first share

This commit is contained in:
dcore94 2022-01-05 17:40:21 +01:00
parent 7ba5f20cd4
commit ae97ef3497
8 changed files with 290 additions and 0 deletions

67
conf/pep/config.js.j2 Normal file
View File

@ -0,0 +1,67 @@
export default { config };
var config = {
"pep-credentials" : "{{pep_credentials}}",
"hosts" : [
{
"host": "cdn-pep",
"audience" : "d4science-cdn",
"allow-basic-auth" : false,
"paths" : [
{
"name" : "Default Resource",
"path" : "^/config/d4s-cdn/.+$",
"methods" : [
{
"method" : "GET",
"scopes" : ["get"]
}
]
},
{
"name" : "Default Resource",
"path" : "^/visuals/d4s-cdn/.*$",
"methods" : [
{
"method" : "GET"
}
]
},
{
"name" : "Default Resource",
"path" : "^/d4s-cdn/.+$",
"methods" : [
{
"method" : "GET"
}
]
},
{
"name" : "Default Resource",
"path" : "^/services/d4s-cdn/.*$",
"methods" : [
{
"method" : "OPTIONS"
},
{
"method" : "POST"
},
{
"method" : "HEAD"
},
{
"method" : "PUT"
},
{
"method" : "DELETE"
},
{
"method" : "GET"
}
]
}
]
}
]
}

71
conf/router/default.conf Normal file
View File

@ -0,0 +1,71 @@
server {
listen *:80;
listen [::]:80;
# this is the internal Docker DNS, cache only for 30s
resolver 127.0.0.11 valid=30s;
server_name cdn.dev.d4science.org;
location /health {
add_header Content-Length 0;
add_header Content-Type "text/plain";
return 200;
}
#add one such location for all new cdn islands
location ~ /.*/d4s-cdn/ {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
add_header Content-Type text/plain;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
add_header Content-Length 0;
return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
# use dynamic setting of upstream so that router can be started also when not all backend cdn services are deployed
set $upstream cdn-pep;
proxy_pass http://$upstream;
}
location ~* .*/d4s-vre-manager/ {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
add_header Content-Type text/plain;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
add_header Content-Length 0;
return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
set $upstream d4s-vre-manager-pep;
proxy_pass http://$upstream;
}
location ~* .*/d4s-navigation/ {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
add_header Content-Type text/plain;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
add_header Content-Length 0;
return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept, Origin";
set $upstream d4s-navigation-pep;
proxy_pass http://$upstream;
}
}

13
conf/secrets.yaml Normal file
View File

@ -0,0 +1,13 @@
$ANSIBLE_VAULT;1.2;AES256;cdn123
34616537363232663933616666383734356430656137666236636235623539323431306165306663
3035373262386465613561343036386233316466333032350a636533613530393766666163653562
66326664323665613262343737363637353632616464643636666438626662336437306263633338
3266303461393731610a633939313530366266613431626136333636353638396230663236356134
62326462363234613364393030336439386239643766613233323730373338343137643338373231
62393432303163376461666434386336323836633738626536386163353536363737356662366239
33333836353636326232656165613833376463343034376366646636353463393038636236343637
35363135323961616631346639646338656132363961343639656532333335363636306462363165
64356132626234363231363166643030653965623139393365636235613734646431613538653763
65663465643930313735623262306162656362393162346464623731646361653864343466376538
66393135663732663661323039626539353230616362353736326138383535613462663062626339
32663431346561636339

13
conf/service/auth.json.j2 Normal file
View File

@ -0,0 +1,13 @@
{
"keycloakurl" : "https://accounts.dev.d4science.org",
"keycloakrealm" : "d4science",
"clientid" : "d4science-example-wp",
"client_redirect_uri" : "http://d4science-cdn-public/d4s-cdn/auth/oidc-callback",
"user-manager-client-id" : "orchestrator",
"user-manager-client-secret" : "{{ user_manager_client_secret }}"
}

View File

@ -0,0 +1,8 @@
{
"d4science_realm" : "d4science",
"d4science_iam_base" : "https://accounts.dev.d4science.org/auth",
"d4science_cdn_base" : "http://cdn.dev.d4science.org",
"gateways" : {
"/gcube/devsec" : ["d4science-example-wp"]
}
}

12
images/Dockerfile Normal file
View File

@ -0,0 +1,12 @@
### 1. Get muscle classic
FROM nubisware/muscle-classic:latest
# 2. Install applicative fibers
ADD .muscle/ /root/.muscle/
RUN git fiber install -p G3 -n d4s-cdn \
&& git service create -n cdn -w auth -w utils -w config -w error -w utils -w inspect -w resources -w d4s-cdn --debug \
&& rm -rf /root/.muscle
WORKDIR cdn
EXPOSE 8984
ENTRYPOINT ./start.sh

25
site.yaml Normal file
View File

@ -0,0 +1,25 @@
---
- hosts: localhost
vars_files:
- conf/secrets.yaml
vars:
infrastructure: "local"
dry: false
tasks:
- name: Patch PEP config
template:
src: "conf/pep/config.js.j2"
dest: "conf/pep/config.js"
- name: Patch service auth config
template:
src: "conf/service/auth.json.j2"
dest: "conf/service/auth.json"
- name: Start swarm
docker_stack:
name: 'cdn-{{ infrastructure }}'
state: present
compose:
- "swarm.yaml"
when: dry is not defined or not dry|bool

81
swarm.yaml Normal file
View File

@ -0,0 +1,81 @@
version: '3.6'
services:
cdn-router-dev:
image: nginx:stable-alpine
networks:
- cdn-network
ports:
- "80:80"
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
window: 120s
configs:
- source: nginx_router_conf
target: /etc/nginx/templates/default.conf.template
cdn-pep:
image: nginx:stable-alpine
networks:
- cdn-network
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
window: 120s
configs:
- source: cdn_pep_conf
target: /etc/nginx/templates/default.conf.template
- source: cdn_pep_baseconf
target: /etc/nginx/nginx.conf
- source: cdn_pep
target: /etc/nginx/pep.js
- source: cdn_pepconfig
target: /etc/nginx/config.js
d4s-cdn:
image: nubisware/d4s-cdn
networks:
- cdn-network
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
window: 200s
configs:
- source: cdn_conf
target: /opt/app/cdn/conf/d4s-cdn.json
- source: cdn_auth_conf
target: /opt/app/cdn/conf/auth.json
networks:
cdn-network:
configs:
nginx_router_conf:
file: ./conf/router/default.conf
cdn_pep_conf:
file: ./conf/pep/default.conf
cdn_pep_baseconf:
file: ./conf/pep/nginx.conf
cdn_pep:
file: ./conf/pep/pep.js
cdn_pepconfig:
file: ./conf/pep/config.js
cdn_conf:
file: ./conf/service/d4s-cdn.json
cdn_auth_conf:
file: ./conf/service/auth.json