diff --git a/CHANGELOG.md b/CHANGELOG.md index ffbdb83d..62a02296 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,23 @@ Notable changes between versions. +## 1.3.8 + +- Added java heap max and min options for apps, systems, and notifications when using Docker compose. +- [Jobs: 1.3.4 to 1.3.5 (tapis/jobsworker, jobsmigrate, jobsapi)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) +- [Systems: 1.3.2 to 1.3.3 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/1.3.3/CHANGELOG.md) +- [Files: 1.3.5 to 1.3.6 (tapis/tapis-files, tapis/tapis-files-workers)](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) +- Docker Flavor update: + - Added verification scripts for more core components + - Changed secrets to using a python script for parsing instead of bash scripting + - Added a DB init script for files + - Removed hard-coded urls in proxy + - General cleanup & bugfixes + +### Breaking Changes + +- There is a breaking change related to how Files and Systems interact for systems of type IRODS. Please see the [CHANGELOG](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) for the Files service for more information. + ## 1.3.7 - [Authenticator: 1.3.3 to 1.3.4 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) @@ -19,6 +36,7 @@ Notable changes between versions. - [Apps: 1.3.2 to 1.3.3 (tapis/apps)](https://github.com/tapis-project/tapis-apps/blob/1.3.3/CHANGELOG.md) - [Notifications: 1.3.1 to 1.3.3 (tapis/notifications, notifications-dispatcher)](https://github.com/tapis-project/tapis-notifications/blob/1.3.3/CHANGELOG.md) + ## 1.3.5 **Breaking Changes** diff --git a/playbooks/roles/actors/templates/docker/burnup b/playbooks/roles/actors/templates/docker/burnup index 398b618c..2c0f0870 100755 --- a/playbooks/roles/actors/templates/docker/burnup +++ b/playbooks/roles/actors/templates/docker/burnup @@ -3,6 +3,9 @@ echo "burnup actors:" mkdir -p {{ tapisdatadir }}/actors +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/actors:/actors tapis/ubutil2204:1.3.0 chown $myuid /actors -docker compose up -d +python3 {{ tapisdir }}/admin/util/parse_skexport -c actors -d {{ tapisdatadir }} +docker compose up -d \ No newline at end of file diff --git a/playbooks/roles/actors/templates/docker/docker-compose.yml b/playbooks/roles/actors/templates/docker/docker-compose.yml index e3b5b523..e0c6eebf 100644 --- a/playbooks/roles/actors/templates/docker/docker-compose.yml +++ b/playbooks/roles/actors/templates/docker/docker-compose.yml @@ -16,14 +16,16 @@ services: container_name: actors-mongo image: {{ actors_mongo_image }} environment: - MONGO_INITDB_ROOT_USERNAME: admin - MONGO_INITDB_ROOT_PASSWORD: admin - MONGO_REPLICA_SET_NAME: rs0 - # ports: - # - "127.0.0.1:27017:27017" + - MONGO_INITDB_ROOT_USERNAME: admin + - MONGO_REPLICA_SET_NAME: rs0 + env_file: + - {{ tapisdatadir }}/actors/env # volumes: # - ./runtime_files/certs:/data/ssl # - ./runtime_files/certs/mongo-replica-set-keyfile:/keyfiles/metakeyfile + volumes: + - {{ tapisdatadir }}/actors/mongo/data:/data/db + - {{ tapisdatadir }}/actors/mongo/keyfile:keyfile-base networks: - tapis ulimits: @@ -47,18 +49,16 @@ services: #command: "mongod --bind_ip_all --replSet rs0 --keyFile /keyfiles/keyfile-to-use --tlsMode requireTLS --tlsCertificateKeyFile "/data/ssl/server.pem" --tlsCAFile "/data/ssl/ca.pem" - actors-rabbit: - container_name: actors-rabbit + actors-rabbitmq: + container_name: actors-rabbitmq image: {{ actors_rabbitmq_image }} - # ports: - # - "127.0.0.1:5672:5672" - # - "127.0.0.1:15672:15672" environment: RABBITMQ_NODENAME: abaco-rabbit RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: "+A 128" RABBITMQ_DEFAULT_VHOST: abaco_vhost RABBITMQ_DEFAULT_USER: admin - RABBITMQ_DEFAULT_PASS: admin + env_file: + - {{ tapisdatadir }}/actors/env ulimits: nproc: 65535 nofile: @@ -67,23 +67,23 @@ services: networks: - tapis depends_on: - - actors-mongo + actors-mongo: + condition: service_started actors-nginx: container_name: actors-nginx image: {{ actors_nginx_image }} + networks: + - tapis volumes: # - ./config-local.json:/home/tapis/config.json - - "{{ tapisdir }}/actors/actors-config.json:/home/tapis/config.json" + - "{{ tapisdir }}/actors/actors-config.json:/etc/nginx/sites-enabled/flask-project" # # - ./images/nginx/nginx.conf:/etc/nginx/nginx.conf # # - ./images/nginx/sites-enabled:/etc/nginx/sites-enabled -# ports: -# - "127.0.0.1:8000:80" restart: always depends_on: - - actors-mongo - networks: - - tapis + actors-mongo: + condition: service_started actors-reg: container_name: actors-reg diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index e6d22e3e..02fa0947 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -6,33 +6,75 @@ import json # var mapping for all comps # e.g. {"{skexport_name}": "{internal_component_name}"} -actors = {"":""} -apps = {"":""} +actors = {"RABBITMQ_DEFAULT_PASS":"DBCREDENTIAL_RABBITMQ_ABACO_RABBIT_MQ_HOST_RABBITMQ_ABACO_PASSWORD", + "MONGO_INITDB_ROOT_PASSWORD": "DBCREDENTIAL_MONGO_ABACO_MONGO_DB_HOST_MONGODB_ABACO_PASSWORD", + "": "SERVICEPWD_ABACO_PASSWORD"} + +apps = {"TAPIS_DB_PASSWORD":"DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_POSTGRES_PASSWORD", + "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_APPS_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_POSTGRES_PASSWORD", + "POSTGRES_USER_PASSWORD": "DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_TAPIS_APP_PASSWORD", + "service_password": "SERVICEPWD_APPS_PASSWORD", + "MONITOR_PASSWORD": "DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_TAPIS_APP_PASSWORD"} + authenticator = {"POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", "postgres_password": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", "LDAP_ROOTPASS":"USER_ADMIN_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD", "service_password": "SERVICEPWD_AUTHENTICATOR_PASSWORD"} -files = {"":""} +files = {"RABBITMQ_PASSWORD":"DBCREDENTIAL_RABBITMQ_TAPISFILES_RABBITMQ_FILES_FILES_PASSWORD", + "RABBITMQ_DEFAULT_PASS":"DBCREDENTIAL_RABBITMQ_TAPISFILES_RABBITMQ_FILES_FILES_PASSWORD", + "DB_PASSWORD":"DBCREDENTIAL_POSTGRES_TAPISFILES_POSTGRES_FILES_FILES_PASSWORD", + "POSTGRES_PASSWORD":"DBCREDENTIAL_POSTGRES_TAPISFILES_POSTGRES_FILES_FILES_PASSWORD", + "SERVICE_PASSWORD":"SERVICEPWD_FILES_PASSWORD"} + globus_proxy = {"":""} -jobs = {"":""} +jobs = {"TAPIS_SERVICE_PASSWORD": "SERVICEPWD_JOBS_PASSWORD", + "TAPIS_DB_PASSWORD": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", + "TAPIS_QUEUE_ADMIN_PASSWORD": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_TAPIS_PASSWORD", + "TAPIS_QUEUE_PASSWORD": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_JOBS_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", + "RABBITMQ_DEFAULT_PASS": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_TAPIS_PASSWORD", + "TPW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", + "PW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD"} + meta = {"":""} monitoring = {"":""} -notifications = {"":""} +notifications = {"PGADMIN_DEFAULT_PASSWORD": "DBCREDENTIAL_PGADMIN_NOTIFICATIONS_POSTGRES_TAPISNTFDB_WOW_PASSWORD", + "TAPIS_DB_USER_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_POSTGRES_PASSWORD", + "POSTGRES_USER_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_POSTGRES_PASSWORD", + "TAPIS_DB_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_TAPIS_NTF_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_TAPIS_NTF_PASSWORD", + "TAPIS_QUEUE_PASSWORD": "DBCREDENTIAL_RABBITMQ_NOTIFICATIONS_RABBITMQ_NOTIFICATIONSHOST_NOTIFICATIONS_PASSWORD", + "RABBITMQ_DEFAULT_PASS": "DBCREDENTIAL_RABBITMQ_NOTIFICATIONS_RABBITMQ_NOTIFICATIONSHOST_TAPIS_PASSWORD", + "TAPIS_QUEUE_ADMIN_PASSWORD": "DBCREDENTIAL_RABBITMQ_NOTIFICATIONS_RABBITMQ_NOTIFICATIONSHOST_TAPIS_PASSWORD", + "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_NOTIFICATIONS_PASSWORD", + "service_password": "SERVICEPWD_NOTIFICATIONS_PASSWORD"} + + + pgrest = {"":""} pods = {"":""} proxy = {"":""} -security = {"TAPIS_SK_VAULT_SECRET_ID": "", +security = {"TAPIS_SK_VAULT_SECRET_ID": "", # these two are populated later with curl cmds "TAPIS_SK_VAULT_ROLE_ID": "", "TAPIS_DB_PASSWORD" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_TAPIS_PASSWORD", "TAPIS_PASSWORD": "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_TAPIS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_POSTGRES_PASSWORD", "PW" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_POSTGRES_PASSWORD", - "TPW" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_TAPIS_PASSWORD"} + "TPW" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_POSTGRES_PASSWORD"} skadmin = {"":""} streams = {"":""} -systems = {"":""} +systems = {"pgadmin_password": "DBCREDENTIAL_PGADMIN_SYSTEMS_POSTGRES_TAPISSYSDB_WOW_PASSWORD", + "postgres_password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", + "postgres_user_password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_TAPIS_SYS_PASSWORD", + "service_password": "SERVICEPWD_SYSTEMS_PASSWORD", + "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_SYSTEMS_PASSWORD", + "TAPIS_DB_PASSWORD": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", + } + tapisui = {"":""} tenants = {"postgres_password": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD", @@ -71,9 +113,22 @@ except FileExistsError: # set local vars infile = args.dir + '/skadmin/env' local = locals()[component] -outfile = open(args.dir + '/' + args.comp + '/env', 'w') +try: + outfile = open(args.dir + '/' + args.comp + '/env', 'w') + if args.verbose: + print(f'successfuly opened {outfile}') +except Exception as e: + print(f'''error opening outfile {outfile}:: + {e}''') output_dict = {} +if args.verbose: + print(f'''have local args: + component: {component} + infile: {infile} + local: {local} + outfile: {outfile}''') + # populate vault values for security if component == 'security': vault_token = open('{{ tapisdatadir }}/vault/vault-token').read() @@ -91,8 +146,6 @@ if component == 'security': output_dict['TAPIS_SK_VAULT_ROLE_ID'] = r.json()['data']['role_id'] output_dict['VAULT_ROLEID'] = r.json()['data']['role_id'] - # export VAULT_ROLEID=`curl -s -X GET -H "X-Vault-Token: $VAULT_TOKEN" http://localhost:8200/v1/auth/approle/role/sk/role-id | jq -r .data.role_id` - if args.verbose: print(f'''populating values for security, have: vault_token: {vault_token} @@ -101,6 +154,8 @@ if component == 'security': ''') with open(infile, 'r') as lines: + if args.verbose: + print(f'successfuly opened {infile}') for line in lines: if len(line) <= 1: continue # ignore empty line diff --git a/playbooks/roles/admin/templates/docker/verification/README.md b/playbooks/roles/admin/templates/docker/verification/README.md index c91775f4..ca628fc7 100644 --- a/playbooks/roles/admin/templates/docker/verification/README.md +++ b/playbooks/roles/admin/templates/docker/verification/README.md @@ -3,8 +3,14 @@ order: +- vault-test - sk-test - tenants-test - tokens-test - authenticator-test +- systems-test +- files-test +- jobs-test +- notifications-test +- streams-test diff --git a/playbooks/roles/admin/templates/docker/verification/authenticator-test b/playbooks/roles/admin/templates/docker/verification/authenticator-test index a6da0ad7..0504b13f 100755 --- a/playbooks/roles/admin/templates/docker/verification/authenticator-test +++ b/playbooks/roles/admin/templates/docker/verification/authenticator-test @@ -5,6 +5,5 @@ curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "passw # should return 200 and JSON with token - -export pass=`grep LDAP_ROOTPASS {{ tapisdatadir }}/authenticator/env | awk -F= '{print $2}'` -docker run --rm -it -net tapis mrghort/centosutil:1.3.1 ldapsearch -x -H ldap://authenticator-ldap:389 -Z -D "cn=admin,dc=tapis" -w "$pass" -b "ou=tenants.dev,dc=tapis" +export pass=`grep ^LDAP_ROOTPASS {{ tapisdatadir }}/authenticator/env | awk -F= '{print $2}' | tr -d '"'` +docker run --rm -it --network tapis tapis/centosutil:1.3.1 ldapsearch -x -H ldap://authenticator-ldap:389 -Z -D "cn=admin,dc=tapis" -w "$pass" -b "ou=tenants.dev,dc=tapis" diff --git a/playbooks/roles/admin/templates/docker/verification/files-test b/playbooks/roles/admin/templates/docker/verification/files-test new file mode 100755 index 00000000..900d0f12 --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/files-test @@ -0,0 +1,6 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl {{ admin_devtenant_url }}/v3/files/healthcheck | jq + diff --git a/playbooks/roles/admin/templates/docker/verification/jobs-test b/playbooks/roles/admin/templates/docker/verification/jobs-test new file mode 100755 index 00000000..a84d5212 --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/jobs-test @@ -0,0 +1,6 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl {{ admin_devtenant_url }}/v3/jobs/healthcheck | jq + diff --git a/playbooks/roles/admin/templates/docker/verification/notifications-test b/playbooks/roles/admin/templates/docker/verification/notifications-test new file mode 100755 index 00000000..69b3c9ed --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/notifications-test @@ -0,0 +1,5 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl {{ admin_devtenant_url }}/v3/notifications/healthcheck | jq diff --git a/playbooks/roles/admin/templates/docker/verification/sk-test b/playbooks/roles/admin/templates/docker/verification/sk-test index 2643bb43..03377744 100755 --- a/playbooks/roles/admin/templates/docker/verification/sk-test +++ b/playbooks/roles/admin/templates/docker/verification/sk-test @@ -3,13 +3,13 @@ echo "hello" -docker run --net tapis --rm -it {{ admin_util_image }} curl http://security-api:8000/v3/security/hello +curl -s {{ admin_devtenant_url }}/v3/security/hello | jq .status echo echo "ready" -docker run --net tapis --rm -it {{ admin_util_image }} curl http://security-api:8000/v3/security/ready +curl -s {{ admin_devtenant_url }}/v3/security/ready | jq .status echo echo "healthcheck" -docker run --net tapis --rm -it {{ admin_util_image }} curl http://security-api:8000/v3/security/healthcheck +curl -s {{ admin_devtenant_url }}/v3/security/healthcheck | jq .status echo diff --git a/playbooks/roles/admin/templates/docker/verification/streams-test b/playbooks/roles/admin/templates/docker/verification/streams-test index de517ce6..4ffa2483 100755 --- a/playbooks/roles/admin/templates/docker/verification/streams-test +++ b/playbooks/roles/admin/templates/docker/verification/streams-test @@ -1,9 +1,9 @@ #!/bin/bash -curl {{admin_service_url}}/v3/streams/hello +curl {{admin_devtenant_url}}/v3/streams/hello -curl {{admin_service_url}}/v3/streams/hello +curl {{admin_devtenant_url}}/v3/streams/hello diff --git a/playbooks/roles/admin/templates/docker/verification/systems-test b/playbooks/roles/admin/templates/docker/verification/systems-test new file mode 100755 index 00000000..623af3c6 --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/systems-test @@ -0,0 +1,6 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl {{ admin_devtenant_url }}/v3/systems/healthcheck | jq + diff --git a/playbooks/roles/admin/templates/docker/verification/tenants-test b/playbooks/roles/admin/templates/docker/verification/tenants-test index 23c2bbfc..7bd0984f 100755 --- a/playbooks/roles/admin/templates/docker/verification/tenants-test +++ b/playbooks/roles/admin/templates/docker/verification/tenants-test @@ -3,5 +3,5 @@ # tenants # should return 200 and JSON with tenants list. -curl {{admin_service_url}}/v3/tenants | jq +curl {{admin_devtenant_url}}/v3/tenants | jq diff --git a/playbooks/roles/admin/templates/docker/verification/tokens-test b/playbooks/roles/admin/templates/docker/verification/tokens-test index 271bf1ec..d3dc8e15 100755 --- a/playbooks/roles/admin/templates/docker/verification/tokens-test +++ b/playbooks/roles/admin/templates/docker/verification/tokens-test @@ -6,5 +6,5 @@ s=`grep SERVICEPWD_TENANTS_PASSWORD {{ tapisdatadir }}/skadmin/env | awk -F= '{p # tokens # should return 200 and JSON with token -curl -u "tenants:$s" -H "Content-type: application/json" -d '{"token_tenant_id": "admin", "account_type": "service", "token_username": "tenants", "target_site_id": "{{ admin_service_site_id }}"}' {{ admin_service_url }}/v3/tokens +curl -u "tenants:$s" -H "Content-type: application/json" -d '{"token_tenant_id": "admin", "account_type": "service", "token_username": "tenants", "target_site_id": "{{ admin_service_site_id }}"}' {{ admin_devtenant_url }}/v3/tokens diff --git a/playbooks/roles/apps/defaults/main/vars.yml b/playbooks/roles/apps/defaults/main/vars.yml index b1aa57b3..75d4f126 100644 --- a/playbooks/roles/apps/defaults/main/vars.yml +++ b/playbooks/roles/apps/defaults/main/vars.yml @@ -11,4 +11,6 @@ apps_postgres_pvc: apps-postgres-vol01 apps_service_password: null apps_postgres_password: null apps_pgadmin_password: null +apps_heap_min: 1g +apps_heap_max: 4g diff --git a/playbooks/roles/apps/templates/docker/apps-init-db-sh b/playbooks/roles/apps/templates/docker/apps-init-db-sh new file mode 100644 index 00000000..eaf01d34 --- /dev/null +++ b/playbooks/roles/apps/templates/docker/apps-init-db-sh @@ -0,0 +1,77 @@ +#!/bin/bash +# Script to initialize Apps service DB using psql +# Create database, user and schema +# Postgres password must be set in env var POSTGRES_PASSWORD + +if [ -z "$DB_HOST" ]; then + DB_HOST=apps-postgres +fi + +DB_USER=postgres +DB_NAME=tapisappdb + +if [ -z "${POSTGRES_PASSWORD}" ]; then + echo "Please set env var POSTGRES_PASSWORD before running this script" + exit 1 +fi + +# Put PGPASSWORD in environment for psql to pick up +export PGPASSWORD=${POSTGRES_PASSWORD} + +# Run psql command to create database if it does not exist +echo "SELECT 'CREATE DATABASE ${DB_NAME} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.utf8\" LC_CTYPE=\"en_US.utf8\" ' \ + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec" \ + | psql --host=${DB_HOST} --username=${DB_USER} + + +# Run sql to create user and schema if they do not exist +psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE tapis_app WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: tapis_app'; +END +\$\$; +ALTER USER tapis_app WITH ENCRYPTED PASSWORD '${POSTGRES_PASSWORD}'; +GRANT ALL PRIVILEGES ON DATABASE tapisappdb TO tapis_app; + +-- Create schema if it does not exist +CREATE SCHEMA IF NOT EXISTS tapis_app AUTHORIZATION tapis_app; +ALTER ROLE tapis_app SET search_path = 'tapis_app'; +EOB + +{% if apps_monitor_password is defined and apps_monitor_password %} +# this is the password :{{ apps_monitor_password }} +# end + +### hammock/mpackard 20210616 + + +# Script to add Monitoring read only access for Apps service DB using psql +# user and grant read only acces +# Postgres password must be set in env var MONITOR_PASSWORD + +if [ -z "${MONITOR_PASSWORD}" ]; then + echo "Please set env var MONITOR_PASSWORD before running this script" + exit 1 +fi + +# Run sql to create user if it does not exist +psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE monitor WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: monitor'; +END +\$\$; +ALTER USER monitor WITH ENCRYPTED PASSWORD '${MONITOR_PASSWORD}'; +GRANT SELECT ON ALL TABLES IN SCHEMA tapis_app TO monitor; +GRANT CONNECT ON DATABASE tapisappdb TO monitor; +GRANT USAGE ON SCHEMA tapis_app TO monitor; + +EOB +{% endif %} diff --git a/playbooks/roles/apps/templates/docker/burnup b/playbooks/roles/apps/templates/docker/burnup index 80119d5b..1af3aa04 100755 --- a/playbooks/roles/apps/templates/docker/burnup +++ b/playbooks/roles/apps/templates/docker/burnup @@ -3,6 +3,13 @@ echo "burnup apps:" mkdir -p {{ tapisdatadir }}/apps +myuid=`id -u` +export UID=`id -u` +export GID=`id -g` + +docker run -it --rm -v {{ tapisdatadir }}/apps:/apps tapis/ubutil2204:1.3.0 chown $myuid /apps + +python3 {{ tapisdir }}/admin/util/parse_skexport -c apps -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/apps/templates/docker/docker-compose.yml b/playbooks/roles/apps/templates/docker/docker-compose.yml index 69a7c279..f0064bd3 100644 --- a/playbooks/roles/apps/templates/docker/docker-compose.yml +++ b/playbooks/roles/apps/templates/docker/docker-compose.yml @@ -6,29 +6,52 @@ networks: services: apps-api: + container_name: apps-api + user: ${UID}:${GID} image: {{ apps_api_image }} + networks: + - tapis environment: - TAPIS_DB_JDBC_URL=jdbc:postgresql://apps-postgres:5432/tapisappdb - TAPIS_DB_USER=tapis_app - - "TAPIS_SITE_ID={{ apps_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ apps_service_url }}" - - "TAPIS_DB_PASSWORD={{ apps_postgres_password }}" # TODO - - "TAPIS_SERVICE_PASSWORD={{ apps_service_password }}" # TODO + - TAPIS_SITE_ID={{ apps_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ apps_service_url }} + env_file: + - {{ tapisdatadir }}/apps/env + command: java -Xms{{ apps_heap_min }} -Xmx{{ apps_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "apps.jar:dependencies/*" edu.utexas.tacc.tapis.apps.api.AppsApplication + depends_on: + apps-migrations: + condition: service_completed_successfully + apps-postgres: + container_name: apps-postgres image: {{ apps_postgres_image }} - # ports: - # - "5432" + networks: + - tapis environment: - - PGDATA="/pgdata/data" - - "POSTGRES_PASSWORD={{ apps_postgres_password }}" + - PGDATA=/pgdata/data + env_file: + - {{ tapisdatadir }}/apps/env volumes: - - "{{ tapisdatadir }}/pgdata:/pgdata" + - {{ tapisdatadir }}/apps/postgres:/pgdata + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 - apps-pgadmin: - image: {{ apps_pgadmin_image }} - # ports: - # - "80" - environment: - - PGADMIN_DEFAULT_EMAIL="wow@example.com" - - "PGADMIN_DEFAULT_PASSWORD={{ apps_pgadmin_password }}" + apps-migrations: + container_name: apps-migrations + image: {{ apps_postgres_image }} + networks: + - tapis + env_file: + - {{ tapisdatadir }}/apps/env + volumes: + - {{ tapisdatadir }}/apps/postgres:/pgdata + - {{ tapisdir }}/apps/apps-init-db-sh:/init-db + command: bash -c "cp /init-db /local_initdb && echo 100 && chown $(whoami) /local_initdb && echo 200 && chmod +x /local_initdb && echo 300 && /local_initdb" + depends_on: + apps-postgres: + condition: service_healthy diff --git a/playbooks/roles/authenticator/templates/docker/docker-compose.yml b/playbooks/roles/authenticator/templates/docker/docker-compose.yml index 094481ad..9d60f84d 100644 --- a/playbooks/roles/authenticator/templates/docker/docker-compose.yml +++ b/playbooks/roles/authenticator/templates/docker/docker-compose.yml @@ -37,7 +37,7 @@ services: volumes: - "{{ tapisdatadir }}/authenticator/postgres:/var/lib/postgresql/data" healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] + test: pg_isready -U postgres interval: 5s timeout: 5s retries: 5 diff --git a/playbooks/roles/baseburnup/defaults/main/vars.yml b/playbooks/roles/baseburnup/defaults/main/vars.yml index 8d340072..18e4f857 100644 --- a/playbooks/roles/baseburnup/defaults/main/vars.yml +++ b/playbooks/roles/baseburnup/defaults/main/vars.yml @@ -1,4 +1,4 @@ -baseburnup_tapis_deployer_version: 1.3.7 +baseburnup_tapis_deployer_version: 1.3.8 baseburnup_service_url: "{{ global_service_url }}" baseburnup_vault_url: "{{ global_vault_url }}" diff --git a/playbooks/roles/baseburnup/templates/docker/burndown b/playbooks/roles/baseburnup/templates/docker/burndown index 7a04c352..03a39735 100755 --- a/playbooks/roles/baseburnup/templates/docker/burndown +++ b/playbooks/roles/baseburnup/templates/docker/burndown @@ -19,6 +19,40 @@ myscript_absolute="$mydir_absolute/$myscript_nameonly" # burn down in reverse order echo "Start: top-level-burndown" +### tertiary services + +# actors + +# container-registry + +# globus-proxy + +# meta + +# monitoring + +{% if "notifications" in components_to_deploy %} +cd $mydir_absolute/notifications +./burndown +{% endif %} + +# pgrest + +# pgrest-a2cps-dev + +# pgrest-a2cps-prod + +# pods + +# streams + +{% if "tapisui" in components_to_deploy %} +cd $mydir_absolute/tapisui +./burndown +{% endif %} + +# workflows + ### secondary services {% if "jobs" in components_to_deploy %} diff --git a/playbooks/roles/baseburnup/templates/docker/burnup b/playbooks/roles/baseburnup/templates/docker/burnup index 62f70b11..247e0ffb 100755 --- a/playbooks/roles/baseburnup/templates/docker/burnup +++ b/playbooks/roles/baseburnup/templates/docker/burnup @@ -39,10 +39,6 @@ docker network inspect tapis || docker network create tapis ### init / setup -{% if "proxy" in components_to_deploy %} -burnup_or_exit proxy -{% endif %} - {% if "vault" in components_to_deploy %} burnup_or_exit vault {% endif %} @@ -58,6 +54,10 @@ burnup_or_exit skadmin burnup_or_exit tenants {% endif %} +{% if "proxy" in components_to_deploy %} +burnup_or_exit proxy +{% endif %} + {% if "security" in components_to_deploy %} burnup_or_exit security {% endif %} @@ -85,298 +85,42 @@ burnup_or_exit files burnup_or_exit systems {% endif %} +{% if "apps" in components_to_deploy %} +burnup_or_exit apps +{% endif %} + +## tertiary services + +# actors + +# container-registry + +# globus-proxy +# meta + +# monitoring + +{% if "notifications" in components_to_deploy %} +burnup_or_exit notifications +{% endif %} + +# pgrest + +# pgrest-a2cps-dev + +# pgrest-a2cps-prod + +# pods + +# streams + +{% if "tapisui" in components_to_deploy %} +burnup_or_exit tapisui +{% endif %} + +# workflows echo "Done: top-level-burnup" exit 0 - -#### services -# -#actors(){ -# cd $here/actors -# ./burnup -#} -# -#apps(){ -# cd $here/apps -# ./burnup -#} -# -#authenticator(){ -# cd $here/authenticator -# ./burnup -#} -# -#container-registry(){ -# cd $here/container-registry -# ./burnup -#} -# -#files(){ -# cd $here/files -# ./burnup -#} -# -#jobs(){ -# cd $here/jobs -# ./burnup -#} -# -#meta(){ -# cd $here/meta -# ./burnup -#} -# -#monitoring(){ -# cd $here/monitoring -# ./burnup -#} -# -#notifications(){ -# cd $here/notifications -# ./burnup -#} -# -#pgrest(){ -# echo "pgrest:" -# cd $here/pgrest -# ./burnup -#} -# -#pgrest-a2cps-dev(){ -# echo "pgrest-a2cps-dev:" -# cd $here/pgrest-a2cps-dev -# ./burnup -#} -# -#pgrest-a2cps-prod(){ -# echo "pgrest-a2cps-prod:" -# cd $here/pgrest-a2cps-prod -# ./burnup -#} -# -#pods(){ -# cd $here/pods -# ./burnup -#} -# -#proxy(){ -# cd $here/proxy -# ./burnup -#} -# -#security(){ -# cd $here/security -# ./burnup -#} -# -#skadmin(){ -# cd $here/skadmin -# ./burnup -#} -# -#streams(){ -# cd $here/streams -# ./burnup -#} -# -#systems(){ -# cd $here/systems -# ./burnup -#} -# -#tenants(){ -# cd $here/tenants -# ./burnup -#} -# -#tokens(){ -# cd $here/tokens -# ./burnup -#} -# -#vault(){ -# cd $here/vault -# ./burnup -#} -# -#workflows(){ -# cd $here/workflows -# ./burnup -#} -# -#primary_site(){ -# echo -#} -# -#associate_site(){ -# echo -#} -# -# -#### functions -# -# -#get_vault_token(){ -# echo -#} -# -#check_vault_unsealed(){ -# echo -#} -# -#get_public_keys(){ -# echo "Collecting public keys for associate site tenants. Please send these to your tenants admin before next steps in deployment." -# cd $here/admin -# ./get-assocsite-publickeys -#} -# -# -#init(){ -# {%- if "proxy" in components_to_deploy%} -# proxy -# {% endif %} -# -# {%- if "vault" in components_to_deploy%} -# vault -# checkvault -# {% else %} -# # using external vault, so do not start one here -# {% endif %} -# -# {%- if "skadmin" in components_to_deploy%} -# skadmin -# {% endif %} -# -# {%- if site_type == 2 %} -# get_public_keys -# {%- endif %} -# -#} -# -# -#primary_services(){ -# {%- if "tenants" in components_to_deploy %} -# tenants -# {% endif %} -# -# {%- if "security" in components_to_deploy %} -# security -# {% endif %} -# -# {%- if "tokens" in components_to_deploy %} -# tokens -# {% endif %} -# -# {%- if "authenticator" in components_to_deploy %} -# authenticator -# {% endif %} -#} -# -#secondary_services() { -# -# {%- if "systems" in components_to_deploy %} -# systems -# {% endif %} -# -# {%- if "files" in components_to_deploy %} -# files -# {% endif %} -# -# {%- if "apps" in components_to_deploy %} -# apps -# {% endif %} -# -# {%- if "jobs" in components_to_deploy %} -# jobs -# {% endif %} -# -# {%- if "meta" in components_to_deploy %} -# meta -# {% endif %} -# -# {%- if "streams" in components_to_deploy %} -# streams -# {% endif %} -# -# {%- if "actors" in components_to_deploy %} -# actors -# {% endif %} -# -# {%- if "container-registry" in components_to_deploy %} -# container-registry -# {% endif %} -# -# {%- if "monitoring" in components_to_deploy %} -# monitoring -# {% endif %} -# -# {%- if "notifications" in components_to_deploy %} -# notifications -# {% endif %} -# -# {%- if "pgrest" in components_to_deploy %} -# pgrest -# {% endif %} -# -# {%- if "pgrest-a2cps-dev" in components_to_deploy %} -# pgrest-a2cps-dev -# {% endif %} -# -# {%- if "pgrest-a2cps-prod" in components_to_deploy %} -# pgrest-a2cps-prod -# {% endif %} -# -# {%- if "pods" in components_to_deploy %} -# pods -# {% endif %} -# -# {%- if "workflows" in components_to_deploy %} -# workflows -# {% endif %} -# -#} -# -#### run -# -##getconfig -# -#case $1 in -# checkvault) -# "$@" -# exit 0 -# ;; -# init) -# "$@" -# exit 0 -# ;; -# preflight_check) -# "$@" -# exit 0 -# ;; -# postnginx_check) -# "$@" -# exit 0 -# ;; -# primary_services) -# "$@" -# exit 0 -# ;; -# secondary_services) -# "$@" -# exit 0 -# ;; -# create_kservice) -# "$@" -# exit 0 -# ;; -# get_public_keys) -# "$@" -# exit 0 -# ;; -# *) -# usage -# exit 0 -# ;; -#esac diff --git a/playbooks/roles/files/defaults/main/images.yml b/playbooks/roles/files/defaults/main/images.yml index 42f282a3..a0db5c0a 100644 --- a/playbooks/roles/files/defaults/main/images.yml +++ b/playbooks/roles/files/defaults/main/images.yml @@ -1,6 +1,7 @@ -files_api_image: tapis/tapis-files:1.3.5 -files_workers_image: tapis/tapis-files-workers:1.3.5 +files_api_image: tapis/tapis-files:1.3.6 +files_workers_image: tapis/tapis-files-workers:1.3.6 files_postgres_image: postgres:11 +files_migrations_image: postgres:11 files_minio_image: minio/minio files_irods_provider_postgres_image: mjstealey/irods-provider-postgres:4.2.4 files_pgadmin_image: dpage/pgadmin4:6.20 diff --git a/playbooks/roles/files/templates/docker/burnup b/playbooks/roles/files/templates/docker/burnup index bb230bb7..955e5a92 100755 --- a/playbooks/roles/files/templates/docker/burnup +++ b/playbooks/roles/files/templates/docker/burnup @@ -8,5 +8,12 @@ mkdir -p {{ tapisdatadir }}/files/postgres mkdir -p {{ tapisdatadir }}/files/minio mkdir -p {{ tapisdatadir }}/files/irods +myuid=`id -u` +export UID=`id -u` +export GID=`id -g` +docker run -it --rm -v {{ tapisdatadir }}/files:/files tapis/ubutil2204:1.3.0 chown $myuid /files + +python3 {{ tapisdir }}/admin/util/parse_skexport -c files -d {{ tapisdatadir }} + docker compose up -d diff --git a/playbooks/roles/files/templates/docker/docker-compose.yml b/playbooks/roles/files/templates/docker/docker-compose.yml index abf1119f..080ce5d9 100644 --- a/playbooks/roles/files/templates/docker/docker-compose.yml +++ b/playbooks/roles/files/templates/docker/docker-compose.yml @@ -1,54 +1,136 @@ - -# volumes: -# miniodata: -# files-pgdata: - networks: tapis: name: tapis external: true services: - files-rabbitmq: + container_name: files-rabbitmq image: {{ files_rabbitmq_management_image }} environment: - - RABBITMQ_DEFAULT_USER=dev - - RABBITMQ_DEFAULT_PASS=dev - - RABBITMQ_DEFAULT_VHOST=dev - container_name: files-rabbitmq + - RABBITMQ_DEFAULT_USER=tapisfiles + - RABBITMQ_DEFAULT_VHOST=tapisfiles + env_file: + - {{ tapisdatadir }}/files/env networks: - tapis + healthcheck: + test: rabbitmq-diagnostics -q ping + interval: 5s + timeout: 5s + retries: 3 + depends_on: + files-postgres: + condition: service_healthy files-postgres: container_name: files-postgres image: {{ files_postgres_image }} environment: - - POSTGRES_USER=dev - - POSTGRES_PASSWORD=dev - - POSTGRES_DATABASE=dev + - POSTGRES_USER=tapisfiles + - POSTGRES_DATABASE=tapisfiles + - PGDATA=/pgdata/data volumes: - - {{ tapisdatadir }}/files/postgres:/var/lib/postgresql/data + - {{ tapisdatadir }}/files/postgres:/pgdata/data networks: - tapis + env_file: + - {{ tapisdatadir }}/files/env + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 - files-minio: - image: {{ files_minio_image }} - environment: - - MINIO_ACCESS_KEY=user - - MINIO_SECRET_KEY=password + files-migrations: + container_name: files-migrations + image: {{ files_migrations_image }} + depends_on: + files-postgres: + condition: service_healthy volumes: - - {{ tapisdatadir }}/files/minio:/data - command: server /data - container_name: files-minio + - {{ tapisdir }}/files/files-init-db-sh:/files-init-db-sh networks: - tapis + command: chmod +x files-init-db-sh; /files-init-db-sh + + # files-minio: + # container_name: files-minio + # image: {{ files_minio_image }} + # command: server /data + # environment: + # - MINIO_ACCESS_KEY=user + # - MINIO_SECRET_KEY=password + # volumes: + # - {{ tapisdatadir }}/files/minio:/data + # networks: + # - tapis + # env_file: + # - {{ tapisdatadir }}/files/env - files-irods: - container_name: files-irods - image: {{ files_irods_provider_postgres_image }} + # files-irods: + # container_name: files-irods + # image: {{ files_irods_provider_postgres_image }} + # networks: + # - tapis + # env_file: + # - {{ tapisdatadir }}/files/env + + files-workers: + container_name: files-workers + user: ${UID}:${GID} + image: {{ files_workers_image }} + networks: + - tapis + env_file: + - {{ tapisdatadir }}/files/env + environment: + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ files_service_site_id }} + - TOKENS_SERVICE_URL={{ files_service_url }} + - TENANTS_SERVICE_URL={{ files_service_url}} + command: ["java", "-Xmx3g", "-cp", "target/tapis-files.jar:target/dependencies/*", "edu.utexas.tacc.tapis.files.lib.transfers.TransfersApp"] + depends_on: + files-api: + condition: service_started + + files-api: + user: ${UID}:${GID} + container_name: files-api + image: {{ files_api_image }} networks: - tapis + command: ["java", "-Xdebug", "-Xmx3g", "-agentlib:jdwp=transport=dt_socket,server=y,address=*:8000,suspend=n", "-cp", "target/tapis-files.jar:target/dependencies/*", "edu.utexas.tacc.tapis.files.api.FilesApplication"] + env_file: + - {{ tapisdatadir }}/files/env + environment: + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ files_service_site_id }} + - TOKENS_SERVICE_URL={{ files_service_url }} + - TENANTS_SERVICE_URL={{ files_service_url}} + - DB_HOST=files-postgres + - DB_NAME=tapisfiles + - DB_USERNAME=tapisfiles + - POSTGRES_DB=tapisfiles + - POSTGRES_USER=tapisfiles + - RABBITMQ_DEFAULT_USER=tapisfiles + - RABBITMQ_DEFAULT_VHOST=tapisfiles + - RABBITMQ_HOSTNAME=files-rabbitmq + - RABBITMQ_USERNAME=tapisfiles + - RABBITMQ_VHOST=tapisfiles + # - JAVA_OPTS=-Xdebug -Xmx3g + # - MAIN_CLASS=edu.utexas.tacc.tapis.files.api.FilesApplication + # - JOBS_PARMS=-n rdr-alt + # - FILES_ARGS=["-Xdebug", "-Xmx3g", "-agentlib:jdwp=transport=dt_socket,server=y,address=*:8000,suspend=n", "-cp", "target/tapis-files.jar:target/dependencies/*", "edu.utexas.tacc.tapis.files.api.FilesApplication"] + depends_on: + files-postgres: + condition: service_healthy + files-rabbitmq: + condition: service_healthy # files-ssh-machine: # container_name: files-ssh-machine diff --git a/playbooks/roles/files/templates/docker/files-init-db-sh b/playbooks/roles/files/templates/docker/files-init-db-sh new file mode 100644 index 00000000..0c5e7413 --- /dev/null +++ b/playbooks/roles/files/templates/docker/files-init-db-sh @@ -0,0 +1,117 @@ +#!/bin/bash +# Script to initialize Files service DB using psql +# Create database, user and schema +# Postgres password must be set in env var PG_PASSWORD + +function usage() { + echo "$0 [-p|--pg_port ] [-u|--pg_user ] [-w|pg_password ] [-d|--pg_database ] [-a|--pg_admin] [-h|--pg_host]" + + echo "OPTIONS:" + echo " -p --port" + echo " The port to run postgres on" + echo + echo " -u --pg_user" + echo " The postgres user for the service" + echo + echo " -w --pg_pass" + echo " The postgres password for the service" + echo + echo " -d --pg_db" + echo " The postgres database name for the service" + echo + echo " -a --pg_admin" + echo " The postgres user to use for creating the new database and user" + echo + echo " -h --pg_host" + echo " The hostname of the postgres server" + echo + exit 1 +} + +while [[ $# -gt 0 ]]; do + case $1 in + -p|--pg_port) + PG_PORT="$2" + shift # past argument + shift # past value + ;; + -u|--pg_user) + PG_USER="$2" + shift # past argument + shift # past value + ;; + -w|--pg_password) + PG_PASSWORD="$2" + shift # past argument + shift # past value + ;; + -d|--pg_database) + PG_DATABASE="$2" + shift # past argument + shift # past value + ;; + -a|--pg_admin) + PG_ADMIN="$2" + shift # past argument + shift # past value + ;; + -h|--pg_host) + PG_HOST="$2" + shift # past argument + shift # past value + ;; + -*|--*) + echo "Unknown option $1" + usage + ;; + *) + echo "Unknown positional arguement $1" + usage + esac +done + +if [[ -z $PG_HOST ]]; then + PG_HOST=files-postgres +fi + +if [[ -z $PG_USER ]]; then + PG_USER=tapis_files +fi + +if [[ -z $PG_DATABASE ]]; then + PG_DATABASE=tapisfilesdb +fi + +if [[ -z $PG_PORT ]]; then + PG_PORT="5432" +fi + +if [[ -z $PG_ADMIN ]]; then + PG_ADMIN="postgres" +fi + +if [ -z "${PG_PASSWORD}" ]; then + echo "Please set env var PG_PASSWORD before running this script" + usage +fi + +# Run psql command to create database if it does not exist +echo "SELECT 'CREATE DATABASE ${PG_DATABASE} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.utf8\" LC_CTYPE=\"en_US.utf8\" ' \ + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${PG_DATABASE}')\gexec" \ + | psql --host=${PG_HOST} --username=${PG_ADMIN} + + +# Run sql to create user and schema if they do not exist +psql --host=${PG_HOST} --username=${PG_ADMIN} --dbname=${PG_DATABASE} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE ${PG_USER} WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: "${PG_USER}"'; +END +\$\$; +ALTER USER ${PG_USER} WITH ENCRYPTED PASSWORD '${PG_PASSWORD}'; +GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO ${PG_USER}; +ALTER USER ${PG_USER} SUPERUSER; +EOB diff --git a/playbooks/roles/jobs/defaults/main/images.yml b/playbooks/roles/jobs/defaults/main/images.yml index 15a15848..6f9ffdbc 100644 --- a/playbooks/roles/jobs/defaults/main/images.yml +++ b/playbooks/roles/jobs/defaults/main/images.yml @@ -1,6 +1,6 @@ -jobs_api_image: tapis/jobsapi:1.3.4 -jobs_migrations_image: tapis/jobsmigrate:1.3.4 -jobs_worker_image: tapis/jobsworker:1.3.4 +jobs_api_image: tapis/jobsapi:1.3.5 +jobs_migrations_image: tapis/jobsmigrate:1.3.5 +jobs_worker_image: tapis/jobsworker:1.3.5 jobs_postgres_image: postgres:12.4 jobs_pgadmin_image: dpage/pgadmin4:6.20 jobs_rabbitmq_management_image: rabbitmq:3.8.11-management diff --git a/playbooks/roles/jobs/defaults/main/vars.yml b/playbooks/roles/jobs/defaults/main/vars.yml index 4404b83c..37f75405 100644 --- a/playbooks/roles/jobs/defaults/main/vars.yml +++ b/playbooks/roles/jobs/defaults/main/vars.yml @@ -9,11 +9,3 @@ jobs_storage_class: "{{ global_storage_class }}" jobs_rabbitmq_pvc: jobs-rabbitmq-vol01 jobs_node_selector: null jobs_node_name: true -jobs_service_password: -jobs_postgres_password: -jobs_rabbitmq_tapis_password: -jobs_rabbitmq_password: - - - - diff --git a/playbooks/roles/jobs/templates/docker/burnup b/playbooks/roles/jobs/templates/docker/burnup index a7ad069b..b648fc59 100755 --- a/playbooks/roles/jobs/templates/docker/burnup +++ b/playbooks/roles/jobs/templates/docker/burnup @@ -3,5 +3,13 @@ echo "burnup jobs:" mkdir -p {{ tapisdatadir }}/jobs + +# myuid=`id -u` +export UID=`id -u` +export GID=`id -g` +docker run -it --rm -v {{ tapisdatadir }}/jobs:/jobs tapis/ubutil2204:1.3.0 chown $UID /jobs + +python3 {{ tapisdir }}/admin/util/parse_skexport -c jobs -d {{ tapisdatadir }} + docker compose up -d diff --git a/playbooks/roles/jobs/templates/docker/docker-compose.yml b/playbooks/roles/jobs/templates/docker/docker-compose.yml index 9cf93b1c..8cead02c 100644 --- a/playbooks/roles/jobs/templates/docker/docker-compose.yml +++ b/playbooks/roles/jobs/templates/docker/docker-compose.yml @@ -7,182 +7,235 @@ networks: services: jobs-api: + container_name: jobs-api + user: ${UID}:${GID} networks: - tapis - # will probably need an extra migrations container image: {{ jobs_api_image }} - # ports: - # - name: tomcat1 - # containerPort: 8000 - # - name: tomcat2 - # containerPort: 8080 - # - name: tomcat3 - # containerPort: 8443 - # - name: debug - # containerPort: 6157 environment: - {% if jobs_node_name == true %} - - TAPIS_LOCAL_NODE_NAME=spec.nodeName - {% endif %} - - TAPIS_SITE_ID={{ jobs_service_site_id }}" - - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="10" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - TAPIS_REQUEST_LOGGING_INGORE_SUFFIXES="/healthcheck;/ready;/hello" + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=10 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - TAPIS_REQUEST_LOGGING_INGORE_SUFFIXES=/healthcheck;/ready;/hello # - name: TAPIS_LOG_DIRECTORY # value: "/opt/tomcat/logs" - - CATALINA_OPTS="-Xms1g -Xmx3g --add-opens java.base/java.time=ALL-UNNAMED" + - CATALINA_OPTS=-Xms1g -Xmx3g --add-opens java.base/java.time=ALL-UNNAMED + env_file: + - {{ tapisdatadir }}/jobs/env + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-postgres: + container_name: jobs-postgres networks: - - tapis + - tapis image: {{ jobs_postgres_image }} environment: - - PGDATA="/pgdata/data" - - POSTGRES_PASSWORD={{ jobs_postgres_password }}" + - PGDATA=/pgdata/data + env_file: + - {{ tapisdatadir }}/jobs/env volumes: - - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" - - jobs-pgadmin: - image: {{ jobs_postgres_image }} + - {{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata/data + healthcheck: + test: pg_isready -U postgres + interval: 5s + timeout: 5s + retries: 5 + + jobs-migrations: + container_name: jobs-migrations + networks: + - tapis + image: {{ jobs_migrations_image }} environment: - - PGDATA="/pgdata/data" - - "POSTGRES_PASSWORD={{ jobs_postgres_password }}" - volumes: - - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" + - HOST=jobs-postgres + - PORT=5432 + - USER=postgres + env_file: + - {{ tapisdatadir }}/jobs/env + depends_on: + jobs-postgres: + condition: service_healthy + + # jobs-pgadmin: + # container_name: jobs-pgadmin + # image: {{ jobs_postgres_image }} + # environment: + # - PGDATA="/pgdata/data" + # env_file: + # - "{{ tapisdatadir }}/jobs/env" + # volumes: + # - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" jobs-rabbitmq: + container_name: jobs-rabbitmq image: {{ jobs_rabbitmq_management_image }} environment: - - HOSTNAME="jobs-rabbitmq" - - RABBITMQ_HOSTNAME="jobs-rabbitmq" - - RABBITMQ_DEFAULT_USER="tapis" - - "RABBITMQ_DEFAULT_PASS={{ jobs_rabbitmq_tapis_password }}" - - RABBITMQ_VM_MEMORY_HIGH_WATERMARK="2147483648" + - HOSTNAME=jobs-rabbitmq + - RABBITMQ_HOSTNAME=jobs-rabbitmq + - RABBITMQ_DEFAULT_USER=tapis + - RABBITMQ_VM_MEMORY_HIGH_WATERMARK=2147483648 + env_file: + - {{ tapisdatadir }}/jobs/env volumes: - - "{{ tapisdatadir }}/jobs/jobs-rabbitmq-data" + - {{ tapisdatadir }}/jobs/jobs-rabbitmq-data:/var/lib/rabbitmq/mnesia + networks: + - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + healthcheck: + test: rabbitmq-diagnostics -q ping + interval: 30s + timeout: 30s + retries: 3 jobs-altqueue: + user: ${UID}:${GID} + container_name: jobs-altqueue image: {{ jobs_worker_image }} - environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.AltQueueReader" - - JOBS_PARMS="-n rdr-alt" - networks: + networks: - tapis + environment: + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.AltQueueReader + - JOBS_PARMS=-n rdr-alt + env_file: + - {{ tapisdatadir }}/jobs/env + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-recovery: + container_name: jobs-recovery + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.RecoveryReader" - - JOBS_PARMS="-n rdr-recovery" + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.RecoveryReader + - JOBS_PARMS=-n rdr-recovery + env_file: + - {{ tapisdatadir }}/jobs/env networks: - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-deadletter: + container_name: jobs-deadletter + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.DeadLetterReader" - - JOBS_PARMS="-n rdr-dead" + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.DeadLetterReader + - JOBS_PARMS=-n rdr-dead + env_file: + - {{ tapisdatadir }}/jobs/env networks: - - tapis + - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-eventqueue: + container_name: jobs-eventqueue + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.EventReader" - - JOBS_PARMS="-n rdr-event" + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.EventReader + - JOBS_PARMS=-n rdr-event + env_file: + - {{ tapisdatadir }}/jobs/env networks: - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-workers: + container_name: jobs-workers + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: - {% if jobs_node_name == true %} - - TAPIS_LOCAL_NODE_NAME=spec.nodeName - {% endif %} - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="10" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.worker.JobWorker" - - JOBS_PARMS="-n wkr-DefaultQueue -q tapis.jobq.submit.DefaultQueue -w 100" + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=10 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.worker.JobWorker + - JOBS_PARMS=-n wkr-DefaultQueue -q tapis.jobq.submit.DefaultQueue -w 100 + env_file: + - {{ tapisdatadir }}/jobs/env networks: - tapis - -networks: - tapis: + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy diff --git a/playbooks/roles/notifications/defaults/main/vars.yml b/playbooks/roles/notifications/defaults/main/vars.yml index 871fa34d..ee350bdd 100644 --- a/playbooks/roles/notifications/defaults/main/vars.yml +++ b/playbooks/roles/notifications/defaults/main/vars.yml @@ -10,5 +10,7 @@ notifications_rabbitmq_pvc: notifications-rabbitmq-vol01 notifications_mail_provider: SMTP notifications_mail_host: relay.example.com notifications_mail_port: 25 +notifications_heap_min: 1g +notifications_heap_max: 4g diff --git a/playbooks/roles/notifications/templates/docker/burnup b/playbooks/roles/notifications/templates/docker/burnup index 6f7293ef..96f8d38f 100755 --- a/playbooks/roles/notifications/templates/docker/burnup +++ b/playbooks/roles/notifications/templates/docker/burnup @@ -1,8 +1,13 @@ #!/bin/bash -echo "burnup meta:" +echo "burnup notifications:" mkdir -p {{ tapisdatadir }}/notifications +myuid=`id -u` +export UID=`id -u` +export GID=`id -g` +docker run -it --rm -v {{ tapisdatadir }}/notifications:/notifications tapis/ubutil2204:1.3.0 chown $myuid /notifications -docker compose up -d +python3 {{ tapisdir }}/admin/util/parse_skexport -c notifications -d {{ tapisdatadir }} +docker compose up -d \ No newline at end of file diff --git a/playbooks/roles/notifications/templates/docker/docker-compose.yml b/playbooks/roles/notifications/templates/docker/docker-compose.yml index 88f14b20..e4349a19 100644 --- a/playbooks/roles/notifications/templates/docker/docker-compose.yml +++ b/playbooks/roles/notifications/templates/docker/docker-compose.yml @@ -2,85 +2,124 @@ networks: tapis: name: tapis + external: true services: notifications-api: container_name: notifications-api + user: ${UID}:${GID} image: {{ notifications_api_image }} - ports: - - "127.0.0.1:8080:8080" - - "127.0.0.1:8000:8000" + environment: + - TAPIS_SITE_ID={{ notifications_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ notifications_service_url }} + - TAPIS_DB_JDBC_URL=jdbc:postgresql://notifications-postgres:5432/tapisntfdb + - TAPIS_DB_USER=tapis_ntf + - TAPIS_QUEUE_HOST=notifications-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=notif env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + depends_on: + notifications-postgres: + condition: service_healthy + notifications-rabbitmq: + condition: service_healthy + command: java -Xms{{ notifications_heap_min }} -Xmx{{ notifications_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "notifications.jar:dependencies/*" edu.utexas.tacc.tapis.notifications.api.NotificationsApplication notifications-init-db: - container-name: notifications-init-db + container_name: notifications-init-db image: {{ notifications_postgres_image }} - imagePullPolicy: Always - command: ["/tmp/notifications-init-db-sh"] + command: bash -c "chmod +x /tmp/notifications-init-db-sh && /tmp/notifications-init-db-sh" volumes: - - name: {{ tapisdir }}/notifications/notifications-init-db-sh:/tmp/notifications-init-db-sh + - {{ tapisdir }}/notifications/notifications-init-db-sh:/tmp/notifications-init-db-sh env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + depends_on: + notifications-postgres: + condition: service_healthy notifications-postgres: - container-name: notifications-postgres + container_name: notifications-postgres image: {{ notifications_postgres_image }} - ports: - - "127.0.0.1:5432:5432" environment: - - PGDATA="/pgdata/data" + - PGDATA=/pgdata/data env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis - # volumes: - # - "{{ tapisdatadir }}/notifications/pgdata:/pgdata" # TODO!! + volumes: + - {{ tapisdatadir }}/notifications/pgdata:/pgdata/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 notifications-pgadmin: - container-name: notifications-pgadmin + container_name: notifications-pgadmin image: {{ notifications_pgadmin_image }} - ports: - - "127.0.0.1:81:80" environment: - - name: PGADMIN_DEFAULT_EMAIL=wow@example.com + - PGADMIN_DEFAULT_EMAIL=wow@example.com env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + depends_on: + notifications-postgres: + condition: service_healthy + notifications-rabbitmq: + condition: service_healthy notifications-dispatcher: container_name: notifications-dispatcher + user: ${UID}:${GID} image: {{ notifications_dispatcher_image }} + environment: + - TAPIS_SITE_ID={{ notifications_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ notifications_service_url }} + - TAPIS_DB_JDBC_URL=jdbc:postgresql://notifications-postgres:5432/tapisntfdb + - TAPIS_DB_USER=tapis_ntf + - TAPIS_QUEUE_HOST=notifications-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=notif env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + command: java -Xms{{ notifications_heap_min }} -Xmx{{ notifications_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "notifications.jar:dependencies/*" edu.utexas.tacc.tapis.notifications.DispatchApplication + depends_on: + notifications-postgres: + condition: service_healthy + notifications-rabbitmq: + condition: service_healthy - notifcations-rabbitmq: - container-name: notifications-rabbitmq + notifications-rabbitmq: + container_name: notifications-rabbitmq image: {{ notifications_rabbitmq_image }} - ports: - - 127.0.0.1:15672:5672 - - 127.0.0.1:25672:5672 environment: - - HOSTNAME="notifications-rabbitmq" - - RABBITMQ_HOSTNAME="notifications-rabbitmq" - - RABBITMQ_DEFAULT_USER="tapis" - - RABBITMQ_VM_MEMORY_HIGH_WATERMARK="2147483648" + - HOSTNAME=notifications-rabbitmq + - RABBITMQ_HOSTNAME=notifications-rabbitmq + - RABBITMQ_DEFAULT_USER=tapis + - RABBITMQ_VM_MEMORY_HIGH_WATERMARK=2147483648 env_file: - {{ tapisdatadir }}/notifications/env + volumes: + - {{ tapisdatadir }}/notifications/notifications-rabbitmq-data:/var/lib/rabbitmq/mnesia networks: - tapis - - volumeMounts: - - name: notifications-rabbitmq-data="/var/lib/rabbitmq/mnesia" - networks: - - tapis - + healthcheck: + test: rabbitmq-diagnostics check_running + interval: 5s + timeout: 5s + retries: 3 + depends_on: + notifications-postgres: + condition: service_healthy + notifications-init-db: + condition: service_completed_successfully \ No newline at end of file diff --git a/playbooks/roles/proxy/templates/docker/docker-compose.yml b/playbooks/roles/proxy/templates/docker/docker-compose.yml index 0ea028e9..0eeb5ac8 100644 --- a/playbooks/roles/proxy/templates/docker/docker-compose.yml +++ b/playbooks/roles/proxy/templates/docker/docker-compose.yml @@ -18,6 +18,7 @@ services: - ./token-revoked.json:/etc/nginx/html/token-revoked.json:ro networks: - tapis + restart: always site-router: container_name: site-router @@ -28,6 +29,7 @@ services: - ./site-router-config.json:/home/tapis/config.json:ro networks: - tapis + restart: always site-router-redis: container_name: site-router-redis @@ -38,3 +40,4 @@ services: - {{ tapisdatadir }}/proxy-site-router-redis:/data networks: - tapis + restart: always diff --git a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf index 350f6002..15c2a42c 100644 --- a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf +++ b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf @@ -41,6 +41,6 @@ location /_auth { proxy_set_header Host $host; proxy_set_header Content-Length ""; proxy_set_header X-Tapis-Token $http_x_tapis_token; - proxy_pass https://admin.test.tapis.io/v3/site-router/tokens/check; + proxy_pass http://site-router:8000/v3/site-router/tokens/check; } diff --git a/playbooks/roles/proxy/templates/docker/locations/site-router.conf b/playbooks/roles/proxy/templates/docker/locations/site-router.conf index 70d66273..4609076b 100644 --- a/playbooks/roles/proxy/templates/docker/locations/site-router.conf +++ b/playbooks/roles/proxy/templates/docker/locations/site-router.conf @@ -4,7 +4,7 @@ location /v3/site-router # this location intentionally does NOT get an auth_request directive since the site-router endpoints IS the target of auth_request. # use var to allow nginx to start even if $upstream is down - set $upstream http://site-router-api:8000; + set $upstream http://site-router:8000; proxy_pass $upstream; proxy_redirect off; proxy_set_header Host $host; diff --git a/playbooks/roles/proxy/templates/docker/nginx.conf b/playbooks/roles/proxy/templates/docker/nginx.conf index d7f175e3..7de27663 100644 --- a/playbooks/roles/proxy/templates/docker/nginx.conf +++ b/playbooks/roles/proxy/templates/docker/nginx.conf @@ -23,7 +23,7 @@ stream { # Ports used are purely random. Feel free to change. map $ssl_preread_server_name $instanceport { # Route TCP with following whatever.pods.whatever.develop.tapis.ioto pods-nginx. - "~pods.*.test.tapis.io" 5510; + "~pods.{{ proxy_nginx_server_name }}" 5510; # Else default to 8443 (listened to by http stanza). default 8443; } @@ -84,7 +84,7 @@ http { listen 80; listen [::]:80; - server_name *.test.tapis.io; + server_name {{ proxy_nginx_server_name }}; # Redirect with 307 to preserve post data. (301 does not) if ($request_method = POST) { @@ -107,7 +107,7 @@ http { listen 8443 ssl http2; listen [::]:8443 ssl http2; - server_name *.test.tapis.io; + server_name {{ proxy_nginx_server_name }}; ssl_certificate /tmp/ssl/tls.crt; ssl_certificate_key /tmp/ssl/tls.key; diff --git a/playbooks/roles/proxy/templates/docker/site-router-config.json b/playbooks/roles/proxy/templates/docker/site-router-config.json index 0eac5b28..f27337a2 100644 --- a/playbooks/roles/proxy/templates/docker/site-router-config.json +++ b/playbooks/roles/proxy/templates/docker/site-router-config.json @@ -4,5 +4,5 @@ "service_tenant_id": "{{proxy_service_tenant_id}}", "service_name": "{{proxy_service_name}}", "tenants": ["*"], - "redis_host": "localhost" + "redis_host": "site-router-redis" } diff --git a/playbooks/roles/security/templates/docker/burnup b/playbooks/roles/security/templates/docker/burnup index 24e53b49..104550c1 100755 --- a/playbooks/roles/security/templates/docker/burnup +++ b/playbooks/roles/security/templates/docker/burnup @@ -84,5 +84,8 @@ mkdir -p {{ tapisdatadir }}/security mkdir -p {{ tapisdatadir }}/security python3 {{ tapisdir }}/admin/util/parse_skexport -c security -d {{ tapisdatadir }} +export UID=`id -u` +export GID=`id -g` + docker compose up -d diff --git a/playbooks/roles/security/templates/docker/docker-compose.yml b/playbooks/roles/security/templates/docker/docker-compose.yml index a89546d4..32ad859a 100644 --- a/playbooks/roles/security/templates/docker/docker-compose.yml +++ b/playbooks/roles/security/templates/docker/docker-compose.yml @@ -9,8 +9,6 @@ services: sk-postgres: container_name: sk-postgres image: {{ security_postgres_image }} -# ports: -# - 5432 networks: - tapis volumes: @@ -28,8 +26,6 @@ services: sk-pgadmin: container_name: sk-pgadmin image: {{ security_pgadmin_image }} -# ports: -# - "127.0.0.1::80" environment: - PGADMIN_DEFAULT_EMAIL=wow@example.com - PGADMIN_DEFAULT_PASSWORD=password @@ -56,6 +52,7 @@ services: security-api: container_name: security-api + user: ${UID}:${GID} image: {{ security_api_image }} environment: - TAPIS_SITE_ID={{ security_service_site_id }} diff --git a/playbooks/roles/systems/defaults/main/images.yml b/playbooks/roles/systems/defaults/main/images.yml index ac78768d..e300f256 100644 --- a/playbooks/roles/systems/defaults/main/images.yml +++ b/playbooks/roles/systems/defaults/main/images.yml @@ -1,3 +1,3 @@ systems_pgadmin_image: dpage/pgadmin4:6.20 systems_postgres_image: postgres:12.4 -systems_api_image: tapis/systems:1.3.2 +systems_api_image: tapis/systems:1.3.3 diff --git a/playbooks/roles/systems/defaults/main/vars.yml b/playbooks/roles/systems/defaults/main/vars.yml index 028eaaf6..4ef831c5 100644 --- a/playbooks/roles/systems/defaults/main/vars.yml +++ b/playbooks/roles/systems/defaults/main/vars.yml @@ -8,3 +8,5 @@ systems_service_url: "{{ global_service_url }}" systems_storage_class: "{{ global_storage_class }}" systems_postgres_pvc: systems-postgres-vol01 systems_globus_client_id: null +systems_heap_max: 3G +systems_heap_min: 1G diff --git a/playbooks/roles/systems/templates/docker/burnup b/playbooks/roles/systems/templates/docker/burnup index da837be3..05c87ac2 100755 --- a/playbooks/roles/systems/templates/docker/burnup +++ b/playbooks/roles/systems/templates/docker/burnup @@ -3,6 +3,12 @@ echo "burnup systems:" mkdir -p {{ tapisdatadir }}/systems +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/systems:/systems tapis/ubutil2204:1.3.0 chown $myuid /systems + +export UID=`id -u` +export GID=`id -g` +python3 {{ tapisdir }}/admin/util/parse_skexport -c systems -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/systems/templates/docker/docker-compose.yml b/playbooks/roles/systems/templates/docker/docker-compose.yml index 353a94d0..8209bcb7 100644 --- a/playbooks/roles/systems/templates/docker/docker-compose.yml +++ b/playbooks/roles/systems/templates/docker/docker-compose.yml @@ -1,20 +1,55 @@ - -# TODO!!! need to run the migrations for the DB before the sk-api can run. -# put an intermediate migrations container to run these between postgres & sk? - networks: tapis: name: tapis external: true - services: systems-api: + container_name: systems-api + user: ${UID}:${GID} image: {{ systems_api_image }} networks: - tapis - + env_file: + {{ tapisdatadir }}/systems/env + environment: + - TAPIS_DB_JDBC_URL=jdbc:postgresql://systems-postgres:5432/tapissysdb + - TAPIS_SITE_ID={{ systems_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ systems_service_url }} + - TAPIS_GLOBUS_CLIENT_ID + - TAPIS_DB_USER=tapis_sys + command: java -Xms{{ systems_heap_min }} -Xmx{{ systems_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "systems.jar:dependencies/*" edu.utexas.tacc.tapis.systems.api.SystemsApplication + depends_on: + systems-migrations: + condition: service_completed_successfully + systems-postgres: + container_name: systems-postgres + image: {{ systems_postgres_image }} + networks: + - tapis + env_file: + {{ tapisdatadir }}/systems/env + environment: + - PGDATA=/pdgata/data + volumes: + - {{ tapisdatadir }}/systems/postgres:/pgdata/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + systems-migrations: + container_name: systems-migrations image: {{ systems_postgres_image }} networks: - tapis + volumes: + - {{ tapisdir }}/systems/systems-init-db-sh:/init-db + env_file: + {{ tapisdatadir }}/systems/env + command: bash -c "cp /init-db /local_initdb && echo 100 && chown $(whoami) /local_initdb && echo 200 && chmod +x /local_initdb && echo 300 && /local_initdb" + depends_on: + systems-postgres: + condition: service_healthy diff --git a/playbooks/roles/systems/templates/docker/systems-config.json b/playbooks/roles/systems/templates/docker/systems-config.json new file mode 100644 index 00000000..7ed31190 --- /dev/null +++ b/playbooks/roles/systems/templates/docker/systems-config.json @@ -0,0 +1,7 @@ +{ + "service_site_url": "https://admin.develop.tapis.io", + "service_tenant_id": "admin", + "site_id": "tacc", + "service_name": "systems", + "globus_client_id": "494d441c-99cf-4117-bd78-9b85cb0f12ff" +} \ No newline at end of file diff --git a/playbooks/roles/systems/templates/docker/systems-init-db-sh b/playbooks/roles/systems/templates/docker/systems-init-db-sh new file mode 100644 index 00000000..cc022523 --- /dev/null +++ b/playbooks/roles/systems/templates/docker/systems-init-db-sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Script to initialize Systems service DB using psql +# Create database, user and schema +# Postgres password must be set in env var POSTGRES_PASSWORD + +if [ -z "$DB_HOST" ]; then + DB_HOST=systems-postgres +fi + +DB_USER=postgres +DB_NAME=tapissysdb + +if [ -z "${POSTGRES_PASSWORD}" ]; then + echo "Please set env var POSTGRES_PASSWORD before running this script" + exit 1 +fi + +# Put PGPASSWORD in environment for psql to pick up +export PGPASSWORD=${POSTGRES_PASSWORD} + +# Run psql command to create database if it does not exist +echo "SELECT 'CREATE DATABASE ${DB_NAME} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.utf8\" LC_CTYPE=\"en_US.utf8\" ' \ + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec" \ + | psql --host=${DB_HOST} --username=${DB_USER} + + +# Run sql to create user and schema if they do not exist +psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE tapis_sys WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: tapis_sys'; +END +\$\$; +ALTER USER tapis_sys WITH ENCRYPTED PASSWORD '${POSTGRES_PASSWORD}'; +GRANT ALL PRIVILEGES ON DATABASE tapissysdb TO tapis_sys; + +-- Create schema if it does not exist +CREATE SCHEMA IF NOT EXISTS tapis_sys AUTHORIZATION tapis_sys; +ALTER ROLE tapis_sys SET search_path = 'tapis_sys'; +EOB diff --git a/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh b/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh index cc022523..7d3c7fec 100644 --- a/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh +++ b/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh @@ -23,7 +23,6 @@ echo "SELECT 'CREATE DATABASE ${DB_NAME} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.ut WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec" \ | psql --host=${DB_HOST} --username=${DB_USER} - # Run sql to create user and schema if they do not exist psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB -- Create user if it does not exist diff --git a/playbooks/roles/tapisui/templates/docker/burndown b/playbooks/roles/tapisui/templates/docker/burndown index 5ec0966d..6737697e 100755 --- a/playbooks/roles/tapisui/templates/docker/burndown +++ b/playbooks/roles/tapisui/templates/docker/burndown @@ -1,5 +1,5 @@ #!/bin/bash -here=$(dirname $0) +echo "burndown tapisui:" -kubectl delete -f "$here/deployment.yml" \ No newline at end of file +docker compose down \ No newline at end of file diff --git a/playbooks/roles/tapisui/templates/docker/burnup b/playbooks/roles/tapisui/templates/docker/burnup index 2164ee25..e6a627e8 100755 --- a/playbooks/roles/tapisui/templates/docker/burnup +++ b/playbooks/roles/tapisui/templates/docker/burnup @@ -1,8 +1,11 @@ #!/bin/bash -here=$(dirname $0) +echo "burnup tapisui:" -mkdir -p {{ tapisdatadir }}/tapisui +# mkdir -p {{ tapisdatadir }}/tapisui +# myuid=`id -u` +# docker run -it --rm -v {{ tapisdatadir }}/tapisui:/tapisui tapis/ubutil2204:1.3.0 chown $myuid /tapisui -kubectl apply -f "$here/service.yml" -kubectl apply -f "$here/deployment.yml" +# python3 {{ tapisdir }}/admin/util/parse_skexport -c tapisui -d {{ tapisdatadir }} + +docker compose up -d \ No newline at end of file diff --git a/playbooks/roles/tapisui/templates/docker/deployment.yml b/playbooks/roles/tapisui/templates/docker/deployment.yml deleted file mode 100644 index 89a5090d..00000000 --- a/playbooks/roles/tapisui/templates/docker/deployment.yml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tapisui-deployment -spec: - selector: - matchLabels: - app: tapisui-deployment - template: - metadata: - labels: - app: tapisui-deployment - spec: - containers: - - image: {{ tapisui_image }} - imagePullPolicy: Always - name: tapisui - ports: - - containerPort: 3000 - resources: {} - tty: true - env: - - name: LOG_LEVEL - value: {{tapisui_log_level}} diff --git a/playbooks/roles/tapisui/templates/docker/service.yml b/playbooks/roles/tapisui/templates/docker/service.yml deleted file mode 100644 index 7412bdb4..00000000 --- a/playbooks/roles/tapisui/templates/docker/service.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tapisui-service -spec: - type: NodePort - selector: - app: tapisui-deployment - ports: - - port: 3000 - targetPort: 3000 diff --git a/playbooks/roles/tenants/templates/docker/burnup b/playbooks/roles/tenants/templates/docker/burnup index dec7ceb0..80d3310a 100755 --- a/playbooks/roles/tenants/templates/docker/burnup +++ b/playbooks/roles/tenants/templates/docker/burnup @@ -3,6 +3,8 @@ echo "burnup tenants:" mkdir -p {{ tapisdatadir }}/tenants +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/tenants:/tenants tapis/ubutil2204:1.3.0 chown $myuid /tenants python3 {{ tapisdir }}/admin/util/parse_skexport -c tenants -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/tokens/templates/docker/burnup b/playbooks/roles/tokens/templates/docker/burnup index 55a54ea4..681a6053 100755 --- a/playbooks/roles/tokens/templates/docker/burnup +++ b/playbooks/roles/tokens/templates/docker/burnup @@ -3,11 +3,9 @@ echo "burnup tokens:" # Read secrets from env file -# export site_admin_privatekey=`grep JWTSIGNING_ADMIN_PRIVATEKEY {{ tapisdatadir }}/skadmin/env | awk -FJWTSIGNING_ADMIN_PRIVATEKEY= '{print $2$3}'` -# export site_dev_privatekey=`grep JWTSIGNING_DEV_PRIVATEKEY {{ tapisdatadir }}/skadmin/env | awk -FJWTSIGNING_DEV_PRIVATEKEY= '{print $2$3}'` - -#export site_admin_privatekey="$(grep JWTSIGNING_ADMIN_PRIVATEKEY {{ tapisdatadir }}/skadmin/env | awk -v RS='\r\n' -FJWTSIGNING_ADMIN_PRIVATEKEY= '{print $2}' | sed 's/\\n/\n/g')" mkdir -p {{ tapisdatadir }}/tokens +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/tokens:/tokens tapis/ubutil2204:1.3.0 chown $myuid /tokens python3 {{ tapisdir }}/admin/util/parse_skexport -c tokens -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/tokens/templates/docker/docker-compose.yml b/playbooks/roles/tokens/templates/docker/docker-compose.yml index cc106c94..357c84ea 100644 --- a/playbooks/roles/tokens/templates/docker/docker-compose.yml +++ b/playbooks/roles/tokens/templates/docker/docker-compose.yml @@ -16,8 +16,3 @@ services: - tapis env_file: - "{{ tapisdatadir }}/tokens/env" - healthcheck: # TODO: fix this - test: ["CMD-SHELL", "./healthcheck"] - interval: 5s - timeout: 5s - retries: 5 diff --git a/playbooks/roles/vault/templates/docker/burnup b/playbooks/roles/vault/templates/docker/burnup index edd226c5..04d05ad7 100755 --- a/playbooks/roles/vault/templates/docker/burnup +++ b/playbooks/roles/vault/templates/docker/burnup @@ -8,7 +8,7 @@ mkdir -p {{ tapisdatadir }}/vault/data myuid=`id -u` -docker run -it --rm -v /home/kprice/tmp/tapisquickstart-docker1-data/vault:/vault tapis/ubutil2204:1.3.0 chown $myuid /vault +docker run -it --rm -v {{ tapisdatadir }}/vault:/vault tapis/ubutil2204:1.3.0 chown $myuid /vault docker run -it -v {{ tapisdatadir }}/vault:/vault {{ vault_image }} chown -R 100:1000 /vault/data diff --git a/playbooks/roles/vault/templates/docker/vault.hcl b/playbooks/roles/vault/templates/docker/vault.hcl index 4553845b..a92d1f02 100644 --- a/playbooks/roles/vault/templates/docker/vault.hcl +++ b/playbooks/roles/vault/templates/docker/vault.hcl @@ -1,13 +1,14 @@ api_addr = "http://vault:8200" disable_mlock = true +{% if vault_raft_storage is defined and vault_raft_storage == false %} storage "file" { - path = "/vault/data" + path = "/vault/data" } - -{% if vault_raft_storage == true %} -storage_destination "raft" { - path = "/opt/vault/data" +{% else %} +cluster_addr = "http://127.0.0.1:8201" +storage "raft" { + path = "/vault/data" node_id = "raft_node_1" } {% endif%}