From 01273d4e74e5973c3596aaf42b0dab38c28734bb Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Thu, 9 Jun 2022 09:00:53 -0700 Subject: [PATCH 1/6] feat: drpipeline --- .github/workflows/set-dr-active.yml | 42 +++++++++++++++++ helm/keycloak/transition-scripts/README.md | 0 .../deploy-golddr-active.sh | 20 ++++++++ .../set-dr-to-active-c6af30-test.yaml | 13 ++++++ helm/keycloak/values-golddr-c6af30-test.yaml | 46 +++++++++++++++++++ 5 files changed, 121 insertions(+) create mode 100644 .github/workflows/set-dr-active.yml create mode 100644 helm/keycloak/transition-scripts/README.md create mode 100755 helm/keycloak/transition-scripts/deploy-golddr-active.sh create mode 100644 helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml create mode 100644 helm/keycloak/values-golddr-c6af30-test.yaml diff --git a/.github/workflows/set-dr-active.yml b/.github/workflows/set-dr-active.yml new file mode 100644 index 00000000..b4f45c1e --- /dev/null +++ b/.github/workflows/set-dr-active.yml @@ -0,0 +1,42 @@ +name: Set the dr deployment to active + +on: + workflow_dispatch: + inputs: + namespace: + description: "The target namespace" + required: true + options: ["c6af30-dev", "c6af30-test", "c6af30-prod"] + +env: + GITHUB_REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + TAG: sha-${{ github.sha }} + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + +jobs: + set-dr-to-active: + runs-on: ubuntu-latest + environment: + name: development + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: list files + run: ls ./ + - name: Log into golddr and remove patroni standby + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_GOLDDR }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN_GOLDDR }} + namespace: ${{ github.event.inputs.namespace }} + insecure_skip_tls_verify: true + - name: Set patroni-dr to primary + run: | + oc rsh -n ${{ github.event.inputs.namespace }} sso-patroni-0 curl -s -XPATCH -d '{ "standby_cluster":null}' http://localhost:8008/config | jq . + shell: bash + - name: Deploy keycloak-dr in active mode + run: | + chmod +x ./helm/keycloak/transition-scripts/deploy-golddr-active.sh + ./helm/keycloak/transition-scripts/deploy-golddr-active.sh ${{ github.event.inputs.namespace }} + shell: bash diff --git a/helm/keycloak/transition-scripts/README.md b/helm/keycloak/transition-scripts/README.md new file mode 100644 index 00000000..e69de29b diff --git a/helm/keycloak/transition-scripts/deploy-golddr-active.sh b/helm/keycloak/transition-scripts/deploy-golddr-active.sh new file mode 100755 index 00000000..444f6f97 --- /dev/null +++ b/helm/keycloak/transition-scripts/deploy-golddr-active.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +NAMESPACE=$1 + +pwd="$(dirname "$0")" +source "./helm/helpers.sh" + +if ! check_kube_context "api-golddr-devops-gov-bc-ca"; then + echo "invalid context" + exit 1 +fi + +helm repo add sso-charts https://bcgov.github.io/sso-helm-charts +helm repo update + +cd ./helm/keycloak/ + +helm upgrade --install sso-keycloak sso-charts/sso-keycloak \ + -n ${NAMESPACE} -f ./values-golddr-${NAMESPACE}.yaml \ + -f ./transition-values/set-dr-to-active-${NAMESPACE}.yaml --version v1.6.0 diff --git a/helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml b/helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml new file mode 100644 index 00000000..ed9767c6 --- /dev/null +++ b/helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml @@ -0,0 +1,13 @@ +replicaCount: 0 + +postgres: + host: sso-patroni + port: 5432 + +patroni: + replicaCount: 3 + + standby: + enabled: false + host: null + port: null diff --git a/helm/keycloak/values-golddr-c6af30-test.yaml b/helm/keycloak/values-golddr-c6af30-test.yaml new file mode 100644 index 00000000..225ba0e6 --- /dev/null +++ b/helm/keycloak/values-golddr-c6af30-test.yaml @@ -0,0 +1,46 @@ +replicaCount: 1 + +image: + repository: ghcr.io/bcgov/sso + tag: v7.5-9-build.4 + pullPolicy: Always + +resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512M + +postgres: + host: sso-patroni-gold.c6af30-test.svc.cluster.local + port: 56583 + +patroni: + replicaCount: 2 + # credentials: + # existingSecret: false + # superuser: + # username: postgres + # password: + # admin: + # username: admin + # password: + # standby: + # username: standby + # password: + + # additionalCredentials: + # - username: ssokeycloak + # password: + persistentVolume: + size: 2Gi + + podDisruptionBudget: + enabled: true + + standby: + enabled: true + host: sso-patroni-gold.c6af30-test.svc.cluster.local + port: 56583 From af1f9cee2da904df50f536d2d05b9bd0cd8d866e Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Thu, 9 Jun 2022 09:05:42 -0700 Subject: [PATCH 2/6] feat: dractive Remove an unused ls statement --- .github/workflows/set-dr-active.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/set-dr-active.yml b/.github/workflows/set-dr-active.yml index b4f45c1e..3480f18c 100644 --- a/.github/workflows/set-dr-active.yml +++ b/.github/workflows/set-dr-active.yml @@ -22,8 +22,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 - - name: list files - run: ls ./ - name: Log into golddr and remove patroni standby uses: redhat-actions/oc-login@v1 with: From 0350574a11109a8764de0242b150a6b72b3dd597 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 14 Jun 2022 08:29:29 -0700 Subject: [PATCH 3/6] feat: dr implement pr suggestions --- .github/workflows/set-dr-active.yml | 36 ++++++++++++------- .../deploy-golddr-active.sh | 6 ++-- .../set-patroni-dr-active.sh | 16 +++++++++ 3 files changed, 44 insertions(+), 14 deletions(-) create mode 100755 helm/keycloak/transition-scripts/set-patroni-dr-active.sh diff --git a/.github/workflows/set-dr-active.yml b/.github/workflows/set-dr-active.yml index 3480f18c..6233a6a5 100644 --- a/.github/workflows/set-dr-active.yml +++ b/.github/workflows/set-dr-active.yml @@ -8,21 +8,15 @@ on: required: true options: ["c6af30-dev", "c6af30-test", "c6af30-prod"] -env: - GITHUB_REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - TAG: sha-${{ github.sha }} - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} - jobs: set-dr-to-active: runs-on: ubuntu-latest - environment: - name: development + outputs: + output1: ${{ steps.dractivation.outputs.patroniconfig }} steps: - name: Checkout uses: actions/checkout@v2 - - name: Log into golddr and remove patroni standby + - name: Log into golddr uses: redhat-actions/oc-login@v1 with: openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_GOLDDR }} @@ -30,11 +24,29 @@ jobs: namespace: ${{ github.event.inputs.namespace }} insecure_skip_tls_verify: true - name: Set patroni-dr to primary + id: dractivation run: | - oc rsh -n ${{ github.event.inputs.namespace }} sso-patroni-0 curl -s -XPATCH -d '{ "standby_cluster":null}' http://localhost:8008/config | jq . + chmod +x ./keycloak/transition-scripts/set-patroni-dr-active.sh + ./keycloak/transition-scripts/set-patroni-dr-active.sh ${{ github.event.inputs.namespace }} shell: bash + working-directory: helm + deploy-kc-in-dr: + runs-on: ubuntu-latest + needs: set-dr-to-active + if: ${{needs.set-dr-to-active.outputs.output1}} == '200' + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Log into golddr + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_GOLDDR }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN_GOLDDR }} + namespace: ${{ github.event.inputs.namespace }} + insecure_skip_tls_verify: true - name: Deploy keycloak-dr in active mode run: | - chmod +x ./helm/keycloak/transition-scripts/deploy-golddr-active.sh - ./helm/keycloak/transition-scripts/deploy-golddr-active.sh ${{ github.event.inputs.namespace }} + chmod +x ./keycloak/transition-scripts/deploy-golddr-active.sh + ./keycloak/transition-scripts/deploy-golddr-active.sh ${{ github.event.inputs.namespace }} shell: bash + working-directory: helm diff --git a/helm/keycloak/transition-scripts/deploy-golddr-active.sh b/helm/keycloak/transition-scripts/deploy-golddr-active.sh index 444f6f97..861b3fbc 100755 --- a/helm/keycloak/transition-scripts/deploy-golddr-active.sh +++ b/helm/keycloak/transition-scripts/deploy-golddr-active.sh @@ -3,7 +3,9 @@ NAMESPACE=$1 pwd="$(dirname "$0")" -source "./helm/helpers.sh" +echo ${pwd} + +source "./helpers.sh" if ! check_kube_context "api-golddr-devops-gov-bc-ca"; then echo "invalid context" @@ -13,7 +15,7 @@ fi helm repo add sso-charts https://bcgov.github.io/sso-helm-charts helm repo update -cd ./helm/keycloak/ +cd ./keycloak/ helm upgrade --install sso-keycloak sso-charts/sso-keycloak \ -n ${NAMESPACE} -f ./values-golddr-${NAMESPACE}.yaml \ diff --git a/helm/keycloak/transition-scripts/set-patroni-dr-active.sh b/helm/keycloak/transition-scripts/set-patroni-dr-active.sh new file mode 100755 index 00000000..9cbe3f5c --- /dev/null +++ b/helm/keycloak/transition-scripts/set-patroni-dr-active.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +NAMESPACE=$1 + +pwd="$(dirname "$0")" + +source "./helpers.sh" + +if ! check_kube_context "api-golddr-devops-gov-bc-ca"; then + echo "invalid context" + exit 1 +fi + +OUTPUT=$(oc rsh -n ${NAMESPACE} sso-patroni-0 curl -s -o /dev/null -w "%{http_code}" -XPATCH -d '{"standby_cluster":null}' http://localhost:8008/config) + +echo "::set-output name=patroniconfig::${OUTPUT}" From 753049688b063044c7e03ab980018771d63e2b5d Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 14 Jun 2022 14:07:43 -0700 Subject: [PATCH 4/6] feat: dr Remove the PDB from dr, may need to put it back in the future --- helm/keycloak/values-golddr-c6af30-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/keycloak/values-golddr-c6af30-test.yaml b/helm/keycloak/values-golddr-c6af30-test.yaml index 225ba0e6..a7959e8a 100644 --- a/helm/keycloak/values-golddr-c6af30-test.yaml +++ b/helm/keycloak/values-golddr-c6af30-test.yaml @@ -38,7 +38,7 @@ patroni: size: 2Gi podDisruptionBudget: - enabled: true + enabled: false standby: enabled: true From 0a952bbd42ff773434e8e9d407bb9329c0aa6722 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 14 Jun 2022 14:18:12 -0700 Subject: [PATCH 5/6] feat: dr increased active test sandbox dr replica count from 0 to 3 --- .../transition-values/set-dr-to-active-c6af30-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml b/helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml index ed9767c6..8a063c79 100644 --- a/helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml +++ b/helm/keycloak/transition-values/set-dr-to-active-c6af30-test.yaml @@ -1,4 +1,4 @@ -replicaCount: 0 +replicaCount: 3 postgres: host: sso-patroni From 16ceae0b59f1f0344f5740deaf6818b5720ecedd Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 15 Jun 2022 10:31:17 -0700 Subject: [PATCH 6/6] feat: dr Change rsh to exec, requires fewer permissions --- helm/keycloak/transition-scripts/set-patroni-dr-active.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/keycloak/transition-scripts/set-patroni-dr-active.sh b/helm/keycloak/transition-scripts/set-patroni-dr-active.sh index 9cbe3f5c..0ce4a0d9 100755 --- a/helm/keycloak/transition-scripts/set-patroni-dr-active.sh +++ b/helm/keycloak/transition-scripts/set-patroni-dr-active.sh @@ -11,6 +11,6 @@ if ! check_kube_context "api-golddr-devops-gov-bc-ca"; then exit 1 fi -OUTPUT=$(oc rsh -n ${NAMESPACE} sso-patroni-0 curl -s -o /dev/null -w "%{http_code}" -XPATCH -d '{"standby_cluster":null}' http://localhost:8008/config) +OUTPUT=$(kubectl -n ${NAMESPACE} exec sso-patroni-0 -- curl -s -o /dev/null -w "%{http_code}" -XPATCH -d '{"standby_cluster":null}' http://localhost:8008/config) echo "::set-output name=patroniconfig::${OUTPUT}"