Make orchestrator topology passwords static

Author: calind

cmd/mysql-helper/util/util.go

@@ -137,33 +137,33 @@ func getEnvValue(key string) string {
 }
 
 // GetReplUser returns the replication user name from env variable
-// TITANIUM_REPLICATION_USER
+// MYSQL_REPLICATION_USER
 func GetReplUser() string {
-	return getEnvValue("TITANIUM_REPLICATION_USER")
+	return getEnvValue("MYSQL_REPLICATION_USER")
 }
 
 // GetReplPass returns the replication password from env variable
-// TITANIUM_REPLICATION_PASSWORD
+// MYSQL_REPLICATION_PASSWORD
 func GetReplPass() string {
-	return getEnvValue("TITANIUM_REPLICATION_PASSWORD")
+	return getEnvValue("MYSQL_REPLICATION_PASSWORD")
 }
 
 // GetExporterUser returns the replication user name from env variable
-// TITANIUM_EXPORTER_USER
+// MYSQL_METRICS_EXPORTER_USER
 func GetExporterUser() string {
-	return getEnvValue("TITANIUM_EXPORTER_USER")
+	return getEnvValue("MYSQL_METRICS_EXPORTER_USER")
 }
 
 // GetExporterPass returns the replication password from env variable
-// TITANIUM_EXPORTER_PASSWORD
+// MYSQL_METRICS_EXPORTER_PASSWORD
 func GetExporterPass() string {
-	return getEnvValue("TITANIUM_EXPORTER_PASSWORD")
+	return getEnvValue("MYSQL_METRICS_EXPORTER_PASSWORD")
 }
 
 // GetInitBucket returns the bucket uri from env variable
-// TITANIUM_INIT_BUCKET_URI
+// INIT_BUCKET_URI
 func GetInitBucket() string {
-	return getEnvValue("TITANIUM_INIT_BUCKET_URI")
+	return getEnvValue("INIT_BUCKET_URI")
 }
 
 // GetMasterHost returns the master host
@@ -187,16 +187,16 @@ func GetMasterHost() string {
 	return inst.Key.Hostname
 }
 
-// GetOrcTopologyUser returns the orchestrator topology user. It is readed from
-// /var/run/orc-topology/TOPOLOGY_USER
+// GetOrcTopologyUser returns the orchestrator topology user from env variable
+// MYSQL_ORC_TOPOLOGY_USER
 func GetOrcUser() string {
-	return readFileContent(OrcTopologyDir + "/TOPOLOGY_USER")
+	return getEnvValue("MYSQL_ORC_TOPOLOGY_USER")
 }
 
-// GetOrcTopologyPass returns the orchestrator topology user. It is readed from
-// /var/run/orc-topology/TOPOLOGY_PASSWORD
+// GetOrcTopologyPass returns the orchestrator topology passowrd from env variable
+// MYSQL_ORC_TOPOLOGY_PASSWORD
 func GetOrcPass() string {
-	return readFileContent(OrcTopologyDir + "/TOPOLOGY_PASSWORD")
+	return getEnvValue("MYSQL_ORC_TOPOLOGY_PASSWORD")
 }
 
 func readFileContent(fileName string) string {
@@ -259,7 +259,7 @@ func RunQuery(q string) (string, error) {
 }
 
 func getOrcUri() string {
-	return getEnvValue("TITANIUM_ORC_URI")
+	return getEnvValue("ORCHESTRATOR_URI")
 }
 
 // CopyFile the src file to dst. Any existing file will be overwritten and will not

hack/charts/mysql-operator/templates/deployment.yaml

@@ -23,9 +23,20 @@ spec:
         - name: mysql-operator
           image: "{{ .Values.image }}"
           imagePullPolicy: {{ .Values.imagePullPolicy }}
+          env:
+            - name: ORC_TOPOLOGY_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "mysql-operator.orchestrator.fullname" . }}
+                  key: TOPOLOGY_USER
+            - name: ORC_TOPOLOGY_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "mysql-operator.orchestrator.fullname" . }}
+                  key: TOPOLOGY_PASSWORD
           args:
             - --orchestrator-uri=http://{{ template "mysql-operator.orchestrator.fullname" . }}.{{ .Release.Namespace }}/api
-            - --orchestrator-secret={{ template "mysql-operator.orchestrator.fullname" . }}
+            - --leader-election-namespace={{ .Release.Namespace }}
             {{- if .Values.helperImage }}
             - --helper-image={{ .Values.helperImage }}
             {{- end -}}

pkg/apis/mysql/v1alpha1/cluster.go

@@ -144,12 +144,6 @@ func (c *ClusterSpec) GetOrcUri() string {
 	return opt.OrchestratorUri
 }
 
-// GetOrcTopologySecret return the name of the secret that contains the
-// credentaials for orc to connect to mysql nodes.
-func (c *ClusterSpec) GetOrcTopologySecret() string {
-	return opt.OrchestratorTopologySecretName
-}
-
 // GetMysqlImage returns mysql image, composed from oprions and  Spec.MysqlVersion
 func (c *ClusterSpec) GetMysqlImage() string {
 	return opt.MysqlImage + ":" + c.MysqlVersion

pkg/controller/clustercontroller/sync.go

@@ -58,7 +58,7 @@ func (c *Controller) Sync(ctx context.Context, cluster *api.MysqlCluster, ns str
 	}
 
 	// create a cluster factory and sync it.
-	clusterFactory := mcfactory.New(copyCluster, c.k8client, c.myClient, ns, c.recorder)
+	clusterFactory := mcfactory.New(copyCluster, opt, c.k8client, c.myClient, ns, c.recorder)
 	if err := clusterFactory.Sync(ctx); err != nil {
 		return fmt.Errorf("failed to set-up the cluster: %s", err)
 	}

pkg/mysqlcluster/cluster.go

@@ -40,7 +40,7 @@ type Interface interface {
 // cluster factory
 type cFactory struct {
 	cluster *api.MysqlCluster
-	opt     options.Options
+	opt     *options.Options
 
 	namespace string
 
@@ -52,10 +52,11 @@ type cFactory struct {
 }
 
 // New creates a new cluster factory
-func New(cluster *api.MysqlCluster, klient kubernetes.Interface,
+func New(cluster *api.MysqlCluster, opt *options.Options, klient kubernetes.Interface,
 	myClient ticlientset.Interface, ns string, rec record.EventRecorder) Interface {
 	return &cFactory{
 		cluster:    cluster,
+		opt:        opt,
 		client:     klient,
 		myClient:   myClient,
 		namespace:  ns,
@@ -87,19 +88,12 @@ type component struct {
 func (f *cFactory) getComponents() []component {
 	return []component{
 		component{
-			alias:        "db-secret",
-			name:         fmt.Sprintf("db-credentials(%s)", f.cluster.Spec.SecretName),
-			syncFn:       f.syncDbCredentialsSecret,
+			alias:        "cluster-secret",
+			name:         f.cluster.Spec.SecretName,
+			syncFn:       f.syncClusterSecret,
 			reasonFailed: api.EventReasonDbSecretFailed,
 			erUpdated:    api.EventReasonDbSecretUpdated,
 		},
-		component{
-			alias:        "env-secret",
-			name:         f.cluster.GetNameForResource(api.EnvSecret),
-			syncFn:       f.syncEnvSecret,
-			reasonFailed: api.EventReasonEnvSecretFailed,
-			erUpdated:    api.EventReasonEnvSecretUpdated,
-		},
 		component{
 			alias:        "config-map",
 			name:         f.cluster.GetNameForResource(api.ConfigMap),
@@ -135,12 +129,13 @@ func (f *cFactory) Sync(ctx context.Context) error {
 	for _, comp := range f.getComponents() {
 		state, err := comp.syncFn()
 		if err != nil {
-			glog.V(2).Infof("[%s]: %s ... (%s)", comp.alias, comp.name, state)
-			err = fmt.Errorf("%s faild to sync with err: %s", comp.name, err)
+			glog.Warningf("[%s]: failed syncing %s: ", comp.alias, comp.name, err.Error())
+			err = fmt.Errorf("%s sync failed: %s", comp.name, err)
 			f.rec.Event(f.cluster, api.EventWarning, comp.reasonFailed, err.Error())
 			return err
+		} else {
+			glog.V(2).Infof("[%s]: %s ... (%s)", comp.alias, comp.name, state)
 		}
-		glog.V(2).Infof("[%s]: %s ... (%s)", comp.alias, comp.name, state)
 		switch state {
 		case statusCreated, statusUpdated:
 			f.rec.Event(f.cluster, api.EventNormal, comp.erUpdated, "")
@@ -154,7 +149,7 @@ func (f *cFactory) Sync(ctx context.Context) error {
 		for i := 0; i < int(f.cluster.Status.ReadyNodes); i++ {
 			host := f.getHostForReplica(i)
 			if err := client.Discover(host, MysqlPort); err != nil {
-				glog.Infof("Failed to register %s with orchestrator: %s", host, err.Error())
+				glog.Warningf("Failed to register %s with orchestrator: %s", host, err.Error())
 			}
 		}
 	}

pkg/mysqlcluster/sync_db_credentials.go pkg/mysqlcluster/secret.gopkg/mysqlcluster/sync_db_credentials.go renamed to pkg/mysqlcluster/secret.go

@@ -23,16 +23,11 @@ import (
 	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/runtime"
-)
 
-type dbCreds struct {
-	User         string
-	Password     string
-	Database     string
-	RootPassword string
-}
+	"github.com/presslabs/mysql-operator/pkg/util"
+)
 
-func (f *cFactory) syncDbCredentialsSecret() (state string, err error) {
+func (f *cFactory) syncClusterSecret() (state string, err error) {
 	state = statusUpToDate
 	if len(f.cluster.Spec.SecretName) == 0 {
 		err = fmt.Errorf("the Spec.SecretName is empty")
@@ -51,32 +46,25 @@ func (f *cFactory) syncDbCredentialsSecret() (state string, err error) {
 
 	_, act, err := kcore.PatchSecret(f.client, secret,
 		func(in *core.Secret) *core.Secret {
-			var creds dbCreds
 			if _, ok := in.Data["ROOT_PASSWORD"]; !ok {
 				runtime.HandleError(fmt.Errorf("ROOT_PASSWORD not set in secret: %s", in.Name))
 				return in
 			}
 
-			creds.RootPassword = string(in.Data["ROOT_PASSWORD"])
-			creds.User = "root"
-			creds.Password = creds.RootPassword
-			creds.Database = ""
-
-			u, oku := in.Data["USER"]
-			p, okp := in.Data["PASSWORD"]
-			if oku && okp {
-				creds.User = string(u)
-				creds.Password = string(p)
+			if len(in.Data["REPLICATION_USER"]) == 0 {
+				in.Data["REPLICATION_USER"] = []byte("repl_" + util.RandStringUser(5))
 			}
-			if d, ok := in.Data["DATABASE"]; ok {
-				creds.Database = string(d)
+			if len(in.Data["REPLICATION_PASSWORD"]) == 0 {
+				in.Data["REPLICATION_PASSWORD"] = []byte(util.RandomString(rStrLen))
 			}
-
-			in.Data["DB_CONNECT_URL"] = []byte(fmt.Sprintf(
-				"mysql://%s:%s@%s/%s",
-				creds.User, creds.Password, f.cluster.GetMasterHost(), creds.Database,
-			))
-
+			if len(in.Data["METRICS_EXPORTER_USER"]) == 0 {
+				in.Data["METRICS_EXPORTER_USER"] = []byte("repl_" + util.RandStringUser(5))
+			}
+			if len(in.Data["METRICS_EXPORTER_PASSWORD"]) == 0 {
+				in.Data["METRICS_EXPORTER_PASSWORD"] = []byte(util.RandomString(rStrLen))
+			}
+			in.Data["ORC_TOPOLOGY_USER"] = []byte(f.opt.OrchestratorTopologyUser)
+			in.Data["ORC_TOPOLOGY_PASSWORD"] = []byte(f.opt.OrchestratorTopologyPassword)
 			return in
 		})