From f0d8cf044e3a94e63fbe75fb3d242d2e0e259dd6 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Thu, 19 Sep 2024 16:49:57 +0200 Subject: [PATCH 01/15] wip --- charts/Makefile | 33 +++++++++++++++++++++------------ charts/README.md | 8 ++++++++ 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/charts/Makefile b/charts/Makefile index 8bf61fee..f33c5391 100644 --- a/charts/Makefile +++ b/charts/Makefile @@ -7,33 +7,32 @@ CONFIG_DIR := $(shell dirname $(REPO_CONFIG_LOCATION)) CHART_DIRS := $(wildcard $(REPO_BASE_DIR)/charts/*/) .PHONY: .check-helmfile-installed -.check-helmfile-installed: +.check-helmfile-installed: ## Checks if helmfile is installed @if ! command -v helmfile >/dev/null 2>&1; then \ echo "'helmfile' is not installed. Install it to continue ...";\ fi -helmfile.yaml: simcore-charts/helmfile.yaml +helmfile.yaml: simcore-charts/helmfile.yaml ## Copies the helmfile.yaml to the charts directory cp $(CONFIG_DIR)/$@ $(REPO_BASE_DIR)/charts/helmfile.yaml -simcore-charts/helmfile.yaml: +simcore-charts/helmfile.yaml: ## Copies the simcore helmfile to the charts directory cp $(CONFIG_DIR)/helmfile.simcore.yaml $(REPO_BASE_DIR)/charts/$@ .PHONY: helmfile-lint -helmfile-lint: .check-helmfile-installed helmfile.yaml +helmfile-lint: .check-helmfile-installed helmfile.yaml ## Lints the helmfile set -a; source $(REPO_CONFIG_LOCATION); set +a; \ helmfile lint .PHONY: .helmfile-local-post-install -.helmfile-local-post-install: +.helmfile-local-post-install: ## Post install steps for local helmfile deployment @$(MAKE) -s configure-local-hosts @echo ""; @echo "Cluster has been deployed locally: http://$(MACHINE_FQDN)"; @echo " For secure connections self-signed certificates are used."; - @echo " Install their root-ca certificate in your system for smooth experience."; - @echo " For insecure connections make sure to disable automatic https redirects in your browser."; + @echo " .PHONY: helmfile-apply -helmfile-apply: .check-helmfile-installed helmfile.yaml +helmfile-apply: .check-helmfile-installed helmfile.yaml ## Applies the helmfile configuration set -a; source $(REPO_CONFIG_LOCATION); set +a; \ helmfile -f $(REPO_BASE_DIR)/charts/helmfile.yaml apply @@ -41,17 +40,27 @@ helmfile-apply: .check-helmfile-installed helmfile.yaml $(MAKE) -s .helmfile-local-post-install; \ fi +.PHONY: helmfile-sync +helmfile-sync: .check-helmfile-installed helmfile.yaml ## Syncs the helmfile configuration + set -a; source $(REPO_CONFIG_LOCATION); set +a; \ + helmfile -f $(REPO_BASE_DIR)/charts/helmfile.yaml sync + + @if [ "$(MACHINE_FQDN)" = "osparc.local" ]; then \ + $(MAKE) -s .helmfile-local-post-install; \ + fi + + .PHONY: configure-local-hosts -configure-local-hosts: - @echo "Addings $(MACHINE_FQDN) hosts to /etc/hosts ..." +configure-local-hosts: ## Adds local hosts entries for the machine + @echo "Adding $(MACHINE_FQDN) hosts to /etc/hosts ..." @grep -q '127.0.0.1 k8s.monitoring.$(MACHINE_FQDN)' /etc/hosts || echo '127.0.0.1 k8s.monitoring.$(MACHINE_FQDN)' | sudo tee -a /etc/hosts .PHONY: helmfile-diff -helmfile-diff: .check-helmfile-installed helmfile.yaml +helmfile-diff: .check-helmfile-installed helmfile.yaml ## Shows the differences that would be applied by helmfile @set -a; source $(REPO_CONFIG_LOCATION); set +a; \ helmfile -f $(REPO_BASE_DIR)/charts/helmfile.yaml diff .PHONY: helmfile-delete -helmfile-delete: .check-helmfile-installed helmfile.yaml +helmfile-delete: .check-helmfile-installed helmfile.yaml ## Deletes the helmfile configuration @set -a; source $(REPO_CONFIG_LOCATION); set +a; \ helmfile -f $(REPO_BASE_DIR)/charts/helmfile.yaml delete diff --git a/charts/README.md b/charts/README.md index 13767e80..45d83630 100644 --- a/charts/README.md +++ b/charts/README.md @@ -23,6 +23,14 @@ source: https://kind.sigs.k8s.io/docs/user/quick-start Follow the instructions here: https://helm.sh/docs/intro/install/ +Install the helm-diff plugin: `helm plugin install https://github.com/databus23/helm-diff` + +`via https://doc.traefik.io/traefik/user-guides/crd-acme/#ingressroute-definition` +Install traefik-v3 CRDs: `kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml` + +`via https://doc.traefik.io/traefik/user-guides/crd-acme/#ingressroute-definition` +Install traefik-v3 RBAC: `kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml` + #### helmfile If you have a different OS / architecture, pick a different link from [release artifacts](https://github.com/helmfile/helmfile/releases) From 293f63c8c7971afeb0de64af16d01153bf76eed4 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Thu, 24 Oct 2024 10:13:28 +0200 Subject: [PATCH 02/15] Add csi-s3 and have portainer use it --- .gitignore | 3 +++ charts/csi-s3/values.yaml.gotmpl | 7 +++++++ charts/portainer/values.yaml.gotmpl | 6 ++++++ 3 files changed, 16 insertions(+) create mode 100644 charts/csi-s3/values.yaml.gotmpl diff --git a/.gitignore b/.gitignore index 0c825bcd..24edb7f6 100644 --- a/.gitignore +++ b/.gitignore @@ -149,3 +149,6 @@ docker-compose.simcore.yml repo.config .temp .temp/** + +# By convention: `.secret` files are gitignored +**/*.secret diff --git a/charts/csi-s3/values.yaml.gotmpl b/charts/csi-s3/values.yaml.gotmpl new file mode 100644 index 00000000..7e6ff4c9 --- /dev/null +++ b/charts/csi-s3/values.yaml.gotmpl @@ -0,0 +1,7 @@ +secret: + accessKey: {{ requiredEnv "S3_ACCESS_KEY" }} + secretKey: {{ requiredEnv "S3_SECRET_KEY" }} + region: {{ requiredEnv "S3_REGION" }} + endpoint: {{ requiredEnv "S3_ENDPOINT" }} +storageClass: + singleBucket: {{ requiredEnv "S3_K8S_CSI_BUCKET_NAME" }} diff --git a/charts/portainer/values.yaml.gotmpl b/charts/portainer/values.yaml.gotmpl index e89f2457..edc56479 100644 --- a/charts/portainer/values.yaml.gotmpl +++ b/charts/portainer/values.yaml.gotmpl @@ -18,6 +18,12 @@ serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: portainer-sa-clusteradmin +persistence: + enabled: true + size: "10Gi" + annotations: {} + storageClass: "csi-s3" + existingClaim: podAnnotations: {} podLabels: {} From f7f72ec27e13232dababef209c92e2a3a1b983d4 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Fri, 25 Oct 2024 08:37:18 +0200 Subject: [PATCH 03/15] Change request @hrytsuk 1GB max portainer volume size --- charts/portainer/values.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/portainer/values.yaml.gotmpl b/charts/portainer/values.yaml.gotmpl index edc56479..1f5f5c44 100644 --- a/charts/portainer/values.yaml.gotmpl +++ b/charts/portainer/values.yaml.gotmpl @@ -20,7 +20,7 @@ serviceAccount: name: portainer-sa-clusteradmin persistence: enabled: true - size: "10Gi" + size: "1Gi" annotations: {} storageClass: "csi-s3" existingClaim: From 20569c78cc6d6dc7c294c294f712eef7aa7dd3c5 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Tue, 26 Nov 2024 11:39:13 +0100 Subject: [PATCH 04/15] Fix wrong filename --- ...eploy_everything_locally.sh => deploy_everything_locally.bash} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/deployments/{deploy_everything_locally.sh => deploy_everything_locally.bash} (100%) diff --git a/scripts/deployments/deploy_everything_locally.sh b/scripts/deployments/deploy_everything_locally.bash similarity index 100% rename from scripts/deployments/deploy_everything_locally.sh rename to scripts/deployments/deploy_everything_locally.bash From b2d13b7cafe1816568c9e21de049b413ee62f7c9 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Wed, 27 Nov 2024 11:38:11 +0100 Subject: [PATCH 05/15] Fix registry local deploy --- scripts/create-s3-bucket.bash | 4 ++-- services/registry/Makefile | 4 +--- services/registry/template.env | 2 +- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/scripts/create-s3-bucket.bash b/scripts/create-s3-bucket.bash index 1902b1db..88313293 100755 --- a/scripts/create-s3-bucket.bash +++ b/scripts/create-s3-bucket.bash @@ -11,5 +11,5 @@ IFS=$'\n\t' docker run \ -v /etc/ssl/certs:/etc/ssl/certs:ro \ --network host \ ---env MC_HOST_local="https://${S3_ACCESS_KEY}:${S3_SECRET_KEY}@${S3_ENDPOINT}" \ -minio/mc:RELEASE.2023-06-19T19-31-19Z mb --ignore-existing local/"$1" +--env MC_HOST_local="https://${S3_ACCESS_KEY}:${S3_SECRET_KEY}@${STORAGE_DOMAIN}" \ +minio/mc:RELEASE.2023-06-19T19-31-19Z mb --insecure --ignore-existing local/"$1" diff --git a/services/registry/Makefile b/services/registry/Makefile index b0157b2e..f00ab1b3 100644 --- a/services/registry/Makefile +++ b/services/registry/Makefile @@ -24,7 +24,7 @@ endef .PHONY: up-local up-local: .init .env ${TEMP_COMPOSE}-local ## Deploys registry stack @$(create-s3-bucket) - docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE} ${STACK_NAME} + docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-local ${STACK_NAME} .PHONY: up-letsencrypt-http ## Deploys registry stack using let's encrypt http challenge up-letsencrypt-http: .init .env ${TEMP_COMPOSE}-letsencrypt-http @@ -48,8 +48,6 @@ up-master: up-dalco .PHONY: up-public ## Deploys registry on public cluster up-public: up-dalco -.PHONY: up-local ## Deploys registry on local deployment -up-local: up # Helpers ------------------------------------------------- diff --git a/services/registry/template.env b/services/registry/template.env index 550afb5a..95c9421c 100644 --- a/services/registry/template.env +++ b/services/registry/template.env @@ -10,7 +10,7 @@ REGISTRY_S3_ACCESS_KEY=${REGISTRY_S3_ACCESS_KEY} REGISTRY_S3_SECRET_KEY=${REGISTRY_S3_SECRET_KEY} S3_ACCESS_KEY=${REGISTRY_S3_ACCESS_KEY} S3_SECRET_KEY=${REGISTRY_S3_SECRET_KEY} -S3_ENDPOINT=${S3_ENDPOINT} +STORAGE_DOMAIN=${STORAGE_DOMAIN} S3_BUCKET=${REGISTRY_DOMAIN} REGISTRY_S3_BUCKET=${REGISTRY_S3_BUCKET} REGISTRY_S3_ENDPOINT=${REGISTRY_S3_ENDPOINT} From 28660ac67595b1afb2cbc3d95bd755b729bf3ded Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Wed, 27 Nov 2024 16:46:56 +0100 Subject: [PATCH 06/15] Traefik local deployment fixes --- services/traefik/docker-compose.local.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/services/traefik/docker-compose.local.yml b/services/traefik/docker-compose.local.yml index 2d8367fd..78b98f71 100644 --- a/services/traefik/docker-compose.local.yml +++ b/services/traefik/docker-compose.local.yml @@ -11,6 +11,13 @@ services: - "--api.dashboard=true" - "--log.level=${OPS_TRAEFIK_LOGLEVEL}" - "--accesslog=true" + - "--accesslog.format=json" + - "--accesslog.fields.defaultmode=keep" + - "--accesslog.fields.names.ClientUsername=keep" + - "--accesslog.fields.headers.defaultmode=keep" + - "--accesslog.fields.headers.names.User-Agent=keep" + - "--accesslog.fields.headers.names.Authorization=drop" + - "--accesslog.fields.headers.names.Content-Type=keep" - "--metrics.prometheus=true" - "--metrics.prometheus.addEntryPointsLabels=true" - "--metrics.prometheus.addServicesLabels=true" @@ -26,6 +33,9 @@ services: - "--entryPoints.https.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.https.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.master_postgres.address=:5432" + - "--entrypoints.http.http.redirections.entrypoint.to=https" + - "--entrypoints.http.http.redirections.entrypoint.scheme=https" + - "--entrypoints.http.http.redirections.entrypoint.permanent=true" - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - "--providers.swarm.exposedByDefault=false" - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" @@ -45,12 +55,6 @@ services: deploy: placement: constraints: [] - labels: - # redirect http to https - - traefik.http.middlewares.http_to_https.redirectScheme.scheme=https - - traefik.http.routers.http_to_https.rule=HostRegexp(`(?P.+)`) - - traefik.http.routers.http_to_https.entrypoints=http - - traefik.http.routers.http_to_https.middlewares=http_to_https env_file: - .env configs: From 65907fc0a785f2005f3617fa9fd86b7f6f90ec13 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Wed, 27 Nov 2024 17:00:09 +0100 Subject: [PATCH 07/15] Fix local deployment graylog provisioning --- services/graylog/scripts/configure.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/services/graylog/scripts/configure.py b/services/graylog/scripts/configure.py index ff217224..8cb91ed9 100644 --- a/services/graylog/scripts/configure.py +++ b/services/graylog/scripts/configure.py @@ -48,7 +48,9 @@ before=before_log(logger, logging.INFO), ) def wait_graylog_is_online(): - _r = requests.get(GRAYLOG_BASE_DOMAIN + "/api/system", auth=REQUESTS_AUTH) + _r = requests.get( + GRAYLOG_BASE_DOMAIN + "/api/system", auth=REQUESTS_AUTH, verify=False + ) if _r.status_code == 401: raise TypeError(f"Graylog unauthorized HTTP response: {_r}") @@ -58,7 +60,9 @@ def wait_graylog_is_online(): def validate_graylog_version_is_supported(): - _r = requests.get(GRAYLOG_BASE_DOMAIN + "/api/system", auth=REQUESTS_AUTH) + _r = requests.get( + GRAYLOG_BASE_DOMAIN + "/api/system", auth=REQUESTS_AUTH, verify=False + ) _r.raise_for_status() graylog_version = _r.json()["version"] From 0961600b471da283d8d553a943a5168742fddd29 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Thu, 28 Nov 2024 15:22:12 +0100 Subject: [PATCH 08/15] Fix j2, double venv --- Makefile | 11 +---------- scripts/common.Makefile | 9 ++++----- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index 91228f23..2e80bf48 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ certificates/domain.key: # Done: Creating docker secrets .PHONY: up-local -up-local: .install-fqdn certificates/domain.crt certificates/domain.key .create-secrets ## deploy osparc ops stacks and simcore, use minio_disabled=1 if minio s3 should not be started (if you have custom S3 set up) +up-local: .init .venv .install-fqdn certificates/domain.crt certificates/domain.key .create-secrets ## deploy osparc ops stacks and simcore, use minio_disabled=1 if minio s3 should not be started (if you have custom S3 set up) @bash scripts/deployments/deploy_everything_locally.bash --stack_target=local --minio_enabled=0 --vcs_check=1 @$(MAKE) info-local @@ -71,15 +71,6 @@ down-maintenance: ## Stop the maintenance mode fi \ ,) - -.PHONY: venv -venv: .venv ## Creates a python virtual environment with dev tools (pip, pylint, ...) -.venv: - @python3 -m venv .venv - @.venv/bin/pip3 install --upgrade pip wheel setuptools - @.venv/bin/pip3 install typer - @echo "To activate the venv, execute 'source .venv/bin/activate'" - # Misc: info & clean .PHONY: info info-vars info-local info: ## Displays some important info diff --git a/scripts/common.Makefile b/scripts/common.Makefile index 8e706fc6..7204a256 100644 --- a/scripts/common.Makefile +++ b/scripts/common.Makefile @@ -7,14 +7,12 @@ VERSION := $(shell uname -a) # Checks for handling various operating systems ifeq ($(filter Windows_NT,$(OS)),) -IS_WSL := $(if $(findstring microsoft,$(shell uname -a | tr '[:upper:]' '[:lower:]')),WSL,) IS_WSL2 := $(if $(findstring -microsoft-,$(shell uname -a)),WSL2,) IS_OSX := $(filter Darwin,$(shell uname -a)) IS_LINUX:= $(if $(or $(IS_WSL),$(IS_OSX)),,$(filter Linux,$(shell uname -a))) endif IS_WIN := $(strip $(if $(or $(IS_LINUX),$(IS_OSX),$(IS_WSL)),,$(OS))) -$(if $(IS_WIN),$(error Windows is not supported in all recipes. Use WSL2 instead. Follow instructions in README.md),) $(if $(IS_WSL2),,$(if $(IS_WSL),$(error WSL1 is not supported in all recipes. Use WSL2 instead. Follow instructions in README.md),)) # Check that a valid location to a config file is set. @@ -243,20 +241,21 @@ clean-default: .check_clean ## Cleans all outputs # creating virtual environment with tooling (jinja, etc) @python3 -m venv .venv @.venv/bin/pip3 install --upgrade pip wheel setuptools - @.venv/bin/pip3 install jinja2 j2cli[yaml] + @.venv/bin/pip3 install jinja2 j2cli[yaml] typer + @echo "To activate the venv, execute 'source .venv/bin/activate'" # https://github.com/kolypto/j2cli?tab=readme-ov-file#customization ifeq ($(shell test -f j2cli_customization.py && echo -n yes),yes) define jinja - .venv/bin/j2 --format=env $(1) .env -o $(2) --customize j2cli_customization.py + $(REPO_BASE_DIR)/.venv/bin/j2 --format=env $(1) .env -o $(2) --customize j2cli_customization.py endef else define jinja - .venv/bin/j2 --format=env $(1) .env -o $(2) + $(REPO_BASE_DIR)/.venv/bin/j2 --format=env $(1) .env -o $(2) endef endif From 541df1c53b4b6671a98e2e45d61619d040e4f60b Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Thu, 28 Nov 2024 15:24:35 +0100 Subject: [PATCH 09/15] Add python version --- .python-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.python-version b/.python-version index 2c073331..c8cfe395 100644 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.11 +3.10 From c92ac11d55a10c5c0b5848bd4f5a75d559e40d48 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Mon, 2 Dec 2024 10:02:39 +0100 Subject: [PATCH 10/15] Idempotency for admin-panels --- .pylintrc | 2 +- scripts/deployments/deploy_everything_locally.bash | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.pylintrc b/.pylintrc index f7317a50..e9682aa1 100644 --- a/.pylintrc +++ b/.pylintrc @@ -58,7 +58,7 @@ ignore-paths=^.*\\generated_models\\.*$|^.*/generated_models/.*$ # Files or directories matching the regex patterns are skipped. The regex # matches against base names, not paths. The default value ignores Emacs file # locks -ignore-patterns=venv,.venv +ignore-patterns=venv,.venv,jupyter_server_config.py # List of module names for which member attributes should not be checked # (useful for modules/projects where namespaces are manipulated during runtime diff --git a/scripts/deployments/deploy_everything_locally.bash b/scripts/deployments/deploy_everything_locally.bash index 90e1d21d..878960f5 100755 --- a/scripts/deployments/deploy_everything_locally.bash +++ b/scripts/deployments/deploy_everything_locally.bash @@ -235,6 +235,9 @@ if [ "$start_opsstack" -eq 0 ]; then # -------------------------------- ADMIN-PANELS ------------------------------- log_info "starting admin-panels..." + # Check if the stack 'admin-panels' exists and delete it if it does + # shellcheck disable=2015 + docker stack ls | grep -q admin-panels && docker stack rm admin-panels >/dev/null 2>&1 || true # Pushd because a call with call_make trigger a strange behavior pushd "${repo_basedir}"/services/admin-panels; call_make "." up-"$stack_target"; From b3b3ae12253fbc368aa1e44bfc15657ef10395a2 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Mon, 2 Dec 2024 10:03:01 +0100 Subject: [PATCH 11/15] Remove faulty command --- scripts/deployments/start_simcore_locally.bash | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/deployments/start_simcore_locally.bash b/scripts/deployments/start_simcore_locally.bash index 22a7e6cc..24ac8ae8 100755 --- a/scripts/deployments/start_simcore_locally.bash +++ b/scripts/deployments/start_simcore_locally.bash @@ -71,6 +71,7 @@ if [[ "$devel_repo_path" = "0" ]] ; then # # IF GETREPO DOESNT EXIST if [ ! -d osparc-simcore ]; then + export GIT_SIMCORE_REPO_URL="https://github.com/ITISFoundation/osparc-simcore.git" git clone "$GIT_SIMCORE_REPO_URL" fi # FI From 36b193b08148290d8d054c2813ebb46496ae4a38 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Mon, 2 Dec 2024 16:24:47 +0100 Subject: [PATCH 12/15] Local deploy fixes --- .gitignore | 2 +- .python-version | 2 +- scripts/deployments/start_simcore_locally.bash | 9 +++++++-- services/simcore/.gitignore | 1 + services/simcore/docker-compose.deploy.local.yml | 6 +++++- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 24edb7f6..2b9cef78 100644 --- a/.gitignore +++ b/.gitignore @@ -142,7 +142,7 @@ yq **/.env-devel **/.stack.*.yml **/.stack.*.yaml -./docker-compose.yml +docker-compose.yml stack.yml stack_with_prefix.yml docker-compose.simcore.yml diff --git a/.python-version b/.python-version index c8cfe395..2c073331 100644 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.10 +3.11 diff --git a/scripts/deployments/start_simcore_locally.bash b/scripts/deployments/start_simcore_locally.bash index 24ac8ae8..a69b47f4 100755 --- a/scripts/deployments/start_simcore_locally.bash +++ b/scripts/deployments/start_simcore_locally.bash @@ -131,8 +131,12 @@ scripts/deployments/compose_stack_yml.bash log_info "Adding prefix $PREFIX_STACK_NAME to all services..." ./yq "with(.services; with_entries(.key |= \"${PREFIX_STACK_NAME}_\" + .))" stack.yml > stack_with_prefix.yml log_info "Deleting the $SIMCORE_STACK_NAME docker stack if present" -docker stack rm "$SIMCORE_STACK_NAME" || true -sleep 3 # Wait for stack to be deleted, the networks often take a while, not waiting might lead to docker network creation issues +# Wait for stack to be deleted, the networks often take a while, not waiting might lead to docker network creation issues +# shellcheck disable=2015 +docker stack rm "$SIMCORE_STACK_NAME" && sleep 3 || true +log_info "Copying dask-certificates into place" +mkdir -p "$repo_basedir"/services/simcore/dask-sidecar/.dask-certificates +cp -r "$(dirname "${repo_config}")"/assets/dask-certificates/*.pem "$repo_basedir"/services/simcore/dask-sidecar/.dask-certificates log_info "Deploying: Running docker stack deploy for stack $SIMCORE_STACK_NAME..." # Retry logic via https://unix.stackexchange.com/a/82610 @@ -142,4 +146,5 @@ for i in {1..5}; do docker stack deploy -c stack_with_prefix.yml "$SIMCORE_STACK ############ # CLEANUP +# shellcheck disable=1073 rm -r "${repo_basedir:?}"/"${tempdirname:?}" 2>/dev/null || true diff --git a/services/simcore/.gitignore b/services/simcore/.gitignore index 8b4d445d..a6cefdd5 100644 --- a/services/simcore/.gitignore +++ b/services/simcore/.gitignore @@ -1,2 +1,3 @@ .env docker-compose.deploy.yml +dask-sidecar/** diff --git a/services/simcore/docker-compose.deploy.local.yml b/services/simcore/docker-compose.deploy.local.yml index 597ba5e3..8b27ce7d 100644 --- a/services/simcore/docker-compose.deploy.local.yml +++ b/services/simcore/docker-compose.deploy.local.yml @@ -1,4 +1,3 @@ -version: "3.8" services: autoscaling: deploy: @@ -138,3 +137,8 @@ services: clusters-keeper: deploy: replicas: 0 +secrets: + rootca.crt: + external: true + storageca.crt: + external: true From cd22e09a126394de1c5fa26bc96d8c375b78513b Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Tue, 3 Dec 2024 10:37:22 +0100 Subject: [PATCH 13/15] Clean Up Local Minio --- services/minio/Makefile | 44 +++---------------- services/minio/README.md | 27 ------------ .../docker-compose.letsencrypt.dns.yaml.j2 | 11 ----- .../docker-compose.letsencrypt.http.yaml.j2 | 11 ----- ...er-compose.yaml.j2 => docker-compose.yaml} | 40 +++-------------- services/minio/secrets/.gitkeep | 0 services/minio/template.env | 6 --- 7 files changed, 13 insertions(+), 126 deletions(-) delete mode 100644 services/minio/README.md delete mode 100644 services/minio/docker-compose.letsencrypt.dns.yaml.j2 delete mode 100644 services/minio/docker-compose.letsencrypt.http.yaml.j2 rename services/minio/{docker-compose.yaml.j2 => docker-compose.yaml} (51%) delete mode 100644 services/minio/secrets/.gitkeep diff --git a/services/minio/Makefile b/services/minio/Makefile index f5c260f1..40b0f797 100644 --- a/services/minio/Makefile +++ b/services/minio/Makefile @@ -1,9 +1,7 @@ .DEFAULT_GOAL := help - - # Internal VARIABLES ------------------------------------------------ -# STACK_NAME defaults to name of the current directory. Should not to be changed if you follow GitOps operating procedures. +# STACK_NAME defaults to name of the current directory. STACK_NAME = $(notdir $(shell pwd)) DOCKER_MINIO_ACCESS_KEY = $(shell docker secret inspect --format {{.Spec.Name}} minio_secret_key 2>/dev/null) DOCKER_MINIO_SECRET_KEY = $(shell docker secret inspect --format {{.Spec.Name}} minio_access_key 2>/dev/null) @@ -14,52 +12,22 @@ REPO_BASE_DIR := $(shell git rev-parse --show-toplevel) include ${REPO_BASE_DIR}/scripts/common.Makefile .PHONY: up -up: .init .env ${TEMP_COMPOSE} .create-secrets ## Deploys or updates current stack "$(STACK_NAME)" using replicas=X (defaults to 1) +up: .init .env ${TEMP_COMPOSE} .create-secrets @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE} $(STACK_NAME) - # "in case you created more than 1 replicas, you need to label the nodes accordingly using" - # "'docker node update --label-add minioX=true' with X being from 1 to number of replicas." - -.PHONY: up-letsencrypt-http -up-letsencrypt-http: .init .env ${TEMP_COMPOSE}-letsencrypt-http .create-secrets ## Deploys minio stack using let's encrypt http challenge - @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-http ${STACK_NAME} - # "in case you created more than 1 replicas, you need to label the nodes accordingly using" - # "'docker node update --label-add minioX=true' with X being from 1 to number of replicas." - -.PHONY: up-letsencrypt-dns -up-letsencrypt-dns: .init .env ${TEMP_COMPOSE}-letsencrypt-dns .create-secrets ## Deploys minio stack using let's encrypt dns challenge - @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-dns ${STACK_NAME} - # "in case you created more than 1 replicas, you need to label the nodes accordingly using" - # "'docker node update --label-add minioX=true' with X being from 1 to number of replicas." .PHONY: up-dalco -up-dalco: up ## Deploys minio stack for Dalco Cluster +up-dalco: up .PHONY: up-master -up-master: up ## Deploys minio stack for Master Cluster +up-master: up .PHONY: up-local up-local: up .PHONY: ${TEMP_COMPOSE} -${TEMP_COMPOSE}: docker-compose.yaml.j2 .venv .env - $(call jinja, $<, tmp.yaml) - @${REPO_BASE_DIR}/scripts/docker-stack-config.bash -e .env tmp.yaml > $@ - @rm tmp.yaml - -.PHONY: ${TEMP_COMPOSE}-letsencrypt-http -${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yaml.j2 docker-compose.letsencrypt.http.yaml.j2 .venv .env - $(call jinja, $<, tmp.yaml) - $(call jinja, docker-compose.letsencrypt.http.yaml.j2, tmp-letsencrypt.http.yaml) - @${REPO_BASE_DIR}/scripts/docker-stack-config.bash -e .env tmp.yaml tmp-letsencrypt.http.yaml > $@ - @rm tmp.yaml tmp-letsencrypt.http.yaml - +${TEMP_COMPOSE}: docker-compose.yaml .venv .env + @${REPO_BASE_DIR}/scripts/docker-stack-config.bash -e .env docker-compose.yaml > $@ -.PHONY: ${TEMP_COMPOSE}-letsencrypt-dns -${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yaml.j2 docker-compose.letsencrypt.dns.yaml.j2 .venv .env - $(call jinja, $<, tmp.yaml) - $(call jinja, docker-compose.letsencrypt.dns.yaml.j2, tmp-letsencrypt.dns.yaml) - @${REPO_BASE_DIR}/scripts/docker-stack-config.bash -e .env tmp.yaml tmp-letsencrypt.dns.yaml > $@ - @rm tmp.yaml tmp-letsencrypt.dns.yaml .create-secrets: @$(if $(DOCKER_MINIO_ACCESS_KEY), \ diff --git a/services/minio/README.md b/services/minio/README.md deleted file mode 100644 index 309e52f9..00000000 --- a/services/minio/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Minio (S3) stack - -Creates a S3 storage stack using [minio](https://docs.min.io/docs/deploy-minio-on-docker-swarm.html). - -## Configuration - -### Distributed mode - -1. edit .env file -2. __MINIO_ACCESS_KEY__ and __MINIO_SECRET_KEY__ to be manually defined -3. define the number of instances __MINIO_NUM_MINIOS__ and the number of partitions in each instance __MINIO_NUM_PARTITIONS__ according to [minio docs](https://docs.min.io/docs/distributed-minio-quickstart-guide.html) -4. __MINIO_INTERNAL_VOLUME_DATA_PART__ may be defined to mount folders. -5. Each node where a minio instance shall run shall be labelled with __minio=true__ using __docker node update --label-add minio=true __ - -### Local dev mode - -1. edit .env file -2. __MINIO_ACCESS_KEY__ and __MINIO_SECRET_KEY__ to be manually defined -3. Defaults will create 1 instance with 1 partition - -## Usage - - ```console - make help - make up - make down - ``` diff --git a/services/minio/docker-compose.letsencrypt.dns.yaml.j2 b/services/minio/docker-compose.letsencrypt.dns.yaml.j2 deleted file mode 100644 index aeadf7c7..00000000 --- a/services/minio/docker-compose.letsencrypt.dns.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ -version: '3.7' -services: -{% set num_minios = MINIO_NUM_MINIOS %} -{% set num_partitions = MINIO_NUM_PARTITIONS %} -{%- for i in range(num_minios|int) %} - {%- set service_id = i+1 %} - minio{{ service_id|string }}: - deploy: - labels: - - traefik.http.routers.minio.tls.certresolver=myresolver -{% endfor %} diff --git a/services/minio/docker-compose.letsencrypt.http.yaml.j2 b/services/minio/docker-compose.letsencrypt.http.yaml.j2 deleted file mode 100644 index aeadf7c7..00000000 --- a/services/minio/docker-compose.letsencrypt.http.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ -version: '3.7' -services: -{% set num_minios = MINIO_NUM_MINIOS %} -{% set num_partitions = MINIO_NUM_PARTITIONS %} -{%- for i in range(num_minios|int) %} - {%- set service_id = i+1 %} - minio{{ service_id|string }}: - deploy: - labels: - - traefik.http.routers.minio.tls.certresolver=myresolver -{% endfor %} diff --git a/services/minio/docker-compose.yaml.j2 b/services/minio/docker-compose.yaml similarity index 51% rename from services/minio/docker-compose.yaml.j2 rename to services/minio/docker-compose.yaml index 95c8b898..635441fd 100644 --- a/services/minio/docker-compose.yaml.j2 +++ b/services/minio/docker-compose.yaml @@ -1,22 +1,11 @@ version: '3.7' services: -{% set num_minios = MINIO_NUM_MINIOS %} -{% set num_partitions = MINIO_NUM_PARTITIONS %} -{% set host_folder = MINIO_HOST_DATA_FOLDER %} -{%- for i in range(num_minios|int) %} - {%- set service_id = i+1 %} - minio{{ service_id|string }}: + minio: image: minio/minio:RELEASE.2023-06-19T19-52-50Z init: true - hostname: minio{{ service_id|string }} - volumes: # default uses a named volume, option2 is to use the variable to set specific mount path(s) - {%- for j in range(num_partitions|int) %} - {% if host_folder == 'true' %} - - /data/disk{{ j|string }}/minio:/data{{ j|string }} - {% else %} - - minio{{ service_id|string }}_data_part{{ j|string }}:/data{{ j|string }} - {% endif %} - {%- endfor %} + hostname: minio + volumes: + - minio_data:/data networks: - default - public @@ -32,11 +21,6 @@ services: delay: 10s max_attempts: 10 window: 60s - {%- if num_minios|int > 1 %} - placement: - constraints: - - {{ "node.labels.minio" ~ service_id|string ~ "==true" }} - {%- endif %} labels: - traefik.enable=true - traefik.docker.network=${PUBLIC_NETWORK} @@ -48,23 +32,13 @@ services: - traefik.http.routers.minio.tls=true - traefik.http.routers.minio.middlewares=ops_gzip@swarm command: > - server - {%- for i in range(num_minios|int) %} - {%- for j in range(num_partitions|int) %} - {% if num_minios|int > 1 %}http://minio{{ (i+1)|string }}{% endif %}/data{{ j|string }} - {%- endfor %} - {%- endfor %} + server /data secrets: - minio_secret_key - minio_access_key - -{% endfor %} volumes: -{%- for i in range(num_minios|int) %} -{%- for j in range(num_partitions|int) %} - minio{{ (i+1)|string }}_data_part{{ j|string }}: -{%- endfor %} -{%- endfor %} + minio_data: + networks: public: diff --git a/services/minio/secrets/.gitkeep b/services/minio/secrets/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/services/minio/template.env b/services/minio/template.env index de4fcf46..d9a99f67 100644 --- a/services/minio/template.env +++ b/services/minio/template.env @@ -1,10 +1,4 @@ # define MINIO Access and Secret keys MINIO_ACCESS_KEY=${S3_ACCESS_KEY} MINIO_SECRET_KEY=${S3_SECRET_KEY} -# define the number of MINIO replicas -MINIO_NUM_MINIOS=${MINIO_NUM_MINIOS} -# define the number of partitions each MINIO may be using -MINIO_NUM_PARTITIONS=${MINIO_NUM_PARTITIONS} -# optionally activate the host data folder for each partition (must be /data/diskX/minio on each node where X is the disk number if there is more than one disk per node) -MINIO_HOST_DATA_FOLDER=${MINIO_HOST_DATA_FOLDER} STORAGE_DOMAIN=${STORAGE_DOMAIN} From c2c0440a12935cf0fbda9ab7f0e5634def4f1de4 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Tue, 3 Dec 2024 16:05:35 +0100 Subject: [PATCH 14/15] Remove unused code --- scripts/common.Makefile | 22 +++------------------- scripts/s3-previous-versions/README.md | 15 --------------- scripts/s3-previous-versions/launch.bash | 17 ----------------- scripts/s3-previous-versions/template.env | 3 --- services/simcore/Makefile | 1 - services/traefik/docker-compose.local.yml | 1 + 6 files changed, 4 insertions(+), 55 deletions(-) delete mode 100644 scripts/s3-previous-versions/README.md delete mode 100755 scripts/s3-previous-versions/launch.bash delete mode 100644 scripts/s3-previous-versions/template.env diff --git a/scripts/common.Makefile b/scripts/common.Makefile index 7204a256..c54be7cf 100644 --- a/scripts/common.Makefile +++ b/scripts/common.Makefile @@ -35,13 +35,13 @@ endif export DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL:=$(shell set -o allexport; \ source $(REPO_CONFIG_LOCATION); \ if [ -z "$${DEPLOYMENT_FQDNS}" ]; then \ - DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL="(Host(\`$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (Host(\`invitations.$$MACHINE_FQDN\`))|| (Host(\`storage.$$MACHINE_FQDN\`)) || (HostRegexp(\`services.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (HostRegexp(\`services.testing.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.testing.$$MACHINE_FQDN\`) && PathPrefix(\`/\`))"; \ + DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL="(Host(\`$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (Host(\`invitations.$$MACHINE_FQDN\`))|| (HostRegexp(\`services.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (HostRegexp(\`services.testing.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.testing.$$MACHINE_FQDN\`) && PathPrefix(\`/\`))"; \ else \ IFS=', ' read -r -a hosts <<< "$${DEPLOYMENT_FQDNS}"; \ - DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL="(Host(\`$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (Host(\`invitations.$$MACHINE_FQDN\`))|| (Host(\`storage.$$MACHINE_FQDN\`)) || (HostRegexp(\`services.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (HostRegexp(\`services.testing.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.testing.$$MACHINE_FQDN\`) && PathPrefix(\`/\`))"; \ + DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL="(Host(\`$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (Host(\`invitations.$$MACHINE_FQDN\`))|| (HostRegexp(\`services.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.$$MACHINE_FQDN\`) && PathPrefix(\`/\`)) || (HostRegexp(\`services.testing.$$MACHINE_FQDN\`,\`{subhost:[a-zA-Z0-9-]+}.services.testing.$$MACHINE_FQDN\`) && PathPrefix(\`/\`))"; \ for element in "$${hosts[@]}"; \ do \ - DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL="$$DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL || (Host(\`$$element\`) && PathPrefix(\`/\`)) || (Host(\`invitations.$$element\`)) || (Host(\`storage.$$element\`)) || (HostRegexp(\`services.$$element\`,\`{subhost:[a-zA-Z0-9-]+}.services.$$element\`) && PathPrefix(\`/\`)) || (HostRegexp(\`services.testing.$$element\`,\`{subhost:[a-zA-Z0-9-]+}.services.testing.$$element\`) && PathPrefix(\`/\`))";\ + DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL="$$DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL || (Host(\`$$element\`) && PathPrefix(\`/\`)) || (Host(\`invitations.$$element\`)) || (HostRegexp(\`services.$$element\`,\`{subhost:[a-zA-Z0-9-]+}.services.$$element\`) && PathPrefix(\`/\`)) || (HostRegexp(\`services.testing.$$element\`,\`{subhost:[a-zA-Z0-9-]+}.services.testing.$$element\`) && PathPrefix(\`/\`))";\ done; \ DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL="$$DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL"; \ fi; \ @@ -64,21 +64,6 @@ export DEPLOYMENT_FQDNS_CAPTURE_INVITATIONS:=$(shell set -o allexport; \ echo $$DEPLOYMENT_FQDNS_CAPTURE_INVITATIONS; \ set +o allexport; ) -export DEPLOYMENT_FQDNS_CAPTURE_STORAGE:=$(shell set -o allexport; \ - source $(REPO_CONFIG_LOCATION); \ - if [ -z "$${DEPLOYMENT_FQDNS}" ]; then \ - DEPLOYMENT_FQDNS_CAPTURE_STORAGE="(Host(\`storage.$$MACHINE_FQDN\`))"; \ - else \ - IFS=', ' read -r -a hosts <<< "$${DEPLOYMENT_FQDNS}"; \ - DEPLOYMENT_FQDNS_CAPTURE_STORAGE="(Host(\`storage.$$MACHINE_FQDN\`))"; \ - for element in "$${hosts[@]}"; \ - do \ - DEPLOYMENT_FQDNS_CAPTURE_STORAGE="$$DEPLOYMENT_FQDNS_CAPTURE_STORAGE || (Host(\`storage.$$element\`))";\ - done; \ - DEPLOYMENT_FQDNS_CAPTURE_STORAGE="$$DEPLOYMENT_FQDNS_CAPTURE_STORAGE"; \ - fi; \ - echo $$DEPLOYMENT_FQDNS_CAPTURE_STORAGE; \ - set +o allexport; ) export DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_MAINTENANCE_PAGE:=$(shell set -o allexport; \ source $(REPO_CONFIG_LOCATION); \ @@ -205,7 +190,6 @@ clean-default: .check_clean ## Cleans all outputs export DEPLOYMENT_FQDNS_TESTING_CAPTURE_TRAEFIK_RULE='${DEPLOYMENT_FQDNS_TESTING_CAPTURE_TRAEFIK_RULE}'; \ export DEPLOYMENT_API_DOMAIN_TESTING_CAPTURE_TRAEFIK_RULE='${DEPLOYMENT_API_DOMAIN_TESTING_CAPTURE_TRAEFIK_RULE}'; \ export DEPLOYMENT_FQDNS_CAPTURE_INVITATIONS='${DEPLOYMENT_FQDNS_CAPTURE_INVITATIONS}'; \ - export DEPLOYMENT_FQDNS_CAPTURE_STORAGE='${DEPLOYMENT_FQDNS_CAPTURE_STORAGE}'; \ export DOLLAR='$$'; \ set +o allexport; \ envsubst < $< > .env diff --git a/scripts/s3-previous-versions/README.md b/scripts/s3-previous-versions/README.md deleted file mode 100644 index 8968fd35..00000000 --- a/scripts/s3-previous-versions/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Goal - -This script use [the s3-pit-restore script](https://github.com/angeloc/s3-pit-restore) with a little wrapper to ensure that it can be used with minio. - -# Usage -* Create an .env file from the template.env file and fill it -* Launch the script with -```console -./launch.bash command -``` -where command is the command you would use with s3-pit-restore. - -E.g : if you want to restore the bucket simcore-origin to his 06-17-2021 23:59:50 +2 version in the bucket simcore-new-bucket : -```console -./launch.bash --bucket simcore-origin --dest-bucket simcore-new-bucket 06-17-2021 23:59:50 +2 "06-17-2021 23:59:50 +2" diff --git a/scripts/s3-previous-versions/launch.bash b/scripts/s3-previous-versions/launch.bash deleted file mode 100755 index d901a14e..00000000 --- a/scripts/s3-previous-versions/launch.bash +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -# This script restore S3 objects to a previous versionized state -# - -set -o nounset -set -o pipefail -IFS=$'\n\t' - -set -o allexport -# shellcheck disable=1090,1091 -source .env -set +o allexport -git clone https://github.com/angeloc/s3-pit-restore -pushd s3-pit-restore || exit 1 -s3-pit-restore "$@" -popd || exit 1 -rm -rf s3-pit-restore diff --git a/scripts/s3-previous-versions/template.env b/scripts/s3-previous-versions/template.env deleted file mode 100644 index f005a64f..00000000 --- a/scripts/s3-previous-versions/template.env +++ /dev/null @@ -1,3 +0,0 @@ -AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} diff --git a/services/simcore/Makefile b/services/simcore/Makefile index 7e001694..311b8a5c 100644 --- a/services/simcore/Makefile +++ b/services/simcore/Makefile @@ -70,6 +70,5 @@ ${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.deploy.master.yml dock echo DEPLOYMENT_FQDNS_TESTING_CAPTURE_TRAEFIK_RULE=\''${DEPLOYMENT_FQDNS_TESTING_CAPTURE_TRAEFIK_RULE}'\' >> .env; \ echo DEPLOYMENT_API_DOMAIN_TESTING_CAPTURE_TRAEFIK_RULE=\''${DEPLOYMENT_API_DOMAIN_TESTING_CAPTURE_TRAEFIK_RULE}'\' >> .env; \ echo DEPLOYMENT_FQDNS_CAPTURE_INVITATIONS=\''${DEPLOYMENT_FQDNS_CAPTURE_INVITATIONS}'\' >> .env; \ - echo DEPLOYMENT_FQDNS_CAPTURE_STORAGE=\''${DEPLOYMENT_FQDNS_CAPTURE_STORAGE}'\' >> .env; \ echo DOLLAR=\'$$\' >> .env; \ set +o allexport; \ diff --git a/services/traefik/docker-compose.local.yml b/services/traefik/docker-compose.local.yml index 78b98f71..a1403e91 100644 --- a/services/traefik/docker-compose.local.yml +++ b/services/traefik/docker-compose.local.yml @@ -52,6 +52,7 @@ services: aliases: # This enables the registry to resolve "registry.osparc.local" etc. to minio, via traefik. Necessary to give the registry access to the S3 bucket. - "${STORAGE_DOMAIN}" - "${REGISTRY_DOMAIN}" + - "${MONITORING_DOMAIN}" deploy: placement: constraints: [] From 511dc0f36c69fe0278774f5c22f515652b408b3e Mon Sep 17 00:00:00 2001 From: Dustin Kaiser Date: Tue, 3 Dec 2024 16:05:59 +0100 Subject: [PATCH 15/15] Update Minio --- services/minio/docker-compose.yaml | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/services/minio/docker-compose.yaml b/services/minio/docker-compose.yaml index 635441fd..92456040 100644 --- a/services/minio/docker-compose.yaml +++ b/services/minio/docker-compose.yaml @@ -1,7 +1,7 @@ version: '3.7' services: minio: - image: minio/minio:RELEASE.2023-06-19T19-52-50Z + image: minio/minio:RELEASE.2024-10-29T16-01-48Z init: true hostname: minio volumes: @@ -15,7 +15,6 @@ services: environment: - MINIO_ACCESS_KEY_FILE=minio_access_key - MINIO_SECRET_KEY_FILE=minio_secret_key - - MINIO_PROMETHEUS_AUTH_TYPE=public deploy: restart_policy: delay: 10s @@ -25,14 +24,20 @@ services: - traefik.enable=true - traefik.docker.network=${PUBLIC_NETWORK} # direct access without path (necessary for minio client it does not like /path) - - traefik.http.services.minio.loadbalancer.server.port=9000 - - traefik.http.services.minio.loadbalancer.healthcheck.path=/minio/health/ready - - traefik.http.routers.minio.rule=Host(`${STORAGE_DOMAIN}`) - - traefik.http.routers.minio.entrypoints=https - - traefik.http.routers.minio.tls=true - - traefik.http.routers.minio.middlewares=ops_gzip@swarm + - traefik.http.services.minio9000.loadbalancer.server.port=9000 + - traefik.http.services.minio9000.loadbalancer.healthcheck.path=/minio/health/ready + - traefik.http.routers.minio9000.rule=Host(`${STORAGE_DOMAIN}`) + - traefik.http.routers.minio9000.entrypoints=https + - traefik.http.routers.minio9000.tls=true + - traefik.http.routers.minio9000.service=minio9000 + # + - traefik.http.services.minio9001.loadbalancer.server.port=9001 + - traefik.http.routers.minio9001.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/minio`) + - traefik.http.routers.minio9001.entrypoints=https + - traefik.http.routers.minio9001.tls=true + - traefik.http.routers.minio9001.service=minio9001 command: > - server /data + server /data --console-address ":9001" secrets: - minio_secret_key - minio_access_key