public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Various fixes 

Sync pool user correctly, without overriding it.
Fix numberOfInstances comparison in defaults.
Fix maxDBConnections usage.
This commit is contained in:
Dmitrii Dolgov 2020-03-06 13:32:04 +01:00
parent ab118dd78b
commit 80fee17ea4
3 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/cluster/cluster.go
View File

@ -860,7 +860,6 @@ func (c *Cluster) initSystemUsers() {
// Connection pool user is an exception, if requested it's going to be // Connection pool user is an exception, if requested it's going to be
// created by operator as a normal pgUser // created by operator as a normal pgUser
if c.needConnectionPool() { if c.needConnectionPool() {
// initialize empty connection pool if not done yet // initialize empty connection pool if not done yet
if c.Spec.ConnectionPool == nil { if c.Spec.ConnectionPool == nil {
c.Spec.ConnectionPool = &acidv1.ConnectionPool{} c.Spec.ConnectionPool = &acidv1.ConnectionPool{}
@ -870,11 +869,21 @@ func (c *Cluster) initSystemUsers() {
c.Spec.ConnectionPool.User, c.Spec.ConnectionPool.User,
c.OpConfig.ConnectionPool.User) c.OpConfig.ConnectionPool.User)
c.systemUsers[constants.ConnectionPoolUserKeyName] = spec.PgUser{ // connection pooler application should be able to login with this role
connPoolUser := spec.PgUser{
Origin: spec.RoleConnectionPool, Origin: spec.RoleConnectionPool,
Name: username, Name: username,
Flags: []string{constants.RoleFlagLogin},
Password: util.RandomPassword(constants.PasswordLength), Password: util.RandomPassword(constants.PasswordLength),
} }
if _, exists := c.pgUsers[username]; !exists {
c.pgUsers[username] = connPoolUser
}
if _, exists := c.systemUsers[constants.ConnectionPoolUserKeyName]; !exists {
c.systemUsers[constants.ConnectionPoolUserKeyName] = connPoolUser
}
} }
} }
@ -1256,12 +1265,16 @@ func (c *Cluster) needSyncConnPoolDefaults(
podTemplate := deployment.Spec.Template podTemplate := deployment.Spec.Template
poolContainer := podTemplate.Spec.Containers[constants.ConnPoolContainer] poolContainer := podTemplate.Spec.Containers[constants.ConnPoolContainer]
if spec == nil {
spec = &acidv1.ConnectionPool{}
}
if spec.NumberOfInstances == nil && if spec.NumberOfInstances == nil &&
deployment.Spec.Replicas != config.NumberOfInstances { *deployment.Spec.Replicas != *config.NumberOfInstances {
sync = true sync = true
msg := fmt.Sprintf("NumberOfInstances is different (%d vs %d)", msg := fmt.Sprintf("NumberOfInstances is different (%d vs %d)",
deployment.Spec.Replicas, config.NumberOfInstances) *deployment.Spec.Replicas, *config.NumberOfInstances)
reasons = append(reasons, msg) reasons = append(reasons, msg)
} }

2
pkg/cluster/k8sres.go
View File

@ -1803,7 +1803,7 @@ func (c *Cluster) getConnPoolEnvVars(spec *acidv1.PostgresSpec) []v1.EnvVar {
}, },
{ {
Name: "CONNECTION_POOL_MAX_DB_CONN", Name: "CONNECTION_POOL_MAX_DB_CONN",
Value: fmt.Sprint(effectiveMaxDBConn), Value: fmt.Sprint(maxDBConn),
}, },
} }
} }

23
pkg/cluster/sync.go
View File

@ -413,12 +413,18 @@ func (c *Cluster) syncSecrets() error {
} else if secretUsername == c.systemUsers[constants.ReplicationUserKeyName].Name { } else if secretUsername == c.systemUsers[constants.ReplicationUserKeyName].Name {
secretUsername = constants.ReplicationUserKeyName secretUsername = constants.ReplicationUserKeyName
userMap = c.systemUsers userMap = c.systemUsers
} else if secretUsername == c.systemUsers[constants.ConnectionPoolUserKeyName].Name {
secretUsername = constants.ConnectionPoolUserKeyName
userMap = c.systemUsers
} else { } else {
userMap = c.pgUsers userMap = c.pgUsers
} }
pwdUser := userMap[secretUsername] pwdUser := userMap[secretUsername]
// if this secret belongs to the infrastructure role and the password has changed - replace it in the secret // if this secret belongs to the infrastructure role and the password has changed - replace it in the secret
if pwdUser.Password != string(secret.Data["password"]) && pwdUser.Origin == spec.RoleOriginInfrastructure { if pwdUser.Password != string(secret.Data["password"]) &&
(pwdUser.Origin == spec.RoleOriginInfrastructure ||
pwdUser.Origin == spec.RoleConnectionPool) {
c.logger.Debugf("updating the secret %q from the infrastructure roles", secretSpec.Name) c.logger.Debugf("updating the secret %q from the infrastructure roles", secretSpec.Name)
if _, err = c.KubeClient.Secrets(secretSpec.Namespace).Update(secretSpec); err != nil { if _, err = c.KubeClient.Secrets(secretSpec.Namespace).Update(secretSpec); err != nil {
return fmt.Errorf("could not update infrastructure role secret for role %q: %v", secretUsername, err) return fmt.Errorf("could not update infrastructure role secret for role %q: %v", secretUsername, err)
@ -466,6 +472,7 @@ func (c *Cluster) syncRoles() (err error) {
if c.needConnectionPool() { if c.needConnectionPool() {
connPoolUser := c.systemUsers[constants.ConnectionPoolUserKeyName] connPoolUser := c.systemUsers[constants.ConnectionPoolUserKeyName]
userNames = append(userNames, connPoolUser.Name) userNames = append(userNames, connPoolUser.Name)
c.pgUsers[connPoolUser.Name] = connPoolUser
} }
dbUsers, err = c.readPgUsersFromDatabase(userNames) dbUsers, err = c.readPgUsersFromDatabase(userNames)
@ -473,20 +480,6 @@ func (c *Cluster) syncRoles() (err error) {
return fmt.Errorf("error getting users from the database: %v", err) return fmt.Errorf("error getting users from the database: %v", err)
} }
if c.needConnectionPool() {
connPoolUser := c.systemUsers[constants.ConnectionPoolUserKeyName]
// An exception from system users, connection pool user should be
// created by operator, but never updated. If connection pool user
// already exist, do not update it.
if _, exist := dbUsers[connPoolUser.Name]; exist {
delete(dbUsers, connPoolUser.Name)
delete(c.pgUsers, connPoolUser.Name)
} else {
c.pgUsers[connPoolUser.Name] = connPoolUser
}
}
pgSyncRequests := c.userSyncStrategy.ProduceSyncRequests(dbUsers, c.pgUsers) pgSyncRequests := c.userSyncStrategy.ProduceSyncRequests(dbUsers, c.pgUsers)
if err = c.userSyncStrategy.ExecuteSyncRequests(pgSyncRequests, c.pgDb); err != nil { if err = c.userSyncStrategy.ExecuteSyncRequests(pgSyncRequests, c.pgDb); err != nil {
return fmt.Errorf("error executing sync statements: %v", err) return fmt.Errorf("error executing sync statements: %v", err)