def execute_root_shell(command: Optional[str]):
"""Open a root shell on the mysql database. If a command is given
it is executed."""
compose_args = [
"exec",
"mysql",
"mysql",
"-u",
MYSQL_ROOT_USER,
f"-p{MYSQL_ROOT_PASSWORD}",
]
if command:
compose_args.insert(1, "-T")
compose_args.extend(["-e", command])
run_ddc_services(compose_args, exit_afterwards=True)
def execute_root_shell(command: Optional[str]):
"""Open a root shell on the MongoDB database. If a command is given
it is executed."""
compose_args = [
"exec",
"mongodb",
"mongo",
"--authenticationDatabase",
"admin",
"-u",
MONGODB_ROOT_USER,
f"-p{MONGODB_ROOT_PASSWORD}",
]
if command:
compose_args.insert(1, "-T")
compose_args.extend(["--eval", command])
run_ddc_services(compose_args, exit_afterwards=True)
def reset_rabbitmq(project):
"""Create rabbitmq vhost"""
from derex.runner.ddc import run_ddc_services
vhost = f"{project.name}_edxqueue"
args = [
"exec",
"-T",
"rabbitmq",
"sh",
"-c",
f"""rabbitmqctl add_vhost {vhost}
rabbitmqctl set_permissions -p {vhost} guest ".*" ".*" ".*"
""",
]
run_ddc_services(args, exit_afterwards=True)
click.echo(f"Rabbitmq vhost {vhost} created")
return 0
def update_minio(old_key: str):
"""Run minio to re-key data with the new secret. The output is very confusing, but it works.
If you read a red warning and "Rotation complete" at the end, it means rekeying has worked.
If your read your current SecretKey, it means the current credentials are correct and you don't need
to update your keys.
"""
from derex.runner.ddc import run_ddc_services
# We need to stop minio after it's done re-keying. To this end, we use the expect package
script = "apk add expect --no-cache "
# We need to make sure the current credentials are not working...
script += ' && expect -c "spawn /usr/bin/minio server /data; expect "Endpoint" { close; exit 1 }"'
# ..but the old ones are
script += f' && if MINIO_SECRET_KEY="{old_key}" expect -c \'spawn /usr/bin/minio server /data; expect "Endpoint" {{ close; exit 1 }}\'; then exit 1; fi'
script += f' && export MINIO_ACCESS_KEY_OLD="$MINIO_ACCESS_KEY" MINIO_SECRET_KEY_OLD="{old_key}"'
expected_string = "Rotation complete, please make sure to unset MINIO_ACCESS_KEY_OLD and MINIO_SECRET_KEY_OLD envs"
script += f" && expect -c 'spawn /usr/bin/minio server /data; expect \"{expected_string}\" {{ close; exit 0 }}'"
args = ["run", "--rm", "--entrypoint", "/bin/sh", "-T", "minio", "-c", script]
run_ddc_services(args, exit_afterwards=False)
click.echo("Minio server rekeying finished")
def reset_mysql_password(current_password: str):
"""Reset the mysql root user password."""
logger.info(f'Resetting password for mysql user "{MYSQL_ROOT_USER}"')
run_ddc_services(
[
"exec",
"mysql",
"mysql",
"-u",
MYSQL_ROOT_USER,
f"-p{current_password}",
"-e",
f"""SET PASSWORD FOR '{MYSQL_ROOT_USER}'@'localhost' = PASSWORD('{MYSQL_ROOT_PASSWORD}');
SET PASSWORD FOR '{MYSQL_ROOT_USER}'@'%' = PASSWORD('{MYSQL_ROOT_PASSWORD}');
GRANT ALL PRIVILEGES ON *.* TO '{MYSQL_ROOT_USER}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;""",
],
exit_afterwards=True,
)
def reset_mongodb_password(current_password: str = None):
"""Reset the mongodb root user password"""
mongo_command_args = [
"mongo",
"--authenticationDatabase",
"admin",
"admin",
"--eval",
f'"db.changeUserPassword(\\"{MONGODB_ROOT_USER}\\",'
f'\\"{MONGODB_ROOT_PASSWORD}\\");"',
]
if current_password:
mongo_command_args.extend(
["-u", MONGODB_ROOT_USER, f"-p{current_password}"])
mongo_command = " ".join(mongo_command_args)
compose_args = ["exec", "-T", "mongodb", "bash", "-c", f"{mongo_command}"]
run_ddc_services(compose_args, exit_afterwards=True)
return 0
def copy_database(source_db_name: str, destination_db_name: str):
"""Copy an existing MySQL database. This actually involves exporting and importing back
the database with a different name."""
create_database(destination_db_name)
logger.info(f"Copying database {source_db_name} to {destination_db_name}")
run_ddc_services(
[
"exec",
"-T",
"mysql",
"sh",
"-c",
f"""set -ex
mysqldump -u root -p{MYSQL_ROOT_PASSWORD} {source_db_name} --no-create-db |
mysql --user=root -p{MYSQL_ROOT_PASSWORD} {destination_db_name}
""",
]
)
logger.info(
f"Successfully copied database {source_db_name} to {destination_db_name}"
)
def minio_update_key(old_key: str):
"""Run minio to re-key data with the new secret"""
from derex.runner.ddc import run_ddc_services
from derex.runner.docker_utils import wait_for_service
from derex.runner.utils import derex_path
wait_for_service("minio")
MINIO_SCRIPT_PATH = derex_path(
"derex/runner/compose_files/minio-update-key.sh")
click.echo("Updating MinIO secret key...")
compose_args = [
"run",
"--rm",
"-v",
f"{MINIO_SCRIPT_PATH}:/minio-update-key.sh",
"-e",
f"MINIO_SECRET_KEY_OLD={old_key}",
"--entrypoint",
"/bin/sh",
"-T",
"minio",
"/minio-update-key.sh",
]
try:
run_ddc_services(compose_args)
except RuntimeError:
return 1
# We need to recreate the minio container since we can't set
# the new key in the running one
# https://github.com/moby/moby/issues/8838
# We'll let `docker-compose up` recreate it for us, if needed
click.echo("\nRecreating MinIO container...")
compose_args = ["up", "-d", "minio"]
run_ddc_services(compose_args)
wait_for_service("minio")
click.echo("\nMinIO secret key updated successfully!")
return 0