Merge pull request #395 from tapis-project/dev

Dev
tapis-project · Sep 17, 2024 · ffa7414 · ffa7414
2 parents 3467c6c + 28f201b
commit ffa7414
Show file tree

Hide file tree

Showing 9 changed files with 120 additions and 41 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@
 - [Globus-Proxy: 1.6.4 to 1.7.0 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/dev/CHANGELOG.md)
 - [Workflows: 1.6.0 to 1.7.0 (tapis/workflows-api, tapis/workflows-pipelines, tapis/workflow-engine-streams)](https://github.com/tapis-project/tapis-workflows/blob/release-1.7.0/CHANGELOG.md)
 - [Pods: 1.6.0 to 1.7.0 (tapis/pods-api)](https://github.com/tapis-project/pods_service/blob/dev/CHANGELOG.md)
+- [TapisUI: 1.7.0 (tapis/tapisui)](https://github.com/tapis-project/tapis-ui/blob/dev/CHANGELOG.md)
 
 ### Breaking Changes for Deployer Admins
 

diff --git a/playbooks/roles/admin/defaults/main/vars.yml b/playbooks/roles/admin/defaults/main/vars.yml
@@ -5,6 +5,7 @@ admin_service_url: "{{ global_service_url }}"
 admin_devtenant_url: "{{ global_devtenant_url }}"
 admin_site_id: "{{ global_site_id }}"
 admin_service_tenant_id: "{{ global_service_tenant_id }}"
+admin_service_devtenant_id: "{{ global_devtenant_id }}"
 admin_service_name: admin
 admin_service_site_id: "{{ global_site_id }}"
 admin_storage_class: "{{ global_storage_class }}"

diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport
@@ -28,7 +28,7 @@ apps = {
 authenticator = {
     "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD",
     "postgres_password": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD",
-    "LDAP_ROOTPASS": "USER_ADMIN_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD",
+    "LDAP_ROOTPASS": "USER_{{ global_service_tenant_id | upper }}_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD",
     "service_password": "SERVICEPWD_AUTHENTICATOR_PASSWORD"
     }
 
@@ -143,7 +143,7 @@ tenants = {
     "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD",
     "service_password": "SERVICEPWD_TENANTS_PASSWORD",
     "admin_tenant_public_key": "JWTSIGNING_{{ admin_service_tenant_id | upper }}_PUBLICKEY",
-    "dev_tenant_public_key": "JWTSIGNING_DEV_PUBLICKEY" 
+    "dev_tenant_public_key": "JWTSIGNING_{{ admin_service_devtenant_id | upper }}_PUBLICKEY" 
     }
 
 tokens = {
@@ -158,7 +158,7 @@ workflows = {"":""}
 # parse args
 parser = argparse.ArgumentParser()
 parser.add_argument('-c', '--comp', help='Tapis component to export env file for', required=True)
-parser.add_argument('-d', '--dir', help='Tapis data dir as defined in the ansible', required=True)
+parser.add_argument('-d', '--dir', help='Tapis data dir as defined in the ansible host vars', required=True)
 parser.add_argument('-v', '--verbose', help='Display debug information', action='store_true')
 args = parser.parse_args()
 
@@ -219,8 +219,12 @@ if component == 'security':
     r = requests.get('http://localhost:8200/v1/auth/approle/role/sk/role-id', headers=headers)
     if args.verbose:
         print(f'getting role-id, have:: {r.json()}')
-    output_dict['TAPIS_SK_VAULT_ROLE_ID'] =  r.json()['data']['role_id']
-    output_dict['VAULT_ROLEID'] =  r.json()['data']['role_id']
+
+    try:
+        output_dict['TAPIS_SK_VAULT_ROLE_ID'] =  r.json()['data']['role_id']
+        output_dict['VAULT_ROLEID'] =  r.json()['data']['role_id']
+    except KeyError as e:
+        print(f'Encountered key error while parsing {r.json()}:: {e}')
 
     if args.verbose:
         print(f'''populating values for security, have:
@@ -246,14 +250,18 @@ with open(infile, 'r') as lines:
                     output_dict[key] = skexport_value
                     if key == 'MONGO_INITDB_ROOT_PASSWORD':
                         output_dict["MONGO_URI"] = f"mongodb://restheart:{skexport_value}@restheart-mongo:27017/?authSource=admin"
+                if "public_key" in key or "private_key" in key or "privatekey" in key:
+                        if args.verbose:
+                            print(f'Key {key} is a signing token. Need to make sure its quoted')
+                        output_dict[key] = f'"{skexport_value}"'
         except KeyError:
             pass
 
 if args.verbose:
     print(f'Completed mapping. Writing {output_dict}')
 
 for key in output_dict:
-    outfile.write(f'{key}="{output_dict[key]}"\n')
+    outfile.write(f'{key}={output_dict[key]}\n')
 
 
 outfile.close() 
diff --git a/playbooks/roles/get_defaults/defaults/main/vars.yml b/playbooks/roles/get_defaults/defaults/main/vars.yml
@@ -1,18 +1,36 @@
-global_service_tenant_id_default: admin
-tapisdir_default: '{{ ansible_env.HOME }}/.tapis/{{ inventory_hostname }}'
-tapisdatadir_default: '{{ ansible_env.HOME }}/.tapis-data/{{ inventory_hostname }}'
-global_vault_url_default: 'http://vault:8200'
+# these should be required to be set in host_vars
+global_tapis_domain: ''
+tapisdir: ''
+tapisdatadir_default: ''
+global_site_id: ''
+proxy_nginx_cert_file: ''
+proxy_nginx_cert_key: ''
 
-# Commenting these, they are getting mixed up with other vars.
-#global_service_url_default: 'https://{{ global_service_tenant_id }}.{{ global_tapis_domain }}'
-#global_devtenant_url_default: 'https://dev.{{ global_tapis_domain }}'
-#global_primary_site_admin_tenant_base_url_default: 'https://admin.{{ global_tapis_domain }}'
 
+# For primary sites, these should be left default 
+# For associate sites, these should be changed (and must be unique across the primary sites' tenant names)
+# ... AND the value needs to match what it is in the site record
+global_service_tenant_id: admin
+global_devtenant_id: dev
 
-# A) There should be NO choice for primary sites, 
-# B) For associate sites, we should actually compute the field from the site record.. (or anyway, the 
-#    value needs to match what it is on the site record).
-components_to_deploy_default:
+# For primary site, this is the same as the global_tapis_domain
+# For associate site, it should be defined in host_vars
+global_service_domain: '{{ global_tapis_domain }}'
+
+# service urls
+# - should be same for primary site
+# - should be different for associate site
+
+global_primary_site_admin_tenant_base_url: 'https://{{ global_service_tenant_id }}.{{ global_service_domain }}'
+global_service_url: '{{ global_primary_site_admin_tenant_base_url }}'
+global_devtenant_url: 'https://{{ global_devtenant_id }}.{{ global_tapis_domain }}'
+
+
+### relatively safe defaults below
+
+global_vault_url: http://vault:8200
+
+components_to_deploy:
   - actors
   - admin
   - apps
@@ -37,3 +55,7 @@ components_to_deploy_default:
 #  - workflows  
 #  - test-resources
 
+
+
+
+
diff --git a/playbooks/roles/get_defaults/tasks/main.yml b/playbooks/roles/get_defaults/tasks/main.yml
@@ -1,22 +1,58 @@
 ---
 
-- name: Set default values for vars
+# Ensure global vars are defined and checked
+
+- name: Test that important variables are present and not empty
+  assert:
+    that:
+      - tapisdir != ''
+      - tapisdatadir != ''
+      - components_to_deploy != ''
+      - global_service_tenant_id != ''
+      - global_devtenant_id != ''
+      - global_service_domain != ''
+      - global_primary_site_admin_tenant_base_url != ''
+      - global_service_url != ''
+      - global_devtenant_url != ''
+      - global_vault_url != ''
+
+- name: If associate site (site_type 2), check a few variables 
+  assert:
+    that:
+      - global_service_tenant_id != 'admin'
+      - global_devtenant_id != 'dev'
+      - global_tapis_domain != '{{ global_service_domain }}'
+  when:
+    - site_type == 2
+
+- name: Print important vars
+  ansible.builtin.debug:
+    var: "{{ item }}" 
+  with_items:
+    - tapisdir
+    - tapisdatadir
+    - components_to_deploy
+    - global_service_tenant_id
+    - global_devtenant_id
+    - global_service_domain
+    - global_primary_site_admin_tenant_base_url
+    - global_service_url
+    - global_devtenant_url
+    - global_vault_url 
+
+
+# Use set_fact on global vars so the following roles can use them
+
+- name: Set global vars
   ansible.builtin.set_fact:
-    global_service_tenant_id: '{{ global_service_tenant_id | default(global_service_tenant_id_default) }}'
-    tapisdir: '{{ tapisdir | default(tapisdir_default) }}'
-    tapisdatadir: '{{ tapisdatadir | default(tapisdatadir_default) }}'
-    global_vault_url: '{{ global_vault_url | default(global_vault_url_default) }}'
-    #global_service_url: '{{ global_service_url | default(global_service_url_default) }}'
+    tapisdir: '{{ tapisdir }}'
+    tapisdatadir: '{{ tapisdatadir }}'
+    components_to_deploy: '{{ components_to_deploy }}'
+    global_service_tenant_id: '{{ global_service_tenant_id }}'
+    global_devtenant_id: '{{ global_devtenant_id }}'
+    global_service_domain: '{{ global_service_domain }}'
+    global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url }}'
     global_service_url: '{{ global_service_url }}'
-    components_to_deploy: '{{ components_to_deploy | default(components_to_deploy_default) }}'
-    #global_devtenant_url: '{{ global_devtenant_url | default(global_devtenant_url_default) }}'
     global_devtenant_url: '{{ global_devtenant_url }}'
-    #global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url | default(global_primary_site_admin_tenant_base_url_default) }}'
-    global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url }}'
+    global_vault_url: '{{ global_vault_url }}'
 
-- name: Values being used
-  ansible.builtin.debug:
-    msg: 
-      - 'tapisdir: {{ tapisdir }}'
-      - 'tapisdatadir: {{ tapisdatadir }}'
-      - 'components_to_deploy: {{ components_to_deploy }}'
diff --git a/playbooks/roles/pods/templates/kube/config.json b/playbooks/roles/pods/templates/kube/config.json
@@ -47,5 +47,12 @@
         "log_ex": 43200
     },
     "{{ pods_service_site_id }}_tenant_object": {
-    }
+    },
+    "compute_queues": [
+        {
+            "queue_name": "default",
+            "default": true,
+            "description": "running with no Kubernetes extras"
+        }
+    ]
 }
diff --git a/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf b/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf
@@ -1,11 +1,17 @@
 # ui
-location /tapis-ui
+location /
 {
 {% if "tapisui" in proxy_nginx_service_list %}
     proxy_pass http://tapisui-service:3000;
 {% else %}
-    proxy_pass {{proxy_primary_site_admin_tenant_base_url}};
+    proxy_pass {{ proxy_primary_site_admin_tenant_base_url }};
 {% endif %}        
     proxy_redirect off;
     proxy_set_header Host $host;
-}
+}
+
+location ~* ^/(tapis-ui|tapisui|ui)
+{
+    # rewrite path to move /tapis-ui, /tapisui, and /ui traffic to /
+    return 301 https://$host/;
+}
diff --git a/playbooks/roles/tapisui/templates/kube/deployment.yml b/playbooks/roles/tapisui/templates/kube/deployment.yml
@@ -15,8 +15,6 @@ spec:
         - image: {{ tapisui_image }}
           imagePullPolicy: Always
           name: tapisui
-          ports:
-            - containerPort: 3000
           resources: {}
           tty: true
           env:

diff --git a/playbooks/roles/tapisui/templates/kube/service.yml b/playbooks/roles/tapisui/templates/kube/service.yml
@@ -8,4 +8,4 @@ spec:
     app: tapisui-deployment
   ports:
     - port: 3000
-      targetPort: 3000
+      targetPort: 80