diff --git a/CHANGELOG.md b/CHANGELOG.md index 21805bcb..525850ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ - [Globus-Proxy: 1.6.4 to 1.7.0 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/dev/CHANGELOG.md) - [Workflows: 1.6.0 to 1.7.0 (tapis/workflows-api, tapis/workflows-pipelines, tapis/workflow-engine-streams)](https://github.com/tapis-project/tapis-workflows/blob/release-1.7.0/CHANGELOG.md) - [Pods: 1.6.0 to 1.7.0 (tapis/pods-api)](https://github.com/tapis-project/pods_service/blob/dev/CHANGELOG.md) +- [TapisUI: 1.7.0 (tapis/tapisui)](https://github.com/tapis-project/tapis-ui/blob/dev/CHANGELOG.md) ### Breaking Changes for Deployer Admins diff --git a/playbooks/roles/admin/defaults/main/vars.yml b/playbooks/roles/admin/defaults/main/vars.yml index 751b62dd..b07001a9 100644 --- a/playbooks/roles/admin/defaults/main/vars.yml +++ b/playbooks/roles/admin/defaults/main/vars.yml @@ -5,6 +5,7 @@ admin_service_url: "{{ global_service_url }}" admin_devtenant_url: "{{ global_devtenant_url }}" admin_site_id: "{{ global_site_id }}" admin_service_tenant_id: "{{ global_service_tenant_id }}" +admin_service_devtenant_id: "{{ global_devtenant_id }}" admin_service_name: admin admin_service_site_id: "{{ global_site_id }}" admin_storage_class: "{{ global_storage_class }}" diff --git a/playbooks/roles/admin/templates/docker/util/parse_skexport b/playbooks/roles/admin/templates/docker/util/parse_skexport index 009fcca0..0fc59e4f 100644 --- a/playbooks/roles/admin/templates/docker/util/parse_skexport +++ b/playbooks/roles/admin/templates/docker/util/parse_skexport @@ -28,7 +28,7 @@ apps = { authenticator = { "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", "postgres_password": "DBCREDENTIAL_POSTGRES_POSTGRES_AUTHENTICATOR_AUTHENTICATOR_PASSWORD", - "LDAP_ROOTPASS": "USER_ADMIN_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD", + "LDAP_ROOTPASS": "USER_{{ global_service_tenant_id | upper }}_AUTHENTICATOR_LDAP_TAPIS_DEV_PASSWORD", "service_password": "SERVICEPWD_AUTHENTICATOR_PASSWORD" } @@ -143,7 +143,7 @@ tenants = { "POSTGRES_PASSWORD": "DBCREDENTIAL_POSTGRES_TENANTS_POSTGRES_TENANTS_TENANTS_PASSWORD", "service_password": "SERVICEPWD_TENANTS_PASSWORD", "admin_tenant_public_key": "JWTSIGNING_{{ admin_service_tenant_id | upper }}_PUBLICKEY", - "dev_tenant_public_key": "JWTSIGNING_DEV_PUBLICKEY" + "dev_tenant_public_key": "JWTSIGNING_{{ admin_service_devtenant_id | upper }}_PUBLICKEY" } tokens = { @@ -158,7 +158,7 @@ workflows = {"":""} # parse args parser = argparse.ArgumentParser() parser.add_argument('-c', '--comp', help='Tapis component to export env file for', required=True) -parser.add_argument('-d', '--dir', help='Tapis data dir as defined in the ansible', required=True) +parser.add_argument('-d', '--dir', help='Tapis data dir as defined in the ansible host vars', required=True) parser.add_argument('-v', '--verbose', help='Display debug information', action='store_true') args = parser.parse_args() @@ -219,8 +219,12 @@ if component == 'security': r = requests.get('http://localhost:8200/v1/auth/approle/role/sk/role-id', headers=headers) if args.verbose: print(f'getting role-id, have:: {r.json()}') - output_dict['TAPIS_SK_VAULT_ROLE_ID'] = r.json()['data']['role_id'] - output_dict['VAULT_ROLEID'] = r.json()['data']['role_id'] + + try: + output_dict['TAPIS_SK_VAULT_ROLE_ID'] = r.json()['data']['role_id'] + output_dict['VAULT_ROLEID'] = r.json()['data']['role_id'] + except KeyError as e: + print(f'Encountered key error while parsing {r.json()}:: {e}') if args.verbose: print(f'''populating values for security, have: @@ -246,6 +250,10 @@ with open(infile, 'r') as lines: output_dict[key] = skexport_value if key == 'MONGO_INITDB_ROOT_PASSWORD': output_dict["MONGO_URI"] = f"mongodb://restheart:{skexport_value}@restheart-mongo:27017/?authSource=admin" + if "public_key" in key or "private_key" in key or "privatekey" in key: + if args.verbose: + print(f'Key {key} is a signing token. Need to make sure its quoted') + output_dict[key] = f'"{skexport_value}"' except KeyError: pass @@ -253,7 +261,7 @@ if args.verbose: print(f'Completed mapping. Writing {output_dict}') for key in output_dict: - outfile.write(f'{key}="{output_dict[key]}"\n') + outfile.write(f'{key}={output_dict[key]}\n') outfile.close() diff --git a/playbooks/roles/get_defaults/defaults/main/vars.yml b/playbooks/roles/get_defaults/defaults/main/vars.yml index 84dfa7f9..b8510171 100644 --- a/playbooks/roles/get_defaults/defaults/main/vars.yml +++ b/playbooks/roles/get_defaults/defaults/main/vars.yml @@ -1,18 +1,36 @@ -global_service_tenant_id_default: admin -tapisdir_default: '{{ ansible_env.HOME }}/.tapis/{{ inventory_hostname }}' -tapisdatadir_default: '{{ ansible_env.HOME }}/.tapis-data/{{ inventory_hostname }}' -global_vault_url_default: 'http://vault:8200' +# these should be required to be set in host_vars +global_tapis_domain: '' +tapisdir: '' +tapisdatadir_default: '' +global_site_id: '' +proxy_nginx_cert_file: '' +proxy_nginx_cert_key: '' -# Commenting these, they are getting mixed up with other vars. -#global_service_url_default: 'https://{{ global_service_tenant_id }}.{{ global_tapis_domain }}' -#global_devtenant_url_default: 'https://dev.{{ global_tapis_domain }}' -#global_primary_site_admin_tenant_base_url_default: 'https://admin.{{ global_tapis_domain }}' +# For primary sites, these should be left default +# For associate sites, these should be changed (and must be unique across the primary sites' tenant names) +# ... AND the value needs to match what it is in the site record +global_service_tenant_id: admin +global_devtenant_id: dev -# A) There should be NO choice for primary sites, -# B) For associate sites, we should actually compute the field from the site record.. (or anyway, the -# value needs to match what it is on the site record). -components_to_deploy_default: +# For primary site, this is the same as the global_tapis_domain +# For associate site, it should be defined in host_vars +global_service_domain: '{{ global_tapis_domain }}' + +# service urls +# - should be same for primary site +# - should be different for associate site + +global_primary_site_admin_tenant_base_url: 'https://{{ global_service_tenant_id }}.{{ global_service_domain }}' +global_service_url: '{{ global_primary_site_admin_tenant_base_url }}' +global_devtenant_url: 'https://{{ global_devtenant_id }}.{{ global_tapis_domain }}' + + +### relatively safe defaults below + +global_vault_url: http://vault:8200 + +components_to_deploy: - actors - admin - apps @@ -37,3 +55,7 @@ components_to_deploy_default: # - workflows # - test-resources + + + + diff --git a/playbooks/roles/get_defaults/tasks/main.yml b/playbooks/roles/get_defaults/tasks/main.yml index 63dfd59d..f5b8f88d 100644 --- a/playbooks/roles/get_defaults/tasks/main.yml +++ b/playbooks/roles/get_defaults/tasks/main.yml @@ -1,22 +1,58 @@ --- -- name: Set default values for vars +# Ensure global vars are defined and checked + +- name: Test that important variables are present and not empty + assert: + that: + - tapisdir != '' + - tapisdatadir != '' + - components_to_deploy != '' + - global_service_tenant_id != '' + - global_devtenant_id != '' + - global_service_domain != '' + - global_primary_site_admin_tenant_base_url != '' + - global_service_url != '' + - global_devtenant_url != '' + - global_vault_url != '' + +- name: If associate site (site_type 2), check a few variables + assert: + that: + - global_service_tenant_id != 'admin' + - global_devtenant_id != 'dev' + - global_tapis_domain != '{{ global_service_domain }}' + when: + - site_type == 2 + +- name: Print important vars + ansible.builtin.debug: + var: "{{ item }}" + with_items: + - tapisdir + - tapisdatadir + - components_to_deploy + - global_service_tenant_id + - global_devtenant_id + - global_service_domain + - global_primary_site_admin_tenant_base_url + - global_service_url + - global_devtenant_url + - global_vault_url + + +# Use set_fact on global vars so the following roles can use them + +- name: Set global vars ansible.builtin.set_fact: - global_service_tenant_id: '{{ global_service_tenant_id | default(global_service_tenant_id_default) }}' - tapisdir: '{{ tapisdir | default(tapisdir_default) }}' - tapisdatadir: '{{ tapisdatadir | default(tapisdatadir_default) }}' - global_vault_url: '{{ global_vault_url | default(global_vault_url_default) }}' - #global_service_url: '{{ global_service_url | default(global_service_url_default) }}' + tapisdir: '{{ tapisdir }}' + tapisdatadir: '{{ tapisdatadir }}' + components_to_deploy: '{{ components_to_deploy }}' + global_service_tenant_id: '{{ global_service_tenant_id }}' + global_devtenant_id: '{{ global_devtenant_id }}' + global_service_domain: '{{ global_service_domain }}' + global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url }}' global_service_url: '{{ global_service_url }}' - components_to_deploy: '{{ components_to_deploy | default(components_to_deploy_default) }}' - #global_devtenant_url: '{{ global_devtenant_url | default(global_devtenant_url_default) }}' global_devtenant_url: '{{ global_devtenant_url }}' - #global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url | default(global_primary_site_admin_tenant_base_url_default) }}' - global_primary_site_admin_tenant_base_url: '{{ global_primary_site_admin_tenant_base_url }}' + global_vault_url: '{{ global_vault_url }}' -- name: Values being used - ansible.builtin.debug: - msg: - - 'tapisdir: {{ tapisdir }}' - - 'tapisdatadir: {{ tapisdatadir }}' - - 'components_to_deploy: {{ components_to_deploy }}' diff --git a/playbooks/roles/pods/templates/kube/config.json b/playbooks/roles/pods/templates/kube/config.json index 21a3120f..d5ce44b8 100644 --- a/playbooks/roles/pods/templates/kube/config.json +++ b/playbooks/roles/pods/templates/kube/config.json @@ -47,5 +47,12 @@ "log_ex": 43200 }, "{{ pods_service_site_id }}_tenant_object": { - } + }, + "compute_queues": [ + { + "queue_name": "default", + "default": true, + "description": "running with no Kubernetes extras" + } + ] } diff --git a/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf b/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf index 9fc05fc9..71341021 100644 --- a/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf +++ b/playbooks/roles/proxy/templates/kube/nginx/locations/ui.conf @@ -1,11 +1,17 @@ # ui -location /tapis-ui +location / { {% if "tapisui" in proxy_nginx_service_list %} proxy_pass http://tapisui-service:3000; {% else %} - proxy_pass {{proxy_primary_site_admin_tenant_base_url}}; + proxy_pass {{ proxy_primary_site_admin_tenant_base_url }}; {% endif %} proxy_redirect off; proxy_set_header Host $host; -} \ No newline at end of file +} + +location ~* ^/(tapis-ui|tapisui|ui) +{ + # rewrite path to move /tapis-ui, /tapisui, and /ui traffic to / + return 301 https://$host/; +} diff --git a/playbooks/roles/tapisui/templates/kube/deployment.yml b/playbooks/roles/tapisui/templates/kube/deployment.yml index 89a5090d..fc1d06ee 100644 --- a/playbooks/roles/tapisui/templates/kube/deployment.yml +++ b/playbooks/roles/tapisui/templates/kube/deployment.yml @@ -15,8 +15,6 @@ spec: - image: {{ tapisui_image }} imagePullPolicy: Always name: tapisui - ports: - - containerPort: 3000 resources: {} tty: true env: diff --git a/playbooks/roles/tapisui/templates/kube/service.yml b/playbooks/roles/tapisui/templates/kube/service.yml index 7412bdb4..76ac28aa 100644 --- a/playbooks/roles/tapisui/templates/kube/service.yml +++ b/playbooks/roles/tapisui/templates/kube/service.yml @@ -8,4 +8,4 @@ spec: app: tapisui-deployment ports: - port: 3000 - targetPort: 3000 + targetPort: 80