Store sensitive configs in secret

Change-Id: Ie29d984ad50bce7d1fac2e3218f27575f1bbc281
Depends-On: Ie6a9833cdf73b076e24204d47e5898dfb24de43e
This commit is contained in:
Andrey Pavlov 2017-03-06 08:27:42 +00:00
parent 7b845f072c
commit d3f58c4dd4
2 changed files with 23 additions and 4 deletions

View File

@ -5,14 +5,11 @@ configs:
slow_query_log_enabled: false
long_query_time: 1
general_log_enabled: false
root_password: "password"
max_timeout: 60
tls:
enabled: true
percona:
cluster_name: "k8scluster"
xtrabackup_password: "password"
monitor_password: "password"
gcache_size: "1G"
sql_mode: null
cluster_size: 3
@ -21,6 +18,14 @@ configs:
node: null
port:
cont: 3306
secret_configs:
db:
root_password: "password"
percona:
xtrabackup_password: "password"
monitor_password: "password"
url:
percona:
debian:

View File

@ -26,6 +26,7 @@ GRASTATE_FILE = os.path.join(DATADIR, 'grastate.dat')
SST_FLAG = os.path.join(DATADIR, "sst_in_progress")
DHPARAM = os.path.join(DATADIR, "dhparams.pem")
GLOBALS_PATH = '/etc/ccp/globals/globals.json'
GLOBALS_SECRETS_PATH = '/etc/ccp/global-secrets/global-secrets.json'
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
@ -74,12 +75,25 @@ def retry(f):
return wrap
def get_config():
def merge_configs(variables, new_config):
for k, v in new_config.items():
if k not in variables:
variables[k] = v
continue
if isinstance(v, dict) and isinstance(variables[k], dict):
merge_configs(variables[k], v)
else:
variables[k] = v
def get_config():
LOG.info("Getting global variables from %s", GLOBALS_PATH)
variables = {}
with open(GLOBALS_PATH) as f:
global_conf = json.load(f)
with open(GLOBALS_SECRETS_PATH) as f:
secrets = json.load(f)
merge_configs(global_conf, secrets)
for key in ['percona', 'db', 'etcd', 'namespace', 'cluster_domain',
'security']:
variables[key] = global_conf[key]