From 3a442b47e76e2e640706644045e4aaca7a158236 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 15:56:19 -0400 Subject: [PATCH 1/9] Add script to run RQ worker process --- script/rq_worker | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100755 script/rq_worker diff --git a/script/rq_worker b/script/rq_worker new file mode 100755 index 00000000..7b5a0276 --- /dev/null +++ b/script/rq_worker @@ -0,0 +1,11 @@ +#!/bin/bash + +# script/rq_worker: Launch the Flask-RQ worker + +source "$(dirname "${0}")"/../script/include/global_header.inc.sh + +# Before starting the server, apply any pending migrations to the DB +migrate_db + +# Launch the worker +run_command "flask rq worker" From be632e0d4a5bb5dbc04390709c6e1dfcc857257e Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 15:58:09 -0400 Subject: [PATCH 2/9] Drop -circleci from generated image names --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5ba48f3a..0e17a8f4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -133,7 +133,7 @@ jobs: command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circleci\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}\"" >> $BASH_ENV - run: name: "Start a Fresh Container" command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 @@ -190,7 +190,7 @@ jobs: command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circleci\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}\"" >> $BASH_ENV - run: name: "Update Kubernetes Deployment" command: ./deploy/kubernetes/atst-update-deploy.sh From 403d6cd7906cb55335bd28cd8ffc24eade619651 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 11:08:36 -0400 Subject: [PATCH 3/9] Add deployment for worker to k8s config --- deploy/kubernetes/atst.yml | 45 +++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml index 666b79b6..b0824c1a 100644 --- a/deploy/kubernetes/atst.yml +++ b/deploy/kubernetes/atst.yml @@ -24,7 +24,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:76854ac + image: registry.atat.codes:443/atst-prod:47fa38b resources: requests: memory: "2500Mi" @@ -125,6 +125,49 @@ spec: emptyDir: medium: Memory --- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: atst + name: atst-worker + namespace: atat +spec: + replicas: 1 + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: atst + spec: + securityContext: + fsGroup: 101 + containers: + - name: atst-worker + image: registry.atat.codes:443/atst-prod:47fa38b + args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] + resources: + requests: + memory: "2500Mi" + envFrom: + - configMapRef: + name: atst-envvars + volumeMounts: + - name: atst-config + mountPath: "/opt/atat/atst/atst-overrides.ini" + subPath: atst-overrides.ini + imagePullSecrets: + - name: regcred + volumes: + - name: atst-config + secret: + secretName: atst-config-ini + items: + - key: override.ini + path: atst-overrides.ini + mode: 0644 +--- apiVersion: v1 kind: Service metadata: From 73d8df8fe6c1da64b3d3256f558ddd3a43c9ec6e Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 14:32:46 -0400 Subject: [PATCH 4/9] Add REQUIRE_CRLS env variable to allow skipping loading CRLs --- atst/app.py | 4 +++- deploy/kubernetes/atst-worker-envvars-configmap.yml | 8 ++++++++ deploy/kubernetes/atst.yml | 2 ++ 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 deploy/kubernetes/atst-worker-envvars-configmap.yml diff --git a/atst/app.py b/atst/app.py index ac3ed9b3..273d3a86 100644 --- a/atst/app.py +++ b/atst/app.py @@ -28,6 +28,7 @@ from atst.queue import queue ENV = os.getenv("FLASK_ENV", "dev") +REQUIRE_CRLS = os.getenv("REQUIRE_CRLS", "True") def make_app(config): @@ -46,7 +47,8 @@ def make_app(config): app.config.update({"SESSION_REDIS": app.redis}) make_flask_callbacks(app) - make_crl_validator(app) + if REQUIRE_CRLS == "True": + make_crl_validator(app) register_filters(app) make_eda_client(app) make_upload_storage(app) diff --git a/deploy/kubernetes/atst-worker-envvars-configmap.yml b/deploy/kubernetes/atst-worker-envvars-configmap.yml new file mode 100644 index 00000000..0f3ec5e8 --- /dev/null +++ b/deploy/kubernetes/atst-worker-envvars-configmap.yml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: atst-worker-envvars + namespace: atat +data: + REQUIRE_CRLS: "False" diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml index b0824c1a..2526ac56 100644 --- a/deploy/kubernetes/atst.yml +++ b/deploy/kubernetes/atst.yml @@ -153,6 +153,8 @@ spec: envFrom: - configMapRef: name: atst-envvars + - configMapRef: + name: atst-worker-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" From 414e3cf00119f48a4e26c678d8f399140b4a6add Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 14:36:00 -0400 Subject: [PATCH 5/9] Lower memory requirement for worker pod --- deploy/kubernetes/atst.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml index 2526ac56..7f8f7354 100644 --- a/deploy/kubernetes/atst.yml +++ b/deploy/kubernetes/atst.yml @@ -24,7 +24,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:47fa38b + image: registry.atat.codes:443/atst-prod:6c56d03c resources: requests: memory: "2500Mi" @@ -145,11 +145,11 @@ spec: fsGroup: 101 containers: - name: atst-worker - image: registry.atat.codes:443/atst-prod:47fa38b + image: registry.atat.codes:443/atst-prod:6c56d03c args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] resources: requests: - memory: "2500Mi" + memory: "500Mi" envFrom: - configMapRef: name: atst-envvars From 3d263032219c2dac360a9588ac52c7feecc3ac54 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 14:58:06 -0400 Subject: [PATCH 6/9] Update deployed image --- deploy/kubernetes/atst.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml index 7f8f7354..a17a3a10 100644 --- a/deploy/kubernetes/atst.yml +++ b/deploy/kubernetes/atst.yml @@ -24,7 +24,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:6c56d03c + image: registry.atat.codes:443/atst-prod:b1042cad resources: requests: memory: "2500Mi" @@ -145,7 +145,7 @@ spec: fsGroup: 101 containers: - name: atst-worker - image: registry.atat.codes:443/atst-prod:6c56d03c + image: registry.atat.codes:443/atst-prod:b1042cad args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] resources: requests: From 3b2ed4f0a2ceba56b7cb4706cd96c5f69cb148b4 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 16:24:36 -0400 Subject: [PATCH 7/9] Update deployed image, again --- deploy/kubernetes/atst.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml index a17a3a10..a9d6dca2 100644 --- a/deploy/kubernetes/atst.yml +++ b/deploy/kubernetes/atst.yml @@ -24,7 +24,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:b1042cad + image: registry.atat.codes:443/atst-prod:5550eed2 resources: requests: memory: "2500Mi" @@ -145,7 +145,7 @@ spec: fsGroup: 101 containers: - name: atst-worker - image: registry.atat.codes:443/atst-prod:b1042cad + image: registry.atat.codes:443/atst-prod:5550eed2 args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] resources: requests: From f5a1d94061b045bc94062560b62c1ac1dfeaa25d Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Thu, 25 Oct 2018 16:26:07 -0400 Subject: [PATCH 8/9] Update deployed worker image in deployment script --- deploy/kubernetes/atst-update-deploy.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/kubernetes/atst-update-deploy.sh b/deploy/kubernetes/atst-update-deploy.sh index 75b3f6d6..ba9452f8 100755 --- a/deploy/kubernetes/atst-update-deploy.sh +++ b/deploy/kubernetes/atst-update-deploy.sh @@ -45,12 +45,14 @@ kubectl config current-context # Update the ATST deployment kubectl -n atat set image deployment.apps/atst atst="${IMAGE_NAME}" +kubectl -n atat set image deployment.apps/atst-worker atst-worker="${IMAGE_NAME}" # Wait for deployment to finish if ! timeout -t "${MAX_DEPLOY_WAIT}" -s INT kubectl -n atat rollout status deployment/atst then # Deploy did not finish before max wait time; abort and rollback the deploy kubectl -n atat rollout undo deployment/atst + kubectl -n atat rollout undo deployment/atst-worker # Exit with a non-zero return code exit 2 fi From e177fe0037e66100fdadc83447b67d3ee37ab3a2 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Fri, 26 Oct 2018 10:11:03 -0400 Subject: [PATCH 9/9] Add REQUIRE_CRLS to config parser --- atst/app.py | 4 ++-- config/base.ini | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/atst/app.py b/atst/app.py index 273d3a86..cad01fea 100644 --- a/atst/app.py +++ b/atst/app.py @@ -28,7 +28,6 @@ from atst.queue import queue ENV = os.getenv("FLASK_ENV", "dev") -REQUIRE_CRLS = os.getenv("REQUIRE_CRLS", "True") def make_app(config): @@ -47,7 +46,7 @@ def make_app(config): app.config.update({"SESSION_REDIS": app.redis}) make_flask_callbacks(app) - if REQUIRE_CRLS == "True": + if app.config.get("REQUIRE_CRLS"): make_crl_validator(app) register_filters(app) make_eda_client(app) @@ -101,6 +100,7 @@ def map_config(config): "PERMANENT_SESSION_LIFETIME": config.getint( "default", "PERMANENT_SESSION_LIFETIME" ), + "REQUIRE_CRLS": config.getboolean("default", "REQUIRE_CRLS"), "RQ_REDIS_URL": config["default"]["REDIS_URI"], "RQ_QUEUES": ["atat_{}".format(ENV.lower())], } diff --git a/config/base.ini b/config/base.ini index 5fa7ec6e..491ab0e4 100644 --- a/config/base.ini +++ b/config/base.ini @@ -15,6 +15,7 @@ PGPORT = 5432 PGUSER = postgres PORT=8000 REDIS_URI = redis://localhost:6379 +REQUIRE_CRLS = true SECRET = change_me_into_something_secret SECRET_KEY = change_me_into_something_secret SESSION_COOKIE_NAME=atat