You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by ra...@apache.org on 2021/10/07 22:59:10 UTC
[trafficcontrol] branch master updated: Removed Riak from default
CiaB (#6252)
This is an automated email from the ASF dual-hosted git repository.
rawlin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new b9f8877 Removed Riak from default CiaB (#6252)
b9f8877 is described below
commit b9f88770336f0f333be27233f129041313cc7d23
Author: mattjackson220 <33...@users.noreply.github.com>
AuthorDate: Thu Oct 7 16:59:00 2021 -0600
Removed Riak from default CiaB (#6252)
* Removed Riak from default CiaB
* removed trafficvault from github action
* updated per comments
* updated Dockerfile and added wait for vault before creating DSes
---
.github/actions/run-ciab/run-ciab.sh | 2 +-
.github/workflows/tp.integration.tests.yml | 4 +--
.github/workflows/traffic-ops.yml | 4 +--
CHANGELOG.md | 1 +
infrastructure/cdn-in-a-box/.gitignore | 2 +-
infrastructure/cdn-in-a-box/README.md | 7 ----
.../cdn-in-a-box/docker-compose.expose-ports.yml | 5 ---
infrastructure/cdn-in-a-box/docker-compose.yml | 19 ----------
.../docker-compose.traffic-vault.expose-ports.yml} | 16 ++++++---
.../docker-compose.traffic-vault.yml} | 41 ++++++++++++++++------
.../{ => optional}/traffic_vault/Dockerfile | 8 ++---
.../poststart.d/00-enable-security.sh | 0
.../poststart.d/01-add-search-group.sh | 0
.../poststart.d/02-add-search-schema.sh | 0
.../traffic_vault/prestart.d/00-config.sh | 0
.../{ => optional}/traffic_vault/run.sh | 0
.../{ => optional}/traffic_vault/sslkeys.xml | 0
.../cdn-in-a-box/traffic_ops/to-access.sh | 5 +++
.../cdn-in-a-box/traffic_ops/trafficops-init.sh | 8 +++++
infrastructure/cdn-in-a-box/variables.env | 4 +--
20 files changed, 68 insertions(+), 58 deletions(-)
diff --git a/.github/actions/run-ciab/run-ciab.sh b/.github/actions/run-ciab/run-ciab.sh
index ba7f1d0..80c0e66 100755
--- a/.github/actions/run-ciab/run-ciab.sh
+++ b/.github/actions/run-ciab/run-ciab.sh
@@ -28,7 +28,7 @@ store_ciab_logs() {
cd infrastructure/cdn-in-a-box;
logged_services='trafficrouter readiness';
-other_services='dns edge enroller mid-01 mid-02 origin static trafficmonitor trafficops trafficstats trafficvault';
+other_services='dns edge enroller mid-01 mid-02 origin static trafficmonitor trafficops trafficstats';
docker_compose='docker-compose -f ./docker-compose.yml -f ./docker-compose.readiness.yml';
$docker_compose up -d $logged_services $other_services;
$docker_compose logs -f $logged_services &
diff --git a/.github/workflows/tp.integration.tests.yml b/.github/workflows/tp.integration.tests.yml
index 4958a18..03caaaf 100644
--- a/.github/workflows/tp.integration.tests.yml
+++ b/.github/workflows/tp.integration.tests.yml
@@ -29,7 +29,7 @@ on:
- .github/actions/tp-integration-tests/**
- .github/workflows/tp.integration.tests.yml
- GO_VERSION
- - infrastructure/cdn-in-a-box/traffic_vault/**
+ - infrastructure/cdn-in-a-box/optional/traffic_vault/**
- traffic_ops/*client/**.go
- traffic_ops/testing/api/**.go
- traffic_ops/traffic_ops_golang/**.go
@@ -42,7 +42,7 @@ on:
- .github/actions/tp-integration-tests/**
- .github/workflows/tp.integration.tests.yml
- GO_VERSION
- - infrastructure/cdn-in-a-box/traffic_vault/**
+ - infrastructure/cdn-in-a-box/optional/traffic_vault/**
- traffic_ops/*client/**.go
- traffic_ops/testing/api/**.go
- traffic_ops/traffic_ops_golang/**.go
diff --git a/.github/workflows/traffic-ops.yml b/.github/workflows/traffic-ops.yml
index 6114aeb..43cb6f5 100644
--- a/.github/workflows/traffic-ops.yml
+++ b/.github/workflows/traffic-ops.yml
@@ -31,7 +31,7 @@ on:
- go.mod
- go.sum
- GO_VERSION
- - infrastructure/cdn-in-a-box/traffic_vault/**
+ - infrastructure/cdn-in-a-box/optional/traffic_vault/**
- traffic_ops/*client/**.go
- traffic_ops/testing/api/**.go
- traffic_ops/traffic_ops_golang/**.go
@@ -47,7 +47,7 @@ on:
- go.mod
- go.sum
- GO_VERSION
- - infrastructure/cdn-in-a-box/traffic_vault/**
+ - infrastructure/cdn-in-a-box/optional/traffic_vault/**
- traffic_ops/*client/**.go
- traffic_ops/testing/api/**.go
- traffic_ops/traffic_ops_golang/**.go
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0ee97c7..98d8bfb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
### Changed
- Updated `t3c` to request less unnecessary deliveryservice-server assignment and invalidation jobs data via new query params supported by Traffic Ops
- [#6179](https://github.com/apache/trafficcontrol/issues/6179) Updated the Traffic Ops rpm to include the `ToDnssecRefresh` binary and make the `trafops_dnssec_refresh` cron job use it
+- [#5927](https://github.com/apache/trafficcontrol/issues/5927) Updated CDN-in-a-Box to not run a Riak container by default but instead only run it if the optional flag is provided.
### Deprecated
- Deprecated the endpoints and docs associated with `api_capability`.
diff --git a/infrastructure/cdn-in-a-box/.gitignore b/infrastructure/cdn-in-a-box/.gitignore
index b903ca7..61a7c54 100644
--- a/infrastructure/cdn-in-a-box/.gitignore
+++ b/infrastructure/cdn-in-a-box/.gitignore
@@ -19,4 +19,4 @@
/cache/ATS_VERSION
/optional/vpn/vpnca
/traffic_ops/ca
-/traffic_vault/prestart.d/00-0-standalone-config.sh
+/optional/traffic_vault/prestart.d/00-0-standalone-config.sh
diff --git a/infrastructure/cdn-in-a-box/README.md b/infrastructure/cdn-in-a-box/README.md
index 9797c1b..1f5a9ad 100644
--- a/infrastructure/cdn-in-a-box/README.md
+++ b/infrastructure/cdn-in-a-box/README.md
@@ -159,13 +159,6 @@ show you the default UI for interacting with the CDN - Traffic Portal.
> <td align="left">Web interfaces on ports 3080 (HTTP) and 3443 (HTTPS), with a DNS service on 53 and an API on 3333</td>
> <td align="left">N/A</td>
> <td align="left">N/A</td>
-> </tr>
-> <tr class="odd">
-> <td align="left">Traffic Vault</td>
-> <td align="left">Riak key-value store on port 8010</td>
-> <td align="left"><code>TV_ADMIN_USER</code> in variables.env</td>
-> <td align="left"><code>TV_ADMIN_PASSWORD</code> in variables.env</td>
-> </tr>
> </tbody>
> </table>
>
diff --git a/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml b/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml
index b45b52d..b827ff5 100644
--- a/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml
+++ b/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml
@@ -47,11 +47,6 @@ services:
influxdb:
ports:
- "8086:8086"
- trafficvault:
- ports:
- - "8087:8087"
- - "8088:8088"
- - "8098:8098"
edge:
ports:
- "9000:80"
diff --git a/infrastructure/cdn-in-a-box/docker-compose.yml b/infrastructure/cdn-in-a-box/docker-compose.yml
index 6533fef..1bdb3c5 100644
--- a/infrastructure/cdn-in-a-box/docker-compose.yml
+++ b/infrastructure/cdn-in-a-box/docker-compose.yml
@@ -163,25 +163,6 @@ services:
volumes:
- shared:/shared
- # trafficvault runs a riak container to store private keys
- trafficvault:
- build:
- context: .
- dockerfile: traffic_vault/Dockerfile
- depends_on:
- - enroller
- environment:
- - CLUSTER_NAME=trafficvault
- labels:
- - "com.basho.riak.cluster.name=trafficvault"
- volumes:
- - schemas:/etc/riak/schemas
- - shared:/shared
- domainname: infra.ciab.test
- env_file:
- - variables.env
- hostname: trafficvault
-
# edge cache
edge:
build:
diff --git a/infrastructure/cdn-in-a-box/.gitignore b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml
similarity index 80%
copy from infrastructure/cdn-in-a-box/.gitignore
copy to infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml
index b903ca7..aaa8fb1 100644
--- a/infrastructure/cdn-in-a-box/.gitignore
+++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml
@@ -15,8 +15,14 @@
# specific language governing permissions and limitations
# under the License.
#
-*.rpm
-/cache/ATS_VERSION
-/optional/vpn/vpnca
-/traffic_ops/ca
-/traffic_vault/prestart.d/00-0-standalone-config.sh
+# Expose the trafficvault container on the host on ports 8087, 8088, and 8098
+
+---
+version: '2.1'
+
+services:
+ trafficvault:
+ ports:
+ - "8087:8087"
+ - "8088:8088"
+ - "8098:8098"
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/run.sh b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml
old mode 100755
new mode 100644
similarity index 52%
copy from infrastructure/cdn-in-a-box/traffic_vault/run.sh
copy to infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml
index 5585d0c..c6ad2ef
--- a/infrastructure/cdn-in-a-box/traffic_vault/run.sh
+++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml
@@ -1,5 +1,3 @@
-#!/usr/bin/env bash
-
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -16,14 +14,37 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
+#
+#
+# This compose file will runs a riak container to store private keys.
+#
+# Below is an example of how to run the main compose with this file:
+#
+# docker-compose -f docker-compose.yml -f optional/docker-compose.traffic-vault.yml up
+#
-set-dns.sh
-insert-self-into-dns.sh
-
-. /to-access.sh
+---
+version: '2.1'
-TO_URL=https://${TO_FQDN}:${TO_PORT}
-TO_USER=$TV_USER
-TO_PASSWORD=$TV_PASSWORD
+services:
+ trafficvault:
+ build:
+ context: ""
+ dockerfile: optional/traffic_vault/Dockerfile
+ environment:
+ - CLUSTER_NAME=trafficvault
+ labels:
+ - "com.basho.riak.cluster.name=trafficvault"
+ volumes:
+ - schemas:/etc/riak/schemas
+ - shared:/shared
+ domainname: infra.ciab.test
+ env_file:
+ - variables.env
+ hostname: trafficvault
-${RIAK_HOME}/riak-cluster.sh
+volumes:
+ schemas:
+ external: false
+ shared:
+ external: false
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/Dockerfile b/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile
similarity index 87%
rename from infrastructure/cdn-in-a-box/traffic_vault/Dockerfile
rename to infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile
index ed08908..7583e75 100644
--- a/infrastructure/cdn-in-a-box/traffic_vault/Dockerfile
+++ b/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile
@@ -27,11 +27,11 @@ RUN echo 'APT::Install-Recommends 0;' >> /etc/apt/apt.conf.d/01norecommends \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y net-tools ca-certificates dnsutils gettext-base \
&& rm -rf /var/lib/apt/lists/* && rm -rf /etc/apt/apt.conf.d/docker-gzip-indexes
-ADD traffic_vault/prestart.d/* /etc/riak/prestart.d/
-ADD traffic_vault/poststart.d/* /etc/riak/poststart.d/
+ADD optional/traffic_vault/prestart.d/* /etc/riak/prestart.d/
+ADD optional/traffic_vault/poststart.d/* /etc/riak/poststart.d/
ADD enroller/server_template.json \
- traffic_vault/run.sh \
- traffic_vault/sslkeys.xml \
+ optional/traffic_vault/run.sh \
+ optional/traffic_vault/sslkeys.xml \
traffic_ops/to-access.sh \
/
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/00-enable-security.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/00-enable-security.sh
similarity index 100%
rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/00-enable-security.sh
rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/00-enable-security.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/01-add-search-group.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/01-add-search-group.sh
similarity index 100%
rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/01-add-search-group.sh
rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/01-add-search-group.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/02-add-search-schema.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/02-add-search-schema.sh
similarity index 100%
rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/02-add-search-schema.sh
rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/02-add-search-schema.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-config.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/prestart.d/00-config.sh
similarity index 100%
rename from infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-config.sh
rename to infrastructure/cdn-in-a-box/optional/traffic_vault/prestart.d/00-config.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/run.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/run.sh
similarity index 100%
rename from infrastructure/cdn-in-a-box/traffic_vault/run.sh
rename to infrastructure/cdn-in-a-box/optional/traffic_vault/run.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/sslkeys.xml b/infrastructure/cdn-in-a-box/optional/traffic_vault/sslkeys.xml
similarity index 100%
rename from infrastructure/cdn-in-a-box/traffic_vault/sslkeys.xml
rename to infrastructure/cdn-in-a-box/optional/traffic_vault/sslkeys.xml
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh b/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh
index c70e3ca..0eab594 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh
@@ -90,6 +90,11 @@ CREDS
fi
}
+tv-ping() {
+ to-auth && \
+ curl $CURLAUTH $CURLOPTS --cookie "$COOKIEJAR" -X GET "$TO_URL/api/$TO_API_VERSION/vault/ping"
+}
+
to-ping() {
# ping endpoint does not require authentication
curl $CURLAUTH $CURLOPTS -X GET "$TO_URL/api/$TO_API_VERSION/ping"
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh b/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh
index 7ab3b35..851be01 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh
@@ -108,6 +108,14 @@ load_data_from() {
touch "$ENROLLER_DIR/initial-load-done"
sync
fi
+ if [[ "$d" = 'deliveryservices' ]]; then
+ # Traffic Vault must be accepting connections before enroller can start
+ until tv-ping; do
+ echo "Waiting for Traffic Vault to accept connections"
+ sleep 5
+ done
+ fi
+
[[ -d $d ]] || continue
for f in $(find "$d" -name "*.json" -type f); do
echo "Loading $f"
diff --git a/infrastructure/cdn-in-a-box/variables.env b/infrastructure/cdn-in-a-box/variables.env
index 5d241f4..eda91da 100644
--- a/infrastructure/cdn-in-a-box/variables.env
+++ b/infrastructure/cdn-in-a-box/variables.env
@@ -15,7 +15,7 @@
# specific language governing permissions and limitations
# under the License.
TV_AES_KEY_LOCATION=/opt/traffic_ops/app/conf/aes.key
-# Unset TV_BACKEND to use riak as the traffic_vault backend
+# Unset TV_BACKEND to use riak as the traffic_vault backend and run the traffic_vault image from the optional directory
TV_BACKEND=postgres
TLD_DOMAIN=ciab.test
INFRA_SUBDOMAIN=infra
@@ -131,6 +131,6 @@ TV_HTTP_PORT=8098
TV_HTTPS_PORT=8088
ENROLLER_DIR=/shared/enroller
AUTO_SNAPQUEUE_ENABLED=true
-AUTO_SNAPQUEUE_SERVERS=trafficops,trafficmonitor,trafficrouter,trafficvault,edge,mid-01,mid-02
+AUTO_SNAPQUEUE_SERVERS=trafficops,trafficmonitor,trafficrouter,edge,mid-01,mid-02
AUTO_SNAPQUEUE_POLL_INTERVAL=2
AUTO_SNAPQUEUE_ACTION_WAIT=2