diff --git a/.env b/.env index 7bd1a2c..6f38f50 100644 --- a/.env +++ b/.env @@ -1,7 +1,9 @@ +export DATACAT=1 export docker_group=$(getent group docker | cut -d: -f3) -export domain=local.wholetale.org +export domain=local.xarthisius.xyz +#export domain=wt.xarthisius.xyz export registry_user=fido export registry_pass=secretpass -export r2d_version=wholetale/repo2docker_wholetale:latest +export r2d_version=xarthisius/repo2docker_wholetale:20240926 export girderfs_image=wholetale/girderfs:latest export matlab_file_installation_key=secretkey diff --git a/.gitignore b/.gitignore index 596675d..fe4aa2b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ +volumes/ src/* registry/docker traefik/access.log traefik/acme +traefik/certs/*.pem homes/* ps/* diff --git a/Makefile b/Makefile index 3f8f61c..3fd431a 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ -.PHONY: clean dirs dev images gwvolman_src wholetale_src dms_src home_src sources \ +.PHONY: clean dirs dev images gwvolman_src wholetale_src dms_src home_src sources_wt \ rebuild_dashboard watch_dashboard \ - restart_worker restart_girder globus_handler_src status update_src + restart_worker restart_girder globus_handler_src status update_src certs -SUBDIRS = src volumes/ps volumes/workspaces volumes/homes volumes/base volumes/versions volumes/runs volumes/licenses volumes/mountpoints volumes/tmp +SUBDIRS = src volumes/ps volumes/workspaces volumes/homes volumes/base volumes/versions volumes/runs volumes/licenses volumes/mountpoints volumes/tmp volumes/minio TAG = latest MEM_LIMIT = 2048 NODE = node --max_old_space_size=${MEM_LIMIT} @@ -11,14 +11,37 @@ YARN = /usr/local/bin/yarn images: docker pull traefik:alpine - docker pull mongo:3.2 + docker pull mongo:4.4 docker pull redis:latest docker pull registry:2.6 docker pull node:carbon-slim - docker pull wholetale/girder:$(TAG) - docker pull wholetale/gwvolman:$(TAG) - docker pull wholetale/repo2docker_wholetale:$(TAG) - docker pull wholetale/ngx-dashboard:$(TAG) + docker pull xarthisius/girder:$(TAG) + docker pull xarthisius/gwvolman:$(TAG) + docker pull xarthisius/repo2docker_wholetale:$(TAG) + docker pull xarthisius/ngx-dashboard:$(TAG) + +.env: + curl -s -o .env https://wt.xarthisius.xyz/wt_local_env + +traefik/certs: + mkdir -p traefik/certs + +traefik/certs/fullchain.pem: traefik/certs + curl -s -o traefik/certs/fullchain.pem https://wt.xarthisius.xyz/wt_local_cert + +traefik/certs/privkey.pem: traefik/certs + curl -s -o traefik/certs/privkey.pem https://wt.xarthisius.xyz/wt_local_key + +certs: .env traefik/certs/fullchain.pem traefik/certs/privkey.pem + +src/sem_viewer: + git clone https://github.com/htmdec/sem_viewer src/sem_viewer + +src/table_view: + git clone https://github.com/htmdec/table_view src/table_view + +src/synced_folders: + git clone https://github.com/whole-tale/synced_folders src/synced_folders src/girderfs: git clone https://github.com/whole-tale/girderfs src/girderfs @@ -47,14 +70,14 @@ src/globus_handler: src/ngx-dashboard: git clone https://github.com/whole-tale/ngx-dashboard src/ngx-dashboard -sources: src src/gwvolman src/wholetale src/wt_data_manager src/wt_home_dir src/globus_handler src/girderfs src/ngx-dashboard src/virtual_resources src/wt_versioning +sources_wt: src src/gwvolman src/wholetale src/wt_data_manager src/wt_home_dir src/globus_handler src/girderfs src/ngx-dashboard src/virtual_resources src/wt_versioning src/sem_viewer src/table_view src/synced_folders certs dirs: $(SUBDIRS) $(SUBDIRS): @sudo mkdir -p $@ -services: dirs sources +services: dirs sources_wt dev: services . ./.env && docker stack config --compose-file docker-stack.yml | docker stack deploy --compose-file - wt @@ -65,24 +88,10 @@ dev: services cid=$$(docker ps --filter=name=wt_girder -q) ; \ done; \ true - docker exec -ti $$(docker ps --filter=name=wt_girder -q) girder-install plugin plugins/wt_data_manager plugins/wholetale plugins/wt_home_dir plugins/globus_handler plugins/virtual_resources plugins/wt_versioning - docker exec -ti $$(docker ps --filter=name=wt_girder -q) girder-install web --dev --plugins=oauth,gravatar,jobs,worker,wt_data_manager,wholetale,wt_home_dir,globus_handler - docker exec --user=root -ti $$(docker ps --filter=name=wt_girder -q) pip install -r /gwvolman/requirements.txt -e /gwvolman - docker exec --user=root -ti $$(docker ps --filter=name=wt_girder -q) pip install -e /girderfs - ./setup_girder.py + . ./.env && ./setup_girder.py restart_girder: - which jq || (echo "Please install jq to execute the 'restart_girder' make target" && exit 1) - docker exec --user=root -ti $$(docker ps --filter=name=wt_girder -q) pip install -r /gwvolman/requirements.txt -e /gwvolman - docker exec -ti $$(docker ps --filter=name=wt_girder -q) \ - curl -XPUT -s 'http://localhost:8080/api/v1/system/restart' \ - --header 'Content-Type: application/json' \ - --header 'Accept: application/json' \ - --header 'Content-Length: 0' \ - --header "Girder-Token: $$(docker exec -ti $$(docker ps --filter=name=wt_girder -q) \ - curl 'http://localhost:8080/api/v1/user/authentication' \ - --basic --user admin:arglebargle123 \ - | jq -r .authToken.token)" + docker exec --user=root -ti $$(docker ps --filter=name=wt_girder -q) touch /venv/lib/python3.12/site-packages/requests/__init__.py rebuild_dashboard: docker run \ @@ -95,6 +104,8 @@ rebuild_dashboard: -w /srv/app node:fermium \ -c 'yarn install --network-timeout=360000 && \ ./node_modules/@angular/cli/bin/ng build --deleteOutputPath=false --progress' + sudo touch src/ngx-dashboard/dist/browser/assets/env.js + sudo chown 101:101 src/ngx-dashboard/dist/browser/assets/env.js watch_dashboard: docker run \ @@ -143,6 +154,7 @@ clean: sudo rm -rf volumes/$$dir ; \ done; true -docker volume rm wt_mongo-cfg wt_mongo-data + rm -rf traefik/certs || true status: @-./scripts/git_status.sh diff --git a/README.md b/README.md index 69fb744..40a0e1f 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,14 @@ Run: make dev ``` +or + +``` +DATACAT=1 make dev +``` + +for WholeTale flavor operating on local data. + To confirm things are working, all `REPLICAS` should show `1/1` ``` $ docker service ls diff --git a/dagster.yaml b/dagster.yaml new file mode 100644 index 0000000..8572b29 --- /dev/null +++ b/dagster.yaml @@ -0,0 +1,66 @@ +telemetry: + enabled: false + +scheduler: + module: dagster.core.scheduler + class: DagsterDaemonScheduler + +run_coordinator: + module: dagster.core.run_coordinator + class: QueuedRunCoordinator + +run_launcher: + module: dagster_docker + class: DockerRunLauncher + config: + env_vars: + - DAGSTER_POSTGRES_USER + - DAGSTER_POSTGRES_PASSWORD + - DAGSTER_POSTGRES_DB + network: wt_dagster + container_kwargs: + volumes: # Make docker client accessible to any launched containers as well + - /var/run/docker.sock:/var/run/docker.sock + - /tmp/io_manager_storage:/tmp/io_manager_storage + +run_storage: + module: dagster_postgres.run_storage + class: PostgresRunStorage + config: + postgres_db: + hostname: postgresql + username: + env: DAGSTER_POSTGRES_USER + password: + env: DAGSTER_POSTGRES_PASSWORD + db_name: + env: DAGSTER_POSTGRES_DB + port: 5432 + +schedule_storage: + module: dagster_postgres.schedule_storage + class: PostgresScheduleStorage + config: + postgres_db: + hostname: postgresql + username: + env: DAGSTER_POSTGRES_USER + password: + env: DAGSTER_POSTGRES_PASSWORD + db_name: + env: DAGSTER_POSTGRES_DB + port: 5432 + +event_log_storage: + module: dagster_postgres.event_log + class: PostgresEventLogStorage + config: + postgres_db: + hostname: postgresql + username: + env: DAGSTER_POSTGRES_USER + password: + env: DAGSTER_POSTGRES_PASSWORD + db_name: + env: DAGSTER_POSTGRES_DB + port: 5432 diff --git a/dev_images.json b/dev_images.json index ce5d985..458baee 100644 --- a/dev_images.json +++ b/dev_images.json @@ -6,222 +6,12 @@ "memLimit": "2048m", "port": 8888, "targetMount": "/home/jovyan/work", - "urlPath": "?token={token}", - "user": "jovyan" - }, - "icon": "https://raw.githubusercontent.com/whole-tale/jupyter-base/master/squarelogo-greytext-orangebody-greymoons.png", - "iframe": true, - "name": "Jupyter Notebook", - "public": true - }, - { - "config": { - "buildpack": "RBuildPack", - "command": "jupyter notebook --no-browser --port {port} --ip=0.0.0.0 --NotebookApp.token={token} --NotebookApp.base_url=/{base_path} --NotebookApp.port_retries=0", - "memLimit": "2048m", - "port": 8888, - "targetMount": "/home/jovyan/work", - "urlPath": "?token={token}", - "user": "jovyan" - }, - "icon": "https://raw.githubusercontent.com/whole-tale/jupyter-base/master/squarelogo-greytext-orangebody-greymoons.png", - "iframe": true, - "name": "Jupyter with R", - "public": true - }, - { - "config": { - "buildpack": "SparkBuildPack", - "command": "jupyter notebook --no-browser --port {port} --ip=0.0.0.0 --NotebookApp.token={token} --NotebookApp.base_url=/{base_path} --NotebookApp.port_retries=0", - "memLimit": "2048m", - "port": 8888, - "targetMount": "/home/jovyan/work", "urlPath": "lab?token={token}", "user": "jovyan" }, "icon": "https://raw.githubusercontent.com/whole-tale/jupyter-base/master/squarelogo-greytext-orangebody-greymoons.png", "iframe": true, - "name": "Jupyter with Spark", - "public": true - }, - { - "config": { - "buildpack": "PythonBuildPack", - "command": "jupyter notebook --no-browser --port {port} --ip=0.0.0.0 --NotebookApp.token={token} --NotebookApp.base_url=/{base_path} --NotebookApp.port_retries=0", - "memLimit": "2048m", - "port": 8888, - "targetMount": "/home/jovyan/work", - "urlPath": "lab?token={token}", - "user": "jovyan" - }, - "icon": "https://raw.githubusercontent.com/whole-tale/jupyter-base/master/squarelogo-greytext-orangebody-greymoons.png", - "iframe": true, - "name": "JupyterLab", - "public": true - }, - { - "config": { - "buildpack": "MatlabBuildPack", - "command": "matlab-jupyter-app", - "csp": "default-src 'self' *.mathworks.com:*; style-src 'self' 'unsafe-inline' *.mathworks.com:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mathworks.com:*; img-src 'self' *.mathworks.com:* data:; frame-ancestors 'self' *.mathworks.com:* dashboard.local.wholetale.org; frame-src 'self' *.mathworks.com:*; connect-src 'self' *.mathworks.com:* wss://localhost:* wss://127.0.0.1:*", - "environment": [ - "VERSION=R2020bMWI_BASE_URL=/matlab", - "MWI_APP_PORT=8888" - ], - "memLimit": "2048m", - "port": 8888, - "targetMount": "/home/jovyan/work", - "urlPath": "matlab/index.html", - "user": "jovyan" - }, - "icon": "https://upload.wikimedia.org/wikipedia/commons/thumb/2/21/Matlab_Logo.png/267px-Matlab_Logo.png", - "idleTimeout": 120, - "iframe": true, - "name": "MATLAB (Desktop)", - "public": true - }, - { - "config": { - "buildpack": "MatlabBuildPack", - "command": "jupyter notebook --no-browser --port {port} --ip=0.0.0.0 --NotebookApp.token={token} --NotebookApp.base_url=/{base_path} --NotebookApp.port_retries=0", - "environment": [ - "VERSION=R2020b" - ], - "memLimit": "2048m", - "port": 8888, - "targetMount": "/home/jovyan/work", - "urlPath": "lab?token={token}", - "user": "jovyan" - }, - "icon": "https://upload.wikimedia.org/wikipedia/commons/thumb/2/21/Matlab_Logo.png/267px-Matlab_Logo.png", - "idleTimeout": 120, - "iframe": true, - "name": "MATLAB (Jupyter Kernel)", - "public": true - }, - { - "config": { - "buildpack": "MatlabBuildPack", - "command": "xpra start-desktop --bind-tcp=0.0.0.0:10000 --html=on --daemon=no --exit-with-children=no --start=xfce4-session", - "environment": [ - "VERSION=R2020b" - ], - "memLimit": "2048m", - "port": 10000, - "targetMount": "/home/jovyan/work", - "urlPath": "/", - "user": "jovyan" - }, - "icon": "https://upload.wikimedia.org/wikipedia/commons/thumb/2/21/Matlab_Logo.png/267px-Matlab_Logo.png", - "idleTimeout": 120, - "iframe": true, - "name": "MATLAB (Linux Desktop)", - "public": true - }, - { - "config": { - "buildpack": "OpenRefineBuildPack", - "memLimit": "2048m", - "port": 3333, - "targetMount": "/wholetale", - "urlPath": "", - "user": "wtuser" - }, - "icon": "https://raw.githubusercontent.com/whole-tale/openrefine/master/openrefine_logo.png", - "iframe": true, - "name": "OpenRefine", - "public": true - }, - { - "config": { - "buildpack": "RockerBuildPack", - "command": "/start.sh", - "environment": [ - "WT_ROCKER_VER=4.2", - "WT_RSTUDIO_URL=https://github.com/whole-tale/rstudio/releases/download/v1.4.1106-wt/rstudio-server-1.4.1106-bionic-amd64.deb", - "WT_RSTUDIO_MD5=1d2bbd588f9a3ac00580939d4812a7d1", - "PASSWORD=R994ULxH-YYQz^mH" - ], - "memLimit": "8196m", - "port": 8787, - "targetMount": "/WholeTale", - "urlPath": "", - "user": "rstudio" - }, - "icon": "https://www.rstudio.com/wp-content/uploads/2014/06/RStudio-Ball.png", - "iframe": true, - "name": "RStudio (R 4.2)", - "public": true - }, - { - "config": { - "buildpack": "RockerBuildPack", - "command": "/start.sh", - "environment": [ - "PASSWORD=djkslajdklasjdklsajd" - ], - "memLimit": "2048m", - "port": 8787, - "targetMount": "/WholeTale", - "urlPath": "", - "user": "rstudio" - }, - "icon": "https://www.rstudio.com/wp-content/uploads/2014/06/RStudio-Ball.png", - "iframe": true, - "name": "RStudio", - "public": true - }, - { - "config": { - "buildpack": "StataBuildPack", - "command": "xpra start-desktop --bind-tcp=0.0.0.0:10000 --html=on --daemon=no --exit-with-children=no --start=xfce4-session", - "environment": [ - "VERSION=16" - ], - "memLimit": "2048m", - "port": 10000, - "targetMount": "/home/jovyan/work", - "urlPath": "/", - "user": "jovyan" - }, - "icon": "https://raw.githubusercontent.com/whole-tale/stata-install/main/stata-square.png", - "iframe": true, - "name": "STATA (Desktop)", - "public": true - }, - { - "config": { - "buildpack": "StataBuildPack", - "command": "jupyter notebook --no-browser --port {port} --ip=0.0.0.0 --NotebookApp.token={token} --NotebookApp.base_url=/{base_path} --NotebookApp.port_retries=0", - "environment": [ - "VERSION=16" - ], - "memLimit": "2048m", - "port": 8888, - "targetMount": "/home/jovyan/work", - "urlPath": "lab?token={token}", - "user": "jovyan" - }, - "description": null, - "icon": "https://raw.githubusercontent.com/whole-tale/stata-install/main/stata-square.png", - "iframe": true, - "name": "STATA (Jupyter)", - "public": true - }, - { - "config": { - "buildpack": "JuliaProjectBuildPack", - "command": "jupyter notebook --no-browser --port {port} --ip=0.0.0.0 --NotebookApp.token={token} --NotebookApp.base_url=/{base_path} --NotebookApp.port_retries=0", - "memLimit": "2048m", - "port": 8888, - "targetMount": "/home/jovyan/work", - "urlPath": "lab?token={token}", - "user": "jovyan" - }, - "description": null, - "icon": "https://avatars.githubusercontent.com/u/743164?s=200&v=4", - "iframe": true, - "name": "Julia", + "name": "Jupyter Lab", "public": true } ] diff --git a/docker-stack.yml b/docker-stack.yml index 4102eb7..ee6d211 100644 --- a/docker-stack.yml +++ b/docker-stack.yml @@ -4,25 +4,68 @@ services: traefik: image: traefik:v2.4 ports: - - "80:80" - - "443:443" - - "8080:8080" + - target: 80 + published: 80 + protocol: tcp + mode: host + - target: 443 + published: 443 + protocol: tcp + mode: host + - target: 8080 + published: 8080 + protocol: tcp networks: - traefik-net volumes: - /var/run/docker.sock:/var/run/docker.sock - ./traefik:/etc/traefik - - ./traefik/acme:/acme + - ./traefik/certs/fullchain.pem:/cert.pem + - ./traefik/certs/privkey.pem:/key.pem deploy: replicas: 1 labels: - "traefik.enable=false" + placement: + constraints: + - "node.role == manager" environment: - - GODADDY_API_KEY=$WT_GODADDY_API_KEY - - GODADDY_API_SECRET=$WT_GODADDY_API_SECRET + - TRAEFIK_PROVIDERS_DOCKER_DEFAULTRULE="Host(`\{\{ trimPrefix `/` .Name \}\}.${domain}`)" + command: + - "--accesslog=true" + - "--accesslog.format=json" + - "--accesslog.filepath=/dev/stdout" + + minio: + image: minio/minio + env_file: ./minio.env + ports: + - 9000:9000 + volumes: + - ./volumes/minio:/data + networks: + - traefik-net + command: minio server /data --console-address ":9001" + deploy: + replicas: 0 + labels: + - "traefik.enable=true" + - "traefik.docker.network=wt_traefik-net" + - "traefik.http.routers.minio.rule=Host(`minio.${domain}`)" + - "traefik.http.routers.minio.entrypoints=websecure" + - "traefik.http.routers.minio.tls=true" + - "traefik.http.routers.minio.service=minio" + - "traefik.http.services.minio.loadbalancer.server.port=9000" + - "traefik.http.services.minio.loadbalancer.passhostheader=true" + - "traefik.http.routers.minio-console.rule=Host(`minio-console.${domain}`)" + - "traefik.http.routers.minio-console.entrypoints=websecure" + - "traefik.http.routers.minio-console.tls=true" + - "traefik.http.routers.minio-console.service=minio-console" + - "traefik.http.services.minio-console.loadbalancer.server.port=9001" + - "traefik.http.services.minio-console.loadbalancer.passhostheader=true" mongo: - image: mongo:3.6 + image: mongo:4.4 networks: - mongo volumes: @@ -34,20 +77,25 @@ services: - "traefik.enable=false" girder: - image: wholetale/girder:latest + image: xarthisius/girder:5-dev + # image: xarthisius/girder:test networks: - traefik-net - celery - mongo volumes: - - ./volumes:/tmp/data - - ./girder/girder.local.cfg:/girder/girder/conf/girder.local.cfg - - ./src/wholetale:/girder/plugins/wholetale - - ./src/wt_data_manager:/girder/plugins/wt_data_manager - - ./src/wt_home_dir:/girder/plugins/wt_home_dir - - ./src/wt_versioning:/girder/plugins/wt_versioning - - ./src/globus_handler:/girder/plugins/globus_handler - - ./src/virtual_resources:/girder/plugins/virtual_resources + - ./volumes:/srv/data + - ./workspace.yaml:/girder/workspace.yaml + - ./src/girder-virtual-resources:/girder-plugins/01-girder-virtual-resources + - ./src/girder-wholetale:/girder-plugins/02-girder-wholetale + - /home/xarth/codes/htmdec/sem_viewer:/girder-plugins/03-girder-sem-viewer + - /home/xarth/codes/htmdec/girder-sample-tracker:/girder-plugins/04-girder-sample-tracker + - /home/xarth/codes/wholetale-ng/girder-jsonforms:/girder-plugins/05-girder-jsonforms + - /home/xarth/codes/xarthisius/girder-dataflows:/girder-plugins/06-girder-dataflows + - /home/xarth/codes/htmdec/table_view:/girder-plugins/07-girder-table-view + # - ./src/minio_assetstore:/girder/plugins/minio_assetstore + # - ./src/synced_folders:/girder/plugins/synced_folders + # - ./src/item_previews:/girder/plugins/item_previews - ./src/gwvolman:/gwvolman - ./src/girderfs:/girderfs - /var/run/docker.sock:/var/run/docker.sock @@ -55,12 +103,18 @@ services: environment: - DOMAIN=${domain} - DASHBOARD_URL=https://dashboard.${domain} - - GOSU_USER=girder:girder:${docker_group} - - GOSU_CHOWN=/tmp/data + - GIRDER_MONGO_URI=mongodb://mongo:27017/girder + - GIRDER_HOST=0.0.0.0 + - GIRDER_WORKER_BROKER=redis://redis/ + - GIRDER_WORKER_BACKEND=redis://redis/ + - GOSU_USER=1001:1001:${docker_group} + - GOSU_CHOWN=/srv/data - DATAONE_URL=https://cn-stage-2.test.dataone.org/cn + - GIRDER_LOCAL_FONTELLO_ARCHIVE=/girder/clients/web/static/built/fontello.zip - HOSTDIR=/ extra_hosts: - "images.${domain}:host-gateway" + - "minio.${domain}:host-gateway" deploy: replicas: 1 labels: @@ -78,7 +132,7 @@ services: - "traefik.http.middlewares.girder.forwardauth.trustforwardheader=true" logger: - image: wholetale/instance_logger:latest + image: xarthisius/wt-instance-logger:latest networks: - celery volumes: @@ -98,7 +152,7 @@ services: - "traefik.enable=false" dashboard: - image: wholetale/ngx-dashboard:latest + image: xarthisius/wt-dashboard:latest networks: - traefik-net environment: @@ -114,14 +168,14 @@ services: - "traefik.http.routers.dashboard.rule=Host(`dashboard.${domain}`)" - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.services.dashboard.loadbalancer.server.port=80" + - "traefik.http.services.dashboard.loadbalancer.server.port=8080" - "traefik.http.services.dashboard.loadbalancer.passhostheader=true" - "traefik.docker.network=wt_traefik-net" volumes: - ./src/ngx-dashboard/dist/browser/:/usr/share/nginx/html/ instance-errors: - image: wholetale/custom-errors:latest + image: xarthisius/wt-custom-errors:latest networks: - traefik-net deploy: @@ -168,7 +222,7 @@ services: volumes: - ./registry:/var/lib/registry:ro deploy: - replicas: 1 + replicas: 0 labels: - "traefik.enable=true" - "traefik.http.routers.images.rule=Host(`images.${domain}`)" @@ -180,13 +234,13 @@ services: - "traefik.docker.network=wt_traefik-net" celery_worker: - image: wholetale/gwvolman + image: xarthisius/gwvolman:latest networks: - celery labels: - "traefik.enable=false" environment: - - GOSU_USER=wtuser:1000:${docker_group} + - GOSU_USER=ubuntu:1000:${docker_group} - DOMAIN=${domain} - DEV=true - REPO2DOCKER_VERSION=${r2d_version} @@ -200,6 +254,7 @@ services: - WT_VOLUMES_PATH=${PWD}/volumes - MATLAB_FILE_INSTALLATION_KEY=${matlab_file_installation_key} - SWARM_NODE_ID={{.Node.ID}} + - BUILDER_URL=https://builder.${domain} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./volumes/tmp:/tmp @@ -210,12 +265,103 @@ services: target: ${PWD}/volumes bind: propagation: rshared + extra_hosts: + - "registry.${domain}:host-gateway" + - "images.${domain}:host-gateway" + - "girder.${domain}:host-gateway" + - "builder.${domain}:host-gateway" deploy: mode: global labels: - "traefik.enable=true" command: -c 3 + postgresql: + image: postgres:11 + deploy: + replicas: 0 + networks: + - dagster + environment: + - POSTGRES_USER=postgres_user + - POSTGRES_PASSWORD=postgres_password + - POSTGRES_DB=postgres_db + + dagster_web: + image: xarthisius/dagster:latest + depends_on: + - postgresql + entrypoint: ["dagster-webserver", "-h", "0.0.0.0", "-p", "3000", "-w", "workspace.yaml"] + networks: + - traefik-net + - dagster + deploy: + replicas: 0 + labels: + - "traefik.enable=true" + - "traefik.http.routers.dagster.rule=Host(`dagster.${domain}`)" + - "traefik.http.routers.dagster.entrypoints=websecure" + - "traefik.http.routers.dagster.tls=true" + - "traefik.http.services.dagster.loadbalancer.server.port=3000" + - "traefik.http.services.dagster.loadbalancer.passhostheader=true" + - "traefik.docker.network=wt_traefik-net" + environment: + - DAGSTER_POSTGRES_USER=postgres_user + - DAGSTER_POSTGRES_PASSWORD=postgres_password + - DAGSTER_POSTGRES_DB=postgres_db + extra_hosts: + - "girder.${domain}:host-gateway" + volumes: + - ./workspace.yaml:/opt/dagster/dagster_home/workspace.yaml + - ./dagster.yaml:/opt/dagster/dagster_home/dagster.yaml + - /var/run/docker.sock:/var/run/docker.sock + - ./volumes/io_manager_storage:/tmp/io_manager_storage + + dagster_daemon: + image: xarthisius/dagster:latest + entrypoint: ["dagster-daemon", "run"] + environment: + - DAGSTER_POSTGRES_USER=postgres_user + - DAGSTER_POSTGRES_PASSWORD=postgres_password + - DAGSTER_POSTGRES_DB=postgres_db + volumes: + - ./workspace.yaml:/opt/dagster/dagster_home/workspace.yaml + - ./dagster.yaml:/opt/dagster/dagster_home/dagster.yaml + - /var/run/docker.sock:/var/run/docker.sock + - ./volumes/io_manager_storage:/tmp/io_manager_storage + extra_hosts: + - "girder.${domain}:host-gateway" + networks: + - dagster + deploy: + replicas: 0 + labels: + - "traefik.enable=false" + + remote_builder: + image: xarthisius/remote_builder:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + networks: + - traefik-net + environment: + - WEB_CONCURRENCY=2 + deploy: + replicas: 1 + labels: + - "traefik.enable=true" + - "traefik.http.routers.builder.rule=Host(`builder.${domain}`)" + - "traefik.http.routers.builder.entrypoints=websecure" + - "traefik.http.routers.builder.tls=true" + - "traefik.http.services.builder.loadbalancer.server.port=8000" + - "traefik.http.services.builder.loadbalancer.passhostheader=true" + - "traefik.docker.network=wt_traefik-net" + extra_hosts: + - "images.${domain}:host-gateway" + - "registry.${domain}:host-gateway" + - "girder.${domain}:host-gateway" + - "builder.${domain}:host-gateway" + networks: traefik-net: driver: overlay @@ -224,6 +370,9 @@ networks: celery: driver: overlay attachable: true + dagster: + driver: overlay + attachable: true volumes: mongo-data: {} diff --git a/fontello.zip b/fontello.zip new file mode 100644 index 0000000..fef0f58 Binary files /dev/null and b/fontello.zip differ diff --git a/girder/girder.local.cfg b/girder/girder.local.cfg index 0f73f1f..87e6d7d 100644 --- a/girder/girder.local.cfg +++ b/girder/girder.local.cfg @@ -2,6 +2,8 @@ server.socket_host = "0.0.0.0" server.socket_port = 8080 server.thread_pool = 100 +server.max_request_body_size = 0 +server.max_request_header_size = 0 tools.proxy.on = True [database] diff --git a/scripts/create_versioned_tale.py b/scripts/create_versioned_tale.py index 8c741b8..e4768d9 100644 --- a/scripts/create_versioned_tale.py +++ b/scripts/create_versioned_tale.py @@ -88,7 +88,7 @@ } ], "category": "science", - "config": {}, + "config": {"some_key": "some_value"}, "dataSet": dataset, "description": "Something something...", "imageId": image["_id"], @@ -126,7 +126,6 @@ tale.update({ "category": "rocket science", "config": {"foo": "bar"}, - "dataSet": [], "description": "A better description", "imageId": image["_id"], "title": "New better title", diff --git a/scripts/git_pull_master.sh b/scripts/git_pull_master.sh index 8a6ec4d..4bf4c8f 100755 --- a/scripts/git_pull_master.sh +++ b/scripts/git_pull_master.sh @@ -2,6 +2,7 @@ for dir in $(find src/ -maxdepth 1 -mindepth 1 -type d | sort) ; do \ pushd $dir &> /dev/null + echo "Updating ${dir}..." git checkout -- . &> /dev/null git checkout master &> /dev/null git pull origin master &> /dev/null diff --git a/scripts/git_whats_new.sh b/scripts/git_whats_new.sh new file mode 100755 index 0000000..8b49359 --- /dev/null +++ b/scripts/git_whats_new.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +for dir in $(find src/ -maxdepth 1 -mindepth 1 -type d | sort) ; do \ + pushd $dir &> /dev/null + echo "${dir} -" + git log --first-parent --oneline stable..master + popd &> /dev/null +done diff --git a/scripts/restore_dump.sh b/scripts/restore_dump.sh new file mode 100755 index 0000000..a0242d6 --- /dev/null +++ b/scripts/restore_dump.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Restore the dump from first argument to the database running in wt_mongo service + +# Check if the number of arguments is correct +if [ $# -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Check if the dump file exists +if [ ! -f $1 ]; then + echo "File $1 does not exist" + exit 1 +fi + +# copy dump file to container +docker cp $1 $(docker ps --filter=name=wt_mongo -q):/tmp + +# Restore the dump from /tmp +docker exec -i $(docker ps --filter=name=wt_mongo -q) mongorestore --gzip --drop --archive=/tmp/$1 diff --git a/setup_girder.py b/setup_girder.py index 61631dc..2c3764f 100755 --- a/setup_girder.py +++ b/setup_girder.py @@ -14,16 +14,17 @@ "admin": True, } headers = {"Content-Type": "application/json", "Accept": "application/json"} +domain = os.environ.get("domain", "local.xarthisius.xyz") def final_msg(): print("-------------- You should be all set!! -------------") - print("try going to https://girder.local.wholetale.org and log in with: ") + print(f"try going to https://girder.{domain} and log in with: ") print(" user : %s" % params["login"]) print(" pass : %s" % params["password"]) -api_url = "https://girder.local.wholetale.org/api/v1" +api_url = f"https://girder.{domain}/api/v1" # Give girder time to start while True: @@ -40,7 +41,6 @@ def final_msg(): print("If that is OK:") final_msg() sys.exit() - # Store token for future requests headers["Girder-Token"] = r.json()["authToken"]["token"] @@ -51,52 +51,16 @@ def final_msg(): params={ "type": 0, "name": "Base", - "root": "/tmp/data/base", + "root": "/srv/data/base", }, ) -print("Enabling plugins") -plugins = [ - "oauth", - "gravatar", - "jobs", - "worker", - "globus_handler", - "virtual_resources", - "wt_data_manager", - "wholetale", - "wt_home_dir", - "wt_versioning", -] -r = requests.put( - api_url + "/system/plugins", - headers=headers, - params={"plugins": json.dumps(plugins)}, -) -r.raise_for_status() - -print("Restarting girder to load plugins") -r = requests.put(api_url + "/system/restart", headers=headers) -r.raise_for_status() - -# Give girder time to restart -while True: - print("Waiting for Girder to restart") - r = requests.get( - api_url + "/oauth/provider", - headers=headers, - params={"redirect": "http://blah.com"}, - ) - if r.status_code == 200: - break - time.sleep(2) - print("Setting up Plugin") settings = [ { "key": "core.cors.allow_origin", - "value": "https://dashboard.local.wholetale.org,http://localhost:4200,https://legacy.local.wholetale.org", + "value": f"https://dashboard.{domain},http://localhost:4200,https://legacy.{domain}", }, { "key": "core.cors.allow_headers", @@ -107,11 +71,7 @@ def final_msg(): "X-Forwarded-Host, Remote-Addr, Cache-Control" ), }, - {"key": "core.cookie_domain", "value": ".local.wholetale.org"}, - {"key": "core.secure_cookie", "value": True}, - {"key": "worker.api_url", "value": "http://girder:8080/api/v1"}, - {"key": "worker.broker", "value": "redis://redis/"}, - {"key": "worker.backend", "value": "redis://redis/"}, + {"key": "core.cookie_domain", "value": f".{domain}"}, {"key": "oauth.globus_client_id", "value": os.environ.get("GLOBUS_CLIENT_ID")}, { "key": "oauth.globus_client_secret", @@ -123,20 +83,19 @@ def final_msg(): "value": os.environ.get("ORCID_CLIENT_SECRET"), }, {"key": "oauth.providers_enabled", "value": ["globus"]}, - {"key": "dm.globus_gc_dir", "value": "/opt/globusconnectpersonal"}, - { - "key": "wholetale.dataverse_extra_hosts", - "value": ["dev2.dataverse.org", "demo.dataverse.org"], - }, - { - "key": "wholetale.zenodo_extra_hosts", - "value": ["https://sandbox.zenodo.org/record/"] - }, - {"key": "dm.private_storage_path", "value": "/tmp/data/ps"}, - {"key": "wthome.homedir_root", "value": "/tmp/data/homes"}, - {"key": "wthome.taledir_root", "value": "/tmp/data/workspaces"}, - {"key": "wtversioning.runs_root", "value": "/tmp/data/runs"}, - {"key": "wtversioning.versions_root", "value": "/tmp/data/versions"}, + # {"key": "dm.globus_gc_dir", "value": "/opt/globusconnectpersonal"}, + # { + # "key": "wholetale.zenodo_extra_hosts", + # "value": ["https://sandbox.zenodo.org/record/"] + # }, + {"key": "dm.private_storage_path", "value": "/srv/data/ps"}, + {"key": "wholetale.homes_root", "value": "/srv/data/homes"}, + {"key": "wholetale.workspaces_root", "value": "/srv/data/workspaces"}, + {"key": "wholetale.runs_root", "value": "/srv/data/runs"}, + {"key": "wholetale.versions_root", "value": "/srv/data/versions"}, + {"key": "wholetale.dashboard_link_title", "value": "Tale Dashboard"}, + {"key": "wholetale.catalog_link_title", "value": "Data Catalog"}, + {"key": "wholetale.enable_data_catalog", "value": True}, ] r = requests.put( @@ -159,7 +118,7 @@ def final_msg(): r = requests.post(api_url + "/image", headers=headers, params=image) r.raise_for_status() -print("Restarting girder to update WebDav roots") -r = requests.put(api_url + "/system/restart", headers=headers) -r.raise_for_status() +# print("Restarting girder to update WebDav roots") +# r = requests.put(api_url + "/system/restart", headers=headers) +# r.raise_for_status() final_msg() diff --git a/traefik/certs/dev.crt b/traefik/certs/dev.crt deleted file mode 100644 index ede986a..0000000 --- a/traefik/certs/dev.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFpzCCA4+gAwIBAgIJAJod/FJtDZJnMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJJTDEPMA0GA1UEBwwGVXJiYW5hMRMwEQYDVQQKDApX -aG9sZSBUYWxlMQ0wCwYDVQQLDAROQ1NBMRkwFwYDVQQDDBByZWdpc3RyeS52Y2Fw -Lm1lMB4XDTE4MDkyMDE5NDExN1oXDTE5MDkyMDE5NDExN1owajELMAkGA1UEBhMC -VVMxCzAJBgNVBAgMAklMMQ8wDQYDVQQHDAZVcmJhbmExEzARBgNVBAoMCldob2xl -IFRhbGUxDTALBgNVBAsMBE5DU0ExGTAXBgNVBAMMEHJlZ2lzdHJ5LnZjYXAubWUw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDiiDSo1o0r0w8dYzkXR0Qt -TgAJLDKFOGXlSaPmhLS1zbX3MLULOLmYdoFAPPrKf+w1RdTJppLqZ7BSE1Xb9OIi -qpIUsUT+0LP3hsnoflPhtoAFSKSDfV2vUtWvyR7iqoBwIBthEvUpge8PZFNS577/ -0CCYJYcYI8U9GXBzHCaWmFOAv0lSb6MjXCjxejyDVq1BsFdEIyf4cUwANdAq3MCR -ac72jgAq8KMpWX9pbaNogbEO2BCpHjuNz5gKkJ9pgQAsKyzAPeI/7c6WvlLUMj9Z -eKEosovi/3NReuvq0RB9FfpTwK1eXEi+W+6VFaqBQyZhM92RDt1BwRdB+f0bPsTd -dbbnOzzCpgHYrovLeT89/uLLuGr4/gKwKCBVAHwG2sBCvusFOX5RArAf9sirHtex -RAmUa5ImP55nuXO9gHgKdmb5HmN9s/2X6ZitCgPhKg0BqPz1DNj/fIBJncVEatTr -KW+wLc2QV9TyPO1sIYLSxIQGMVCovco1J++O//FAwGGA+cW56zHlXu3pJisl79w+ -759xLPxKhdisIlKKpJGpF/pXVJTAED2cZdXJz5bTtCW0UBlq3a9FAQY3b13Tus7M -EyIptakmILqKqkpOwgQzoIoinb42X1QzLydEOhhxUagCHJ2ccfNqIocMucrbr4XX -a3OG85zPgM41PnvU2j8RvQIDAQABo1AwTjAdBgNVHQ4EFgQUMzv7YOSlAm1Tq/6y -ruAo85uLab4wHwYDVR0jBBgwFoAUMzv7YOSlAm1Tq/6yruAo85uLab4wDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAzseXV2ta1f0qg4RW4nTvnSEXgT6S -f2HKby5vrm+dp93Fn0x1CEW40K85pHLSP9r2JfQa8kyrmYkBym1ooB95aWFRh7ie -1ygOr2Yv4IRtsJLCNlY8qAphXxv4GgDk4V3fYf9IR07QjHlMXRJRRJ1CNA38V1vT -ZDn6kPsQiCS84Iiy+m19rpnLKm3CDpmrP49iAaYHBYF50lCSAzEef5ZVuNqAgPk6 -0EhGa0h0XTJo6Alco0mw/NzAbMv9SJlzj8lYx1eIWqDRghbG58kG5fKT7ar3bWqo -UtdAMjy9NgVG6wkNXQYQnaV+syu/hHgbI/rCe/LXvz91zfy0jVPe+V519R1T6QcD -oxRuAIyFO5uTAM63QH5WNq6xrzdmkjK9WJKgRIY0AQqS6btTvKSZ51l4BnQzD2E5 -rqAeTfYgTKisfoTyGG31jhQsc1S6e4qEveixPHR1gumCaaWo9OggpZOGn1K8gwXy -1uDicy37P4UDoufr3LlcOWq37D48twyhGSUm5DwZUiIL2bS+xYyTiOsN5HaCNhFY -ish/DuOi4xobXUUUHevOKrLb25DhYjUgpKU0zbGrHU6OMeeHs50tHTq+HkfWZ2BF -y3ro2HZ+2XXl8fHjYGuTEUTxfLY85Lv4VRVW1o8G/T4csiM24oGr6xQc757YsOcS -pIH9JFYKyxlW8Us= ------END CERTIFICATE----- diff --git a/traefik/certs/dev.key b/traefik/certs/dev.key deleted file mode 100644 index d4d497f..0000000 --- a/traefik/certs/dev.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDiiDSo1o0r0w8d -YzkXR0QtTgAJLDKFOGXlSaPmhLS1zbX3MLULOLmYdoFAPPrKf+w1RdTJppLqZ7BS -E1Xb9OIiqpIUsUT+0LP3hsnoflPhtoAFSKSDfV2vUtWvyR7iqoBwIBthEvUpge8P -ZFNS577/0CCYJYcYI8U9GXBzHCaWmFOAv0lSb6MjXCjxejyDVq1BsFdEIyf4cUwA -NdAq3MCRac72jgAq8KMpWX9pbaNogbEO2BCpHjuNz5gKkJ9pgQAsKyzAPeI/7c6W -vlLUMj9ZeKEosovi/3NReuvq0RB9FfpTwK1eXEi+W+6VFaqBQyZhM92RDt1BwRdB -+f0bPsTddbbnOzzCpgHYrovLeT89/uLLuGr4/gKwKCBVAHwG2sBCvusFOX5RArAf -9sirHtexRAmUa5ImP55nuXO9gHgKdmb5HmN9s/2X6ZitCgPhKg0BqPz1DNj/fIBJ -ncVEatTrKW+wLc2QV9TyPO1sIYLSxIQGMVCovco1J++O//FAwGGA+cW56zHlXu3p -Jisl79w+759xLPxKhdisIlKKpJGpF/pXVJTAED2cZdXJz5bTtCW0UBlq3a9FAQY3 -b13Tus7MEyIptakmILqKqkpOwgQzoIoinb42X1QzLydEOhhxUagCHJ2ccfNqIocM -ucrbr4XXa3OG85zPgM41PnvU2j8RvQIDAQABAoICAQCotRfCxkbM5JrVIBhcpc64 -juan7iqR3LbGVFmkTCDpZRKnzbaHbO+MBHWuCbwdI7ge1Krsowm3WRGPjqba8T2Y -4793ea4QuA3PwqqMY8jEyM3/IWKkKrGi6OYLzJUb6i9NUhwR57R9/S61H9qOW9l7 -Wt1rckdySvGR12hP0h9K+Jb3w34vzsSIiRJVBNwcVGkkCthy/lu+Q2J+pZUq1szz -fwGLzaWCVUSufuDM+8I/Cpd6np+J0+I2cuygsaSHRnOCcYUahvwA8HJzAbteHS3g -zF35mT9lByoy/IDGmHzXK48K4Ow84i2q13yPu1sIeaITsjTI23Ecj1lq4WsG53Bk -t216lkwnO5IaLKhqgRQZ3+jJwy8PcWf3pSfEUlqmPI4qkcb3ATdIjGnN2uN6SU6t -SgkyxD+VwYJjJZmJ9ddex67h3uA8gJsM/+z0Jj78OKJmpGeV+SYRaYvU/avAKIDG -0C11LfRpFW6sKa8QD4/aq7oz5bjLyVqvX+thGns3hz0reypBvZIrfpCKRI6TWN38 -RAi90Yux/dPqXasrqhlX1j+JhD+4pVCkkjpAMQfPoE6faDhfCfoIcShb/HbPFPMu -74de2ZzCJwfaxXgzDCm/e2MZunKz6UuVPFFCI12KWDhqfxGg+pop4aAAASGVYOv3 -KYlUJJ9VPhxT0PCQGZAyAQKCAQEA+J/w9+xJN7gHPyzdJxPa4Y3paMDCUWg1s+bC -lxzcB7q9JU3gL3GrD3Zp5gitIr5m6vLMEzLUefH5sZ/0+lxNNmNZKam7iHylNn8Q -fsloiQq3b6KD39bg5/9dDRD54KHHZd2fylEdffOU1WH8GsY1GI8sgJvlJZl44KtN -QpdUqQdcUIDk+9hrfkcEwQiH2yqc5wTXg7UVWEGmpA3xFUToA5YpFmsQiAGml+7d -tZB/WV3QG/+R7CDL5AcE5DSdeQKfSbNZi9SnMiAL8aKAkBggIkdBYKBcqXtfVHYR -frgbsP9ugJvhTCvTj9RAnn+C4FCxSnlnrkLkuF4uhSVZ0df+DQKCAQEA6UB9/B1A -9CKDWnYDdg2JsnHT8J7UG2G+ETObFhX8QKQNd8koL3HuZW3bIj2NYU1UHvtbeLYf -9aIqxKqJ4V13hFZ9A8dAghH5u7vPDB02P+uCX4vmnnKkxXGdwYAP22NbEAq2vlJo -0BrXl1IRlLBky/JVrvYL4YDKvbTJ/v8cCfvtkMahnk24uvNMLZ4F+kB7IDOJM2dU -rqu/tHOhYPMIahPeqoo18lhbgEgW98j65QHh0V6VFNbtCG6d+o0PFpvGOLh2R3oi -rvBrmfeHAeT3OhqnrpiXz8f3muDfitRzY6I58V/ZCwjQH2xr1/tLXnQBTP2os6WP -04yB2ZUUeHomcQKCAQEAmGn0XwgLGo1GZAQszvftBrjojb8dYKpxwYeFYv3eJR7l -NSk4dd1I8IG3Cb3n5ZSzovSVBm/ysY8Vcz6L/6715pGg51mWDWXcIjxi8FaoLtrS -+Sy3i1E/LvntIUV26a5Dfr8OZgiz+7KHWwhmdENt6VBcB7uKDjK3V4OsKVZ8H+LT -RMa/mWRjAVaoI24HWuQUq8rcE3G/VAtrDMc/M7q6QPic15Fq4PWiGyHj6Jpcd3x7 -R6601fyFAZUL+poGr1hcLeI00vPaS3A54jeseKlRibIE8idcpslq92wp7XUQBMGS -DGWDCB8V4uZLdt7UbI8LIIyscrevXxbdjeIH3gx7QQKCAQBR+RBNohpJsjdne0IM -IwXZaJeLYMY6OUeK1BAU2vUj4oO5LUCqK+gUTV9N0UP2hi6iFMQ40Ai7UpqlMynx -wd9W6u5UfZn2HEsf5wkEwN9n52SSH6CU3sV5fkxqzI7GE0zVfm5qxJuBR22tCHKV -RsilxCzIqD/UqGaX9QloTE+WUqtSzfvOnpHlYcvL3FVNdYvP7UyyfAYOvN1KlbiJ -UeALJ6CBXsFGwjamBq/LtR43jUnHQu4xvLbg1789ZoV+9I/dLzaiOBIoWOX33j3c -NJOOH//+JDJ2G1ixXYYyTCehREoIwh6M+jPqVzgvV2lNcIdkf2DigbTiK+cWiIYB -MSyBAoIBAQDZNNtC+tu6nAB2A+zEwHGYIrfAOWOkmMXQjBtWq226ZP0D1eBHtCW3 -es6zHowjSJTnc+7rkyR5aWGau1KK/XtG2hhSswVnQtvSwr1VDJFUjI8nD8cgrVht -FIYiUx67PGy7F49W6ltpPHjDd2Kl9To5sb2/2NbPkIEopsCcd3BwiOTwy7Kd9HUk -4wcPANkuYrsLYN+WZosSXsfCIm4sJDGTUdBdIVsWaTiiCg8RM3S7PMrv3j7UEWIh -wo6AgyM6W8RYWF2BMyV9HFbG/NGfnt+/jx0GigwnuFgtvKOnOa7J9PaLX/IaNkLl -3GC1TRDc2KXDEf1t/S1Jchdc0g0VKjeg ------END PRIVATE KEY----- diff --git a/traefik/dynamic/certs-traefik.yml b/traefik/dynamic/certs-traefik.yml new file mode 100644 index 0000000..0c66579 --- /dev/null +++ b/traefik/dynamic/certs-traefik.yml @@ -0,0 +1,4 @@ +tls: + certificates: + - certFile: /cert.pem + keyFile: /key.pem diff --git a/traefik/vocab.toml b/traefik/dynamic/vocab.toml similarity index 65% rename from traefik/vocab.toml rename to traefik/dynamic/vocab.toml index 7f634cc..b4d654a 100644 --- a/traefik/vocab.toml +++ b/traefik/dynamic/vocab.toml @@ -1,7 +1,7 @@ [http] [http.routers] [http.routers.vocabularies] - rule="Host(`vocabularies.local.wholetale.org`)" + rule='Host(`vocabularies.{{ env "DOMAIN" }}`)' service="vocabularies" entryPoints=["web", "websecure"] middlewares=["repo-prefix"] @@ -17,3 +17,13 @@ passHostHeader = false [[http.services.vocabularies.loadBalancer.servers]] url="https://whole-tale.github.io/" + +[[tls.certificates]] + certFile = "/cert.pem" + keyFile = "/privkey.pem" + +[tls.stores] + [tls.stores.default] + [tls.stores.default.defaultCertificate] + certFile = "/cert.pem" + keyFile = "/privkey.pem" diff --git a/traefik/traefik.toml b/traefik/traefik.toml index 172af10..89b7c31 100644 --- a/traefik/traefik.toml +++ b/traefik/traefik.toml @@ -19,11 +19,12 @@ swarmMode = true swarmModeRefreshSeconds = "15s" httpClientTimeout = "0s" - defaultRule = "Host(`{{ trimPrefix `/` .Name }}.local.wholetale.org`)" + # defaultRule = Host(`{{ trimPrefix `/` .Name }}.{{ env "DOMAIN" }}`) [providers.file] - filename="/etc/traefik/vocab.toml" + directory="/etc/traefik/dynamic" watch=true + [tls.options] [tls.options.default] minVersion = "VersionTLS10" @@ -60,13 +61,3 @@ Authorization = "drop" Content-Type = "keep" User-Agent = "redact" - -[certificatesResolvers] - [certificatesResolvers.default] - [certificatesResolvers.default.acme] - email = "bgates@microsoft.com" - storage = "/acme/acme.json" - [certificatesResolvers.default.acme.dnsChallenge] - provider = "godaddy" - delayBeforeCheck = "30m0s" - #entryPoint = "https" diff --git a/workspace.yaml b/workspace.yaml new file mode 100644 index 0000000..4bea6b1 --- /dev/null +++ b/workspace.yaml @@ -0,0 +1 @@ +load_from: []