From 3da6dac36eb7d93fe893b62e1d5b70664883b0f3 Mon Sep 17 00:00:00 2001
From: Ollie Treend <ollie.treend@digital.cabinet-office.gov.uk>
Date: Wed, 15 Dec 2021 15:43:29 +0000
Subject: [PATCH] Configure contacts_admin_db_admin machine class

This creates a dedicated database admin machine for Contacts Admin, following the Account API convention devised in #11342.

This is in order to facilitate the implementation of [RFC-143][], which concludes that every GOV.UK relational database should have its own RDS instance.

Trello: https://trello.com/c/HjK4AbUS/49-configure-puppet-for-new-db-admin-mysql-instances

[RFC-143]: https://github.com/alphagov/govuk-rfcs/blob/main/rfc-143-split-database-instances.md
---
 hieradata_aws/class/backend.yaml              |  2 ++
 .../integration/contacts_admin_db_admin.yaml  | 25 ++++++++++++++
 .../production/contacts_admin_db_admin.yaml   | 13 +++++++
 .../staging/contacts_admin_db_admin.yaml      | 25 ++++++++++++++
 modules/govuk/manifests/apps/contacts/db.pp   |  2 +-
 .../node/s_contacts_admin_db_admin.pp         | 34 +++++++++++++++++++
 6 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 hieradata_aws/class/integration/contacts_admin_db_admin.yaml
 create mode 100644 hieradata_aws/class/production/contacts_admin_db_admin.yaml
 create mode 100644 hieradata_aws/class/staging/contacts_admin_db_admin.yaml
 create mode 100644 modules/govuk/manifests/node/s_contacts_admin_db_admin.pp

diff --git a/hieradata_aws/class/backend.yaml b/hieradata_aws/class/backend.yaml
index ab1b40c914..cd603b3a90 100644
--- a/hieradata_aws/class/backend.yaml
+++ b/hieradata_aws/class/backend.yaml
@@ -1,6 +1,8 @@
 ---
 
 govuk::apps::contacts::vhost: contacts-admin
+# TODO: switch to "contacts-admin-mysql" and uncomment the 'push'
+# `govuk_env_sync::tasks` tasks when we're ready to switch to the dedicated RDS instance
 govuk::apps::contacts::db_hostname: 'mysql-primary'
 govuk::apps::contacts::db_username: 'contacts'
 govuk::apps::contacts::db_password: "%{hiera('govuk::apps::contacts::db::mysql_contacts_admin')}"
diff --git a/hieradata_aws/class/integration/contacts_admin_db_admin.yaml b/hieradata_aws/class/integration/contacts_admin_db_admin.yaml
new file mode 100644
index 0000000000..16f769061e
--- /dev/null
+++ b/hieradata_aws/class/integration/contacts_admin_db_admin.yaml
@@ -0,0 +1,25 @@
+govuk_env_sync::tasks:
+  "pull_contacts_admin_production_daily":
+    ensure: "present"
+    hour: "0"
+    minute: "0"
+    action: "pull"
+    dbms: "mysql"
+    storagebackend: "s3"
+    database: "contacts_production"
+    database_hostname: "contacts-admin-mysql"
+    temppath: "/tmp/contacts_admin_production"
+    url: "govuk-production-database-backups"
+    path: "contacts-admin-mysql"
+  # "push_contacts_admin_production_daily":
+  #   ensure: "present"
+  #   hour: "5"
+  #   minute: "0"
+  #   action: "push"
+  #   dbms: "mysql"
+  #   storagebackend: "s3"
+  #   database: "contacts_production"
+  #   database_hostname: "contacts-admin-mysql"
+  #   temppath: "/tmp/contacts_admin_production"
+  #   url: "govuk-integration-database-backups"
+  #   path: "contacts-admin-mysql"
diff --git a/hieradata_aws/class/production/contacts_admin_db_admin.yaml b/hieradata_aws/class/production/contacts_admin_db_admin.yaml
new file mode 100644
index 0000000000..8da3c61866
--- /dev/null
+++ b/hieradata_aws/class/production/contacts_admin_db_admin.yaml
@@ -0,0 +1,13 @@
+# govuk_env_sync::tasks:
+#   "push_contacts_admin_production_daily":
+#     ensure: "present"
+#     hour: "23"
+#     minute: "0"
+#     action: "push"
+#     dbms: "mysql"
+#     storagebackend: "s3"
+#     database: "contacts_production"
+#     database_hostname: "contacts-admin-mysql"
+#     temppath: "/tmp/contacts_admin_production"
+#     url: "govuk-production-database-backups"
+#     path: "contacts-admin-mysql"
diff --git a/hieradata_aws/class/staging/contacts_admin_db_admin.yaml b/hieradata_aws/class/staging/contacts_admin_db_admin.yaml
new file mode 100644
index 0000000000..68d2d81164
--- /dev/null
+++ b/hieradata_aws/class/staging/contacts_admin_db_admin.yaml
@@ -0,0 +1,25 @@
+govuk_env_sync::tasks:
+  "pull_contacts_admin_production_daily":
+    ensure: "present"
+    hour: "0"
+    minute: "0"
+    action: "pull"
+    dbms: "mysql"
+    storagebackend: "s3"
+    database: "contacts_production"
+    database_hostname: "contacts-admin-mysql"
+    temppath: "/tmp/contacts_admin_production"
+    url: "govuk-production-database-backups"
+    path: "contacts-admin-mysql"
+  # "push_contacts_admin_production_daily":
+  #   ensure: "present"
+  #   hour: "5"
+  #   minute: "0"
+  #   action: "push"
+  #   dbms: "mysql"
+  #   storagebackend: "s3"
+  #   database: "contacts_production"
+  #   database_hostname: "contacts-admin-mysql"
+  #   temppath: "/tmp/contacts_admin_production"
+  #   url: "govuk-staging-database-backups"
+  #   path: "contacts-admin-mysql"
diff --git a/modules/govuk/manifests/apps/contacts/db.pp b/modules/govuk/manifests/apps/contacts/db.pp
index 0ba44e3846..c4515bc2d6 100644
--- a/modules/govuk/manifests/apps/contacts/db.pp
+++ b/modules/govuk/manifests/apps/contacts/db.pp
@@ -1,6 +1,6 @@
 # == Class: govuk::apps:contacts:db
 #
-# MySQL to store content for the Contacts app
+# MySQL to store content for the Contacts Admin app
 # https://github.com/alphagov/contacts-admin
 #
 # === Parameters
diff --git a/modules/govuk/manifests/node/s_contacts_admin_db_admin.pp b/modules/govuk/manifests/node/s_contacts_admin_db_admin.pp
new file mode 100644
index 0000000000..c4c7d82d48
--- /dev/null
+++ b/modules/govuk/manifests/node/s_contacts_admin_db_admin.pp
@@ -0,0 +1,34 @@
+# == Class: govuk_node::s_contacts_admin_db_admin
+#
+# This machine class is used to administer the Contacts Admin
+# MySQL RDS instances.
+#
+# === Parameters
+#
+# [*mysql_db_host*]
+#  The database hostname
+#
+# [*mysql_db_password*]
+#  The database password
+#
+# [*mysql_db_user*]
+#  The database user to connect to the remote database as
+#
+class govuk::node::s_contacts_admin_db_admin(
+  $mysql_db_host     = undef,
+  $mysql_db_password = undef,
+  $mysql_db_user     = undef,
+) {
+  include ::govuk::node::s_base
+  include govuk_env_sync
+
+  file { '/root/.my.cnf':
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'root',
+    content => template('govuk/mysql_my.cnf.erb'),
+  }
+
+  # include all MySQL classes that create databases and users
+  -> class { '::govuk::apps::contacts::db': }
+}