From 21635ade4ab53e1eaa7fa1264b1ad704b0488cb6 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Mon, 22 May 2023 15:00:54 -0500 Subject: [PATCH 01/28] files seems healthy --- .../templates/docker/util/parse_skexport | 49 ++- .../templates/docker/docker-compose.yml | 2 +- .../roles/baseburnup/templates/docker/burnup | 290 ---------------- .../roles/files/defaults/main/images.yml | 1 + playbooks/roles/files/templates/docker/burnup | 5 + .../files/templates/docker/docker-compose.yml | 125 +++++-- .../files/templates/docker/files-init-db-sh | 117 +++++++ playbooks/roles/jobs/defaults/main/vars.yml | 8 - playbooks/roles/jobs/templates/docker/burnup | 6 + .../jobs/templates/docker/docker-compose.yml | 315 ++++++++++-------- .../roles/systems/defaults/main/images.yml | 1 + .../roles/systems/defaults/main/vars.yml | 2 + .../roles/systems/templates/docker/burnup | 4 + .../templates/docker/docker-compose.yml | 48 ++- .../templates/docker/systems-config.json | 7 + .../templates/docker/systems-init-db-sh | 43 +++ .../kube/postgres/systems-init-db-sh | 1 - .../roles/tenants/templates/docker/burnup | 2 + .../roles/tokens/templates/docker/burnup | 6 +- .../templates/docker/docker-compose.yml | 5 - playbooks/roles/vault/templates/docker/burnup | 2 +- 21 files changed, 558 insertions(+), 481 deletions(-) create mode 100644 playbooks/roles/files/templates/docker/files-init-db-sh create mode 100644 playbooks/roles/systems/templates/docker/systems-config.json create mode 100644 playbooks/roles/systems/templates/docker/systems-init-db-sh diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index e6d22e3e..4d0c3072 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -13,16 +13,29 @@ authenticator = {"POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICA "LDAP_ROOTPASS":"USER_ADMIN_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD", "service_password": "SERVICEPWD_AUTHENTICATOR_PASSWORD"} -files = {"":""} +files = {"RABBITMQ_PASSWORD":"DBCREDENTIAL_RABBITMQ_TAPISFILES_RABBITMQ_FILES_FILES_PASSWORD", + "RABBITMQ_DEFAULT_PASS":"DBCREDENTIAL_RABBITMQ_TAPISFILES_RABBITMQ_FILES_FILES_PASSWORD", + "DB_PASSWORD":"DBCREDENTIAL_POSTGRES_TAPISFILES_POSTGRES_FILES_FILES_PASSWORD", + "POSTGRES_PASSWORD":"DBCREDENTIAL_POSTGRES_TAPISFILES_POSTGRES_FILES_FILES_PASSWORD", + "SERVICE_PASSWORD":"SERVICEPWD_FILES_PASSWORD"} + globus_proxy = {"":""} -jobs = {"":""} +jobs = {"TAPIS_SERVICE_PASSWORD": "SERVICEPWD_JOBS_PASSWORD", + "TAPIS_DB_PASSWORD": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", + "TAPIS_QUEUE_ADMIN_PASSWORD": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_TAPIS_PASSWORD", + "TAPIS_QUEUE_PASSWORD": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_JOBS_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", + "RABBITMQ_DEFAULT_PASS": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_TAPIS_PASSWORD", + "TPW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", + "PW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_POSTGRES_PASSWORD"} + meta = {"":""} monitoring = {"":""} notifications = {"":""} pgrest = {"":""} pods = {"":""} proxy = {"":""} -security = {"TAPIS_SK_VAULT_SECRET_ID": "", +security = {"TAPIS_SK_VAULT_SECRET_ID": "", # these two are populated later with curl cmds "TAPIS_SK_VAULT_ROLE_ID": "", "TAPIS_DB_PASSWORD" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_TAPIS_PASSWORD", "TAPIS_PASSWORD": "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_TAPIS_PASSWORD", @@ -32,7 +45,16 @@ security = {"TAPIS_SK_VAULT_SECRET_ID": "", skadmin = {"":""} streams = {"":""} -systems = {"":""} +systems = {"pgadmin-password": "DBCREDENTIAL_PGADMIN_SYSTEMS_POSTGRES_TAPISSYSDB_WOW_PASSWORD", + "postgres-password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", + "postgres-user-password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_TAPIS_SYS_PASSWORD", + "service-password": "SERVICEPWD_SYSTEMS_PASSWORD", + "service_password": "SERVICEPWD_SYSTEMS_PASSWORD", + "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_SYSTEMS_PASSWORD", + "TAPIS_DB_PASSWORD": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", + } + tapisui = {"":""} tenants = {"postgres_password": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD", @@ -71,9 +93,22 @@ except FileExistsError: # set local vars infile = args.dir + '/skadmin/env' local = locals()[component] -outfile = open(args.dir + '/' + args.comp + '/env', 'w') +try: + outfile = open(args.dir + '/' + args.comp + '/env', 'w') + if args.verbose: + print(f'successfuly opened {outfile}') +except Exception as e: + print(f'''error opening outfile {outfile}:: + {e}''') output_dict = {} +if args.verbose: + print(f'''have local args: + component: {component} + infile: {infile} + local: {local} + outfile: {outfile}''') + # populate vault values for security if component == 'security': vault_token = open('{{ tapisdatadir }}/vault/vault-token').read() @@ -91,8 +126,6 @@ if component == 'security': output_dict['TAPIS_SK_VAULT_ROLE_ID'] = r.json()['data']['role_id'] output_dict['VAULT_ROLEID'] = r.json()['data']['role_id'] - # export VAULT_ROLEID=`curl -s -X GET -H "X-Vault-Token: $VAULT_TOKEN" http://localhost:8200/v1/auth/approle/role/sk/role-id | jq -r .data.role_id` - if args.verbose: print(f'''populating values for security, have: vault_token: {vault_token} @@ -101,6 +134,8 @@ if component == 'security': ''') with open(infile, 'r') as lines: + if args.verbose: + print(f'successfuly opened {infile}') for line in lines: if len(line) <= 1: continue # ignore empty line diff --git a/playbooks/roles/authenticator/templates/docker/docker-compose.yml b/playbooks/roles/authenticator/templates/docker/docker-compose.yml index 094481ad..9d60f84d 100644 --- a/playbooks/roles/authenticator/templates/docker/docker-compose.yml +++ b/playbooks/roles/authenticator/templates/docker/docker-compose.yml @@ -37,7 +37,7 @@ services: volumes: - "{{ tapisdatadir }}/authenticator/postgres:/var/lib/postgresql/data" healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] + test: pg_isready -U postgres interval: 5s timeout: 5s retries: 5 diff --git a/playbooks/roles/baseburnup/templates/docker/burnup b/playbooks/roles/baseburnup/templates/docker/burnup index 62f70b11..74782867 100755 --- a/playbooks/roles/baseburnup/templates/docker/burnup +++ b/playbooks/roles/baseburnup/templates/docker/burnup @@ -90,293 +90,3 @@ burnup_or_exit systems echo "Done: top-level-burnup" exit 0 - -#### services -# -#actors(){ -# cd $here/actors -# ./burnup -#} -# -#apps(){ -# cd $here/apps -# ./burnup -#} -# -#authenticator(){ -# cd $here/authenticator -# ./burnup -#} -# -#container-registry(){ -# cd $here/container-registry -# ./burnup -#} -# -#files(){ -# cd $here/files -# ./burnup -#} -# -#jobs(){ -# cd $here/jobs -# ./burnup -#} -# -#meta(){ -# cd $here/meta -# ./burnup -#} -# -#monitoring(){ -# cd $here/monitoring -# ./burnup -#} -# -#notifications(){ -# cd $here/notifications -# ./burnup -#} -# -#pgrest(){ -# echo "pgrest:" -# cd $here/pgrest -# ./burnup -#} -# -#pgrest-a2cps-dev(){ -# echo "pgrest-a2cps-dev:" -# cd $here/pgrest-a2cps-dev -# ./burnup -#} -# -#pgrest-a2cps-prod(){ -# echo "pgrest-a2cps-prod:" -# cd $here/pgrest-a2cps-prod -# ./burnup -#} -# -#pods(){ -# cd $here/pods -# ./burnup -#} -# -#proxy(){ -# cd $here/proxy -# ./burnup -#} -# -#security(){ -# cd $here/security -# ./burnup -#} -# -#skadmin(){ -# cd $here/skadmin -# ./burnup -#} -# -#streams(){ -# cd $here/streams -# ./burnup -#} -# -#systems(){ -# cd $here/systems -# ./burnup -#} -# -#tenants(){ -# cd $here/tenants -# ./burnup -#} -# -#tokens(){ -# cd $here/tokens -# ./burnup -#} -# -#vault(){ -# cd $here/vault -# ./burnup -#} -# -#workflows(){ -# cd $here/workflows -# ./burnup -#} -# -#primary_site(){ -# echo -#} -# -#associate_site(){ -# echo -#} -# -# -#### functions -# -# -#get_vault_token(){ -# echo -#} -# -#check_vault_unsealed(){ -# echo -#} -# -#get_public_keys(){ -# echo "Collecting public keys for associate site tenants. Please send these to your tenants admin before next steps in deployment." -# cd $here/admin -# ./get-assocsite-publickeys -#} -# -# -#init(){ -# {%- if "proxy" in components_to_deploy%} -# proxy -# {% endif %} -# -# {%- if "vault" in components_to_deploy%} -# vault -# checkvault -# {% else %} -# # using external vault, so do not start one here -# {% endif %} -# -# {%- if "skadmin" in components_to_deploy%} -# skadmin -# {% endif %} -# -# {%- if site_type == 2 %} -# get_public_keys -# {%- endif %} -# -#} -# -# -#primary_services(){ -# {%- if "tenants" in components_to_deploy %} -# tenants -# {% endif %} -# -# {%- if "security" in components_to_deploy %} -# security -# {% endif %} -# -# {%- if "tokens" in components_to_deploy %} -# tokens -# {% endif %} -# -# {%- if "authenticator" in components_to_deploy %} -# authenticator -# {% endif %} -#} -# -#secondary_services() { -# -# {%- if "systems" in components_to_deploy %} -# systems -# {% endif %} -# -# {%- if "files" in components_to_deploy %} -# files -# {% endif %} -# -# {%- if "apps" in components_to_deploy %} -# apps -# {% endif %} -# -# {%- if "jobs" in components_to_deploy %} -# jobs -# {% endif %} -# -# {%- if "meta" in components_to_deploy %} -# meta -# {% endif %} -# -# {%- if "streams" in components_to_deploy %} -# streams -# {% endif %} -# -# {%- if "actors" in components_to_deploy %} -# actors -# {% endif %} -# -# {%- if "container-registry" in components_to_deploy %} -# container-registry -# {% endif %} -# -# {%- if "monitoring" in components_to_deploy %} -# monitoring -# {% endif %} -# -# {%- if "notifications" in components_to_deploy %} -# notifications -# {% endif %} -# -# {%- if "pgrest" in components_to_deploy %} -# pgrest -# {% endif %} -# -# {%- if "pgrest-a2cps-dev" in components_to_deploy %} -# pgrest-a2cps-dev -# {% endif %} -# -# {%- if "pgrest-a2cps-prod" in components_to_deploy %} -# pgrest-a2cps-prod -# {% endif %} -# -# {%- if "pods" in components_to_deploy %} -# pods -# {% endif %} -# -# {%- if "workflows" in components_to_deploy %} -# workflows -# {% endif %} -# -#} -# -#### run -# -##getconfig -# -#case $1 in -# checkvault) -# "$@" -# exit 0 -# ;; -# init) -# "$@" -# exit 0 -# ;; -# preflight_check) -# "$@" -# exit 0 -# ;; -# postnginx_check) -# "$@" -# exit 0 -# ;; -# primary_services) -# "$@" -# exit 0 -# ;; -# secondary_services) -# "$@" -# exit 0 -# ;; -# create_kservice) -# "$@" -# exit 0 -# ;; -# get_public_keys) -# "$@" -# exit 0 -# ;; -# *) -# usage -# exit 0 -# ;; -#esac diff --git a/playbooks/roles/files/defaults/main/images.yml b/playbooks/roles/files/defaults/main/images.yml index 42f282a3..e63028f4 100644 --- a/playbooks/roles/files/defaults/main/images.yml +++ b/playbooks/roles/files/defaults/main/images.yml @@ -1,6 +1,7 @@ files_api_image: tapis/tapis-files:1.3.5 files_workers_image: tapis/tapis-files-workers:1.3.5 files_postgres_image: postgres:11 +files_migrations_image: postgres:11 files_minio_image: minio/minio files_irods_provider_postgres_image: mjstealey/irods-provider-postgres:4.2.4 files_pgadmin_image: dpage/pgadmin4:6.20 diff --git a/playbooks/roles/files/templates/docker/burnup b/playbooks/roles/files/templates/docker/burnup index bb230bb7..091eb9bf 100755 --- a/playbooks/roles/files/templates/docker/burnup +++ b/playbooks/roles/files/templates/docker/burnup @@ -8,5 +8,10 @@ mkdir -p {{ tapisdatadir }}/files/postgres mkdir -p {{ tapisdatadir }}/files/minio mkdir -p {{ tapisdatadir }}/files/irods +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/files:/files tapis/ubutil2204:1.3.0 chown $myuid /files + +python3 {{ tapisdir }}/admin/util/parse_skexport -c files -d {{ tapisdatadir }} + docker compose up -d diff --git a/playbooks/roles/files/templates/docker/docker-compose.yml b/playbooks/roles/files/templates/docker/docker-compose.yml index abf1119f..827f16a2 100644 --- a/playbooks/roles/files/templates/docker/docker-compose.yml +++ b/playbooks/roles/files/templates/docker/docker-compose.yml @@ -1,55 +1,132 @@ - -# volumes: -# miniodata: -# files-pgdata: - networks: tapis: name: tapis external: true services: - files-rabbitmq: + container_name: files-rabbitmq image: {{ files_rabbitmq_management_image }} environment: - RABBITMQ_DEFAULT_USER=dev - - RABBITMQ_DEFAULT_PASS=dev - RABBITMQ_DEFAULT_VHOST=dev - container_name: files-rabbitmq + env_file: + - {{ tapisdatadir }}/files/env networks: - tapis + healthcheck: + test: rabbitmq-diagnostics -q ping + interval: 5s + timeout: 5s + retries: 3 + depends_on: + files-postgres: + condition: service_healthy files-postgres: container_name: files-postgres image: {{ files_postgres_image }} environment: - - POSTGRES_USER=dev - - POSTGRES_PASSWORD=dev - - POSTGRES_DATABASE=dev + - POSTGRES_USER=tapisfiles + - POSTGRES_DATABASE=tapisfiles + - PGDATA=/pgdata/data volumes: - - {{ tapisdatadir }}/files/postgres:/var/lib/postgresql/data + - {{ tapisdatadir }}/files/postgres:/pgdata/data networks: - tapis + env_file: + - {{ tapisdatadir }}/files/env + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 - files-minio: - image: {{ files_minio_image }} - environment: - - MINIO_ACCESS_KEY=user - - MINIO_SECRET_KEY=password + files-migrations: + container_name: files-migrations + image: {{ files_migrations_image }} + depends_on: + files-postgres: + condition: service_healthy volumes: - - {{ tapisdatadir }}/files/minio:/data - command: server /data - container_name: files-minio + - {{ tapisdir }}/files/files-init-db-sh:/files-init-db-sh + command: chmod +x files-init-db-sh; /files-init-db-sh + + # files-minio: + # container_name: files-minio + # image: {{ files_minio_image }} + # command: server /data + # environment: + # - MINIO_ACCESS_KEY=user + # - MINIO_SECRET_KEY=password + # volumes: + # - {{ tapisdatadir }}/files/minio:/data + # networks: + # - tapis + # env_file: + # - {{ tapisdatadir }}/files/env + + # files-irods: + # container_name: files-irods + # image: {{ files_irods_provider_postgres_image }} + # networks: + # - tapis + # env_file: + # - {{ tapisdatadir }}/files/env + + files-workers: + container_name: files-workers + image: {{ files_workers_image }} networks: - tapis + env_file: + - {{ tapisdatadir }}/files/env + environment: + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ files_service_site_id }} + - TOKENS_SERVICE_URL={{ files_service_url }} + - TENANTS_SERVICE_URL={{ files_service_url}} + command: ["java", "-Xmx3g", "-cp", "target/tapis-files.jar:target/dependencies/*", "edu.utexas.tacc.tapis.files.lib.transfers.TransfersApp"] + depends_on: + files-api: + condition: service_started - files-irods: - container_name: files-irods - image: {{ files_irods_provider_postgres_image }} + files-api: + container_name: files-api + image: {{ files_api_image }} networks: - tapis - + command: ["java", "-Xdebug", "-Xmx3g", "-agentlib:jdwp=transport=dt_socket,server=y,address=*:8000,suspend=n", "-cp", "target/tapis-files.jar:target/dependencies/*", "edu.utexas.tacc.tapis.files.api.FilesApplication"] + env_file: + - {{ tapisdatadir }}/files/env + environment: + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ files_service_site_id }} + - TOKENS_SERVICE_URL={{ files_service_url }} + - TENANTS_SERVICE_URL={{ files_service_url}} + - DB_HOST=files-postgres + - DB_NAME=tapisfiles + - DB_USERNAME=tapisfiles + - POSTGRES_DB=tapisfiles + - POSTGRES_USER=tapisfiles + - RABBITMQ_DEFAULT_USER=tapisfiles + - RABBITMQ_DEFAULT_VHOST=tapisfiles + - RABBITMQ_HOSTNAME=files-rabbitmq + - RABBITMQ_USERNAME=tapisfiles + - RABBITMQ_VHOST=tapisfiles + # - JAVA_OPTS=-Xdebug -Xmx3g + # - MAIN_CLASS=edu.utexas.tacc.tapis.files.api.FilesApplication + # - JOBS_PARMS=-n rdr-alt + # - FILES_ARGS=["-Xdebug", "-Xmx3g", "-agentlib:jdwp=transport=dt_socket,server=y,address=*:8000,suspend=n", "-cp", "target/tapis-files.jar:target/dependencies/*", "edu.utexas.tacc.tapis.files.api.FilesApplication"] + depends_on: + files-postgres: + condition: service_healthy + files-rabbitmq: + condition: service_healthy # files-ssh-machine: # container_name: files-ssh-machine # build: diff --git a/playbooks/roles/files/templates/docker/files-init-db-sh b/playbooks/roles/files/templates/docker/files-init-db-sh new file mode 100644 index 00000000..0c5e7413 --- /dev/null +++ b/playbooks/roles/files/templates/docker/files-init-db-sh @@ -0,0 +1,117 @@ +#!/bin/bash +# Script to initialize Files service DB using psql +# Create database, user and schema +# Postgres password must be set in env var PG_PASSWORD + +function usage() { + echo "$0 [-p|--pg_port ] [-u|--pg_user ] [-w|pg_password ] [-d|--pg_database ] [-a|--pg_admin] [-h|--pg_host]" + + echo "OPTIONS:" + echo " -p --port" + echo " The port to run postgres on" + echo + echo " -u --pg_user" + echo " The postgres user for the service" + echo + echo " -w --pg_pass" + echo " The postgres password for the service" + echo + echo " -d --pg_db" + echo " The postgres database name for the service" + echo + echo " -a --pg_admin" + echo " The postgres user to use for creating the new database and user" + echo + echo " -h --pg_host" + echo " The hostname of the postgres server" + echo + exit 1 +} + +while [[ $# -gt 0 ]]; do + case $1 in + -p|--pg_port) + PG_PORT="$2" + shift # past argument + shift # past value + ;; + -u|--pg_user) + PG_USER="$2" + shift # past argument + shift # past value + ;; + -w|--pg_password) + PG_PASSWORD="$2" + shift # past argument + shift # past value + ;; + -d|--pg_database) + PG_DATABASE="$2" + shift # past argument + shift # past value + ;; + -a|--pg_admin) + PG_ADMIN="$2" + shift # past argument + shift # past value + ;; + -h|--pg_host) + PG_HOST="$2" + shift # past argument + shift # past value + ;; + -*|--*) + echo "Unknown option $1" + usage + ;; + *) + echo "Unknown positional arguement $1" + usage + esac +done + +if [[ -z $PG_HOST ]]; then + PG_HOST=files-postgres +fi + +if [[ -z $PG_USER ]]; then + PG_USER=tapis_files +fi + +if [[ -z $PG_DATABASE ]]; then + PG_DATABASE=tapisfilesdb +fi + +if [[ -z $PG_PORT ]]; then + PG_PORT="5432" +fi + +if [[ -z $PG_ADMIN ]]; then + PG_ADMIN="postgres" +fi + +if [ -z "${PG_PASSWORD}" ]; then + echo "Please set env var PG_PASSWORD before running this script" + usage +fi + +# Run psql command to create database if it does not exist +echo "SELECT 'CREATE DATABASE ${PG_DATABASE} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.utf8\" LC_CTYPE=\"en_US.utf8\" ' \ + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${PG_DATABASE}')\gexec" \ + | psql --host=${PG_HOST} --username=${PG_ADMIN} + + +# Run sql to create user and schema if they do not exist +psql --host=${PG_HOST} --username=${PG_ADMIN} --dbname=${PG_DATABASE} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE ${PG_USER} WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: "${PG_USER}"'; +END +\$\$; +ALTER USER ${PG_USER} WITH ENCRYPTED PASSWORD '${PG_PASSWORD}'; +GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO ${PG_USER}; +ALTER USER ${PG_USER} SUPERUSER; +EOB diff --git a/playbooks/roles/jobs/defaults/main/vars.yml b/playbooks/roles/jobs/defaults/main/vars.yml index 4404b83c..37f75405 100644 --- a/playbooks/roles/jobs/defaults/main/vars.yml +++ b/playbooks/roles/jobs/defaults/main/vars.yml @@ -9,11 +9,3 @@ jobs_storage_class: "{{ global_storage_class }}" jobs_rabbitmq_pvc: jobs-rabbitmq-vol01 jobs_node_selector: null jobs_node_name: true -jobs_service_password: -jobs_postgres_password: -jobs_rabbitmq_tapis_password: -jobs_rabbitmq_password: - - - - diff --git a/playbooks/roles/jobs/templates/docker/burnup b/playbooks/roles/jobs/templates/docker/burnup index a7ad069b..31078c99 100755 --- a/playbooks/roles/jobs/templates/docker/burnup +++ b/playbooks/roles/jobs/templates/docker/burnup @@ -3,5 +3,11 @@ echo "burnup jobs:" mkdir -p {{ tapisdatadir }}/jobs + +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/jobs:/jobs tapis/ubutil2204:1.3.0 chown $myuid /jobs + +python3 {{ tapisdir }}/admin/util/parse_skexport -c jobs -d {{ tapisdatadir }} + docker compose up -d diff --git a/playbooks/roles/jobs/templates/docker/docker-compose.yml b/playbooks/roles/jobs/templates/docker/docker-compose.yml index 9cf93b1c..e0b250bf 100644 --- a/playbooks/roles/jobs/templates/docker/docker-compose.yml +++ b/playbooks/roles/jobs/templates/docker/docker-compose.yml @@ -7,182 +7,229 @@ networks: services: jobs-api: + container_name: jobs-api networks: - tapis - # will probably need an extra migrations container image: {{ jobs_api_image }} - # ports: - # - name: tomcat1 - # containerPort: 8000 - # - name: tomcat2 - # containerPort: 8080 - # - name: tomcat3 - # containerPort: 8443 - # - name: debug - # containerPort: 6157 environment: - {% if jobs_node_name == true %} - - TAPIS_LOCAL_NODE_NAME=spec.nodeName - {% endif %} - - TAPIS_SITE_ID={{ jobs_service_site_id }}" - - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="10" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - TAPIS_REQUEST_LOGGING_INGORE_SUFFIXES="/healthcheck;/ready;/hello" + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=10 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - TAPIS_REQUEST_LOGGING_INGORE_SUFFIXES=/healthcheck;/ready;/hello # - name: TAPIS_LOG_DIRECTORY # value: "/opt/tomcat/logs" - - CATALINA_OPTS="-Xms1g -Xmx3g --add-opens java.base/java.time=ALL-UNNAMED" + - CATALINA_OPTS=-Xms1g -Xmx3g --add-opens java.base/java.time=ALL-UNNAMED + env_file: + - {{ tapisdatadir }}/jobs/env + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-postgres: + container_name: jobs-postgres networks: - - tapis + - tapis image: {{ jobs_postgres_image }} environment: - - PGDATA="/pgdata/data" - - POSTGRES_PASSWORD={{ jobs_postgres_password }}" + - PGDATA=/pgdata/data + env_file: + - {{ tapisdatadir }}/jobs/env volumes: - - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" - - jobs-pgadmin: - image: {{ jobs_postgres_image }} + - {{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata/data + healthcheck: + test: pg_isready -U postgres + interval: 5s + timeout: 5s + retries: 5 + + jobs-migrations: + container_name: jobs-migrations + networks: + - tapis + image: {{ jobs_migrations_image }} environment: - - PGDATA="/pgdata/data" - - "POSTGRES_PASSWORD={{ jobs_postgres_password }}" - volumes: - - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" + - HOST=jobs-postgres + - PORT=5432 + - USER=postgres + env_file: + - {{ tapisdatadir }}/jobs/env + depends_on: + jobs-postgres: + condition: service_healthy + + # jobs-pgadmin: + # container_name: jobs-pgadmin + # image: {{ jobs_postgres_image }} + # environment: + # - PGDATA="/pgdata/data" + # env_file: + # - "{{ tapisdatadir }}/jobs/env" + # volumes: + # - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" jobs-rabbitmq: + container_name: jobs-rabbitmq image: {{ jobs_rabbitmq_management_image }} environment: - - HOSTNAME="jobs-rabbitmq" - - RABBITMQ_HOSTNAME="jobs-rabbitmq" - - RABBITMQ_DEFAULT_USER="tapis" - - "RABBITMQ_DEFAULT_PASS={{ jobs_rabbitmq_tapis_password }}" - - RABBITMQ_VM_MEMORY_HIGH_WATERMARK="2147483648" + - HOSTNAME=jobs-rabbitmq + - RABBITMQ_HOSTNAME=jobs-rabbitmq + - RABBITMQ_DEFAULT_USER=tapis + - RABBITMQ_VM_MEMORY_HIGH_WATERMARK=2147483648 + env_file: + - {{ tapisdatadir }}/jobs/env volumes: - - "{{ tapisdatadir }}/jobs/jobs-rabbitmq-data" + - {{ tapisdatadir }}/jobs/jobs-rabbitmq-data + networks: + - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + healthcheck: + test: rabbitmq-diagnostics -q ping + interval: 30s + timeout: 30s + retries: 3 jobs-altqueue: + container_name: jobs-altqueue image: {{ jobs_worker_image }} - environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.AltQueueReader" - - JOBS_PARMS="-n rdr-alt" - networks: + networks: - tapis + environment: + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.AltQueueReader + - JOBS_PARMS=-n rdr-alt + env_file: + - {{ tapisdatadir }}/jobs/env + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-recovery: + container_name: jobs-recovery image: {{ jobs_worker_image }} environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.RecoveryReader" - - JOBS_PARMS="-n rdr-recovery" + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.RecoveryReader + - JOBS_PARMS=-n rdr-recovery + env_file: + - {{ tapisdatadir }}/jobs/env networks: - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-deadletter: + container_name: jobs-deadletter image: {{ jobs_worker_image }} environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.DeadLetterReader" - - JOBS_PARMS="-n rdr-dead" + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.DeadLetterReader + - JOBS_PARMS=-n rdr-dead + env_file: + - {{ tapisdatadir }}/jobs/env networks: - - tapis + - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-eventqueue: + container_name: jobs-eventqueue image: {{ jobs_worker_image }} environment: - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="2" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.reader.EventReader" - - JOBS_PARMS="-n rdr-event" + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=2 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.reader.EventReader + - JOBS_PARMS=-n rdr-event + env_file: + - {{ tapisdatadir }}/jobs/env networks: - tapis + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy jobs-workers: + container_name: jobs-workers image: {{ jobs_worker_image }} environment: - {% if jobs_node_name == true %} - - TAPIS_LOCAL_NODE_NAME=spec.nodeName - {% endif %} - - "TAPIS_SITE_ID={{ jobs_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }}" - - "TAPIS_SERVICE_PASSWORD={{ jobs_service_password }}" - - TAPIS_DB_CONNECTION_POOL_SIZE="10" - - TAPIS_DB_USER="tapis" - - "TAPIS_DB_PASSWORD={{ jobs_postgres_password }}" - - TAPIS_DB_JDBC_URL="jdbc:postgresql://jobs-postgres:5432/tapisjobsdb" - - TAPIS_QUEUE_HOST="jobs-rabbitmq" - - TAPIS_QUEUE_ADMIN_USER="tapis" - - "TAPIS_QUEUE_ADMIN_PASSWORD={{ jobs_rabbitmq_tapis_password }}" - - TAPIS_QUEUE_USER="jobs" - - "TAPIS_QUEUE_PASSWORD={{ jobs_rabbitmq_password }}" - - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES="/v3/jobs" - - JAVA_OPTS="-Xms1g -Xmx1g" - - MAIN_CLASS="edu.utexas.tacc.tapis.jobs.worker.JobWorker" - - JOBS_PARMS="-n wkr-DefaultQueue -q tapis.jobq.submit.DefaultQueue -w 100" + {% if jobs_node_name == true -%} + - TAPIS_LOCAL_NODE_NAME=spec.nodeName + {% endif -%} + - TAPIS_SITE_ID={{ jobs_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ jobs_service_url }} + - TAPIS_DB_CONNECTION_POOL_SIZE=10 + - TAPIS_DB_USER=tapis + - TAPIS_DB_JDBC_URL=jdbc:postgresql://jobs-postgres:5432/tapisjobsdb + - TAPIS_QUEUE_HOST=jobs-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=jobs + - TAPIS_REQUEST_LOGGING_FILTER_PREFIXES=/v3/jobs + - JAVA_OPTS=-Xms1g -Xmx1g + - MAIN_CLASS=edu.utexas.tacc.tapis.jobs.worker.JobWorker + - JOBS_PARMS=-n wkr-DefaultQueue -q tapis.jobq.submit.DefaultQueue -w 100 + env_file: + - {{ tapisdatadir }}/jobs/env networks: - tapis - -networks: - tapis: + depends_on: + jobs-migrations: + condition: service_completed_successfully + jobs-rabbitmq: + condition: service_healthy diff --git a/playbooks/roles/systems/defaults/main/images.yml b/playbooks/roles/systems/defaults/main/images.yml index ac78768d..d449878d 100644 --- a/playbooks/roles/systems/defaults/main/images.yml +++ b/playbooks/roles/systems/defaults/main/images.yml @@ -1,3 +1,4 @@ systems_pgadmin_image: dpage/pgadmin4:6.20 systems_postgres_image: postgres:12.4 systems_api_image: tapis/systems:1.3.2 +systems_migrations_image: postgres:12.4 diff --git a/playbooks/roles/systems/defaults/main/vars.yml b/playbooks/roles/systems/defaults/main/vars.yml index 028eaaf6..78c4c89b 100644 --- a/playbooks/roles/systems/defaults/main/vars.yml +++ b/playbooks/roles/systems/defaults/main/vars.yml @@ -8,3 +8,5 @@ systems_service_url: "{{ global_service_url }}" systems_storage_class: "{{ global_storage_class }}" systems_postgres_pvc: systems-postgres-vol01 systems_globus_client_id: null +systems_heap_max: 4G +systems_heap_min: 4G diff --git a/playbooks/roles/systems/templates/docker/burnup b/playbooks/roles/systems/templates/docker/burnup index da837be3..b4047ffc 100755 --- a/playbooks/roles/systems/templates/docker/burnup +++ b/playbooks/roles/systems/templates/docker/burnup @@ -3,6 +3,10 @@ echo "burnup systems:" mkdir -p {{ tapisdatadir }}/systems +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/systems:/systems tapis/ubutil2204:1.3.0 chown $myuid /systems + +python3 {{ tapisdir }}/admin/util/parse_skexport -c systems -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/systems/templates/docker/docker-compose.yml b/playbooks/roles/systems/templates/docker/docker-compose.yml index 353a94d0..27a3ce33 100644 --- a/playbooks/roles/systems/templates/docker/docker-compose.yml +++ b/playbooks/roles/systems/templates/docker/docker-compose.yml @@ -1,20 +1,56 @@ - -# TODO!!! need to run the migrations for the DB before the sk-api can run. -# put an intermediate migrations container to run these between postgres & sk? - networks: tapis: name: tapis external: true - services: systems-api: + container_name: systems-api image: {{ systems_api_image }} networks: - tapis - + env_file: + {{ tapisdatadir }}/systems/env + environment: + - TAPIS_DB_JDBC_URL=jdbc:postgresql://systems-postgres:5432/tapissysdb + - TAPIS_SITE_ID={{ systems_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ systems_service_url }} + - TAPIS_GLOBUS_CLIENT_ID + - TAPIS_DB_USER=tapis_sys + command: java -Xms{{ systems_heap_min }} -Xmx{{ systems_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "systems.jar:dependencies/*" edu.utexas.tacc.tapis.systems.api.SystemsApplication + # command: sleep infinity + depends_on: + systems-migrations: + condition: service_completed_successfully + systems-postgres: + container_name: systems-postgres image: {{ systems_postgres_image }} networks: - tapis + env_file: + {{ tapisdatadir }}/systems/env + environment: + - PGDATA=/pdgata/data + volumes: + - {{ tapisdatadir }}/systems/postgres:/pgdata/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + systems-migrations: + container_name: systems-migrations + image: {{ systems_migrations_image }} + networks: + - tapis + volumes: + - {{ tapisdir }}/systems/systems-init-db-sh:/init-db + env_file: + {{ tapisdatadir }}/systems/env + command: chmod +x init-db; /init-db + # command: sleep infinity + depends_on: + systems-postgres: + condition: service_healthy diff --git a/playbooks/roles/systems/templates/docker/systems-config.json b/playbooks/roles/systems/templates/docker/systems-config.json new file mode 100644 index 00000000..7ed31190 --- /dev/null +++ b/playbooks/roles/systems/templates/docker/systems-config.json @@ -0,0 +1,7 @@ +{ + "service_site_url": "https://admin.develop.tapis.io", + "service_tenant_id": "admin", + "site_id": "tacc", + "service_name": "systems", + "globus_client_id": "494d441c-99cf-4117-bd78-9b85cb0f12ff" +} \ No newline at end of file diff --git a/playbooks/roles/systems/templates/docker/systems-init-db-sh b/playbooks/roles/systems/templates/docker/systems-init-db-sh new file mode 100644 index 00000000..cc022523 --- /dev/null +++ b/playbooks/roles/systems/templates/docker/systems-init-db-sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Script to initialize Systems service DB using psql +# Create database, user and schema +# Postgres password must be set in env var POSTGRES_PASSWORD + +if [ -z "$DB_HOST" ]; then + DB_HOST=systems-postgres +fi + +DB_USER=postgres +DB_NAME=tapissysdb + +if [ -z "${POSTGRES_PASSWORD}" ]; then + echo "Please set env var POSTGRES_PASSWORD before running this script" + exit 1 +fi + +# Put PGPASSWORD in environment for psql to pick up +export PGPASSWORD=${POSTGRES_PASSWORD} + +# Run psql command to create database if it does not exist +echo "SELECT 'CREATE DATABASE ${DB_NAME} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.utf8\" LC_CTYPE=\"en_US.utf8\" ' \ + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec" \ + | psql --host=${DB_HOST} --username=${DB_USER} + + +# Run sql to create user and schema if they do not exist +psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE tapis_sys WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: tapis_sys'; +END +\$\$; +ALTER USER tapis_sys WITH ENCRYPTED PASSWORD '${POSTGRES_PASSWORD}'; +GRANT ALL PRIVILEGES ON DATABASE tapissysdb TO tapis_sys; + +-- Create schema if it does not exist +CREATE SCHEMA IF NOT EXISTS tapis_sys AUTHORIZATION tapis_sys; +ALTER ROLE tapis_sys SET search_path = 'tapis_sys'; +EOB diff --git a/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh b/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh index cc022523..7d3c7fec 100644 --- a/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh +++ b/playbooks/roles/systems/templates/kube/postgres/systems-init-db-sh @@ -23,7 +23,6 @@ echo "SELECT 'CREATE DATABASE ${DB_NAME} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.ut WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec" \ | psql --host=${DB_HOST} --username=${DB_USER} - # Run sql to create user and schema if they do not exist psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB -- Create user if it does not exist diff --git a/playbooks/roles/tenants/templates/docker/burnup b/playbooks/roles/tenants/templates/docker/burnup index dec7ceb0..80d3310a 100755 --- a/playbooks/roles/tenants/templates/docker/burnup +++ b/playbooks/roles/tenants/templates/docker/burnup @@ -3,6 +3,8 @@ echo "burnup tenants:" mkdir -p {{ tapisdatadir }}/tenants +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/tenants:/tenants tapis/ubutil2204:1.3.0 chown $myuid /tenants python3 {{ tapisdir }}/admin/util/parse_skexport -c tenants -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/tokens/templates/docker/burnup b/playbooks/roles/tokens/templates/docker/burnup index 55a54ea4..681a6053 100755 --- a/playbooks/roles/tokens/templates/docker/burnup +++ b/playbooks/roles/tokens/templates/docker/burnup @@ -3,11 +3,9 @@ echo "burnup tokens:" # Read secrets from env file -# export site_admin_privatekey=`grep JWTSIGNING_ADMIN_PRIVATEKEY {{ tapisdatadir }}/skadmin/env | awk -FJWTSIGNING_ADMIN_PRIVATEKEY= '{print $2$3}'` -# export site_dev_privatekey=`grep JWTSIGNING_DEV_PRIVATEKEY {{ tapisdatadir }}/skadmin/env | awk -FJWTSIGNING_DEV_PRIVATEKEY= '{print $2$3}'` - -#export site_admin_privatekey="$(grep JWTSIGNING_ADMIN_PRIVATEKEY {{ tapisdatadir }}/skadmin/env | awk -v RS='\r\n' -FJWTSIGNING_ADMIN_PRIVATEKEY= '{print $2}' | sed 's/\\n/\n/g')" mkdir -p {{ tapisdatadir }}/tokens +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/tokens:/tokens tapis/ubutil2204:1.3.0 chown $myuid /tokens python3 {{ tapisdir }}/admin/util/parse_skexport -c tokens -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/tokens/templates/docker/docker-compose.yml b/playbooks/roles/tokens/templates/docker/docker-compose.yml index cc106c94..357c84ea 100644 --- a/playbooks/roles/tokens/templates/docker/docker-compose.yml +++ b/playbooks/roles/tokens/templates/docker/docker-compose.yml @@ -16,8 +16,3 @@ services: - tapis env_file: - "{{ tapisdatadir }}/tokens/env" - healthcheck: # TODO: fix this - test: ["CMD-SHELL", "./healthcheck"] - interval: 5s - timeout: 5s - retries: 5 diff --git a/playbooks/roles/vault/templates/docker/burnup b/playbooks/roles/vault/templates/docker/burnup index edd226c5..04d05ad7 100755 --- a/playbooks/roles/vault/templates/docker/burnup +++ b/playbooks/roles/vault/templates/docker/burnup @@ -8,7 +8,7 @@ mkdir -p {{ tapisdatadir }}/vault/data myuid=`id -u` -docker run -it --rm -v /home/kprice/tmp/tapisquickstart-docker1-data/vault:/vault tapis/ubutil2204:1.3.0 chown $myuid /vault +docker run -it --rm -v {{ tapisdatadir }}/vault:/vault tapis/ubutil2204:1.3.0 chown $myuid /vault docker run -it -v {{ tapisdatadir }}/vault:/vault {{ vault_image }} chown -R 100:1000 /vault/data From 96ee25f9a04a3fe7f5d82b916ecd3a9f13be9323 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Mon, 22 May 2023 15:25:58 -0500 Subject: [PATCH 02/28] systems working? --- CHANGELOG.md | 2 ++ playbooks/roles/admin/templates/docker/util/parse_skexport | 7 +++---- playbooks/roles/files/templates/docker/docker-compose.yml | 2 ++ playbooks/roles/systems/defaults/main/vars.yml | 4 ++-- .../roles/systems/templates/docker/docker-compose.yml | 3 ++- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 44a94de4..50176730 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Notable changes between versions. ## 1.3.6 +- added java heap max and min options for systems when using Docker compose - [Authenticator: 1.3.0 to 1.3.3 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) - [Jobs: 1.3.2 to 1.3.4 (tapis/jobsapi, tapis/jobsmigrate, tapis/jobsworker)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) - [SK 1.3.1 to 1.3.2 (tapis/securitymigrate, tapis/securityexport, tapis/securityadmin, tapis/securityapi)](https://github.com/tapis-project/tapis-security/blob/dev/tapis-securityapi/CHANGELOG.md) @@ -11,6 +12,7 @@ Notable changes between versions. - [Apps: 1.3.2 to 1.3.3 (tapis/apps)](https://github.com/tapis-project/tapis-apps/blob/1.3.3/CHANGELOG.md) - [Notifications: 1.3.1 to 1.3.3 (tapis/notifications, notifications-dispatcher)](https://github.com/tapis-project/tapis-notifications/blob/1.3.3/CHANGELOG.md) + ## 1.3.5 **Breaking Changes** diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 4d0c3072..6938e675 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -45,11 +45,10 @@ security = {"TAPIS_SK_VAULT_SECRET_ID": "", # these two are populated later with skadmin = {"":""} streams = {"":""} -systems = {"pgadmin-password": "DBCREDENTIAL_PGADMIN_SYSTEMS_POSTGRES_TAPISSYSDB_WOW_PASSWORD", - "postgres-password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", +systems = {"pgadmin_password": "DBCREDENTIAL_PGADMIN_SYSTEMS_POSTGRES_TAPISSYSDB_WOW_PASSWORD", + "postgres_password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", - "postgres-user-password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_TAPIS_SYS_PASSWORD", - "service-password": "SERVICEPWD_SYSTEMS_PASSWORD", + "postgres_user_password": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_TAPIS_SYS_PASSWORD", "service_password": "SERVICEPWD_SYSTEMS_PASSWORD", "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_SYSTEMS_PASSWORD", "TAPIS_DB_PASSWORD": "DBCREDENTIAL_POSTGRES_SYSTEMS_POSTGRES_TAPISSYSDB_POSTGRES_PASSWORD", diff --git a/playbooks/roles/files/templates/docker/docker-compose.yml b/playbooks/roles/files/templates/docker/docker-compose.yml index 827f16a2..47637e37 100644 --- a/playbooks/roles/files/templates/docker/docker-compose.yml +++ b/playbooks/roles/files/templates/docker/docker-compose.yml @@ -50,6 +50,8 @@ services: condition: service_healthy volumes: - {{ tapisdir }}/files/files-init-db-sh:/files-init-db-sh + networks: + - tapis command: chmod +x files-init-db-sh; /files-init-db-sh # files-minio: diff --git a/playbooks/roles/systems/defaults/main/vars.yml b/playbooks/roles/systems/defaults/main/vars.yml index 78c4c89b..4ef831c5 100644 --- a/playbooks/roles/systems/defaults/main/vars.yml +++ b/playbooks/roles/systems/defaults/main/vars.yml @@ -8,5 +8,5 @@ systems_service_url: "{{ global_service_url }}" systems_storage_class: "{{ global_storage_class }}" systems_postgres_pvc: systems-postgres-vol01 systems_globus_client_id: null -systems_heap_max: 4G -systems_heap_min: 4G +systems_heap_max: 3G +systems_heap_min: 1G diff --git a/playbooks/roles/systems/templates/docker/docker-compose.yml b/playbooks/roles/systems/templates/docker/docker-compose.yml index 27a3ce33..0b523c73 100644 --- a/playbooks/roles/systems/templates/docker/docker-compose.yml +++ b/playbooks/roles/systems/templates/docker/docker-compose.yml @@ -49,7 +49,8 @@ services: - {{ tapisdir }}/systems/systems-init-db-sh:/init-db env_file: {{ tapisdatadir }}/systems/env - command: chmod +x init-db; /init-db + # command: /init-db + command: bash -c "cp /init-db /local_initdb && echo 100 && chown $(whoami) /local_initdb && echo 200 && chmod +x /local_initdb && echo 300 && /local_initdb" # command: sleep infinity depends_on: systems-postgres: From 9cbafa552fa21cf6c12294283950edac190dfc34 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Mon, 22 May 2023 15:34:41 -0500 Subject: [PATCH 03/28] files working? --- playbooks/roles/files/templates/docker/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/files/templates/docker/docker-compose.yml b/playbooks/roles/files/templates/docker/docker-compose.yml index 47637e37..f97f6857 100644 --- a/playbooks/roles/files/templates/docker/docker-compose.yml +++ b/playbooks/roles/files/templates/docker/docker-compose.yml @@ -8,8 +8,8 @@ services: container_name: files-rabbitmq image: {{ files_rabbitmq_management_image }} environment: - - RABBITMQ_DEFAULT_USER=dev - - RABBITMQ_DEFAULT_VHOST=dev + - RABBITMQ_DEFAULT_USER=tapisfiles + - RABBITMQ_DEFAULT_VHOST=tapisfiles env_file: - {{ tapisdatadir }}/files/env networks: From 8021597dad32f770cb926748000ff036641f1826 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Mon, 22 May 2023 16:09:52 -0500 Subject: [PATCH 04/28] apps working? --- CHANGELOG.md | 1 + .../templates/docker/util/parse_skexport | 8 ++- playbooks/roles/apps/defaults/main/vars.yml | 2 + playbooks/roles/apps/templates/docker/burnup | 4 ++ .../apps/templates/docker/docker-compose.yml | 54 +++++++++++++------ 5 files changed, 52 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50176730..74bab245 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ Notable changes between versions. ## 1.3.6 - added java heap max and min options for systems when using Docker compose +- added java heap max and min options for apps when using Docker compose - [Authenticator: 1.3.0 to 1.3.3 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) - [Jobs: 1.3.2 to 1.3.4 (tapis/jobsapi, tapis/jobsmigrate, tapis/jobsworker)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) - [SK 1.3.1 to 1.3.2 (tapis/securitymigrate, tapis/securityexport, tapis/securityadmin, tapis/securityapi)](https://github.com/tapis-project/tapis-security/blob/dev/tapis-securityapi/CHANGELOG.md) diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 6938e675..638e65a3 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -7,7 +7,13 @@ import json # var mapping for all comps # e.g. {"{skexport_name}": "{internal_component_name}"} actors = {"":""} -apps = {"":""} +apps = {"TAPIS_DB_PASSWORD":"DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_POSTGRES_PASSWORD", + "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_APPS_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_POSTGRES_PASSWORD", + "POSTGRES_USER_PASSWORD": "DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_TAPIS_APP_PASSWORD", + "service_password": "SERVICEPWD_APPS_PASSWORD", + "MONITOR_PASSWORD": "DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_TAPIS_APP_PASSWORD"} + authenticator = {"POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", "postgres_password": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", "LDAP_ROOTPASS":"USER_ADMIN_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD", diff --git a/playbooks/roles/apps/defaults/main/vars.yml b/playbooks/roles/apps/defaults/main/vars.yml index b1aa57b3..75d4f126 100644 --- a/playbooks/roles/apps/defaults/main/vars.yml +++ b/playbooks/roles/apps/defaults/main/vars.yml @@ -11,4 +11,6 @@ apps_postgres_pvc: apps-postgres-vol01 apps_service_password: null apps_postgres_password: null apps_pgadmin_password: null +apps_heap_min: 1g +apps_heap_max: 4g diff --git a/playbooks/roles/apps/templates/docker/burnup b/playbooks/roles/apps/templates/docker/burnup index 80119d5b..7c597a98 100755 --- a/playbooks/roles/apps/templates/docker/burnup +++ b/playbooks/roles/apps/templates/docker/burnup @@ -3,6 +3,10 @@ echo "burnup apps:" mkdir -p {{ tapisdatadir }}/apps +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/apps:/apps tapis/ubutil2204:1.3.0 chown $myuid /apps + +python3 {{ tapisdir }}/admin/util/parse_skexport -c apps -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/apps/templates/docker/docker-compose.yml b/playbooks/roles/apps/templates/docker/docker-compose.yml index 69a7c279..fb982fcc 100644 --- a/playbooks/roles/apps/templates/docker/docker-compose.yml +++ b/playbooks/roles/apps/templates/docker/docker-compose.yml @@ -6,29 +6,51 @@ networks: services: apps-api: + container_name: apps-api image: {{ apps_api_image }} + networks: + - tapis environment: - TAPIS_DB_JDBC_URL=jdbc:postgresql://apps-postgres:5432/tapisappdb - TAPIS_DB_USER=tapis_app - - "TAPIS_SITE_ID={{ apps_service_site_id }}" - - "TAPIS_TENANT_SVC_BASEURL={{ apps_service_url }}" - - "TAPIS_DB_PASSWORD={{ apps_postgres_password }}" # TODO - - "TAPIS_SERVICE_PASSWORD={{ apps_service_password }}" # TODO + - TAPIS_SITE_ID={{ apps_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ apps_service_url }} + env_file: + - {{ tapisdatadir }}/apps/env + command: java -Xms{{ apps_heap_min }} -Xmx{{ apps_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "apps.jar:dependencies/*" edu.utexas.tacc.tapis.apps.api.AppsApplication + depends_on: + apps-migrations: + condition: service_completed_successfully + apps-postgres: + container_name: apps-postgres image: {{ apps_postgres_image }} - # ports: - # - "5432" + networks: + - tapis environment: - - PGDATA="/pgdata/data" - - "POSTGRES_PASSWORD={{ apps_postgres_password }}" + - PGDATA=/pgdata/data + env_file: + - {{ tapisdatadir }}/apps/env volumes: - - "{{ tapisdatadir }}/pgdata:/pgdata" + - {{ tapisdatadir }}/apps/postgres:/pgdata + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 - apps-pgadmin: - image: {{ apps_pgadmin_image }} - # ports: - # - "80" - environment: - - PGADMIN_DEFAULT_EMAIL="wow@example.com" - - "PGADMIN_DEFAULT_PASSWORD={{ apps_pgadmin_password }}" + apps-migrations: + container_name: apps-migrations + image: {{ apps_postgres_image }} + networks: + - tapis + env_file: + - {{ tapisdatadir }}/apps/env + volumes: + - {{ tapisdatadir }}/apps/postgres:/pgdata + - {{ tapisdir }}/apps/apps-init-db-sh:/init-db + command: bash -c "cp /init-db /local_initdb && echo 100 && chown $(whoami) /local_initdb && echo 200 && chmod +x /local_initdb && echo 300 && /local_initdb" + depends_on: + apps-postgres: + condition: service_healthy From 2e1558c8a3fbd11e9737c41380c3f5732c1d158d Mon Sep 17 00:00:00 2001 From: mpackard Date: Mon, 22 May 2023 22:55:44 +0000 Subject: [PATCH 05/28] change test.tapis.io to variable --- .../docker/locations/site-router-token-check.conf | 2 +- playbooks/roles/proxy/templates/docker/nginx.conf | 6 +++--- playbooks/roles/vault/templates/docker/vault.hcl | 11 ++++++----- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf index 350f6002..fd429117 100644 --- a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf +++ b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf @@ -41,6 +41,6 @@ location /_auth { proxy_set_header Host $host; proxy_set_header Content-Length ""; proxy_set_header X-Tapis-Token $http_x_tapis_token; - proxy_pass https://admin.test.tapis.io/v3/site-router/tokens/check; + proxy_pass https://admin.{{ global_tapis_domain }}/v3/site-router/tokens/check; } diff --git a/playbooks/roles/proxy/templates/docker/nginx.conf b/playbooks/roles/proxy/templates/docker/nginx.conf index d7f175e3..97123632 100644 --- a/playbooks/roles/proxy/templates/docker/nginx.conf +++ b/playbooks/roles/proxy/templates/docker/nginx.conf @@ -23,7 +23,7 @@ stream { # Ports used are purely random. Feel free to change. map $ssl_preread_server_name $instanceport { # Route TCP with following whatever.pods.whatever.develop.tapis.ioto pods-nginx. - "~pods.*.test.tapis.io" 5510; + "~pods.{{ proxy_nginx_server_name }}" 5510; # Else default to 8443 (listened to by http stanza). default 8443; } @@ -84,7 +84,7 @@ http { listen 80; listen [::]:80; - server_name *.test.tapis.io; + server_name {{ proxy_nginx_server_name }}; # Redirect with 307 to preserve post data. (301 does not) if ($request_method = POST) { @@ -107,7 +107,7 @@ http { listen 8443 ssl http2; listen [::]:8443 ssl http2; - server_name *.test.tapis.io; + server_name {{ proxy_nginx_server_name }}; ssl_certificate /tmp/ssl/tls.crt; ssl_certificate_key /tmp/ssl/tls.key; diff --git a/playbooks/roles/vault/templates/docker/vault.hcl b/playbooks/roles/vault/templates/docker/vault.hcl index 4553845b..a92d1f02 100644 --- a/playbooks/roles/vault/templates/docker/vault.hcl +++ b/playbooks/roles/vault/templates/docker/vault.hcl @@ -1,13 +1,14 @@ api_addr = "http://vault:8200" disable_mlock = true +{% if vault_raft_storage is defined and vault_raft_storage == false %} storage "file" { - path = "/vault/data" + path = "/vault/data" } - -{% if vault_raft_storage == true %} -storage_destination "raft" { - path = "/opt/vault/data" +{% else %} +cluster_addr = "http://127.0.0.1:8201" +storage "raft" { + path = "/vault/data" node_id = "raft_node_1" } {% endif%} From 0a8ebefa31a9cce309c5b2730b43ff7beb755a13 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Mon, 22 May 2023 18:35:07 -0500 Subject: [PATCH 06/28] proxy fixes --- .../docker/verification/authenticator-test | 5 +- .../templates/docker/verification/files-test | 6 ++ .../templates/docker/verification/jobs-test | 6 ++ .../docker/verification/systems-test | 6 ++ .../apps/templates/docker/apps-init-db-sh | 77 +++++++++++++++++++ .../roles/baseburnup/templates/docker/burnup | 30 ++++++++ .../locations/site-router-token-check.conf | 2 +- .../roles/proxy/templates/docker/nginx.conf | 6 +- 8 files changed, 131 insertions(+), 7 deletions(-) create mode 100755 playbooks/roles/admin/templates/docker/verification/files-test create mode 100755 playbooks/roles/admin/templates/docker/verification/jobs-test create mode 100755 playbooks/roles/admin/templates/docker/verification/systems-test create mode 100644 playbooks/roles/apps/templates/docker/apps-init-db-sh diff --git a/playbooks/roles/admin/templates/docker/verification/authenticator-test b/playbooks/roles/admin/templates/docker/verification/authenticator-test index a6da0ad7..0504b13f 100755 --- a/playbooks/roles/admin/templates/docker/verification/authenticator-test +++ b/playbooks/roles/admin/templates/docker/verification/authenticator-test @@ -5,6 +5,5 @@ curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "passw # should return 200 and JSON with token - -export pass=`grep LDAP_ROOTPASS {{ tapisdatadir }}/authenticator/env | awk -F= '{print $2}'` -docker run --rm -it -net tapis mrghort/centosutil:1.3.1 ldapsearch -x -H ldap://authenticator-ldap:389 -Z -D "cn=admin,dc=tapis" -w "$pass" -b "ou=tenants.dev,dc=tapis" +export pass=`grep ^LDAP_ROOTPASS {{ tapisdatadir }}/authenticator/env | awk -F= '{print $2}' | tr -d '"'` +docker run --rm -it --network tapis tapis/centosutil:1.3.1 ldapsearch -x -H ldap://authenticator-ldap:389 -Z -D "cn=admin,dc=tapis" -w "$pass" -b "ou=tenants.dev,dc=tapis" diff --git a/playbooks/roles/admin/templates/docker/verification/files-test b/playbooks/roles/admin/templates/docker/verification/files-test new file mode 100755 index 00000000..54b1ba49 --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/files-test @@ -0,0 +1,6 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/files/healthcheck | jq + diff --git a/playbooks/roles/admin/templates/docker/verification/jobs-test b/playbooks/roles/admin/templates/docker/verification/jobs-test new file mode 100755 index 00000000..d6600d6b --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/jobs-test @@ -0,0 +1,6 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/jobs/healthcheck | jq + diff --git a/playbooks/roles/admin/templates/docker/verification/systems-test b/playbooks/roles/admin/templates/docker/verification/systems-test new file mode 100755 index 00000000..d6a00a9a --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/systems-test @@ -0,0 +1,6 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/systems/healthcheck | jq + diff --git a/playbooks/roles/apps/templates/docker/apps-init-db-sh b/playbooks/roles/apps/templates/docker/apps-init-db-sh new file mode 100644 index 00000000..eaf01d34 --- /dev/null +++ b/playbooks/roles/apps/templates/docker/apps-init-db-sh @@ -0,0 +1,77 @@ +#!/bin/bash +# Script to initialize Apps service DB using psql +# Create database, user and schema +# Postgres password must be set in env var POSTGRES_PASSWORD + +if [ -z "$DB_HOST" ]; then + DB_HOST=apps-postgres +fi + +DB_USER=postgres +DB_NAME=tapisappdb + +if [ -z "${POSTGRES_PASSWORD}" ]; then + echo "Please set env var POSTGRES_PASSWORD before running this script" + exit 1 +fi + +# Put PGPASSWORD in environment for psql to pick up +export PGPASSWORD=${POSTGRES_PASSWORD} + +# Run psql command to create database if it does not exist +echo "SELECT 'CREATE DATABASE ${DB_NAME} ENCODING=\"UTF8\" LC_COLLATE=\"en_US.utf8\" LC_CTYPE=\"en_US.utf8\" ' \ + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec" \ + | psql --host=${DB_HOST} --username=${DB_USER} + + +# Run sql to create user and schema if they do not exist +psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE tapis_app WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: tapis_app'; +END +\$\$; +ALTER USER tapis_app WITH ENCRYPTED PASSWORD '${POSTGRES_PASSWORD}'; +GRANT ALL PRIVILEGES ON DATABASE tapisappdb TO tapis_app; + +-- Create schema if it does not exist +CREATE SCHEMA IF NOT EXISTS tapis_app AUTHORIZATION tapis_app; +ALTER ROLE tapis_app SET search_path = 'tapis_app'; +EOB + +{% if apps_monitor_password is defined and apps_monitor_password %} +# this is the password :{{ apps_monitor_password }} +# end + +### hammock/mpackard 20210616 + + +# Script to add Monitoring read only access for Apps service DB using psql +# user and grant read only acces +# Postgres password must be set in env var MONITOR_PASSWORD + +if [ -z "${MONITOR_PASSWORD}" ]; then + echo "Please set env var MONITOR_PASSWORD before running this script" + exit 1 +fi + +# Run sql to create user if it does not exist +psql --host=${DB_HOST} --username=${DB_USER} --dbname=${DB_NAME} -q << EOB +-- Create user if it does not exist +DO \$\$ +BEGIN + CREATE ROLE monitor WITH LOGIN; + EXCEPTION WHEN DUPLICATE_OBJECT THEN + RAISE NOTICE 'User already exists. User name: monitor'; +END +\$\$; +ALTER USER monitor WITH ENCRYPTED PASSWORD '${MONITOR_PASSWORD}'; +GRANT SELECT ON ALL TABLES IN SCHEMA tapis_app TO monitor; +GRANT CONNECT ON DATABASE tapisappdb TO monitor; +GRANT USAGE ON SCHEMA tapis_app TO monitor; + +EOB +{% endif %} diff --git a/playbooks/roles/baseburnup/templates/docker/burnup b/playbooks/roles/baseburnup/templates/docker/burnup index 74782867..02e72656 100755 --- a/playbooks/roles/baseburnup/templates/docker/burnup +++ b/playbooks/roles/baseburnup/templates/docker/burnup @@ -85,7 +85,37 @@ burnup_or_exit files burnup_or_exit systems {% endif %} +{% if "apps" in components_to_deploy %} +burnup_or_exit apps +{% endif %} + +## tertiary services + +# actors + +# container-registry + +# globus-proxy + +# meta + +# monitoring + +# notifications + +# pgrest + +# pgrest-a2cps-dev + +# pgrest-a2cps-prod + +# pods + +# streams + +# tapisui +# workflows echo "Done: top-level-burnup" diff --git a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf index 350f6002..fd429117 100644 --- a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf +++ b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf @@ -41,6 +41,6 @@ location /_auth { proxy_set_header Host $host; proxy_set_header Content-Length ""; proxy_set_header X-Tapis-Token $http_x_tapis_token; - proxy_pass https://admin.test.tapis.io/v3/site-router/tokens/check; + proxy_pass https://admin.{{ global_tapis_domain }}/v3/site-router/tokens/check; } diff --git a/playbooks/roles/proxy/templates/docker/nginx.conf b/playbooks/roles/proxy/templates/docker/nginx.conf index d7f175e3..7de27663 100644 --- a/playbooks/roles/proxy/templates/docker/nginx.conf +++ b/playbooks/roles/proxy/templates/docker/nginx.conf @@ -23,7 +23,7 @@ stream { # Ports used are purely random. Feel free to change. map $ssl_preread_server_name $instanceport { # Route TCP with following whatever.pods.whatever.develop.tapis.ioto pods-nginx. - "~pods.*.test.tapis.io" 5510; + "~pods.{{ proxy_nginx_server_name }}" 5510; # Else default to 8443 (listened to by http stanza). default 8443; } @@ -84,7 +84,7 @@ http { listen 80; listen [::]:80; - server_name *.test.tapis.io; + server_name {{ proxy_nginx_server_name }}; # Redirect with 307 to preserve post data. (301 does not) if ($request_method = POST) { @@ -107,7 +107,7 @@ http { listen 8443 ssl http2; listen [::]:8443 ssl http2; - server_name *.test.tapis.io; + server_name {{ proxy_nginx_server_name }}; ssl_certificate /tmp/ssl/tls.crt; ssl_certificate_key /tmp/ssl/tls.key; From d2eee5cb24d66fcf33f9280f0e43cdd1802a6a2c Mon Sep 17 00:00:00 2001 From: mpackard Date: Wed, 24 May 2023 15:00:18 -0500 Subject: [PATCH 07/28] changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a9f38c8..a0aeffe7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ Notable changes between versions. - [Notifications: 1.3.3 to 1.3.4 (notifications, notifications-dispatcher)](https://github.com/tapis-project/tapis-notifications/blob/1.3.4/CHANGELOG.md) - [Globus Proxy: 1.3.0 to 1.3.1 (globus-proxy)](https://github.com/tapis-project/globus-proxy/blob/dev/CHANGELOG.md) - Added optional `skadmin_sk_privileged_sa` var to skadmin component to enable Kubernetes privilege separation. +- Beta release: A new way of deploying Tapis using Docker instead of Kubernetes is now in Beta. By setting `tapisflavor: docker` in the Ansible config, Deployer uses a different set of templates to create the Docker-based Tapis installation scripts. So far only a subset of the components are functional. + ## 1.3.6 From d7aa347b8ecc5160e9bf4efc6f36dd3e05f104ca Mon Sep 17 00:00:00 2001 From: mpackard Date: Wed, 24 May 2023 15:01:15 -0500 Subject: [PATCH 08/28] changelog --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0aeffe7..ffbdb83d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,6 @@ Notable changes between versions. - Added optional `skadmin_sk_privileged_sa` var to skadmin component to enable Kubernetes privilege separation. - Beta release: A new way of deploying Tapis using Docker instead of Kubernetes is now in Beta. By setting `tapisflavor: docker` in the Ansible config, Deployer uses a different set of templates to create the Docker-based Tapis installation scripts. So far only a subset of the components are functional. - ## 1.3.6 - [Authenticator: 1.3.0 to 1.3.3 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) From 8ece8ca0cecb72b5ecbb80476a1b382683bba094 Mon Sep 17 00:00:00 2001 From: mpackard Date: Wed, 24 May 2023 15:01:23 -0500 Subject: [PATCH 09/28] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a9f38c8..ffbdb83d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Notable changes between versions. - [Notifications: 1.3.3 to 1.3.4 (notifications, notifications-dispatcher)](https://github.com/tapis-project/tapis-notifications/blob/1.3.4/CHANGELOG.md) - [Globus Proxy: 1.3.0 to 1.3.1 (globus-proxy)](https://github.com/tapis-project/globus-proxy/blob/dev/CHANGELOG.md) - Added optional `skadmin_sk_privileged_sa` var to skadmin component to enable Kubernetes privilege separation. +- Beta release: A new way of deploying Tapis using Docker instead of Kubernetes is now in Beta. By setting `tapisflavor: docker` in the Ansible config, Deployer uses a different set of templates to create the Docker-based Tapis installation scripts. So far only a subset of the components are functional. ## 1.3.6 From 2da311804617c6eaba343174f7a3f011bf0994e2 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 24 May 2023 15:55:00 -0500 Subject: [PATCH 10/28] notifications working? --- CHANGELOG.md | 3 +- .../roles/actors/templates/docker/burnup | 5 +- .../templates/docker/docker-compose.yml | 36 +++---- .../templates/docker/util/parse_skexport | 19 +++- .../jobs/templates/docker/docker-compose.yml | 2 +- .../notifications/defaults/main/vars.yml | 2 + .../notifications/templates/docker/burnup | 7 +- .../templates/docker/docker-compose.yml | 101 ++++++++++++------ 8 files changed, 117 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74bab245..ad94cd24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,7 @@ Notable changes between versions. ## 1.3.6 -- added java heap max and min options for systems when using Docker compose -- added java heap max and min options for apps when using Docker compose +- added java heap max and min options for apps, systems, and notifications when using Docker compose - [Authenticator: 1.3.0 to 1.3.3 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) - [Jobs: 1.3.2 to 1.3.4 (tapis/jobsapi, tapis/jobsmigrate, tapis/jobsworker)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) - [SK 1.3.1 to 1.3.2 (tapis/securitymigrate, tapis/securityexport, tapis/securityadmin, tapis/securityapi)](https://github.com/tapis-project/tapis-security/blob/dev/tapis-securityapi/CHANGELOG.md) diff --git a/playbooks/roles/actors/templates/docker/burnup b/playbooks/roles/actors/templates/docker/burnup index 398b618c..2c0f0870 100755 --- a/playbooks/roles/actors/templates/docker/burnup +++ b/playbooks/roles/actors/templates/docker/burnup @@ -3,6 +3,9 @@ echo "burnup actors:" mkdir -p {{ tapisdatadir }}/actors +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/actors:/actors tapis/ubutil2204:1.3.0 chown $myuid /actors -docker compose up -d +python3 {{ tapisdir }}/admin/util/parse_skexport -c actors -d {{ tapisdatadir }} +docker compose up -d \ No newline at end of file diff --git a/playbooks/roles/actors/templates/docker/docker-compose.yml b/playbooks/roles/actors/templates/docker/docker-compose.yml index e3b5b523..e0c6eebf 100644 --- a/playbooks/roles/actors/templates/docker/docker-compose.yml +++ b/playbooks/roles/actors/templates/docker/docker-compose.yml @@ -16,14 +16,16 @@ services: container_name: actors-mongo image: {{ actors_mongo_image }} environment: - MONGO_INITDB_ROOT_USERNAME: admin - MONGO_INITDB_ROOT_PASSWORD: admin - MONGO_REPLICA_SET_NAME: rs0 - # ports: - # - "127.0.0.1:27017:27017" + - MONGO_INITDB_ROOT_USERNAME: admin + - MONGO_REPLICA_SET_NAME: rs0 + env_file: + - {{ tapisdatadir }}/actors/env # volumes: # - ./runtime_files/certs:/data/ssl # - ./runtime_files/certs/mongo-replica-set-keyfile:/keyfiles/metakeyfile + volumes: + - {{ tapisdatadir }}/actors/mongo/data:/data/db + - {{ tapisdatadir }}/actors/mongo/keyfile:keyfile-base networks: - tapis ulimits: @@ -47,18 +49,16 @@ services: #command: "mongod --bind_ip_all --replSet rs0 --keyFile /keyfiles/keyfile-to-use --tlsMode requireTLS --tlsCertificateKeyFile "/data/ssl/server.pem" --tlsCAFile "/data/ssl/ca.pem" - actors-rabbit: - container_name: actors-rabbit + actors-rabbitmq: + container_name: actors-rabbitmq image: {{ actors_rabbitmq_image }} - # ports: - # - "127.0.0.1:5672:5672" - # - "127.0.0.1:15672:15672" environment: RABBITMQ_NODENAME: abaco-rabbit RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: "+A 128" RABBITMQ_DEFAULT_VHOST: abaco_vhost RABBITMQ_DEFAULT_USER: admin - RABBITMQ_DEFAULT_PASS: admin + env_file: + - {{ tapisdatadir }}/actors/env ulimits: nproc: 65535 nofile: @@ -67,23 +67,23 @@ services: networks: - tapis depends_on: - - actors-mongo + actors-mongo: + condition: service_started actors-nginx: container_name: actors-nginx image: {{ actors_nginx_image }} + networks: + - tapis volumes: # - ./config-local.json:/home/tapis/config.json - - "{{ tapisdir }}/actors/actors-config.json:/home/tapis/config.json" + - "{{ tapisdir }}/actors/actors-config.json:/etc/nginx/sites-enabled/flask-project" # # - ./images/nginx/nginx.conf:/etc/nginx/nginx.conf # # - ./images/nginx/sites-enabled:/etc/nginx/sites-enabled -# ports: -# - "127.0.0.1:8000:80" restart: always depends_on: - - actors-mongo - networks: - - tapis + actors-mongo: + condition: service_started actors-reg: container_name: actors-reg diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 638e65a3..7c0d911b 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -6,7 +6,10 @@ import json # var mapping for all comps # e.g. {"{skexport_name}": "{internal_component_name}"} -actors = {"":""} +actors = {"RABBITMQ_DEFAULT_PASS":"DBCREDENTIAL_RABBITMQ_ABACO_RABBIT_MQ_HOST_RABBITMQ_ABACO_PASSWORD", + "MONGO_INITDB_ROOT_PASSWORD": "DBCREDENTIAL_MONGO_ABACO_MONGO_DB_HOST_MONGODB_ABACO_PASSWORD", + "": "SERVICEPWD_ABACO_PASSWORD"} + apps = {"TAPIS_DB_PASSWORD":"DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_POSTGRES_PASSWORD", "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_APPS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_APPS_POSTGRES_TAPISAPPDB_POSTGRES_PASSWORD", @@ -37,7 +40,19 @@ jobs = {"TAPIS_SERVICE_PASSWORD": "SERVICEPWD_JOBS_PASSWORD", meta = {"":""} monitoring = {"":""} -notifications = {"":""} +notifications = {"PGADMIN_DEFAULT_PASSWORD": "DBCREDENTIAL_PGADMIN_NOTIFICATIONS_POSTGRES_TAPISNTFDB_WOW_PASSWORD", + "TAPIS_DB_USER_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_POSTGRES_PASSWORD", + "POSTGRES_USER_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_POSTGRES_PASSWORD", + "TAPIS_DB_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_TAPIS_NTF_PASSWORD", + "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_NOTIFICATIONS_POSTGRES_TAPISNTFDB_TAPIS_NTF_PASSWORD", + "TAPIS_QUEUE_PASSWORD": "DBCREDENTIAL_RABBITMQ_NOTIFICATIONS_RABBITMQ_NOTIFICATIONSHOST_NOTIFICATIONS_PASSWORD", + "RABBITMQ_DEFAULT_PASS": "DBCREDENTIAL_RABBITMQ_NOTIFICATIONS_RABBITMQ_NOTIFICATIONSHOST_TAPIS_PASSWORD", + "TAPIS_QUEUE_ADMIN_PASSWORD": "DBCREDENTIAL_RABBITMQ_NOTIFICATIONS_RABBITMQ_NOTIFICATIONSHOST_TAPIS_PASSWORD", + "TAPIS_SERVICE_PASSWORD": "SERVICEPWD_NOTIFICATIONS_PASSWORD", + "service_password": "SERVICEPWD_NOTIFICATIONS_PASSWORD"} + + + pgrest = {"":""} pods = {"":""} proxy = {"":""} diff --git a/playbooks/roles/jobs/templates/docker/docker-compose.yml b/playbooks/roles/jobs/templates/docker/docker-compose.yml index e0b250bf..3e2222e8 100644 --- a/playbooks/roles/jobs/templates/docker/docker-compose.yml +++ b/playbooks/roles/jobs/templates/docker/docker-compose.yml @@ -89,7 +89,7 @@ services: env_file: - {{ tapisdatadir }}/jobs/env volumes: - - {{ tapisdatadir }}/jobs/jobs-rabbitmq-data + - {{ tapisdatadir }}/jobs/jobs-rabbitmq-data:/var/lib/rabbitmq/mnesia networks: - tapis depends_on: diff --git a/playbooks/roles/notifications/defaults/main/vars.yml b/playbooks/roles/notifications/defaults/main/vars.yml index 871fa34d..ee350bdd 100644 --- a/playbooks/roles/notifications/defaults/main/vars.yml +++ b/playbooks/roles/notifications/defaults/main/vars.yml @@ -10,5 +10,7 @@ notifications_rabbitmq_pvc: notifications-rabbitmq-vol01 notifications_mail_provider: SMTP notifications_mail_host: relay.example.com notifications_mail_port: 25 +notifications_heap_min: 1g +notifications_heap_max: 4g diff --git a/playbooks/roles/notifications/templates/docker/burnup b/playbooks/roles/notifications/templates/docker/burnup index 6f7293ef..483188fe 100755 --- a/playbooks/roles/notifications/templates/docker/burnup +++ b/playbooks/roles/notifications/templates/docker/burnup @@ -1,8 +1,11 @@ #!/bin/bash -echo "burnup meta:" +echo "burnup notifications:" mkdir -p {{ tapisdatadir }}/notifications +myuid=`id -u` +docker run -it --rm -v {{ tapisdatadir }}/notifications:/notifications tapis/ubutil2204:1.3.0 chown $myuid /notifications -docker compose up -d +python3 {{ tapisdir }}/admin/util/parse_skexport -c notifications -d {{ tapisdatadir }} +docker compose up -d \ No newline at end of file diff --git a/playbooks/roles/notifications/templates/docker/docker-compose.yml b/playbooks/roles/notifications/templates/docker/docker-compose.yml index 88f14b20..f58edbe7 100644 --- a/playbooks/roles/notifications/templates/docker/docker-compose.yml +++ b/playbooks/roles/notifications/templates/docker/docker-compose.yml @@ -2,6 +2,7 @@ networks: tapis: name: tapis + external: true services: @@ -9,78 +10,114 @@ services: notifications-api: container_name: notifications-api image: {{ notifications_api_image }} - ports: - - "127.0.0.1:8080:8080" - - "127.0.0.1:8000:8000" + environment: + - TAPIS_SITE_ID={{ notifications_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ notifications_service_url }} + - TAPIS_DB_JDBC_URL=jdbc:postgresql://notifications-postgres:5432/tapisntfdb + - TAPIS_DB_USER=tapis_ntf + - TAPIS_QUEUE_HOST=notifications-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=notif env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + depends_on: + notifications-postgres: + condition: service_healthy + notifications-rabbitmq: + condition: service_healthy + command: java -Xms{{ notifications_heap_min }} -Xmx{{ notifications_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "notifications.jar:dependencies/*" edu.utexas.tacc.tapis.notifications.api.NotificationsApplication notifications-init-db: - container-name: notifications-init-db + container_name: notifications-init-db image: {{ notifications_postgres_image }} - imagePullPolicy: Always - command: ["/tmp/notifications-init-db-sh"] + command: bash -c "chmod +x /tmp/notifications-init-db-sh && /tmp/notifications-init-db-sh" volumes: - - name: {{ tapisdir }}/notifications/notifications-init-db-sh:/tmp/notifications-init-db-sh + - {{ tapisdir }}/notifications/notifications-init-db-sh:/tmp/notifications-init-db-sh env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + depends_on: + notifications-postgres: + condition: service_healthy notifications-postgres: - container-name: notifications-postgres + container_name: notifications-postgres image: {{ notifications_postgres_image }} - ports: - - "127.0.0.1:5432:5432" environment: - - PGDATA="/pgdata/data" + - PGDATA=/pgdata/data env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis - # volumes: - # - "{{ tapisdatadir }}/notifications/pgdata:/pgdata" # TODO!! + volumes: + - {{ tapisdatadir }}/notifications/pgdata:/pgdata/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 notifications-pgadmin: - container-name: notifications-pgadmin + container_name: notifications-pgadmin image: {{ notifications_pgadmin_image }} - ports: - - "127.0.0.1:81:80" environment: - - name: PGADMIN_DEFAULT_EMAIL=wow@example.com + - PGADMIN_DEFAULT_EMAIL=wow@example.com env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + depends_on: + notifications-postgres: + condition: service_healthy + notifications-rabbitmq: + condition: service_healthy notifications-dispatcher: container_name: notifications-dispatcher image: {{ notifications_dispatcher_image }} + environment: + - TAPIS_SITE_ID={{ notifications_service_site_id }} + - TAPIS_TENANT_SVC_BASEURL={{ notifications_service_url }} + - TAPIS_DB_JDBC_URL=jdbc:postgresql://notifications-postgres:5432/tapisntfdb + - TAPIS_DB_USER=tapis_ntf + - TAPIS_QUEUE_HOST=notifications-rabbitmq + - TAPIS_QUEUE_ADMIN_USER=tapis + - TAPIS_QUEUE_USER=notif env_file: - {{ tapisdatadir }}/notifications/env networks: - tapis + command: java -Xms{{ notifications_heap_min }} -Xmx{{ notifications_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "notifications.jar:dependencies/*" edu.utexas.tacc.tapis.notifications.DispatchApplication + depends_on: + notifications-postgres: + condition: service_healthy + notifications-rabbitmq: + condition: service_healthy - notifcations-rabbitmq: - container-name: notifications-rabbitmq + notifications-rabbitmq: + container_name: notifications-rabbitmq image: {{ notifications_rabbitmq_image }} - ports: - - 127.0.0.1:15672:5672 - - 127.0.0.1:25672:5672 environment: - - HOSTNAME="notifications-rabbitmq" - - RABBITMQ_HOSTNAME="notifications-rabbitmq" - - RABBITMQ_DEFAULT_USER="tapis" - - RABBITMQ_VM_MEMORY_HIGH_WATERMARK="2147483648" + - HOSTNAME=notifications-rabbitmq + - RABBITMQ_HOSTNAME=notifications-rabbitmq + - RABBITMQ_DEFAULT_USER=tapis + - RABBITMQ_VM_MEMORY_HIGH_WATERMARK=2147483648 env_file: - {{ tapisdatadir }}/notifications/env + volumes: + - {{ tapisdatadir }}/notifications/notifications-rabbitmq-data:/var/lib/rabbitmq/mnesia networks: - tapis - - volumeMounts: - - name: notifications-rabbitmq-data="/var/lib/rabbitmq/mnesia" - networks: - - tapis - + healthcheck: + test: rabbitmq-diagnostics check_running + interval: 5s + timeout: 5s + retries: 3 + depends_on: + notifications-postgres: + condition: service_healthy + notifications-init-db: + condition: service_completed_successfully \ No newline at end of file From 315b7cc6d1381b74d2433a75a202c1f9cff19601 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 24 May 2023 16:24:45 -0500 Subject: [PATCH 11/28] tapisui runs --- .../roles/baseburnup/templates/docker/burnup | 8 +++++-- .../roles/tapisui/templates/docker/burndown | 4 ++-- .../roles/tapisui/templates/docker/burnup | 11 +++++---- .../tapisui/templates/docker/deployment.yml | 24 ------------------- .../tapisui/templates/docker/service.yml | 11 --------- 5 files changed, 15 insertions(+), 43 deletions(-) delete mode 100644 playbooks/roles/tapisui/templates/docker/deployment.yml delete mode 100644 playbooks/roles/tapisui/templates/docker/service.yml diff --git a/playbooks/roles/baseburnup/templates/docker/burnup b/playbooks/roles/baseburnup/templates/docker/burnup index 02e72656..0a68cd8f 100755 --- a/playbooks/roles/baseburnup/templates/docker/burnup +++ b/playbooks/roles/baseburnup/templates/docker/burnup @@ -101,7 +101,9 @@ burnup_or_exit apps # monitoring -# notifications +{% if "notifications" in components_to_deploy %} +burnup_or_exit notifications +{% endif %} # pgrest @@ -113,7 +115,9 @@ burnup_or_exit apps # streams -# tapisui +{% if "tapisui" in components_to_deploy %} +burnup_or_exit tapisui +{% endif %} # workflows diff --git a/playbooks/roles/tapisui/templates/docker/burndown b/playbooks/roles/tapisui/templates/docker/burndown index 5ec0966d..6737697e 100755 --- a/playbooks/roles/tapisui/templates/docker/burndown +++ b/playbooks/roles/tapisui/templates/docker/burndown @@ -1,5 +1,5 @@ #!/bin/bash -here=$(dirname $0) +echo "burndown tapisui:" -kubectl delete -f "$here/deployment.yml" \ No newline at end of file +docker compose down \ No newline at end of file diff --git a/playbooks/roles/tapisui/templates/docker/burnup b/playbooks/roles/tapisui/templates/docker/burnup index 2164ee25..e6a627e8 100755 --- a/playbooks/roles/tapisui/templates/docker/burnup +++ b/playbooks/roles/tapisui/templates/docker/burnup @@ -1,8 +1,11 @@ #!/bin/bash -here=$(dirname $0) +echo "burnup tapisui:" -mkdir -p {{ tapisdatadir }}/tapisui +# mkdir -p {{ tapisdatadir }}/tapisui +# myuid=`id -u` +# docker run -it --rm -v {{ tapisdatadir }}/tapisui:/tapisui tapis/ubutil2204:1.3.0 chown $myuid /tapisui -kubectl apply -f "$here/service.yml" -kubectl apply -f "$here/deployment.yml" +# python3 {{ tapisdir }}/admin/util/parse_skexport -c tapisui -d {{ tapisdatadir }} + +docker compose up -d \ No newline at end of file diff --git a/playbooks/roles/tapisui/templates/docker/deployment.yml b/playbooks/roles/tapisui/templates/docker/deployment.yml deleted file mode 100644 index 89a5090d..00000000 --- a/playbooks/roles/tapisui/templates/docker/deployment.yml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tapisui-deployment -spec: - selector: - matchLabels: - app: tapisui-deployment - template: - metadata: - labels: - app: tapisui-deployment - spec: - containers: - - image: {{ tapisui_image }} - imagePullPolicy: Always - name: tapisui - ports: - - containerPort: 3000 - resources: {} - tty: true - env: - - name: LOG_LEVEL - value: {{tapisui_log_level}} diff --git a/playbooks/roles/tapisui/templates/docker/service.yml b/playbooks/roles/tapisui/templates/docker/service.yml deleted file mode 100644 index 7412bdb4..00000000 --- a/playbooks/roles/tapisui/templates/docker/service.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tapisui-service -spec: - type: NodePort - selector: - app: tapisui-deployment - ports: - - port: 3000 - targetPort: 3000 From 064618cb700f82914c6b4563c7670c2402b0693a Mon Sep 17 00:00:00 2001 From: mpackard Date: Thu, 25 May 2023 16:11:20 +0000 Subject: [PATCH 12/28] jobs migrations password fix --- playbooks/roles/admin/templates/docker/util/parse_skexport | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 7c0d911b..0e9d095d 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -36,7 +36,7 @@ jobs = {"TAPIS_SERVICE_PASSWORD": "SERVICEPWD_JOBS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", "RABBITMQ_DEFAULT_PASS": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_TAPIS_PASSWORD", "TPW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", - "PW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_POSTGRES_PASSWORD"} + "PW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD"} meta = {"":""} monitoring = {"":""} From 20279bfac9a4d857af01e5359cd7519f14936f16 Mon Sep 17 00:00:00 2001 From: Mike Packard Date: Thu, 25 May 2023 14:08:14 -0500 Subject: [PATCH 13/28] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0aeffe7..2907486a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ Notable changes between versions. +## 1.3.8 + + + ## 1.3.7 - [Authenticator: 1.3.3 to 1.3.4 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) From 779aad84cc3b6889ced4c951a9148a5ce915fd66 Mon Sep 17 00:00:00 2001 From: Mike Packard Date: Thu, 25 May 2023 14:08:39 -0500 Subject: [PATCH 14/28] Update vars.yml --- playbooks/roles/baseburnup/defaults/main/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/baseburnup/defaults/main/vars.yml b/playbooks/roles/baseburnup/defaults/main/vars.yml index 8d340072..18e4f857 100644 --- a/playbooks/roles/baseburnup/defaults/main/vars.yml +++ b/playbooks/roles/baseburnup/defaults/main/vars.yml @@ -1,4 +1,4 @@ -baseburnup_tapis_deployer_version: 1.3.7 +baseburnup_tapis_deployer_version: 1.3.8 baseburnup_service_url: "{{ global_service_url }}" baseburnup_vault_url: "{{ global_vault_url }}" From a67fbb04eb14d5a7db32fd38891c5caa0716de65 Mon Sep 17 00:00:00 2001 From: mpackard Date: Thu, 25 May 2023 19:15:59 +0000 Subject: [PATCH 15/28] changelog for 1.3.8 --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad94cd24..3fb331bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,12 @@ Notable changes between versions. -## 1.3.6 +## 1.3.8 - added java heap max and min options for apps, systems, and notifications when using Docker compose + +## 1.3.6 + - [Authenticator: 1.3.0 to 1.3.3 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) - [Jobs: 1.3.2 to 1.3.4 (tapis/jobsapi, tapis/jobsmigrate, tapis/jobsworker)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) - [SK 1.3.1 to 1.3.2 (tapis/securitymigrate, tapis/securityexport, tapis/securityadmin, tapis/securityapi)](https://github.com/tapis-project/tapis-security/blob/dev/tapis-securityapi/CHANGELOG.md) From d44145d460ea9eb6abcbdd6165bd204de46c14b2 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Fri, 26 May 2023 15:32:27 -0500 Subject: [PATCH 16/28] nginx fixed --- .../templates/docker/util/parse_skexport | 2 +- .../templates/docker/verification/sk-test | 6 ++-- .../baseburnup/templates/docker/burndown | 34 +++++++++++++++++++ .../locations/site-router-token-check.conf | 2 +- .../docker/locations/site-router.conf | 2 +- .../templates/docker/site-router-config.json | 2 +- 6 files changed, 41 insertions(+), 7 deletions(-) diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 7c0d911b..0e9d095d 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -36,7 +36,7 @@ jobs = {"TAPIS_SERVICE_PASSWORD": "SERVICEPWD_JOBS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", "RABBITMQ_DEFAULT_PASS": "DBCREDENTIAL_RABBITMQ_JOBS_RABBITMQ_JOBSHOST_TAPIS_PASSWORD", "TPW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD", - "PW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_POSTGRES_PASSWORD"} + "PW": "DBCREDENTIAL_POSTGRES_JOBS_POSTGRES_TAPISJOBSDB_TAPIS_PASSWORD"} meta = {"":""} monitoring = {"":""} diff --git a/playbooks/roles/admin/templates/docker/verification/sk-test b/playbooks/roles/admin/templates/docker/verification/sk-test index 2643bb43..5ddeacf8 100755 --- a/playbooks/roles/admin/templates/docker/verification/sk-test +++ b/playbooks/roles/admin/templates/docker/verification/sk-test @@ -3,13 +3,13 @@ echo "hello" -docker run --net tapis --rm -it {{ admin_util_image }} curl http://security-api:8000/v3/security/hello +curl -s {{ admin_service_url }}/v3/security/hello | jq .status echo echo "ready" -docker run --net tapis --rm -it {{ admin_util_image }} curl http://security-api:8000/v3/security/ready +curl -s {{ admin_service_url }}/v3/security/ready | jq .status echo echo "healthcheck" -docker run --net tapis --rm -it {{ admin_util_image }} curl http://security-api:8000/v3/security/healthcheck +curl -s {{ admin_service_url }}/v3/security/healthcheck | jq .status echo diff --git a/playbooks/roles/baseburnup/templates/docker/burndown b/playbooks/roles/baseburnup/templates/docker/burndown index 7a04c352..03a39735 100755 --- a/playbooks/roles/baseburnup/templates/docker/burndown +++ b/playbooks/roles/baseburnup/templates/docker/burndown @@ -19,6 +19,40 @@ myscript_absolute="$mydir_absolute/$myscript_nameonly" # burn down in reverse order echo "Start: top-level-burndown" +### tertiary services + +# actors + +# container-registry + +# globus-proxy + +# meta + +# monitoring + +{% if "notifications" in components_to_deploy %} +cd $mydir_absolute/notifications +./burndown +{% endif %} + +# pgrest + +# pgrest-a2cps-dev + +# pgrest-a2cps-prod + +# pods + +# streams + +{% if "tapisui" in components_to_deploy %} +cd $mydir_absolute/tapisui +./burndown +{% endif %} + +# workflows + ### secondary services {% if "jobs" in components_to_deploy %} diff --git a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf index fd429117..15c2a42c 100644 --- a/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf +++ b/playbooks/roles/proxy/templates/docker/locations/site-router-token-check.conf @@ -41,6 +41,6 @@ location /_auth { proxy_set_header Host $host; proxy_set_header Content-Length ""; proxy_set_header X-Tapis-Token $http_x_tapis_token; - proxy_pass https://admin.{{ global_tapis_domain }}/v3/site-router/tokens/check; + proxy_pass http://site-router:8000/v3/site-router/tokens/check; } diff --git a/playbooks/roles/proxy/templates/docker/locations/site-router.conf b/playbooks/roles/proxy/templates/docker/locations/site-router.conf index 70d66273..4609076b 100644 --- a/playbooks/roles/proxy/templates/docker/locations/site-router.conf +++ b/playbooks/roles/proxy/templates/docker/locations/site-router.conf @@ -4,7 +4,7 @@ location /v3/site-router # this location intentionally does NOT get an auth_request directive since the site-router endpoints IS the target of auth_request. # use var to allow nginx to start even if $upstream is down - set $upstream http://site-router-api:8000; + set $upstream http://site-router:8000; proxy_pass $upstream; proxy_redirect off; proxy_set_header Host $host; diff --git a/playbooks/roles/proxy/templates/docker/site-router-config.json b/playbooks/roles/proxy/templates/docker/site-router-config.json index 0eac5b28..f27337a2 100644 --- a/playbooks/roles/proxy/templates/docker/site-router-config.json +++ b/playbooks/roles/proxy/templates/docker/site-router-config.json @@ -4,5 +4,5 @@ "service_tenant_id": "{{proxy_service_tenant_id}}", "service_name": "{{proxy_service_name}}", "tenants": ["*"], - "redis_host": "localhost" + "redis_host": "site-router-redis" } From cbe8c793e8e9eb0dc5fcc9fa817bb814119d29dd Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Fri, 26 May 2023 15:33:48 -0500 Subject: [PATCH 17/28] notifications test --- .../admin/templates/docker/verification/notifications-test | 5 +++++ 1 file changed, 5 insertions(+) create mode 100755 playbooks/roles/admin/templates/docker/verification/notifications-test diff --git a/playbooks/roles/admin/templates/docker/verification/notifications-test b/playbooks/roles/admin/templates/docker/verification/notifications-test new file mode 100755 index 00000000..cf5c4b38 --- /dev/null +++ b/playbooks/roles/admin/templates/docker/verification/notifications-test @@ -0,0 +1,5 @@ +#!/bin/bash + +TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` + +curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/notifications/healthcheck | jq From 10452be0bfbd408213cbd0705fbd853fdb020807 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 31 May 2023 08:50:09 -0500 Subject: [PATCH 18/28] add user specification for java services --- playbooks/roles/apps/templates/docker/burnup | 3 +++ playbooks/roles/apps/templates/docker/docker-compose.yml | 1 + playbooks/roles/baseburnup/templates/docker/burnup | 8 ++++---- playbooks/roles/jobs/templates/docker/burnup | 6 ++++-- playbooks/roles/jobs/templates/docker/docker-compose.yml | 7 +++++++ playbooks/roles/notifications/templates/docker/burnup | 2 ++ .../notifications/templates/docker/docker-compose.yml | 4 ++++ playbooks/roles/security/templates/docker/burnup | 3 +++ .../roles/security/templates/docker/docker-compose.yml | 1 + playbooks/roles/systems/templates/docker/burnup | 2 ++ .../roles/systems/templates/docker/docker-compose.yml | 1 + 11 files changed, 32 insertions(+), 6 deletions(-) diff --git a/playbooks/roles/apps/templates/docker/burnup b/playbooks/roles/apps/templates/docker/burnup index 7c597a98..1af3aa04 100755 --- a/playbooks/roles/apps/templates/docker/burnup +++ b/playbooks/roles/apps/templates/docker/burnup @@ -4,6 +4,9 @@ echo "burnup apps:" mkdir -p {{ tapisdatadir }}/apps myuid=`id -u` +export UID=`id -u` +export GID=`id -g` + docker run -it --rm -v {{ tapisdatadir }}/apps:/apps tapis/ubutil2204:1.3.0 chown $myuid /apps python3 {{ tapisdir }}/admin/util/parse_skexport -c apps -d {{ tapisdatadir }} diff --git a/playbooks/roles/apps/templates/docker/docker-compose.yml b/playbooks/roles/apps/templates/docker/docker-compose.yml index fb982fcc..f0064bd3 100644 --- a/playbooks/roles/apps/templates/docker/docker-compose.yml +++ b/playbooks/roles/apps/templates/docker/docker-compose.yml @@ -7,6 +7,7 @@ networks: services: apps-api: container_name: apps-api + user: ${UID}:${GID} image: {{ apps_api_image }} networks: - tapis diff --git a/playbooks/roles/baseburnup/templates/docker/burnup b/playbooks/roles/baseburnup/templates/docker/burnup index 0a68cd8f..247e0ffb 100755 --- a/playbooks/roles/baseburnup/templates/docker/burnup +++ b/playbooks/roles/baseburnup/templates/docker/burnup @@ -39,10 +39,6 @@ docker network inspect tapis || docker network create tapis ### init / setup -{% if "proxy" in components_to_deploy %} -burnup_or_exit proxy -{% endif %} - {% if "vault" in components_to_deploy %} burnup_or_exit vault {% endif %} @@ -58,6 +54,10 @@ burnup_or_exit skadmin burnup_or_exit tenants {% endif %} +{% if "proxy" in components_to_deploy %} +burnup_or_exit proxy +{% endif %} + {% if "security" in components_to_deploy %} burnup_or_exit security {% endif %} diff --git a/playbooks/roles/jobs/templates/docker/burnup b/playbooks/roles/jobs/templates/docker/burnup index 31078c99..b648fc59 100755 --- a/playbooks/roles/jobs/templates/docker/burnup +++ b/playbooks/roles/jobs/templates/docker/burnup @@ -4,8 +4,10 @@ echo "burnup jobs:" mkdir -p {{ tapisdatadir }}/jobs -myuid=`id -u` -docker run -it --rm -v {{ tapisdatadir }}/jobs:/jobs tapis/ubutil2204:1.3.0 chown $myuid /jobs +# myuid=`id -u` +export UID=`id -u` +export GID=`id -g` +docker run -it --rm -v {{ tapisdatadir }}/jobs:/jobs tapis/ubutil2204:1.3.0 chown $UID /jobs python3 {{ tapisdir }}/admin/util/parse_skexport -c jobs -d {{ tapisdatadir }} diff --git a/playbooks/roles/jobs/templates/docker/docker-compose.yml b/playbooks/roles/jobs/templates/docker/docker-compose.yml index 3e2222e8..e45c8b17 100644 --- a/playbooks/roles/jobs/templates/docker/docker-compose.yml +++ b/playbooks/roles/jobs/templates/docker/docker-compose.yml @@ -8,6 +8,7 @@ networks: services: jobs-api: container_name: jobs-api + user: ${UID}:${GID} networks: - tapis image: {{ jobs_api_image }} @@ -79,6 +80,7 @@ services: # - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" jobs-rabbitmq: + user: ${UID}:${GID} container_name: jobs-rabbitmq image: {{ jobs_rabbitmq_management_image }} environment: @@ -102,6 +104,7 @@ services: retries: 3 jobs-altqueue: + user: ${UID}:${GID} container_name: jobs-altqueue image: {{ jobs_worker_image }} networks: @@ -129,6 +132,7 @@ services: jobs-recovery: container_name: jobs-recovery + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: - TAPIS_SITE_ID={{ jobs_service_site_id }} @@ -155,6 +159,7 @@ services: jobs-deadletter: container_name: jobs-deadletter + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: - TAPIS_SITE_ID={{ jobs_service_site_id }} @@ -181,6 +186,7 @@ services: jobs-eventqueue: container_name: jobs-eventqueue + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: - TAPIS_SITE_ID={{ jobs_service_site_id }} @@ -207,6 +213,7 @@ services: jobs-workers: container_name: jobs-workers + user: ${UID}:${GID} image: {{ jobs_worker_image }} environment: {% if jobs_node_name == true -%} diff --git a/playbooks/roles/notifications/templates/docker/burnup b/playbooks/roles/notifications/templates/docker/burnup index 483188fe..96f8d38f 100755 --- a/playbooks/roles/notifications/templates/docker/burnup +++ b/playbooks/roles/notifications/templates/docker/burnup @@ -4,6 +4,8 @@ echo "burnup notifications:" mkdir -p {{ tapisdatadir }}/notifications myuid=`id -u` +export UID=`id -u` +export GID=`id -g` docker run -it --rm -v {{ tapisdatadir }}/notifications:/notifications tapis/ubutil2204:1.3.0 chown $myuid /notifications python3 {{ tapisdir }}/admin/util/parse_skexport -c notifications -d {{ tapisdatadir }} diff --git a/playbooks/roles/notifications/templates/docker/docker-compose.yml b/playbooks/roles/notifications/templates/docker/docker-compose.yml index f58edbe7..1d2d2f51 100644 --- a/playbooks/roles/notifications/templates/docker/docker-compose.yml +++ b/playbooks/roles/notifications/templates/docker/docker-compose.yml @@ -9,6 +9,7 @@ services: notifications-api: container_name: notifications-api + user: ${UID}:${GID} image: {{ notifications_api_image }} environment: - TAPIS_SITE_ID={{ notifications_service_site_id }} @@ -31,6 +32,7 @@ services: notifications-init-db: container_name: notifications-init-db + user: ${UID}:${GID} image: {{ notifications_postgres_image }} command: bash -c "chmod +x /tmp/notifications-init-db-sh && /tmp/notifications-init-db-sh" volumes: @@ -77,6 +79,7 @@ services: notifications-dispatcher: container_name: notifications-dispatcher + user: ${UID}:${GID} image: {{ notifications_dispatcher_image }} environment: - TAPIS_SITE_ID={{ notifications_service_site_id }} @@ -99,6 +102,7 @@ services: notifications-rabbitmq: container_name: notifications-rabbitmq + user: ${UID}:${GID} image: {{ notifications_rabbitmq_image }} environment: - HOSTNAME=notifications-rabbitmq diff --git a/playbooks/roles/security/templates/docker/burnup b/playbooks/roles/security/templates/docker/burnup index 24e53b49..104550c1 100755 --- a/playbooks/roles/security/templates/docker/burnup +++ b/playbooks/roles/security/templates/docker/burnup @@ -84,5 +84,8 @@ mkdir -p {{ tapisdatadir }}/security mkdir -p {{ tapisdatadir }}/security python3 {{ tapisdir }}/admin/util/parse_skexport -c security -d {{ tapisdatadir }} +export UID=`id -u` +export GID=`id -g` + docker compose up -d diff --git a/playbooks/roles/security/templates/docker/docker-compose.yml b/playbooks/roles/security/templates/docker/docker-compose.yml index a89546d4..76a60dee 100644 --- a/playbooks/roles/security/templates/docker/docker-compose.yml +++ b/playbooks/roles/security/templates/docker/docker-compose.yml @@ -56,6 +56,7 @@ services: security-api: container_name: security-api + user: ${UID}:${GID} image: {{ security_api_image }} environment: - TAPIS_SITE_ID={{ security_service_site_id }} diff --git a/playbooks/roles/systems/templates/docker/burnup b/playbooks/roles/systems/templates/docker/burnup index b4047ffc..05c87ac2 100755 --- a/playbooks/roles/systems/templates/docker/burnup +++ b/playbooks/roles/systems/templates/docker/burnup @@ -6,6 +6,8 @@ mkdir -p {{ tapisdatadir }}/systems myuid=`id -u` docker run -it --rm -v {{ tapisdatadir }}/systems:/systems tapis/ubutil2204:1.3.0 chown $myuid /systems +export UID=`id -u` +export GID=`id -g` python3 {{ tapisdir }}/admin/util/parse_skexport -c systems -d {{ tapisdatadir }} docker compose up -d diff --git a/playbooks/roles/systems/templates/docker/docker-compose.yml b/playbooks/roles/systems/templates/docker/docker-compose.yml index 0b523c73..bc97d582 100644 --- a/playbooks/roles/systems/templates/docker/docker-compose.yml +++ b/playbooks/roles/systems/templates/docker/docker-compose.yml @@ -6,6 +6,7 @@ networks: services: systems-api: container_name: systems-api + user: ${UID}:${GID} image: {{ systems_api_image }} networks: - tapis From 39d19ddd30fcd1bac5ecfacfa457ae689b9d41c6 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 31 May 2023 09:13:07 -0500 Subject: [PATCH 19/28] forgot notifications migrations --- .../roles/notifications/templates/docker/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/playbooks/roles/notifications/templates/docker/docker-compose.yml b/playbooks/roles/notifications/templates/docker/docker-compose.yml index 1d2d2f51..81da33cf 100644 --- a/playbooks/roles/notifications/templates/docker/docker-compose.yml +++ b/playbooks/roles/notifications/templates/docker/docker-compose.yml @@ -32,7 +32,6 @@ services: notifications-init-db: container_name: notifications-init-db - user: ${UID}:${GID} image: {{ notifications_postgres_image }} command: bash -c "chmod +x /tmp/notifications-init-db-sh && /tmp/notifications-init-db-sh" volumes: From 413dd72fa60f2c8b3bd4009fa8e2dbbb8afe8adf Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 31 May 2023 09:28:37 -0500 Subject: [PATCH 20/28] change verification scripts --- playbooks/roles/admin/templates/docker/verification/tokens-test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/admin/templates/docker/verification/tokens-test b/playbooks/roles/admin/templates/docker/verification/tokens-test index 271bf1ec..d3dc8e15 100755 --- a/playbooks/roles/admin/templates/docker/verification/tokens-test +++ b/playbooks/roles/admin/templates/docker/verification/tokens-test @@ -6,5 +6,5 @@ s=`grep SERVICEPWD_TENANTS_PASSWORD {{ tapisdatadir }}/skadmin/env | awk -F= '{p # tokens # should return 200 and JSON with token -curl -u "tenants:$s" -H "Content-type: application/json" -d '{"token_tenant_id": "admin", "account_type": "service", "token_username": "tenants", "target_site_id": "{{ admin_service_site_id }}"}' {{ admin_service_url }}/v3/tokens +curl -u "tenants:$s" -H "Content-type: application/json" -d '{"token_tenant_id": "admin", "account_type": "service", "token_username": "tenants", "target_site_id": "{{ admin_service_site_id }}"}' {{ admin_devtenant_url }}/v3/tokens From 75bb7d1685130b1008171873a8f48f8fc08af6f8 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 31 May 2023 09:29:54 -0500 Subject: [PATCH 21/28] this time for sure --- .../roles/admin/templates/docker/verification/README.md | 6 ++++++ .../roles/admin/templates/docker/verification/files-test | 2 +- .../roles/admin/templates/docker/verification/jobs-test | 2 +- .../admin/templates/docker/verification/notifications-test | 2 +- playbooks/roles/admin/templates/docker/verification/sk-test | 6 +++--- .../roles/admin/templates/docker/verification/streams-test | 4 ++-- .../roles/admin/templates/docker/verification/systems-test | 2 +- .../roles/admin/templates/docker/verification/tenants-test | 2 +- 8 files changed, 16 insertions(+), 10 deletions(-) diff --git a/playbooks/roles/admin/templates/docker/verification/README.md b/playbooks/roles/admin/templates/docker/verification/README.md index c91775f4..ca628fc7 100644 --- a/playbooks/roles/admin/templates/docker/verification/README.md +++ b/playbooks/roles/admin/templates/docker/verification/README.md @@ -3,8 +3,14 @@ order: +- vault-test - sk-test - tenants-test - tokens-test - authenticator-test +- systems-test +- files-test +- jobs-test +- notifications-test +- streams-test diff --git a/playbooks/roles/admin/templates/docker/verification/files-test b/playbooks/roles/admin/templates/docker/verification/files-test index 54b1ba49..900d0f12 100755 --- a/playbooks/roles/admin/templates/docker/verification/files-test +++ b/playbooks/roles/admin/templates/docker/verification/files-test @@ -2,5 +2,5 @@ TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` -curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/files/healthcheck | jq +curl {{ admin_devtenant_url }}/v3/files/healthcheck | jq diff --git a/playbooks/roles/admin/templates/docker/verification/jobs-test b/playbooks/roles/admin/templates/docker/verification/jobs-test index d6600d6b..a84d5212 100755 --- a/playbooks/roles/admin/templates/docker/verification/jobs-test +++ b/playbooks/roles/admin/templates/docker/verification/jobs-test @@ -2,5 +2,5 @@ TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` -curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/jobs/healthcheck | jq +curl {{ admin_devtenant_url }}/v3/jobs/healthcheck | jq diff --git a/playbooks/roles/admin/templates/docker/verification/notifications-test b/playbooks/roles/admin/templates/docker/verification/notifications-test index cf5c4b38..69b3c9ed 100755 --- a/playbooks/roles/admin/templates/docker/verification/notifications-test +++ b/playbooks/roles/admin/templates/docker/verification/notifications-test @@ -2,4 +2,4 @@ TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` -curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/notifications/healthcheck | jq +curl {{ admin_devtenant_url }}/v3/notifications/healthcheck | jq diff --git a/playbooks/roles/admin/templates/docker/verification/sk-test b/playbooks/roles/admin/templates/docker/verification/sk-test index 5ddeacf8..03377744 100755 --- a/playbooks/roles/admin/templates/docker/verification/sk-test +++ b/playbooks/roles/admin/templates/docker/verification/sk-test @@ -3,13 +3,13 @@ echo "hello" -curl -s {{ admin_service_url }}/v3/security/hello | jq .status +curl -s {{ admin_devtenant_url }}/v3/security/hello | jq .status echo echo "ready" -curl -s {{ admin_service_url }}/v3/security/ready | jq .status +curl -s {{ admin_devtenant_url }}/v3/security/ready | jq .status echo echo "healthcheck" -curl -s {{ admin_service_url }}/v3/security/healthcheck | jq .status +curl -s {{ admin_devtenant_url }}/v3/security/healthcheck | jq .status echo diff --git a/playbooks/roles/admin/templates/docker/verification/streams-test b/playbooks/roles/admin/templates/docker/verification/streams-test index de517ce6..4ffa2483 100755 --- a/playbooks/roles/admin/templates/docker/verification/streams-test +++ b/playbooks/roles/admin/templates/docker/verification/streams-test @@ -1,9 +1,9 @@ #!/bin/bash -curl {{admin_service_url}}/v3/streams/hello +curl {{admin_devtenant_url}}/v3/streams/hello -curl {{admin_service_url}}/v3/streams/hello +curl {{admin_devtenant_url}}/v3/streams/hello diff --git a/playbooks/roles/admin/templates/docker/verification/systems-test b/playbooks/roles/admin/templates/docker/verification/systems-test index d6a00a9a..623af3c6 100755 --- a/playbooks/roles/admin/templates/docker/verification/systems-test +++ b/playbooks/roles/admin/templates/docker/verification/systems-test @@ -2,5 +2,5 @@ TOK=`curl -d '{"username": "testuser2", "password": "testuser2", "grant_type": "password"}' -H "Content-type: application/json" {{ admin_service_url }}/v3/oauth2/tokens | jq -r '.result.access_token.access_token'` -curl -H "X-Tapis-Token: $TOK" {{ admin_service_url }}/v3/systems/healthcheck | jq +curl {{ admin_devtenant_url }}/v3/systems/healthcheck | jq diff --git a/playbooks/roles/admin/templates/docker/verification/tenants-test b/playbooks/roles/admin/templates/docker/verification/tenants-test index 23c2bbfc..7bd0984f 100755 --- a/playbooks/roles/admin/templates/docker/verification/tenants-test +++ b/playbooks/roles/admin/templates/docker/verification/tenants-test @@ -3,5 +3,5 @@ # tenants # should return 200 and JSON with tenants list. -curl {{admin_service_url}}/v3/tenants | jq +curl {{admin_devtenant_url}}/v3/tenants | jq From 756b4dd8a383053c9997e86c53b0eb4c6c3e01cf Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 31 May 2023 09:39:05 -0500 Subject: [PATCH 22/28] restart policy for proxy --- playbooks/roles/proxy/templates/docker/docker-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/playbooks/roles/proxy/templates/docker/docker-compose.yml b/playbooks/roles/proxy/templates/docker/docker-compose.yml index 0ea028e9..0eeb5ac8 100644 --- a/playbooks/roles/proxy/templates/docker/docker-compose.yml +++ b/playbooks/roles/proxy/templates/docker/docker-compose.yml @@ -18,6 +18,7 @@ services: - ./token-revoked.json:/etc/nginx/html/token-revoked.json:ro networks: - tapis + restart: always site-router: container_name: site-router @@ -28,6 +29,7 @@ services: - ./site-router-config.json:/home/tapis/config.json:ro networks: - tapis + restart: always site-router-redis: container_name: site-router-redis @@ -38,3 +40,4 @@ services: - {{ tapisdatadir }}/proxy-site-router-redis:/data networks: - tapis + restart: always From c2d2c13eed700f378fd0b8bfa3c764d563cb37f3 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 31 May 2023 09:54:35 -0500 Subject: [PATCH 23/28] rabbitmq does not need UID / cleanup --- playbooks/roles/files/templates/docker/burnup | 2 ++ playbooks/roles/files/templates/docker/docker-compose.yml | 3 +++ playbooks/roles/jobs/templates/docker/docker-compose.yml | 1 - .../roles/notifications/templates/docker/docker-compose.yml | 1 - playbooks/roles/security/templates/docker/docker-compose.yml | 4 ---- playbooks/roles/systems/templates/docker/docker-compose.yml | 3 --- 6 files changed, 5 insertions(+), 9 deletions(-) diff --git a/playbooks/roles/files/templates/docker/burnup b/playbooks/roles/files/templates/docker/burnup index 091eb9bf..955e5a92 100755 --- a/playbooks/roles/files/templates/docker/burnup +++ b/playbooks/roles/files/templates/docker/burnup @@ -9,6 +9,8 @@ mkdir -p {{ tapisdatadir }}/files/minio mkdir -p {{ tapisdatadir }}/files/irods myuid=`id -u` +export UID=`id -u` +export GID=`id -g` docker run -it --rm -v {{ tapisdatadir }}/files:/files tapis/ubutil2204:1.3.0 chown $myuid /files python3 {{ tapisdir }}/admin/util/parse_skexport -c files -d {{ tapisdatadir }} diff --git a/playbooks/roles/files/templates/docker/docker-compose.yml b/playbooks/roles/files/templates/docker/docker-compose.yml index f97f6857..080ce5d9 100644 --- a/playbooks/roles/files/templates/docker/docker-compose.yml +++ b/playbooks/roles/files/templates/docker/docker-compose.yml @@ -78,6 +78,7 @@ services: files-workers: container_name: files-workers + user: ${UID}:${GID} image: {{ files_workers_image }} networks: - tapis @@ -96,6 +97,7 @@ services: condition: service_started files-api: + user: ${UID}:${GID} container_name: files-api image: {{ files_api_image }} networks: @@ -129,6 +131,7 @@ services: condition: service_healthy files-rabbitmq: condition: service_healthy + # files-ssh-machine: # container_name: files-ssh-machine # build: diff --git a/playbooks/roles/jobs/templates/docker/docker-compose.yml b/playbooks/roles/jobs/templates/docker/docker-compose.yml index e45c8b17..8cead02c 100644 --- a/playbooks/roles/jobs/templates/docker/docker-compose.yml +++ b/playbooks/roles/jobs/templates/docker/docker-compose.yml @@ -80,7 +80,6 @@ services: # - "{{ tapisdatadir }}/jobs/jobs-pg-data:/pgdata" jobs-rabbitmq: - user: ${UID}:${GID} container_name: jobs-rabbitmq image: {{ jobs_rabbitmq_management_image }} environment: diff --git a/playbooks/roles/notifications/templates/docker/docker-compose.yml b/playbooks/roles/notifications/templates/docker/docker-compose.yml index 81da33cf..e4349a19 100644 --- a/playbooks/roles/notifications/templates/docker/docker-compose.yml +++ b/playbooks/roles/notifications/templates/docker/docker-compose.yml @@ -101,7 +101,6 @@ services: notifications-rabbitmq: container_name: notifications-rabbitmq - user: ${UID}:${GID} image: {{ notifications_rabbitmq_image }} environment: - HOSTNAME=notifications-rabbitmq diff --git a/playbooks/roles/security/templates/docker/docker-compose.yml b/playbooks/roles/security/templates/docker/docker-compose.yml index 76a60dee..32ad859a 100644 --- a/playbooks/roles/security/templates/docker/docker-compose.yml +++ b/playbooks/roles/security/templates/docker/docker-compose.yml @@ -9,8 +9,6 @@ services: sk-postgres: container_name: sk-postgres image: {{ security_postgres_image }} -# ports: -# - 5432 networks: - tapis volumes: @@ -28,8 +26,6 @@ services: sk-pgadmin: container_name: sk-pgadmin image: {{ security_pgadmin_image }} -# ports: -# - "127.0.0.1::80" environment: - PGADMIN_DEFAULT_EMAIL=wow@example.com - PGADMIN_DEFAULT_PASSWORD=password diff --git a/playbooks/roles/systems/templates/docker/docker-compose.yml b/playbooks/roles/systems/templates/docker/docker-compose.yml index bc97d582..cbde40f7 100644 --- a/playbooks/roles/systems/templates/docker/docker-compose.yml +++ b/playbooks/roles/systems/templates/docker/docker-compose.yml @@ -19,7 +19,6 @@ services: - TAPIS_GLOBUS_CLIENT_ID - TAPIS_DB_USER=tapis_sys command: java -Xms{{ systems_heap_min }} -Xmx{{ systems_heap_max }} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED -cp "systems.jar:dependencies/*" edu.utexas.tacc.tapis.systems.api.SystemsApplication - # command: sleep infinity depends_on: systems-migrations: condition: service_completed_successfully @@ -50,9 +49,7 @@ services: - {{ tapisdir }}/systems/systems-init-db-sh:/init-db env_file: {{ tapisdatadir }}/systems/env - # command: /init-db command: bash -c "cp /init-db /local_initdb && echo 100 && chown $(whoami) /local_initdb && echo 200 && chmod +x /local_initdb && echo 300 && /local_initdb" - # command: sleep infinity depends_on: systems-postgres: condition: service_healthy From dd38d9aa079c8ff18f0fcf2fad47bf9ca2d55402 Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Wed, 31 May 2023 11:47:46 -0500 Subject: [PATCH 24/28] security postgres password mapping update --- playbooks/roles/admin/templates/docker/util/parse_skexport | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 0e9d095d..02fa0947 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -62,7 +62,7 @@ security = {"TAPIS_SK_VAULT_SECRET_ID": "", # these two are populated later with "TAPIS_PASSWORD": "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_TAPIS_PASSWORD", "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_POSTGRES_PASSWORD", "PW" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_POSTGRES_PASSWORD", - "TPW" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_TAPIS_PASSWORD"} + "TPW" : "DBCREDENTIAL_POSTGRES_SK_POSTGRES_TAPISSECDB_POSTGRES_PASSWORD"} skadmin = {"":""} streams = {"":""} From 50d5f4860c27a1b05d41111c48e126e4fad3b9e8 Mon Sep 17 00:00:00 2001 From: mpackard Date: Fri, 2 Jun 2023 09:31:09 -0500 Subject: [PATCH 25/28] bumped versions of systems, apps, jobs --- CHANGELOG.md | 4 ++++ playbooks/roles/files/defaults/main/images.yml | 4 ++-- playbooks/roles/jobs/defaults/main/images.yml | 6 +++--- playbooks/roles/systems/defaults/main/images.yml | 2 +- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7086565f..396cc700 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Notable changes between versions. ## 1.3.8 +- Added java heap max and min options for apps, systems, and notifications when using Docker compose +- [Jobs: 1.3.4 to 1.3.5 (tapis/jobsworker, jobsmigrate, jobsapi)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) +- [Systems: 1.3.2 to 1.3.3 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/1.3.3/CHANGELOG.md) +- [Files: 1.3.5 to 1.3.6 (tapis/tapis-files, tapis/tapis-files-workers)](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) ## 1.3.7 diff --git a/playbooks/roles/files/defaults/main/images.yml b/playbooks/roles/files/defaults/main/images.yml index 42f282a3..620b1240 100644 --- a/playbooks/roles/files/defaults/main/images.yml +++ b/playbooks/roles/files/defaults/main/images.yml @@ -1,5 +1,5 @@ -files_api_image: tapis/tapis-files:1.3.5 -files_workers_image: tapis/tapis-files-workers:1.3.5 +files_api_image: tapis/tapis-files:1.3.6 +files_workers_image: tapis/tapis-files-workers:1.3.6 files_postgres_image: postgres:11 files_minio_image: minio/minio files_irods_provider_postgres_image: mjstealey/irods-provider-postgres:4.2.4 diff --git a/playbooks/roles/jobs/defaults/main/images.yml b/playbooks/roles/jobs/defaults/main/images.yml index 15a15848..6f9ffdbc 100644 --- a/playbooks/roles/jobs/defaults/main/images.yml +++ b/playbooks/roles/jobs/defaults/main/images.yml @@ -1,6 +1,6 @@ -jobs_api_image: tapis/jobsapi:1.3.4 -jobs_migrations_image: tapis/jobsmigrate:1.3.4 -jobs_worker_image: tapis/jobsworker:1.3.4 +jobs_api_image: tapis/jobsapi:1.3.5 +jobs_migrations_image: tapis/jobsmigrate:1.3.5 +jobs_worker_image: tapis/jobsworker:1.3.5 jobs_postgres_image: postgres:12.4 jobs_pgadmin_image: dpage/pgadmin4:6.20 jobs_rabbitmq_management_image: rabbitmq:3.8.11-management diff --git a/playbooks/roles/systems/defaults/main/images.yml b/playbooks/roles/systems/defaults/main/images.yml index ac78768d..e300f256 100644 --- a/playbooks/roles/systems/defaults/main/images.yml +++ b/playbooks/roles/systems/defaults/main/images.yml @@ -1,3 +1,3 @@ systems_pgadmin_image: dpage/pgadmin4:6.20 systems_postgres_image: postgres:12.4 -systems_api_image: tapis/systems:1.3.2 +systems_api_image: tapis/systems:1.3.3 From c03e26013162f42d2db5bc359fdd28ab5529ae44 Mon Sep 17 00:00:00 2001 From: mpackard Date: Fri, 2 Jun 2023 09:40:29 -0500 Subject: [PATCH 26/28] used systems_postgres_image for migrations --- playbooks/roles/systems/defaults/main/images.yml | 1 - playbooks/roles/systems/templates/docker/docker-compose.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/playbooks/roles/systems/defaults/main/images.yml b/playbooks/roles/systems/defaults/main/images.yml index d449878d..ac78768d 100644 --- a/playbooks/roles/systems/defaults/main/images.yml +++ b/playbooks/roles/systems/defaults/main/images.yml @@ -1,4 +1,3 @@ systems_pgadmin_image: dpage/pgadmin4:6.20 systems_postgres_image: postgres:12.4 systems_api_image: tapis/systems:1.3.2 -systems_migrations_image: postgres:12.4 diff --git a/playbooks/roles/systems/templates/docker/docker-compose.yml b/playbooks/roles/systems/templates/docker/docker-compose.yml index cbde40f7..8209bcb7 100644 --- a/playbooks/roles/systems/templates/docker/docker-compose.yml +++ b/playbooks/roles/systems/templates/docker/docker-compose.yml @@ -42,7 +42,7 @@ services: systems-migrations: container_name: systems-migrations - image: {{ systems_migrations_image }} + image: {{ systems_postgres_image }} networks: - tapis volumes: From 7c795af7abbeb44f7b6ba22237b743cafaff5341 Mon Sep 17 00:00:00 2001 From: Mike Packard Date: Fri, 2 Jun 2023 17:17:28 -0500 Subject: [PATCH 27/28] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 692690b0..50592bec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,10 @@ Notable changes between versions. - [Systems: 1.3.2 to 1.3.3 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/1.3.3/CHANGELOG.md) - [Files: 1.3.5 to 1.3.6 (tapis/tapis-files, tapis/tapis-files-workers)](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) +### Breaking Changes + +- There is a breaking change related to how Files and Systems interact for systems of type IRODS. Please see the [CHANGELOG](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) for the Files service for more information. + ## 1.3.7 - [Authenticator: 1.3.3 to 1.3.4 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md) From 7ff8ace0bdd84cb64c6ae6ace92f8853d433b4a1 Mon Sep 17 00:00:00 2001 From: Mike Packard Date: Mon, 5 Jun 2023 16:57:22 -0500 Subject: [PATCH 28/28] Update CHANGELOG.md --- CHANGELOG.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50592bec..62a02296 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,13 @@ Notable changes between versions. - [Jobs: 1.3.4 to 1.3.5 (tapis/jobsworker, jobsmigrate, jobsapi)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md) - [Systems: 1.3.2 to 1.3.3 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/1.3.3/CHANGELOG.md) - [Files: 1.3.5 to 1.3.6 (tapis/tapis-files, tapis/tapis-files-workers)](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) - +- Docker Flavor update: + - Added verification scripts for more core components + - Changed secrets to using a python script for parsing instead of bash scripting + - Added a DB init script for files + - Removed hard-coded urls in proxy + - General cleanup & bugfixes + ### Breaking Changes - There is a breaking change related to how Files and Systems interact for systems of type IRODS. Please see the [CHANGELOG](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md) for the Files service for more information.