WIP

cloudfoundry · Aug 26, 2024 · e737988 · e737988
1 parent ef8ebd0
commit e737988
Show file tree

Hide file tree

Showing 18 changed files with 647 additions and 205 deletions.
diff --git a/Makefile b/Makefile
@@ -453,5 +453,7 @@ go-get-u: $(addsuffix .go-get-u,$(go_modules))
 	go get -u ./...
 
 
-mta-deploy:
-	@make --directory='./src/autoscaler' mta-deploy
+deploy-apps:
+	echo " - deploying apps"
+	DEBUG="${DEBUG}" ${CI_DIR}/autoscaler/scripts/deploy-apps.sh
+
diff --git a/ci/autoscaler/scripts/deploy-apps.sh b/ci/autoscaler/scripts/deploy-apps.sh
@@ -6,14 +6,37 @@ script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "${script_dir}/common.sh"
 source "${script_dir}/vars.source.sh"
 
+pushd "${bbl_state_path}" > /dev/null
+  eval "$(bbl print-env)"
+popd > /dev/null
+
+function fetch_certs() {
+	pushd "${autoscaler_dir}/src/autoscaler" > /dev/null
+		mkdir -p build/assets/certs/storedprocedure_db build/assets/certs/syslog_client
+
+		echo "Pulling storeprocedure db certs ..."
+		credhub get -n /bosh-autoscaler/${deployment_name}/postgres_server --key ca --quiet 		 > build/assets/certs/storedprocedure_db/ca.crt
+		credhub get -n /bosh-autoscaler/${deployment_name}/postgres_server --key certificate --quiet > build/assets/certs/storedprocedure_db/crt
+		credhub get -n /bosh-autoscaler/${deployment_name}/postgres_server --key private_key --quiet > build/assets/certs/storedprocedure_db/key
+
+		echo "Pulling syslog-client certs..."
+		credhub get -n /bosh-autoscaler/cf/syslog_agent_log_cache_tls --key ca --quiet			> build/assets/certs/syslog_client/ca.crt
+		credhub get -n /bosh-autoscaler/cf/syslog_agent_log_cache_tls --key certificate --quiet > build/assets/certs/syslog_client/client.crt
+		credhub get -n /bosh-autoscaler/cf/syslog_agent_log_cache_tls --key private_key --quiet > build/assets/certs/syslog_client/client.key
+	popd > /dev/null
+}
+
 function deploy() {
   log "Deploying autoscaler apps for bosh deployment '${deployment_name}' "
   pushd "${autoscaler_dir}/src/autoscaler" > /dev/null
     make mta-deploy
   popd > /dev/null
 }
 
+
+
 bosh_login
 cf_login
 cf_target "${autoscaler_org}" "${autoscaler_space}"
+fetch_certs
 deploy
diff --git a/ci/infrastructure/scripts/deploy-multiapps-controller.sh b/ci/infrastructure/scripts/deploy-multiapps-controller.sh
@@ -23,7 +23,6 @@ function deploy_multiapps_controller() {
   mv multiapps-controller-web-war/*.war .
   pushd multiapps-controller-web-manifest
   cf push -f ./*.yml "${app_name}"
-
   popd
 }
 

diff --git a/operations/use-cf-services.yml b/operations/use-cf-services.yml
@@ -4,11 +4,6 @@
     host: ((metricsforwarder_host))
     mtls_host: ((metricsforwarder_host))
 
-# Set the same port for metricsforwarder and healthenpoint routes
-- type: replace
-  path: /instance_groups/name=metricsforwarder/jobs/name=route_registrar/properties/route_registrar/routes/name=autoscaler_metricsforwarder_health/port
-  value: 6201
-
   ## add router tcp route for postgres
 - type: replace
   path: /instance_groups/name=postgres/jobs/-
@@ -53,3 +48,6 @@
 - type: replace
   path: /variables/name=postgres_client/options/alternative_names/-
   value: ((deployment_name))-postgres.tcp.((system_domain))
+
+- type: remove
+  path: /instance_groups/name=metricsforwarder
diff --git a/src/autoscaler/Makefile b/src/autoscaler/Makefile
@@ -12,7 +12,7 @@ PACKAGE_DIRS = $(shell go list './...' | grep --invert-match --regexp='/vendor/'
 DB_HOST ?= localhost
 DBURL ?= "postgres://postgres:postgres@${DB_HOST}/autoscaler?sslmode=disable"
 
-METRICSFORWARDER_APPNAME ?= "metricsforwarder"
+MAKEFILE_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
 EXTENSION_FILE := $(shell mktemp)
 
 export GOWORK=off
@@ -53,7 +53,7 @@ generate-fakes: ${app-fakes-dir} ${app-fakes-files} ${openapi-generated-clients-
 ${app-fakes-dir} ${app-fakes-files} &: ./go.mod ./go.sum ./generate-fakes.go
 	@echo "# Generating counterfeits"
 	mkdir -p '${app-fakes-dir}'
-	COUNTERFEITER_NO_GENERATE_WARNING='true' go generate './...'
+	COUNTERFEITER_DEBUG='true' COUNTERFEITER_NO_GENERATE_WARNING='true' go generate './...'
 
 
 go_deps_without_generated_sources = $(shell find . -type f -name '*.go' \
@@ -154,14 +154,12 @@ clean:
 .PHONY: mta-deploy
 mta-deploy: mta-build build-extension-file
 	$(MAKE) -f metricsforwarder/Makefile set-security-group
-	$(MAKE) -f metricsforwarder/Makefile stop-metricsforwarder-vm
 	@echo "Deploying with extension file: $(EXTENSION_FILE)"
-	@cf deploy mta_archives/*.mtar -f -e $(EXTENSION_FILE)
+	@cf deploy mta_archives/*.mtar -f --delete-services -e $(EXTENSION_FILE)
 
 build-extension-file:
-	cp example.mtaext $(EXTENSION_FILE);
-	sed -i "s/APP_NAME/$(METRICSFORWARDER_APPNAME)/g" $(EXTENSION_FILE);
-	echo "EXTENSION_FILE: $(EXTENSION_FILE)"
+	echo "extension file at: $(EXTENSION_FILE)"
+	$(MAKEFILE_DIR)/build-extension-file.sh $(EXTENSION_FILE);
 
 mta-logs:
 	rm -rf mta-*
@@ -170,7 +168,6 @@ mta-logs:
 
 .PHONY: mta-build
 mta-build: mta-build-clean cf-build
-	$(MAKE) -f metricsforwarder/Makefile fetch-config
 	mbt build
 
 mta-build-clean:

diff --git a/src/autoscaler/build-extension-file.sh b/src/autoscaler/build-extension-file.sh
@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ -z "$1" ]; then
+  echo "extension file path not provided"
+  exit 1
+else
+  extension_file_path=$1
+fi
+
+if [ -z "${DEPLOYMENT_NAME}" ]; then
+  echo "DEPLOYMENT_NAME is not set"
+  exit 1
+fi
+
+export SYSTEM_DOMAIN="autoscaler.app-runtime-interfaces.ci.cloudfoundry.org"
+export POSTGRES_ADDRESS="${DEPLOYMENT_NAME}-postgres.tcp.${SYSTEM_DOMAIN}"
+export STOREPROCEDURE_DB_PASSWORD="$(credhub get -n /bosh-autoscaler/${DEPLOYMENT_NAME}/database_password --quiet)"
+export POSTGRES_EXTERNAL_PORT="${PR_NUMBER:-5432}"
+
+export METRICSFORWARDER_HEALTH_PASSWORD="$(credhub get -n /bosh-autoscaler/${DEPLOYMENT_NAME}/autoscaler_metricsforwarder_health_password --quiet)"
+export METRICSFORWARDER_APPNAME="${METRICSFORWARDER_APPNAME:-"${DEPLOYMENT_NAME}-metricsforwarder"}"
+
+export POLICY_DB_PASSWORD="$(credhub get -n /bosh-autoscaler/${DEPLOYMENT_NAME}/database_password --quiet)"
+export POLICY_DB_SERVER_CA="$(credhub get -n /bosh-autoscaler/${DEPLOYMENT_NAME}/postgres_server --key ca --quiet )"
+export POLICY_DB_CLIENT_CERT="$(credhub get -n /bosh-autoscaler/${DEPLOYMENT_NAME}/postgres_server --key certificate --quiet)"
+export POLICY_DB_CLIENT_KEY="$(credhub get -n /bosh-autoscaler/${DEPLOYMENT_NAME}/postgres_server --key private_key --quiet)"
+
+
+export STOREPROCEDURE_DB_PASSWORD="${POLICY_DB_PASSWORD}"
+export STOREPROCEDURE_DB_SERVER_CA="${POLICY_DB_SERVER_CA}"
+export STOREPROCEDURE_DB_CLIENT_CERT="${POLICY_DB_CLIENT_CERT}"
+export STOREPROCEDURE_DB_CLIENT_KEY="${POLICY_DB_CLIENT_KEY}"
+
+
+if [ -z "${PR_NUMBER}" ]; then
+  echo "PR_NUMBER is not set"
+  exit 1
+fi
+
+
+if [ -z "${SYSTEM_DOMAIN}" ]; then
+  echo "SYSTEM_DOMAIN is not set"
+  exit 1
+fi
+
+if [ -z "${POSTGRES_ADDRESS}" ]; then
+  echo "POSTGRES_ADDRESS is not set"
+  exit 1
+fi
+
+cat <<EOF > "${extension_file_path}"
+ID: development
+extends: com.github.cloudfoundry.app-autoscaler-release
+version: 1.0.0
+_schema-version: 3.3.0
+
+modules:
+  - name: metricsforwarder
+    parameters:
+      routes:
+      - route: ${METRICSFORWARDER_APPNAME}.\${default-domain}
+
+resources:
+- name: config
+  parameters:
+    config:
+      metricsforwarder:
+        health:
+          password: "${METRICSFORWARDER_HEALTH_PASSWORD}"
+        db:
+          storedprocedure_db:
+            url: "postgres://postgres:STOREPROCEDURE_DB_PASSWORD@$POSTGRES_ADDRESS:POSTGRES_EXTERNAL_PORT/autoscaler?application_name=metricsforwarder&sslmode=verify-full&sslrootcert=/home/vcap/app/assets/certs/storedprocedure_db/ca.crt&sslcert=/home/vcap/app/assets/certs/storedprocedure_db/crt&sslkey=/home/vcap/app/assets/certs/storedprocedure_db/key"
+- name: policydb
+  parameters:
+    config:
+      uri: "postgres://postgres:${POLICY_DB_PASSWORD}@${POSTGRES_ADDRESS}:${POSTGRES_EXTERNAL_PORT}/autoscaler?application_name=metricsforwarder&sslmode=verify-full"
+      client_cert: "${POLICY_DB_CLIENT_CERT//$'\n'/\\n}"
+      client_key: "${POLICY_DB_CLIENT_KEY//$'\n'/\\n}"
+      server_ca: "${POLICY_DB_SERVER_CA//$'\n'/\\n}"
+- name: storedproceduredb
+  parameters:
+    config:
+      uri: "postgres://postgres:${STOREPROCEDURE_DB_PASSWORD}@${POSTGRES_ADDRESS}:${POSTGRES_EXTERNAL_PORT}/autoscaler?application_name=metricsforwarder&sslmode=verify-full"
+      client_cert: "${STOREPROCEDURE_DB_CLIENT_CERT//$'\n'/\\n}"
+      client_key: "${STOREPROCEDURE_DB_CLIENT_KEY//$'\n'/\\n}"
+      server_ca: "${STOREPROCEDURE_DB_SERVER_CA//$'\n'/\\n}"
+EOF
diff --git a/src/autoscaler/configutil/cf.go b/src/autoscaler/configutil/cf.go
@@ -0,0 +1,97 @@
+package configutil
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"os"
+
+	"github.com/cloudfoundry-community/go-cfenv"
+)
+
+var ErrReadEnvironment = errors.New("failed to read environment variables")
+
+type VCAPConfigurationReader interface {
+	ReadDbFromVCAP(dbName string) (string, error)
+	// ReadConfigFromVCAP(appEnv *cfenv.App, c *Config) error
+}
+
+type VCAPConfiguration struct {
+	VCAPConfigurationReader
+	appEnv *cfenv.App
+}
+
+func NewVCAPConfigurationReader() (*VCAPConfiguration, error) {
+	vcapConfiguration := &VCAPConfiguration{}
+	appEnv, err := cfenv.Current()
+	if err != nil {
+		return nil, fmt.Errorf("%w: %w", ErrReadEnvironment, err)
+	}
+
+	vcapConfiguration.appEnv = appEnv
+	return vcapConfiguration, nil
+}
+
+func (vc *VCAPConfiguration) ReadDbFromVCAP(dbName string) (string, error) {
+	var dbURL *url.URL
+	var err error
+
+	dbServices, err := vc.appEnv.Services.WithTag("relational")
+	if err != nil {
+		fmt.Printf("failed to get db service with relational tag: %s\n", err.Error())
+		return "", nil
+	}
+
+	if len(dbServices) != 1 {
+		return "", fmt.Errorf("failed to get db service with relational tag")
+	}
+
+	dbService := dbServices[0]
+
+	dbURI, ok := dbService.CredentialString("uri")
+	if !ok {
+		return "", fmt.Errorf("failed to get uri from db service")
+	}
+
+	fmt.Println(dbURI)
+	dbURL, err = url.Parse(dbURI)
+	if err != nil {
+		return "", err
+	}
+
+	parameters, err := url.ParseQuery(dbURL.RawQuery)
+	if err != nil {
+		return "", err
+	}
+
+	err = materializeConnectionParameter(dbService, &parameters, "client_cert", "sslcert")
+	if err != nil {
+		return "", err
+	}
+
+	err = materializeConnectionParameter(dbService, &parameters, "client_key", "sslkey")
+	if err != nil {
+		return "", err
+	}
+
+	err = materializeConnectionParameter(dbService, &parameters, "server_ca", "sslrootcert")
+	if err != nil {
+		return "", err
+	}
+
+	dbURL.RawQuery = parameters.Encode()
+
+	return dbURL.String(), nil
+}
+
+func materializeConnectionParameter(dbService cfenv.Service, parameters *url.Values, bindingProperty string, connectionParameter string) error {
+	if propertyValue, hasProperty := dbService.CredentialString(bindingProperty); hasProperty {
+		propertyFile := "/tmp/" + bindingProperty + "." + connectionParameter
+		err := os.WriteFile(propertyFile, []byte(propertyValue), 0600)
+		if err != nil {
+			return err
+		}
+		parameters.Set(connectionParameter, propertyFile)
+	}
+	return nil
+}
diff --git a/src/autoscaler/configutil/configutil_suite_test.go b/src/autoscaler/configutil/configutil_suite_test.go
@@ -0,0 +1,13 @@
+package configutil_test
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestConfigutil(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Configutil Suite")
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,7 +23,6 @@ function deploy_multiapps_controller() { @@
       mv multiapps-controller-web-war/*.war .
       pushd multiapps-controller-web-manifest
       cf push -f ./*.yml "${app_name}"
       popd
     }
@@ Expand Down @@