Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BC-7024-migration-to-ionos-postgres-dev #834

Merged
merged 38 commits into from
Apr 25, 2024
Merged

BC-7024-migration-to-ionos-postgres-dev #834

merged 38 commits into from
Apr 25, 2024

Conversation

YannickEvers
Copy link
Contributor

@YannickEvers YannickEvers commented Apr 5, 2024
edited
Loading

Description

Switch to IONOS Postgres Cluster for the dev stage. Automatically create and delete branch- and application-specific databases and users for calendar, hydra and erwinidm.

  • Split WITH_DATABASES into WITH_MONGO_DATABASES and WITH_POSTGRES_DATABASES to control them individually
  • Disable WITH_POSTGRES_DATABASES and activate new WITH_BRANCH_POSTGRES_DB_MANAGEMENT
  • Role creates Secrets for the database cluster (from 1Password) and the three application databases (branch as prefix)
  • Role creates the users and database in a Kubernetes Job
  • Role prepares a suspended job for deleting the databases and users
  • Add parts that conditionally (WITH_BRANCH_POSTGRES_DB_MANAGEMENT) overwrite the database config/credentials for erwinidm, calendar (see PR BC-7024-migration-to-ionos-postgres-dev schulcloud-calendar#160) and hydra
  • Add steps to the Github clean_workflow for triggering the suspended job and waiting for it's completion (=deletion)

Links to Tickets or other pull requests

OPS-6241
hpi-schul-cloud/schulcloud-calendar#160

Changes

Datasecurity

Deployment

New Repos, NPM pakages or vendor scripts

Screenshots of UI changes

Approval for review

  • All points were discussed with the ticket creator, support-team or product owner. The code upholds all quality guidelines from the PR-template.

Notice: Please remove the WIP label if the PR is ready to review, otherwise nobody will review it.

@YannickEvers YannickEvers added the WIP This feature branch is in progress, do not merge it. label Apr 5, 2024
@YannickEvers YannickEvers self-assigned this Apr 5, 2024
@YannickEvers YannickEvers mentioned this pull request Apr 5, 2024
Merged
1 task
@YannickEvers YannickEvers removed the WIP This feature branch is in progress, do not merge it. label Apr 5, 2024
@YannickEvers YannickEvers marked this pull request as ready for review April 5, 2024 14:29
@YannickEvers YannickEvers requested review from Loki-Afro and a team April 5, 2024 14:29
mamutmk5
mamutmk5 reviewed Apr 9, 2024
View reviewed changes
Copy link
Member

@mamutmk5 mamutmk5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a great idea but, the looping part for the ansible task it's not so great and it's also violating the part that at least the creating of thing should be in the ansible role where it's needed.
For example the creating and initzialising of the Postgres DB for the calendar shoud be in the calendar ansible role.

@YannickEvers
Copy link
Contributor Author

it's a great idea but, the looping part for the ansible task it's not so great and it's also violating the part that at least the creating of thing should be in the ansible role where it's needed. For example the creating and initzialising of the Postgres DB for the calendar shoud be in the calendar ansible role.

Putting that part in each role would result in many redundancies. The role is more of a replacement for dof_postgres, which previously created the database deployment needed for the applications (and a schema specific for erwinidm). The specific initialization parts are still in the roles.
For the other stages the database creation is part of the infra-schulcloud deployment.

@YannickEvers YannickEvers added the WIP This feature branch is in progress, do not merge it. label Apr 11, 2024
@YannickEvers YannickEvers requested a review from mamutmk5 April 12, 2024 07:41
Loki-Afro
Loki-Afro reviewed Apr 15, 2024
View reviewed changes
ansible/roles/dof_postgresql_management/tasks/main.yml Outdated
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: secret-database.yml.j2
when: db_secret_present.resources|length == 0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does that really work if the operator is not fast enough?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You probably mean the onepassword-operator, right? The secret checked here is not managed by it. There are two separate secrets: One coming from 1Password with the credentials for the whole Postgres cluster and one with the branch/database specific credentials that is created directly with a random password.

@YannickEvers YannickEvers removed the WIP This feature branch is in progress, do not merge it. label Apr 23, 2024
mamutmk5
mamutmk5 requested changes Apr 23, 2024
View reviewed changes
ansible/roles/erwin-idm/tasks/postgres_management.yml Outdated Show resolved Hide resolved
ansible/roles/erwin-idm/templates/postgres_management/job-database-init.yml.j2 Outdated Show resolved Hide resolved
ansible/roles/erwin-idm/templates/postgres_management/job-database-init.yml.j2 Outdated Show resolved Hide resolved
ansible/roles/erwin-idm/templates/postgres_management/job-database-init.yml.j2 Outdated Show resolved Hide resolved
ansible/roles/erwin-idm/templates/postgres_management/job-database-init.yml.j2 Outdated Show resolved Hide resolved
.github/workflows/clean_workflow.yml Show resolved Hide resolved
ansible/roles/erwin-idm/templates/postgres_management/job-database-deletion.yml.j2 Outdated Show resolved Hide resolved
ansible/roles/erwin-idm/templates/postgres_management/onepassword-pg-cluster.yml.j2 Outdated Show resolved Hide resolved
mamutmk5
mamutmk5 requested changes Apr 23, 2024
View reviewed changes
ansible/group_vars/infra/with.yml Show resolved Hide resolved
ansible/group_vars/loadtest/with.yml Show resolved Hide resolved
@YannickEvers YannickEvers merged commit e44c85e into main Apr 25, 2024
27 checks passed
@YannickEvers YannickEvers deleted the BC-7024-migration-to-ionos-postgres-dev branch April 25, 2024 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Loki-Afro Loki-Afro Loki-Afro left review comments

@mamutmk5 mamutmk5 mamutmk5 approved these changes

Assignees

@YannickEvers YannickEvers

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@YannickEvers @mamutmk5 @Loki-Afro