Dont start Riak in TP/TO GHA

.github/actions/to-integration-tests/.gitignore

@@ -21,5 +21,4 @@ database.conf
 error.log
 localhost.crt
 localhost.key
-riak.conf
 warning.log

.github/actions/to-integration-tests/README.md

@@ -20,7 +20,6 @@
 # to-integration-tests JavaScript action
 This action runs the Traffic Ops Go client integration tests with the Traffic Ops API.
 - Requires an SMTP service (see `smtp_address` input)
-- Provides a Riak server at address `trafficvault.infra.ciab.test`
 
 ## Inputs
 

.github/actions/to-integration-tests/cdn.json

@@ -22,6 +22,20 @@
 		"max_db_connections": 20,
 		"db_conn_max_lifetime_seconds": 60,
 		"db_query_timeout_seconds": 20,
+		"traffic_vault_backend": "postgres",
+		"traffic_vault_config": {
+			"dbname": "traffic_vault",
+			"hostname": "localhost",
+			"user": "traffic_vault",
+			"password": "twelve",
+			"port": 5432,
+			"ssl": false,
+			"conn_max_lifetime_seconds": 60,
+			"max_connections": 500,
+			"max_idle_connections": 30,
+			"query_timeout_seconds": 10,
+			"aes_key_location": "/aes.key"
+		},
 		"supported_ds_metrics": [ "kbps", "tps_total", "tps_2xx", "tps_3xx", "tps_4xx", "tps_5xx" ]
 	},
 	"cors": {

.github/actions/to-integration-tests/entrypoint.sh

@@ -30,48 +30,7 @@ color_and_prefix() {
 }
 
 ciab_dir="${GITHUB_WORKSPACE}/infrastructure/cdn-in-a-box";
-trafficvault=trafficvault;
-start_traffic_vault() {
-	<<-'/ETC/HOSTS' sudo tee --append /etc/hosts
-		172.17.0.1    trafficvault.infra.ciab.test
-	/ETC/HOSTS
-
-	<<-'BASH_LINES' cat >infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-0-standalone-config.sh;
-		TV_FQDN="${TV_HOST}.${INFRA_SUBDOMAIN}.${TLD_DOMAIN}" # Also used in 02-add-search-schema.sh
-		certs_dir=/etc/ssl/certs;
-		X509_INFRA_CERT_FILE="${certs_dir}/trafficvault.crt";
-		X509_INFRA_KEY_FILE="${certs_dir}/trafficvault.key";
-
-		# Generate x509 certificate
-		openssl req -new -x509 -nodes -newkey rsa:4096 -out "$X509_INFRA_CERT_FILE" -keyout "$X509_INFRA_KEY_FILE" -subj "/CN=${TV_FQDN}";
-
-		# Do not wait for CDN in a Box to generate SSL keys
-		sed -i '0,/^update-ca-certificates/d' /etc/riak/prestart.d/00-config.sh;
-
-		# Do not try to source to-access.sh
-		sed -i '/to-access\.sh\|^to-enroll/d' /etc/riak/{prestart.d,poststart.d}/*
-	BASH_LINES
-
-	DOCKER_BUILDKIT=1 docker build "$ciab_dir" -f "${ciab_dir}/traffic_vault/Dockerfile" -t "$trafficvault" 2>&1 |
-		color_and_prefix "$gray_bg" "building Traffic Vault";
-	if [[ -n "$(docker ps -qf "name=^${trafficvault}")" ]]; then
-		echo 'Traffic Vault is already running.'
-		return;
-	fi;
-	echo 'Starting Traffic Vault...';
-	docker run \
-		--detach \
-		--env-file="${ciab_dir}/variables.env" \
-		--hostname="${trafficvault}.infra.ciab.test" \
-		--name="$trafficvault" \
-		--publish=8087:8087 \
-		--rm \
-		"$trafficvault" \
-		/usr/lib/riak/riak-cluster.sh;
-	docker logs -f "$trafficvault" 2>&1 >"${ciab_dir}/traffic.vault.logs";
-}
-truncate -s0 "${ciab_dir}/traffic.vault.logs";
-start_traffic_vault & disown
+openssl rand 32 | base64 | sudo tee /aes.key
 
 sudo apt-get install -y --no-install-recommends gettext
 
@@ -151,10 +110,9 @@ envsubst <"${resources}/cdn.json" >cdn.conf
 cp "${resources}/database.json" database.conf
 
 export $(<"${ciab_dir}/variables.env" sed '/^#/d') # defines TV_ADMIN_USER/PASSWORD
-envsubst <"${resources}/riak.json" >riak.conf
 
 truncate --size=0 traffic.ops.log # Removes output from previous API versions and makes sure files exist
-./traffic_ops_golang --cfg ./cdn.conf --dbcfg ./database.conf -riakcfg riak.conf &
+./traffic_ops_golang --cfg ./cdn.conf --dbcfg ./database.conf &
 
 cd "../testing/api/v$INPUT_VERSION"
 

.github/actions/tp-integration-tests/README.md

@@ -20,7 +20,6 @@
 # tp-integration-tests javascript action
 this action runs the traffic portal integration tests
 - requires an smtp service (see `smtp_address` input)
-- provides a riak server at address `trafficvault.infra.ciab.test`
 
 ## inputs
 

.github/actions/tp-integration-tests/cdn.json

@@ -22,6 +22,20 @@
 		"max_db_connections": 20,
 		"db_conn_max_lifetime_seconds": 60,
 		"db_query_timeout_seconds": 20,
+		"traffic_vault_backend": "postgres",
+		"traffic_vault_config": {
+			"dbname": "traffic_vault",
+			"hostname": "localhost",
+			"user": "traffic_vault",
+			"password": "twelve",
+			"port": 5432,
+			"ssl": false,
+			"conn_max_lifetime_seconds": 60,
+			"max_connections": 500,
+			"max_idle_connections": 30,
+			"query_timeout_seconds": 10,
+			"aes_key_location": "/aes.key"
+		},
 		"supported_ds_metrics": [ "kbps", "tps_total", "tps_2xx", "tps_3xx", "tps_4xx", "tps_5xx" ]
 	},
 	"cors": {

.github/actions/tp-integration-tests/entrypoint.sh

@@ -21,10 +21,6 @@ onFail() {
   if ! [[ -d Reports ]]; then
     mkdir Reports;
   fi
-  if [[ -f tv.log ]]; then
-    cp tv.log Reports/traffic_vault.docker.log;
-  fi
-	docker logs "$trafficvault" > Reports/traffic_vault.log 2>&1;
   if [[ -f tp.log ]]; then
     mv tp.log Reports/forever.log
   fi
@@ -61,13 +57,6 @@ export PGHOST="localhost"
 export PGDATABASE="traffic_ops"
 export PGPORT="5432"
 
-# For TV Setup
-DIVISION="adivision"
-REGION="aregion"
-PHYS="aloc"
-COORD="acoord"
-CDN="zcdn"
-CG="acg"
 to_admin_username="$(jq -r '.params.login.username' "${GITHUB_WORKSPACE}/traffic_portal/test/integration/config.json")"
 to_admin_password="$(jq -r '.params.login.password' "${GITHUB_WORKSPACE}/traffic_portal/test/integration/config.json")"
 password_hash="$(<<PYTHON_COMMANDS PYTHONPATH="${GITHUB_WORKSPACE}/traffic_ops/install/bin" python
@@ -80,71 +69,12 @@ INSERT INTO tm_user (username, role, tenant_id, local_passwd)
   VALUES ('${to_admin_username}', 1, 1,
     '${password_hash}'
   );
-INSERT INTO division(name) VALUES('${DIVISION}');
-INSERT INTO region(name, division) VALUES('${REGION}', 1);
-INSERT INTO phys_location(name, short_name, region, address, city, state, zip)
-  VALUES('${PHYS}', '${PHYS}', 1, 'some place idk', 'Denver', 'CO', '88888');
-INSERT INTO coordinate(name) VALUES('${COORD}');
-INSERT INTO cdn(name, domain_name) VALUES('${CDN}', 'infra.ciab.test');
-WITH TYPE AS (SELECT id FROM type WHERE name = 'TC_LOC')
-INSERT INTO cachegroup(name, short_name, type, coordinate)
-SELECT '${CG}', '${CG}', TYPE.id, 1
-FROM TYPE;
-
-WITH TYPE AS (SELECT id FROM type WHERE name = 'RIAK'),
-PROFILE AS (SELECT id FROM profile WHERE name = 'RIAK_ALL'),
-STATUS AS (SELECT id FROM status WHERE name = 'ONLINE'),
-PHYS AS (SELECT id FROM phys_location WHERE name = '${PHYS}'),
-CDN AS (SELECT id FROM cdn WHERE name = '${CDN}'),
-CG AS (SELECT id from cachegroup WHERE name = '${CG}')
-INSERT INTO server(host_name, domain_name, cachegroup, type, status, profile, phys_location, cdn_id)
-SELECT 'trafficvault', 'infra.ciab.test', CG.ID, TYPE.id, STATUS.id, PROFILE.id, PHYS.id, CDN.id
-FROM TYPE
-JOIN STATUS ON 1=1
-JOIN PROFILE ON 1=1
-JOIN PHYS ON 1=1
-JOIN CDN ON 1=1
-JOIN CG ON 1=1;
 QUERY
 
 sudo useradd trafops
 
 ciab_dir="${GITHUB_WORKSPACE}/infrastructure/cdn-in-a-box";
-trafficvault=trafficvault;
-start_traffic_vault() {
-	<<-'/ETC/HOSTS' sudo tee --append /etc/hosts
-		172.17.0.1    trafficvault.infra.ciab.test
-	/ETC/HOSTS
-
-	<<-'BASH_LINES' cat >infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-0-standalone-config.sh;
-		TV_FQDN="${TV_HOST}.${INFRA_SUBDOMAIN}.${TLD_DOMAIN}" # Also used in 02-add-search-schema.sh
-		certs_dir=/etc/ssl/certs;
-		X509_INFRA_CERT_FILE="${certs_dir}/trafficvault.crt";
-		X509_INFRA_KEY_FILE="${certs_dir}/trafficvault.key";
-
-		# Generate x509 certificate
-		openssl req -new -x509 -nodes -newkey rsa:4096 -out "$X509_INFRA_CERT_FILE" -keyout "$X509_INFRA_KEY_FILE" -subj "/CN=${TV_FQDN}";
-
-		# Do not wait for CDN in a Box to generate SSL keys
-		sed -i '0,/^update-ca-certificates/d' /etc/riak/prestart.d/00-config.sh;
-
-		# Do not try to source to-access.sh
-		sed -i '/to-access\.sh\|^to-enroll/d' /etc/riak/{prestart.d,poststart.d}/*
-	BASH_LINES
-
-	DOCKER_BUILDKIT=1 docker build "$ciab_dir" -f "${ciab_dir}/traffic_vault/Dockerfile" -t "$trafficvault" >/dev/null
-	echo 'Starting Traffic Vault...';
-	docker run \
-		--detach \
-		--env-file="${ciab_dir}/variables.env" \
-		--hostname="${trafficvault}.infra.ciab.test" \
-		--name="$trafficvault" \
-		--publish=8087:8087 \
-		--rm \
-		"$trafficvault" \
-		/usr/lib/riak/riak-cluster.sh
-}
-start_traffic_vault >tv.log 2>&1 &
+openssl rand 32 | base64 | sudo tee /aes.key
 
 sudo apt-get install -y --no-install-recommends gettext \
 	ruby ruby-dev libc-dev curl \
@@ -181,10 +111,9 @@ to_build() {
   cp "${resources}/database.json" database.conf
 
   export $(<"${ciab_dir}/variables.env" sed '/^#/d') # defines TV_ADMIN_USER/PASSWORD
-  envsubst <"${resources}/riak.json" >riak.conf
   truncate -s0 out.log
 
-  ./traffic_ops_golang --cfg ./cdn.conf --dbcfg ./database.conf -riakcfg riak.conf >out.log 2>&1 &
+  ./traffic_ops_golang --cfg ./cdn.conf --dbcfg ./database.conf >out.log 2>&1 &
   popd
 }
 

.github/actions/tvdb-init/Dockerfile

@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# alpine:3.13
+FROM alpine@sha256:08d6ca16c60fe7490c03d10dc339d9fd8ea67c6466dea8d558526b1330a85930
+
+RUN architecture=$(uname -m) && \
+    mkdir lib64 && \
+    # Use musl libc where the go binary expects glibc
+    # Less-generalized: ln -s /lib/ld-musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
+    ln -s /lib/ld-musl-${architecture}.so.[0-9] /lib64/ld-linux-${architecture//_/-}.so.2
+ENV GOROOT=/usr/local/go \
+    CGO_ENABLED=0
+
+COPY entrypoint.sh dbconf.yml /
+
+ENTRYPOINT /entrypoint.sh

.github/actions/tvdb-init/README.md

@@ -0,0 +1,50 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+# tvdb-init Docker action
+This action initializes a Traffic Vault database in a locally running PostgresQL
+instance. It creates the `traffic_vault` user and database.
+
+## Outputs
+
+### `exit-code`
+1 if the database initialized successfully.
+
+## Example usage
+```yaml
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:11.9
+        env:
+          POSTGRES_USER: traffic_ops
+          POSTGRES_PASSWORD: twelve
+          POSTGRES_DB: traaffic_ops
+        ports:
+        - 5432:5432
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@master
+      - name: ./.github/actions/tvdb-init
+```

.github/actions/tvdb-init/action.yml

@@ -0,0 +1,22 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: 'tvdb-init'
+description: 'Initializes a Traffic Vault database using a local PostgreSQL instance'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'

.github/actions/tvdb-init/dbconf.yml

@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+version: "1.0"
+name: dbconf.yml
+
+test:
+  driver: postgres
+  open: host=postgres port=5432 user=traffic_vault password=twelve dbname=traffic_vault sslmode=disable
+