Skip to content

Commit

Permalink
Merge pull request #83 from Ontotext-AD/GDB-10618-simplify-single-nod…
Browse files Browse the repository at this point in the history
…e-user-data-scripts

GDB-10618 Improved the single node setup time by removing use and checks for Private DNS zone address.
  • Loading branch information
viktor-ribchev authored Aug 5, 2024
2 parents c20bc23 + 3fbe893 commit 4cf7770
Show file tree
Hide file tree
Showing 6 changed files with 70 additions and 16 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# GraphDB Azure Terraform Module Changelog

## 1.3.0

* Improved the single node setup time by removing use and checks for Private DNS zone address.

## 1.2.1

* Fixed the `graphdb.external-url` value when deploying a single node.
Expand Down
29 changes: 29 additions & 0 deletions modules/graphdb/templates/00_functions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,35 @@ configure_graphdb_security() {
fi
}

update_graphdb_admin_password_single_node() {
local GRAPHDB_PASSWORD="$1"
local GRAPHDB_ADMIN_PASSWORD="$2"
local RETRY_DELAY="$3"
local APP_CONFIGURATION_ENDPOINT="$4"

if [[ -e "/var/opt/graphdb/password_creation_time" ]]; then
# Gets the existing settings for admin user
EXISTING_SETTINGS=$(curl --location -s -u "admin:$GRAPHDB_PASSWORD" 'http://localhost:7200/rest/security/users/admin' | jq -rc '{grantedAuthorities, appSettings}' | sed 's/^{//;s/}$//')

SET_NEW_PASSWORD=$(
curl --location -s -w "%%{http_code}" \
--request PATCH 'http://localhost:7200/rest/security/users/admin' \
--header 'Content-Type: application/json' \
--header 'Accept: text/plain' \
-u "admin:$GRAPHDB_PASSWORD" \
--data "{\"password\":\"$GRAPHDB_ADMIN_PASSWORD\",$EXISTING_SETTINGS}"
)
if [[ "$SET_NEW_PASSWORD" == 200 ]]; then
log_with_timestamp "Updated GraphDB password successfully"
GRAPHDB_PASSWORD_CREATION_TIME="$(az appconfig kv show --endpoint $${APP_CONFIGURATION_ENDPOINT} --auth-mode login --key graphdb-password | jq -r .lastModified)"
echo $(date -d "$GRAPHDB_PASSWORD_CREATION_TIME" -u +"%Y-%m-%dT%H:%M:%S") > /var/opt/graphdb/password_creation_time
else
log_with_timestamp "Failed updating GraphDB password. Please check the logs!"
exit 1
fi
fi
}

update_graphdb_admin_password() {
local GRAPHDB_PASSWORD="$1"
local GRAPHDB_ADMIN_PASSWORD="$2"
Expand Down
14 changes: 8 additions & 6 deletions modules/graphdb/templates/04_gdb_conf_overrides.sh.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ echo "#######################################"

RESOURCE_GROUP=$(curl -s -H Metadata:true "http://169.254.169.254/metadata/instance/compute/resourceGroupName?api-version=2021-01-01&format=text")
DNS_ZONE_NAME=${private_dns_zone_name}
RECORD_NAME=$(cat /var/opt/graphdb/node_dns_name)
APP_CONFIG_ENDPOINT=${app_configuration_endpoint}

log_with_timestamp "Getting secrets"
Expand All @@ -32,11 +31,6 @@ secrets=$(az appconfig kv list --endpoint "$APP_CONFIG_ENDPOINT" --auth-mode log
log_with_timestamp "Getting GraphDB license"
az appconfig kv show --endpoint "$APP_CONFIG_ENDPOINT" --auth-mode login --key ${graphdb_license_secret_name} | jq -r .value | base64 -d >/etc/graphdb/graphdb.license

log_with_timestamp "Getting the cluster token"
graphdb_cluster_token=$(az appconfig kv show --endpoint "$APP_CONFIG_ENDPOINT" --auth-mode login --key ${graphdb_cluster_token_name} | jq -r .value | base64 -d)

log_with_timestamp "Getting the full DNS record for current instance"
NODE_DNS=$(az network private-dns record-set a show --resource-group $RESOURCE_GROUP --zone-name $DNS_ZONE_NAME --name $RECORD_NAME --output tsv --query "fqdn" | rev | cut -c 2- | rev)

log_with_timestamp "Writing configuration files"

Expand All @@ -49,6 +43,14 @@ graphdb.external-url=https://${graphdb_external_address_fqdn}
graphdb.external-url.enforce.transactions=true
EOF
else
RECORD_NAME=$(cat /var/opt/graphdb/node_dns_name)

log_with_timestamp "Getting the cluster token"
graphdb_cluster_token=$(az appconfig kv show --endpoint "$APP_CONFIG_ENDPOINT" --auth-mode login --key ${graphdb_cluster_token_name} | jq -r .value | base64 -d)

log_with_timestamp "Getting the full DNS record for current instance"
NODE_DNS=$(az network private-dns record-set a show --resource-group $RESOURCE_GROUP --zone-name $DNS_ZONE_NAME --name $RECORD_NAME --output tsv --query "fqdn" | rev | cut -c 2- | rev)

cat <<EOF >/etc/graphdb/graphdb.properties
graphdb.auth.token.secret=$graphdb_cluster_token
graphdb.connector.port=7200
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ echo "###########################################"
echo "# Configuring Application Insights #"
echo "###########################################"

RECORD_NAME=$(cat /var/opt/graphdb/node_dns_name)
if [ ! -f /var/opt/graphdb/node_dns_name ]; then
RECORD_NAME=${resource_name_prefix}
else
RECORD_NAME=$(cat /var/opt/graphdb/node_dns_name)
fi

# Overrides the config file
cat <<-EOF >/opt/graphdb/applicationinsights.json
Expand Down
18 changes: 14 additions & 4 deletions modules/graphdb/templates/10_start_single_graphdb_services.sh.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,19 @@ systemctl start graphdb

log_with_timestamp "Started GraphDB services"

wait_dns_records "$DNS_ZONE_NAME" "$RESOURCE_GROUP" "${node_count}"

check_all_dns_records "$DNS_ZONE_NAME" "$RESOURCE_GROUP" "$RETRY_DELAY"
check_status() {
STATUS=$(curl -s -o /dev/null -w "%%{http_code}" "http://localhost:7200/rest/cluster/node/status")
if [[ $STATUS -eq 200 || $STATUS -eq 404 ]]; then
return 0
else
return 1
fi
}

# Wait for the status code to be 200 or 404
until check_status; do
sleep 5
done

echo "###########################################################"
echo "# Changing admin user password and enable security #"
Expand All @@ -57,7 +67,7 @@ echo "####################################"
echo "# Updating GraphDB password #"
echo "####################################"

update_graphdb_admin_password "$GRAPHDB_PASSWORD" "$GRAPHDB_ADMIN_PASSWORD" "$RETRY_DELAY" "${app_configuration_endpoint}" "$${ALL_DNS_RECORDS[@]}"
update_graphdb_admin_password_single_node "$GRAPHDB_PASSWORD" "$GRAPHDB_ADMIN_PASSWORD" "$RETRY_DELAY" "${app_configuration_endpoint}"

echo "###########################"
echo "# Script completed #"
Expand Down
15 changes: 10 additions & 5 deletions modules/graphdb/user_data.tf
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,15 @@ data "cloudinit_config" "entrypoint" {
}

# 03 DNS setup
part {
content_type = "text/x-shellscript"
content = templatefile("${path.module}/templates/03_dns_provisioning.sh.tpl", {
private_dns_zone_name : azurerm_private_dns_zone.graphdb.name
})
dynamic "part" {
for_each = var.node_count > 1 ? [1] : []

content {
content_type = "text/x-shellscript"
content = templatefile("${path.module}/templates/03_dns_provisioning.sh.tpl", {
private_dns_zone_name : azurerm_private_dns_zone.graphdb.name
})
}
}

# 04 GDB config overrides
Expand Down Expand Up @@ -106,6 +110,7 @@ data "cloudinit_config" "entrypoint" {
appi_dependency_sampling_override : var.appi_dependency_sampling_override
appi_grpc_sampling_override : var.appi_grpc_sampling_override
appi_repositories_requests_sampling : var.appi_repositories_requests_sampling
resource_name_prefix : var.resource_name_prefix
})
}

Expand Down

0 comments on commit 4cf7770

Please sign in to comment.