GitLab Repeatable Database Creation, 10 Aug 2021

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: Repeatable DB Provisioning weekly sync (2021-08-10)

Description

https://docs.google.com/document/d/1O-ykLHFybv-JapZRRNy0FNqr-WXwP58aWiAMgLiegq8/edit

A

So um I just wanted to quickly sync up on the work items and blockers. uh First item is mine. Share my.

B

A

So I organized the blockers into get in omnibus sections and I just wanted to take your temperature as to like how you're feeling about losing omnibus so far I mean, I think we obviously have gaps that we need to address uh biggest. One probably is the pg bouncer issue and whether I think that's a risk, because we're not even sure whether it's going to be something the distribution team's going to want to implement, although ian kind of indicated to me that it shouldn't be a problem.

A

What are your? uh What are your thoughts on omnibus? Are we? Are we continuing down this path for now for petroni.

B

uh Yeah so far it looks okay, the olympus implementation covers most of uh what we have in our uh our space um and, as you mentioned, pow has implemented the missing bits that we needed, so it shouldn't be uh hard to get a similar uh setup to what we have in production or staging uh still.

B

uh uh There could be some hidden stuff that we're not aware of the uh the de facto implementation in get had this weird uh vlog, that uh that does a rollback or uh wall reset when it be configures and fits, I'm not sure why it was included.

B

We we don't have such thing in our implementation in jeff, so I didn't use it just to be as close as possible to what we have already, uh but it made me a little iffy about why it wasn't good, maybe something we're not aware very aware of, but so far it's okay. We can continue moving forward and see how it goes in in practice.

A

Cool, what are your predictions for backups? Is that going to be something we can just use with omnibus or is it gonna? Is there gonna be additional config we're gonna need for that.

B

uh Are we talking about uh wall g, backups or.

C

B

Yeah yeah, uh uh it shouldn't be hard. I guess, uh as as far as I know about all g, uh just plug and play doesn't require a lot of configuration. uh We do most of the our configuration uh in in chef.

A

B

It's just pointing.

B

um Pointing uh wall g2 where it should be.

A

Backup so it shouldn't be a problem. Okay, great um 1b is just um I I wanted to look at what we did for the pg upgrade how we stop traffic some of these things. It looks like a lot of the cases. At least the ansible plays. I reviewed like it sounded like we were moving the config to the side, making changes and then reloading, vg, reloading, postgres and then moving it back.

A

So I don't anticipate any issues, but if you think of anything that would have been difficult with the upgrade with omnibus it'd be good to kind of like highlight them now, so um you know we can predict if we're going to have issues later.

B

I would say just the extra level of in the uh in in direct configuration that.

B

uh You have to update gitlab.rb for all the configuration to be fanned out to the actual configuration you don't have that with chef you just update what shift is updating directly so there is that, and also if, if we're not really aware of what uh only bus is doing, if there could be some hidden logic, that does something with something we're not aware of, uh but overall this particular migration to bg-12.

B

uh It would have been two top insane just changing few things like not using systemd using the gitlab ctl for reloading and so on. Stuff.

A

Like that, okay.

C

Yeah, I would say that, like the complications that we had for the upgrade were because we were using ansible plays in parallel to jeff changes, so the ansible plays were doing changes that the chef ripa then wanted to reproduce or overwrite so yeah, I I agree with my equal. It would have been, um I think, pretty much the same.

A

So because of chef, zero with omnibus, like you, have control over the chef run, at least when, when it runs, so that makes a little bit better than having uh the background jobs running um yeah. Okay!

A

Well, um alejandro are you: are you kind of in the same boat as ahmad on this? Like.

C

Yeah, I I am, I think I think I don't feel like calling it uh off the going down the omnibus route. I think I'd rather push push forward a little bit more.

A

A

Great okay, uh I just put the two issues there for omnibus um get. This is for you, alejandro whether this is ready to go into the integration branch or you want to wait.

C

I'm happy to put it in the in the branch I tried it locally and it works again.

A

Cool yeah I like to start not using public ips uh as soon as possible, so that would be nice um item. Two is mine. This is just um more config generation with jsonnet. This creates all the ansible and terraform config for the shards, so we don't have to do that manually anymore. It will also give us the flexibility to add vars per shard in jsonnet, which will allow us to like remove some of the duplication we have now and did the future.

A

This is also going to help for secrets because, um as I like started thinking about how we handle multiple shards, I realized like we're going to have to have namespace secrets per shard in each environment.

A

So this is a lot of duplication or a lot of boilerplate. I would say so. I'm going to be able to use jsonnet for that as well.

B

Speaking of secrets, uh did we uh agree or recharge? How these secrets are gonna be laid out like? Is it gonna be like for each secret like a certificate, for example, is gonna, be its own secret item in edge in gms or, if we're going to have like a the whole vault in in one secret, similar to what we have right now in.

A

Gkms individual secrets, so what I'm thinking right now is that um there'll be a list of secrets that will be specified in jsonnet. Then, when you do make config it will create the terraform.

A

um You know the terraform resource uh or the terraform module resource to create all the secrets and and bootstrap them, or just like uh seed them with dummy values and then and then it will also generate the ansible vars for each of the secrets for each chart. So then, once you run the make generate, then you'll have access to a var for each secret.

A

That's how I'm thinking.

B

A

Great thanks demo, I can do the multi-shard stuff. Maybe we can do the new postgres role. um I was even thinking it might be cool to start adding maintenance plays like ansible plays like, for example, you could have an answerable play to do a failover that would be kind of cool like in the list of um you know, jobs for each for each shard and uh number four is for you ah to be reread so go ahead. Alejandro yeah.

C

I was gonna say I'm not necessarily certain that maintenance tasks would be because we have the tv ops uh project, which is its own set of ansible ways that perform to perform a failover. um So let me add that at some point.

A

Should we just like use use that instead or I mean I think, the advantage of keeping it in the db provisioning is that it already has all the inventory and everything right.

C

C

Just that it will be uh relevant to point it out so.

B

C

Supposed to put it in there, but um we should which you'll look into that, because dbox is already connected with startups, so you can run a failover from slack. So we should look at leads into reusing. Some of that.

A

Okay, I'll hold off on that, then until we have time, okay so and then number three for ahmad.

B

uh Yeah uh yeah. I was working on that yesterday because I tracked uh something else. uh Unfortunately, I'm on call this week uh so uh depending on uh uh freeze, I have from alerts. uh Hopefully I can.

B

I can push the updated stuff to the mr and have it working uh so yeah, uh there's a good chance that we maybe we'll be. We can be able to demo pg bouncer as well.

A

Awesome cool guys, that's all that's all! I have.

A