v8.0.4

Author: kwatson

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Change Log
 
+## v8.0.4
+
+* [CHANGE] Update initial images on a fresh install.
+* [FIX] Don't cache dns results when validating lets encrypt domains.
+* [FIX] Custom load balancer images were failing to deploy properly.
+
+***
+
 ## v8.0.3
 
 * [FIX] If phpMyAdmin was selected during an order, an error would prevent the order from being successful.

VERSION

@@ -1 +1 @@
-8.0.3
+8.0.4

app/models/audit.rb

@@ -10,7 +10,7 @@
 # @!attribute rel_uuid
 #   @return [String] UUID of model (if applicable)
 #
-# @!attribute raw_text
+# @!attribute raw_data
 #   @return [String] Raw details about this audit. Generally not used as we prefer to store data in Events.
 #
 # @!attribute ip_addr

app/models/concerns/nodes/node_metrics.rb

@@ -28,7 +28,7 @@ def can_accept_package?(package)
         if (metric_cpu_cores[:cpu].to_f - allocated_resources[:cpu]) < package.cpu
           add_context! no_overcommit_cpu: {
             total_node_cpu: metric_cpu_cores[:cpu].to_f,
-            cpu_allocated: allocated_resources[:cpu],
+            cpu_allocated: allocated_resources[:cpu].to_f,
             requested_cpu: package.cpu.to_f
           }
           proceed = false

app/models/subscription_product.rb

@@ -313,7 +313,7 @@ def prorate_usage!
       event: 'updated',
       rel_id: item.id,
       rel_model: item.class.to_s,
-      raw_text: "Adjust usage due to SubscriptionProduct (#{id}) change."
+      raw_data: "Adjust usage due to SubscriptionProduct (#{id}) change."
     )
     updated_total = BillingResourcePrice.prorated_total(hourly_rate, 4, item.period_start, Time.now.utc, item.qty)
     if item.update(period_end: Time.now.utc, total: updated_total)

app/services/container_services/variant_migration_service.rb

@@ -220,7 +220,7 @@ def can_perform?
           data: "Unable to locate running container, aborting.",
           event_code: '5c2183886cefdf90'
         )
-        event.fail! 'No online containers'
+        event.cancel! 'No online containers'
         rollback!
         return false
       end

app/services/container_services/wordpress_services/user_service.rb

@@ -33,9 +33,9 @@ def users
         return []
       end
       c = if container.is_a?(Deployment::Container)
-            %W(sudo -u www-data wp user list --role=administrator --json --path=/var/www/html/wordpress)
+            %W(sudo -u www-data wp user list --skip-plugins --skip-themes --quiet --role=administrator --json --path=/var/www/html/wordpress)
           else
-            %W(sudo -u sftpuser wp user list --role=administrator --json --path=#{container.service_files_path(service)}/wordpress/html/wordpress)
+            %W(sudo -u sftpuser wp user list --skip-plugins --skip-themes --quiet --role=administrator --json --path=#{container.service_files_path(service)}/wordpress/html/wordpress)
           end
       data = container.container_exec!(c, nil, 20)
 

app/services/lets_encrypt_services/validate_domain_service.rb

@@ -23,9 +23,12 @@ def initialize(obj, event)
         self.container_domain = nil
       end
       self.event = event
-      @dns = Dnsruby::Resolver.new( { nameserver: NS_LIST } )
-      @dns.retry_delay = 1
-      @dns.retry_times = 3
+      @dns = Dnsruby::Resolver.new( {
+                                      nameserver: NS_LIST,
+                                      do_caching: false,
+                                      retry_delay: 1,
+                                      retry_times: 3
+                                    } )
     end
 
     # @return [Boolean]

app/services/provision_services/ingress_controller_provisioner.rb

@@ -45,12 +45,17 @@ def perform
 
     def provision_load_balancer(image)
       lb_name = NamesGenerator.name project.id
+      variant = image.image_variants.default.first
+      if variant.nil?
+        errors << "Missing image variant for image #{image.id}"
+        return
+      end
       lb_service = project.services.new(
-        container_image: image,
+        image_variant: variant,
         is_load_balancer: true,
         name: lb_name,
         label: lb_name,
-        cpu: 1, # TODO: Manage Ingress Controller resources
+        cpu: 1,
         memory: 1024,
         region: service.region,
         command: image.command,
@@ -77,6 +82,7 @@ def provision_load_balancer(image)
           errors << i
         end
       end
+      NetworkWorkers::ServicePolicyWorker.perform_async lb_service.id
     end
 
     def valid?

app/views/api/stacks/load_balancers/haproxy/_frontend-http.erb

@@ -7,6 +7,7 @@ frontend https
   option httplog
   option http-server-close
   option forwardfor if-none
+  http-request set-var(txn.host) hdr(Host)
   <% if load_balancer.proxy_ipaddrs.empty? %>
   http-request del-header X-Forwarded-For
   http-request set-header X-Forwarded-Proto https
@@ -27,12 +28,12 @@ frontend https
     <% next if service.containers.empty? %>
     <% service.ingress_rules.where(external_access: true, proto: 'http').each do |ingress| %>
       <% ingress.global_container_domains.each do |domain| %>
-  acl host_rule_<%= index %> hdr(host) -i <%= domain.domain %>
+  acl host_rule_<%= index %> var(txn.host) -m str <%= domain.domain %>
   <% if ingress.restrict_cf %>
-  acl restricted_url hdr(host) -i <%= domain.domain %>
+  acl restricted_url var(txn.host) -m str <%= domain.domain %>
   <% end %>
   <% if domain.enable_hsts_header? %>
-  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" if { var(txn.domain) -i <%= domain.domain %> }
+  http-response set-header Strict-Transport-Security "max-age=16000000; preload;" if host_rule_<%= index %>
   <% end %>
   use_backend <%= Digest::MD5.hexdigest("#{service.name}#{ingress.id}") %> if host_rule_<%= index %>
         <% index += 1 %>

app/views/api/stacks/load_balancers/haproxy/_stats.erb

@@ -1,7 +1,6 @@
 frontend stats
   bind <%= load_balancer.stats_bind %>
   mode http
-  option http-use-htx
   http-request use-service prometheus-exporter if { path /metrics }
   stats enable
   stats uri /stats

app/views/deployments/events/last_event.html.erb

@@ -1,5 +1,5 @@
 <% if @active_events.zero? %>
   <%= @last_event.nil? ? t('common.never') : link_to(distance_of_time_in_words_to_now(@last_event, include_seconds: true), "/deployments/#{@deployment.token}/events") %>
 <% else %>
-  <%= link_to "#{icon('fa-regular', 'circle-notch', class: 'fa-spin')} #{pluralize(@active_events, 'active event', 'active events')}".html_safe, "/deployments/#{@deployment.token}/events" %>
+  <%= link_to "#{icon('fa-solid fa-spin', 'rotate')} #{pluralize(@active_events, 'active event', 'active events')}".html_safe, "/deployments/#{@deployment.token}/events" %>
 <% end %>

app/workers/node_workers/health_check_worker.rb

@@ -57,7 +57,7 @@ def perform(node_id = nil)
         obj = LoadBalancer.find_by(name: i) if obj.nil?
 
         if obj.nil?
-          trash_container! i, node
+          trash_container!(i, node) if Rails.env.production?
           next
         else
           next if obj.respond_to?(:status) && %w(building migrating).include?(obj.status)

lib/dev/vagrant_provision.sh

@@ -22,6 +22,8 @@ echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
   $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
 
+curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
+
 sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
 wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 

lib/tasks/containers/elasticsearch.rake

@@ -1,89 +1,130 @@
-#docker run --rm -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.12.1
-
 namespace :containers do
-  desc "Install elasticsearch"
+  desc "Install elasticsearch container"
   task elasticsearch: :environment do
-      unless ContainerImage.where(name: "elasticsearch").exists?
-        dhprovider = ContainerImageProvider.find_by(name: "DockerHub")
-        elasticsearch = ContainerImage.create!(
-          name:                     'elasticsearch',
-          label:                    'ElasticSearch',
-          description:              "ElasticSearch is a powerful search server. Add it to your site to improve speed and accuracy of your search results.",
-          role:                     'elasticsearch',
-          category:               'misc',
-          can_scale:                false,
-          container_image_provider: dhprovider,
-          registry_image_path:      "elasticsearch",
-          min_cpu:                  1,
-          min_memory:               1024,
-          skip_variant_setup: true
-        )
-        elasticsearch.image_variants.create!(
-          label: "8.4.3",
-          registry_image_tag: "8.4.3",
-          validated_tag: true,
-          validated_tag_updated: Time.now,
-          version: 0,
-          is_default: true,
-          skip_tag_validation: true
-        )
-        elasticsearch.image_variants.create!(
-          label: "7.17.6",
-          registry_image_tag: "7.17.6",
-          validated_tag: true,
-          validated_tag_updated: Time.now,
-          version: 1,
-          skip_tag_validation: true
-        )
-        elasticsearch.image_variants.create!(
-          label: "6.8.23",
-          registry_image_tag: "6.8.23",
-          validated_tag: true,
-          validated_tag_updated: Time.now,
-          version: 2,
-          skip_tag_validation: true
-        )
-        elasticsearch.env_params.create!(
-          name:       "cluster.name",
-          label:      "Cluster Name",
-          param_type: "variable",
-          env_value:  "build.self.service_name"
-        )
-        elasticsearch.env_params.create!(
-          name:         "discovery.type",
-          label:        "Discovery Type",
-          param_type:   "static",
-          static_value: "single-node"
-        )
-        elasticsearch.env_params.create!(
-          name:         "ES_JAVA_OPTS",
-          label:        "ES_JAVA_OPTS",
-          param_type:   "static",
-          static_value: "-Xms416m -Xmx416m"
-        )
+    ghprovider = ContainerImageProvider.find_by(name: "Github")
+    es_lb      = ContainerImage.where("labels @> ?", { system_image_name: "es-loadbalancer-v1" }.to_json).first
+    if es_lb.nil?
+      es_lb = ContainerImage.create!(
+        name:                     'es-nginx-lb',
+        label:                    'ElasticSearch LoadBalancer',
+        role:                     'loadbalancer',
+        category: "other",
+        is_load_balancer:         true,
+        can_scale:                true,
+        container_image_provider: ghprovider,
+        registry_image_path:      "computestacks/es-nginx-lb",
+        registry_image_tag:       "v1",
+        is_free:                  true,
+        labels:                   {
+          system_image_name: "es-loadbalancer-v1"
+        },
+        skip_variant_setup: true
+      )
+      es_lb.image_variants.create!(
+        label: "v1",
+        is_default: true,
+        registry_image_tag: "v1",
+        version: 0,
+        skip_tag_validation: true,
+        validated_tag: true,
+        validated_tag_updated: Time.now
+      )
+      es_lb.setting_params.create!(
+        name:       'password',
+        label:      'Password',
+        param_type: 'password'
+      )
+      es_lb.env_params.create!(
+        name:       'HTTPASS',
+        param_type: 'variable',
+        env_value:  'build.settings.password'
+      )
+      es_lb.ingress_params.create!(
+        port:            80,
+        external_access: true,
+        proto:           'http'
+      )
+    end
+
+    lb_rule = es_lb.ingress_params.first
+
+    return false if lb_rule.nil?
+
+    unless ContainerImage.where("labels @> ?", { system_image_name: "elasticsearch-6.4" }.to_json).exists?
+      elasticsearch = ContainerImage.create!(
+        name:                     'elasticsearch-64',
+        label:                    "ElasticSearch for Wordpress",
+        description:              "<div>ElasticSearch is a powerful search server. Add it to your site to improve speed and accuracy of your search results.</div>",
+        role:                     'elasticsearch',
+        category:               'other',
+        can_scale:                false,
+        container_image_provider: ghprovider,
+        registry_image_path:      "computestacks/cs-docker-es-for-wp",
+        registry_image_tag:       "6.4.3",
+        min_cpu:                  1,
+        min_memory:               1024,
+        labels:                   {
+          system_image_name: "elasticsearch-6.4"
+        },
+        skip_variant_setup: true
+      )
+      elasticsearch.image_variants.create!(
+        label: "v6",
+        is_default: true,
+        version: 0,
+        registry_image_tag: "v6",
+        validated_tag: true,
+        validated_tag_updated: Time.now,
+        skip_tag_validation: true
+      )
+      elasticsearch.env_params.create!(
+        name:       "cluster.name",
+        label:      "Cluster Name",
+        param_type: "variable",
+        env_value:  "build.self.service_name"
+      )
+      elasticsearch.env_params.create!(
+        name:         "discovery.type",
+        label:        "Discovery Type",
+        param_type:   "static",
+        static_value: "single-node"
+      )
+      elasticsearch.env_params.create!(
+        name:         "ES_JAVA_OPTS",
+        label:        "ES_JAVA_OPTS",
+        param_type:   "static",
+        static_value: "-Xms416m -Xmx416m"
+      )
+      elasticsearch.env_params.create!(
+        name:         "xpack.security.enabled",
+        label:        "xpack",
+        param_type:   "static",
+        static_value: "false"
+      )
 
-        elasticsearch.ingress_params.create!(
-          port:               9200,
-          external_access:    false,
-          proto:              'http'
-        )
-        elasticsearch.ingress_params.create!(
-          port:            9300,
-          external_access: false,
-          proto:           'tcp'
-        )
-        elasticsearch.volumes.create!(
-          label:             'esdata',
-          mount_path:        "/usr/share/elasticsearch/data",
-          enable_sftp:       false,
-          borg_enabled:      true,
-          borg_freq:         '@daily',
-          borg_strategy:     'file',
-          borg_keep_hourly:  1,
-          borg_keep_daily:   7,
-          borg_keep_weekly:  4,
-          borg_keep_monthly: 0
-        )
-      end
+      elasticsearch.ingress_params.create!(
+        port:               9200,
+        external_access:    true,
+        proto:              'http',
+        load_balancer_rule: lb_rule
+      )
+      elasticsearch.ingress_params.create!(
+        port:            9300,
+        external_access: false,
+        proto:           'tcp'
+      )
+      elasticsearch.volumes.create!(
+        label:             'esdata',
+        mount_path:        "/usr/share/elasticsearch/data",
+        enable_sftp:       false,
+        borg_enabled:      true,
+        borg_freq:         '@daily',
+        borg_strategy:     'file',
+        borg_keep_hourly:  1,
+        borg_keep_daily:   7,
+        borg_keep_weekly:  4,
+        borg_keep_monthly: 0
+      )
+    end
   end
 end