cassandra: open storage class "cassandra" to ease team investigation/debugging

At least behind the vpn.

Otherwise, they won't be able to capture and reproduce the issue [1] [2].

[1] #4863 (closed)

[2] ssh tunnel won't help much since we have multiple nodes - anlambert/uploads$1570

changed milestone to %Cassandra in production as primary storage [Roadmap - Tooling and infrastructure]

added activity::Deployment label

Yeah, it's clear that clustered systems with self-healing aren't really suited for tunnelled access (see also: kafka).

We need to make sure that we have some form of guest authentication in place for read-only access to the cluster as well, before opening it up to the vpn.

I think for kafka, it's still possible with tunnel ssh as the storage configuration allows to mention the port (not the case for cassandra in the seed key). But, not the point there ;)

Good point about the guest auth' access point.

kafka brokers advertise their own addresses/ports and will reroute to them once the initial negotiation is done, so I'm pretty sure it won't work through a tunnel (I've had to do dns shenanigans to do that in the past)

ack

We should open an ingress declaring an internal hostname.

We should only do it for now for staging because unfortunately, we still dont have any kind of authentication deployed on cassandra so there no such "read-only" storage.

The authenticated connections will be addressed in #4824 (closed)

after discussing during the sysadm meeting, we need to allow a read-only accesses to the cassandra database so the priority of #4824 (closed) is raised to high

After talking with @anlambert, an access to the storage should be enough to start the investigations

changed title from cassandra: open cassandra storage to ease team investigation/debugging to cassandra: open storage class "cassandra" to ease team investigation/debugging

mentioned in commit swh/infra/ci-cd/swh-charts@375fc025

mentioned in commit swh/infra/ci-cd/swh-charts@c8bbfaa9

mentioned in merge request swh/infra/ci-cd/swh-charts!47 (merged)

The access to the storage of the staging environment is deployed.

the storage is reachable at http://storage-cassandra.internal.staging.swh.network

closed

mentioned in issue #4824 (closed)