From bf8d1993901110134d60167314c05729a4cf6400 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Wed, 1 Nov 2023 18:26:17 +0100 Subject: [PATCH 01/13] Changes to the Mongo Manage Script to fetch DB_NAMES from config file. --- .../mongodb/source/mongotools/mongo_manage.sh | 186 +++++++++--------- 1 file changed, 90 insertions(+), 96 deletions(-) diff --git a/docker/mongodb/source/mongotools/mongo_manage.sh b/docker/mongodb/source/mongotools/mongo_manage.sh index 5ffeb2839..4f1317c7e 100755 --- a/docker/mongodb/source/mongotools/mongo_manage.sh +++ b/docker/mongodb/source/mongotools/mongo_manage.sh @@ -1,4 +1,5 @@ #!/bin/bash + ##H ##H Usage: manage ##H @@ -7,136 +8,128 @@ ##H backup backup MongoDB ##H restore restore MongoDB ##H status status of MongoDB backup -# + ACTION=$1 CONFIG=$2 -usage() -{ - grep "^##H " < $0 | sed -e "s,##H ,,g" + +usage() { + grep "^##H " < "$0" | sed -e "s,##H ,,g" } + if [ -z "$CONFIG" ]; then echo "No configuration file is provided" usage exit 1 fi -# how to encrypt file with age -# age -i $AGE_KEY --encrypt file.txt > file.encrypted -# how to decrypt encrypted file with age -# age -i $AGE_KEY --decrypt -o f.txt file.encrypted -# or decrypt to stdout -# age -i $AGE_KEY --decrypt -o - file.encrypted - -init(){ - if [ -n "`grep USERNAME $CONFIG`" ]; then - # we have unencrypted config - URI=`cat $CONFIG | grep URI | sed -e "s,URI=,,g"` - HOST=`cat $CONFIG | grep HOST | sed -e "s,HOST=,,g"` - PORT=`cat $CONFIG | grep PORT | sed -e "s,PORT=,,g"` - AUTHDB=`cat $CONFIG | grep AUTHDB | sed -e "s,AUTHDB=,,g"` - USERNAME=`cat $CONFIG | grep USERNAME | sed -e "s,USERNAME=,,g"` - PASSWORD=`cat $CONFIG | grep PASSWORD | sed -e "s,PASSWORD=,,g"` - BACKUP_DIR=`cat $CONFIG | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g"` - RS_NAME=`cat $CONFIG | grep RS_NAME | sed -e "s,RS_NAME=,,g"` - else - if [ -z "$AGE_KEY" ]; then - echo "AGE_KEY environment is not set, please generate appropriate key file" - echo "using age-keygen and point this environment to it" +init() { + if [ -n "$(grep USERNAME "$CONFIG")" ]; then + # we have unencrypted config + URI=$(cat "$CONFIG" | grep URI | sed -e "s,URI=,,g") + HOST=$(cat "$CONFIG" | grep HOST | sed -e "s,HOST=,,g") + PORT=$(cat "$CONFIG" | grep PORT | sed -e "s,PORT=,,g") + AUTHDB=$(cat "$CONFIG" | grep AUTHDB | sed -e "s,AUTHDB=,,g") + USERNAME=$(cat "$CONFIG" | grep USERNAME | sed -e "s,USERNAME=,,g") + PASSWORD=$(cat "$CONFIG" | grep PASSWORD | sed -e "s,PASSWORD=,,g") + BACKUP_DIR=$(cat "$CONFIG" | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g") + RS_NAME=$(cat "$CONFIG" | grep RS_NAME | sed -e "s,RS_NAME=,,g") + DB_NAMES=$(cat "$CONFIG" | grep DB_NAMES | sed -e "s,DB_NAMES=,,g") + else + if [ -z "$AGE_KEY" ]; then + echo "AGE_KEY environment is not set, please generate an appropriate key file" + echo "using age-keygen and point this environment to it" + exit 1 + fi + # we got encrypted config + URI=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep URI | sed -e "s,URI=,,g") + HOST=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep HOST | sed -e "s,HOST=,,g") + PORT=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep PORT | sed -e "s,PORT=,,g") + AUTHDB=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep AUTHDB | sed -e "s,AUTHDB=,,g") + USERNAME=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep USERNAME | sed -e "s,USERNAME=,,g") + PASSWORD=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep PASSWORD | sed -e "s,PASSWORD=,,g") + BACKUP_DIR=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g") + RS_NAME=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep RS_NAME | sed -e "s,RS_NAME=,,g") + fi + + if [ -z "$USERNAME" ]; then + echo "Unable to locate USERNAME in $CONFIG" + exit 1 + fi + if [ -z "$PASSWORD" ]; then + echo "Unable to locate PASSWORD in $CONFIG" + exit 1 + } + if [ -z "$RS_NAME" ]; then + echo "Unable to locate RS_NAME in $CONFIG" exit 1 - fi - # we got encrypted config - URI=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep URI | sed -e "s,URI=,,g"` - HOST=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep HOST | sed -e "s,HOST=,,g"` - PORT=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep PORT | sed -e "s,PORT=,,g"` - AUTHDB=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep AUTHDB | sed -e "s,AUTHDB=,,g"` - USERNAME=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep USERNAME | sed -e "s,USERNAME=,,g"` - PASSWORD=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep PASSWORD | sed -e "s,PASSWORD=,,g"` - BACKUP_DIR=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g"` - RS_NAME=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep RS_NAME | sed -e "s,RS_NAME=,,g"` - fi - if [ -z "$USERNAME" ]; then - echo "Unable to locate USERNAME in $CONFIG" - exit 1 - fi - if [ -z "$PASSWORD" ]; then - echo "Unable to locate PASSWORD in $CONFIG" - exit 1 - fi - if [ -z "$RS_NAME" ]; then - echo "Unable to locate RS_NAME in $CONFIG" - exit 1 - fi - if [ "$ACTION" == "backup" ]; then - if [ -z "$URI" ]; then - echo "Unable to locate URI in $CONFIG" - exit 1 - fi - if [ -z "$AUTHDB" ]; then - echo "Unable to locate AUTHDB in $CONFIG" - exit 1 - fi - if [ -z "$BACKUP_DIR" ]; then - echo "Unable to locate BACKUP_DIR in $CONFIG" - exit 1 - fi - fi - if [ "$ACTION" == "restore" ]; then - if [ -z "$HOST" ]; then - echo "Unable to locate HOST in $CONFIG" - exit 1 - fi - if [ -z "$PORT" ]; then - echo "Unable to locate PORT in $CONFIG" - exit 1 - fi - fi - #selecting backup directory based on the deployment name - BACKUP_DIR=$BACKUP_DIR/$MONGODB_ID + } + if [ "$ACTION" == "backup" ]; then + if [ -z "$URI" ]; then + echo "Unable to locate URI in $CONFIG" + exit 1 + fi + if [ -z "$AUTHDB" ]; then + echo "Unable to locate AUTHDB in $CONFIG" + exit 1 + fi + if [ -z "$BACKUP_DIR" ]; then + echo "Unable to locate BACKUP_DIR in $CONFIG" + exit 1 + fi + fi + if [ "$ACTION" == "restore" ]; then + if [ -z "$HOST" ]; then + echo "Unable to locate HOST in $CONFIG" + exit 1 + fi + if [ -z "$PORT" ]; then + echo "Unable to locate PORT in $CONFIG" + exit 1 + fi + fi + # Split DB_NAMES into an array + IFS=' ' read -ra DB_NAME_ARRAY <<< "$DB_NAMES" + # selecting backup directory based on the deployment name + BACKUP_DIR="$BACKUP_DIR/$MONGODB_ID" } -backup() -{ - # initialize backup parameters +backup() { + # Initialize backup parameters init # Get the current date and time DATE=$(date +%Y-%m-%d_%H-%M-%S) - # Loop through each database and run mongodump - for dbName in "msOutputDBPreProd" "msPileupDBPreProd" "msUnmergedDBPreProd" + + for dbName in "${DB_NAME_ARRAY[@]}" do echo "Dumping database: $dbName" - mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase=$AUTHDB --out="$BACKUP_DIR/$DATE" + mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" --out="$BACKUP_DIR/$DATE" done - find $BACKUP_DIR -mindepth 1 -maxdepth 1 -type d -ctime +10 | xargs rm -rf; + + find "$BACKUP_DIR" -mindepth 1 -maxdepth 1 -type d -ctime +10 | xargs rm -rf } -restore() -{ - # initialize backup parameters +restore() { + # Initialize restore parameters init # Get the current date and time DATE=$(date +%Y-%m-%d_%H-%M-%S) - - # Loop through each database and run mongodump - for dbName in "msOutputDBPreProd" "msPileupDBPreProd" "msUnmergedDBPreProd" - do - echo "Restoring database: $db_name" - mongorestore --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase=$AUTHDB "$BACKUP_DIR/$DATE" - done + for dbName in "${DB_NAME_ARRAY[@]}" + do + echo "Restoring database: $dbName" + mongorestore --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" "$BACKUP_DIR/$DATE" done } -backup_status() -{ +backup_status() { echo "Not implemented yet" } - -# Main routine, perform action requested on command line. +# Main routine, perform action requested on the command line. case ${1:-status} in backup ) backup @@ -159,3 +152,4 @@ case ${1:-status} in exit 1 ;; esac + From 31d52d3e3aa7a6b85c642cbd2405bbd8c79bf339 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Wed, 1 Nov 2023 18:33:05 +0100 Subject: [PATCH 02/13] Changes to the Mongo Manage Script to fetch DB_NAMES from config file. --- .../mongodb/source/mongotools/mongo_manage.sh | 185 +++++++++--------- 1 file changed, 97 insertions(+), 88 deletions(-) diff --git a/docker/mongodb/source/mongotools/mongo_manage.sh b/docker/mongodb/source/mongotools/mongo_manage.sh index 4f1317c7e..ad8c2ea2a 100755 --- a/docker/mongodb/source/mongotools/mongo_manage.sh +++ b/docker/mongodb/source/mongotools/mongo_manage.sh @@ -1,5 +1,4 @@ #!/bin/bash - ##H ##H Usage: manage ##H @@ -8,128 +7,139 @@ ##H backup backup MongoDB ##H restore restore MongoDB ##H status status of MongoDB backup - +# ACTION=$1 CONFIG=$2 - -usage() { - grep "^##H " < "$0" | sed -e "s,##H ,,g" +usage() +{ + grep "^##H " < $0 | sed -e "s,##H ,,g" } - if [ -z "$CONFIG" ]; then echo "No configuration file is provided" usage exit 1 fi -init() { - if [ -n "$(grep USERNAME "$CONFIG")" ]; then - # we have unencrypted config - URI=$(cat "$CONFIG" | grep URI | sed -e "s,URI=,,g") - HOST=$(cat "$CONFIG" | grep HOST | sed -e "s,HOST=,,g") - PORT=$(cat "$CONFIG" | grep PORT | sed -e "s,PORT=,,g") - AUTHDB=$(cat "$CONFIG" | grep AUTHDB | sed -e "s,AUTHDB=,,g") - USERNAME=$(cat "$CONFIG" | grep USERNAME | sed -e "s,USERNAME=,,g") - PASSWORD=$(cat "$CONFIG" | grep PASSWORD | sed -e "s,PASSWORD=,,g") - BACKUP_DIR=$(cat "$CONFIG" | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g") - RS_NAME=$(cat "$CONFIG" | grep RS_NAME | sed -e "s,RS_NAME=,,g") - DB_NAMES=$(cat "$CONFIG" | grep DB_NAMES | sed -e "s,DB_NAMES=,,g") - else - if [ -z "$AGE_KEY" ]; then - echo "AGE_KEY environment is not set, please generate an appropriate key file" - echo "using age-keygen and point this environment to it" - exit 1 - fi - # we got encrypted config - URI=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep URI | sed -e "s,URI=,,g") - HOST=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep HOST | sed -e "s,HOST=,,g") - PORT=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep PORT | sed -e "s,PORT=,,g") - AUTHDB=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep AUTHDB | sed -e "s,AUTHDB=,,g") - USERNAME=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep USERNAME | sed -e "s,USERNAME=,,g") - PASSWORD=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep PASSWORD | sed -e "s,PASSWORD=,,g") - BACKUP_DIR=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g") - RS_NAME=$(age -i "$AGE_KEY" --decrypt -o - "$CONFIG" | grep RS_NAME | sed -e "s,RS_NAME=,,g") - fi - - if [ -z "$USERNAME" ]; then - echo "Unable to locate USERNAME in $CONFIG" - exit 1 - fi - if [ -z "$PASSWORD" ]; then - echo "Unable to locate PASSWORD in $CONFIG" - exit 1 - } - if [ -z "$RS_NAME" ]; then - echo "Unable to locate RS_NAME in $CONFIG" +# how to encrypt file with age +# age -i $AGE_KEY --encrypt file.txt > file.encrypted +# how to decrypt encrypted file with age +# age -i $AGE_KEY --decrypt -o f.txt file.encrypted +# or decrypt to stdout +# age -i $AGE_KEY --decrypt -o - file.encrypted + +init(){ + if [ -n "`grep USERNAME $CONFIG`" ]; then + # we have unencrypted config + URI=`cat $CONFIG | grep URI | sed -e "s,URI=,,g"` + HOST=`cat $CONFIG | grep HOST | sed -e "s,HOST=,,g"` + PORT=`cat $CONFIG | grep PORT | sed -e "s,PORT=,,g"` + AUTHDB=`cat $CONFIG | grep AUTHDB | sed -e "s,AUTHDB=,,g"` + USERNAME=`cat $CONFIG | grep USERNAME | sed -e "s,USERNAME=,,g"` + PASSWORD=`cat $CONFIG | grep PASSWORD | sed -e "s,PASSWORD=,,g"` + BACKUP_DIR=`cat $CONFIG | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g"` + RS_NAME=`cat $CONFIG | grep RS_NAME | sed -e "s,RS_NAME=,,g"` + DB_NAMES=$(cat "$CONFIG" | grep DB_NAMES | sed -e "s,DB_NAMES=,,g") + else + if [ -z "$AGE_KEY" ]; then + echo "AGE_KEY environment is not set, please generate appropriate key file" + echo "using age-keygen and point this environment to it" exit 1 - } - if [ "$ACTION" == "backup" ]; then - if [ -z "$URI" ]; then - echo "Unable to locate URI in $CONFIG" - exit 1 - fi - if [ -z "$AUTHDB" ]; then - echo "Unable to locate AUTHDB in $CONFIG" - exit 1 - fi - if [ -z "$BACKUP_DIR" ]; then - echo "Unable to locate BACKUP_DIR in $CONFIG" - exit 1 - fi - fi - if [ "$ACTION" == "restore" ]; then - if [ -z "$HOST" ]; then - echo "Unable to locate HOST in $CONFIG" - exit 1 - fi - if [ -z "$PORT" ]; then - echo "Unable to locate PORT in $CONFIG" - exit 1 - fi - fi - # Split DB_NAMES into an array - IFS=' ' read -ra DB_NAME_ARRAY <<< "$DB_NAMES" - # selecting backup directory based on the deployment name - BACKUP_DIR="$BACKUP_DIR/$MONGODB_ID" + fi + # we got encrypted config + URI=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep URI | sed -e "s,URI=,,g"` + HOST=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep HOST | sed -e "s,HOST=,,g"` + PORT=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep PORT | sed -e "s,PORT=,,g"` + AUTHDB=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep AUTHDB | sed -e "s,AUTHDB=,,g"` + USERNAME=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep USERNAME | sed -e "s,USERNAME=,,g"` + PASSWORD=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep PASSWORD | sed -e "s,PASSWORD=,,g"` + BACKUP_DIR=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep BACKUP_DIR | sed -e "s,BACKUP_DIR=,,g"` + RS_NAME=`age -i $AGE_KEY --decrypt -o - $CONFIG | grep RS_NAME | sed -e "s,RS_NAME=,,g"` + DB_NAMES=$(cat "$CONFIG" | grep DB_NAMES | sed -e "s,DB_NAMES=,,g") + fi + if [ -z "$USERNAME" ]; then + echo "Unable to locate USERNAME in $CONFIG" + exit 1 + fi + if [ -z "$PASSWORD" ]; then + echo "Unable to locate PASSWORD in $CONFIG" + exit 1 + fi + if [ -z "$RS_NAME" ]; then + echo "Unable to locate RS_NAME in $CONFIG" + exit 1 + fi + if [ "$ACTION" == "backup" ]; then + if [ -z "$URI" ]; then + echo "Unable to locate URI in $CONFIG" + exit 1 + fi + if [ -z "$AUTHDB" ]; then + echo "Unable to locate AUTHDB in $CONFIG" + exit 1 + fi + if [ -z "$BACKUP_DIR" ]; then + echo "Unable to locate BACKUP_DIR in $CONFIG" + exit 1 + fi + fi + if [ "$ACTION" == "restore" ]; then + if [ -z "$HOST" ]; then + echo "Unable to locate HOST in $CONFIG" + exit 1 + fi + if [ -z "$PORT" ]; then + echo "Unable to locate PORT in $CONFIG" + exit 1 + fi + fi + # Split DB_NAMES into an array + IFS=' ' read -ra DB_NAME_ARRAY <<< "$DB_NAMES" + #selecting backup directory based on the deployment name + BACKUP_DIR=$BACKUP_DIR/$MONGODB_ID } -backup() { - # Initialize backup parameters +backup() +{ + # initialize backup parameters init # Get the current date and time DATE=$(date +%Y-%m-%d_%H-%M-%S) - + # Loop through each database and run mongodump for dbName in "${DB_NAME_ARRAY[@]}" do echo "Dumping database: $dbName" - mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" --out="$BACKUP_DIR/$DATE" + mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase=$AUTHDB --out="$BACKUP_DIR/$DATE" done - - find "$BACKUP_DIR" -mindepth 1 -maxdepth 1 -type d -ctime +10 | xargs rm -rf + find $BACKUP_DIR -mindepth 1 -maxdepth 1 -type d -ctime +10 | xargs rm -rf; } -restore() { - # Initialize restore parameters +restore() +{ + # initialize backup parameters init # Get the current date and time DATE=$(date +%Y-%m-%d_%H-%M-%S) - + + # Loop through each database and run mongodump for dbName in "${DB_NAME_ARRAY[@]}" do - echo "Restoring database: $dbName" + echo "Restoring database: $db_name" - mongorestore --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" "$BACKUP_DIR/$DATE" + mongorestore --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase=$AUTHDB "$BACKUP_DIR/$DATE" done + } -backup_status() { +backup_status() +{ echo "Not implemented yet" } -# Main routine, perform action requested on the command line. + +# Main routine, perform action requested on command line. case ${1:-status} in backup ) backup @@ -152,4 +162,3 @@ case ${1:-status} in exit 1 ;; esac - From 740b3747073e707bf0fc7c440014bfc2585e019f Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Thu, 2 Nov 2023 18:04:26 +0100 Subject: [PATCH 03/13] Changes to crontab. --- docker/mongodb/source/dockerfile | 3 ++- helm/mongodb/templates/deployment.yaml | 7 ++++++- helm/mongodb/templates/pvc.yaml | 10 ---------- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/docker/mongodb/source/dockerfile b/docker/mongodb/source/dockerfile index 468d62389..05564be38 100644 --- a/docker/mongodb/source/dockerfile +++ b/docker/mongodb/source/dockerfile @@ -36,6 +36,7 @@ RUN CGO_ENABLED=0 go build -ldflags="-s -w -extldflags -static" && ./email -help FROM mongo:5.0.15 WORKDIR /root ENV MONGODB_ID mongo-0 +ARG ENVIRONMENT RUN apt update RUN apt install -y iproute2 && apt-get -y install krb5-user && apt-get install -y cron @@ -49,7 +50,7 @@ ADD run.sh /root/run.sh RUN chmod +x /root/run.sh #add cronjob -ADD mongo.cron /data/tools/mongo.cron +ADD mongo-$ENVIRONMENT.cron /data/tools/mongo.cron #add mongotools COPY /mongotools /data/tools diff --git a/helm/mongodb/templates/deployment.yaml b/helm/mongodb/templates/deployment.yaml index eaf885e7e..9fabb7dd6 100644 --- a/helm/mongodb/templates/deployment.yaml +++ b/helm/mongodb/templates/deployment.yaml @@ -65,6 +65,8 @@ spec: cpu: {{.Values.db.pod.resources.requests.cpu}} memory: {{.Values.db.pod.resources.limits.memory}} env: + - name: "ENV" + value: {{ (toString $environment) }} - name: "RS_NAME" value: {{.Values.db.rsname}} {{- if (eq (toString $environment) "prod") }} @@ -91,7 +93,6 @@ spec: - name: "NODE_HOSTNAME_THREE" value: {{.Values.db.nodeName.test.three}} {{- end }} - - name: "MONGODB_ID" value: {{.Values.db.instance0.mongoId | quote}} - name: "MONGODB_ADMIN_PASSWORD" @@ -192,6 +193,8 @@ spec: cpu: {{.Values.db.pod.resources.requests.cpu}} memory: {{.Values.db.pod.resources.limits.memory}} env: + - name: "ENV" + value: {{ (toString $environment) }} - name: "RS_NAME" value: {{.Values.db.rsname}} - name: "MONGODB_ID" @@ -289,6 +292,8 @@ spec: cpu: {{.Values.db.pod.resources.requests.cpu}} memory: {{.Values.db.pod.resources.limits.memory}} env: + - name: "ENV" + value: {{ (toString $environment) }} - name: "RS_NAME" value: {{.Values.db.rsname}} - name: "MONGODB_ID" diff --git a/helm/mongodb/templates/pvc.yaml b/helm/mongodb/templates/pvc.yaml index 35cef00bb..b0b02b960 100644 --- a/helm/mongodb/templates/pvc.yaml +++ b/helm/mongodb/templates/pvc.yaml @@ -1,13 +1,3 @@ -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: cpio1 - annotations: - "helm.sh/resource-policy": keep -provisioner: kubernetes.io/cinder -parameters: - type: cpio1 ---- apiVersion: v1 kind: PersistentVolumeClaim metadata: From 0af36a08cba93fc9463b21786d28964c29e0b691 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Thu, 2 Nov 2023 18:07:50 +0100 Subject: [PATCH 04/13] Changes to crontab. --- helm/mongodb/templates/pvc.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/helm/mongodb/templates/pvc.yaml b/helm/mongodb/templates/pvc.yaml index b0b02b960..35cef00bb 100644 --- a/helm/mongodb/templates/pvc.yaml +++ b/helm/mongodb/templates/pvc.yaml @@ -1,3 +1,13 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: cpio1 + annotations: + "helm.sh/resource-policy": keep +provisioner: kubernetes.io/cinder +parameters: + type: cpio1 +--- apiVersion: v1 kind: PersistentVolumeClaim metadata: From 4103a64c952cfa1c6f5cf42a2df6be8ff7e65b79 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Thu, 2 Nov 2023 18:08:22 +0100 Subject: [PATCH 05/13] Changes to crontab. --- docker/mongodb/source/mongo-preprod.cron | 2 ++ docker/mongodb/source/mongo-prod.cron | 2 ++ docker/mongodb/source/mongo-test.cron | 2 ++ 3 files changed, 6 insertions(+) create mode 100644 docker/mongodb/source/mongo-preprod.cron create mode 100644 docker/mongodb/source/mongo-prod.cron create mode 100644 docker/mongodb/source/mongo-test.cron diff --git a/docker/mongodb/source/mongo-preprod.cron b/docker/mongodb/source/mongo-preprod.cron new file mode 100644 index 000000000..68b390acb --- /dev/null +++ b/docker/mongodb/source/mongo-preprod.cron @@ -0,0 +1,2 @@ +0 */12 * * * export AGE_KEY="/etc/mongodb-secret/age-key.txt" && /data/tools/mongo_manage.sh backup /etc/mongodb-secret/mongo.ini + diff --git a/docker/mongodb/source/mongo-prod.cron b/docker/mongodb/source/mongo-prod.cron new file mode 100644 index 000000000..031c9c3b8 --- /dev/null +++ b/docker/mongodb/source/mongo-prod.cron @@ -0,0 +1,2 @@ +0 */4 * * * export AGE_KEY="/etc/mongodb-secret/age-key.txt" && /data/tools/mongo_manage.sh backup /etc/mongodb-secret/mongo.ini + diff --git a/docker/mongodb/source/mongo-test.cron b/docker/mongodb/source/mongo-test.cron new file mode 100644 index 000000000..b43cf9bdb --- /dev/null +++ b/docker/mongodb/source/mongo-test.cron @@ -0,0 +1,2 @@ +0 5 31 2 * export AGE_KEY="/etc/mongodb-secret/age-key.txt" && /data/tools/mongo_manage.sh backup /etc/mongodb-secret/mongo.ini + From bb6164250dd136839f33590c69bdfdb0bef3734e Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Thu, 2 Nov 2023 18:10:23 +0100 Subject: [PATCH 06/13] Changes to crontab. --- helm/mongodb/templates/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/mongodb/templates/deployment.yaml b/helm/mongodb/templates/deployment.yaml index 9fabb7dd6..c0bff0abb 100644 --- a/helm/mongodb/templates/deployment.yaml +++ b/helm/mongodb/templates/deployment.yaml @@ -65,7 +65,7 @@ spec: cpu: {{.Values.db.pod.resources.requests.cpu}} memory: {{.Values.db.pod.resources.limits.memory}} env: - - name: "ENV" + - name: "ENVIRONMENT" value: {{ (toString $environment) }} - name: "RS_NAME" value: {{.Values.db.rsname}} @@ -193,7 +193,7 @@ spec: cpu: {{.Values.db.pod.resources.requests.cpu}} memory: {{.Values.db.pod.resources.limits.memory}} env: - - name: "ENV" + - name: "ENVIRONMENT" value: {{ (toString $environment) }} - name: "RS_NAME" value: {{.Values.db.rsname}} @@ -292,7 +292,7 @@ spec: cpu: {{.Values.db.pod.resources.requests.cpu}} memory: {{.Values.db.pod.resources.limits.memory}} env: - - name: "ENV" + - name: "ENVIRONMENT" value: {{ (toString $environment) }} - name: "RS_NAME" value: {{.Values.db.rsname}} From 477d051c908ae7f565ff67aa58d4491e7f54d39a Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Thu, 2 Nov 2023 19:50:59 +0100 Subject: [PATCH 07/13] Testing cron functionality. --- docker/mongodb/source/copy_cron.sh | 16 ++++++++++++++++ docker/mongodb/source/dockerfile | 12 ++++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 docker/mongodb/source/copy_cron.sh diff --git a/docker/mongodb/source/copy_cron.sh b/docker/mongodb/source/copy_cron.sh new file mode 100644 index 000000000..7ea0177f9 --- /dev/null +++ b/docker/mongodb/source/copy_cron.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +if [ "$ENVIRONMENT" = "prod" ]; then + cp /data/tools/mongo-prod.cron /data/tools/mongo.cron +elif [ "$ENVIRONMENT" = "preprod" ]; then + cp /data/tools/mongo-preprod.cron /data/tools/mongo.cron +elif [ "$ENVIRONMENT" = "test" ]; then + cp /data/tools/mongo-test.cron /data/tools/mongo.cron +else + echo "Unsupported environment: $ENVIRONMENT" + exit 1 +fi + +# Set up the cron job +crontab /data/tools/mongo.cron + diff --git a/docker/mongodb/source/dockerfile b/docker/mongodb/source/dockerfile index 05564be38..a49836383 100644 --- a/docker/mongodb/source/dockerfile +++ b/docker/mongodb/source/dockerfile @@ -36,7 +36,6 @@ RUN CGO_ENABLED=0 go build -ldflags="-s -w -extldflags -static" && ./email -help FROM mongo:5.0.15 WORKDIR /root ENV MONGODB_ID mongo-0 -ARG ENVIRONMENT RUN apt update RUN apt install -y iproute2 && apt-get -y install krb5-user && apt-get install -y cron @@ -50,13 +49,18 @@ ADD run.sh /root/run.sh RUN chmod +x /root/run.sh #add cronjob -ADD mongo-$ENVIRONMENT.cron /data/tools/mongo.cron + #add mongotools COPY /mongotools /data/tools -RUN crontab /data/tools/mongo.cron +COPY copy_cron.sh /data/tools/copy_cron.sh +RUN chmod +x /data/tools/copy_cron.sh +COPY mongo-prod.cron /data/tools/mongo-prod.cron +COPY mongo-preprod.cron /data/tools/mongo-preprod.cron +COPY mongo-test.cron /data/tools/mongo-test.cron + ENV PATH=/data/tools:$PATH -CMD ./startup-$MONGODB_ID.sh; ./run.sh +CMD ./startup-$MONGODB_ID.sh; ./run.sh; /data/tools/copy_cron.sh; From 61f95280f7f3cc9db7d27fc0f04b52c03ea0a270 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Fri, 3 Nov 2023 12:44:51 +0100 Subject: [PATCH 08/13] Automating the kinit operation. --- docker/mongodb/source/copy_cron.sh | 14 +++++++++++++- docker/mongodb/source/dockerfile | 5 ++--- docker/mongodb/source/mongo-test.cron | 2 +- docker/mongodb/source/run.sh | 6 ++++-- helm/mongodb/values.yaml | 6 +++--- 5 files changed, 23 insertions(+), 10 deletions(-) mode change 100644 => 100755 docker/mongodb/source/copy_cron.sh diff --git a/docker/mongodb/source/copy_cron.sh b/docker/mongodb/source/copy_cron.sh old mode 100644 new mode 100755 index 7ea0177f9..17fd29203 --- a/docker/mongodb/source/copy_cron.sh +++ b/docker/mongodb/source/copy_cron.sh @@ -1,10 +1,19 @@ -#!/bin/sh +#!/bin/bash + +# Print a message to indicate the script is running +echo "copy_cron.sh is running" if [ "$ENVIRONMENT" = "prod" ]; then + # Copy the production cron file + echo "Copying mongo-prod.cron" cp /data/tools/mongo-prod.cron /data/tools/mongo.cron elif [ "$ENVIRONMENT" = "preprod" ]; then + # Copy the development cron file + echo "Copying mongo-preprod.cron" cp /data/tools/mongo-preprod.cron /data/tools/mongo.cron elif [ "$ENVIRONMENT" = "test" ]; then + # Copy the test cron file + echo "Copying mongo-test.cron" cp /data/tools/mongo-test.cron /data/tools/mongo.cron else echo "Unsupported environment: $ENVIRONMENT" @@ -14,3 +23,6 @@ fi # Set up the cron job crontab /data/tools/mongo.cron +# Add another cronjob to get kerberos token once everyday +(crontab -l ; echo "0 0 * * * /root/run.sh") | crontab - + diff --git a/docker/mongodb/source/dockerfile b/docker/mongodb/source/dockerfile index a49836383..00131405c 100644 --- a/docker/mongodb/source/dockerfile +++ b/docker/mongodb/source/dockerfile @@ -46,7 +46,6 @@ COPY --from=go-builder /data/email/email /data/tools #add kinit operation ADD run.sh /root/run.sh -RUN chmod +x /root/run.sh #add cronjob @@ -55,7 +54,6 @@ RUN chmod +x /root/run.sh COPY /mongotools /data/tools COPY copy_cron.sh /data/tools/copy_cron.sh -RUN chmod +x /data/tools/copy_cron.sh COPY mongo-prod.cron /data/tools/mongo-prod.cron COPY mongo-preprod.cron /data/tools/mongo-preprod.cron COPY mongo-test.cron /data/tools/mongo-test.cron @@ -63,4 +61,5 @@ COPY mongo-test.cron /data/tools/mongo-test.cron ENV PATH=/data/tools:$PATH -CMD ./startup-$MONGODB_ID.sh; ./run.sh; /data/tools/copy_cron.sh; +CMD ["/bin/sh", "-c", "./run.sh; /data/tools/copy_cron.sh; ./startup-$MONGODB_ID.sh;"] + diff --git a/docker/mongodb/source/mongo-test.cron b/docker/mongodb/source/mongo-test.cron index b43cf9bdb..2c6473adb 100644 --- a/docker/mongodb/source/mongo-test.cron +++ b/docker/mongodb/source/mongo-test.cron @@ -1,2 +1,2 @@ -0 5 31 2 * export AGE_KEY="/etc/mongodb-secret/age-key.txt" && /data/tools/mongo_manage.sh backup /etc/mongodb-secret/mongo.ini +0 2 * * * export AGE_KEY="/etc/mongodb-secret/age-key.txt" && /data/tools/mongo_manage.sh backup /etc/mongodb-secret/mongo.ini diff --git a/docker/mongodb/source/run.sh b/docker/mongodb/source/run.sh index b81684d0a..842dd0767 100755 --- a/docker/mongodb/source/run.sh +++ b/docker/mongodb/source/run.sh @@ -1,12 +1,14 @@ #!/bin/bash ### This script relies on provided keytab file which will be ### be mounted to /etc/krb area -if [ -f /etc/krb ]; then +if [ -d /etc/krb ]; then + echo "Starting the kinit operation!" export keytab=/etc/krb/cmsweb.keytab principal=`klist -k "$keytab" | tail -1 | awk '{print $2}'` - kinit $principal -k -t "$keytab" 2>&1 1>& /dev/null + kinit $principal -k -t "$keytab" >/dev/null 2>&1 if [ $? == 1 ]; then echo "Unable to perform kinit operation for cmsweb keytab." exit 1 fi fi + diff --git a/helm/mongodb/values.yaml b/helm/mongodb/values.yaml index 879af464a..4d0257e6f 100644 --- a/helm/mongodb/values.yaml +++ b/helm/mongodb/values.yaml @@ -3,11 +3,11 @@ quickSetting: namespace: default env: test-rs image: - mongodb: registry.cern.ch/cmsweb/cmsmongo:HG2310a + mongodb: registry.cern.ch/cmsweb/cmsmongo:HG2310f-test pvc: - storageClassName: cpio1 + storageClassName: io1 accessMode: ReadWriteMany - storageSize: 1Ti + storageSize: 22Gi mongodbMountPath: "/mnt/NFS1/cluster5/defacement-detection-test-deployment-with-helm/" monitoring: jobName: "mongodb-exporter" From 4d6c15ab6d4b8eba0268f4e7dc3dd97968a8a371 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Fri, 3 Nov 2023 12:50:50 +0100 Subject: [PATCH 09/13] Fixing values.yaml --- helm/mongodb/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/mongodb/values.yaml b/helm/mongodb/values.yaml index 4d0257e6f..f64c6eaba 100644 --- a/helm/mongodb/values.yaml +++ b/helm/mongodb/values.yaml @@ -5,9 +5,9 @@ quickSetting: image: mongodb: registry.cern.ch/cmsweb/cmsmongo:HG2310f-test pvc: - storageClassName: io1 + storageClassName: cpio1 accessMode: ReadWriteMany - storageSize: 22Gi + storageSize: 1Ti mongodbMountPath: "/mnt/NFS1/cluster5/defacement-detection-test-deployment-with-helm/" monitoring: jobName: "mongodb-exporter" From 34a29aade19cea5dc778a84ae931385f628707ee Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Mon, 6 Nov 2023 17:00:27 +0100 Subject: [PATCH 10/13] Update mongo_manage.sh --- docker/mongodb/source/mongotools/mongo_manage.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/mongodb/source/mongotools/mongo_manage.sh b/docker/mongodb/source/mongotools/mongo_manage.sh index ad8c2ea2a..a1217a7ef 100755 --- a/docker/mongodb/source/mongotools/mongo_manage.sh +++ b/docker/mongodb/source/mongotools/mongo_manage.sh @@ -109,8 +109,9 @@ backup() for dbName in "${DB_NAME_ARRAY[@]}" do echo "Dumping database: $dbName" - - mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase=$AUTHDB --out="$BACKUP_DIR/$DATE" + if ! mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" --out "$BACKUP_DIR/$DATE/$dbName"; then + /data/tools/alerts.sh + fi done find $BACKUP_DIR -mindepth 1 -maxdepth 1 -type d -ctime +10 | xargs rm -rf; } From f724748d148668d450cd5cabec0fd9610616c73c Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Mon, 6 Nov 2023 17:03:49 +0100 Subject: [PATCH 11/13] Update mongo_manage.sh --- docker/mongodb/source/mongotools/mongo_manage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/mongodb/source/mongotools/mongo_manage.sh b/docker/mongodb/source/mongotools/mongo_manage.sh index a1217a7ef..ac59b8250 100755 --- a/docker/mongodb/source/mongotools/mongo_manage.sh +++ b/docker/mongodb/source/mongotools/mongo_manage.sh @@ -109,7 +109,7 @@ backup() for dbName in "${DB_NAME_ARRAY[@]}" do echo "Dumping database: $dbName" - if ! mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" --out "$BACKUP_DIR/$DATE/$dbName"; then + if ! mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" --out "$BACKUP_DIR/$DATE"; then /data/tools/alerts.sh fi done From d85be8208962215912286e394c559e1c723ff1b7 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Mon, 6 Nov 2023 17:13:31 +0100 Subject: [PATCH 12/13] Changes to alerts.sh to make it work. --- docker/mongodb/source/mongotools/alerts.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/mongodb/source/mongotools/alerts.sh b/docker/mongodb/source/mongotools/alerts.sh index f2ed49d98..2b5d0bf2b 100755 --- a/docker/mongodb/source/mongotools/alerts.sh +++ b/docker/mongodb/source/mongotools/alerts.sh @@ -5,6 +5,7 @@ msg="MongoDB backup cronjob failure" DATE=`date` host=`hostname` job="mongodb" -amhost="http://cms-monitoring.cern.ch:30093" -amtool alert add mongodb_cronjob_failure alertname="$msg" job="$job" host="$host" tag=mongodb alert=amtool service=cron --end="$expire" --annotation=summary="$msg" --annotation=date="$DATE" --alertmanager.url="$amhost" action=restart +tag="cmsweb" +amhost="http://cms-monitoring-ha1.cern.ch:30093" +amtool alert add mongodb_cronjob_failure alertname="$msg" tag="$tag" job="$job" host="$host" alert=amtool service=cron --end="$expire" --annotation=summary="$msg" --annotation=date="$DATE" --alertmanager.url="$amhost" action=restart amhost="http://cms-monitoring-ha1.cern.ch:30093" From ed0da8d3505458252114766a20d896ec36c475d1 Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Mon, 6 Nov 2023 18:19:36 +0100 Subject: [PATCH 13/13] Update mongo_manage.sh --- docker/mongodb/source/mongotools/mongo_manage.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker/mongodb/source/mongotools/mongo_manage.sh b/docker/mongodb/source/mongotools/mongo_manage.sh index ac59b8250..082cdf9fc 100755 --- a/docker/mongodb/source/mongotools/mongo_manage.sh +++ b/docker/mongodb/source/mongotools/mongo_manage.sh @@ -109,9 +109,11 @@ backup() for dbName in "${DB_NAME_ARRAY[@]}" do echo "Dumping database: $dbName" - if ! mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" --out "$BACKUP_DIR/$DATE"; then + if mongodump --uri "mongodb://$USERNAME:$PASSWORD@$URI/$dbName?replicaSet=$RS_NAME" --authenticationDatabase="$AUTHDB" --out "$BACKUP_DIR/$DATE"; then + echo "MongoDB backup for $dbName succeeded." + else + echo "MongoDB backup for $dbName failed. Running alerts.sh..." /data/tools/alerts.sh - fi done find $BACKUP_DIR -mindepth 1 -maxdepth 1 -type d -ctime +10 | xargs rm -rf; }