Skip to content

production/vault: Deploy cookers in dynamic infrastructure

Antoine R. Dumont requested to merge deploy-vault-workload into production

This deploys extra cookers instance in the dynamic infrastructure. Next will be to migrate those cookers to use the new vault instance introduced in the previous mr [1]

More cookers of type cook-vault-bundle since only this instance ran last year [2] I've kept the other one with lower configuration in case it's triggered somehow.

Another commit extract an helper function to simplify celery autoscaler configuration (and drop duplication between templates). This aligns the behavior of the loader to not downscale to 0 if the autoScaling.stopWhenNoActivity is set to false. Which fixes the staging cookers instance (according to its current setup, it was not yet effective).

make swh-helm-diff
[swh] Comparing changes between branches production and deploy-vault-workload (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-vault-workload branch for environment staging...
[swh] Generate config in deploy-vault-workload branch for environment staging...
[swh] Generate config in deploy-vault-workload branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-vault-workload branch for environment production...
[swh] Generate config in deploy-vault-workload branch for environment production...
[swh] Generate config in deploy-vault-workload branch for environment production...


------------- diff for environment staging namespace swh -------------

No differences


------------- diff for environment staging namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.8UmZiMKX/staging-swh-cassandra.before    2024-01-17 12:21:05.526845252 +0100
+++ /tmp/swh-chart.swh.8UmZiMKX/staging-swh-cassandra.after     2024-01-17 12:21:06.166844627 +0100
@@ -14821,20 +14821,21 @@
                 values:
                 - "true"
       priorityClassName: swh-cassandra-normal-workload

       terminationGracePeriodSeconds: 3600
       initContainers:
         - name: prepare-configuration
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           env:
+

           - name: AMQP_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: amqp-secrets
                 key: swhconsumer-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           command:
             - /entrypoint.sh
@@ -14964,20 +14965,21 @@
                 values:
                 - "true"
       priorityClassName: swh-cassandra-normal-workload

       terminationGracePeriodSeconds: 3600
       initContainers:
         - name: prepare-configuration
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           env:
+

           - name: AMQP_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: amqp-secrets
                 key: swhconsumer-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           command:
             - /entrypoint.sh
@@ -24036,22 +24038,20 @@
 spec:
   scaleTargetRef:
     apiVersion:    apps/v1     # Optional. Default: apps/v1
     kind:          Deployment  # Optional. Default: Deployment
     # Mandatory. Must be in same namespace as ScaledObject
     name:          cooker-batch
     # envSourceContainerName: {container-name} # Optional. Default:
                                                # .spec.template.spec.containers[0]
   pollingInterval:  30                         # Optional. Default: 30 seconds
   cooldownPeriod:   3600                       # Optional. Default: 300 seconds
-  idleReplicaCount: 0                          # Optional. Must be less than
-                                               # minReplicaCount
   minReplicaCount:  1
   maxReplicaCount:  2
   triggers:
   - type: rabbitmq
     authenticationRef:
       name: amqp-authentication-cooker-batch
     metadata:
       protocol: auto                 # Optional. Specifies protocol to use,
                                      # either amqp or http, or auto to
                                      # autodetect based on the `host` value.
@@ -24076,22 +24076,20 @@
 spec:
   scaleTargetRef:
     apiVersion:    apps/v1     # Optional. Default: apps/v1
     kind:          Deployment  # Optional. Default: Deployment
     # Mandatory. Must be in same namespace as ScaledObject
     name:          cooker-simple
     # envSourceContainerName: {container-name} # Optional. Default:
                                                # .spec.template.spec.containers[0]
   pollingInterval:  30                         # Optional. Default: 30 seconds
   cooldownPeriod:   3600                       # Optional. Default: 300 seconds
-  idleReplicaCount: 0                          # Optional. Must be less than
-                                               # minReplicaCount
   minReplicaCount:  1
   maxReplicaCount:  2
   triggers:
   - type: rabbitmq
     authenticationRef:
       name: amqp-authentication-cooker-simple
     metadata:
       protocol: auto                 # Optional. Specifies protocol to use,
                                      # either amqp or http, or auto to
                                      # autodetect based on the `host` value.


------------- diff for environment staging namespace swh-cassandra-next-version -------------

--- /tmp/swh-chart.swh.8UmZiMKX/staging-swh-cassandra-next-version.before       2024-01-17 12:21:05.722845061 +0100
+++ /tmp/swh-chart.swh.8UmZiMKX/staging-swh-cassandra-next-version.after        2024-01-17 12:21:06.362844435 +0100
@@ -14287,20 +14287,21 @@
                 values:
                 - "true"
       priorityClassName: swh-cassandra-next-version-normal-workload

       terminationGracePeriodSeconds: 3600
       initContainers:
         - name: prepare-configuration
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           env:
+

           - name: AMQP_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: amqp-secrets
                 key: swhconsumer-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           command:
             - /entrypoint.sh
@@ -14430,20 +14431,21 @@
                 values:
                 - "true"
       priorityClassName: swh-cassandra-next-version-normal-workload

       terminationGracePeriodSeconds: 3600
       initContainers:
         - name: prepare-configuration
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           env:
+

           - name: AMQP_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: amqp-secrets
                 key: swhconsumer-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           command:
             - /entrypoint.sh
@@ -21790,22 +21792,20 @@
 spec:
   scaleTargetRef:
     apiVersion:    apps/v1     # Optional. Default: apps/v1
     kind:          Deployment  # Optional. Default: Deployment
     # Mandatory. Must be in same namespace as ScaledObject
     name:          cooker-batch
     # envSourceContainerName: {container-name} # Optional. Default:
                                                # .spec.template.spec.containers[0]
   pollingInterval:  30                         # Optional. Default: 30 seconds
   cooldownPeriod:   3600                       # Optional. Default: 300 seconds
-  idleReplicaCount: 0                          # Optional. Must be less than
-                                               # minReplicaCount
   minReplicaCount:  1
   maxReplicaCount:  2
   triggers:
   - type: rabbitmq
     authenticationRef:
       name: amqp-authentication-cooker-batch
     metadata:
       protocol: auto                 # Optional. Specifies protocol to use,
                                      # either amqp or http, or auto to
                                      # autodetect based on the `host` value.
@@ -21830,22 +21830,20 @@
 spec:
   scaleTargetRef:
     apiVersion:    apps/v1     # Optional. Default: apps/v1
     kind:          Deployment  # Optional. Default: Deployment
     # Mandatory. Must be in same namespace as ScaledObject
     name:          cooker-simple
     # envSourceContainerName: {container-name} # Optional. Default:
                                                # .spec.template.spec.containers[0]
   pollingInterval:  30                         # Optional. Default: 30 seconds
   cooldownPeriod:   3600                       # Optional. Default: 300 seconds
-  idleReplicaCount: 0                          # Optional. Must be less than
-                                               # minReplicaCount
   minReplicaCount:  1
   maxReplicaCount:  2
   triggers:
   - type: rabbitmq
     authenticationRef:
       name: amqp-authentication-cooker-simple
     metadata:
       protocol: auto                 # Optional. Specifies protocol to use,
                                      # either amqp or http, or auto to
                                      # autodetect based on the `host` value.


------------- diff for environment production namespace swh -------------

--- /tmp/swh-chart.swh.8UmZiMKX/production-swh.before   2024-01-17 12:21:06.642844162 +0100
+++ /tmp/swh-chart.swh.8UmZiMKX/production-swh.after    2024-01-17 12:21:07.102843711 +0100
@@ -233,20 +233,213 @@
       swh:
         level: "INFO"
       celery.task:
         level: "INFO"

     root:
       level: "INFO"
       handlers:
       - console
 ---
+# Source: swh/templates/cookers/configmap-utils.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cookers-utils
+  namespace: swh
+data:
+  pre-stop-idempotent.sh: |
+    #!/bin/bash
+
+    # pre-stop hook can be triggered multiple times but we want it to be applied only
+    # once so container can warm-shutdown properly.
+
+    # When celery receives multiple times the sigterm signal, this ends up doing an
+    # immediate shutdown which prevents long-standing tasks to finish properly.
+
+    set -ex
+
+    WITNESS_FILE=/tmp/already-stopped
+
+    # Seed awk with the number of nanoseconds since epoch
+    # and have it generate a number between 0 and 1
+    sleep $(date +%s%N | awk '{srand($1); print rand()}')
+
+    if [ ! -e $WITNESS_FILE ]; then
+      touch $WITNESS_FILE
+      kill 1
+    fi
+---
+# Source: swh/templates/cookers/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cooker-batch-template
+  namespace: swh
+data:
+  config.yml.template: |
+    storage:
+      cls: pipeline
+      steps:
+      - cls: retry
+      - cls: remote
+        url: http://storage-azure-read-only-rpc-ingress
+    vault:
+      cls: remote
+      url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+    max_bundle_size: 1073741824
+    celery:
+      task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@rabbitmq.internal.softwareheritage.org:5672/%2f
+      task_modules:
+        - swh.vault.cooking_tasks
+      task_queues:
+      - swh.vault.cooking_tasks.SWHBatchCookingTask
+
+      sentry_settings_for_celery_tasks:
+        __sentry-settings-for-celery-tasks__
+  init-container-entrypoint.sh: |
+    #!/bin/bash
+
+    set -e
+
+    CONFIG_FILE=/etc/swh/config.yml
+    CONFIG_FILE_WIP=/tmp/wip-config.yml
+
+    # substitute environment variables when creating the default config.yml
+    eval echo \""$(</etc/swh/configuration-template/config.yml.template)"\" \
+      > $CONFIG_FILE
+    SENTRY_SETTINGS_PATH=/etc/credentials/sentry-settings/sentry_settings_for_celery_tasks
+    if [ -f $SENTRY_SETTINGS_PATH ]; then
+      awk "/__sentry-settings-for-celery-tasks__/{system(\"sed 's/^/    /g' $SENTRY_SETTINGS_PATH\");next}1" $CONFIG_FILE > $CONFIG_FILE_WIP
+      mv $CONFIG_FILE_WIP $CONFIG_FILE
+    else
+      sed -i 's/__sentry-settings-for-celery-tasks__//g' $CONFIG_FILE
+    fi
+
+    exit 0
+
+  logging-configuration.yml: |
+    version: 1
+
+    handlers:
+      console:
+        class: logging.StreamHandler
+        formatter: json
+        stream: ext://sys.stdout
+
+    formatters:
+      json:
+        class: pythonjsonlogger.jsonlogger.JsonFormatter
+        # python-json-logger parses the format argument to get the variables it actually expands into the json
+        format: "%(asctime)s:%(threadName)s:%(pathname)s:%(lineno)s:%(funcName)s:%(task_name)s:%(task_id)s:%(name)s:%(levelname)s:%(message)s"
+
+    loggers:
+      celery:
+        level: "INFO"
+      amqp:
+        level: WARNING
+      urllib3:
+        level: WARNING
+      azure.core.pipeline.policies.http_logging_policy:
+        level: WARNING
+      swh:
+        level: "INFO"
+      celery.task:
+        level: "INFO"
+
+    root:
+      level: "INFO"
+      handlers:
+      - console
+---
+# Source: swh/templates/cookers/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cooker-simple-template
+  namespace: swh
+data:
+  config.yml.template: |
+    storage:
+      cls: pipeline
+      steps:
+      - cls: retry
+      - cls: remote
+        url: http://storage-azure-read-only-rpc-ingress
+    vault:
+      cls: remote
+      url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+    max_bundle_size: 1073741824
+    celery:
+      task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@rabbitmq.internal.softwareheritage.org:5672/%2f
+      task_modules:
+        - swh.vault.cooking_tasks
+      task_queues:
+      - swh.vault.cooking_tasks.SWHCookingTask
+
+      sentry_settings_for_celery_tasks:
+        __sentry-settings-for-celery-tasks__
+  init-container-entrypoint.sh: |
+    #!/bin/bash
+
+    set -e
+
+    CONFIG_FILE=/etc/swh/config.yml
+    CONFIG_FILE_WIP=/tmp/wip-config.yml
+
+    # substitute environment variables when creating the default config.yml
+    eval echo \""$(</etc/swh/configuration-template/config.yml.template)"\" \
+      > $CONFIG_FILE
+    SENTRY_SETTINGS_PATH=/etc/credentials/sentry-settings/sentry_settings_for_celery_tasks
+    if [ -f $SENTRY_SETTINGS_PATH ]; then
+      awk "/__sentry-settings-for-celery-tasks__/{system(\"sed 's/^/    /g' $SENTRY_SETTINGS_PATH\");next}1" $CONFIG_FILE > $CONFIG_FILE_WIP
+      mv $CONFIG_FILE_WIP $CONFIG_FILE
+    else
+      sed -i 's/__sentry-settings-for-celery-tasks__//g' $CONFIG_FILE
+    fi
+
+    exit 0
+
+  logging-configuration.yml: |
+    version: 1
+
+    handlers:
+      console:
+        class: logging.StreamHandler
+        formatter: json
+        stream: ext://sys.stdout
+
+    formatters:
+      json:
+        class: pythonjsonlogger.jsonlogger.JsonFormatter
+        # python-json-logger parses the format argument to get the variables it actually expands into the json
+        format: "%(asctime)s:%(threadName)s:%(pathname)s:%(lineno)s:%(funcName)s:%(task_name)s:%(task_id)s:%(name)s:%(levelname)s:%(message)s"
+
+    loggers:
+      celery:
+        level: "INFO"
+      amqp:
+        level: WARNING
+      urllib3:
+        level: WARNING
+      azure.core.pipeline.policies.http_logging_policy:
+        level: WARNING
+      swh:
+        level: "INFO"
+      celery.task:
+        level: "INFO"
+
+    root:
+      level: "INFO"
+      handlers:
+      - console
+---
 # Source: swh/templates/deposit/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: deposit-configuration-template
 data:
   config.yml.template: |
     instance_name: deposit-rpc-ingress
     allowed_hosts:
@@ -16942,20 +17135,307 @@
             path: "logging-configuration.yml"

       - name: checker-deposit-utils
         configMap:
           name: checker-deposit-utils
           defaultMode: 0777
           items:
           - key: "pre-stop-idempotent.sh"
             path: "pre-stop.sh"
 ---
+# Source: swh/templates/cookers/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cooker-batch
+  namespace: swh
+  labels:
+    app: cooker-batch
+spec:
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: cooker-batch
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: cooker-batch
+      annotations:
+        # Force a rollout upgrade if the configuration changes
+        checksum/config: d4587cc9602558a8fc33e6a261b4053b6688bab3c3bf097b501fece8f5d15dc7
+    spec:
+      affinity:
+
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/cooker
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-normal-workload
+
+      terminationGracePeriodSeconds: 3600
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          env:
+
+
+          - name: AMQP_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: amqp-secrets
+                key: swhconsumer-password
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          command:
+            - /entrypoint.sh
+          volumeMounts:
+          - name: configuration-template
+            mountPath: /entrypoint.sh
+            subPath: "init-container-entrypoint.sh"
+            readOnly: true
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+
+          - name: sentry-settings-for-celery-tasks
+            mountPath: /etc/credentials/sentry-settings
+            readOnly: true
+      containers:
+      - name: cookers
+        resources:
+          requests:
+            memory: 512Mi
+            cpu: 500m
+        image: container-registry.softwareheritage.org/swh/infra/swh-apps/vault_cookers:20240108.1
+        imagePullPolicy: IfNotPresent
+        command:
+        - /bin/bash
+        args:
+        - -c
+        - /opt/swh/entrypoint.sh
+        lifecycle:
+          preStop:
+            exec:
+              command: ["/pre-stop.sh"]
+        env:
+        - name: STATSD_HOST
+          value: prometheus-statsd-exporter
+        - name: STATSD_PORT
+          value: "9125"
+        - name: MAX_TASKS_PER_CHILD
+          value: "1"
+        - name: LOGLEVEL
+          value: "INFO"
+        - name: SWH_CONFIG_FILENAME
+          value: /etc/swh/config.yml
+
+        - name: SWH_LOG_CONFIG
+          value: /etc/swh/logging-configuration.yml
+
+
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: production
+        volumeMounts:
+          - name: cookers-utils
+            mountPath: /pre-stop.sh
+            subPath: "pre-stop.sh"
+          - name: configuration
+            mountPath: /etc/swh
+
+          - name: configuration-template
+            mountPath: /etc/swh/logging-configuration.yml
+            subPath: "logging-configuration.yml"
+            readOnly: true
+
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: cooker-batch-template
+          defaultMode: 0777
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+          - key: "init-container-entrypoint.sh"
+            path: "init-container-entrypoint.sh"
+
+          - key: "logging-configuration.yml"
+            path: "logging-configuration.yml"
+
+      - name: cookers-utils
+        configMap:
+          name: cookers-utils
+          defaultMode: 0777
+          items:
+          - key: "pre-stop-idempotent.sh"
+            path: "pre-stop.sh"
+
+      - name: sentry-settings-for-celery-tasks
+        secret:
+          secretName: sentry-settings-for-celery-tasks
+          optional: true
+# Set useJsonLogger to false to let the logs be plain text
+---
+# Source: swh/templates/cookers/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cooker-simple
+  namespace: swh
+  labels:
+    app: cooker-simple
+spec:
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: cooker-simple
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: cooker-simple
+      annotations:
+        # Force a rollout upgrade if the configuration changes
+        checksum/config: d4587cc9602558a8fc33e6a261b4053b6688bab3c3bf097b501fece8f5d15dc7
+    spec:
+      affinity:
+
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/cooker
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-normal-workload
+
+      terminationGracePeriodSeconds: 3600
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          env:
+
+
+          - name: AMQP_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: amqp-secrets
+                key: swhconsumer-password
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          command:
+            - /entrypoint.sh
+          volumeMounts:
+          - name: configuration-template
+            mountPath: /entrypoint.sh
+            subPath: "init-container-entrypoint.sh"
+            readOnly: true
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+
+          - name: sentry-settings-for-celery-tasks
+            mountPath: /etc/credentials/sentry-settings
+            readOnly: true
+      containers:
+      - name: cookers
+        resources:
+          requests:
+            memory: 512Mi
+            cpu: 500m
+        image: container-registry.softwareheritage.org/swh/infra/swh-apps/vault_cookers:20240108.1
+        imagePullPolicy: IfNotPresent
+        command:
+        - /bin/bash
+        args:
+        - -c
+        - /opt/swh/entrypoint.sh
+        lifecycle:
+          preStop:
+            exec:
+              command: ["/pre-stop.sh"]
+        env:
+        - name: STATSD_HOST
+          value: prometheus-statsd-exporter
+        - name: STATSD_PORT
+          value: "9125"
+        - name: MAX_TASKS_PER_CHILD
+          value: "1"
+        - name: LOGLEVEL
+          value: "INFO"
+        - name: SWH_CONFIG_FILENAME
+          value: /etc/swh/config.yml
+
+        - name: SWH_LOG_CONFIG
+          value: /etc/swh/logging-configuration.yml
+
+
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: production
+        volumeMounts:
+          - name: cookers-utils
+            mountPath: /pre-stop.sh
+            subPath: "pre-stop.sh"
+          - name: configuration
+            mountPath: /etc/swh
+
+          - name: configuration-template
+            mountPath: /etc/swh/logging-configuration.yml
+            subPath: "logging-configuration.yml"
+            readOnly: true
+
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: cooker-simple-template
+          defaultMode: 0777
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+          - key: "init-container-entrypoint.sh"
+            path: "init-container-entrypoint.sh"
+
+          - key: "logging-configuration.yml"
+            path: "logging-configuration.yml"
+
+      - name: cookers-utils
+        configMap:
+          name: cookers-utils
+          defaultMode: 0777
+          items:
+          - key: "pre-stop-idempotent.sh"
+            path: "pre-stop.sh"
+
+      - name: sentry-settings-for-celery-tasks
+        secret:
+          secretName: sentry-settings-for-celery-tasks
+          optional: true
+---
 # Source: swh/templates/deposit/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   namespace: swh
   name: deposit
   labels:
     app: deposit
 spec:
   revisionHistoryLimit: 2
@@ -31501,20 +31981,23 @@
 spec:
   service:
     name: keda-operator-metrics-apiserver
     namespace: default
     port: 443
   group: external.metrics.k8s.io
   version: v1beta1
   groupPriorityMinimum: 100
   versionPriority: 100
 ---
+# Source: swh/templates/cookers/deployment.yaml
+# Set useJsonLogger to false to let the logs be plain text
+---
 # Source: swh/templates/listers/deployment.yaml
 # Set useJsonLogger to false to let the logs be plain text
 ---
 # Source: swh/templates/loaders/deployment.yaml
 # if defined at the "typed" loader level
 # otherwise use the global image is defined First this needs to replace - in
 # $loader_type with "" to find the proper image name.
 ---
 # Source: swh/templates/checker-deposit/keda-autoscaling.yaml
 apiVersion: keda.sh/v1alpha1
@@ -31547,20 +32030,98 @@
       excludeUnacknowledged: "false" # QueueLength should include unacked messages
                                      # Implies "http" protocol is used
       value: "1"
       queueName: swh.deposit.loader.tasks.ChecksDepositTsk
       vhostName: /                   # Optional. If not specified, use the vhost in the
                                      # `host` connection string. Alternatively, you can
                                      # use existing environment variables to read
                                      # configuration from: See details in "Parameter
                                      # list" section hostFromEnv: RABBITMQ_HOST%
 ---
+# Source: swh/templates/cookers/keda-autoscaling.yaml
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: cooker-batch-operators
+  namespace: swh
+spec:
+  scaleTargetRef:
+    apiVersion:    apps/v1     # Optional. Default: apps/v1
+    kind:          Deployment  # Optional. Default: Deployment
+    # Mandatory. Must be in same namespace as ScaledObject
+    name:          cooker-batch
+    # envSourceContainerName: {container-name} # Optional. Default:
+                                               # .spec.template.spec.containers[0]
+  pollingInterval:  30                         # Optional. Default: 30 seconds
+  cooldownPeriod:   3600                       # Optional. Default: 300 seconds
+  idleReplicaCount: 0                          # Set to 0 to stop all the workers when
+                                               # there is no activity on the queue
+  minReplicaCount:  1
+  maxReplicaCount:  2
+  triggers:
+  - type: rabbitmq
+    authenticationRef:
+      name: amqp-authentication-cooker-batch
+    metadata:
+      protocol: auto                 # Optional. Specifies protocol to use,
+                                     # either amqp or http, or auto to
+                                     # autodetect based on the `host` value.
+                                     # Default value is auto.
+      mode: QueueLength              # QueueLength to trigger on number of msgs in queue
+      excludeUnacknowledged: "false" # QueueLength should include unacked messages
+                                     # Implies "http" protocol is used
+      value: "1"
+      queueName: swh.vault.cooking_tasks.SWHBatchCookingTask
+      vhostName: /                   # Optional. If not specified, use the vhost in the
+                                     # `host` connection string. Alternatively, you can
+                                     # use existing environment variables to read
+                                     # configuration from: See details in "Parameter
+                                     # list" section hostFromEnv: RABBITMQ_HOST%
+---
+# Source: swh/templates/cookers/keda-autoscaling.yaml
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: cooker-simple-operators
+  namespace: swh
+spec:
+  scaleTargetRef:
+    apiVersion:    apps/v1     # Optional. Default: apps/v1
+    kind:          Deployment  # Optional. Default: Deployment
+    # Mandatory. Must be in same namespace as ScaledObject
+    name:          cooker-simple
+    # envSourceContainerName: {container-name} # Optional. Default:
+                                               # .spec.template.spec.containers[0]
+  pollingInterval:  30                         # Optional. Default: 30 seconds
+  cooldownPeriod:   3600                       # Optional. Default: 300 seconds
+  minReplicaCount:  10
+  maxReplicaCount:  10
+  triggers:
+  - type: rabbitmq
+    authenticationRef:
+      name: amqp-authentication-cooker-simple
+    metadata:
+      protocol: auto                 # Optional. Specifies protocol to use,
+                                     # either amqp or http, or auto to
+                                     # autodetect based on the `host` value.
+                                     # Default value is auto.
+      mode: QueueLength              # QueueLength to trigger on number of msgs in queue
+      excludeUnacknowledged: "false" # QueueLength should include unacked messages
+                                     # Implies "http" protocol is used
+      value: "1"
+      queueName: swh.vault.cooking_tasks.SWHCookingTask
+      vhostName: /                   # Optional. If not specified, use the vhost in the
+                                     # `host` connection string. Alternatively, you can
+                                     # use existing environment variables to read
+                                     # configuration from: See details in "Parameter
+                                     # list" section hostFromEnv: RABBITMQ_HOST%
+---
 # Source: swh/templates/listers/keda-autoscaling.yaml
 apiVersion: keda.sh/v1alpha1
 kind: ScaledObject
 metadata:
   name: lister-bitbucket-operators
   namespace: swh
 spec:
   scaleTargetRef:
     apiVersion:    apps/v1     # Optional. Default: apps/v1
     kind:          Deployment  # Optional. Default: Deployment
@@ -33765,20 +34326,44 @@
 kind: TriggerAuthentication
 metadata:
   name: amqp-authentication-checker-deposit
   namespace: swh
 spec:
   secretTargetRef:
   - parameter: host            # "host" is required by the scalerObject trigger metadata
     name: common-secrets
     key: rabbitmq-http-host
 ---
+# Source: swh/templates/cookers/keda-autoscaling.yaml
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: amqp-authentication-cooker-batch
+  namespace: swh
+spec:
+  secretTargetRef:
+  - parameter: host            # "host" is required by the scalerObject trigger metadata
+    name: common-secrets
+    key: rabbitmq-http-host
+---
+# Source: swh/templates/cookers/keda-autoscaling.yaml
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: amqp-authentication-cooker-simple
+  namespace: swh
+spec:
+  secretTargetRef:
+  - parameter: host            # "host" is required by the scalerObject trigger metadata
+    name: common-secrets
+    key: rabbitmq-http-host
+---
 # Source: swh/templates/listers/keda-autoscaling.yaml
 apiVersion: keda.sh/v1alpha1
 kind: TriggerAuthentication
 metadata:
   name: amqp-authentication-lister-bitbucket
   namespace: swh
 spec:
   secretTargetRef:
   - parameter: host            # "host" is required by the scalerObject trigger metadata
     name: common-secrets


------------- diff for environment production namespace swh-cassandra -------------

No differences

[1] !300 (merged)

[2]

2024-01-16 15:51:13 softwareheritage-scheduler@belvedere:5432 λ select * from task_type where type = 'cook-vault-bundle';
+-[ RECORD 1 ]-----+----------------------------------------+
| type             | cook-vault-bundle                      |
| description      | Cook a Vault bundle                    |
| backend_name     | swh.vault.cooking_tasks.SWHCookingTask |
| default_interval | 1 day                                  |
| min_interval     | 1 day                                  |
| max_interval     | 1 day                                  |
| backoff_factor   | 1                                      |
| max_queue_length | 5000                                   |
| num_retries      | 3                                      |
| retry_delay      | (null)                                 |
+------------------+----------------------------------------+

Time: 3.704 ms
2024-01-16 15:51:28 softwareheritage-scheduler@belvedere:5432 λ select count(*), type from task where '2023-01-01' <= next_run  and next_run <= '2024-01-01' and priority is null and type in ('cook-vault-bundle-batch', 'cook-vault-bundle') group by type;
+-------+-------------------+
| count |       type        |
+-------+-------------------+
| 86007 | cook-vault-bundle |
+-------+-------------------+
(1 row)

Time: 1101.998 ms (00:01.102)

Refs. swh/infra/sysadm-environment#5211 (closed)

Edited by Antoine R. Dumont

Merge request reports

Loading