From 7d7e9e65b32e6445b45edcb8bf15f64f79d63a2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Wed, 19 Mar 2025 18:21:34 +0100 Subject: [PATCH] fix(nubus): Add migrations for Nubus 1.7.0; See migrations.md for details --- .gitlab-ci.yml | 9 ++++++--- docs/migrations.md | 15 +++++++++++++++ helmfile/apps/nubus/values-nubus.yaml.gotmpl | 6 +++--- helmfile/environments/default/charts.yaml.gotmpl | 6 +++--- helmfile/environments/default/images.yaml.gotmpl | 2 +- .../environments/default/persistence.yaml.gotmpl | 2 +- helmfile/shared/migrations.yaml.gotmpl | 2 +- 7 files changed, 30 insertions(+), 12 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dc7f4d5b..102a948b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -74,7 +74,8 @@ variables: - "yes" - "no" FLUSH_EXTERNAL_SERVICES_BEFORE: - description: "Recreates databases and purges objectstorage. Useful when using external services and required overrides." + description: > + Recreates databases and purges objectstorage. Useful when using external services and required overrides. value: "no" options: - "yes" @@ -265,7 +266,8 @@ db-cleanup: $FLUSH_EXTERNAL_SERVICES_BEFORE != "no" when: "on_success" script: - - export FILES=(${CI_PROJECT_DIR}/helmfile/environments/default/database.yaml.gotmpl ${CI_PROJECT_DIR}/helmfile/environments/dev/write-over-values-for-environment.yaml.gotmpl) + - export FILES="(${CI_PROJECT_DIR}/helmfile/environments/default/database.yaml.gotmpl \ + ${CI_PROJECT_DIR}/helmfile/environments/dev/write-over-values-for-environment.yaml.gotmpl)" # Cleanup MariaDB - | export DATABASES="oxAppSuite" @@ -314,7 +316,8 @@ db-cleanup: done; # Cleanup PostgreSQL - | - export DATABASES="keycloak keycloakExtension nextcloud notes openproject synapse umsGuardianManagementApi umsNotificationsApi umsSelfservice xwiki" + export DATABASES="keycloak keycloakExtension nextcloud notes openproject synapse umsGuardianManagementApi \ + umsNotificationsApi umsSelfservice xwiki" export PGDATABASE="postgres" export PGHOST="" export PGPORT="" diff --git a/docs/migrations.md b/docs/migrations.md index c4599957..e308c31e 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -75,6 +75,7 @@ To upgrade existing deployments, you cannot skip any version mentioned in the co | Mandatory version | | ----------------- | +| v1.2.x | | v1.1.x | | v1.0.0 | | v0.9.0 | @@ -644,6 +645,20 @@ kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0 # Automated migrations - Details +## From v1.1.2 (automated) + +> **Note**
+> Details can be found in [run_4.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_4.py). + +### migrations-pre + +- Delete PVC `group-membership-cache-ums-portal-consumer-0`: With the upgrade the Nubus Portal Consumer no longer requires to be executed with root privileges. The PVC contains files that require root permission to access them, therefore the PVC gets deleted (and re-created) during the upgrade. +- Delete StatefulSet `ums-portal-consumer`: A bug was fixed in the templating of the Portal Consumer's PVC causing the values in `persistence.storages.nubusPortalConsumer.*` to be ignored. As these values are immutable, we had to delete the whole StatefulSet. + +### migrations-post + +- Restarting Deployment `ums-provisioning-udm-transformer` and StatefulSet `ums-provisioning-udm-listener` as well as deleting the Nubus Provisioning consumer `durable_name:incoming` on stream `stream:incoming`: Due to a bug in Nubus 1.7.0 the `incoming` stream was blocked after the upgrade, the aforementioned measures unblock the stream. + ## From v1.0.0 (automated) With openDesk v1.1.0 the IAM stack supports HA LDAP primary as well as scalable LDAP secondary pods. diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index 4c676478..be697923 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -589,9 +589,9 @@ nubusPortalConsumer: bucketName: {{ .Values.objectstores.nubus.bucket | quote }} endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }} persistence: -# groupMembershipCache: - size: {{ .Values.persistence.storages.nubusPortalConsumer.size | quote }} - storageClass: {{ coalesce .Values.persistence.storages.nubusPortalConsumer.storageClassName .Values.persistence.storageClassNames.RWO | quote }} + groupMembershipCache: + size: {{ .Values.persistence.storages.nubusPortalConsumer.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.nubusPortalConsumer.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: intents.otterize.com/service-name: "ums-portal-consumer" provisioningApi: diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 1d9aacea..525b6443 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -231,7 +231,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations" name: "opendesk-migrations" - version: "1.4.1" + version: "1.5.0" verify: true minio: # providerCategory: "Community" @@ -251,7 +251,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud" - version: "4.0.2-trossner-upd-nubus170" + version: "4.0.2" verify: true nextcloudManagement: # providerCategory: "Platform" @@ -261,7 +261,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud-management" - version: "4.0.2-trossner-upd-nubus170" + version: "4.0.2" verify: true nginx: # providerCategory: "Community" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index c9139ae4..99859013 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -295,7 +295,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" - tag: "1.4.1@sha256:c831f3bb27da483cbf46239d8f96df9597f710fbe3804f198ee1d89b1be71936" + tag: "1.5.0@sha256:d16e661f925c0761fac37b285e0c614a3db10eefe35e05efafa1934fbadab245" milter: # providerCategory: "Community" # providerResponsible: "openDesk" diff --git a/helmfile/environments/default/persistence.yaml.gotmpl b/helmfile/environments/default/persistence.yaml.gotmpl index 0e2ca545..f33b384c 100644 --- a/helmfile/environments/default/persistence.yaml.gotmpl +++ b/helmfile/environments/default/persistence.yaml.gotmpl @@ -31,7 +31,7 @@ persistence: size: "1Gi" storageClassName: ~ nubusPortalConsumer: - size: "100Mi" + size: "1Gi" storageClassName: ~ nubusProvisioningNats: size: "1Gi" diff --git a/helmfile/shared/migrations.yaml.gotmpl b/helmfile/shared/migrations.yaml.gotmpl index bbceb5d9..28e62462 100644 --- a/helmfile/shared/migrations.yaml.gotmpl +++ b/helmfile/shared/migrations.yaml.gotmpl @@ -19,7 +19,7 @@ cleanup: deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} migrations: - runId: 3 + runId: 4 namespace: {{ .Values.apps.migrations.namespace | default .Release.Namespace | quote }} loglevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }} failOnUnexpectedState: true