Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrading to PostgreSQL 15 and moving to sclorg images #80

Merged
merged 27 commits into from
Apr 30, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
a8d1bbf
Upgrading to PostgreSQL 15 and moving to sclorg images
rooftopcellist Mar 7, 2024
7e39aee
Update scale down utility playbook to scale down the correct deployments
rooftopcellist Mar 8, 2024
7dc84a5
Use new v1.34.1 ansible-operator base image and operator_sdk.util 0.5.0
rooftopcellist Mar 8, 2024
d617ec6
Check PG_VERSION paths for both postgres and sclorg postgresql image
rooftopcellist Mar 8, 2024
9875002
Delete the old Postgres PVC by default after Postgres upgrade
rooftopcellist Mar 8, 2024
50c428f
Scale up web and content replicas after upgrade and restore
rooftopcellist Mar 8, 2024
32223b7
Fix indentation error with task that removes the pg pvc
rooftopcellist Mar 9, 2024
d8320d7
Set env vars from secrets so when pods cycle values are updated
rooftopcellist Mar 11, 2024
13d9e62
Fix unsafe conditional and do not explicitly scale up deployment afte…
rooftopcellist Mar 11, 2024
ee6450d
Specify Redis 7 image explicitly so that when we bump the version it …
rooftopcellist Mar 11, 2024
a14842d
Try setting deployment_name to satisfy CI
rooftopcellist Mar 11, 2024
ee64c4c
postgresql: Cast sorted_old_postgres_pods as list
dsavineau Mar 25, 2024
0749529
postgresql: Grant postgres role to galaxy
dsavineau Mar 25, 2024
c0028ac
Change default postgres_data_path to that of the new sclorg image
rooftopcellist Mar 28, 2024
84323d9
Remove the ability to customize the postgres_data_dir
rooftopcellist Apr 3, 2024
b81abd9
Add initContainer to initial Postgres data volume permissions if needed
rooftopcellist Apr 3, 2024
0cf23d0
Add database configuration docs
rooftopcellist Apr 3, 2024
266cc7f
Refactor backup content logic into k8s job to enable custom securityC…
rooftopcellist Apr 3, 2024
8d5ca16
Turn off bash history expansion temporarily for restore
rooftopcellist Apr 18, 2024
1ec057a
Add --ansible-log-events flag to Dockerfile to make it easier to chan…
rooftopcellist Apr 18, 2024
aedd5b6
Set new postgres configuration secret if managed database
rooftopcellist Apr 19, 2024
b414529
Rewrite backup and restore cr_object handling to store in yaml, not i…
rooftopcellist Apr 19, 2024
697205a
Wait for the Postgres Service to be ready & create server secret earlier
rooftopcellist Apr 19, 2024
6215f54
Add checksum for secrets and configmaps to deployments so containers …
rooftopcellist Apr 29, 2024
bbbc8b0
Refactor: Split Galaxy Server secret into a dedicated role
rooftopcellist Apr 29, 2024
d72fe0a
During backup, use the deployed application image specified on the CR
rooftopcellist Apr 30, 2024
fe46e19
Always specify api_version with k8s tasks using the Pod resource
rooftopcellist Apr 30, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ jobs:
- name: Logs
if: always()
run: .github/workflows/scripts/show_logs.sh

# - name: Debugging example (uncomment when needed)
# if: failure()
# uses: mxschmitt/action-tmate@v3
Expand Down
8 changes: 6 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM quay.io/operator-framework/ansible-operator:v1.23.0
FROM quay.io/operator-framework/ansible-operator:v1.34.1

ARG DEFAULT_GALAXY_VERSION
ARG DEFAULT_GALAXY_UI_VERSION
Expand All @@ -22,4 +22,8 @@ COPY watches.yaml ${HOME}/watches.yaml
COPY roles/ ${HOME}/roles/
COPY playbooks/ ${HOME}/playbooks/

ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml", "--reconcile-period=0s"]
ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
"--watches-file=./watches.yaml", \
"--reconcile-period=0s", \
"--ansible-log-events=Tasks" \
]
9 changes: 6 additions & 3 deletions config/crd/bases/galaxy_v1beta1_galaxy_crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -135,13 +135,16 @@ spec:
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
postgres_extra_args:
type: array
items:
type: string
postgres_data_volume_init:
description: Sets permissions on the /var/lib/pgdata/data for postgres container using an init container (not Openshift)
type: boolean
postgres_init_container_commands:
description: Customize the postgres init container commands (Non Openshift)
type: string
postgres_migrant_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
Expand Down
20 changes: 19 additions & 1 deletion config/crd/bases/galaxy_v1beta1_galaxybackup_crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,29 @@ spec:
description: Name of the PVC to be used for storing the backup
type: string
backup_pvc_namespace:
description: Namespace PVC is in
description: Namespace PVC is in (Deprecated)
type: string
backup_storage_requirements:
description: Storage requirements for the backup
type: string
backup_resource_requirements:
description: Resource requirements for the management pod used to create a backup
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
Expand Down
20 changes: 19 additions & 1 deletion config/crd/bases/galaxy_v1beta1_galaxyrestore_crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ spec:
description: Name of the PVC to be restored from, set as a status found on the backup object (backupClaim)
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
description: Namespace the PVC is in (Deprecated)
type: string
backup_dir:
description: Backup directory name, set as a status found on the backup object (backupDirectory)
Expand All @@ -57,6 +57,24 @@ spec:
- azure
- Azure
type: string
restore_resource_requirements:
description: Resource requirements for the management pod used to do a restore
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
postgres_label_selector:
description: Label selector used to identify postgres pod for executing migration
type: string
Expand Down
4 changes: 2 additions & 2 deletions config/manager/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,9 @@ spec:
- name: RELATED_IMAGE_GALAXY_WEB
value: quay.io/ansible/galaxy-ui:latest
- name: RELATED_IMAGE_GALAXY_REDIS
value: redis:latest
value: redis:7
- name: RELATED_IMAGE_GALAXY_POSTGRES
value: postgres:13
value: quay.io/sclorg/postgresql-15-c9s:latest
- name: RELATED_IMAGE_GALAXY_INIT_GPG_CONTAINER
value: quay.io/centos/centos:stream9
securityContext:
Expand Down
32 changes: 23 additions & 9 deletions config/manifests/bases/galaxy-operator.clusterserviceversion.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -100,11 +100,6 @@ spec:
path: postgres_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Database data path
path: postgres_data_path
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Extra Arguments
path: postgres_extra_args
x-descriptors:
Expand All @@ -119,6 +114,15 @@ spec:
path: postgres_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- description: Sets permissions on the /var/lib/pgsql/data for postgres container using an init container (not Openshift)
displayName: PostgreSQL initialize data volume
path: postgres_data_volume_init
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Customize the postgres init container commands (Non Openshift)
displayName: PostgreSQL Init Container Commands
path: postgres_init_container_commands
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Database storage class
path: postgres_storage_class
Expand Down Expand Up @@ -611,17 +615,22 @@ spec:
x-descriptors:
- urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup persistent volume claim namespace
- displayName: Backup persistent volume claim namespace (Deprecated)
path: backup_pvc_namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- urn:alm:descriptor:io.kubernetes:Namespace
- displayName: Backup PVC storage requirements
path: backup_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup Management Pod Resource Requirements
path: backup_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Backup PVC storage class
path: backup_storage_class
x-descriptors:
Expand Down Expand Up @@ -733,6 +742,11 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:select:S3
- urn:alm:descriptor:com.tectonic.ui:select:Azure
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Restore Management Pod Resource Requirements
path: restore_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Database restore label selector
path: postgres_label_selector
x-descriptors:
Expand Down Expand Up @@ -963,9 +977,9 @@ spec:
- name: RELATED_IMAGE_GALAXY_WEB
value: quay.io/ansible/galaxy-ui:latest
- name: RELATED_IMAGE_GALAXY_REDIS
value: redis:latest
value: redis:7
- name: RELATED_IMAGE_GALAXY_POSTGRES
value: postgres:13
value: quay.io/sclorg/postgresql-15-c9s:latest
- name: RELATED_IMAGE_GALAXY_INIT_GPG_CONTAINER
value: quay.io/centos/centos:stream9
image: quay.io/ansible/galaxy-operator:main
Expand Down
12 changes: 12 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,18 @@ rules:
verbs:
- patch
- get
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- create
- patch
- update
- watch

##
## Rules for galaxy.ansible.com/v1beta1, Kind: Galaxy
##
Expand Down
1 change: 0 additions & 1 deletion config/samples/galaxy_v1beta1_galaxybackup_cr.default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,3 @@ spec:
backup_pvc: ''
backup_storage_requirements: ''
backup_storage_class: ''
postgres_label_selector: ''
1 change: 1 addition & 0 deletions config/samples/galaxy_v1beta1_galaxyrestore_cr.ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ kind: GalaxyRestore
metadata:
name: ci-galaxyrestore
spec:
deployment_name: example-galaxy
backup_name: ci-galaxybackup
no_log: false
4 changes: 2 additions & 2 deletions docs/build.md
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ pod/galaxy-api-5d4d945787-jq2kk 1/1 Running 0
pod/galaxy-content-754466b885-8c85x 1/1 Running 0 2m41s
pod/galaxy-content-754466b885-bgzz7 1/1 Running 0 2m41s
pod/galaxy-operator-controller-manager-d84cd6d4c-2zpw5 2/2 Running 0 3m55s
pod/galaxy-postgres-13-0 1/1 Running 0 3m
pod/galaxy-postgres-15-0 1/1 Running 0 3m
pod/galaxy-redis-b77c7ccb-zqdv6 1/1 Running 0 2m30s
pod/galaxy-web-dc44cff56-k46j2 1/1 Running 0 2m53s
pod/galaxy-worker-64f7889dd7-t5jdd 1/1 Running 0 2m36s
Expand All @@ -154,4 +154,4 @@ Password:
```
You can now access Galaxy in your browser by visiting [http://localhost](http://localhost) or [https://localhost](https://localhost):
<img width="1326" alt="image" src="https://github.com/ansible/galaxy-operator/assets/87674982/5744a107-3630-4e8e-a674-3357da0cfa42">
<img width="1326" alt="image" src="https://github.com/ansible/galaxy-operator/assets/87674982/e4a66e4a-66ad-4995-a55f-414dd59f8fb7">
<img width="1326" alt="image" src="https://github.com/ansible/galaxy-operator/assets/87674982/e4a66e4a-66ad-4995-a55f-414dd59f8fb7">
4 changes: 2 additions & 2 deletions docs/quickstart.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ galaxy-api-5d4d945787-jtc59 1/1 Running 0
galaxy-content-754466b885-cmmp4 1/1 Running 0 3m23s
galaxy-content-754466b885-zsfqq 1/1 Running 0 3m23s
galaxy-operator-controller-manager-5f75d85bf8-j49mr 2/2 Running 0 4m21s
galaxy-postgres-13-0 1/1 Running 0 3m40s
galaxy-postgres-15-0 1/1 Running 0 3m40s
galaxy-redis-994cbcbff-9rf55 1/1 Running 0 3m11s
galaxy-web-dc44cff56-lmshc 1/1 Running 0 3m33s
galaxy-worker-64f7889dd7-9lvkm 1/1 Running 0 3m17s
Expand Down Expand Up @@ -111,4 +111,4 @@ Password:
```
You can now access Galaxy in your browser by visiting [http://localhost](http://localhost) or [https://localhost](https://localhost):
<img width="1326" alt="image" src="https://github.com/ansible/galaxy-operator/assets/87674982/5744a107-3630-4e8e-a674-3357da0cfa42">
<img width="1326" alt="image" src="https://github.com/ansible/galaxy-operator/assets/87674982/e4a66e4a-66ad-4995-a55f-414dd59f8fb7">
<img width="1326" alt="image" src="https://github.com/ansible/galaxy-operator/assets/87674982/e4a66e4a-66ad-4995-a55f-414dd59f8fb7">
114 changes: 114 additions & 0 deletions docs/user-guide/database-configuration.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
### Database Configuration

#### PostgreSQL Version

The default PostgreSQL version for the version of Galaxy bundled with the latest version of the galaxy-operator is PostgreSQL 15. You can find this default for a given version by at the default value for [supported_pg_version](https://github.com/ansible/galaxy-operator/tree/main/roles/installer/vars/main.yml#L7).

We only have coverage for the default version of PostgreSQL. Newer versions of PostgreSQL will likely work, but should only be configured as an external database. If your database is managed by the galaxy-operator (default if you don't specify a `postgres_configuration_secret`), then you should not override the default version as this may cause issues when the operator tries to upgrade your postgresql pod.

#### External PostgreSQL Service

To configure Galaxy to use an external database, the Custom Resource needs to know about the connection details. To do this, create a k8s secret with those connection details and specify the name of the secret as `postgres_configuration_secret` at the CR spec level.


The secret should be formatted as follows:

```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resourcename>-postgres-configuration
namespace: <target namespace>
stringData:
host: <external ip or url resolvable by the cluster>
port: <external port, this usually defaults to 5432>
database: <desired database name>
username: <username to connect as>
password: <password to connect with>
sslmode: prefer
type: unmanaged
type: Opaque
```

> Please ensure that the value for the variable `password` should _not_ contain single or double quotes (`'`, `"`) or backslashes (`\`) to avoid any issues during deployment, [backup](https://github.com/ansible/galaxy-operator/tree/main/roles/backup) or [restoration](https://github.com/ansible/galaxy-operator/tree/main/roles/restore).

> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added.

**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.

Once the secret is created, you can specify it on your spec:

```yaml
---
spec:
...
postgres_configuration_secret: <name-of-your-secret>
```

#### Managed PostgreSQL Service

If you don't have access to an external PostgreSQL service, the galaxy-operator can deploy one for you along side the Galaxy instance itself.

The following variables are customizable for the managed PostgreSQL service

| Name | Description | Default |
| --------------------------------------------- | --------------------------------------------------------------- | --------------------------------------- |
| postgres_image | Path of the image to pull | quay.io/sclorg/postgresql-15-c9s |
| postgres_image_version | Image version to pull | latest |
| postgres_resource_requirements | PostgreSQL container (and initContainer) resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} |
| postgres_storage_class | PostgreSQL PV storage class | Empty string |

Example of customization could be:

```yaml
---
spec:
...
postgres_resource_requirements:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: '1'
memory: 4Gi
postgres_storage_requirements:
requests:
storage: 8Gi
limits:
storage: 50Gi
postgres_storage_class: fast-ssd
postgres_extra_args:
- '-c'
- 'max_connections=1000'
```

**Note**: If `postgres_storage_class` is not defined, PostgreSQL will store it's data on a volume using the default storage class for your cluster.

#### Note about overriding the postgres image

We recommend you use the default image sclorg image. If you are coming from a deployment using the old postgres image from dockerhub (postgres:13), upgrading from galaxy-operator version 2024.02.29 to a newer version will handle migrating your data to the new postgresql image (postgresql-15-c9s).

You can no longer configure a custom `postgres_data_path` because it is hardcoded in the quay.io/sclorg/postgresql-15-c9s image.

If you override the postgres image to use a custom postgres image like postgres:15 for example, the default data directory path may be different. These images cannot be used interchangeably.

#### Initialize Postgres data volume

When using a hostPath backed PVC and some other storage classes like longhorn storagfe, the postgres data directory needs to be accessible by the user in the postgres pod (UID 26).

To initialize this directory with the correct permissions, configure the following setting, which will use an init container to set the permissions in the postgres volume.

```yaml
spec:
postgres_data_volume_init: true
```

Should you need to modify the init container commands, there is an example below.

```yaml
postgres_init_container_commands: |
chown 26:0 /var/lib/pgsql/data
chmod 700 /var/lib/pgsql/data
```
3 changes: 2 additions & 1 deletion playbooks/galaxy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
- common
- postgres
- galaxy-web
- galaxy-config

tasks:

Expand Down Expand Up @@ -107,4 +108,4 @@
- galaxy-worker
- galaxy-api
- galaxy-route
- galaxy-status
- galaxy-status
2 changes: 1 addition & 1 deletion requirements.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ collections:
- name: kubernetes.core
version: "==2.3.2"
- name: operator_sdk.util
version: "0.4.0"
version: "0.5.0"
Loading
Loading