def _init_ckan_infra_secret(instance_id, dry_run=False):
logs.debug('Initializing ckan infra secret', instance_id=instance_id)
ckan_infra = config_manager.get(secret_name='ckan-infra',
namespace=instance_id,
required=False)
if ckan_infra:
logs.info('ckan-infra secret already exists')
else:
admin_user, admin_password, db_name = db_manager.get_admin_db_credentials(
)
db_host, db_port = db_manager.get_internal_unproxied_db_host_port()
assert int(db_port) == 5432
logs.debug('Creating ckan-infra secret',
admin_user=admin_user,
admin_password=admin_password,
db_name=db_name,
db_host=db_host,
db_port=db_port)
config_manager.set(values={
'POSTGRES_HOST': db_host,
'POSTGRES_PASSWORD': admin_password,
'POSTGRES_USER': admin_user
},
secret_name='ckan-infra',
namespace=instance_id,
dry_run=dry_run)
def start():
print('\n'.join([
'', '\nadmin db credentials:\n' +
str(db_manager.get_admin_db_credentials()),
'\ninternal proxy host / port:\n' +
str(db_manager.get_internal_proxy_host_port()),
'\ninternal unproxied host / port:\n' +
str(db_manager.get_internal_unproxied_db_host_port()), '\n'
]))
deployment_name = _get_resource_name()
kubectl.check_call(f'port-forward deployment/{deployment_name} 8080')
def _init_ckan_infra_secret(instance_id):
ckan_infra = config_manager.get(secret_name='ckan-infra',
namespace=instance_id,
required=False)
if ckan_infra:
print('ckan-infra secret already exists')
else:
admin_user, admin_password, db_name = db_manager.get_admin_db_credentials(
)
db_host, db_port = db_manager.get_internal_unproxied_db_host_port()
assert int(db_port) == 5432
config_manager.set(values={
'POSTGRES_HOST': db_host,
'POSTGRES_PASSWORD': admin_password,
'POSTGRES_USER': admin_user
},
secret_name='ckan-infra',
namespace=instance_id)
def _apply_config_secret(force=False):
update_dbs = {}
update_users = {}
try:
dbs, users = db_manager.get_all_dbs_users()
except Exception:
if force:
traceback.print_exc()
dbs, users = [], []
else:
raise
for db_name, db_host, db_port in dbs:
assert db_name not in update_dbs
update_dbs[
db_name] = f'{db_name} = host={db_host} port={db_port} dbname={db_name}'
for name, password in users:
assert name not in users
update_users[name] = password
pg_bouncer_ini = ["[databases]"]
for db_name, line in update_dbs.items():
pg_bouncer_ini.append(line)
db_admin_user, _, _ = db_manager.get_admin_db_credentials()
# see https://pgbouncer.github.io/config.html
pool_mode = _config_get('pool-mode', 'transaction')
pg_bouncer_ini += [
"",
"[pgbouncer]",
"listen_port = 5432",
"listen_addr = 0.0.0.0",
"auth_type = md5",
"auth_file = /var/local/pgbouncer/users.txt",
"logfile = /var/log/pgbouncer/pgbouncer.log",
"pidfile = /var/run/pgbouncer/pgbouncer.pid",
f"pool_mode = {pool_mode}",
*([
"default_pool_size = 8",
"reserve_pool_size = 8",
"max_client_conn = 5000",
"server_round_robin = 1",
"listen_backlog = 8192",
"server_idle_timeout = 60",
"server_lifetime = 600",
] if pool_mode == 'transaction' else [
"default_pool_size = 10",
"reserve_pool_size = 20",
"max_client_conn = 5000",
"server_round_robin = 1",
"listen_backlog = 8192",
"server_idle_timeout = 5",
"server_lifetime = 0",
]),
f"admin_users = {db_admin_user}",
]
users_txt = []
for name, password in update_users.items():
users_txt.append(f'"{name}" "{password}"')
updated_secret = {
'pgbouncer.ini': "\n".join(pg_bouncer_ini),
'users.txt': "\n".join(users_txt)
}
_config_set(values=updated_secret, is_secret=True)