From 55833a54de25448ad42ba858a4d1aafdbe0e7658 Mon Sep 17 00:00:00 2001 From: Peter Braun <peter-braun@gmx.net> Date: Mon, 4 Mar 2019 11:41:45 +0100 Subject: [PATCH] update mysql backup to use secrets from default namespace --- image/tools/lib/component/mysql.sh | 31 ++++++++++++++----- .../openshift/backup-cronjob-template.yaml | 10 +++--- templates/openshift/backup-job-template.yaml | 9 +++--- 3 files changed, 33 insertions(+), 17 deletions(-) diff --git a/image/tools/lib/component/mysql.sh b/image/tools/lib/component/mysql.sh index 92c89dd..cc8b0b7 100644 --- a/image/tools/lib/component/mysql.sh +++ b/image/tools/lib/component/mysql.sh @@ -1,11 +1,28 @@ +function get_mysql_host { + echo "`oc get secret ${COMPONENT_SECRET_NAME} -n default -o jsonpath={.data.MYSQL_HOST} | base64 --decode`" +} + +function get_mysql_user { + echo "`oc get secret ${COMPONENT_SECRET_NAME} -n default -o jsonpath={.data.MYSQL_USER} | base64 --decode`" +} + +function get_mysql_password { + echo "`oc get secret ${COMPONENT_SECRET_NAME} -n default -o jsonpath={.data.MYSQL_PASSWORD} | base64 --decode`" +} + function component_dump_data { - dest=$1 - databases=$(mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'SHOW DATABASES' | tail -n+2 | grep -v information_schema) - for database in $databases; do - ts=$(date '+%H:%M:%S') - mysqldump --single-transaction -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -R $database | gzip > $dest/archives/$database-$ts.dump.gz - rc=$? - if [ $rc -ne 0 ]; then + local dest=$1 + local MYSQL_HOST=$(get_mysql_host) + local MYSQL_USER=$(get_mysql_user) + local MYSQL_PASSWORD=$(get_mysql_password) + + databases=$(mysql -h${MYSQL_HOST} -u${MYSQL_USER} -p${MYSQL_PASSWORD} -e 'SHOW DATABASES' | tail -n+2 | grep -v information_schema) + + for database in ${databases}; do + local ts=$(date '+%H:%M:%S') + mysqldump --single-transaction -h${MYSQL_HOST} -u${MYSQL_USER} -p${MYSQL_PASSWORD} -R ${database} | gzip > ${dest}/archives/${database}-${ts}.dump.gz + local rc=$? + if [[ ${rc} -ne 0 ]]; then echo "==> Dump $database: FAILED" exit 1 fi diff --git a/templates/openshift/backup-cronjob-template.yaml b/templates/openshift/backup-cronjob-template.yaml index 7c959f5..9c976f3 100644 --- a/templates/openshift/backup-cronjob-template.yaml +++ b/templates/openshift/backup-cronjob-template.yaml @@ -37,12 +37,11 @@ objects: - "${DEBUG}" env: - name: BACKEND_SECRET_NAME - value: ${BACKEND_SECRET_NAME} + value: "${BACKEND_SECRET_NAME}" - name: ENCRYPTION_SECRET_NAME - value: ${ENCRYPTION_SECRET_NAME} - envFrom: - - secretRef: - name: "${COMPONENT_SECRET_NAME}" + value: "${ENCRYPTION_SECRET_NAME}" + - name: COMPONENT_SECRET_NAME + value: "${COMPONENT_SECRET_NAME}" restartPolicy: Never parameters: - name: NAME @@ -59,6 +58,7 @@ parameters: - name: COMPONENT_SECRET_NAME description: Component secret name to create environment variables from required: true + value: dummy - name: BACKEND_SECRET_NAME description: Backend secret name to create environment variables from required: true diff --git a/templates/openshift/backup-job-template.yaml b/templates/openshift/backup-job-template.yaml index e7f47e2..5a4322f 100644 --- a/templates/openshift/backup-job-template.yaml +++ b/templates/openshift/backup-job-template.yaml @@ -36,12 +36,11 @@ objects: - "${DEBUG}" env: - name: BACKEND_SECRET_NAME - value: ${BACKEND_SECRET_NAME} + value: "${BACKEND_SECRET_NAME}" - name: ENCRYPTION_SECRET_NAME - value: ${ENCRYPTION_SECRET_NAME} - envFrom: - - secretRef: - name: "${COMPONENT_SECRET_NAME}" + value: "${ENCRYPTION_SECRET_NAME}" + - name: COMPONENT_SECRET_NAME + value: "${COMPONENT_SECRET_NAME}" restartPolicy: Never parameters: - name: NAME