privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Compare commits

base: privatevoid.net:4f935baa3715a0702e5e65d0a63e52979f84dfdb
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
..
compare: privatevoid.net:af189ec1c3386f81594a31e9732757d409b08005
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin

24 commits
4f935baa37 ... af189ec1c3

Author SHA1 Message Date
Max
af189ec1c3 cluster/services/storage: register existing keys and buckets in incandescence 2024-08-15 01:15:02 +02:00
Max
a273cbc87d cluster/services/consul: implement runConsul incantation 2024-08-15 01:15:02 +02:00
Max
8826ec5593 cluster/services/forge: define db 2024-08-15 01:15:02 +02:00
Max
f8c018b0de cluster/services/storage: define snakeoil passphrase for heresy, ensure encryption 2024-08-15 01:15:02 +02:00
Max
799b767bcd cluster/services/ways: add simulacrum deps 2024-08-15 01:15:02 +02:00
Max
4c85ab3dd4 cluster/services/storage: use recursive simulacrum deps 2024-08-15 01:15:02 +02:00
Max
eda4c2d9c5 cluster/services/acme-client: implement augment for external ACME services 2024-08-15 01:15:02 +02:00
Max
c405cbb507 cluster/services/forge: use forService 2024-08-15 01:15:02 +02:00
Max
e45b997644 cluster/services/dns: use patroni incandescence 2024-08-15 01:15:02 +02:00
Max
9cb866c828 modules/external-storage: implement detectFs for s3c4 2024-08-15 01:15:02 +02:00
Max
365ef7185c cluster/services/storage: use locksmith secrets for external storage 2024-08-15 01:15:02 +02:00
Max
788f3a82a3 cluster/services/storage: adjust test 2024-08-15 01:15:02 +02:00
Max
6bcbf206a3 cluster/services/storage: use incandescence 2024-08-15 01:15:02 +02:00
Max
dff2474a61 modules/external-storage: support locksmith secrets 2024-08-15 01:15:02 +02:00
Max
2f3911ab01 cluster/services/storage: implement s3ql key format 2024-08-15 01:15:02 +02:00
Max
ff5681b1d3 cluster/services/hercules-ci-multi-agent: use forService 2024-08-15 01:15:02 +02:00
Max
9ff3a41b94 cluster/services/monitoring: use forService 2024-08-15 01:15:02 +02:00
Max
fd0d6a30e7 checks/garage: drop 2024-08-15 01:15:02 +02:00
Max
e6b17a48e9 cluster/services/forge: use forService 2024-08-15 01:15:02 +02:00
Max
7f7d2b5a49 cluster/services/attic: use forService 2024-08-15 01:15:02 +02:00
Max
64f0442efe cluster/services/storage: test in simulacrum 2024-08-15 01:15:02 +02:00
Max
544af90172 cluster/catalog: support snakeoil secrets 2024-08-15 01:15:02 +02:00
Max
5257d4e70b cluster/services/patroni: test takeovers 2024-08-15 01:07:22 +02:00
Max
c5a8cfe852 cluster/services/patroni: take over existing databases and users 2024-08-15 01:07:18 +02:00
3 changed files with 39 additions and 2 deletions
Show stats Expand all files Collapse all files

10
cluster/services/patroni/create-databases.nix
View file

@ -49,7 +49,9 @@ in
user = {
destroyAfterDays = 0;
create = user: psqlSecret "${genPassword} ${user}" ''
CREATE USER ${user} PASSWORD '@SECRET@';
SELECT 'CREATE USER ${user}'
WHERE NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${user}')\gexec
ALTER USER ${user} PASSWORD '@SECRET@';
'';
destroy = psqlSecret "printenv OBJECT" ''
DROP USER @SECRET@;
@ -59,7 +61,11 @@ in
destroyAfterDays = 30;
deps = [ "user" ];
create = db: psql ''
CREATE DATABASE ${db} OWNER ${cfg.databases.${db}.owner};
SELECT 'CREATE DATABASE ${db} OWNER ${cfg.databases.${db}.owner}'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${db}')\gexec
'';
change = db: psql ''
ALTER DATABASE ${db} OWNER TO ${cfg.databases.${db}.owner};
'';
destroy = psqlSecret "printenv OBJECT" ''
DROP DATABASE @SECRET@;

5
cluster/services/patroni/simulacrum/test-data.nix
View file

@ -3,12 +3,17 @@
patroni = lib.mkIf config.simulacrum {
databases = config.lib.forService "patroni" {
testdb.owner = "testuser";
existingdb.owner = "existinguser";
};
users = config.lib.forService "patroni" {
testuser.locksmith = {
nodes = config.services.patroni.nodes.haproxy;
format = "pgpass";
};
existinguser.locksmith = {
nodes = config.services.patroni.nodes.haproxy;
format = "pgpass";
};
};
};
}

26
cluster/services/patroni/simulacrum/test.nix
View file

@ -87,5 +87,31 @@ in
for client in clients:
client.succeed(f"PGPASSFILE=/run/locksmith/patroni-testuser psql -h ${link.ipv4} -p ${link.portStr} -U testuser -d testdb --command='create table test_table_{client.name} as select * from generate_series(1, 10) as val;'")
client.fail("PGPASSFILE=/run/locksmith/patroni-testuser psql -h ${link.ipv4} -p ${link.portStr} -U testuser -d postgres --command='select * from dummy;'")
with subtest("should take over existing databases and users via incandescence"):
for cmd in [
"drop database existingdb;",
"drop user existinguser;",
"create database existingdb owner postgres;",
"create user existinguser;"
]:
clients[0].succeed(f"psql -h ${link.ipv4} -p ${link.portStr} -U postgres --command='{cmd}'")
for client in clients:
client.fail(f"PGPASSFILE=/run/locksmith/patroni-existinguser psql -h ${link.ipv4} -p ${link.portStr} -U existinguser -d existingdb --command='create table test_table_{client.name} as select * from generate_series(1, 10) as val;'")
consulConfig = json.loads(clients[0].succeed("cat /etc/consul.json"))
addr = consulConfig["addresses"]["http"]
port = consulConfig["ports"]["http"]
setEnv = f"CONSUL_HTTP_ADDR={addr}:{port}"
clients[0].succeed(f"{setEnv} consul kv delete --recurse services/incandescence/providers/patroni/formulae/database/existingdb")
clients[0].succeed(f"{setEnv} consul kv delete --recurse services/incandescence/providers/patroni/formulae/user/existinguser")
for node in nodes:
node.systemctl("restart incandescence-patroni.target")
clients[0].succeed("[[ $(psql -h ${link.ipv4} -p ${link.portStr} -U postgres --tuples-only --csv --command=\"SELECT pg_roles.rolname FROM pg_database JOIN pg_roles ON pg_database.datdba = pg_roles.oid WHERE pg_database.datname = 'existingdb'\") == existinguser ]]")
for client in clients:
client.succeed(f"PGPASSFILE=/run/locksmith/patroni-existinguser psql -h ${link.ipv4} -p ${link.portStr} -U existinguser -d existingdb --command='create table test_table_{client.name} as select * from generate_series(1, 10) as val;'")
client.fail("PGPASSFILE=/run/locksmith/patroni-existinguser psql -h ${link.ipv4} -p ${link.portStr} -U existinguser -d postgres --command='select * from dummy;'")
'';
}