swh: Add the support for content replayer deployments
Related to swh/infra/sysadm-environment#5187 (closed)
helm diff
[swh] Comparing changes between branches production and objstorage-replayer (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in objstorage-replayer branch for environment staging...
[swh] Generate config in objstorage-replayer branch for environment staging...
[swh] Generate config in objstorage-replayer branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in objstorage-replayer branch for environment production...
[swh] Generate config in objstorage-replayer branch for environment production...
[swh] Generate config in objstorage-replayer branch for environment production...
------------- diff for environment staging namespace swh -------------
No differences
------------- diff for environment staging namespace swh-cassandra -------------
No differences
------------- diff for environment staging namespace swh-cassandra-next-version -------------
No differences
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.Z5WLgDWF/production-swh.before 2023-12-21 11:12:15.474185494 +0100
+++ /tmp/swh-chart.swh.Z5WLgDWF/production-swh.after 2023-12-21 11:12:16.678189091 +0100
@@ -5038,20 +5038,68 @@
swh:
level: "INFO"
celery.task:
level: "INFO"
root:
level: "INFO"
handlers:
- console
---
+# Source: swh/templates/objstorage-replayer/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: swh
+ name: objstorage-replayer-winery-template
+data:
+ config.yml.template: |
+ objstorage:
+ cls: multiplexer
+ objstorages:
+ - cls: filtered
+ filters_conf:
+ - type: readonly
+ storage_conf:
+ cls: http
+ compression: gzip
+ timeout: 120
+ url: https://softwareheritage.s3.amazonaws.com/content/
+ - cls: filtered
+ filters_conf:
+ - type: readonly
+ storage_conf:
+ cls: remote
+ url: http://objstorage-read-only-rpc-ingress
+ objstorage_dst:
+ cls: remote
+ url: http://gloin001.internal.cea.swh.network
+ journal_client:
+ brokers:
+ - kafka1.internal.softwareheritage.org:9094
+ - kafka2.internal.softwareheritage.org:9094
+ - kafka3.internal.softwareheritage.org:9094
+ - kafka4.internal.softwareheritage.org:9094
+ cls: kafka
+ group_id: swh-archive-prod-winery-content-replayer
+ on_eof: latest
+ prefix: swh.journal.objects
+ sasl.mechanism: SCRAM-SHA-512
+ sasl.password: ${BROKER_USER_PASSWORD}
+ sasl.username: ${BROKER_USER}
+ security.protocol: SASL_SSL
+ replayer:
+ error_reporter:
+ db: 0
+ host: redis-winery-replay.redis
+ port: 6379
+---
# Source: swh/templates/objstorage/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
name: objstorage-read-only-configuration-template
data:
config.yml.template: |
objstorage:
cls: multiplexer
@@ -5172,21 +5220,21 @@
- kafka3.internal.softwareheritage.org:9094
- kafka4.internal.softwareheritage.org:9094
batch_size: 200
cls: kafka
group_id: swh-archive-prod-journalchecker
on_eof: restart
prefix: swh.journal.objects
privileged: true
sasl.mechanism: SCRAM-SHA-512
sasl.password: ${BROKER_USER_PASSWORD}
- sasl.username: swh-archive-prod
+ sasl.username: ${BROKER_USER}
security.protocol: SASL_SSL
---
# Source: swh/templates/scrubber/journal-checker-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
name: scrubber-journalchecker-revision-template
data:
config.yml.template: |
@@ -5199,21 +5247,21 @@
- kafka2.internal.softwareheritage.org:9094
- kafka3.internal.softwareheritage.org:9094
- kafka4.internal.softwareheritage.org:9094
cls: kafka
group_id: swh-archive-prod-journalchecker
on_eof: restart
prefix: swh.journal.objects
privileged: true
sasl.mechanism: SCRAM-SHA-512
sasl.password: ${BROKER_USER_PASSWORD}
- sasl.username: swh-archive-prod
+ sasl.username: ${BROKER_USER}
security.protocol: SASL_SSL
---
# Source: swh/templates/scrubber/journal-checker-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
name: scrubber-journalchecker-snapshot-template
data:
config.yml.template: |
@@ -5225,21 +5273,21 @@
- kafka1.internal.softwareheritage.org:9094
- kafka2.internal.softwareheritage.org:9094
- kafka3.internal.softwareheritage.org:9094
- kafka4.internal.softwareheritage.org:9094
cls: kafka
group_id: swh-archive-prod-journalchecker
on_eof: restart
prefix: swh.journal.objects
sasl.mechanism: SCRAM-SHA-512
sasl.password: ${BROKER_USER_PASSWORD}
- sasl.username: swh-archive-prod
+ sasl.username: ${BROKER_USER}
security.protocol: SASL_SSL
---
# Source: swh/templates/scrubber/storage-checker-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
name: scrubber-storagechecker-primary-directory-hashes-template
data:
config.yml.template: |
@@ -5636,25 +5684,24 @@
cls: postgresql
db: host=db.internal.softwareheritage.org port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
journal:
brokers:
- kafka1.internal.softwareheritage.org:9094
- kafka2.internal.softwareheritage.org:9094
- kafka3.internal.softwareheritage.org:9094
- kafka4.internal.softwareheritage.org:9094
cls: kafka
group_id: swh-archive-prod-journalchecker
- on_eof: restart
prefix: swh.journal.objects
sasl.mechanism: SCRAM-SHA-512
sasl.password: ${BROKER_USER_PASSWORD}
- sasl.username: swh-archive-prod
+ sasl.username: ${BROKER_USER}
security.protocol: SASL_SSL
---
# Source: swh/templates/toolbox/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: toolbox-scrubber-storage-primary-template
namespace: swh
data:
config.yml.template: |
@@ -14911,20 +14958,140 @@
port: 9150
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /metrics
port: 9150
initialDelaySeconds: 5
periodSeconds: 10
---
+# Source: swh/templates/objstorage-replayer/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: objstorage-replayer-winery
+ namespace: swh
+ labels:
+ app: objstorage-replayer-winery
+spec:
+ revisionHistoryLimit: 2
+ replicas: 1
+ selector:
+ matchLabels:
+ app: objstorage-replayer-winery
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: objstorage-replayer-winery
+ annotations:
+ # Force a rollout upgrade if the configuration changes
+ checksum/config: e1569a75b26e4a7d89af1e021dc455820190cd777fd845b8adc419c5915094ae
+ spec:
+ affinity:
+
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: swh/replayer
+ operator: In
+ values:
+ - "true"
+ initContainers:
+ - name: prepare-configuration
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/utils:20231211.1
+ imagePullPolicy: IfNotPresent
+ command:
+ - /entrypoints/prepare-configuration.sh
+ env:
+
+
+ - name: BROKER_USER
+ valueFrom:
+ secretKeyRef:
+ name: swh-archive-broker-secret
+ key: BROKER_USER
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: BROKER_USER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-archive-broker-secret
+ key: BROKER_USER_PASSWORD
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: configuration-template
+ mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
+ containers:
+ - name: objstorage-replayer
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/objstorage_replayer:20231220.1
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: FETCH_CONCURRENCY
+ value: "1"
+ - name: LOGLEVEL
+ value: "INFO"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: production
+ - name: SWH_MAIN_PACKAGE
+ value: swh.objstorage.replayer
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: objstorage-replayer-sentry-dsn
+ # 'name' secret must exist & include key "host"
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: configuration-template
+ configMap:
+ name: objstorage-replayer-winery-template
+ defaultMode: 0777
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
+---
# Source: swh/templates/objstorage/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh
name: objstorage-read-only
labels:
app: objstorage-read-only
spec:
revisionHistoryLimit: 2
@@ -15785,21 +15952,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: scrubber-journalchecker-release
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: f56b5eca3e85965c76210842ea16a033877279f8bc6e4e73a41a22673cb8c50b
+ checksum/config: 91aaf81592b610d5e8fa80eb5f8a397909329d9aae9c3ed7790b8fb092f942eb
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/scrubber
operator: In
values:
@@ -15813,20 +15980,27 @@
env:
- name: SCRUBBER_POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: swh-scrubber-postgresql-common-secret
key: postgres-swh-scrubber-password
# 'name' secret must exist & include that ^ key
optional: false
+ - name: BROKER_USER
+ valueFrom:
+ secretKeyRef:
+ name: swh-archive-broker-secret
+ key: BROKER_USER
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: BROKER_USER_PASSWORD
valueFrom:
secretKeyRef:
name: swh-archive-broker-secret
key: BROKER_USER_PASSWORD
# 'name' secret must exist & include that ^ key
optional: false
command:
- /bin/bash
args:
@@ -15926,21 +16100,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: scrubber-journalchecker-revision
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: 002594a84a7052f384c9fb3b1a90abcb34cb45150555c639560044d4c1257e0b
+ checksum/config: dbb4273ccedb951c94a8f7afe2243aa7d60a2a6e46b3c82bb6782c6c30a4ff3f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/scrubber
operator: In
values:
@@ -15954,20 +16128,27 @@
env:
- name: SCRUBBER_POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: swh-scrubber-postgresql-common-secret
key: postgres-swh-scrubber-password
# 'name' secret must exist & include that ^ key
optional: false
+ - name: BROKER_USER
+ valueFrom:
+ secretKeyRef:
+ name: swh-archive-broker-secret
+ key: BROKER_USER
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: BROKER_USER_PASSWORD
valueFrom:
secretKeyRef:
name: swh-archive-broker-secret
key: BROKER_USER_PASSWORD
# 'name' secret must exist & include that ^ key
optional: false
command:
- /bin/bash
args:
@@ -16067,21 +16248,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: scrubber-journalchecker-snapshot
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: fe800781d051570627d4494d78a60d771749bc2444ed738a6836b7ea458f57ac
+ checksum/config: 8456c3b84912e54543e6a04aaf841257158e71884fdfc54b1d085bd2c368ac65
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/scrubber
operator: In
values:
@@ -16095,20 +16276,27 @@
env:
- name: SCRUBBER_POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: swh-scrubber-postgresql-common-secret
key: postgres-swh-scrubber-password
# 'name' secret must exist & include that ^ key
optional: false
+ - name: BROKER_USER
+ valueFrom:
+ secretKeyRef:
+ name: swh-archive-broker-secret
+ key: BROKER_USER
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: BROKER_USER_PASSWORD
valueFrom:
secretKeyRef:
name: swh-archive-broker-secret
key: BROKER_USER_PASSWORD
# 'name' secret must exist & include that ^ key
optional: false
command:
- /bin/bash
args:
@@ -18155,21 +18343,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: swh-toolbox
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: b4fac72f5d9637a24d02dd53ea47c84b9a7dddb3a1194a6bd29a1aeac3014127
+ checksum/config: 37e4bf19abec492d2acfc34a73536f3cde9a26476a443a8571f658a13cbcb38c
checksum/configScript: 663c64a77cb64ac413bb3014e6a87dbd2c528b0b92f716d79ebaeb200d76c6da
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/toolbox
operator: In
values:
@@ -18242,20 +18430,27 @@
image: debian:bullseye
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config-scrubber-journal.yml
env:
+ - name: BROKER_USER
+ valueFrom:
+ secretKeyRef:
+ name: swh-archive-broker-secret
+ key: BROKER_USER
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: BROKER_USER_PASSWORD
valueFrom:
secretKeyRef:
name: swh-archive-broker-secret
key: BROKER_USER_PASSWORD
# 'name' secret must exist & include that ^ key
optional: false
------------- diff for environment production namespace swh-cassandra -------------
No differences
Edited by Vincent Sellier