This is an automated email from the ASF dual-hosted git repository. zrhoffman pushed a commit to branch 6.0.x in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
commit 41351d7e138e4bd484ae0e2487f20c8d936550d4 Author: mattjackson220 <[email protected]> AuthorDate: Thu Oct 7 16:59:00 2021 -0600 Removed Riak from default CiaB (#6252) * Removed Riak from default CiaB * removed trafficvault from github action * updated per comments * updated Dockerfile and added wait for vault before creating DSes --- .github/actions/run-ciab/run-ciab.sh | 2 +- .github/workflows/tp.integration.tests.yml | 4 +-- .github/workflows/traffic-ops.yml | 4 +-- CHANGELOG.md | 2 ++ infrastructure/cdn-in-a-box/.gitignore | 2 +- infrastructure/cdn-in-a-box/README.md | 7 ---- .../cdn-in-a-box/docker-compose.expose-ports.yml | 5 --- infrastructure/cdn-in-a-box/docker-compose.yml | 19 ---------- .../docker-compose.traffic-vault.expose-ports.yml} | 16 ++++++--- .../docker-compose.traffic-vault.yml} | 41 ++++++++++++++++------ .../{ => optional}/traffic_vault/Dockerfile | 8 ++--- .../poststart.d/00-enable-security.sh | 0 .../poststart.d/01-add-search-group.sh | 0 .../poststart.d/02-add-search-schema.sh | 0 .../traffic_vault/prestart.d/00-config.sh | 0 .../{ => optional}/traffic_vault/run.sh | 0 .../{ => optional}/traffic_vault/sslkeys.xml | 0 .../cdn-in-a-box/traffic_ops/to-access.sh | 5 +++ .../cdn-in-a-box/traffic_ops/trafficops-init.sh | 8 +++++ infrastructure/cdn-in-a-box/variables.env | 4 +-- 20 files changed, 69 insertions(+), 58 deletions(-) diff --git a/.github/actions/run-ciab/run-ciab.sh b/.github/actions/run-ciab/run-ciab.sh index ba7f1d0..80c0e66 100755 --- a/.github/actions/run-ciab/run-ciab.sh +++ b/.github/actions/run-ciab/run-ciab.sh @@ -28,7 +28,7 @@ store_ciab_logs() { cd infrastructure/cdn-in-a-box; logged_services='trafficrouter readiness'; -other_services='dns edge enroller mid-01 mid-02 origin static trafficmonitor trafficops trafficstats trafficvault'; +other_services='dns edge enroller mid-01 mid-02 origin static trafficmonitor trafficops trafficstats'; docker_compose='docker-compose -f ./docker-compose.yml -f ./docker-compose.readiness.yml'; $docker_compose up -d $logged_services $other_services; $docker_compose logs -f $logged_services & diff --git a/.github/workflows/tp.integration.tests.yml b/.github/workflows/tp.integration.tests.yml index 4958a18..03caaaf 100644 --- a/.github/workflows/tp.integration.tests.yml +++ b/.github/workflows/tp.integration.tests.yml @@ -29,7 +29,7 @@ on: - .github/actions/tp-integration-tests/** - .github/workflows/tp.integration.tests.yml - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go @@ -42,7 +42,7 @@ on: - .github/actions/tp-integration-tests/** - .github/workflows/tp.integration.tests.yml - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go diff --git a/.github/workflows/traffic-ops.yml b/.github/workflows/traffic-ops.yml index 6114aeb..43cb6f5 100644 --- a/.github/workflows/traffic-ops.yml +++ b/.github/workflows/traffic-ops.yml @@ -31,7 +31,7 @@ on: - go.mod - go.sum - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go @@ -47,7 +47,7 @@ on: - go.mod - go.sum - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 954956c..65bedb4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). ## [6.0.1] - 2021-11-04 +### Changed +- [#5927](https://github.com/apache/trafficcontrol/issues/5927) Updated CDN-in-a-Box to not run a Riak container by default but instead only run it if the optional flag is provided. ## [6.0.0] - 2021-08-30 ### Added diff --git a/infrastructure/cdn-in-a-box/.gitignore b/infrastructure/cdn-in-a-box/.gitignore index b903ca7..61a7c54 100644 --- a/infrastructure/cdn-in-a-box/.gitignore +++ b/infrastructure/cdn-in-a-box/.gitignore @@ -19,4 +19,4 @@ /cache/ATS_VERSION /optional/vpn/vpnca /traffic_ops/ca -/traffic_vault/prestart.d/00-0-standalone-config.sh +/optional/traffic_vault/prestart.d/00-0-standalone-config.sh diff --git a/infrastructure/cdn-in-a-box/README.md b/infrastructure/cdn-in-a-box/README.md index 9797c1b..1f5a9ad 100644 --- a/infrastructure/cdn-in-a-box/README.md +++ b/infrastructure/cdn-in-a-box/README.md @@ -159,13 +159,6 @@ show you the default UI for interacting with the CDN - Traffic Portal. > <td align="left">Web interfaces on ports 3080 (HTTP) and 3443 (HTTPS), with > a DNS service on 53 and an API on 3333</td> > <td align="left">N/A</td> > <td align="left">N/A</td> -> </tr> -> <tr class="odd"> -> <td align="left">Traffic Vault</td> -> <td align="left">Riak key-value store on port 8010</td> -> <td align="left"><code>TV_ADMIN_USER</code> in variables.env</td> -> <td align="left"><code>TV_ADMIN_PASSWORD</code> in variables.env</td> -> </tr> > </tbody> > </table> > diff --git a/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml b/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml index b45b52d..b827ff5 100644 --- a/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml +++ b/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml @@ -47,11 +47,6 @@ services: influxdb: ports: - "8086:8086" - trafficvault: - ports: - - "8087:8087" - - "8088:8088" - - "8098:8098" edge: ports: - "9000:80" diff --git a/infrastructure/cdn-in-a-box/docker-compose.yml b/infrastructure/cdn-in-a-box/docker-compose.yml index 6533fef..1bdb3c5 100644 --- a/infrastructure/cdn-in-a-box/docker-compose.yml +++ b/infrastructure/cdn-in-a-box/docker-compose.yml @@ -163,25 +163,6 @@ services: volumes: - shared:/shared - # trafficvault runs a riak container to store private keys - trafficvault: - build: - context: . - dockerfile: traffic_vault/Dockerfile - depends_on: - - enroller - environment: - - CLUSTER_NAME=trafficvault - labels: - - "com.basho.riak.cluster.name=trafficvault" - volumes: - - schemas:/etc/riak/schemas - - shared:/shared - domainname: infra.ciab.test - env_file: - - variables.env - hostname: trafficvault - # edge cache edge: build: diff --git a/infrastructure/cdn-in-a-box/.gitignore b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml similarity index 80% copy from infrastructure/cdn-in-a-box/.gitignore copy to infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml index b903ca7..aaa8fb1 100644 --- a/infrastructure/cdn-in-a-box/.gitignore +++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml @@ -15,8 +15,14 @@ # specific language governing permissions and limitations # under the License. # -*.rpm -/cache/ATS_VERSION -/optional/vpn/vpnca -/traffic_ops/ca -/traffic_vault/prestart.d/00-0-standalone-config.sh +# Expose the trafficvault container on the host on ports 8087, 8088, and 8098 + +--- +version: '2.1' + +services: + trafficvault: + ports: + - "8087:8087" + - "8088:8088" + - "8098:8098" diff --git a/infrastructure/cdn-in-a-box/traffic_vault/run.sh b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml old mode 100755 new mode 100644 similarity index 52% copy from infrastructure/cdn-in-a-box/traffic_vault/run.sh copy to infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml index 5585d0c..c6ad2ef --- a/infrastructure/cdn-in-a-box/traffic_vault/run.sh +++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml @@ -1,5 +1,3 @@ -#!/usr/bin/env bash - # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -16,14 +14,37 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. +# +# +# This compose file will runs a riak container to store private keys. +# +# Below is an example of how to run the main compose with this file: +# +# docker-compose -f docker-compose.yml -f optional/docker-compose.traffic-vault.yml up +# -set-dns.sh -insert-self-into-dns.sh - -. /to-access.sh +--- +version: '2.1' -TO_URL=https://${TO_FQDN}:${TO_PORT} -TO_USER=$TV_USER -TO_PASSWORD=$TV_PASSWORD +services: + trafficvault: + build: + context: "" + dockerfile: optional/traffic_vault/Dockerfile + environment: + - CLUSTER_NAME=trafficvault + labels: + - "com.basho.riak.cluster.name=trafficvault" + volumes: + - schemas:/etc/riak/schemas + - shared:/shared + domainname: infra.ciab.test + env_file: + - variables.env + hostname: trafficvault -${RIAK_HOME}/riak-cluster.sh +volumes: + schemas: + external: false + shared: + external: false diff --git a/infrastructure/cdn-in-a-box/traffic_vault/Dockerfile b/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile similarity index 87% rename from infrastructure/cdn-in-a-box/traffic_vault/Dockerfile rename to infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile index ed08908..7583e75 100644 --- a/infrastructure/cdn-in-a-box/traffic_vault/Dockerfile +++ b/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile @@ -27,11 +27,11 @@ RUN echo 'APT::Install-Recommends 0;' >> /etc/apt/apt.conf.d/01norecommends \ && DEBIAN_FRONTEND=noninteractive apt-get install -y net-tools ca-certificates dnsutils gettext-base \ && rm -rf /var/lib/apt/lists/* && rm -rf /etc/apt/apt.conf.d/docker-gzip-indexes -ADD traffic_vault/prestart.d/* /etc/riak/prestart.d/ -ADD traffic_vault/poststart.d/* /etc/riak/poststart.d/ +ADD optional/traffic_vault/prestart.d/* /etc/riak/prestart.d/ +ADD optional/traffic_vault/poststart.d/* /etc/riak/poststart.d/ ADD enroller/server_template.json \ - traffic_vault/run.sh \ - traffic_vault/sslkeys.xml \ + optional/traffic_vault/run.sh \ + optional/traffic_vault/sslkeys.xml \ traffic_ops/to-access.sh \ / diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/00-enable-security.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/00-enable-security.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/00-enable-security.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/00-enable-security.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/01-add-search-group.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/01-add-search-group.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/01-add-search-group.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/01-add-search-group.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/02-add-search-schema.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/02-add-search-schema.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/02-add-search-schema.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/02-add-search-schema.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-config.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/prestart.d/00-config.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-config.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/prestart.d/00-config.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/run.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/run.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/run.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/run.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/sslkeys.xml b/infrastructure/cdn-in-a-box/optional/traffic_vault/sslkeys.xml similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/sslkeys.xml rename to infrastructure/cdn-in-a-box/optional/traffic_vault/sslkeys.xml diff --git a/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh b/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh index c70e3ca..0eab594 100755 --- a/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh +++ b/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh @@ -90,6 +90,11 @@ CREDS fi } +tv-ping() { + to-auth && \ + curl $CURLAUTH $CURLOPTS --cookie "$COOKIEJAR" -X GET "$TO_URL/api/$TO_API_VERSION/vault/ping" +} + to-ping() { # ping endpoint does not require authentication curl $CURLAUTH $CURLOPTS -X GET "$TO_URL/api/$TO_API_VERSION/ping" diff --git a/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh b/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh index 7ab3b35..851be01 100755 --- a/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh +++ b/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh @@ -108,6 +108,14 @@ load_data_from() { touch "$ENROLLER_DIR/initial-load-done" sync fi + if [[ "$d" = 'deliveryservices' ]]; then + # Traffic Vault must be accepting connections before enroller can start + until tv-ping; do + echo "Waiting for Traffic Vault to accept connections" + sleep 5 + done + fi + [[ -d $d ]] || continue for f in $(find "$d" -name "*.json" -type f); do echo "Loading $f" diff --git a/infrastructure/cdn-in-a-box/variables.env b/infrastructure/cdn-in-a-box/variables.env index 5d241f4..eda91da 100644 --- a/infrastructure/cdn-in-a-box/variables.env +++ b/infrastructure/cdn-in-a-box/variables.env @@ -15,7 +15,7 @@ # specific language governing permissions and limitations # under the License. TV_AES_KEY_LOCATION=/opt/traffic_ops/app/conf/aes.key -# Unset TV_BACKEND to use riak as the traffic_vault backend +# Unset TV_BACKEND to use riak as the traffic_vault backend and run the traffic_vault image from the optional directory TV_BACKEND=postgres TLD_DOMAIN=ciab.test INFRA_SUBDOMAIN=infra @@ -131,6 +131,6 @@ TV_HTTP_PORT=8098 TV_HTTPS_PORT=8088 ENROLLER_DIR=/shared/enroller AUTO_SNAPQUEUE_ENABLED=true -AUTO_SNAPQUEUE_SERVERS=trafficops,trafficmonitor,trafficrouter,trafficvault,edge,mid-01,mid-02 +AUTO_SNAPQUEUE_SERVERS=trafficops,trafficmonitor,trafficrouter,edge,mid-01,mid-02 AUTO_SNAPQUEUE_POLL_INTERVAL=2 AUTO_SNAPQUEUE_ACTION_WAIT=2
