Conversation
…prod values for 5.25
| ansible_ssh_private_key_file: "~/.ssh/id_ed25519" | ||
| vars: | ||
| artifact_hash: 82edf88d9193e9f7e0a62ee4b287fd0c7cebb1bd | ||
| artifact_hash: 2200257f7a528f3a8157e8878fc7ee1c945594d1 |
There was a problem hiding this comment.
is it auto-generated or hardcoded hash?
There was a problem hiding this comment.
not auto populated as of now, we update it during releases and we have a ticket to automate in our backlog
| background-worker: | ||
| secrets: | ||
| pgPassword: "{{ pgpassword }}" | ||
| when: "'postgresql' in charts_to_deploy" |
There was a problem hiding this comment.
Should not it be version specific?
There was a problem hiding this comment.
background-worker secret will be available from release-5.25
postresql chart and other charts are enabled via the inventory, https://github.com/wireapp/wire-server-deploy/blob/master/ansible/inventory/demo/host.yml#L53
This is dev environment, a user breaking it is expected
There was a problem hiding this comment.
What i mean here is this conditional block when: "'postgresql' in charts_to_deploy" it seems it checks in the postgresql is available in the charts_to_deploy. My point is this logic seems a bit off what does the charts-to-deploy contain? As we know pg has been introduced with version 5.16.0. So a version check of wire-server would be more sensible here.
There was a problem hiding this comment.
We are managing this list for the dev testers at https://github.com/wireapp/wire-server-deploy/blob/master/ansible/inventory/demo/host.yml#L53 and our cd_demo.sh would fail if postgresql is required but is not present in the charts. This part of code is to be able to deploy older versions of wiab-dev without changing the code.
There was a problem hiding this comment.
Do you have a different list where pg is not required?
There was a problem hiding this comment.
yes, following releases (<5.16) don't have postgresql:
https://github.com/wireapp/wire-server-deploy/blob/wiab-514/ansible/inventory/demo/host.yml#L53
https://github.com/wireapp/wire-server-deploy/blob/min-release-q2-2025/ansible/inventory/demo/host.yml#L48
If there are more wiab-dev releases for <5.16, postgresql won't be part of any of those releases
| username: elastic | ||
| password: changeme | ||
| username: "elastic" | ||
| password: "changeme" |
There was a problem hiding this comment.
Found a reference of the elasticsearch secrets which does not show password value is quoted. May be its better to align with this. Another question, do we need this secret here at all(we dont have any secret for cassandra, may be its different in k8s native)? In the recent version of 5.28 wire-server introduced postgresql in the index chart, we will be needing to adjust pgPassword here but that's later.
There was a problem hiding this comment.
Sorry i didn't follow, is having a quote somehow updates the actual value which the pod receives?
This password aligns with its upstream chart - https://github.com/wireapp/wire-server/blob/develop/charts/elasticsearch-ephemeral/values.yaml#L22 if chart is running with Auth, we need to enable clients as well.
For pgPassword change in 5.28, I need to check the release logs. This PR is only for 5.25 as of now, we can update it when we release 5.28
| region: "eu-west-1" | ||
| s3Bucket: assets | ||
| s3Endpoint: http://fake-aws-s3:9000 | ||
| s3Endpoint: http://minio-external:9000 |
There was a problem hiding this comment.
does demo uses minio-external?
There was a problem hiding this comment.
no it doesn't let me fix it
|
| # tag: some-tag (only override if you want a newer/different version than what is in the chart) | ||
| config: | ||
| redis: | ||
| host: databases-ephemeral-redis-ephemeral # Updated hostname for redis-ephemeral chart |
There was a problem hiding this comment.
| host: databases-ephemeral-redis-ephemeral # Updated hostname for redis-ephemeral chart | |
| host: databases-ephemeral-redis-ephemeral # Updated hostname as per your env, check the redis service name in the k8s cluster `d kubectl get svc -A | grep redis` |
There was a problem hiding this comment.
I think this can go better in the documentation as wiab-dev would get verified in cd_demo.sh first and then would be available in release. This service name would depend on the redis-ephemeral version getting shipped so there are high chances that we identify it and fix it per release.
2 participants
Change type
Basic information
Testing
Offline Build CI (label-based)
Add one or more labels to trigger offline builds:
build-default- Full production build (ansible, terraform, all packages)build-demo- Demo/WIAB buildbuild-wiab-staging- WIAB-staging buildbuild-min- Minimal build (fastest, essential charts only)build-all- Run all three buildsNote: No builds run by default. Add a label to trigger CI.
Tracking
changelog.dKnowledge Transfer
Motivation
Objective
Reason
Use case