Merge pull request #5999 from FinnStutzenstein/prod
OS4 productive setup changes
This commit is contained in:
commit
2c4c33dac1
4
.gitignore
vendored
4
.gitignore
vendored
@ -17,6 +17,8 @@ dev-commands/export.json
|
|||||||
# Deployment
|
# Deployment
|
||||||
/docker/docker-compose.yml
|
/docker/docker-compose.yml
|
||||||
/docker/docker-stack.yml
|
/docker/docker-stack.yml
|
||||||
|
/docker/secrets/auth_*_key
|
||||||
|
docker/secrets/*.env
|
||||||
|
|
||||||
# Old OS3 files and folders
|
# Old OS3 files and folders
|
||||||
.coverage
|
.coverage
|
||||||
@ -36,7 +38,5 @@ tests
|
|||||||
.vscode/
|
.vscode/
|
||||||
package-lock.json
|
package-lock.json
|
||||||
server/
|
server/
|
||||||
docker/keys
|
|
||||||
docker/secrets/*.env
|
|
||||||
# OS3+-Submodules
|
# OS3+-Submodules
|
||||||
/autoupdate/
|
/autoupdate/
|
||||||
|
@ -22,6 +22,10 @@ DOCKER_OPENSLIDES_BACKEND_TAG=
|
|||||||
DOCKER_OPENSLIDES_FRONTEND_NAME=
|
DOCKER_OPENSLIDES_FRONTEND_NAME=
|
||||||
DOCKER_OPENSLIDES_FRONTEND_TAG=
|
DOCKER_OPENSLIDES_FRONTEND_TAG=
|
||||||
|
|
||||||
|
# Configuration
|
||||||
|
# -------------
|
||||||
|
ENABLE_ELECTRONIC_VOTING=
|
||||||
|
|
||||||
# Service Replication
|
# Service Replication
|
||||||
# -------------------
|
# -------------------
|
||||||
# TODO!!
|
# TODO!!
|
||||||
|
@ -91,12 +91,12 @@ services:
|
|||||||
- datastore-reader
|
- datastore-reader
|
||||||
- datastore-writer
|
- datastore-writer
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
environment:
|
|
||||||
- AUTH_TOKEN_KEY=test123
|
|
||||||
- AUTH_COOKIE_KEY=test123
|
|
||||||
networks:
|
networks:
|
||||||
- frontend
|
- frontend
|
||||||
- backend
|
- backend
|
||||||
|
secrets:
|
||||||
|
- auth_token_key
|
||||||
|
- auth_cookie_key
|
||||||
|
|
||||||
datastore-reader:
|
datastore-reader:
|
||||||
image: DATASTORE_READER_IMAGE
|
image: DATASTORE_READER_IMAGE
|
||||||
@ -141,13 +141,13 @@ services:
|
|||||||
- datastore-reader
|
- datastore-reader
|
||||||
- message-bus
|
- message-bus
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
environment:
|
|
||||||
- AUTH_KEY_TOKEN=test123
|
|
||||||
- AUTH_KEY_COOKIE=test123
|
|
||||||
networks:
|
networks:
|
||||||
- frontend
|
- frontend
|
||||||
- backend
|
- backend
|
||||||
- message-bus
|
- message-bus
|
||||||
|
secrets:
|
||||||
|
- auth_token_key
|
||||||
|
- auth_cookie_key
|
||||||
|
|
||||||
auth:
|
auth:
|
||||||
image: AUTH_IMAGE
|
image: AUTH_IMAGE
|
||||||
@ -156,14 +156,14 @@ services:
|
|||||||
- message-bus
|
- message-bus
|
||||||
- cache
|
- cache
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
environment:
|
|
||||||
- AUTH_TOKEN_KEY=test123
|
|
||||||
- AUTH_COOKIE_KEY=test123
|
|
||||||
networks:
|
networks:
|
||||||
- datastore-reader
|
- datastore-reader
|
||||||
- frontend
|
- frontend
|
||||||
- message-bus
|
- message-bus
|
||||||
- auth
|
- auth
|
||||||
|
secrets:
|
||||||
|
- auth_token_key
|
||||||
|
- auth_cookie_key
|
||||||
|
|
||||||
cache:
|
cache:
|
||||||
image: redis:latest
|
image: redis:latest
|
||||||
@ -196,14 +196,22 @@ services:
|
|||||||
- backend
|
- backend
|
||||||
- auth
|
- auth
|
||||||
|
|
||||||
|
# TODO: Remove depenencies to auth and datastore in "depends_on" and "networks"
|
||||||
|
# Should be doable when the manage service is fixed
|
||||||
manage-setup:
|
manage-setup:
|
||||||
image: MANAGE_IMAGE
|
image: MANAGE_IMAGE
|
||||||
entrypoint: /root/entrypoint-setup
|
entrypoint: /root/entrypoint-setup
|
||||||
depends_on:
|
depends_on:
|
||||||
- manage
|
- manage
|
||||||
|
- auth
|
||||||
|
- datastore-writer
|
||||||
|
- datastore-reader
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
|
environment:
|
||||||
|
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
|
- auth
|
||||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
||||||
- admin)
|
- admin)
|
||||||
|
|
||||||
@ -233,6 +241,10 @@ networks:
|
|||||||
auth:
|
auth:
|
||||||
internal: true
|
internal: true
|
||||||
|
|
||||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
secrets:
|
||||||
admin:
|
auth_token_key:
|
||||||
|
file: ./secrets/auth_token_key
|
||||||
|
auth_cookie_key:
|
||||||
|
file: ./secrets/auth_cookie_key
|
||||||
|
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
|
||||||
file: ./secrets/admin.env)
|
file: ./secrets/admin.env)
|
||||||
|
@ -89,9 +89,6 @@ services:
|
|||||||
backend:
|
backend:
|
||||||
image: BACKEND_IMAGE
|
image: BACKEND_IMAGE
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
environment:
|
|
||||||
- AUTH_TOKEN_KEY=test123
|
|
||||||
- AUTH_COOKIE_KEY=test123
|
|
||||||
networks:
|
networks:
|
||||||
- frontend
|
- frontend
|
||||||
- backend
|
- backend
|
||||||
@ -100,6 +97,9 @@ services:
|
|||||||
condition: on-failure
|
condition: on-failure
|
||||||
delay: 5s
|
delay: 5s
|
||||||
replicas: ifenvelse(`OPENSLIDES_BACKEND_REPLICAS', 1)
|
replicas: ifenvelse(`OPENSLIDES_BACKEND_REPLICAS', 1)
|
||||||
|
secrets:
|
||||||
|
- auth_token_key
|
||||||
|
- auth_cookie_key
|
||||||
|
|
||||||
datastore-reader:
|
datastore-reader:
|
||||||
image: DATASTORE_READER_IMAGE
|
image: DATASTORE_READER_IMAGE
|
||||||
@ -149,9 +149,6 @@ services:
|
|||||||
autoupdate:
|
autoupdate:
|
||||||
image: AUTOUPDATE_IMAGE
|
image: AUTOUPDATE_IMAGE
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
environment:
|
|
||||||
- AUTH_KEY_TOKEN=test123
|
|
||||||
- AUTH_KEY_COOKIE=test123
|
|
||||||
networks:
|
networks:
|
||||||
- frontend
|
- frontend
|
||||||
- backend
|
- backend
|
||||||
@ -161,13 +158,13 @@ services:
|
|||||||
condition: on-failure
|
condition: on-failure
|
||||||
delay: 5s
|
delay: 5s
|
||||||
replicas: ifenvelse(`OPENSLIDES_AUTOUPDATE_REPLICAS', 1)
|
replicas: ifenvelse(`OPENSLIDES_AUTOUPDATE_REPLICAS', 1)
|
||||||
|
secrets:
|
||||||
|
- auth_token_key
|
||||||
|
- auth_cookie_key
|
||||||
|
|
||||||
auth:
|
auth:
|
||||||
image: AUTH_IMAGE
|
image: AUTH_IMAGE
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
environment:
|
|
||||||
- AUTH_TOKEN_KEY=test123
|
|
||||||
- AUTH_COOKIE_KEY=test123
|
|
||||||
networks:
|
networks:
|
||||||
- datastore-reader
|
- datastore-reader
|
||||||
- frontend
|
- frontend
|
||||||
@ -178,6 +175,9 @@ services:
|
|||||||
condition: on-failure
|
condition: on-failure
|
||||||
delay: 5s
|
delay: 5s
|
||||||
replicas: ifenvelse(`OPENSLIDES_AUTH_REPLICAS', 1)
|
replicas: ifenvelse(`OPENSLIDES_AUTH_REPLICAS', 1)
|
||||||
|
secrets:
|
||||||
|
- auth_token_key
|
||||||
|
- auth_cookie_key
|
||||||
|
|
||||||
cache:
|
cache:
|
||||||
image: redis:latest
|
image: redis:latest
|
||||||
@ -221,12 +221,17 @@ services:
|
|||||||
condition: on-failure
|
condition: on-failure
|
||||||
delay: 5s
|
delay: 5s
|
||||||
|
|
||||||
|
# TODO: Remove depenency to auth in "networks"
|
||||||
|
# Should be doable when the manage service is fixed
|
||||||
manage-setup:
|
manage-setup:
|
||||||
image: MANAGE_IMAGE
|
image: MANAGE_IMAGE
|
||||||
entrypoint: /root/entrypoint-setup
|
entrypoint: /root/entrypoint-setup
|
||||||
env_file: services.env
|
env_file: services.env
|
||||||
|
environment:
|
||||||
|
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
|
- auth
|
||||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
||||||
- admin)
|
- admin)
|
||||||
deploy:
|
deploy:
|
||||||
@ -273,6 +278,10 @@ networks:
|
|||||||
encrypted: ""
|
encrypted: ""
|
||||||
internal: true
|
internal: true
|
||||||
|
|
||||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
secrets:
|
||||||
admin:
|
auth_token_key:
|
||||||
|
file: ./secrets/auth_token_key
|
||||||
|
auth_cookie_key:
|
||||||
|
file: ./secrets/auth_cookie_key
|
||||||
|
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
|
||||||
file: ./secrets/admin.env)
|
file: ./secrets/admin.env)
|
||||||
|
@ -1,11 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Create keys for auth, if they do not exist
|
# Create keys for auth, if they do not exist
|
||||||
if [ ! -d keys ]; then
|
if [ ! -f secrets/auth_token_key ]; then
|
||||||
mkdir keys
|
tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_token_key
|
||||||
|
fi
|
||||||
ssh-keygen -f keys/rsa-token.key -t rsa -b 2048 -P ""
|
if [ ! -f secrets/auth_cookie_key ]; then
|
||||||
ssh-keygen -f keys/rsa-cookie.key -t rsa -b 2048 -P ""
|
tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_cookie_key
|
||||||
fi
|
fi
|
||||||
|
|
||||||
( set -a; source .env; m4 docker-compose.yml.m4 ) > docker-compose.yml
|
( set -a; source .env; m4 docker-compose.yml.m4 ) > docker-compose.yml
|
||||||
|
( set -a; source .env; m4 docker-stack.yml.m4 ) > docker-stack.yml
|
||||||
|
@ -1 +1 @@
|
|||||||
Subproject commit ed9875e56911d709a103bbb912646d245ff1ae44
|
Subproject commit edfb247a2398ae69dd5c0ff44e7cdf692b7c1b80
|
@ -1 +1 @@
|
|||||||
Subproject commit d284650811d2ae0bb512c4db268952862b5722b4
|
Subproject commit 431bcf22c9a37c84c93f1aed292b77547854078b
|
@ -1 +1 @@
|
|||||||
Subproject commit a24b735b482be4ff5f5425f2e92dd85f805f353d
|
Subproject commit fffc152f79d3446591e07a6913d9fdf30b46f577
|
@ -1 +1 @@
|
|||||||
Subproject commit 5b17e162c477e3d19b59b2dcfcf307538e5ce90b
|
Subproject commit e8e2d287fb84192db0dbf78e7ebdfac6a33fcaa7
|
@ -1 +1 @@
|
|||||||
Subproject commit df61ded339c1cb07e46876d4e463c5f9812d25cc
|
Subproject commit 6ab94da8debbd0367a34f173ccc1ddee5a701863
|
@ -1 +1 @@
|
|||||||
Subproject commit c33b68b0c701f7fc503096c1d89d6c82e5a50232
|
Subproject commit e5e2313cadd4827a07af97259bfafd4e8ee7b066
|
Loading…
Reference in New Issue
Block a user