feat: Use the S3 backup system in Zeebe

epfl-si · May 26, 2023 · e070925 · e070925
1 parent 83a05d4
commit e070925
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 3 deletions.
diff --git a/ansible/roles/epfl.phd-assess/tasks/_zeebe-k8s-broker.yml b/ansible/roles/epfl.phd-assess/tasks/_zeebe-k8s-broker.yml
@@ -48,7 +48,7 @@
                 {{ zeebe_env
                 | combine(_ha_env)
                 | combine(env | default({}))
-                | to_k8s_env }}
+                | to_k8s_env | community.general.lists_mergeby(S3_secret_env_vars, 'name') }}
               resources:
                 limits:
                   cpu: '250m'
@@ -85,3 +85,19 @@
         {{ _quorum_name }}
       ZEEBE_BROKER_NETWORK_COMMANDAPI_ADVERTISEDHOST: >-
         {{ _quorum_name }}
+  S3_secret_env_vars:
+    - name: "ZEEBE_BROKER_DATA_BACKUP_S3_BUCKETNAME"
+      valueFrom:
+        secretKeyRef:
+          name: "ZEEBE_BROKER_DATA_BACKUP_S3_BUCKETNAME"
+          key: "{{ ZEEBE_BROKER_DATA_BACKUP_S3_BUCKETNAME }}"
+    - name: "ZEEBE_BROKER_DATA_BACKUP_S3_ACCESSKEY"
+      valueFrom:
+        secretKeyRef:
+          name: "ZEEBE_BROKER_DATA_BACKUP_S3_ACCESSKEY"
+          key: "{{ ZEEBE_BROKER_DATA_BACKUP_S3_ACCESSKEY }}"
+    - name: "ZEEBE_BROKER_DATA_BACKUP_S3_SECRETKEY"
+      valueFrom:
+        secretKeyRef:
+          name: "ZEEBE_BROKER_DATA_BACKUP_S3_SECRETKEY"
+          key: "{{ ZEEBE_BROKER_DATA_BACKUP_S3_SECRETKEY }}"
diff --git a/ansible/roles/epfl.phd-assess/tasks/secrets.yml b/ansible/roles/epfl.phd-assess/tasks/secrets.yml
@@ -10,7 +10,10 @@
       {{ _data | from_yaml }}
   vars:
    _data: |
-        "{{ encryption_key_name }}": "{{ lookup('file', '/keybase/team/'+ keybase_secrets_folder + '/PHDASSESS_ENCRYPTION_KEY') | b64encode }}"
+    "{{ encryption_key_name }}": "{{ lookup('file', '/keybase/team/'+ keybase_secrets_folder + '/PHDASSESS_ENCRYPTION_KEY') | b64encode }}"
+    "ZEEBE_BROKER_DATA_BACKUP_S3_BUCKETNAME": "{{ lookup('file', '/keybase/team/'+ keybase_secrets_folder + '/S3-zeebe-backup/ZEEBE_BROKER_DATA_BACKUP_S3_BUCKETNAME') | b64encode }}"
+    "ZEEBE_BROKER_DATA_BACKUP_S3_ACCESSKEY": "{{ lookup('file', '/keybase/team/'+ keybase_secrets_folder + '/S3-zeebe-backup/ZEEBE_BROKER_DATA_BACKUP_S3_ACCESSKEY') | b64encode }}"
+    "ZEEBE_BROKER_DATA_BACKUP_S3_SECRETKEY": "{{ lookup('file', '/keybase/team/'+ keybase_secrets_folder + '/S3-zeebe-backup/ZEEBE_BROKER_DATA_BACKUP_S3_SECRETKEY') | b64encode }}"
 
 - name: phd-assess meteor secrets
   openshift:

diff --git a/ansible/roles/epfl.phd-assess/tasks/zeebe-high-availability.yml b/ansible/roles/epfl.phd-assess/tasks/zeebe-high-availability.yml
@@ -64,6 +64,10 @@
           port: "{{ zeebe_ports.command }}"
           protocol: TCP
           targetPort: "{{ zeebe_ports.command }}"
+        - name: "zeebe-management"
+          port: "{{ zeebe_ports.management }}"
+          protocol: TCP
+          targetPort: "{{ zeebe_ports.management }}"
       selector:
         zeebe-quorum-member: "{{ item }}"
   with_items: "{{ _zeebe_quorum_services }}"

diff --git a/ansible/vars.yml b/ansible/vars.yml
@@ -38,11 +38,13 @@ zeebe_ports:
   command: 26501
   # The port that brokers use to connect to each other to make the Raft network:
   quorum: 26502
+  # the management port
+  management: 9600
 
 _zeebe_log_level: >-
   {{ "info" if is_test | default(false) else "info" }}
 
-zeebe_env:
+zeebe_env: &zeebeenv
   PORT: '{{ zeebe_ports.api | string }}'
   JAVA_OPTS: "{{ '-Xmx2024m' }}"
   ZEEBE_BROKER_NETWORK_MONITORINGAPI_HOST: '0.0.0.0'
@@ -57,3 +59,6 @@ zeebe_env:
   ZEEBE_BROKER_CLUSTER_REPLICATIONFACTOR: "3"
   ZEEBE_LOG_LEVEL: "{{ _zeebe_log_level }}"
   ATOMIX_LOG_LEVEL: "{{ _zeebe_log_level }}"
+  ZEEBE_BROKER_DATA_BACKUP_STORE: "S3"
+  ZEEBE_BROKER_DATA_BACKUP_S3_REGION: "eu-central-2"
+  ZEEBE_BROKER_DATA_BACKUP_S3_ENDPOINT: "https://s3.epfl.ch"
diff --git a/docker/.env b/docker/.env
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -18,6 +18,7 @@ services:
       - ./volumes/zeebe_data_node_0:/usr/local/zeebe/data
     ports:
       - "26501-26503:26500-26502"
+      - "9600:9600"
 
   zeebe_node_1:
     extends:
@@ -30,6 +31,7 @@ services:
       - ./volumes/zeebe_data_node_1:/usr/local/zeebe/data
     ports:
       - "26504-26506:26500-26502"
+      - "9601:9600"
 
   zeebe_node_2:
     extends:
@@ -42,6 +44,7 @@ services:
       - ./volumes/zeebe_data_node_2:/usr/local/zeebe/data
     ports:
       - "26507-26509:26500-26502"
+      - "9602:9600"
 
   simple-monitor:
     container_name: zeebe_simple_monitor