Skip to content

Commit 03bddac

Browse files
author
rwinieski
committed
pass admin user and password using file
1 parent 1d42286 commit 03bddac

File tree

2 files changed

+104
-76
lines changed

2 files changed

+104
-76
lines changed

charts/templates/statefulset.yaml

Lines changed: 95 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ metadata:
88
spec:
99
serviceName: {{ include "marklogic.headlessServiceName" . }}
1010
replicas: {{ .Values.replicaCount }}
11+
updateStrategy:
12+
type: {{ .Values.updateStrategy.type }}
1113
selector:
1214
matchLabels:
1315
{{- include "marklogic.selectorLabels" . | nindent 6 }}
@@ -25,10 +27,16 @@ spec:
2527
initContainers:
2628
- name: configure-group
2729
image: "{{ .Values.initContainerImage.repository }}:{{ .Values.initContainerImage.tag }}"
30+
volumeMounts:
31+
- name: admin-creds
32+
mountPath: "/run/secrets/creds"
33+
readOnly: false
2834
command:
2935
- sh
3036
- '-c'
3137
- |
38+
MARKLOGIC_ADMIN_USERNAME="$(< /run/secrets/creds/username)"
39+
MARKLOGIC_ADMIN_PASSWORD="$(< /run/secrets/creds/password)"
3240
log () {
3341
local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
3442
echo "${TIMESTAMP} $@"
@@ -67,16 +75,10 @@ spec:
6775
exit 1
6876
fi
6977
env:
70-
- name: MARKLOGIC_ADMIN_USERNAME
71-
valueFrom:
72-
secretKeyRef:
73-
name: {{ include "marklogic.fullname" . }}-admin
74-
key: username
75-
- name: MARKLOGIC_ADMIN_PASSWORD
76-
valueFrom:
77-
secretKeyRef:
78-
name: {{ include "marklogic.fullname" . }}-admin
79-
key: password
78+
- name: MARKLOGIC_ADMIN_USERNAME_FILE
79+
value: "creds/username"
80+
- name: MARKLOGIC_ADMIN_PASSWORD_FILE
81+
value: "creds/password"
8082
- name: POD_NAME
8183
valueFrom:
8284
fieldRef:
@@ -90,22 +92,19 @@ spec:
9092
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
9193
imagePullPolicy: {{ .Values.image.pullPolicy}}
9294
volumeMounts:
95+
- name: admin-creds
96+
mountPath: "/run/secrets/creds"
97+
readOnly: false
9398
- name: datadir
9499
mountPath: {{ .Values.persistence.mountPath }}
95100
{{- if .Values.extraVolumeMounts }}
96101
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
97102
{{- end }}
98103
env:
99-
- name: MARKLOGIC_ADMIN_USERNAME
100-
valueFrom:
101-
secretKeyRef:
102-
name: {{ include "marklogic.fullname" . }}-admin
103-
key: username
104-
- name: MARKLOGIC_ADMIN_PASSWORD
105-
valueFrom:
106-
secretKeyRef:
107-
name: {{ include "marklogic.fullname" . }}-admin
108-
key: password
104+
- name: MARKLOGIC_ADMIN_USERNAME_FILE
105+
value: "creds/username"
106+
- name: MARKLOGIC_ADMIN_PASSWORD_FILE
107+
value: "creds/password"
109108
- name: POD_NAME
110109
valueFrom:
111110
fieldRef:
@@ -137,75 +136,89 @@ spec:
137136
- bash
138137
- '-c'
139138
- |
140-
pid=$(ps aux | grep -i '/bin/bas[h] /usr' | awk {'print $2'})
139+
MARKLOGIC_ADMIN_USERNAME="$(< /run/secrets/creds/username)"
140+
MARKLOGIC_ADMIN_PASSWORD="$(< /run/secrets/creds/password)"
141141
142-
log () {
143-
local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
144-
echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
145-
}
146-
log "Info: [poststart] Begin Poststart Hook Execution"
147-
if [[ $POD_NAME != *-0 ]]; then
148-
log "Info: [poststart] Skipping group configuration."
149-
else
150-
while [ ! -f /var/opt/MarkLogic/ready ]; do
151-
log "[poststart] wait for marklogic server to be ready"
152-
sleep 5s
153-
done
154-
sleep 10s
155-
GROUP_CFG_TEMPLATE='{"group-name":"%s", "xdqp-ssl-enabled":"%s"}'
156-
GROUP_CFG=$(printf "$GROUP_CFG_TEMPLATE" "$MARKLOGIC_GROUP" "$XDQP_SSL_ENABLED")
157-
log "Info: [poststart] Updating group configuration: ${GROUP_CFG}"
158-
curl --anyauth -m 20 -X PUT -H "Content-type: application/json" -d "${GROUP_CFG}" http://${MARKLOGIC_BOOTSTRAP_HOST}:8002/manage/v2/groups/Default/properties --user ${MARKLOGIC_ADMIN_USERNAME}:${MARKLOGIC_ADMIN_PASSWORD}
159-
sleep 2s
160-
fi
161-
log "Info: [poststart] Poststart Hook Execution Completed"
142+
pid=$(pgrep start.marklogic)
143+
144+
log () {
145+
local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
146+
# Check to make sure pod doesn't terminate if PID value is empty for any reason
147+
# If PID value is empty postStart hook logs are not recorded
148+
if [ -n "$pid" ]; then
149+
echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
150+
fi
151+
}
152+
log "Info: [poststart] Begin Poststart Hook Execution"
153+
if [[ $POD_NAME != *-0 ]]; then
154+
log "Info: [poststart] Skipping group configuration."
155+
else
156+
while [ ! -f /var/opt/MarkLogic/ready ]; do
157+
log "[poststart] wait for marklogic server to be ready"
158+
sleep 5s
159+
done
160+
sleep 10s
161+
GROUP_CFG_TEMPLATE='{"group-name":"%s", "xdqp-ssl-enabled":"%s"}'
162+
GROUP_CFG=$(printf "$GROUP_CFG_TEMPLATE" "$MARKLOGIC_GROUP" "$XDQP_SSL_ENABLED")
163+
log "Info: [poststart] Updating group configuration: ${GROUP_CFG}"
164+
curl --anyauth -m 20 -X PUT -H "Content-type: application/json" -d "${GROUP_CFG}" http://${MARKLOGIC_BOOTSTRAP_HOST}:8002/manage/v2/groups/Default/properties --user ${MARKLOGIC_ADMIN_USERNAME}:${MARKLOGIC_ADMIN_PASSWORD}
165+
sleep 2s
166+
fi
167+
log "Info: [poststart] Poststart Hook Execution Completed"
162168
{{- end }}
163169
preStop:
164170
exec:
165171
command:
166172
- bash
167173
- '-c'
168174
- |
169-
log () {
170-
local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
171-
echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
172-
}
175+
MARKLOGIC_ADMIN_USERNAME="$(< /run/secrets/creds/username)"
176+
MARKLOGIC_ADMIN_PASSWORD="$(< /run/secrets/creds/password)"
173177
174-
pid=$(ps aux | grep -i '/bin/bas[h] /usr' | awk {'print $2'})
175-
log "Info: [prestop] Prestop Hook Execution"
178+
log () {
179+
local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
180+
# Check to make sure pod doesn't terminate if PID value is empty for any reason
181+
# If PID value is empty preStart hook logs are not recorded
182+
if [ -n "$pid" ]; then
183+
echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
184+
fi
185+
}
176186
177-
my_host=$(hostname -f)
187+
pid=$(pgrep start.marklogic)
188+
log "Info: [prestop] Prestop Hook Execution"
178189
179-
log "Info: [prestop] MarkLogic Pod Hostname: "$my_host
190+
my_host=$(hostname -f)
180191
181-
for ((i = 0; i < 5; i = i + 1)); do
182-
res_code=$(curl --anyauth --user $MARKLOGIC_ADMIN_USERNAME:$MARKLOGIC_ADMIN_PASSWORD \
183-
-o /dev/null -m 10 -s -w %{http_code} \
184-
-i -X POST --data "state=shutdown&failover=true" \
185-
-H "Content-type: application/x-www-form-urlencoded" \
186-
http://localhost:8002/manage/v2/hosts/$my_host?format=json)
192+
log "Info: [prestop] MarkLogic Pod Hostname: "$my_host
187193
188-
if [[ ${res_code} -eq 202 ]]; then
189-
log "Info: [prestop] Host shut down response code: "$res_code
194+
for ((i = 0; i < 5; i = i + 1)); do
195+
res_code=$(curl --anyauth --user $MARKLOGIC_ADMIN_USERNAME:$MARKLOGIC_ADMIN_PASSWORD \
196+
-o /dev/null -m 10 -s -w %{http_code} \
197+
-i -X POST --data "state=shutdown&failover=true" \
198+
-H "Content-type: application/x-www-form-urlencoded" \
199+
http://localhost:8002/manage/v2/hosts/$my_host?format=json)
190200
191-
while (true)
192-
do
193-
ml_status=$(service MarkLogic status)
194-
log "Info: [prestop] MarkLogic Status: "$ml_status
195-
if [[ "$ml_status" =~ "running" ]]; then
196-
sleep 5s
197-
continue
198-
else
199-
break
200-
fi
201-
done
202-
break
203-
else
204-
log "ERROR: [prestop] Retry Attempt: "$i
205-
log "ERROR: [prestop] Host shut down expected response code 202, got "$res_code
206-
sleep 10s
207-
fi
208-
done
201+
if [[ ${res_code} -eq 202 ]]; then
202+
log "Info: [prestop] Host shut down response code: "$res_code
203+
204+
while (true)
205+
do
206+
ml_status=$(service MarkLogic status)
207+
log "Info: [prestop] MarkLogic Status: "$ml_status
208+
if [[ "$ml_status" =~ "running" ]]; then
209+
sleep 5s
210+
continue
211+
else
212+
break
213+
fi
214+
done
215+
break
216+
else
217+
log "ERROR: [prestop] Retry Attempt: "$i
218+
log "ERROR: [prestop] Host shut down expected response code 202, got "$res_code
219+
sleep 10s
220+
fi
221+
done
209222
{{- if .Values.containerSecurityContext.enabled }}
210223
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
211224
{{- end }}
@@ -274,7 +287,13 @@ spec:
274287
imagePullSecrets:
275288
- name: {{ include "marklogic.fullname" . }}-registry
276289
{{- end }}
290+
dnsConfig:
291+
searches:
292+
- {{ include "marklogic.headlessURL" . }}
277293
volumes:
294+
- name: admin-creds
295+
secret:
296+
secretName: {{ include "marklogic.fullname" . }}-admin
278297
{{- if .Values.logCollection.enabled }}
279298
- name: {{ include "marklogic.fullname" . }}-fb-config-map
280299
configMap:
@@ -310,4 +329,4 @@ spec:
310329
resources:
311330
requests:
312331
storage: {{ .Values.persistence.size }}
313-
{{- end }}
332+
{{- end }}

charts/values.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,12 @@
33
# Number of Marklogic nodes
44
replicaCount: 1
55

6+
# update strategy for MarkLogic and Helm chart upgrades
7+
# It is recommended to use OnDelete updateStrategy as MarkLogic bootstrap host (pod-0) needs to be upgraded first in the cluster
8+
# and OnDelete allows more control over the upgrade and recovery in case of failure.
9+
updateStrategy:
10+
type: OnDelete
11+
612
# Termination Grace Period
713
terminationGracePeriod: 120
814

@@ -100,6 +106,9 @@ service:
100106
- protocol: TCP
101107
name: query-console
102108
port: 8000
109+
- protocol: TCP
110+
name: admin
111+
port: 8001
103112
- protocol: TCP
104113
name: manage
105114
port: 8002

0 commit comments

Comments
 (0)