Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(redshift): optionally reboot Clusters to apply parameter changes #22063

Merged
merged 25 commits into from
Feb 17, 2023
Merged

feat(redshift): optionally reboot Clusters to apply parameter changes #22063

Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
8b8798c
inital implementation
dontirun Sep 13, 2022
68ebe28
add lambda handler
dontirun Sep 14, 2022
f262a52
documentation, tests, and bugfixes
Sep 15, 2022
6c1122b
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
Sep 30, 2022
c61f994
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
Oct 4, 2022
6fe9387
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
Oct 10, 2022
63400f6
fix: allow for enabling the reboot feature before the parameter group…
Oct 10, 2022
a5d1ee5
test: comment out assertions
Oct 10, 2022
153345a
chore: commit deleted asstes
Oct 10, 2022
f31b6dd
chore: update snapshot
Oct 11, 2022
a01c334
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
Oct 19, 2022
52916e6
tests: regenerate snapshot
Oct 19, 2022
c445b0f
chore: commenting out diff assets in integ test
Nov 16, 2022
26fbbaa
docs: add testing procedure to integ test
Nov 16, 2022
b732dcf
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
Nov 16, 2022
692d1ab
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
Dec 9, 2022
762f2bf
test: update assertions on integ test
Dec 14, 2022
dae7883
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
dontirun Dec 16, 2022
75ebd28
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
dontirun Jan 18, 2023
b6c323d
refactor: removing unknown-error from reboot actions
dontirun Feb 14, 2023
1c69185
Merge branch 'master' into feat-reboot-cluster-for-parameter-updates
dontirun Feb 14, 2023
80848a9
Update packages/@aws-cdk/aws-redshift/lib/cluster-parameter-change-re…
dontirun Feb 14, 2023
f91ffeb
refactor: use guard clause for clarity
Feb 16, 2023
a76b887
refactor: update guard clause
Feb 17, 2023
16ba85f
Merge branch 'main' into feat-reboot-cluster-for-parameter-updates
mergify[bot] Feb 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions packages/@aws-cdk/aws-redshift/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -349,6 +349,25 @@ const cluster = new Cluster(this, 'Cluster', {
cluster.addToParameterGroup('enable_user_activity_logging', 'true');
```

## Rebooting for Parameter Updates

In most cases, existing clusters [must be manually rebooted](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html) to apply parameter changes. You can automate parameter related reboots by setting the cluster's `rebootForParameterChanges` property to `true` , or by using `Cluster.enableRebootForParameterChanges()`.

```ts
declare const vpc: ec2.Vpc;

const cluster = new Cluster(this, 'Cluster', {
masterUser: {
masterUsername: 'admin',
masterPassword: cdk.SecretValue.unsafePlainText('tooshort'),
},
vpc,
});

cluster.addToParameterGroup('enable_user_activity_logging', 'true');
cluster.enableRebootForParameterChanges()
```

## Elastic IP

If you configure your cluster to be publicly accessible, you can optionally select an *elastic IP address* to use for the external IP address. An elastic IP address is a static IP address that is associated with your AWS account. You can use an elastic IP address to connect to your cluster from outside the VPC. An elastic IP address gives you the ability to change your underlying configuration without affecting the IP address that clients use to connect to your cluster. This approach can be helpful for situations such as recovery after a failure.
Expand Down
53 changes: 53 additions & 0 deletions packages/@aws-cdk/aws-redshift/lib/cluster-parameter-change-reboot-handler/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// eslint-disable-next-line import/no-extraneous-dependencies
import { Redshift } from 'aws-sdk';

const redshift = new Redshift();

export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise<void> {
if (event.RequestType !== 'Delete') {
return rebootClusterIfRequired(event.ResourceProperties?.ClusterId, event.ResourceProperties?.ParameterGroupName);
} else {
return;
}
}

async function rebootClusterIfRequired(clusterId: string, parameterGroupName: string): Promise<void> {
return executeActionForStatus(await getApplyStatus());

// https://docs.aws.amazon.com/redshift/latest/APIReference/API_ClusterParameterStatus.html
async function executeActionForStatus(status: string, retryDurationMs?: number): Promise<void> {
await sleep(retryDurationMs ?? 0);
if (['pending-reboot', 'apply-deferred', 'apply-error'].includes(status)) {
try {
await redshift.rebootCluster({ ClusterIdentifier: clusterId }).promise();
} catch (err) {
if ((err as any).code === 'InvalidClusterState') {
return await executeActionForStatus(status, 30000);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about doing some sort of backoff here, but found checking every 30 seconds to be sufficient in my testing.

} else {
throw err;
}
}
return;
} else if (['applying', 'retry'].includes(status)) {
return executeActionForStatus(await getApplyStatus(), 30000);
}
return;
}

async function getApplyStatus(): Promise<string> {
const clusterDetails = await redshift.describeClusters({ ClusterIdentifier: clusterId }).promise();
if (clusterDetails.Clusters?.[0].ClusterParameterGroups === undefined) {
throw new Error(`Unable to find any Parameter Groups associated with ClusterId "${clusterId}".`);
}
for (const group of clusterDetails.Clusters?.[0].ClusterParameterGroups) {
if (group.ParameterGroupName === parameterGroupName) {
return group.ParameterApplyStatus ?? 'retry';
}
}
throw new Error(`Unable to find Parameter Group named "${parameterGroupName}" associated with ClusterId "${clusterId}".`);
}
}

function sleep(ms: number) {
return new Promise(resolve => setTimeout(resolve, ms));
}
87 changes: 83 additions & 4 deletions packages/@aws-cdk/aws-redshift/lib/cluster.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
import * as path from 'path';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as iam from '@aws-cdk/aws-iam';
import * as kms from '@aws-cdk/aws-kms';
import * as lambda from '@aws-cdk/aws-lambda';
import * as s3 from '@aws-cdk/aws-s3';
import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
import { Duration, IResource, Lazy, RemovalPolicy, Resource, SecretValue, Token } from '@aws-cdk/core';
import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from '@aws-cdk/custom-resources';
import { ArnFormat, CustomResource, Duration, IResource, Lazy, RemovalPolicy, Resource, SecretValue, Stack, Token } from '@aws-cdk/core';
import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId, Provider } from '@aws-cdk/custom-resources';
import { Construct } from 'constructs';
import { DatabaseSecret } from './database-secret';
import { Endpoint } from './endpoint';
import { ClusterParameterGroup, IClusterParameterGroup } from './parameter-group';
import { CfnCluster } from './redshift.generated';
import { ClusterSubnetGroup, IClusterSubnetGroup } from './subnet-group';

/**
* Possible Node Types to use in the cluster
* used for defining `ClusterProps.nodeType`.
Expand Down Expand Up @@ -364,6 +365,12 @@ export interface ClusterProps {
*/
readonly elasticIp?: string

/**
* If this flag is set, the cluster will be rebooted when changes to the cluster's parameter group that require a restart to apply.
* @default false
*/
readonly rebootForParameterChanges?: boolean

/**
* If this flag is set, Amazon Redshift forces all COPY and UNLOAD traffic between your cluster and your data repositories through your virtual private cloud (VPC).
*
Expand Down Expand Up @@ -470,6 +477,11 @@ export class Cluster extends ClusterBase {
*/
protected parameterGroup?: IClusterParameterGroup;

/**
* Whether the cluster will be rebooted when changes to the cluster's parameter group that require a restart to apply.
*/
protected rebootForParameterChangesEnabled?: boolean;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need this prop, can we remove it? It seems redundant with rebootForParameterChanges?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related to my other comment rebootForParameterChanges is the class property that is needed so we don't create duplicate custom resources with enableRebootForParameterChanges(). I thought it would be clearer to have this property versus making the Provider and CustomResource class properties

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add to this docstring that this is only used to guard against repeated invocations of enableRebootForParameterChanges()


/**
* The ARNs of the roles that will be attached to the cluster.
*
Expand Down Expand Up @@ -592,7 +604,9 @@ export class Cluster extends ClusterBase {

const defaultPort = ec2.Port.tcp(this.clusterEndpoint.port);
this.connections = new ec2.Connections({ securityGroups, defaultPort });

if (props.rebootForParameterChanges) {
this.enableRebootForParameterChanges();
}
// Add default role if specified and also available in the roles list
if (props.defaultRole) {
if (props.roles?.some(x => x === props.defaultRole)) {
Expand Down Expand Up @@ -689,6 +703,71 @@ export class Cluster extends ClusterBase {
}
}

/**
* Enables automatic cluster rebooting when changes to the cluster's parameter group require a restart to apply.
*/
public enableRebootForParameterChanges(): void {
if (!this.rebootForParameterChangesEnabled) {
this.rebootForParameterChangesEnabled = true;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check on line 607 is all we need for this, no?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we need it to make sure we don't make a duplicate Custom Resource. I could create class variables to make the function idempotent, but thought that may be overkill

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

making the function idempotent is definitely overkill, and guarding against these potential bugs (an error would be thrown complaining about duplicate construct IDs) is definitely the right call in general. In this case though I don't see how the function could be called twice, as it's only called in the constructor and it's internal-only.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I originally thought about making it constructor only, but It's currently not (example). I figured that exposing the method would be friendlier for situationally enabling the feature under specific conditions (ex. beta/prod stages, using the addToParameterGroup method and then using this method).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm okay. I don't love that we have this prop and this internal member, but it is a better user experience to be able to use a convenience method to set it, so we can leave it.

Please change the format of this to a guard clause though, eg:

    if (this.rebootForParameterChangesEnabled) {
      return;
    }
    this.rebootForParameterChangesEnabled = true;

const rebootFunction = new lambda.SingletonFunction(this, 'RedshiftClusterRebooterFunction', {
uuid: '511e207f-13df-4b8b-b632-c32b30b65ac2',
runtime: lambda.Runtime.NODEJS_16_X,
code: lambda.Code.fromAsset(path.join(__dirname, 'cluster-parameter-change-reboot-handler')),
handler: 'index.handler',
timeout: Duration.seconds(900),
});
rebootFunction.addToRolePolicy(new iam.PolicyStatement({
actions: ['redshift:DescribeClusters'],
resources: ['*'],
}));
rebootFunction.addToRolePolicy(new iam.PolicyStatement({
actions: ['redshift:RebootCluster'],
resources: [
Stack.of(this).formatArn({
service: 'redshift',
resource: 'cluster',
resourceName: this.clusterName,
arnFormat: ArnFormat.COLON_RESOURCE_NAME,
}),
],
}));
const provider = new Provider(this, 'ResourceProvider', {
onEventHandler: rebootFunction,
});
const customResource = new CustomResource(this, 'RedshiftClusterRebooterCustomResource', {
resourceType: 'Custom::RedshiftClusterRebooter',
serviceToken: provider.serviceToken,
properties: {
ClusterId: this.clusterName,
ParameterGroupName: Lazy.string({
produce: () => {
if (!this.parameterGroup) {
throw new Error('Cannot enable reboot for parameter changes when there is no associated ClusterParameterGroup.');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Putting implementation details aside I didn't think it would be a good user experience to allow for enabling a feature that does nothing.

Using a Lazy gets around an order of operations error where enabling the feature and then later adding a parameter group would trigger this error (this test case)

}
return this.parameterGroup.clusterParameterGroupName;
},
}),
ParametersString: Lazy.string({
produce: () => {
if (!(this.parameterGroup instanceof ClusterParameterGroup)) {
throw new Error('Cannot enable reboot for parameter changes when using an imported parameter group.');
}
return JSON.stringify(this.parameterGroup.parameters);
},
}),
},
});
Lazy.any({
produce: () => {
if (!this.parameterGroup) {
throw new Error('Cannot enable reboot for parameter changes when there is no associated ClusterParameterGroup.');
}
customResource.node.addDependency(this, this.parameterGroup);
},
});
}
}

/**
* Adds default IAM role to cluster. The default IAM role must be already associated to the cluster to be added as the default role.
*
Expand Down
1 change: 1 addition & 0 deletions ...napshot/asset.1b88b7c3e3e0f8d3e27ded1bde51b7a80c75f3d8733872af7952c3a6d902147e/index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise<void>;
56 changes: 56 additions & 0 deletions ....snapshot/asset.1b88b7c3e3e0f8d3e27ded1bde51b7a80c75f3d8733872af7952c3a6d902147e/index.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

53 changes: 53 additions & 0 deletions ....snapshot/asset.1b88b7c3e3e0f8d3e27ded1bde51b7a80c75f3d8733872af7952c3a6d902147e/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// eslint-disable-next-line import/no-extraneous-dependencies
import { Redshift } from 'aws-sdk';

const redshift = new Redshift();

export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise<void> {
if (event.RequestType !== 'Delete') {
return rebootClusterIfRequired(event.ResourceProperties?.ClusterId, event.ResourceProperties?.ParameterGroupName);
} else {
return;
}
}

async function rebootClusterIfRequired(clusterId: string, parameterGroupName: string): Promise<void> {
return executeActionForStatus(await getApplyStatus());

// https://docs.aws.amazon.com/redshift/latest/APIReference/API_ClusterParameterStatus.html
async function executeActionForStatus(status: string, retryDurationMs?: number): Promise<void> {
await sleep(retryDurationMs ?? 0);
if (['pending-reboot', 'apply-deferred', 'apply-error', 'unknown-error'].includes(status)) {
try {
await redshift.rebootCluster({ ClusterIdentifier: clusterId }).promise();
} catch (err) {
if ((<any>err).code === 'InvalidClusterState') {
return await executeActionForStatus(status, 30000);
} else {
throw err;
}
}
return;
} else if (['applying', 'retry'].includes(status)) {
return executeActionForStatus(await getApplyStatus(), 30000);
}
return;
}

async function getApplyStatus(): Promise<string> {
const clusterDetails = await redshift.describeClusters({ ClusterIdentifier: clusterId }).promise();
if (clusterDetails.Clusters?.[0].ClusterParameterGroups === undefined) {
throw new Error(`Unable to find any Parameter Groups associated with ClusterId "${clusterId}".`);
}
for (const group of clusterDetails.Clusters?.[0].ClusterParameterGroups) {
if (group.ParameterGroupName === parameterGroupName) {
return group.ParameterApplyStatus ?? 'retry';
}
}
throw new Error(`Unable to find Parameter Group named "${parameterGroupName}" associated with ClusterId "${clusterId}".`);
}
}

function sleep(ms: number) {
return new Promise(resolve => setTimeout(resolve, ms));
}
Loading