diff --git a/.ci/scripts/deploy.sh b/.ci/scripts/deploy.sh index d1b71560d..8b860be38 100755 --- a/.ci/scripts/deploy.sh +++ b/.ci/scripts/deploy.sh @@ -1,6 +1,13 @@ #!/bin/bash -e #!/usr/bin/env bash +KUBE_FLAG="" +if + [ "$1" = "--minikube" ] || [ "$1" = "-m" ]; then + KUBE_FLAG="-m" +fi + + echo "Build pulp/pulpcore images" cd $GITHUB_WORKSPACE/containers/ cp $GITHUB_WORKSPACE/.ci/ansible/vars.yaml vars/vars.yaml @@ -11,7 +18,7 @@ cd $GITHUB_WORKSPACE echo "Test pulp/pulpcore images" sudo -E ./up.sh -.ci/scripts/pulp-operator-check-and-wait.sh +.ci/scripts/pulp-operator-check-and-wait.sh $KUBE_FLAG .ci/scripts/pulp_file-tests.sh docker images diff --git a/.ci/scripts/pulp-operator-check-and-wait.sh b/.ci/scripts/pulp-operator-check-and-wait.sh index 7322776a2..07dff80a6 100755 --- a/.ci/scripts/pulp-operator-check-and-wait.sh +++ b/.ci/scripts/pulp-operator-check-and-wait.sh @@ -6,16 +6,25 @@ # 2. Wait for pulp-operator to be deployed to the point that pulp-api is able to # serve requests. # -# Currently only tested with k3s rather than a full K8s implementation. +# Currently only tested with k3s & minikube rather than a full K8s implementation. # Uses generic K8s logic though. +KUBE="k3s" +if [[ "$1" == "--minikube" ]] || [[ "$1" == "-m" ]]; then + KUBE="minikube" + echo "Running $KUBE" + sleep 30 +fi + storage_debug() { echo "VOLUMES:" sudo $KUBECTL get pvc sudo $KUBECTL get pv df -h - sudo $KUBECTL -n local-path-storage get pod - sudo $KUBECTL -n local-path-storage logs $STORAGE_POD + if [ "$KUBE" = "k3s" ]; then + sudo $KUBECTL -n local-path-storage get pod + sudo $KUBECTL -n local-path-storage logs $STORAGE_POD + fi } # CentOS 7 /etc/sudoers does not include /usr/local/bin @@ -40,17 +49,18 @@ fi # Once the services are both up, the pods will be in a Pending state. # Before the services are both up, the pods may not exist at all. # So check for the services being up 1st. -for tries in {0..30}; do +for tries in {0..90}; do services=$(sudo $KUBECTL get services) - if [[ $(echo "$services" | grep -c NodePort) -eq 2 ]]; then + if [[ $(echo "$services" | grep -c NodePort) > 1 ]]; then # parse string like this. 30805 is the external port - # pulp-api NodePort 10.43.170.79 24817:30805/TCP 0s + # pulp-api-svc NodePort 10.43.170.79 24817:30805/TCP 0s API_PORT=$( echo "$services" | awk -F '[ :/]+' '/pulp-api/{print $6}') + SVC_NAME=$( echo "$services" | awk -F '[ :/]+' '/pulp-api/{print $1}') echo "SERVICES:" echo "$services" break else - if [[ $tries -eq 30 ]]; then + if [[ $tries -eq 90 ]]; then echo "ERROR 2: 1 or more external services never came up" echo "NAMESPACES:" sudo $KUBECTL get namespaces @@ -69,9 +79,11 @@ for tries in {0..30}; do sleep 5 done -# This needs to be down here. Otherwise, the storage pod may not be -# up in time. -STORAGE_POD=$(sudo $KUBECTL -n local-path-storage get pod | awk '/local-path-provisioner/{print $1}') +if [[ "$KUBE" == "k3s" ]]; then + # This needs to be down here. Otherwise, the storage pod may not be + # up in time. + STORAGE_POD=$(sudo $KUBECTL -n local-path-storage get pod | awk '/local-path-provisioner/{print $1}') +fi # NOTE: Before the pods can be started, they must be downloaded/cached from # quay.io . @@ -104,6 +116,12 @@ for tries in {0..180}; do sleep 5 done +if [[ "$KUBE" == "minikube" ]]; then + API_NODE="localhost" + kubectl port-forward service/$SVC_NAME $API_PORT:$API_PORT & + sleep 60 +fi + # Later tests in other scripts will use localhost:24817, which was not a safe # assumption at the time this script was originally written. URL=http://$API_NODE:$API_PORT/pulp/api/v3/status/ @@ -139,6 +157,10 @@ for tries in {0..120}; do sleep 5 elif echo "$output" | grep "Request timed out" ; then continue + elif echo "$output" | grep "HTTP/1.1 200 OK" ; then + echo "Successfully got the status page after _roughly_ $((tries * 5)) seconds" + echo "$output" + break elif [[ $rc ]] ; then echo "Successfully got the status page after _roughly_ $((tries * 5)) seconds" echo "$output" diff --git a/.ci/scripts/pulp_file-tests.sh b/.ci/scripts/pulp_file-tests.sh index db408fbfd..6bf26c613 100755 --- a/.ci/scripts/pulp_file-tests.sh +++ b/.ci/scripts/pulp_file-tests.sh @@ -1,13 +1,21 @@ #!/usr/bin/env bash # coding=utf-8 +KUBE="k3s" +SERVER=$(hostname) +if [[ "$1" == "--minikube" ]] || [[ "$1" == "-m" ]]; then + KUBE="minikube" + SERVER="localhost" + +fi + # From the pulp-server/pulp-api config-map -echo "machine $(hostname) +echo "machine $SERVER login admin password password\ " > ~/.netrc -export BASE_ADDR="http://$(hostname):24817" +export BASE_ADDR="http://$SERVER:24817" pushd pulp_file/docs/_scripts # Let's only do sync tests. diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e80896db2..e9ffc2264 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,10 +29,22 @@ jobs: sudo -E apt-get -yq --no-install-suggests --no-install-recommends install httpie echo ::endgroup:: echo "HTTPIE_CONFIG_DIR=$GITHUB_WORKSPACE/.ci/assets/httpie/" >> $GITHUB_ENV - echo "KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> $GITHUB_ENV echo "IMG=quay.io/pulp/pulp-operator:latest" >> $GITHUB_ENV echo "CI_TEST=true" >> $GITHUB_ENV shell: bash + - name: Install minikube + id: minikube + uses: CodingNagger/minikube-setup-action@v1.0.2 + with: + minikube-version: '1.17.1' + k8s-version: '1.20.2' + - name: Start minikube + run: | + minikube start --vm-driver=docker --extra-config=apiserver.service-node-port-range=80-32000 + - name: Try the cluster ! + run: kubectl get pods -A + - name: Setup a minikube docker env + run: minikube -p minikube docker-env | grep "export" | awk '{$1= ""; print $0}' >> $GITHUB_ENV - name: Build Operator run: | echo ::group::SDK @@ -40,11 +52,12 @@ jobs: sudo wget https://github.com/operator-framework/operator-sdk/releases/download/$CURRENT_VERSION/operator-sdk-$CURRENT_VERSION-x86_64-linux-gnu -O /usr/local/bin/operator-sdk sudo chmod +x /usr/local/bin/operator-sdk echo ::endgroup:: - sudo operator-sdk build quay.io/pulp/pulp-operator:latest - sudo docker images + eval $(minikube -p minikube docker-env) + sudo -E operator-sdk build quay.io/pulp/pulp-operator:latest + sudo -E docker images shell: bash - name: Test insta-demo - run: sudo -E insta-demo/pulp-insta-demo.sh + run: sudo -E insta-demo/pulp-insta-demo.sh -m shell: bash - name: After failure if: failure() @@ -55,6 +68,7 @@ jobs: sudo kubectl logs -l app=pulp-content --tail=10000 sudo kubectl logs -l app=pulp-worker --tail=10000 sudo kubectl logs -l app=pulp-resource-manager --tail=10000 + sudo kubectl logs -l app=pulp-web --tail=10000 http --timeout 30 --check-status --pretty format --print hb http://localhost:24817/pulp/api/v3/status/ components: @@ -79,10 +93,20 @@ jobs: echo "IMG=quay.io/pulp/pulp-operator:latest" >> $GITHUB_ENV echo "CI_TEST=true" >> $GITHUB_ENV shell: bash - - name: Install k3s + - name: Install minikube + id: minikube + uses: CodingNagger/minikube-setup-action@v1.0.2 + with: + minikube-version: '1.17.1' + k8s-version: '1.20.2' + - name: Start minikube run: | - sudo -E .ci/scripts/k3s-install.sh - shell: bash + minikube start --vm-driver=docker --extra-config=apiserver.service-node-port-range=80-32000 + # now you can run kubectl to see the pods in the cluster + - name: Try the cluster ! + run: kubectl get pods -A + - name: Setup a minikube docker env + run: minikube -p minikube docker-env | grep "export" | awk '{$1= ""; print $0}' >> $GITHUB_ENV - name: Build Operator run: | echo ::group::SDK @@ -90,14 +114,15 @@ jobs: sudo wget https://github.com/operator-framework/operator-sdk/releases/download/$CURRENT_VERSION/operator-sdk-$CURRENT_VERSION-x86_64-linux-gnu -O /usr/local/bin/operator-sdk sudo chmod +x /usr/local/bin/operator-sdk echo ::endgroup:: - sudo operator-sdk build quay.io/pulp/pulp-operator:latest - sudo docker images + eval $(minikube -p minikube docker-env) + sudo -E operator-sdk build quay.io/pulp/pulp-operator:latest + sudo -E docker images shell: bash - name: Deploy pulp-operator to K8s run: sudo -E ./up.sh shell: bash - name: Check and wait pulp-operator deploy - run: .ci/scripts/pulp-operator-check-and-wait.sh + run: .ci/scripts/pulp-operator-check-and-wait.sh -m shell: bash - name: Test all components run: | @@ -115,6 +140,7 @@ jobs: sudo kubectl logs -l app=pulp-content --tail=10000 sudo kubectl logs -l app=pulp-worker --tail=10000 sudo kubectl logs -l app=pulp-resource-manager --tail=10000 + sudo kubectl logs -l app=pulp-web --tail=10000 http --timeout 30 --check-status --pretty format --print hb http://localhost:24817/pulp/api/v3/status/ molecule: @@ -140,7 +166,7 @@ jobs: echo "CI_TEST=true" >> $GITHUB_ENV shell: bash - name: Install - run: pip3 install molecule[docker,lint] openshift jmespath + run: pip3 install molecule[docker,lint] openshift=0.11.0 jmespath - name: Molecule run: .ci/scripts/molecule.sh shell: bash @@ -175,10 +201,20 @@ jobs: echo "IMG=quay.io/pulp/pulp-operator:latest" >> $GITHUB_ENV echo "CI_TEST=true" >> $GITHUB_ENV shell: bash - - name: Install k3s + - name: Install minikube + id: minikube + uses: CodingNagger/minikube-setup-action@v1.0.2 + with: + minikube-version: '1.17.1' + k8s-version: '1.20.2' + - name: Start minikube run: | - sudo -E .ci/scripts/k3s-install.sh - shell: bash + minikube start --vm-driver=docker --extra-config=apiserver.service-node-port-range=80-32000 + # now you can run kubectl to see the pods in the cluster + - name: Try the cluster ! + run: kubectl get pods -A + - name: Setup a minikube docker env + run: minikube -p minikube docker-env | grep "export" | awk '{$1= ""; print $0}' >> $GITHUB_ENV - name: Build Operator run: | echo ::group::SDK @@ -186,8 +222,9 @@ jobs: sudo wget https://github.com/operator-framework/operator-sdk/releases/download/$CURRENT_VERSION/operator-sdk-$CURRENT_VERSION-x86_64-linux-gnu -O /usr/local/bin/operator-sdk sudo chmod +x /usr/local/bin/operator-sdk echo ::endgroup:: - sudo operator-sdk build quay.io/pulp/pulp-operator:latest - sudo docker images + eval $(minikube -p minikube docker-env) + sudo -E operator-sdk build quay.io/pulp/pulp-operator:latest + sudo -E docker images shell: bash - name: Setting secrets run: python3 .github/workflows/scripts/secrets.py "$SECRETS_CONTEXT" @@ -210,4 +247,5 @@ jobs: sudo kubectl logs -l app=pulp-content --tail=10000 sudo kubectl logs -l app=pulp-worker --tail=10000 sudo kubectl logs -l app=pulp-resource-manager --tail=10000 + sudo kubectl logs -l app=pulp-web --tail=10000 http --timeout 30 --check-status --pretty format --print hb http://localhost:24817/pulp/api/v3/status/ diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index da4f02d84..313e78430 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -70,10 +70,23 @@ jobs: sudo -E apt-get -yq --no-install-suggests --no-install-recommends install httpie echo ::endgroup:: echo "HTTPIE_CONFIG_DIR=$GITHUB_WORKSPACE/.ci/assets/httpie/" >> $GITHUB_ENV - echo "KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> $GITHUB_ENV echo "IMG=quay.io/pulp/pulp-operator:latest" >> $GITHUB_ENV echo "CI_TEST=true" >> $GITHUB_ENV shell: bash + - name: Install minikube + id: minikube + uses: CodingNagger/minikube-setup-action@v1.0.2 + with: + minikube-version: '1.17.1' + k8s-version: '1.20.2' + - name: Start minikube + run: | + minikube start --vm-driver=docker --extra-config=apiserver.service-node-port-range=80-32000 + # now you can run kubectl to see the pods in the cluster + - name: Try the cluster ! + run: kubectl get pods -A + - name: Setup a minikube docker env + run: minikube -p minikube docker-env | grep "export" | awk '{$1= ""; print $0}' >> $GITHUB_ENV - name: Build Operator run: | echo ::group::SDK @@ -81,13 +94,14 @@ jobs: sudo wget https://github.com/operator-framework/operator-sdk/releases/download/$CURRENT_VERSION/operator-sdk-$CURRENT_VERSION-x86_64-linux-gnu -O /usr/local/bin/operator-sdk sudo chmod +x /usr/local/bin/operator-sdk echo ::endgroup:: - sudo operator-sdk build quay.io/pulp/pulp-operator:latest - sudo docker images + eval $(minikube -p minikube docker-env) + sudo -E operator-sdk build quay.io/pulp/pulp-operator:latest + sudo -E docker images shell: bash - name: Test insta-demo env: FORKED_REPOSITORY: ${{ steps.head_repo_name.outputs.repo }} - run: sudo -E insta-demo/pulp-insta-demo.sh + run: sudo -E insta-demo/pulp-insta-demo.sh -m shell: bash - name: After failure if: failure() @@ -98,7 +112,11 @@ jobs: sudo kubectl logs -l app=pulp-content --tail=10000 sudo kubectl logs -l app=pulp-worker --tail=10000 sudo kubectl logs -l app=pulp-resource-manager --tail=10000 + sudo kubectl logs -l app=pulp-web --tail=10000 http --timeout 30 --check-status --pretty format --print hb http://localhost:24817/pulp/api/v3/status/ + # - name: Debugging example (uncomment when needed) + # if: failure() + # uses: mxschmitt/action-tmate@v3 components: runs-on: ubuntu-latest @@ -123,10 +141,20 @@ jobs: echo "IMG=quay.io/pulp/pulp-operator:latest" >> $GITHUB_ENV echo "CI_TEST=true" >> $GITHUB_ENV shell: bash - - name: Install k3s + - name: Install minikube + id: minikube + uses: CodingNagger/minikube-setup-action@v1.0.2 + with: + minikube-version: '1.17.1' + k8s-version: '1.20.2' + - name: Start minikube run: | - sudo -E .ci/scripts/k3s-install.sh - shell: bash + minikube start --vm-driver=docker --extra-config=apiserver.service-node-port-range=80-32000 + # now you can run kubectl to see the pods in the cluster + - name: Try the cluster ! + run: kubectl get pods -A + - name: Setup a minikube docker env + run: minikube -p minikube docker-env | grep "export" | awk '{$1= ""; print $0}' >> $GITHUB_ENV - name: Build Operator run: | echo ::group::SDK @@ -134,19 +162,20 @@ jobs: sudo wget https://github.com/operator-framework/operator-sdk/releases/download/$CURRENT_VERSION/operator-sdk-$CURRENT_VERSION-x86_64-linux-gnu -O /usr/local/bin/operator-sdk sudo chmod +x /usr/local/bin/operator-sdk echo ::endgroup:: - sudo operator-sdk build quay.io/pulp/pulp-operator:latest - sudo docker images + eval $(minikube -p minikube docker-env) + sudo -E operator-sdk build quay.io/pulp/pulp-operator:latest + sudo -E docker images shell: bash - name: Deploy pulp-operator to K8s run: sudo -E ./up.sh shell: bash - name: Check and wait pulp-operator deploy - run: .ci/scripts/pulp-operator-check-and-wait.sh + run: .ci/scripts/pulp-operator-check-and-wait.sh -m shell: bash - name: Test all components run: | git clone --depth=1 https://github.com/pulp/pulp_file.git - .ci/scripts/pulp_file-tests.sh + .ci/scripts/pulp_file-tests.sh -m shell: bash env: PY_COLORS: '1' @@ -159,7 +188,11 @@ jobs: sudo kubectl logs -l app=pulp-content --tail=10000 sudo kubectl logs -l app=pulp-worker --tail=10000 sudo kubectl logs -l app=pulp-resource-manager --tail=10000 + sudo kubectl logs -l app=pulp-web --tail=10000 http --timeout 30 --check-status --pretty format --print hb http://localhost:24817/pulp/api/v3/status/ + # - name: Debugging example (uncomment when needed) + # if: failure() + # uses: mxschmitt/action-tmate@v3 molecule: runs-on: ubuntu-latest @@ -185,7 +218,7 @@ jobs: echo "CI_TEST=true" >> $GITHUB_ENV shell: bash - name: Install - run: pip3 install molecule[docker,lint] openshift jmespath + run: pip3 install molecule[docker,lint] openshift==0.11.0 jmespath - name: Molecule run: .ci/scripts/molecule.sh shell: bash @@ -196,3 +229,6 @@ jobs: if: failure() run: | docker exec -it osdk-test-control-plane journalctl -S today --no-pager + # - name: Debugging example (uncomment when needed) + # if: failure() + # uses: mxschmitt/action-tmate@v3 diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..8094c4eae --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ + +# Ignore pyenv file +.python-version + +# Ignore pipenv files +Pipfile +Pipfile.lock + + +# Ignore generated container files +containers/images/pulp/Containerfile.core.p* +containers/images/pulp/Containerfile.web.p* diff --git a/CHANGES/5657.feature b/CHANGES/5657.feature new file mode 100644 index 000000000..459bc4bb6 --- /dev/null +++ b/CHANGES/5657.feature @@ -0,0 +1 @@ +Add deployment of nginx webserver with pulp snippets diff --git a/containers/build.yaml b/containers/build.yaml index 670701fd9..41b3356da 100644 --- a/containers/build.yaml +++ b/containers/build.yaml @@ -8,10 +8,10 @@ tasks: - import_tasks: common_tasks.yaml - - name: Generate per-image Dockerfiles from the Dockerfile template + - name: Generate per-image Containerfiles from the Containerfile template template: - src: images/pulp/Dockerfile.j2 - dest: "images/pulp/Dockerfile.{{ item.key }}" + src: images/pulp/{{ item.value.container_file}}.j2 + dest: "images/pulp/{{ item.value.container_file}}.{{ item.key }}" with_dict: "{{ images }}" - name: 'Build images' @@ -23,7 +23,7 @@ # 1-off-builds and Travis CI purposes (which has no cache across CI runs.) # Run build.yaml with -e cache=false if your builds are using outdated # layers. - command: "{{ container_cli }} build --network host --no-cache={{ not cache | default(true) | bool }} -t {{ item.value.image_name }}:{{ item.value.tag }} -f images/pulp/Dockerfile.{{ item.key }} ../.." + command: "{{ container_cli }} build --network host --no-cache={{ not cache | default(true) | bool }} -t {{ item.value.image_name }}:{{ item.value.tag }} -f images/pulp/{{ item.value.container_file}}.{{ item.key }} ../.." with_dict: "{{ images }}" # Try 3x due to random failures to download RPMs from Fedora. Due to 2 bug # so far that are getting fixed, but break builds in the meantime. diff --git a/containers/images/pulp/Dockerfile.j2 b/containers/images/pulp/Containerfile.core.j2 similarity index 99% rename from containers/images/pulp/Dockerfile.j2 rename to containers/images/pulp/Containerfile.core.j2 index e59fcfc11..1eb5a465d 100644 --- a/containers/images/pulp/Dockerfile.j2 +++ b/containers/images/pulp/Containerfile.core.j2 @@ -48,6 +48,7 @@ RUN dnf -y update && \ RUN pip install rhsm RUN mkdir -p /etc/pulp +RUN mkdir -p /var/lib/pulp/media RUN pip install gunicorn django-storages[boto3] {% if s3_test is defined %} diff --git a/containers/images/pulp/Containerfile.web.j2 b/containers/images/pulp/Containerfile.web.j2 new file mode 100644 index 000000000..497c24a50 --- /dev/null +++ b/containers/images/pulp/Containerfile.web.j2 @@ -0,0 +1,16 @@ +FROM {{ registry | default('quay.io') }}/{{ project | default('pulp') }}/{{ item.value.base_image_name | default('pulp') }}:{{ item.value.tag | default('latest') }} + +RUN dnf -y install nginx + +RUN mkdir -p /etc/nginx/pulp \ + /etc/services.d/nginx \ + /var/lib/pulp/assets + +COPY pulp-operator/containers/images/pulp/container-assets/nginx.conf /etc/nginx/nginx.conf +COPY pulp-operator/containers/images/pulp/container-assets/nginx /usr/bin/nginx +COPY pulp-operator/containers/images/pulp/container-assets/nginx-check /usr/bin/nginx-check + +RUN ln /usr/local/lib/python3.9/site-packages/pulp_ansible/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_ansible.conf +RUN ln /usr/local/lib/python3.9/site-packages/pulp_container/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_container.conf + +EXPOSE 80 diff --git a/containers/images/pulp/container-assets/nginx b/containers/images/pulp/container-assets/nginx new file mode 100755 index 000000000..1ea6d2f9d --- /dev/null +++ b/containers/images/pulp/container-assets/nginx @@ -0,0 +1,3 @@ +#!/bin/bash -x + +/usr/sbin/nginx diff --git a/containers/images/pulp/container-assets/nginx-check b/containers/images/pulp/container-assets/nginx-check new file mode 100755 index 000000000..145d5572a --- /dev/null +++ b/containers/images/pulp/container-assets/nginx-check @@ -0,0 +1,20 @@ +#!/bin/bash -x + +PULP_API_STATUS=$(/usr/bin/curl -I http://pulp-api-svc:24817/pulp/api/v3/status/ | head -n 1|cut -d$' ' -f2) + +echo $PULP_API_STATUS + +PULP_CONTENT_STATUS=$(/usr/bin/curl -I http://pulp-content-svc:24816/ | head -n 1|cut -d$' ' -f2) + +echo $PULP_CONTENT_STATUS + +if [[ "$PULP_API_STATUS" != "200" ]]; then + exit 1 +fi + +if [[ "$PULP_CONTENT_STATUS" > "404" ]]; then + exit 2 +fi + +exit 0 + diff --git a/containers/images/pulp/container-assets/nginx.conf b/containers/images/pulp/container-assets/nginx.conf new file mode 100644 index 000000000..60ed713ff --- /dev/null +++ b/containers/images/pulp/container-assets/nginx.conf @@ -0,0 +1,88 @@ +# TODO: Support IPv6. +# TODO: Configure SSL certificates. +# TODO: Maybe serve multiple `location`s, not just one. + +# The "nginx" package on fedora creates this user and group. +user nginx nginx; +# Gunicorn docs suggest this value. +worker_processes 1; +daemon off; +events { + worker_connections 1024; # increase if you have lots of clients + accept_mutex off; # set to 'on' if nginx worker_processes > 1 +} + +http { + include mime.types; + # fallback in case we can't determine a type + default_type application/octet-stream; + sendfile on; + + # If left at the default of 1024, nginx emits a warning about being unable + # to build optimal hash types. + types_hash_max_size 4096; + + upstream pulp-content { + server pulp-content-svc:24816; + } + + upstream pulp-api { + server pulp-api-svc:24817; + } + + server { + # Gunicorn docs suggest the use of the "deferred" directive on Linux. + listen 80 default_server deferred; + server_name $hostname; + + # The default client_max_body_size is 1m. Clients uploading + # files larger than this will need to chunk said files. + + # Gunicorn docs suggest this value. + keepalive_timeout 5; + + location /pulp/content/ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://pulp-content; + } + + location /pulp/api/v3/ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://pulp-api; + client_max_body_size 10m; + } + + location /auth/login/ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://pulp-api; + } + + include pulp/*.conf; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://pulp-api; + # static files are served through whitenoise - http://whitenoise.evans.io/en/stable/ + } + } +} diff --git a/containers/images/pulp/container-assets/pulp-common-entrypoint.sh b/containers/images/pulp/container-assets/pulp-common-entrypoint.sh index 7acedda33..c1bc3cff7 100755 --- a/containers/images/pulp/container-assets/pulp-common-entrypoint.sh +++ b/containers/images/pulp/container-assets/pulp-common-entrypoint.sh @@ -7,7 +7,7 @@ # can change our scripts' locations in the future, and call special logic in this # script based solely on theo command name. -if [[ "$@" = "pulp-content" || "$@" = "pulp-api" || "$@" = "pulp-worker" || "$@" = "pulp-resource-manager" ]]; then +if [[ "$@" = "pulp-content" || "$@" = "pulp-api" || "$@" = "pulp-worker" || "$@" = "pulp-resource-manager" || "$@" = "nginx" ]]; then exec "/usr/bin/$@" else exec "$@" diff --git a/containers/vars/defaults.yaml b/containers/vars/defaults.yaml index a3cd1afc5..9e0d57289 100644 --- a/containers/vars/defaults.yaml +++ b/containers/vars/defaults.yaml @@ -33,15 +33,18 @@ images: - pulpcore_stable: image_name: pulpcore tag: stable + container_file: Containerfile.core - pulpcore_master: image_name: pulpcore tag: latest + container_file: Containerfile.core # Must specify egg name here so that the Dockerfile can specify the # setuptools extra of postgres pulpcore: git+https://github.com/pulp/pulpcore.git#egg=pulpcore - pulp_stable_plugins_stable: image_name: pulp tag: stable + container_file: Containerfile.core plugins: - pulp-certguard - pulp-file @@ -54,6 +57,7 @@ images: - pulp_master_plugins_master: image_name: pulp tag: latest + container_file: Containerfile.core pulpcore: git+https://github.com/pulp/pulpcore.git#egg=pulpcore plugins: - "git+https://github.com/pulp/pulp-certguard.git" @@ -64,5 +68,15 @@ images: - "git+https://github.com/pulp/pulp_maven.git" - "git+https://github.com/pulp/pulp_python.git" - "git+https://github.com/pulp/pulp_rpm.git" + - pulp_web_stable: + image_name: pulp-web + tag: stable + container_file: Containerfile.web + base_image_name: pulp + - pulp_web_master: + image_name: pulp-web + tag: latest + container_file: Containerfile.web + base_image_name: pulp registry: quay.io project: pulp diff --git a/docs/roles/pulp-web.md b/docs/roles/pulp-web.md new file mode 120000 index 000000000..3ebf11457 --- /dev/null +++ b/docs/roles/pulp-web.md @@ -0,0 +1 @@ +../../roles/pulp-web/README.md \ No newline at end of file diff --git a/insta-demo/pulp-insta-demo.sh b/insta-demo/pulp-insta-demo.sh index 5cc82ccfa..b400d8aa2 100755 --- a/insta-demo/pulp-insta-demo.sh +++ b/insta-demo/pulp-insta-demo.sh @@ -8,12 +8,20 @@ # all-n-one "pulp" container with several plugins. FIXES=false +KUBE="k3s" +KUBE_FLAG="" +KUBE_CLEANUP="$ sudo /usr/local/bin/k3s-uninstall.sh" if [ "$1" = "--help" ] || [ "$1" == "-h" ]; then echo "Usage $0 [ -f | --fixes ]" exit 1 elif [ "$1" = "--fixes" ] || [ "$1" = "-f" ]; then FIXES=true +elif + [ "$1" = "--minikube" ] || [ "$1" = "-m" ]; then + KUBE="minikube" + KUBE_FLAG="-m" + KUBE_CLEANUP="minikube delete --all" fi failure_message() { @@ -22,7 +30,7 @@ failure_message() { echo "" echo "You can either try to fix the errors and re-run it," echo "or uninstall by running:" - echo "$ sudo /usr/local/bin/k3s-uninstall.sh" + echo "$KUBE_CLEANUP" exit 1 } @@ -79,7 +87,7 @@ if command -v git > /dev/null && [[ "$(basename `git rev-parse --show-toplevel`) fi else USER_REPO="pulp/pulp-operator" - BRANCH="master" + BRANCH="main" set -x fi URL=https://github.com/$USER_REPO/archive/$BRANCH.tar.gz @@ -92,16 +100,23 @@ else curl -SsL $URL | tar -xz || failure_message cd pulp-operator-$BRANCH || failure_message fi - -echo "=================================== K3S Install ===================================" -sudo -E .ci/scripts/k3s-install.sh --insta-demo || failure_message -echo "=================================== K3S Up ===================================" +if [ "$KUBE" == "k3s" ]; then + echo "=================================== K3S Install ===================================" + sudo -E .ci/scripts/k3s-install.sh --insta-demo || failure_message +fi +if [ "$BRANCH" != "main" ] && [ "$KUBE" == "minikube" ]; then + echo "=================================== Build Operator ===================================" + eval $(minikube -p minikube docker-env) || failure_message + sudo -E operator-sdk build quay.io/pulp/pulp-operator:latest || failure_message + sudo -E docker images || failure_message +fi +echo "=================================== Operator Up ===================================" sudo -E ./up.sh || failure_message echo "=================================== Check and wait ===================================" echo "" -.ci/scripts/pulp-operator-check-and-wait.sh || test $? = 100 || failure_message +.ci/scripts/pulp-operator-check-and-wait.sh $KUBE_FLAG || test $? = 100 || failure_message set +x echo "Pulp has been installed in insta-demo mode." echo "" echo "If you wish to uninstall, run:" -echo "$ sudo /usr/local/bin/k3s-uninstall.sh" +echo "$KUBE_CLEANUP" diff --git a/mkdocs.yml b/mkdocs.yml index 32f1b20d5..1ac826609 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -16,6 +16,7 @@ nav: - Pulp Resource Manager: roles/pulp-resource-manager.md - Pulp Routes: roles/pulp-routes.md - Pulp Worker: roles/pulp-worker.md + - Pulp Web: roles/pulp-web.md - Postgres: roles/postgres.md - Redis: roles/redis.md - Changelog: CHANGES.md diff --git a/playbook.yml b/playbook.yml index 687b2c9e2..4445b360f 100644 --- a/playbook.yml +++ b/playbook.yml @@ -28,6 +28,7 @@ registry: quay.io project: pulp image: pulp + image_web: pulp-web tag: stable pulp_file_storage: access_mode: "ReadWriteMany" @@ -39,3 +40,4 @@ - pulp-content - pulp-resource-manager - pulp-worker + - pulp-web diff --git a/roles/pulp-api/templates/pulp-api.service.yaml.j2 b/roles/pulp-api/templates/pulp-api.service.yaml.j2 index 6c6efd0b0..caf3cebf6 100644 --- a/roles/pulp-api/templates/pulp-api.service.yaml.j2 +++ b/roles/pulp-api/templates/pulp-api.service.yaml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: pulp-api + name: pulp-api-svc namespace: "{{ project_name }}" labels: app: pulp-api diff --git a/roles/pulp-content/templates/pulp-content.service.yaml.j2 b/roles/pulp-content/templates/pulp-content.service.yaml.j2 index d46741a50..a38088c20 100644 --- a/roles/pulp-content/templates/pulp-content.service.yaml.j2 +++ b/roles/pulp-content/templates/pulp-content.service.yaml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: pulp-content + name: pulp-content-svc namespace: "{{ project_name }}" labels: app: pulp-content diff --git a/roles/pulp-routes/templates/pulp-api.route.yaml.j2 b/roles/pulp-routes/templates/pulp-api.route.yaml.j2 index 62ba06a42..0930f95f6 100644 --- a/roles/pulp-routes/templates/pulp-api.route.yaml.j2 +++ b/roles/pulp-routes/templates/pulp-api.route.yaml.j2 @@ -9,6 +9,6 @@ metadata: spec: to: kind: Service - name: pulp-api + name: pulp-api-svc port: targetPort: pulp-api-24817 diff --git a/roles/pulp-routes/templates/pulp-content.route.yaml.j2 b/roles/pulp-routes/templates/pulp-content.route.yaml.j2 index bae73c4df..bb35ca6fc 100644 --- a/roles/pulp-routes/templates/pulp-content.route.yaml.j2 +++ b/roles/pulp-routes/templates/pulp-content.route.yaml.j2 @@ -9,6 +9,6 @@ metadata: spec: to: kind: Service - name: pulp-content + name: pulp-content-svc port: targetPort: pulp-content-24816 diff --git a/roles/pulp-web/README.md b/roles/pulp-web/README.md new file mode 100644 index 000000000..b6ceaaaa7 --- /dev/null +++ b/roles/pulp-web/README.md @@ -0,0 +1,37 @@ +Pulp Web +======== + +A role to setup Pulp 3's NGINX web proxy service. + +Requirements +------------ + +Requires the `openshift` Python library to interact with Kubernetes: `pip install openshift`. + +Role Variables +-------------- + +* `pulp_web`: A dictionary of pulp-web configuration + * `replicas`: Number of pod replicas. +* `registry`: The container registry. +* `project`: The project name e.g. user or org name at the container registry. +* `image`: The image name. +* `tag`: The tag name. + +Dependencies +------------ + +collections: + + - community.kubernetes + - operator_sdk.util + +License +------- + +GPLv2+ + +Author Information +------------------ + +[Pulp Team](https://pulpproject.org/) diff --git a/roles/pulp-web/defaults/main.yml b/roles/pulp-web/defaults/main.yml new file mode 100644 index 000000000..39963bd87 --- /dev/null +++ b/roles/pulp-web/defaults/main.yml @@ -0,0 +1,3 @@ +--- +pulp_web: + replicas: 1 diff --git a/roles/pulp-web/meta/main.yml b/roles/pulp-web/meta/main.yml new file mode 100644 index 000000000..1b6ea3a51 --- /dev/null +++ b/roles/pulp-web/meta/main.yml @@ -0,0 +1,31 @@ +--- +galaxy_info: + author: Pulp Team + description: A role to setup Pulp 3's NGINX web proxy service + issue_tracker_url: https://pulp.plan.io/projects/pulp/issues/new + license: GPL-2.0-or-later + company: Red Hat + min_ansible_version: 2.9 + platforms: + - name: Debian + versions: + - buster + - name: Fedora + versions: + - 30 + - 31 + - 32 + - 33 + - name: EL + versions: + - 7 + - 8 + galaxy_tags: + - pulp + - pulpcore +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. +collections: +- operator_sdk.util +- community.kubernetes diff --git a/roles/pulp-web/tasks/main.yml b/roles/pulp-web/tasks/main.yml new file mode 100644 index 000000000..b260c2aa2 --- /dev/null +++ b/roles/pulp-web/tasks/main.yml @@ -0,0 +1,15 @@ +--- + +- name: pulp-web deployment + community.kubernetes.k8s: + state: "{{ deployment_state }}" + definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml.j2') | from_yaml }}" + with_items: + - pulp-web + +- name: pulp-web service + community.kubernetes.k8s: + state: "{{ deployment_state }}" + definition: "{{ lookup('template', 'templates/' + item + '.service.yaml.j2') | from_yaml }}" + with_items: + - pulp-web diff --git a/roles/pulp-web/templates/pulp-web.deployment.yaml.j2 b/roles/pulp-web/templates/pulp-web.deployment.yaml.j2 new file mode 100644 index 000000000..427ee3571 --- /dev/null +++ b/roles/pulp-web/templates/pulp-web.deployment.yaml.j2 @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Deployment +metadata: + name: pulp-web + namespace: "{{ project_name }}" + labels: + app: pulp-web +spec: + replicas: {{ pulp_web.replicas }} + selector: + matchLabels: + app: pulp-web + template: + metadata: + labels: + app: pulp-web + spec: + containers: + - name: pulp-web + image: "{{ registry }}/{{ project }}/{{ image_web }}:{{ tag }}" + imagePullPolicy: "IfNotPresent" + # We set args, not command, so as to not override the entrypoint script + args: ["nginx"] + ports: + - protocol: TCP + containerPort: 80 + livenessProbe: + exec: + command: ["/usr/bin/nginx-check"] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + exec: + command: ["/usr/bin/nginx-check"] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + \ No newline at end of file diff --git a/roles/pulp-web/templates/pulp-web.service.yaml.j2 b/roles/pulp-web/templates/pulp-web.service.yaml.j2 new file mode 100644 index 000000000..831c6e9a5 --- /dev/null +++ b/roles/pulp-web/templates/pulp-web.service.yaml.j2 @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: pulp-web-svc + namespace: "{{ project_name }}" + labels: + app: pulp-web +spec: + selector: + app: pulp-web + ports: + - protocol: TCP + targetPort: 80 + name: pulp-web-80 + port: 80 + nodePort: 80 + type: NodePort