Skip to content

swh: Add the support for content replayer deployments

Vincent Sellier requested to merge objstorage-replayer into production

Related to swh/infra/sysadm-environment#5187 (closed)

helm diff
[swh] Comparing changes between branches production and objstorage-replayer (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in objstorage-replayer branch for environment staging...
[swh] Generate config in objstorage-replayer branch for environment staging...
[swh] Generate config in objstorage-replayer branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in objstorage-replayer branch for environment production...
[swh] Generate config in objstorage-replayer branch for environment production...
[swh] Generate config in objstorage-replayer branch for environment production...


------------- diff for environment staging namespace swh -------------

No differences


------------- diff for environment staging namespace swh-cassandra -------------

No differences


------------- diff for environment staging namespace swh-cassandra-next-version -------------

No differences


------------- diff for environment production namespace swh -------------

--- /tmp/swh-chart.swh.Z5WLgDWF/production-swh.before	2023-12-21 11:12:15.474185494 +0100
+++ /tmp/swh-chart.swh.Z5WLgDWF/production-swh.after	2023-12-21 11:12:16.678189091 +0100
@@ -5038,20 +5038,68 @@
       swh:
         level: "INFO"
       celery.task:
         level: "INFO"
 
     root:
       level: "INFO"
       handlers:
       - console
 ---
+# Source: swh/templates/objstorage-replayer/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: objstorage-replayer-winery-template
+data:
+  config.yml.template: |
+    objstorage:
+      cls: multiplexer
+      objstorages:
+      - cls: filtered
+        filters_conf:
+        - type: readonly
+        storage_conf:
+          cls: http
+          compression: gzip
+          timeout: 120
+          url: https://softwareheritage.s3.amazonaws.com/content/
+      - cls: filtered
+        filters_conf:
+        - type: readonly
+        storage_conf:
+          cls: remote
+          url: http://objstorage-read-only-rpc-ingress
+    objstorage_dst:
+      cls: remote
+      url: http://gloin001.internal.cea.swh.network
+    journal_client:
+      brokers:
+        - kafka1.internal.softwareheritage.org:9094
+        - kafka2.internal.softwareheritage.org:9094
+        - kafka3.internal.softwareheritage.org:9094
+        - kafka4.internal.softwareheritage.org:9094
+      cls: kafka
+      group_id: swh-archive-prod-winery-content-replayer
+      on_eof: latest
+      prefix: swh.journal.objects
+      sasl.mechanism: SCRAM-SHA-512
+      sasl.password: ${BROKER_USER_PASSWORD}
+      sasl.username: ${BROKER_USER}
+      security.protocol: SASL_SSL
+    replayer:
+      error_reporter:
+        db: 0
+        host: redis-winery-replay.redis
+        port: 6379
+---
 # Source: swh/templates/objstorage/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: objstorage-read-only-configuration-template
 data:
   config.yml.template: |
     objstorage:
       cls: multiplexer
@@ -5172,21 +5220,21 @@
         - kafka3.internal.softwareheritage.org:9094
         - kafka4.internal.softwareheritage.org:9094
       batch_size: 200
       cls: kafka
       group_id: swh-archive-prod-journalchecker
       on_eof: restart
       prefix: swh.journal.objects
       privileged: true
       sasl.mechanism: SCRAM-SHA-512
       sasl.password: ${BROKER_USER_PASSWORD}
-      sasl.username: swh-archive-prod
+      sasl.username: ${BROKER_USER}
       security.protocol: SASL_SSL
 ---
 # Source: swh/templates/scrubber/journal-checker-configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: scrubber-journalchecker-revision-template
 data:
   config.yml.template: |
@@ -5199,21 +5247,21 @@
         - kafka2.internal.softwareheritage.org:9094
         - kafka3.internal.softwareheritage.org:9094
         - kafka4.internal.softwareheritage.org:9094
       cls: kafka
       group_id: swh-archive-prod-journalchecker
       on_eof: restart
       prefix: swh.journal.objects
       privileged: true
       sasl.mechanism: SCRAM-SHA-512
       sasl.password: ${BROKER_USER_PASSWORD}
-      sasl.username: swh-archive-prod
+      sasl.username: ${BROKER_USER}
       security.protocol: SASL_SSL
 ---
 # Source: swh/templates/scrubber/journal-checker-configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: scrubber-journalchecker-snapshot-template
 data:
   config.yml.template: |
@@ -5225,21 +5273,21 @@
         - kafka1.internal.softwareheritage.org:9094
         - kafka2.internal.softwareheritage.org:9094
         - kafka3.internal.softwareheritage.org:9094
         - kafka4.internal.softwareheritage.org:9094
       cls: kafka
       group_id: swh-archive-prod-journalchecker
       on_eof: restart
       prefix: swh.journal.objects
       sasl.mechanism: SCRAM-SHA-512
       sasl.password: ${BROKER_USER_PASSWORD}
-      sasl.username: swh-archive-prod
+      sasl.username: ${BROKER_USER}
       security.protocol: SASL_SSL
 ---
 # Source: swh/templates/scrubber/storage-checker-configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: scrubber-storagechecker-primary-directory-hashes-template
 data:
   config.yml.template: |
@@ -5636,25 +5684,24 @@
       cls: postgresql
       db: host=db.internal.softwareheritage.org port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
     journal:
       brokers:
         - kafka1.internal.softwareheritage.org:9094
         - kafka2.internal.softwareheritage.org:9094
         - kafka3.internal.softwareheritage.org:9094
         - kafka4.internal.softwareheritage.org:9094
       cls: kafka
       group_id: swh-archive-prod-journalchecker
-      on_eof: restart
       prefix: swh.journal.objects
       sasl.mechanism: SCRAM-SHA-512
       sasl.password: ${BROKER_USER_PASSWORD}
-      sasl.username: swh-archive-prod
+      sasl.username: ${BROKER_USER}
       security.protocol: SASL_SSL
 ---
 # Source: swh/templates/toolbox/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: toolbox-scrubber-storage-primary-template
   namespace: swh
 data:
   config.yml.template: |
@@ -14911,20 +14958,140 @@
                 port: 9150
             initialDelaySeconds: 5
             periodSeconds: 10
         livenessProbe:
             httpGet:
                 path: /metrics
                 port: 9150
             initialDelaySeconds: 5
             periodSeconds: 10
 ---
+# Source: swh/templates/objstorage-replayer/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: objstorage-replayer-winery
+  namespace: swh
+  labels:
+    app: objstorage-replayer-winery
+spec:
+  revisionHistoryLimit: 2
+  replicas: 1
+  selector:
+    matchLabels:
+      app: objstorage-replayer-winery
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: objstorage-replayer-winery
+      annotations:
+        # Force a rollout upgrade if the configuration changes
+        checksum/config: e1569a75b26e4a7d89af1e021dc455820190cd777fd845b8adc419c5915094ae
+    spec:
+      affinity:
+        
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/replayer
+                operator: In
+                values:
+                - "true"
+      initContainers:
+        - name: prepare-configuration
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/utils:20231211.1
+          imagePullPolicy: IfNotPresent
+          command:
+          - /entrypoints/prepare-configuration.sh
+          env:
+            
+          
+          - name: BROKER_USER
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: BROKER_USER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER_PASSWORD
+                # 'name' secret must exist & include that ^ key
+                optional: false
+            
+          
+            
+          
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+          - name: config-utils
+            mountPath: /entrypoints
+            readOnly: true
+      containers:
+      - name: objstorage-replayer
+        resources:
+          requests:
+            memory: 512Mi
+            cpu: 500m
+        image: container-registry.softwareheritage.org/swh/infra/swh-apps/objstorage_replayer:20231220.1
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: STATSD_HOST
+          value: prometheus-statsd-exporter
+        - name: STATSD_PORT
+          value: "9125"
+        - name: FETCH_CONCURRENCY
+          value: "1"
+        - name: LOGLEVEL
+          value: "INFO"
+        - name: SWH_CONFIG_FILENAME
+          value: /etc/swh/config.yml
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: production
+        - name: SWH_MAIN_PACKAGE
+          value: swh.objstorage.replayer
+        - name: SWH_SENTRY_DSN
+          valueFrom:
+            secretKeyRef:
+              name: common-secrets
+              key: objstorage-replayer-sentry-dsn
+              # 'name' secret must exist & include key "host"
+              optional: false
+        
+        volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: objstorage-replayer-winery-template
+          defaultMode: 0777
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+      - name: config-utils
+        configMap:
+          name: config-utils
+          defaultMode: 0555
+---
 # Source: swh/templates/objstorage/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   namespace: swh
   name: objstorage-read-only
   labels:
     app: objstorage-read-only
 spec:
   revisionHistoryLimit: 2
@@ -15785,21 +15952,21 @@
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: scrubber-journalchecker-release
       annotations:
         # Force a rollout upgrade if the configuration changes
-        checksum/config: f56b5eca3e85965c76210842ea16a033877279f8bc6e4e73a41a22673cb8c50b
+        checksum/config: 91aaf81592b610d5e8fa80eb5f8a397909329d9aae9c3ed7790b8fb092f942eb
     spec:
       affinity:
         
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/scrubber
                 operator: In
                 values:
@@ -15813,20 +15980,27 @@
           env:
           
           - name: SCRUBBER_POSTGRESQL_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-scrubber-postgresql-common-secret
                 key: postgres-swh-scrubber-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           
+          - name: BROKER_USER
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER
+                # 'name' secret must exist & include that ^ key
+                optional: false
           - name: BROKER_USER_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-archive-broker-secret
                 key: BROKER_USER_PASSWORD
                 # 'name' secret must exist & include that ^ key
                 optional: false
           command:
           - /bin/bash
           args:
@@ -15926,21 +16100,21 @@
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: scrubber-journalchecker-revision
       annotations:
         # Force a rollout upgrade if the configuration changes
-        checksum/config: 002594a84a7052f384c9fb3b1a90abcb34cb45150555c639560044d4c1257e0b
+        checksum/config: dbb4273ccedb951c94a8f7afe2243aa7d60a2a6e46b3c82bb6782c6c30a4ff3f
     spec:
       affinity:
         
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/scrubber
                 operator: In
                 values:
@@ -15954,20 +16128,27 @@
           env:
           
           - name: SCRUBBER_POSTGRESQL_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-scrubber-postgresql-common-secret
                 key: postgres-swh-scrubber-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           
+          - name: BROKER_USER
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER
+                # 'name' secret must exist & include that ^ key
+                optional: false
           - name: BROKER_USER_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-archive-broker-secret
                 key: BROKER_USER_PASSWORD
                 # 'name' secret must exist & include that ^ key
                 optional: false
           command:
           - /bin/bash
           args:
@@ -16067,21 +16248,21 @@
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: scrubber-journalchecker-snapshot
       annotations:
         # Force a rollout upgrade if the configuration changes
-        checksum/config: fe800781d051570627d4494d78a60d771749bc2444ed738a6836b7ea458f57ac
+        checksum/config: 8456c3b84912e54543e6a04aaf841257158e71884fdfc54b1d085bd2c368ac65
     spec:
       affinity:
         
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/scrubber
                 operator: In
                 values:
@@ -16095,20 +16276,27 @@
           env:
           
           - name: SCRUBBER_POSTGRESQL_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-scrubber-postgresql-common-secret
                 key: postgres-swh-scrubber-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           
+          - name: BROKER_USER
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER
+                # 'name' secret must exist & include that ^ key
+                optional: false
           - name: BROKER_USER_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-archive-broker-secret
                 key: BROKER_USER_PASSWORD
                 # 'name' secret must exist & include that ^ key
                 optional: false
           command:
           - /bin/bash
           args:
@@ -18155,21 +18343,21 @@
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: swh-toolbox
       annotations:
         # Force a rollout upgrade if the configuration changes
-        checksum/config: b4fac72f5d9637a24d02dd53ea47c84b9a7dddb3a1194a6bd29a1aeac3014127
+        checksum/config: 37e4bf19abec492d2acfc34a73536f3cde9a26476a443a8571f658a13cbcb38c
         checksum/configScript: 663c64a77cb64ac413bb3014e6a87dbd2c528b0b92f716d79ebaeb200d76c6da
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/toolbox
                 operator: In
                 values:
@@ -18242,20 +18430,27 @@
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           command:
           - /bin/bash
           args:
           - -c
           - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config-scrubber-journal.yml
           env:
             
           
+          - name: BROKER_USER
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER
+                # 'name' secret must exist & include that ^ key
+                optional: false
           - name: BROKER_USER_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-archive-broker-secret
                 key: BROKER_USER_PASSWORD
                 # 'name' secret must exist & include that ^ key
                 optional: false
             
           
             


------------- diff for environment production namespace swh-cassandra -------------

No differences
Edited by Vincent Sellier

Merge request reports