first share
This commit is contained in:
parent
7ba5f20cd4
commit
ae97ef3497
|
@ -0,0 +1,67 @@
|
|||
export default { config };
|
||||
|
||||
var config = {
|
||||
"pep-credentials" : "{{pep_credentials}}",
|
||||
"hosts" : [
|
||||
{
|
||||
"host": "cdn-pep",
|
||||
"audience" : "d4science-cdn",
|
||||
"allow-basic-auth" : false,
|
||||
"paths" : [
|
||||
{
|
||||
"name" : "Default Resource",
|
||||
"path" : "^/config/d4s-cdn/.+$",
|
||||
"methods" : [
|
||||
{
|
||||
"method" : "GET",
|
||||
"scopes" : ["get"]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "Default Resource",
|
||||
"path" : "^/visuals/d4s-cdn/.*$",
|
||||
"methods" : [
|
||||
{
|
||||
"method" : "GET"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "Default Resource",
|
||||
"path" : "^/d4s-cdn/.+$",
|
||||
"methods" : [
|
||||
{
|
||||
"method" : "GET"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "Default Resource",
|
||||
"path" : "^/services/d4s-cdn/.*$",
|
||||
"methods" : [
|
||||
{
|
||||
"method" : "OPTIONS"
|
||||
},
|
||||
{
|
||||
"method" : "POST"
|
||||
},
|
||||
{
|
||||
"method" : "HEAD"
|
||||
},
|
||||
{
|
||||
"method" : "PUT"
|
||||
},
|
||||
{
|
||||
"method" : "DELETE"
|
||||
},
|
||||
{
|
||||
"method" : "GET"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
server {
|
||||
|
||||
listen *:80;
|
||||
listen [::]:80;
|
||||
|
||||
# this is the internal Docker DNS, cache only for 30s
|
||||
resolver 127.0.0.11 valid=30s;
|
||||
|
||||
server_name cdn.dev.d4science.org;
|
||||
|
||||
location /health {
|
||||
add_header Content-Length 0;
|
||||
add_header Content-Type "text/plain";
|
||||
return 200;
|
||||
}
|
||||
|
||||
#add one such location for all new cdn islands
|
||||
location ~ /.*/d4s-cdn/ {
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
add_header Content-Type text/plain;
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
|
||||
|
||||
# use dynamic setting of upstream so that router can be started also when not all backend cdn services are deployed
|
||||
set $upstream cdn-pep;
|
||||
proxy_pass http://$upstream;
|
||||
}
|
||||
|
||||
location ~* .*/d4s-vre-manager/ {
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
add_header Content-Type text/plain;
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
|
||||
|
||||
set $upstream d4s-vre-manager-pep;
|
||||
proxy_pass http://$upstream;
|
||||
}
|
||||
|
||||
location ~* .*/d4s-navigation/ {
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
add_header Content-Type text/plain;
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
|
||||
|
||||
set $upstream d4s-navigation-pep;
|
||||
proxy_pass http://$upstream;
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
$ANSIBLE_VAULT;1.2;AES256;cdn123
|
||||
34616537363232663933616666383734356430656137666236636235623539323431306165306663
|
||||
3035373262386465613561343036386233316466333032350a636533613530393766666163653562
|
||||
66326664323665613262343737363637353632616464643636666438626662336437306263633338
|
||||
3266303461393731610a633939313530366266613431626136333636353638396230663236356134
|
||||
62326462363234613364393030336439386239643766613233323730373338343137643338373231
|
||||
62393432303163376461666434386336323836633738626536386163353536363737356662366239
|
||||
33333836353636326232656165613833376463343034376366646636353463393038636236343637
|
||||
35363135323961616631346639646338656132363961343639656532333335363636306462363165
|
||||
64356132626234363231363166643030653965623139393365636235613734646431613538653763
|
||||
65663465643930313735623262306162656362393162346464623731646361653864343466376538
|
||||
66393135663732663661323039626539353230616362353736326138383535613462663062626339
|
||||
32663431346561636339
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
|
||||
"keycloakurl" : "https://accounts.dev.d4science.org",
|
||||
"keycloakrealm" : "d4science",
|
||||
|
||||
"clientid" : "d4science-example-wp",
|
||||
"client_redirect_uri" : "http://d4science-cdn-public/d4s-cdn/auth/oidc-callback",
|
||||
|
||||
"user-manager-client-id" : "orchestrator",
|
||||
"user-manager-client-secret" : "{{ user_manager_client_secret }}"
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"d4science_realm" : "d4science",
|
||||
"d4science_iam_base" : "https://accounts.dev.d4science.org/auth",
|
||||
"d4science_cdn_base" : "http://cdn.dev.d4science.org",
|
||||
"gateways" : {
|
||||
"/gcube/devsec" : ["d4science-example-wp"]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
### 1. Get muscle classic
|
||||
FROM nubisware/muscle-classic:latest
|
||||
|
||||
# 2. Install applicative fibers
|
||||
ADD .muscle/ /root/.muscle/
|
||||
RUN git fiber install -p G3 -n d4s-cdn \
|
||||
&& git service create -n cdn -w auth -w utils -w config -w error -w utils -w inspect -w resources -w d4s-cdn --debug \
|
||||
&& rm -rf /root/.muscle
|
||||
|
||||
WORKDIR cdn
|
||||
EXPOSE 8984
|
||||
ENTRYPOINT ./start.sh
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
vars_files:
|
||||
- conf/secrets.yaml
|
||||
vars:
|
||||
infrastructure: "local"
|
||||
dry: false
|
||||
tasks:
|
||||
- name: Patch PEP config
|
||||
template:
|
||||
src: "conf/pep/config.js.j2"
|
||||
dest: "conf/pep/config.js"
|
||||
|
||||
- name: Patch service auth config
|
||||
template:
|
||||
src: "conf/service/auth.json.j2"
|
||||
dest: "conf/service/auth.json"
|
||||
|
||||
- name: Start swarm
|
||||
docker_stack:
|
||||
name: 'cdn-{{ infrastructure }}'
|
||||
state: present
|
||||
compose:
|
||||
- "swarm.yaml"
|
||||
when: dry is not defined or not dry|bool
|
|
@ -0,0 +1,81 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
|
||||
cdn-router-dev:
|
||||
image: nginx:stable-alpine
|
||||
networks:
|
||||
- cdn-network
|
||||
ports:
|
||||
- "80:80"
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 2
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 10s
|
||||
window: 120s
|
||||
configs:
|
||||
- source: nginx_router_conf
|
||||
target: /etc/nginx/templates/default.conf.template
|
||||
|
||||
cdn-pep:
|
||||
image: nginx:stable-alpine
|
||||
networks:
|
||||
- cdn-network
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 2
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 10s
|
||||
window: 120s
|
||||
configs:
|
||||
- source: cdn_pep_conf
|
||||
target: /etc/nginx/templates/default.conf.template
|
||||
- source: cdn_pep_baseconf
|
||||
target: /etc/nginx/nginx.conf
|
||||
- source: cdn_pep
|
||||
target: /etc/nginx/pep.js
|
||||
- source: cdn_pepconfig
|
||||
target: /etc/nginx/config.js
|
||||
|
||||
|
||||
d4s-cdn:
|
||||
image: nubisware/d4s-cdn
|
||||
networks:
|
||||
- cdn-network
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 2
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 10s
|
||||
window: 200s
|
||||
configs:
|
||||
- source: cdn_conf
|
||||
target: /opt/app/cdn/conf/d4s-cdn.json
|
||||
- source: cdn_auth_conf
|
||||
target: /opt/app/cdn/conf/auth.json
|
||||
|
||||
networks:
|
||||
cdn-network:
|
||||
|
||||
configs:
|
||||
nginx_router_conf:
|
||||
file: ./conf/router/default.conf
|
||||
|
||||
cdn_pep_conf:
|
||||
file: ./conf/pep/default.conf
|
||||
cdn_pep_baseconf:
|
||||
file: ./conf/pep/nginx.conf
|
||||
cdn_pep:
|
||||
file: ./conf/pep/pep.js
|
||||
cdn_pepconfig:
|
||||
file: ./conf/pep/config.js
|
||||
|
||||
cdn_conf:
|
||||
file: ./conf/service/d4s-cdn.json
|
||||
cdn_auth_conf:
|
||||
file: ./conf/service/auth.json
|
||||
|
Loading…
Reference in New Issue