web/sync-mailmaps: Adapt routine to use the postgresql service config
This does not work with the bare connstring (shell escaping is just never the right one after multiple tryouts). So stop losing time and just implement what used to be implemented in the puppet side (use the ~/.pg_service.conf and ~/.pgpass postgresql configuration files).
The diff [1] is sensible and minikube test sounds right enough.
(An equivalent has been tested in the staging pod for real and it's working too).
[1]
swh-helm-diff
[swh] Comparing changes between branches production and fix-syncmailmap-cronjob (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'fix-syncmailmap-cronjob'
[swh] Generate config in fix-syncmailmap-cronjob branch for environment staging...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment staging...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'fix-syncmailmap-cronjob'
[swh] Generate config in fix-syncmailmap-cronjob branch for environment production...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment production...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.wXAkTxEz/staging-swh.before 2023-10-25 11:48:26.137632545 +0200
+++ /tmp/swh-chart.swh.wXAkTxEz/staging-swh.after 2023-10-25 11:48:26.801631895 +0200
@@ -4026,20 +4026,37 @@
if [ -e "${DB_VERSION}" ]; then
echo "Unable to find the code version"
exit 1
fi
if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
echo "code and DB versions are different. Blocking the deployment"
exit 1
fi
---
+# Source: swh/templates/web/configmap-pgservice.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: swh
+ name: pgservice-configuration-template
+data:
+ pg-service-conf: |
+ [syncmailmaps]
+ dbname=swh
+ host=db1.internal.staging.swh.network
+ port=5432
+ user=swhmailmap
+
+ pgpass-template: |
+ db1.internal.staging.swh.network:5432:swh:swhmailmap:${POSTGRESQL_MAILMAP_PASSWORD}
+---
# Source: swh/templates/web/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
name: web-configuration-template
data:
config.yml.template: |
instance_name: webapp.staging.swh.network
allowed_hosts:
@@ -21826,21 +21843,21 @@
name: refresh-savecodenow-statuses-cronjob
spec:
schedule: "*/2 * * * *"
jobTemplate:
spec:
template:
spec:
priorityClassName: swh-frontend-rpc-workload
initContainers:
- - name: prepare-configuration
+ - name: prepare-web-configuration
image: debian:bullseye
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
env:
- name: POSTGRESQL_PASSWORD
@@ -21896,21 +21913,21 @@
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: true
volumeMounts:
- name: configuration
mountPath: /etc/swh
- - name: configuration-template
+ - name: web-configuration-template
mountPath: /etc/swh/configuration-template
containers:
- name: refresh-savecodenow-statuses
resources:
requests:
memory: 512Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231024.2
command:
- /opt/swh/entrypoint.sh
@@ -21938,21 +21955,21 @@
optional: false
- name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
value: "true"
imagePullPolicy: IfNotPresent
volumeMounts:
- name: configuration
mountPath: /etc/swh
volumes:
- name: configuration
emptyDir: {}
- - name: configuration-template
+ - name: web-configuration-template
configMap:
name: web-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
restartPolicy: OnFailure
---
# Source: swh/templates/web/sync-mailmaps-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
@@ -21960,21 +21977,45 @@
name: sync-mailmaps-cronjob
spec:
schedule: "15 * * * *"
jobTemplate:
spec:
template:
spec:
priorityClassName: swh-frontend-rpc-workload
initContainers:
- - name: prepare-configuration
+ - name: prepare-pgservice-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval "cp /etc/swh/config/pg_service.conf /etc/swh/.pg_service.conf; echo "\"$(</etc/swh/config/pgpass)\"" > /etc/swh/.pgpass; chmod 400 /etc/swh/.pgpass"
+ env:
+
+ - name: POSTGRESQL_MAILMAP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-syncmailmap-secret
+ key: postgres-syncmailmap-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: pgservice-configuration-template
+ mountPath: /etc/swh/config
+
+ - name: prepare-web-configuration
image: debian:bullseye
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
env:
- name: POSTGRESQL_PASSWORD
@@ -22027,81 +22068,86 @@
- name: SWH_SENTRY_DSN
valueFrom:
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: true
+ - name: PGSERVICEFILE
+ value: /etc/swh/.pg_service.conf
+ - name: PGPASSFILE
+ value: /etc/swh/.pgpass
+
volumeMounts:
- name: configuration
mountPath: /etc/swh
- - name: configuration-template
+ - name: web-configuration-template
mountPath: /etc/swh/configuration-template
containers:
- name: sync-mailmaps
resources:
requests:
memory: 512Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231024.2
command:
- /opt/swh/entrypoint.sh
args:
- sync-mailmaps
- - host=db1.internal.staging.swh.network port=5432 user=swhmailmap dbname=swh password=${POSTGRESQL_MAILMAP_PASSWORD}
+ - service=syncmailmaps
env:
- name: STATSD_HOST
value: prometheus-statsd-exporter
- name: STATSD_PORT
value: "9125"
- name: SWH_CONFIG_FILENAME
value: /etc/swh/config.yml
- name: LOG_LEVEL
value: INFO
-
- - name: POSTGRESQL_MAILMAP_PASSWORD
- valueFrom:
- secretKeyRef:
- name: swh-postgresql-syncmailmap-secret
- key: postgres-syncmailmap-password
- # 'name' secret must exist & include that ^ key
- optional: false
-
- name: SWH_SENTRY_ENVIRONMENT
value: staging
- name: SWH_MAIN_PACKAGE
value: swh.web
- name: SWH_SENTRY_DSN
valueFrom:
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# if the setting doesn't exist, sentry issue pushes will be disabled
optional: false
- name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
value: "true"
imagePullPolicy: IfNotPresent
volumeMounts:
- name: configuration
mountPath: /etc/swh
volumes:
- name: configuration
emptyDir: {}
- - name: configuration-template
+ - name: web-configuration-template
configMap:
name: web-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
+ - name: pgservice-configuration-template
+ configMap:
+ name: pgservice-configuration-template
+ items:
+ - key: "pg-service-conf"
+ path: "pg_service.conf"
+ - key: "pgpass-template"
+ path: "pgpass"
+
restartPolicy: OnFailure
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: graphql-ingress-default
annotations:
------------- diff for environment staging namespace swh-cassandra -------------
No differences
------------- diff for environment staging namespace swh-cassandra-next-version -------------
No differences
------------- diff for environment production namespace swh -------------
No differences
------------- diff for environment production namespace swh-cassandra -------------
No differencesEdited by Antoine R. Dumont