start migration to flexible postgresql server

Tietokilta · Nov 7, 2023 · 0afd91c · 0afd91c
1 parent 31d7679
commit 0afd91c
Show file tree

Hide file tree

Showing 12 changed files with 90 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -44,8 +44,10 @@ module "keyvault" {
   source   = "./modules/keyvault"
   env_name = "prod"
 
-  resource_group_name     = module.common.resource_group_name
-  resource_group_location = local.resource_group_location
+  resource_group_name            = module.common.resource_group_name
+  resource_group_location        = local.resource_group_location
+  tikweb_postgres_admin_password = module.common.postgres_admin_password
+  tikweb_postgres_admin_username = module.common.postgres_admin_username
 }
 
 
@@ -141,6 +143,7 @@ module "cms" {
   tikweb_app_plan_id           = module.common.tikweb_app_plan_id
   tikweb_rg_location           = module.common.resource_group_location
   tikweb_rg_name               = module.common.resource_group_name
+  postgres_server_new_id       = module.common.postgres_server_new_id
 }
 
 module "ilmo" {
@@ -152,6 +155,7 @@ module "ilmo" {
   postgres_server_fqdn    = module.common.postgres_server_fqdn
   postgres_server_host    = module.common.postgres_server_host
   postgres_admin_password = module.common.postgres_admin_password
+  postgres_server_new_id  = module.common.postgres_server_new_id
   edit_token_secret       = module.keyvault.ilmo_edit_token_secret
   auth_jwt_secret         = module.keyvault.ilmo_auth_jwt_secret
   mailgun_api_key         = module.keyvault.ilmo_mailgun_api_key
@@ -187,6 +191,7 @@ module "tenttiarkisto" {
   postgres_server_fqdn         = module.common.postgres_server_fqdn
   postgres_server_host         = module.common.postgres_server_host
   postgres_admin_password      = module.common.postgres_admin_password
+  postgres_server_new_id       = module.common.postgres_server_new_id
   tikweb_app_plan_id           = module.common.tikweb_app_plan_id
   tikweb_app_plan_rg_location  = module.common.resource_group_location
   tikweb_app_plan_rg_name      = module.common.resource_group_name

diff --git a/modules/cms/main.tf b/modules/cms/main.tf
@@ -10,6 +10,12 @@ resource "azurerm_postgresql_database" "tikweb_cms_db" {
   collation           = "fi-FI"
 }
 
+resource "azurerm_postgresql_flexible_server_database" "tikweb_cms_db_new" {
+  name      = "${local.db_name}-new"
+  server_id = var.postgres_server_new_id
+  collation = "fi_FI"
+  charset   = "utf8"
+}
 
 resource "azurerm_linux_web_app" "tikweb_cms" {
   name                = "tikweb-${var.env_name}-app-cms"

diff --git a/modules/cms/variables.tf b/modules/cms/variables.tf
@@ -18,6 +18,9 @@ variable "postgres_server_fqdn" {
   type = string
 }
 
+variable "postgres_server_new_id" {
+  type = string
+}
 variable "postgres_admin_password" {
   type = string
 }

diff --git a/modules/common/main.tf b/modules/common/main.tf
@@ -38,6 +38,20 @@ resource "azurerm_postgresql_server" "tikweb_pg" {
   ssl_enforcement_enabled      = true
 }
 
+resource "azurerm_postgresql_flexible_server" "tikweb_pg_new" {
+  name                         = "example-psqlflexibleserver"
+  resource_group_name          = azurerm_resource_group.tikweb_rg.name
+  location                     = azurerm_resource_group.tikweb_rg.location
+  version                      = "15"
+  administrator_login          = "tietokilta"
+  administrator_password       = random_password.db_password.result
+  storage_mb                   = 32768
+  sku_name                     = "B_Standard_B1ms"
+  backup_retention_days        = 7
+  geo_redundant_backup_enabled = false
+  auto_grow_enabled            = false
+}
+
 # Enable access from other Azure services
 resource "azurerm_postgresql_firewall_rule" "tikweb_pg_internal_access" {
   name                = "tikweb-${var.env_name}-pg-internal-access"

diff --git a/modules/common/output.tf b/modules/common/output.tf
@@ -21,6 +21,14 @@ output "postgres_admin_password" {
   sensitive = true
 }
 
+output "postgres_admin_username" {
+  value     = azurerm_postgresql_server.tikweb_pg.administrator_login
+  sensitive = true
+}
+
+output "postgres_server_new_id" {
+  value = azurerm_postgresql_flexible_server.tikweb_pg_new.id
+}
 output "tikweb_app_plan_id" {
   value = azurerm_service_plan.tikweb_plan.id
 }

diff --git a/modules/ilmo/main.tf b/modules/ilmo/main.tf
@@ -11,6 +11,14 @@ resource "azurerm_postgresql_database" "ilmo_db" {
   collation           = "fi-FI"
 }
 
+resource "azurerm_postgresql_flexible_server_database" "ilmo_db_new" {
+  name      = "${local.db_name}-new"
+  server_id = var.postgres_server_new_id
+  collation = "fi_FI"
+  charset   = "utf8"
+}
+
+
 resource "azurerm_linux_web_app" "ilmo_backend" {
   name                = "tik-ilmo-${var.env_name}-app"
   location            = var.tikweb_rg_location

diff --git a/modules/ilmo/variables.tf b/modules/ilmo/variables.tf
@@ -27,6 +27,10 @@ variable "postgres_server_host" {
   type = string
 }
 
+variable "postgres_server_new_id" {
+  type = string
+}
+
 variable "edit_token_secret" {
   type      = string
   sensitive = true

diff --git a/modules/keyvault/main.tf b/modules/keyvault/main.tf
@@ -17,14 +17,19 @@ resource "azurerm_key_vault" "keyvault" {
 
     key_permissions = [
       "Get",
+      "Create",
+      "Update"
     ]
 
     secret_permissions = [
       "Get",
+      "Set"
     ]
 
     storage_permissions = [
       "Get",
+      "Set",
+      "Update"
     ]
   }
 }
@@ -88,3 +93,14 @@ data "azurerm_key_vault_secret" "github_app_key" {
   name         = "github-app-key"
   key_vault_id = azurerm_key_vault.keyvault.id
 }
+
+resource "azurerm_key_vault_secret" "postgres_admin_username" {
+  key_vault_id = azurerm_key_vault.keyvault.id
+  name         = "postgres-admin-username"
+  value        = var.tikweb_postgres_admin_username
+}
+resource "azurerm_key_vault_secret" "postgres_admin_password" {
+  key_vault_id = azurerm_key_vault.keyvault.id
+  name         = "postgres-admin-password"
+  value        = var.tikweb_postgres_admin_password
+}
diff --git a/modules/keyvault/output.tf b/modules/keyvault/output.tf
@@ -44,3 +44,10 @@ output "tenttiarkisto_django_secret_key" {
 output "github_app_key" {
   value = data.azurerm_key_vault_secret.github_app_key.value
 }
+output "postgres_admin_password" {
+  value = azurerm_key_vault_secret.postgres_admin_password
+}
+
+output "postgres_admin_username" {
+  value = azurerm_key_vault_secret.postgres_admin_username
+}
diff --git a/modules/keyvault/variables.tf b/modules/keyvault/variables.tf
@@ -9,3 +9,10 @@ variable "resource_group_name" {
 variable "resource_group_location" {
   type = string
 }
+variable "tikweb_postgres_admin_username" {
+  type = string
+}
+
+variable "tikweb_postgres_admin_password" {
+  type = string
+}
diff --git a/modules/tenttiarkisto/main.tf b/modules/tenttiarkisto/main.tf
@@ -15,6 +15,13 @@ resource "azurerm_postgresql_database" "tenttiarkisto_db" {
   collation           = "fi-FI"
 }
 
+resource "azurerm_postgresql_flexible_server_database" "tenttiarkisto_db_new" {
+  name      = "${local.db_name}_new"
+  server_id = var.postgres_server_new_id
+  collation = "fi_FI"
+  charset   = "utf8"
+}
+
 resource "azurerm_storage_account" "tenttiarkisto_storage_account" {
   name                            = "tenttiarkisto${var.env_name}sa"
   resource_group_name             = azurerm_resource_group.tenttiarkisto_rg.name

diff --git a/modules/tenttiarkisto/variables.tf b/modules/tenttiarkisto/variables.tf
@@ -26,7 +26,9 @@ variable "postgres_admin_password" {
 variable "postgres_server_host" {
   type = string
 }
-
+variable "postgres_server_new_id" {
+  type = string
+}
 variable "tikweb_app_plan_id" {
   type = string
 }