Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[minor] Setup Db2 Backup job for Disaster recovery scenario and Compliance/SLA in gitops #1383

Merged
merged 20 commits into from
Dec 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .secrets.baseline
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"files": "^.secrets.baseline$",
"lines": null
},
"generated_at": "2024-11-27T10:44:24Z",
"generated_at": "2024-11-29T10:38:22Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down Expand Up @@ -182,7 +182,7 @@
"hashed_secret": "1459943ba5fd876f7ef6e48f566a40b448a2bf08",
"is_secret": false,
"is_verified": false,
"line_number": 449,
"line_number": 457,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down
35 changes: 35 additions & 0 deletions image/cli/mascli/functions/gitops_cos
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,11 @@ function gitops_cos() {
sensitive = false
}

output "s3db2" {
value = module.s3db2
sensitive = false
}

module "s3c" {
name_prefix = local.name_prefix
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3.git//module?ref=1.0.1"
Expand Down Expand Up @@ -256,6 +261,15 @@ function gitops_cos() {
force_bucket_destroy = true
}

module "s3db2" {
name_prefix = local.name_prefix
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3.git//module?ref=1.0.1"
s3_bucket = "${CLUSTER_ID}-${MAS_INSTANCE_ID}-s3db2"
s3_encryption = true
s3_encryption_algorithm = "AES256"
force_bucket_destroy = true
}

output "s3c_access_point" {
value = module.s3c_access_point
sensitive = false
Expand All @@ -271,6 +285,11 @@ function gitops_cos() {
sensitive = false
}

output "s3db2_access_point" {
value = module.s3db2_access_point
sensitive = false
}

module "s3c_access_point" {
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.10"
name_prefix = local.name_prefix
Expand Down Expand Up @@ -318,6 +337,22 @@ function gitops_cos() {
secret_suffix = "manage_logging/s3secretkey"
manage_secret_format = true
}

module "s3db2_access_point" {
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.10"
name_prefix = local.name_prefix
s3_access_point_bucket_id = module.s3db2.s3_bucket_id
s3_bucket_arn = module.s3db2.s3_bucket_arn
s3_bucket_region = module.s3db2.s3_bucket_region
s3_access_point_name = "${CLUSTER_ID}-${MAS_INSTANCE_ID}-s3db2-access"
s3_access_point_policy_actions = [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:ListBucket" ]
s3_access_point_user = "${CLUSTER_ID}-${MAS_INSTANCE_ID}-s3db2-user"
mas_cluster_id = "$CLUSTER_ID"
mas_instance_id = "$MAS_INSTANCE_ID"
secret_recovery_days = 0
secret_suffix = "db2_backup"
manage_secret_format = true
}
EOF

cat > $TEMP_DIR/provider.tf <<EOF
Expand Down
36 changes: 36 additions & 0 deletions image/cli/mascli/functions/gitops_db2u_database
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ IBM DB2U:
--db2-addons-audit-config-yaml ${COLOR_YELLOW}DB2_ADDONS_AUDIT_CONFIG_YAML${TEXT_RESET} Yaml file containing the db2ucluster addons audit config section.
--jdbc-route ${COLOR_YELLOW}JDBC_ROUTE${TEXT_RESET} By default routes are not exposed to public. To expose route, set this to public.
--db2-timezone ${COLOR_YELLOW}DB2_TIMEZONE${TEXT_RESET} DB2 DB Timezone (optional, DB2 default of "UTC" will be used if not specified)
--db2-backup-notify-slack-url ${COLOR_YELLOW}DB2_BACKUP_NOTIFY_SLACK_URL${TEXT_RESET} Slack URL to notify DB2 backup failures

Secrets Manager:
--secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET} Secrets Manager path
Expand Down Expand Up @@ -272,6 +273,10 @@ function gitops_db2u_database_noninteractive() {
--db2-timezone)
export DB2_TIMEZONE=$1 && shift
;;
# Optional DB2 Backup details
--db2-backup-notify-slack-url)
export DB2_BACKUP_NOTIFY_SLACK_URL=$1 && shift
;;


# Automatic GitHub Push
Expand Down Expand Up @@ -366,6 +371,9 @@ function gitops_db2u_database() {
# as both of these scrtipts modify the same file
GIT_LOCK_BRANCH=$(git_lock_branch_name "gitops-db2u-database" "${ACCOUNT_ID}" "${CLUSTER_ID}" "${MAS_INSTANCE_ID}")

export SECRET_NAME_DB2_BACKUP=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}db2_backup
export SECRET_NAME_ICD_AUTH_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}icd

#Defaults
if [[ -z $DB2_TLS_VERSION ]]; then
export DB2_TLS_VERSION=TLSv1.2
Expand Down Expand Up @@ -454,6 +462,21 @@ DB2_WORKLOAD: '${DB2_WORKLOAD}'"
if [[ -z $DB2_INSTANCE_NAME ]]; then
export DB2_INSTANCE_NAME=db2wh-${MAS_INSTANCE_ID}-${MAS_APP_ID}
fi
if [[ -z $DB2_BACKUP_BUCKET_NAME ]]; then
export DB2_BACKUP_BUCKET_NAME=${SECRET_NAME_DB2_BACKUP}#bucketName
fi
if [[ -z $SECRET_KEY_DB2_BACKUP_BUCKET_ACCESS_KEY ]]; then
export SECRET_KEY_DB2_BACKUP_BUCKET_ACCESS_KEY=${SECRET_NAME_DB2_BACKUP}#accessKey
fi
if [[ -z $SECRET_KEY_DB2_BACKUP_BUCKET_SECRET_KEY ]]; then
export SECRET_KEY_DB2_BACKUP_BUCKET_SECRET_KEY=${SECRET_NAME_DB2_BACKUP}#access_secret_key
fi
if [[ -z $DB2_BACKUP_BUCKET_ENDPOINT ]]; then
export DB2_BACKUP_BUCKET_ENDPOINT=${SECRET_NAME_DB2_BACKUP}#endpointURL
fi
if [[ -z $SECRET_KEY_DB2_BACKUP_ICD_AUTH_KEY ]]; then
export SECRET_KEY_DB2_BACKUP_ICD_AUTH_KEY=${SECRET_NAME_ICD_AUTH_KEY}#icd_auth_key
fi
export DB2_NAMESPACE="db2u-${MAS_INSTANCE_ID}"
export DB2_DBNAME=${DB2_DBNAME:-"BLUDB"}
export JDBC_ROUTE=${JDBC_ROUTE:-"default"}
Expand Down Expand Up @@ -555,6 +578,11 @@ DB2_WORKLOAD: '${DB2_WORKLOAD}'"

export SECRET_KEY_CLUSTER_DOMAIN=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}cluster_domain#cluster_domain

if [[ -n "$DB2_BACKUP_NOTIFY_SLACK_URL" && -n "$ICD_AUTH_KEY" ]]; then
TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_db2u_database\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
sm_update_secret ${SECRET_NAME_ICD_AUTH_KEY} "{\"icd_auth_key\": \"${ICD_AUTH_KEY}\"}" "${TAGS}"
fi

TEMP_DIR=$GITOPS_WORKING_DIR/tmp-db2u-database
mkdir -p $TEMP_DIR

Expand All @@ -581,6 +609,14 @@ DB2_WORKLOAD: '${DB2_WORKLOAD}'"
export DB2_INSTANCE_REGISTRY=$(cat ${DB2_INSTANCE_REGISTRY_YAML})
fi

# Optional DB backup configs
# ---------------------------------------------------------------------------
if [[ -n "$DB2_BACKUP_NOTIFY_SLACK_URL" && -n "$ICD_AUTH_KEY" ]]; then
echo
echo_h2 "Optional DB backup configurations are provided"
export BACKUP=true
fi

if [ -z $GIT_SSH ]; then
export GIT_SSH=false
fi
Expand Down
41 changes: 38 additions & 3 deletions image/cli/mascli/functions/gitops_deprovision_cos
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,11 @@ function gitops_deprovision_cos() {
sensitive = false
}

output "s3db2" {
value = module.s3db2
sensitive = false
}

module "s3c" {
name_prefix = local.name_prefix
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3.git//module?ref=1.0.1"
Expand Down Expand Up @@ -260,6 +265,15 @@ function gitops_deprovision_cos() {
force_bucket_destroy = true
}

module "s3db2" {
name_prefix = local.name_prefix
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3.git//module?ref=1.0.1"
s3_bucket = "${CLUSTER_ID}-${MAS_INSTANCE_ID}-s3db2"
s3_encryption = true
s3_encryption_algorithm = "AES256"
force_bucket_destroy = true
}

output "s3c_access_point" {
value = module.s3c_access_point
sensitive = false
Expand All @@ -275,8 +289,13 @@ function gitops_deprovision_cos() {
sensitive = false
}

output "s3db2_access_point" {
value = module.s3db2_access_point
sensitive = false
}

module "s3c_access_point" {
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.8"
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.10"
name_prefix = local.name_prefix
s3_access_point_bucket_id = module.s3c.s3_bucket_id
s3_bucket_arn = module.s3c.s3_bucket_arn
Expand All @@ -292,7 +311,7 @@ function gitops_deprovision_cos() {
}

module "s3a_access_point" {
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.8"
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.10"
name_prefix = local.name_prefix
s3_access_point_bucket_id = module.s3a.s3_bucket_id
s3_bucket_arn = module.s3a.s3_bucket_arn
Expand All @@ -308,7 +327,7 @@ function gitops_deprovision_cos() {
}

module "s3l_access_point" {
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.8"
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.10"
name_prefix = local.name_prefix
s3_access_point_bucket_id = module.s3l.s3_bucket_id
s3_bucket_arn = module.s3l.s3_bucket_arn
Expand All @@ -322,6 +341,22 @@ function gitops_deprovision_cos() {
secret_suffix = "manage_logging/s3secretkey"
manage_secret_format = true
}

module "s3db2_access_point" {
source = "git::https://git:[email protected]/maximoappsuite/mas-iac-aws-s3-access-point.git//module?ref=1.0.10"
name_prefix = local.name_prefix
s3_access_point_bucket_id = module.s3db2.s3_bucket_id
s3_bucket_arn = module.s3db2.s3_bucket_arn
s3_bucket_region = module.s3db2.s3_bucket_region
s3_access_point_name = "${CLUSTER_ID}-${MAS_INSTANCE_ID}-s3db2-access"
s3_access_point_policy_actions = [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:ListBucket" ]
s3_access_point_user = "${CLUSTER_ID}-${MAS_INSTANCE_ID}-s3db2-user"
mas_cluster_id = "$CLUSTER_ID"
mas_instance_id = "$MAS_INSTANCE_ID"
secret_recovery_days = 0
secret_suffix = "db2_backup"
manage_secret_format = true
}
EOF

cat > $TEMP_DIR/provider.tf <<EOF
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,13 @@ storage_class_definitions:
{% filter indent(width=2) -%}
{{STORAGE_CLASS_DEFINITIONS}}
{%- endfilter %}
{% endif %}

{% if BACKUP %}
db2_backup_bucket_name: <path:{{ SECRETS_PATH }}:{{ DB2_BACKUP_BUCKET_NAME }}>
db2_backup_bucket_endpoint: <path:{{ SECRETS_PATH }}:{{ DB2_BACKUP_BUCKET_ENDPOINT }}>
db2_backup_bucket_access_key: <path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DB2_BACKUP_BUCKET_ACCESS_KEY }}>
db2_backup_bucket_secret_key: <path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DB2_BACKUP_BUCKET_SECRET_KEY }}>
db2_backup_notify_slack_url: {{DB2_BACKUP_NOTIFY_SLACK_URL}}
db2_backup_icd_auth_key: <path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DB2_BACKUP_ICD_AUTH_KEY }}>
{% endif %}
7 changes: 7 additions & 0 deletions tekton/src/pipelines/gitops/gitops-mas-apps.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,9 @@ spec:
- name: db2_timezone
type: string
default: ""
- name: db2_backup_notify_slack_url
type: string
default: ""

- name: custom_labels
type: string
Expand Down Expand Up @@ -651,6 +654,8 @@ spec:
value: $(params.jdbc_route_iot)
- name: db2_timezone
value: $(params.db2_timezone)
- name: db2_backup_notify_slack_url
value: $(params.db2_backup_notify_slack_url)

workspaces:
- name: configs
Expand Down Expand Up @@ -809,6 +814,8 @@ spec:
value: $(params.jdbc_route_manage)
- name: db2_timezone
value: $(params.db2_timezone)
- name: db2_backup_notify_slack_url
value: $(params.db2_backup_notify_slack_url)

workspaces:
- name: configs
Expand Down
5 changes: 5 additions & 0 deletions tekton/src/tasks/gitops/gitops-db2u-database.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,9 @@ spec:
- name: jdbc_route
type: string
default: ""
- name: db2_backup_notify_slack_url
type: string
default: ""
stepTemplate:
name: gitops-db2u-database
env:
Expand Down Expand Up @@ -218,6 +221,8 @@ spec:
value: $(params.mas_app_id)
- name: JDBC_ROUTE
value: $(params.jdbc_route)
- name: DB2_BACKUP_NOTIFY_SLACK_URL
value: $(params.db2_backup_notify_slack_url)
envFrom:
- configMapRef:
name: environment-properties
Expand Down
Loading