def _init_ckan_infra_secret(instance_id, dry_run=False): logs.debug('Initializing ckan infra secret', instance_id=instance_id) ckan_infra = config_manager.get(secret_name='ckan-infra', namespace=instance_id, required=False) if ckan_infra: logs.info('ckan-infra secret already exists') else: admin_user, admin_password, db_name = db_manager.get_admin_db_credentials( ) db_host, db_port = db_manager.get_internal_unproxied_db_host_port() assert int(db_port) == 5432 logs.debug('Creating ckan-infra secret', admin_user=admin_user, admin_password=admin_password, db_name=db_name, db_host=db_host, db_port=db_port) config_manager.set(values={ 'POSTGRES_HOST': db_host, 'POSTGRES_PASSWORD': admin_password, 'POSTGRES_USER': admin_user }, secret_name='ckan-infra', namespace=instance_id, dry_run=dry_run)
def start(): print('\n'.join([ '', '\nadmin db credentials:\n' + str(db_manager.get_admin_db_credentials()), '\ninternal proxy host / port:\n' + str(db_manager.get_internal_proxy_host_port()), '\ninternal unproxied host / port:\n' + str(db_manager.get_internal_unproxied_db_host_port()), '\n' ])) deployment_name = _get_resource_name() kubectl.check_call(f'port-forward deployment/{deployment_name} 8080')
def _init_ckan_infra_secret(instance_id): ckan_infra = config_manager.get(secret_name='ckan-infra', namespace=instance_id, required=False) if ckan_infra: print('ckan-infra secret already exists') else: admin_user, admin_password, db_name = db_manager.get_admin_db_credentials( ) db_host, db_port = db_manager.get_internal_unproxied_db_host_port() assert int(db_port) == 5432 config_manager.set(values={ 'POSTGRES_HOST': db_host, 'POSTGRES_PASSWORD': admin_password, 'POSTGRES_USER': admin_user }, secret_name='ckan-infra', namespace=instance_id)
def _apply_config_secret(force=False): update_dbs = {} update_users = {} try: dbs, users = db_manager.get_all_dbs_users() except Exception: if force: traceback.print_exc() dbs, users = [], [] else: raise for db_name, db_host, db_port in dbs: assert db_name not in update_dbs update_dbs[ db_name] = f'{db_name} = host={db_host} port={db_port} dbname={db_name}' for name, password in users: assert name not in users update_users[name] = password pg_bouncer_ini = ["[databases]"] for db_name, line in update_dbs.items(): pg_bouncer_ini.append(line) db_admin_user, _, _ = db_manager.get_admin_db_credentials() # see https://pgbouncer.github.io/config.html pool_mode = _config_get('pool-mode', 'transaction') pg_bouncer_ini += [ "", "[pgbouncer]", "listen_port = 5432", "listen_addr = 0.0.0.0", "auth_type = md5", "auth_file = /var/local/pgbouncer/users.txt", "logfile = /var/log/pgbouncer/pgbouncer.log", "pidfile = /var/run/pgbouncer/pgbouncer.pid", f"pool_mode = {pool_mode}", *([ "default_pool_size = 8", "reserve_pool_size = 8", "max_client_conn = 5000", "server_round_robin = 1", "listen_backlog = 8192", "server_idle_timeout = 60", "server_lifetime = 600", ] if pool_mode == 'transaction' else [ "default_pool_size = 10", "reserve_pool_size = 20", "max_client_conn = 5000", "server_round_robin = 1", "listen_backlog = 8192", "server_idle_timeout = 5", "server_lifetime = 0", ]), f"admin_users = {db_admin_user}", ] users_txt = [] for name, password in update_users.items(): users_txt.append(f'"{name}" "{password}"') updated_secret = { 'pgbouncer.ini': "\n".join(pg_bouncer_ini), 'users.txt': "\n".join(users_txt) } _config_set(values=updated_secret, is_secret=True)