Merge #98466 #101907 #101935

98466: cli,server: static configuration profiles r=stevendanna a=knz

Epic: CRDB-23559
Informs #98431. 
Fixes #94856.
(Based off #98459)
Supersedes #98380.

This change introduces a mechanism through which an operator can
select a "configuration profile" via the command-line flag
`--config-profile` or env var `COCKROACH_CONFIG_PROFILE`. The SQL
initialization defined by the profile is applied during server
start-up.

The profiles are (currently) hardcoded inside CockroachDB.

The following profiles are predefined:

- `default`: no configuration.

- `multitenant+noapp`: no pre-defined `application` tenant, but with a
  predefined application tenant template that is used whenever a new
  tenant is defined. This config profile is meant for use for C2C
  replication target clusters.

- `multitenant+app+sharedservice`: shared-process multitenancy with
  pre-defined `application` tenant, based off the same configuration as
  `multitenant+noapp`.

Release note: None

101907: multitenant: misc fixes related to tenant capabilities r=arulajmani a=knz

See individual commits for details.

The last commit in particular probably addresses #99087.

Epic: CRDB-23559

101935: sql: add issue number to todo r=rharding6373 a=rharding6373

Epic: none
Informs: #101934

Release note: none

Co-authored-by: Raphael 'kena' Poss <[email protected]>
Co-authored-by: rharding6373 <[email protected]>

.github/CODEOWNERS

@@ -139,6 +139,7 @@
 /pkg/server/api_v2*.go                   @cockroachdb/obs-inf-prs @cockroachdb/server-prs
 /pkg/server/api_v2_auth*.go              @cockroachdb/obs-inf-prs @cockroachdb/server-prs @cockroachdb/prodsec
 /pkg/server/authentication*.go           @cockroachdb/server-prs  @cockroachdb/prodsec
+/pkg/server/autoconfig/                  @cockroachdb/jobs-prs    @cockroachdb/multi-tenant
 /pkg/server/auto_tls_init*go             @cockroachdb/server-prs  @cockroachdb/prodsec
 /pkg/server/clock_monotonicity.go        @cockroachdb/kv-prs
 /pkg/server/combined_statement_stats*.go @cockroachdb/cluster-observability @cockroachdb/obs-inf-prs
@@ -174,6 +175,7 @@
 /pkg/server/testserver*.go               @cockroachdb/test-eng    @cockroachdb/server-prs
 /pkg/server/tracedumper/                 @cockroachdb/obs-inf-prs @cockroachdb/server-prs
 /pkg/server/user*.go                     @cockroachdb/obs-inf-prs @cockroachdb/server-prs @cockroachdb/prodsec
+/pkg/configprofiles/                     @cockroachdb/multi-tenant @cockroachdb/server-prs
 
 
 /pkg/ccl/jobsccl/            @cockroachdb/jobs-prs @cockroachdb/disaster-recovery

pkg/BUILD.bazel

@@ -155,6 +155,7 @@ ALL_TESTS = [
     "//pkg/config/zonepb:zonepb_test",
     "//pkg/config:config_disallowed_imports_test",
     "//pkg/config:config_test",
+    "//pkg/configprofiles:configprofiles_test",
     "//pkg/geo/geogen:geogen_test",
     "//pkg/geo/geogfn:geogfn_test",
     "//pkg/geo/geographiclib:geographiclib_test",
@@ -1119,6 +1120,8 @@ GO_TARGETS = [
     "//pkg/config/zonepb:zonepb_test",
     "//pkg/config:config",
     "//pkg/config:config_test",
+    "//pkg/configprofiles:configprofiles",
+    "//pkg/configprofiles:configprofiles_test",
     "//pkg/docs:docs",
     "//pkg/featureflag:featureflag",
     "//pkg/gen/genbzl:genbzl",
@@ -2644,6 +2647,7 @@ GET_X_DATA_TARGETS = [
     "//pkg/compose/compare/compare:get_x_data",
     "//pkg/config:get_x_data",
     "//pkg/config/zonepb:get_x_data",
+    "//pkg/configprofiles:get_x_data",
     "//pkg/docs:get_x_data",
     "//pkg/featureflag:get_x_data",
     "//pkg/gen/genbzl:get_x_data",

pkg/base/BUILD.bazel

@@ -24,6 +24,7 @@ go_library(
         "//pkg/cli/cliflags",
         "//pkg/roachpb",
         "//pkg/security/username",
+        "//pkg/server/autoconfig/acprovider",
         "//pkg/settings/cluster",
         "//pkg/util",
         "//pkg/util/envutil",

pkg/base/test_server_args.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/cockroachdb/cockroach/pkg/roachpb"
+	"github.com/cockroachdb/cockroach/pkg/server/autoconfig/acprovider"
 	"github.com/cockroachdb/cockroach/pkg/settings/cluster"
 	"github.com/cockroachdb/cockroach/pkg/util/mon"
 	"github.com/cockroachdb/cockroach/pkg/util/retry"
@@ -168,6 +169,10 @@ type TestServerArgs struct {
 	// ObsServiceAddr is the address to which events will be exported over OTLP.
 	// If empty, exporting events is inhibited.
 	ObsServiceAddr string
+
+	// AutoConfigProvider provides auto-configuration tasks to apply on
+	// the cluster during server initialization.
+	AutoConfigProvider acprovider.Provider
 }
 
 // TestClusterArgs contains the parameters one can set when creating a test

pkg/cli/BUILD.bazel

@@ -119,6 +119,7 @@ go_library(
         "//pkg/cloud/userfile",
         "//pkg/clusterversion",
         "//pkg/config",
+        "//pkg/configprofiles",
         "//pkg/docs",
         "//pkg/geo/geos",
         "//pkg/gossip",
@@ -143,6 +144,7 @@ go_library(
         "//pkg/security/securitytest",
         "//pkg/security/username",
         "//pkg/server",
+        "//pkg/server/autoconfig/acprovider",
         "//pkg/server/pgurl",
         "//pkg/server/profiler",
         "//pkg/server/serverpb",

pkg/cli/cliflags/flags.go

@@ -1449,6 +1449,12 @@ Disable the creation of a default dataset in the demo shell.
 This makes 'cockroach demo' faster to start.`,
 	}
 
+	ConfigProfile = FlagInfo{
+		Name:        "config-profile",
+		EnvVar:      "COCKROACH_CONFIG_PROFILE",
+		Description: `Select a configuration profile to apply.`,
+	}
+
 	GeoLibsDir = FlagInfo{
 		Name: "spatial-libs",
 		Description: `

pkg/cli/context.go

@@ -28,6 +28,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/security/clientsecopts"
 	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/server"
+	"github.com/cockroachdb/cockroach/pkg/server/autoconfig/acprovider"
 	"github.com/cockroachdb/cockroach/pkg/settings/cluster"
 	"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
 	"github.com/cockroachdb/cockroach/pkg/storage"
@@ -639,6 +640,7 @@ func setDemoContextDefaults() {
 	demoCtx.Multitenant = true
 	demoCtx.DisableServerController = false
 	demoCtx.DefaultEnableRangefeeds = true
+	demoCtx.AutoConfigProvider = acprovider.NoTaskProvider{}
 
 	demoCtx.pidFile = ""
 	demoCtx.disableEnterpriseFeatures = false

pkg/cli/democluster/BUILD.bazel

@@ -29,6 +29,7 @@ go_library(
         "//pkg/security/certnames",
         "//pkg/security/username",
         "//pkg/server",
+        "//pkg/server/autoconfig/acprovider",
         "//pkg/server/pgurl",
         "//pkg/server/serverpb",
         "//pkg/server/status",

pkg/cli/democluster/context.go

@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"github.com/cockroachdb/cockroach/pkg/cli/clicfg"
+	"github.com/cockroachdb/cockroach/pkg/server/autoconfig/acprovider"
 	"github.com/cockroachdb/cockroach/pkg/workload"
 )
 
@@ -110,6 +111,10 @@ type Context struct {
 	// DisableServerController is true if we want to avoid the server
 	// controller to instantiate tenant secondary servers.
 	DisableServerController bool
+
+	// AutoConfigProvider provides auto-configuration tasks to apply on
+	// the cluster during server initialization.
+	AutoConfigProvider acprovider.Provider
 }
 
 // IsInteractive returns true if the demo cluster configuration

pkg/cli/democluster/demo_cluster.go

@@ -884,6 +884,7 @@ func (demoCtx *Context) testServerArgsForTransientCluster(
 		StoreSpecs:              []base.StoreSpec{storeSpec},
 		SQLMemoryPoolSize:       demoCtx.SQLPoolMemorySize,
 		CacheSize:               demoCtx.CacheSize,
+		AutoConfigProvider:      demoCtx.AutoConfigProvider,
 		NoAutoInitializeCluster: true,
 		EnableDemoLoginEndpoint: true,
 		// Demo clusters by default will create their own tenants, so we

pkg/cli/flags.go

@@ -24,6 +24,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/cli/clienturl"
 	"github.com/cockroachdb/cockroach/pkg/cli/cliflagcfg"
 	"github.com/cockroachdb/cockroach/pkg/cli/cliflags"
+	"github.com/cockroachdb/cockroach/pkg/configprofiles"
 	"github.com/cockroachdb/cockroach/pkg/roachpb"
 	"github.com/cockroachdb/cockroach/pkg/security"
 	"github.com/cockroachdb/cockroach/pkg/security/username"
@@ -393,6 +394,10 @@ func init() {
 		// planning?
 		if cmd != connectInitCmd && cmd != connectJoinCmd {
 			cliflagcfg.StringFlag(f, &serverCfg.Attrs, cliflags.Attrs)
+			// Cluster initialization. We only do this for a regular start command;
+			// SQL-only servers get their initialization payload from their tenant
+			// configuration.
+			cliflagcfg.VarFlag(f, configprofiles.NewProfileSetter(&serverCfg.AutoConfigProvider), cliflags.ConfigProfile)
 		}
 	}
 
@@ -828,6 +833,7 @@ func init() {
 		cliflagcfg.IntFlag(f, &demoCtx.HTTPPort, cliflags.DemoHTTPPort)
 		cliflagcfg.StringFlag(f, &demoCtx.ListeningURLFile, cliflags.ListeningURLFile)
 		cliflagcfg.StringFlag(f, &demoCtx.pidFile, cliflags.PIDFile)
+		cliflagcfg.VarFlag(f, configprofiles.NewProfileSetter(&demoCtx.AutoConfigProvider), cliflags.ConfigProfile)
 	}
 
 	{

pkg/configprofiles/BUILD.bazel

@@ -0,0 +1,54 @@
+load("//build/bazelutil/unused_checker:unused.bzl", "get_x_data")
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "configprofiles",
+    srcs = [
+        "doc.go",
+        "profiles.go",
+        "provider.go",
+        "setter.go",
+    ],
+    importpath = "github.com/cockroachdb/cockroach/pkg/configprofiles",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//pkg/clusterversion",
+        "//pkg/server/autoconfig/acprovider",
+        "//pkg/server/autoconfig/autoconfigpb",
+        "//pkg/util/log",
+        "//pkg/util/syncutil",
+        "@com_github_cockroachdb_errors//:errors",
+        "@com_github_spf13_pflag//:pflag",
+    ],
+)
+
+go_test(
+    name = "configprofiles_test",
+    srcs = [
+        "datadriven_test.go",
+        "main_test.go",
+        "profiles_test.go",
+    ],
+    args = ["-test.timeout=295s"],
+    data = glob(["testdata/**"]) + ["//c-deps:libgeos"],
+    embed = [":configprofiles"],
+    deps = [
+        "//pkg/base",
+        "//pkg/build",
+        "//pkg/ccl",
+        "//pkg/security/securityassets",
+        "//pkg/security/securitytest",
+        "//pkg/server",
+        "//pkg/server/autoconfig/acprovider",
+        "//pkg/server/autoconfig/autoconfigpb",
+        "//pkg/testutils",
+        "//pkg/testutils/serverutils",
+        "//pkg/testutils/sqlutils",
+        "//pkg/testutils/testcluster",
+        "//pkg/util/leaktest",
+        "//pkg/util/log",
+        "@com_github_cockroachdb_datadriven//:datadriven",
+    ],
+)
+
+get_x_data(name = "get_x_data")

pkg/configprofiles/datadriven_test.go

@@ -0,0 +1,130 @@
+// Copyright 2023 The Cockroach Authors.
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package configprofiles_test
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/cockroachdb/cockroach/pkg/base"
+	"github.com/cockroachdb/cockroach/pkg/configprofiles"
+	"github.com/cockroachdb/cockroach/pkg/server"
+	"github.com/cockroachdb/cockroach/pkg/server/autoconfig/acprovider"
+	"github.com/cockroachdb/cockroach/pkg/testutils"
+	"github.com/cockroachdb/cockroach/pkg/testutils/serverutils"
+	"github.com/cockroachdb/cockroach/pkg/testutils/sqlutils"
+	"github.com/cockroachdb/cockroach/pkg/util/leaktest"
+	"github.com/cockroachdb/cockroach/pkg/util/log"
+	"github.com/cockroachdb/datadriven"
+)
+
+func TestDataDriven(t *testing.T) {
+	defer leaktest.AfterTest(t)()
+	defer log.Scope(t).Close(t)
+
+	ctx := context.Background()
+
+	datadriven.Walk(t, "testdata", func(t *testing.T, path string) {
+		var alreadyStarted bool
+		var provider acprovider.Provider
+		var s serverutils.TestServerInterface
+		var db *sqlutils.SQLRunner
+		defer func() {
+			if s == nil {
+				return
+			}
+			s.Stopper().Stop(ctx)
+		}()
+
+		datadriven.RunTest(t, path, func(t *testing.T, d *datadriven.TestData) string {
+			switch d.Cmd {
+			case "profile":
+				if alreadyStarted {
+					t.Fatalf("%s: cannot use profile more than once", d.Pos)
+				}
+				setter := configprofiles.NewProfileSetter(&provider)
+				if err := setter.Set(d.Input); err != nil {
+					t.Fatalf("%s: %v", d.Pos, err)
+				}
+				var res strings.Builder
+				fmt.Fprintf(&res, "canonical profile name: %s\n", setter.String())
+
+				numExpectedTasks := len(configprofiles.TestingGetProfiles()[setter.String()])
+
+				s, _, _ = serverutils.StartServer(t, base.TestServerArgs{
+					AutoConfigProvider: provider,
+					// This test does not exercise security parameters, so we
+					// keep the configuration simpler to keep the test code also
+					// simple.
+					Insecure: true,
+					// The test controls secondary tenants manually.
+					DefaultTestTenant: base.TestTenantDisabled,
+				})
+				// We need to force the connection to the system tenant,
+				// because at least one of the config profiles changes the
+				// default tenant.
+				sysTenantDB := serverutils.OpenDBConn(t, s.SQLAddr(), "cluster:system/defaultdb",
+					true /* insecure */, s.Stopper())
+				db = sqlutils.MakeSQLRunner(sysTenantDB)
+				res.WriteString("server started\n")
+
+				testutils.SucceedsSoon(t, func() error {
+					var numTasksCompleted int
+					db.QueryRow(t, `SELECT count(*)
+FROM [SHOW AUTOMATIC JOBS]
+WHERE job_type = 'AUTO CONFIG TASK'
+AND   status = 'succeeded'`).Scan(&numTasksCompleted)
+					if numTasksCompleted < numExpectedTasks {
+						return fmt.Errorf("expected %d tasks to be completed, got %d", numExpectedTasks, numTasksCompleted)
+					}
+					return nil
+				})
+
+				alreadyStarted = true
+
+				return res.String()
+
+			case "system-sql":
+				if !alreadyStarted {
+					t.Fatalf("%s: must use profile before sql", d.Pos)
+				}
+				var res strings.Builder
+				rows := db.QueryStr(t, d.Input)
+				if len(rows) == 0 {
+					res.WriteString("<no rows>\n")
+				} else {
+					for _, row := range rows {
+						res.WriteString(strings.Join(row, " "))
+						res.WriteString("\n")
+					}
+				}
+				return res.String()
+
+			case "connect-tenant":
+				if !alreadyStarted {
+					t.Fatalf("%s: must use profile before sql", d.Pos)
+				}
+				sqlAddr := s.(*server.TestServer).SQLAddr()
+				testutils.SucceedsSoon(t, func() error {
+					goDB := serverutils.OpenDBConn(t, sqlAddr, "cluster:"+d.Input+"/defaultdb", true /* insecure */, s.Stopper())
+					return goDB.Ping()
+				})
+				return "ok"
+
+			default:
+				t.Fatalf("unknown command: %s", d.Cmd)
+			}
+			return ""
+		})
+	})
+}

pkg/configprofiles/doc.go

@@ -0,0 +1,16 @@
+// Copyright 2023 The Cockroach Authors.
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+// Package configprofiles contain static configuration profiles embedded
+// inside the CockroachDB binary.
+//
+// Configuration profiles are ways to initialize CockroachDB clusters
+// differently (upon cluster creation) depending on purpose.
+package configprofiles