CUMULUS-3536 Update Cumulus Core from Aurora Serverless V1 to V2 #3632
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* update CL * update terraform templates to serverless v2 * add terraform variable validation * remove upgrade variables * add prevent_destroy = true * add prevent_destroy = true --------- Co-authored-by: Tim Clark <tim.clark@nasa.gov>
# Conflicts: # CHANGELOG.md
…o v2 (#3643) * remove prevent_destroy to allow automated CI migrations --------- Co-authored-by: Tim Clark <tim.clark@nasa.gov>
tclark-innovim
changed the title
Co-authored-by: Tim Clark <tim.clark@nasa.gov>
* initial commit * serverless v2 doc updates * Update serverless V2 docs * Fix lint issue
# Conflicts: # CHANGELOG.md
tclark-innovim
commented
Jun 28, 2024
| @@ -83,6 +83,7 @@ export const handler = async (event: HandlerEvent): Promise<void> => { | |||
| database: `${dbUser}_db`, | |||
| host: (rootKnexConfig.connection as Knex.PgConnectionConfig).host, | |||
| port: (rootKnexConfig.connection as Knex.PgConnectionConfig).port, | |||
| disableSSL: 'true', | |||
There was a problem hiding this comment.
I had to add disableSSL: 'true' to this file in order for Bamboo CI in order for the Deploy Dev Integration Stack to complete successfully. Perhaps we need to add documentation around this addition?
There was a problem hiding this comment.
@Jkovarik This is the additional change I needed to make in order for Bamboo CI in order for the Deploy Dev Integration Stack to complete successfully
There was a problem hiding this comment.
We should probably consider making this a user option as part of the incoming event.
That said, the behavior is documented (not as part of this module, but in Core) as part of the ticket CL:
- **CUMULUS-3323**
- Added `disableSSL` as a valid database secret key - setting this in your database credentials will
disable SSL for all Core database connection attempts.
- Added `rejectUnauthorized` as a valid database secret key - setting
this to `false` in your database credentials will allow self-signed certs/certs with an unrecognized authority.
- Updated the default parameter group for `cumulus-rds-tf` to set `force_ssl`
to 1. This setting for the Aurora Serverless v1 database disallows non-SSL
connections to the database, and is intended to help enforce security
compliance rules. This update can be opted-out by supplying a non-default
`db_parameters` set in the terraform configuration.
and
That said - why do we need to disable SSL for v2? Is this the cert concern, and if so can we leave SSL enabled but allow unverified certs (e.g. rejectUnauthorized)?
There was a problem hiding this comment.
I have removed the disableSsl entry and added rejectUnauthorized = false. Bamboo CI ran successfully.
# Conflicts: # CHANGELOG.md
Jkovarik
previously requested changes
Jul 8, 2024
added 4 commits
July 15, 2024 11:18
# Conflicts: # CHANGELOG.md
# Conflicts: # tf-modules/cumulus-rds-tf/main.tf # tf-modules/cumulus-rds-tf/variables.tf
@Jkovarik I have removed the disableSsl entry and added rejectUnauthorized = false. Bamboo CI ran successfully. |
# Conflicts: # CHANGELOG.md
# Conflicts: # CHANGELOG.md
# Conflicts: # CHANGELOG.md
|
@Jkovarik Hi Jonathan, it looks like Github is showing "Merging is blocked" due to a change request you have added to this PR. Are there any further changes you are looking for? If not, can you clear the change request so that this feature branch is able to merge, once the time is right? Thanks |
npauzenga
approved these changes
Jul 23, 2024
There was a problem hiding this comment.
@tclark-innovim the updates look good so I'm gonna go ahead and approve. I do want to be sure we (I) understand the rejectUnauthorized though. It's reasonable to default that the way we have it?
I set rejectUnauthorized = false as default because our Cumulus Lambda does not yet have the AWS RDS SSL root authority certificate installed. We have a future ticket for that. Once that is in place, we can remove the rejectUnauthorized = false. |
# Conflicts: # CHANGELOG.md
etcart
added a commit
that referenced
this pull request
Sep 25, 2024
* Update deployment templates for Aurora Serverless v2 (#3623) * update CL * update terraform templates to serverless v2 * add terraform variable validation * remove upgrade variables * add prevent_destroy = true * add prevent_destroy = true * CUMULUS-3670 Develop upgrade/migration process Aurora Serverless v1 to v2 (#3643) * remove prevent_destroy to allow automated CI migrations * set force_ssl = 0 (#3658) Co-authored-by: Tim Clark <tim.clark@nasa.gov> * [CUMULUS-3671]: Update docs for Serverless V2 (#3666) * initial commit * serverless v2 doc updates * Update serverless V2 docs * Fix lint issue * set DISABLE_PG_SSL: true to support CI * fix lint error * set disableSSL = true * remove DISABLE_PG_SSL * set rejectUnauthorized: 'false' * update CL for v2 changes * fix changelog * add migration notes to changelog, add v2 docs to sidebar * fix changelog --------- Co-authored-by: Tim Clark <tim.clark@nasa.gov> Co-authored-by: Nate Pauzenga <npauzenga@gmail.com>
paulpilone
added a commit
that referenced
this pull request
Oct 4, 2024
* CUMULUS-3536 Update Cumulus Core from Aurora Serverless V1 to V2 (#3632) * Update deployment templates for Aurora Serverless v2 (#3623) * update CL * update terraform templates to serverless v2 * add terraform variable validation * remove upgrade variables * add prevent_destroy = true * add prevent_destroy = true * CUMULUS-3670 Develop upgrade/migration process Aurora Serverless v1 to v2 (#3643) * remove prevent_destroy to allow automated CI migrations * set force_ssl = 0 (#3658) Co-authored-by: Tim Clark <tim.clark@nasa.gov> * [CUMULUS-3671]: Update docs for Serverless V2 (#3666) * initial commit * serverless v2 doc updates * Update serverless V2 docs * Fix lint issue * set DISABLE_PG_SSL: true to support CI * fix lint error * set disableSSL = true * remove DISABLE_PG_SSL * set rejectUnauthorized: 'false' * update CL for v2 changes * fix changelog * add migration notes to changelog, add v2 docs to sidebar * fix changelog --------- Co-authored-by: Tim Clark <tim.clark@nasa.gov> Co-authored-by: Nate Pauzenga <npauzenga@gmail.com> * Ecarton/hailian fix sf event sqs to db records CUMULUS-3901 (#3799) * Fix isThrottlingException function to check error name * update changelog and add name/code check in errors * linter fix * changelog * typo fix --------- Co-authored-by: Hailiang Zhang <hailiang.zhang@nasa.gov> Co-authored-by: etcart <amberhosen@gmail.com> * reintroduce Migration Count Report to migrations with async_operations_table (#3805) Co-authored-by: etcart <amberhosen@gmail.com> * Updates CL 18.5.0 release date, removes 19.0, fixes some lint stuff --------- Co-authored-by: Tim Clark <tim.clark@nasa.gov> Co-authored-by: Nate Pauzenga <npauzenga@gmail.com> Co-authored-by: cumulus-bot <141277837+cumulus-bot@users.noreply.github.com> Co-authored-by: Hailiang Zhang <hailiang.zhang@nasa.gov> Co-authored-by: Paul Pilone <paul@element84.com>
paulpilone
added a commit
that referenced
this pull request
Oct 4, 2024
….0 release (#3814) * CUMULUS-3536 Update Cumulus Core from Aurora Serverless V1 to V2 (#3632) * Update deployment templates for Aurora Serverless v2 (#3623) * update CL * update terraform templates to serverless v2 * add terraform variable validation * remove upgrade variables * add prevent_destroy = true * add prevent_destroy = true * CUMULUS-3670 Develop upgrade/migration process Aurora Serverless v1 to v2 (#3643) * remove prevent_destroy to allow automated CI migrations * set force_ssl = 0 (#3658) Co-authored-by: Tim Clark <tim.clark@nasa.gov> * [CUMULUS-3671]: Update docs for Serverless V2 (#3666) * initial commit * serverless v2 doc updates * Update serverless V2 docs * Fix lint issue * set DISABLE_PG_SSL: true to support CI * fix lint error * set disableSSL = true * remove DISABLE_PG_SSL * set rejectUnauthorized: 'false' * update CL for v2 changes * fix changelog * add migration notes to changelog, add v2 docs to sidebar * fix changelog --------- Co-authored-by: Tim Clark <tim.clark@nasa.gov> Co-authored-by: Nate Pauzenga <npauzenga@gmail.com> * Ecarton/hailian fix sf event sqs to db records CUMULUS-3901 (#3799) * Fix isThrottlingException function to check error name * update changelog and add name/code check in errors * linter fix * changelog * typo fix --------- Co-authored-by: Hailiang Zhang <hailiang.zhang@nasa.gov> Co-authored-by: etcart <amberhosen@gmail.com> * reintroduce Migration Count Report to migrations with async_operations_table (#3805) Co-authored-by: etcart <amberhosen@gmail.com> * Updates CL 18.5.0 release date, removes 19.0, fixes some lint stuff * Bumps packages versions to 18.5.0 * Adds 18.5.0 docs to website --------- Co-authored-by: etcart <amberhosen@gmail.com> Co-authored-by: Tim Clark <tim.clark@nasa.gov> Co-authored-by: Nate Pauzenga <npauzenga@gmail.com> Co-authored-by: cumulus-bot <141277837+cumulus-bot@users.noreply.github.com> Co-authored-by: Hailiang Zhang <hailiang.zhang@nasa.gov>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary: Summary of changes
Addresses CUMULUS-3536: Update Cumulus Core from Aurora Serverless V1 to V2
Changes
PR Checklist