Migrate DB to VM (bcgov#2423)

Add psql container for testing

Author: Fosol

api/net/Areas/Editor/Controllers/ContentController.cs

@@ -16,6 +16,7 @@
 using TNO.Core.Extensions;
 using TNO.Core.Storage;
 using TNO.DAL.Config;
+using TNO.DAL.Helpers;
 using TNO.DAL.Services;
 using TNO.Elastic;
 using TNO.Entities;
@@ -26,7 +27,6 @@
 using TNO.Keycloak;
 using TNO.Models.Extensions;
 using TNO.Models.Filters;
-using TNO.DAL.Helpers;
 namespace TNO.API.Areas.Editor.Controllers;
 
 /// <summary>

db/postgres/README.md

@@ -70,3 +70,121 @@ Update the root configuration `.env` file and point it to the Redhat files.
 DB_CONTEXT=db/postgres/rhel8
 DB_VOLUME=/var/lib/pgsql/data
 ```
+
+## Backup Commands
+
+```bash
+# Backup and zip
+pg_dump -h postgres -U admin -C -Fc -v -d tno | gzip > /mnt/data/dev.tar.gz
+
+# Unzip
+gzip -dk dev.tar.gz
+
+# Copy file to local
+oc -n 9b301c-dev rsync psql-4-zdbv6:/mnt/data/dev.tar.gz /D/db
+
+# Copy file to database server
+scp -v /D/db/dev.tar.gz jerfos_a@142.34.249.231:/u02/data/postgres
+```
+
+## Backup Database and Restore to Remote Server
+
+Here are the steps to backup a full database and migrate to another location.
+
+First create run a container with the same Postgres version as the one you want to backup.
+
+```bash
+# Create a volume for the database backup
+docker volume create postgres-backup
+
+# Start the container
+docker run \
+  --name postgres \
+  -l 15.10 \
+  -p 5432:5432 \
+  -e POSTGRES_USER=admin \
+  -e POSTGRES_PASSWORD=password \
+  -e POSTGRES_DB=mmi \
+  -v postgres-backup:/var/lib/postgresql/data \
+  -d --rm \
+   postgres:15.10
+
+# Create variable for environment
+podenv="dev"
+
+# Map a port to the remote database in Openshift
+oc port-forward postgres-0 22222:5432 -n 9b301c-${podenv}
+
+# SSH into the container
+docker exec -it postgres bash
+
+# Move to shared volume
+cd /var/lib/postgresql/data
+
+# Within the postgres container connect to the remote database
+psql -U admin -h host.docker.internal -p 22222 -d tno
+\q
+
+# Start backup.  This will take 10-30 minutes.
+pg_dump -h host.docker.internal -p 22222 -U admin -C -Fc -v -d tno > backup.sql
+
+# Connect to the government VPN
+# Connect to the destination database.
+psql -U mmiadmin -h 142.34.249.231 -d mmi
+
+# Clear out the database if one exists.
+\c mmi
+\dt
+drop schema public cascade;
+create schema public;
+grant all on schema public to postgres;
+grant all on schema public to mmiadmin;
+\q
+
+# Restore the database to the new remote database.  This will take 10-30 minutes.
+pg_restore -U mmiadmin -h 142.34.249.231 -d mmi -v -Fc backup.sql
+
+# Exit the local container
+exit
+
+# Stop the local postgres container
+docker stop postgres
+
+# Remove the volume when done to recover space
+docker volume rm postgres-backup -f
+```
+
+Configure Openshift environment to use remote database
+
+Create a `.env` file that will contain your database secrets.
+This is to ensure it does not get added to source code.
+
+```bash
+
+# Encode username and password
+echo "username" | base64
+echo "password" | base64
+
+# Place encoded values into yaml and create secret in openshift
+oc create -f db-secret.yaml.env -n 9b301c-${podenv}
+```
+
+Update the API environment variables to use the new secret.
+
+```bash
+# Update the API ConfigMap connection string
+# Old value = Host=postgres:5432;Database=tno;Include Error Detail=true;Log Parameters=true;
+oc patch -n 9b301c-${podenv} configmap api --type='merge' -p '{ "data": { "CONNECTION_STRING": "Host=142.34.249.231:5432;Database=mmi;Include Error Detail=true;Log Parameters=true;" }}'
+
+# Update the statefulset
+oc patch -n 9b301c-${podenv} sts/api -p '{ "spec": { "template": { "spec": { "containers": [{ "name": "api", "env": [{ "name": "DB_POSTGRES_USERNAME", "valueFrom": { "secretKeyRef": { "name": "montford", "key": "USERNAME" }}}]}]}}}}'
+oc patch -n 9b301c-${podenv} sts/api -p '{ "spec": { "template": { "spec": { "containers": [{ "name": "api", "env": [{ "name": "DB_POSTGRES_PASSWORD", "valueFrom": { "secretKeyRef": { "name": "montford", "key": "PASSWORD" }}}]}]}}}}'
+
+# Rollout change to statefulset
+oc rollout restart sts/api -n 9b301c-${podenv}
+oc rollout latest dc/api-services -n 9b301c-${podenv}
+
+# Update the deployment config
+oc patch -n 9b301c-${podenv} dc/api-services -p '{ "spec": { "template": { "spec": { "containers": [{ "name": "api-services", "env": [{ "name": "DB_POSTGRES_USERNAME", "valueFrom": { "secretKeyRef": { "name": "montford", "key": "USERNAME" }}}]}]}}}}'
+oc patch -n 9b301c-${podenv} dc/api-services -p '{ "spec": { "template": { "spec": { "containers": [{ "name": "api-services", "env": [{ "name": "DB_POSTGRES_PASSWORD", "valueFrom": { "secretKeyRef": { "name": "montford", "key": "PASSWORD" }}}]}]}}}}'
+```

db/tools/Dockerfile

@@ -0,0 +1,5 @@
+FROM alpine/psql:latest
+
+RUN apk update && apk add -y --no-cache iputils-ping bind-tools wget
+
+ENTRYPOINT ["tail", "-f", "/dev/null"]

openshift/README.md

@@ -206,11 +206,11 @@ oc run some-pod --overrides='{"spec": {"containers": [{"command": ["/bin/bash",
 
 ## Helpful Information on Docker Permissions
 
-(Documentation)[https://developers.redhat.com/blog/2020/10/26/adapting-docker-and-kubernetes-containers-to-run-on-red-hat-openshift-container-platform#executable_permissions]
+[Documentation](https://developers.redhat.com/blog/2020/10/26/adapting-docker-and-kubernetes-containers-to-run-on-red-hat-openshift-container-platform#executable_permissions)
 
 ## Open a remote shell to containers
 
-(Documentat)[https://docs.openshift.com/container-platform/3.11/dev_guide/ssh_environment.html]
+[Documentation](https://docs.openshift.com/container-platform/3.11/dev_guide/ssh_environment.html)
 
 ```bash
 oc rsh <pod>
@@ -227,3 +227,13 @@ for pod in $(oc get pods | grep Error | awk '{print $1}'); do oc delete pod --gr
 ```bash
 oc get pods api-0 -o jsonpath="{..imageID}"
 ```
+
+## Sysdig
+
+<https://app.sysdigcloud.com/#/login>
+
+Login with OpenID.
+
+Enter `BCDevOps` for the authentication.
+
+Login with IDIR.

openshift/kustomize/tools/psql/base/deploy.yaml

@@ -0,0 +1,74 @@
+# How the app will be deployed to the pod.
+kind: DeploymentConfig
+apiVersion: apps.openshift.io/v1
+metadata:
+  name: psql
+  namespace: default
+  annotations:
+    description: Defines how to deploy psql
+  labels:
+    name: psql
+    part-of: tno
+    version: 1.0.0
+    component: database
+    managed-by: kustomize
+    created-by: jeremy.foster
+spec:
+  replicas: 1
+  selector:
+    name: psql
+    part-of: tno
+    component: database
+  strategy:
+    rollingParams:
+      intervalSeconds: 1
+      maxSurge: 25%
+      maxUnavailable: 25%
+      timeoutSeconds: 600
+      updatePeriodSeconds: 1
+    type: Rolling
+  template:
+    metadata:
+      name: psql
+      labels:
+        name: psql
+        part-of: tno
+        component: database
+    spec:
+      volumes:
+        - name: backup-verification
+          persistentVolumeClaim:
+            claimName: backup-verification
+      containers:
+        - name: psql
+          image: ""
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - name: backup-verification
+              mountPath: /mnt/data
+          resources:
+            requests:
+              cpu: 20m
+              memory: 50Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+  test: false
+  triggers:
+    - type: ConfigChange
+    - type: ImageChange
+      imageChangeParams:
+        automatic: true
+        containerNames:
+          - psql
+        from:
+          kind: ImageStreamTag
+          namespace: 9b301c-tools
+          name: psql:dev

openshift/kustomize/tools/psql/base/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deploy.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true

openshift/kustomize/tools/psql/build/base/build.yaml

@@ -0,0 +1,59 @@
+---
+# The final build image.
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: psql
+  annotations:
+    description: Destination for built images.
+  labels:
+    name: psql
+    part-of: tno
+    version: 1.0.0
+    component: database
+    managed-by: kustomize
+    created-by: jeremy.foster
+
+---
+# The build config that will be created will be named for the branch you created it for.
+kind: BuildConfig
+apiVersion: build.openshift.io/v1
+metadata:
+  name: psql.dev
+  annotations:
+    description: Build image from Dockerfile in git repo.
+  labels:
+    name: psql
+    part-of: tno
+    version: 1.0.0
+    component: database
+    managed-by: kustomize
+    created-by: jeremy.foster
+    branch: dev
+spec:
+  completionDeadlineSeconds: 1800
+  triggers:
+    - type: ImageChange
+    - type: ConfigChange
+  runPolicy: Serial
+  source:
+    git:
+      uri: https://github.com/bcgov/tno.git
+      ref: dev
+    contextDir: db/tools
+  strategy:
+    type: Docker
+    dockerStrategy:
+      imageOptimizationPolicy: SkipLayers
+      dockerfilePath: Dockerfile
+  output:
+    to:
+      kind: ImageStreamTag
+      name: psql:latest
+  resources:
+    requests:
+      cpu: 20m
+      memory: 100Mi
+    limits:
+      cpu: 100m
+      memory: 1Gi

openshift/kustomize/tools/psql/build/base/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - build.yaml

openshift/kustomize/tools/psql/build/overlays/dev/kustomization.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: 9b301c-tools
+
+resources:
+  - ../../base
+
+patches:
+  - target:
+      kind: BuildConfig
+      name: psql.dev
+    patch: |-
+      - op: replace
+        path: /spec/source/git/uri
+        value: https://github.com/bcgov/tno.git
+      - op: replace
+        path: /spec/source/git/ref
+        value: dev

openshift/kustomize/tools/psql/overlays/dev/kustomization.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: 9b301c-dev
+
+resources:
+  - ../../base
+
+patches:
+  - target:
+      kind: DeploymentConfig
+      name: nginx
+    patch: |-
+      - op: replace
+        path: /spec/replicas
+        value: 1