diff --git a/kube/services/jobs/psql-db-aurora-migration-job.yaml b/kube/services/jobs/psql-db-aurora-migration-job.yaml index 24a18c3f4..18a67349a 100644 --- a/kube/services/jobs/psql-db-aurora-migration-job.yaml +++ b/kube/services/jobs/psql-db-aurora-migration-job.yaml @@ -26,7 +26,7 @@ spec: operator: In values: - ONDEMAND - serviceAccountName: dbbackup-sa + serviceAccountName: psql-db-copy-sa containers: - name: pgdump image: quay.io/cdis/awshelper:master @@ -47,23 +47,29 @@ spec: - | source "${GEN3_HOME}/gen3/lib/utils.sh" gen3_load "gen3/gen3setup" - #set -x namespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) default_databases=($(echo -e "$(gen3 db services)" | sort -r)) date_str=$(date -u +%y%m%d_%H%M%S) databases=("${default_databases[@]}") - gen3_log_info "databases: $databases" + gen3_log_info "databases: ${databases[@]}" + # find Aurora Server credentials - aurora_creds=$(gen3 secrets decode dbfarm-g3auto servers.json) - aurora_server_name=$(gen3 secrets decode dbfarm-g3auto servers.json | jq -r 'keys[0]') - aurora_host_name=$(echo $aurora_creds | jq -r '.[] | select(.db_host | contains("aurora-cluster")) | .db_host') - aurora_master_username=$(echo $aurora_creds | jq -r '.[] | select(.db_host | contains("aurora-cluster")) | .db_username') - aurora_master_password=$(echo $aurora_creds | jq -r '.[] | select(.db_host | contains("aurora-cluster")) | .db_password') - aurora_master_database=$(echo $aurora_creds | jq -r '.[] | select(.db_host | contains("aurora-cluster")) | .db_database') - gen3_log_info "Aurora Creds: \n server_name: $aurora_server_name \n aurora_host_name: $aurora_host_name \n aurora_master_username: $aurora_master_username \n aurora_master_database: $aurora_master_database" + aurora_host_name=$(gen3 secrets decode aurora-creds creds.json | jq -r '.db_host') + aurora_master_username=$(gen3 secrets decode aurora-creds creds.json | jq -r '.db_username') + aurora_master_password=$(gen3 secrets decode aurora-creds creds.json | jq -r '.db_password') + aurora_master_database=$(gen3 secrets decode aurora-creds creds.json | jq -r '.db_database') + + gen3_log_info "Aurora Creds: \n aurora_host_name: $aurora_host_name \n aurora_master_username: $aurora_master_username \n aurora_master_database: $aurora_master_database" + + # Verify important variables are present + if [ -z "$aurora_host_name" ] || [ -z "$aurora_master_username" ] || [ -z "$aurora_master_password" ] || [ -z "$aurora_master_database" ]; then + gen3_log_err "Aurora credentials are missing. Exiting." + exit 1 + fi + new_resources="" - # Looping through each database to: + # Looping through each service to: # - Extract the database credentials. # - Check if the user already exists, if not, create the user. # - Grant required privileges. @@ -77,7 +83,7 @@ spec: db_username=$(echo $creds | jq -r .db_username) db_password=$(echo $creds | jq -r .db_password) db_database=$(echo $creds | jq -r .db_database) - gen3_log_info "$secret_name: \n $creds" + gen3_log_info "Extracting service credentials for $database from $secret_name: \n db_hostname: $db_hostname \n db_username: $db_username \n db_database: $db_database \n" break fi done @@ -95,7 +101,7 @@ spec: if [ $? -eq 0 ]; then gen3_log_info "User ${database}_user_${namespace}, password already exists" else - gen3 psql "$aurora_server_name" -c "CREATE USER \"${database}_user_${namespace}\" WITH PASSWORD '$db_password' CREATEDB" + gen3 psql aurora -c "CREATE USER \"${database}_user_${namespace}\" WITH PASSWORD '$db_password' CREATEDB" if [ $? -ne 0 ]; then gen3_log_err "Failed to create user for $database" continue @@ -105,13 +111,13 @@ spec: fi if [ "$database" == "peregrine" ]; then - gen3 psql "$aurora_server_name" -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \"${database}_user_${namespace}\"" + gen3 psql aurora -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \"${database}_user_${namespace}\"" if [ $? -ne 0 ]; then gen3_log_err "Failed to grant access to sheepdog tables for peregrine user" continue else gen3_log_info "Access to sheepdog tables granted successfully for peregrine user" - new_resources="${new_resources}\nUser: ${database}_user_${namespace}, Password: $aurora_master_password" + new_resources="${new_resources}\nUser: ${database}_user_${namespace}" continue fi fi @@ -123,7 +129,7 @@ spec: continue else gen3_log_info "Database ${database}_${namespace}_${date_str} created successfully" - new_resources="${new_resources}\nDatabase: ${database}_${namespace}_${date_str}, User: ${database}_user_${namespace}, Password: $db_password" + new_resources="${new_resources}\nDatabase: ${database}_${namespace}_${date_str}, User: ${database}_user_${namespace}" fi # Backup the current database and restore it to the newly created database.