-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathyliheitto.sh
executable file
·132 lines (115 loc) · 4.57 KB
/
yliheitto.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/env bash
set -o errexit -o nounset -o pipefail
source "$( dirname "${BASH_SOURCE[0]}" )/scripts/lib/common-functions.sh"
export OPINTOPOLKU_SERVICE_NAME="koodisto"
export IMAGE_TAG="koodisto-psql-tunnel"
export DBNAME="${OPINTOPOLKU_SERVICE_NAME}"
export ECS_CLUSTER_NAME="Cluster"
export SERVICE_NAME="Bastion"
export DB_SECRET="KoodistoDatabaseSecret"
function main {
export ENV="$1"; shift
init_cloud_base_virtualenv
export_aws_credentials "${ENV}"
if [ "${ENV}" = "hahtuva" ]; then
export SOURCE_ENV="hahtuva"
export TARGET_ENV="hahtuva"
export SOURCE_PROFILE="oph-dev"
export SOURCE_TUNNEL_PORT="6671"
export TARGET_TUNNEL_PORT="6672"
source_db_hostname="${OPINTOPOLKU_SERVICE_NAME}.db.hahtuvaopintopolku.fi"
elif [ "${ENV}" = "dev" ]; then
export SOURCE_ENV="untuva"
export TARGET_ENV="dev"
export SOURCE_PROFILE="oph-dev"
export SOURCE_TUNNEL_PORT="6673"
export TARGET_TUNNEL_PORT="6674"
source_db_hostname="${OPINTOPOLKU_SERVICE_NAME}.db.untuvaopintopolku.fi"
elif [ "${ENV}" = "qa" ]; then
export SOURCE_ENV="pallero"
export TARGET_ENV="qa"
export SOURCE_PROFILE="oph-dev"
export SOURCE_TUNNEL_PORT="6675"
export TARGET_TUNNEL_PORT="6676"
source_db_hostname="${OPINTOPOLKU_SERVICE_NAME}.db.testiopintopolku.fi"
elif [ "${ENV}" = "prod" ]; then
export SOURCE_ENV="sade"
export TARGET_ENV="prod"
export SOURCE_PROFILE="oph-prod"
export SOURCE_TUNNEL_PORT="6677"
export TARGET_TUNNEL_PORT="6678"
source_db_hostname="${OPINTOPOLKU_SERVICE_NAME}.db.opintopolku.fi"
fi
start_source_tunnel "${SOURCE_TUNNEL_PORT}:${source_db_hostname}:5432"
start_target_tunnel
do_the_heitto
}
function do_the_heitto {
source_db_username="app"
source_db_password="$( get_parameter "/${SOURCE_ENV}/postgresqls/${OPINTOPOLKU_SERVICE_NAME}/app-user-password" )"
info "Fetching target password from AWS Secrets manager"
target_username="$(aws secretsmanager get-secret-value --secret-id "${DB_SECRET}" --query 'SecretString' --output text | jq -r '.username')"
target_password="$(aws secretsmanager get-secret-value --secret-id "${DB_SECRET}" --query 'SecretString' --output text | jq -r '.password')"
cd "${repo}"
PGPASSWORD="${source_db_password}" pg_dump --user "${source_db_username}" --host localhost --port ${SOURCE_TUNNEL_PORT} --dbname ${DBNAME} --verbose --format=custom --exclude-schema=export | \
PGPASSWORD="${target_password}" pg_restore --user "${target_username}" --host localhost --port ${TARGET_TUNNEL_PORT} --dbname ${DBNAME} --verbose --clean --no-owner --no-privileges
}
function start_target_tunnel {
cd "${repo}/scripts/tunnel"
docker build --tag "${IMAGE_TAG}" .
info "Starting tunnel from port $TARGET_TUNNEL_PORT to RDS"
set -x
container_id=$( docker run \
--env ECS_CLUSTER_NAME --env SERVICE_NAME --env DB_SECRET \
--env AWS_PROFILE --env AWS_REGION --env AWS_DEFAULT_REGION \
--env AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \
--env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN \
--volume "${HOME}/.aws:/root/.aws" \
--detach \
--publish "$TARGET_TUNNEL_PORT:1111" \
--name "${IMAGE_TAG}-${TARGET_ENV}" \
--rm "${IMAGE_TAG}" )
set +x
trap "docker kill \"${IMAGE_TAG}-${TARGET_ENV}\"" EXIT
docker container logs --follow "${IMAGE_TAG}-${TARGET_ENV}" &
pid_logs=$!
info "Waiting until ${container_id} is healthy"
while ! is_container_healthy ${container_id}; do sleep 1; done
kill ${pid_logs}
}
function is_container_healthy {
local container_id="$1"
local status="$(docker inspect --format='{{.State.Health.Status}}' ${container_id})"
if [[ "$status" == "healthy" ]]; then
return 0
else
return 1
fi
}
function start_source_tunnel {
local -r tunnel="$1"
info "Starting SSH tunnel"
# SSH keeps the connection and tunnel open until both the command executed is finished and all connections through
# the tunnel are closed. Therefore as long as we have the psql connection open, the tunnel will stay open and close
# automatically when all connections are closed.
ssh -f -L "${tunnel}" "${SOURCE_ENV}-bastion" sleep 30
}
function get_parameter {
local -r parameter_name="$1"
aws ssm get-parameter \
--name "${parameter_name}" \
--with-decryption \
--region eu-west-1 \
--profile "${SOURCE_PROFILE}" \
--query "Parameter.Value" \
--output text
}
function init_cloud_base_virtualenv {
pushd "${repo}/../cloud-base"
info "Pulling latest cloud-base"
git pull --rebase
. oph-venv/bin/activate
pip install --requirement requirements.txt > /dev/null
popd
}
time main "$@"