Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backend: add migration tool to migrate between any two backends #41866

Merged
merged 29 commits into from
Jun 21, 2024
Merged

backend: add migration tool to migrate between any two backends #41866

merged 29 commits into from
Jun 21, 2024

Conversation

dboslee
Copy link
Contributor

@dboslee dboslee commented May 21, 2024
edited
Loading

This adds a new hidden command teleport migrate.

The command takes a config file which allows a source and destination backend to be specified. It then copies all the data from the source to the destination backend.

An example config looks like

src:
  type: dynamodb
  table_name: teleport-main
  region: us-west-2
dst:
  type: cockroachdb
  conn_string: postgresql://teleport@cockroachdb:26257/teleport_backend
parallel: 100

We plan to use this on cloud to migrate between dynamodb and cockroachdb but its generic where it could be used to migrate between any backends. For example we could also use this to migrate between dynamodb tables in different regions.

Its important to note that all Teleport Auth services should be scaled down when running this command to avoid data inconsistencies.

@github-actions GitHub Actions
Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@github-actions github-actions bot requested review from capnspacehook and tigrato May 21, 2024 20:47
@dboslee dboslee added the no-changelog Indicates that a PR does not require a changelog entry label May 21, 2024
@dboslee @sclevine
missing return value
272f5cd 
Co-authored-by: Stephen Levine <[email protected]>
espadolini
espadolini reviewed May 22, 2024
View reviewed changes
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
tool/teleport/common/migrate.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
rosstimothy
rosstimothy reviewed May 22, 2024
View reviewed changes
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
fspmarshall
fspmarshall reviewed May 22, 2024
View reviewed changes
Copy link
Contributor

@fspmarshall fspmarshall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned elsewhere, definitely wants to be streaming and/or paginated, and I think we probably want some kind of check to make sure folks don't accidentally write to a backend with existing state in it (probably can just be a full range call with limit 1 that fails the command if something is returned). Otherwise, I think this looks great and will be very good to have. Nice work!

tool/teleport/common/teleport.go Outdated Show resolved Hide resolved
@dboslee
Copy link
Contributor Author

dboslee commented May 23, 2024

@fspmarshall

As mentioned elsewhere, definitely wants to be streaming and/or paginated, and I think we probably want some kind of check to make sure folks don't accidentally write to a backend with existing state in it (probably can just be a full range call with limit 1 that fails the command if something is returned). Otherwise, I think this looks great and will be very good to have. Nice work!

I like the idea the only issue is if you hit an error and need to rerun the migration after some items have already been moved then you are stuck.

Perhaps we make this suggestion the default behavior with an flag to ignore this check.

@dboslee dboslee requested review from espadolini and rosstimothy May 23, 2024 23:02
@fspmarshall
Copy link
Contributor

@dboslee safe default with force/override sounds reasonable to me.

rosstimothy
rosstimothy reviewed May 24, 2024
View reviewed changes
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
lib/backend/migration/migration_test.go Outdated Show resolved Hide resolved
tool/teleport/common/migrate.go Outdated Show resolved Hide resolved
lib/backend/migration/migration.go Outdated Show resolved Hide resolved
@dboslee
Copy link
Contributor Author

dboslee commented May 30, 2024

Apologies for the delay on this, had some higher priority things to work on.

rosstimothy
rosstimothy reviewed Jun 3, 2024
View reviewed changes
lib/backend/clone/clone.go Outdated Show resolved Hide resolved
lib/backend/clone/clone.go Outdated Show resolved Hide resolved
lib/backend/clone/clone.go Outdated Show resolved Hide resolved
lib/backend/clone/clone.go Outdated Show resolved Hide resolved
tool/teleport/common/teleport.go Show resolved Hide resolved
lib/backend/clone/clone.go Outdated Show resolved Hide resolved
@dboslee dboslee requested a review from rosstimothy June 11, 2024 20:37
rosstimothy
rosstimothy reviewed Jun 12, 2024
View reviewed changes
lib/backend/clone.go Show resolved Hide resolved
tool/teleport/common/teleport.go Show resolved Hide resolved
@dboslee dboslee requested a review from rosstimothy June 20, 2024 17:10
@dboslee dboslee enabled auto-merge June 20, 2024 21:51
@dboslee dboslee added this pull request to the merge queue Jun 20, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jun 20, 2024
@dboslee dboslee enabled auto-merge June 20, 2024 22:18
@dboslee
Copy link
Contributor Author

dboslee commented Jun 20, 2024 

docker: Error response from daemon: Head "https://registry-1.docker.io/v2/library/fedora/manifests/latest": received unexpected HTTP status: 503 Service Unavailable.

503 from docker.io 🙄

@dboslee dboslee added this pull request to the merge queue Jun 21, 2024
Merged via the queue into master with commit ffc33df Jun 21, 2024
37 checks passed
@dboslee dboslee deleted the david/migrate branch June 21, 2024 15:50
@public-teleport-github-review-bot
Copy link

@dboslee See the table below for backport results.

Branch Result
branch/v15 Create PR
branch/v16 Create PR

This was referenced Jun 24, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sclevine sclevine sclevine left review comments

@rosstimothy rosstimothy rosstimothy approved these changes

@fspmarshall fspmarshall fspmarshall approved these changes

@espadolini espadolini Awaiting requested review from espadolini

Assignees
No one assigned
Labels
backport/branch/v15 backport/branch/v16 no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dboslee @fspmarshall @espadolini @sclevine @rosstimothy