Skip to content

WPB-20728 background job for user group to channel association #4797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 75 commits into
base: develop
Choose a base branch
from
Open

WPB-20728 background job for user group to channel association #4797

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
75 commits
Select commit Hold shift + click to select a range
387347c
job types
battermann Sep 30, 2025
f4134f4
job consumer scaffold
battermann Sep 30, 2025
931e26f
implement basic handler for jobs
battermann Sep 30, 2025
2d120d2
clean up
battermann Sep 30, 2025
3084ca9
refactor: some clean ups
blackheaven Sep 30, 2025
1be2fa3
feat: add jobs defiinitions, fix schema and validate settings
blackheaven Oct 1, 2025
262ce26
feat: add Effect and Interpreters
blackheaven Oct 1, 2025
6141666
update cabal and nix dependencies
battermann Oct 2, 2025
acd4e4a
moved and removed some code
battermann Oct 2, 2025
97d6f9b
background job runner
battermann Oct 2, 2025
8d23abb
split job publisher and runner
battermann Oct 2, 2025
30a360d
interpret job runner from background worker
battermann Oct 2, 2025
8153b76
config maps, helm charts, default values, docs
battermann Oct 2, 2025
70f1d4d
reduce invalid message sleep
battermann Oct 2, 2025
e286b66
fix linting issue
battermann Oct 2, 2025
81615ca
fix arbitrary instance of request id
battermann Oct 2, 2025
aaa8932
wip
battermann Oct 2, 2025
c972c4d
fix warnings in background worker tests
battermann Oct 2, 2025
82c625d
implement sync user group job
battermann Oct 2, 2025
1a83dea
fix: rebase
blackheaven Oct 2, 2025
e14dfff
feat: call the jobs, run the jobs, add config options
blackheaven Oct 3, 2025
3238023
fix: hlint
blackheaven Oct 3, 2025
b471420
fix: nix files
blackheaven Oct 3, 2025
73c6b70
fix: config in yamls
blackheaven Oct 3, 2025
34210a9
refactor: move publish from wire-api to wire-subsystem
blackheaven Oct 6, 2025
0c88c20
fix: k8s configs
blackheaven Oct 6, 2025
5b15a08
fix: k8s configs
blackheaven Oct 6, 2025
5a57a86
fix: k8s configs
blackheaven Oct 6, 2025
4c7f723
fix: k8s config
battermann Oct 6, 2025
6840b54
refactor
battermann Oct 6, 2025
0ca391f
missing wiring of postgres config in background-worker
battermann Oct 6, 2025
dd2cfae
removed todos
battermann Oct 6, 2025
2362a08
configure brig cassandra client for background worker
battermann Oct 6, 2025
6a049ec
fix testTemporaryQueuesAreDeletedAfterUse test
battermann Oct 6, 2025
b43a911
wip: debugging bg jobs
battermann Oct 6, 2025
d4c7be3
fix: backgroung timeout second translation
blackheaven Oct 6, 2025
e19d1da
fix: integration tests background-worker postgresql params
blackheaven Oct 6, 2025
2ecf80d
fix fetching the channels for a group
battermann Oct 7, 2025
a12d128
fix: enable user-group synced tests
blackheaven Oct 17, 2025
0ae5d85
add test
blackheaven Oct 17, 2025
dca5772
chore: rebase
blackheaven Oct 20, 2025
6c9bf8d
fix: opts domain injection
blackheaven Oct 20, 2025
6cfff55
use postgresql pool in background worker
battermann Oct 29, 2025
30e7d81
remove redundant test
battermann Oct 29, 2025
f67eb0b
extend test
battermann Oct 30, 2025
fa0ab91
wip: galley internal route
battermann Oct 30, 2025
395e796
add undefined handler in galley
battermann Oct 30, 2025
0c98fc1
move BackendNotificationQueueAccess to subsystems
battermann Oct 30, 2025
4b225a4
remove galley api access from background jobs
battermann Oct 30, 2025
44c3c9b
moved service store to wire subsystems
battermann Oct 30, 2025
f4ffd3e
move FireAndForget to subsystems
battermann Oct 31, 2025
a0ce560
move ExternalAccess to subsystems
battermann Oct 31, 2025
1311c9f
add members in background job using conv subsys
battermann Oct 31, 2025
d11d961
configs, helm charts, config maps etc.
battermann Oct 31, 2025
fa5711d
wip: moving notifConversationAction to subsystems
battermann Oct 31, 2025
2b6a28f
move notify conv action to new module
battermann Nov 3, 2025
9497e18
use conv subsystem in galley and fix deps in brig
battermann Nov 3, 2025
24718d4
implement notifications in bg job
battermann Nov 3, 2025
11e2e33
wip
battermann Nov 3, 2025
9d93746
little fixes
battermann Nov 3, 2025
7f91a3b
fix test
battermann Nov 3, 2025
36864bf
add brig and gundeck to configmap
battermann Nov 3, 2025
a5746a1
changelog
battermann Nov 3, 2025
dd1a812
clean up
battermann Nov 3, 2025
84e31d7
split AMQP channel responsiblity and make explicit by better naming
battermann Nov 3, 2025
47446e4
get only channels for better performance and remove todo
battermann Nov 3, 2025
c327896
comment
battermann Nov 4, 2025
82daaa6
move HasCellsState and helper functions
battermann Nov 4, 2025
aa0f347
expect roles not to be overwritten
battermann Nov 4, 2025
39b9089
release notes
battermann Nov 4, 2025
4089327
added comment about brig access in bg worker
battermann Nov 4, 2025
a9b29f5
updated comment
battermann Nov 4, 2025
4c5fdd0
gen nix packages
battermann Nov 4, 2025
9f13e4e
remove unimplemented endpoint
battermann Nov 4, 2025
0a3febe
use random effect
battermann Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions changelog.d/0-release-notes/WPB-20728
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
Background-worker configuration: required values when supplying your own Helm values

Add the following fields under `background-worker`:

- `config.domain`
- `config.postgresql`
- `config.cassandraBrig`
- `config.cassandraGalley`
- `secrets.pgPassword`

Notes
- `config.cassandra` (for gundeck) already exists; no change needed.
- `config.backgroundJobs` and `config.postgresqlPool` have defaults; override only if needed.
- `config.postgresMigration.conversation` defaults to `postgresql`; change only if migrating conversations to PostgreSQL.
- `config.brig` and `config.gundeck` endpoints have in-cluster defaults; override only if your service DNS/ports differ.
1 change: 1 addition & 0 deletions changelog.d/2-features/WPB-20728
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add users of user groups to a channel in asynchronous background worker job
18 changes: 17 additions & 1 deletion charts/background-worker/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,21 @@
Note that background-worker depends on some provisioned storage, namely:
Note that background-worker depends on some provisioned storage/services, namely:

- rabbitmq
- postgresql
- cassandra (three clusters)

PostgreSQL configuration
- Set connection parameters under `config.postgresql` (libpq keywords: `host`, `port`, `user`, `dbname`, etc.).
- Provide the password via `secrets.pgPassword`; it is mounted at `/etc/wire/background-worker/secrets/pgPassword` and referenced from the configmap.

Cassandra configuration
- Background-worker connects to three Cassandra clusters:
- `config.cassandra` (keyspace: `gundeck`) for the dead user notification watcher.
- `config.cassandraBrig` (keyspace: `brig`) for the user store.
- `config.cassandraGalley` (keyspace: `galley`) for conversation-related data access.
- TLS may be configured via either a reference (`tlsCaSecretRef`) or inline CA (`tlsCa`) for each cluster. Secrets mount under:
- `/etc/wire/background-worker/cassandra-gundeck`
- `/etc/wire/background-worker/cassandra-brig`
- `/etc/wire/background-worker/cassandra-galley`

These are dealt with independently from this chart.
34 changes: 27 additions & 7 deletions charts/background-worker/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,38 @@
{{- (semverCompare ">= 1.24-0" (include "kubeVersion" .)) -}}
{{- end -}}

{{- define "useCassandraTLS" -}}
{{- define "useGundeckCassandraTLS" -}}
{{ or (hasKey .cassandra "tlsCa") (hasKey .cassandra "tlsCaSecretRef") }}
{{- end -}}

{{/* Return a Dict of TLS CA secret name and key
This is used to switch between provided secret (e.g. by cert-manager) and
created one (in case the CA is provided as PEM string.)
*/}}
{{- define "tlsSecretRef" -}}
{{- define "useBrigCassandraTLS" -}}
{{ or (hasKey .cassandraBrig "tlsCa") (hasKey .cassandraBrig "tlsCaSecretRef") }}
{{- end -}}

{{- define "useGalleyCassandraTLS" -}}
{{ or (hasKey .cassandraGalley "tlsCa") (hasKey .cassandraGalley "tlsCaSecretRef") }}
{{- end -}}

{{- define "gundeckTlsSecretRef" -}}
{{- if .cassandra.tlsCaSecretRef -}}
{{ .cassandra.tlsCaSecretRef | toYaml }}
{{- else }}
{{- dict "name" "background-worker-cassandra" "key" "ca.pem" | toYaml -}}
{{- dict "name" "background-worker-cassandra-gundeck" "key" "ca.pem" | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "brigTlsSecretRef" -}}
{{- if .cassandraBrig.tlsCaSecretRef -}}
{{ .cassandraBrig.tlsCaSecretRef | toYaml }}
{{- else }}
{{- dict "name" "background-worker-cassandra-brig" "key" "ca.pem" | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "galleyTlsSecretRef" -}}
{{- if and .cassandraGalley .cassandraGalley.tlsCaSecretRef -}}
{{ .cassandraGalley.tlsCaSecretRef | toYaml }}
{{- else }}
{{- dict "name" "background-worker-cassandra-galley" "key" "ca.pem" | toYaml -}}
{{- end -}}
{{- end -}}
34 changes: 32 additions & 2 deletions charts/background-worker/templates/cassandra-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{{/* Secret for the provided Cassandra TLS CA. */}}
{{/* Secrets for provided Cassandra TLS CAs */}}
{{- if not (empty .Values.config.cassandra.tlsCa) }}
apiVersion: v1
kind: Secret
metadata:
name: background-worker-cassandra
name: background-worker-cassandra-gundeck
labels:
app: background-worker
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
Expand All @@ -13,3 +13,33 @@ type: Opaque
data:
ca.pem: {{ .Values.config.cassandra.tlsCa | b64enc | quote }}
{{- end }}
{{- if not (empty .Values.config.cassandraBrig.tlsCa) }}
---
apiVersion: v1
kind: Secret
metadata:
name: background-worker-cassandra-brig
labels:
app: background-worker
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
ca.pem: {{ .Values.config.cassandraBrig.tlsCa | b64enc | quote }}
{{- end }}
{{- if and .Values.config.cassandraGalley (not (empty .Values.config.cassandraGalley.tlsCa)) }}
---
apiVersion: v1
kind: Secret
metadata:
name: background-worker-cassandra-galley
labels:
app: background-worker
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
ca.pem: {{ .Values.config.cassandraGalley.tlsCa | b64enc | quote }}
{{- end }}
46 changes: 44 additions & 2 deletions charts/background-worker/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,43 @@ data:
host: federator
port: 8080

brig:
host: brig
port: 8080

gundeck:
host: gundeck
port: 8080

cassandra:
endpoint:
host: {{ .cassandra.host }}
port: 9042
keyspace: gundeck
{{- if eq (include "useCassandraTLS" .) "true" }}
tlsCa: /etc/wire/background-worker/cassandra/{{- (include "tlsSecretRef" . | fromYaml).key }}
{{- if eq (include "useGundeckCassandraTLS" .) "true" }}
tlsCa: /etc/wire/background-worker/cassandra-gundeck/{{- (include "gundeckTlsSecretRef" . | fromYaml).key }}
{{- end }}

cassandraBrig:
endpoint:
host: {{ .cassandraBrig.host }}
port: 9042
keyspace: brig
{{- if eq (include "useBrigCassandraTLS" .) "true" }}
tlsCa: /etc/wire/background-worker/cassandra-brig/{{- (include "brigTlsSecretRef" . | fromYaml).key }}
{{- end }}

cassandraGalley:
endpoint:
host: {{ .cassandraGalley.host }}
port: 9042
keyspace: galley
{{- if eq (include "useGalleyCassandraTLS" .) "true" }}
tlsCa: /etc/wire/background-worker/cassandra-galley/{{- (include "galleyTlsSecretRef" . | fromYaml).key }}
{{- end }}

domain: {{ .Values.domain }}

{{- with .rabbitmq }}
rabbitmq:
host: {{ .host }}
Expand All @@ -48,4 +76,18 @@ data:

backendNotificationPusher:
{{toYaml .backendNotificationPusher | indent 6 }}
{{- with .backgroundJobs }}
backgroundJobs:
{{ toYaml . | indent 6 }}
{{- end }}
postgresql:
{{ toYaml .postgresql | indent 6 }}
{{- if hasKey $.Values.secrets "pgPassword" }}
postgresqlPassword: /etc/wire/background-worker/secrets/pgPassword
{{- end }}
postgresqlPool:
{{ toYaml .postgresqlPool | nindent 6 }}
{{- if .postgresMigration }}
postgresMigration: {{- toYaml .postgresMigration | nindent 6 }}
{{- end }}
{{- end }}
32 changes: 26 additions & 6 deletions charts/background-worker/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,20 @@ spec:
- name: "background-worker-secrets"
secret:
secretName: "background-worker"
{{- if eq (include "useCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra"
{{- if eq (include "useGundeckCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra-gundeck"
secret:
secretName: {{ (include "tlsSecretRef" .Values.config | fromYaml).name }}
secretName: {{ (include "gundeckTlsSecretRef" .Values.config | fromYaml).name }}
{{- end }}
{{- if eq (include "useBrigCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra-brig"
secret:
secretName: {{ (include "brigTlsSecretRef" .Values.config | fromYaml).name }}
{{- end }}
{{- if eq (include "useGalleyCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra-galley"
secret:
secretName: {{ (include "galleyTlsSecretRef" .Values.config | fromYaml).name }}
{{- end }}
{{- if .Values.config.rabbitmq.tlsCaSecretRef }}
- name: "rabbitmq-ca"
Expand All @@ -58,11 +68,21 @@ spec:
{{- toYaml .Values.podSecurityContext | nindent 12 }}
{{- end }}
volumeMounts:
- name: "background-worker-secrets"
mountPath: "/etc/wire/background-worker/secrets"
- name: "background-worker-config"
mountPath: "/etc/wire/background-worker/conf"
{{- if eq (include "useCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra"
mountPath: "/etc/wire/background-worker/cassandra"
{{- if eq (include "useGundeckCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra-gundeck"
mountPath: "/etc/wire/background-worker/cassandra-gundeck"
{{- end }}
{{- if eq (include "useBrigCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra-brig"
mountPath: "/etc/wire/background-worker/cassandra-brig"
{{- end }}
{{- if eq (include "useGalleyCassandraTLS" .Values.config) "true" }}
- name: "background-worker-cassandra-galley"
mountPath: "/etc/wire/background-worker/cassandra-galley"
{{- end }}
{{- if .Values.config.rabbitmq.tlsCaSecretRef }}
- name: "rabbitmq-ca"
Expand Down
3 changes: 3 additions & 0 deletions charts/background-worker/templates/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,7 @@ data:
{{- with .Values.secrets }}
rabbitmqUsername: {{ .rabbitmq.username | b64enc | quote }}
rabbitmqPassword: {{ .rabbitmq.password | b64enc | quote }}
{{- if .pgPassword }}
pgPassword: {{ .pgPassword | b64enc | quote }}
{{- end }}
{{- end }}
40 changes: 39 additions & 1 deletion charts/background-worker/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,22 @@ config:
logLevel: Info
logFormat: StructuredJSON
enableFederation: false # keep in sync with brig, cargohold and galley charts' config.enableFederation as well as wire-server chart's tags.federation
# Postgres connection settings
#
# Values are described in https://www.postgresql.org/docs/17/libpq-connect.html#LIBPQ-PARAMKEYWORDS
# To set the password via a background-worker secret see `secrets.pgPassword`.
#
# Below is an example configuration used in CI tests.
postgresql:
host: postgresql # DNS name without protocol
port: "5432"
user: wire-server
dbname: wire-server
postgresqlPool:
size: 100
acquisitionTimeout: 10s
agingTimeout: 1d
idlenessTimeout: 10m
rabbitmq:
host: rabbitmq
port: 5672
Expand All @@ -29,15 +45,37 @@ config:
# tlsCaSecretRef:
# name: <secret-name>
# key: <ca-attribute>
# Cassandra clusters used by background-worker
cassandra:
host: aws-cassandra
cassandraBrig:
host: aws-cassandra
cassandraGalley:
host: aws-cassandra

backendNotificationPusher:
pushBackoffMinWait: 10000 # in microseconds, so 10ms
pushBackoffMaxWait: 300000000 # microseconds, so 300s
remotesRefreshInterval: 300000000 # microseconds, so 300s

secrets: {}
# Background jobs consumer configuration
backgroundJobs:
# Maximum number of in-flight jobs per process
concurrency: 8
# Per-attempt timeout in seconds
jobTimeout: 60
Copy link
Contributor

@fisx fisx Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't this something we want to define per job type? deleting users takes less time than scanning a huge table for inconsistencies.

i have little context, though. maybe i'm thinking ahead to far.

# Total attempts, including the first try
maxAttempts: 3

domain: example.org

# Controls where conversation data is stored/accessed
postgresMigration:
conversation: postgresql

secrets:
{}
# pgPassword: <postgres-password>

podSecurityContext:
allowPrivilegeEscalation: false
Expand Down
5 changes: 5 additions & 0 deletions charts/integration/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ data:
backgroundWorker:
host: backgroundWorker.{{ .Release.Namespace }}.svc.cluster.local
port: 8080
# Background jobs defaults for integration tests
backgroundJobs:
concurrency: 4
jobTimeout: 5
maxAttempts: 3

stern:
host: stern.{{ .Release.Namespace }}.svc.cluster.local
Expand Down
40 changes: 40 additions & 0 deletions docs/src/developer/reference/config-options.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1707,3 +1707,43 @@ gundeck:
settings:
cellsEventQueue: "cells_events"
```
## Background worker: Background jobs

The background worker consumes jobs from RabbitMQ to process tasks asynchronously. The following configuration controls the consumer’s behavior:

Internal YAML file and Helm values (under `background-worker.config`):

```yaml
backgroundJobs:
# Maximum number of in-flight jobs per process
concurrency: 8
# Per-attempt timeout in seconds
jobTimeout: 60
# Total attempts including the first run
maxAttempts: 3
```

Notes:

- `concurrency` controls the AMQP prefetch and caps parallel handler execution per process.
- `jobTimeout` bounds each attempt; timed‑out attempts are retried until `maxAttempts` is reached.
- `maxAttempts` is total tries (first run plus retries). On final failure, the job is dropped (NACK requeue=false) and counted in metrics.

Additional background-worker configuration:

```yaml
# Cassandra clusters
cassandra:
host: aws-cassandra
cassandraBrig:
host: aws-cassandra
cassandraGalley:
host: aws-cassandra

# Conversation storage backend selection
postgresMigration:
conversation: cassandra # or postgresql
```

- `cassandraGalley` configures the third Cassandra cluster used for conversation-related data; TLS may be configured via `tlsCa` or `tlsCaSecretRef` similarly to the other clusters.
- `postgresMigration.conversation` selects the storage location for conversation data; aligns with galley’s option and defaults to `cassandra`.
Loading