                secretKeyRef:
                  name: ${POSTGRESQL_RGW_SECRET}
                  key: OS_PASSWORD
+EOF
+fi
+
+cat >> $TMP_FILE << EOF
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
@ -180,3 +192,6 @@ spec:
          persistentVolumeClaim:
            claimName: postgresql-backup-data
 EOF
+
+kubectl create -n $POSTGRESQL_POD_NAMESPACE -f $TMP_FILE
+rm -rf $TMP_FILE