From 03eae09e9a9591e978d5b778d1d13ecf23050ba4 Mon Sep 17 00:00:00 2001 From: Tom Klapiscak <7372253+tomklapiscak@users.noreply.github.com> Date: Thu, 29 Aug 2024 19:49:46 +0100 Subject: [PATCH 01/11] [patch] Do not re-enable TLS in DB2DB postsync job (#186) https://jsw.ibm.com/browse/MASCORE-3750 --- .../templates/05-postsync-setup-db2_Job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index bdfddb4bb..520cf3067 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -95,7 +95,7 @@ kind: Job metadata: # Suffix the Job name with a hash of all chart values # This is to ensure that ArgoCD will delete and recreate the job if (and only if) anything changes in the DB2 config - name: "postsync-setup-db2-{{ .Values.db2_instance_name }}-v2-{{ .Values | toYaml | adler32sum }}" + name: "postsync-setup-db2-{{ .Values.db2_instance_name }}-v3-{{ .Values | toYaml | adler32sum }}" namespace: "{{ .Values.db2_namespace }}" annotations: argocd.argoproj.io/sync-wave: "129" @@ -470,7 +470,7 @@ spec: [ \$rc -ne 0 ] && exit \$rc echo "backupdb.sh: db2set comms manager" - db2set DB2COMM=TCPIP,SSL + db2set DB2COMM=SSL rc=\$? [ \$rc -ne 0 ] && exit \$rc From 1ba37a3c8909f77f9cd6fa97354b24bf503ee18c Mon Sep 17 00:00:00 2001 From: Tom Klapiscak <7372253+tomklapiscak@users.noreply.github.com> Date: Mon, 2 Sep 2024 13:33:04 +0100 Subject: [PATCH 02/11] [patch] Do not re-enable TLS in DB2DB postsync job (#186) (#187) (#188) From c8868c90a9f83996e748cc229ca8b5db49290809 Mon Sep 17 00:00:00 2001 From: Tom Klapiscak <7372253+tomklapiscak@users.noreply.github.com> Date: Tue, 3 Sep 2024 18:03:28 +0100 Subject: [PATCH 03/11] [patch] Redo Manage Attachment configuration support in SaaS/gitops (#190) https://jsw.ibm.com/browse/MASCORE-3747 --- ...crets.yaml => 01-ibm-manage_encryption_secret.yaml} | 10 +++++++--- .../templates/510-550-ibm-mas-masapp-configs.yaml | 5 +++-- 2 files changed, 10 insertions(+), 5 deletions(-) rename instance-applications/510-550-ibm-mas-suite-app-config/templates/{01-ibm-manage_attachments_secrets.yaml => 01-ibm-manage_encryption_secret.yaml} (51%) diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/01-ibm-manage_attachments_secrets.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/01-ibm-manage_encryption_secret.yaml similarity index 51% rename from instance-applications/510-550-ibm-mas-suite-app-config/templates/01-ibm-manage_attachments_secrets.yaml rename to instance-applications/510-550-ibm-mas-suite-app-config/templates/01-ibm-manage_encryption_secret.yaml index 59fb77536..946606b17 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/01-ibm-manage_attachments_secrets.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/01-ibm-manage_encryption_secret.yaml @@ -1,5 +1,6 @@ {{- if (or (eq .Values.mas_app_id "manage") (eq .Values.mas_app_id "health")) }} -{{- if .Values.manage_attachments_secret_name }} +{{- if hasKey .Values "global_secrets" }} +{{- if and (hasKey .Values "mas_appws_spec") (hasKey .Values.mas_appws_spec "settings") (hasKey .Values.mas_appws_spec.settings "db") (hasKey .Values.mas_appws_spec.settings.db "encryptionSecret") }} --- kind: Secret apiVersion: v1 @@ -11,10 +12,13 @@ metadata: labels: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} - name: {{ .Values.manage_attachments_secret_name }} + name: {{ .Values.mas_appws_spec.settings.db.encryptionSecret }} namespace: {{ .Values.mas_app_namespace }} stringData: - accessSecretKey: {{ .Values.manage_attachments_access_secret_key }} + {{- range $key, $value := $.Values.global_secrets }} + {{ $key }}: {{ $value }} + {{- end }} type: Opaque {{- end }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml b/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml index 22c0faee5..8d6c7eac1 100644 --- a/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml +++ b/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml @@ -82,8 +82,9 @@ spec: manage_logging_secret_name: {{ $value.manage_logging_secret_name }} manage_logging_access_secret_key: {{ $value.manage_logging_access_secret_key }} - manage_attachments_secret_name: {{ $value.manage_attachments_secret_name }} - manage_attachments_access_secret_key: {{ $value.manage_attachments_access_secret_key }} + {{- if $value.global_secrets }} + global_secrets: {{ $value.global_secrets | toYaml | nindent 14 }} + {{- end }} {{- end }} From b3a6b2a25190b3918d745315cfff928f404d7b9c Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Mon, 16 Sep 2024 14:36:28 +0100 Subject: [PATCH 04/11] use cli prerel that has mas-devops with new db2.py scripts --- .../templates/05-postsync-setup-db2_Job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index 520cf3067..b2df1c139 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -113,7 +113,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.0.0-pre.mascore2566 imagePullPolicy: IfNotPresent resources: limits: From 35b9bebab9941e51e966f91172760c53334f470e Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Mon, 16 Sep 2024 15:17:11 +0100 Subject: [PATCH 05/11] force image refetch during testing --- .../templates/05-postsync-setup-db2_Job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index b2df1c139..df7dd8101 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -114,7 +114,7 @@ spec: containers: - name: run image: quay.io/ibmmas/cli:11.0.0-pre.mascore2566 - imagePullPolicy: IfNotPresent + imagePullPolicy: Always resources: limits: cpu: 200m From 80f5825e20d8bf6ea901d2c0bd24db566290f7f6 Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Mon, 16 Sep 2024 16:41:12 +0100 Subject: [PATCH 06/11] grant necessary access to db2uinstances --- .../templates/05-postsync-setup-db2_Job.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index df7dd8101..4e39892a6 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -65,7 +65,12 @@ rules: - services verbs: - "get" - +- apiGroups: + - db2u.databases.ibm.com + resources: + - db2uinstances + verbs: + - "get" --- apiVersion: rbac.authorization.k8s.io/v1 From de652335479953061028f705f3667a9de3eb1d5f Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Mon, 16 Sep 2024 17:29:54 +0100 Subject: [PATCH 07/11] grant necessary access --- .../templates/05-postsync-setup-db2_Job.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index 4e39892a6..611f23796 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -59,6 +59,8 @@ rules: - pods/exec verbs: - create + - get + - list - apiGroups: - "" resources: From b6325d4bd3aa4de7d82561f5d5fa20acdca3bdaa Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Mon, 16 Sep 2024 17:48:18 +0100 Subject: [PATCH 08/11] Use new mas-devops-db2-validate-config command in db2 postsync job --- .../templates/05-postsync-setup-db2_Job.yaml | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index 611f23796..ce4c5d446 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -194,14 +194,15 @@ spec: return 1 } - # DB2 operator does not automatically apply dbConfig parameters set on the Db2uCluster CR - # Instead, a script /db2u/scripts/apply-db2cfg-settings.sh must be executed on one of the db2u pods - # However, this does not always seem to work and no indication is given in the output of the script whether it worked or not. - # One approach is to check the current configuration parameters (db2 get db cfg for ${DB2_DBNAME}) one by one and verify that their value aligns with that set in the CR. - # However, this is not straightforward since DB2 implicitly reformats certain param values (e.g. APPLHEAPSZ: '8192 AUTOMATIC' is reformatted to AUTOMATIC(8192)). - # Until we can come up with a better way of doing this (or the Db2u operator is fixed), we will take the approach used in ansible-devops, - # whereby the value of single parameter (CHNGPGS_THRESH) is checked against a known value (40) to see if the script executed successfully (and retry if not) - # See https://github.com/ibm-mas/ansible-devops/blob/b9f3ef5b7999640b0a31d0aba518ba85ef8b704f/ibm/mas_devops/roles/suite_db2_setup_for_manage/tasks/apply-db2-config-settings.yml#L39 + + # The Db2u operator is capable of automatically applying dbConfig, dbmConfig and registry configuration parameters specified on the Db2uInstance CR. + # However, certain parameters (e.g. MIRRORLOGPATH) may reference paths on the db2u pod (e.g. /mnt/backup/MIRRORLOGPATH) that do not exist until + # after the operator has already attemped to apply settings (which it will not subsequently reattempt if something went wrong). + # To work around this, we manually re-invoke this process again by calling the '/db2u/scripts/apply-db2cfg-settings.sh --setting all' script on the db2 pod. + + # Moreover, the Db2u operator it does not give any indication on any CR if something went wrong while attempting to apply these settings (and no meaningful return code is provided by the apply-db2cfg-settings.sh script) + # For this reason, we are forced to perform our own verification that the settings on the Db2uInstance CR align with those active in DB2 + # This is done using the "mas-devops-db2-validate-config" command from the mas-devops library (see https://github.com/ibm-mas/python-devops) function db2apply { RETRIES=${1:-5} RETRY_DELAY_SECONDS=${2:-30} @@ -213,7 +214,7 @@ spec: # no useful info in return code of this script rc=0 - oc exec -n ${DB2_NAMESPACE} c-${DB2_INSTANCE_NAME}-db2u-0 -- su -lc 'db2 get db cfg for '${DB2_DBNAME}' | grep "(CHNGPGS_THRESH) = 40"' db2inst1 || rc=$? + mas-devops-db2-validate-config --mas-instance-id ${MAS_INSTANCE_ID} --mas-app-id ${MAS_APP_ID} --log-level DEBUG || rc=$? if [[ "$rc" == "0" ]]; then echo "...... success" return 0 @@ -397,14 +398,14 @@ spec: echo "--------------------------------------------------------------------------------" oc exec -n ${DB2_NAMESPACE} c-${DB2_INSTANCE_NAME}-db2u-0 -- su -lc "mkdir -p /mnt/backup/staging" db2inst1 || exit $? - echo "" - echo "================================================================================" - echo "Calling apply-db2cfg-settings.sh file on c-${DB2_INSTANCE_NAME}-db2u-0" - echo "================================================================================" - db2apply || exit $? fi # [[ "$MAS_APP_ID" == "manage" ]] + echo "" + echo "================================================================================" + echo "Calling apply-db2cfg-settings.sh file on c-${DB2_INSTANCE_NAME}-db2u-0" + echo "================================================================================" + db2apply || exit $? echo "" echo "================================================================================" From ad2508a62681bb204f937d28861f4322e7be9d1b Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Tue, 17 Sep 2024 19:32:49 +0100 Subject: [PATCH 09/11] update job image --- .../templates/05-postsync-setup-db2_Job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index ce4c5d446..bf2a5ad85 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -120,7 +120,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli:11.0.0-pre.mascore2566 + image: quay.io/ibmmas/cli:11.0.1-pre.mascore2566 imagePullPolicy: Always resources: limits: From 2dbffe1cd14e3561bd84188d459740fa77d9cd05 Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Wed, 18 Sep 2024 13:09:18 +0100 Subject: [PATCH 10/11] update cli image, bump job version --- .../templates/05-postsync-setup-db2_Job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index bf2a5ad85..b7c66fe06 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -102,7 +102,7 @@ kind: Job metadata: # Suffix the Job name with a hash of all chart values # This is to ensure that ArgoCD will delete and recreate the job if (and only if) anything changes in the DB2 config - name: "postsync-setup-db2-{{ .Values.db2_instance_name }}-v3-{{ .Values | toYaml | adler32sum }}" + name: "postsync-setup-db2-{{ .Values.db2_instance_name }}-v4-{{ .Values | toYaml | adler32sum }}" namespace: "{{ .Values.db2_namespace }}" annotations: argocd.argoproj.io/sync-wave: "129" @@ -120,7 +120,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli:11.0.1-pre.mascore2566 + image: quay.io/ibmmas/cli:11.0.2-pre.mascore2566 imagePullPolicy: Always resources: limits: From dca1cb01c964d4405af25b006b702657aa98ba69 Mon Sep 17 00:00:00 2001 From: Tom Klapiscak Date: Thu, 19 Sep 2024 15:11:13 +0100 Subject: [PATCH 11/11] revent cli image tag changes --- .../templates/05-postsync-setup-db2_Job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml index b7c66fe06..3f55a0f8a 100644 --- a/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/05-postsync-setup-db2_Job.yaml @@ -120,8 +120,8 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli:11.0.2-pre.mascore2566 - imagePullPolicy: Always + image: quay.io/ibmmas/cli:latest + imagePullPolicy: IfNotPresent resources: limits: cpu: 200m