jenkins-infra/azure

Move `pgsql_tier` subnet to the new Virtual Network from jenkins-infra/azure-net

lemeurherve opened this issue · 3 comments

lemeurherve commented

Follow-up of jenkins-infra/helpdesk#2924

Related: #227

azure/vnets.tf

Lines 54 to 70 in 6391800

# "pgsql-tier" subnet is reserved as "delegated" for the pgsql server on the public network
# Ref. https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking
resource "azurerm_subnet" "pgsql_tier" {
name = "pgsql-tier"
resource_group_name = data.azurerm_resource_group.public_prod.name
virtual_network_name = data.azurerm_virtual_network.public_prod.name
address_prefixes = ["10.0.3.0/24"]
delegation {
name = "pgsql"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
}

dduportal commented

There are a some requirements and consequences:

  • Most probably, changing the subnet of a managed pgsql instance requires to.. recreate the instance. if it is the case, better to migrate the DB content to a freshly created new one in the new subnet.
  • If we can migrate the subnet, then we'lkl have to ensure there is a network peering with the former public network, to allow prodpublick8s to communicate with the instance
dduportal commented

Current error on the build, due to infra.ci being in the "new private" network with no peering to the "old public" where the DB is hosted for now

[2023-01-19T18:08:42.577Z] Error: error detecting capabilities: error PostgreSQL version: dial tcp: lookup public.postgres.database.azure.com on <redacted>:53: no such host
[2023-01-19T18:08:42.577Z] 
[2023-01-19T18:08:42.577Z]   with postgresql_role.keycloak,
[2023-01-19T18:08:42.577Z]   on keycloak.jenkins.io.tf line 7, in resource "postgresql_role" "keycloak":
[2023-01-19T18:08:42.577Z]    7: resource "postgresql_role" "keycloak" {
[2023-01-19T18:08:42.577Z] 
[2023-01-19T18:08:42.577Z] 
[2023-01-19T18:08:42.577Z] Error: error detecting capabilities: error PostgreSQL version: dial tcp: lookup public.postgres.database.azure.com on <redacted>:53: no such host
[2023-01-19T18:08:42.577Z] 
[2023-01-19T18:08:42.577Z]   with postgresql_role.plugin_health,
[2023-01-19T18:08:42.577Z]   on plugin-health.jenkins.io.tf line 12, in resource "postgresql_role" "plugin_health":
[2023-01-19T18:08:42.577Z]   12: resource "postgresql_role" "plugin_health" {
[2023-01-19T18:08:42.577Z] 
[2023-01-19T18:08:42.577Z] 
[2023-01-19T18:08:42.577Z] Error: error detecting capabilities: error PostgreSQL version: dial tcp: lookup public.postgres.database.azure.com on <redacted>:53: no such host
[2023-01-19T18:08:42.577Z] 
[2023-01-19T18:08:42.577Z]   with postgresql_role.rating,
[2023-01-19T18:08:42.577Z]   on rating.jenkins.io.tf line 12, in resource "postgresql_role" "rating":
[2023-01-19T18:08:42.577Z]   12: resource "postgresql_role" "rating" {
dduportal commented

Done (as per

azure/postgres-public-db.tf

Lines 6 to 13 in ceaa67d

# Dedicated subnet is reserved as "delegated" for the pgsql server on the public network
# Ref. https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking
# Defined in https://github.com/jenkins-infra/azure-net/blob/main/vnets.tf
data "azurerm_subnet" "public_db_vnet_postgres_tier" {
name = "${data.azurerm_virtual_network.public_db.name}-postgres-tier"
virtual_network_name = data.azurerm_virtual_network.public_db.name
resource_group_name = data.azurerm_resource_group.public.name
}
)