fix(init): add setting to enable durable locks on crdb (#7982)

feat(init): add setting to enable durable locks on crdb
2025-01-08 19:57:48 +00:00 · 2024-05-27 11:03:34 +02:00 · 2024-05-27 11:03:34 +02:00 · cff0f73e24
commit cff0f73e24
parent 0b366bece6
9 changed files with 102 additions and 4 deletions
--- a/cmd/initialise/init.go
+++ b/cmd/initialise/init.go
@ -19,6 +19,7 @@ var (
 	createUserStmt           string
 	grantStmt                string
 	settingsStmt             string
 	databaseStmt             string
 	createEventstoreStmt     string
 	createProjectionsStmt    string
@ -53,7 +54,7 @@ The user provided by flags needs privileges to
 		},
 	}
-	cmd.AddCommand(newZitadel(), newDatabase(), newUser(), newGrant())
+	cmd.AddCommand(newZitadel(), newDatabase(), newUser(), newGrant(), newSettings())
 	return cmd
 }
@ -62,6 +63,7 @@ func InitAll(ctx context.Context, config *Config) {
 		VerifyUser(config.Database.Username(), config.Database.Password()),
 		VerifyDatabase(config.Database.DatabaseName()),
 		VerifyGrant(config.Database.DatabaseName(), config.Database.Username()),
 		VerifySettings(config.Database.DatabaseName(), config.Database.Username()),
 	)
 	logging.OnError(err).Fatal("unable to initialize the database")
@ -147,6 +149,11 @@ func ReadStmts(typ string) (err error) {
 		return err
 	}
 	settingsStmt, err = readStmt(typ, "11_settings")
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/cmd/initialise/sql/cockroach/11_settings.sql
+++ b/cmd/initialise/sql/cockroach/11_settings.sql
@ -0,0 +1,4 @@
 -- replace the first %[1]q with the database in double quotes
 -- replace the second \%[2]q with the user in double quotes$
 -- For more information see technical advisory 10009 (https://zitadel.com/docs/support/advisory/a10009)
 ALTER ROLE %[2]q IN DATABASE %[1]q SET enable_durable_locking_for_serializable = on;
--- a/cmd/initialise/sql/postgres/11_settings.sql
+++ b/cmd/initialise/sql/postgres/11_settings.sql
--- a/cmd/initialise/verify_settings.go
+++ b/cmd/initialise/verify_settings.go
@ -0,0 +1,44 @@
 package initialise
 import (
 	_ "embed"
 	"fmt"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/zitadel/internal/database"
 )
 func newSettings() *cobra.Command {
 	return &cobra.Command{
 		Use:   "settings",
 		Short: "Ensures proper settings on the database",
 		Long: `Ensures proper settings on the database.
 Prerequisites:
 - cockroachDB or postgreSQL
 Cockroach
 - Sets enable_durable_locking_for_serializable to on for the zitadel user and database
 `,
 		Run: func(cmd *cobra.Command, args []string) {
 			config := MustNewConfig(viper.GetViper())
 			err := initialise(config.Database, VerifySettings(config.Database.DatabaseName(), config.Database.Username()))
 			logging.OnError(err).Fatal("unable to set settings")
 		},
 	}
 }
 func VerifySettings(databaseName, username string) func(*database.DB) error {
 	return func(db *database.DB) error {
 		if db.Type() == "postgres" {
 			return nil
 		}
 		logging.WithFields("user", username, "database", databaseName).Info("verify settings")
 		return exec(db, fmt.Sprintf(settingsStmt, databaseName, username), nil)
 	}
 }
--- a/docs/docs/self-hosting/manage/database/_cockroachdb.mdx
+++ b/docs/docs/self-hosting/manage/database/_cockroachdb.mdx
@ -2,6 +2,8 @@
 The default database of ZITADEL is [CockroachDB](https://www.cockroachlabs.com). The SQL database provides a bunch of features like horizontal scalability, data regionality and many more.
 Currently versions >= 23.2 are supported.
 The default configuration of the database looks like this:
 ```yaml
--- a/docs/docs/support/advisory/a10009.md
+++ b/docs/docs/support/advisory/a10009.md
@ -0,0 +1,27 @@
 ---
 title: Technical Advisory 10009
 ---
 ## Date and Version
 Version: 2.53.0
 Date: Calendar week 23/24 2024
 ## Description
 There were rare cases where Cockroachdb got blocked during runtime of ZITADEL and returned `WRITE_TOO_OLD`-errors to ZITADEL. The root cause of the problem is described in [this github issue of the database](https://github.com/cockroachdb/cockroach/issues/77119). The workaround provided by the database is enabling the `enable_durable_locking_for_serializable`-flag as described [here](https://github.com/cockroachdb/cockroach/issues/75456#issuecomment-1936277716).
 Because enabling flags requires admin privileges the statement must be executed manually or by executing `zitadel init` command.
 ## Statement
 Ensure lock distribution for `FOR UPDATE`-statements on Cockroachdb.
 ## Mitigation
 Cockroachdb version >= 23.2.
 ## Impact
 Adding additional raft queries to `FOR UPDATE`-statements can impact performance slightly but ensures availability of the system.
--- a/docs/docs/support/technical_advisory.mdx
+++ b/docs/docs/support/technical_advisory.mdx
@ -149,11 +149,23 @@ We understand that these advisories may include breaking changes, and we aim to
    <td>New flag to prefill projections during setup instead of after start</td>
    <td>Feature description</td>
    <td>
-      new flag `--init-projections` introduced to `zitadel setup` commands (`setup`, `start-from-setup`, `start-from-init`)
+      New flag `--init-projections` introduced to `zitadel setup` commands (`setup`, `start-from-setup`, `start-from-init`)
    </td>
    <td>2.44.0, 2.43.6, 2.42.12</td>
    <td>2024-01-25</td>
  </tr>
  <tr>
    <td>
      <a href="./advisory/a10009">A-10009</a>
    </td>
    <td>Ensure lock distribution for `FOR UPDATE`-statements on Cockroachdb</td>
    <td>Feature description</td>
    <td>
      Fixes rare cases where updating projections was blocked by a `WRITE_TOO_OLD`-error when using cockroachdb.
    </td>
    <td>2.53.0</td>
    <td>2024-05-27</td>
  </tr>
 </table>
 ## Subscribe to our Mailing List
--- a/internal/eventstore/local_crdb_test.go
+++ b/internal/eventstore/local_crdb_test.go
@ -88,7 +88,8 @@ func initDB(db *database.DB) error {
 	err := initialise.Init(db,
 		initialise.VerifyUser(config.Username(), ""),
 		initialise.VerifyDatabase(config.DatabaseName()),
-		initialise.VerifyGrant(config.DatabaseName(), config.Username()))
+		initialise.VerifyGrant(config.DatabaseName(), config.Username()),
 		initialise.VerifySettings(config.DatabaseName(), config.Username()))
 	if err != nil {
 		return err
 	}
--- a/internal/eventstore/repository/sql/local_crdb_test.go
+++ b/internal/eventstore/repository/sql/local_crdb_test.go
@ -60,7 +60,8 @@ func initDB(db *database.DB) error {
 	err := initialise.Init(db,
 		initialise.VerifyUser(config.Username(), ""),
 		initialise.VerifyDatabase(config.DatabaseName()),
-		initialise.VerifyGrant(config.DatabaseName(), config.Username()))
+		initialise.VerifyGrant(config.DatabaseName(), config.Username()),
 		initialise.VerifySettings(config.DatabaseName(), config.Username()))
 	if err != nil {
 		return err
 	}