Change default password in helm post install hook (fixes #5) (#6)

stardog-union · Jun 2, 2020 · c854da2 · c854da2
1 parent 08ba361
commit c854da2
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 30 deletions.
diff --git a/charts/stardog/files/utils.sh b/charts/stardog/files/utils.sh
@@ -1,19 +1,20 @@
 
 function wait_for_start {
     (
-    PORT=${1}
+    HOST=${1}
+    PORT=${2}
     # Wait for stardog to be running
     RC=1
     COUNT=0
     set +e
     while [[ ${RC} -ne 0 ]];
     do
-      if [[ ${COUNT} -gt 90 ]]; then
+      if [[ ${COUNT} -gt 300 ]]; then
           return 1;
       fi
       COUNT=$(expr 1 + ${COUNT} )
       sleep 1
-      curl -v  http://localhost:${PORT}
+      curl -v  http://${HOST}:${PORT}/admin/healthcheck
       RC=$?
     done
     # Give it a second to finish starting up
@@ -26,26 +27,11 @@ function wait_for_start {
 function change_pw {
     (
     set +e
-
-    PORT=${1}
+    HOST=${1}
+    PORT=${2}
     NEW_PW=$(cat /etc/stardog-password/adminpw)
-
-    /opt/stardog/bin/stardog-admin --server http://localhost:${PORT} user list -u admin -p ${NEW_PW}
-    if [ $? -eq 0 ]; then
-        echo "Password already changed"
-        return 0
-    fi
-    /opt/stardog/bin/stardog-admin --server http://localhost:${PORT} user passwd -N ${NEW_PW}
+    /opt/stardog/bin/stardog-admin --server http://${HOST}:${PORT} user passwd -N ${NEW_PW}
     RC=$?
     return ${RC}
     )
 }
-
-function shutdown_stardog {
-(
-    PORT=${1}
-    THIS_PW=$(cat /etc/stardog-password/adminpw)
-    set -e
-    /opt/stardog/bin/stardog-admin --server http://localhost:${PORT} server stop -p ${THIS_PW}
-)
-}
diff --git a/charts/stardog/templates/post-install-job.yaml b/charts/stardog/templates/post-install-job.yaml
@@ -0,0 +1,56 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "stardog.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "stardog.chart" . }}
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ include "stardog.fullname" . }}
+      labels:
+        helm.sh/chart: {{ include "stardog.chart" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: post-install-job
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        volumeMounts:
+        - name: {{ include "stardog.fullname" . }}-password
+          mountPath: /etc/stardog-password
+          readOnly: true
+        env:
+        - name: PORT
+          value: "{{ .Values.ports.server }}"
+        - name: HOST
+          value: "{{ .Release.Name }}-stardog.{{ .Release.Namespace }}"
+        command:
+        - /bin/sh
+        - -c
+        - |
+          set -ex
+          {{ .Files.Get "files/utils.sh" | indent 10 }}
+          wait_for_start ${HOST} ${PORT}
+          change_pw ${HOST} ${PORT}
+      imagePullSecrets:
+      - name: {{ .Release.Name }}-image-pull-secret
+      volumes:
+      - name: {{ include "stardog.fullname" . }}-password
+        secret:
+          secretName: {{ include "stardog.fullname" . }}-password
+          items:
+            - key: password
+              path: adminpw
+              mode: 400
diff --git a/charts/stardog/templates/statefulset.yaml b/charts/stardog/templates/statefulset.yaml
@@ -84,12 +84,12 @@ spec:
           name: sql
         {{- end }}
         volumeMounts:
-        - name: stardog-license
-          mountPath: /etc/stardog-license
-          readOnly: true
         - name: {{ include "stardog.fullname" . }}-password
           mountPath: /etc/stardog-password
           readOnly: true
+        - name: stardog-license
+          mountPath: /etc/stardog-license
+          readOnly: true
         - name: data
           mountPath: /var/opt/stardog/
         - name: {{ include "stardog.fullname" . }}-config
@@ -114,11 +114,7 @@ spec:
           set -ex
           {{ .Files.Get "files/utils.sh" | indent 10 }}
           cp /etc/stardog-conf/log4j2.xml ${STARDOG_HOME}/log4j2.xml
-          /opt/stardog/bin/stardog-admin server start --foreground --port ${PORT} --home ${STARDOG_HOME} &
-          SD_PID=$!
-          wait_for_start ${PORT}
-          change_pw ${PORT}
-          wait ${SD_PID}
+          /opt/stardog/bin/stardog-admin server start --foreground --port ${PORT} --home ${STARDOG_HOME}
         livenessProbe:
           httpGet:
             path: /admin/alive
@@ -140,7 +136,7 @@ spec:
               - /bin/sh
               - -c
               - |
-                /opt/stardog/bin/stardog-admin server stop
+                /opt/stardog/bin/stardog-admin server stop -u admin -p $(cat /etc/stardog-password/adminpw)
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       imagePullSecrets:
       - name: {{ .Release.Name }}-image-pull-secret