🔱 Create a DAG that can deploy tables from Create-A-Derived-Table Successfully #5857
Comments
|
The work is in progress. DevelopmentA. create a new image pipeline
B. Replicate CaDeT deployment
C. Add a new DAG in Airflow repo
TestingTesting is under progress. Currently the DAG is failing with [Errno 13] Permission denied: '/.aws' |
|
just received a slack message from Francesca Von Braun-Bates about this bug raised. Need to follow the steps and reproduce and verify if AWS CLI installation works. |
|
@jnayak-moj summary of that bug is here #6248 (comment), not an issue with AWS CLI installation, rather lack of permissions to access paramater |
|
I have run a pod using the new Airflow Python base and attaching the service account created by airflow repo and can see the following analyticalplatform@cadet-pipeline-spike:/opt/analytical-platform$ aws sts get-caller-identity
{
"UserId": "AROAYUIXP4BW73VMXZLBD:botocore-session-1733506906",
"Account": "593291632749",
"Arn": "arn:aws:sts::593291632749:assumed-role/airflow_dev_cadet_pipeline_spike/botocore-session-1733506906"
}
analyticalplatform@cadet-pipeline-spike:/opt/analytical-platform$ aws secretsmanager get-secret-value \
--secret-id "create_a_derived_table/dev/github_app_key" \
--region "eu-west-1" \
--query SecretString \
--output text
-----BEGIN RSA PRIVATE KEY-----
...This pull request (https://github.com/moj-analytical-services/CADET-Airflow-Spike/pull/36) updates the Dockerfile to the new image which includes the AWS CLI |
|
I tested various scenarios and I can confirm with the new airflow python base image, aws cli is being installed correctly. But still the code is failing reading the secrets from the secretsmanager. I think there may be some permission issue attached to the deploy key. I am doing further investigation. |
|
Export run artefacts to S3 (../scripts/export_run_artefacts.py) from the deployment steps was failing due to GITHUB_OUTPUT environment variable was missing in the environment. After I commented this step out, The airflow job ran successfully. The log of the job is below. All the DBT steps completed successfully. |
|
image used DAG in Airflow repo A new DAG is added in the dev environment in the airflow repo. A new role is created with required permissions |
|
Most of the requirements for the spike is met and tested. The DAG output is https://23f37892-d1d1-4d9f-a03d-b8a53581fd20.c0.eu-west-1.airflow.amazonaws.com/log?execution_date=2024-12-20T15%3A33%3A40.259147%2B00%3A00&task_id=cadet-sandpit-pipeline-spike&dag_id=development-sandpit.deploy_sandpit&map_index=-1 |
|
So we can close this ticket here and carry on the expansion tasks in a new ticket. |
Context
We want to explore whether Github Actions continues to be the best scheduling option for CaDeT as a product. Currently, we use it because it was a quick and easy way to get secure dedicated compute for running our deployments, which require the role to be relatively highly empowered. However, we're essentially just using a kubernetes pod running relatively generic linux and some public python packages to build our tables. As such, this could be theoretically be converted into a DAG pipeline, with scheduling handed off to airflow instead. As such, this spike looks to create an Image and DAG that would be able to deploy a CaDeT pipeline to prove out the concept.
Proposal
The first task will be in designing an image that does all the steps our deployment workflow currently does. Outside the github actions ecosystem, this may require scripting to achieve tasks that are currently achieved by handing off to other github actions directly. We should start with our testing domain, and prove out that we can deploy the testing domain from airflow. This will also minimise the possibility of disruption to customer work.
CADET-Airflow-SpikeSpike requirements
Data Engineer - 1/2-1 sprint
Definition of Done
The text was updated successfully, but these errors were encountered: