From a99a91d9b7af7387666ca6e77b7b0830e92d724f Mon Sep 17 00:00:00 2001 From: SrishT Date: Fri, 3 Jul 2020 18:43:46 +0530 Subject: [PATCH 1/3] Issue 411: Updating Pravega config key names Signed-off-by: SrishT --- doc/auth.md | 10 ++++----- doc/longtermstorage.md | 4 ++-- doc/minikube_setup.md | 46 ++++++++++++++++++++-------------------- doc/pravega-options.md | 6 +++--- doc/tls.md | 12 +++++------ example/cr-detailed.yaml | 37 ++++++++++++++++---------------- 6 files changed, 57 insertions(+), 58 deletions(-) diff --git a/doc/auth.md b/doc/auth.md index b7f7feaa3..462c8bbe6 100644 --- a/doc/auth.md +++ b/doc/auth.md @@ -54,11 +54,11 @@ spec: ... pravega: options: - controller.auth.enabled: "true" - controller.auth.userPasswordFile: "/etc/auth-passwd-volume/userdata.txt" - controller.auth.tokenSigningKey: "secret" - autoScale.authEnabled: "true" - autoScale.tokenSigningKey: "secret" + controller.security.auth.enable: "true" + controller.security.pwdAuthHandler.accountsDb.location: "/etc/auth-passwd-volume/userdata.txt" + controller.security.auth.delegationToken.signingKey.basis: "secret" + autoScale.controller.connect.security.auth.enable: "true" + autoScale.security.auth.token.signingKey.basis: "secret" pravega.client.auth.token: "YWRtaW46MTExMV9hYWFh" pravega.client.auth.method: "Basic" diff --git a/doc/longtermstorage.md b/doc/longtermstorage.md index a563e117c..c54d10a94 100644 --- a/doc/longtermstorage.md +++ b/doc/longtermstorage.md @@ -133,7 +133,7 @@ Pravega can also use an S3-compatible storage backend such as [Dell EMC ECS](htt ``` ... spec: - longtermStorage: + longtermStorage: ecs: configUri: http://10.247.10.52:9020?namespace=pravega bucket: "shared" @@ -169,7 +169,7 @@ Refer to the steps below to add ECS server certificate or CA's certificate into $ kubectl create -f ecs-tls.yaml ``` -3. In Pravega manifest, add the secret name defined above into "tls/static/caBundle" section. +3. In Pravega manifest, add the secret name defined above into "tls/static/caBundle" section. ``` ... kind: "PravegaCluster" diff --git a/doc/minikube_setup.md b/doc/minikube_setup.md index 363ed32f5..5469dc65b 100644 --- a/doc/minikube_setup.md +++ b/doc/minikube_setup.md @@ -44,26 +44,26 @@ Create a single node Bookkeeper Cluster using the [BookKeeper Operator](https:// spec: replicas: 1 storage: - ledgerVolumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "standard" - resources: - requests: - storage: 10Gi - - journalVolumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "standard" - resources: - requests: - storage: 10Gi - - indexVolumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "standard" - resources: - requests: - storage: 10Gi + ledgerVolumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 10Gi + + journalVolumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 10Gi + + indexVolumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 10Gi ``` ### Pravega @@ -76,7 +76,7 @@ spec: segmentStoreReplicas: 1 options: - bookkeeper.bkAckQuorumSize: "1" - bookkeeper.bkWriteQuorumSize: "1" - bookkeeper.bkEnsembleSize: "1" + bookkeeper.ack.quorum.size: "1" + bookkeeper.write.quorum.size: "1" + bookkeeper.ensemble.size: "1" ``` diff --git a/doc/pravega-options.md b/doc/pravega-options.md index da1399b5a..19028f6ed 100644 --- a/doc/pravega-options.md +++ b/doc/pravega-options.md @@ -9,9 +9,9 @@ All values must be expressed as Strings. spec: pravega: options: - metrics.enableStatistics: "true" - metrics.statsdHost: "telegraph.default" - metrics.statsdPort: "8125" + metrics.statistics.enable: "true" + metrics.statsD.connect.host: "telegraph.default" + metrics.statsD.connect.port: "8125" ... ``` ### Pravega JVM Options diff --git a/doc/tls.md b/doc/tls.md index 974b38db4..0ddaf0e99 100644 --- a/doc/tls.md +++ b/doc/tls.md @@ -34,12 +34,12 @@ spec: ... pravega: options: - controller.auth.tlsEnabled: "true" - controller.auth.tlsCertFile: "/etc/secret-volume/controller01.pem" - controller.auth.tlsKeyFile: "/etc/secret-volume/controller01.key.pem" - pravegaservice.enableTls: "true" - pravegaservice.certFile: "/etc/secret-volume/segmentStore01.pem" - pravegaservice.keyFile: "/etc/secret-volume/segmentStore01.key.pem" + controller.security.tls.enable: "true" + controller.security.tls.server.certificate.location: "/etc/secret-volume/controller01.pem" + controller.security.tls.server.privateKey.location: "/etc/secret-volume/controller01.key.pem" + pravegaservice.security.tls.enable: "true" + pravegaservice.security.tls.server.certificate.location: "/etc/secret-volume/segmentStore01.pem" + pravegaservice.security.tls.server.privateKey.location: "/etc/secret-volume/segmentStore01.key.pem" ... ``` diff --git a/example/cr-detailed.yaml b/example/cr-detailed.yaml index 087f89e7d..6c8041a8f 100644 --- a/example/cr-detailed.yaml +++ b/example/cr-detailed.yaml @@ -61,26 +61,25 @@ spec: # See https://github.com/pravega/pravega/blob/3f5b65084ae17e74c8ef8e6a40e78e61fa98737b/config/config.properties # for available configuration properties options: - pravegaservice.containerCount: "4" - pravegaservice.cacheMaxSize: "1073741824" - pravegaservice.zkSessionTimeoutMs: "10000" - attributeIndex.readBlockSize: "1048576" - readIndex.storageReadAlignment: "1048576" - durableLog.checkpointMinCommitCount: "300" - bookkeeper.bkAckQuorumSize: "3" - metrics.dynamicCacheSize: "100000" - metrics.enableStatistics: "true" - metrics.statsdHost: "telegraph.default" - metrics.statsdPort: "8125" + pravegaservice.container.count: "4" + pravegaservice.cache.size.max: "1073741824" + pravegaservice.zk.connect.sessionTimeout.milliseconds: "10000" + readindex.storageRead.alignment: "1048576" + durablelog.checkpoint.commit.count.min: "300" + bookkeeper.ack.quorum.size: "3" + metrics.dynamicCache.size: "100000" + metrics.statistics.enable: "true" + metrics.statsD.connect.host: "telegraph.default" + metrics.statsD.connect.port: "8125" # The mount dir for secrets is /etc/secret-volume - controller.auth.tlsEnabled: "true" - controller.auth.tlsCertFile: "/etc/secret-volume/controller01.pem" - controller.auth.tlsKeyFile: "/etc/secret-volume/controller01.key.pem" - controller.rest.tlsKeyStoreFile: "/etc/secret-volume/controller01.jks" - controller.rest.tlsKeyStorePasswordFile: "/etc/secret-volume/password" - pravegaservice.enableTls: "true" - pravegaservice.certFile: "/etc/secret-volume/segmentStore01.pem" - pravegaservice.keyFile: "/etc/secret-volume/segmentStore01.key.pem" + controller.security.tls.enable: "true" + controller.security.tls.server.certificate.location: "/etc/secret-volume/controller01.pem" + controller.security.tls.server.privateKey.location: "/etc/secret-volume/controller01.key.pem" + controller.security.tls.server.keyStore.location: "/etc/secret-volume/controller01.jks" + controller.security.tls.server.keyStore.pwd.location: "/etc/secret-volume/password" + pravegaservice.security.tls.enable: "true" + pravegaservice.security.tls.server.certificate.location: "/etc/secret-volume/segmentStore01.pem" + pravegaservice.security.tls.server.privateKey.location: "/etc/secret-volume/segmentStore01.key.pem" # Pass the JVM options to controller and segmentstore segmentStoreJVMOptions: ["-Xmx2g", "-XX:MaxDirectMemorySize=2g"] From e8de0fda4515d1f309e20ab5fd7b6a18fb5e8f43 Mon Sep 17 00:00:00 2001 From: SrishT Date: Mon, 6 Jul 2020 10:08:29 +0530 Subject: [PATCH 2/3] Issue 411: Addressing review comments Signed-off-by: SrishT --- charts/pravega/values.yaml | 2 +- doc/upgrade-cluster.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/pravega/values.yaml b/charts/pravega/values.yaml index f3d86f024..c29ee3e56 100644 --- a/charts/pravega/values.yaml +++ b/charts/pravega/values.yaml @@ -109,4 +109,4 @@ storage: className: standard options: - # bookkeeper.bkAckQuorumSize: "3" + # bookkeeper.ack.quorum.size: "3" diff --git a/doc/upgrade-cluster.md b/doc/upgrade-cluster.md index f98f1ab00..0d2ff8426 100644 --- a/doc/upgrade-cluster.md +++ b/doc/upgrade-cluster.md @@ -77,14 +77,14 @@ segmentStoreJVMOptions: ["-Xmx4g", "-XX:MaxDirectMemorySize=12g"] 3. The cache should be configured at least 1 or 2 GB below the Direct Memory value provided since the Direct Memory is used by other components as well (like Netty). This value is configured in the pravega options part of the manifest file ``` options: - pravegaservice.cacheMaxSize: "11811160064" + pravegaservice.cache.size.max: "11811160064" ``` To summarize the way in which the segmentstore pod memory is distributed: ``` POD_MEM_LIMIT = JVM Heap + Direct Memory -Direct Memory = pravegaservice.cacheMaxSize + 1GB/2GB (other uses) +Direct Memory = pravegaservice.cache.size.max + 1GB/2GB (other uses) ``` ## Upgrade process From 33e4e692404124e1acfe30658019b839f9930cdc Mon Sep 17 00:00:00 2001 From: SrishT Date: Mon, 6 Jul 2020 10:57:15 +0530 Subject: [PATCH 3/3] Issue 411: Addressing review comments Signed-off-by: SrishT --- doc/longtermstorage.md | 2 +- example/cr-detailed.yaml | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/longtermstorage.md b/doc/longtermstorage.md index c54d10a94..e0e5c3655 100644 --- a/doc/longtermstorage.md +++ b/doc/longtermstorage.md @@ -169,7 +169,7 @@ Refer to the steps below to add ECS server certificate or CA's certificate into $ kubectl create -f ecs-tls.yaml ``` -3. In Pravega manifest, add the secret name defined above into "tls/static/caBundle" section. +3. In Pravega manifest, add the secret name defined above into "tls/static/caBundle" section. ``` ... kind: "PravegaCluster" diff --git a/example/cr-detailed.yaml b/example/cr-detailed.yaml index 6c8041a8f..909893c65 100644 --- a/example/cr-detailed.yaml +++ b/example/cr-detailed.yaml @@ -71,7 +71,7 @@ spec: metrics.statistics.enable: "true" metrics.statsD.connect.host: "telegraph.default" metrics.statsD.connect.port: "8125" - # The mount dir for secrets is /etc/secret-volume + # The mount dir for tls secrets is /etc/secret-volume controller.security.tls.enable: "true" controller.security.tls.server.certificate.location: "/etc/secret-volume/controller01.pem" controller.security.tls.server.privateKey.location: "/etc/secret-volume/controller01.key.pem" @@ -80,6 +80,14 @@ spec: pravegaservice.security.tls.enable: "true" pravegaservice.security.tls.server.certificate.location: "/etc/secret-volume/segmentStore01.pem" pravegaservice.security.tls.server.privateKey.location: "/etc/secret-volume/segmentStore01.key.pem" + # The mount dir for auth secrets is /etc/auth-passwd-volume + controller.security.auth.enable: "true" + controller.security.pwdAuthHandler.accountsDb.location: "/etc/auth-passwd-volume/userdata.txt" + controller.security.auth.delegationToken.signingKey.basis: "secret" + autoScale.controller.connect.security.auth.enable: "true" + autoScale.security.auth.token.signingKey.basis: "secret" + pravega.client.auth.token: "YWRtaW46MTExMV9hYWFh" + pravega.client.auth.method: "Basic" # Pass the JVM options to controller and segmentstore segmentStoreJVMOptions: ["-Xmx2g", "-XX:MaxDirectMemorySize=2g"]