Skip to content

Commit

Permalink
Init database pipeline tasks
Browse files Browse the repository at this point in the history
The previous postgres job was doing some work to initialise
the databases: create roles, create databases, enable extensions.

Most of this work should have been done with the postgres terraform
provider, but it has bugs and can't destroy the resources properly:
hashicorp/terraform#5340

When this is fixed, we can move the create role and db tasks to
terraform, but we still need to enable extensions.
  • Loading branch information
saliceti committed Feb 29, 2016
1 parent 3939c83 commit 2733f92
Showing 1 changed file with 54 additions and 0 deletions.
54 changes: 54 additions & 0 deletions concourse/pipelines/deploy-cloudfoundry.yml
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,60 @@ jobs:
params:
file: terraform/cf.tfstate

- task: extract-cf-terraform-outputs
config:
platform: linux
image: docker:///ruby#2.2.3-slim
inputs:
- name: paas-cf
- name: cf-tfstate
run:
path: sh
args:
- -e
- -c
- |
SCPATH="./paas-cf/concourse/scripts"
SCFILE="extract_tf_vars_from_terraform_state.rb"
$SCPATH/$SCFILE < cf-tfstate/cf.tfstate > cf.tfstate.sh
ls -l cf.tfstate.sh
- task: init-db
config:
image: docker:///governmentpaas/psql
inputs:
- name: terraform-variables
- name: paas-cf
- name: extract-cf-terraform-outputs
run:
path: sh
args:
- -e
- -c
- |
. terraform-variables/cf-secrets.tfvars.sh
. extract-cf-terraform-outputs/cf.tfstate.sh
export PGPASSWORD=${TF_VAR_secrets_cf_db_master_password}
connect_str="-h ${TF_VAR_cf_db_address} -U dbadmin"
# Create roles
psql ${connect_str} -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'api'" \
| grep -q 'api' || psql ${connect_str} -d postgres \
-c "CREATE USER api WITH PASSWORD '${TF_VAR_secrets_cf_db_api_password}' ROLE dbadmin"
psql ${connect_str} -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'uaa'" \
| grep -q 'uaa' || psql ${connect_str} -d postgres \
-c "CREATE USER uaa WITH PASSWORD '${TF_VAR_secrets_cf_db_uaa_password}' ROLE dbadmin"
for db in api uaa; do
# Create database
psql ${connect_str} -d postgres -l | grep -q " ${db} " || \
psql ${connect_str} -d postgres -c "CREATE DATABASE ${db} OWNER ${db}"
# Enable extensions
for ext in citext pgcrypto pg_stat_statements; do
psql ${connect_str} -d ${db} -c "CREATE EXTENSION IF NOT EXISTS ${ext}"
done
done
- name: generate-cf-certs
serial_groups: [ deploy ]
serial: true
Expand Down

0 comments on commit 2733f92

Please sign in to comment.