-
Notifications
You must be signed in to change notification settings - Fork 0
/
devops
executable file
·127 lines (108 loc) · 3.7 KB
/
devops
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/bin/bash
set -e
#set -x
function usage() {
echo "mongo connect <cluster> [opts...]"
echo "mongo browse <cluster>"
echo "mongo createUser <cluster> <db> <user>"
echo "mongo dropUser <cluster>"
echo "mongo restore <cluster> <db> [opts...]"
echo "mongo dsn <cluster> <db> <user>"
echo "mongo bootstrap <cluster>"
exit 1
}
function mongoOpts() {
cluster="$1"
json=$( vault read -format=json "secret/mongo/$cluster" )
replicaset=$( echo "$json" | jq -r '.data.replicaset' )
seeds=$( echo "$json" | jq -r '.data.seeds' )
ssl=$( echo "$json" | jq -r 'if .data.ssl then "&ssl=true" else "" end' )
json=$( vault read -format=json "secret/mongo/$cluster/admin/devops" )
user=$( echo "$json" | jq -r '.data.user' )
pass=$( echo "$json" | jq -r '.data.pass' )
echo "mongodb://${user}:${pass}@${seeds}/admin?replicaSet=${replicaset}${ssl}"
}
function mkpass() {
cat /dev/urandom |dd bs=1 count=64 2>/dev/null | base64 |tr + - |tr / _ | head -c30
}
function mongoDsn() {
cluster=$1
db=$2
user=$3
json=$( vault read -format=json secret/mongo/$cluster )
replicaset=$( echo $json | jq -r '.data.replicaset' )
seeds=$( echo $json | jq -r '.data.seeds' )
ssl=$( echo $json | jq -r 'if .data.ssl then "&ssl=true" else "" end' )
json=$( vault read -format=json secret/mongo/$cluster/$db/$user )
user=$( echo $json | jq -r '.data.user' )
pass=$( echo $json | jq -r '.data.pass' )
echo "mongodb://$user:$pass@$seeds/$db?replicaSet=${replicaset}${ssl}"
}
subcommand="$1"
shift || usage
case $subcommand in
mongo)
subsubcommand="$1"
shift || usage
case $subsubcommand in
bootstrap)
cluster=$1 && shift || usage
echo "create a user called 'devops' on the admin database."
read -ep "provider [mongolab]: " provider
[ "$provider" == "" ] && provider="mongolab"
read -ep "devops password: " pass
read -ep "seeds: " seeds
read -ep "replicaset: " replicaset
read -ep "ssl true/false [true]: " ssl
[ "$ssl" == "" ] && ssl="true"
vault_key="secret/mongo/$cluster"
vault write $vault_key provider=$provider seeds=$seeds replicaset=$replicaset ssl=$ssl
vault_key="secret/mongo/$cluster/admin/devops"
vault write $vault_key user=devops pass=$pass
;;
createUser)
cluster=$1 && shift || usage
db=$1 && shift || usage
user=$1 && shift || usage
pass=$(mkpass)
echo creating user $user with password $pass on db $db
mongo "$(mongoOpts $cluster)" --eval "db.getSiblingDB(\"$db\").createUser({user: \"$user\", pwd: \"$pass\", roles: [\"readWrite\"]})"
vault_key="secret/mongo/$cluster/$db/$user"
vault write $vault_key user=$user pass=$pass
mongoDsn $cluster $db $user
;;
dropUser)
cluster=$1 && shift || usage
db=$1 && shift || usage
user=$1 && shift || usage
echo deleting user $user on db $db
mongo $(mongoOpts $cluster) --eval "db.getSiblingDB(\"$db\").dropUser(\"$user\")"
;;
connect)
cluster=$1 && shift || usage
mongo $(mongoOpts $cluster) "$@"
;;
browse)
cluster=$1 && shift || usage
replicaset=$( vault read -format=json secret/mongo/$cluster | jq -r ".data.replicaset" )
open "https://mlab.com/clusters/$replicaset"
;;
restore)
cluster=$1 && shift || usage
db=$1 && shift || usage
mongorestore $(mongoOpts $cluster) -d $db "$@"
;;
dsn)
cluster=$1 && shift || usage
db=$1 && shift || usage
user=$1 && shift || usage
mongoDsn $cluster $db $user
;;
*)
usage
esac
;;
*)
usage
;;
esac