blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-17 02:13:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

AZURE-211 SQL Server support for Azure Quick Start

Browse Source
This commit is contained in:
dbacon
2020-05-20 14:14:05 +01:00
parent e78af09b8b
commit 3e3d83d162
16 changed files with 244 additions and 815 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
roles/database_init/tasks/main.yml
View File

@@ -1,76 +1,4 @@
- name: Create application DB user
postgresql_user:
db: "{{ atl_db_root_db_name }}"
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
login_db: "{{ atl_db_root_db_name }}"
port: "{{ atl_db_port }}"
name: "{{ atl_jdbc_user }}"
password: "{{ atl_jdbc_password }}"
expires: 'infinity'
ssl_mode: 'require'
---
- name: Collect dbcluster db_names
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_db_root_db_name }}"
query: "SELECT datname FROM pg_database;"
register: dbcluster_db_names
- block:
- name: Update root privs for new user
postgresql_privs:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
database: postgres
roles: "{{ atl_db_root_user }}"
objs: "{{ atl_jdbc_user }}"
type: group
# RDS does not allow changing the collation on an existing DB, it only allows collation change on creation of db. If the db already exists, we need the “create new application database” task to be skipped, idempotence can not be relied upon as we cant be certain the collation of the existing db
- name: Create new application database
postgresql_db:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
port: "{{ atl_db_port }}"
name: "{{ atl_jdbc_db_name }}"
owner: "{{ atl_jdbc_user }}"
encoding: "{{ atl_jdbc_encoding }}"
lc_collate: "{{ atl_jdbc_collation }}"
lc_ctype: "{{ atl_jdbc_ctype }}"
template: "{{ atl_jdbc_template }}"
register: db_created
when: "atl_jdbc_db_name not in (dbcluster_db_names.query_result | map(attribute='datname') )"
tags:
- new_only
- name: Assert ownership of public schema
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_jdbc_db_name }}"
query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
- name: Grant privs to root user on public schema
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_jdbc_db_name }}"
query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};"
- name: Grant privs to application user on public schema
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_jdbc_db_name }}"
query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"
- name: Perform Database Setup
include_tasks: "{{ atl_dbms }}_init.yml"

76
roles/database_init/tasks/postgres_init.yml Normal file
View File

@@ -0,0 +1,76 @@
- name: Create application DB user
postgresql_user:
db: "{{ atl_db_root_db_name }}"
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
login_db: "{{ atl_db_root_db_name }}"
port: "{{ atl_db_port }}"
name: "{{ atl_jdbc_user }}"
password: "{{ atl_jdbc_password }}"
expires: 'infinity'
ssl_mode: 'require'
- name: Collect dbcluster db_names
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_db_root_db_name }}"
query: "SELECT datname FROM pg_database;"
register: dbcluster_db_names
- block:
- name: Update root privs for new user
postgresql_privs:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
database: postgres
roles: "{{ atl_db_root_user }}"
objs: "{{ atl_jdbc_user }}"
type: group
# RDS does not allow changing the collation on an existing DB, it only allows collation change on creation of db. If the db already exists, we need the “create new application database” task to be skipped, idempotence can not be relied upon as we cant be certain the collation of the existing db
- name: Create new application database
postgresql_db:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
port: "{{ atl_db_port }}"
name: "{{ atl_jdbc_db_name }}"
owner: "{{ atl_jdbc_user }}"
encoding: "{{ atl_jdbc_encoding }}"
lc_collate: "{{ atl_jdbc_collation }}"
lc_ctype: "{{ atl_jdbc_ctype }}"
template: "{{ atl_jdbc_template }}"
register: db_created
when: "atl_jdbc_db_name not in (dbcluster_db_names.query_result | map(attribute='datname') )"
tags:
- new_only
- name: Assert ownership of public schema
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_jdbc_db_name }}"
query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
- name: Grant privs to root user on public schema
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_jdbc_db_name }}"
query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};"
- name: Grant privs to application user on public schema
postgresql_query:
login_host: "{{ atl_db_host }}"
login_user: "{{ atl_db_root_user_login }}"
login_password: "{{ atl_db_root_password }}"
db: "{{ atl_jdbc_db_name }}"
query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"

52
roles/database_init/tasks/sql_server_init.yml Normal file
View File

@@ -0,0 +1,52 @@
- name: Add an Apt signing key for MS Packages
apt_key:
url: https://packages.microsoft.com/keys/microsoft.asc
state: present
- name: Add MS repository into sources list.
apt_repository:
repo: deb [arch=amd64] https://packages.microsoft.com/ubuntu/16.04/prod xenial main
state: present
- name: Install SQL Server utils
apt:
name: mssql-tools
update_cache: yes
environment:
ACCEPT_EULA: Y
- name: Create sqlcmd symbolic link
file:
src: /opt/mssql-tools/bin/sqlcmd
dest: /usr/bin/sqlcmd
state: link
- name: Create SQL Server DB login
shell: "sqlcmd -S {{ atl_db_host }} -U {{ atl_db_root_user }} -P {{ atl_db_root_password }} -Q \"CREATE LOGIN {{ atl_jdbc_user }} WITH PASSWORD = '{{ atl_jdbc_password }}'\""
- name: Create SQL Server DB user
shell: "sqlcmd -S {{ atl_db_host }} -U {{ atl_db_root_user }} -P {{ atl_db_root_password }} -Q \"CREATE USER {{ atl_jdbc_user }} FOR LOGIN {{ atl_jdbc_user }}\""
- name: Create new SQL Server application database
shell: "sqlcmd -S {{ atl_db_host }} -U {{ atl_db_root_user }} -P {{ atl_db_root_password }} -Q \"IF NOT EXISTS (SELECT name FROM master.sys.databases WHERE name = N'{{ atl_jdbc_db_name }}') CREATE DATABASE {{ atl_jdbc_db_name }} COLLATE {{ atl_db_sql_collation }}\""
- name: Create SQL Server DB user on application database
shell: "sqlcmd -S {{ atl_db_host }} -U {{ atl_db_root_user }} -P {{ atl_db_root_password }} -d {{ atl_jdbc_db_name }} -Q \"CREATE USER {{ atl_jdbc_user }} FOR LOGIN {{ atl_jdbc_user }}\""
- name: Update db_owner role for new user on application database
shell: "sqlcmd -S {{ atl_db_host }} -U {{ atl_db_root_user }} -P {{ atl_db_root_password }} -d {{ atl_jdbc_db_name }} -Q \"ALTER ROLE db_owner ADD MEMBER {{ atl_jdbc_user }}\""
- name: Update isolation level on application database
shell: "sqlcmd -S {{ atl_db_host }} -U {{ atl_db_root_user }} -P {{ atl_db_root_password }} -Q \"ALTER DATABASE {{ atl_jdbc_db_name }} SET READ_COMMITTED_SNAPSHOT ON WITH ROLLBACK IMMEDIATE\""
- name: Tune TCP Keep Alive
sysctl:
name: '{{ item.key }}'
value: '{{ item.value }}'
reload: yes
ignoreerrors: yes
sysctl_file: /etc/sysctl.conf
sysctl_set: yes
with_dict: '{{ sysctl_config }}'
tags:
- runtime_pkg