Puppet Plan: complyadm::install::from_2x::migrate_database

Defined in:
plans/install/from_2x/migrate_database.pp

Summary

Migrate data from the comply and identity databases of a 2.x instance.

Overview

Overwrites any existing data in the 3.x target database.

Parameters:

  • comply_2_target_name (String) 


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'plans/install/from_2x/migrate_database.pp', line 5

plan complyadm::install::from_2x::migrate_database(
  String $comply_2_target_name,
) {
  $config = complyadm::config()

  $starget = get_targets($config['roles']['database']['targets'][0])[0]

  # Getting here via Name so that can call plan directly
  $comply_2_target = get_targets($comply_2_target_name)[0]

  $kubernetes_namespace = complyadm::default_for_value($comply_2_target.vars['kubernetes_namespace'], 'default')
  # TODO: Read the below from Inventory
  $kubernetes_conf = '/etc/kubernetes/admin.conf'

  $migration_dir_name = Timestamp.new.strftime('%Y-%m-%dT%H_%M_%S')
  # TODO We should probably check whether there is enough space in this dest dir,
  # maybe as a preflight? For now we document that they should have at least 10GB in /tmp.
  $dump_root = "/tmp/comply-migration-${migration_dir_name}"
  $comply_db_dump_path = file::join($dump_root, 'comply_db_dump.tar')
  $identity_db_dump_path = file::join($dump_root, 'identity_db_dump.tar')
  run_command("mkdir -p ${dump_root}", $comply_2_target)

  out::message('Generating DB dump for comply database.')
  run_command(
    "kubectl -n ${kubernetes_namespace} exec -i comply-postgres-0 -- pg_dump --no-owner -x -O -Ft -U postgres comply > ${comply_db_dump_path}",
    $comply_2_target,
    _env_vars => { 'KUBECONFIG' => $kubernetes_conf }
  )
  out::message('Generating DB dump for auth database.')
  run_command(
    "kubectl -n ${kubernetes_namespace} exec -i comply-auth-postgres-0 -- pg_dump --no-owner -x -O -Ft -U postgres keycloak > ${identity_db_dump_path}",
    $comply_2_target,
    _env_vars => { 'KUBECONFIG' => $kubernetes_conf }
  )

  $db_target_name = $config['roles']['database']['targets'][0]
  $db_target = get_targets($db_target_name)[0]

  $migration_root = file::join(complyadm::download_dir(), 'migration')
  if (!file::exists($migration_root)) {
    run_command("mkdir -p ${migration_root}", 'localhost')
  }
  $runner_dest = file::join($migration_root, $migration_dir_name)
  run_command("mkdir ${runner_dest}", 'localhost')

  # If both targets are `localhost`, this will do some unnecessary copying, but I wasn't sure
  # if the added complexity to the conditionals was worth accounting for this edge case.
  if $comply_2_target.transport == 'local' {
    # if the $comply_2_target is localhost, don't download, just copy into the module
    run_command("cp -R ${dump_root}/* ${runner_dest}", 'localhost')
  } else {
    complyadm::download_file($dump_root, $runner_dest, $comply_2_target, { '_run_as' => 'root' }, true)
  }

  if $db_target.transport == 'local' {
    # If we are running bolt on the host where Comply is installed, don't upload the dump, just copy it to the dump path
    run_command("mkdir -p ${dump_root}", 'localhost')
    run_command("cp -R ${runner_dest}/* ${dump_root}", 'localhost')
  } else {
    upload_file($runner_dest, $dump_root, $db_target)
  }

  $db_container = $config['roles']['database']['services']['comply_postgres']['container']['name']
  $admin_db_username = $config['roles']['database']['services']['comply_postgres']['admin_db_username']
  $comply_db_username = $config['roles']['database']['services']['comply_postgres']['comply_db_username']
  $identity_db_username = $config['roles']['database']['services']['comply_postgres']['identity_db_username']

  run_command(
    "cat ${comply_db_dump_path} | \
${$config['runtime']} exec -i ${$db_container} pg_restore --no-owner --role=comply --clean --if-exists -U ${comply_db_username} -d comply",
    $db_target,
    { '_run_as' => 'root' },
  )

  run_command(
    "cat ${identity_db_dump_path} | \
${$config['runtime']} exec -i ${$db_container} pg_restore --no-owner --role=keycloak --clean --if-exists -U ${identity_db_username} -d keycloak",
    $db_target,
    { '_run_as' => 'root' },
  )
}