K8SPSMDB-1274: Disable balancer before restore

Author: egegunes

e2e-tests/balancer/run

@@ -52,10 +52,13 @@ check_backup_and_restore() {
 
 	log "running restore: restore-${backup_name}"
 	run_restore "${backup_name}"
-	log "checking if balancer status is not changed"
-	check_balancer ${cluster} "${balancer_end_state}" 4
 
-	wait_restore ${backup_name} ${cluster} "ready"
+	wait_restore ${backup_name} ${cluster} "requested" 0
+
+	log "checking if balancer is disabled"
+	check_balancer ${cluster} "false"
+
+	wait_restore ${backup_name} ${cluster} "ready" 1
 
 	log "checking if balancer is ${balancer_end_state} after restore"
 	check_balancer ${cluster} ${balancer_end_state} 10

pkg/controller/perconaservermongodb/connections.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1"
 	"github.com/percona/percona-server-mongodb-operator/pkg/psmdb"
@@ -20,42 +19,11 @@ type MongoClientProvider interface {
 
 func (r *ReconcilePerconaServerMongoDB) MongoClientProvider() MongoClientProvider {
 	if r.mongoClientProvider == nil {
-		return &mongoClientProvider{r.client}
+		return &psmdb.MongoClientProvider{K8sClient: r.client}
 	}
 	return r.mongoClientProvider
 }
 
-type mongoClientProvider struct {
-	k8sclient client.Client
-}
-
-func (p *mongoClientProvider) Mongo(ctx context.Context, cr *api.PerconaServerMongoDB, rs *api.ReplsetSpec, role api.SystemUserRole) (mongo.Client, error) {
-	c, err := getInternalCredentials(ctx, p.k8sclient, cr, role)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get credentials")
-	}
-
-	return psmdb.MongoClient(ctx, p.k8sclient, cr, rs, c)
-}
-
-func (p *mongoClientProvider) Mongos(ctx context.Context, cr *api.PerconaServerMongoDB, role api.SystemUserRole) (mongo.Client, error) {
-	c, err := getInternalCredentials(ctx, p.k8sclient, cr, role)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get credentials")
-	}
-
-	return psmdb.MongosClient(ctx, p.k8sclient, cr, c)
-}
-
-func (p *mongoClientProvider) Standalone(ctx context.Context, cr *api.PerconaServerMongoDB, role api.SystemUserRole, host string, tlsEnabled bool) (mongo.Client, error) {
-	c, err := getInternalCredentials(ctx, p.k8sclient, cr, role)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get credentials")
-	}
-
-	return psmdb.StandaloneClient(ctx, p.k8sclient, cr, c, host, tlsEnabled)
-}
-
 func (r *ReconcilePerconaServerMongoDB) mongoClientWithRole(ctx context.Context, cr *api.PerconaServerMongoDB, rs *api.ReplsetSpec, role api.SystemUserRole) (mongo.Client, error) {
 	return r.MongoClientProvider().Mongo(ctx, cr, rs, role)
 }

pkg/controller/perconaservermongodb/mgo.go

@@ -713,7 +713,7 @@ func (r *ReconcilePerconaServerMongoDB) handleReplsetInit(ctx context.Context, c
 		time.Sleep(time.Second * 5)
 
 		log.Info("creating user admin", "replset", replsetName, "pod", pod.Name, "user", api.RoleUserAdmin)
-		userAdmin, err := getInternalCredentials(ctx, r.client, cr, api.RoleUserAdmin)
+		userAdmin, err := psmdb.GetInternalCredentials(ctx, r.client, cr, api.RoleUserAdmin)
 		if err != nil {
 			return nil, nil, errors.Wrap(err, "failed to get userAdmin credentials")
 		}
@@ -983,7 +983,7 @@ func (r *ReconcilePerconaServerMongoDB) createOrUpdateSystemUsers(ctx context.Co
 	}
 
 	for _, role := range users {
-		creds, err := getInternalCredentials(ctx, r.client, cr, role)
+		creds, err := psmdb.GetInternalCredentials(ctx, r.client, cr, role)
 		if err != nil {
 			log.Error(err, "failed to get credentials", "role", role)
 			continue

pkg/controller/perconaservermongodb/secrets.go

@@ -10,58 +10,12 @@ import (
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1"
 	"github.com/percona/percona-server-mongodb-operator/pkg/naming"
-	"github.com/percona/percona-server-mongodb-operator/pkg/psmdb"
 	"github.com/percona/percona-server-mongodb-operator/pkg/psmdb/secret"
 )
 
-func getUserSecret(ctx context.Context, cl client.Reader, cr *api.PerconaServerMongoDB, name string) (corev1.Secret, error) {
-	secrets := corev1.Secret{}
-	err := cl.Get(ctx, types.NamespacedName{Name: name, Namespace: cr.Namespace}, &secrets)
-	return secrets, errors.Wrap(err, "get user secrets")
-}
-
-func getInternalCredentials(ctx context.Context, cl client.Reader, cr *api.PerconaServerMongoDB, role api.SystemUserRole) (psmdb.Credentials, error) {
-	return getCredentials(ctx, cl, cr, api.UserSecretName(cr), role)
-}
-
-func getCredentials(ctx context.Context, cl client.Reader, cr *api.PerconaServerMongoDB, name string, role api.SystemUserRole) (psmdb.Credentials, error) {
-	creds := psmdb.Credentials{}
-	usersSecret, err := getUserSecret(ctx, cl, cr, name)
-	if err != nil {
-		return creds, errors.Wrap(err, "failed to get user secret")
-	}
-
-	switch role {
-	case api.RoleDatabaseAdmin:
-		creds.Username = string(usersSecret.Data[api.EnvMongoDBDatabaseAdminUser])
-		creds.Password = string(usersSecret.Data[api.EnvMongoDBDatabaseAdminPassword])
-	case api.RoleClusterAdmin:
-		creds.Username = string(usersSecret.Data[api.EnvMongoDBClusterAdminUser])
-		creds.Password = string(usersSecret.Data[api.EnvMongoDBClusterAdminPassword])
-	case api.RoleUserAdmin:
-		creds.Username = string(usersSecret.Data[api.EnvMongoDBUserAdminUser])
-		creds.Password = string(usersSecret.Data[api.EnvMongoDBUserAdminPassword])
-	case api.RoleClusterMonitor:
-		creds.Username = string(usersSecret.Data[api.EnvMongoDBClusterMonitorUser])
-		creds.Password = string(usersSecret.Data[api.EnvMongoDBClusterMonitorPassword])
-	case api.RoleBackup:
-		creds.Username = string(usersSecret.Data[api.EnvMongoDBBackupUser])
-		creds.Password = string(usersSecret.Data[api.EnvMongoDBBackupPassword])
-	default:
-		return creds, errors.Errorf("not implemented for role: %s", role)
-	}
-
-	if creds.Username == "" || creds.Password == "" {
-		return creds, errors.Errorf("can't find credentials for role %s", role)
-	}
-
-	return creds, nil
-}
-
 func (r *ReconcilePerconaServerMongoDB) reconcileUsersSecret(ctx context.Context, cr *api.PerconaServerMongoDB) error {
 	secretObj := corev1.Secret{}
 	err := r.client.Get(ctx,

pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go

@@ -187,6 +187,23 @@ func (r *ReconcilePerconaServerMongoDBRestore) Reconcile(ctx context.Context, re
 			}
 
 			if err == nil {
+				provider := psmdb.NewClientProvider(r.client)
+				mongos, err := provider.Mongos(ctx, cluster, psmdbv1.RoleClusterAdmin)
+				if err != nil {
+					return rr, errors.Wrap(err, "get mongos session")
+				}
+				defer func() {
+					err := mongos.Disconnect(ctx)
+					if err != nil {
+						log.Error(err, "disconnect from mongos")
+					}
+				}()
+
+				log.Info("Stopping balancer")
+				if err := mongos.StopBalancer(ctx); err != nil {
+					return rr, errors.Wrap(err, "stop balancer")
+				}
+
 				log.Info("Terminating mongos pods")
 				err = r.client.Delete(ctx, psmdb.MongosStatefulset(cluster))
 				if err != nil && !k8serrors.IsNotFound(err) {
@@ -195,6 +212,16 @@ func (r *ReconcilePerconaServerMongoDBRestore) Reconcile(ctx context.Context, re
 
 				return rr, nil
 			}
+
+			mongosPods, err := psmdb.GetMongosPods(ctx, r.client, cluster)
+			if err != nil {
+				return rr, errors.Wrap(err, "get mongos pods")
+			}
+
+			if len(mongosPods.Items) > 0 {
+				log.Info("Waiting for mongos pods to terminate")
+				return rr, nil
+			}
 		}
 
 		err = r.validate(ctx, cr, cluster)

pkg/psmdb/client.go

@@ -11,11 +11,6 @@ import (
 	"github.com/percona/percona-server-mongodb-operator/pkg/psmdb/tls"
 )
 
-type Credentials struct {
-	Username string
-	Password string
-}
-
 func MongoClient(ctx context.Context, k8sclient client.Client, cr *api.PerconaServerMongoDB, rs *api.ReplsetSpec, c Credentials) (mongo.Client, error) {
 	pods, err := GetRSPods(ctx, k8sclient, cr, rs.Name)
 	if err != nil {

pkg/psmdb/connections.go

@@ -0,0 +1,46 @@
+package psmdb
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1"
+	"github.com/percona/percona-server-mongodb-operator/pkg/psmdb/mongo"
+)
+
+type MongoClientProvider struct {
+	K8sClient client.Client
+}
+
+func NewClientProvider(k8sclient client.Client) *MongoClientProvider {
+	return &MongoClientProvider{k8sclient}
+}
+
+func (p *MongoClientProvider) Mongo(ctx context.Context, cr *api.PerconaServerMongoDB, rs *api.ReplsetSpec, role api.SystemUserRole) (mongo.Client, error) {
+	c, err := GetInternalCredentials(ctx, p.K8sClient, cr, role)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get credentials")
+	}
+
+	return MongoClient(ctx, p.K8sClient, cr, rs, c)
+}
+
+func (p *MongoClientProvider) Mongos(ctx context.Context, cr *api.PerconaServerMongoDB, role api.SystemUserRole) (mongo.Client, error) {
+	c, err := GetInternalCredentials(ctx, p.K8sClient, cr, role)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get credentials")
+	}
+
+	return MongosClient(ctx, p.K8sClient, cr, c)
+}
+
+func (p *MongoClientProvider) Standalone(ctx context.Context, cr *api.PerconaServerMongoDB, role api.SystemUserRole, host string, tlsEnabled bool) (mongo.Client, error) {
+	c, err := GetInternalCredentials(ctx, p.K8sClient, cr, role)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get credentials")
+	}
+
+	return StandaloneClient(ctx, p.K8sClient, cr, c, host, tlsEnabled)
+}

pkg/psmdb/credentials.go

@@ -0,0 +1,61 @@
+package psmdb
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	psmdbv1 "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1"
+)
+
+type Credentials struct {
+	Username string
+	Password string
+}
+
+func GetUserSecret(ctx context.Context, cl client.Reader, cr *psmdbv1.PerconaServerMongoDB, name string) (corev1.Secret, error) {
+	secrets := corev1.Secret{}
+	err := cl.Get(ctx, types.NamespacedName{Name: name, Namespace: cr.Namespace}, &secrets)
+	return secrets, errors.Wrap(err, "get user secrets")
+}
+
+func GetCredentials(ctx context.Context, cl client.Reader, cr *psmdbv1.PerconaServerMongoDB, name string, role psmdbv1.SystemUserRole) (Credentials, error) {
+	creds := Credentials{}
+	usersSecret, err := GetUserSecret(ctx, cl, cr, name)
+	if err != nil {
+		return creds, errors.Wrap(err, "failed to get user secret")
+	}
+
+	switch role {
+	case psmdbv1.RoleDatabaseAdmin:
+		creds.Username = string(usersSecret.Data[psmdbv1.EnvMongoDBDatabaseAdminUser])
+		creds.Password = string(usersSecret.Data[psmdbv1.EnvMongoDBDatabaseAdminPassword])
+	case psmdbv1.RoleClusterAdmin:
+		creds.Username = string(usersSecret.Data[psmdbv1.EnvMongoDBClusterAdminUser])
+		creds.Password = string(usersSecret.Data[psmdbv1.EnvMongoDBClusterAdminPassword])
+	case psmdbv1.RoleUserAdmin:
+		creds.Username = string(usersSecret.Data[psmdbv1.EnvMongoDBUserAdminUser])
+		creds.Password = string(usersSecret.Data[psmdbv1.EnvMongoDBUserAdminPassword])
+	case psmdbv1.RoleClusterMonitor:
+		creds.Username = string(usersSecret.Data[psmdbv1.EnvMongoDBClusterMonitorUser])
+		creds.Password = string(usersSecret.Data[psmdbv1.EnvMongoDBClusterMonitorPassword])
+	case psmdbv1.RoleBackup:
+		creds.Username = string(usersSecret.Data[psmdbv1.EnvMongoDBBackupUser])
+		creds.Password = string(usersSecret.Data[psmdbv1.EnvMongoDBBackupPassword])
+	default:
+		return creds, errors.Errorf("not implemented for role: %s", role)
+	}
+
+	if creds.Username == "" || creds.Password == "" {
+		return creds, errors.Errorf("can't find credentials for role %s", role)
+	}
+
+	return creds, nil
+}
+
+func GetInternalCredentials(ctx context.Context, cl client.Reader, cr *psmdbv1.PerconaServerMongoDB, role psmdbv1.SystemUserRole) (Credentials, error) {
+	return GetCredentials(ctx, cl, cr, psmdbv1.UserSecretName(cr), role)
+}