summaryrefslogtreecommitdiffstats
path: root/setup/projects
diff options
context:
space:
mode:
Diffstat (limited to 'setup/projects')
-rw-r--r--setup/projects/adei/templates/01-asec-secret.yml.j240
-rw-r--r--setup/projects/adei/vars/apps.yml1
-rw-r--r--setup/projects/adei/vars/asec.yml46
-rw-r--r--setup/projects/adei/vars/phpmyadmin.yml2
-rw-r--r--setup/projects/adei/vars/script.yml2
-rw-r--r--setup/projects/adei/vars/volumes.yml8
6 files changed, 98 insertions, 1 deletions
diff --git a/setup/projects/adei/templates/01-asec-secret.yml.j2 b/setup/projects/adei/templates/01-asec-secret.yml.j2
new file mode 100644
index 0000000..17272aa
--- /dev/null
+++ b/setup/projects/adei/templates/01-asec-secret.yml.j2
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Template
+metadata:
+ name: asec-secret
+ labels:
+ app: asec
+ annotations:
+ descriptions: "ASEC Secrets"
+objects:
+- apiVersion: v1
+ kind: Secret
+ metadata:
+ annotations:
+ template.openshift.io/expose-asec_password: '{.data[''asec-password'']}'
+ template.openshift.io/expose-root_password: '{.data[''root-password'']}'
+ template.openshift.io/expose-service_password: '{.data[''service-password'']}'
+ name: asec
+ stringData:
+ asec-password: "${ASEC_PASSWORD}"
+ root-password: "${ROOT_PASSWORD}"
+ service-password: "${SERVICE_PASSWORD}"
+parameters:
+- description: Password for the service users
+ displayName: Service Connection Password
+ from: '[a-zA-Z0-9]{16}'
+ generate: expression
+ name: SERVICE_PASSWORD
+ required: true
+- description: Password for the asec user
+ displayName: ASEC password
+ from: '[a-zA-Z0-9]{16}'
+ generate: expression
+ name: ASEC_PASSWORD
+ required: true
+- description: Password for the root users
+ displayName: DB Admin Password
+ from: '[a-zA-Z0-9]{16}'
+ generate: expression
+ name: ROOT_PASSWORD
+ required: true
diff --git a/setup/projects/adei/vars/apps.yml b/setup/projects/adei/vars/apps.yml
index bc4ed1e..5152bde 100644
--- a/setup/projects/adei/vars/apps.yml
+++ b/setup/projects/adei/vars/apps.yml
@@ -1,5 +1,6 @@
apps:
mysql: { provision: true, instantiate: true }
+ asec: { provision: true, instantiate: true }
galera: { provision: false, instantiate: false }
# simple_mysql: { provision: false, instantiate: false }
phpmyadmin: { provision: true, instantiate: true }
diff --git a/setup/projects/adei/vars/asec.yml b/setup/projects/adei/vars/asec.yml
new file mode 100644
index 0000000..b81e8e4
--- /dev/null
+++ b/setup/projects/adei/vars/asec.yml
@@ -0,0 +1,46 @@
+asec:
+ options:
+ delete: false
+
+ pods:
+ asec_master:
+ kind: StatefulSet
+ sa: "adeidb"
+ service: { ports: [ 3306 ] }
+ network: { host: "{{ ands_hostnet_db | default(false) }}" }
+ sched: { replicas: 1, strategy: "Recreate", selector: { hostid: "3" } }
+ groups: [ "adei_asec" ]
+ labels: { 'service': 'asec-mysql' }
+ pvc: { 'asec_master': {} }
+ images:
+ - image: "chsa/mysql:5.7"
+ command: [ "run-mysqld-master" ]
+ env:
+ - { name: "MYSQL_ROOT_PASSWORD", value: "secret@asec/root-password" }
+ - { name: "MYSQL_USER", value: "asec" }
+ - { name: "MYSQL_USER_PRIV_SUPER", value: "1" }
+ - { name: "MYSQL_PASSWORD", value: "secret@asec/asec-password" }
+ - { name: "MYSQL_DATABASE", value: "asec" }
+ - { name: "MYSQL_EXTRADB", value: "%" }
+ - { name: "MYSQL_MASTER_USER", value: "replication" }
+ - { name: "MYSQL_MASTER_PASSWORD", value: "secret@asec/service-password" }
+ - { name: "MYSQL_PMA_PASSWORD", value: "secret@adei/pma-password" }
+ - { name: "MYSQL_MAX_CONNECTIONS", value: "500" }
+ - { name: "MYSQL_INNODB_BUFFER_POOL_SIZE", value: "4G" }
+ - { name: "MYSQL_INNODB_BUFFER_POOL_INSTANCES", value: "8" }
+ - { name: "MYSQL_INNODB_LOG_FILE_SIZE", value: "2G" }
+ - { name: "MYSQL_INNODB_LOG_BUFFER_SIZE", value: "16M" }
+ - { name: "MYSQL_SYNC_BINLOG", value: "0" }
+ - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "25000" }
+ - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "32" }
+ - { name: "MYSQL_INNODB_FLUSH_LOG_TYPE", value: "2" }
+ - { name: "MYSQL_INNODB_FLUSH_METHOD", value: "O_DIRECT" }
+ - { name: "MYSQL_INNODB_FLUSH_LOG_TIMEOUT", value: "300" }
+ - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" }
+# - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" }
+ mappings:
+ - { name: "asec_master", mount: "/var/lib/mysql/data" }
+ resources: { request: { cpu: 1000m, mem: 4Gi }, limit: { cpu: 2000m, mem: 8Gi } }
+ probes:
+ - { type: "liveness", port: 3306 }
+ - { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" }
diff --git a/setup/projects/adei/vars/phpmyadmin.yml b/setup/projects/adei/vars/phpmyadmin.yml
index 7a2bc40..323ea05 100644
--- a/setup/projects/adei/vars/phpmyadmin.yml
+++ b/setup/projects/adei/vars/phpmyadmin.yml
@@ -8,7 +8,7 @@ phpmyadmin:
env:
- { name: "DB_SERVICE_HOST", value: "mysql-master.adei.svc.cluster.local" }
- { name: "DB_SERVICE_PORT", value: "3306" }
- - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local" }
+ - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local,asec-master.adei.svc.cluster.local,asec-slave.adei.svc.cluster.local" }
# - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
# - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" }
probes:
diff --git a/setup/projects/adei/vars/script.yml b/setup/projects/adei/vars/script.yml
index a767369..7bd935c 100644
--- a/setup/projects/adei/vars/script.yml
+++ b/setup/projects/adei/vars/script.yml
@@ -8,3 +8,5 @@ oc:
- apps: ".*"
- oc: "expose svc/mysql-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name mysql-ingress"
resource: "svc/mysql-ingress"
+ - oc: "expose svc/asec-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name asec-ingress"
+ resource: "svc/asec-ingress"
diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml
index 1d61230..a17cadb 100644
--- a/setup/projects/adei/vars/volumes.yml
+++ b/setup/projects/adei/vars/volumes.yml
@@ -2,6 +2,7 @@ gids:
adei: { id: 6001, users: [ 'csa' ] }
adei_db: { id: 6002 }
adei_data: { id: 6003 }
+ adei_asec: { id: 6005 }
volumes:
adei_host: { volume: "hostraid", path: "/adei", write: true } # mysql
@@ -14,11 +15,15 @@ volumes:
adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files
adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files
# adei_db: { volume: "databases", path: "/adei", write: true } # mysql
+ sync_cfg: { volume: "openshift", path: "/adei/sync", write: true }
+
# This is not part of volumes and the permissions should be always provisioned using files on adei_host 'osv'
local_volumes:
adei_master: { volume: "hostraid", path: "/adei/mysql_master", nodes: [3], write: true }
adei_slave: { volume: "hostraid", path: "/adei/mysql_slave", nodes: [1, 2], write: true }
+ asec_master: { volume: "hostraid", path: "/adei/asec_master", nodes: [3], write: true }
+ asec_slave: { volume: "hostraid", path: "/adei/asec_slave", nodes: [1, 2], write: true }
adei_galera: { volume: "hostraid", path: "/adei/galera", write: true }
files:
@@ -37,4 +42,7 @@ files:
- { osv: "adei_host",path: "galera", state: "directory", group: "adei_db", mode: "02775" }
- { osv: "adei_host",path: "mysql_master", state: "directory", group: "adei_db", mode: "02775" }
- { osv: "adei_host",path: "mysql_slave", state: "directory", group: "adei_db", mode: "02775" }
+ - { osv: "adei_host",path: "asec_master", state: "directory", group: "adei_asec", mode: "02775" }
+ - { osv: "adei_host",path: "asec_slave", state: "directory", group: "adei_asec", mode: "02775" }
+ - { osv: "sync_cfg", path: "asec", state: "directory", group: "adei_asec", mode: "02775" }
# - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "02775" }