Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[minor] Increase Manage sequence caches #223

Merged
merged 21 commits into from
Nov 15, 2024
Merged

[minor] Increase Manage sequence caches #223

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
afa3a1e
[patch] initial attempt at a manage job that execs into db2 pod
tomklapiscak Nov 13, 2024
ebfdbf4
fix
tomklapiscak Nov 13, 2024
1eaf1f1
add networkpolicy
tomklapiscak Nov 13, 2024
11984e6
fix
tomklapiscak Nov 13, 2024
04a4eb6
fix
tomklapiscak Nov 13, 2024
7129134
fix
tomklapiscak Nov 13, 2024
4340ccd
job implementation
tomklapiscak Nov 13, 2024
cf5c7a8
fix?
tomklapiscak Nov 13, 2024
48fffff
fix?
tomklapiscak Nov 13, 2024
ed3efcf
fix
tomklapiscak Nov 13, 2024
3a02248
execute sql
tomklapiscak Nov 13, 2024
0635256
fix
tomklapiscak Nov 13, 2024
25f02a8
[patch] fix selenium-grid app template
tomklapiscak Nov 14, 2024
314243b
Merge branch 'main' into mascore3761
tomklapiscak Nov 14, 2024
c0c6c91
Pass in subset of Manage DB2 parameters for postsync-db2-manage job
tomklapiscak Nov 14, 2024
eab12aa
fixes & comments
tomklapiscak Nov 15, 2024
0d308d5
Merge remote-tracking branch 'origin/main' into mascore3761
tomklapiscak Nov 15, 2024
9e69d35
clarify comments
tomklapiscak Nov 15, 2024
e7623d8
fix
tomklapiscak Nov 15, 2024
4bdf87b
fix
tomklapiscak Nov 15, 2024
89047a9
set postsync-db2 syncwaves
tomklapiscak Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
248 changes: 248 additions & 0 deletions ...-applications/510-550-ibm-mas-suite-app-config/templates/700-702-postsync-db2-manage.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,248 @@
{{- if eq .Values.mas_app_id "manage" }}
{{- if not (empty .Values.manage_db2u_databases) }}

{{ $manage_ns := .Values.mas_app_namespace }}
{{ $np_name := "postsync-manage-db2-np" }}
{{ $sa_name := "postsync-manage-db2-sa" }}
{{ $job_label := "postsync-manage-db2-job" }}

---
{{- /*
Permit outbound communication by the Job pod (Needed to communicate with the K8S HTTP API)
This single policy is shared by all per-db2 job instances, sit identifies these jobs by $job_label (which is the same for all)
*/}}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ $np_name }}
namespace: {{ $manage_ns }}
annotations:
argocd.argoproj.io/sync-wave: "700"
{{- if .Values.custom_labels }}
labels:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
app: {{ $job_label }}
egress:
- {}
policyTypes:
- Egress

---
{{- /*
Service account that is authorized to exec into db2u pod
This single service account is shared by all per-db2 job instances
Each per-db2 job is assigned its own role (in the db2 namespace) which is bound to this service account
*/}}
kind: ServiceAccount
apiVersion: v1
metadata:
name: "{{ $sa_name }}"
namespace: "{{ $manage_ns }}"
annotations:
argocd.argoproj.io/sync-wave: "700"
{{- if .Values.custom_labels }}
labels:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}






{{- /*
A separate Job is created in the manage namespace per DB2 instance reserved for use by Manage.
For each Job a separate Role and RoleBinding is created in the db2 namespace to permit pod exec access to the (single) service account assigned to each Job.

NOTE: Most likely there will only ever be a single DB2 reserved for use by Manage; i.e. exactly 1 entry in ibm-db2u-databases.yaml with mas_application_id: "manage".
But our config model (in theory) permits more than one, so it seems prudent to ensure this post Manage-sync DB2 maintenance Job is executed against all.

NOTE: When inside the range loop below, make sure you prefix any references to chart values NOT under .Values.manage_db2u_databases with $.
For example: {{ $.Values.custom_labels }} (instead of {{ .Values.custom_labels }} )
*/}}
{{- range $i, $db := .Values.manage_db2u_databases }}

{{ $db2_namespace := $db.db2_namespace }}
{{ $db2_dbname := $db.db2_dbname }}
{{ $db2_instance_name := $db.db2_instance_name }}

{{ $job_name := printf "postsync-manage-db2-job-%s" $db2_instance_name }}
{{ $role_name := printf "postsync-manage-db2-role-%s" $db2_instance_name }}
{{ $rb_name := printf "postsync-manage-db2-rb-%s" $db2_instance_name }}

---
{{- /*
Role permitting exec into db2u pod
NOTE: created in db2u namespace
*/}}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "{{ $role_name }}"
namespace: "{{ $db2_namespace }}"
annotations:
argocd.argoproj.io/sync-wave: "700"
{{- if $.Values.custom_labels }}
labels:
{{ $.Values.custom_labels | toYaml | indent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- list

---
{{- /*
RoleBinding from the Role in the db2u namespace to the Job ServiceAccount in the app namespace
NOTE: created in db2u namespace
*/}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ $rb_name }}"
namespace: "{{ $db2_namespace }}"
annotations:
argocd.argoproj.io/sync-wave: "701"
{{- if $.Values.custom_labels }}
labels:
{{ $.Values.custom_labels | toYaml | indent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: "{{ $sa_name }}"
namespace: "{{ $manage_ns }}"
roleRef:
kind: Role
name: "{{ $role_name }}"
apiGroup: rbac.authorization.k8s.io


---
apiVersion: batch/v1
kind: Job
metadata:
# Suffix the Job name with a hash of all chart values
# This is to ensure that ArgoCD will delete and recreate the job if anything changes in the application config
# The job is idempotent
name: {{ $job_name }}-v1-{{ omit $.Values "junitreporter" | toYaml | adler32sum }}
namespace: "{{ $manage_ns }}"
annotations:
argocd.argoproj.io/sync-wave: "702"
{{- if $.Values.custom_labels }}
labels:
{{ $.Values.custom_labels | toYaml | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ $job_label }}
{{- if $.Values.custom_labels }}
{{ $.Values.custom_labels | toYaml | indent 8 }}
{{- end }}
spec:
containers:
- name: run
image: quay.io/ibmmas/cli:latest
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 10m
memory: 64Mi
env:
# Hard-coded for now:
- name: AVP_TYPE
value: "aws"
- name: DB2_NAMESPACE
value: "{{ $db2_namespace }}"
- name: DB2_DBNAME
value: "{{ $db2_dbname }}"
- name: DB2_INSTANCE_NAME
value: "{{ $db2_instance_name }}"

volumeMounts: []
command:
- /bin/sh
- -c
- |

set -e
source /mascli/functions/gitops_utils

DB2_POD_NAME="c-${DB2_INSTANCE_NAME}-db2u-0"

echo ""
echo "================================================================================"
echo "Settings"
echo "================================================================================"
echo "DB2_INSTANCE_ID ..................... ${DB2_INSTANCE_NAME}"
echo "DB2_DBNAME .......................... ${DB2_DBNAME}"
echo "AVP_TYPE ............................ ${AVP_TYPE}"
echo "DB2_NAMESPACE ....................... ${DB2_NAMESPACE}"
echo "DB2_POD_NAME ........................ ${DB2_POD_NAME}"

# Path to the generated script, on both this pod and on the db2u pod
ALTERSEQ_SH_PATH="/tmp/alterseq.sh"

echo ""
echo "Create ${ALTERSEQ_SH_PATH}"
echo "--------------------------------------------------------------------------------"

# Generate a script to copy and run on the db2u pod
cat > ${ALTERSEQ_SH_PATH} << EOF
#!/bin/bash
db2 connect to ${DB2_DBNAME}
if [ \$? != 0 ]; then
echo "Failed to connect to database!"
exit 1
fi

db2 "select 'alter sequence maximo.' || sequencename || ' cache 500;' from maximo.maxsequence" | grep "alter sequence" > "${ALTERSEQ_SH_PATH}.sql"
echo "alter sequence maximo.maxseq cache 2000;" >> "${ALTERSEQ_SH_PATH}.sql"

db2 -tvf "${ALTERSEQ_SH_PATH}.sql" | tee "${ALTERSEQ_SH_PATH}.sql.log" || exit \$?
EOF
# IMPORTANT: Do not make any changes to the "EOF" line above (including its indentation)

cat ${ALTERSEQ_SH_PATH}

chmod +x ${ALTERSEQ_SH_PATH}

echo ""
echo "Copy ${ALTERSEQ_SH_PATH} to ${DB2_NAMESPACE}/${DB2_POD_NAME}"
echo "--------------------------------------------------------------------------------"
oc cp ${ALTERSEQ_SH_PATH} ${DB2_NAMESPACE}/${DB2_POD_NAME}:${ALTERSEQ_SH_PATH} -c db2u || exit $?
echo "... done"

echo ""
echo "Executing ${ALTERSEQ_SH_PATH} file on ${DB2_NAMESPACE}/${DB2_POD_NAME}"
echo "--------------------------------------------------------------------------------"
oc exec -n ${DB2_NAMESPACE} ${DB2_POD_NAME} -- su -lc "${ALTERSEQ_SH_PATH} | tee ${ALTERSEQ_SH_PATH}.log" db2inst1 || exit $?

restartPolicy: Never
serviceAccountName: "{{ $sa_name }}"
volumes: []
backoffLimit: 4

{{- end }}
{{- end }}
{{- end }}
13 changes: 13 additions & 0 deletions root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,19 @@ spec:
devops_build_number: "{{ $.Values.devops.build_number }}"
gitops_version: "{{ $.Values.source.revision }}"

{{- if (eq $value.mas_app_id "manage") }}
{{- if not (empty $.Values.ibm_db2u_databases) }}
manage_db2u_databases:
{{- range $j, $db := $.Values.ibm_db2u_databases }}
{{- if (eq $db.mas_application_id "manage") }}
- db2_namespace: {{ $db.db2_namespace }}
db2_instance_name: {{ $db.db2_instance_name }}
db2_dbname: {{ $db.db2_dbname }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

- name: ARGOCD_APP_NAME
value: "ma-cfg-{{ $value.mas_app_id }}"
{{- if not (empty $.Values.avp.secret) }}
Expand Down
Loading