feat: Support single node instance persistance and auth

Server changes: * Optional listening on unix domain socket. * Local system root detection and auto authentication on UDS connection. * TLS support. tigris_server2 is started with TLS and tests are run through TLS on it. Due to cmux limitations it can only be routed to HTTP or GRPC, so there is an option added to control this `server.tls_http` * Test server configs moved to `test/config/server.{test,test2}.yaml` Teste secrets move to `test/config/keys/*`. Single node instance improvement made as part of `tigrisdata/tigris-local` container. The service is configured and started using `scripts/service-local.sh` in the container. The follwing configuration available: * TIGRIS_BOOTSTRAP_LOCAL_AUTH - initialize authentication on first instance start. It creates necessary tokens, users, namespaces for server <-> gotrue interconnection. * TIGRIS_LOCAL_PERSISTENCE initializes FDB in ssd mode vs memory. * TIGRIS_LOCAL_GENERATE_ADMIN_TOKEN produces admin user token in the data directory (./user_admin_token.txt). This not necessary on unix compatible system, where we can detect container owner by peer. * TIGRIS_SKIP_LOCAL_AUTH allows to temporary disable authenticaion on already initialized system. * TIGRIS_LOCAL_DEBUG can be set to enable debug logging in `./init.log` Bootstrap can only be initiated if the data directory is empty, it's noop otherwise. ``` docker run -e TIGRIS_BOOTSTRAP_LOCAL_AUTH=1 \ -e TIGRIS_LOCAL_PERSISTENCE=1 \ -e TIGRIS_LOCAL_GENERATE_ADMIN_TOKEN=1 \ --name my-tigris -v $TMPDIR:/var/lib/tigris \ -d -p $HOST_PORT:8081 tigrisdata/tigris-local ``` This is the structure of the persistence volume: ``` /var/lib/tigris/ ├── foundationdb │ ├── data │ │ ├── coordination-0.fdq │ │ ├── coordination-1.fdq │ │ ├── log2-V_6-3c801d05cd47c75a120e968dce9187a9.sqlite │ │ ├── log2-V_6-3c801d05cd47c75a120e968dce9187a9.sqlite-wal │ │ ├── logqueue-V_6-3c801d05cd47c75a120e968dce9187a9-0.fdq │ │ ├── processId │ │ ├── storage-1b4c5b99aff541f54264fa55e20b84b3.sqlite │ │ └── storage-1b4c5b99aff541f54264fa55e20b84b3.sqlite-wal │ └── logs │ └── trace.127.0.0.1.4500.1685517319.uq6Q1t.1.31.xml ├── gotrue │ ├── config │ │ ├── key │ │ ├── key_pem.pub │ │ └── key.pub │ ├── data │ └── logs │ ├── stderr │ └── stdout ├── initialized ├── init.log ├── server │ ├── config │ │ └── server.yaml │ ├── data │ ├── logs │ │ ├── stderr │ │ └── stdout │ └── unix.sock ├── typesense │ ├── config │ │ └── typesense-server.ini │ ├── data │ │ ├── db │ │ │ ├── 000234.log │ │ │ ├── 000236.sst │ │ │ ├── archive │ │ │ │ ├── 000005.log │ │ │ │ └── 000232.log │ │ │ ├── CURRENT │ │ │ ├── IDENTITY │ │ │ ├── LOCK │ │ │ ├── LOG │ │ │ ├── MANIFEST-000004 │ │ │ └── OPTIONS-000007 │ │ ├── meta │ │ │ ├── 000015.log │ │ │ ├── archive │ │ │ ├── CURRENT │ │ │ ├── IDENTITY │ │ │ ├── LOCK │ │ │ ├── LOG │ │ │ ├── LOG.old.1685517292544545 │ │ │ ├── LOG.old.1685517319188484 │ │ │ ├── MANIFEST-000014 │ │ │ ├── OPTIONS-000012 │ │ │ └── OPTIONS-000017 │ │ └── state │ │ ├── log │ │ │ ├── log_inprogress_00000000000000000001 │ │ │ └── log_meta │ │ ├── meta │ │ │ └── raft_meta │ │ └── snapshot │ │ └── snapshot_00000000000000000482 │ │ ├── db_snapshot │ │ │ ├── 000231.sst │ │ │ ├── CURRENT │ │ │ ├── MANIFEST-000004 │ │ │ └── OPTIONS-000007 │ │ └── __raft_snapshot_meta │ └── logs │ └── typesense.log └── user_admin_token.txt ```
tigrisdata-archive · Jun 6, 2023 · b2eec4c · b2eec4c
1 parent ca2e6e5
commit b2eec4c
Show file tree

Hide file tree

Showing 40 changed files with 1,309 additions and 255 deletions.
diff --git a/.github/workflows/test-docker-local-image.yaml b/.github/workflows/test-docker-local-image.yaml
@@ -6,11 +6,7 @@ on:
       - docker/Dockerfile.local
       - scripts/install_local_deps.sh
       - .github/workflows/test-docker-local-image.yaml
-  merge_group:
-    paths:
-      - docker/Dockerfile.local
-      - scripts/install_local_deps.sh
-      - .github/workflows/test-docker-local-image.yaml
+      - scripts/test_docker_local.sh
   push:
     branches:
       - main
@@ -24,15 +20,5 @@ jobs:
         with:
           submodules: true
 
-      - name: Build local image
-        run: make docker-local
-
-      - name: Run local image
-        run: docker run -d -p 8081:8081 tigris_local
-
-      - name: Run CLI tests
-        run: |
-          curl -sSL https://tigris.dev/cli-linux | tar -xz -C .
-          TIGRIS_URL=localhost:8081 ./tigris ping --timeout 20s
-          TIGRIS_TEST_PORT=8081 TIGRIS_CLI_TEST_FAST=1 noup=1 /bin/bash test/v1/cli/main.sh
-
+      - name: Run tests
+        run: SUDO=sudo /bin/bash scripts/test_docker_local.sh
diff --git a/Makefile b/Makefile
@@ -58,7 +58,7 @@ local_test: generate lint
 local_run: server
 	$(DOCKER_COMPOSE) up --no-build --detach tigris_search tigris_db2 tigris_cache
 	fdbcli -C ./test/config/fdb.cluster --exec "configure new single memory" || true
-	./server/service -c config/server.dev.yaml
+	./server/service -c test/config/server.dev.yaml
 
 # Start local instance with server running on the host in realtime mode.
 # This is useful for debugging the server. The process is attachable from IDE.

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -41,9 +41,10 @@ RUN groupadd -r tigris && useradd -r -s /bin/false -g tigris tigris
 RUN mkdir -p /server /etc/tigrisdata/tigris /etc/foundationdb/
 
 ARG BUILD_PROFILE=""
+ARG CONF_PATH=""
 
 COPY --from=build /build/server/service /server/service
-COPY --from=build /build/config/server${BUILD_PROFILE}.yaml /etc/tigrisdata/tigris
+COPY --from=build /build/${CONF_PATH}config/server${BUILD_PROFILE}.yaml /etc/tigrisdata/tigris
 COPY --from=build /usr/lib/libfdb_c.so /usr/lib/libfdb_c.so
 COPY --from=build /usr/bin/fdbcli /usr/bin/fdbcli
 

diff --git a/docker/Dockerfile.local b/docker/Dockerfile.local
@@ -20,11 +20,13 @@ RUN go mod download
 COPY . /build
 RUN --mount=type=cache,target=/root/.cache/go-build rm -f server/service && make bins
 
+RUN go install -tags tigris_http,tigris_grpc -ldflags "-w -s" github.com/tigrisdata/gotrue@latest
+
 FROM ubuntu:20.04 AS server
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-    ca-certificates \
+    ca-certificates openssh-client jq \
     curl && apt-get clean
 
 COPY scripts/install_local_docker_deps.sh /tmp/
@@ -35,15 +37,16 @@ RUN rm -rf /etc/apt/* /var/lib/dpkg/* /var/lib/apt/*
 # Setup an unprivileged user
 RUN groupadd -r tigris && useradd -r -s /bin/false -g tigris tigris
 
-RUN mkdir -p /server /etc/tigrisdata/tigris /etc/foundationdb /var/lib/foundationdb/logs
+RUN mkdir -p /server /etc/tigrisdata/tigris
 
 COPY --from=build /build/server/service /server/service
 COPY --from=build /build/config/server.yaml /etc/tigrisdata/tigris
 COPY --from=build /usr/lib/libfdb_c.so /usr/lib/libfdb_c.so
 COPY --from=build /usr/bin/fdbcli /usr/bin/fdbcli
+COPY --from=build /root/go/bin/gotrue /usr/bin/gotrue
 
 RUN chown -R tigris:tigris /server /etc/tigrisdata/tigris
-COPY docker/service-local.sh /server/service.sh
+COPY scripts/service-local.sh /server/service.sh
 
 EXPOSE 8081
 

diff --git a/docker/service-local.sh b/docker/service-local.sh
diff --git a/scripts/install_local_docker_deps.sh b/scripts/install_local_docker_deps.sh
@@ -13,9 +13,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
 set -ex
 
+D=/var/lib/tigris
+
 ARCH=$(dpkg --print-architecture)
 
 case "${ARCH}" in
@@ -69,5 +70,7 @@ curl --create-dirs -Lo "$TS_PACKAGE_PATH" "https://dl.typesense.org/releases/${T
 dpkg --unpack "$TS_PACKAGE_PATH"
 rm -f /var/lib/dpkg/info/typesense-server.postinst
 dpkg --configure typesense-server
-sed -i "s/\$API_KEY/ts_dev_key/g" /etc/typesense/typesense-server.ini && \
-rm -f "$TS_PACKAGE_PATH"
+rm -rf /var/lib/typesense /etc/typesense
+
+mkdir $D
+