diff --git a/CHANGELOG.md b/CHANGELOG.md index a13c859a..525850ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,30 @@ # Changelog -## 1.6.4 +## 1.7.0 ### Service Updates +- [Apps: 1.6.4 to 1.7.0 (tapis/apps)](https://github.com/tapis-project/tapis-apps/blob/dev/CHANGELOG.md) +- [Authenticator: 1.6.2 to 1.7.0 (tapis/authenticator, tapis/authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/staging/CHANGELOG.md) +- [Files: 1.6.4 to 1.7.0 (tapis/tapis-files, tapis/tapis-files-workers)](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) +- [Jobs: 1.6.4 to 1.7.0 (tapis/jobsworker, jobsmigrate, jobsapi)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) +- [Meta: 1.6.1 to 1.7.0 (tapis/metaapi, tapis-meta-rh-server)](https://github.com/tapis-project/tapis-meta/blob/dev/CHANGELOG.md) +- [Notifications: 1.6.2 to 1.7.0 (tapis/notifications, notifications-dispatcher)](https://github.com/tapis-project/tapis-notifications/blob/dev/CHANGELOG.md) +- [Security: 1.6.3 to 1.7.0 (tapis/securitymigrate, securityadmin, securityapi, securityexport)](https://github.com/tapis-project/tapis-security/blob/dev/tapis-securityapi/CHANGELOG.md) +- [Systems: 1.6.5 to 1.7.0 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/dev/CHANGELOG.md) +- [Globus-Proxy: 1.6.4 to 1.7.0 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/dev/CHANGELOG.md) +- [Workflows: 1.6.0 to 1.7.0 (tapis/workflows-api, tapis/workflows-pipelines, tapis/workflow-engine-streams)](https://github.com/tapis-project/tapis-workflows/blob/release-1.7.0/CHANGELOG.md) +- [Pods: 1.6.0 to 1.7.0 (tapis/pods-api)](https://github.com/tapis-project/pods_service/blob/dev/CHANGELOG.md) +- [TapisUI: 1.7.0 (tapis/tapisui)](https://github.com/tapis-project/tapis-ui/blob/dev/CHANGELOG.md) + +### Breaking Changes for Deployer Admins + +- If using the globus-proxy component, you must provide 2 variables in host_vars: `globus_client_id` and `globus_client_secret`. They correspond to the id and secret of the service client, as described here: https://docs.globus.org/guides/recipes/automate-with-service-account/ . + + +## 1.6.4 + +### Service Updates - [Systems: 1.6.4 to 1.6.5 (tapis/systems)](Systems changes: https://github.com/tapis-project/tapis-systems/blob/1.6.5/CHANGELOG.md) - [Apps: 1.6.3 to 1.6.4 (tapis/apps)](https://github.com/tapis-project/tapis-apps/blob/1.6.4/CHANGELOG.md) diff --git a/playbooks/roles/actors/defaults/main/images.yml b/playbooks/roles/actors/defaults/main/images.yml index c495ef53..be5203be 100644 --- a/playbooks/roles/actors/defaults/main/images.yml +++ b/playbooks/roles/actors/defaults/main/images.yml @@ -1,9 +1,9 @@ actors_core_image: abaco/core-v3:{{ actors_service_version }} actors_grafana_image: grafana/grafana:9.4.7 -actors_nginx_image: abaco/nginx:1.6.0 -actors_nginxk8s_image: abaco/nginxk8s:1.6.0 +actors_nginx_image: abaco/nginx:1.7.0 +actors_nginxk8s_image: abaco/nginxk8s:1.7.0 actors_mongo_image: mongo:4.2.6 actors_alpine_image: alpine:3.17 -actors_mongobackup_image: tapis/mongobackup:1.6.0 +actors_mongobackup_image: tapis/mongobackup:1.7.0 actors_rabbitmq_image: rabbitmq:3.6.12-management -actors_util_image: tapis/ubutil2204:1.6.0 +actors_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/actors/defaults/main/vars.yml b/playbooks/roles/actors/defaults/main/vars.yml index 31ee3255..2051e761 100644 --- a/playbooks/roles/actors/defaults/main/vars.yml +++ b/playbooks/roles/actors/defaults/main/vars.yml @@ -1,12 +1,11 @@ --- - # actors actors_service_url: '{{ global_service_url }}' -actors_service_tenant_id: admin +actors_service_tenant_id: '{{ global_service_tenant_id }}' actors_service_site_id: '{{ global_site_id }}' actors_service_name: actors -actors_service_version: 1.6.0 +actors_service_version: 1.7.0 actors_storage_class: '{{ global_storage_class }}' actors_rabbit_pvc: actors-rabbitmq-vol01 actors_mongo_pvc: actors-mongo-vol01 diff --git a/playbooks/roles/admin/defaults/main/vars.yml b/playbooks/roles/admin/defaults/main/vars.yml index 38b08e9e..b07001a9 100644 --- a/playbooks/roles/admin/defaults/main/vars.yml +++ b/playbooks/roles/admin/defaults/main/vars.yml @@ -4,7 +4,8 @@ admin_service_url: "{{ global_service_url }}" admin_devtenant_url: "{{ global_devtenant_url }}" admin_site_id: "{{ global_site_id }}" -admin_service_tenant_id: admin +admin_service_tenant_id: "{{ global_service_tenant_id }}" +admin_service_devtenant_id: "{{ global_devtenant_id }}" admin_service_name: admin admin_service_site_id: "{{ global_site_id }}" admin_storage_class: "{{ global_storage_class }}" diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 901eeb13..0fc59e4f 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -28,7 +28,7 @@ apps = { authenticator = { "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", "postgres_password": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", - "LDAP_ROOTPASS": "USER_ADMIN_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD", + "LDAP_ROOTPASS": "USER_{{ global_service_tenant_id | upper }}_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD", "service_password": "SERVICEPWD_AUTHENTICATOR_PASSWORD" } @@ -142,12 +142,12 @@ tenants = { "postgres_password": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD", "service_password": "SERVICEPWD_TENANTS_PASSWORD", - "admin_tenant_public_key": "JWTSIGNING_ADMIN_PUBLICKEY", - "dev_tenant_public_key": "JWTSIGNING_DEV_PUBLICKEY" + "admin_tenant_public_key": "JWTSIGNING_{{ admin_service_tenant_id | upper }}_PUBLICKEY", + "dev_tenant_public_key": "JWTSIGNING_{{ admin_service_devtenant_id | upper }}_PUBLICKEY" } tokens = { - "site_admin_privatekey": "JWTSIGNING_ADMIN_PRIVATEKEY" + "site_admin_privatekey": "JWTSIGNING_{{ admin_service_tenant_id | upper }}_PRIVATEKEY" } vault = {"":""} @@ -158,7 +158,7 @@ workflows = {"":""} # parse args parser = argparse.ArgumentParser() parser.add_argument('-c', '--comp', help='Tapis component to export env file for', required=True) -parser.add_argument('-d', '--dir', help='Tapis data dir as defined in the ansible', required=True) +parser.add_argument('-d', '--dir', help='Tapis data dir as defined in the ansible host vars', required=True) parser.add_argument('-v', '--verbose', help='Display debug information', action='store_true') args = parser.parse_args() @@ -219,8 +219,12 @@ if component == 'security': r = requests.get('http://localhost:8200/v1/auth/approle/role/sk/role-id', headers=headers) if args.verbose: print(f'getting role-id, have:: {r.json()}') - output_dict['TAPIS_SK_VAULT_ROLE_ID'] = r.json()['data']['role_id'] - output_dict['VAULT_ROLEID'] = r.json()['data']['role_id'] + + try: + output_dict['TAPIS_SK_VAULT_ROLE_ID'] = r.json()['data']['role_id'] + output_dict['VAULT_ROLEID'] = r.json()['data']['role_id'] + except KeyError as e: + print(f'Encountered key error while parsing {r.json()}:: {e}') if args.verbose: print(f'''populating values for security, have: @@ -246,6 +250,10 @@ with open(infile, 'r') as lines: output_dict[key] = skexport_value if key == 'MONGO_INITDB_ROOT_PASSWORD': output_dict["MONGO_URI"] = f"mongodb://restheart:{skexport_value}@restheart-mongo:27017/?authSource=admin" + if "public_key" in key or "private_key" in key or "privatekey" in key: + if args.verbose: + print(f'Key {key} is a signing token. Need to make sure its quoted') + output_dict[key] = f'"{skexport_value}"' except KeyError: pass @@ -253,7 +261,7 @@ if args.verbose: print(f'Completed mapping. Writing {output_dict}') for key in output_dict: - outfile.write(f'{key}="{output_dict[key]}"\n') + outfile.write(f'{key}={output_dict[key]}\n') outfile.close() diff --git a/playbooks/roles/apps/defaults/main/images.yml b/playbooks/roles/apps/defaults/main/images.yml index 491fc773..55ca7f78 100644 --- a/playbooks/roles/apps/defaults/main/images.yml +++ b/playbooks/roles/apps/defaults/main/images.yml @@ -1,4 +1,4 @@ -apps_api_image: tapis/apps:1.6.4 +apps_api_image: tapis/apps:1.7.0 apps_postgres_image: postgres:12.4 apps_pgadmin_image: dpage/pgadmin4:6.20 -apps_util_image: tapis/ubutil2204:1.6.0 +apps_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/apps/defaults/main/vars.yml b/playbooks/roles/apps/defaults/main/vars.yml index 6733dfd6..aad50082 100644 --- a/playbooks/roles/apps/defaults/main/vars.yml +++ b/playbooks/roles/apps/defaults/main/vars.yml @@ -2,7 +2,7 @@ apps_service_name: apps apps_service_site_id: "{{ global_site_id }}" -apps_service_tenant_id: admin +apps_service_tenant_id: "{{ global_service_tenant_id }}" apps_service_url: "{{ global_service_url }}" apps_storage_class: "{{ global_storage_class }}" apps_enable_external: false diff --git a/playbooks/roles/authenticator/defaults/main/vars.yml b/playbooks/roles/authenticator/defaults/main/vars.yml index 6df6e501..d276e232 100644 --- a/playbooks/roles/authenticator/defaults/main/vars.yml +++ b/playbooks/roles/authenticator/defaults/main/vars.yml @@ -1,18 +1,19 @@ --- -authenticator_service_version: 1.6.3 +authenticator_service_version: 1.7.0 authenticator_log_level: INFO authenticator_show_traceback: false authenticator_image_pull_policy: Always authenticator_service_url: "{{ global_service_url }}" authenticator_service_site_id: "{{ global_site_id }}" -authenticator_service_tenant_id: admin +authenticator_service_tenant_id: "{{ global_service_tenant_id }}" authenticator_service_name: authenticator authenticator_postgres_pvc: authenticator-postgres-vol01 authenticator_ldap_pvc: authenticator-ldap-vol01 authenticator_storage_class: "{{ global_storage_class }}" authenticator_dev_ldap_tenant_id: dev authenticator_service_tenants: ["*"] +authenticator_primary_site_admin_tenant_base_url: "{{ global_primary_site_admin_tenant_base_url }}" diff --git a/playbooks/roles/authenticator/templates/docker/authenticator-config.json b/playbooks/roles/authenticator/templates/docker/authenticator-config.json index afc7c1df..da539b86 100644 --- a/playbooks/roles/authenticator/templates/docker/authenticator-config.json +++ b/playbooks/roles/authenticator/templates/docker/authenticator-config.json @@ -1,12 +1,12 @@ { - "primary_site_admin_tenant_base_url": "{{authenticator_service_url}}", + "primary_site_admin_tenant_base_url": "{{authenticator_primary_site_admin_tenant_base_url}}", "service_site_id": "{{authenticator_service_site_id}}", "service_tenant_id": "{{authenticator_service_tenant_id}}", "service_name": "{{authenticator_service_name}}", "tenants": {{ authenticator_service_tenants | to_json }}, "show_traceback": {{ authenticator_show_traceback | to_json }}, "sql_db_url": "authenticator-postgres:5432", - "dev_ldap_tenant_id": "{{authenticator_dev_ldap_tenant_id}}", + "dev_ldap_tenant_id": "{{ authenticator_dev_ldap_tenant_id }}", "log_level": "{{authenticator_log_level}}", "version": "{{authenticator_service_version}}" } diff --git a/playbooks/roles/baseburnup/defaults/main/vars.yml b/playbooks/roles/baseburnup/defaults/main/vars.yml index a9c01036..feb1396d 100644 --- a/playbooks/roles/baseburnup/defaults/main/vars.yml +++ b/playbooks/roles/baseburnup/defaults/main/vars.yml @@ -1,4 +1,4 @@ -baseburnup_tapis_deployer_version: 1.6.4 +baseburnup_tapis_deployer_version: 1.7.0 baseburnup_service_url: "{{ global_service_url }}" baseburnup_vault_url: "{{ global_vault_url }}" diff --git a/playbooks/roles/files/defaults/main/images.yml b/playbooks/roles/files/defaults/main/images.yml index 8fb35860..e8cad876 100644 --- a/playbooks/roles/files/defaults/main/images.yml +++ b/playbooks/roles/files/defaults/main/images.yml @@ -1,10 +1,10 @@ -files_api_image: tapis/tapis-files:1.6.4 -files_workers_image: tapis/tapis-files-workers:1.6.4 +files_api_image: tapis/tapis-files:1.7.0 +files_workers_image: tapis/tapis-files-workers:1.7.0 files_postgres_image: postgres:11 files_migrations_image: postgres:11 -files_minio_image: minio/minio +files_minio_image: minio/minio:RELEASE.2024-09-09T16-59-28Z files_irods_provider_postgres_image: mjstealey/irods-provider-postgres:4.2.4 files_pgadmin_image: dpage/pgadmin4:6.20 files_rabbitmq_image: rabbitmq:3.8.11-management files_rabbitmq_management_image: rabbitmq:3-management-alpine -files_util_image: tapis/ubutil2204:1.6.0 +files_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/files/defaults/main/vars.yml b/playbooks/roles/files/defaults/main/vars.yml index 30641029..3c9fc8a9 100644 --- a/playbooks/roles/files/defaults/main/vars.yml +++ b/playbooks/roles/files/defaults/main/vars.yml @@ -4,7 +4,7 @@ files_node_selector: null files_rabbitmq_hostname: files-rabbitmq files_service_name: files files_service_site_id: "{{ global_site_id }}" -files_service_tenant_id: admin +files_service_tenant_id: "{{ global_service_tenant_id }}" files_service_url: "{{ global_service_url }}" files_replicas: 1 files_files_debug: true diff --git a/playbooks/roles/get_defaults/defaults/main/vars.yml b/playbooks/roles/get_defaults/defaults/main/vars.yml index 2b3bc5ea..b8510171 100644 --- a/playbooks/roles/get_defaults/defaults/main/vars.yml +++ b/playbooks/roles/get_defaults/defaults/main/vars.yml @@ -1,16 +1,36 @@ -global_service_tenant_id_default: admin -tapisdir_default: '{{ ansible_env.HOME }}/.tapis/{{ inventory_hostname }}' -tapisdatadir_default: '{{ ansible_env.HOME }}/.tapis-data/{{ inventory_hostname }}' -global_vault_url_default: 'http://vault:8200' -global_service_url_default: 'https://{{ global_service_tenant_id_default }}.{{ global_tapis_domain }}' -global_devtenant_url_default: 'https://dev.{{ global_tapis_domain }}' -global_primary_site_admin_tenant_base_url_default: 'https://admin.{{ global_tapis_domain }}' - - -# A) There should be NO choice for primary sites, -# B) For associate sites, we should actually compute the field from the site record.. (or anyway, the -# value needs to match what it is on the site record). -components_to_deploy_default: +# these should be required to be set in host_vars +global_tapis_domain: '' +tapisdir: '' +tapisdatadir_default: '' +global_site_id: '' +proxy_nginx_cert_file: '' +proxy_nginx_cert_key: '' + + +# For primary sites, these should be left default +# For associate sites, these should be changed (and must be unique across the primary sites' tenant names) +# ... AND the value needs to match what it is in the site record +global_service_tenant_id: admin +global_devtenant_id: dev + +# For primary site, this is the same as the global_tapis_domain +# For associate site, it should be defined in host_vars +global_service_domain: '{{ global_tapis_domain }}' + +# service urls +# - should be same for primary site +# - should be different for associate site + +global_primary_site_admin_tenant_base_url: 'https://{{ global_service_tenant_id }}.{{ global_service_domain }}' +global_service_url: '{{ global_primary_site_admin_tenant_base_url }}' +global_devtenant_url: 'https://{{ global_devtenant_id }}.{{ global_tapis_domain }}' + + +### relatively safe defaults below + +global_vault_url: http://vault:8200 + +components_to_deploy: - actors - admin - apps @@ -35,3 +55,7 @@ components_to_deploy_default: # - workflows # - test-resources + + + + diff --git a/playbooks/roles/get_defaults/tasks/main.yml b/playbooks/roles/get_defaults/tasks/main.yml index c0156174..f5b8f88d 100644 --- a/playbooks/roles/get_defaults/tasks/main.yml +++ b/playbooks/roles/get_defaults/tasks/main.yml @@ -1,19 +1,58 @@ --- -- name: Set default values for vars - ansible.builtin.set_fact: - global_service_tenant_id: '{{ global_service_tenant_id | default(global_service_tenant_id_default) }}' - tapisdir: '{{ tapisdir | default(tapisdir_default) }}' - tapisdatadir: '{{ tapisdatadir | default(tapisdatadir_default) }}' - global_vault_url: '{{ global_vault_url | default(global_vault_url_default) }}' - global_service_url: '{{ global_service_url | default(global_service_url_default) }}' - components_to_deploy: '{{ components_to_deploy | default(components_to_deploy_default) }}' - global_devtenant_url: '{{ global_devtenant_url | default(global_devtenant_url_default) }}' - global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url | default(global_primary_site_admin_tenant_base_url_default) }}' - -- name: Values being used +# Ensure global vars are defined and checked + +- name: Test that important variables are present and not empty + assert: + that: + - tapisdir != '' + - tapisdatadir != '' + - components_to_deploy != '' + - global_service_tenant_id != '' + - global_devtenant_id != '' + - global_service_domain != '' + - global_primary_site_admin_tenant_base_url != '' + - global_service_url != '' + - global_devtenant_url != '' + - global_vault_url != '' + +- name: If associate site (site_type 2), check a few variables + assert: + that: + - global_service_tenant_id != 'admin' + - global_devtenant_id != 'dev' + - global_tapis_domain != '{{ global_service_domain }}' + when: + - site_type == 2 + +- name: Print important vars ansible.builtin.debug: - msg: - - 'tapisdir: {{ tapisdir }}' - - 'tapisdatadir: {{ tapisdatadir }}' - - 'components_to_deploy: {{ components_to_deploy }}' + var: "{{ item }}" + with_items: + - tapisdir + - tapisdatadir + - components_to_deploy + - global_service_tenant_id + - global_devtenant_id + - global_service_domain + - global_primary_site_admin_tenant_base_url + - global_service_url + - global_devtenant_url + - global_vault_url + + +# Use set_fact on global vars so the following roles can use them + +- name: Set global vars + ansible.builtin.set_fact: + tapisdir: '{{ tapisdir }}' + tapisdatadir: '{{ tapisdatadir }}' + components_to_deploy: '{{ components_to_deploy }}' + global_service_tenant_id: '{{ global_service_tenant_id }}' + global_devtenant_id: '{{ global_devtenant_id }}' + global_service_domain: '{{ global_service_domain }}' + global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url }}' + global_service_url: '{{ global_service_url }}' + global_devtenant_url: '{{ global_devtenant_url }}' + global_vault_url: '{{ global_vault_url }}' + diff --git a/playbooks/roles/jobs/defaults/main/images.yml b/playbooks/roles/jobs/defaults/main/images.yml index a53219ec..8f15aa1e 100644 --- a/playbooks/roles/jobs/defaults/main/images.yml +++ b/playbooks/roles/jobs/defaults/main/images.yml @@ -1,7 +1,7 @@ -jobs_api_image: tapis/jobsapi:1.6.4 -jobs_migrations_image: tapis/jobsmigrate:1.6.4 -jobs_worker_image: tapis/jobsworker:1.6.4 +jobs_api_image: tapis/jobsapi:1.7.0 +jobs_migrations_image: tapis/jobsmigrate:1.7.0 +jobs_worker_image: tapis/jobsworker:1.7.0 jobs_postgres_image: postgres:12.4 jobs_pgadmin_image: dpage/pgadmin4:6.20 jobs_rabbitmq_management_image: rabbitmq:3.8.11-management -jobs_util_image: tapis/ubutil2204:1.6.0 +jobs_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/jobs/defaults/main/vars.yml b/playbooks/roles/jobs/defaults/main/vars.yml index 42ff4c20..ac9c1289 100644 --- a/playbooks/roles/jobs/defaults/main/vars.yml +++ b/playbooks/roles/jobs/defaults/main/vars.yml @@ -2,7 +2,7 @@ jobs_service_name: jobs jobs_service_site_id: "{{ global_site_id }}" -jobs_service_tenant_id: admin +jobs_service_tenant_id: "{{ global_service_tenant_id }}" jobs_service_url: "{{ global_service_url }}" jobs_postgres_pvc: jobs-postgres-vol01 jobs_storage_class: "{{ global_storage_class }}" diff --git a/playbooks/roles/meta/defaults/main/images.yml b/playbooks/roles/meta/defaults/main/images.yml index bb036034..6384e992 100644 --- a/playbooks/roles/meta/defaults/main/images.yml +++ b/playbooks/roles/meta/defaults/main/images.yml @@ -1,8 +1,8 @@ -meta_api_image: tapis/metaapi:1.6.1 -meta_rh_server_image: tapis/tapis-meta-rh-server:1.6.1 -meta_mongo_exporter_image: tapis/mqe:1.6.0 -meta_mongo_singlenode_image: tapis/mongo-singlenode:1.6.0 -meta_mongodb_backup_image: tapis/mongodb-backup:1.6.0 -meta_mongobackup_image: tapis/mongobackup:1.6.0 +meta_api_image: tapis/metaapi:1.7.0 +meta_rh_server_image: tapis/tapis-meta-rh-server:1.7.0 +meta_mongo_exporter_image: tapis/mqe:1.7.0 +meta_mongo_singlenode_image: tapis/mongo-singlenode:1.7.0 +meta_mongodb_backup_image: tapis/mongodb-backup:1.7.0 +meta_mongobackup_image: tapis/mongobackup:1.7.0 meta_alpine_image: alpine:3.17 -meta_util_image: tapis/ubutil2204:1.6.0 +meta_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/meta/defaults/main/vars.yml b/playbooks/roles/meta/defaults/main/vars.yml index d3ee59e9..9b0ee742 100644 --- a/playbooks/roles/meta/defaults/main/vars.yml +++ b/playbooks/roles/meta/defaults/main/vars.yml @@ -3,7 +3,7 @@ meta_service_url: "{{ global_service_url }}" meta_service_name: meta meta_service_site_id: "{{ global_site_id }}" -meta_service_tenant_id: admin +meta_service_tenant_id: "{{ global_service_tenant_id }}" meta_mongo_pvc: restheart-mongo-vol01 meta_storage_class: "{{ global_storage_class }}" meta_mongo_backup_pvc: mongo-backup-claim0 diff --git a/playbooks/roles/monitoring/defaults/main/images.yml b/playbooks/roles/monitoring/defaults/main/images.yml index 668f3b84..8318ca9e 100644 --- a/playbooks/roles/monitoring/defaults/main/images.yml +++ b/playbooks/roles/monitoring/defaults/main/images.yml @@ -1,4 +1,4 @@ -monitoring_tapis_exporter_image: tapis/exporter:1.6.0 +monitoring_tapis_exporter_image: tapis/exporter:1.7.0 monitoring_alpine_image: alpine:3.6 monitoring_postgres_image: bitnami/postgresql:14 monitoring_elasticsearch_image: docker.elastic.co/elasticsearch/elasticsearch:7.17.9 @@ -6,5 +6,5 @@ monitoring_kibana_image: docker.elastic.co/kibana/kibana:7.17.9 monitoring_grafana_image: grafana/grafana:8.5.5 monitoring_prometheus_image: prom/prometheus:v2.38.0 monitoring_thanos_image: quay.io/thanos/thanos:v0.8.0 -monitoring_util_image: tapis/ubutil2204:1.6.0 +monitoring_util_image: tapis/ubutil2204:1.7.0 monitoring_postgres_image: bitnami/postgresql:14 diff --git a/playbooks/roles/monitoring/defaults/main/vars.yml b/playbooks/roles/monitoring/defaults/main/vars.yml index cbb7216b..b0e050c0 100644 --- a/playbooks/roles/monitoring/defaults/main/vars.yml +++ b/playbooks/roles/monitoring/defaults/main/vars.yml @@ -1,7 +1,7 @@ --- monitoring_service_url: "{{ global_service_url }}" -monitoring_service_tenant_id: admin +monitoring_service_tenant_id: "{{ global_service_tenant_id }}" monitoring_service_site_id: "{{ global_site_id }}" monitoring_service_name: monitoring monitoring_prometheus_external_label: diff --git a/playbooks/roles/nginx-custom-locations/defaults/main/vars.yml b/playbooks/roles/nginx-custom-locations/defaults/main/vars.yml index ee49ed5b..988cb0fa 100644 --- a/playbooks/roles/nginx-custom-locations/defaults/main/vars.yml +++ b/playbooks/roles/nginx-custom-locations/defaults/main/vars.yml @@ -3,7 +3,7 @@ # proxy proxy_service_url: {{ global_service_url }} -proxy_service_tenant_id: admin +proxy_service_tenant_id: "{{ global_service_tenant_id }}" proxy_service_site_id: {{ proxy_site_id }} proxy_service_name: proxy proxy_primary_site_admin_tenant_base_url: {{ global_service_url }} diff --git a/playbooks/roles/notifications/defaults/main/images.yml b/playbooks/roles/notifications/defaults/main/images.yml index 165c7347..fd3cda58 100644 --- a/playbooks/roles/notifications/defaults/main/images.yml +++ b/playbooks/roles/notifications/defaults/main/images.yml @@ -1,6 +1,6 @@ notifications_postgres_image: postgres:12.4 notifications_pgadmin_image: dpage/pgadmin4:6.20 notifications_rabbitmq_image: rabbitmq:3.8.11-management -notifications_util_image: tapis/ubutil2204:1.6.0 -notifications_api_image: tapis/notifications:1.6.2 -notifications_dispatcher_image: tapis/notifications-dispatcher:1.6.2 +notifications_util_image: tapis/ubutil2204:1.7.0 +notifications_api_image: tapis/notifications:1.7.0 +notifications_dispatcher_image: tapis/notifications-dispatcher:1.7.0 diff --git a/playbooks/roles/pgrest/defaults/main/images.yml b/playbooks/roles/pgrest/defaults/main/images.yml index 84550e72..bf4af14b 100644 --- a/playbooks/roles/pgrest/defaults/main/images.yml +++ b/playbooks/roles/pgrest/defaults/main/images.yml @@ -1,3 +1,3 @@ -pgrest_api_image: tapis/pgrest-api:1.6.0 +pgrest_api_image: tapis/pgrest-api:1.7.0 pgrest_postgres_image: postgres:13 -pgrest_util_image: tapis/ubutil2204:1.6.0 +pgrest_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/pods/defaults/main/vars.yml b/playbooks/roles/pods/defaults/main/vars.yml index 82181086..057a077e 100644 --- a/playbooks/roles/pods/defaults/main/vars.yml +++ b/playbooks/roles/pods/defaults/main/vars.yml @@ -1,7 +1,7 @@ --- pods_service_name: pods -pods_image_version: 1.6.0 +pods_image_version: 1.7.0 pods_service_site_id: "{{ global_site_id }}" pods_service_tenant_id: admin pods_primary_site_admin_tenant_base_url: "{{ global_primary_site_admin_tenant_base_url }}" diff --git a/playbooks/roles/pods/templates/kube/config.json b/playbooks/roles/pods/templates/kube/config.json index 21a3120f..d5ce44b8 100644 --- a/playbooks/roles/pods/templates/kube/config.json +++ b/playbooks/roles/pods/templates/kube/config.json @@ -47,5 +47,12 @@ "log_ex": 43200 }, "{{ pods_service_site_id }}_tenant_object": { - } + }, + "compute_queues": [ + { + "queue_name": "default", + "default": true, + "description": "running with no Kubernetes extras" + } + ] } diff --git a/playbooks/roles/proxy/defaults/main/vars.yml b/playbooks/roles/proxy/defaults/main/vars.yml index 0e93dbda..9433b71b 100644 --- a/playbooks/roles/proxy/defaults/main/vars.yml +++ b/playbooks/roles/proxy/defaults/main/vars.yml @@ -6,7 +6,7 @@ proxy_service_site_id: "{{ global_site_id }}" proxy_service_name: proxy proxy_primary_site_admin_tenant_base_url: "{{ global_primary_site_admin_tenant_base_url }}" proxy_site_router_pvc: site-router-redis-vol01 -proxy_site_router_api_version: 1.6.0 +proxy_site_router_api_version: 1.7.0 proxy_storage_class: "{{ global_storage_class }}" proxy_nginx_cert_file: $HOME/cert.pem proxy_nginx_cert_key: $HOME/cert.key diff --git a/playbooks/roles/proxy/templates/docker/locations/tapisui.conf b/playbooks/roles/proxy/templates/docker/locations/tapisui.conf index 8b34d25d..21afca5a 100644 --- a/playbooks/roles/proxy/templates/docker/locations/tapisui.conf +++ b/playbooks/roles/proxy/templates/docker/locations/tapisui.conf @@ -2,7 +2,9 @@ location / { {% if "tapisui" in proxy_nginx_service_list %} - proxy_pass http://tapisui-service:3000; + resolver 127.0.0.11; + set $upstream http://tapisui-service:3000; + proxy_pass $upstream; {% else %} proxy_pass {{ proxy_primary_site_admin_tenant_base_url }}; {% endif %} diff --git a/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf b/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf index 9fc05fc9..71341021 100644 --- a/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf +++ b/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf @@ -1,11 +1,17 @@ # ui -location /tapis-ui +location / { {% if "tapisui" in proxy_nginx_service_list %} proxy_pass http://tapisui-service:3000; {% else %} - proxy_pass {{proxy_primary_site_admin_tenant_base_url}}; + proxy_pass {{ proxy_primary_site_admin_tenant_base_url }}; {% endif %} proxy_redirect off; proxy_set_header Host $host; -} \ No newline at end of file +} + +location ~* ^/(tapis-ui|tapisui|ui) +{ + # rewrite path to move /tapis-ui, /tapisui, and /ui traffic to / + return 301 https://$host/; +} diff --git a/playbooks/roles/security/defaults/main/images.yml b/playbooks/roles/security/defaults/main/images.yml index 654ce09e..c9a56b52 100644 --- a/playbooks/roles/security/defaults/main/images.yml +++ b/playbooks/roles/security/defaults/main/images.yml @@ -1,6 +1,6 @@ security_pgadmin_image: dpage/pgadmin4:6.20 -security_skadminutil_image: tapis/skadminutil:1.6.3 +security_skadminutil_image: tapis/skadminutil:1.7.0 security_postgres_image: postgres:12.4 -security_api_image: tapis/securityapi:1.6.3 -security_migrations_image: tapis/securitymigrate:1.6.3 -security_util_image: tapis/ubutil:1.6.1 +security_api_image: tapis/securityapi:1.7.0 +security_migrations_image: tapis/securitymigrate:1.7.0 +security_util_image: tapis/ubutil:1.7.0 diff --git a/playbooks/roles/security/defaults/main/vars.yml b/playbooks/roles/security/defaults/main/vars.yml index 576329f2..4a0ccc0c 100644 --- a/playbooks/roles/security/defaults/main/vars.yml +++ b/playbooks/roles/security/defaults/main/vars.yml @@ -5,7 +5,7 @@ security_heap_max: 3G security_heap_min: 3G security_service_name: security security_service_site_id: "{{ global_site_id }}" -security_service_tenant_id: admin +security_service_tenant_id: "{{ global_service_tenant_id }}" security_service_url: "{{ global_service_url }}" security_postgres_pvc: sk-postgres-vol01 security_storage_class: "{{ global_storage_class }}" @@ -15,6 +15,6 @@ security_image_pull_policy: Always # set to false if vault remote: # security_renew_sk_script: true security_renew_sk_script: false - +security_primary_site_admin_tenant_base_url: "{{ global_primary_site_admin_tenant_base_url }}" # docker-specific vars diff --git a/playbooks/roles/security/templates/docker/security-kernal-config.json b/playbooks/roles/security/templates/docker/security-kernal-config.json index 8cc77723..89c2a788 100644 --- a/playbooks/roles/security/templates/docker/security-kernal-config.json +++ b/playbooks/roles/security/templates/docker/security-kernal-config.json @@ -1,5 +1,5 @@ { - "service_site_url": "{{security_service_url}}", + "service_site_url": "{{security_primary_site_admin_tenant_base_url}}", "service_tenant_id": "{{security_service_tenant_id}}", "site_id": "{{security_service_site_id}}", "service_name": "{{security_service_name}}" diff --git a/playbooks/roles/streams/defaults/main/images.yml b/playbooks/roles/streams/defaults/main/images.yml index da2b253b..7dedc1fd 100644 --- a/playbooks/roles/streams/defaults/main/images.yml +++ b/playbooks/roles/streams/defaults/main/images.yml @@ -4,5 +4,5 @@ streams_influxdb2_image: influxdb:2.1.1-alpine streams_mysql_image: mysql:5.7 streams_chords_image: ncareol/chords:1.0 streams_tapis_chords_app_image: scleveland/tapis-chords-app:0.9.8.2.3 -streams_api_image: tapis/streams-api:1.6.0 -streams_util_image: tapis/ubutil2204:1.6.0 +streams_api_image: tapis/streams-api:1.7.0 +streams_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/systems/defaults/main/images.yml b/playbooks/roles/systems/defaults/main/images.yml index 53dfe87a..0a1f11cb 100644 --- a/playbooks/roles/systems/defaults/main/images.yml +++ b/playbooks/roles/systems/defaults/main/images.yml @@ -1,4 +1,4 @@ systems_pgadmin_image: dpage/pgadmin4:6.20 systems_postgres_image: postgres:12.4 -systems_util_image: tapis/ubutil2204:1.6.1 -systems_api_image: tapis/systems:1.6.5 +systems_util_image: tapis/ubutil2204:1.7.0 +systems_api_image: tapis/systems:1.7.0 diff --git a/playbooks/roles/systems/defaults/main/vars.yml b/playbooks/roles/systems/defaults/main/vars.yml index 69eaeeb9..8a325064 100644 --- a/playbooks/roles/systems/defaults/main/vars.yml +++ b/playbooks/roles/systems/defaults/main/vars.yml @@ -3,7 +3,7 @@ systems_node_selector: null systems_service_name: systems systems_service_site_id: "{{ global_site_id }}" -systems_service_tenant_id: admin +systems_service_tenant_id: "{{ global_service_tenant_id }}" systems_service_url: "{{ global_service_url }}" systems_storage_class: "{{ global_storage_class }}" systems_postgres_pvc: systems-postgres-vol01 diff --git a/playbooks/roles/systems/templates/docker/systems-config.json b/playbooks/roles/systems/templates/docker/systems-config.json index 7ed31190..075adc59 100644 --- a/playbooks/roles/systems/templates/docker/systems-config.json +++ b/playbooks/roles/systems/templates/docker/systems-config.json @@ -1,7 +1,7 @@ { - "service_site_url": "https://admin.develop.tapis.io", - "service_tenant_id": "admin", - "site_id": "tacc", + "service_site_url": "{{ systems_service_url }}", + "service_tenant_id": "{{ systems_service_tenant_id }}", + "site_id": "{{ systems_service_site_id }}", "service_name": "systems", - "globus_client_id": "494d441c-99cf-4117-bd78-9b85cb0f12ff" -} \ No newline at end of file + "globus_client_id": "{{ systems_globus_client_id }}" +} diff --git a/playbooks/roles/tapisui/defaults/main/images.yml b/playbooks/roles/tapisui/defaults/main/images.yml index 95e05b0e..9fc3ad0d 100644 --- a/playbooks/roles/tapisui/defaults/main/images.yml +++ b/playbooks/roles/tapisui/defaults/main/images.yml @@ -1 +1 @@ -tapisui_image: tapis/tapisui:1.6.0 +tapisui_image: tapis/tapisui:1.7.0 diff --git a/playbooks/roles/tapisui/templates/docker/docker-compose.yml b/playbooks/roles/tapisui/templates/docker/docker-compose.yml index 0ae9181f..fa07a768 100644 --- a/playbooks/roles/tapisui/templates/docker/docker-compose.yml +++ b/playbooks/roles/tapisui/templates/docker/docker-compose.yml @@ -4,8 +4,11 @@ networks: external: true services: - tapisui: - container_name: tapisui - image: {{ tapisui_image }} - environment: - - LOG_LEVEL={{tapisui_log_level}} + tapisui-service: + container_name: tapisui + image: {{ tapisui_image }} + environment: + - LOG_LEVEL={{tapisui_log_level}} + + + diff --git a/playbooks/roles/tapisui/templates/kube/deployment.yml b/playbooks/roles/tapisui/templates/kube/deployment.yml index 89a5090d..fc1d06ee 100644 --- a/playbooks/roles/tapisui/templates/kube/deployment.yml +++ b/playbooks/roles/tapisui/templates/kube/deployment.yml @@ -15,8 +15,6 @@ spec: - image: {{ tapisui_image }} imagePullPolicy: Always name: tapisui - ports: - - containerPort: 3000 resources: {} tty: true env: diff --git a/playbooks/roles/tapisui/templates/kube/service.yml b/playbooks/roles/tapisui/templates/kube/service.yml index 7412bdb4..76ac28aa 100644 --- a/playbooks/roles/tapisui/templates/kube/service.yml +++ b/playbooks/roles/tapisui/templates/kube/service.yml @@ -8,4 +8,4 @@ spec: app: tapisui-deployment ports: - port: 3000 - targetPort: 3000 + targetPort: 80 diff --git a/playbooks/roles/tenants/defaults/main/images.yml b/playbooks/roles/tenants/defaults/main/images.yml index 42c80208..e3bd83d9 100644 --- a/playbooks/roles/tenants/defaults/main/images.yml +++ b/playbooks/roles/tenants/defaults/main/images.yml @@ -1,6 +1,6 @@ tenants_pgadmin_image: dpage/pgadmin4:6.20 tenants_postgres_image: postgres:11.4 -tenants_api_image: tapis/tenants-api:1.6.0 -tenants_migrations_image: tapis/tenants-api-migrations:1.6.0 -tenants_api_tests_image: tapis/tenants-api-tests:1.6.0 -tenants_util_image: tapis/ubutil2204:1.6.0 +tenants_api_image: tapis/tenants-api:1.7.0 +tenants_migrations_image: tapis/tenants-api-migrations:1.7.0 +tenants_api_tests_image: tapis/tenants-api-tests:1.7.0 +tenants_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/tokens/defaults/main/images.yml b/playbooks/roles/tokens/defaults/main/images.yml index d6c4d305..a491389d 100644 --- a/playbooks/roles/tokens/defaults/main/images.yml +++ b/playbooks/roles/tokens/defaults/main/images.yml @@ -1,3 +1,3 @@ -tokens_api_image: tapis/tokens-api:1.6.0 -tokens_api_tests_image: tapis/tokens-api-tests:1.6.0 -tokens_util_image: tapis/ubutil2204:1.6.0 +tokens_api_image: tapis/tokens-api:1.7.0 +tokens_api_tests_image: tapis/tokens-api-tests:1.7.0 +tokens_util_image: tapis/ubutil2204:1.7.0 diff --git a/playbooks/roles/tokens/defaults/main/vars.yml b/playbooks/roles/tokens/defaults/main/vars.yml index b5b20b6a..9597b827 100644 --- a/playbooks/roles/tokens/defaults/main/vars.yml +++ b/playbooks/roles/tokens/defaults/main/vars.yml @@ -8,5 +8,5 @@ tokens_show_traceback: false tokens_use_allservices_password: false tokens_tenants: ["*"] tokens_image_pull_policy: Always -tokens_service_tenant_id: admin +tokens_service_tenant_id: '{{ global_service_tenant_id }}' tokens_service_name: tokens diff --git a/playbooks/roles/tokens/templates/docker/tokens-config.json b/playbooks/roles/tokens/templates/docker/tokens-config.json index 3a811d23..5f0126ec 100644 --- a/playbooks/roles/tokens/templates/docker/tokens-config.json +++ b/playbooks/roles/tokens/templates/docker/tokens-config.json @@ -2,7 +2,7 @@ "service_name": "tokens", "primary_site_admin_tenant_base_url": "{{ tokens_service_url }}", "service_site_id": "{{ tokens_service_site_id }}", - "service_tenant_id": "admin", + "service_tenant_id": "{{ tokens_service_tenant_id }}", "tenants": {{ tokens_tenants|to_json }}, "log_level": "INFO", "use_allservices_password": {{tokens_use_allservices_password|to_json}}, diff --git a/playbooks/roles/workflows/defaults/main/images.yml b/playbooks/roles/workflows/defaults/main/images.yml index b1ceb2f3..4d372077 100644 --- a/playbooks/roles/workflows/defaults/main/images.yml +++ b/playbooks/roles/workflows/defaults/main/images.yml @@ -1,6 +1,6 @@ -workflows_api_image: tapis/workflows-api:1.6.0 -workflows_pipelines_image: tapis/workflows-pipelines:1.6.0 -workflows_engine_streams_image: tapis/workflow-engine-streams:1.6.0 +workflows_api_image: tapis/workflows-api:1.7.0 +workflows_pipelines_image: tapis/workflows-pipelines:1.7.0 +workflows_engine_streams_image: tapis/workflow-engine-streams:1.7.0 workflows_mysql_image: mysql:8 workflows_rabbitmq_image: rabbitmq:3.9.11-management workflows_registry_image: registry:2