Merge branch 'main' into martinflorian-da/cntf-6839-dont-rate-limit-simtime-test

Author: martinflorian-da

build-tools/cncluster

@@ -1735,23 +1735,16 @@ subcommand_whitelist[backup_nodes]='Backup one or more CN nodes in the cluster'
 function subcmd_backup_nodes() {
     _cluster_must_exist
 
-    if [ "$#" -lt 2 ]; then
-       echo "Usage: $0 <migration_id> <internal_stack> [node...]"
+    if [ "$#" -lt 1 ]; then
+       echo "Usage: $0 <migration_id> [node...]"
        exit 1
     fi
 
     if [[ ! "$1" =~ ^[0-9]+$ ]]; then
         echo "Usage: $0 <migration_id> [node...]"
         _error "<migration_id> must be a positive integer"
     fi
-
-    if [[ "$2" != "true" && "$2" != "false" ]]; then
-        echo "Usage: $0 <internal_stack> [node...]"
-        _error "<internal_stack> must be either \"true\" or \"false\""
-    fi
-
     migration_id=$1
-    internal_stack=$2
 
     if [ $# -eq 2 ]; then
         nodes="sv-1 sv-2 sv-3 sv-da-1 validator1 splitwell"
@@ -1764,11 +1757,11 @@ function subcmd_backup_nodes() {
         case "$node" in
             sv-1|sv-2|sv-3|sv-4|sv-da-1)
                 _info "Backing up sv node $node"
-                SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-backup.sh sv "$node" "$migration_id" "$internal_stack"
+                SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-backup.sh sv "$node" "$migration_id"
                 ;;
             validator1|splitwell)
                 _info "Backing up validator node $node"
-                SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-backup.sh validator "$node" "$migration_id" "$internal_stack"
+                SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-backup.sh validator "$node" "$migration_id"
                 ;;
             *)
                 _error "Unknown node $node"
@@ -1805,16 +1798,15 @@ function subcmd_restore_node() {
 
     node="${1-}"
     migration_id="${2-}"
-    internal_stack="${3-}"
-    backup_run_id="${4-}"
+    backup_run_id="${3-}"
 
     if [ -z "$node" ] || [ -z "$migration_id" ]; then
-        _error "Usage: $SCRIPTNAME restore_node <namespace_name> <migration_id> <internal_stack> [<backup_run_id>]"
+        _error "Usage: $SCRIPTNAME restore_node <namespace_name> <migration_id> [<backup_run_id>]"
     fi
 
     if [ -z "$backup_run_id" ]; then
         _info "No backup run_id given, looking for the latest full backup"
-        backup_run_id=$(SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/find-recent-backup.sh "$node" "$migration_id" "$internal_stack")
+        backup_run_id=$(SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/find-recent-backup.sh "$node" "$migration_id")
         if [[ -z "$backup_run_id" || "$backup_run_id" == "null" ]]; then
             _error "No recent backup found for $node"
         fi
@@ -1831,11 +1823,11 @@ function subcmd_restore_node() {
             _info "Silencing SV report creation alerts for $sv_name for 1 hour"
             subcmd_silence_grafana_alerts "1 hour" "alertname=Report Creation Time Lag" "report_publisher=$sv_name"
             _info "Restoring sv node $node"
-            SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-restore.sh $force "$node" "$migration_id" "$backup_run_id" "$internal_stack" cometbft sequencer participant mediator cn-apps
+            SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-restore.sh $force "$node" "$migration_id" "$backup_run_id" cometbft sequencer participant mediator cn-apps
             ;;
         validator1|splitwell)
             _info "Restoring validator node $node"
-            SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-restore.sh $force "$node" "$migration_id" "$backup_run_id" "$internal_stack" participant validator
+            SPLICE_SV=$node SPLICE_MIGRATION_ID=$migration_id "$SPLICE_ROOT"/cluster/scripts/node-restore.sh $force "$node" "$migration_id" "$backup_run_id" participant validator
             ;;
         *)
             _error "Unknown node $node"

cluster/pulumi/common/src/index.ts

@@ -24,6 +24,7 @@ export * from './dockerConfig';
 export * from './serviceAccount';
 export * from './participantKms';
 export * from './config/migrationSchema';
+export * from './postgres';
 export * from './pruning';
 export * from './config/loadTesterConfig';
 export * from './config/networkWideConfig';

cluster/pulumi/common/src/postgres.ts

@@ -65,7 +65,12 @@ export class CloudPostgres extends pulumi.ComponentResource implements Postgres
     secretName: string,
     cloudSqlConfig: CloudSqlConfig,
     active: boolean = true,
-    opts: { disableProtection?: boolean; migrationId?: string; logicalDecoding?: boolean } = {}
+    opts: {
+      disableProtection?: boolean;
+      migrationId?: string;
+      logicalDecoding?: boolean;
+      disableBackups?: boolean;
+    } = {}
   ) {
     const instanceLogicalName = xns.logicalName + '-' + instanceName;
     const instanceLogicalNameAlias = xns.logicalName + '-' + alias; // pulumi name before #12391
@@ -93,8 +98,8 @@ export class CloudPostgres extends pulumi.ComponentResource implements Postgres
             ...(opts.logicalDecoding ? [{ name: 'cloudsql.logical_decoding', value: 'on' }] : []),
           ],
           backupConfiguration: {
-            enabled: true,
-            pointInTimeRecoveryEnabled: true,
+            enabled: !opts.disableBackups,
+            pointInTimeRecoveryEnabled: !opts.disableBackups,
             ...(spliceConfig.pulumiProjectConfig.cloudSql.backupsToRetain
               ? {
                   backupRetentionSettings: {

cluster/pulumi/gha/src/performanceTests.ts

@@ -0,0 +1,27 @@
+// Copyright (c) 2024 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { CloudPostgres, ExactNamespace } from '@lfdecentralizedtrust/splice-pulumi-common';
+
+export function createCloudSQLInstanceForPerformanceTests(
+  ghaNamespace: ExactNamespace
+): CloudPostgres {
+  return new CloudPostgres(
+    ghaNamespace,
+    'performance-test-db',
+    'performance-test-db',
+    'performance-test-db-secret',
+    {
+      enabled: true,
+      maintenanceWindow: { day: 2, hour: 8 },
+      protected: false,
+      tier: 'db-custom-2-7680', // same as devnet & testnet as of Jan 2026
+      enterprisePlus: false,
+    },
+    true,
+    {
+      disableProtection: true,
+      disableBackups: true,
+      logicalDecoding: false,
+    }
+  );
+}

cluster/pulumi/gha/src/runners.test.ts

@@ -15,13 +15,17 @@ jest.mock('./config', () => ({
     runnerHookVersion: '1.1',
   },
 }));
+class FakeCloudPostgres extends pulumi.Resource {}
 jest.mock('@lfdecentralizedtrust/splice-pulumi-common', () => ({
   __esModule: true,
   appsAffinityAndTolerations: {},
   DOCKER_REPO: 'https://dummy-docker-repo.com',
   HELM_MAX_HISTORY_SIZE: 42,
   imagePullSecretByNamespaceNameForServiceAccount: () => [],
   infraAffinityAndTolerations: {},
+  CloudPostgres: function CloudPostgres() {
+    return new FakeCloudPostgres('CloudPostgres', 'cloud-postgres', true);
+  },
 }));
 jest.mock('@lfdecentralizedtrust/splice-pulumi-common/src/config/envConfig', () => ({
   __esModule: true,

cluster/pulumi/gha/src/runners.ts

@@ -3,7 +3,9 @@
 import * as k8s from '@pulumi/kubernetes';
 import {
   appsAffinityAndTolerations,
+  CloudPostgres,
   DOCKER_REPO,
+  ExactNamespace,
   HELM_MAX_HISTORY_SIZE,
   imagePullSecretByNamespaceNameForServiceAccount,
   infraAffinityAndTolerations,
@@ -18,6 +20,7 @@ import yaml from 'js-yaml';
 
 import { createCachePvc } from './cache';
 import { ghaConfig } from './config';
+import { createCloudSQLInstanceForPerformanceTests } from './performanceTests';
 
 type ResourcesSpec = {
   requests?: {
@@ -403,7 +406,8 @@ function installK8sRunnerScaleSet(
   cachePvcName: string,
   resources: ResourcesSpec,
   serviceAccountName: string,
-  dependsOn: Resource[]
+  dependsOn: Resource[],
+  performanceTestsDb: CloudPostgres
 ): Release {
   const podConfigMapName = `${name}-pod-config`;
   // A configMap that will be mounted to runner pods and provide additional pod spec for the workflow pods
@@ -534,6 +538,21 @@ function installK8sRunnerScaleSet(
                     name: 'ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE',
                     value: '/pod.yaml',
                   },
+                  {
+                    name: 'PERFORMANCE_TESTS_DB_HOST',
+                    value: performanceTestsDb.address,
+                  },
+                  {
+                    name: 'PERFORMANCE_TESTS_DB_USER',
+                    value: 'cnadmin',
+                  },
+                  {
+                    name: 'PERFORMANCE_TESTS_DB_PASSWORD',
+                    valueFrom: {
+                      key: 'postgresPassword',
+                      name: performanceTestsDb.secretName,
+                    },
+                  },
                 ],
                 volumeMounts: [
                   {
@@ -701,9 +720,10 @@ function installK8sRunnerScaleSets(
   runnersNamespace: Namespace,
   tokenSecret: Secret,
   cachePvcName: string,
-  serviceAccountName: string
+  serviceAccountName: string,
+  performanceTestsDb: CloudPostgres
 ): void {
-  const dependsOn = [controller, runnersNamespace, tokenSecret];
+  const dependsOn = [controller, runnersNamespace, tokenSecret, performanceTestsDb];
 
   runnerSpecs
     .filter(spec => spec.k8s)
@@ -715,7 +735,8 @@ function installK8sRunnerScaleSets(
         cachePvcName,
         spec.resources,
         serviceAccountName,
-        dependsOn
+        dependsOn,
+        performanceTestsDb
       );
     });
 }
@@ -754,12 +775,17 @@ function installPodMonitor(runnersNamespace: Namespace) {
   );
 }
 
+const GHA_NAMESPACE_NAME = 'gha-runners';
 export function installRunnerScaleSets(controller: k8s.helm.v3.Release): void {
-  const runnersNamespace = new Namespace('gha-runners', {
+  const runnersNamespace = new Namespace(GHA_NAMESPACE_NAME, {
     metadata: {
-      name: 'gha-runners',
+      name: GHA_NAMESPACE_NAME,
     },
   });
+  const exactNs: ExactNamespace = {
+    ns: runnersNamespace,
+    logicalName: GHA_NAMESPACE_NAME,
+  };
 
   const tokenSecret = new k8s.core.v1.Secret(
     'gh-access-token',
@@ -791,7 +817,15 @@ export function installRunnerScaleSets(controller: k8s.helm.v3.Release): void {
   const saName = 'k8s-runners';
   installRunnersServiceAccount(runnersNamespace, saName);
 
+  const performanceTestsDb = createCloudSQLInstanceForPerformanceTests(exactNs);
   installDockerRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvc, saName);
-  installK8sRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvcName, saName);
+  installK8sRunnerScaleSets(
+    controller,
+    runnersNamespace,
+    tokenSecret,
+    cachePvcName,
+    saName,
+    performanceTestsDb
+  );
   installPodMonitor(runnersNamespace);
 }

cluster/scripts/find-recent-backup.sh

@@ -11,7 +11,7 @@ source "${TOOLS_LIB}/libcli.source"
 source "${SPLICE_ROOT}/cluster/scripts/utils.source"
 
 function usage() {
-  _info "Usage: $0 <namespace> <migration_id> <internal (true|false)>"
+  _info "Usage: $0 <namespace> <migration_id>"
 }
 
 function is_full_backup_kube() {
@@ -64,16 +64,15 @@ function latest_full_backup_run_id_gcloud() {
   local migration_id=$2
   local is_sv=$3
   local expected_components=$4
-  local internal=$5
   local num_components
   num_components=$(echo "$expected_components" | wc -w)
   local stack
 
   declare -A run_ids_dict
 
   for component in $expected_components; do
-    stack=$(get_stack_for_namespace_component "$namespace" "$component" "$internal")
-    instance="$(create_component_instance "$component" "$migration_id" "$namespace" "$internal")"
+    stack=$(get_stack_for_namespace_component "$namespace" "$component")
+    instance="$(create_component_instance "$component" "$migration_id" "$namespace")"
     local full_component_instance="$namespace-$instance-pg"
 
     local cloudsql_id
@@ -110,27 +109,26 @@ function latest_full_backup_run_id_gcloud() {
 }
 
 function main() {
-  if [ "$#" -lt 3 ]; then
+  if [ "$#" -lt 2 ]; then
       usage
       exit 1
   fi
 
   local namespace=$1
   local migration_id=$2
-  local internal=$3
 
   case "$namespace" in
       sv-1|sv-2|sv-3|sv-4|sv-da-1)
           is_sv=true
           full_instance="$namespace-cn-apps-pg"
           expected_components="cn-apps sequencer participant mediator"
-          stack=$(get_stack_for_namespace_component "$namespace" "cn-apps" "$internal")
+          stack=$(get_stack_for_namespace_component "$namespace" "cn-apps")
           ;;
       *)
           is_sv=false
           full_instance="$namespace-validator-pg"
           expected_components="validator participant"
-          stack=$(get_stack_for_namespace_component "$namespace" "participant" "$internal")
+          stack=$(get_stack_for_namespace_component "$namespace" "participant")
           ;;
   esac
 
@@ -140,7 +138,7 @@ function main() {
     backup_run_id=$(latest_full_backup_run_id_kube "$namespace" "$migration_id" "$is_sv" "$expected_components")
     echo "$backup_run_id"
   elif [ "$type" == "canton:cloud:postgres" ]; then
-    backup_run_id=$(latest_full_backup_run_id_gcloud "$namespace" "$migration_id" "$is_sv" "$expected_components" "$internal")
+    backup_run_id=$(latest_full_backup_run_id_gcloud "$namespace" "$migration_id" "$is_sv" "$expected_components")
     echo "$backup_run_id"
   elif [ -z "$type" ]; then
     _error "No postgres instance $full_instance found in stack ${stack}. Is the cluster deployed with split DB instances?"