Versions Compared

Old Version 5

changes.mady.by.user Sidney Chen

Saved on

compared with

New Version 6

changes.mady.by.user Ben

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

You are expected to have access directly to the Kubernetes or Openshift pods and have the ability to delete/create pods and deployments to progress this this.

This is also considered a DISRUPTIVE change and will cause outage on certain components during the update process.

Table of Contents

 1. Updating Postgres Password (

...

Deployments using Keycloak)

Before updating the Postgres password at the secret level, you will need to first update the instance password.

...

Before undertaking this change, please ensure there is no one using the platform or if anyone is using the platform you will need to notify them of a disruption. Changing the password of the instance will cause a cascading effect and the following components will cease to function and go into a CrashLoop:

  1. cerebrum-api-server

  2. cerebrum-batch

  3. cerebrum-scheduler

  4. cerebrum-workerkeycloak

This may also cause a cascading effect that will cause the following to go into a pending state due to health checks:

  1. keycloak-internal-gateway

1.1. Changing the Password on the Existing Instance

...

Code Block
languagebash
kubectl exec -it <keycloak <postgrespostgres pod> /bin/bash
bash
psql -U postgres -d postgres

OR

oc rsh <postgres<keycloak postgres pod>
bash
psql -U postgres -d postgres

...

1.2. Updating Deployment Specifications and Re-Deploy

Update the POSTGRES_PASSPASSWORD variable in the secrets yaml for Postgres keycloak-credentials.yaml to the new password.

...

Code Block
kubectl apply -f postgreskeycloak/k8s/credentailskeycloak-credentials.yaml

OR 

oc apply -f postgreskeycloak/k8s/credentailskeycloak-credentials.yaml

Validate the secrets was updated using

...

You will need to restart the following pods to take on the new Postgres password

  1. cerebrum-api-server

  2. cerebrum-batch

  3. cerebrum-scheduler

  4. cerebrum-workerkeycloak

These pods should no longer be in a CrashLoop state after the restart. The keycloak-internal-gateway should also stabilise.

...

2.Updating Postgres Password (Older versions - Non Keycloak)

Before updating the Postgres password at the secret level, you will need to first update the instance password.

...

Before undertaking this change, please ensure there is no one using the platform or if anyone is using the platform you will need to notify them of a disruption. Changing the password of the instance will cause a cascading effect and the following components will cease to function and go into a CrashLoop:

  1. keycloak

This may also cause a cascading effect that will cause the following to go into a pending state due to health checks:

  1. keycloak-internal-gatewaycerebrum-api-server

  2. cerebrum-batch

  3. cerebrum-scheduler

  4. cerebrum-worker

2.1. Changing the Password on the Existing Instance

...

Code Block
languagebash
kubectl exec -it <keycloak postgres<postgres pod> /bin/bash
bash
psql -U postgres -d postgres

OR

oc rsh <keycloak postgres<postgres pod>
bash
psql -U postgres -d postgres

...

2.2. Updating Deployment Specifications and Re-Deploy

Update the POSTGRES_PASSWORDPASS variable in the secrets yaml for Postgres keycloak-credentials.yaml to the new password.

...

Code Block
kubectl apply -f keycloakpostgres/k8s/keycloak-credentialscredentails.yaml

OR 

oc apply -f keycloakpostgres/k8s/keycloak-credentialscredentails.yaml

Validate the secrets was updated using

...

You will need to restart the following pods to take on the new Postgres password

...

  1. cerebrum-api-server

  2. cerebrum-batch

  3. cerebrum-scheduler

  4. cerebrum-worker

These pods should no longer be in a CrashLoop state after the restart. The keycloak-internal-gateway should also stabilise.