From 8cfc9f315fa03e0779215d5137dc2f12053c820e Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Fri, 5 Apr 2019 03:31:48 +0000
Subject: [PATCH] Manage database creation

---
 README.md                                   |  16 ++-
 ansible/group_vars/all.yaml                 |   4 +
 ansible/roles/create_config/tasks/main.yaml |  34 ++++++
 ansible/roles/deploy_pg/tasks/main.yaml     | 127 ++++++++++++++++++++
 ansible/roles/get_status/tasks/main.yaml    |   9 ++
 ansible/zuul.yaml                           |   3 +
 6 files changed, 189 insertions(+), 4 deletions(-)
 create mode 100644 ansible/roles/deploy_pg/tasks/main.yaml

diff --git a/README.md b/README.md
index bcf6a4e..2916bcd 100644
--- a/README.md
+++ b/README.md
@@ -22,9 +22,19 @@ oc login -u system:admin
 oc project default
 ```
 
-## Install Zookeeper Operator
+## Install Postgress Operator
 
-Perhaps this should be part of the zuul operator
+Follow [install instruction](https://crunchydata.github.io/postgres-operator/stable/installation/),
+basically:
+```
+vi ./pv/crunchy-pv.json  # set volume size and pv number
+oc apply -f ./pv/crunchy-pv.json
+oc apply -f ./deploy/cluster-rbac.yaml
+oc apply -f ./deploy/rbac.yaml
+./deploy/deploy.sh
+```
+
+## Install Zookeeper Operator
 
 ```shell
 oc create -f https://raw.githubusercontent.com/pravega/zookeeper-operator/master/deploy/crds/zookeeper_v1beta1_zookeepercluster_crd.yaml
@@ -32,7 +42,6 @@ oc create -f https://raw.githubusercontent.com/pravega/zookeeper-operator/master
 oc create -f https://raw.githubusercontent.com/pravega/zookeeper-operator/master/deploy/default_ns/operator.yaml
 ```
 
-
 ## Install Zuul Operator
 
 ```shell
@@ -59,7 +68,6 @@ $ oc logs zuul-operator-c64756f66-rbdmg -c operator
 ...
 ```
 
-
 ## Usage
 
 ```
diff --git a/ansible/group_vars/all.yaml b/ansible/group_vars/all.yaml
index f9bbfe6..8f68d92 100644
--- a/ansible/group_vars/all.yaml
+++ b/ansible/group_vars/all.yaml
@@ -30,3 +30,7 @@ zuul_configmap_name: "{{ zuul_cluster_name }}-config"
 
 zk_cluster_name: "{{ zuul_cluster_name }}-zk"
 zk_api_version: "zookeeper.pravega.io/v1beta1"
+
+pg_cluster_name: "{{ zuul_cluster_name }}-pg"
+pg_cr_kind: "Pgcluster"
+pg_api_version: "cr.client-go.k8s.io/v1"
diff --git a/ansible/roles/create_config/tasks/main.yaml b/ansible/roles/create_config/tasks/main.yaml
index fa4129b..efddc83 100644
--- a/ansible/roles/create_config/tasks/main.yaml
+++ b/ansible/roles/create_config/tasks/main.yaml
@@ -1,4 +1,30 @@
 ---
+- name: Create Postgresql Credential
+  when: not zuul_pg_user
+  block:
+    - name: Create k8s secret
+      k8s:
+        state: "{{ state }}"
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            labels:
+              pg-database: "{{ pg_cluster_name }}"
+              app: "{{ zuul_app_name }}"
+              zuul_cluster: "{{ zuul_cluster_name }}"
+            name: "{{ pg_cluster_name }}-zuul-secret"
+            namespace: "{{ namespace }}"
+          type: Opaque
+          data:
+            password: UE5xOEVFVTBxTQ==
+            username: dGVzdHVzZXI=
+    - name: Set fact
+      set_fact:
+        zuul_pg_user:
+          - username: dGVzdHVzZXI=
+            password: UE5xOEVFVTBxTQ==
+
 - name: Create the scheduler configmap
   k8s:
     state: "{{ state }}"
@@ -26,6 +52,10 @@
           [scheduler]
           tenant_config=/etc/zuul/main.yaml
 
+          [connection sqlreporter]
+          driver=sql
+          dburi=postgresql://{{ zuul_pg_user[0]["username"] | b64decode }}:{{ zuul_pg_user[0]["password"] | b64decode }}@{{ pg_cluster_name }}/zuul
+
           {% for connection in connections %}
           [connection {{ connection["name"] }}]
           {% for k, v in connection.items() %}{% if k != "name" %}
@@ -75,6 +105,10 @@
           listen_address=0.0.0.0
           port=9000
 
+          [connection sqlreporter]
+          driver=sql
+          dburi=postgresql://{{ zuul_pg_user[0]["username"] | b64decode }}:{{ zuul_pg_user[0]["password"] | b64decode }}@{{ pg_cluster_name }}/zuul
+
           {% for connection in connections %}
           [connection {{ connection["name"] }}]
           {% for k, v in connection.items() %}{% if k != "name" %}
diff --git a/ansible/roles/deploy_pg/tasks/main.yaml b/ansible/roles/deploy_pg/tasks/main.yaml
new file mode 100644
index 0000000..c7c1c50
--- /dev/null
+++ b/ansible/roles/deploy_pg/tasks/main.yaml
@@ -0,0 +1,127 @@
+- name: Postgresql Secret
+  k8s:
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        labels:
+          pg-database: "{{ pg_cluster_name }}"
+          app: "{{ zuul_app_name }}"
+          zuul_cluster: "{{ zuul_cluster_name }}"
+        name: "{{ pg_cluster_name }}-postgres-secret"
+        namespace: "{{ namespace }}"
+      type: Opaque
+      data:
+        password: M3pBeXpmMThxQg==
+        username: cG9zdGdyZXM=
+
+- name: Postgresql Primary User
+  k8s:
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        labels:
+          pg-database: "{{ pg_cluster_name }}"
+          app: "{{ zuul_app_name }}"
+          zuul_cluster: "{{ zuul_cluster_name }}"
+        name: "{{ pg_cluster_name }}-primaryuser-secret"
+        namespace: "{{ namespace }}"
+      type: Opaque
+      data:
+        password: d0ZvYWlRZFhPTQ==
+        username: cHJpbWFyeXVzZXI=
+
+- name: Postgresql Deployment
+  k8s:
+    definition:
+      apiVersion: "{{ pg_api_version }}"
+      kind: "{{ pg_cr_kind }}"
+      metadata:
+        labels:
+          archive: 'false'
+          archive-timeout: '60'
+          crunchy-pgbadger: 'false'
+          crunchy_collect: 'false'
+          current-primary: "{{ pg_cluster_name }}"
+          deployment-name: "{{ pg_cluster_name }}"
+          name: "{{ pg_cluster_name }}"
+          pg-cluster: "{{ pg_cluster_name }}"
+          pgo-backrest: 'false'
+          pgo-version: 3.5.2
+          primary: 'true'
+          app: "{{ zuul_app_name }}"
+          zuul_cluster: "{{ zuul_cluster_name }}"
+        name: "{{ pg_cluster_name }}"
+        namespace: "{{ namespace }}"
+      spec:
+        ArchiveStorage:
+          accessmode: ''
+          fsgroup: ''
+          matchLabels: ''
+          name: ''
+          size: ''
+          storageclass: ''
+          storagetype: ''
+          supplementalgroups: ''
+        BackrestStorage:
+          accessmode: ReadWriteMany
+          fsgroup: ''
+          matchLabels: ''
+          name: ''
+          size: 1G
+          storageclass: ''
+          storagetype: create
+          supplementalgroups: ''
+        ContainerResources:
+          limitscpu: ''
+          limitsmemory: ''
+          requestscpu: ''
+          requestsmemory: ''
+        PrimaryStorage:
+          accessmode: ReadWriteMany
+          fsgroup: ''
+          matchLabels: ''
+          name: "{{ pg_cluster_name }}"
+          size: 1G
+          storageclass: ''
+          storagetype: create
+          supplementalgroups: ''
+        ReplicaStorage:
+          accessmode: ReadWriteMany
+          fsgroup: ''
+          matchLabels: ''
+          name: ''
+          size: 1G
+          storageclass: ''
+          storagetype: create
+          supplementalgroups: ''
+        backuppath: ''
+        backuppvcname: ''
+        ccpimage: crunchy-postgres
+        ccpimagetag: centos7-11.2-2.3.1
+        clustername: "{{ pg_cluster_name }}"
+        customconfig: ''
+        database: zuul
+        name: "{{ pg_cluster_name }}"
+        nodename: ''
+        policies: ''
+        port: '5432'
+        primaryhost: "{{ pg_cluster_name }}"
+        primarysecretname: "{{ pg_cluster_name }}-primaryuser-secret"
+        replicas: '0'
+        rootsecretname: "{{ pg_cluster_name }}-postgres-secret"
+        secretfrom: ''
+        status: ''
+        strategy: '1'
+        user: zuul
+        userlabels:
+          archive: 'false'
+          archive-timeout: '60'
+          crunchy-pgbadger: 'false'
+          crunchy_collect: 'false'
+          pgo-backrest: 'false'
+          pgo-version: 3.5.2
+        usersecretname: "{{ pg_cluster_name }}-zuul-secret"
+
+- pause:
diff --git a/ansible/roles/get_status/tasks/main.yaml b/ansible/roles/get_status/tasks/main.yaml
index 04ff4eb..aa5ad18 100644
--- a/ansible/roles/get_status/tasks/main.yaml
+++ b/ansible/roles/get_status/tasks/main.yaml
@@ -2,11 +2,20 @@
 - set_fact:
     label_selector_value: "zuul_cluster={{ zuul_cluster_name }},app={{ zuul_app_name }}"
     sched_selector_value: "zuul_cluster={{ zuul_cluster_name }},app={{ zuul_cluster_name }}-scheduler"
+    pg_user_query: "[?metadata.name=='{{ pg_cluster_name }}-zuul-secret'].data"
 
 - name: lookup k8s secrets
   set_fact:
     secrets_lookup: "{{ lookup('k8s', api_version='v1', kind='Secret', namespace=namespace, label_selector=label_selector_value) }}"
 
+- name: lookup pg user
+  set_fact:
+    zuul_pg_user: "{{ secrets_lookup | json_query(pg_user_query) }}"
+
+- name: lookup k8s postgres cr
+  set_fact:
+    pg_cr_lookup: "{{ lookup('k8s', api_version=pg_api_version, kind=pg_cr_kind, namespace=namespace, resource_name=pg_cluster_name) }}"
+
 - name: lookup k8s zookeeper cr
   set_fact:
     zk_cr_lookup: "{{ lookup('k8s', api_version=zk_api_version, kind='ZookeeperCluster', namespace=namespace, resource_name=zk_cluster_name) }}"
diff --git a/ansible/zuul.yaml b/ansible/zuul.yaml
index 6d4356d..6d505f8 100644
--- a/ansible/zuul.yaml
+++ b/ansible/zuul.yaml
@@ -7,6 +7,9 @@
       command: env
     - import_role:
         name: get_status
+    - import_role:
+        name: deploy_pg
+      when: (pg_cr_lookup|length==0)
     - import_role:
         name: deploy_zk
       when: (zk_cr_lookup|length==0)