From 76bf1a5549175184c78cb255dcafd3f73f24f047 Mon Sep 17 00:00:00 2001 From: mattjackson220 Date: Tue, 5 Oct 2021 10:27:35 -0600 Subject: [PATCH 1/4] Removed Riak from default CiaB --- .github/workflows/tp.integration.tests.yml | 4 +- .github/workflows/traffic-ops.yml | 4 +- CHANGELOG.md | 1 + infrastructure/cdn-in-a-box/.gitignore | 2 +- infrastructure/cdn-in-a-box/README.md | 7 --- .../docker-compose.expose-ports.yml | 5 -- .../cdn-in-a-box/docker-compose.yml | 19 ------- ...ker-compose.traffic-vault.expose-ports.yml | 28 ++++++++++ .../optional/docker-compose.traffic-vault.yml | 56 +++++++++++++++++++ .../{ => optional}/traffic_vault/Dockerfile | 0 .../poststart.d/00-enable-security.sh | 0 .../poststart.d/01-add-search-group.sh | 0 .../poststart.d/02-add-search-schema.sh | 0 .../traffic_vault/prestart.d/00-config.sh | 0 .../{ => optional}/traffic_vault/run.sh | 0 .../{ => optional}/traffic_vault/sslkeys.xml | 0 infrastructure/cdn-in-a-box/variables.env | 4 +- 17 files changed, 92 insertions(+), 38 deletions(-) create mode 100644 infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml create mode 100644 infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml rename infrastructure/cdn-in-a-box/{ => optional}/traffic_vault/Dockerfile (100%) rename infrastructure/cdn-in-a-box/{ => optional}/traffic_vault/poststart.d/00-enable-security.sh (100%) rename infrastructure/cdn-in-a-box/{ => optional}/traffic_vault/poststart.d/01-add-search-group.sh (100%) rename infrastructure/cdn-in-a-box/{ => optional}/traffic_vault/poststart.d/02-add-search-schema.sh (100%) rename infrastructure/cdn-in-a-box/{ => optional}/traffic_vault/prestart.d/00-config.sh (100%) rename infrastructure/cdn-in-a-box/{ => optional}/traffic_vault/run.sh (100%) rename infrastructure/cdn-in-a-box/{ => optional}/traffic_vault/sslkeys.xml (100%) diff --git a/.github/workflows/tp.integration.tests.yml b/.github/workflows/tp.integration.tests.yml index 4958a180a8..03caaaf282 100644 --- a/.github/workflows/tp.integration.tests.yml +++ b/.github/workflows/tp.integration.tests.yml @@ -29,7 +29,7 @@ on: - .github/actions/tp-integration-tests/** - .github/workflows/tp.integration.tests.yml - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go @@ -42,7 +42,7 @@ on: - .github/actions/tp-integration-tests/** - .github/workflows/tp.integration.tests.yml - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go diff --git a/.github/workflows/traffic-ops.yml b/.github/workflows/traffic-ops.yml index 6114aebc41..43cb6f5a62 100644 --- a/.github/workflows/traffic-ops.yml +++ b/.github/workflows/traffic-ops.yml @@ -31,7 +31,7 @@ on: - go.mod - go.sum - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go @@ -47,7 +47,7 @@ on: - go.mod - go.sum - GO_VERSION - - infrastructure/cdn-in-a-box/traffic_vault/** + - infrastructure/cdn-in-a-box/optional/traffic_vault/** - traffic_ops/*client/**.go - traffic_ops/testing/api/**.go - traffic_ops/traffic_ops_golang/**.go diff --git a/CHANGELOG.md b/CHANGELOG.md index c11cc526fe..978af74f70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). ### Changed - Updated `t3c` to request less unnecessary deliveryservice-server assignment and invalidation jobs data via new query params supported by Traffic Ops - [#6179](https://github.com/apache/trafficcontrol/issues/6179) Updated the Traffic Ops rpm to include the `ToDnssecRefresh` binary and make the `trafops_dnssec_refresh` cron job use it +- [#5927](https://github.com/apache/trafficcontrol/issues/5927) Updated CDN-in-a-Box to not run a Riak container by default but instead only run it if the optional flag is provided. ### Deprecated diff --git a/infrastructure/cdn-in-a-box/.gitignore b/infrastructure/cdn-in-a-box/.gitignore index b903ca7f1e..61a7c54a75 100644 --- a/infrastructure/cdn-in-a-box/.gitignore +++ b/infrastructure/cdn-in-a-box/.gitignore @@ -19,4 +19,4 @@ /cache/ATS_VERSION /optional/vpn/vpnca /traffic_ops/ca -/traffic_vault/prestart.d/00-0-standalone-config.sh +/optional/traffic_vault/prestart.d/00-0-standalone-config.sh diff --git a/infrastructure/cdn-in-a-box/README.md b/infrastructure/cdn-in-a-box/README.md index 9797c1b615..1f5a9ad803 100644 --- a/infrastructure/cdn-in-a-box/README.md +++ b/infrastructure/cdn-in-a-box/README.md @@ -159,13 +159,6 @@ show you the default UI for interacting with the CDN - Traffic Portal. > Web interfaces on ports 3080 (HTTP) and 3443 (HTTPS), with a DNS service on 53 and an API on 3333 > N/A > N/A -> -> -> Traffic Vault -> Riak key-value store on port 8010 -> TV_ADMIN_USER in variables.env -> TV_ADMIN_PASSWORD in variables.env -> > > > diff --git a/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml b/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml index b45b52de85..b827ff5f9c 100644 --- a/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml +++ b/infrastructure/cdn-in-a-box/docker-compose.expose-ports.yml @@ -47,11 +47,6 @@ services: influxdb: ports: - "8086:8086" - trafficvault: - ports: - - "8087:8087" - - "8088:8088" - - "8098:8098" edge: ports: - "9000:80" diff --git a/infrastructure/cdn-in-a-box/docker-compose.yml b/infrastructure/cdn-in-a-box/docker-compose.yml index 6533fefc08..1bdb3c5470 100644 --- a/infrastructure/cdn-in-a-box/docker-compose.yml +++ b/infrastructure/cdn-in-a-box/docker-compose.yml @@ -163,25 +163,6 @@ services: volumes: - shared:/shared - # trafficvault runs a riak container to store private keys - trafficvault: - build: - context: . - dockerfile: traffic_vault/Dockerfile - depends_on: - - enroller - environment: - - CLUSTER_NAME=trafficvault - labels: - - "com.basho.riak.cluster.name=trafficvault" - volumes: - - schemas:/etc/riak/schemas - - shared:/shared - domainname: infra.ciab.test - env_file: - - variables.env - hostname: trafficvault - # edge cache edge: build: diff --git a/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml new file mode 100644 index 0000000000..aaa8fb196d --- /dev/null +++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.expose-ports.yml @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# Expose the trafficvault container on the host on ports 8087, 8088, and 8098 + +--- +version: '2.1' + +services: + trafficvault: + ports: + - "8087:8087" + - "8088:8088" + - "8098:8098" diff --git a/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml new file mode 100644 index 0000000000..4b5f590347 --- /dev/null +++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml @@ -0,0 +1,56 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +# This compose file will runs a riak container to store private keys. +# +# Below is an example of how to run the main compose with this file: +# +# docker-compose -f docker-compose.yml -f optional/docker-compose.traffic-vault.yml up +# + +--- +version: '2.1' + +services: + trafficvault: + build: + context: "" + dockerfile: optional/traffic_vault/Dockerfile + depends_on: + - enroller + environment: + - CLUSTER_NAME=trafficvault + labels: + - "com.basho.riak.cluster.name=trafficvault" + volumes: + - schemas:/etc/riak/schemas + - shared:/shared + domainname: infra.ciab.test + env_file: + - variables.env + hostname: trafficvault + ports: + - "8087:8087" + - "8088:8088" + - "8098:8098" + +volumes: + schemas: + external: false + shared: + external: false diff --git a/infrastructure/cdn-in-a-box/traffic_vault/Dockerfile b/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/Dockerfile rename to infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/00-enable-security.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/00-enable-security.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/00-enable-security.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/00-enable-security.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/01-add-search-group.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/01-add-search-group.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/01-add-search-group.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/01-add-search-group.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/poststart.d/02-add-search-schema.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/02-add-search-schema.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/poststart.d/02-add-search-schema.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/poststart.d/02-add-search-schema.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-config.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/prestart.d/00-config.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/prestart.d/00-config.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/prestart.d/00-config.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/run.sh b/infrastructure/cdn-in-a-box/optional/traffic_vault/run.sh similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/run.sh rename to infrastructure/cdn-in-a-box/optional/traffic_vault/run.sh diff --git a/infrastructure/cdn-in-a-box/traffic_vault/sslkeys.xml b/infrastructure/cdn-in-a-box/optional/traffic_vault/sslkeys.xml similarity index 100% rename from infrastructure/cdn-in-a-box/traffic_vault/sslkeys.xml rename to infrastructure/cdn-in-a-box/optional/traffic_vault/sslkeys.xml diff --git a/infrastructure/cdn-in-a-box/variables.env b/infrastructure/cdn-in-a-box/variables.env index 5d241f485f..eda91da214 100644 --- a/infrastructure/cdn-in-a-box/variables.env +++ b/infrastructure/cdn-in-a-box/variables.env @@ -15,7 +15,7 @@ # specific language governing permissions and limitations # under the License. TV_AES_KEY_LOCATION=/opt/traffic_ops/app/conf/aes.key -# Unset TV_BACKEND to use riak as the traffic_vault backend +# Unset TV_BACKEND to use riak as the traffic_vault backend and run the traffic_vault image from the optional directory TV_BACKEND=postgres TLD_DOMAIN=ciab.test INFRA_SUBDOMAIN=infra @@ -131,6 +131,6 @@ TV_HTTP_PORT=8098 TV_HTTPS_PORT=8088 ENROLLER_DIR=/shared/enroller AUTO_SNAPQUEUE_ENABLED=true -AUTO_SNAPQUEUE_SERVERS=trafficops,trafficmonitor,trafficrouter,trafficvault,edge,mid-01,mid-02 +AUTO_SNAPQUEUE_SERVERS=trafficops,trafficmonitor,trafficrouter,edge,mid-01,mid-02 AUTO_SNAPQUEUE_POLL_INTERVAL=2 AUTO_SNAPQUEUE_ACTION_WAIT=2 From 05efd67579650cbb3cb4ba5647c4481a2bda5ecc Mon Sep 17 00:00:00 2001 From: mattjackson220 Date: Tue, 5 Oct 2021 12:18:34 -0600 Subject: [PATCH 2/4] removed trafficvault from github action --- .github/actions/run-ciab/run-ciab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/run-ciab/run-ciab.sh b/.github/actions/run-ciab/run-ciab.sh index ba7f1d07b2..80c0e6631c 100755 --- a/.github/actions/run-ciab/run-ciab.sh +++ b/.github/actions/run-ciab/run-ciab.sh @@ -28,7 +28,7 @@ store_ciab_logs() { cd infrastructure/cdn-in-a-box; logged_services='trafficrouter readiness'; -other_services='dns edge enroller mid-01 mid-02 origin static trafficmonitor trafficops trafficstats trafficvault'; +other_services='dns edge enroller mid-01 mid-02 origin static trafficmonitor trafficops trafficstats'; docker_compose='docker-compose -f ./docker-compose.yml -f ./docker-compose.readiness.yml'; $docker_compose up -d $logged_services $other_services; $docker_compose logs -f $logged_services & From 26760f09fc5aa3169420df700b0442cb7234db09 Mon Sep 17 00:00:00 2001 From: mattjackson220 Date: Tue, 5 Oct 2021 15:25:07 -0600 Subject: [PATCH 3/4] updated per comments --- .../cdn-in-a-box/optional/docker-compose.traffic-vault.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml index 4b5f590347..1e8ae568f0 100644 --- a/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml +++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml @@ -44,10 +44,6 @@ services: env_file: - variables.env hostname: trafficvault - ports: - - "8087:8087" - - "8088:8088" - - "8098:8098" volumes: schemas: From cb53a900d88105e47ffa50206b71edc88b9d598d Mon Sep 17 00:00:00 2001 From: mattjackson220 Date: Thu, 7 Oct 2021 12:55:46 -0600 Subject: [PATCH 4/4] updated Dockerfile and added wait for vault before creating DSes --- .../optional/docker-compose.traffic-vault.yml | 2 -- .../cdn-in-a-box/optional/traffic_vault/Dockerfile | 8 ++++---- infrastructure/cdn-in-a-box/traffic_ops/to-access.sh | 5 +++++ .../cdn-in-a-box/traffic_ops/trafficops-init.sh | 8 ++++++++ 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml index 1e8ae568f0..c6ad2efc6a 100644 --- a/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml +++ b/infrastructure/cdn-in-a-box/optional/docker-compose.traffic-vault.yml @@ -31,8 +31,6 @@ services: build: context: "" dockerfile: optional/traffic_vault/Dockerfile - depends_on: - - enroller environment: - CLUSTER_NAME=trafficvault labels: diff --git a/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile b/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile index ed08908b51..7583e75a48 100644 --- a/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile +++ b/infrastructure/cdn-in-a-box/optional/traffic_vault/Dockerfile @@ -27,11 +27,11 @@ RUN echo 'APT::Install-Recommends 0;' >> /etc/apt/apt.conf.d/01norecommends \ && DEBIAN_FRONTEND=noninteractive apt-get install -y net-tools ca-certificates dnsutils gettext-base \ && rm -rf /var/lib/apt/lists/* && rm -rf /etc/apt/apt.conf.d/docker-gzip-indexes -ADD traffic_vault/prestart.d/* /etc/riak/prestart.d/ -ADD traffic_vault/poststart.d/* /etc/riak/poststart.d/ +ADD optional/traffic_vault/prestart.d/* /etc/riak/prestart.d/ +ADD optional/traffic_vault/poststart.d/* /etc/riak/poststart.d/ ADD enroller/server_template.json \ - traffic_vault/run.sh \ - traffic_vault/sslkeys.xml \ + optional/traffic_vault/run.sh \ + optional/traffic_vault/sslkeys.xml \ traffic_ops/to-access.sh \ / diff --git a/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh b/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh index c70e3ca40a..0eab594fc0 100755 --- a/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh +++ b/infrastructure/cdn-in-a-box/traffic_ops/to-access.sh @@ -90,6 +90,11 @@ CREDS fi } +tv-ping() { + to-auth && \ + curl $CURLAUTH $CURLOPTS --cookie "$COOKIEJAR" -X GET "$TO_URL/api/$TO_API_VERSION/vault/ping" +} + to-ping() { # ping endpoint does not require authentication curl $CURLAUTH $CURLOPTS -X GET "$TO_URL/api/$TO_API_VERSION/ping" diff --git a/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh b/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh index 7ab3b35b0b..851be011c5 100755 --- a/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh +++ b/infrastructure/cdn-in-a-box/traffic_ops/trafficops-init.sh @@ -108,6 +108,14 @@ load_data_from() { touch "$ENROLLER_DIR/initial-load-done" sync fi + if [[ "$d" = 'deliveryservices' ]]; then + # Traffic Vault must be accepting connections before enroller can start + until tv-ping; do + echo "Waiting for Traffic Vault to accept connections" + sleep 5 + done + fi + [[ -d $d ]] || continue for f in $(find "$d" -name "*.json" -type f); do echo "Loading $f"