DPE-1794 Implement COS integration #93
Conversation
shayancanonical
requested review from
carlcsaposs-canonical,
taurus-forever and
paulomach
and removed request for
carlcsaposs-canonical
|
I believe that there are small things which result in using juju secrets to store the monitoring password a good idea:
|
metadata.yaml
Outdated
| mysql-router-peers: | ||
| interface: mysql_router_peers |
There was a problem hiding this comment.
nit: could you name this based on what the relation is used for?
my thinking is that it's a better practice to use separate peer relations for separate things, so that you get different events for different things (e.g. upgrades uses its own peer relation)
There was a problem hiding this comment.
our convention has been <charm_name>_peers to store all internal charm related data in the peerbag as well as secrets. please let me know if you can think of a better name for this interface/endpoint
There was a problem hiding this comment.
don't think this comment went through on last review: suggest cos-rest-api-password or something similar
|
@carlcsaposs-canonical @taurus-forever refactored and polished quite a bit addressing this last iteration of PR feedback the main functional change: we will always use the |
1 similar comment
|
@carlcsaposs-canonical @taurus-forever refactored and polished quite a bit addressing this last iteration of PR feedback the main functional change: we will always use the |
|
Added an integration test for the exporter endpoint (when relation formed with COS) in 05302d9 |
shayancanonical
requested review from
paulomach,
taurus-forever and
carlcsaposs-canonical
|
Confirmed that all the TODOs in the PR description are no longer relevant.
|
src/abstract_charm.py
Outdated
| workload_.reconcile( | ||
| tls=self._tls_certificate_saved, |
There was a problem hiding this comment.
this is used in k8s charm & abstract_charm.py is shared with k8s charm
looking at k8s charm, looks like there might be a bug with self._tls_certificate_saved not beginning with underscore in kubernetes_charm.py
src/workload.py
Outdated
| *, | ||
| container_: container.Container, | ||
| logrotate_: logrotate.LogRotate, | ||
| cos_: "relations.cos.COSRelation", |
There was a problem hiding this comment.
cos shouldn't conflict with relations.cos (would only conflict with import cos)
am I mistaken?
src/workload.py
Outdated
| if tls: | ||
| self.enable_tls() and self._container.mysql_router_service_enabled and self._restart( | ||
| tls=tls | ||
| ) |
There was a problem hiding this comment.
imo, it would be more robust to have tls input on reconcile and call reconcile from TLS file
so that everything uses the reconcile approach instead of an implicit dependency in the reconcile loop on the event-based tls enable/disable
src/relations/cos.py
Outdated
| import ops | ||
| from charms.grafana_agent.v0.cos_agent import COSAgentProvider | ||
|
|
||
| import abstract_charm |
There was a problem hiding this comment.
does this cause circular import?
There was a problem hiding this comment.
outdated. it indeed caused a circular import
src/machine_charm.py
Outdated
| self.peer_relation_app = data_interfaces.DataPeer( | ||
| self, | ||
| relation_name=self._PEER_RELATION_NAME, | ||
| secret_field_name=self._SECRET_INTERNAL_LABEL, | ||
| deleted_label=self._SECRET_DELETED_LABEL, | ||
| ) | ||
| self.peer_relation_unit = data_interfaces.DataPeerUnit( | ||
| self, | ||
| relation_name=self._PEER_RELATION_NAME, | ||
| additional_secret_fields=[ | ||
| relations.cos.MONITORING_PASSWORD_KEY, | ||
| ], | ||
| secret_field_name=self._SECRET_INTERNAL_LABEL, | ||
| deleted_label=self._SECRET_DELETED_LABEL, | ||
| ) |
There was a problem hiding this comment.
any reason this is in machine_charm.py instead of abstract_charm.py?
There was a problem hiding this comment.
outdated: moved to cos file
src/machine_charm.py
Outdated
| # DEPRECATED shared-db: Enable legacy "mysql-shared" interface | ||
| del self._database_provides | ||
| self._database_provides = relations.database_providers_wrapper.RelationEndpoint(self) |
There was a problem hiding this comment.
why was this removed?
There was a problem hiding this comment.
Removed due to the following error: https://github.com/canonical/mysql-router-operator/actions/runs/8233518223/job/22513139520
As far as I can tell, we are instantiating _database_provides.RelationEndpoint twice with the same unique identifier. I remove the variable declaration in the super class, and we will ensure that both the machine_charm and k8s_charm files define it exactly once
There was a problem hiding this comment.
did the test failure recently appear? I don't think I've seen it before
There was a problem hiding this comment.
it appeared when i upgraded the data_interfaces charm lib
There was a problem hiding this comment.
that seems like it might be a bug in the lib; suggest reporting
if that bug won't get fixed in the lib, would recommend using self._database_provides as an argument to __init__ for database_providers_wrapper.RelationEndpoint so that abstract_charm.py can remain unchanged (and typed correctly)
metadata.yaml
Outdated
| mysql-router-peers: | ||
| interface: mysql_router_peers |
There was a problem hiding this comment.
don't think this comment went through on last review: suggest cos-rest-api-password or something similar
src/machine_charm.py
Outdated
| self.peer_relation_app = data_interfaces.DataPeer( | ||
| self, | ||
| relation_name=self._PEER_RELATION_NAME, | ||
| secret_field_name=self._SECRET_INTERNAL_LABEL, | ||
| deleted_label=self._SECRET_DELETED_LABEL, | ||
| ) |
There was a problem hiding this comment.
are app secrets used?
There was a problem hiding this comment.
app secrets is not used at the moment, but it is needed for the proven get_secret() and set_secret() methods. the code will soon be replaced when new charm structure is adopted, so not worth tinkering much with it. this does not create an app scoped secrets. just allows storing app related secrets if we want to in the future
src/abstract_charm.py
Outdated
| @@ -107,6 +97,31 @@ def _read_write_endpoint(self) -> str: | |||
| def _read_only_endpoint(self) -> str: | |||
| """MySQL Router read-only endpoint""" | |||
|
|
|||
| @property | |||
| def tls_certificate_saved(self) -> bool: | |||
There was a problem hiding this comment.
can this be private method?
There was a problem hiding this comment.
related to #93 (comment)
src/abstract_charm.py
Outdated
| @property | ||
| def tls_key(self) -> str: | ||
| """Custom TLS key""" | ||
| # TODO VM TLS: Remove property after implementing TLS on machine_charm | ||
| return None | ||
|
|
||
| @property | ||
| def tls_certificate(self) -> str: | ||
| """Custom TLS certificate""" | ||
| # TODO VM TLS: Remove property after implementing TLS on machine_charm | ||
| return None |
There was a problem hiding this comment.
not in this pr but when this lands in k8s, I think these should be moved to tls.py
| @property | ||
| @abc.abstractmethod | ||
| def _cos(self) -> relations.cos.COSRelation: | ||
| """COS""" | ||
|
|
There was a problem hiding this comment.
is relations/cos.py vm specific?
if not, this method shouldn't be abstract
if so, the type here should be an abstract implementation, not a concrete implementation (feel free to ignore for now, but keep in mind for k8s)
There was a problem hiding this comment.
related to #93 (comment)
|
Thanks for the reviews! Merging, and will iterate on further improvements with follow up PRs |
## Issue We need to introduce support for COS Fixes #218 ## Solution 1. Introduce support for COS (ported from [PR in MySQLRouter VM](canonical/mysql-router-operator#93)) 2. Fix all TLS databag usage to instead use secrets (using data_interfaces charm lib) ## TODO File bug regarding intermittent issue where router exporter does not start up cleanly (due to bind-address in use) which auto-resolves due to pebble retries. ## Demo Grafana dashboard:  Juju model tested along with TLS certificates operator: 
Issue
We need to introduce COS support for MySQLRouter
Solution
Prerequisites
snap.pyfileTODO
Determine why the(see DPE-1794 Implement COS integration #93 (comment))All Connections InformationandRoute byte to/from serversections on the dashboard are not populated when more than 1 routers are deployedTest router log collection (via Loki) when the following issue is resolved(see DPE-1794 Implement COS integration #93 (comment))Demo