Skip to content

web/sync-mailmaps: Adapt routine to use the postgresql service config

Antoine R. Dumont requested to merge fix-syncmailmap-cronjob into production

This does not work with the bare connstring (shell escaping is just never the right one after multiple tryouts). So stop losing time and just implement what used to be implemented in the puppet side (use the ~/.pg_service.conf and ~/.pgpass postgresql configuration files).

The diff [1] is sensible and minikube test sounds right enough.

(An equivalent has been tested in the staging pod for real and it's working too).

[1]

swh-helm-diff
[swh] Comparing changes between branches production and fix-syncmailmap-cronjob (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'fix-syncmailmap-cronjob'
[swh] Generate config in fix-syncmailmap-cronjob branch for environment staging...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment staging...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'fix-syncmailmap-cronjob'
[swh] Generate config in fix-syncmailmap-cronjob branch for environment production...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment production...
[swh] Generate config in fix-syncmailmap-cronjob branch for environment production...


------------- diff for environment staging namespace swh -------------

--- /tmp/swh-chart.swh.wXAkTxEz/staging-swh.before      2023-10-25 11:48:26.137632545 +0200
+++ /tmp/swh-chart.swh.wXAkTxEz/staging-swh.after       2023-10-25 11:48:26.801631895 +0200
@@ -4026,20 +4026,37 @@
     if [ -e "${DB_VERSION}" ]; then
       echo "Unable to find the code version"
       exit 1
     fi

     if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
       echo "code and DB versions are different. Blocking the deployment"
       exit 1
     fi
 ---
+# Source: swh/templates/web/configmap-pgservice.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: pgservice-configuration-template
+data:
+  pg-service-conf: |
+    [syncmailmaps]
+    dbname=swh
+    host=db1.internal.staging.swh.network
+    port=5432
+    user=swhmailmap
+
+  pgpass-template: |
+    db1.internal.staging.swh.network:5432:swh:swhmailmap:${POSTGRESQL_MAILMAP_PASSWORD}
+---
 # Source: swh/templates/web/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: web-configuration-template
 data:
   config.yml.template: |
     instance_name: webapp.staging.swh.network
     allowed_hosts:
@@ -21826,21 +21843,21 @@
   name: refresh-savecodenow-statuses-cronjob
 spec:
   schedule: "*/2 * * * *"
   jobTemplate:
     spec:
       template:
         spec:
           priorityClassName: swh-frontend-rpc-workload

           initContainers:
-            - name: prepare-configuration
+            - name: prepare-web-configuration
               image: debian:bullseye
               imagePullPolicy: IfNotPresent
               command:
               - /bin/bash
               args:
               - -c
               - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
               env:

                 - name: POSTGRESQL_PASSWORD
@@ -21896,21 +21913,21 @@
                     secretKeyRef:
                       name: common-secrets
                       key: web-sentry-dsn
                       # 'name' secret should exist & include key
                       # if the setting doesn't exist, sentry pushes will be disabled
                       optional: true

               volumeMounts:
               - name: configuration
                 mountPath: /etc/swh
-              - name: configuration-template
+              - name: web-configuration-template
                 mountPath: /etc/swh/configuration-template
           containers:
             - name: refresh-savecodenow-statuses
               resources:
                 requests:
                   memory: 512Mi
                   cpu: 500m
               image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231024.2
               command:
               - /opt/swh/entrypoint.sh
@@ -21938,21 +21955,21 @@
                       optional: false
                 - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
                   value: "true"
               imagePullPolicy: IfNotPresent
               volumeMounts:
               - name: configuration
                 mountPath: /etc/swh
           volumes:
           - name: configuration
             emptyDir: {}
-          - name: configuration-template
+          - name: web-configuration-template
             configMap:
               name: web-configuration-template
               items:
               - key: "config.yml.template"
                 path: "config.yml.template"
           restartPolicy: OnFailure
 ---
 # Source: swh/templates/web/sync-mailmaps-cronjob.yaml
 apiVersion: batch/v1
 kind: CronJob
@@ -21960,21 +21977,45 @@
   name: sync-mailmaps-cronjob
 spec:
   schedule: "15 * * * *"
   jobTemplate:
     spec:
       template:
         spec:
           priorityClassName: swh-frontend-rpc-workload

           initContainers:
-            - name: prepare-configuration
+            - name: prepare-pgservice-configuration
+              image: debian:bullseye
+              imagePullPolicy: IfNotPresent
+              command:
+              - /bin/bash
+              args:
+              - -c
+              - eval "cp /etc/swh/config/pg_service.conf /etc/swh/.pg_service.conf; echo "\"$(</etc/swh/config/pgpass)\"" > /etc/swh/.pgpass; chmod 400 /etc/swh/.pgpass"
+              env:
+
+                - name: POSTGRESQL_MAILMAP_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: swh-postgresql-syncmailmap-secret
+                      key: postgres-syncmailmap-password
+                      # 'name' secret must exist & include that ^ key
+                      optional: false
+
+              volumeMounts:
+              - name: configuration
+                mountPath: /etc/swh
+              - name: pgservice-configuration-template
+                mountPath: /etc/swh/config
+
+            - name: prepare-web-configuration
               image: debian:bullseye
               imagePullPolicy: IfNotPresent
               command:
               - /bin/bash
               args:
               - -c
               - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
               env:

                 - name: POSTGRESQL_PASSWORD
@@ -22027,81 +22068,86 @@

                 - name: SWH_SENTRY_DSN
                   valueFrom:
                     secretKeyRef:
                       name: common-secrets
                       key: web-sentry-dsn
                       # 'name' secret should exist & include key
                       # if the setting doesn't exist, sentry pushes will be disabled
                       optional: true

+                - name: PGSERVICEFILE
+                  value: /etc/swh/.pg_service.conf
+                - name: PGPASSFILE
+                  value: /etc/swh/.pgpass
+
               volumeMounts:
               - name: configuration
                 mountPath: /etc/swh
-              - name: configuration-template
+              - name: web-configuration-template
                 mountPath: /etc/swh/configuration-template
           containers:
             - name: sync-mailmaps
               resources:
                 requests:
                   memory: 512Mi
                   cpu: 500m
               image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231024.2
               command:
               - /opt/swh/entrypoint.sh
               args:
               - sync-mailmaps
-              - host=db1.internal.staging.swh.network port=5432 user=swhmailmap dbname=swh password=${POSTGRESQL_MAILMAP_PASSWORD}
+              - service=syncmailmaps
               env:
                 - name: STATSD_HOST
                   value: prometheus-statsd-exporter
                 - name: STATSD_PORT
                   value: "9125"
                 - name: SWH_CONFIG_FILENAME
                   value: /etc/swh/config.yml
                 - name: LOG_LEVEL
                   value: INFO
-
-                - name: POSTGRESQL_MAILMAP_PASSWORD
-                  valueFrom:
-                    secretKeyRef:
-                      name: swh-postgresql-syncmailmap-secret
-                      key: postgres-syncmailmap-password
-                      # 'name' secret must exist & include that ^ key
-                      optional: false
-
                 - name: SWH_SENTRY_ENVIRONMENT
                   value: staging
                 - name: SWH_MAIN_PACKAGE
                   value: swh.web
                 - name: SWH_SENTRY_DSN
                   valueFrom:
                     secretKeyRef:
                       name: common-secrets
                       key: web-sentry-dsn
                       # if the setting doesn't exist, sentry issue pushes will be disabled
                       optional: false
                 - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
                   value: "true"
               imagePullPolicy: IfNotPresent
               volumeMounts:
               - name: configuration
                 mountPath: /etc/swh
           volumes:
           - name: configuration
             emptyDir: {}
-          - name: configuration-template
+          - name: web-configuration-template
             configMap:
               name: web-configuration-template
               items:
               - key: "config.yml.template"
                 path: "config.yml.template"
+          - name: pgservice-configuration-template
+            configMap:
+              name: pgservice-configuration-template
+              items:
+              - key: "pg-service-conf"
+                path: "pg_service.conf"
+              - key: "pgpass-template"
+                path: "pgpass"
+
           restartPolicy: OnFailure
 ---
 # Source: swh/templates/graphql/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   namespace: swh
   name: graphql-ingress-default
   annotations:



------------- diff for environment staging namespace swh-cassandra -------------

No differences


------------- diff for environment staging namespace swh-cassandra-next-version -------------

No differences


------------- diff for environment production namespace swh -------------

No differences


------------- diff for environment production namespace swh-cassandra -------------

No differences

Refs. swh/infra/sysadm-environment#4780 (closed)

Edited by Antoine R. Dumont

Merge request reports