cli,server: static configuration profiles by knz · Pull Request #98466 · cockroachdb/cockroach

knz · 2023-03-12T23:33:04Z

Epic: CRDB-23559
Informs #98431.
Fixes #94856.
(Based off #98459)
Supersedes #98380.

This change introduces a mechanism through which an operator can
select a "configuration profile" via the command-line flag
--config-profile or env var COCKROACH_CONFIG_PROFILE. The SQL
initialization defined by the profile is applied during server
start-up.

The profiles are (currently) hardcoded inside CockroachDB.

The following profiles are predefined:

default: no configuration.
multitenant+noapp: no pre-defined application tenant, but with a
predefined application tenant template that is used whenever a new
tenant is defined. This config profile is meant for use for C2C
replication target clusters.
multitenant+app+sharedservice: shared-process multitenancy with
pre-defined application tenant, based off the same configuration as
multitenant+noapp.

Release note: None

cockroach-teamcity · 2023-03-12T23:33:11Z

This change is

knz · 2023-03-21T15:24:32Z

if, for 23.1 it makes sense to alias multitenant+app+sharedservice to replication-source and alias multitenant+noapp to replication-target?

Done

knz · 2023-03-26T19:12:36Z

todo:

~~EITHER disable range coalescing OR disable deprecatedd show ranges compatibiity~~ done

98899: feat: allow starting docker container via env variable r=rickystewart a=btkostner Fixes #87043 by allowing you to specify args via the `COCKROACH_ARGS` env value instead of a command. This is required to be able to use the official cockroach image with GitHub actions via a service. More details in the issue. Note, do to weirdness with merging commands and env values, I decided that setting the `COCKROACH_ARGS` would ignore any command given. This should reduce issues with people trying to use both ways of specifying args and instead force them to pick one. Release note (general change): Allow setting docker command args via the `COCKROACH_ARGS` environment variable. 99607: sql: block DROP TENANT based on a session var r=stevendanna a=knz Fixes #97972. Epic: CRDB-23559 In clusters where we will promote tenant management operations, we would like to ensure there is one extra step needed for administrators to drop a tenant (and thus irremedially lose data). Given that `sql_safe_updates` is not set automatically when users open their SQL session using their own client, we need another mechanism. This change introduces the new (hidden) session var, `disable_drop_tenant`. When set, tenant deletion fails with the following error message: ``` demo@127.0.0.1:26257/movr> drop tenant foo; ERROR: rejected (via sql_safe_updates or disable_drop_tenant): DROP TENANT causes irreversible data loss SQLSTATE: 01000 ``` (The session var `sql_safe_updates` is _also_ included as a blocker in the mechanism so that folk using `cockroach sql` get double protection). The default value of this session var is `false` in single-tenant clusters, for compatibility with CC Serverless. It will be set to `true` via a config profile (#98466) when suitable. Release note: None 99690: ui: drop index with space r=maryliag a=maryliag Previously, if the index had a space on its name, it would fail to drop. This commit adds quotes so it can be executed. Fixes #97988 Schema Insights https://www.loom.com/share/04363b7f83484b5da19c760eb8d0de21 Table Details page https://www.loom.com/share/1519b897a14440ddb066fb2ab03feb2d Release note (bug fix): Index recommendation to DROP an index that have a space on its name can now be properly executed. 99750: sql: remove no longer used channel in createStatsNode r=yuzefovich a=yuzefovich This hasn't been used as of fe6377c. Also mark `create_stats.go` as owned by SQL Queries. Epic: None Release note: None 99962: ui: add checks for values r=maryliag a=maryliag Fixes #99655 Fixes #99538 Fixes #99539 Add checks to usages that could cause `Cannot read properties of undefined`. Release note: None 99963: roachtest: use local SSDs for disk-stall failover tests r=andrewbaptist a=nicktrav The disk-stalled roachtests were updated in #99747 to use local SSDs. This change broke the `failover/*/disk-stall` tests, which look for `/dev/sdb` on GCE (the used for GCE Persistent Disks), but the tests still create clusters with local SSDs (the roachtest default). Fix #99902. Fix #99926. Fix #99930. Touches #97968. Release note: None. Co-authored-by: Blake Kostner <git@btkostner.io> Co-authored-by: Raphael 'kena' Poss <knz@thaumogen.net> Co-authored-by: maryliag <marylia@cockroachlabs.com> Co-authored-by: Yahor Yuzefovich <yahor@cockroachlabs.com> Co-authored-by: Nick Travers <travers@cockroachlabs.com>

stevendanna · 2023-04-14T12:27:02Z

pkg/configprofiles/profiles.go

+			// "ALTER TENANT template SET CLUSTER SETTING spanconfig.tenant_split.enabled = false",
+			// Disable RU accounting.
+			// TODO(knz): Move this to in-tenant config task.
+			"SELECT crdb_internal.update_tenant_resource_limits('template', 10000000000, 0, 10000000000, now(), 0)",


I don't think we need this anymore since we won't have the RU limiter for shared-process tenants by default.

Simplified.

knz · 2023-04-14T14:37:35Z

RFAL - I have also added tests to confirm the config is applied when a profile is selected.

stevendanna

Overall, this looks reasonable to me although I'm not 100% up to speed on the provider interface. I left one possible addition to the configuration profiles.

stevendanna · 2023-04-14T12:27:33Z

pkg/configprofiles/profiles.go

+			"ALTER TENANT template GRANT CAPABILITY can_admin_relocate_range, can_admin_unsplit, can_view_node_info, can_view_tsdb_metrics, exempt_from_rate_limiting",
+			// Disable span config limits and splitter.
+			// TODO(knz): Move this to in-tenant config task.
+			"ALTER TENANT template SET CLUSTER SETTING spanconfig.tenant_limit = 1000000",


I don't think we need this anymore since we don't install the spanconfig limiter for shared-process tenants by default.

stevendanna · 2023-04-20T19:40:15Z

pkg/configprofiles/profiles.go

+}
+
+var multitenantClusterInitTasks = []autoconfigpb.Task{
+	makeTask("initial cluster config",


We could also enable rangefeed's here so that it can be used as a replication source more easily.

stevendanna · 2023-04-20T19:51:10Z

pkg/cli/flags.go

+			// Cluster initialization. We only do this for a regular start command;
+			// SQL-only servers get their initialization payload from their tenant
+			// configuration.
+			cliflagcfg.VarFlag(f, configprofiles.NewProfileSetter(&serverCfg.AutoConfigProvider), cliflags.ConfigProfile)


If I'm reading the code correctly, the server config is given a NoTaskProvider by default and then the NewProfileSetter will install a new provider if the configuration value is set. 👍

stevendanna · 2023-04-20T19:54:22Z

pkg/configprofiles/provider.go

+var _ acprovider.Provider = (*profileTaskProvider)(nil)
+
+// EnvUpdate is part of the acprovider.Provider interface.
+func (p *profileTaskProvider) EnvUpdate() <-chan struct{} {


Might be worth noting the obvious: We return a channel that won't see updates because static profiles can't be updated.

This change introduces a mechanism through which an operator can select a "configuration profile" via the command-line flag `--config-profile` or env var `COCKROACH_CONFIG_PROFILE`. The SQL initialization defined by the profile is applied during server start-up. The profiles are (currently) hardcoded inside CockroachDB. The following profiles are predefined: - `default`: no configuration. - `multitenant+noapp`: no pre-defined `application` tenant, but with a predefined application tenant template that is used whenever a new tenant is defined. This config profile is meant for use for C2C replication target clusters. - `multitenant+app+sharedservice`: shared-process multitenancy with pre-defined `application` tenant, based off the same configuration as `multitenant+noapp`. - `replication-source`: alias for `multitenant+app+sharedservice` - `replication-target`: alias for `multitenant+noapp` Release note: None

knz

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @ajwerner and @stevendanna)

pkg/cli/flags.go line 400 at r6 (raw file):