-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
developers: create a a dev environment and fix the db-proxy with it
This commit moves some "default" values that are aimed only at production into the secrets.yaml file (which overrides values.yaml on install). That allows values.yaml to contain dummy values and defaults that allow installing disposable dev environments from helm without modification. This adds a NOTES.txt file, which is templated out and is displayed on "helm install" so that specific commands and values can be shown to the user to complete their dev environment. Since Bitnami has the only helm repository with a public and functioning mediawiki, we are using that for mediawiki and mariadb for now. They are widely used charts that are well-regarded and professionally maintained. Bug: T260389
- Loading branch information
Brooke Storm
committed
Sep 25, 2020
1 parent
ab661d4
commit b3a348a
Showing
12 changed files
with
334 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,3 +5,4 @@ __pycache__/ | |
.mypy_cache/ | ||
charts/ | ||
requirements.lock | ||
dev-values.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
FROM alpine:3.12 | ||
|
||
RUN apk --no-cache add curl jq | ||
|
||
COPY install-oauth.sh /opt/install-oauth.sh | ||
COPY hack-localsettings.sh /opt/hack-localsettings.sh | ||
|
||
RUN chmod a+x /opt/install-oauth.sh | ||
RUN chmod a+x /opt/hack-localsettings.sh | ||
|
||
WORKDIR /opt/mediawiki |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/bin/ash | ||
|
||
if ! test -f /opt/mediawiki/LocalSettings.php; then | ||
echo "The settings file LocalSettings.php is missing!" | ||
exit 1 | ||
fi | ||
|
||
/bin/cat <<"EOF" >> /opt/mediawiki/LocalSettings.php | ||
wfLoadExtension( 'OAuth' ); | ||
$wgMWOAuthSecureTokenTransfer = false; | ||
$wgEmailAuthentication = false; | ||
$wgOAuthSecretKey = '0469807d667f4d6cdbf3ae772ea874d95518fbe41c59f73eb59169f7ed02b7d3'; | ||
$wgGroupPermissions['user']['mwoauthmanageconsumer'] = true; | ||
$wgGroupPermissions['user']['mwoauthproposeconsumer'] = true; | ||
$wgGroupPermissions['user']['mwoauthupdateownconsumer'] = true; | ||
$wgOAuthGroupsToNotify = [ 'sysop' ]; | ||
EOF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/ash | ||
|
||
extension_url=$(curl 'https://www.mediawiki.org/w/api.php?action=query&list=extdistbranches&edbexts=OAuth&formatversion=2&format=json' | jq -r .query.extdistbranches.extensions.OAuth.REL1_34) | ||
/usr/bin/curl -o OAuth.tar.gz "$extension_url" | ||
|
||
# Wait until the mediawiki pod creates the extensions dir in the PVC | ||
while ! test -d "/opt/mediawiki/extensions"; do | ||
sleep 1 | ||
done | ||
tar -xzf OAuth.tar.gz -C /opt/mediawiki/extensions | ||
chown -R 1001:0 /opt/mediawiki/extensions/OAuth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
Thank you for installing {{ .Chart.Name }}! | ||
{{- if or .Values.mediawiki.enabled }} | ||
|
||
An essential part of setting up your dev environment is adding a hosts file entry. | ||
Get the IP of minikube with: | ||
minikube ip | ||
Add these lines to your hosts file: | ||
<ip address> {{ (index .Values.mediawiki.ingress.hosts 0).name }} | ||
<ip address> {{ index .Values.jupyterhub.ingress.hosts 0 }} | ||
|
||
If you have never run the DB updates for the OAuth extension for your local | ||
Mediawiki instance. If this is true, you might want to delete the mediawiki pod to restart it | ||
with the new config (just in case) with: | ||
kubectl -n {{ .Release.Namespace }} delete $(kubectl get pods -n {{ .Release.Namespace }} -l app=mediawiki -o name) | ||
|
||
After giving that a chance to start back up, go to http://{{ (index .Values.mediawiki.ingress.hosts 0).name }}/mw_config/ | ||
|
||
From here follow the instructions at https://www.mediawiki.org/wiki/Manual:Upgrading#Web_browser | ||
to run the update.php script via your browser. This will create the necessary tables. | ||
|
||
You will need the value of $wgUpgradeKey from LocalSettings.php to run it. To get that, | ||
you can try running the following: | ||
kubectl -n {{ .Release.Namespace }} exec $(kubectl get pods -n {{ .Release.Namespace }} -l app=mediawiki -o name) -- cat /opt/bitnami/mediawiki/LocalSettings.php | grep wgUpgradeKey | ||
|
||
When that is done, you'll need to make an OAuth consumer in your local wiki. | ||
Your wiki login will be | ||
username: {{ .Values.mediawiki.mediawikiUser }} | ||
password: {{ .Values.mediawiki.mediawikiPassword }} | ||
|
||
If you have been following these directions, go to http://{{ (index .Values.mediawiki.ingress.hosts 0).name }}/wiki/Special:OAuthConsumerRegistration to create one. | ||
You must write down the output from that request setup or you won't get a second look at your secret easily. | ||
You'll need to approve it at http://{{ (index .Values.mediawiki.ingress.hosts 0).name }}/wiki/Special:OAuthManageConsumers after that. | ||
|
||
Now create a file called dev-values.yaml and add to it: | ||
jupyterhub: | ||
hub: | ||
extraEnv: | ||
MW_INDEX_URL: http://{{ (index .Values.mediawiki.ingress.hosts 0).name }}/index.php | ||
auth: | ||
mediawiki: | ||
clientId: <the client ID from your OAuth Consumer request> | ||
clientSecret: <the client secret from your OAuth Consumer request> | ||
indexUrl: http://{{ (index .Values.mediawiki.ingress.hosts 0).name }}/index.php | ||
|
||
Now run: | ||
helm -n {{ .Release.Namespace }} upgrade {{ .Release.Name }} paws/ -f dev-values.yaml | ||
Then you should be able to go to {{ index .Values.jupyterhub.ingress.hosts 0 }} and log in! | ||
Happy hacking. | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
{{ if .Values.mediawiki.enabled }} | ||
# We assume mediawiki is only enabled in a local dev environment, so... | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: scary-host-vol-builder | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
annotations: | ||
"helm.sh/hook": pre-install | ||
"helm.sh/hook-weight": "0" | ||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded | ||
spec: | ||
template: | ||
metadata: | ||
name: {{ printf "host-vols-%s" .Release.Name | quote }} | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" | ||
spec: | ||
restartPolicy: Never | ||
containers: | ||
- name: creating-host-vols | ||
image: {{ tpl .Values.mediawikiHacks.image.template . | quote }} | ||
command: | ||
- mkdir | ||
- -p | ||
- /mnt/mnt/nfs/dumps-labstore1006.wikimedia.org | ||
- /mnt/mnt/nfs/dumps-labstore1007.wikimedia.org | ||
- /mnt/public/dumps | ||
- /mnt/data/project/paws/userhomes | ||
volumeMounts: | ||
- mountPath: /mnt | ||
name: security-disaster-only-for-minikube | ||
volumes: | ||
- name: security-disaster-only-for-minikube | ||
hostPath: | ||
path: / | ||
--- | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: scary-host-vol-perm-fix | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
annotations: | ||
"helm.sh/hook": pre-install | ||
"helm.sh/hook-weight": "1" | ||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded | ||
spec: | ||
template: | ||
metadata: | ||
name: {{ printf "permission-fix-%s" .Release.Name | quote }} | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" | ||
spec: | ||
restartPolicy: Never | ||
containers: | ||
- name: fixingperms-host-vols | ||
image: {{ tpl .Values.mediawikiHacks.image.template . | quote }} | ||
command: | ||
- chown | ||
- -R | ||
- 52771:52771 | ||
- /mnt/data/project/paws/userhomes | ||
volumeMounts: | ||
- mountPath: /mnt | ||
name: security-disaster-only-for-minikube | ||
volumes: | ||
- name: security-disaster-only-for-minikube | ||
hostPath: | ||
path: / | ||
--- | ||
# minikube provisions a hostpath where extensions and config can be placed | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: mediawiki-hacks | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
annotations: | ||
"helm.sh/hook": post-install | ||
"helm.sh/hook-weight": "2" | ||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded | ||
spec: | ||
template: | ||
metadata: | ||
name: {{ printf "mediawiki-hacks-%s" .Release.Name | quote }} | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" | ||
spec: | ||
restartPolicy: Never | ||
containers: | ||
- name: mediawiki-config-hacks | ||
image: {{ tpl .Values.mediawikiHacks.image.template . | quote }} | ||
command: ["/opt/hack-localsettings.sh"] | ||
volumeMounts: | ||
- mountPath: /opt/mediawiki | ||
name: mediawiki-data | ||
subPath: mediawiki | ||
volumes: | ||
- name: mediawiki-data | ||
persistentVolumeClaim: | ||
claimName: {{ if .Values.mediawiki.persistence.existingClaim }}{{ .Values.mediawiki.persistence.existingClaim }}{{- else }}{{ template "mediawiki.fullname" . }}-mediawiki-mediawiki{{- end }} | ||
--- | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: mediawiki-oauth-install | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
annotations: | ||
"helm.sh/hook": post-install | ||
"helm.sh/hook-weight": "1" | ||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded | ||
spec: | ||
template: | ||
metadata: | ||
name: {{ printf "mediawiki-extension-%s" .Release.Name | quote }} | ||
labels: | ||
app.kubernetes.io/managed-by: {{ .Release.Service | quote }} | ||
app.kubernetes.io/instance: {{ .Release.Name | quote }} | ||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" | ||
spec: | ||
restartPolicy: Never | ||
containers: | ||
- name: mediawiki-extension-install | ||
image: {{ tpl .Values.mediawikiHacks.image.template . | quote }} | ||
command: ["/opt/install-oauth.sh"] | ||
volumeMounts: | ||
- mountPath: /opt/mediawiki | ||
name: mediawiki-data | ||
subPath: mediawiki | ||
volumes: | ||
- name: mediawiki-data | ||
persistentVolumeClaim: | ||
claimName: {{ if .Values.mediawiki.persistence.existingClaim }}{{ .Values.mediawiki.persistence.existingClaim }}{{- else }}{{ template "mediawiki.fullname" . }}-mediawiki-mediawiki{{- end }} | ||
{{ end }} |
Oops, something went wrong.