From 10871f283d3e8c1c848d89dbba7610b52f5669e6 Mon Sep 17 00:00:00 2001 From: ChrisBAshton Date: Fri, 10 Dec 2021 11:48:21 +0000 Subject: [PATCH] Configure account_api_db_admin machine class This creates a dedicated database admin machine for the Account API, following the content_data_api_db_admin convention. This is in order to facilitate the implementation of [RFC-143][], which concludes that every GOV.UK relational database should have its own RDS instance. [RFC-143]: https://github.com/alphagov/govuk-rfcs/blob/main/rfc-143-split-database-instances.md --- .../integration/account_api_db_admin.yaml | 25 +++++++++++ .../production/account_api_db_admin.yaml | 13 ++++++ .../class/staging/account_api_db_admin.yaml | 25 +++++++++++ hieradata_aws/common.yaml | 3 ++ .../manifests/node/s_account_api_db_admin.pp | 45 +++++++++++++++++++ spec/fixtures/hieradata/common.yaml | 1 + 6 files changed, 112 insertions(+) create mode 100644 hieradata_aws/class/integration/account_api_db_admin.yaml create mode 100644 hieradata_aws/class/production/account_api_db_admin.yaml create mode 100644 hieradata_aws/class/staging/account_api_db_admin.yaml create mode 100644 modules/govuk/manifests/node/s_account_api_db_admin.pp diff --git a/hieradata_aws/class/integration/account_api_db_admin.yaml b/hieradata_aws/class/integration/account_api_db_admin.yaml new file mode 100644 index 0000000000..9ff2eaae90 --- /dev/null +++ b/hieradata_aws/class/integration/account_api_db_admin.yaml @@ -0,0 +1,25 @@ +govuk_env_sync::tasks: + "pull_account_api_production_daily": + ensure: "present" + hour: "0" + minute: "0" + action: "pull" + dbms: "postgresql" + storagebackend: "s3" + database: "account-api_production" + database_hostname: "account-api-postgresql" + temppath: "/tmp/account_api_production" + url: "govuk-production-database-backups" + path: "account-api-postgresql" + # "push_account_api_production_daily": + # ensure: "present" + # hour: "5" + # minute: "0" + # action: "push" + # dbms: "postgresql" + # storagebackend: "s3" + # database: "account-api_production" + # database_hostname: "account-api-postgresql" + # temppath: "/tmp/account_api_production" + # url: "govuk-integration-database-backups" + # path: "account-api-postgresql" diff --git a/hieradata_aws/class/production/account_api_db_admin.yaml b/hieradata_aws/class/production/account_api_db_admin.yaml new file mode 100644 index 0000000000..c803709ca5 --- /dev/null +++ b/hieradata_aws/class/production/account_api_db_admin.yaml @@ -0,0 +1,13 @@ +# govuk_env_sync::tasks: +# "push_account_api_production_daily": +# ensure: "present" +# hour: "23" +# minute: "0" +# action: "push" +# dbms: "postgresql" +# storagebackend: "s3" +# database: "account-api_production" +# database_hostname: "account-api-postgresql" +# temppath: "/tmp/account_api_production" +# url: "govuk-production-database-backups" +# path: "account-api-postgresql" diff --git a/hieradata_aws/class/staging/account_api_db_admin.yaml b/hieradata_aws/class/staging/account_api_db_admin.yaml new file mode 100644 index 0000000000..cf9d58c2b6 --- /dev/null +++ b/hieradata_aws/class/staging/account_api_db_admin.yaml @@ -0,0 +1,25 @@ +govuk_env_sync::tasks: + "pull_account_api_production_daily": + ensure: "present" + hour: "0" + minute: "0" + action: "pull" + dbms: "postgresql" + storagebackend: "s3" + database: "account-api_production" + database_hostname: "account-api-postgresql" + temppath: "/tmp/account_api_production" + url: "govuk-production-database-backups" + path: "account-api-postgresql" + # "push_account_api_production_daily": + # ensure: "present" + # hour: "5" + # minute: "0" + # action: "push" + # dbms: "postgresql" + # storagebackend: "s3" + # database: "account-api_production" + # database_hostname: "account-api-postgresql" + # temppath: "/tmp/account_api_production" + # url: "govuk-staging-database-backups" + # path: "account-api-postgresql" diff --git a/hieradata_aws/common.yaml b/hieradata_aws/common.yaml index 37028a43b0..ebea215bc4 100644 --- a/hieradata_aws/common.yaml +++ b/hieradata_aws/common.yaml @@ -782,6 +782,8 @@ govuk::apps::transition::redis_port: "%{hiera('sidekiq_port')}" govuk::apps::travel_advice_publisher::redis_host: "%{hiera('sidekiq_host')}" govuk::apps::travel_advice_publisher::redis_port: "%{hiera('sidekiq_port')}" +# TODO: switch to "account-api-postgresql" and uncomment the 'push' +# `govuk_env_sync::tasks` tasks when we're ready to switch to the dedicated RDS instance govuk::apps::account_api::db_hostname: "postgresql-primary" govuk::apps::account_api::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24" govuk::apps::account_api::db::allow_auth_from_lb: true @@ -857,6 +859,7 @@ govuk::node::s_base::log_remote: false govuk::node::s_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" govuk::node::s_db_admin::apt_mirror_gpg_key_fingerprint: "%{hiera('apt_mirror_fingerprint')}" +govuk::node::s_account_api_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" govuk::node::s_content_data_api_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" govuk::node::s_gatling::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" diff --git a/modules/govuk/manifests/node/s_account_api_db_admin.pp b/modules/govuk/manifests/node/s_account_api_db_admin.pp new file mode 100644 index 0000000000..70c2836059 --- /dev/null +++ b/modules/govuk/manifests/node/s_account_api_db_admin.pp @@ -0,0 +1,45 @@ +# == Class: govuk_node::s_account_api_db_admin +# +# This machine class is used to administer the Account API +# PostgreSQL RDS instances. +# +# === Parameters +# +# [*postgres_host*] +# Hostname of the RDS database to use. +# Default: undef +# +# [*postgres_user*] +# The PostgreSQL user to use for admisistering the database. +# Default: undef +# +# [*postgres_password*] +# The password corresponding to the above `postgres_user`. +# Default: undef +# +# [*postgres_port*] +# The port with which to connect to the `postgres_host`. +# Default: '5432' +# +class govuk::node::s_account_api_db_admin( + $postgres_host = undef, + $postgres_user = undef, + $postgres_password = undef, + $postgres_port = '5432', + $apt_mirror_hostname, +) { + include govuk_env_sync + include ::govuk::node::s_base + + # include the common config/tooling required for our app-specific DB admin class + class { '::govuk::nodes::postgresql_db_admin': + postgres_host => $postgres_host, + postgres_user => $postgres_user, + postgres_password => $postgres_password, + postgres_port => $postgres_port, + apt_mirror_hostname => $apt_mirror_hostname, + } -> + + # include all PostgreSQL classes that create databases and users + class { '::govuk::apps::account_api::db': } +} diff --git a/spec/fixtures/hieradata/common.yaml b/spec/fixtures/hieradata/common.yaml index d7c46973f9..c9a0994e4b 100644 --- a/spec/fixtures/hieradata/common.yaml +++ b/spec/fixtures/hieradata/common.yaml @@ -34,6 +34,7 @@ govuk::deploy::sync::auth_token: "example-auth-token" govuk::node::s_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" govuk::node::s_db_admin::apt_mirror_gpg_key_fingerprint: "%{hiera('apt_mirror_fingerprint')}" +govuk::node::s_account_api_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" govuk::node::s_content_data_api_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" govuk::node::s_graphite::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}" govuk::node::s_graphite::apt_mirror_gpg_key_fingerprint: "%{hiera('apt_mirror_fingerprint')}"