Update the URL value in the ROKS URL field in the platform-auth-idp c…

…onfigmap (#2326) * add common-web-ui-config cm to labeling script Signed-off-by: Ben Luzarraga <[email protected]> * update roks url value Signed-off-by: Ben Luzarraga <[email protected]> * update permissions Signed-off-by: Ben Luzarraga <[email protected]> * add new version of script Signed-off-by: Ben Luzarraga <[email protected]> * change file name Signed-off-by: Ben Luzarraga <[email protected]> * add platform-auth-idp to labeling script Signed-off-by: Ben Luzarraga <[email protected]> * alter how route is applied Signed-off-by: Ben Luzarraga <[email protected]> * update permissions and file location Signed-off-by: Ben Luzarraga <[email protected]> * update typo Signed-off-by: Ben Luzarraga <[email protected]> * add 1 to cut len Signed-off-by: Ben Luzarraga <[email protected]> * edit patch command Signed-off-by: Ben Luzarraga <[email protected]> --------- Signed-off-by: Ben Luzarraga <[email protected]>
IBM · Dec 18, 2024 · f9cf1ac · f9cf1ac
1 parent 6cfa446
commit f9cf1ac
Show file tree

Hide file tree

Showing 4 changed files with 287 additions and 0 deletions.
diff --git a/velero/backup/common-service/label-common-service.sh b/velero/backup/common-service/label-common-service.sh
@@ -310,6 +310,7 @@ function label_configmap() {
     ${OC} label configmap common-service-maps foundationservices.cloudpak.ibm.com=configmap -n kube-public --overwrite=true 2>/dev/null
     ${OC} label configmap cs-onprem-tenant-config foundationservices.cloudpak.ibm.com=configmap -n $SERVICES_NS --overwrite=true 2>/dev/null
     ${OC} label configmap common-web-ui-config foundationservices.cloudpak.ibm.com=configmap -n $SERVICES_NS --overwrite=true 2>/dev/null
+    ${OC} label configmap platform-auth-idp foundationservices.cloudpak.ibm.com=configmap -n $SERVICES_NS --overwrite=true 2>/dev/null
     echo ""
 }
 

diff --git a/velero/schedule/common-service-db/cs-db-br-script-cm-4.6.10.4.11.yaml b/velero/schedule/common-service-db/cs-db-br-script-cm-4.6.10.4.11.yaml
@@ -0,0 +1,228 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cs-db-br-configmap
+  namespace: <cs-db namespace>
+  labels:
+    foundationservices.cloudpak.ibm.com: cs-db-data
+data:
+  br_cs-db.sh: |
+    #!/usr/bin/env bash
+
+    # Licensed Materials - Property of IBM
+    # Copyright IBM Corporation 2024. All Rights Reserved
+    # US Government Users Restricted Rights -
+    # Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
+    #
+    # This is an internal component, bundled with an official IBM product.
+    # Please refer to that particular license for additional information.
+
+    # ---------- Command arguments ----------
+
+    set -o errtrace
+    set -o errexit
+
+    MODE=$1
+    CSDB_NAMESPACE=$2
+    CLUSTER_CR=common-service-db
+
+    BACKUP_DIR=/cs-db/cs-db-backup
+
+    function main {
+        EMBEDDED=$(oc get cm -n $CSDB_NAMESPACE common-service-db-im -o jsonpath='{.data.IS_EMBEDDED}{"\n"}')
+        if [[ $MODE == "backup" ]]; then
+            save_log "logs" "backup_log"
+            trap cleanup_log EXIT
+            info "Mode set to backup, beginning backup process."
+            backup
+            success "Backup completed successfully."
+        elif [[ $MODE == "restore" ]]; then
+            save_log "logs" "restore_log"
+            trap cleanup_log EXIT
+            info "Mode is set to restore, beginning restore process."
+            restore
+            success "Restore completed successfully."
+        else
+            error "Mode selected is $MODE. Please use either \"backup\" or \"restore\"."
+        fi
+    }
+
+    function backup {
+        if [[ $EMBEDDED == "true" ]] || [[ -z $EMBEDDED ]]; then
+            info "Embedded Postgres DB in use, beginning backup."
+            mkdir -p $BACKUP_DIR/database
+            CNPG_PRIMARY_POD=`oc get cluster.postgresql.k8s.enterprisedb.io common-service-db -o jsonpath="{.status.currentPrimary}" -n $CSDB_NAMESPACE` && \
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- mkdir -p /run/cs-db_backup && \
+            info "Beginning backup of cloudpak database..."
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_dump -v --username=postgres --dbname=cloudpak -f /run/cs-db_backup/cs-db_cloudpak_backup.dump --format=c
+            info "Beginning backup of im database..."
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_dump -v --username=postgres --dbname=im -f /run/cs-db_backup/cs-db_im_backup.dump --format=c
+            info "Beginning backup of zen database..."
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_dump -v --username=postgres --dbname=zen -f /run/cs-db_backup/cs-db_zen_backup.dump --format=c
+            ACCOUNT_IAM=$(oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- psql -U postgres -c "\list" | grep "account_iam" || echo False)
+            if [[ $ACCOUNT_IAM != "False" ]]; then
+                info "Beginning backup of account_iam database..."
+                oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_dump -v --username=postgres --dbname=account_iam -f /run/cs-db_backup/cs-db_account_iam_backup.dump --format=c
+            fi
+
+            #Move backup to backup location
+            info "Copy backup file."
+            oc cp $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_cloudpak_backup.dump $BACKUP_DIR/database/cs-db_cloudpak_backup.dump
+            oc cp $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_im_backup.dump $BACKUP_DIR/database/cs-db_im_backup.dump
+            oc cp $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_zen_backup.dump $BACKUP_DIR/database/cs-db_zen_backup.dump
+            if [[ $ACCOUNT_IAM != "False" ]]; then
+                oc cp $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_account_iam_backup.dump $BACKUP_DIR/database/cs-db_account_iam_backup.dump
+            fi
+        else
+            info "External Postgres DB in use, skipping backup."
+        fi
+
+    }
+
+    function restore {
+
+        if [[ $EMBEDDED == "true" ]] || [[ -z $EMBEDDED ]]; then
+            info "Embedded Postgres DB in use, beginning data restore."
+            wait_for_cluster_cr
+            CNPG_PRIMARY_POD=`oc get cluster.postgresql.k8s.enterprisedb.io common-service-db -o jsonpath="{.status.currentPrimary}" -n $CSDB_NAMESPACE` 
+            oc exec $CNPG_PRIMARY_POD -n $CSDB_NAMESPACE -- mkdir -p /run/cs-db_backup
+            oc cp $BACKUP_DIR/database/cs-db_cloudpak_backup.dump $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_cloudpak_backup.dump
+            oc cp $BACKUP_DIR/database/cs-db_im_backup.dump $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_im_backup.dump
+            oc cp $BACKUP_DIR/database/cs-db_zen_backup.dump $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_zen_backup.dump
+            ACCOUNT_IAM=$(ls $BACKUP_DIR/database/ | grep "cs-db_account_iam_backup.dump" || echo False)
+            if [[ $ACCOUNT_IAM != "False" ]]; then
+                oc cp $BACKUP_DIR/database/cs-db_account_iam_backup.dump $CSDB_NAMESPACE/$CNPG_PRIMARY_POD:/run/cs-db_backup/cs-db_account_iam_backup.dump        
+            fi
+            
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- psql -U postgres -c "\list" -c "\dn" -c "\du"
+            info "Beginning restore of cloudpak database..."
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_restore -U postgres --dbname cloudpak --format=c --clean --exit-on-error -v /run/cs-db_backup/cs-db_cloudpak_backup.dump
+            info "Beginning restore of im database..."
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_restore -U postgres --dbname im --format=c --clean --exit-on-error -v /run/cs-db_backup/cs-db_im_backup.dump
+            info "Beginning restore of zen database..."
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_restore -U postgres --dbname zen --format=c --clean --exit-on-error -v /run/cs-db_backup/cs-db_zen_backup.dump
+            if [[ $ACCOUNT_IAM != "False" ]]; then
+                info "Beginning restore of account_iam database..."
+                oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_restore -U postgres --dbname account_iam --format=c --clean --exit-on-error -v /run/cs-db_backup/cs-db_account_iam_backup.dump        
+            fi
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- psql -U postgres -c "\list" -c "\dn" -c "\du"
+        else
+            info "External Postgres DB in use, skipping data restore."
+        fi
+        
+        info "Rerunning OIDC registration job..."
+        oc -n $CSDB_NAMESPACE get job oidc-client-registration -o yaml > /tmp/oidc-client-registration.yaml
+        oc -n $CSDB_NAMESPACE delete job oidc-client-registration
+        yq -i 'del(.metadata.creationTimestamp) | del(.metadata.managedFields) | del(.metadata.resourceVersion) | del(.metadata.uid) | del(.spec.selector) | del(.spec.template.metadata.labels) | del(.status)' /tmp/oidc-client-registration.yaml || error "Failed to remove metadata fields from temp oidc client registration yaml for namespace ${CSDB_NAMESPACE}."
+        info "Wait for previous job to delete..."
+        sleep 30
+        oc apply -f /tmp/oidc-client-registration.yaml
+        rm -f /tmp/oidc-client-registration.yaml
+        wait_for_oidc
+    }
+
+    function wait_for_oidc {
+        job_name="oidc-client-registration"
+        info "Waiting for job $job_name to complete in namespace $CSDB_NAMESPACE."
+        job_exists=$(oc get job $job_name -n $CSDB_NAMESPACE --no-headers || echo fail)
+        if [[ $job_exists != "fail" ]]; then
+            completed=$(oc get job $job_name -n $CSDB_NAMESPACE --no-headers | awk '{print $2}')
+            retry_count=20
+            while [[ $completed != "1/1" ]] && [[ $retry_count > 0 ]]
+            do
+                info "Wait for job $job_name to complete. Try again in 15s."
+                sleep 15
+                completed=$(oc get job $job_name -n $CSDB_NAMESPACE --no-headers | awk '{print $2}')
+                retry_count=$retry_count-1
+            done
+
+            if [[ $retry_count == 0 ]] && [[ $completed != "1/1" ]]; then
+                error "Timed out waiting for job $job_name."
+            else
+                info "Job $job_name completed."
+            fi
+        else
+            error "Job $job_name not present."
+        fi
+    }
+
+    function wait_for_cluster_cr {
+        info "Waiting for EDB Cluster CR $CLUSTER_CR to complete in namespace $CSDB_NAMESPACE."
+        cluster_cr_exists=$(oc get clusters.postgresql.k8s.enterprisedb.io $CLUSTER_CR -n $CSDB_NAMESPACE --no-headers || echo fail)
+        if [[ $cluster_cr_exists != "fail" ]]; then
+            completed=$(oc get clusters.postgresql.k8s.enterprisedb.io $CLUSTER_CR -n $CSDB_NAMESPACE -o=jsonpath='{.status.phase}')
+            retry_count=40
+            while [[ $completed != "Cluster in healthy state" ]] && [[ $retry_count > 0 ]]
+            do
+                info "Wait for cluster $CLUSTER_CR to complete. Try again in 15s."
+                sleep 15
+                completed=$(oc get clusters.postgresql.k8s.enterprisedb.io $CLUSTER_CR -n $CSDB_NAMESPACE -o=jsonpath='{.status.phase}')
+                retry_count=$retry_count-1
+            done
+
+            if [[ $retry_count == 0 ]] && [[ $completed != "1/1" ]]; then
+                error "Timed out waiting for cluster $CLUSTER_CR."
+            else
+                info "EDB cluster $CLUSTER_CR ready."
+            fi
+        else
+            error "EDB cluster $CLUSTER_CR not present."
+        fi
+    }
+
+    function save_log(){
+        local LOG_DIR="$BACKUP_DIR/$1"
+        LOG_FILE="$LOG_DIR/$2_$(date +'%Y%m%d%H%M%S').log"
+
+        if [[ ! -d $LOG_DIR ]]; then
+            mkdir -p "$LOG_DIR"
+        fi
+
+        # Create a named pipe
+        PIPE=$(mktemp -u)
+        mkfifo "$PIPE"
+
+        # Tee the output to both the log file and the terminal
+        tee "$LOG_FILE" < "$PIPE" &
+
+        # Redirect stdout and stderr to the named pipe
+        exec > "$PIPE" 2>&1
+
+        # Remove the named pipe
+        rm "$PIPE"
+    }
+
+    function cleanup_log() {
+        # Check if the log file already exists
+        if [[ -e $LOG_FILE ]]; then
+            # Remove ANSI escape sequences from log file
+            sed -E 's/\x1B\[[0-9;]+[A-Za-z]//g' "$LOG_FILE" > "$LOG_FILE.tmp" && mv "$LOG_FILE.tmp" "$LOG_FILE"
+        fi
+    }
+
+    function msg() {
+        printf '%b\n' "$1"
+    }
+
+    function success() {
+        msg "\33[32m[✔] ${1}\33[0m"
+    }
+
+    function warning() {
+        msg "\33[33m[✗] ${1}\33[0m"
+    }
+
+    function error() {
+        msg "\33[31m[✘] ${1}\33[0m"
+        exit 1
+    }
+
+    function title() {
+        msg "\33[34m# ${1}\33[0m"
+    }
+
+    function info() {
+        msg "[INFO] ${1}"
+    }
+
+    main $*
diff --git a/velero/schedule/common-service-db/cs-db-br-script-cm.yaml b/velero/schedule/common-service-db/cs-db-br-script-cm.yaml
@@ -6,6 +6,29 @@ metadata:
   labels:
     foundationservices.cloudpak.ibm.com: cs-db-data
 data:
+  dummy_route.yaml: |
+    apiVersion: route.openshift.io/v1
+    kind: Route
+    metadata:
+        annotations:
+            haproxy.router.openshift.io/pod-concurrent-connections: "100"
+            haproxy.router.openshift.io/rate-limit-connections: "true"
+            haproxy.router.openshift.io/rate-limit-connections.concurrent-tcp: "100"
+            haproxy.router.openshift.io/rate-limit-connections.rate-http: "100"
+            haproxy.router.openshift.io/rate-limit-connections.rate-tcp: "100"
+            haproxy.router.openshift.io/timeout: 90s
+        name: dummy
+    spec:
+        path: /
+        port:
+            targetPort: 43
+            insecureEdgeTerminationPolicy: Redirect
+            termination: reencrypt
+        wildcardPolicy: None
+        to:
+            kind: Service
+            name: common-web-ui
+            weight: 100
   br_cs-db.sh: |
     #!/usr/bin/env bash
 
@@ -110,6 +133,8 @@ data:
             info "External Postgres DB in use, skipping data restore."
         fi
 
+        update_ROKS_URL
+
         info "Rerunning OIDC registration job..."
         oc -n $CSDB_NAMESPACE get job oidc-client-registration -o yaml > /tmp/oidc-client-registration.yaml
         oc -n $CSDB_NAMESPACE delete job oidc-client-registration
@@ -170,6 +195,36 @@ data:
         fi
     }
 
+    function update_ROKS_URL(){
+        info "Creating dummy route to update ROKS_URL value..."
+        #create dummy route
+        oc apply -f cs-db/dummy_route.yaml -n $CSDB_NAMESPACE
+        
+        #take domain value of route
+        #looks something like dummy-<namespace>.apps.<domain>.cp.fyre.ibm.com
+        #interested in everything after "apps."
+        info "Grabbing new hostname..."
+        dummy_hostname=$(oc get route dummy -n $CSDB_NAMESPACE -o jsonpath='{.spec.host}')
+        len_ns_str=${#CSDB_NAMESPACE}
+        
+        #add the length of the namespace to the length of word "dummy". Also include length of "apps" and the two periods
+        cut_len=$(($len_ns_str+12))
+        
+        #build correct string
+        actual_hostname=${dummy_hostname:cut_len}
+        info "New hostname: $actual_hostname"
+        new_ROKS_URL="https://oauth-openshift.apps.$actual_hostname"
+        info "New ROKS_URL value: $new_ROKS_URL"
+        
+        #replace value in platform-auth-idp cm
+        info "Updating ROKS_URL value in platform-auth-idp configmap..."
+        oc patch cm platform-auth-idp -n $CSDB_NAMESPACE --type merge --patch '{"data":{"ROKS_URL":"'${new_ROKS_URL}'"}}'
+        
+        #delete dummy route
+        info "Deleting dummy route from namespace $CSDB_NAMESPACE..."
+        oc delete route dummy -n $CSDB_NAMESPACE
+    }
+
     function save_log(){
         local LOG_DIR="$BACKUP_DIR/$1"
         LOG_FILE="$LOG_DIR/$2_$(date +'%Y%m%d%H%M%S').log"

diff --git a/velero/schedule/common-service-db/cs-db-role.yaml b/velero/schedule/common-service-db/cs-db-role.yaml
@@ -20,6 +20,7 @@ rules:
       - extensions
       - apps
       - policy
+      - route.openshift.io
     resources:
       - pods
       - pods/log
@@ -33,6 +34,8 @@ rules:
       - pods/status
       - jobs
       - secrets
+      - configmaps
+      - routes
   - verbs:
       - get
       - list