Skip to content

Commit

Permalink
DB container improvements
Browse files Browse the repository at this point in the history 
List of improvements:
- Use Secrets for SSL and DB credentials
- Add DB container support to uninstall, start, stop, restart and status
- Cleanup the setup from the now unneeded parameters
  • Loading branch information
@cbosdo
cbosdo committed Mar 4, 2025
1 parent 6ee2c0a commit f46f7fa
Show file tree
Hide file tree
Showing 68 changed files with 310 additions and 320 deletions.
2 changes: 1 addition & 1 deletion mgradm/cmd/inspect/kubernetes.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/install/kubernetes/kubernetes.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/install/kubernetes/kubernetes_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
3 changes: 1 addition & 2 deletions mgradm/cmd/install/podman/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down Expand Up @@ -37,7 +37,6 @@ NOTE: installing on a remote podman is not supported yet!
flags.ServerFlags.Coco.IsChanged = v.IsSet("coco.replicas")
flags.ServerFlags.HubXmlrpc.IsChanged = v.IsSet("hubxmlrpc.replicas")
flags.ServerFlags.Saline.IsChanged = v.IsSet("saline.replicas") || v.IsSet("saline.port")
flags.ServerFlags.Pgsql.IsChanged = v.IsSet("pgsql.replicas")
}
return utils.CommandHelper(globalFlags, cmd, args, &flags, flagsUpdater, run)
},
Expand Down
8 changes: 1 addition & 7 deletions mgradm/cmd/install/podman/podman_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down Expand Up @@ -54,8 +54,6 @@ hubxmlrpc:
saline:
port: 8226
replicas: 1
pgsql:
replicas: 0
`

dir := t.TempDir()
Expand All @@ -74,8 +72,6 @@ pgsql:
testutils.AssertEquals(t, "Saline replicas badly parsed", 1, flags.Saline.Replicas)
testutils.AssertEquals(t, "Saline port badly parsed", 8226, flags.Saline.Port)
testutils.AssertTrue(t, "Saline flags not marked as changed", flags.Saline.IsChanged)
testutils.AssertEquals(t, "Pgsql replicas badly parsed", 0, flags.Pgsql.Replicas)
testutils.AssertTrue(t, "Pgsql flags not marked as changed", flags.Pgsql.IsChanged)
return nil
}

Expand All @@ -99,8 +95,6 @@ func TestParamsNoConfig(t *testing.T) {
testutils.AssertEquals(t, "Saline replicas badly parsed", 0, flags.Saline.Replicas)
testutils.AssertEquals(t, "Saline port badly parsed", 8216, flags.Saline.Port)
testutils.AssertTrue(t, "Saline flags marked as changed", !flags.Saline.IsChanged)
testutils.AssertEquals(t, "Pgsql replicas badly parsed", 1, flags.Pgsql.Replicas)
testutils.AssertTrue(t, "Pgsql flags marked as changed", !flags.Pgsql.IsChanged)
return nil
}

Expand Down
12 changes: 11 additions & 1 deletion mgradm/cmd/install/podman/ssl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package podman

import (
"fmt"
"path"
"strings"

"github.com/rs/zerolog/log"
Expand Down Expand Up @@ -92,6 +93,15 @@ func generateSSLCertificates(image string, flags *adm_utils.ServerFlags, fqdn st

log.Info().Msg(L("SSL certificates generated"))

// Create secret for the database key and certificate
if err := shared_podman.CreateDBTLSSecrets(
path.Join(tempDir, "ca.crt"),
path.Join(tempDir, "reportdb.crt"),
path.Join(tempDir, "reportdb.key"),
); err != nil {
return []string{}, cleaner, err
}

return []string{"-v", tempDir + ":/ssl"}, cleaner, nil
}

Expand Down Expand Up @@ -147,7 +157,7 @@ const sslSetupScript = `
--set-country "$CERT_COUNTRY" --set-state "$CERT_STATE" --set-city "$CERT_CITY" \
--set-org "$CERT_O" --set-org-unit "$CERT_OU" \
--set-hostname reportdb.mgr.internal --cert-expiration 3650 --set-email "$CERT_EMAIL" \
$cert_args
--set-cname reportdb --set-cname db $cert_args
cp /root/ssl-build/reportdb/server.crt /ssl/reportdb.crt
cp /root/ssl-build/reportdb/server.key /ssl/reportdb.key
Expand Down
47 changes: 31 additions & 16 deletions mgradm/cmd/install/podman/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,17 +102,41 @@ func installForPodman(
return err
}

// TODO Generate SSL Certificates in a separate container
// Create all the database credentials secrets
if err := shared_podman.CreateCredentialsSecrets(
shared_podman.DBUserSecret, flags.Installation.DB.User,
shared_podman.DBPassSecret, flags.Installation.DB.Password,
); err != nil {
return err
}

// Run the DB container setup
// TODO Adjust with the new setup mechanism
if err := pgsql.SetupPgsql(systemd, authFile, flags.ServerFlags.Pgsql,
flags.Installation.DB.Admin.User,
flags.Installation.DB.Admin.Password,
if err := shared_podman.CreateCredentialsSecrets(
shared_podman.ReportDBUserSecret, flags.Installation.ReportDB.User,
shared_podman.ReportDBPassSecret, flags.Installation.ReportDB.Password,
); err != nil {
return err
}

if flags.ServerFlags.Installation.DB.Host == "db" {
// The admin password is not needed for external databases
if err := shared_podman.CreateCredentialsSecrets(
shared_podman.DBAdminUserSecret, flags.Installation.DB.Admin.User,
shared_podman.DBAdminPassSecret, flags.Installation.DB.Admin.Password,
); err != nil {
return err
}

// Run the DB container setup if the user doesn't set a custom host name for it.
if err := pgsql.SetupPgsql(systemd, authFile, &flags.ServerFlags.Pgsql, &flags.Image); err != nil {
return err
}
} else {
log.Info().Msgf(
L("Skipped database container setup to use external database %s"),
flags.ServerFlags.Installation.DB.Host,
)
}

log.Info().Msg(L("Run setup command in the container"))

if err := runSetup(preparedImage, &flags.ServerFlags, fqdn, sslArgs); err != nil {
Expand All @@ -127,11 +151,6 @@ func installForPodman(
return utils.Error(err, L("failed to add SSL CA certificate to host trusted certificates"))
}

log.Info().Msg(L("Enabling SSL in the postgres container"))
if err := pgsql.EnableSSL(systemd); err != nil {
return err
}

if path, err := exec.LookPath("uyuni-payg-extract-data"); err == nil {
// the binary is installed
err = utils.RunCmdStdMapping(zerolog.DebugLevel, path)
Expand All @@ -141,10 +160,6 @@ func installForPodman(
}

if flags.Coco.Replicas > 0 {
// This may need to be moved up later once more containers require DB access
if err := shared_podman.CreateDBSecrets(flags.Installation.DB.User, flags.Installation.DB.Password); err != nil {
return err
}
if err := coco.SetupCocoContainer(
systemd, authFile, flags.Image.Registry, flags.Coco, flags.Image,
flags.Installation.DB.Name, flags.Installation.DB.Port,
Expand Down Expand Up @@ -206,7 +221,7 @@ func runSetup(image string, flags *adm_utils.ServerFlags, fqdn string, sslArgs [
if err != nil {
return err
}
command = append(command, "/usr/bin/sh", "-c", script)
command = append(command, "/usr/bin/sh", "-e", "-c", script)

if _, err := newRunner("podman", command...).Env(envValues).StdMapping().Exec(); err != nil {
return utils.Error(err, L("server setup failed"))
Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/install/shared/flags.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/migrate/kubernetes/kubernetes.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/migrate/kubernetes/kubernetes_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/migrate/kubernetes/utils.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/migrate/podman/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/migrate/podman/podman_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/migrate/podman/utils.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/migrate/shared/flags.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
12 changes: 7 additions & 5 deletions mgradm/cmd/restart/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand All @@ -19,8 +19,10 @@ func podmanRestart(
_ *cobra.Command,
_ []string,
) error {
err1 := systemd.RestartService(podman.ServerService)
err2 := systemd.RestartInstantiated(podman.ServerAttestationService)
err3 := systemd.RestartInstantiated(podman.HubXmlrpcService)
return utils.JoinErrors(err1, err2, err3)
return utils.JoinErrors(
systemd.RestartService(podman.DBService),
systemd.RestartService(podman.ServerService),
systemd.RestartInstantiated(podman.ServerAttestationService),
systemd.RestartInstantiated(podman.HubXmlrpcService),
)
}
12 changes: 7 additions & 5 deletions mgradm/cmd/start/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand All @@ -19,8 +19,10 @@ func podmanStart(
_ *cobra.Command,
_ []string,
) error {
err1 := systemd.StartInstantiated(podman.ServerAttestationService)
err2 := systemd.StartInstantiated(podman.HubXmlrpcService)
err3 := systemd.StartService(podman.ServerService)
return utils.JoinErrors(err1, err2, err3)
return utils.JoinErrors(
systemd.StartService(podman.DBService),
systemd.StartInstantiated(podman.ServerAttestationService),
systemd.StartInstantiated(podman.HubXmlrpcService),
systemd.StartService(podman.ServerService),
)
}
6 changes: 5 additions & 1 deletion mgradm/cmd/status/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand All @@ -24,6 +24,10 @@ func podmanStatus(
_ *cobra.Command,
_ []string,
) error {
if systemd.HasService(podman.DBService) {
_ = utils.RunCmdStdMapping(zerolog.DebugLevel, "systemctl", "status", "--no-pager", podman.DBService)
}

// Show the status and that's it if the service is not running
if !systemd.IsServiceRunning(podman.ServerService) {
_ = utils.RunCmdStdMapping(zerolog.DebugLevel, "systemctl", "status", "--no-pager", podman.ServerService)
Expand Down
12 changes: 7 additions & 5 deletions mgradm/cmd/stop/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand All @@ -19,8 +19,10 @@ func podmanStop(
_ *cobra.Command,
_ []string,
) error {
err1 := systemd.StopInstantiated(podman.ServerAttestationService)
err2 := systemd.StopInstantiated(podman.HubXmlrpcService)
err3 := systemd.StopService(podman.ServerService)
return utils.JoinErrors(err1, err2, err3)
return utils.JoinErrors(
systemd.StopInstantiated(podman.ServerAttestationService),
systemd.StopInstantiated(podman.HubXmlrpcService),
systemd.StopService(podman.ServerService),
systemd.StopService(podman.DBService),
)
}
2 changes: 1 addition & 1 deletion mgradm/cmd/support/ptf/podman/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0
//go:build ptf
Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/support/ptf/podman/utils.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0
//go:build ptf
Expand Down
13 changes: 10 additions & 3 deletions mgradm/cmd/uninstall/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down Expand Up @@ -27,7 +27,7 @@ func uninstallForPodman(
podman.GetServiceImage(podman.ServerAttestationService + "@"),
podman.GetServiceImage(podman.HubXmlrpcService),
podman.GetServiceImage(podman.ServerSalineService + "@"),
podman.GetServiceImage(podman.PgsqlService),
podman.GetServiceImage(podman.DBService),
}

// Uninstall the service
Expand All @@ -38,7 +38,7 @@ func uninstallForPodman(
systemd.UninstallInstantiatedService(podman.ServerAttestationService, !flags.Force)
systemd.UninstallInstantiatedService(podman.HubXmlrpcService, !flags.Force)
systemd.UninstallInstantiatedService(podman.ServerSalineService, !flags.Force)
systemd.UninstallInstantiatedService(podman.PgsqlService, !flags.Force)
systemd.UninstallService(podman.DBService, !flags.Force)

// Remove the volumes
if flags.Purge.Volumes {
Expand Down Expand Up @@ -76,8 +76,15 @@ func uninstallForPodman(

podman.DeleteNetwork(!flags.Force)

podman.DeleteSecret(podman.ReportDBUserSecret, !flags.Force)
podman.DeleteSecret(podman.ReportDBPassSecret, !flags.Force)
podman.DeleteSecret(podman.DBUserSecret, !flags.Force)
podman.DeleteSecret(podman.DBPassSecret, !flags.Force)
podman.DeleteSecret(podman.DBAdminUserSecret, !flags.Force)
podman.DeleteSecret(podman.DBAdminPassSecret, !flags.Force)
podman.DeleteSecret(podman.DBSSLCertSecret, !flags.Force)
podman.DeleteSecret(podman.DBSSLKeySecret, !flags.Force)
podman.DeleteSecret(podman.CASecret, !flags.Force)

err := systemd.ReloadDaemon(!flags.Force)

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/upgrade/kubernetes/kubernetes.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/upgrade/kubernetes/kubernetes_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
3 changes: 1 addition & 2 deletions mgradm/cmd/upgrade/podman/podman.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down Expand Up @@ -31,7 +31,6 @@ func newCmd(globalFlags *types.GlobalFlags, run utils.CommandFunc[podmanUpgradeF
flags.ServerFlags.Coco.IsChanged = v.IsSet("coco.replicas")
flags.ServerFlags.HubXmlrpc.IsChanged = v.IsSet("hubxmlrpc.replicas")
flags.ServerFlags.Saline.IsChanged = v.IsSet("saline.replicas") || v.IsSet("saline.port")
flags.ServerFlags.Pgsql.IsChanged = v.IsSet("pgsql.replicas")
}
return utils.CommandHelper(globalFlags, cmd, args, &flags, flagsUpdater, run)
},
Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/upgrade/podman/podman_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
2 changes: 1 addition & 1 deletion mgradm/cmd/upgrade/podman/utils.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2024 SUSE LLC
// SPDX-FileCopyrightText: 2025 SUSE LLC
//
// SPDX-License-Identifier: Apache-2.0

Expand Down
Loading

0 comments on commit f46f7fa

Please sign in to comment.