Spike data export for restoring prod db to local

[symroe]

What is this all about?

This is an idea for a pattern of getting prod databases onto local dev machines without having to download personal data.

It uses a Docker container run on Lambda to make a new database on the production server and then removes PII from that database. It then dumps the data to an S3 bucket (already set to expire objects) and downloads that DB into a local database.

If we think this is a reasonable shape of project them we should be able to apply it to other projects.

[chris48s]

OK. In the grand scheme of things I like this idea/approach. I think if we can get it working it is going to be a big productivity boost.

Also, I am going to leave a lot of comments on the diff (many of them quite minor, but a lot of them)

I want to lead with the highest priority thing: I did try to run it locally a few times, but I haven't managed to see it actually working properly end-to-end. When I ran it, this happened:

The CREATE DATABASE {} TEMPLATE {} needs the source DB to not have any connections in order to work. I think we're going to need to find a different approach to this. Maybe we can do a pg_dump --schema-only to get the structure? I'm surprised you didn't run into this.

I'll leave some more comments inline on the diff.

[chris48s]

Presumably this S3 bucket is just manually provisioned.
If we want to roll this out to another project, we just manually make another bucket in the relevant AWS account?

Also I'd probably make bucket_name BUCKET_NAME here.

[symroe]

Yeah. This bucket already existed so I just used that. I didn't include it in SAM for that reason, but there's no particular reason we can't set up a bucket in SAM.

I guess we can also have a single DC wide bucket for this: the user doesn't need bucket write permissions because of the pre-signed URL, so there's no problem with e.g limiting a user to only getting backups from one project but not others.

[chris48s]

Oh. Hi there, world 👋
Can we replace with sensible descriptions?

[chris48s]

this one is still relevant

[chris48s]

If I try to run this locally (using AWS_PROFILE=sym-roe scripts/get-prod-db.sh), I get

+ dropdb --if-exists ynr-prod
dropdb: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  role "chris" does not exist

normally, I would sudo -u postgres dropdb or sudo -u postgres createdb <dbname> in order to drop or create a DB. Do you have your local user set up as a postgres admin, or do you run the whole script as postgres? I wonder if it is useful to allow the user to pass an option to say sudo here?

[symroe]

I reckon this should be sorted with 51b3570

[chris48s]

I don't want to get too into prematurely trying to generalise. To start with, lets just copy & paste code to the 3 repos where we need it.

That said..
There are parts of this that could potentially be a shared library, and parts that are application specific

For example, this block here, the scrubbing rules, etc will be different for every project.

I think lets not get too bogged down in it at this point but having implemented it in a few places it might be worth having a think about what bits ended up the same/different and wether it is worth trying to generalise any of it.

[symroe]

Actually I think the parameters could be generic. No reason we can't enforce some conventions, especially when we have one application per account. These settings are only at this path because we're still in a shared AWS account.

[chris48s]

I have not had a chance to try this locally again, but I've had a really quick scan over the diff/comments and the direction this is going in seems sensible.

The one thing you missed after you dropped off the call earlier was: @awdem (running WSL) may also have some need to pass specific flags when running createdb and dropdb. I think they have to specify the host, so for them they have to run createdb --host 127.0.0.1 <dbname> rather than just createdb <dbname>.

Probably one to follow up with @awdem next week.

[symroe]

I have not had a chance to try this locally again, but I've had a really quick scan over the diff/comments and the direction this is going in seems sensible.

The one thing you missed after you dropped off the call earlier was: @awdem (running WSL) may also have some need to pass specific flags when running createdb and dropdb. I think they have to specify the host, so for them they have to run createdb --host 127.0.0.1 <dbname> rather than just createdb <dbname>.

Probably one to follow up with @awdem next week.

I think the solution here is to use a database connection URL rather than a name. The URL is an existing protocol for specifying all the connection parameters needed, and postgres's cli tooling like psql and createdb already supports it.

Using a URL opens the door — in theory — to using dj-db-url in the application too, with a single environment variable DATABASE_URL.

This doesn't work cleanly with multi-DB apps, but even with them we have a "principle" database that we could use that variable for.

[GeoWill]

please the environment variable -> please set the environment variable

[GeoWill]

Is this only intended for local DBs? if so should we validate that in the url?
If it's not only for local DBs what happens if you call createdb on a remote url?

[GeoWill]

I'm not sure how we validate it in the local case because I don't know if localhost works on (eg) wsl.

[chris48s]

This script exhibits different behaviour when run standalone vs when called by get-prod-db.sh.

If I run scripts/check-database-url.sh this block runs and outputs a help message.
If I run scripts/get-prod-db.sh this just fails with

scripts/get-prod-db.sh: 33: ./scripts/check-database-url.sh: DATABASE_URL: parameter not set

I think the reason for this is that we've set set -euxo in get-prod-db.sh but not in this script. So when it is called from get-prod-db.sh those settings are inherited, whereas in standalone mode it just tries to plough on.

[chris48s]

Here's another example. This probably does something standalone, but when invoked from get-prod-db.sh it doesn't do anything because we have already exited the script on the previous line.

[chris48s]

It looks like this is supposed to be doing nice formatting but for me this just literally printed the characters \033[4m and \033[0m to my terminal.

[chris48s]

I was not able to get this to work at all. As far as I can see, dropdb and createdb don't work with a postgresql:// connection string in the same way that psql and pg_restore can. I think we would have to parse out the user/pass/host/port to use dropdb and createdb

[chris48s]

Final comment. I ran https://www.shellcheck.net/ on your files (you can install this locally with apt install shellcheck) and it flagged quite a few issues. Some of them are belt and braces things but some of them may be legit bugs. I find it is a very useful check when writing non-trivial shell scripts like this. If we go down the route of writing a lot of shell scripts it might be a useful thing to run in CI.