Merge branch 'develop'

.gitignore

@@ -1,4 +1,3 @@
-vendor
 build
 tools
 

README.adoc

@@ -1,5 +1,5 @@
 = Crunchy Watch
-Latest Release: 2.1.1 {docdate}
+Latest Release: 2.2.0 {docdate}
 
 image::docs/crunchy_logo.png?raw=true[]
 
@@ -17,13 +17,13 @@ provided including:
  * trigger a failover on a replica that is further ahead than others
 
 Crunchy Watch is packaged into a Docker container which can execute in a pure
-Docker 1.12, Kubernetes 1.7, and Openshift 3.6 environments.
+Docker 1.12, Kubernetes 1.9, and Openshift 3.11 environments.
 
 You can also run Crunchy Watch outside of a container as a binary.
 
 Crunchy provides a commercially supported version of this container built upon
 RHEL 7 and the Crunchy supported PostgreSQL.  Contact Crunchy for more details
-at link:http://www.crunchydata.com.
+at link:https://www.crunchydata.com.
 
 
 == Usage
@@ -88,6 +88,10 @@ below.
 	| CRUNCHY_WATCH_DATABASE
 	| postgres
 	| database to connect
+| --target-type
+        | CRUNCHY_WATCH_TARGET_TYPE
+        | pod
+        | Failover tatget type can be POD or Deployment
 | --timeout
 	| CRUNCHY_WATCH_TIMEOUT
 	| 10s
@@ -176,13 +180,15 @@ export GOPATH=$HOME/cdev
 export PATH=$PATH:$GOPATH/bin
 export CCP_IMAGE_PREFIX=crunchydata
 export CCP_BASEOS=centos7
-export CCP_PGVERSION=10
-export CCP_PG_FULLVERSION=10.5
-export CCP_VERSION=2.1.0
+export CCP_PGVERSION=11
+export CCP_PG_FULLVERSION=11.1
+export CCP_VERSION=2.2.0
 export CCP_IMAGE_TAG=$CCP_BASEOS-$CCP_PG_FULLVERSION-$CCP_VERSION
 export WATCH_CLI=kubectl
 export WATCH_NAMESPACE=demo
 export WATCH_ROOT=$GOPATH/src/github.com/crunchydata/crunchy-watch
+export WATCH_IMAGE_PREFIX=crunchydata
+export WATCH_IMAGE_TAG=centos7-2.1.1
 ....
 
 In the case of Openshift:
@@ -338,6 +344,19 @@ $> CRUNCHY_WATCH_PRE_HOOK=/tmp/watch-pre-hook crunchy-watch kube
 
 == Examples
 
+Crunchy-watch depends on an RBAC policy to be setup for the
+service account it uses.  As a cluster-admin, you will need
+to run the examples/run-rbac.sh script a single time to create
+the necessary service account with the correct RBAC roles.
+
+....
+. /home/some-normal-user/.bashrc
+export PATH=$PATH:/home/some-normal-user/cdev/bin
+./run-rbac.sh
+....
+
+Then as a normal user account, you can run the crunchy watch examples.
+
 There are 2 primary examples for using crunchy-watch provided.  Both
 examples work for both Kubernetes and Openshift environments.  Setting
 the WATCH_CLI environment variable to *oc* for Openshift or *kubectl*
@@ -442,3 +461,8 @@ cd $WATCH_ROOT/examples/sample-deployments
 cd $WATCH_ROOT/examples/kube-deployments
 ./cleanup.sh
 ....
+
+The examples on Openshift require the pg-watcher Service Account to 
+have special priviledges, see the run.sh script for the 'oc adm' commands
+required to grant those priviledges.  Customize this priviledge for your
+local requirements.  

centos7/10/Dockerfile.watch.centos7

@@ -15,10 +15,10 @@ FROM centos:7
 
 LABEL Name="crunchydata/watch" \
 	Vendor="Crunchy Data Solutions" \
-	Version="7.5" \
+	Version="7.6" \
 	PostgresVersion="10" \
-	PostgresFullVersion="10.5" \
-	Release="2.1.1" \
+	PostgresFullVersion="10.6" \
+	Release="2.2.0" \
 	Url="https://crunchydata.com" \
 	Summary="" \
 	io.k8s.description="watch container" \

centos7/11/Dockerfile.watch.centos7

@@ -0,0 +1,55 @@
+# Copyright 2016-2018 Crunchy Data Solutions, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM centos:7
+
+LABEL Name="crunchydata/watch" \
+	Vendor="Crunchy Data Solutions" \
+	Version="7.6" \
+	PostgresVersion="11" \
+	PostgresFullVersion="11.1" \
+	Release="2.2.0" \
+	Url="https://crunchydata.com" \
+	Summary="" \
+	io.k8s.description="watch container" \
+	io.k8s.display-name="Crunchy Watch Container" \
+	io.openshift.expose-services="" \
+	io.openshift.tags="crunchy,database"
+
+ENV PGVERSION="11" \
+	PGDG_REPO="pgdg-centos11-11-2.noarch.rpm"
+
+# PGDG Postgres repo and install postgres client tools and libraries
+RUN rpm -Uvh https://download.postgresql.org/pub/repos/yum/${PGVERSION}/redhat/rhel-7-x86_64/${PGDG_REPO} && \
+	yum install -y postgresql11 postgresql11-libs && \
+	yum clean all && \
+	rm -rf /var/yum/cache
+
+# Create postgres user and group
+RUN groupadd -r -g 26 postgres && \
+	useradd -r -u 26 -g postgres postgres
+
+# Setup cpm directories
+RUN mkdir -p /opt/cpm/bin/crunchy-watch/plugins
+
+# Install crunchy-watch
+ADD build/crunchy-watch /opt/cpm/bin/crunchy-watch/crunchy-watch
+ADD build/plugins /opt/cpm/bin/crunchy-watch/plugins
+ADD bin/start.sh /opt/cpm/bin
+
+# Ensure /opt/cpm has correct ownership
+RUN chown -R postgres:postgres /opt/cpm
+
+USER postgres
+
+CMD ["/opt/cpm/bin/start.sh"]

centos7/9.5/Dockerfile.watch.centos7

@@ -15,10 +15,10 @@ FROM centos:7
 
 LABEL Name="crunchydata/watch" \
 	Vendor="Crunchy Data Solutions" \
-	Version="7.5" \
-	PostgresFullVersion="9.5.14" \
+	Version="7.6" \
+	PostgresFullVersion="9.5.15" \
 	PostgresVersion="9.5" \
-	Release="2.1.1" \
+	Release="2.2.0" \
 	Url="https://crunchydata.com" \
 	Summary="" \
 	io.k8s.description="watch container" \

centos7/9.6/Dockerfile.watch.centos7

@@ -15,10 +15,10 @@ FROM centos:7
 
 LABEL Name="crunchydata/watch" \
 	Vendor="Crunchy Data Solutions" \
-	Version="7.5" \
-	PostgresFullVersion="9.6.10" \
+	Version="7.6" \
+	PostgresFullVersion="9.6.11" \
 	PostgresVersion="9.6" \
-	Release="2.1.1" \
+	Release="2.2.0" \
 	Url="https://crunchydata.com"\
 	Summary="" \
 	io.k8s.description="watch container" \

docs/help.1

@@ -45,10 +45,10 @@ The registry location and name of the image. For example, Name="crunchydata/watc
 \fB\fCVersion=\fR
 
 .PP
-The Red Hat Enterprise Linux version from which the container was built. For example, Version="7.5"
+The Red Hat Enterprise Linux version from which the container was built. For example, Version="7.6"
 
 .PP
 \fB\fCRelease=\fR
 
 .PP
-The specific release number of the container. For example, Release="2.1.1"
+The specific release number of the container. For example, Release="2.2.0"

docs/help.md

@@ -30,8 +30,8 @@ The registry location and name of the image. For example, Name="crunchydata/watc
 
 `Version=`
 
-The Red Hat Enterprise Linux version from which the container was built. For example, Version="7.5"
+The Red Hat Enterprise Linux version from which the container was built. For example, Version="7.6"
 
 `Release=`
 
-The specific release number of the container. For example, Release="2.1.1"
+The specific release number of the container. For example, Release="2.2.0"

docs/watch.1

@@ -51,11 +51,11 @@ The registry location and name of the image\&. For example, Name="crunchydata/wa
 .sp
 Version=
 .sp
-The Red Hat Enterprise Linux version from which the container was built\&. For example, Version="7.5"
+The Red Hat Enterprise Linux version from which the container was built\&. For example, Version="7.6"
 .sp
 Release=
 .sp
-The specific release number of the container\&. For example, Release="2.1.1"
+The specific release number of the container\&. For example, Release="2.2.0"
 .SH "AUTHOR"
 .PP
 \fBJeff McCormick\fR

examples/cleanup-rbac.sh

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 
-$WATCH_CLI delete sa pg-watcher
-$WATCH_CLI delete role pg-watcher-role
-$WATCH_CLI delete rolebinding pg-watcher-role-binding
+$WATCH_CLI delete sa pg-watcher -n $WATCH_NAMESPACE
+$WATCH_CLI delete role pg-watcher-role -n $WATCH_NAMESPACE
+$WATCH_CLI delete rolebinding pg-watcher-role-binding -n $WATCH_NAMESPACE
 

examples/kube-deployments/cleanup.sh

@@ -13,9 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-$WATCH_CLI delete pod watch
+$WATCH_CLI -n $WATCH_NAMESPACE delete pod watch
 
 source ../cleanup-rbac.sh
 
-$WATCH_CLI delete configmap watch-hooks-configmap
+$WATCH_CLI -n $WATCH_NAMESPACE delete configmap watch-hooks-configmap
 ../waitforterm.sh watch $WATCH_CLI

examples/kube-deployments/run.sh

@@ -19,12 +19,21 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 $DIR/cleanup.sh
 
+[ -z "$WATCH_NAMESPACE" ] && echo "Need to set WATCH_NAMESPACE" && exit 1
+[ -z "$WATCH_IMAGE_TAG" ] && echo "Need to set WATCH_IMAGE_TAG" && exit 1
+[ -z "$WATCH_IMAGE_PREFIX" ] && echo "Need to set WATCH_IMAGE_PREFIX" && exit 1
+
 # Create 'watch-hooks-configmap'.
-$WATCH_CLI create configmap watch-hooks-configmap \
+$WATCH_CLI -n $WATCH_NAMESPACE create configmap watch-hooks-configmap \
 	--from-file=./hooks/watch-pre-hook \
 	--from-file=./hooks/watch-post-hook
 
-expenv -f ../rbac.yaml | $WATCH_CLI create -f -
+expenv -f ../rbac.yaml | $WATCH_CLI -n $WATCH_NAMESPACE create -f -
+
+if [[ ${WATCH_CLI} -eq "oc" ]]
+then
+        oc adm policy add-scc-to-user privileged -z pg-watcher -n $WATCH_NAMESPACE
+fi
 
-expenv -f $DIR/watch.json  | $WATCH_CLI create -f -
+expenv -f $DIR/watch.json  | $WATCH_CLI -n $WATCH_NAMESPACE create -f -
 

examples/kube-deployments/watch.json

@@ -11,7 +11,7 @@
         "serviceAccount": "pg-watcher",
         "containers": [{
             "name": "watch",
-            "image": "$CCP_IMAGE_PREFIX/crunchy-watch:$CCP_IMAGE_TAG",
+            "image": "$WATCH_IMAGE_PREFIX/crunchy-watch:$WATCH_IMAGE_TAG",
             "env": [{
                 "name": "CRUNCHY_WATCH_PLATFORM",
                 "value": "kube"

examples/kube/cleanup.sh

@@ -13,10 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-$WATCH_CLI delete pod watch
+$WATCH_CLI -n $WATCH_NAMESPACE delete pod watch
 
 ../waitforterm.sh watch $WATCH_CLI
 
-source ../cleanup-rbac.sh
-
-$WATCH_CLI delete configmap watch-hooks-configmap
+$WATCH_CLI -n $WATCH_NAMESPACE delete configmap watch-hooks-configmap

examples/kube/run.sh

@@ -17,10 +17,12 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 $DIR/cleanup.sh
 
-$WATCH_CLI create configmap watch-hooks-configmap \
+[ -z "$WATCH_NAMESPACE" ] && echo "Need to set WATCH_NAMESPACE" && exit 1
+[ -z "$WATCH_IMAGE_TAG" ] && echo "Need to set WATCH_IMAGE_TAG" && exit 1
+[ -z "$WATCH_IMAGE_PREFIX" ] && echo "Need to set WATCH_IMAGE_PREFIX" && exit 1
+
+$WATCH_CLI -n $WATCH_NAMESPACE create configmap watch-hooks-configmap \
 		--from-file=./hooks/watch-pre-hook \
 		--from-file=./hooks/watch-post-hook
 
-expenv -f ../rbac.yaml | $WATCH_CLI create -f -
-
-expenv -f  $DIR/watch.json | $WATCH_CLI create -f -
+expenv -f  $DIR/watch.json | $WATCH_CLI -n $WATCH_NAMESPACE create -f -

examples/kube/watch.json

@@ -11,7 +11,7 @@
         "serviceAccount": "pg-watcher",
         "containers": [{
             "name": "watch",
-            "image": "$CCP_IMAGE_PREFIX/crunchy-watch:$CCP_IMAGE_TAG",
+            "image": "$WATCH_IMAGE_PREFIX/crunchy-watch:$WATCH_IMAGE_TAG",
             "env": [{
                 "name": "CRUNCHY_WATCH_PLATFORM",
                 "value": "kube"

examples/rbac.yaml

@@ -13,9 +13,15 @@ metadata:
   name: pg-watcher-role
   namespace: $WATCH_NAMESPACE
 rules:
+- apiGroups: ["extensions","apps"]
+  resources: ["deployments"]
+  verbs: ["*"]
 - apiGroups: [""]
-  resources: ["deployments","pods"]
-  verbs: ["get","watch","list","update","patch","delete"]
+  resources: ["pods"]
+  verbs: ["deletecollection", "get", "list", "update"]
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["create"]
 
 ---
 

examples/run-rbac.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Copyright 2016-2018 Crunchy Data Solutions, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+$DIR/cleanup-rbac.sh
+
+[ -z "$WATCH_NAMESPACE" ] && echo "Need to set WATCH_NAMESPACE" && exit 1
+[ -z "$WATCH_IMAGE_TAG" ] && echo "Need to set WATCH_IMAGE_TAG" && exit 1
+[ -z "$WATCH_IMAGE_PREFIX" ] && echo "Need to set WATCH_IMAGE_PREFIX" && exit 1
+
+expenv -f $DIR/rbac.yaml | $WATCH_CLI -n $WATCH_NAMESPACE create -f -
+
+if [[ ${WATCH_CLI} -eq "oc" ]]
+then
+	oc adm policy add-scc-to-user privileged -z pg-watcher -n $WATCH_NAMESPACE
+fi
+

plugins/kube/main.go

@@ -83,7 +83,7 @@ func (h failoverHandler) Failover() error {
 	log.Info("Deleting existing primary...")
 	var err error
 	if config.GetString(TargetType.EnvVar) == "deployment" {
-		log.Info("deleting deployment")
+		log.Info("deleting deployment in namespace " + config.GetString(OSProject.EnvVar))
 		err = deletePrimaryDeployment(config.GetString(OSProject.EnvVar),
 			config.GetString("CRUNCHY_WATCH_PRIMARY"))
 	} else {

rhel7/10/Dockerfile.watch.rhel7

@@ -13,14 +13,14 @@
 
 FROM registry.access.redhat.com/rhel7
 
-MAINTAINER Crunchy Data <support@crunchydata.com>
+MAINTAINER Crunchy Data <info@crunchydata.com>
 
 LABEL name="crunchydata/watch" \
 	vendor="Crunchy Data Solutions" \
-	Version="7.5" \
+	Version="7.6" \
 	PostgresVersion="10" \
-	PostgresFullVersion="10.5" \
-	Release="2.1.1" \
+	PostgresFullVersion="10.6" \
+	Release="2.2.0" \
 	Url="https://crunchydata.com" \
 	description="Watches the primary in a primary/replica deployment, triggering a failover when the primary can't be reached" \
 	summary="Watches the primary in a primary/replica deployment, triggering a failover when the primary can't be reached" \