ckan-cloud-helm
ckan-cloud-helm copied to clipboard
database is not create for instance when using centralized infra
As a cco user, I've tried to deploy a CKAN instance test
with centralized infra but I don't see the databse test
created there. This leads to the authentication Error when CKAN is trying to start and connect to DB. (See analysis for more info)
Acceptance Criteria
- [ ] CKAN Instance has it's dedicated database in centralized DB
- [ ] CKAN can connect to DB
Tasks
- [ ] Find where the passwords are created for CKAN (as I see DB URLs)
- [ ] Find the part responsible for creating databases
- [ ] Why that part is not executed?
- [ ] Refactor if reasonable and make it happen
Analysis
This is all I see in database instance
psql postgresql://postgres:[email protected]
\l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
------------------+----------+----------+------------+------------+-----------------------
ckan | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =Tc/postgres +
| | | | | postgres=CTc/postgres+
| | | | | ckan=CTc/postgres
postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
template_postgis | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
Funny thing is that database credentials (User, passwords) are set but the are not actually created
cat /etc/ckan-conf/secrets/secrets.sh
export BEAKER_SESSION_SECRET=bb6624cd581d6d5192939cc1c69a020aea4168f133fff34c1b
export APP_INSTANCE_UUID=027f9157-05e4-11ea-892d-0242ac11000b
export SQLALCHEMY_URL=postgresql://first:[email protected]/first
export CKAN_DATASTORE_WRITE_URL=postgresql://first-datastore:[email protected]/first-datastore
export CKAN_DATASTORE_READ_URL=postgresql://first-datastore-readonly:[email protected]/first-datastore
export SOLR_URL=http://solr.ckan-cloud:8983/solr/first
export CKAN_REDIS_URL=redis://redis:6379/1
So as it seems everything is done in this script https://github.com/ViderumGlobal/ckan-cloud-docker/blob/master/cca-operator/cca-operator.sh. That script is executed when deployment happens https://github.com/ViderumGlobal/ckan-cloud-helm/blob/master/ckan/templates/ckan-deployment.yaml#L25-L30
Eg passwords set on line 9, 10, 11
POSTGRES_PASSWORD=`python -c "import binascii,os;print(binascii.hexlify(os.urandom(12)))"`
DATASTORE_POSTGRES_PASSWORD=`python -c "import binascii,os;print(binascii.hexlify(os.urandom(12)))"`
DATASTORE_RO_PASSWORD=`python -c "import binascii,os;print(binascii.hexlify(os.urandom(12)))"`
For some reasons we are not getting in this if statment https://github.com/ViderumGlobal/ckan-cloud-docker/blob/master/cca-operator/cca-operator.sh#L20-L38 that is responsible for creating database. Need to debug there...