diff --git a/playbooks/roles/admin/templates/docker/verification/authenticator-test b/playbooks/roles/admin/templates/docker/verification/authenticator-test index bb49f648..067af830 100755 --- a/playbooks/roles/admin/templates/docker/verification/authenticator-test +++ b/playbooks/roles/admin/templates/docker/verification/authenticator-test @@ -7,4 +7,4 @@ gettoken # should return 200 and JSON with token export pass=`grep ^LDAP_ROOTPASS {{ tapisdatadir }}/authenticator/env | awk -F= '{print $2}' | tr -d '"'` -docker run --rm -it --network tapis tapis/centosutil:1.4.0 ldapsearch -x -H ldap://authenticator-ldap:389 -Z -D "cn=admin,dc=tapis" -w "$pass" -b "ou=tenants.dev,dc=tapis" +docker run --rm -it --network tapis tapis/centosutil:1.4.0 ldapsearch -x -H ldap://authenticator-ldap:389 -D "cn=admin,dc=tapis" -w "$pass" -b "ou=tenants.dev,dc=tapis" diff --git a/playbooks/roles/admin/templates/docker/verification/functions b/playbooks/roles/admin/templates/docker/verification/functions index f36247a1..b2d6a0a5 100755 --- a/playbooks/roles/admin/templates/docker/verification/functions +++ b/playbooks/roles/admin/templates/docker/verification/functions @@ -10,7 +10,7 @@ SERVICEURL="{{admin_service_url}}" ### util gettoken(){ - tok=$(curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r .result.access_token.access_token) + tok=$(curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_devtenant_url }}/v3/oauth2/tokens | jq -r .result.access_token.access_token) } ### checks diff --git a/playbooks/roles/admin/templates/docker/verification/meta-test b/playbooks/roles/admin/templates/docker/verification/meta-test old mode 100644 new mode 100755 diff --git a/playbooks/roles/admin/templates/docker/verification/tenants-test b/playbooks/roles/admin/templates/docker/verification/tenants-test index 31362577..e510029f 100755 --- a/playbooks/roles/admin/templates/docker/verification/tenants-test +++ b/playbooks/roles/admin/templates/docker/verification/tenants-test @@ -1,8 +1,7 @@ #!/bin/bash # tenants -source functions -gettoken + # should return 200 and JSON with tenants list. curl {{admin_devtenant_url}}/v3/tenants | jq diff --git a/playbooks/roles/admin/templates/kube/verification/streams-test b/playbooks/roles/admin/templates/kube/verification/streams-test index de517ce6..d1cc0096 100755 --- a/playbooks/roles/admin/templates/kube/verification/streams-test +++ b/playbooks/roles/admin/templates/kube/verification/streams-test @@ -1,6 +1,6 @@ #!/bin/bash -curl {{admin_service_url}}/v3/streams/hello +curl {{admin_service_url}}/v3/streams/ready curl {{admin_service_url}}/v3/streams/hello diff --git a/playbooks/roles/admin/templates/kube/verification/systems-test b/playbooks/roles/admin/templates/kube/verification/systems-test new file mode 100644 index 00000000..6be8eba6 --- /dev/null +++ b/playbooks/roles/admin/templates/kube/verification/systems-test @@ -0,0 +1,9 @@ +#!/bin/bash + +curl {{admin_service_url}}/v3/systems/ready + + +curl {{admin_service_url}}/v3/systems/hello + + + diff --git a/playbooks/roles/apps/defaults/main/vars.yml b/playbooks/roles/apps/defaults/main/vars.yml index 75d4f126..6733dfd6 100644 --- a/playbooks/roles/apps/defaults/main/vars.yml +++ b/playbooks/roles/apps/defaults/main/vars.yml @@ -13,4 +13,4 @@ apps_postgres_password: null apps_pgadmin_password: null apps_heap_min: 1g apps_heap_max: 4g - +apps_port: 8081 diff --git a/playbooks/roles/authenticator/templates/docker/docker-compose.yml b/playbooks/roles/authenticator/templates/docker/docker-compose.yml index 4fa6529f..2dd6acae 100644 --- a/playbooks/roles/authenticator/templates/docker/docker-compose.yml +++ b/playbooks/roles/authenticator/templates/docker/docker-compose.yml @@ -72,6 +72,10 @@ services: depends_on: authenticator-postgres: condition: service_healthy + ulimits: + nofile: + soft: 1024 + hard: 4096 healthcheck: test: slapcat diff --git a/playbooks/roles/baseburnup/templates/docker/burndown b/playbooks/roles/baseburnup/templates/docker/burndown index 5c527ce5..7f8ac430 100755 --- a/playbooks/roles/baseburnup/templates/docker/burndown +++ b/playbooks/roles/baseburnup/templates/docker/burndown @@ -26,7 +26,10 @@ echo "Start: top-level-burndown" # globus-proxy -# meta +{% if "meta" in components_to_deploy %} +cd $mydir_absolute/meta +./burndown +{% endif %} # monitoring @@ -43,7 +46,10 @@ cd $mydir_absolute/notifications # pods -# streams +{% if "streams" in components_to_deploy %} +cd $mydir_absolute/streams +./burndown streams +{% endif %} {% if "tapisui" in components_to_deploy %} cd $mydir_absolute/tapisui diff --git a/playbooks/roles/jobs/defaults/main/vars.yml b/playbooks/roles/jobs/defaults/main/vars.yml index 37f75405..42ff4c20 100644 --- a/playbooks/roles/jobs/defaults/main/vars.yml +++ b/playbooks/roles/jobs/defaults/main/vars.yml @@ -9,3 +9,4 @@ jobs_storage_class: "{{ global_storage_class }}" jobs_rabbitmq_pvc: jobs-rabbitmq-vol01 jobs_node_selector: null jobs_node_name: true +jobs_port: 8082 diff --git a/playbooks/roles/meta/templates/docker/burnup b/playbooks/roles/meta/templates/docker/burnup index e518b02e..af6d5aa1 100755 --- a/playbooks/roles/meta/templates/docker/burnup +++ b/playbooks/roles/meta/templates/docker/burnup @@ -9,7 +9,7 @@ export UID_GID="$(id -u):$(id -g)" docker run -it --rm -v {{ tapisdatadir }}/meta:/meta {{ meta_util_image }} chown $MYUID /meta -python3 {{ tapisdir }}/admin/util/parse_skexport -c meta -d {{ tapisdatadir }} +python3 ../admin/util/parse_skexport -c meta -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/monitoring/templates/docker/burnup b/playbooks/roles/monitoring/templates/docker/burnup index e01df1cc..48d108cb 100755 --- a/playbooks/roles/monitoring/templates/docker/burnup +++ b/playbooks/roles/monitoring/templates/docker/burnup @@ -11,6 +11,6 @@ export UID_GID="$(id -u):$(id -g)" docker run -it --rm -v {{ tapisdatadir }}/monitoring:/monitoring {{ monitoring_util_image }} chown $MYUID /monitoring -python3 {{ tapisdir }}/admin/util/parse_skexport -c monitoring -d {{ tapisdatadir }} +python3 ../admin/util/parse_skexport -c monitoring -d {{ tapisdatadir }} -docker compose up -d \ No newline at end of file +docker compose up -d diff --git a/playbooks/roles/notifications/defaults/main/vars.yml b/playbooks/roles/notifications/defaults/main/vars.yml index ee350bdd..7e0ad6fe 100644 --- a/playbooks/roles/notifications/defaults/main/vars.yml +++ b/playbooks/roles/notifications/defaults/main/vars.yml @@ -13,4 +13,5 @@ notifications_mail_port: 25 notifications_heap_min: 1g notifications_heap_max: 4g +notifications_port: 8083 diff --git a/playbooks/roles/notifications/templates/docker/docker-compose.yml b/playbooks/roles/notifications/templates/docker/docker-compose.yml index 174e716f..f1733869 100644 --- a/playbooks/roles/notifications/templates/docker/docker-compose.yml +++ b/playbooks/roles/notifications/templates/docker/docker-compose.yml @@ -29,10 +29,10 @@ services: notifications-rabbitmq: condition: service_healthy command: java -Xms{{ notifications_heap_min }} -Xmx{{ notifications_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "notifications.jar:dependencies/*" edu.utexas.tacc.tapis.notifications.api.NotificationsApplication - {% if notifications_port is not none %} +{% if notifications_port is not none %} ports: - - "{{notifications_port}}:8080" - {% endif %} + - "{{notifications_port}}:8080" +{% endif %} notifications-init-db: container_name: notifications-init-db diff --git a/playbooks/roles/proxy/templates/docker/docker-compose.yml b/playbooks/roles/proxy/templates/docker/docker-compose.yml index 3ca1a77c..f51637fc 100644 --- a/playbooks/roles/proxy/templates/docker/docker-compose.yml +++ b/playbooks/roles/proxy/templates/docker/docker-compose.yml @@ -14,9 +14,9 @@ services: volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./locations:/etc/nginx/conf.d/locations:ro - - {{proxy_nginx_cert_file}}:/tmp/ssl/tls.crt:ro - - {{proxy_nginx_cert_key}}:/tmp/ssl/tls.key:ro - - {{tapisdir}}proxy/token-revoked.json:/etc/nginx/html/token-revoked.json + - {{ proxy_nginx_cert_file }}:/tmp/ssl/tls.crt:ro + - {{ proxy_nginx_cert_key }}:/tmp/ssl/tls.key:ro + - ./token-revoked.json:/etc/nginx/html/token-revoked.json networks: - tapis restart: always @@ -27,7 +27,7 @@ services: ports: - "127.0.0.1:8000:8000" volumes: - - {{ tapisdir }}/proxy/site-router-config.json:/home/tapis/config.json:ro + - ./site-router-config.json:/home/tapis/config.json:ro networks: - tapis restart: always diff --git a/playbooks/roles/proxy/templates/docker/locations/notifications.conf b/playbooks/roles/proxy/templates/docker/locations/notifications.conf index 9d6a7e19..10a624a2 100644 --- a/playbooks/roles/proxy/templates/docker/locations/notifications.conf +++ b/playbooks/roles/proxy/templates/docker/locations/notifications.conf @@ -6,7 +6,7 @@ location /v3/notifications resolver 127.0.0.11; # set $upstream "http://notifications-api:8080"; - set $upstream {{ notifications_host | default("http://notifications-api:;")}}:{{ notifications_port | default("8080")}}; + set $upstream {{ notifications_host | default("http://notifications-api")}}:{{ notifications_port | default("8080")}}; proxy_pass $upstream; diff --git a/playbooks/roles/proxy/templates/docker/token-revoked.json b/playbooks/roles/proxy/templates/docker/token-revoked.json new file mode 100644 index 00000000..1ca08561 --- /dev/null +++ b/playbooks/roles/proxy/templates/docker/token-revoked.json @@ -0,0 +1,2 @@ +{"status": "error", "message": "Token is revoked.", "version": "{{ proxy_site_router_api_version }}", "result": null } + diff --git a/playbooks/roles/security/templates/docker/burnup b/playbooks/roles/security/templates/docker/burnup index b96fa91e..1e15a801 100755 --- a/playbooks/roles/security/templates/docker/burnup +++ b/playbooks/roles/security/templates/docker/burnup @@ -8,7 +8,7 @@ mkdir -p {{ tapisdatadir }}/security/postgres python3 ../admin/util/parse_skexport -c security -d {{ tapisdatadir }} export UID_GID="$(id -u):$(id -g)" -docker run -it --rm -v {{ tapisdatadir }}/security:/security {{ meta_util_image }} chown $UID_GID /security +docker run -it --rm -v {{ tapisdatadir }}/security:/security {{ security_util_image }} chown $UID_GID /security docker compose up -d diff --git a/playbooks/roles/streams/templates/docker/burnup b/playbooks/roles/streams/templates/docker/burnup index 63610c37..d658bd8c 100755 --- a/playbooks/roles/streams/templates/docker/burnup +++ b/playbooks/roles/streams/templates/docker/burnup @@ -11,6 +11,6 @@ export UID_GID="$(id -u):$(id -g)" docker run -it --rm -v {{ tapisdatadir }}/streams:/streams {{ streams_util_image }} chown $MYUID /streams -python3 {{ tapisdir }}/admin/util/parse_skexport -c streams -d {{ tapisdatadir }} +python3 ../admin/util/parse_skexport -c streams -d {{ tapisdatadir }} -docker compose up -d \ No newline at end of file +docker compose up -d diff --git a/playbooks/roles/streams/templates/docker/docker-compose.yml b/playbooks/roles/streams/templates/docker/docker-compose.yml index 9a206fc3..b2a55da6 100644 --- a/playbooks/roles/streams/templates/docker/docker-compose.yml +++ b/playbooks/roles/streams/templates/docker/docker-compose.yml @@ -24,7 +24,7 @@ services: networks: - tapis volumes: - - {{tapisdatadir}}/streams/mysql/data:/var/lib/mysql + - {{ tapisdatadir }}/streams/mysql/data:/var/lib/mysql - /var/run/docker.sock:/var/run/docker.sock - ./chords/tapis_chords_start.sh:/chords/chords_start.sh - ./chords/influxdb.yml:/chords/config/influxdb.yml diff --git a/playbooks/roles/systems/defaults/main/vars.yml b/playbooks/roles/systems/defaults/main/vars.yml index 4ef831c5..69eaeeb9 100644 --- a/playbooks/roles/systems/defaults/main/vars.yml +++ b/playbooks/roles/systems/defaults/main/vars.yml @@ -10,3 +10,4 @@ systems_postgres_pvc: systems-postgres-vol01 systems_globus_client_id: null systems_heap_max: 3G systems_heap_min: 1G +systems_port: 8084 diff --git a/playbooks/roles/tokens/templates/docker/docker-compose.yml b/playbooks/roles/tokens/templates/docker/docker-compose.yml index 8029f9c6..46cac32e 100644 --- a/playbooks/roles/tokens/templates/docker/docker-compose.yml +++ b/playbooks/roles/tokens/templates/docker/docker-compose.yml @@ -11,7 +11,6 @@ services: image: {{ tokens_api_image }} volumes: - ./tokens-config.json:/home/tapis/config.json - - ../admin/verification/tokens-test:/home/tapis/healthcheck networks: - tapis env_file: diff --git a/playbooks/roles/vault/templates/docker/burnup b/playbooks/roles/vault/templates/docker/burnup index d28e1e66..7e1df5b6 100755 --- a/playbooks/roles/vault/templates/docker/burnup +++ b/playbooks/roles/vault/templates/docker/burnup @@ -26,13 +26,18 @@ then fi # check if vault is unsealed already -sleep 5 -if [ `docker exec -it vault vault status -format=json | jq -r .sealed` == "false" ] +#sleep 5 +if VAULTSTAT=`docker exec -it vault vault status -format=json` then - echo "Vault is up and unsealed." - exit 0 + echo $VAULTSTAT + if [ `echo $VAULTSTAT | jq -r .sealed` == "false" ] + then + echo "Vault is up and unsealed." + exit 0 + fi fi + # TODO: should we do an initialized check? requires more logic in further checks # check if vault is initialized #if [ `docker exec -it vault vault status -format=json | jq -r .initialized` == "false" ] @@ -96,7 +101,7 @@ then fi # give vault some time to get fully booted up before the following services try to use it -sleep 30 +#sleep 30 exit 0 diff --git a/playbooks/roles/vault/templates/docker/docker-compose.yml b/playbooks/roles/vault/templates/docker/docker-compose.yml index dbe24a2e..d0a864f6 100644 --- a/playbooks/roles/vault/templates/docker/docker-compose.yml +++ b/playbooks/roles/vault/templates/docker/docker-compose.yml @@ -20,4 +20,10 @@ services: - {{ vault_data_dir }}/certs:/vault/certs networks: - tapis + healthcheck: + test: [ "CMD", "wget", "--spider", "--proxy", "off", "http://127.0.0.1:8200/v1/sys/health?standbyok=true" ] + interval: 10s + timeout: 3s + retries: 10 + start_period: 5s