Skip to content

Commit

Permalink
Init database pipeline tasks
Browse files Browse the repository at this point in the history
The previous postgres job was doing some work to initialise
the databases: create roles, create databases, enable extensions.

Most of this work should have been done with the postgres terraform
provider, but it has bugs and can't destroy the resources properly:
hashicorp/terraform#5340

When this is fixed, we can move the create role and db tasks to
terraform, but we still need to enable extensions.
  • Loading branch information
saliceti committed Mar 1, 2016
1 parent 1e65e9f commit 8233cc8
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 0 deletions.
35 changes: 35 additions & 0 deletions concourse/pipelines/deploy-cloudfoundry.yml
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,41 @@ jobs:
params:
file: terraform/cf.tfstate

- task: extract-cf-terraform-outputs
config:
platform: linux
image: docker:///ruby#2.2.3-slim
inputs:
- name: paas-cf
- name: cf-tfstate
run:
path: sh
args:
- -e
- -c
- |
SCPATH="./paas-cf/concourse/scripts"
SCFILE="extract_tf_vars_from_terraform_state.rb"
$SCPATH/$SCFILE < cf-tfstate/cf.tfstate > cf.tfstate.sh
ls -l cf.tfstate.sh
- task: init-db
config:
image: docker:///governmentpaas/psql
inputs:
- name: terraform-variables
- name: paas-cf
- name: extract-cf-terraform-outputs
run:
path: sh
args:
- -e
- -c
- |
. terraform-variables/cf-secrets.tfvars.sh
. extract-cf-terraform-outputs/cf.tfstate.sh
paas-cf/manifests/cf-manifest/scripts/create-cf-dbs.sh
- name: generate-cf-certs
serial_groups: [ deploy ]
serial: true
Expand Down
32 changes: 32 additions & 0 deletions manifests/cf-manifest/scripts/create-cf-dbs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/bin/sh
set -e

# Check environment variables
export PGPASSWORD=${TF_VAR_secrets_cf_db_master_password:?}
api_pass=${TF_VAR_secrets_cf_db_api_password:?}
uaa_pass=${TF_VAR_secrets_cf_db_uaa_password:?}
db_address=${TF_VAR_cf_db_address:?}

connect_str="-h ${db_address} -U dbadmin"

# Create roles
psql "${connect_str}" -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'api'" \
| grep -q 'api' || psql "${connect_str}" -d postgres \
-c "CREATE USER api WITH PASSWORD '${api_pass}' ROLE dbadmin"

psql "${connect_str}" -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'uaa'" \
| grep -q 'uaa' || psql "${connect_str}" -d postgres \
-c "CREATE USER uaa WITH PASSWORD '${uaa_pass}' ROLE dbadmin"

for db in api uaa; do

# Create database
psql "${connect_str}" -d postgres -l | grep -q " ${db} " || \
psql "${connect_str}" -d postgres -c "CREATE DATABASE ${db} OWNER ${db}"

# Enable extensions
for ext in citext pgcrypto pg_stat_statements; do
psql "${connect_str}" -d "${db}" -c "CREATE EXTENSION IF NOT EXISTS ${ext}"
done

done

0 comments on commit 8233cc8

Please sign in to comment.