Store sensitive configs in secret
Change-Id: Ie29d984ad50bce7d1fac2e3218f27575f1bbc281 Depends-On: Ie6a9833cdf73b076e24204d47e5898dfb24de43e
This commit is contained in:
parent
7b845f072c
commit
d3f58c4dd4
|
@ -5,14 +5,11 @@ configs:
|
|||
slow_query_log_enabled: false
|
||||
long_query_time: 1
|
||||
general_log_enabled: false
|
||||
root_password: "password"
|
||||
max_timeout: 60
|
||||
tls:
|
||||
enabled: true
|
||||
percona:
|
||||
cluster_name: "k8scluster"
|
||||
xtrabackup_password: "password"
|
||||
monitor_password: "password"
|
||||
gcache_size: "1G"
|
||||
sql_mode: null
|
||||
cluster_size: 3
|
||||
|
@ -21,6 +18,14 @@ configs:
|
|||
node: null
|
||||
port:
|
||||
cont: 3306
|
||||
|
||||
secret_configs:
|
||||
db:
|
||||
root_password: "password"
|
||||
percona:
|
||||
xtrabackup_password: "password"
|
||||
monitor_password: "password"
|
||||
|
||||
url:
|
||||
percona:
|
||||
debian:
|
||||
|
|
|
@ -26,6 +26,7 @@ GRASTATE_FILE = os.path.join(DATADIR, 'grastate.dat')
|
|||
SST_FLAG = os.path.join(DATADIR, "sst_in_progress")
|
||||
DHPARAM = os.path.join(DATADIR, "dhparams.pem")
|
||||
GLOBALS_PATH = '/etc/ccp/globals/globals.json'
|
||||
GLOBALS_SECRETS_PATH = '/etc/ccp/global-secrets/global-secrets.json'
|
||||
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
|
||||
|
||||
LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
|
||||
|
@ -74,12 +75,25 @@ def retry(f):
|
|||
return wrap
|
||||
|
||||
|
||||
def get_config():
|
||||
def merge_configs(variables, new_config):
|
||||
for k, v in new_config.items():
|
||||
if k not in variables:
|
||||
variables[k] = v
|
||||
continue
|
||||
if isinstance(v, dict) and isinstance(variables[k], dict):
|
||||
merge_configs(variables[k], v)
|
||||
else:
|
||||
variables[k] = v
|
||||
|
||||
|
||||
def get_config():
|
||||
LOG.info("Getting global variables from %s", GLOBALS_PATH)
|
||||
variables = {}
|
||||
with open(GLOBALS_PATH) as f:
|
||||
global_conf = json.load(f)
|
||||
with open(GLOBALS_SECRETS_PATH) as f:
|
||||
secrets = json.load(f)
|
||||
merge_configs(global_conf, secrets)
|
||||
for key in ['percona', 'db', 'etcd', 'namespace', 'cluster_domain',
|
||||
'security']:
|
||||
variables[key] = global_conf[key]
|
||||
|
|
Loading…
Reference in New Issue