Merge pull request #41 from chrisburr/support-jobpardb

Support managing JobParametersDB
DIRACGrid · Sep 26, 2023 · 84b2b7b · 84b2b7b
2 parents 0b5b292 + fdd8b9e
commit 84b2b7b
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 73 deletions.
diff --git a/README.md b/README.md
@@ -93,10 +93,13 @@ TODO
 | dex.service.ports.http.port | int | `8000` |  |
 | dex.service.type | string | `"NodePort"` |  |
 | diracx.csVolumeName | string | `"pv-cs-store"` |  |
+| diracx.manageOSIndices | bool | `true` |  |
 | diracx.manageSQLSchema | bool | `true` |  |
 | diracx.mysqlDatabases[0] | string | `"AuthDB"` |  |
 | diracx.mysqlDatabases[1] | string | `"JobDB"` |  |
 | diracx.mysqlDatabases[2] | string | `"JobLoggingDB"` |  |
+| diracx.mysqlDatabases[3] | string | `"SandboxMetadataDB"` |  |
+| diracx.osDatabases[0] | string | `"JobParametersDB"` |  |
 | diracx.settings.DIRACX_CONFIG_BACKEND_URL | string | `"git+file:///cs_store/initialRepo"` |  |
 | diracx.settings.DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS | string | `"[\"http://anything:8000/docs/oauth2-redirect\"]"` |  |
 | diracx.settings.DIRACX_SERVICE_AUTH_TOKEN_KEY | string | `"file:///signing-key/rs256.key"` |  |

diff --git a/diracx/templates/deployment.yaml b/diracx/templates/deployment.yaml
@@ -54,6 +54,19 @@ spec:
         - name: signing-key-mount
           emptyDir:
           sizeLimit: 5Mi
+
+      {{/* Define common volume mounts for reusability */}}
+      {{- $commonVolumeMounts := list }}
+      {{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" "/cs_store" "name" "cs-store-mount" "readOnly" false) }}
+      {{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" "/signing-key" "name" "signing-key-mount" "readOnly" false) }}
+      {{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" "/entrypoint.sh" "name" "container-entrypoint" "subPath" "entrypoint.sh") }}
+      {{- if and .Values.developer.enabled .Values.developer.modulesToInstall }}
+      {{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" .Values.developer.sourcePath "name" "diracx-code-mount" "readOnly" true) }}
+      {{- range $module := .Values.developer.modulesToInstall }}
+      {{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" (printf "%s/%s/src/%s.egg-info" $.Values.developer.sourcePath $module $module) "name" (printf "%s-editable-install" (lower $module)) "readOnly" false) }}
+      {{- end }}
+      {{- end }}
+
       initContainers:
       - name: init-cs
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -69,23 +82,7 @@ spec:
           {{- with (first .Values.dex.config.staticClients) }}
           - "--idp-client-id={{ .id }}"
           {{- end }}
-        volumeMounts:
-          - mountPath: /cs_store
-            name: cs-store-mount
-            readOnly: false
-          {{- if and .Values.developer.enabled .Values.developer.modulesToInstall }}
-          - mountPath: {{ .Values.developer.sourcePath }}
-            name: diracx-code-mount
-            readOnly: true
-          {{- range $module := .Values.developer.modulesToInstall }}
-          - mountPath: "{{ $.Values.developer.sourcePath }}/{{ $module }}/src/{{ $module }}.egg-info"
-            name: {{ lower $module }}-editable-install
-            readOnly: false
-          {{- end }}
-          {{- end }}
-          - name: container-entrypoint
-            mountPath: /entrypoint.sh
-            subPath: entrypoint.sh
+        volumeMounts: {{ toYaml $commonVolumeMounts | nindent 10 }}
       - name: init-cs-user
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
         command: ["bash", "/entrypoint.sh"]
@@ -97,23 +94,7 @@ spec:
           - "--vo=diracAdmin"
           - "--user-group=admin"
           - "--sub=EgVsb2NhbA"
-        volumeMounts:
-          - mountPath: /cs_store
-            name: cs-store-mount
-            readOnly: false
-          {{- if and .Values.developer.enabled .Values.developer.modulesToInstall }}
-          - mountPath: {{ .Values.developer.sourcePath }}
-            name: diracx-code-mount
-            readOnly: true
-          {{- range $module := .Values.developer.modulesToInstall }}
-          - mountPath: "{{ $.Values.developer.sourcePath }}/{{ $module }}/src/{{ $module }}.egg-info"
-            name: {{ lower $module }}-editable-install
-            readOnly: false
-          {{- end }}
-          {{- end }}
-          - name: container-entrypoint
-            mountPath: /entrypoint.sh
-            subPath: entrypoint.sh
+        volumeMounts: {{ toYaml $commonVolumeMounts | nindent 10 }}
       - name: init-signing-key
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
         command: [/dockerMicroMambaEntrypoint.sh]
@@ -125,33 +106,27 @@ spec:
           - "-b4096"
           - "-mPEM"
           - "-f/signing-key/rs256.key"
-        volumeMounts:
-          - mountPath: /signing-key/
-            name: signing-key-mount
-            readOnly: false
+        volumeMounts: {{ toYaml $commonVolumeMounts | nindent 10 }}
       {{- if .Values.diracx.manageSQLSchema }}
       - name: create-sql-db-schema
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
         command: ["bash", "/entrypoint.sh"]
         args: ["python", "-m", "diracx.db", "init-sql"]
-        volumeMounts:
-          {{- if and .Values.developer.enabled .Values.developer.modulesToInstall }}
-          - mountPath: {{ .Values.developer.sourcePath }}
-            name: diracx-code-mount
-            readOnly: true
-          {{- range $module := .Values.developer.modulesToInstall }}
-          - mountPath: "{{ $.Values.developer.sourcePath }}/{{ $module }}/src/{{ $module }}.egg-info"
-            name: {{ lower $module }}-editable-install
-            readOnly: false
-          {{- end }}
-          {{- end }}
-          - name: container-entrypoint
-            mountPath: /entrypoint.sh
-            subPath: entrypoint.sh
+        volumeMounts: {{ toYaml $commonVolumeMounts | nindent 10 }}
         envFrom:
           - secretRef:
               name: diracx-init-mysql-secrets
       {{- end }}
+      {{- if .Values.diracx.manageOSIndices }}
+      - name: create-os-db-indices
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        command: ["bash", "/entrypoint.sh"]
+        args: ["python", "-m", "diracx.db", "init-os"]
+        volumeMounts: {{ toYaml $commonVolumeMounts | nindent 10 }}
+        envFrom:
+          - secretRef:
+              name: diracx-init-os-secrets
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -184,26 +159,7 @@ spec:
             - "--reload-dir={{ .Values.developer.sourcePath }}"
             {{- end }}
           {{- end }}
-          volumeMounts:
-            - mountPath: /cs_store
-              name: cs-store-mount
-              readOnly: true
-            - mountPath: /signing-key/
-              name: signing-key-mount
-              readOnly: true
-            {{- if and .Values.developer.enabled .Values.developer.modulesToInstall }}
-            - mountPath: {{ .Values.developer.sourcePath }}
-              name: diracx-code-mount
-              readOnly: true
-            {{- range $module := .Values.developer.modulesToInstall }}
-            - mountPath: "{{ $.Values.developer.sourcePath }}/{{ $module }}/src/{{ $module }}.egg-info"
-              name: {{ lower $module }}-editable-install
-              readOnly: false
-            {{- end }}
-            {{- end }}
-            - name: container-entrypoint
-              mountPath: /entrypoint.sh
-              subPath: entrypoint.sh
+          volumeMounts: {{ toYaml $commonVolumeMounts | nindent 12 }}
           envFrom:
             # - configMapRef:
             #     name: diracx-env-config

diff --git a/diracx/templates/secrets.yaml b/diracx/templates/secrets.yaml
@@ -9,6 +9,11 @@ stringData:
   DIRACX_DB_URL_{{ $dbName | upper }}: "mysql+aiomysql://{{ $.Values.mysql.auth.username }}:{{ $.Values.mysql.auth.password }}@{{ $.Release.Name }}-mysql:3306/{{ $dbName }}"
   {{- end }}
 {{- end }}
+{{- if and .Values.developer.enabled .Values.opensearch.enabled }}
+  {{- range $dbName := .Values.diracx.osDatabases }}
+  DIRACX_OS_DB_{{ $dbName | upper }}: '{"hosts": "admin:admin@opensearch-cluster-master:9200", "use_ssl": true, "verify_certs": false}'
+  {{- end }}
+{{- end }}
 ---
 {{- if .Values.diracx.manageSQLSchema }}
 apiVersion: v1
@@ -22,3 +27,16 @@ stringData:
   {{- end }}
 {{- end }}
 {{- end }}
+---
+{{- if .Values.diracx.manageOSIndices }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: diracx-init-os-secrets
+stringData:
+{{- if and .Values.developer.enabled .Values.opensearch.enabled }}
+  {{- range $dbName := .Values.diracx.osDatabases }}
+  DIRACX_OS_DB_{{ $dbName | upper }}: '{"hosts": "admin:admin@opensearch-cluster-master:9200", "use_ssl": true, "verify_certs": false}'
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/diracx/values.yaml b/diracx/values.yaml
@@ -68,11 +68,17 @@ diracx:
     DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["http://anything:8000/docs/oauth2-redirect"]'
   # Should DiracX include an init container which manages the SQL DB schema?
   manageSQLSchema: true
-  # Which DiracX DBs are used?
+  # Should DiracX include an init container which manages the OS DB indices?
+  manageOSIndices: true
+  # Which DiracX MySQL DBs are used?
   mysqlDatabases:
     - AuthDB
     - JobDB
     - JobLoggingDB
+    - SandboxMetadataDB
+  # Which DiracX OpenSearch DBs are used?
+  osDatabases:
+    - JobParametersDB
 
 ##########################