reload_from_s3.rb
3.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#
# Author:: Earth U (<sysadmin @ chromedia.com>)
# Cookbook Name:: cfe-mariadb
# Recipe:: reload_from_s3
#
# Copyright 2016, Chromedia Far East, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Download the gzip of a MySQL dump from an S3 bucket,
# then load it up into a (preferably empty) database.
package 'gzip'
include_recipe 'openssl::upgrade'
include_recipe 'awscli'
manual_creds = node['cfe-mariadb'].has_key?('reload') &&
node['cfe-mariadb']['reload'].has_key?('aws_access_key_id')
tmp_dir = ::File.join(Chef::Config[:file_cache_path], 'db_dumps')
priv_key_file = "#{tmp_dir}/priv.key"
if node['cfe-mariadb']['reload']['force'] ||
!::File.exist?(node['cfe-mariadb']['reload']['file_stamp'])
directory(tmp_dir) { recursive true }
file priv_key_file do
mode 0600
content node['cfe-mariadb']['encrypt']['priv_key'] || ''
sensitive true
end
node['cfe-mariadb']['db_map'].each do |dbx|
if dbx.is_a?(Array)
dbx_name = dbx[0]
dbx = dbx[1]
else
dbx_name = dbx[:db_name]
end
unless dbx.has_key?(:reload) && dbx[:reload] == false
bfname = dbx[:bak_filename] || "#{dbx_name}.sql"
keyname = "#{bfname}.gz#{dbx[:bak_encrypted] ? '.enc' : ''}"
filepath = "#{tmp_dir}/#{bfname}"
awscli_s3_file "#{tmp_dir}/#{keyname}" do
region node['cfe-mariadb']['s3_region']
bucket node['cfe-mariadb']['s3_bucket']
key keyname
if manual_creds
aws_access_key_id node['cfe-mariadb']['reload']['aws_access_key_id']
aws_secret_access_key node['cfe-mariadb']['reload']['aws_secret_access_key']
end
end
execute "decrypt_#{filepath}.gz.enc" do
command "openssl smime -decrypt -binary -inkey #{priv_key_file} "\
"-in #{filepath}.gz.enc -out #{filepath}.gz -inform DEM"
only_if { ::File.exist?("#{filepath}.gz.enc") }
notifies :delete, "file[#{filepath}.gz.enc]"
end
execute "gzip -d #{filepath}.gz"
execute "reload_#{filepath}" do
command "mysql -h #{node['mariadb']['mysqld']['bind_address']} "\
"-P #{node['mariadb']['mysqld']['port']} "\
"-u #{dbx[:db_user]} -p'#{dbx[:db_pass]}' "\
"-D #{dbx_name} < #{filepath}"
notifies :delete, "file[#{filepath}]"
sensitive true
end
file("#{filepath}.gz.enc") { action :nothing }
file(filepath) { action :nothing }
stamp = node['cfe-mariadb']['reload']['file_stamp']
file stamp do
content %x{ date +"%FT%T" }
only_if "test -d #{::File.dirname(stamp)} || "\
"mkdir -p #{::File.dirname(stamp)}"
end
end
end
file(priv_key_file) { action :delete }
end