Commit e91d3b41 authored by Konstantinos Samaras-Tsakiris's avatar Konstantinos Samaras-Tsakiris
Browse files

Merge branch 'config-over-http' into 'master'

Read config files in configmaps from runtime repo

Closes #38

See merge request !26
parents 265d8307 4784d272
Pipeline #2321347 failed with stages
in 3 minutes and 13 seconds
......@@ -38,7 +38,7 @@ manager: generate fmt vet
# Run against the configured Kubernetes cluster in ~/.kube/config
run: generate fmt vet manifests
go run ./main.go
go run ./main.go --assignable-router-shard=apps-shard-1
# Install CRDs into a cluster
install: manifests kustomize
......
......@@ -66,7 +66,8 @@ type Environment struct {
// +optional
ImageOverride `json:"imageOverride,omitempty"`
// QoSClass specifies the website's performance and availability requirements
// +optional
// +kubebuilder:validation:Enum:=critical;eco;standard
// +kubebuilder:validation:Required
QoSClass `json:"qosClass,omitempty"`
// DBODClass requests a specific kind of DBOD resources for the website. If omitted, it is derived from QoSClass.
// +optional
......
......@@ -19,7 +19,7 @@ rules:
- apiGroups:
- build.openshift.io
resources:
- buildconfig
- buildconfigs
verbs:
- '*'
- apiGroups:
......@@ -27,6 +27,7 @@ rules:
resources:
- persistentvolumeclaims
- services
- configmaps
verbs:
- '*'
- apiGroups:
......@@ -59,7 +60,7 @@ rules:
- apiGroups:
- image.openshift.io
resources:
- imagestream
- imagestreams
verbs:
- '*'
- apiGroups:
......
......@@ -77,6 +77,10 @@ spec:
qosClass:
description: QoSClass specifies the website's performance and
availability requirements
enum:
- critical
- eco
- standard
type: string
required:
- name
......
upstream php {
server unix:/var/run/drupal.sock;
}
server {
#listen 8080 ssl;
listen 8080;
#ssl_certificate /etc/ssl/certs/ca-certificates.crt;
#ssl_certificate_key /etc/ssl/certs/ca-cert-COMODO_Certification_Authority.pem;
#ssl_session_cache shared:SSL:20m;
#ssl_session_timeout 4h;
root /app/web;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Status page of PHP. Commenting to avoid access from outside the cluster
# location = /status {
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_pass php;
# allow all;
# }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
# https://drupal.stackexchange.com/questions/192151/cannot-install-any-theme
rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
# try_files $uri @rewrite; # For Drupal <= 6
try_files $uri /index.php?$query_string; # For Drupal >= 7
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
# In Drupal 8, we must also match new paths where the '.php' appears in
# the middle, such as update.php/selection. The rule we use is strict,
# and only allows this pattern with the update.php front controller.
# This allows legacy path aliases in the form of
# blog/index.php/legacy-path to continue to route to Drupal nodes. If
# you do not have any paths like that, then you might prefer to use a
# laxer rule, such as:
# location ~ \.php(/|$) {
# The laxer rule will continue to work if Drupal uses this new URL
# pattern with front controllers other than update.php in a future
# release.
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
# Security note: If you're running a version of PHP older than the
# latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
# See http://serverfault.com/q/627903/94922 for details.
include fastcgi_params;
# Block httpoxy attacks. See https://httpoxy.org/ .
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
# PHP 5 socket location.
#fastcgi_pass unix:/var/run/php5-fpm.sock;
# PHP 7 socket location.
fastcgi_pass php;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal. Private file's path can come
# with a language prefix.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ^~ /simplesaml {
alias /app/vendor/simplesamlphp/simplesamlphp/www;
location ~ ^(?<prefix>/simplesaml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
include fastcgi_params;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+?\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$phpfile;
fastcgi_param PATH_INFO $pathinfo if_not_empty;
}
}
}
\ No newline at end of file
[mysqld]
max_allowed_packet=200M
[www]
listen = /var/run/drupal.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
catch_workers_output = yes
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
access.log = /proc/self/fd/2
[global]
daemonize = no
\ No newline at end of file
......@@ -931,9 +931,11 @@ func configMapForPHPFPM(d *webservicesv1a1.DrupalSite, log logr.Logger) *corev1.
ls := labelsForDrupalSite(d.Name)
ls["app"] = "php"
content, err := ioutil.ReadFile("config/www.conf")
configPath := "/tmp/qos-" + string(d.Spec.Environment.QoSClass) + "/php-fpm.conf"
content, err := ioutil.ReadFile(configPath)
if err != nil {
log.Error(err, fmt.Sprintf("read failed"))
log.Error(err, fmt.Sprintf("reading PHP-FPM configuration failed"))
return nil
}
......@@ -958,9 +960,11 @@ func configMapForNginx(d *webservicesv1a1.DrupalSite, log logr.Logger) *corev1.C
ls := labelsForDrupalSite(d.Name)
ls["app"] = "nginx"
content, err := ioutil.ReadFile("config/default.conf")
configPath := "/tmp/qos-" + string(d.Spec.Environment.QoSClass) + "/nginx-default.conf"
content, err := ioutil.ReadFile(configPath)
if err != nil {
log.Error(err, fmt.Sprintf("read failed"))
log.Error(err, fmt.Sprintf("reading Nginx configuration failed"))
return nil
}
......@@ -985,9 +989,11 @@ func configMapForMySQL(d *webservicesv1a1.DrupalSite, log logr.Logger) *corev1.C
ls := labelsForDrupalSite(d.Name)
ls["app"] = "mysql"
content, err := ioutil.ReadFile("config/mysql-config.cnf")
configPath := "/tmp/qos-" + string(d.Spec.Environment.QoSClass) + "/mysql-config.cnf"
content, err := ioutil.ReadFile(configPath)
if err != nil {
log.Error(err, fmt.Sprintf("read failed"))
log.Error(err, fmt.Sprintf("reading MySQL configuration failed"))
return nil
}
......
......@@ -17,8 +17,13 @@ limitations under the License.
package main
import (
"archive/tar"
"flag"
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"strings"
// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
......@@ -71,11 +76,10 @@ func main() {
Development: true,
}
opts.BindFlags(flag.CommandLine)
ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
initEnv()
flag.Parse()
ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
MetricsBindAddress: metricsAddr,
......@@ -129,8 +133,16 @@ func initEnv() {
}
controllers.ClusterName = getenvOrDie("CLUSTER_NAME")
flag.Var(&controllers.RouterShards, "assignable-router-shard", "List of available router shards")
ImageRecipesRepoDownload := strings.Trim(runtimeRepo[0], ".git") + "/repository/archive.tar?path=configuration&ref=" + controllers.ImageRecipesRepoRef
directoryName := downloadFile(ImageRecipesRepoDownload, "/tmp/repo.tar")
configPath := "/tmp/drupal-runtime/"
createConfigDirectory(configPath)
untar("/tmp/repo.tar", "/tmp/drupal-runtime")
renameConfigDirectory(directoryName, "/tmp/drupal-runtime")
}
// getenvOrDie checks for the given variable in the environment, if not exists
func getenvOrDie(name string) string {
e := os.Getenv(name)
if e == "" {
......@@ -139,3 +151,120 @@ func getenvOrDie(name string) string {
}
return e
}
// downloadFile downloads from the given URL and writes it to the given filename
func downloadFile(url string, fileName string) string {
resp, err := http.Get(url)
if err != nil || resp.StatusCode != 200 {
setupLog.Error(err, fmt.Sprintf("fetching image recipes repo failed"))
os.Exit(1)
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
setupLog.Info("Received non 200 response code")
os.Exit(1)
}
directoryName := strings.TrimRight(strings.Trim(strings.Split(resp.Header["Content-Disposition"][0], "=")[1], "\""), ".tar")
//Create a empty file
file, err := os.Create(fileName)
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to create file"))
os.Exit(1)
}
defer file.Close()
//Write the bytes to the file
_, err = io.Copy(file, resp.Body)
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to write to a file"))
os.Exit(1)
}
setupLog.Info(fmt.Sprintf("Downloaded the file %s", fileName))
return directoryName
}
// untar decompress the given tar file to the given target directory
func untar(tarball, target string) {
reader, err := os.Open(tarball)
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to open the tar file"))
os.Exit(1)
}
defer reader.Close()
tarReader := tar.NewReader(reader)
for {
header, err := tarReader.Next()
if err == io.EOF {
break
} else if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to read the file"))
os.Exit(1)
}
path := filepath.Join(target, header.Name)
info := header.FileInfo()
if info.IsDir() {
if err = os.MkdirAll(path, info.Mode()); err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to create a directory"))
os.Exit(1)
}
continue
}
file, err := os.OpenFile(path, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, info.Mode())
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to create file"))
os.Exit(1)
}
defer file.Close()
_, err = io.Copy(file, tarReader)
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to write to a file"))
os.Exit(1)
}
}
}
// renameConfigDirectory reorganises the configuration files into the appropriate directories after decompressing them
func renameConfigDirectory(directoryName string, path string) {
moveFile("/tmp/drupal-runtime/"+directoryName+"/configuration/qos-critical", "/tmp/qos-critical")
moveFile("/tmp/drupal-runtime/"+directoryName+"/configuration/qos-eco", "/tmp/qos-eco")
moveFile("/tmp/drupal-runtime/"+directoryName+"/configuration/qos-standard", "/tmp/qos-standard")
removeFileIfExists("/tmp/drupal-runtime")
}
// createConfigDirectory creates the required directories to download the configurations
func createConfigDirectory(configPath string) {
removeFileIfExists("/tmp/qos-critical")
removeFileIfExists("/tmp/qos-eco")
removeFileIfExists("/tmp/qos-standard")
removeFileIfExists("/tmp/drupal-runtime")
err := os.MkdirAll("/tmp/drupal-runtime", 0755)
setupLog.Info(fmt.Sprintf("Creating Directory %s", "/tmp/drupal-runtime"))
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to create the directory /tmp/drupal-runtime"))
os.Exit(1)
}
}
// removeFileIfExists checks if the given file/ directory exists. If it does, it removes it
func removeFileIfExists(path string) {
_, err := os.Stat(path)
if !os.IsNotExist(err) {
err = os.RemoveAll(path)
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to delete the directory %s", path))
os.Exit(1)
}
}
}
// moveFile checks if the given file/ directory exists. If it does, it removes it
func moveFile(from string, to string) {
err := os.Rename(from, to)
if err != nil {
setupLog.Error(err, fmt.Sprintf("Failed to move the directory from %s to %s", from, to))
os.Exit(1)
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment