From 999a61e812c2780af911be66562bf409f1e98e20 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Wed, 30 Aug 2023 21:31:17 +0200
Subject: [PATCH] Fixed rabbitmq cloud image
---
dbrepo-broker-service/Dockerfile | 21 ++------
dbrepo-broker-service/cert.pem | 3 ++
dbrepo-broker-service/docker-entrypoint.sh | 9 ----
dbrepo-broker-service/init.sh | 14 ------
dbrepo-broker-service/pubkey.pem | 3 ++
dbrepo-broker-service/rabbitmq.conf | 23 ++++++++-
dbrepo-broker-service/service_ready | 6 ---
dbrepo-gateway-service/dbrepo.conf | 9 ++++
dbrepo-metadata-db/setup-schema.sql | 8 +--
dbrepo-metadata-service/Dockerfile | 2 +
.../src/main/resources/application.yml | 2 +-
docker-compose.yml | 50 +++++++++----------
12 files changed, 73 insertions(+), 77 deletions(-)
create mode 100644 dbrepo-broker-service/cert.pem
delete mode 100755 dbrepo-broker-service/docker-entrypoint.sh
delete mode 100644 dbrepo-broker-service/init.sh
create mode 100644 dbrepo-broker-service/pubkey.pem
delete mode 100755 dbrepo-broker-service/service_ready
diff --git a/dbrepo-broker-service/Dockerfile b/dbrepo-broker-service/Dockerfile
index 0813cf4a38..2025bab24e 100644
--- a/dbrepo-broker-service/Dockerfile
+++ b/dbrepo-broker-service/Dockerfile
@@ -1,25 +1,14 @@
###### FIRST STAGE ######
-FROM dbrepo-metadata-db:latest as dependency
-MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
-
-###### SECOND STAGE ######
FROM rabbitmq:3-management-alpine as runtime
-
-ENV RABBITMQ_DEFAULT_VHOST=dbrepo
-
-RUN apk --no-cache add curl
+MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
COPY ./rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
WORKDIR /app
-ENV JWT_PUBKEY="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB"
-ENV JWT_CERT="MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk="
-
-COPY ./init.sh ./init.sh
-COPY ./service_ready /usr/bin/service_ready
-COPY ./docker-entrypoint.sh ./docker-entrypoint.sh
+COPY ./cert.pem ./cert.pem
+COPY ./pubkey.pem ./pubkey.pem
-HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD service_ready
+RUN rabbitmq-plugins enable --offline rabbitmq_prometheus rabbitmq_mqtt rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl
-ENTRYPOINT [ "bash", "/app/docker-entrypoint.sh" ]
\ No newline at end of file
+HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD wget --spider http://localhost:15672/broker/
diff --git a/dbrepo-broker-service/cert.pem b/dbrepo-broker-service/cert.pem
new file mode 100644
index 0000000000..e66555558c
--- /dev/null
+++ b/dbrepo-broker-service/cert.pem
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/dbrepo-broker-service/docker-entrypoint.sh b/dbrepo-broker-service/docker-entrypoint.sh
deleted file mode 100755
index f87b1de958..0000000000
--- a/dbrepo-broker-service/docker-entrypoint.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-# load jwt certificates
-bash ./init.sh
-
-# enable prometheus plugin
-(sleep 10; rabbitmq-plugins enable rabbitmq_prometheus rabbitmq_mqtt rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl; touch ./ready) &
-
-rabbitmq-server
\ No newline at end of file
diff --git a/dbrepo-broker-service/init.sh b/dbrepo-broker-service/init.sh
deleted file mode 100644
index afcf6f3564..0000000000
--- a/dbrepo-broker-service/init.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-echo "init pubkey ..."
-rm -f /app/pubkey.pem /app/cert.pem
-cat << EOF > /app/pubkey.pem
------BEGIN RSA PUBLIC KEY-----
-${JWT_PUBKEY}
------END RSA PUBLIC KEY-----
-EOF
-echo "init cert ..."
-cat << EOF > /app/cert.pem
------BEGIN CERTIFICATE-----
-${JWT_CERT}
------END CERTIFICATE-----
-EOF
\ No newline at end of file
diff --git a/dbrepo-broker-service/pubkey.pem b/dbrepo-broker-service/pubkey.pem
new file mode 100644
index 0000000000..9e4e9308e1
--- /dev/null
+++ b/dbrepo-broker-service/pubkey.pem
@@ -0,0 +1,3 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
+-----END RSA PUBLIC KEY-----
\ No newline at end of file
diff --git a/dbrepo-broker-service/rabbitmq.conf b/dbrepo-broker-service/rabbitmq.conf
index 6b93149a71..23942bcede 100644
--- a/dbrepo-broker-service/rabbitmq.conf
+++ b/dbrepo-broker-service/rabbitmq.conf
@@ -1,5 +1,5 @@
# user
-default_vhost = /
+default_vhost = dbrepo
default_user = fda
default_pass = fda
default_user_tags.administrator = true
@@ -10,5 +10,24 @@ default_permissions.write = .*
# enable http outside localhost
listeners.tcp.1 = 0.0.0.0:5672
+# management ui (https://www.rabbitmq.com/management.html#path-prefix)
+management.path_prefix = /broker
+
# logging
-log.file.level = warning
+log.console = true
+log.console.level = warning
+
+# Obviously your authentication server cannot vouch for itself, so you'll need another backend with at least one user in
+# it. You should probably use the internal database
+auth_backends.1 = rabbit_auth_backend_oauth2
+auth_backends.2 = rabbit_auth_backend_internal
+
+# OAuth 2.0 files
+auth_oauth2.resource_server_id = rabbitmq
+#auth_oauth2.additional_scopes_key = my_custom_scope_key
+auth_oauth2.preferred_username_claims.1 = client_id
+auth_oauth2.default_key = t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM
+auth_oauth2.signing_keys.t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM = /app/cert.pem
+auth_oauth2.signing_keys.id2 = /app/pubkey.pem
+auth_oauth2.algorithms.1 = HS256
+auth_oauth2.algorithms.2 = RS256
diff --git a/dbrepo-broker-service/service_ready b/dbrepo-broker-service/service_ready
deleted file mode 100755
index 31bdd3aa9c..0000000000
--- a/dbrepo-broker-service/service_ready
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-if [ -f ./ready ]; then
- echo "service is ready and accepting connections"
- exit 0
-fi
-exit 1
\ No newline at end of file
diff --git a/dbrepo-gateway-service/dbrepo.conf b/dbrepo-gateway-service/dbrepo.conf
index 2e91b3ac4e..c84c22f970 100644
--- a/dbrepo-gateway-service/dbrepo.conf
+++ b/dbrepo-gateway-service/dbrepo.conf
@@ -82,6 +82,15 @@ server {
proxy_read_timeout 90;
}
+ location /broker {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://broker;
+ proxy_read_timeout 90;
+ }
+
location /retrieve {
rewrite /retrieve/(.*) /$1 break;
proxy_set_header Host $host;
diff --git a/dbrepo-metadata-db/setup-schema.sql b/dbrepo-metadata-db/setup-schema.sql
index 8da039c555..320ff30018 100644
--- a/dbrepo-metadata-db/setup-schema.sql
+++ b/dbrepo-metadata-db/setup-schema.sql
@@ -77,7 +77,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_licenses`
identifier character varying(255) NOT NULL,
uri text NOT NULL,
PRIMARY KEY (identifier),
- UNIQUE (uri)
+ UNIQUE (uri(200))
) WITH SYSTEM VERSIONING;
CREATE TABLE IF NOT EXISTS `fda`.`mdb_databases`
@@ -280,7 +280,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_concepts`
created timestamp NOT NULL DEFAULT NOW(),
created_by character varying(36) NOT NULL,
PRIMARY KEY (id),
- UNIQUE (uri),
+ UNIQUE (uri(200)),
FOREIGN KEY (created_by) REFERENCES mdb_users (id)
) WITH SYSTEM VERSIONING;
@@ -293,7 +293,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_units`
created timestamp NOT NULL DEFAULT NOW(),
created_by character varying(36) NOT NULL,
PRIMARY KEY (id),
- UNIQUE (uri),
+ UNIQUE (uri(200)),
FOREIGN KEY (created_by) REFERENCES mdb_users (id)
) WITH SYSTEM VERSIONING;
@@ -358,7 +358,7 @@ CREATE TABLE IF NOT EXISTS `fda`.`mdb_ontologies`
created timestamp NOT NULL DEFAULT NOW(),
created_by character varying(36) NOT NULL,
UNIQUE (prefix),
- UNIQUE (uri),
+ UNIQUE (uri(200)),
PRIMARY KEY (id),
FOREIGN KEY (created_by) REFERENCES mdb_users (id)
) WITH SYSTEM VERSIONING;
diff --git a/dbrepo-metadata-service/Dockerfile b/dbrepo-metadata-service/Dockerfile
index 92c2c42cf1..caddf305e2 100644
--- a/dbrepo-metadata-service/Dockerfile
+++ b/dbrepo-metadata-service/Dockerfile
@@ -47,6 +47,8 @@ ENV JWT_ISSUER="http://localhost/realms/dbrepo"
ENV JWT_PUBKEY="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB"
ENV LOG_LEVEL=debug
ENV METADATA_DB=fda
+ENV METADATA_HOST=metadata-db
+ENV METADATA_JDBC_EXTRA_ARGS=""
ENV METADATA_PASSWORD=dbrepo
ENV METADATA_USERNAME=root
ENV NOT_SUPPORTED_KEYWORDS=\\*,AVG,BIT_AND,BIT_OR,BIT_XOR,COUNT,COUNTDISTINCT,GROUP_CONCAT,JSON_ARRAYAGG,JSON_OBJECTAGG,MAX,MIN,STD,STDDEV,STDDEV_POP,STDDEV_SAMP,SUM,VARIANCE,VAR_POP,VAR_SAMP,--
diff --git a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
index 66f1cb64cf..716a170ec8 100644
--- a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
@@ -4,7 +4,7 @@ spring:
autoconfigure:
exclude: org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration, org.springframework.boot.autoconfigure.data.elasticsearch.ElasticsearchDataAutoConfiguration
datasource:
- url: "jdbc:mariadb://metadata-db:3306/${METADATA_DB}"
+ url: "jdbc:mariadb://${METADATA_HOST}:3306/${METADATA_DB}${METADATA_JDBC_EXTRA_ARGS}"
driver-class-name: org.mariadb.jdbc.Driver
username: "${METADATA_USERNAME}"
password: "${METADATA_PASSWORD}"
diff --git a/docker-compose.yml b/docker-compose.yml
index 4466879fe8..919e615a8f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -136,7 +136,7 @@ services:
volumes:
- authentication-service-data:/opt/keycloak/data/
depends_on:
- dbrepo-metadata-db:
+ dbrepo-auth-db:
condition: service_healthy
logging:
driver: json-file
@@ -240,30 +240,30 @@ services:
logging:
driver: json-file
- dbrepo-search-sync-agent:
- restart: "no"
- container_name: dbrepo-search-sync-agent
- hostname: search-startup-agent
- build: ./dbrepo-search-sync-agent
- image: dbrepo-search-sync-agent
- networks:
- core:
- env_file:
- - .env
- healthcheck:
- test: wget -qO- localhost:9050/actuator/health/readiness | grep -q "UP" || exit 1
- interval: 10s
- timeout: 5s
- retries: 12
- depends_on:
- dbrepo-metadata-db:
- condition: service_healthy
- dbrepo-search-db:
- condition: service_started
- dbrepo-authentication-service:
- condition: service_healthy
- logging:
- driver: json-file
+# dbrepo-search-sync-agent:
+# restart: "no"
+# container_name: dbrepo-search-sync-agent
+# hostname: search-startup-agent
+# build: ./dbrepo-search-sync-agent
+# image: dbrepo-search-sync-agent
+# networks:
+# core:
+# env_file:
+# - .env
+# healthcheck:
+# test: wget -qO- localhost:9050/actuator/health/readiness | grep -q "UP" || exit 1
+# interval: 10s
+# timeout: 5s
+# retries: 12
+# depends_on:
+# dbrepo-metadata-db:
+# condition: service_healthy
+# dbrepo-search-db:
+# condition: service_started
+# dbrepo-authentication-service:
+# condition: service_healthy
+# logging:
+# driver: json-file
dbrepo-ui:
restart: "no"
--
GitLab