Fixed rabbitmq cloud image

999a61e8 · Martin Weise · 9070b341 · 999a61e8 · 999a61e8 · 9070b341
Unverified Commit 999a61e8 authored Aug 30, 2023 by Martin Weise
--- a/dbrepo-broker-service/Dockerfile
+++ b/dbrepo-broker-service/Dockerfile
 ###### FIRST STAGE ######
-FROM dbrepo-metadata-db:latest as dependency
-MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
-
-###### SECOND STAGE ######
 FROM rabbitmq:3-management-alpine as runtime
-
-ENV RABBITMQ_DEFAULT_VHOST=dbrepo
-
-RUN apk --no-cache add curl
+MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>

 COPY ./rabbitmq.conf /etc/rabbitmq/rabbitmq.conf

 WORKDIR /app

-ENV JWT_PUBKEY="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB"
-ENV JWT_CERT="MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk="
-
-COPY ./init.sh ./init.sh
-COPY ./service_ready /usr/bin/service_ready
-COPY ./docker-entrypoint.sh ./docker-entrypoint.sh
+COPY ./cert.pem ./cert.pem
+COPY ./pubkey.pem ./pubkey.pem

-HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD service_ready
+RUN rabbitmq-plugins enable --offline rabbitmq_prometheus rabbitmq_mqtt rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl

-ENTRYPOINT [ "bash", "/app/docker-entrypoint.sh" ]
\ No newline at end of file
+HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD wget --spider http://localhost:15672/broker/
--- a/dbrepo-broker-service/cert.pem
+++ b/dbrepo-broker-service/cert.pem
+-----BEGIN CERTIFICATE-----
+MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=
+-----END CERTIFICATE-----
\ No newline at end of file
--- a/dbrepo-broker-service/docker-entrypoint.sh
+++ b/dbrepo-broker-service/docker-entrypoint.sh
-#!/bin/bash
-
-# load jwt certificates
-bash ./init.sh
-
-# enable prometheus plugin
-(sleep 10; rabbitmq-plugins enable rabbitmq_prometheus rabbitmq_mqtt rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl; touch ./ready) &
-
-rabbitmq-server
\ No newline at end of file
--- a/dbrepo-broker-service/init.sh
+++ b/dbrepo-broker-service/init.sh
-#!/bin/bash
-echo "init pubkey ..."
-rm -f /app/pubkey.pem /app/cert.pem
-cat << EOF > /app/pubkey.pem
-----BEGIN RSA PUBLIC KEY-----
-${JWT_PUBKEY}
-----END RSA PUBLIC KEY-----
-EOF
-echo "init cert ..."
-cat << EOF > /app/cert.pem
-----BEGIN CERTIFICATE-----
-${JWT_CERT}
-----END CERTIFICATE-----
-EOF
\ No newline at end of file
--- a/dbrepo-broker-service/pubkey.pem
+++ b/dbrepo-broker-service/pubkey.pem
+-----BEGIN RSA PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
+-----END RSA PUBLIC KEY-----
\ No newline at end of file
--- a/dbrepo-broker-service/rabbitmq.conf
+++ b/dbrepo-broker-service/rabbitmq.conf
 # user
-default_vhost = /
+default_vhost = dbrepo
 default_user = fda
 default_pass = fda
 default_user_tags.administrator = true
@@ -10,5 +10,24 @@ default_permissions.write = .*
 # enable http outside localhost
 listeners.tcp.1 = 0.0.0.0:5672

+# management ui (https://www.rabbitmq.com/management.html#path-prefix)
+management.path_prefix = /broker
+
 # logging
-log.file.level = warning
+log.console = true
+log.console.level = warning
+
+# Obviously your authentication server cannot vouch for itself, so you'll need another backend with at least one user in
+# it. You should probably use the internal database
+auth_backends.1 = rabbit_auth_backend_oauth2
+auth_backends.2 = rabbit_auth_backend_internal
+
+# OAuth 2.0 files
+auth_oauth2.resource_server_id = rabbitmq
+#auth_oauth2.additional_scopes_key = my_custom_scope_key
+auth_oauth2.preferred_username_claims.1 = client_id
+auth_oauth2.default_key = t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM
+auth_oauth2.signing_keys.t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM = /app/cert.pem
+auth_oauth2.signing_keys.id2 = /app/pubkey.pem
+auth_oauth2.algorithms.1 = HS256
+auth_oauth2.algorithms.2 = RS256
--- a/dbrepo-broker-service/service_ready
+++ b/dbrepo-broker-service/service_ready
-#!/bin/bash
-if [ -f ./ready ]; then
-  echo "service is ready and accepting connections"
-  exit 0
-fi
-exit 1
\ No newline at end of file
--- a/dbrepo-gateway-service/dbrepo.conf
+++ b/dbrepo-gateway-service/dbrepo.conf
@@ -82,6 +82,15 @@ server {
        proxy_read_timeout      90;
    }

+    location /broker {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://broker;
+        proxy_read_timeout      90;
+    }
+
    location /retrieve {
        rewrite /retrieve/(.*) /$1 break;
        proxy_set_header        Host $host;

--- a/dbrepo-metadata-db/setup-schema.sql
+++ b/dbrepo-metadata-db/setup-schema.sql
@@ -77,7 +77,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_licenses`
    identifier character varying(255) NOT NULL,
    uri        text                   NOT NULL,
    PRIMARY KEY (identifier),
-    UNIQUE (uri)
+    UNIQUE (uri(200))
 ) WITH SYSTEM VERSIONING;

 CREATE TABLE IF NOT EXISTS `fda`.`mdb_databases`
@@ -280,7 +280,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_concepts`
    created     timestamp             NOT NULL DEFAULT NOW(),
    created_by  character varying(36) NOT NULL,
    PRIMARY KEY (id),
-    UNIQUE (uri),
+    UNIQUE (uri(200)),
    FOREIGN KEY (created_by) REFERENCES mdb_users (id)
 ) WITH SYSTEM VERSIONING;

@@ -293,7 +293,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_units`
    created     timestamp             NOT NULL DEFAULT NOW(),
    created_by  character varying(36) NOT NULL,
    PRIMARY KEY (id),
-    UNIQUE (uri),
+    UNIQUE (uri(200)),
    FOREIGN KEY (created_by) REFERENCES mdb_users (id)
 ) WITH SYSTEM VERSIONING;

@@ -358,7 +358,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_ontologies`
    created         timestamp             NOT NULL DEFAULT NOW(),
    created_by      character varying(36) NOT NULL,
    UNIQUE (prefix),
-    UNIQUE (uri),
+    UNIQUE (uri(200)),
    PRIMARY KEY (id),
    FOREIGN KEY (created_by) REFERENCES mdb_users (id)
 ) WITH SYSTEM VERSIONING;

--- a/dbrepo-metadata-service/Dockerfile
+++ b/dbrepo-metadata-service/Dockerfile
@@ -47,6 +47,8 @@ ENV JWT_ISSUER="http://localhost/realms/dbrepo"
 ENV JWT_PUBKEY="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB"
 ENV LOG_LEVEL=debug
 ENV METADATA_DB=fda
+ENV METADATA_HOST=metadata-db
+ENV METADATA_JDBC_EXTRA_ARGS=""
 ENV METADATA_PASSWORD=dbrepo
 ENV METADATA_USERNAME=root
 ENV NOT_SUPPORTED_KEYWORDS=\\*,AVG,BIT_AND,BIT_OR,BIT_XOR,COUNT,COUNTDISTINCT,GROUP_CONCAT,JSON_ARRAYAGG,JSON_OBJECTAGG,MAX,MIN,STD,STDDEV,STDDEV_POP,STDDEV_SAMP,SUM,VARIANCE,VAR_POP,VAR_SAMP,--

--- a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
@@ -4,7 +4,7 @@ spring:
  autoconfigure:
    exclude: org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration, org.springframework.boot.autoconfigure.data.elasticsearch.ElasticsearchDataAutoConfiguration
  datasource:
-    url: "jdbc:mariadb://metadata-db:3306/${METADATA_DB}"
+    url: "jdbc:mariadb://${METADATA_HOST}:3306/${METADATA_DB}${METADATA_JDBC_EXTRA_ARGS}"
    driver-class-name: org.mariadb.jdbc.Driver
    username: "${METADATA_USERNAME}"
    password: "${METADATA_PASSWORD}"

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -136,7 +136,7 @@ services:
    volumes:
      - authentication-service-data:/opt/keycloak/data/
    depends_on:
-      dbrepo-metadata-db:
+      dbrepo-auth-db:
        condition: service_healthy
    logging:
      driver: json-file
@@ -240,30 +240,30 @@ services:
    logging:
      driver: json-file

-  dbrepo-search-sync-agent:
-    restart: "no"
-    container_name: dbrepo-search-sync-agent
-    hostname: search-startup-agent
-    build: ./dbrepo-search-sync-agent
-    image: dbrepo-search-sync-agent
-    networks:
-      core:
-    env_file:
-      - .env
-    healthcheck:
-      test: wget -qO- localhost:9050/actuator/health/readiness | grep -q "UP" || exit 1
-      interval: 10s
-      timeout: 5s
-      retries: 12
-    depends_on:
-      dbrepo-metadata-db:
-        condition: service_healthy
-      dbrepo-search-db:
-        condition: service_started
-      dbrepo-authentication-service:
-        condition: service_healthy
-    logging:
-      driver: json-file
+#  dbrepo-search-sync-agent:
+#    restart: "no"
+#    container_name: dbrepo-search-sync-agent
+#    hostname: search-startup-agent
+#    build: ./dbrepo-search-sync-agent
+#    image: dbrepo-search-sync-agent
+#    networks:
+#      core:
+#    env_file:
+#      - .env
+#    healthcheck:
+#      test: wget -qO- localhost:9050/actuator/health/readiness | grep -q "UP" || exit 1
+#      interval: 10s
+#      timeout: 5s
+#      retries: 12
+#    depends_on:
+#      dbrepo-metadata-db:
+#        condition: service_healthy
+#      dbrepo-search-db:
+#        condition: service_started
+#      dbrepo-authentication-service:
+#        condition: service_healthy
+#    logging:
+#      driver: json-file

  dbrepo-ui:
    restart: "no"