Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(postgres): allow users to configure postgres to read from S3 #44

Closed
wants to merge 2 commits into from
Closed

feat(postgres): allow users to configure postgres to read from S3 #44

wants to merge 2 commits into from

Conversation

bacongobbler
Copy link
Member

If a user wishes to set up an external S3 storage endpoint, they can overwrite the following environment variables:

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_DEFAULT_REGION
  • S3_URL (something like https://s3-us-west-1.amazonaws.com)

TESTING:

  • build this image, modify deis-database-rc.yaml to point to this image
  • modify deis-database-rc.yaml, injecting the following environment variables:
env:
  - name: AWS_ACCESS_KEY_ID
    value: "myaccesskey"
  - name: AWS_SECRET_ACCESS_KEY
    value: "mysecretkey"
  - name: S3_URL
    value: "https://s3-us-west-1.amazonaws.com"
  - name: AWS_DEFAULT_REGION
    value: "us-west-1"

install Deis, and observe that a db_wal bucket was created in your S3 region with database backups.

closes #33

@bacongobbler bacongobbler added this to the v2.0-beta1 milestone Feb 23, 2016
@bacongobbler bacongobbler self-assigned this Feb 23, 2016
@helgi helgi added LGTM1 and removed in progress labels Feb 24, 2016
@bacongobbler bacongobbler mentioned this pull request Feb 24, 2016
Closed
@jchauncey
Copy link
Member

can you give me an example of how to test this?

@bacongobbler
Copy link
Member Author

@jchauncey I haven't fleshed this out fully after thinking this through. I'll write out some documentation on how we can test this in a minute. :)

@bacongobbler bacongobbler changed the title feat(postgres): read from S3_URL if set [WIP] feat(postgres): read from S3_URL if set Feb 26, 2016
@bacongobbler bacongobbler changed the title [WIP] feat(postgres): read from S3_URL if set [WIP] feat(postgres): read from S3 if set Feb 26, 2016
@bacongobbler bacongobbler changed the title [WIP] feat(postgres): read from S3 if set [WIP] feat(postgres): allow users to configure postgres to read from S3 Feb 26, 2016
@krancour
Copy link
Contributor

deis/charts#123 is related. It introduced a secret containing user-provided object storage connection / auth details.

feat(postgres): read from S3_URL if set
b2e5b32 
If a user wishes to set up an external S3 storage endpoint, they
can configure wal-e to use this endpoint by setting S3_URL in the
envinronment. Typically this would be done by editing the
kubernetes replication controller manifest to inject the URL into
the environment.
@bacongobbler bacongobbler mentioned this pull request Feb 26, 2016
Closed
feat(postgres): only read secrets if envvars aren't set
b7642c3 
This allows the user to overwrite these values with environment
variables.
@bacongobbler
Copy link
Member Author

All righty, this should be ready to review. Follow the steps in the OP to test.

@bacongobbler bacongobbler changed the title [WIP] feat(postgres): allow users to configure postgres to read from S3 feat(postgres): allow users to configure postgres to read from S3 Feb 26, 2016
@krancour
Copy link
Contributor

Can you maybe ask for bucket name instead and derive the URL from the region and the bucket name?

Reason I ask is because what is supposed to become the Deis-wide config for object-storage options currently seems to ask for bucket name instead of URL:

https://github.com/deis/charts/blob/master/deis-dev/tpl/objectstorage.toml#L29-L35

@bacongobbler
Copy link
Member Author

I think I can fix this up in the future to not require S3_URL at which point boto3 will derive the URL from the region and bucket name, but I don't think I can reasonably do that right now. I can open a ticket for that post-beta though!

krancour
krancour reviewed Feb 27, 2016
View reviewed changes
rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh
AWS_ACCESS_KEY_ID=$(cat access-key-id)
fi
if [ "$AWS_SECRET_ACCESS_KEY" == "" ]; then
AWS_SECRET_ACCESS_KEY=$(cat access-secret-key)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should these key/filesnames change to match the keys that the object storage secret already managed by the chart is using?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. These keys are used by wal-e and boto3 to set up the connection details to S3/minio. These filenames are utilized by envdir to set up the environment variables required for wal-e/boto3.

@bacongobbler
Copy link
Member Author

FYI @kmala volunteered to refactor this PR on top of deis/charts#123 so we don't have users required to configure object storage in two places

@bacongobbler
Copy link
Member Author

closing in favour of #46

@bacongobbler bacongobbler deleted the s3-url branch March 2, 2016 00:40
@slack slack removed the in progress label Mar 2, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bacongobbler bacongobbler

Labels
None yet
Projects
None yet
Milestone
v2.0-beta1
Development

Successfully merging this pull request may close these issues.

Support optional shipping to tertiary storage
5 participants
@bacongobbler @jchauncey @krancour @slack @helgi