DM-36772: Migrate PostgreSQL credentials to mounted file #83
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kfindeisen
force-pushed
the
tickets/DM-36772
branch
2 times, most recently
from
3d719f6 to
240947e
Compare
The old code generated a .pgpass file on the fly, an approach that is both fiddly and brittle. It's more robust to let the Kubernetes framework provide the file, but the file-generation code will break if a file is already present.
The .pgpass file, and the credentials within it, are now managed directly by Kubernetes. This change also eliminates the need to read many of these credentials as individual environment variables.
The URL_APDB variable directly identifies the SQL database used as the APDB. The only additional information that needs to be provided is the namespace/schema, which is handled separately by the dax.apdb.ApdbSql interface.
kfindeisen
force-pushed
the
tickets/DM-36772
branch
from
240947e to
276a2c1
Compare
hsinfang
approved these changes
Sep 20, 2023
| * CALIB_REPO: URI to repo containing calibrations (and templates) | ||
| * LSST_DISABLE_BUCKET_VALIDATION: set this so to disable validation of S3 bucket names, allowing Ceph multi-tenant colon-separated names to be used. | ||
| * IP_APDB: IP address or hostname and port of the APDB (see `Databases`_, below) | ||
| * IP_REGISTRY: IP address or hostname and port of the registry database (see `Databases`_) |
There was a problem hiding this comment.
IP_REGISTRY and DB_REGISTRY are also mentioned in the Google Cloud session and may be deleted together?
Though I recall that in a previous meeting we agreed to terminate those running on Google Cloud so I'm not sure how much we care about that session.
There was a problem hiding this comment.
Well, the catch is that this version of the code won't work on Google (we can't get a .pgpass file with the right permissions there). So if you're running on Google, you must be using a version that still uses those variables. 😵💫
kfindeisen
force-pushed
the
tickets/DM-36772
branch
3 times, most recently
from
627cd6f to
838a356
Compare
|
I pushed a revised version of the Argo CD instructions -- it turns out you can redeploy purely from Argo, as long as you don't have any |
hsinfang
reviewed
Sep 21, 2023
kfindeisen
force-pushed
the
tickets/DM-36772
branch
2 times, most recently
from
d8414e2 to
b311e10
Compare
The SLACLab repository no longer has deployment scripts for the prompt processing service.
kfindeisen
force-pushed
the
tickets/DM-36772
branch
from
b311e10 to
ae0e772
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR removes the
make_pgpassmodule entirely, and uses the extra freedom to switch the APDB access code inMiddlewareInterfaceto a single URL. It updates the Playbook to reflect the reduced number of input variables as well as our migration from Slaclab to Argo CD.