Reduce registration interval for postgres route in use-cf-services.ym…

…l to 5s
cloudfoundry · Oct 25, 2024 · 415697f · 415697f
1 parent 498e3bd
commit 415697f
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 3 deletions.
diff --git a/ci/autoscaler/scripts/deploy-autoscaler.sh b/ci/autoscaler/scripts/deploy-autoscaler.sh
@@ -112,6 +112,7 @@ function create_manifest(){
       -v skip_ssl_validation=true \
       > "${tmp_manifest_file}"
 
+
     # shellcheck disable=SC2064
   if [ -z "${debug}" ] || [ "${debug}" = "false" ] ; then  trap "rm ${tmp_manifest_file}" EXIT ; fi
 }
@@ -142,6 +143,9 @@ function deploy() {
   step "Using Ops files: '${OPS_FILES_TO_USE}'"
   step "Deploy options: '${bosh_deploy_opts}'"
   bosh -n -d "${deployment_name}" deploy "${tmp_manifest_file}"
+	postgres_ip="$(bosh curl "/deployments/${deployment_name}/vms" | jq '. | .[] | select(.job == "postgres") | .ips[0]' -r)"
+	credhub set -n "/bosh-autoscaler/${deployment_name}/postgres_ip" -t value -v "${postgres_ip}"
+
 }
 
 function find_or_upload_stemcell() {

diff --git a/operations/use-cf-services.yml b/operations/use-cf-services.yml
@@ -30,7 +30,7 @@
           oauth_url: "https://uaa.((system_domain)):443"
         routes:
           - name: ((deployment_name))_postgres
-            registration_interval: 10s
+            registration_interval: 5s
             port: 5432
             external_port: ((postgres_external_port))
             type: tcp

diff --git a/src/autoscaler/build-extension-file.sh b/src/autoscaler/build-extension-file.sh
@@ -16,10 +16,10 @@ if [ -z "${DEPLOYMENT_NAME}" ]; then
 fi
 
 export SYSTEM_DOMAIN="autoscaler.app-runtime-interfaces.ci.cloudfoundry.org"
-export POSTGRES_ADDRESS="${DEPLOYMENT_NAME}-postgres.tcp.${SYSTEM_DOMAIN}"
 export POSTGRES_EXTERNAL_PORT="${PR_NUMBER:-5432}"
 
 cat << EOF > /tmp/extension-file-secrets.yml.tpl
+postgres_ip: ((/bosh-autoscaler/${DEPLOYMENT_NAME}/postgres_ip))
 metricsforwarder_health_password: ((/bosh-autoscaler/${DEPLOYMENT_NAME}/autoscaler_metricsforwarder_health_password))
 policy_db_password: ((/bosh-autoscaler/${DEPLOYMENT_NAME}/database_password))
 policy_db_server_ca: ((/bosh-autoscaler/${DEPLOYMENT_NAME}/postgres_server.ca))
@@ -35,6 +35,8 @@ credhub interpolate -f "/tmp/extension-file-secrets.yml.tpl" > /tmp/mtar-secrets
 export METRICSFORWARDER_APPNAME="${METRICSFORWARDER_APPNAME:-"${DEPLOYMENT_NAME}-metricsforwarder"}"
 export METRICSFORWARDER_HEALTH_PASSWORD="$(yq ".metricsforwarder_health_password" /tmp/mtar-secrets.yml)"
 
+export POSTGRES_IP="$(yq ".postgres_ip" /tmp/mtar-secrets.yml)"
+
 export POLICY_DB_PASSWORD="$(yq ".policy_db_password" /tmp/mtar-secrets.yml)"
 export POLICY_DB_SERVER_CA="$(yq ".policy_db_server_ca" /tmp/mtar-secrets.yml)"
 export POLICY_DB_CLIENT_CERT="$(yq ".policy_db_client_cert" /tmp/mtar-secrets.yml)"
@@ -44,6 +46,13 @@ export SYSLOG_CLIENT_CA="$(yq ".syslog_client_ca" /tmp/mtar-secrets.yml)"
 export SYSLOG_CLIENT_CERT="$(yq ".syslog_client_cert" /tmp/mtar-secrets.yml)"
 export SYSLOG_CLIENT_KEY="$(yq ".syslog_client_key" /tmp/mtar-secrets.yml)"
 
+if [ -z "${POSTGRES_IP}" ]; then
+	POSTGRES_URI="postgres://postgres:${POLICY_DB_PASSWORD}@${DEPLOYMENT_NAME}-postgres.tcp.${SYSTEM_DOMAIN}:${POSTGRES_EXTERNAL_PORT}/autoscaler?application_name=metricsforwarder&sslmode=verify-full"
+else
+	POSTGRES_URI="postgres://postgres:${POLICY_DB_PASSWORD}@${POSTGRES_IP}:5432/autoscaler?application_name=metricsforwarder&sslmode=verify-ca"
+
+fi
+
 cat <<EOF > "${extension_file_path}"
 ID: development
 extends: com.github.cloudfoundry.app-autoscaler-release
@@ -70,7 +79,7 @@ resources:
 - name: policydb
   parameters:
     config:
-      uri: "postgres://postgres:${POLICY_DB_PASSWORD}@${POSTGRES_ADDRESS}:${POSTGRES_EXTERNAL_PORT}/autoscaler?application_name=metricsforwarder&sslmode=verify-full"
+      uri: "${POSTGRES_URI}"
       client_cert: "${POLICY_DB_CLIENT_CERT//$'\n'/\\n}"
       client_key: "${POLICY_DB_CLIENT_KEY//$'\n'/\\n}"
       server_ca: "${POLICY_DB_SERVER_CA//$'\n'/\\n}"

diff --git a/src/autoscaler/metricsforwarder/security-group.json b/src/autoscaler/metricsforwarder/security-group.json
@@ -4,5 +4,11 @@
        "destination": "10.0.1.0/24",
        "ports": "6067",
        "description": "Allow syslog traffic from"
+     },
+     {
+       "protocol": "tcp",
+       "destination": "10.0.1.0/24",
+       "ports": "5432",
+       "description": "Allow postgres traffic from"
      }
    ]