diff --git a/dbrepo-auth-service/listeners/target/create-event-listener.jar b/dbrepo-auth-service/listeners/target/create-event-listener.jar index a36663dc0993c612b1f3701b5f2aebf5f9732665..4e688861f7947c1b94a9ed12d8a82eecf5488216 100644 Binary files a/dbrepo-auth-service/listeners/target/create-event-listener.jar and b/dbrepo-auth-service/listeners/target/create-event-listener.jar differ diff --git a/dbrepo-gateway-service/dbrepo.conf b/dbrepo-gateway-service/dbrepo.conf index 659300566efe5e3aad1b80ea2450791e5bbb92e6..dbd796fcb8cfdeafa8e420e7a60f1e9558b87a60 100644 --- a/dbrepo-gateway-service/dbrepo.conf +++ b/dbrepo-gateway-service/dbrepo.conf @@ -16,30 +16,6 @@ server { listen 8080 default_server; server_name _; - location /dashboard/ { - rewrite ^/dashboard/(.*) /$1 break; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://dashboard-ui:3000; - proxy_read_timeout 90; - } - - # Proxy Grafana Live WebSocket connections. - location /dashboard/api/live/ { - rewrite ^/dashboard/(.*) /$1 break; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_http_version 1.1; - proxy_pass http://dashboard-ui:3000; - proxy_read_timeout 90; - } - # Proxy Keycloak OIDC connections, c.f. https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations location /realms { proxy_set_header X-Real-IP $remote_addr; diff --git a/dbrepo-storage-service/init/Dockerfile b/dbrepo-storage-service/init/Dockerfile index be95322ff4721d63a62dc4cf8e18c0f768db8eaa..4c3c671a05f2071696c335696f6bbbfd7c3c9687 100644 --- a/dbrepo-storage-service/init/Dockerfile +++ b/dbrepo-storage-service/init/Dockerfile @@ -4,10 +4,10 @@ LABEL org.opencontainers.image.authors="martin.weise@tuwien.ac.at" RUN apk add --no-cache bash \ && pip install s3cmd -USER 1001 - WORKDIR /app -COPY --chown=1001 --chmod=0777 ./init.sh /app/init.sh +RUN adduser -D dbrepo --uid 1001 + +COPY --chown=1001 --chmod=0744 ./init.sh /app/init.sh ENTRYPOINT [ "bash", "-c", "/app/init.sh" ] diff --git a/dbrepo-storage-service/init/init.sh b/dbrepo-storage-service/init/init.sh index 91a1c41aada823caf661380b765c9fbcd709ad8f..2339978957d4ffb02aa6e11a26f9c653dffd4da4 100644 --- a/dbrepo-storage-service/init/init.sh +++ b/dbrepo-storage-service/init/init.sh @@ -1,17 +1,17 @@ #!/bin/bash -cat << EOF > /app/config/.s3cfg +cat << EOF > /app/.s3cfg access_key = ${S3_ACCESS_KEY_ID} secret_key = ${S3_SECRET_ACCESS_KEY} # Setup endpoint host_base = ${STORAGE_ENDPOINT} -host_bucket = ${STORAGE_ENDPOINT} +host_bucket = ${S3_BUCKET} use_https = False # Enable S3 v4 signature APIs signature_v2 = False EOF -s3cmd --config=/app/config/.s3cfg ls | grep "s3://${S3_BUCKET}" -if s3cmd --config=/app/config/.s3cfg ls | grep -q "s3://${S3_BUCKET}"; then +s3cmd --config=/app/.s3cfg ls | grep "s3://${S3_BUCKET}" +if s3cmd --config=/app/.s3cfg ls | grep -q "s3://${S3_BUCKET}"; then echo "Bucket s3://${S3_BUCKET} already exists, skip." exit 0 fi -s3cmd --config=/app/config/.s3cfg mb s3://${S3_BUCKET} \ No newline at end of file +s3cmd --config=/app/.s3cfg mb s3://${S3_BUCKET} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 85ae727ebf8299a71b6e052495b14e45aa8f3444..97ab75d5d38e9c8f657070abff83b41c66985cd5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -376,6 +376,8 @@ services: condition: service_healthy dbrepo-dashboard-service: condition: service_healthy + dbrepo-dashboard-ui: + condition: service_healthy dbrepo-ui: condition: service_healthy logging: @@ -574,7 +576,6 @@ services: environment: BASE_URL: "${BASE_URL:-http://localhost}" GF_INSTALL_PLUGINS: "yesoreyeram-infinity-datasource" - GF_SERVER_DOMAIN: "dashboard-service" GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: "true" LDAP_ADMIN_USERNAME: "${IDENTITY_SERVICE_ADMIN_USERNAME:-admin}" LDAP_ADMIN_PASSWORD: "${IDENTITY_SERVICE_ADMIN_PASSWORD:-admin}" @@ -585,8 +586,8 @@ services: timeout: 5s retries: 12 depends_on: - dbrepo-metric-db: - condition: service_started + dbrepo-data-db: + condition: service_healthy extra_hosts: - "localhost:host-gateway" logging: diff --git a/helm/dbrepo/files/create-event-listener.jar b/helm/dbrepo/files/create-event-listener.jar index a36663dc0993c612b1f3701b5f2aebf5f9732665..4e688861f7947c1b94a9ed12d8a82eecf5488216 100644 Binary files a/helm/dbrepo/files/create-event-listener.jar and b/helm/dbrepo/files/create-event-listener.jar differ diff --git a/helm/dbrepo/templates/dashboard-secret.yaml b/helm/dbrepo/templates/dashboard-secret.yaml index 21ae5b1311667b43383a17c0246d22d432e00d93..e9486d671c26db0023092010579787c3b242251c 100644 --- a/helm/dbrepo/templates/dashboard-secret.yaml +++ b/helm/dbrepo/templates/dashboard-secret.yaml @@ -6,12 +6,10 @@ metadata: name: dashboard-service-secret namespace: {{ include "common.names.namespace" . | quote }} stringData: - AUTH_SERVICE_ADMIN: "{{ .Values.authservice.auth.adminUser }}" - AUTH_SERVICE_ADMIN_PASSWORD: "{{ .Values.authservice.auth.adminPassword }}" AUTH_SERVICE_ENDPOINT: "{{ .Values.authservice.endpoint }}" BASE_URL: "{{ .Values.gateway }}" DASHBOARD_UI_ENDPOINT: "{{ .Values.dashboardui.endpoint }}" METADATA_SERVICE_ENDPOINT: "{{ .Values.metadataservice.endpoint }}" - SYSTEM_USERNAME: "{{ .Values.identityservice.users }}" - SYSTEM_PASSWORD: "{{ .Values.identityservice.userPasswords }}" + SYSTEM_USERNAME: "{{ .Values.authservice.auth.adminUser }}" + SYSTEM_PASSWORD: "{{ .Values.authservice.auth.adminPassword }}" {{- end }} diff --git a/helm/dbrepo/templates/dashboard-service.yaml b/helm/dbrepo/templates/dashboard-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4bace46dfc7bba2404c0efe770b3e694e0bcecd0 --- /dev/null +++ b/helm/dbrepo/templates/dashboard-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.dashboardservice.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: dashboard-service + namespace: {{ include "common.names.namespace" . | quote }} + labels: + service: dashboard-service +spec: + type: ClusterIP + ports: + - name: "dashboard-service" + port: 80 + targetPort: 8080 + protocol: TCP + selector: + service: dashboard-service +{{- end }} diff --git a/helm/dbrepo/templates/dashboard-ui-prov-datasources-secret.yaml b/helm/dbrepo/templates/dashboard-ui-prov-datasources-secret.yaml deleted file mode 100644 index 2d10baefd2145f026e88e940b2b077fa947dfab9..0000000000000000000000000000000000000000 --- a/helm/dbrepo/templates/dashboard-ui-prov-datasources-secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.dashboardui.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: dashboard-ui-prov-datasources-secret - namespace: {{ include "common.names.namespace" . | quote }} -stringData: - infinity.yaml: |- - apiVersion: 1 - datasources: - - name: dbrepo-json - uid: dbrepojson0 - type: yesoreyeram-infinity-datasource - basicAuth: true - basicAuthUser: {{ .Values.datadb.db.user }} - url: {{ .Values.gateway }} - jsonData: - auth_method: 'basicAuth' - httpHeaderName1: Accept - allowedHosts: - - '{{ .Values.gateway }}' - secureJsonData: - basicAuthPassword: {{ .Values.datadb.db.password }} - httpHeaderValue1: application/json - prometheus.yaml: |- - apiVersion: 1 - datasources: - - name: dbrepo-metrics - type: prometheus - uid: dbrepometrics0 - url: {{ .Values.metricdb.endpoint }} -{{- end }} diff --git a/helm/dbrepo/templates/gateway-configmap.yaml b/helm/dbrepo/templates/gateway-configmap.yaml index 6b8a912db78d4e2d92d331c5158e6fd14f39aa60..328efdcd92706805ea42718edd16643ace769b6e 100644 --- a/helm/dbrepo/templates/gateway-configmap.yaml +++ b/helm/dbrepo/templates/gateway-configmap.yaml @@ -97,7 +97,6 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; proxy_pass http://dashboard-service; proxy_read_timeout 90; } diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml index d82ab7c0d9daa6779885afb570a1eaab52e4d6e3..9346fc8cbaa56c97e4936f177ce076d9e0c5757f 100644 --- a/helm/dbrepo/values.yaml +++ b/helm/dbrepo/values.yaml @@ -908,7 +908,7 @@ dashboardservice: enabled: true image: ## @skip dashboardservice.image.name - name: registry.datalab.tuwien.ac.at/dbrepo/auth-service-init:1.8.0 + name: registry.datalab.tuwien.ac.at/dbrepo/dashboard-service:1.8.0 ## @param dashboardservice.endpoint The endpoint for the microservices. endpoint: http://dashboard-service ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod @@ -1001,12 +1001,6 @@ dashboardui: ports: ## @skip dashboardui.service.ports.grafana grafana: 80 - datasources: - ## @skip dashboardui.datasources.secretName - secretName: "dashboard-ui-prov-datasources-secret" - dashboardsProvider: - ## @param dashboardui.dashboardsProvider.enabled Enable the default dashboard provisioning provider to routinely import dashboards from /opt/bitnami/grafana/dashboards - enabled: true ## @section Metric Service diff --git a/lib/python/dbrepo/core/client/search.py b/lib/python/dbrepo/core/client/search.py index d139499fb6e244d639133fb59cc1fa288e8c4f12..033ed0beda53ffe6bc3e6263bb63bff90079ca70 100644 --- a/lib/python/dbrepo/core/client/search.py +++ b/lib/python/dbrepo/core/client/search.py @@ -39,9 +39,9 @@ class SearchServiceClient: @returns: The opensearch instance singleton, if successful. """ if self.instance is None: - self.instance = OpenSearch(hosts=[{"host": self.host, "port": self.port}], - http_compress=True, - http_auth=(self.system_username, self.system_password)) + self.instance = SearchServiceClient(hosts=[{"host": self.host, "port": self.port}], + http_compress=True, + http_auth=(self.system_username, self.system_password)) return self.instance def database_exists(self, database_id: str):