From 8d2c481569d8fe900425da9d4b33e3843bc18319 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Wed, 24 Apr 2024 20:44:41 +0200 Subject: [PATCH 01/11] Frontend node: Use netork mode host with dockerhost2 --- manifests/app_type.pp | 3 +++ templates/application/config.php.erb | 4 ++++ templates/application/docker-compose_nextcloud.yml.erb | 5 +++++ templates/proxysql/docker-compose_proxysql.yml.erb | 7 +++++++ 4 files changed, 19 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index e3ae1ec..f25ded7 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -60,6 +60,9 @@ define sunetdrive::app_type ( } else { $php_memory_limit_mb = 512 } + if $::facts['dockerhost2'] == 'yes' { + $hostnet = 'yes' + } # These are encrypted values from local.eyaml diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index 1ded59e..738e4c9 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -25,7 +25,11 @@ $CONFIG = array ( 'csrf.disabled' => true, 'datadirectory' => '/var/www/html/data', 'davstorage.request_timeout' => 86401, +<%- if @hostnet -%> + 'dbhost' => '127.0.0.1', +<%- else -%> 'dbhost' => '<%= @dbhost %>', +<%- end -%> 'dbname' => '<%= @dbname %>', 'dbpassword' => '<%= @mysql_user_password %>', 'dbport' => '3306', diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index d46b4e2..33c7572 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -6,6 +6,9 @@ services: image: docker.sunet.se/drive/nextcloud-custom:<%= @nextcloud_version %> restart: always container_name: nextcloud_app_1 +<%- if @hostnet -%> + network_mode: host +<%- end -%> environment: - NC_PASS=<%= @admin_password%> volumes: @@ -28,9 +31,11 @@ services: <% if @location =~ /^kau/ -%> - /mnt:/opt/tmp/ <%- end -%> +<%- if ! @hostnet -%> networks: - default - proxysql_proxysql +<%- end -%> dns: - 89.46.20.75 - 89.46.21.29 diff --git a/templates/proxysql/docker-compose_proxysql.yml.erb b/templates/proxysql/docker-compose_proxysql.yml.erb index 42ac263..30b5571 100644 --- a/templates/proxysql/docker-compose_proxysql.yml.erb +++ b/templates/proxysql/docker-compose_proxysql.yml.erb @@ -5,6 +5,9 @@ services: proxysql: image: docker.sunet.se/drive/proxysql:<%= @proxysql_version %> container_name: proxysql_proxysql_1 +<%- if @hostnet -%> + network_mode: host +<%- end -%> ports: - 3306:3306 - 6032:6032 @@ -15,8 +18,10 @@ services: - 89.46.20.75 - 89.46.21.29 - 89.32.32.32 +<%- if ! @hostnet -%> networks: - proxysql +<%- end -%> restart: unless-stopped volumes: - proxysql:/var/lib/proxysql @@ -26,6 +31,8 @@ services: volumes: proxysql: +<%- if @hostnet -%> networks: proxysql: driver: bridge +<%- end -%> From d5c6b9a5fd72cf9d4edeaa012f5f7106d382e591 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Wed, 24 Apr 2024 20:52:26 +0200 Subject: [PATCH 02/11] proxysql: Do not create docker network with network_mode: host --- templates/proxysql/docker-compose_proxysql.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/proxysql/docker-compose_proxysql.yml.erb b/templates/proxysql/docker-compose_proxysql.yml.erb index 30b5571..7c39583 100644 --- a/templates/proxysql/docker-compose_proxysql.yml.erb +++ b/templates/proxysql/docker-compose_proxysql.yml.erb @@ -31,7 +31,7 @@ services: volumes: proxysql: -<%- if @hostnet -%> +<%- if ! @hostnet -%> networks: proxysql: driver: bridge From c774d677453a86c82feb51f527ea24c73babf7ec Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Wed, 24 Apr 2024 21:32:25 +0200 Subject: [PATCH 03/11] App and proxysql: Fixes for network_type: host --- manifests/proxysql.pp | 3 +++ templates/application/docker-compose_nextcloud.yml.erb | 4 ++++ templates/proxysql/docker-compose_proxysql.yml.erb | 7 ++++--- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index 1c2b7fb..fc45669 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -26,6 +26,9 @@ class sunetdrive::proxysql ( $mysql_user = safe_hiera('mysql_user') $transaction_persistent = 1 + if $::facts['dockerhost2'] == 'yes' { + $hostnet = 'yes' + } file { '/usr/local/bin/proxysql': ensure => file, diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 33c7572..054ebe5 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -40,11 +40,15 @@ services: - 89.46.20.75 - 89.46.21.29 - 89.32.32.32 +<%- if !@hostnet -%> ports: - 443:443 +<%- end -%> command: sh -c 'tail -f /var/www/html/data/nextcloud.log | tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true +<%- if !@hostnet -%> networks: proxysql_proxysql: external: true +<%- end -%> diff --git a/templates/proxysql/docker-compose_proxysql.yml.erb b/templates/proxysql/docker-compose_proxysql.yml.erb index 7c39583..6159526 100644 --- a/templates/proxysql/docker-compose_proxysql.yml.erb +++ b/templates/proxysql/docker-compose_proxysql.yml.erb @@ -7,18 +7,19 @@ services: container_name: proxysql_proxysql_1 <%- if @hostnet -%> network_mode: host -<%- end -%> +<%- else -%> ports: - 3306:3306 - 6032:6032 - 6080:6080 +<%- end -%> environment: INITIALIZE: 1 dns: - 89.46.20.75 - 89.46.21.29 - 89.32.32.32 -<%- if ! @hostnet -%> +<%- if !@hostnet -%> networks: - proxysql <%- end -%> @@ -31,7 +32,7 @@ services: volumes: proxysql: -<%- if ! @hostnet -%> +<%- if !@hostnet -%> networks: proxysql: driver: bridge From a16c9d68e89c7a648ff49cbe12f928928a5d5898 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Wed, 8 May 2024 13:31:22 +0200 Subject: [PATCH 04/11] Disable MultipartCopy with user bucket and restore scripts and primary bucket. --- templates/application/config.php.erb | 1 + templates/scriptreceiver/create_bucket.erb.sh | 2 +- templates/scriptreceiver/create_bucket_without_question.sh | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index 738e4c9..c6429a6 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -97,6 +97,7 @@ $CONFIG = array ( 'region' => 'us-east-1', 'hostname' => '<%= @s3_host %>', 'port' => '', + 'useMultipartCopy' => false, 'objectPrefix' => 'urn:oid:', 'autocreate' => false, 'use_ssl' => true, diff --git a/templates/scriptreceiver/create_bucket.erb.sh b/templates/scriptreceiver/create_bucket.erb.sh index cecf68c..b5b970a 100755 --- a/templates/scriptreceiver/create_bucket.erb.sh +++ b/templates/scriptreceiver/create_bucket.erb.sh @@ -38,7 +38,7 @@ preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable if [[ -z ${preexisting} ]]; then docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:create "${user_bucket_name}" \ amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \ - amazons3::accesskey --user ${user} + -c useMultipartCopy=false amazons3::accesskey --user ${user} for shareid in $(docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:export ${user} | jq -r '.[].mount_id'); do docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:option ${shareid} enable_sharing true done diff --git a/templates/scriptreceiver/create_bucket_without_question.sh b/templates/scriptreceiver/create_bucket_without_question.sh index 12c53f3..e128360 100644 --- a/templates/scriptreceiver/create_bucket_without_question.sh +++ b/templates/scriptreceiver/create_bucket_without_question.sh @@ -7,7 +7,7 @@ bucket=${4} user=${5} /usr/local/bin/occ files_external:create "${bucket}" \ amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \ - amazons3::accesskey --user "${user}" + -c useMultipartCopy=false amazons3::accesskey --user "${user}" for shareid in $(/usr/local/bin/occ files_external:export "${user}" | jq -r '.[].mount_id'); do /usr/local/bin/occ files_external:option "${shareid}" enable_sharing true done From 472977fde429dd285960f37acea0aa0fdb79729c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 20 May 2024 10:44:37 +0200 Subject: [PATCH 05/11] Update config for lookup server --- manifests/lookup.pp | 5 +++++ templates/lookup/config.php.erb | 27 ++++++++++++++++++++------- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/manifests/lookup.pp b/manifests/lookup.pp index ccd7b43..88db327 100644 --- a/manifests/lookup.pp +++ b/manifests/lookup.pp @@ -5,6 +5,9 @@ class sunetdrive::lookup ( ) { $environment = sunetdrive::get_environment() + $config = lookup($environment, undef, undef, undef) + + $public_url = "https://${config['site_name']}" # Firewall settings @@ -13,8 +16,10 @@ class sunetdrive::lookup ( $dbhost = 'proxysql_proxysql_1' $gss_jwt_key = safe_hiera('gss_jwt_key') + $replication_auth = safe_hiera('replication_auth') $mysql_user_password = safe_hiera('mysql_user_password') $lookup_version = hiera("lookup_version_${environment}") + $email_sender = $config['email_sender'] #Create users user { 'www-data': ensure => present, system => true } diff --git a/templates/lookup/config.php.erb b/templates/lookup/config.php.erb index ce464dd..c7f9551 100644 --- a/templates/lookup/config.php.erb +++ b/templates/lookup/config.php.erb @@ -1,16 +1,29 @@ - "<%= @gss_jwt_key %>", 'DB' => [ 'host' => "<%= @dbhost %>", 'db' => "lookup" , 'user' => "lookup", 'pass' => "<%= @mysql_user_password %>", ], - + 'EMAIL_SENDER' => '<%= @email_sender %>', + 'ERROR_VERBOSE' => false, 'GLOBAL_SCALE' => true, - - 'AUTH_KEY' => "<%= @gss_jwt_key %>", -]; \ No newline at end of file + 'IP_BLACKLIST' => [ + ], + 'MAX_REQUESTS' => 10000, + 'MAX_SEARCH_PAGE' => 10, + 'PUBLIC_URL' => '<%= @public_url %>', + 'REPLICATION_AUTH' => '<%= @replication_auth %>', + 'REPLICATION_HOSTS' => [ + ], + 'SPAM_BLACKLIST' => [ + ], + 'TWITTER' => [ + 'CONSUMER_KEY' => '', + 'CONSUMER_SECRET' => '', + 'ACCESS_TOKEN' => '', + 'ACCESS_TOKEN_SECRET' => '', + ], +]; From c485935f30561c0103214075cdd01c59546e0d94 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 20 May 2024 11:46:58 +0200 Subject: [PATCH 06/11] Try ensure file --- manifests/lookup.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/lookup.pp b/manifests/lookup.pp index 88db327..9703dc9 100644 --- a/manifests/lookup.pp +++ b/manifests/lookup.pp @@ -25,7 +25,7 @@ class sunetdrive::lookup ( user { 'www-data': ensure => present, system => true } file { '/opt/lookup/config.php': - ensure => present, + ensure => file, owner => 'www-data', group => 'root', content => template('sunetdrive/lookup/config.php.erb'), From 05814cfd24915b0fa5d4d7bb5b16a3765573cef7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 20 May 2024 13:10:20 +0200 Subject: [PATCH 07/11] proxysql network does not exist --- templates/lookup/docker-compose_lookup.yml.erb | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/templates/lookup/docker-compose_lookup.yml.erb b/templates/lookup/docker-compose_lookup.yml.erb index 236e498..59fc38b 100644 --- a/templates/lookup/docker-compose_lookup.yml.erb +++ b/templates/lookup/docker-compose_lookup.yml.erb @@ -3,13 +3,12 @@ version: '3.2' services: app: + container_name: lookup_app_1 image: docker.sunet.se/drive/nextcloud-lookup:<%= @lookup_version %> restart: always volumes: - /opt/lookup/config.php:/var/www/html/config/config.php - networks: - - default - - proxysql_proxysql + network_mode: host dns: - 89.46.20.75 - 89.46.21.29 @@ -18,7 +17,3 @@ services: - 443:443 command: apachectl -D FOREGROUND tty: true - -networks: - proxysql_proxysql: - external: true From cbf40869939cca7ff695aece5dbafd57e738a701 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 21 May 2024 12:54:06 +0200 Subject: [PATCH 08/11] Goes together with switch to host networking --- manifests/lookup.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/lookup.pp b/manifests/lookup.pp index 9703dc9..30994b8 100644 --- a/manifests/lookup.pp +++ b/manifests/lookup.pp @@ -14,7 +14,7 @@ class sunetdrive::lookup ( $nextcloud_ip = hiera_array("${location}_app", []) $tug_office = hiera_array('tug_office') - $dbhost = 'proxysql_proxysql_1' + $dbhost = '127.0.0.1' $gss_jwt_key = safe_hiera('gss_jwt_key') $replication_auth = safe_hiera('replication_auth') $mysql_user_password = safe_hiera('mysql_user_password') From aa2a86920373548db993624695594b5378ff1e44 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 21 May 2024 17:11:43 +0200 Subject: [PATCH 09/11] Move gss prod to redis cluster --- templates/application/config.php.erb | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index c6429a6..af642f6 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -127,6 +127,24 @@ $CONFIG = array ( ], 'timeout' => 1.1 ], +<% elsif @location == 'gss-prod' -%> + 'redis.cluster' => [ + 'failover_mode' => \RedisCluster::FAILOVER_ERROR, + 'password' => '<%= @redis_cluster_password %>', + 'read_timeout' => 0.0, + 'seeds' => [ + 'redis1.drive.sunet.se:6379', + 'redis2.drive.sunet.se:6379', + 'redis3.drive.sunet.se:6379', + 'redis1.drive.sunet.se:6380', + 'redis2.drive.sunet.se:6380', + 'redis3.drive.sunet.se:6380', + 'redis1.drive.sunet.se:6381', + 'redis2.drive.sunet.se:6381', + 'redis3.drive.sunet.se:6381' + ], + 'timeout' => 1.1 + ], <% elsif @environment == 'test' && ! @is_multinode -%> 'redis.cluster' => [ 'failover_mode' => \RedisCluster::FAILOVER_ERROR, From bf5abc073e94a0e33499af130550d3edbfa658c5 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 21 May 2024 17:29:59 +0200 Subject: [PATCH 10/11] Change hostnet to bool --- manifests/app_type.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index f25ded7..1828bee 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -61,7 +61,7 @@ define sunetdrive::app_type ( $php_memory_limit_mb = 512 } if $::facts['dockerhost2'] == 'yes' { - $hostnet = 'yes' + $hostnet = true } # These are encrypted values from local.eyaml From b3d98731762747784d18e574b2190d0d7a7f7063 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 21 May 2024 17:47:42 +0200 Subject: [PATCH 11/11] Switch to boolean --- manifests/proxysql.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index fc45669..4926870 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -27,7 +27,7 @@ class sunetdrive::proxysql ( $transaction_persistent = 1 if $::facts['dockerhost2'] == 'yes' { - $hostnet = 'yes' + $hostnet = true } file { '/usr/local/bin/proxysql':