From 1e3c811e136375e3c6963a49039c62820b12536a Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 17 Feb 2023 13:07:36 +0530 Subject: [PATCH 01/33] Issue #LR-122 chore: Rename Learner to user-org --- ansible/inventory/env/group_vars/all.yml | 14 +++++------ ansible/logstash-provision.yml | 10 ++++---- ansible/roles/kong-api/defaults/main.yml | 2 +- .../lms-logstash-deploy/defaults/main.yml | 2 +- ansible/roles/logstash/defaults/main.yml | 2 +- .../roles/post-install/tasks/user_org.yaml | 6 ++--- ansible/roles/reset-docker/tasks/main.yml | 4 ++-- ansible/roles/stack-keycloak/tasks/common.yml | 2 +- .../stack-monitor-stateful/defaults/main.yml | 2 +- ansible/roles/stack-monitor/defaults/main.yml | 2 +- .../templates/proxy-default.conf | 6 ++--- .../stack-proxy/templates/proxy-default.conf | 2 +- ansible/roles/stack-sunbird/defaults/main.yml | 23 ++++++++----------- .../stack-sunbird/tasks/learner_service.yml | 9 -------- ansible/roles/stack-sunbird/tasks/main.yml | 4 ++-- .../stack-sunbird/tasks/user-org-service.yml | 9 ++++++++ .../stack-sunbird/tasks/user_org_service.yml | 2 +- .../templates/ml-core-service.env | 2 +- .../templates/ml-projects-service.env | 2 +- .../templates/ml-survey-service.env | 2 +- ...service.yml => stack_user_org_service.yml} | 4 ++-- .../templates/sunbird_groups-service.env | 2 +- .../sunbird_notification-service.env | 2 +- ...arner-service.env => user-org-service.env} | 6 ++--- ...gback.xml => user-org-service_logback.xml} | 0 ansible/static-files/health.sh | 6 ++--- deploy/config.yml | 2 +- deploy/deploy-core.sh | 6 ++--- deploy/gitOPS/github.csv | 2 +- .../General/service-memory-usage-ds1.json | 4 ++-- .../Core/jobs/{Learner => UserOrg}/config.xml | 4 ++-- .../Core/jobs/{Learner => UserOrg}/config.xml | 0 .../jobs/{Learner => UserOrg}/config.xml | 12 +++++----- .../Summary/jobs/DeployedVersions/config.xml | 2 +- deploy/postInstallation.sh | 4 ++-- deploy/version.env | 2 +- .../sunbird-monitoring/defaults/main.yml | 4 ++-- kubernetes/ansible/static-files/health.sh | 6 ++--- .../templates/configmap.yaml | 6 ++--- .../core/nginx-public-ingress/values.j2 | 4 ++-- .../core/{learner => user-org}/.helmignore | 0 .../core/{learner => user-org}/Chart.yaml | 2 +- .../templates/_helpers.tpl | 0 .../templates/configmap.yaml | 0 .../templates/deployment.yaml | 4 ++-- .../templates/envoy-config.yaml | 0 .../{learner => user-org}/templates/hpa.yaml | 0 .../templates/serviceMonitor.yaml | 0 .../core/{learner => user-org}/values.j2 | 4 ++-- .../dashboards/dashboards/service-memory.json | 4 ++-- .../networkconfig/templates/private-vs.yaml | 6 ++--- .../opa/{learner => user-org}/common.rego | 0 .../opa/{learner => user-org}/main.rego | 0 .../opa/{learner => user-org}/policies.rego | 0 .../{learner => user-org}/policies_test.rego | 0 .../deploy/{learner => user-org}/Jenkinsfile | 2 +- 56 files changed, 102 insertions(+), 105 deletions(-) delete mode 100644 ansible/roles/stack-sunbird/tasks/learner_service.yml create mode 100644 ansible/roles/stack-sunbird/tasks/user-org-service.yml rename ansible/roles/stack-sunbird/templates/{stack_learner_service.yml => stack_user_org_service.yml} (89%) rename ansible/roles/stack-sunbird/templates/{sunbird_learner-service.env => user-org-service.env} (98%) rename ansible/roles/stack-sunbird/templates/{learner-service_logback.xml => user-org-service_logback.xml} (100%) rename deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/{Learner => UserOrg}/config.xml (97%) rename deploy/jenkins/jobs/Build/jobs/Core/jobs/{Learner => UserOrg}/config.xml (100%) rename deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/{Learner => UserOrg}/config.xml (95%) rename kubernetes/helm_charts/core/{learner => user-org}/.helmignore (100%) rename kubernetes/helm_charts/core/{learner => user-org}/Chart.yaml (85%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/_helpers.tpl (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/configmap.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/deployment.yaml (97%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/envoy-config.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/hpa.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/serviceMonitor.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/values.j2 (95%) rename kubernetes/opa/{learner => user-org}/common.rego (100%) rename kubernetes/opa/{learner => user-org}/main.rego (100%) rename kubernetes/opa/{learner => user-org}/policies.rego (100%) rename kubernetes/opa/{learner => user-org}/policies_test.rego (100%) rename pipelines/deploy/{learner => user-org}/Jenkinsfile (90%) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index e4572b2b1d..bc6c21e85a 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -10,7 +10,7 @@ api_proxy_name: "api.{{proxy_server_name}}" # Domain name on which device reg swarm_load_balancer: "{{proxy_server_name}}" proxy_site_key: "{{ core_vault_proxy_site_key }}" #SSL certificate's site.key file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service proxy_site_crt: "{{ core_vault_proxy_site_crt }}" #SSL certificate's site.crt file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service -sunbird_environment: "{{env}}" # +content-service learner +sunbird_environment: "{{env}}" # +content-service user-org sunbird_installation: "{{env}}" # +keycloak sunbird_instance: "{{env}}" env_short_name: "{{env}}" @@ -28,7 +28,7 @@ keycloak_management_user: "admin" keycloak_management_password: "{{core_vault_keycloak_password}}" tenant_name: sunbird -## Learner service +## UserOrg service sunbird_url_shortner_access_token: "{{vault_core_url_shortner_access_token}}" sunbird_url_shortner_enable: 'false' @@ -38,7 +38,7 @@ sunbird_es_port: 9300 mail_server_port: 587 upstream_url: "{{cloud_public_storage_accountname}}.blob.core.windows.net/{{cloud_storage_content_bucketname}}" -# Learner +# UserOrg sunbird_user_profile_field_default_visibility: private # Player @@ -176,7 +176,7 @@ sunbird_plugin_repo_api_base_url: "{{ sunbird_search_service_api_base_url }}" sunbird_data_service_api_base_url: "{{sunbird_ekstep_api_base_url}}" sunbird_data_service_api_key: "{{ core_vault_sunbird_api_auth_token }}" sunbird_content_service_api_base_url: "http://content-service.{{namespace}}.svc.cluster.local:9000" -sunbird_user_service_api_base_url: "http://learner-service.{{namespace}}.svc.cluster.local:9000" +sunbird_user_service_api_base_url: "http://user-org-service.{{namespace}}.svc.cluster.local:9000" sunbird_group_service_api_base_url: "http://groups-service:9000" plugin_media_base_url: "{{proto}}://{{domain_name}}" @@ -237,7 +237,7 @@ enable_scraping_docker_metrics: false postgres_exporter_postgres_port: 5432 postgres_exporter_user: postgres_exporter sunbird_cs_base_url: "http://{{sunbird_swarm_manager_lb_ip}}:5000" -sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/learner" +sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/user-org" kong_admin_api_url: http://localhost:8001 @@ -410,7 +410,7 @@ sunbird_health_check_enable: 'true' ## Release 1.15 ## sunbird_keycloak_user_federation_provider_id: "{{core_vault_sunbird_keycloak_user_federation_provider_id}}" -# Learner-service +# UserOrg-service sunbird_course_metrics_base_url: https://{{cloud_private_storage_accountname}}.blob.core.windows.net/ sunbird_gzip_size_threshold: 262144 prometheus_mount_point: "/root/dockerdata/prometheus/data/" @@ -425,7 +425,7 @@ sunbird_sso_kafka_topic: "{{env_name}}.lms.sso.events" __yarn_host__: "{{ groups['yarn-master'][0] }}" zookeepers: "{{groups['zookeeper']|join(':2181,')}}:2181" kafka_brokers: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -__lms_host__: "http://{{private_ingressgateway_ip}}/learner" +__lms_host__: "http://{{private_ingressgateway_ip}}/user-org" sunbird_redis_host: "{{ groups['lp-redis'][0] }}" ### Release 2.1.0 ### diff --git a/ansible/logstash-provision.yml b/ansible/logstash-provision.yml index c765252c9c..228c345d20 100644 --- a/ansible/logstash-provision.yml +++ b/ansible/logstash-provision.yml @@ -1,22 +1,22 @@ - hosts: cassandra vars: - learner_group: learner - learner_name: learner + learner_group: user-org + learner_name: user-org vars_files: - "{{inventory_dir}}/secrets.yml" pre_tasks: - - name: Create learner group + - name: Create user-org group become: yes group: state: present name: "{{ learner_group }}" system: yes - - name: Create learner user + - name: Create user-org user become: yes user: state: present name: "{{ learner_user }}" - comment: learner user + comment: user-org user system: yes createhome: yes group: "{{ learner_group }}" diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 27b45c7986..842b3f6be6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -72,7 +72,7 @@ cloud_service_prefix: /cloud-services assessment_prefix: /assessment # Service URLs -learning_service_url: "http://learner-service:9000" +learning_service_url: "http://user-org-service:9000" am_util_url: "http://adminutil:4000" lms_service_url: "http://lms-service:9000" cert_service_url: "http://cert-service:9000" diff --git a/ansible/roles/lms-logstash-deploy/defaults/main.yml b/ansible/roles/lms-logstash-deploy/defaults/main.yml index 470b6b496d..6c0ee25fa6 100644 --- a/ansible/roles/lms-logstash-deploy/defaults/main.yml +++ b/ansible/roles/lms-logstash-deploy/defaults/main.yml @@ -1,4 +1,4 @@ -learner_user: learner +learner_user: user-org learner_user_home: /home/{{learner_user}} logstash_version: 6.3.1 logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" diff --git a/ansible/roles/logstash/defaults/main.yml b/ansible/roles/logstash/defaults/main.yml index ed37b53a6f..3be76255ba 100644 --- a/ansible/roles/logstash/defaults/main.yml +++ b/ansible/roles/logstash/defaults/main.yml @@ -1,6 +1,6 @@ --- # vars file for logstash -learner_user: learner +learner_user: user-org learner_user_home: /home/{{learner_user}} logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" ip: localhost diff --git a/ansible/roles/post-install/tasks/user_org.yaml b/ansible/roles/post-install/tasks/user_org.yaml index caee5ebaa7..2a7d5348a4 100644 --- a/ansible/roles/post-install/tasks/user_org.yaml +++ b/ansible/roles/post-install/tasks/user_org.yaml @@ -13,10 +13,10 @@ } with_items: "{{ custodian_org_data }}" -- name: Restarting leaner service +- name: Restarting user-org service shell: | - kubectl rollout restart deployment -n {{ namespace }} learner - kubectl rollout status deployment -n {{ namespace }} learner + kubectl rollout restart deployment -n {{ namespace }} user-org + kubectl rollout status deployment -n {{ namespace }} user-org - name: Crating Users uri: diff --git a/ansible/roles/reset-docker/tasks/main.yml b/ansible/roles/reset-docker/tasks/main.yml index bdc4ebc59f..c34436dea8 100644 --- a/ansible/roles/reset-docker/tasks/main.yml +++ b/ansible/roles/reset-docker/tasks/main.yml @@ -2,8 +2,8 @@ shell: "docker service rm actor-service" ignore_errors: yes -- name: Remove learner service - shell: "docker service rm learner-service" +- name: Remove user-org service + shell: "docker service rm user-org-service" ignore_errors: yes - name: Remove player service diff --git a/ansible/roles/stack-keycloak/tasks/common.yml b/ansible/roles/stack-keycloak/tasks/common.yml index 14291ed1f3..0e4d6d7757 100644 --- a/ansible/roles/stack-keycloak/tasks/common.yml +++ b/ansible/roles/stack-keycloak/tasks/common.yml @@ -19,7 +19,7 @@ # - name: Save content configurations into an env file # template: src=sunbird_content.env dest=/home/deployer/env/sunbird_content.env mode=0644 -# - name: Save learner configurations into an env file +# - name: Save user-org configurations into an env file # template: src=sunbird_learner.env dest=/home/deployer/env/sunbird_learner.env mode=0644 # - name: Save player configurations into an env file diff --git a/ansible/roles/stack-monitor-stateful/defaults/main.yml b/ansible/roles/stack-monitor-stateful/defaults/main.yml index 09f83cce2b..a3f930568d 100644 --- a/ansible/roles/stack-monitor-stateful/defaults/main.yml +++ b/ansible/roles/stack-monitor-stateful/defaults/main.yml @@ -106,7 +106,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - learner-service + - user-org-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-monitor/defaults/main.yml b/ansible/roles/stack-monitor/defaults/main.yml index 457e201b76..84a027969b 100644 --- a/ansible/roles/stack-monitor/defaults/main.yml +++ b/ansible/roles/stack-monitor/defaults/main.yml @@ -95,7 +95,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - learner-service + - user-org-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-proxy-private/templates/proxy-default.conf b/ansible/roles/stack-proxy-private/templates/proxy-default.conf index 60433f936f..05f7868432 100644 --- a/ansible/roles/stack-proxy-private/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy-private/templates/proxy-default.conf @@ -4,9 +4,9 @@ server { resolver 127.0.0.11 valid=5s; - location /learner/ { - rewrite ^/learner/(.*) /$1 break; - proxy_pass http://learner-service:9000; + location /user-org/ { + rewrite ^/user-org/(.*) /$1 break; + proxy_pass http://user-org-service:9000; } location /api/ { rewrite ^/api/(.*) /$1 break; diff --git a/ansible/roles/stack-proxy/templates/proxy-default.conf b/ansible/roles/stack-proxy/templates/proxy-default.conf index f98ba2aae9..09328c5909 100644 --- a/ansible/roles/stack-proxy/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy/templates/proxy-default.conf @@ -506,7 +506,7 @@ location ~* ^/desktop/(.*) { proxy_read_timeout 70; } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + location ~ /resourcebundles/v1/read|/user-org/data/v1/(role/read|system/settings/get)|/v1/tenant/info { proxy_cache_key $proxy_host$request_uri; proxy_cache proxy_cache; add_header X-Proxy-Cache $upstream_cache_status; diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index b0b775a5c9..3c7ada87bd 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -51,8 +51,8 @@ player_limit_memory: 750M player_reserve_cpu: 0.1 player_limit_cpu: 1 -# This variable is not to access learner service but to call the api -# learner-service:9000/org/v1/search +# This variable is not to access user-org service but to call the api +# user-org-service:9000/org/v1/search sunbird_learner_service_base_url: http://kong:8000/ telemetry_replicas: 1 @@ -127,7 +127,7 @@ telemetry_kafka_broker_list: telemetry_kafka_topic: # Encryption service -# Learner +# UserOrg sunbird_keycloak_required_action_link_expiration_seconds: 2592000 sunbird_time_zone: "Asia/Kolkata" # Content-service @@ -138,9 +138,6 @@ sunbird_response_cache_ttl: 180 adminutil_base_url: http://adminutil:4000/ adminutil_sign_endpoint: v1/sign/payload -#learner -sunbird_time_zone: "Asia/Kolkata" - # Telemetry-logstash-datapipline max_kafka_message_size: "5242880" sunbird_gzip_enable: true @@ -225,9 +222,9 @@ sunbird_cert_qr_container_name: "certqr" service_env: groups: ../../../../ansible/roles/stack-sunbird/templates/sunbird_groups-service.env - learner: - - ../../../../ansible/roles/stack-sunbird/templates/sunbird_learner-service.env - - ../../../../ansible/roles/stack-sunbird/templates/learner-service_logback.xml + user-org: + - ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env + - ../../../../ansible/roles/stack-sunbird/templates/user-org-service_logback.xml lms: - ../../../../ansible/roles/stack-sunbird/templates/sunbird_lms-service.env - ../../../../ansible/roles/stack-sunbird/templates/lms-service_logback.xml @@ -248,7 +245,7 @@ service_env: enc: ../../../../ansible/roles/stack-sunbird/templates/sunbird_enc-service.env notification: ../../../../ansible/roles/stack-sunbird/templates/sunbird_notification-service.env telemetry: ../../../../ansible/roles/stack-sunbird/templates/sunbird_telemetry-service.env - userorg: ../../../../ansible/roles/stack-sunbird/templates/sunbird_user-org-service.env + userorg: ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env player: ../../../../ansible/roles/stack-sunbird/templates/sunbird_player.env print: ../../../../ansible/roles/stack-sunbird/templates/sunbird_print-service.env search: @@ -1004,8 +1001,8 @@ dataset_metadata: "{{ env_name }}_dataset_metadata" #### Exhuats API consumer exhaust_api_consumer_ids: ["273f3b18-5dda-4a27-984a-060c7cd398d3"] # being used in analytics api to access the analytics exhaust api -user_profile_read_url: "http://learner-service:9000/v1/user/read/" # being used in analytics api to get user details -org_search_url: "http://learner-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id +user_profile_read_url: "http://user-org-service:9000/v1/user/read/" # being used in analytics api to get user details +org_search_url: "http://user-org-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id dataexhaust_super_admin_channel: "sunbird" # being used in analytics api for authorizing user with super admin channel #### public exhausts @@ -1015,7 +1012,7 @@ public_exhaust_datasets: ["public-data-exhaust"] data_exhaust_batch_limit: 20 mount_keycloak_key_apps: - - learner + - user-org - lms - groups - knowledgemw diff --git a/ansible/roles/stack-sunbird/tasks/learner_service.yml b/ansible/roles/stack-sunbird/tasks/learner_service.yml deleted file mode 100644 index 3320ee97dd..0000000000 --- a/ansible/roles/stack-sunbird/tasks/learner_service.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Remove learner service - shell: "docker service rm learner-service" - ignore_errors: yes - -- name: Deploy learner service - shell: "docker service create --with-registry-auth --replicas {{ learner_replicas }} -p 9000:9000 --name learner-service --hostname learner-service --reserve-memory {{ learner_reservation_memory }} --limit-memory {{ learner_limit_memory }} --limit-cpu {{ learner_limit_cpu }} --reserve-cpu {{ learner_reservation_cpu }} --health-cmd 'wget -qO- learner-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ learner_java_mem_limit }} --env-file /home/deployer/env/sunbird_learner-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" - args: - chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/tasks/main.yml b/ansible/roles/stack-sunbird/tasks/main.yml index 6e5c025544..ecf1dcbc40 100644 --- a/ansible/roles/stack-sunbird/tasks/main.yml +++ b/ansible/roles/stack-sunbird/tasks/main.yml @@ -4,8 +4,8 @@ - include: service_stack.yml when: deploy_stack is defined - - include: learner_service.yml - when: deploy_learner is defined + - include: user-org-service.yml + when: deploy_user_org is defined - include: lms_service.yml when: deploy_lms is defined diff --git a/ansible/roles/stack-sunbird/tasks/user-org-service.yml b/ansible/roles/stack-sunbird/tasks/user-org-service.yml new file mode 100644 index 0000000000..8812e97bb3 --- /dev/null +++ b/ansible/roles/stack-sunbird/tasks/user-org-service.yml @@ -0,0 +1,9 @@ +--- +- name: Remove user-org service + shell: "docker service rm user-org-service" + ignore_errors: yes + +- name: Deploy user-org service + shell: "docker service create --with-registry-auth --replicas {{ learner_replicas }} -p 9000:9000 --name user-org-service --hostname user-org-service --reserve-memory {{ learner_reservation_memory }} --limit-memory {{ learner_limit_memory }} --limit-cpu {{ learner_limit_cpu }} --reserve-cpu {{ learner_reservation_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ learner_java_mem_limit }} --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" + args: + chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/tasks/user_org_service.yml b/ansible/roles/stack-sunbird/tasks/user_org_service.yml index 52accff451..9090d1dfdb 100644 --- a/ansible/roles/stack-sunbird/tasks/user_org_service.yml +++ b/ansible/roles/stack-sunbird/tasks/user_org_service.yml @@ -4,4 +4,4 @@ ignore_errors: yes - name: Deploy user org service - shell: "docker service create --with-registry-auth --replicas {{ user_org_replicas }} -p 9009:9000 --name user-org-service --hostname user-org-service --limit-memory {{ user_org_limit_memory }} --limit-cpu {{ user_org_limit_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env-file /home/deployer/env/sunbird_user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" + shell: "docker service create --with-registry-auth --replicas {{ user_org_replicas }} -p 9009:9000 --name user-org-service --hostname user-org-service --limit-memory {{ user_org_limit_memory }} --limit-cpu {{ user_org_limit_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 6bf2405d86..6020ca5de2 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -78,7 +78,7 @@ ELASTICSEARCH_HOST_URL={{ml_core_elasticsearch_host_url | default("")}} ELASTICSEARCH_ENTITIES_INDEX={{ml_core_elasticsearch_user_extension_index_type | default ("")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_core_user_service_URL | default("http://learner-service:9000")}} +USER_SERVICE_URL={{ml_core_user_service_URL | default("http://user-org-service:9000")}} ## portal url of env APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} diff --git a/ansible/roles/stack-sunbird/templates/ml-projects-service.env b/ansible/roles/stack-sunbird/templates/ml-projects-service.env index eeca6c4d70..0a72bf95e1 100644 --- a/ansible/roles/stack-sunbird/templates/ml-projects-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-projects-service.env @@ -38,4 +38,4 @@ KAFKA_GROUP_ID={{ml_project_kafka_group_id | default("ml-project-service")}} PROJECT_SUBMISSION_TOPIC={{ml_project_submission_topic | default (env_name+".ml.projects.submissions")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_project_user_service_URL | default("http://learner-service:9000")}} +USER_SERVICE_URL={{ml_project_user_service_URL | default("http://user-org-service:9000")}} diff --git a/ansible/roles/stack-sunbird/templates/ml-survey-service.env b/ansible/roles/stack-sunbird/templates/ml-survey-service.env index ccda45606e..363b6976b7 100644 --- a/ansible/roles/stack-sunbird/templates/ml-survey-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-survey-service.env @@ -9,7 +9,7 @@ APPLICATION_ENV={{ env }} MONGODB_URL=mongodb://{{ml_mongodb_host | default(groups['mongo_master'][0]+':27017')}}/{{ ml_mongodb | default("ml-survey") }} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://learner-service:9000")}} +USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://user-org-service:9000")}} # Secure token access Admin related API's # The value of internal access token can be generated by command - "openssl rand -hex 10" diff --git a/ansible/roles/stack-sunbird/templates/stack_learner_service.yml b/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml similarity index 89% rename from ansible/roles/stack-sunbird/templates/stack_learner_service.yml rename to ansible/roles/stack-sunbird/templates/stack_user_org_service.yml index 47e3dae181..7d4b1c26c3 100644 --- a/ansible/roles/stack-sunbird/templates/stack_learner_service.yml +++ b/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml @@ -1,9 +1,9 @@ version: '3.1' services: - learner_service: + user_org_service: image: "{{hub_org}}/{{image_name}}:{{image_tag}}" env_file: - /home/deployer/env/sunbird_learner_service.env + /home/deployer/env/user_org_service.env deploy: replicas: {{ learner_replicas | default(1) }} resources: diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index c83cc61a7d..d561b97049 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -8,7 +8,7 @@ sunbird_cassandra_port=9042 sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -LEARNER_SERVICE_PORT=http://learner-service:9000 +LEARNER_SERVICE_PORT=http://user-org-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} CONTENT_SERVICE_PORT=http://search-service:9000 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 9af09d38d6..0d96e229f8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -31,7 +31,7 @@ sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_ sunbird_keycloak_required_action_link_expiration_seconds={{sunbird_keycloak_required_action_link_expiration_seconds}} accesstoken.publickey.basepath={{notification_access_basepath | default('/keys/')}} ENV_NAME={{env_name}} -LEARNER_SERVICE_PORT=http://learner-service:9000 +LEARNER_SERVICE_PORT=http://user-org-service:9000 sunbird_us_system_setting_url=/api/data/v1/system/settings/list sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/user-org-service.env similarity index 98% rename from ansible/roles/stack-sunbird/templates/sunbird_learner-service.env rename to ansible/roles/stack-sunbird/templates/user-org-service.env index a1d0d6ea81..bc6608d900 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/user-org-service.env @@ -44,7 +44,7 @@ sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 {% endif %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -sunbird_mw_system_host=learner-service +sunbird_mw_system_host=user-org-service sunbird_mw_system_port=8088 background_actor_provider=local api_actor_provider=local @@ -54,7 +54,7 @@ sunbird_remote_bg_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/ sunbird_api_base_url=http://knowledge-mw-service:5000 sunbird_authorization={{sunbird_api_auth_token}} telemetry_pdata_id={{sunbird_telemetry_pdata_id}} -telemetry_pdata_pid=learner-service +telemetry_pdata_pid=user-org-service sunbird_telemetry_base_url=http://telemetry-service:9001 telemetry_queue_threshold_value=100 sunbird_default_channel={{sunbird_default_channel}} @@ -102,7 +102,7 @@ sunbird_user_cert_kafka_topic={{kafka_topic_lms_user_account}} sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} sunbird_fuzzy_search_threshold={{sunbird_fuzzy_search_threshold | d('0.5')}} sunbird_subdomain_keycloak_base_url={{sunbird_subdomain_keycloak_base_url | d('')}}/ -#Required by Learner-service to call cert service +#Required by user-org-service to call cert service sunbird_cert_service_base_url=http://cert-service:9000 quartz_shadow_user_migration_timer={{sunbird_quartz_shadow_user_migration_timer}} sunbird_otp_allowed_attempt={{sunbird_otp_allowed_attempt|default(2)}} diff --git a/ansible/roles/stack-sunbird/templates/learner-service_logback.xml b/ansible/roles/stack-sunbird/templates/user-org-service_logback.xml similarity index 100% rename from ansible/roles/stack-sunbird/templates/learner-service_logback.xml rename to ansible/roles/stack-sunbird/templates/user-org-service_logback.xml diff --git a/ansible/static-files/health.sh b/ansible/static-files/health.sh index 575fd669e2..9f7fad6f07 100755 --- a/ansible/static-files/health.sh +++ b/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s learner-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" @@ -29,9 +29,9 @@ echo "" echo "" if [ "$outpt3" == "true" ];then - echo "Learner Service is Healthy" + echo "UserOrg Service is Healthy" else - echo "Learner Service is unhealthy" + echo "UserOrg Service is unhealthy" fi echo "" diff --git a/deploy/config.yml b/deploy/config.yml index 2a273eb222..2904731e2e 100755 --- a/deploy/config.yml +++ b/deploy/config.yml @@ -68,7 +68,7 @@ sunbird_root_user_email: # email address of the Sunb sunbird_root_user_phone: # mobile number of the Sunbird admin user # After Running ./sunbird_install.sh get the sso_publickey from keycloak and update in config,then follow the below Steps: -# 1> run `./sunbird_install.sh -s core` this script will install all the core services(Player, Content, Learner, Badger) +# 1> run `./sunbird_install.sh -s core` this script will install all the core services(Player, Content, UserOrg, Badger) # 2> run `./sunbird_install.sh -s systeminit` this script will configure the default channel and create user to login to sunbird # 3> run `./sunbird_install.sh -s posttest` this script will validate the sunbird installation and check whether all services are running diff --git a/deploy/deploy-core.sh b/deploy/deploy-core.sh index f5c9fc1a7f..a7d92f3e8d 100755 --- a/deploy/deploy-core.sh +++ b/deploy/deploy-core.sh @@ -32,9 +32,9 @@ badger_token=$(cat ~/badger_token.txt | cut -d '"' -f 4) echo "@@@@@@@@@ Redeploy player service" ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=player image_tag=${PLAYER_VERSION} service_name=player deploy_stack=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -# Re-deploy Learner service -echo "Redeploy learner service" -ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=learner_service image_tag=${LEARNER_SERVICE_VERSION} service_name=learner-service deploy_learner=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v +# Re-deploy UserOrg service +echo "Redeploy UserOrg service" +ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=user-org-service image_tag=${USER_ORG_SERVICE_VERSION} service_name=user-org-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v # Re-deploy Content service echo "Redeploy content service" diff --git a/deploy/gitOPS/github.csv b/deploy/gitOPS/github.csv index 64bf495ac6..ebcd56fcd3 100644 --- a/deploy/gitOPS/github.csv +++ b/deploy/gitOPS/github.csv @@ -1,5 +1,5 @@ #REPO_NAME,BRANCH_NAME,MERGE_ACCESS_USERS(;),CHECKS -sunbird-lms-service,jenkins-test,harshavardhanc;abcb,3 +user-org-service,jenkins-test,harshavardhanc;abcb,3 diff --git a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json index 62618d9a42..4b476382e5 100644 --- a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json +++ b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json @@ -224,7 +224,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"learner-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -235,7 +235,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "learner-service", + "title": "user-org-service", "tooltip": { "shared": true, "sort": 0, diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/Learner/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/UserOrg/config.xml similarity index 97% rename from deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/Learner/config.xml rename to deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/UserOrg/config.xml index a0f41171e9..103b8d979e 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/Learner/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/UserOrg/config.xml @@ -28,7 +28,7 @@ absolute_job_path <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - Build/Core/Learner + Build/Core/UserOrg false @@ -64,7 +64,7 @@ ArtifactRepo - Push the docker image to container registry. - /Build/Core/Learner + /Build/Core/UserOrg SUCCESS 0 diff --git a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml b/deploy/jenkins/jobs/Build/jobs/Core/jobs/UserOrg/config.xml similarity index 100% rename from deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml rename to deploy/jenkins/jobs/Build/jobs/Core/jobs/UserOrg/config.xml diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Learner/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UserOrg/config.xml similarity index 95% rename from deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Learner/config.xml rename to deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UserOrg/config.xml index c9f4410fc9..202befc446 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Learner/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UserOrg/config.xml @@ -28,7 +28,7 @@ absolute_job_path <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - ArtifactUpload/dev/Core/Learner + ArtifactUpload/dev/Core/UserOrg false @@ -56,8 +56,8 @@ return """<b>This parameter is not used</b>""" true - Learner - Deploy/dev/Kubernetes/Learner + UserOrg + Deploy/dev/Kubernetes/UserOrg ET_FORMATTED_HTML @@ -83,8 +83,8 @@ return """<b>This parameter is not used</b>""" true - Learner - Deploy/dev/Kubernetes/Learner + UserOrg + Deploy/dev/Kubernetes/UserOrg ET_FORMATTED_HTML @@ -115,7 +115,7 @@ return """<b>This parameter is not used</b>""" - ArtifactUpload/dev/Core/Learner + ArtifactUpload/dev/Core/UserOrg SUCCESS 0 diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml index 85388922e1..04b4f8cdf5 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml @@ -30,7 +30,7 @@ - Deploy/dev/Core/Content,Deploy/dev/Core/Player,Deploy/dev/Core/Learner,Deploy/dev/Core/Telemetry,Deploy/dev/Core/Proxy,Deploy/dev/KnowledgePlatform/Search,Deploy/dev/KnowledgePlatform/Learning,Deploy/dev/KnowledgePlatform/Yarn,Deploy/dev/DataPipeline/Secor,Deploy/dev/DataPipeline/Yarn,Deploy/dev/DataPipeline/AnalyticsAPI,Deploy/dev/DataPipeline/DataProducts + Deploy/dev/Core/Content,Deploy/dev/Core/Player,Deploy/dev/Core/UserOrg,Deploy/dev/Core/Telemetry,Deploy/dev/Core/Proxy,Deploy/dev/KnowledgePlatform/Search,Deploy/dev/KnowledgePlatform/Learning,Deploy/dev/KnowledgePlatform/Yarn,Deploy/dev/DataPipeline/Secor,Deploy/dev/DataPipeline/Yarn,Deploy/dev/DataPipeline/AnalyticsAPI,Deploy/dev/DataPipeline/DataProducts SUCCESS 0 diff --git a/deploy/postInstallation.sh b/deploy/postInstallation.sh index 009bb75c1f..bf13b5c0eb 100755 --- a/deploy/postInstallation.sh +++ b/deploy/postInstallation.sh @@ -134,7 +134,7 @@ check_cassandra_keyspaces() { } check_version() { - list=(actor-service player_player learner-service content-service proxy_proxy api-manager_kong) + list=(actor-service player_player user-org-service content-service proxy_proxy api-manager_kong) versionReq=$(git branch | grep \* | cut -d '-' -f2) echo -e "The Sunbird Version being used is $versionReq \n" if [ $(git branch | grep \* | cut -d '-' -f2 | grep -Ewo '.' | wc -l) -ne 3 ]; then @@ -155,7 +155,7 @@ get_logs() { mkdir -p $ServiceLogsFolder echo "Storing logs of core services in $ServiceLogsFolder" echo "-----------------------------------------" - serviceNames=(player_player learner-service content-service proxy_proxy api-manager_kong) + serviceNames=(player_player user-org-service content-service proxy_proxy api-manager_kong) for service in ${serviceNames[@]}; do echo -e "\nexporting $service logs to $ServiceLogsFolder" sudo docker service logs $service --tail 10000 > $ServiceLogsFolder/$service diff --git a/deploy/version.env b/deploy/version.env index 4e6ac911e3..feca8b68da 100755 --- a/deploy/version.env +++ b/deploy/version.env @@ -1,6 +1,6 @@ PLAYER_VERSION=1.11.0-gold CONTENT_SERVICE_VERSION=1.11.0-gold -LEARNER_SERVICE_VERSION=1.11.0-gold +USER_ORG_SERVICE_VERSION=1.11.0-gold PROXY_VERSION=1.8.0-gold BADGER_SERVICE_VERSION=1.8.0-gold KONG_VERSION=1.8.0-gold diff --git a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml index b8aaa5bd92..10db0b3617 100644 --- a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml +++ b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml @@ -266,8 +266,8 @@ service_health_checks: targets: "http://content-service.{{ namespace }}.svc.cluster.local:9000/health" - service_name: 'lms' targets: "http://lms-service.{{ namespace }}.svc.cluster.local:9000/health" - - service_name: 'learner' - targets: "http://learner-service.{{ namespace }}.svc.cluster.local:9000/health" + - service_name: 'user-org' + targets: "http://user-org-service.{{ namespace }}.svc.cluster.local:9000/health" api_response_upward_trend_threshold: 0.3 diff --git a/kubernetes/ansible/static-files/health.sh b/kubernetes/ansible/static-files/health.sh index 575fd669e2..9f7fad6f07 100755 --- a/kubernetes/ansible/static-files/health.sh +++ b/kubernetes/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s learner-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" @@ -29,9 +29,9 @@ echo "" echo "" if [ "$outpt3" == "true" ];then - echo "Learner Service is Healthy" + echo "UserOrg Service is Healthy" else - echo "Learner Service is unhealthy" + echo "UserOrg Service is unhealthy" fi echo "" diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index f4422e608b..5985a17652 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -43,9 +43,9 @@ data: resolver {{ .Values.kube_dns_ip }}; - location /learner/ { - set $target http://learner-service.{{ .Values.namespace }}.svc.cluster.local:9000; - rewrite ^/learner/(.*) /$1 break; + location /user-org/ { + set $target http://user-org-service.{{ .Values.namespace }}.svc.cluster.local:9000; + rewrite ^/user-org/(.*) /$1 break; proxy_http_version 1.1; proxy_pass $target; } diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 41f954be54..b0a340cfea 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -246,7 +246,7 @@ proxyconfig: |- proxy_pass http://keycloak; } # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { + location ~ /user-org/data/v1/location/search { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching @@ -289,7 +289,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /learner/certreg/v2/certs/download { + location /user-org/certreg/v2/certs/download { # Compression gzip on; gzip_comp_level 5; diff --git a/kubernetes/helm_charts/core/learner/.helmignore b/kubernetes/helm_charts/core/user-org/.helmignore similarity index 100% rename from kubernetes/helm_charts/core/learner/.helmignore rename to kubernetes/helm_charts/core/user-org/.helmignore diff --git a/kubernetes/helm_charts/core/learner/Chart.yaml b/kubernetes/helm_charts/core/user-org/Chart.yaml similarity index 85% rename from kubernetes/helm_charts/core/learner/Chart.yaml rename to kubernetes/helm_charts/core/user-org/Chart.yaml index d2c54a936b..b6eea73a17 100644 --- a/kubernetes/helm_charts/core/learner/Chart.yaml +++ b/kubernetes/helm_charts/core/user-org/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes -name: learner +name: user-org version: 0.1.0 diff --git a/kubernetes/helm_charts/core/learner/templates/_helpers.tpl b/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/_helpers.tpl rename to kubernetes/helm_charts/core/user-org/templates/_helpers.tpl diff --git a/kubernetes/helm_charts/core/learner/templates/configmap.yaml b/kubernetes/helm_charts/core/user-org/templates/configmap.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/configmap.yaml rename to kubernetes/helm_charts/core/user-org/templates/configmap.yaml diff --git a/kubernetes/helm_charts/core/learner/templates/deployment.yaml b/kubernetes/helm_charts/core/user-org/templates/deployment.yaml similarity index 97% rename from kubernetes/helm_charts/core/learner/templates/deployment.yaml rename to kubernetes/helm_charts/core/user-org/templates/deployment.yaml index a9068341e4..9ae78bfebf 100644 --- a/kubernetes/helm_charts/core/learner/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/user-org/templates/deployment.yaml @@ -48,8 +48,8 @@ spec: {{- end }} volumeMounts: - name: {{ .Chart.Name }}-xml-config - mountPath: /home/sunbird/learner/learning-service-1.0-SNAPSHOT/config/logback.xml - subPath: learner-service_logback.xml + mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml + subPath: user-org-service_logback.xml {{- $keys := .Files.Glob "keys/*" }} {{- if $keys }} - mountPath: {{ .Values.learner_access_basepath }} diff --git a/kubernetes/helm_charts/core/learner/templates/envoy-config.yaml b/kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/envoy-config.yaml rename to kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml diff --git a/kubernetes/helm_charts/core/learner/templates/hpa.yaml b/kubernetes/helm_charts/core/user-org/templates/hpa.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/hpa.yaml rename to kubernetes/helm_charts/core/user-org/templates/hpa.yaml diff --git a/kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml rename to kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml diff --git a/kubernetes/helm_charts/core/learner/values.j2 b/kubernetes/helm_charts/core/user-org/values.j2 similarity index 95% rename from kubernetes/helm_charts/core/learner/values.j2 rename to kubernetes/helm_charts/core/user-org/values.j2 index 752feb8f69..e07e2a512e 100644 --- a/kubernetes/helm_charts/core/learner/values.j2 +++ b/kubernetes/helm_charts/core/user-org/values.j2 @@ -1,5 +1,5 @@ -### Default variable file for learner-service ### +### Default variable file for user-org-service ### namespace: {{ namespace }} imagepullsecrets: {{ imagepullsecrets }} @@ -9,7 +9,7 @@ env: javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} replicaCount: {{learner_replicacount|default(1)}} -repository: {{learner_repository|default('learner_service')}} +repository: {{learner_repository|default('user-org-service')}} image_tag: {{ image_tag }} resources: requests: diff --git a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json index 2b046edb2c..07f9878773 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json +++ b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json @@ -225,7 +225,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"learner-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -236,7 +236,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "learner-service", + "title": "user-org-service", "tooltip": { "shared": true, "sort": 0, diff --git a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml index 71a002e5a3..16e0946759 100644 --- a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml +++ b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml @@ -31,14 +31,14 @@ spec: host: kiali.istio-system.svc.cluster.local - match: - uri: - prefix: /learner/ + prefix: /user-org/ - uri: - prefix: /learner + prefix: /user-org rewrite: uri: / route: - destination: - host: learner-service + host: user-org-service - match: - uri: prefix: /api/ diff --git a/kubernetes/opa/learner/common.rego b/kubernetes/opa/user-org/common.rego similarity index 100% rename from kubernetes/opa/learner/common.rego rename to kubernetes/opa/user-org/common.rego diff --git a/kubernetes/opa/learner/main.rego b/kubernetes/opa/user-org/main.rego similarity index 100% rename from kubernetes/opa/learner/main.rego rename to kubernetes/opa/user-org/main.rego diff --git a/kubernetes/opa/learner/policies.rego b/kubernetes/opa/user-org/policies.rego similarity index 100% rename from kubernetes/opa/learner/policies.rego rename to kubernetes/opa/user-org/policies.rego diff --git a/kubernetes/opa/learner/policies_test.rego b/kubernetes/opa/user-org/policies_test.rego similarity index 100% rename from kubernetes/opa/learner/policies_test.rego rename to kubernetes/opa/user-org/policies_test.rego diff --git a/pipelines/deploy/learner/Jenkinsfile b/pipelines/deploy/user-org/Jenkinsfile similarity index 90% rename from pipelines/deploy/learner/Jenkinsfile rename to pipelines/deploy/user-org/Jenkinsfile index c012522516..9a002ae5dd 100644 --- a/pipelines/deploy/learner/Jenkinsfile +++ b/pipelines/deploy/user-org/Jenkinsfile @@ -15,7 +15,7 @@ node() { values = docker_params() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=learner-service deploy_learner=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=user-org-service deploy_learner=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) From c771d585720cc3f92f224e3078be58b229e40746 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 17 Feb 2023 15:36:42 +0530 Subject: [PATCH 02/33] Issue #LR-122 chore: Rename learner to user-org --- .../helm_charts/core/user-org/templates/_helpers.tpl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl b/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl index 420ba79439..a6acb1aa2c 100644 --- a/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl +++ b/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "learner.name" -}} +{{- define "user-org.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "learner.fullname" -}} +{{- define "user-org.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "learner.chart" -}} +{{- define "user-org.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} -{{- define "learner.labels" -}} -app.kubernetes.io/name: {{ include "learner.name" . }} -helm.sh/chart: {{ include "learner.chart" . }} +{{- define "user-org.labels" -}} +app.kubernetes.io/name: {{ include "user-org.name" . }} +helm.sh/chart: {{ include "user-org.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} From 43fd21ee6c95124c3a7731b696d18daf7d245242 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 17 Feb 2023 15:43:05 +0530 Subject: [PATCH 03/33] Issue #LR-122 chore: Rename learning_service_url to user_org_service_url --- ansible/roles/kong-api/defaults/main.yml | 160 +++++++++++------------ 1 file changed, 80 insertions(+), 80 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 842b3f6be6..f0ab7782de 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -72,7 +72,7 @@ cloud_service_prefix: /cloud-services assessment_prefix: /assessment # Service URLs -learning_service_url: "http://user-org-service:9000" +user_org_service_url: "http://user-org-service:9000" am_util_url: "http://adminutil:4000" lms_service_url: "http://lms-service:9000" cert_service_url: "http://cert-service:9000" @@ -110,7 +110,7 @@ premium_consumer_rate_limits: kong_apis: - name: acceptTermsAndCondition uris: "{{ user_service_prefix }}/v1/tnc/accept" - upstream_url: "{{ learning_service_url }}/v1/user/tnc/accept" + upstream_url: "{{ user_org_service_url }}/v1/user/tnc/accept" strip_uri: true plugins: - name: jwt @@ -131,7 +131,7 @@ kong_apis: - name: addSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/set" - upstream_url: "{{ learning_service_url }}/v1/system/settings/set" + upstream_url: "{{ user_org_service_url }}/v1/system/settings/set" strip_uri: true plugins: - name: jwt @@ -169,7 +169,7 @@ kong_apis: - name: assignRole uris: "{{ user_service_prefix }}/v1/role/assign" - upstream_url: "{{ learning_service_url }}/v1/user/assign/role" + upstream_url: "{{ user_org_service_url }}/v1/user/assign/role" strip_uri: true plugins: - name: jwt @@ -190,7 +190,7 @@ kong_apis: - name: assignRoleV2 uris: "{{ user_service_prefix }}/v2/role/assign" - upstream_url: "{{ learning_service_url }}/v2/user/assign/role" + upstream_url: "{{ user_org_service_url }}/v2/user/assign/role" strip_uri: true plugins: - name: jwt @@ -253,7 +253,7 @@ kong_apis: - name: blockUser uris: "{{ user_service_prefix }}/v1/block" - upstream_url: "{{ learning_service_url }}/v1/user/block" + upstream_url: "{{ user_org_service_url }}/v1/user/block" strip_uri: true plugins: - name: jwt @@ -274,7 +274,7 @@ kong_apis: - name: checkUploadJobStatus uris: "{{ data_service_prefix }}/v1/upload/status" - upstream_url: "{{ learning_service_url }}/v1/upload/status" + upstream_url: "{{ user_org_service_url }}/v1/upload/status" strip_uri: true plugins: - name: jwt @@ -464,7 +464,7 @@ kong_apis: - name: createNote uris: "{{ notes_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/note/create" + upstream_url: "{{ user_org_service_url }}/v1/note/create" strip_uri: true plugins: - name: jwt @@ -485,7 +485,7 @@ kong_apis: - name: createOrg uris: "{{ org_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/org/create" + upstream_url: "{{ user_org_service_url }}/v1/org/create" strip_uri: true plugins: - name: jwt @@ -548,7 +548,7 @@ kong_apis: - name: createUser uris: "{{ user_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/user/create" + upstream_url: "{{ user_org_service_url }}/v1/user/create" strip_uri: true plugins: - name: jwt @@ -569,7 +569,7 @@ kong_apis: - name: createUserLearnerV3 uris: "{{ user_service_prefix }}/v1/signup" - upstream_url: "{{ learning_service_url }}/v1/user/signup" + upstream_url: "{{ user_org_service_url }}/v1/user/signup" strip_uri: true plugins: - name: jwt @@ -590,7 +590,7 @@ kong_apis: - name: createUserVersion2 uris: "{{ user_service_prefix }}/v2/create" - upstream_url: "{{ learning_service_url }}/v2/user/create" + upstream_url: "{{ user_org_service_url }}/v2/user/create" strip_uri: true plugins: - name: jwt @@ -611,7 +611,7 @@ kong_apis: - name: createUserVersion3 uris: "{{ user_service_prefix }}/v3/create" - upstream_url: "{{ learning_service_url }}/v3/user/create" + upstream_url: "{{ user_org_service_url }}/v3/user/create" strip_uri: true plugins: - name: jwt @@ -632,7 +632,7 @@ kong_apis: - name: createUserVersion4 uris: "{{ user_service_prefix }}/v4/create" - upstream_url: "{{ learning_service_url }}/v4/user/create" + upstream_url: "{{ user_org_service_url }}/v4/user/create" strip_uri: true plugins: - name: jwt @@ -653,7 +653,7 @@ kong_apis: - name: deleteNote uris: "{{ notes_service_prefix }}/v1/delete" - upstream_url: "{{ learning_service_url }}/v1/note/delete" + upstream_url: "{{ user_org_service_url }}/v1/note/delete" strip_uri: true plugins: - name: jwt @@ -754,7 +754,7 @@ kong_apis: - name: generateOtp uris: "{{ otp_service_prefix }}/v1/generate" - upstream_url: "{{ learning_service_url }}/v1/otp/generate" + upstream_url: "{{ user_org_service_url }}/v1/otp/generate" strip_uri: true plugins: - name: jwt @@ -775,7 +775,7 @@ kong_apis: - name: generateOtpV2 uris: "{{ otp_service_prefix }}/v2/generate" - upstream_url: "{{ learning_service_url }}/v2/otp/generate" + upstream_url: "{{ user_org_service_url }}/v2/otp/generate" strip_uri: true plugins: - name: jwt @@ -880,7 +880,7 @@ kong_apis: - name: getSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/get" - upstream_url: "{{ learning_service_url }}/v1/system/settings/get" + upstream_url: "{{ user_org_service_url }}/v1/system/settings/get" strip_uri: true plugins: - name: jwt @@ -901,7 +901,7 @@ kong_apis: - name: getUserByKey uris: "{{ user_service_prefix }}/v1/get" - upstream_url: "{{ learning_service_url }}/v1/user/get" + upstream_url: "{{ user_org_service_url }}/v1/user/get" strip_uri: true plugins: - name: jwt @@ -922,7 +922,7 @@ kong_apis: - name: getUserByKeyV2 uris: "{{ user_service_prefix }}/v2/get" - upstream_url: "{{ learning_service_url }}/v2/user/get" + upstream_url: "{{ user_org_service_url }}/v2/user/get" strip_uri: true plugins: - name: jwt @@ -943,7 +943,7 @@ kong_apis: - name: getUserProfile uris: "{{ user_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/user/read" + upstream_url: "{{ user_org_service_url }}/v1/user/read" strip_uri: true plugins: - name: jwt @@ -964,7 +964,7 @@ kong_apis: - name: getUserProfileV2 uris: "{{ user_service_prefix }}/v2/read" - upstream_url: "{{ learning_service_url }}/v2/user/read" + upstream_url: "{{ user_org_service_url }}/v2/user/read" strip_uri: true plugins: - name: jwt @@ -985,7 +985,7 @@ kong_apis: - name: indexSync uris: "{{ data_service_prefix }}/v1/index/sync" - upstream_url: "{{ learning_service_url }}/v1/data/sync" + upstream_url: "{{ user_org_service_url }}/v1/data/sync" strip_uri: true plugins: - name: jwt @@ -1154,7 +1154,7 @@ kong_apis: - name: listSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/list" - upstream_url: "{{ learning_service_url }}/v1/system/settings/list" + upstream_url: "{{ user_org_service_url }}/v1/system/settings/list" strip_uri: true plugins: - name: jwt @@ -1175,7 +1175,7 @@ kong_apis: - name: masterLocationCreate uris: "{{ data_service_prefix }}/v1/location/create" - upstream_url: "{{ learning_service_url }}/v1/location/create" + upstream_url: "{{ user_org_service_url }}/v1/location/create" strip_uri: true plugins: - name: jwt @@ -1196,7 +1196,7 @@ kong_apis: - name: masterLocationDelete uris: "{{ data_service_prefix }}/v1/location/delete" - upstream_url: "{{ learning_service_url }}/v1/location/delete" + upstream_url: "{{ user_org_service_url }}/v1/location/delete" strip_uri: true plugins: - name: jwt @@ -1217,7 +1217,7 @@ kong_apis: - name: masterLocationSearch uris: "{{ data_service_prefix }}/v1/location/search" - upstream_url: "{{ learning_service_url }}/v1/location/search" + upstream_url: "{{ user_org_service_url }}/v1/location/search" strip_uri: true plugins: - name: jwt @@ -1238,7 +1238,7 @@ kong_apis: - name: masterLocationUpdate uris: "{{ data_service_prefix }}/v1/location/update" - upstream_url: "{{ learning_service_url }}/v1/location/update" + upstream_url: "{{ user_org_service_url }}/v1/location/update" strip_uri: true plugins: - name: jwt @@ -1259,7 +1259,7 @@ kong_apis: - name: masterLocationUpload uris: "{{ data_service_prefix }}/v1/bulk/location/upload" - upstream_url: "{{ learning_service_url }}/v1/bulk/location/upload" + upstream_url: "{{ user_org_service_url }}/v1/bulk/location/upload" strip_uri: true plugins: - name: jwt @@ -1280,7 +1280,7 @@ kong_apis: - name: mergeUserAccounts uris: "{{ user_service_prefix }}/v1/account/merge" - upstream_url: "{{ learning_service_url }}/private/user/v1/account/merge" + upstream_url: "{{ user_org_service_url }}/private/user/v1/account/merge" strip_uri: true plugins: - name: jwt @@ -1301,7 +1301,7 @@ kong_apis: - name: orgAssignKeys uris: "{{ org_service_prefix }}/v1/assign/key" - upstream_url: "{{ learning_service_url }}/v1/org/assign/key" + upstream_url: "{{ user_org_service_url }}/v1/org/assign/key" strip_uri: true plugins: - name: jwt @@ -1322,7 +1322,7 @@ kong_apis: - name: orgBulkUpload uris: "{{ org_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/org/upload" + upstream_url: "{{ user_org_service_url }}/v1/org/upload" strip_uri: true plugins: - name: jwt @@ -1343,7 +1343,7 @@ kong_apis: - name: privateUserAssignRole uris: "{{ user_service_prefix }}/private/v1/assign/role" - upstream_url: "{{ learning_service_url }}/private/user/v1/assign/role" + upstream_url: "{{ user_org_service_url }}/private/user/v1/assign/role" strip_uri: true plugins: - name: jwt @@ -1364,7 +1364,7 @@ kong_apis: - name: privateUserRead uris: "{{ user_service_prefix }}/private/v1/read" - upstream_url: "{{ learning_service_url }}/private/user/v1/read" + upstream_url: "{{ user_org_service_url }}/private/user/v1/read" strip_uri: true plugins: - name: jwt @@ -1490,7 +1490,7 @@ kong_apis: - name: readNote uris: "{{ notes_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/note/read" + upstream_url: "{{ user_org_service_url }}/v1/note/read" strip_uri: true plugins: - name: jwt @@ -1511,7 +1511,7 @@ kong_apis: - name: readOrg uris: "{{ org_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/org/read" + upstream_url: "{{ user_org_service_url }}/v1/org/read" strip_uri: true plugins: - name: jwt @@ -1553,7 +1553,7 @@ kong_apis: - name: readRoleMapping uris: "{{ data_service_prefix }}/v1/role/read" - upstream_url: "{{ learning_service_url }}/v1/role/read" + upstream_url: "{{ user_org_service_url }}/v1/role/read" strip_uri: true plugins: - name: jwt @@ -1574,7 +1574,7 @@ kong_apis: - name: readUserSpecificRole uris: "{{ user_service_prefix }}/v1/role/read" - upstream_url: "{{ learning_service_url }}/v1/user/role/read" + upstream_url: "{{ user_org_service_url }}/v1/user/role/read" strip_uri: true plugins: - name: jwt @@ -1595,7 +1595,7 @@ kong_apis: - name: readUserProfile uris: "{{ user_service_prefix }}/v1/profile/read" - upstream_url: "{{ learning_service_url }}/v1/user/getuser" + upstream_url: "{{ user_org_service_url }}/v1/user/getuser" strip_uri: true plugins: - name: jwt @@ -1889,7 +1889,7 @@ kong_apis: - name: searchNotes uris: "{{ notes_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/note/search" + upstream_url: "{{ user_org_service_url }}/v1/note/search" strip_uri: true plugins: - name: jwt @@ -1910,7 +1910,7 @@ kong_apis: - name: searchOrgExtended uris: "{{ org_service_prefix }}/v1/ext/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" + upstream_url: "{{ user_org_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -1927,7 +1927,7 @@ kong_apis: - name: searchOrg uris: "{{ org_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" + upstream_url: "{{ user_org_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -1944,7 +1944,7 @@ kong_apis: - name: searchUser uris: "{{ user_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/user/search" + upstream_url: "{{ user_org_service_url }}/v1/user/search" strip_uri: true plugins: - name: jwt @@ -1965,7 +1965,7 @@ kong_apis: - name: sendEmailNotification uris: "{{ user_service_prefix }}/v1/notification/email" - upstream_url: "{{ learning_service_url }}/v1/notification/email" + upstream_url: "{{ user_org_service_url }}/v1/notification/email" strip_uri: true plugins: - name: jwt @@ -1986,7 +1986,7 @@ kong_apis: - name: unblockUser uris: "{{ user_service_prefix }}/v1/unblock" - upstream_url: "{{ learning_service_url }}/v1/user/unblock" + upstream_url: "{{ user_org_service_url }}/v1/user/unblock" strip_uri: true plugins: - name: jwt @@ -2070,7 +2070,7 @@ kong_apis: - name: updateNote uris: "{{ notes_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/note/update" + upstream_url: "{{ user_org_service_url }}/v1/note/update" strip_uri: true plugins: - name: jwt @@ -2091,7 +2091,7 @@ kong_apis: - name: updateOrg uris: "{{ org_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/org/update" + upstream_url: "{{ user_org_service_url }}/v1/org/update" strip_uri: true plugins: - name: jwt @@ -2112,7 +2112,7 @@ kong_apis: - name: updateOrgStatus uris: "{{ org_service_prefix }}/v1/status/update" - upstream_url: "{{ learning_service_url }}/v1/org/status/update" + upstream_url: "{{ user_org_service_url }}/v1/org/status/update" strip_uri: true plugins: - name: jwt @@ -2175,7 +2175,7 @@ kong_apis: - name: updateUser uris: "{{ user_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/update" + upstream_url: "{{ user_org_service_url }}/v1/user/update" strip_uri: true plugins: - name: jwt @@ -2217,7 +2217,7 @@ kong_apis: - name: userBulkUpload uris: "{{ user_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/user/upload" + upstream_url: "{{ user_org_service_url }}/v1/user/upload" strip_uri: true plugins: - name: jwt @@ -2238,7 +2238,7 @@ kong_apis: - name: userExistenceApi uris: "{{ user_service_prefix }}/v1/exists" - upstream_url: "{{ learning_service_url }}/v1/user/exists" + upstream_url: "{{ user_org_service_url }}/v1/user/exists" strip_uri: true plugins: - name: jwt @@ -2259,7 +2259,7 @@ kong_apis: - name: userExistenceApiV2 uris: "{{ user_service_prefix }}/v2/exists" - upstream_url: "{{ learning_service_url }}/v2/user/exists" + upstream_url: "{{ user_org_service_url }}/v2/user/exists" strip_uri: true plugins: - name: jwt @@ -2280,7 +2280,7 @@ kong_apis: - name: userFeed uris: "{{ user_service_prefix }}/v1/feed" - upstream_url: "{{ learning_service_url }}/v1/user/feed" + upstream_url: "{{ user_org_service_url }}/v1/user/feed" strip_uri: true plugins: - name: jwt @@ -2301,7 +2301,7 @@ kong_apis: - name: userFeedCreate uris: "{{ user_service_prefix }}/feed/v1/create" - upstream_url: "{{ learning_service_url }}/v1/user/feed/create" + upstream_url: "{{ user_org_service_url }}/v1/user/feed/create" strip_uri: true plugins: - name: jwt @@ -2322,7 +2322,7 @@ kong_apis: - name: userFeedDelete uris: "{{ user_service_prefix }}/feed/v1/delete" - upstream_url: "{{ learning_service_url }}/v1/user/feed/delete" + upstream_url: "{{ user_org_service_url }}/v1/user/feed/delete" strip_uri: true plugins: - name: jwt @@ -2343,7 +2343,7 @@ kong_apis: - name: userFeedUpdate uris: "{{ user_service_prefix }}/feed/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/feed/update" + upstream_url: "{{ user_org_service_url }}/v1/user/feed/update" strip_uri: true plugins: - name: jwt @@ -2364,7 +2364,7 @@ kong_apis: - name: userMigrate uris: "{{ user_service_prefix }}/v1/migrate" - upstream_url: "{{ learning_service_url }}/v1/user/migrate" + upstream_url: "{{ user_org_service_url }}/v1/user/migrate" strip_uri: true plugins: - name: jwt @@ -2406,7 +2406,7 @@ kong_apis: - name: verifyOtp uris: "{{ otp_service_prefix }}/v1/verify" - upstream_url: "{{ learning_service_url }}/v1/otp/verify" + upstream_url: "{{ user_org_service_url }}/v1/otp/verify" strip_uri: true plugins: - name: jwt @@ -2427,7 +2427,7 @@ kong_apis: - name: verifyOtpV2 uris: "{{ otp_service_prefix }}/v2/verify" - upstream_url: "{{ learning_service_url }}/v2/otp/verify" + upstream_url: "{{ user_org_service_url }}/v2/otp/verify" strip_uri: true plugins: - name: jwt @@ -2574,7 +2574,7 @@ kong_apis: - name: forgotPassword uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" - upstream_url: "{{ learning_service_url }}/private/user/v1/password/reset" + upstream_url: "{{ user_org_service_url }}/private/user/v1/password/reset" strip_uri: true plugins: - name: jwt @@ -2595,7 +2595,7 @@ kong_apis: - name: searchManagedUser uris: "{{ user_service_prefix }}/v1/managed" - upstream_url: "{{ learning_service_url }}/v1/user/managed" + upstream_url: "{{ user_org_service_url }}/v1/user/managed" strip_uri: true plugins: - name: jwt @@ -2763,7 +2763,7 @@ kong_apis: - name: getUserProfileV3 uris: "{{ user_service_prefix }}/v3/read" - upstream_url: "{{ learning_service_url }}/v3/user/read" + upstream_url: "{{ user_org_service_url }}/v3/user/read" strip_uri: true plugins: - name: jwt @@ -2784,7 +2784,7 @@ kong_apis: - name: updateUserDeclarations uris: "{{ user_service_prefix }}/v1/declarations" - upstream_url: "{{ learning_service_url }}/v1/user/declarations" + upstream_url: "{{ user_org_service_url }}/v1/user/declarations" strip_uri: true plugins: - name: jwt @@ -2805,7 +2805,7 @@ kong_apis: - name: updateUserConsent uris: "{{ user_service_prefix }}/v1/consent/update" - upstream_url: "{{ learning_service_url }}/v1/user/consent/update" + upstream_url: "{{ user_org_service_url }}/v1/user/consent/update" strip_uri: true plugins: - name: jwt @@ -2826,7 +2826,7 @@ kong_apis: - name: readUserConsent uris: "{{ user_service_prefix }}/v1/consent/read" - upstream_url: "{{ learning_service_url }}/v1/user/consent/read" + upstream_url: "{{ user_org_service_url }}/v1/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2847,7 +2847,7 @@ kong_apis: - name: readUserConsentV2 uris: "{{ user_service_prefix }}/v2/consent/read" - upstream_url: "{{ learning_service_url }}/v2/user/consent/read" + upstream_url: "{{ user_org_service_url }}/v2/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2868,7 +2868,7 @@ kong_apis: - name: createTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/create" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/create" + upstream_url: "{{ user_org_service_url }}/v2/org/preferences/create" strip_uri: true plugins: - name: jwt @@ -2889,7 +2889,7 @@ kong_apis: - name: updateTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/update" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/update" + upstream_url: "{{ user_org_service_url }}/v2/org/preferences/update" strip_uri: true plugins: - name: jwt @@ -2910,7 +2910,7 @@ kong_apis: - name: readTenantPreferencess uris: "{{ org_service_prefix }}/v2/preferences/read" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/read" + upstream_url: "{{ user_org_service_url }}/v2/org/preferences/read" strip_uri: true plugins: - name: jwt @@ -3540,7 +3540,7 @@ kong_apis: - name: updateUserV2 uris: "{{ user_service_prefix }}/v2/update" - upstream_url: "{{ learning_service_url }}/v2/user/update" + upstream_url: "{{ user_org_service_url }}/v2/user/update" strip_uri: true plugins: - name: jwt @@ -3561,7 +3561,7 @@ kong_apis: - name: managedUserV1Create uris: "{{ user_service_prefix }}/v1/managed/create" - upstream_url: "{{ learning_service_url }}/v1/manageduser/create" + upstream_url: "{{ user_org_service_url }}/v1/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3582,7 +3582,7 @@ kong_apis: - name: managedUserV2Create uris: "{{ user_service_prefix }}/v2/managed/create" - upstream_url: "{{ learning_service_url }}/v2/manageduser/create" + upstream_url: "{{ user_org_service_url }}/v2/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3603,7 +3603,7 @@ kong_apis: - name: ssoUserV1Create uris: "{{ user_service_prefix }}/v1/sso/create" - upstream_url: "{{ learning_service_url }}/v1/ssouser/create" + upstream_url: "{{ user_org_service_url }}/v1/ssouser/create" strip_uri: true plugins: - name: jwt @@ -3624,7 +3624,7 @@ kong_apis: - name: ssoUserV2Create uris: "{{ user_service_prefix }}/v2/signup" - upstream_url: "{{ learning_service_url }}/v2/user/signup" + upstream_url: "{{ user_org_service_url }}/v2/user/signup" strip_uri: true plugins: - name: jwt @@ -3645,7 +3645,7 @@ kong_apis: - name: getUserProfileV4 uris: "{{ user_service_prefix }}/v4/read" - upstream_url: "{{ learning_service_url }}/v4/user/read" + upstream_url: "{{ user_org_service_url }}/v4/user/read" strip_uri: true plugins: - name: jwt @@ -3666,7 +3666,7 @@ kong_apis: - name: getUserProfileV5 uris: "{{ user_service_prefix }}/v5/read" - upstream_url: "{{ learning_service_url }}/v5/user/read" + upstream_url: "{{ user_org_service_url }}/v5/user/read" strip_uri: true plugins: - name: jwt @@ -3687,7 +3687,7 @@ kong_apis: - name: searchUserV2 uris: "{{ user_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/user/search" + upstream_url: "{{ user_org_service_url }}/v2/user/search" strip_uri: true plugins: - name: jwt @@ -3708,7 +3708,7 @@ kong_apis: - name: searchUserV3 uris: "{{ user_service_prefix }}/v3/search" - upstream_url: "{{ learning_service_url }}/v3/user/search" + upstream_url: "{{ user_org_service_url }}/v3/user/search" strip_uri: true plugins: - name: jwt @@ -3729,7 +3729,7 @@ kong_apis: - name: searchOrgV2 uris: "{{ org_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/org/search" + upstream_url: "{{ user_org_service_url }}/v2/org/search" strip_uri: true plugins: - name: cors @@ -3829,7 +3829,7 @@ kong_apis: - name: updateUserV3 uris: "{{ user_service_prefix }}/v3/update" - upstream_url: "{{ learning_service_url }}/v3/user/update" + upstream_url: "{{ user_org_service_url }}/v3/user/update" strip_uri: true plugins: - name: jwt From c43cfe60aeac79e72308c34e73d1dc10e5024eba Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 18 Apr 2023 17:56:12 +0530 Subject: [PATCH 04/33] Issue #LR-422 feat: Pointed the channel create and update to content-service instead on learning-service. --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index d02bd84ba8..5fd974cd21 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -11,7 +11,6 @@ sunbird_cassandra_username=cassandra sunbird_cassandra_password=password actor_hostname=actor-service bind_hostname=0.0.0.0 -ekstep_authorization={{sunbird_ekstep_api_key}} sunbird_pg_host={{sunbird_pg_host}} sunbird_pg_port={{sunbird_pg_port}} sunbird_pg_db={{sunbird_pg_db}} @@ -20,7 +19,7 @@ sunbird_pg_password={{sunbird_pg_password}} sunbird_installation={{sunbird_installation}} sunbird_analytics_api_base_url={{sunbird_analytics_api_base_url}} sunbird_search_service_api_base_url={{sunbird_search_service_api_base_url}} -ekstep_api_base_url={{sunbird_content_repo_api_base_url}} +sunbird_content_service_api_base_url={{sunbird_content_service_api_base_url}} sunbird_mail_server_host={{sunbird_mail_server_host}} sunbird_mail_server_port={{sunbird_mail_server_port}} sunbird_mail_server_username={{sunbird_mail_server_username}} From 350385d8476a016c517846763ec147e727ffc536 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 18 Apr 2023 18:06:17 +0530 Subject: [PATCH 05/33] Issue #LR-422 feat: Removed unused variables --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 5fd974cd21..fe5e9f6605 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -57,8 +57,6 @@ telemetry_pdata_pid=learner-service sunbird_telemetry_base_url=http://telemetry-service:9001 telemetry_queue_threshold_value=100 sunbird_default_channel={{sunbird_default_channel}} -sunbird_api_mgr_base_url=http://knowledge-mw-service:5000 -sunbird_cs_base_url=http://knowledge-mw-service:5000 sunbird_cs_search_path=/v1/content/search sunbird_user_bulk_upload_size={{sunbird_user_bulk_upload_size}} From 1a308deac8a2906f0410ab744f0fdcf1f198caf8 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 25 Apr 2023 15:53:02 +0530 Subject: [PATCH 06/33] Issue #LR-517 feat: new API to upload public encryption key --- ansible/roles/kong-api/defaults/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8567531542..2381071916 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -1335,6 +1335,27 @@ kong_apis: config.required: false config.enabled: false +- name: orgAddEncryptionKey + uris: "{{ org_service_prefix }}/v1/update/encryptionkey" + upstream_url: "{{ learning_service_url }}/v1/org/update/encryptionkey" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - orgAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + - name: orgBulkUpload uris: "{{ org_service_prefix }}/v1/upload" upstream_url: "{{ learning_service_url }}/v1/org/upload" From 8c05d034a8d66f63f2c417b35a1bdf38b5115dbc Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Fri, 28 Apr 2023 12:00:45 +0530 Subject: [PATCH 07/33] Issue #LR-517 feat: new API to upload public encryption key --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2381071916..da972a1665 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -1345,7 +1345,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - orgAdmin + - orgSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 996904f3ec155c69c194d68f6bd2985a01389704 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 3 May 2023 11:05:45 +0530 Subject: [PATCH 08/33] Issue #LR-522 chore: Fixed the syntax issue --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index ef5e044ec5..7a2c5f7ff7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -153,5 +153,5 @@ cloud_storage_path_prefix_dial={{ cloudstorage_relative_path_prefix_dial | defau cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default('CLOUD_BASE_PATH') }} # Release-5.2.0 LR-325 -sunbird_dial_service_base_url = {{ dial_service_url | default('http://dial-service:9000') }} -sunbird_dial_service_search_url = "/v1/dialcode/search" \ No newline at end of file +sunbird_dial_service_base_url={{ dial_service_url | default('http://dial-service:9000') }} +sunbird_dial_service_search_url="/v1/dialcode/search" \ No newline at end of file From 75f96b6e2176dea3cf4993e391ca14a454b27fd5 Mon Sep 17 00:00:00 2001 From: Reshmi Nair Date: Thu, 4 May 2023 12:19:10 +0530 Subject: [PATCH 09/33] LR-539 Exhaust Proxy Apis added --- ansible/roles/kong-api/defaults/main.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index da972a1665..bb9e3c667e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -435,6 +435,48 @@ kong_apis: config.required: true config.enabled: true +- name: exhaustSubmitProxyAPI + uris: "{{ course_service_prefix }}/v1/jobrequest/submit" + upstream_url: "{{ lms_service_url }}/v1/jobrequest/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - courseAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: exhaustListProxyAPI + uris: "{{ course_service_prefix }}/v1/jobrequest/list" + upstream_url: "{{ lms_service_url }}/v1/jobrequest/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - courseAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + - name: createCertTemplate uris: "{{ cert_service_prefix }}/v1/template/create" upstream_url: "{{ cert_service_url }}/cert/v1/template/create" From 10444c8ad7b7677b9216f5d314d8d44805cda8c9 Mon Sep 17 00:00:00 2001 From: Reshmi Nair Date: Thu, 4 May 2023 12:39:35 +0530 Subject: [PATCH 10/33] LR-539 Exhaust Service apis properties fixed --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 7a2c5f7ff7..7dfd4bfed7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -154,4 +154,9 @@ cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default # Release-5.2.0 LR-325 sunbird_dial_service_base_url={{ dial_service_url | default('http://dial-service:9000') }} -sunbird_dial_service_search_url="/v1/dialcode/search" \ No newline at end of file +sunbird_dial_service_search_url="/v1/dialcode/search" + +# Release-5.3.0 LR-539 +exhaust_api_base_url={{ analytics_service_url | default('http://analytics-service:9000') }} +exhaust_api_submit_endpoint=/request/submit +exhaust_api_list_endpoint=/request/list/ \ No newline at end of file From 531a46186cd42cb5abf6f55db5afadd04e8f7f37 Mon Sep 17 00:00:00 2001 From: kumarks1122 Date: Sat, 6 May 2023 23:46:36 +0530 Subject: [PATCH 11/33] LR-438 | RC registry template changes --- .../sunbird-RC/registry/schemas/TrainingCertificate.json | 4 +++- utils/sunbird-RC/schema/credential_template.json | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json index 84dc1d5429..3f5a5fed18 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json @@ -53,8 +53,10 @@ }, "certificateLabel":{ "type": "string" + }, + "issuedOn": { + "type": "string" } - } } }, diff --git a/utils/sunbird-RC/schema/credential_template.json b/utils/sunbird-RC/schema/credential_template.json index a999eca8da..123457817b 100644 --- a/utils/sunbird-RC/schema/credential_template.json +++ b/utils/sunbird-RC/schema/credential_template.json @@ -9,7 +9,12 @@ ], {% raw %} "id":"did:sunbird:{{osid}}", + {{#if issuedOn}} + "issuanceDate": "{{issuedOn}}", + {{/if}} + {{#unless issuedOn}} "issuanceDate": "{{osCreatedAt}}", + {{/unless}} "credentialSubject": { "type":"{{certificateLabel}}", "recipientName": "{{recipient.name}}", From e37c90ebe17e5e38ae1f9957f6a02302d39ed892 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Fri, 26 May 2023 11:58:34 +0530 Subject: [PATCH 12/33] Issue #LR-324 fix:adding content_read_url to environment variable to make it dynamic --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 7dfd4bfed7..b08a937fc7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -159,4 +159,7 @@ sunbird_dial_service_search_url="/v1/dialcode/search" # Release-5.3.0 LR-539 exhaust_api_base_url={{ analytics_service_url | default('http://analytics-service:9000') }} exhaust_api_submit_endpoint=/request/submit -exhaust_api_list_endpoint=/request/list/ \ No newline at end of file +exhaust_api_list_endpoint=/request/list/ + +# Release-5.3.0 LR-324 +content_read_url=/content/v3/read/ \ No newline at end of file From ca6d8cf3f21b6235369c56f13059e10686b9fb3f Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 2 Jun 2023 14:31:43 +0530 Subject: [PATCH 13/33] Issue #LR-101 feat: Added the updated jenkins for Cassandra deploy. --- .../jobs/Kubernetes/jobs/Cassandra/config.xml | 474 ++++++++++-------- 1 file changed, 258 insertions(+), 216 deletions(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml index 1e9db63132..3304f15fad 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml @@ -1,219 +1,261 @@ - - - false - - - - -1 - 10 - -1 - 2 - - - - - false - false - - - - - absolute_job_path - <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - ArtifactUpload/dev/Core/Cassandra - false - - - artifact_source - <font color=dimgray size=2><b> -ArtifactRepo - Download the artifact from azure blob, JenkinsJob - Use the atrifact from Jenkins job.</b></font> - choice-parameter-9600649228560 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - PT_SINGLE_SELECT - false - 1 - - - build_number - - choice-parameter-9600651313765 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - artifact_version - - choice-parameter-9600653373369 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - private_branch - - choice-parameter-2544395024638227 - 1 - - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - branch_or_tag - - choice-parameter-2620434998790477 - 1 - + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + build_number + choice-parameter-591902397549104 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + true + + + artifact_version + choice-parameter-591902398907654 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + false + + + private_branch + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + branch_or_tag + choice-parameter-2620434998790477 + 1 + - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - - - 0 - 0 - - false - project - false - - - - - - - - ArtifactUpload/dev/Core/Cassandra - - SUCCESS - 0 - BLUE - true - - - - - - - - 2 - - - https://github.com/project-sunbird/sunbird-devops.git - - - - - ${branch_or_tag} - - - false - - - - true - false - - 0 - false - - - - pipelines/deploy/cassandra-deploy/Jenkinsfile - false - - - false + } + else + return """<b>This parameter is not used</b>""" + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + script_repo + Enter the repo url from which keyspace script folder to be uploaded + https://github.com/Sunbird-Lern/sunbird-utils.git + false + + + script_repo_branch_or_tag + Enter the branch or tag for keyspace script repo + ${branch_or_tag} + false + + + cassandra_keyspace_to_migrate + choice-parameter-598043621453772 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + + + 0 + 0 + + false + project + false + + + + + + + + ArtifactUpload/dev/Core/Cassandra + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${public_repo_branch} + + + false + + + + true + false + + 0 + false + + + + pipelines/deploy/cassandra-deploy/Jenkinsfile + false + + + false \ No newline at end of file From 8ffc2dede846cfc7e397bc155904a0526e5e0044 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 2 Jun 2023 14:36:00 +0530 Subject: [PATCH 14/33] Issue #LR-101 feat: Added the updated jenkins for Cassandra deploy. --- .../jobs/Kubernetes/jobs/Cassandra/config.xml | 474 ++++++++++-------- 1 file changed, 258 insertions(+), 216 deletions(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml index 1e9db63132..3304f15fad 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml @@ -1,219 +1,261 @@ - - - false - - - - -1 - 10 - -1 - 2 - - - - - false - false - - - - - absolute_job_path - <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - ArtifactUpload/dev/Core/Cassandra - false - - - artifact_source - <font color=dimgray size=2><b> -ArtifactRepo - Download the artifact from azure blob, JenkinsJob - Use the atrifact from Jenkins job.</b></font> - choice-parameter-9600649228560 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - PT_SINGLE_SELECT - false - 1 - - - build_number - - choice-parameter-9600651313765 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - artifact_version - - choice-parameter-9600653373369 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - private_branch - - choice-parameter-2544395024638227 - 1 - - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - branch_or_tag - - choice-parameter-2620434998790477 - 1 - + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + build_number + choice-parameter-591902397549104 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + true + + + artifact_version + choice-parameter-591902398907654 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + false + + + private_branch + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + branch_or_tag + choice-parameter-2620434998790477 + 1 + - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - - - 0 - 0 - - false - project - false - - - - - - - - ArtifactUpload/dev/Core/Cassandra - - SUCCESS - 0 - BLUE - true - - - - - - - - 2 - - - https://github.com/project-sunbird/sunbird-devops.git - - - - - ${branch_or_tag} - - - false - - - - true - false - - 0 - false - - - - pipelines/deploy/cassandra-deploy/Jenkinsfile - false - - - false + } + else + return """<b>This parameter is not used</b>""" + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + script_repo + Enter the repo url from which keyspace script folder to be uploaded + https://github.com/Sunbird-Lern/sunbird-utils.git + false + + + script_repo_branch_or_tag + Enter the branch or tag for keyspace script repo + ${branch_or_tag} + false + + + cassandra_keyspace_to_migrate + choice-parameter-598043621453772 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + + + 0 + 0 + + false + project + false + + + + + + + + ArtifactUpload/dev/Core/Cassandra + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${public_repo_branch} + + + false + + + + true + false + + 0 + false + + + + pipelines/deploy/cassandra-deploy/Jenkinsfile + false + + + false \ No newline at end of file From 72febe57270a52bff98fd41b3de074ad79325980 Mon Sep 17 00:00:00 2001 From: Shakthieshwari <39152861+Shakthieshwari@users.noreply.github.com> Date: Fri, 2 Jun 2023 20:50:02 +0530 Subject: [PATCH 15/33] Added ML PII New Data Product Job Id to the SubmitDataExhaustAPI (#3833) --- kubernetes/opa/analytics/policies.rego | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/opa/analytics/policies.rego b/kubernetes/opa/analytics/policies.rego index a76d5d03ac..b590c6e3e8 100644 --- a/kubernetes/opa/analytics/policies.rego +++ b/kubernetes/opa/analytics/policies.rego @@ -57,7 +57,7 @@ submitDataExhaustRequest { roles :=["PROGRAM_MANAGER", "PROGRAM_DESIGNER"] super.acls_check(acls) super.role_check(roles) - input.parsed_body.request.dataset in ["druid-dataset"] + input.parsed_body.request.dataset in ["druid-dataset","program-user-exhaust"] x_channel_id x_authenticated_userid == super.userid } @@ -65,4 +65,4 @@ submitDataExhaustRequest { submitDataExhaustRequest { not x_authenticated_user_token not x_authenticated_userid -} \ No newline at end of file +} From 1ff879ed940558f908e4df4e6c89294c773f2e10 Mon Sep 17 00:00:00 2001 From: Shakthieshwari Date: Mon, 5 Jun 2023 18:12:14 +0530 Subject: [PATCH 16/33] Added ML PII New Data Product Job Id to the SubmitDataExhaustAPI to 5.2.0-lern branch --- kubernetes/opa/analytics/policies.rego | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/opa/analytics/policies.rego b/kubernetes/opa/analytics/policies.rego index a76d5d03ac..b590c6e3e8 100644 --- a/kubernetes/opa/analytics/policies.rego +++ b/kubernetes/opa/analytics/policies.rego @@ -57,7 +57,7 @@ submitDataExhaustRequest { roles :=["PROGRAM_MANAGER", "PROGRAM_DESIGNER"] super.acls_check(acls) super.role_check(roles) - input.parsed_body.request.dataset in ["druid-dataset"] + input.parsed_body.request.dataset in ["druid-dataset","program-user-exhaust"] x_channel_id x_authenticated_userid == super.userid } @@ -65,4 +65,4 @@ submitDataExhaustRequest { submitDataExhaustRequest { not x_authenticated_user_token not x_authenticated_userid -} \ No newline at end of file +} From beb77b424787b3e39cba572edc4043e65fbca953 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 7 Jun 2023 16:39:38 +0530 Subject: [PATCH 17/33] Issue #LR-122 feat: Renamed user-org to userorg --- .../helm_charts/core/user-org/Chart.yaml | 5 - .../core/user-org/templates/configmap.yaml | 25 --- .../core/user-org/templates/deployment.yaml | 170 ------------------ .../core/user-org/templates/hpa.yaml | 27 --- .../helm_charts/core/user-org/values.j2 | 72 -------- .../core/{user-org => userorg}/.helmignore | 0 .../helm_charts/core/userorg/Chart.yaml | 2 +- .../templates/_helpers.tpl | 0 .../core/userorg/templates/configmap.yaml | 35 ++-- .../core/userorg/templates/deployment.yaml | 115 +++++++++++- .../templates/envoy-config.yaml | 0 .../templates/serviceMonitor.yaml | 0 kubernetes/helm_charts/core/userorg/values.j2 | 72 ++++++-- 13 files changed, 195 insertions(+), 328 deletions(-) delete mode 100644 kubernetes/helm_charts/core/user-org/Chart.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/templates/configmap.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/templates/deployment.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/templates/hpa.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/values.j2 rename kubernetes/helm_charts/core/{user-org => userorg}/.helmignore (100%) rename kubernetes/helm_charts/core/{user-org => userorg}/templates/_helpers.tpl (100%) rename kubernetes/helm_charts/core/{user-org => userorg}/templates/envoy-config.yaml (100%) rename kubernetes/helm_charts/core/{user-org => userorg}/templates/serviceMonitor.yaml (100%) diff --git a/kubernetes/helm_charts/core/user-org/Chart.yaml b/kubernetes/helm_charts/core/user-org/Chart.yaml deleted file mode 100644 index b6eea73a17..0000000000 --- a/kubernetes/helm_charts/core/user-org/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: user-org -version: 0.1.0 diff --git a/kubernetes/helm_charts/core/user-org/templates/configmap.yaml b/kubernetes/helm_charts/core/user-org/templates/configmap.yaml deleted file mode 100644 index 7c91ec6cca..0000000000 --- a/kubernetes/helm_charts/core/user-org/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -{{- $keys := .Files.Glob "keys/*" }} -{{ if $keys }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Chart.Name }}-access-keys -type: Opaque -data: -{{ (.Files.Glob "keys/*").AsSecrets | indent 2 }} -{{ end }} - ---- -{{- if .Values.learner_opa_enabled }} -{{- $bundle := .Files.Glob "bundle/*" }} -{{ if $bundle }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Chart.Name }}-opa-policy - namespace: {{ .Values.namespace }} -binaryData: - bundle.tar.gz: {{ (.Files.Get "bundle/bundle.tar.gz") | b64enc }} -{{ end }} -{{ end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/user-org/templates/deployment.yaml b/kubernetes/helm_charts/core/user-org/templates/deployment.yaml deleted file mode 100644 index 9ae78bfebf..0000000000 --- a/kubernetes/helm_charts/core/user-org/templates/deployment.yaml +++ /dev/null @@ -1,170 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Chart.Name }} - namespace: {{ .Values.namespace }} - annotations: - reloader.stakater.com/auto: "true" -spec: - replicas: {{ .Values.replicaCount }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.strategy.maxsurge }} - maxUnavailable: {{ .Values.strategy.maxunavailable }} - selector: - matchLabels: - app: {{ .Chart.Name }} - template: - metadata: - labels: - app: {{ .Chart.Name }} - spec: -{{- if .Values.imagepullsecrets }} - imagePullSecrets: - - name: {{ .Values.imagepullsecrets }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" - imagePullPolicy: Always - env: - - name: JAVA_OPTIONS - value: {{ .Values.env.javaoptions | quote }} - - name: _JAVA_OPTIONS - value: -Dlog4j2.formatMsgNoLookups=true - envFrom: - - configMapRef: - name: {{ .Chart.Name }}-config - resources: -{{ toYaml .Values.resources | indent 10 }} - ports: - - containerPort: {{ .Values.network.port }} - {{- if .Values.healthcheck }} - livenessProbe: -{{ toYaml .Values.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.readinessProbe | indent 10 }} - {{- end }} - volumeMounts: - - name: {{ .Chart.Name }}-xml-config - mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml - subPath: user-org-service_logback.xml -{{- $keys := .Files.Glob "keys/*" }} -{{- if $keys }} - - mountPath: {{ .Values.learner_access_basepath }} - name: access-keys -{{- end }} -{{- if .Values.learner_opa_enabled }} - - args: - - envoy - - --config-path - - /config/envoy-config.yaml - env: - - name: ENVOY_UID - value: "1111" - image: envoyproxy/envoy:v1.20.0 - imagePullPolicy: IfNotPresent - name: envoy - {{- if .Values.envoy_healthcheck }} - livenessProbe: -{{ toYaml .Values.envoy_livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.envoy_readinessProbe | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.envoy_resources | indent 10 }} - volumeMounts: - - mountPath: /config - name: envoy-config - readOnly: true - - args: - - run - - --server - - /bundle - - --addr=localhost:8181 - - --diagnostic-addr=0.0.0.0:8282 - - --set=plugins.envoy_ext_authz_grpc.addr=:9191 - - --set=plugins.envoy_ext_authz_grpc.path=main/allow - - --set=decision_logs.plugin=print_decision_logs_on_failure - - --set=plugins.print_decision_logs_on_failure.stdout=true - - --log-level=error - - --ignore=.* - image: sunbird/opa:0.34.2-envoy - imagePullPolicy: IfNotPresent - name: opa - {{- if .Values.opa_healthcheck }} - livenessProbe: -{{ toYaml .Values.opa_livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.opa_readinessProbe | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.opa_resources | indent 10 }} - volumeMounts: - - mountPath: /bundle - name: opa-policy - readOnly: true - initContainers: - - args: - - -p - - "9999" - - -u - - "1111" - - -w - - "8282,10000" - image: openpolicyagent/proxy_init:v5 - imagePullPolicy: IfNotPresent - name: proxy-init - resources: -{{ toYaml .Values.initcontainer_resources | indent 10 }} - securityContext: - capabilities: - add: - - NET_ADMIN - runAsNonRoot: false - runAsUser: 0 -{{- end }} - volumes: - - name: {{ .Chart.Name }}-xml-config - configMap: - name: {{ .Chart.Name }}-xml-config -{{- $keys := .Files.Glob "keys/*" }} -{{- if $keys }} - - name: access-keys - secret: - secretName: {{ .Chart.Name }}-access-keys -{{- end }} -{{- if .Values.learner_opa_enabled }} - - name: envoy-config - configMap: - name: {{ .Chart.Name }}-envoy-config - - name: opa-policy - configMap: - name: {{ .Chart.Name }}-opa-policy -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }}-service - namespace: {{ .Values.namespace }} - labels: - app: {{ .Chart.Name }} -spec: - ports: - - name: http-{{ .Chart.Name }} - protocol: TCP - port: {{ .Values.network.targetport }} -{{- if .Values.learner_opa_enabled }} - - name: opa-metrics - port: 8181 - protocol: TCP - targetPort: 8181 - - name: envoy-metrics - port: 10000 - protocol: TCP - targetPort: 10000 -{{- end }} - selector: - app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/user-org/templates/hpa.yaml b/kubernetes/helm_charts/core/user-org/templates/hpa.yaml deleted file mode 100644 index 1ba4f89a8b..0000000000 --- a/kubernetes/helm_charts/core/user-org/templates/hpa.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ .Chart.Name }} - namespace: {{ .Values.namespace }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ .Chart.Name }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/user-org/values.j2 b/kubernetes/helm_charts/core/user-org/values.j2 deleted file mode 100644 index e07e2a512e..0000000000 --- a/kubernetes/helm_charts/core/user-org/values.j2 +++ /dev/null @@ -1,72 +0,0 @@ - -### Default variable file for user-org-service ### - -namespace: {{ namespace }} -imagepullsecrets: {{ imagepullsecrets }} -dockerhub: {{ dockerhub }} - -env: - javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} - -replicaCount: {{learner_replicacount|default(1)}} -repository: {{learner_repository|default('user-org-service')}} -image_tag: {{ image_tag }} -resources: - requests: - cpu: {{learner_cpu_req|default('100m')}} - memory: {{learner_mem_req|default('100Mi')}} - limits: - cpu: {{learner_cpu_limit|default('1')}} - memory: {{learner_mem_limit|default('1024Mi')}} -network: - port: 9000 - targetport: 9000 -strategy: - type: RollingUpdate - maxsurge: {{ learner_maxsurge|default('25%') }} - maxunavailable: {{ learner_maxunavailable|default('25%') }} - -{{ learner_liveness_readiness | to_nice_yaml }} -{{ opa_liveness_readiness | to_nice_yaml }} -{{ envoy_liveness_readiness | to_nice_yaml }} - -learner_opa_enabled: {{ learner_opa_enabled | default('true') }} - -envoy_resources: - requests: - cpu: "{{ learner_envoy_cpu_req | default('100m') }}" - memory: "{{ learner_envoy_mem_req | default('100Mi') }}" - limits: - cpu: "{{ learner_envoy_cpu_limit | default('1') }}" - memory: "{{ learner_envoy_mem_limit | default('1024Mi') }}" - -opa_resources: - requests: - cpu: "{{ learner_opa_cpu_req | default('100m') }}" - memory: "{{ learner_opa_mem_req | default('100Mi') }}" - limits: - cpu: "{{ learner_opa_cpu_limit | default('1') }}" - memory: "{{ learner_opa_mem_limit | default('1024Mi') }}" - -initcontainer_resources: - requests: - cpu: "{{ learner_initcontainer_cpu_req | default('100m') }}" - memory: "{{ learner_initcontainer_mem_req | default('100Mi') }}" - limits: - cpu: "{{ learner_initcontainer_cpu_limit | default('100m') }}" - memory: "{{ learner_initcontainer_mem_limit | default('100Mi') }}" - -learner_access_basepath: {{ learner_access_basepath | default('/keys/') }} - -serviceMonitor: - enabled: true - labels: # labels with which the prometheus choose the serviceMonitor - app: prometheus-operator - release: prometheus-operator - -autoscaling: - enabled: {{ learner_autoscaling_enabled | default('false') }} - minReplicas: {{ learner_autoscaling_minReplicas|default(1) }} - maxReplicas: {{ learner_autoscaling_maxReplicas|default(2) }} - targetCPUUtilizationPercentage: {{ learner_autoscaling_targetCPUUtilizationPercentage|default(60) }} - targetMemoryUtilizationPercentage: {{ learner_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/core/user-org/.helmignore b/kubernetes/helm_charts/core/userorg/.helmignore similarity index 100% rename from kubernetes/helm_charts/core/user-org/.helmignore rename to kubernetes/helm_charts/core/userorg/.helmignore diff --git a/kubernetes/helm_charts/core/userorg/Chart.yaml b/kubernetes/helm_charts/core/userorg/Chart.yaml index c7c993ab63..b6eea73a17 100644 --- a/kubernetes/helm_charts/core/userorg/Chart.yaml +++ b/kubernetes/helm_charts/core/userorg/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes -name: userorg +name: user-org version: 0.1.0 diff --git a/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl b/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl similarity index 100% rename from kubernetes/helm_charts/core/user-org/templates/_helpers.tpl rename to kubernetes/helm_charts/core/userorg/templates/_helpers.tpl diff --git a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml index 94fd443c77..7c91ec6cca 100644 --- a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml @@ -1,10 +1,25 @@ -#apiVersion: v1 -#data: -# {{- range $key, $val := .Values.userorgenv }} -# {{ $key }}: {{ $val }} -# {{- end }} -#kind: ConfigMap -#metadata: -# creationTimestamp: null -# name: {{ .Chart.Name }}-config -# namespace: {{ .Values.namespace }} +--- +{{- $keys := .Files.Glob "keys/*" }} +{{ if $keys }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-access-keys +type: Opaque +data: +{{ (.Files.Glob "keys/*").AsSecrets | indent 2 }} +{{ end }} + +--- +{{- if .Values.learner_opa_enabled }} +{{- $bundle := .Files.Glob "bundle/*" }} +{{ if $bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-opa-policy + namespace: {{ .Values.namespace }} +binaryData: + bundle.tar.gz: {{ (.Files.Get "bundle/bundle.tar.gz") | b64enc }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml index d3f83edaf7..9ae78bfebf 100644 --- a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml @@ -28,6 +28,11 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + - name: _JAVA_OPTIONS + value: -Dlog4j2.formatMsgNoLookups=true envFrom: - configMapRef: name: {{ .Chart.Name }}-config @@ -41,12 +46,108 @@ spec: readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} {{- end }} - + volumeMounts: + - name: {{ .Chart.Name }}-xml-config + mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml + subPath: user-org-service_logback.xml +{{- $keys := .Files.Glob "keys/*" }} +{{- if $keys }} + - mountPath: {{ .Values.learner_access_basepath }} + name: access-keys +{{- end }} +{{- if .Values.learner_opa_enabled }} + - args: + - envoy + - --config-path + - /config/envoy-config.yaml + env: + - name: ENVOY_UID + value: "1111" + image: envoyproxy/envoy:v1.20.0 + imagePullPolicy: IfNotPresent + name: envoy + {{- if .Values.envoy_healthcheck }} + livenessProbe: +{{ toYaml .Values.envoy_livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.envoy_readinessProbe | indent 10 }} + {{- end }} + resources: +{{ toYaml .Values.envoy_resources | indent 10 }} + volumeMounts: + - mountPath: /config + name: envoy-config + readOnly: true + - args: + - run + - --server + - /bundle + - --addr=localhost:8181 + - --diagnostic-addr=0.0.0.0:8282 + - --set=plugins.envoy_ext_authz_grpc.addr=:9191 + - --set=plugins.envoy_ext_authz_grpc.path=main/allow + - --set=decision_logs.plugin=print_decision_logs_on_failure + - --set=plugins.print_decision_logs_on_failure.stdout=true + - --log-level=error + - --ignore=.* + image: sunbird/opa:0.34.2-envoy + imagePullPolicy: IfNotPresent + name: opa + {{- if .Values.opa_healthcheck }} + livenessProbe: +{{ toYaml .Values.opa_livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.opa_readinessProbe | indent 10 }} + {{- end }} + resources: +{{ toYaml .Values.opa_resources | indent 10 }} + volumeMounts: + - mountPath: /bundle + name: opa-policy + readOnly: true + initContainers: + - args: + - -p + - "9999" + - -u + - "1111" + - -w + - "8282,10000" + image: openpolicyagent/proxy_init:v5 + imagePullPolicy: IfNotPresent + name: proxy-init + resources: +{{ toYaml .Values.initcontainer_resources | indent 10 }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsNonRoot: false + runAsUser: 0 +{{- end }} + volumes: + - name: {{ .Chart.Name }}-xml-config + configMap: + name: {{ .Chart.Name }}-xml-config +{{- $keys := .Files.Glob "keys/*" }} +{{- if $keys }} + - name: access-keys + secret: + secretName: {{ .Chart.Name }}-access-keys +{{- end }} +{{- if .Values.learner_opa_enabled }} + - name: envoy-config + configMap: + name: {{ .Chart.Name }}-envoy-config + - name: opa-policy + configMap: + name: {{ .Chart.Name }}-opa-policy +{{- end }} --- apiVersion: v1 kind: Service metadata: - name: user-org-service + name: {{ .Chart.Name }}-service namespace: {{ .Values.namespace }} labels: app: {{ .Chart.Name }} @@ -55,5 +156,15 @@ spec: - name: http-{{ .Chart.Name }} protocol: TCP port: {{ .Values.network.targetport }} +{{- if .Values.learner_opa_enabled }} + - name: opa-metrics + port: 8181 + protocol: TCP + targetPort: 8181 + - name: envoy-metrics + port: 10000 + protocol: TCP + targetPort: 10000 +{{- end }} selector: app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml b/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml similarity index 100% rename from kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml rename to kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml diff --git a/kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml similarity index 100% rename from kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml rename to kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml diff --git a/kubernetes/helm_charts/core/userorg/values.j2 b/kubernetes/helm_charts/core/userorg/values.j2 index 2b0a36cc24..e07e2a512e 100644 --- a/kubernetes/helm_charts/core/userorg/values.j2 +++ b/kubernetes/helm_charts/core/userorg/values.j2 @@ -1,32 +1,72 @@ -### Default variable file for userorg-service ### + +### Default variable file for user-org-service ### namespace: {{ namespace }} imagepullsecrets: {{ imagepullsecrets }} dockerhub: {{ dockerhub }} -replicaCount: {{userorg_replicacount|default(1)}} -repository: {{userorg_repository|default('user_org_service')}} +env: + javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{learner_replicacount|default(1)}} +repository: {{learner_repository|default('user-org-service')}} image_tag: {{ image_tag }} resources: requests: - cpu: {{userorg_cpu_req|default('100m')}} - memory: {{userorg_mem_req|default('100Mi')}} + cpu: {{learner_cpu_req|default('100m')}} + memory: {{learner_mem_req|default('100Mi')}} limits: - cpu: {{userorg_cpu_limit|default('1')}} - memory: {{userorg_mem_limit|default('1024Mi')}} + cpu: {{learner_cpu_limit|default('1')}} + memory: {{learner_mem_limit|default('1024Mi')}} network: - port: 9008 + port: 9000 targetport: 9000 strategy: type: RollingUpdate - maxsurge: {{ userorg_maxsurge|default('25%') }} - maxunavailable: {{ userorg_maxunavailable|default('25%') }} + maxsurge: {{ learner_maxsurge|default('25%') }} + maxunavailable: {{ learner_maxunavailable|default('25%') }} + +{{ learner_liveness_readiness | to_nice_yaml }} +{{ opa_liveness_readiness | to_nice_yaml }} +{{ envoy_liveness_readiness | to_nice_yaml }} + +learner_opa_enabled: {{ learner_opa_enabled | default('true') }} + +envoy_resources: + requests: + cpu: "{{ learner_envoy_cpu_req | default('100m') }}" + memory: "{{ learner_envoy_mem_req | default('100Mi') }}" + limits: + cpu: "{{ learner_envoy_cpu_limit | default('1') }}" + memory: "{{ learner_envoy_mem_limit | default('1024Mi') }}" + +opa_resources: + requests: + cpu: "{{ learner_opa_cpu_req | default('100m') }}" + memory: "{{ learner_opa_mem_req | default('100Mi') }}" + limits: + cpu: "{{ learner_opa_cpu_limit | default('1') }}" + memory: "{{ learner_opa_mem_limit | default('1024Mi') }}" + +initcontainer_resources: + requests: + cpu: "{{ learner_initcontainer_cpu_req | default('100m') }}" + memory: "{{ learner_initcontainer_mem_req | default('100Mi') }}" + limits: + cpu: "{{ learner_initcontainer_cpu_limit | default('100m') }}" + memory: "{{ learner_initcontainer_mem_limit | default('100Mi') }}" + +learner_access_basepath: {{ learner_access_basepath | default('/keys/') }} -{{ userorg_liveness_readiness | to_nice_yaml }} +serviceMonitor: + enabled: true + labels: # labels with which the prometheus choose the serviceMonitor + app: prometheus-operator + release: prometheus-operator autoscaling: - enabled: {{ userorg_autoscaling_enabled | default('false') }} - minReplicas: {{ userorg_autoscaling_minReplicas|default(1) }} - maxReplicas: {{ userorg_autoscaling_maxReplicas|default(2) }} - targetCPUUtilizationPercentage: {{ userorg_autoscaling_targetCPUUtilizationPercentage|default(60) }} - targetMemoryUtilizationPercentage: {{ userorg_autoscaling_targetMemoryUtilizationPercentage|default('') }} \ No newline at end of file + enabled: {{ learner_autoscaling_enabled | default('false') }} + minReplicas: {{ learner_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ learner_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ learner_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ learner_autoscaling_targetMemoryUtilizationPercentage|default('') }} From 6149a71a13830c3367e7b37852c9396f0471e16e Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 7 Jun 2023 21:47:39 +0530 Subject: [PATCH 18/33] Issue #LR-122 feat: Renamed user_org_service to userorg_service --- ansible/inventory/env/group_vars/all.yml | 8 +- ansible/logstash-provision.yml | 16 +- ansible/roles/kong-api/defaults/main.yml | 160 +++++++++--------- .../lms-logstash-deploy/defaults/main.yml | 4 +- .../roles/lms-logstash-deploy/tasks/main.yml | 6 +- ansible/roles/logstash/defaults/main.yml | 4 +- ansible/roles/logstash/tasks/main.yml | 12 +- ansible/roles/logstash/templates/logstash.j2 | 2 +- .../logstash/templates/logstash.service.j2 | 4 +- .../roles/post-install/tasks/user_org.yaml | 6 +- ansible/roles/redis-backup/defaults/main.yml | 2 +- ansible/roles/reset-docker/tasks/main.yml | 4 +- ansible/roles/stack-keycloak/tasks/common.yml | 2 +- .../stack-monitor-stateful/defaults/main.yml | 2 +- ansible/roles/stack-monitor/defaults/main.yml | 2 +- .../templates/proxy-default.conf | 6 +- .../stack-proxy/templates/proxy-default.conf | 2 +- ansible/roles/stack-sunbird/defaults/main.yml | 31 ++-- ansible/roles/stack-sunbird/tasks/main.yml | 5 +- .../stack-sunbird/tasks/user-org-service.yml | 9 - .../stack-sunbird/tasks/user_org_service.yml | 7 - .../stack-sunbird/tasks/userorg-service.yml | 9 + .../templates/ml-core-service.env | 2 +- .../templates/ml-projects-service.env | 2 +- .../templates/ml-survey-service.env | 2 +- ..._service.yml => stack_userorg_service.yml} | 10 +- .../templates/sunbird_groups-service.env | 2 +- .../sunbird_notification-service.env | 2 +- ...ervice.env => sunbird_userorg-service.env} | 0 ...er-org-service.env => userorg-service.env} | 6 +- ...ogback.xml => userorg-service_logback.xml} | 0 ansible/static-files/health.sh | 2 +- deploy/deploy-core.sh | 2 +- deploy/gitOPS/github.csv | 2 +- .../General/service-memory-usage-ds1.json | 4 +- deploy/postInstallation.sh | 4 +- deploy/version.env | 2 +- .../sunbird-monitoring/defaults/main.yml | 4 +- kubernetes/ansible/static-files/health.sh | 2 +- .../templates/configmap.yaml | 6 +- .../core/nginx-public-ingress/values.j2 | 4 +- .../helm_charts/core/userorg/Chart.yaml | 2 +- .../core/userorg/templates/_helpers.tpl | 12 +- .../core/userorg/templates/configmap.yaml | 2 +- .../core/userorg/templates/deployment.yaml | 12 +- .../core/userorg/templates/envoy-config.yaml | 2 +- .../userorg/templates/serviceMonitor.yaml | 2 +- kubernetes/helm_charts/core/userorg/values.j2 | 60 +++---- .../dashboards/dashboards/service-memory.json | 4 +- .../networkconfig/templates/private-vs.yaml | 6 +- .../opa/{user-org => userorg}/common.rego | 0 .../opa/{user-org => userorg}/main.rego | 0 .../opa/{user-org => userorg}/policies.rego | 0 .../{user-org => userorg}/policies_test.rego | 0 pipelines/deploy/user-org/Jenkinsfile | 36 ---- pipelines/deploy/userorg/Jenkinsfile | 2 +- 56 files changed, 227 insertions(+), 274 deletions(-) delete mode 100644 ansible/roles/stack-sunbird/tasks/user-org-service.yml delete mode 100644 ansible/roles/stack-sunbird/tasks/user_org_service.yml create mode 100644 ansible/roles/stack-sunbird/tasks/userorg-service.yml rename ansible/roles/stack-sunbird/templates/{stack_user_org_service.yml => stack_userorg_service.yml} (65%) rename ansible/roles/stack-sunbird/templates/{sunbird_user-org-service.env => sunbird_userorg-service.env} (100%) rename ansible/roles/stack-sunbird/templates/{user-org-service.env => userorg-service.env} (98%) rename ansible/roles/stack-sunbird/templates/{user-org-service_logback.xml => userorg-service_logback.xml} (100%) rename kubernetes/opa/{user-org => userorg}/common.rego (100%) rename kubernetes/opa/{user-org => userorg}/main.rego (100%) rename kubernetes/opa/{user-org => userorg}/policies.rego (100%) rename kubernetes/opa/{user-org => userorg}/policies_test.rego (100%) delete mode 100644 pipelines/deploy/user-org/Jenkinsfile diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 68ae89385c..6ae05528e0 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -10,7 +10,7 @@ api_proxy_name: "api.{{proxy_server_name}}" # Domain name on which device reg swarm_load_balancer: "{{proxy_server_name}}" proxy_site_key: "{{ core_vault_proxy_site_key }}" #SSL certificate's site.key file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service proxy_site_crt: "{{ core_vault_proxy_site_crt }}" #SSL certificate's site.crt file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service -sunbird_environment: "{{env}}" # +content-service user-org +sunbird_environment: "{{env}}" # +content-service userorg sunbird_installation: "{{env}}" # +keycloak sunbird_instance: "{{env}}" env_short_name: "{{env}}" @@ -175,7 +175,7 @@ sunbird_plugin_repo_api_base_url: "{{ sunbird_search_service_api_base_url }}" sunbird_data_service_api_base_url: "{{sunbird_ekstep_api_base_url}}" sunbird_data_service_api_key: "{{ core_vault_sunbird_api_auth_token }}" sunbird_content_service_api_base_url: "http://content-service.{{namespace}}.svc.cluster.local:9000" -sunbird_user_service_api_base_url: "http://user-org-service.{{namespace}}.svc.cluster.local:9000" +sunbird_user_service_api_base_url: "http://userorg-service.{{namespace}}.svc.cluster.local:9000" sunbird_group_service_api_base_url: "http://groups-service:9000" plugin_media_base_url: "{{proto}}://{{domain_name}}" @@ -236,7 +236,7 @@ enable_scraping_docker_metrics: false postgres_exporter_postgres_port: 5432 postgres_exporter_user: postgres_exporter sunbird_cs_base_url: "http://{{sunbird_swarm_manager_lb_ip}}:5000" -sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/user-org" +sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/userorg" kong_admin_api_url: http://localhost:8001 @@ -419,7 +419,7 @@ sunbird_sso_kafka_topic: "{{env_name}}.lms.sso.events" __yarn_host__: "{{ groups['yarn-master'][0] }}" zookeepers: "{{groups['zookeeper']|join(':2181,')}}:2181" kafka_brokers: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -__lms_host__: "http://{{private_ingressgateway_ip}}/user-org" +__lms_host__: "http://{{private_ingressgateway_ip}}/userorg" sunbird_redis_host: "{{ groups['lp-redis'][0] }}" ### Release 2.1.0 ### diff --git a/ansible/logstash-provision.yml b/ansible/logstash-provision.yml index 228c345d20..c4eb7945b0 100644 --- a/ansible/logstash-provision.yml +++ b/ansible/logstash-provision.yml @@ -1,24 +1,24 @@ - hosts: cassandra vars: - learner_group: user-org - learner_name: user-org + userorg_group: userorg + userorg_name: userorg vars_files: - "{{inventory_dir}}/secrets.yml" pre_tasks: - - name: Create user-org group + - name: Create userorg group become: yes group: state: present - name: "{{ learner_group }}" + name: "{{ userorg_group }}" system: yes - - name: Create user-org user + - name: Create userorg user become: yes user: state: present - name: "{{ learner_user }}" - comment: user-org user + name: "{{ userorg_user }}" + comment: userorg user system: yes createhome: yes - group: "{{ learner_group }}" + group: "{{ userorg_group }}" roles: - logstash diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 4d31d23bdd..0289d0fdd9 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -80,7 +80,7 @@ question_prefix: /question questionset_prefix: /questionset # Service URLs -user_org_service_url: "http://user-org-service:9000" +userorg_service_url: "http://userorg-service:9000" am_util_url: "http://adminutil:4000" lms_service_url: "http://lms-service:9000" cert_service_url: "http://cert-service:9000" @@ -125,7 +125,7 @@ premium_consumer_rate_limits: kong_apis: - name: acceptTermsAndCondition uris: "{{ user_service_prefix }}/v1/tnc/accept" - upstream_url: "{{ user_org_service_url }}/v1/user/tnc/accept" + upstream_url: "{{ userorg_service_url }}/v1/user/tnc/accept" strip_uri: true plugins: - name: jwt @@ -146,7 +146,7 @@ kong_apis: - name: addSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/set" - upstream_url: "{{ user_org_service_url }}/v1/system/settings/set" + upstream_url: "{{ userorg_service_url }}/v1/system/settings/set" strip_uri: true plugins: - name: jwt @@ -184,7 +184,7 @@ kong_apis: - name: assignRole uris: "{{ user_service_prefix }}/v1/role/assign" - upstream_url: "{{ user_org_service_url }}/v1/user/assign/role" + upstream_url: "{{ userorg_service_url }}/v1/user/assign/role" strip_uri: true plugins: - name: jwt @@ -205,7 +205,7 @@ kong_apis: - name: assignRoleV2 uris: "{{ user_service_prefix }}/v2/role/assign" - upstream_url: "{{ user_org_service_url }}/v2/user/assign/role" + upstream_url: "{{ userorg_service_url }}/v2/user/assign/role" strip_uri: true plugins: - name: jwt @@ -268,7 +268,7 @@ kong_apis: - name: blockUser uris: "{{ user_service_prefix }}/v1/block" - upstream_url: "{{ user_org_service_url }}/v1/user/block" + upstream_url: "{{ userorg_service_url }}/v1/user/block" strip_uri: true plugins: - name: jwt @@ -289,7 +289,7 @@ kong_apis: - name: checkUploadJobStatus uris: "{{ data_service_prefix }}/v1/upload/status" - upstream_url: "{{ user_org_service_url }}/v1/upload/status" + upstream_url: "{{ userorg_service_url }}/v1/upload/status" strip_uri: true plugins: - name: jwt @@ -521,7 +521,7 @@ kong_apis: - name: createNote uris: "{{ notes_service_prefix }}/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/note/create" + upstream_url: "{{ userorg_service_url }}/v1/note/create" strip_uri: true plugins: - name: jwt @@ -542,7 +542,7 @@ kong_apis: - name: createOrg uris: "{{ org_service_prefix }}/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/org/create" + upstream_url: "{{ userorg_service_url }}/v1/org/create" strip_uri: true plugins: - name: jwt @@ -605,7 +605,7 @@ kong_apis: - name: createUser uris: "{{ user_service_prefix }}/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/user/create" + upstream_url: "{{ userorg_service_url }}/v1/user/create" strip_uri: true plugins: - name: jwt @@ -626,7 +626,7 @@ kong_apis: - name: createUserLearnerV3 uris: "{{ user_service_prefix }}/v1/signup" - upstream_url: "{{ user_org_service_url }}/v1/user/signup" + upstream_url: "{{ userorg_service_url }}/v1/user/signup" strip_uri: true plugins: - name: jwt @@ -647,7 +647,7 @@ kong_apis: - name: createUserVersion2 uris: "{{ user_service_prefix }}/v2/create" - upstream_url: "{{ user_org_service_url }}/v2/user/create" + upstream_url: "{{ userorg_service_url }}/v2/user/create" strip_uri: true plugins: - name: jwt @@ -668,7 +668,7 @@ kong_apis: - name: createUserVersion3 uris: "{{ user_service_prefix }}/v3/create" - upstream_url: "{{ user_org_service_url }}/v3/user/create" + upstream_url: "{{ userorg_service_url }}/v3/user/create" strip_uri: true plugins: - name: jwt @@ -689,7 +689,7 @@ kong_apis: - name: createUserVersion4 uris: "{{ user_service_prefix }}/v4/create" - upstream_url: "{{ user_org_service_url }}/v4/user/create" + upstream_url: "{{ userorg_service_url }}/v4/user/create" strip_uri: true plugins: - name: jwt @@ -710,7 +710,7 @@ kong_apis: - name: deleteNote uris: "{{ notes_service_prefix }}/v1/delete" - upstream_url: "{{ user_org_service_url }}/v1/note/delete" + upstream_url: "{{ userorg_service_url }}/v1/note/delete" strip_uri: true plugins: - name: jwt @@ -811,7 +811,7 @@ kong_apis: - name: generateOtp uris: "{{ otp_service_prefix }}/v1/generate" - upstream_url: "{{ user_org_service_url }}/v1/otp/generate" + upstream_url: "{{ userorg_service_url }}/v1/otp/generate" strip_uri: true plugins: - name: jwt @@ -832,7 +832,7 @@ kong_apis: - name: generateOtpV2 uris: "{{ otp_service_prefix }}/v2/generate" - upstream_url: "{{ user_org_service_url }}/v2/otp/generate" + upstream_url: "{{ userorg_service_url }}/v2/otp/generate" strip_uri: true plugins: - name: jwt @@ -937,7 +937,7 @@ kong_apis: - name: getSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/get" - upstream_url: "{{ user_org_service_url }}/v1/system/settings/get" + upstream_url: "{{ userorg_service_url }}/v1/system/settings/get" strip_uri: true plugins: - name: jwt @@ -958,7 +958,7 @@ kong_apis: - name: getUserByKey uris: "{{ user_service_prefix }}/v1/get" - upstream_url: "{{ user_org_service_url }}/v1/user/get" + upstream_url: "{{ userorg_service_url }}/v1/user/get" strip_uri: true plugins: - name: jwt @@ -979,7 +979,7 @@ kong_apis: - name: getUserByKeyV2 uris: "{{ user_service_prefix }}/v2/get" - upstream_url: "{{ user_org_service_url }}/v2/user/get" + upstream_url: "{{ userorg_service_url }}/v2/user/get" strip_uri: true plugins: - name: jwt @@ -1000,7 +1000,7 @@ kong_apis: - name: getUserProfile uris: "{{ user_service_prefix }}/v1/read" - upstream_url: "{{ user_org_service_url }}/v1/user/read" + upstream_url: "{{ userorg_service_url }}/v1/user/read" strip_uri: true plugins: - name: jwt @@ -1021,7 +1021,7 @@ kong_apis: - name: getUserProfileV2 uris: "{{ user_service_prefix }}/v2/read" - upstream_url: "{{ user_org_service_url }}/v2/user/read" + upstream_url: "{{ userorg_service_url }}/v2/user/read" strip_uri: true plugins: - name: jwt @@ -1042,7 +1042,7 @@ kong_apis: - name: indexSync uris: "{{ data_service_prefix }}/v1/index/sync" - upstream_url: "{{ user_org_service_url }}/v1/data/sync" + upstream_url: "{{ userorg_service_url }}/v1/data/sync" strip_uri: true plugins: - name: jwt @@ -1211,7 +1211,7 @@ kong_apis: - name: listSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/list" - upstream_url: "{{ user_org_service_url }}/v1/system/settings/list" + upstream_url: "{{ userorg_service_url }}/v1/system/settings/list" strip_uri: true plugins: - name: jwt @@ -1232,7 +1232,7 @@ kong_apis: - name: masterLocationCreate uris: "{{ data_service_prefix }}/v1/location/create" - upstream_url: "{{ user_org_service_url }}/v1/location/create" + upstream_url: "{{ userorg_service_url }}/v1/location/create" strip_uri: true plugins: - name: jwt @@ -1253,7 +1253,7 @@ kong_apis: - name: masterLocationDelete uris: "{{ data_service_prefix }}/v1/location/delete" - upstream_url: "{{ user_org_service_url }}/v1/location/delete" + upstream_url: "{{ userorg_service_url }}/v1/location/delete" strip_uri: true plugins: - name: jwt @@ -1274,7 +1274,7 @@ kong_apis: - name: masterLocationSearch uris: "{{ data_service_prefix }}/v1/location/search" - upstream_url: "{{ user_org_service_url }}/v1/location/search" + upstream_url: "{{ userorg_service_url }}/v1/location/search" strip_uri: true plugins: - name: jwt @@ -1295,7 +1295,7 @@ kong_apis: - name: masterLocationUpdate uris: "{{ data_service_prefix }}/v1/location/update" - upstream_url: "{{ user_org_service_url }}/v1/location/update" + upstream_url: "{{ userorg_service_url }}/v1/location/update" strip_uri: true plugins: - name: jwt @@ -1316,7 +1316,7 @@ kong_apis: - name: masterLocationUpload uris: "{{ data_service_prefix }}/v1/bulk/location/upload" - upstream_url: "{{ user_org_service_url }}/v1/bulk/location/upload" + upstream_url: "{{ userorg_service_url }}/v1/bulk/location/upload" strip_uri: true plugins: - name: jwt @@ -1337,7 +1337,7 @@ kong_apis: - name: mergeUserAccounts uris: "{{ user_service_prefix }}/v1/account/merge" - upstream_url: "{{ user_org_service_url }}/private/user/v1/account/merge" + upstream_url: "{{ userorg_service_url }}/private/user/v1/account/merge" strip_uri: true plugins: - name: jwt @@ -1358,7 +1358,7 @@ kong_apis: - name: orgAssignKeys uris: "{{ org_service_prefix }}/v1/assign/key" - upstream_url: "{{ user_org_service_url }}/v1/org/assign/key" + upstream_url: "{{ userorg_service_url }}/v1/org/assign/key" strip_uri: true plugins: - name: jwt @@ -1400,7 +1400,7 @@ kong_apis: - name: orgBulkUpload uris: "{{ org_service_prefix }}/v1/upload" - upstream_url: "{{ user_org_service_url }}/v1/org/upload" + upstream_url: "{{ userorg_service_url }}/v1/org/upload" strip_uri: true plugins: - name: jwt @@ -1421,7 +1421,7 @@ kong_apis: - name: privateUserAssignRole uris: "{{ user_service_prefix }}/private/v1/assign/role" - upstream_url: "{{ user_org_service_url }}/private/user/v1/assign/role" + upstream_url: "{{ userorg_service_url }}/private/user/v1/assign/role" strip_uri: true plugins: - name: jwt @@ -1442,7 +1442,7 @@ kong_apis: - name: privateUserRead uris: "{{ user_service_prefix }}/private/v1/read" - upstream_url: "{{ user_org_service_url }}/private/user/v1/read" + upstream_url: "{{ userorg_service_url }}/private/user/v1/read" strip_uri: true plugins: - name: jwt @@ -1568,7 +1568,7 @@ kong_apis: - name: readNote uris: "{{ notes_service_prefix }}/v1/read" - upstream_url: "{{ user_org_service_url }}/v1/note/read" + upstream_url: "{{ userorg_service_url }}/v1/note/read" strip_uri: true plugins: - name: jwt @@ -1589,7 +1589,7 @@ kong_apis: - name: readOrg uris: "{{ org_service_prefix }}/v1/read" - upstream_url: "{{ user_org_service_url }}/v1/org/read" + upstream_url: "{{ userorg_service_url }}/v1/org/read" strip_uri: true plugins: - name: jwt @@ -1631,7 +1631,7 @@ kong_apis: - name: readRoleMapping uris: "{{ data_service_prefix }}/v1/role/read" - upstream_url: "{{ user_org_service_url }}/v1/role/read" + upstream_url: "{{ userorg_service_url }}/v1/role/read" strip_uri: true plugins: - name: jwt @@ -1652,7 +1652,7 @@ kong_apis: - name: readUserSpecificRole uris: "{{ user_service_prefix }}/v1/role/read" - upstream_url: "{{ user_org_service_url }}/v1/user/role/read" + upstream_url: "{{ userorg_service_url }}/v1/user/role/read" strip_uri: true plugins: - name: jwt @@ -1673,7 +1673,7 @@ kong_apis: - name: readUserProfile uris: "{{ user_service_prefix }}/v1/profile/read" - upstream_url: "{{ user_org_service_url }}/v1/user/getuser" + upstream_url: "{{ userorg_service_url }}/v1/user/getuser" strip_uri: true plugins: - name: jwt @@ -1967,7 +1967,7 @@ kong_apis: - name: searchNotes uris: "{{ notes_service_prefix }}/v1/search" - upstream_url: "{{ user_org_service_url }}/v1/note/search" + upstream_url: "{{ userorg_service_url }}/v1/note/search" strip_uri: true plugins: - name: jwt @@ -1988,7 +1988,7 @@ kong_apis: - name: searchOrgExtended uris: "{{ org_service_prefix }}/v1/ext/search" - upstream_url: "{{ user_org_service_url }}/v1/org/search" + upstream_url: "{{ userorg_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -2005,7 +2005,7 @@ kong_apis: - name: searchOrg uris: "{{ org_service_prefix }}/v1/search" - upstream_url: "{{ user_org_service_url }}/v1/org/search" + upstream_url: "{{ userorg_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -2022,7 +2022,7 @@ kong_apis: - name: searchUser uris: "{{ user_service_prefix }}/v1/search" - upstream_url: "{{ user_org_service_url }}/v1/user/search" + upstream_url: "{{ userorg_service_url }}/v1/user/search" strip_uri: true plugins: - name: jwt @@ -2043,7 +2043,7 @@ kong_apis: - name: sendEmailNotification uris: "{{ user_service_prefix }}/v1/notification/email" - upstream_url: "{{ user_org_service_url }}/v1/notification/email" + upstream_url: "{{ userorg_service_url }}/v1/notification/email" strip_uri: true plugins: - name: jwt @@ -2064,7 +2064,7 @@ kong_apis: - name: unblockUser uris: "{{ user_service_prefix }}/v1/unblock" - upstream_url: "{{ user_org_service_url }}/v1/user/unblock" + upstream_url: "{{ userorg_service_url }}/v1/user/unblock" strip_uri: true plugins: - name: jwt @@ -2148,7 +2148,7 @@ kong_apis: - name: updateNote uris: "{{ notes_service_prefix }}/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/note/update" + upstream_url: "{{ userorg_service_url }}/v1/note/update" strip_uri: true plugins: - name: jwt @@ -2169,7 +2169,7 @@ kong_apis: - name: updateOrg uris: "{{ org_service_prefix }}/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/org/update" + upstream_url: "{{ userorg_service_url }}/v1/org/update" strip_uri: true plugins: - name: jwt @@ -2190,7 +2190,7 @@ kong_apis: - name: updateOrgStatus uris: "{{ org_service_prefix }}/v1/status/update" - upstream_url: "{{ user_org_service_url }}/v1/org/status/update" + upstream_url: "{{ userorg_service_url }}/v1/org/status/update" strip_uri: true plugins: - name: jwt @@ -2253,7 +2253,7 @@ kong_apis: - name: updateUser uris: "{{ user_service_prefix }}/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/user/update" + upstream_url: "{{ userorg_service_url }}/v1/user/update" strip_uri: true plugins: - name: jwt @@ -2295,7 +2295,7 @@ kong_apis: - name: userBulkUpload uris: "{{ user_service_prefix }}/v1/upload" - upstream_url: "{{ user_org_service_url }}/v1/user/upload" + upstream_url: "{{ userorg_service_url }}/v1/user/upload" strip_uri: true plugins: - name: jwt @@ -2316,7 +2316,7 @@ kong_apis: - name: userExistenceApi uris: "{{ user_service_prefix }}/v1/exists" - upstream_url: "{{ user_org_service_url }}/v1/user/exists" + upstream_url: "{{ userorg_service_url }}/v1/user/exists" strip_uri: true plugins: - name: jwt @@ -2337,7 +2337,7 @@ kong_apis: - name: userExistenceApiV2 uris: "{{ user_service_prefix }}/v2/exists" - upstream_url: "{{ user_org_service_url }}/v2/user/exists" + upstream_url: "{{ userorg_service_url }}/v2/user/exists" strip_uri: true plugins: - name: jwt @@ -2358,7 +2358,7 @@ kong_apis: - name: userFeed uris: "{{ user_service_prefix }}/v1/feed" - upstream_url: "{{ user_org_service_url }}/v1/user/feed" + upstream_url: "{{ userorg_service_url }}/v1/user/feed" strip_uri: true plugins: - name: jwt @@ -2379,7 +2379,7 @@ kong_apis: - name: userFeedCreate uris: "{{ user_service_prefix }}/feed/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/user/feed/create" + upstream_url: "{{ userorg_service_url }}/v1/user/feed/create" strip_uri: true plugins: - name: jwt @@ -2400,7 +2400,7 @@ kong_apis: - name: userFeedDelete uris: "{{ user_service_prefix }}/feed/v1/delete" - upstream_url: "{{ user_org_service_url }}/v1/user/feed/delete" + upstream_url: "{{ userorg_service_url }}/v1/user/feed/delete" strip_uri: true plugins: - name: jwt @@ -2421,7 +2421,7 @@ kong_apis: - name: userFeedUpdate uris: "{{ user_service_prefix }}/feed/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/user/feed/update" + upstream_url: "{{ userorg_service_url }}/v1/user/feed/update" strip_uri: true plugins: - name: jwt @@ -2442,7 +2442,7 @@ kong_apis: - name: userMigrate uris: "{{ user_service_prefix }}/v1/migrate" - upstream_url: "{{ user_org_service_url }}/v1/user/migrate" + upstream_url: "{{ userorg_service_url }}/v1/user/migrate" strip_uri: true plugins: - name: jwt @@ -2484,7 +2484,7 @@ kong_apis: - name: verifyOtp uris: "{{ otp_service_prefix }}/v1/verify" - upstream_url: "{{ user_org_service_url }}/v1/otp/verify" + upstream_url: "{{ userorg_service_url }}/v1/otp/verify" strip_uri: true plugins: - name: jwt @@ -2505,7 +2505,7 @@ kong_apis: - name: verifyOtpV2 uris: "{{ otp_service_prefix }}/v2/verify" - upstream_url: "{{ user_org_service_url }}/v2/otp/verify" + upstream_url: "{{ userorg_service_url }}/v2/otp/verify" strip_uri: true plugins: - name: jwt @@ -2652,7 +2652,7 @@ kong_apis: - name: forgotPassword uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" - upstream_url: "{{ user_org_service_url }}/private/user/v1/password/reset" + upstream_url: "{{ userorg_service_url }}/private/user/v1/password/reset" strip_uri: true plugins: - name: jwt @@ -2673,7 +2673,7 @@ kong_apis: - name: searchManagedUser uris: "{{ user_service_prefix }}/v1/managed" - upstream_url: "{{ user_org_service_url }}/v1/user/managed" + upstream_url: "{{ userorg_service_url }}/v1/user/managed" strip_uri: true plugins: - name: jwt @@ -2841,7 +2841,7 @@ kong_apis: - name: getUserProfileV3 uris: "{{ user_service_prefix }}/v3/read" - upstream_url: "{{ user_org_service_url }}/v3/user/read" + upstream_url: "{{ userorg_service_url }}/v3/user/read" strip_uri: true plugins: - name: jwt @@ -2862,7 +2862,7 @@ kong_apis: - name: updateUserDeclarations uris: "{{ user_service_prefix }}/v1/declarations" - upstream_url: "{{ user_org_service_url }}/v1/user/declarations" + upstream_url: "{{ userorg_service_url }}/v1/user/declarations" strip_uri: true plugins: - name: jwt @@ -2883,7 +2883,7 @@ kong_apis: - name: updateUserConsent uris: "{{ user_service_prefix }}/v1/consent/update" - upstream_url: "{{ user_org_service_url }}/v1/user/consent/update" + upstream_url: "{{ userorg_service_url }}/v1/user/consent/update" strip_uri: true plugins: - name: jwt @@ -2904,7 +2904,7 @@ kong_apis: - name: readUserConsent uris: "{{ user_service_prefix }}/v1/consent/read" - upstream_url: "{{ user_org_service_url }}/v1/user/consent/read" + upstream_url: "{{ userorg_service_url }}/v1/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2925,7 +2925,7 @@ kong_apis: - name: readUserConsentV2 uris: "{{ user_service_prefix }}/v2/consent/read" - upstream_url: "{{ user_org_service_url }}/v2/user/consent/read" + upstream_url: "{{ userorg_service_url }}/v2/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2946,7 +2946,7 @@ kong_apis: - name: createTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/create" - upstream_url: "{{ user_org_service_url }}/v2/org/preferences/create" + upstream_url: "{{ userorg_service_url }}/v2/org/preferences/create" strip_uri: true plugins: - name: jwt @@ -2967,7 +2967,7 @@ kong_apis: - name: updateTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/update" - upstream_url: "{{ user_org_service_url }}/v2/org/preferences/update" + upstream_url: "{{ userorg_service_url }}/v2/org/preferences/update" strip_uri: true plugins: - name: jwt @@ -2988,7 +2988,7 @@ kong_apis: - name: readTenantPreferencess uris: "{{ org_service_prefix }}/v2/preferences/read" - upstream_url: "{{ user_org_service_url }}/v2/org/preferences/read" + upstream_url: "{{ userorg_service_url }}/v2/org/preferences/read" strip_uri: true plugins: - name: jwt @@ -3618,7 +3618,7 @@ kong_apis: - name: updateUserV2 uris: "{{ user_service_prefix }}/v2/update" - upstream_url: "{{ user_org_service_url }}/v2/user/update" + upstream_url: "{{ userorg_service_url }}/v2/user/update" strip_uri: true plugins: - name: jwt @@ -3639,7 +3639,7 @@ kong_apis: - name: managedUserV1Create uris: "{{ user_service_prefix }}/v1/managed/create" - upstream_url: "{{ user_org_service_url }}/v1/manageduser/create" + upstream_url: "{{ userorg_service_url }}/v1/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3660,7 +3660,7 @@ kong_apis: - name: managedUserV2Create uris: "{{ user_service_prefix }}/v2/managed/create" - upstream_url: "{{ user_org_service_url }}/v2/manageduser/create" + upstream_url: "{{ userorg_service_url }}/v2/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3681,7 +3681,7 @@ kong_apis: - name: ssoUserV1Create uris: "{{ user_service_prefix }}/v1/sso/create" - upstream_url: "{{ user_org_service_url }}/v1/ssouser/create" + upstream_url: "{{ userorg_service_url }}/v1/ssouser/create" strip_uri: true plugins: - name: jwt @@ -3702,7 +3702,7 @@ kong_apis: - name: ssoUserV2Create uris: "{{ user_service_prefix }}/v2/signup" - upstream_url: "{{ user_org_service_url }}/v2/user/signup" + upstream_url: "{{ userorg_service_url }}/v2/user/signup" strip_uri: true plugins: - name: jwt @@ -3723,7 +3723,7 @@ kong_apis: - name: getUserProfileV4 uris: "{{ user_service_prefix }}/v4/read" - upstream_url: "{{ user_org_service_url }}/v4/user/read" + upstream_url: "{{ userorg_service_url }}/v4/user/read" strip_uri: true plugins: - name: jwt @@ -3744,7 +3744,7 @@ kong_apis: - name: getUserProfileV5 uris: "{{ user_service_prefix }}/v5/read" - upstream_url: "{{ user_org_service_url }}/v5/user/read" + upstream_url: "{{ userorg_service_url }}/v5/user/read" strip_uri: true plugins: - name: jwt @@ -3765,7 +3765,7 @@ kong_apis: - name: searchUserV2 uris: "{{ user_service_prefix }}/v2/search" - upstream_url: "{{ user_org_service_url }}/v2/user/search" + upstream_url: "{{ userorg_service_url }}/v2/user/search" strip_uri: true plugins: - name: jwt @@ -3786,7 +3786,7 @@ kong_apis: - name: searchUserV3 uris: "{{ user_service_prefix }}/v3/search" - upstream_url: "{{ user_org_service_url }}/v3/user/search" + upstream_url: "{{ userorg_service_url }}/v3/user/search" strip_uri: true plugins: - name: jwt @@ -3807,7 +3807,7 @@ kong_apis: - name: searchOrgV2 uris: "{{ org_service_prefix }}/v2/search" - upstream_url: "{{ user_org_service_url }}/v2/org/search" + upstream_url: "{{ userorg_service_url }}/v2/org/search" strip_uri: true plugins: - name: cors @@ -3907,7 +3907,7 @@ kong_apis: - name: updateUserV3 uris: "{{ user_service_prefix }}/v3/update" - upstream_url: "{{ user_org_service_url }}/v3/user/update" + upstream_url: "{{ userorg_service_url }}/v3/user/update" strip_uri: true plugins: - name: jwt diff --git a/ansible/roles/lms-logstash-deploy/defaults/main.yml b/ansible/roles/lms-logstash-deploy/defaults/main.yml index 6c0ee25fa6..725abaf7ea 100644 --- a/ansible/roles/lms-logstash-deploy/defaults/main.yml +++ b/ansible/roles/lms-logstash-deploy/defaults/main.yml @@ -1,5 +1,5 @@ -learner_user: user-org -learner_user_home: /home/{{learner_user}} +userorg_user: userorg +learner_user_home: /home/{{userorg_user}} logstash_version: 6.3.1 logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" kafka_topic_prefix: "{{env}}" diff --git a/ansible/roles/lms-logstash-deploy/tasks/main.yml b/ansible/roles/lms-logstash-deploy/tasks/main.yml index 9069343afa..ae9aa92558 100644 --- a/ansible/roles/lms-logstash-deploy/tasks/main.yml +++ b/ansible/roles/lms-logstash-deploy/tasks/main.yml @@ -1,10 +1,10 @@ - name: permissions become: yes - file: path={{ logstash_home }} mode=775 owner={{ learner_user }} group={{ learner_user }} recurse=yes + file: path={{ logstash_home }} mode=775 owner={{ userorg_user }} group={{ userorg_user }} recurse=yes - name: Copy logstash configuration files for platform become: yes - become_user: "{{learner_user}}" + become_user: "{{userorg_user}}" template: src={{item}}.j2 dest={{ logstash_home }}/{{item}}.conf with_items: "{{ platform.logstash_config }}" @@ -15,7 +15,7 @@ - name: create folder for logs become: yes - become_user: "{{learner_user}}" + become_user: "{{userorg_user}}" file: path={{logstash_home}}/logs state=directory mode=0755 - name: Start logstash processes related to platform diff --git a/ansible/roles/logstash/defaults/main.yml b/ansible/roles/logstash/defaults/main.yml index 3be76255ba..eac428d0cc 100644 --- a/ansible/roles/logstash/defaults/main.yml +++ b/ansible/roles/logstash/defaults/main.yml @@ -1,7 +1,7 @@ --- # vars file for logstash -learner_user: user-org -learner_user_home: /home/{{learner_user}} +userorg_user: userorg +learner_user_home: /home/{{userorg_user}} logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" ip: localhost port: 9092 diff --git a/ansible/roles/logstash/tasks/main.yml b/ansible/roles/logstash/tasks/main.yml index 506c3fa43c..2d2840e8eb 100644 --- a/ansible/roles/logstash/tasks/main.yml +++ b/ansible/roles/logstash/tasks/main.yml @@ -2,25 +2,25 @@ # tasks file for logstash - name: add permissions become: yes - file: path={{learner_user_home}} mode=0755 recurse=yes owner={{learner_user}} group={{learner_user}} + file: path={{learner_user_home}} mode=0755 recurse=yes owner={{userorg_user}} group={{userorg_user}} - name: Download the zip become: yes - become_user: "{{learner_user}}" + become_user: "{{userorg_user}}" get_url: url=https://artifacts.elastic.co/downloads/logstash/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} timeout=1000 force=yes - name: unzip become: yes - become_user: "{{learner_user}}" - unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{learner_user}} owner={{learner_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} + become_user: "{{userorg_user}}" + unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{userorg_user}} owner={{userorg_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} - name: set permissions become: yes - file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{learner_user}} group={{learner_user}} mode=0755 recurse=yes + file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{userorg_user}} group={{userorg_user}} mode=0755 recurse=yes - name: Delete the logstash zip file become: yes - become_user: "{{ learner_user }}" + become_user: "{{ userorg_user }}" file: path={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz state=absent - name: Detect if this is a systemd based system diff --git a/ansible/roles/logstash/templates/logstash.j2 b/ansible/roles/logstash/templates/logstash.j2 index 847f0223f5..9e49c3d72b 100644 --- a/ansible/roles/logstash/templates/logstash.j2 +++ b/ansible/roles/logstash/templates/logstash.j2 @@ -9,7 +9,7 @@ ### END INIT INFO SCRIPT='{{learner_user_home}}/logstash-{{logstash_version}}/bin/logstash -f {{learner_user_home}}/logstash-{{logstash_version}}/logstash-lms.conf --verbose' -RUNAS="{{ learner_user }}" +RUNAS="{{ userorg_user }}" PROCESS_NUM='ps -ef | grep "$SCRIPT" | grep -v "grep" | wc -l' PIDFILE=/var/run/logstash.pid diff --git a/ansible/roles/logstash/templates/logstash.service.j2 b/ansible/roles/logstash/templates/logstash.service.j2 index fa46eddc16..1a6f2f0d2a 100644 --- a/ansible/roles/logstash/templates/logstash.service.j2 +++ b/ansible/roles/logstash/templates/logstash.service.j2 @@ -4,8 +4,8 @@ Description=logstash Daemon [Service] Environment="_JAVA_OPTIONS='-Dlog4j2.formatMsgNoLookups=true'" Type=simple -User={{learner_user}} -Group={{learner_user}} +User={{userorg_user}} +Group={{userorg_user}} LimitNOFILE=32768 Restart=on-failure #Environment="{{ logstash_jvm_opts }}" diff --git a/ansible/roles/post-install/tasks/user_org.yaml b/ansible/roles/post-install/tasks/user_org.yaml index ceb651823a..e8460545cb 100644 --- a/ansible/roles/post-install/tasks/user_org.yaml +++ b/ansible/roles/post-install/tasks/user_org.yaml @@ -13,10 +13,10 @@ } with_items: "{{ custodian_org_data }}" -- name: Restarting user-org service +- name: Restarting userorg service shell: | - kubectl rollout restart deployment -n {{ namespace }} user-org - kubectl rollout status deployment -n {{ namespace }} user-org + kubectl rollout restart deployment -n {{ namespace }} userorg + kubectl rollout status deployment -n {{ namespace }} userorg - name: Crating Users uri: diff --git a/ansible/roles/redis-backup/defaults/main.yml b/ansible/roles/redis-backup/defaults/main.yml index 54b7c60a89..e05d691e74 100644 --- a/ansible/roles/redis-backup/defaults/main.yml +++ b/ansible/roles/redis-backup/defaults/main.yml @@ -1,5 +1,5 @@ redis_backup_dir: /tmp/redis-backup -learner_user: learning +userorg_user: learning cloud_storage_redisbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_redisbackup_foldername: nodebb-redis-backup diff --git a/ansible/roles/reset-docker/tasks/main.yml b/ansible/roles/reset-docker/tasks/main.yml index c34436dea8..12eb38609d 100644 --- a/ansible/roles/reset-docker/tasks/main.yml +++ b/ansible/roles/reset-docker/tasks/main.yml @@ -2,8 +2,8 @@ shell: "docker service rm actor-service" ignore_errors: yes -- name: Remove user-org service - shell: "docker service rm user-org-service" +- name: Remove userorg service + shell: "docker service rm userorg-service" ignore_errors: yes - name: Remove player service diff --git a/ansible/roles/stack-keycloak/tasks/common.yml b/ansible/roles/stack-keycloak/tasks/common.yml index 0e4d6d7757..1440dcb0dd 100644 --- a/ansible/roles/stack-keycloak/tasks/common.yml +++ b/ansible/roles/stack-keycloak/tasks/common.yml @@ -19,7 +19,7 @@ # - name: Save content configurations into an env file # template: src=sunbird_content.env dest=/home/deployer/env/sunbird_content.env mode=0644 -# - name: Save user-org configurations into an env file +# - name: Save userorg configurations into an env file # template: src=sunbird_learner.env dest=/home/deployer/env/sunbird_learner.env mode=0644 # - name: Save player configurations into an env file diff --git a/ansible/roles/stack-monitor-stateful/defaults/main.yml b/ansible/roles/stack-monitor-stateful/defaults/main.yml index a3f930568d..ad3e2323fa 100644 --- a/ansible/roles/stack-monitor-stateful/defaults/main.yml +++ b/ansible/roles/stack-monitor-stateful/defaults/main.yml @@ -106,7 +106,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - user-org-service + - userorg-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-monitor/defaults/main.yml b/ansible/roles/stack-monitor/defaults/main.yml index 84a027969b..3eb2b5ba26 100644 --- a/ansible/roles/stack-monitor/defaults/main.yml +++ b/ansible/roles/stack-monitor/defaults/main.yml @@ -95,7 +95,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - user-org-service + - userorg-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-proxy-private/templates/proxy-default.conf b/ansible/roles/stack-proxy-private/templates/proxy-default.conf index 05f7868432..81a96a985c 100644 --- a/ansible/roles/stack-proxy-private/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy-private/templates/proxy-default.conf @@ -4,9 +4,9 @@ server { resolver 127.0.0.11 valid=5s; - location /user-org/ { - rewrite ^/user-org/(.*) /$1 break; - proxy_pass http://user-org-service:9000; + location /userorg/ { + rewrite ^/userorg/(.*) /$1 break; + proxy_pass http://userorg-service:9000; } location /api/ { rewrite ^/api/(.*) /$1 break; diff --git a/ansible/roles/stack-proxy/templates/proxy-default.conf b/ansible/roles/stack-proxy/templates/proxy-default.conf index 6c425152a9..752ba73c05 100644 --- a/ansible/roles/stack-proxy/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy/templates/proxy-default.conf @@ -506,7 +506,7 @@ location ~* ^/desktop/(.*) { proxy_read_timeout 70; } - location ~ /resourcebundles/v1/read|/user-org/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + location ~ /resourcebundles/v1/read|/userorg/data/v1/(role/read|system/settings/get)|/v1/tenant/info { proxy_cache_key $proxy_host$request_uri; proxy_cache proxy_cache; add_header X-Proxy-Cache $upstream_cache_status; diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index b9b3401a4d..17e5d9eeca 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -16,12 +16,12 @@ actor_replicas: 1 actor_reservation_memory: 768M actor_limit_memory: 1024M -learner_replicas: 1 -learner_reservation_memory: 512M -learner_limit_memory: 1024M -learner_reservation_cpu: 0.2 -learner_limit_cpu: 1 -learner_java_mem_limit: '-Xmx600m' +userorg_replicas: 1 +userorg_reservation_memory: 512M +userorg_limit_memory: 1024M +userorg_reservation_cpu: 0.2 +userorg_limit_cpu: 1 +userorg_java_mem_limit: '-Xmx600m' #Config Service Vars config_replicas: 1 @@ -51,8 +51,8 @@ player_limit_memory: 750M player_reserve_cpu: 0.1 player_limit_cpu: 1 -# This variable is not to access user-org service but to call the api -# user-org-service:9000/org/v1/search +# This variable is not to access userorg service but to call the api +# userorg-service:9000/org/v1/search sunbird_learner_service_base_url: http://kong:8000/ telemetry_replicas: 1 @@ -218,9 +218,9 @@ sunbird_cert_qr_container_name: "certqr" service_env: groups: ../../../../ansible/roles/stack-sunbird/templates/sunbird_groups-service.env - user-org: - - ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env - - ../../../../ansible/roles/stack-sunbird/templates/user-org-service_logback.xml + userorg: + - ../../../../ansible/roles/stack-sunbird/templates/userorg-service.env + - ../../../../ansible/roles/stack-sunbird/templates/userorg-service_logback.xml lms: - ../../../../ansible/roles/stack-sunbird/templates/sunbird_lms-service.env - ../../../../ansible/roles/stack-sunbird/templates/lms-service_logback.xml @@ -241,7 +241,6 @@ service_env: enc: ../../../../ansible/roles/stack-sunbird/templates/sunbird_enc-service.env notification: ../../../../ansible/roles/stack-sunbird/templates/sunbird_notification-service.env telemetry: ../../../../ansible/roles/stack-sunbird/templates/sunbird_telemetry-service.env - userorg: ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env player: ../../../../ansible/roles/stack-sunbird/templates/sunbird_player.env print: ../../../../ansible/roles/stack-sunbird/templates/sunbird_print-service.env search: @@ -997,8 +996,8 @@ dataset_metadata: "{{ env_name }}_dataset_metadata" #### Exhuats API consumer exhaust_api_consumer_ids: ["273f3b18-5dda-4a27-984a-060c7cd398d3"] # being used in analytics api to access the analytics exhaust api -user_profile_read_url: "http://user-org-service:9000/v1/user/read/" # being used in analytics api to get user details -org_search_url: "http://user-org-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id +user_profile_read_url: "http://userorg-service:9000/v1/user/read/" # being used in analytics api to get user details +org_search_url: "http://userorg-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id dataexhaust_super_admin_channel: "sunbird" # being used in analytics api for authorizing user with super admin channel #### public exhausts @@ -1008,7 +1007,7 @@ public_exhaust_datasets: ["public-data-exhaust"] data_exhaust_batch_limit: 20 mount_keycloak_key_apps: - - user-org + - userorg - lms - groups - knowledgemw @@ -1033,7 +1032,7 @@ analytics_opa_enabled: true certregistry_opa_enabled: true content_opa_enabled: true knowledgemw_opa_enabled: true -learner_opa_enabled: true +userorg_opa_enabled: true lms_opa_enabled: true notification_opa_enabled: true report_opa_enabled: true diff --git a/ansible/roles/stack-sunbird/tasks/main.yml b/ansible/roles/stack-sunbird/tasks/main.yml index ecf1dcbc40..4f51d896d3 100644 --- a/ansible/roles/stack-sunbird/tasks/main.yml +++ b/ansible/roles/stack-sunbird/tasks/main.yml @@ -4,7 +4,7 @@ - include: service_stack.yml when: deploy_stack is defined - - include: user-org-service.yml + - include: userorg-service.yml when: deploy_user_org is defined - include: lms_service.yml @@ -13,9 +13,6 @@ - include: enc_service.yml when: deploy_enc is defined - - include: user_org_service.yml - when: deploy_user_org is defined - - include: cert_service.yml when: deploy_cert is defined diff --git a/ansible/roles/stack-sunbird/tasks/user-org-service.yml b/ansible/roles/stack-sunbird/tasks/user-org-service.yml deleted file mode 100644 index 8812e97bb3..0000000000 --- a/ansible/roles/stack-sunbird/tasks/user-org-service.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Remove user-org service - shell: "docker service rm user-org-service" - ignore_errors: yes - -- name: Deploy user-org service - shell: "docker service create --with-registry-auth --replicas {{ learner_replicas }} -p 9000:9000 --name user-org-service --hostname user-org-service --reserve-memory {{ learner_reservation_memory }} --limit-memory {{ learner_limit_memory }} --limit-cpu {{ learner_limit_cpu }} --reserve-cpu {{ learner_reservation_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ learner_java_mem_limit }} --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" - args: - chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/tasks/user_org_service.yml b/ansible/roles/stack-sunbird/tasks/user_org_service.yml deleted file mode 100644 index 9090d1dfdb..0000000000 --- a/ansible/roles/stack-sunbird/tasks/user_org_service.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Remove user org service - shell: "docker service rm user-org-service" - ignore_errors: yes - -- name: Deploy user org service - shell: "docker service create --with-registry-auth --replicas {{ user_org_replicas }} -p 9009:9000 --name user-org-service --hostname user-org-service --limit-memory {{ user_org_limit_memory }} --limit-cpu {{ user_org_limit_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" diff --git a/ansible/roles/stack-sunbird/tasks/userorg-service.yml b/ansible/roles/stack-sunbird/tasks/userorg-service.yml new file mode 100644 index 0000000000..c72e755750 --- /dev/null +++ b/ansible/roles/stack-sunbird/tasks/userorg-service.yml @@ -0,0 +1,9 @@ +--- +- name: Remove userorg service + shell: "docker service rm userorg-service" + ignore_errors: yes + +- name: Deploy userorg service + shell: "docker service create --with-registry-auth --replicas {{ userorg_replicas }} -p 9000:9000 --name userorg-service --hostname userorg-service --reserve-memory {{ userorg_reservation_memory }} --limit-memory {{ userorg_limit_memory }} --limit-cpu {{ userorg_limit_cpu }} --reserve-cpu {{ userorg_reservation_cpu }} --health-cmd 'wget -qO- userorg-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ userorg_java_mem_limit }} --env-file /home/deployer/env/userorg-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" + args: + chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index cdb7cd9cdb..1bdb468141 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -78,7 +78,7 @@ ELASTICSEARCH_HOST_URL={{ml_core_elasticsearch_host_url | default("")}} ELASTICSEARCH_ENTITIES_INDEX={{ml_core_elasticsearch_user_extension_index_type | default ("")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_core_user_service_URL | default("http://user-org-service:9000")}} +USER_SERVICE_URL={{ml_core_user_service_URL | default("http://userorg-service:9000")}} ## portal url of env APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/ml-projects-service.env b/ansible/roles/stack-sunbird/templates/ml-projects-service.env index 08c08afedd..5cb7856ba5 100644 --- a/ansible/roles/stack-sunbird/templates/ml-projects-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-projects-service.env @@ -38,7 +38,7 @@ KAFKA_GROUP_ID={{ml_project_kafka_group_id | default("ml-project-service")}} PROJECT_SUBMISSION_TOPIC={{ml_project_submission_topic | default (env_name+".ml.projects.submissions")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_project_user_service_URL | default("http://user-org-service:9000")}} +USER_SERVICE_URL={{ml_project_user_service_URL | default("http://userorg-service:9000")}} # certificate issuer KID value CERTIFICATE_ISSUER_KID={{certificate_issuer_kid | default("")}} diff --git a/ansible/roles/stack-sunbird/templates/ml-survey-service.env b/ansible/roles/stack-sunbird/templates/ml-survey-service.env index 363b6976b7..187a5b1120 100644 --- a/ansible/roles/stack-sunbird/templates/ml-survey-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-survey-service.env @@ -9,7 +9,7 @@ APPLICATION_ENV={{ env }} MONGODB_URL=mongodb://{{ml_mongodb_host | default(groups['mongo_master'][0]+':27017')}}/{{ ml_mongodb | default("ml-survey") }} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://user-org-service:9000")}} +USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://userorg-service:9000")}} # Secure token access Admin related API's # The value of internal access token can be generated by command - "openssl rand -hex 10" diff --git a/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml b/ansible/roles/stack-sunbird/templates/stack_userorg_service.yml similarity index 65% rename from ansible/roles/stack-sunbird/templates/stack_user_org_service.yml rename to ansible/roles/stack-sunbird/templates/stack_userorg_service.yml index 7d4b1c26c3..2a93ef2f9e 100644 --- a/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml +++ b/ansible/roles/stack-sunbird/templates/stack_userorg_service.yml @@ -1,16 +1,16 @@ version: '3.1' services: - user_org_service: + userorg_service: image: "{{hub_org}}/{{image_name}}:{{image_tag}}" env_file: - /home/deployer/env/user_org_service.env + /home/deployer/env/userorg-service.env deploy: - replicas: {{ learner_replicas | default(1) }} + replicas: {{ userorg_replicas | default(1) }} resources: reservations: - memory: "{{ learner_reservation_memory | default('256M') }}" + memory: "{{ userorg_reservation_memory | default('256M') }}" limits: - memory: "{{ learner_limit_memory | default('512M') }}" + memory: "{{ userorg_limit_memory | default('512M') }}" # healthcheck: # test: curl -f http://localhost:9000/health || exit 1 interval: 10s diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index 5bdae1cf73..c178e9ce73 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -8,7 +8,7 @@ sunbird_cassandra_port=9042 sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -LEARNER_SERVICE_PORT=http://user-org-service:9000 +LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} CONTENT_SERVICE_PORT=http://search-service:9000 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 1e58b91449..3df3bf5bc8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -31,7 +31,7 @@ sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_ sunbird_keycloak_required_action_link_expiration_seconds={{sunbird_keycloak_required_action_link_expiration_seconds}} accesstoken.publickey.basepath={{notification_access_basepath | default('/keys/')}} ENV_NAME={{env_name}} -LEARNER_SERVICE_PORT=http://user-org-service:9000 +LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_us_system_setting_url=/api/data/v1/system/settings/list sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate diff --git a/ansible/roles/stack-sunbird/templates/sunbird_user-org-service.env b/ansible/roles/stack-sunbird/templates/sunbird_userorg-service.env similarity index 100% rename from ansible/roles/stack-sunbird/templates/sunbird_user-org-service.env rename to ansible/roles/stack-sunbird/templates/sunbird_userorg-service.env diff --git a/ansible/roles/stack-sunbird/templates/user-org-service.env b/ansible/roles/stack-sunbird/templates/userorg-service.env similarity index 98% rename from ansible/roles/stack-sunbird/templates/user-org-service.env rename to ansible/roles/stack-sunbird/templates/userorg-service.env index 17453c36cc..8ebd0b4e38 100644 --- a/ansible/roles/stack-sunbird/templates/user-org-service.env +++ b/ansible/roles/stack-sunbird/templates/userorg-service.env @@ -43,7 +43,7 @@ sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 {% endif %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -sunbird_mw_system_host=user-org-service +sunbird_mw_system_host=userorg-service sunbird_mw_system_port=8088 background_actor_provider=local api_actor_provider=local @@ -53,7 +53,7 @@ sunbird_remote_bg_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/ sunbird_api_base_url=http://knowledge-mw-service:5000 sunbird_authorization={{sunbird_api_auth_token}} telemetry_pdata_id={{sunbird_telemetry_pdata_id}} -telemetry_pdata_pid=user-org-service +telemetry_pdata_pid=userorg-service sunbird_telemetry_base_url=http://telemetry-service:9001 telemetry_queue_threshold_value=100 sunbird_default_channel={{sunbird_default_channel}} @@ -98,7 +98,7 @@ sunbird_user_cert_kafka_topic={{kafka_topic_lms_user_account}} sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} sunbird_fuzzy_search_threshold={{sunbird_fuzzy_search_threshold | d('0.5')}} sunbird_subdomain_keycloak_base_url={{sunbird_subdomain_keycloak_base_url | d('')}}/ -#Required by user-org-service to call cert service +#Required by userorg-service to call cert service sunbird_cert_service_base_url=http://cert-service:9000 quartz_shadow_user_migration_timer={{sunbird_quartz_shadow_user_migration_timer}} sunbird_otp_allowed_attempt={{sunbird_otp_allowed_attempt|default(2)}} diff --git a/ansible/roles/stack-sunbird/templates/user-org-service_logback.xml b/ansible/roles/stack-sunbird/templates/userorg-service_logback.xml similarity index 100% rename from ansible/roles/stack-sunbird/templates/user-org-service_logback.xml rename to ansible/roles/stack-sunbird/templates/userorg-service_logback.xml diff --git a/ansible/static-files/health.sh b/ansible/static-files/health.sh index 9f7fad6f07..6b62b7dfb3 100755 --- a/ansible/static-files/health.sh +++ b/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s userorg-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" diff --git a/deploy/deploy-core.sh b/deploy/deploy-core.sh index a7d92f3e8d..339f9b493c 100755 --- a/deploy/deploy-core.sh +++ b/deploy/deploy-core.sh @@ -34,7 +34,7 @@ ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" # Re-deploy UserOrg service echo "Redeploy UserOrg service" -ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=user-org-service image_tag=${USER_ORG_SERVICE_VERSION} service_name=user-org-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v +ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=userorg-service image_tag=${USERORG_SERVICE_VERSION} service_name=userorg-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v # Re-deploy Content service echo "Redeploy content service" diff --git a/deploy/gitOPS/github.csv b/deploy/gitOPS/github.csv index ebcd56fcd3..4148fc6bfb 100644 --- a/deploy/gitOPS/github.csv +++ b/deploy/gitOPS/github.csv @@ -1,5 +1,5 @@ #REPO_NAME,BRANCH_NAME,MERGE_ACCESS_USERS(;),CHECKS -user-org-service,jenkins-test,harshavardhanc;abcb,3 +userorg-service,jenkins-test,harshavardhanc;abcb,3 diff --git a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json index 4b476382e5..6f7fd973e4 100644 --- a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json +++ b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json @@ -224,7 +224,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"userorg-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -235,7 +235,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "user-org-service", + "title": "userorg-service", "tooltip": { "shared": true, "sort": 0, diff --git a/deploy/postInstallation.sh b/deploy/postInstallation.sh index bf13b5c0eb..951bac5512 100755 --- a/deploy/postInstallation.sh +++ b/deploy/postInstallation.sh @@ -134,7 +134,7 @@ check_cassandra_keyspaces() { } check_version() { - list=(actor-service player_player user-org-service content-service proxy_proxy api-manager_kong) + list=(actor-service player_player userorg-service content-service proxy_proxy api-manager_kong) versionReq=$(git branch | grep \* | cut -d '-' -f2) echo -e "The Sunbird Version being used is $versionReq \n" if [ $(git branch | grep \* | cut -d '-' -f2 | grep -Ewo '.' | wc -l) -ne 3 ]; then @@ -155,7 +155,7 @@ get_logs() { mkdir -p $ServiceLogsFolder echo "Storing logs of core services in $ServiceLogsFolder" echo "-----------------------------------------" - serviceNames=(player_player user-org-service content-service proxy_proxy api-manager_kong) + serviceNames=(player_player userorg-service content-service proxy_proxy api-manager_kong) for service in ${serviceNames[@]}; do echo -e "\nexporting $service logs to $ServiceLogsFolder" sudo docker service logs $service --tail 10000 > $ServiceLogsFolder/$service diff --git a/deploy/version.env b/deploy/version.env index feca8b68da..c7d8020919 100755 --- a/deploy/version.env +++ b/deploy/version.env @@ -1,6 +1,6 @@ PLAYER_VERSION=1.11.0-gold CONTENT_SERVICE_VERSION=1.11.0-gold -USER_ORG_SERVICE_VERSION=1.11.0-gold +USERORG_SERVICE_VERSION=1.11.0-gold PROXY_VERSION=1.8.0-gold BADGER_SERVICE_VERSION=1.8.0-gold KONG_VERSION=1.8.0-gold diff --git a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml index 10db0b3617..3ce5e1bed7 100644 --- a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml +++ b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml @@ -266,8 +266,8 @@ service_health_checks: targets: "http://content-service.{{ namespace }}.svc.cluster.local:9000/health" - service_name: 'lms' targets: "http://lms-service.{{ namespace }}.svc.cluster.local:9000/health" - - service_name: 'user-org' - targets: "http://user-org-service.{{ namespace }}.svc.cluster.local:9000/health" + - service_name: 'userorg' + targets: "http://userorg-service.{{ namespace }}.svc.cluster.local:9000/health" api_response_upward_trend_threshold: 0.3 diff --git a/kubernetes/ansible/static-files/health.sh b/kubernetes/ansible/static-files/health.sh index 9f7fad6f07..6b62b7dfb3 100755 --- a/kubernetes/ansible/static-files/health.sh +++ b/kubernetes/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s userorg-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index ca2c58a0cd..ff6051fbeb 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -43,9 +43,9 @@ data: resolver {{ .Values.kube_dns_ip }}; - location /user-org/ { - set $target http://user-org-service.{{ .Values.namespace }}.svc.cluster.local:9000; - rewrite ^/user-org/(.*) /$1 break; + location /userorg/ { + set $target http://userorg-service.{{ .Values.namespace }}.svc.cluster.local:9000; + rewrite ^/userorg/(.*) /$1 break; proxy_http_version 1.1; proxy_pass $target; } diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index b0a340cfea..2916eb18f7 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -246,7 +246,7 @@ proxyconfig: |- proxy_pass http://keycloak; } # This is Caching mechanism for POST requests location search - location ~ /user-org/data/v1/location/search { + location ~ /userorg/data/v1/location/search { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching @@ -289,7 +289,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /user-org/certreg/v2/certs/download { + location /userorg/certreg/v2/certs/download { # Compression gzip on; gzip_comp_level 5; diff --git a/kubernetes/helm_charts/core/userorg/Chart.yaml b/kubernetes/helm_charts/core/userorg/Chart.yaml index b6eea73a17..c7c993ab63 100644 --- a/kubernetes/helm_charts/core/userorg/Chart.yaml +++ b/kubernetes/helm_charts/core/userorg/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes -name: user-org +name: userorg version: 0.1.0 diff --git a/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl b/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl index a6acb1aa2c..d7fef3727e 100644 --- a/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl +++ b/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "user-org.name" -}} +{{- define "userorg.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "user-org.fullname" -}} +{{- define "userorg.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "user-org.chart" -}} +{{- define "userorg.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} -{{- define "user-org.labels" -}} -app.kubernetes.io/name: {{ include "user-org.name" . }} -helm.sh/chart: {{ include "user-org.chart" . }} +{{- define "userorg.labels" -}} +app.kubernetes.io/name: {{ include "userorg.name" . }} +helm.sh/chart: {{ include "userorg.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} diff --git a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml index 7c91ec6cca..d806c1d5ab 100644 --- a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml @@ -11,7 +11,7 @@ data: {{ end }} --- -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} {{- $bundle := .Files.Glob "bundle/*" }} {{ if $bundle }} apiVersion: v1 diff --git a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml index 9ae78bfebf..1ff7e4a69e 100644 --- a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml @@ -48,14 +48,14 @@ spec: {{- end }} volumeMounts: - name: {{ .Chart.Name }}-xml-config - mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml - subPath: user-org-service_logback.xml + mountPath: /home/sunbird/userorg-service-1.0-SNAPSHOT/config/logback.xml + subPath: userorg-service_logback.xml {{- $keys := .Files.Glob "keys/*" }} {{- if $keys }} - - mountPath: {{ .Values.learner_access_basepath }} + - mountPath: {{ .Values.userorg_access_basepath }} name: access-keys {{- end }} -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} - args: - envoy - --config-path @@ -135,7 +135,7 @@ spec: secret: secretName: {{ .Chart.Name }}-access-keys {{- end }} -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} - name: envoy-config configMap: name: {{ .Chart.Name }}-envoy-config @@ -156,7 +156,7 @@ spec: - name: http-{{ .Chart.Name }} protocol: TCP port: {{ .Values.network.targetport }} -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} - name: opa-metrics port: 8181 protocol: TCP diff --git a/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml b/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml index 3fc1bfc45a..0465d1653d 100644 --- a/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml @@ -1,5 +1,5 @@ --- -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} apiVersion: v1 data: envoy-config.yaml: | diff --git a/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml index 5d659175ce..d54263a5bf 100644 --- a/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} {{- if .Values.serviceMonitor.enabled }} {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }} apiVersion: monitoring.coreos.com/v1 diff --git a/kubernetes/helm_charts/core/userorg/values.j2 b/kubernetes/helm_charts/core/userorg/values.j2 index e07e2a512e..a0f25da4e4 100644 --- a/kubernetes/helm_charts/core/userorg/values.j2 +++ b/kubernetes/helm_charts/core/userorg/values.j2 @@ -1,62 +1,62 @@ -### Default variable file for user-org-service ### +### Default variable file for userorg-service ### namespace: {{ namespace }} imagepullsecrets: {{ imagepullsecrets }} dockerhub: {{ dockerhub }} env: - javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} + javaoptions: {{userorg_java_mem_limit|default('-Xmx600m')}} -replicaCount: {{learner_replicacount|default(1)}} -repository: {{learner_repository|default('user-org-service')}} +replicaCount: {{userorg_replicacount|default(1)}} +repository: {{userorg_repository|default('userorg-service')}} image_tag: {{ image_tag }} resources: requests: - cpu: {{learner_cpu_req|default('100m')}} - memory: {{learner_mem_req|default('100Mi')}} + cpu: {{userorg_cpu_req|default('100m')}} + memory: {{userorg_mem_req|default('100Mi')}} limits: - cpu: {{learner_cpu_limit|default('1')}} - memory: {{learner_mem_limit|default('1024Mi')}} + cpu: {{userorg_cpu_limit|default('1')}} + memory: {{userorg_mem_limit|default('1024Mi')}} network: port: 9000 targetport: 9000 strategy: type: RollingUpdate - maxsurge: {{ learner_maxsurge|default('25%') }} - maxunavailable: {{ learner_maxunavailable|default('25%') }} + maxsurge: {{ userorg_maxsurge|default('25%') }} + maxunavailable: {{ userorg_maxunavailable|default('25%') }} -{{ learner_liveness_readiness | to_nice_yaml }} +{{ userorg_liveness_readiness | to_nice_yaml }} {{ opa_liveness_readiness | to_nice_yaml }} {{ envoy_liveness_readiness | to_nice_yaml }} -learner_opa_enabled: {{ learner_opa_enabled | default('true') }} +userorg_opa_enabled: {{ userorg_opa_enabled | default('true') }} envoy_resources: requests: - cpu: "{{ learner_envoy_cpu_req | default('100m') }}" - memory: "{{ learner_envoy_mem_req | default('100Mi') }}" + cpu: "{{ userorg_envoy_cpu_req | default('100m') }}" + memory: "{{ userorg_envoy_mem_req | default('100Mi') }}" limits: - cpu: "{{ learner_envoy_cpu_limit | default('1') }}" - memory: "{{ learner_envoy_mem_limit | default('1024Mi') }}" + cpu: "{{ userorg_envoy_cpu_limit | default('1') }}" + memory: "{{ userorg_envoy_mem_limit | default('1024Mi') }}" opa_resources: requests: - cpu: "{{ learner_opa_cpu_req | default('100m') }}" - memory: "{{ learner_opa_mem_req | default('100Mi') }}" + cpu: "{{ userorg_opa_cpu_req | default('100m') }}" + memory: "{{ userorg_opa_mem_req | default('100Mi') }}" limits: - cpu: "{{ learner_opa_cpu_limit | default('1') }}" - memory: "{{ learner_opa_mem_limit | default('1024Mi') }}" + cpu: "{{ userorg_opa_cpu_limit | default('1') }}" + memory: "{{ userorg_opa_mem_limit | default('1024Mi') }}" initcontainer_resources: requests: - cpu: "{{ learner_initcontainer_cpu_req | default('100m') }}" - memory: "{{ learner_initcontainer_mem_req | default('100Mi') }}" + cpu: "{{ userorg_initcontainer_cpu_req | default('100m') }}" + memory: "{{ userorg_initcontainer_mem_req | default('100Mi') }}" limits: - cpu: "{{ learner_initcontainer_cpu_limit | default('100m') }}" - memory: "{{ learner_initcontainer_mem_limit | default('100Mi') }}" + cpu: "{{ userorg_initcontainer_cpu_limit | default('100m') }}" + memory: "{{ userorg_initcontainer_mem_limit | default('100Mi') }}" -learner_access_basepath: {{ learner_access_basepath | default('/keys/') }} +userorg_access_basepath: {{ userorg_access_basepath | default('/keys/') }} serviceMonitor: enabled: true @@ -65,8 +65,8 @@ serviceMonitor: release: prometheus-operator autoscaling: - enabled: {{ learner_autoscaling_enabled | default('false') }} - minReplicas: {{ learner_autoscaling_minReplicas|default(1) }} - maxReplicas: {{ learner_autoscaling_maxReplicas|default(2) }} - targetCPUUtilizationPercentage: {{ learner_autoscaling_targetCPUUtilizationPercentage|default(60) }} - targetMemoryUtilizationPercentage: {{ learner_autoscaling_targetMemoryUtilizationPercentage|default('') }} + enabled: {{ userorg_autoscaling_enabled | default('false') }} + minReplicas: {{ userorg_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ userorg_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ userorg_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ userorg_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json index 07f9878773..aa9bf99675 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json +++ b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json @@ -225,7 +225,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"userorg-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -236,7 +236,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "user-org-service", + "title": "userorg-service", "tooltip": { "shared": true, "sort": 0, diff --git a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml index 16e0946759..2a358c1069 100644 --- a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml +++ b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml @@ -31,14 +31,14 @@ spec: host: kiali.istio-system.svc.cluster.local - match: - uri: - prefix: /user-org/ + prefix: /userorg/ - uri: - prefix: /user-org + prefix: /userorg rewrite: uri: / route: - destination: - host: user-org-service + host: userorg-service - match: - uri: prefix: /api/ diff --git a/kubernetes/opa/user-org/common.rego b/kubernetes/opa/userorg/common.rego similarity index 100% rename from kubernetes/opa/user-org/common.rego rename to kubernetes/opa/userorg/common.rego diff --git a/kubernetes/opa/user-org/main.rego b/kubernetes/opa/userorg/main.rego similarity index 100% rename from kubernetes/opa/user-org/main.rego rename to kubernetes/opa/userorg/main.rego diff --git a/kubernetes/opa/user-org/policies.rego b/kubernetes/opa/userorg/policies.rego similarity index 100% rename from kubernetes/opa/user-org/policies.rego rename to kubernetes/opa/userorg/policies.rego diff --git a/kubernetes/opa/user-org/policies_test.rego b/kubernetes/opa/userorg/policies_test.rego similarity index 100% rename from kubernetes/opa/user-org/policies_test.rego rename to kubernetes/opa/userorg/policies_test.rego diff --git a/pipelines/deploy/user-org/Jenkinsfile b/pipelines/deploy/user-org/Jenkinsfile deleted file mode 100644 index 9a002ae5dd..0000000000 --- a/pipelines/deploy/user-org/Jenkinsfile +++ /dev/null @@ -1,36 +0,0 @@ -@Library('deploy-conf') _ -node() { - try { - stage('checkout public repo') { - folder = new File("$WORKSPACE/.git") - if (folder.exists()) - { - println "Found .git folder. Clearing it.." - sh'git clean -fxd' - } - checkout scm - } - - stage('deploy') { - values = docker_params() - currentWs = sh(returnStdout: true, script: 'pwd').trim() - ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=user-org-service deploy_learner=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" - values.put('currentWs', currentWs) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - ansible_playbook_run(values) - archiveArtifacts 'metadata.json' - currentBuild.description = "Image: ${values.image_tag}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" - } - summary() - } - catch (err) { - currentBuild.result = "FAILURE" - throw err - } - finally { - slack_notify(currentBuild.result) - email_notify() - } -} diff --git a/pipelines/deploy/userorg/Jenkinsfile b/pipelines/deploy/userorg/Jenkinsfile index 9f8b96da02..63eeb04015 100644 --- a/pipelines/deploy/userorg/Jenkinsfile +++ b/pipelines/deploy/userorg/Jenkinsfile @@ -15,7 +15,7 @@ node() { values = docker_params() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=user-org-service deploy_user_org=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=userorg-service deploy_user_org=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) From cb1c07869e6920376ecdfd6764ad748bce84cb16 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 7 Jun 2023 22:34:33 +0530 Subject: [PATCH 19/33] Issue #LR-122 feat: Renamed deploy_user_org to deploy_userorg --- ansible/roles/stack-sunbird/tasks/main.yml | 2 +- deploy/deploy-core.sh | 2 +- pipelines/deploy/userorg/Jenkinsfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/tasks/main.yml b/ansible/roles/stack-sunbird/tasks/main.yml index 4f51d896d3..b686c9e580 100644 --- a/ansible/roles/stack-sunbird/tasks/main.yml +++ b/ansible/roles/stack-sunbird/tasks/main.yml @@ -5,7 +5,7 @@ when: deploy_stack is defined - include: userorg-service.yml - when: deploy_user_org is defined + when: deploy_userorg is defined - include: lms_service.yml when: deploy_lms is defined diff --git a/deploy/deploy-core.sh b/deploy/deploy-core.sh index 339f9b493c..65f24fa50b 100755 --- a/deploy/deploy-core.sh +++ b/deploy/deploy-core.sh @@ -34,7 +34,7 @@ ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" # Re-deploy UserOrg service echo "Redeploy UserOrg service" -ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=userorg-service image_tag=${USERORG_SERVICE_VERSION} service_name=userorg-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v +ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=userorg-service image_tag=${USERORG_SERVICE_VERSION} service_name=userorg-service deploy_userorg=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v # Re-deploy Content service echo "Redeploy content service" diff --git a/pipelines/deploy/userorg/Jenkinsfile b/pipelines/deploy/userorg/Jenkinsfile index 63eeb04015..4c3e8fa95f 100644 --- a/pipelines/deploy/userorg/Jenkinsfile +++ b/pipelines/deploy/userorg/Jenkinsfile @@ -15,7 +15,7 @@ node() { values = docker_params() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=userorg-service deploy_user_org=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=userorg-service deploy_userorg=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) From dc10d864ed42a4fe985820701b6e0d310198697a Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 8 Jun 2023 11:22:52 +0530 Subject: [PATCH 20/33] Issue #LR-122 feat: Renamed learning_service_url to userorg_service_url --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 0289d0fdd9..f3781f23f6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -1379,7 +1379,7 @@ kong_apis: - name: orgAddEncryptionKey uris: "{{ org_service_prefix }}/v1/update/encryptionkey" - upstream_url: "{{ learning_service_url }}/v1/org/update/encryptionkey" + upstream_url: "{{ userorg_service_url }}/v1/org/update/encryptionkey" strip_uri: true plugins: - name: jwt From b99d3882a6c692fb35e5d1640a071fb5a5b61186 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Fri, 30 Jun 2023 12:18:43 +0530 Subject: [PATCH 21/33] Issue #LR-512 feat:Ability for Lern to connect to shared instances adding redis db index for groups --- .../roles/stack-sunbird/templates/sunbird_groups-service.env | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index c178e9ce73..db8dedb6b2 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -11,6 +11,8 @@ sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} +# Release-5.3.0 LR-512 +sunbird_redis_dbIndex={{sunbird_redis_dbIndex|default(0)}} CONTENT_SERVICE_PORT=http://search-service:9000 sunbird_sso_publickey={{sunbird_sso_publickey}} sunbird_sso_url={{keycloak_auth_server_url}}/ From b3324519b97009bfe250957d8507e3ced550f183 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Mon, 3 Jul 2023 10:41:19 +0530 Subject: [PATCH 22/33] Issue #LR-512 feat:Ability for Lern to connect to shared instances adding redis db index for lms,user-org,notification --- .../stack-sunbird/templates/sunbird_lms-service.env | 13 ++++++++++++- .../templates/sunbird_notification-service.env | 2 ++ .../stack-sunbird/templates/userorg-service.env | 6 ++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index b08a937fc7..4a317d881a 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -162,4 +162,15 @@ exhaust_api_submit_endpoint=/request/submit exhaust_api_list_endpoint=/request/list/ # Release-5.3.0 LR-324 -content_read_url=/content/v3/read/ \ No newline at end of file +content_read_url=/content/v3/read/ + +# Release-5.4.0 - LR-511 +sunbird_keyspace=sunbird +sunbird_course_keyspace=sunbird_courses +dialcode_keyspace=dialcodes +redis.dbIndex=0 +es_course_index=cbatch +es_course_batch_index=course-batch +es_user_index=user +es_organisation_index=org +es_user_courses_index=user-courses \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 3df3bf5bc8..9ae9675705 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -37,3 +37,5 @@ sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate # Release-5.0.0 isMultiDCEnabled={{cassandra_multi_dc_enabled}} +# Release-5.4.0 - LR-512 +sunbird_notification_keyspace=sunbird_notifications diff --git a/ansible/roles/stack-sunbird/templates/userorg-service.env b/ansible/roles/stack-sunbird/templates/userorg-service.env index 8ebd0b4e38..2c07df56e9 100644 --- a/ansible/roles/stack-sunbird/templates/userorg-service.env +++ b/ansible/roles/stack-sunbird/templates/userorg-service.env @@ -128,3 +128,9 @@ sunbird_sso_lb_ip={{keycloak_url}} # Release-5.0.0 sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_multi_dc_enabled}} + +# Release 5.4.0 LR-102 +es_user_notes_index=usernotes +es_location_index=location +es_user_feed_index=userfeed +sunbird_keyspace=sunbird \ No newline at end of file From 04143ef02e0bb4658a33e75d9ee8065760c050a6 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Tue, 4 Jul 2023 12:03:28 +0530 Subject: [PATCH 23/33] Issue #LR-512 feat:Ability for Lern to connect to shared instances adding redis db index for lms,user-org,notification --- .../roles/stack-sunbird/templates/sunbird_groups-service.env | 2 +- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index db8dedb6b2..83f3262daf 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -12,7 +12,7 @@ LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} # Release-5.3.0 LR-512 -sunbird_redis_dbIndex={{sunbird_redis_dbIndex|default(0)}} +sunbird_redis_db_index={{sunbird_redis_db_index|default(0)}} CONTENT_SERVICE_PORT=http://search-service:9000 sunbird_sso_publickey={{sunbird_sso_publickey}} sunbird_sso_url={{keycloak_auth_server_url}}/ diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 4a317d881a..c949e0134f 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -167,8 +167,7 @@ content_read_url=/content/v3/read/ # Release-5.4.0 - LR-511 sunbird_keyspace=sunbird sunbird_course_keyspace=sunbird_courses -dialcode_keyspace=dialcodes -redis.dbIndex=0 +sunbird_redis_db_index={{sunbird_redis_db_index|default(0)}} es_course_index=cbatch es_course_batch_index=course-batch es_user_index=user From 85adf34016c9f090fbbeb72bbc6e903c87f7dbd6 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 6 Jul 2023 11:33:30 +0530 Subject: [PATCH 24/33] Issue #LR-122 chore: updated the nginx-public-ingress config --- .../core/nginx-public-ingress/values.j2 | 1269 +++++++++++++---- 1 file changed, 1007 insertions(+), 262 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 2916eb18f7..43cc7bf673 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -30,6 +30,9 @@ nginx_volumes: - name: proxy-config configMap: name: proxy-default + - name: nginx-config + configMap: + name: nginx-conf volumemounts: - name: tls mountPath: /etc/secrets @@ -115,22 +118,204 @@ proxyconfig: |- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; - location / { - rewrite ^/(.*) /$1 break; + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Sunbird realm keycloak API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Static Assets for keycloak endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_connect_timeout 5; proxy_send_timeout 60; proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /userorg/data/v1/location/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://player; } - - location /api/ { + # Caching for content consumption + location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for Content search + location ~ /api/content/v1/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for POST requests + location ~ /api/data/v1/form/read { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + proxy_pass http://kong; + } + location /api/ { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; @@ -160,8 +345,121 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - - location /discussions/ { + # Oauth2 config + location /oauth2/ { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth2/auth { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } +{% if graylog_open_to_public %} + location /graylog/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://graylog.logging.svc.cluster.local; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header Graylog-User viewer; + proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/; + rewrite ^/graylog/(.*)$ /$1 break; + proxy_pass $target; + } + location /dashboard { + return 301 /graylog/; + } +{% else %} + location /dashboard/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://{{ kibana_service }}; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } +{% endif %} + location /oauth3 { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth3/auth { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /grafana/ { + auth_request /oauth3/auth; + error_page 401 = /oauth3/sign_in; + auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_pass $target; + } + location /encryption/ { + set $target http://encryption.{{ namespace }}.svc.cluster.local; + rewrite ^/encryption/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /discussions/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -176,254 +474,592 @@ proxyconfig: |- #rewrite ^/discussions/(.*) /$1 break; proxy_pass $target; } - # Admin API Endpoints for sunbird realm fpr forgot password flow - location ~ /auth/admin/realms/sunbird/users/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Sunbird realm keycloak API endpoints - location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Refresh token endpoint being routed to kong - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; + location ~* ^/assets/public/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/$url_full; + } + location ~* ^/content/preview/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/v3/preview/$url_full; } - # Static Assets for keycloak endpoints with caching - location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + location ~ /content-editor/telemetry|collection-editor/telemetry { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/content-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/content-editor/$url_full; + } + location ~* ^/discussion-ui/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + set $bucket "{{discussion_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{discussion_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/discussion-ui/$url_full; + } + location ~* ^/collection-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/collection-editor/$url_full; + } + location ~* ^/generic-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/generic-editor/$url_full; + } + location ~* ^/content-plugins/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/content-plugins/$url_full; + } + location /thirdparty { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/desktop/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /userorg/data/v1/location/search { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - # compression for svg certs download - location /api/certreg/v2/certs/download { - rewrite ^/api/(.*) /$1 break; - include /etc/nginx/defaults.d/compression.conf; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /userorg/certreg/v2/certs/download { - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - } + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$offline_bucket/$url_full; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /userorg/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /v3/device/register { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + } + location /action/data/v3/metrics { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + } + location ~ /resourcebundles/v1/read|/userorg/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /api/channel/v1/read { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ ^/chatapi/ { + set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; + rewrite ^/chatapi/(.*) /$1 break; + proxy_pass $target; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + location /dial/ { + if ($dial_upstream_host = kong) { + rewrite ^/dial/(.*) /api/dialcode/v2/read/$1; + } + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://$dial_upstream_host; + } +{% if apple_app_site_association is defined %} + location /apple-app-site-association { + alias /var/www/html/; + index apple-app-site-association.json; + } +{% endif %} + {# Including custom configuration #} + {{ proxy_custom_config }}} + nginxconfig: | - user nginx; - worker_processes {{nginx_worker_processes | d("auto")}}; - {# - Can add custom modules like - eg: - nginx_modules: | - load_module modules/ngx_http_geoip2_module.so; - load_module modules/ngx_stream_geoip2_module.so; - #} - {% if nginx_modules is defined and nginx_modules %} - {{ nginx_modules | indent( width=2, indentfirst=True) }} - {% endif %} - error_log /var/log/nginx/error.log warn; - pid /var/run/nginx.pid; - events { - worker_connections 10000; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - resolver {{ kube_dns_ip }} valid=30s; - {# - This is to define custom nginx_http_configs - for example - nginx_http_config: | - geoip2 /usr/local/share/GeoLite2-Country.mmdb { - $geoip2_data_country_iso_code country iso_code; - } - map $geoip2_data_country_iso_code $allowed_country { - default no; - IN no; - } - #} - {% if nginx_http_config is defined and nginx_http_config %} - {{ nginx_http_config | indent( width=7, indentfirst=True) }} - {% endif %} - lua_load_resty_core off; - log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] ' - '"$request" $status $request_length $body_bytes_sent' - ' $request_time $upstream_response_time $pipe' - ' "$http_referer" "$http_user_agent" "$sb_request_id"' - ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' - ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; - access_log /var/log/nginx/access.log main; - # Shared dictionary to store metrics - lua_shared_dict prometheus_metrics 100M; - lua_package_path "/etc/nginx/lua_modules/?.lua"; - # Defining request_id - # If the client send request_id it should be preffered over the default one - map $http_x_request_id $sb_request_id { - default $http_x_request_id; - '' $request_id; - } - # Defining upstream cache status for nginx metrics - map $upstream_cache_status $cache_status { - default $upstream_cache_status; - '' "NONE"; - } - map $http_accept $dial_upstream_host { - default player; - application/ld+json kong; - } - # Defining metrics - init_worker_by_lua_block { - prometheus = require("prometheus").init("prometheus_metrics") - metric_requests = prometheus:counter( - "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) - metric_latency = prometheus:histogram( - "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) - metric_connections = prometheus:gauge( - "nginx_http_connections", "Number of HTTP connections", {"state"}) - } - log_by_lua_block { - metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) - metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) - } - header_filter_by_lua_block { - ngx.header["server"] = nil - } - sendfile on; - #tcp_nopush on; - client_max_body_size 60M; - keepalive_timeout 65s; - keepalive_requests 200; - # Nginx connection limit per ip - limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; - limit_conn_status 429; - upstream kong { - server kong:8000; - keepalive 1000; - } - upstream keycloak { + user nginx; + worker_processes {{nginx_worker_processes | d("auto")}}; + {# + Can add custom modules like + eg: + nginx_modules: | + load_module modules/ngx_http_geoip2_module.so; + load_module modules/ngx_stream_geoip2_module.so; + #} +{% if nginx_modules is defined and nginx_modules %} + {{ nginx_modules | indent( width=2, indentfirst=True) }} +{% endif %} + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + events { + worker_connections 10000; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + resolver {{ kube_dns_ip }} valid=30s; + {# + This is to define custom nginx_http_configs + for example + nginx_http_config: | + geoip2 /usr/local/share/GeoLite2-Country.mmdb { + $geoip2_data_country_iso_code country iso_code; + } + map $geoip2_data_country_iso_code $allowed_country { + default no; + IN no; + } + #} +{% if nginx_http_config is defined and nginx_http_config %} + {{ nginx_http_config | indent( width=7, indentfirst=True) }} +{% endif %} + lua_load_resty_core off; + log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] ' + '"$request" $status $request_length $body_bytes_sent' + ' $request_time $upstream_response_time $pipe' + ' "$http_referer" "$http_user_agent" "$sb_request_id"' + ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' + ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; + access_log /var/log/nginx/access.log main; + # Shared dictionary to store metrics + lua_shared_dict prometheus_metrics 100M; + lua_package_path "/etc/nginx/lua_modules/?.lua"; + # Defining request_id + # If the client send request_id it should be preffered over the default one + map $http_x_request_id $sb_request_id { + default $http_x_request_id; + '' $request_id; + } + # Defining upstream cache status for nginx metrics + map $upstream_cache_status $cache_status { + default $upstream_cache_status; + '' "NONE"; + } + map $http_accept $dial_upstream_host { + default player; + application/ld+json kong; + } + # Defining metrics + init_worker_by_lua_block { + prometheus = require("prometheus").init("prometheus_metrics") + metric_requests = prometheus:counter( + "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) + metric_latency = prometheus:histogram( + "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) + metric_connections = prometheus:gauge( + "nginx_http_connections", "Number of HTTP connections", {"state"}) + } + log_by_lua_block { + metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) + metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) + } + header_filter_by_lua_block { + ngx.header["server"] = nil + } + sendfile on; + #tcp_nopush on; + client_max_body_size 60M; + keepalive_timeout 65s; + keepalive_requests 200; + # Nginx connection limit per ip + limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; + limit_conn_status 429; + upstream kong { + server kong:8000; + keepalive 1000; + } + upstream keycloak { server {{ keycloak_url.split('//')[-1] }}; keepalive 1000; } @@ -451,18 +1087,127 @@ nginxconfig: | proxy_cache_path {{value['path']}} levels={{value['levels']}} keys_zone={{value['keys_zone']}} max_size={{value['max_size']}} inactive={{value['inactive']}} use_temp_path=off; {% endfor %} - server { - listen 9145; - location /metrics { - content_by_lua_block { - metric_connections:set(ngx.var.connections_reading, {"reading"}) - metric_connections:set(ngx.var.connections_waiting, {"waiting"}) - metric_connections:set(ngx.var.connections_writing, {"writing"}) - prometheus:collect() - } + server { + listen 9145; + location /metrics { + content_by_lua_block { + metric_connections:set(ngx.var.connections_reading, {"reading"}) + metric_connections:set(ngx.var.connections_waiting, {"waiting"}) + metric_connections:set(ngx.var.connections_writing, {"writing"}) + prometheus:collect() } - } + } } + } + +keycloakconf: | + server { + listen 80; + listen [::]:80; + server_name {{ merge_proxy_server_name }}; + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + return 301 https://{{ merge_proxy_server_name }}$request_uri; + } + server { + listen 443 ssl; + ssl_certificate /etc/secrets-merge/tls.crt; + ssl_certificate_key /etc/secrets-merge/tls.key; + server_name {{ merge_proxy_server_name }}; + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver 127.0.0.11 valid=5s; + # Refresh token endpoint being routed to kong + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Sunbird realm keycloak API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Static Assets for keycloak endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $request_id; + proxy_pass http://player; + } + } + compressionConfig: |- # Compression gzip on; From 3a6e697c7e9b5c0b009dc640cbf54e0cca8b89b9 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 6 Jul 2023 13:41:56 +0530 Subject: [PATCH 25/33] Issue #LR-122 chore: updated the nginx-public-ingress config --- .../core/nginx-public-ingress/values.j2 | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 43cc7bf673..7152477734 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -118,6 +118,22 @@ proxyconfig: |- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; + # Mobile Devices Refresh token Endpoints + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } # Admin API Endpoints for sunbird realm fpr forgot password flow location ~ /auth/admin/realms/sunbird/users/ { rewrite ^/auth/(.*) /auth/$1 break; From 8e6b2dbf9433974f9f11d359b31061dc20187b49 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Mon, 11 Sep 2023 12:53:04 +0530 Subject: [PATCH 26/33] Issue #LR-122 chore: updated the nginx-public-ingress config --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index e325f5d339..8d5ce97115 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -184,7 +184,7 @@ proxyconfig: |- proxy_pass http://keycloak; } # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { + location ~ /userorg/data/v1/location/search { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching @@ -846,7 +846,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /learner/certreg/v2/certs/download { + location /userorg/certreg/v2/certs/download { # Compression gzip on; gzip_comp_level 5; @@ -927,7 +927,7 @@ proxyconfig: |- proxy_send_timeout 60; proxy_read_timeout 70; } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + location ~ /resourcebundles/v1/read|/userorg/data/v1/(role/read|system/settings/get)|/v1/tenant/info { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching From d665d3065dc8d2ad8c21b9cf607f61ae28ca6019 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 13 Sep 2023 14:40:12 +0530 Subject: [PATCH 27/33] Issue #LR-122 chore: updated the nginx-private-ingress config --- .../core/nginx-private-ingress/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index 36c18e2813..5b9fa2540e 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -40,7 +40,7 @@ data: listen 80; listen [::]:80; {{- if and .Values.nginx_private_ingress_ip (ne .Values.csp "oci") }} - server_name: {{ .Values.nginx_private_ingress_ip }}; + server_name {{ .Values.nginx_private_ingress_ip }}; {{- end }} resolver {{ .Values.kube_dns_ip }}; From 2bbd4fde536dba7930bb8b6cfd284673211877fb Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 26 Sep 2023 15:38:32 +0530 Subject: [PATCH 28/33] Issue #LR-122 chore: updated the knowlg mw config --- ansible/inventory/env/group_vars/all.yml | 6 ++++-- .../templates/sunbird_knowledge-mw-service.env | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index a018c1601d..79d8d960a5 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -567,6 +567,8 @@ kp_schema_base_path: "{{ upstream_url }}/schemas/local" # SB-31155 - Moved to the installation public container for now (same place where keycloaka and java artifacts are stored) h5p_library_path: "https://sunbirdpublic.blob.core.windows.net/installation/h5p-standalone-1.3.4.zip" - ## Added default values -cloud_public_storage_proxy: "{{cloud_storage_url}}" \ No newline at end of file +cloud_public_storage_proxy: "{{cloud_storage_url}}" + +# Lern release-5.4.0 +sunbird_learner_service_local_base_url: "http://userorg-service:9000" diff --git a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env index c7b0533c2a..fae25933e4 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env @@ -22,6 +22,7 @@ sunbird_search_service_api_base_url={{knowledge_mw_sunbird_search_service_api_ba sunbird_search_service_api_key={{sunbird_search_service_api_key}} sunbird_dial_repo_api_base_url=http://dial-service.{{namespace}}.svc.cluster.local:9000 sunbird_dial_repo_api_key={{sunbird_dial_repo_api_key}} +sunbird_learner_service_local_base_url={{ sunbird_learner_service_local_base_url }} sunbird_plugin_repo_api_base_url={{knowledge_mw_sunbird_plugin_repo_api_base_url | default('http://search-service:9000')}} sunbird_plugin_repo_api_key={{sunbird_plugin_repo_api_key}} sunbird_data_service_api_base_url={{sunbird_data_service_api_base_url}} From 24dd015bdb2cf30b18d20fc43ec2e665ad415904 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 10 Oct 2023 14:29:44 +0530 Subject: [PATCH 29/33] delete user entry --- ansible/roles/kong-api/defaults/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index afeab35fc0..ac144750ea 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9223,6 +9223,27 @@ kong_apis: config.required: true config.enabled: true +- name: deleteUser + uris: "{{ user_service_prefix }}/v1/delete" + upstream_url: "{{ userorg_service_url }}/v1/user/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - userUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + - name: createContentV2 uris: "{{ content_prefix }}/v2/create" upstream_url: "{{ content_service_url }}/content/v4/create" From eea5a63657a432e9d05c127c3e10f25e4a6bf22f Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 10 Oct 2023 15:06:19 +0530 Subject: [PATCH 30/33] delete user entry --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ac144750ea..fa4b56ca18 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9225,7 +9225,7 @@ kong_apis: - name: deleteUser uris: "{{ user_service_prefix }}/v1/delete" - upstream_url: "{{ userorg_service_url }}/v1/user/update" + upstream_url: "{{ userorg_service_url }}/v1/user/delete" strip_uri: true plugins: - name: jwt From 9061bd32ecb1cdbb58524bf0ce23087cba428548 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 10 Oct 2023 15:07:07 +0530 Subject: [PATCH 31/33] delete user entry --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index fa4b56ca18..4dc8e90bc9 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9233,7 +9233,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userUpdate + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 18a3b918cf2e1d58ec27393c12fb580a83d739af Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 10 Nov 2023 10:55:18 +0530 Subject: [PATCH 32/33] Issue #LR-122 chore: renamed from sunbird_keyspace to sunbird_userorg_keyspace --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 2 +- ansible/roles/stack-sunbird/templates/userorg-service.env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 17245019c6..a30288d309 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -167,7 +167,7 @@ exhaust_api_list_endpoint=/request/list/ content_read_url=/content/v3/read/ # Release-5.4.0 - LR-511 -sunbird_keyspace=sunbird +sunbird_userorg_keyspace=sunbird sunbird_course_keyspace=sunbird_courses sunbird_redis_db_index={{sunbird_redis_db_index|default(0)}} es_course_index=cbatch diff --git a/ansible/roles/stack-sunbird/templates/userorg-service.env b/ansible/roles/stack-sunbird/templates/userorg-service.env index 2c07df56e9..e79586ffa2 100644 --- a/ansible/roles/stack-sunbird/templates/userorg-service.env +++ b/ansible/roles/stack-sunbird/templates/userorg-service.env @@ -133,4 +133,4 @@ isMultiDCEnabled={{cassandra_multi_dc_enabled}} es_user_notes_index=usernotes es_location_index=location es_user_feed_index=userfeed -sunbird_keyspace=sunbird \ No newline at end of file +sunbird_userorg_keyspace=sunbird \ No newline at end of file From 948172807e18bd0b998cbb0659586856493c6e88 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Mon, 13 Nov 2023 13:00:45 +0530 Subject: [PATCH 33/33] Issue #LR-122 chore: reverted userorg_user to learner_user based on review comment. --- ansible/logstash-provision.yml | 16 ++++++++-------- .../roles/lms-logstash-deploy/defaults/main.yml | 4 ++-- ansible/roles/lms-logstash-deploy/tasks/main.yml | 6 +++--- ansible/roles/logstash/defaults/main.yml | 4 ++-- ansible/roles/logstash/tasks/main.yml | 12 ++++++------ ansible/roles/logstash/templates/logstash.j2 | 2 +- .../roles/logstash/templates/logstash.service.j2 | 4 ++-- ansible/roles/redis-backup/defaults/main.yml | 2 +- 8 files changed, 25 insertions(+), 25 deletions(-) diff --git a/ansible/logstash-provision.yml b/ansible/logstash-provision.yml index c4eb7945b0..c765252c9c 100644 --- a/ansible/logstash-provision.yml +++ b/ansible/logstash-provision.yml @@ -1,24 +1,24 @@ - hosts: cassandra vars: - userorg_group: userorg - userorg_name: userorg + learner_group: learner + learner_name: learner vars_files: - "{{inventory_dir}}/secrets.yml" pre_tasks: - - name: Create userorg group + - name: Create learner group become: yes group: state: present - name: "{{ userorg_group }}" + name: "{{ learner_group }}" system: yes - - name: Create userorg user + - name: Create learner user become: yes user: state: present - name: "{{ userorg_user }}" - comment: userorg user + name: "{{ learner_user }}" + comment: learner user system: yes createhome: yes - group: "{{ userorg_group }}" + group: "{{ learner_group }}" roles: - logstash diff --git a/ansible/roles/lms-logstash-deploy/defaults/main.yml b/ansible/roles/lms-logstash-deploy/defaults/main.yml index 725abaf7ea..470b6b496d 100644 --- a/ansible/roles/lms-logstash-deploy/defaults/main.yml +++ b/ansible/roles/lms-logstash-deploy/defaults/main.yml @@ -1,5 +1,5 @@ -userorg_user: userorg -learner_user_home: /home/{{userorg_user}} +learner_user: learner +learner_user_home: /home/{{learner_user}} logstash_version: 6.3.1 logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" kafka_topic_prefix: "{{env}}" diff --git a/ansible/roles/lms-logstash-deploy/tasks/main.yml b/ansible/roles/lms-logstash-deploy/tasks/main.yml index ae9aa92558..9069343afa 100644 --- a/ansible/roles/lms-logstash-deploy/tasks/main.yml +++ b/ansible/roles/lms-logstash-deploy/tasks/main.yml @@ -1,10 +1,10 @@ - name: permissions become: yes - file: path={{ logstash_home }} mode=775 owner={{ userorg_user }} group={{ userorg_user }} recurse=yes + file: path={{ logstash_home }} mode=775 owner={{ learner_user }} group={{ learner_user }} recurse=yes - name: Copy logstash configuration files for platform become: yes - become_user: "{{userorg_user}}" + become_user: "{{learner_user}}" template: src={{item}}.j2 dest={{ logstash_home }}/{{item}}.conf with_items: "{{ platform.logstash_config }}" @@ -15,7 +15,7 @@ - name: create folder for logs become: yes - become_user: "{{userorg_user}}" + become_user: "{{learner_user}}" file: path={{logstash_home}}/logs state=directory mode=0755 - name: Start logstash processes related to platform diff --git a/ansible/roles/logstash/defaults/main.yml b/ansible/roles/logstash/defaults/main.yml index eac428d0cc..ed37b53a6f 100644 --- a/ansible/roles/logstash/defaults/main.yml +++ b/ansible/roles/logstash/defaults/main.yml @@ -1,7 +1,7 @@ --- # vars file for logstash -userorg_user: userorg -learner_user_home: /home/{{userorg_user}} +learner_user: learner +learner_user_home: /home/{{learner_user}} logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" ip: localhost port: 9092 diff --git a/ansible/roles/logstash/tasks/main.yml b/ansible/roles/logstash/tasks/main.yml index 2d2840e8eb..506c3fa43c 100644 --- a/ansible/roles/logstash/tasks/main.yml +++ b/ansible/roles/logstash/tasks/main.yml @@ -2,25 +2,25 @@ # tasks file for logstash - name: add permissions become: yes - file: path={{learner_user_home}} mode=0755 recurse=yes owner={{userorg_user}} group={{userorg_user}} + file: path={{learner_user_home}} mode=0755 recurse=yes owner={{learner_user}} group={{learner_user}} - name: Download the zip become: yes - become_user: "{{userorg_user}}" + become_user: "{{learner_user}}" get_url: url=https://artifacts.elastic.co/downloads/logstash/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} timeout=1000 force=yes - name: unzip become: yes - become_user: "{{userorg_user}}" - unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{userorg_user}} owner={{userorg_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} + become_user: "{{learner_user}}" + unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{learner_user}} owner={{learner_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} - name: set permissions become: yes - file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{userorg_user}} group={{userorg_user}} mode=0755 recurse=yes + file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{learner_user}} group={{learner_user}} mode=0755 recurse=yes - name: Delete the logstash zip file become: yes - become_user: "{{ userorg_user }}" + become_user: "{{ learner_user }}" file: path={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz state=absent - name: Detect if this is a systemd based system diff --git a/ansible/roles/logstash/templates/logstash.j2 b/ansible/roles/logstash/templates/logstash.j2 index 9e49c3d72b..847f0223f5 100644 --- a/ansible/roles/logstash/templates/logstash.j2 +++ b/ansible/roles/logstash/templates/logstash.j2 @@ -9,7 +9,7 @@ ### END INIT INFO SCRIPT='{{learner_user_home}}/logstash-{{logstash_version}}/bin/logstash -f {{learner_user_home}}/logstash-{{logstash_version}}/logstash-lms.conf --verbose' -RUNAS="{{ userorg_user }}" +RUNAS="{{ learner_user }}" PROCESS_NUM='ps -ef | grep "$SCRIPT" | grep -v "grep" | wc -l' PIDFILE=/var/run/logstash.pid diff --git a/ansible/roles/logstash/templates/logstash.service.j2 b/ansible/roles/logstash/templates/logstash.service.j2 index 1a6f2f0d2a..fa46eddc16 100644 --- a/ansible/roles/logstash/templates/logstash.service.j2 +++ b/ansible/roles/logstash/templates/logstash.service.j2 @@ -4,8 +4,8 @@ Description=logstash Daemon [Service] Environment="_JAVA_OPTIONS='-Dlog4j2.formatMsgNoLookups=true'" Type=simple -User={{userorg_user}} -Group={{userorg_user}} +User={{learner_user}} +Group={{learner_user}} LimitNOFILE=32768 Restart=on-failure #Environment="{{ logstash_jvm_opts }}" diff --git a/ansible/roles/redis-backup/defaults/main.yml b/ansible/roles/redis-backup/defaults/main.yml index e05d691e74..54b7c60a89 100644 --- a/ansible/roles/redis-backup/defaults/main.yml +++ b/ansible/roles/redis-backup/defaults/main.yml @@ -1,5 +1,5 @@ redis_backup_dir: /tmp/redis-backup -userorg_user: learning +learner_user: learning cloud_storage_redisbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_redisbackup_foldername: nodebb-redis-backup