Skip to content

[minor] Rds cli image update and create db changes #457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
whitfiea merged 95 commits into from
May 14, 2026
Merged

[minor] Rds cli image update and create db changes #457

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
95 commits
Select commit Hold shift + click to select a range
222f883
[patch] updated sync wave logic for mas_app_channel version >= 9.2
Apr 8, 2026
8a3ca81
sync wave changes
Apr 12, 2026
6523459
Merge branch 'main' into monitor9.2-gitops
Apr 12, 2026
2f32703
Merge remote-tracking branch 'origin/monitor9.2-gitops' into MASCORE-…
Apr 12, 2026
183dd58
added exclusion for iot and monitor
AditIBM931 Apr 13, 2026
4c261b5
Merge remote-tracking branch 'origin/main' into monitor9.2-gitops
Apr 13, 2026
082ca1a
Merge remote-tracking branch 'origin/main' into MASCORE-13033
AditIBM931 Apr 14, 2026
8150b3f
got rid of template variable and switched to regex instead
AditIBM931 Apr 14, 2026
88802ea
updated postsync job
Apr 14, 2026
f54495f
updated postsync job
Apr 14, 2026
6cd3023
updated as master
Apr 14, 2026
c5d5ac4
Fix: Change OperatorGroup to match exisiting resource
LamyaG10 Apr 22, 2026
89836c2
Fix: Change OperatorGroup to match exisiting resource-added comments
LamyaG10 Apr 22, 2026
4a53e0b
included storage class
Apr 23, 2026
6024163
added annotation to efs operator group
dpdifferent1 Apr 23, 2026
37567b4
CHanged operator group name
dpdifferent1 Apr 23, 2026
56c7fe0
Reverted Operator group name
dpdifferent1 Apr 23, 2026
171a37c
Generate name for efs operator group
dpdifferent1 Apr 23, 2026
e96e6ac
Changed OperatorGroup name
dpdifferent1 Apr 23, 2026
6814b81
Removed Comments
LamyaG10 Apr 24, 2026
d5ce046
Merge remote-tracking branch 'origin/main' into MASCORE-13033
AditIBM931 Apr 24, 2026
3d49bfd
MASCORE-13413: Link branch to Jira issue
LamyaG10 Apr 27, 2026
2929fae
Merge branch 'MASCORE-13033' into MASCORE-13414
AditIBM931 Apr 28, 2026
f343f9b
Add ApplyOutOfSyncOnly=true syncPolicy to all ApplicationSets
LamyaG10 Apr 28, 2026
2a99421
Merge remote-tracking branch 'origin/main' into MASCORE-13414
AditIBM931 Apr 29, 2026
84e720b
Merge branch 'main' into MASCORE-10562
Hardik-Prajapati-10 May 5, 2026
730eef6
Merge branch 'main' into MASCORE-10562
Hardik-Prajapati-10 May 6, 2026
741e5ab
Merge branch 'main' into monitor9.2-gitops
May 7, 2026
6df4067
Test database creation
amitpandey0217 May 7, 2026
a457372
Test database creation
amitpandey0217 May 7, 2026
37f52da
Test database creation
amitpandey0217 May 7, 2026
bbb551f
Test database creation
amitpandey0217 May 7, 2026
de226a4
Test database creation
amitpandey0217 May 7, 2026
3d54b5e
Test database creation
amitpandey0217 May 7, 2026
69d8034
Test database creation
amitpandey0217 May 7, 2026
e005410
Test database creation
amitpandey0217 May 7, 2026
6b3798b
Merge pull request #451 from ibm-mas/MASCORE-10562
Hardik-Prajapati-10 May 7, 2026
efae4b8
Test database creation
amitpandey0217 May 7, 2026
9f17479
Test database creation
amitpandey0217 May 7, 2026
42db0b4
Test database creation
amitpandey0217 May 7, 2026
e994736
Merge pull request #452 from ibm-mas/MASCORE-13414
AditIBM931 May 7, 2026
6d11370
Test database creation
amitpandey0217 May 7, 2026
e056eb8
Test database creation
amitpandey0217 May 8, 2026
85b687c
Test database creation
amitpandey0217 May 8, 2026
b7cf228
Test database creation
amitpandey0217 May 8, 2026
46d6a40
Test database creation
amitpandey0217 May 8, 2026
3b69724
Test database creation
amitpandey0217 May 8, 2026
6c80958
libxcrypt1 download code added
nikitakumble May 8, 2026
a85b18e
Test database creation
amitpandey0217 May 8, 2026
05fc858
Test database creation
amitpandey0217 May 8, 2026
16703fb
Test database creation
amitpandey0217 May 8, 2026
51236d4
Test database creation
amitpandey0217 May 8, 2026
02055d5
Test database creation
amitpandey0217 May 8, 2026
7980a39
Test database creation
amitpandey0217 May 8, 2026
62a3ec8
Test database creation
amitpandey0217 May 8, 2026
0feae16
Test database creation
amitpandey0217 May 8, 2026
26ce5b8
Test database creation
amitpandey0217 May 8, 2026
18cc257
Test database creation
amitpandey0217 May 8, 2026
37bf902
Test database creation
amitpandey0217 May 8, 2026
faa4cb6
Test database creation
amitpandey0217 May 8, 2026
121d0ce
Test database creation
amitpandey0217 May 8, 2026
4e2d825
Test database creation
amitpandey0217 May 8, 2026
26701f2
Test database creation
amitpandey0217 May 8, 2026
6b3291f
Test database creation
amitpandey0217 May 8, 2026
c8d29f5
Test database creation
amitpandey0217 May 8, 2026
d19b273
Test database creation
amitpandey0217 May 9, 2026
7116120
Test database creation
amitpandey0217 May 11, 2026
9368c96
Test database creation
amitpandey0217 May 11, 2026
ae0f0fc
Test database creation
amitpandey0217 May 11, 2026
85aee6d
Test database creation
amitpandey0217 May 11, 2026
899673d
Test database creation
amitpandey0217 May 11, 2026
baef179
Test database creation
amitpandey0217 May 11, 2026
c0fcde6
Test database creation
amitpandey0217 May 11, 2026
2d34a96
Test database creation
amitpandey0217 May 11, 2026
13a1b83
Test database creation
amitpandey0217 May 11, 2026
fac576f
Test database creation
amitpandey0217 May 11, 2026
ac18e08
prune filter added
nikitakumble May 11, 2026
c4d1637
Test database creation
amitpandey0217 May 11, 2026
6ec9813
Test database creation
amitpandey0217 May 11, 2026
2fc494e
Test database creation
amitpandey0217 May 11, 2026
30bf30b
Test database creation
amitpandey0217 May 11, 2026
76f00c5
Update CLI image digest for RDS-specific Jobs only
amitpandey0217 May 11, 2026
4cbc23e
Remove redundant runtime installation code from RDS Jobs
amitpandey0217 May 11, 2026
984863d
Merge branch 'main' into rds-cli-image-update
amitpandey0217 May 12, 2026
c94df3f
Test database creation
amitpandey0217 May 12, 2026
f557a57
Test database creation
amitpandey0217 May 12, 2026
7321758
Test database creation
amitpandey0217 May 12, 2026
14f36fc
Test database creation
amitpandey0217 May 12, 2026
dc5ee22
Test database creation
amitpandey0217 May 12, 2026
d7c7404
Test database creation
amitpandey0217 May 12, 2026
97fdd60
Test database creation
amitpandey0217 May 12, 2026
5c0dc8a
Test database creation
amitpandey0217 May 12, 2026
f5d63a1
Merge branch 'main' into rds-cli-image-update
whitfiea May 14, 2026
899d464
Test database creation
amitpandey0217 May 14, 2026
07275b7
Test database creation
amitpandey0217 May 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
270 changes: 270 additions & 0 deletions instance-applications/120-ibm-dbs-rds-database/templates/00-presync-create-database.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,270 @@
{{- if .Values.application_admin_role }}
{{- $_job_name_prefix := "dbs-rds-presync-create-db" }}
{{- $_cli_image_digest := "sha256:100bcfef43b0ab0e266c1a316637e23640d2c57509d643bcf4d7f256c0b6ba4a" }}
{{- $_job_config_values := omit .Values "junitreporter" }}
{{- $_job_version := "v1" }}
{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }}
{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash ) }}
{{- $_job_cleanup_group := cat $_job_name_prefix .Values.db2_rds_instance_name | sha1sum }}

---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ .Values.db2_rds_instance_name }}-create-db-secret
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded,HookFailed,BeforeHookCreation
{{- if .Values.custom_labels }}
labels:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}
data:
username: {{ .Values.user | b64enc }}
password: {{ .Values.password | b64enc }}

---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ .Values.db2_rds_instance_name }}-aws-creds
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded,HookFailed,BeforeHookCreation
{{- if .Values.custom_labels }}
labels:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}
data:
aws_access_key_id: {{ .Values.sm_aws_access_key_id | b64enc }}
aws_secret_access_key: {{ .Values.sm_aws_secret_access_key | b64enc }}

---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $_job_name }}
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation
labels:
mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }}
{{- if .Values.custom_labels }}
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}
spec:
backoffLimit: 4
template:
{{- if .Values.custom_labels }}
metadata:
labels:
{{ .Values.custom_labels | toYaml | indent 8 }}
{{- end }}
spec:
restartPolicy: Never
containers:
- name: create-database
image: quay.io/ibmmas/cli@{{ $_cli_image_digest }}
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 10m
memory: 64Mi
command: ["/bin/sh", "-c"]
args:
- |
set -eo pipefail

source /mascli/functions/gitops_utils

echo "==== DB2 RDS Idempotent Provisioning ===="
echo ""
echo "📋 Input Parameters:"
echo " AWS Account: ${ACCOUNT_ID}"
echo " Cluster ID: ${CLUSTER_ID}"
echo " Instance ID: ${INSTANCE_ID}"
echo " MAS App ID: ${MAS_APP_ID}"
echo " DB Name (env): ${DB_NAME}"
echo " DB Host: ${DB_HOST}"
echo " DB Port: ${DB_PORT}"
echo " RDS Admin DB: ${RDS_ADMIN_DB}"
echo ""

# -----------------------------
# Determine DB_NAME (if not provided, generate it)
# -----------------------------
if [ -z "${DB_NAME:-}" ]; then
echo "ℹ️ No DB_NAME provided, generating deterministic DB name"

# Normalize INSTANCE_ID:
# - uppercase
# - remove non-alphanumeric
INST_CLEAN=$(echo "${INSTANCE_ID:-}" \
| tr '[:lower:]' '[:upper:]' \
| tr -cd 'A-Z0-9')

# Normalize MAS_APP_ID:
# - remove vowels
# - uppercase
# - remove non-alphanumeric
APP_CLEAN=$(echo "${MAS_APP_ID:-}" \
| tr -d 'aeiouAEIOU' \
| tr '[:lower:]' '[:upper:]' \
| tr -cd 'A-Z0-9')

# Safety: if app name becomes empty after vowel removal, use default
if [ -z "${APP_CLEAN}" ]; then
APP_CLEAN="APP"
fi

# Build fixed-width parts
INST_PART=$(printf "%-5s" "${INST_CLEAN}" | tr ' ' 'X' | cut -c1-5)
APP_PART=$(printf "%-3s" "${APP_CLEAN}" | tr ' ' 'X' | cut -c1-3)

DB_NAME="${INST_PART}${APP_PART}"

# Ensure DB name starts with a letter (DB2-safe)
case "${DB_NAME}" in
[A-Z]*)
;;
*)
DB_NAME="D${DB_NAME:1}"
;;
esac
else
echo "ℹ️ Using provided DB_NAME: ${DB_NAME}"
fi

export DB_NAME

# -----------------------------
# Verify pre-installed dependencies
# -----------------------------
echo "Verifying ibm_db package..."
python3 -c "import ibm_db; print('✅ ibm_db version:', ibm_db.__version__)"

mkdir -p /etc/mas/rds-ssl
curl -sSL https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem \
-o /etc/mas/rds-ssl/global-bundle.pem

export SSL_CERT_PATH=/etc/mas/rds-ssl/global-bundle.pem

# -----------------------------
# Database Existence Check & Creation
# -----------------------------
echo "Checking if database '${DB_NAME}' exists..."

echo "Running database creation script..."
python3 -u /etc/mas/scripts/db2_create_database.py 2>&1 | tee /tmp/db_output.log
RC=${PIPESTATUS[0]}

echo "Script execution completed with rc=${RC}"

case "${RC}" in
10)
DB_WAS_CREATED=true
echo "✅ Database '${DB_NAME}' was created"
;;
0)
DB_WAS_CREATED=false
echo "ℹ️ Database '${DB_NAME}' already exists"
;;
*)
echo "❌ Database operation failed with exit code ${RC}"
cat /tmp/db_output.log
exit 1
;;
esac

# -----------------------------
# Update Secrets Manager (using sm_* functions like create user Job)
# -----------------------------
echo "Checking if Secrets Manager needs updating..."

export SM_AWS_ACCESS_KEY_ID=$(cat /etc/mas/creds/aws/aws_access_key_id)
export SM_AWS_SECRET_ACCESS_KEY=$(cat /etc/mas/creds/aws/aws_secret_access_key)
export SM_AWS_REGION=${SM_AWS_SECRET_REGION}

sm_login

SECRET_PATH="${ACCOUNT_ID}/${CLUSTER_ID}/${INSTANCE_ID}/jdbc/{{ .Values.db2_rds_instance_name }}/config"

EXISTING_SECRET=$(sm_get_secret_value "${SECRET_PATH}" 2>/dev/null || echo "{}")

# Validate JSON
if ! echo "${EXISTING_SECRET}" | jq empty >/dev/null 2>&1; then
echo "⚠️ Invalid JSON from Secrets Manager, using empty object"
EXISTING_SECRET="{}"
fi

# Check if db2_name is already set correctly
EXISTING_DB_NAME=$(echo "${EXISTING_SECRET}" | jq -r '.db2_name // empty')

if [ "$DB_WAS_CREATED" = "true" ] || [ -z "${EXISTING_DB_NAME}" ] || [ "${EXISTING_DB_NAME}" != "${DB_NAME}" ]; then
echo "Updating Secrets Manager..."
echo " Reason: DB_WAS_CREATED=${DB_WAS_CREATED}, EXISTING_DB_NAME='${EXISTING_DB_NAME}', DB_NAME='${DB_NAME}'"

NEW_SECRET=$(echo "${EXISTING_SECRET}" | jq --arg db "${DB_NAME}" '. + {db2_name: $db}')

if [ -n "${JDBC_CONNECTION_URL:-}" ]; then
NEW_URL=$(printf '%s\n' "${JDBC_CONNECTION_URL:-}" | sed -E "s|(jdbc:db2://[^/]+/)([^:]*)(:.*)?$|\\1${DB_NAME}\\3|")
NEW_SECRET=$(echo "${NEW_SECRET}" | jq --arg url "${NEW_URL}" '. + {jdbc_connection_url: $url}')
fi

# Tags for Secrets Manager
TAGS="[{\"Key\": \"source\", \"Value\": \"presync-create-database\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}, {\"Key\": \"instance\", \"Value\": \"${INSTANCE_ID}\"}, {\"Key\": \"app\", \"Value\": \"${MAS_APP_ID}\"}, {\"Key\": \"db_name\", \"Value\": \"${DB_NAME}\"}]"

sm_update_secret "${SECRET_PATH}" "${NEW_SECRET}" "${TAGS}"
echo "✓ Secrets Manager updated with db2_name: ${DB_NAME}"
else
echo "ℹ️ Secrets Manager already has correct db2_name: ${EXISTING_DB_NAME}"
fi

echo "==== COMPLETED ===="
env:
- name: DB_NAME
value: {{ .Values.dbname | default "" | quote }}
- name: DB_HOST
value: {{ .Values.host | quote }}
- name: DB_PORT
value: {{ .Values.port | default "50000" | quote }}
- name: RDS_ADMIN_DB
value: {{ .Values.rds_admin_db_name | default "rdsadmin" | quote }}
- name: JDBC_CONNECTION_URL
value: {{ .Values.jdbc_connection_url | default "" | quote }}
- name: ACCOUNT_ID
value: {{ .Values.account_id | quote }}
- name: CLUSTER_ID
value: {{ .Values.cluster_id | quote }}
- name: INSTANCE_ID
value: {{ .Values.instance_id | quote }}
- name: MAS_APP_ID
value: {{ .Values.mas_application_id | default "" | quote }}
- name: SM_AWS_SECRET_REGION
value: {{ .Values.sm_aws_secret_region | default "us-east-1" | quote }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.sm_aws_secret_region | default "us-east-1" | quote }}
volumeMounts:
- name: dbs-rds-create-db-secret
mountPath: /etc/mas/dbs-rds-creds/
- name: aws
mountPath: /etc/mas/creds/aws
- name: create-db-script
mountPath: /etc/mas/scripts/
volumes:
- name: dbs-rds-create-db-secret
secret:
secretName: {{ .Values.db2_rds_instance_name }}-create-db-secret
- name: aws
secret:
secretName: {{ .Values.db2_rds_instance_name }}-aws-creds
- name: create-db-script
configMap:
name: {{ .Values.db2_rds_instance_name }}-create-db-script
defaultMode: 0755

{{- end }}
Loading
Loading