-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Amélioration de la création des review apps #4523
Conversation
francoisfreitag
commented
Aug 6, 2024
•
edited
Loading
edited
- Générer l’accès direct aux DB de review-apps existantes.
c2491b4
to
a2c2a7d
Compare
a2c2a7d
to
034530b
Compare
034530b
to
4cc6f5e
Compare
4cc6f5e
to
1dbee1f
Compare
1dbee1f
to
90f4c84
Compare
90f4c84
to
287dfb6
Compare
287dfb6
to
0932dee
Compare
0932dee
to
cdb4c7a
Compare
🥁 La recette jetable est prête ! 👉 Je veux tester cette PR ! |
Bien, tout à l’air de fonctionner. Je n’ai pas eu besoin d’attendre pour que la DB soit UP, je retente une création. Si ça continue de marcher, je mergerai après votre approbation :) |
🥁 La recette jetable est prête ! 👉 Je veux tester cette PR ! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
PGPORT=$POSTGRESQL_ADDON_PORT \ | ||
PGUSER="$POSTGRESQL_ADDON_USER" \ | ||
make --directory "$APP_HOME" populate_db | ||
PGDATABASE="$POSTGRESQL_ADDON_DIRECT_URI" make --directory "$APP_HOME" populate_db |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prefer `until` over `while !`. It’s clearer, and in line with changes from #4523.
🥁 La recette jetable est prête ! 👉 Je veux tester cette PR ! |
clevercloud/pre_run.sh
Outdated
until pg_isready --dbname="$POSTGRESQL_ADDON_DIRECT_URI"; do | ||
>&2 echo "Postgres is unavailable - sleeping" | ||
sleep 1 | ||
done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Humpf. Il lance les managements commands avant de lancer le pre_run
😢
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Donc... on restore wait_for_db
et on le renomme clever_wait_for_db
, pour bien indiquer pourquoi on fait ça ?
L’autre solution, maintenant qu’on utilise la connexion directe, la DB semble immédiatement disponible... Donc on ne change rien d’autre que l’option direct-host-only=true
et on voit si ça tient ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Humpf. Il lance les managements commands avant de lancer le
pre_run
😢
Oo, mais donc ça veux dire que ces managements commands n'ont pas accès à ce qu'on définis dans itou-secrets 😨.
The tasks are launched after the dependencies from
requirements.txt
have been installed, and before the web server starts.
https://developers.clever-cloud.com/guides/python-django-sample/#managepy-tasks
Ce qui doit correspondre à après POST_BUILD
et avant PRE_RUN
: https://developers.clever-cloud.com/doc/develop/build-hooks/#post-build
L’autre solution, maintenant qu’on utilise la connexion directe, la DB semble immédiatement disponible... Donc on ne change rien d’autre que l’option
direct-host-only=true
et on voit si ça tient ?
Ça se tente ! Et si ça passe pas bah on saura qu'il faut le wait_for_db
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oo, mais donc ça veux dire que ces managements commands n'ont pas accès à ce qu'on définis dans itou-secrets 😨.
Je crois que si : https://github.com/gip-inclusion/les-emplois/blob/master/clevercloud/pre_build.sh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Donc l’expérimentation a parlé avec https://github.com/gip-inclusion/les-emplois/actions/runs/10487260490/job/29047235371?pr=4523, clever lance bien les CC_PYTHON_MANAGE_TASKS
avant d’appeler le hook POST_BUILD
😢
The database is always accessed through the POSTGRESQL_ADDON_DIRECT_* variables. The production database has a custom firewall rule that blocks access from the internet, but also prevents connecting through the proxy. For review apps, when the database is starting up, the link over the proxy is unstable and CleverCloud recommends direct access [1]. See #4523 (comment) Let’s make it clear that all environment use direct access, instead of having an unused fallback give a false impression of security. [1] https://developers.clever-cloud.com/doc/addons/postgresql/#direct-access
d37e6cf
to
43d955a
Compare
🥁 La recette jetable est prête ! 👉 Je veux tester cette PR ! |
Discussing the review app creation issue with the CleverCloud support, they indicated: > L'app essaye de se connecter trop tôt à la DB. Il peut y avoir plusieurs minutes avant la diffusion de l'host de la DB, c'est pourquoi nous recommandons de se connecter en direct host quand c'est pour une app éphémère. CleverCloud documentation also recommends [1] a direct access to bypass the proxy (pgpool), because of the latency for database connections to be registered on the proxy: > A proxy serves all dedicated PostgreSQL databases. In some cases, this can add some latency between applications and their database. If this is an issue, you can generate a direct hostname and port for the add-on to bypass the proxy, using the “Generate direct hostname and port” button in the add-on dashboard. Generating direct access adds new variables to the add-on’s environment, allowing connections without going through the proxy. [1] https://developers.clever-cloud.com/doc/addons/postgresql/#direct-access
The database is always accessed through the POSTGRESQL_ADDON_DIRECT_* variables. The production database has a custom firewall rule that blocks access from the internet, but also prevents connecting through the proxy. For review apps, when the database is starting up, the link over the proxy is unstable and CleverCloud recommends direct access [1]. See #4523 (comment) Let’s make it clear that all environment use direct access, instead of having an unused fallback give a false impression of security. [1] https://developers.clever-cloud.com/doc/addons/postgresql/#direct-access
43d955a
to
e9dd9b7
Compare
🥁 La recette jetable est prête ! 👉 Je veux tester cette PR ! |
Petit résumé pour la postérité :
|