Skip to content

Commit

Permalink
Merge pull request #718 from naphelps/configChanges
Browse files Browse the repository at this point in the history
Exchange configuration overhaul.
  • Loading branch information
naphelps authored Sep 24, 2024
2 parents fd721ff + 206e19d commit 835af6a
Show file tree
Hide file tree
Showing 129 changed files with 2,813 additions and 2,144 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/build-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ on:
push:
branches:
- master
- v2.87
- v2.122
- v2.110
- v2.87

# Variables available to all jobs
env:
Expand All @@ -23,7 +24,7 @@ jobs:
# This job will build and then push to docker hub
build-push:
# The type of runner the job will run on
runs-on: ubuntu-20.04
runs-on: ubuntu-latest

steps:
# Ensure that the repo variables and secrets are set before running any other steps
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/dependency-graph.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- master
- v2.122
- v2.110
- v2.87
jobs:
Expand Down
27 changes: 17 additions & 10 deletions .github/workflows/run-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ on:
pull_request:
branches:
- master
- v2.87
- v2.122
- v2.110
- v2.87

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
Expand All @@ -14,34 +15,40 @@ jobs:
# The type of runner that the job will run on
runs-on: ubuntu-latest
env:
GOPATH: /home/runner/work/anax/anax/go
DEBIAN_FRONTEND: noninteractive
DOCKER_NETWORK: exchange-api-network
DOCKER_REGISTRY: openhorizon
EXCHANGE_FE_HEADER: issuer
EXCHANGE_ROOTPW: ci-password
POSTGRES_DB_NAME: exchange
POSTGRES_DB_PORT: 5432
POSTGRES_DB_USER: admin
EXCHANGE_DB_NAME: exchange
# ((Core Count * 2) + Spindle Count); Default is 20
EXCHANGE_DB_NUMTHREADS: 9
EXCHANGE_DB_PORT: 5432
EXCHANGE_DB_USER: admin
EXCHANGE_PEKKO_LOGLEVEL: debug
EXCHANGE_ROOT_PW: ci-password
GOPATH: /home/runner/work/anax/anax/go


# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: coursier/cache-action@v6

# Setup Scala
# Comes from open source action: https://github.com/coursier/setup-action
- name: Setup Scala
uses: coursier/setup-action@v1
with:
jvm: adoptium:1.17

- name: Create Docker Env
run: |
pwd
java -version
make docker-network
docker run -d -e POSTGRES_HOST_AUTH_METHOD=trust -e POSTGRES_DB=$POSTGRES_DB_NAME -e POSTGRES_USER=$POSTGRES_DB_USER --network $DOCKER_NETWORK --name postgres postgres
docker run -d -e POSTGRES_HOST_AUTH_METHOD=trust -e POSTGRES_DB=$EXCHANGE_DB_NAME -e POSTGRES_USER=$EXCHANGE_DB_USER --network $DOCKER_NETWORK --name postgres postgres
export POSTGRES_CONTAINER_ADDRESS=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' postgres)
export EXCHANGE_DB_HOST=$POSTGRES_CONTAINER_ADDRESS
make run-docker
cat /etc/horizon/exchange/config-http.json
docker ps -a
docker network ls
make test
make test
6 changes: 3 additions & 3 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
services: docker
language: scala
dist: focal
jdk: openjdk11
jdk: openjdk17
scala:
- 2.13.5
- 2.13.14
notifications:
slack:
secure: nPoYZ8FqRziV5+rQAc9GXFWtNsThBbOdxYOY8HpPwNWsWHtC2ZyPJBnNE6XIkmzR7+D5U8yOYqlk2CiqYLlSwa1+bqKuAyOBBhz51pDi8z+YXsjvgTpkxVmKv8N6jntAqo5eBFbVUW+/FPhKBD6qZIkbfRyThZSNZTSTv9oZ02Ynfb4NKuXgZeuinSotOaICiCvzfY4kYoe7EKss/XY6ON8qHUOcIQBsckDHrFEYwF270qNEIccZIkrOr3PKg3mXz2n+65T5i/UDNw3Z8RKDc32Y+TCfyAc3kyuQQYhKhL6/TLwAW/IPNGaFkUfR+2FH+C1VlLJpm1/mBj6uDvHBVRHSEL3ZofYFd5TTzUqkQRINATRQNpFNfjlMT3ifJrSyopKXyMsiea2y3EvM4/D3I5pHRvX2/BqidjJV3b5UIllirq/jk4PrCKshkKEZtC0CBNj4T8ewa9Qr3IxlKTFVHwnW1RWQmAXgFDFpbDzJ4vuLbUDhAKDXukWqoiwxTC3egMPQVnEFvxHVDAqdQUztsUjtg3LVXagLLl6+tYTwY53124aUXSkQMbANL+2ISZuRmg4dheTtaK/bE8L4dCQyyy7HFh03IbZGnGz3bhpDGxTBFAhnEQ4XWzYNpz8rEr0unvQTfBt2dUq4AH5bh1QseFh77lpBYWj9jxndZMbP9Pw=
Expand All @@ -17,6 +17,7 @@ env:
DOCKER_NETWORK=exchange-api-network
DOCKER_REGISTRY=openhorizon
EXCHANGE_FE_HEADER=issuer
EXCHANGE_PEKKO_LOGLEVEL=debug
EXCHANGE_ROOTPW=ci-password
POSTGRES_DB=exchange
POSTGRES_PORT=5432
Expand All @@ -37,7 +38,6 @@ before_script:
- 'sudo bash -c "echo ''{ \"api\": { \"db\": { \"jdbcUrl\": \"jdbc:postgresql://$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB\",
\"user\": \"$POSTGRES_USER\" }, \"root\": { \"password\": \"$EXCHANGE_ROOTPW\",
\"frontEndHeader\": \"$EXCHANGE_FE_HEADER\" } } }'' > /etc/horizon/exchange/config.json"'
- cat /etc/horizon/exchange/config.json
- unset SBT_OPTS
- make travis-test

Expand Down
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

All notable changes to this project will be documented in this file.

## [2.124.0] - 2024-09-14
- Application configuration overhaul.
- Some database configuration changes are not backwards compatible.
- GET methods for Node resources no longer return passwords for admin user types, unless directly owned.
- Added new rest paths for deployment patterns and policies aligning and clarifying these resources.
- `.../v1/orgs/<organization>/deployment/patterns/...`
- `.../v1/orgs/<organization>/deployment/policies/...`

## [2.123.0] - 2024-04-19
- pekko-http-xml 1.0.0 -> 1.0.1
- Reorganized class references in the Swagger documentation generator.
Expand Down
101 changes: 36 additions & 65 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ EXCHANGE_HOST_TRUST_DIR ?= $(PROJECT_DIRECTORY)/target/etc/horizon/exchange/trus
EXCHANGE_ICP_CERT_FILE ?= /etc/horizon/exchange/icp/ca.crt
# Set to "DEBUG" to turn on debugging
EXCHANGE_LOG_LEVEL ?= DEBUG#INFO
EXCHANGE_PEKKO_LOG_LEVEL ?= $(EXCHANGE_LOG_LEVEL)
EXCHANGE_ROOT_PW ?=
# Number of days the SSL certificate is valid for
EXCHANGE_TRUST_DUR ?= 1
EXCHANGE_TRUST_PW ?=
Expand All @@ -64,11 +66,14 @@ JAVA_OPTS ?=#-Xmx1G
POSTGRES_CONTAINER_ADDRESS ?= $(shell docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(POSTGRES_CONTAINER_NAME))
POSTGRES_CONTAINER_NAME ?= postgres
POSTGRES_DB_NAME ?= exchange
EXCHANGE_DB_NAME ?= $(POSTGRES_DB_NAME)
POSTGRES_DB_PORT ?= 5432
EXCHANGE_DB_PORT ?= $(POSTGRES_DB_PORT)
POSTGRES_DB_USER ?= admin
EXCHANGE_DB_USER ?= $(POSTGRES_DB_USER)
PROJECT_DIRECTORY ?= $(shell pwd)
# Try to sync this version with the version of scala you have installed on your dev machine, and with what is specified in build.sbt
SCALA_VERSION ?= 2.13.10
SCALA_VERSION ?= 2.13.14
SCALA_VERSION_SHORT ?= 2.13


Expand Down Expand Up @@ -175,58 +180,6 @@ run-docker-db-postgres-https: target/docker/.run-docker-db-postgres-https
/etc/horizon/exchange:
sudo mkdir -p /etc/horizon/exchange

/etc/horizon/exchange/config-http.json: /etc/horizon/exchange
: $${EXCHANGE_ROOTPW:?}
sudo -- bash -c "printf \
'{\n'\
' \"api\": {\n'\
' \"db\": {\n'\
' \"jdbcUrl\": \"jdbc:postgresql://$(POSTGRES_CONTAINER_ADDRESS):$(POSTGRES_DB_PORT)/$(POSTGRES_DB_NAME)\",\n'\
' \"user\": \"$(POSTGRES_DB_USER)\"\n'\
' },\n'\
' \"logging\": {\n'\
' \"level\": \"$(EXCHANGE_LOG_LEVEL)\"\n'\
' },\n'\
' \"root\": {\n'\
' \"password\": \"$(EXCHANGE_ROOTPW)\",\n'\
' \"frontEndHeader\": \"$(EXCHANGE_FE_HEADER)\"\n'\
' },\n'\
' \"service\": {\n'\
' \"port\": $(EXCHANGE_CONTAINER_PORT_HTTP),\n'\
' \"portEncrypted\": null\n'\
' }\n'\
' }\n'\
'}' > /etc/horizon/exchange/config-http.json"
sudo chmod o+r /etc/horizon/exchange/config-http.json

/etc/horizon/exchange/config-https.json: /etc/horizon/exchange target/docker/.run-docker-db-postgres-https
: $${EXCHANGE_ROOTPW:?}
sudo -- bash -c "printf \
'{\n'\
' \"api\": {\n'\
' \"db\": {\n'\
' \"jdbcUrl\": \"jdbc:postgresql://$(POSTGRES_CONTAINER_ADDRESS):$(POSTGRES_DB_PORT)/$(POSTGRES_DB_NAME)\",\n'\
' \"user\": \"$(POSTGRES_DB_USER)\"\n'\
' },\n'\
' \"logging\": {\n'\
' \"level\": \"$(EXCHANGE_LOG_LEVEL)\"\n'\
' },\n'\
' \"root\": {\n'\
' \"password\": \"$(EXCHANGE_ROOTPW)\",\n'\
' \"frontEndHeader\": \"$(EXCHANGE_FE_HEADER)\"\n'\
' },\n'\
' \"service\": {\n'\
' \"port\": $(EXCHANGE_CONTAINER_PORT_HTTP),\n'\
' \"portEncrypted\": $(EXCHANGE_CONTAINER_PORT_HTTPS)\n'\
' },\n'\
' \"tls\": {\n'\
' \"password\": \"$(EXCHANGE_TRUST_PW)\",\n'\
' \"truststore\": \"/etc/horizon/exchange/localhost.p12\"\n'\
' }\n'\
' }\n'\
'}' > /etc/horizon/exchange/config-https.json"
sudo chmod o+r /etc/horizon/exchange/config-https.json

## Pre-Run - TLS Truststore -----------
## Only do this once to create the exchange truststore for https (which includes the private key, and cert with multiple names).
$(EXCHANGE_HOST_TRUST_DIR): /etc/horizon/exchange
Expand All @@ -253,34 +206,50 @@ truststore: /etc/horizon/exchange/localhost.p12
# Run -------------------------------------------------------------------------
## Run - Docker -----------------------
## For Continuous Integration testing
target/docker/.run-docker: /etc/horizon/exchange/config-http.json target/docker/.docker-network
sudo -- bash -c "cp /etc/horizon/exchange/config-http.json /etc/horizon/exchange/config.json"
#-e EXCHANGE_DB_HOST=$(POSTGRES_CONTAINER_ADDRESS) \
#-e EXCHANGE_DB_NAME=$(POSTGRES_DB_NAME) \
#-e EXCHANGE_DB_USER=$(POSTGRES_DB_USER)
target/docker/.run-docker: target/docker/.docker-network
docker run \
--name $(DOCKER_NAME) \
--network $(DOCKER_NETWORK) \
-d -t \
-p $(EXCHANGE_HOST_PORT_HTTP):$(EXCHANGE_CONTAINER_PORT_HTTP) \
-v /etc/horizon/exchange/config.json:/etc/horizon/exchange/exchange-api.tmpl:ro \
-e EXCHANGE_DB_HOST=$(POSTGRES_CONTAINER_ADDRESS) \
-e EXCHANGE_DB_NAME=$(EXCHANGE_DB_NAME) \
-e EXCHANGE_DB_PORT=$(EXCHANGE_DB_PORT) \
-e EXCHANGE_DB_USER=$(EXCHANGE_DB_USER) \
-e EXCHANGE_PEKKO_HTTP_PORT=$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_PEKKO_LOGLEVEL=$(EXCHANGE_PEKKO_LOGLEVEL) \
-e EXCHANGE_ROOT_PW=$(EXCHANGE_ROOT_PW) \
$(IMAGE_STRING):$(DOCKER_TAG)
@touch $@

.PHONY: run-docker
run-docker: target/docker/.run-docker

## config.json is renamed to exchange-api.tmpl to overwrite the provided file of the same name in the Docker image. Prevents the container from attempting to overwrite a bind-mounted config.json with read-only permissions.
target/docker/.run-docker-icp-https: /etc/horizon/exchange/config-https.json target/docker/.docker-network /etc/horizon/exchange/localhost.p12 target/docker/.run-docker-db-postgres-https
sudo -- bash -c "cp /etc/horizon/exchange/config-https.json /etc/horizon/exchange/config.json"
target/docker/.run-docker-icp-https: target/docker/.docker-network /etc/horizon/exchange/localhost.p12 target/docker/.run-docker-db-postgres-https
docker run \
--name $(DOCKER_NAME) \
--network $(DOCKER_NETWORK) \
-d -t \
-p $(EXCHANGE_HOST_PORT_HTTP):$(EXCHANGE_CONTAINER_PORT_HTTP) \
-p $(EXCHANGE_HOST_PORT_HTTPS):$(EXCHANGE_CONTAINER_PORT_HTTPS) \
-e EXCHANGE_DB_HOST=$(POSTGRES_CONTAINER_ADDRESS) \
-e EXCHANGE_DB_NAME=$(EXCHANGE_DB_NAME) \
-e EXCHANGE_DB_PORT=$(EXCHANGE_DB_PORT) \
-e EXCHANGE_DB_USER=$(EXCHANGE_DB_USER) \
-e EXCHANGE_PEKKO_HTTP_PORT=$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_PEKKO_HTTPS_PORT=$(EXCHANGE_CONTAINER_PORT_HTTPS) \
-e EXCHANGE_PEKKO_LOGLEVEL=$(EXCHANGE_PEKKO_LOGLEVEL) \
-e EXCHANGE_ROOT_PW=$(EXCHANGE_ROOT_PW) \
-e EXCHANGE_TLS_PASSWORD=$(EXCHANGE_TRUST_PW) \
-e EXCHANGE_TLS_TRUSTSTORE=/etc/horizon/exchange/localhost.p12 \
-e "JAVA_OPTS=$(JAVA_OPTS)" \
-e "ICP_EXTERNAL_MGMT_INGRESS=$$ICP_EXTERNAL_MGMT_INGRESS" \
-v /etc/horizon/exchange/config.json:/etc/horizon/exchange/exchange-api.tmpl:ro \
-v $(EXCHANGE_HOST_ICP_CERT_FILE):$(EXCHANGE_ICP_CERT_FILE) \
-v $(EXCHANGE_HOST_TRUST_DIR)/localhost.p12:$(EXCHANGE_CONTAINER_TRUST_DIR)/localhost.p12:ro \
-v /etc/horizon/exchange/localhost.p12:$(EXCHANGE_CONTAINER_TRUST_DIR)/localhost.p12:ro \
-v $(EXCHANGE_HOST_POSTGRES_CERT_FILE):$(EXCHANGE_CONTAINER_POSTGRES_CERT_FILE) \
$(IMAGE_STRING):$(DOCKER_TAG)
@touch $@
Expand All @@ -290,16 +259,19 @@ run-docker-icp-https: target/docker/.run-docker-icp-https

## config.json is mounted into the container as exchange-api.tmpl to overwrite the provided file of the same name in the Docker image. Bind-mounting it with read-only permissions prevents the container from attempting to overwrite it.
#
target/docker/.run-docker-icp: /etc/horizon/exchange/config-http.json target/docker/.docker-network
sudo -- bash -c "cp /etc/horizon/exchange/config-http.json /etc/horizon/exchange/config.json"
target/docker/.run-docker-icp: target/docker/.docker-network
docker run \
--name $(DOCKER_NAME) \
--network $(DOCKER_NETWORK) \
-d -t \
-p $(EXCHANGE_HOST_PORT_HTTP):$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_DB_NAME=$(EXCHANGE_DB_NAME) \
-e EXCHANGE_DB_PORT=$(EXCHANGE_DB_PORT) \
-e EXCHANGE_DB_USER=$(EXCHANGE_DB_USER) \
-e EXCHANGE_PEKKO_LOGLEVEL=$(EXCHANGE_LOG_LEVEL) \
-e EXCHANGE_ROOT_PW=$(EXCHANGE_ROOT_PW) \
-e "JAVA_OPTS=$(JAVA_OPTS)" \
-e "ICP_EXTERNAL_MGMT_INGRESS=$$ICP_EXTERNAL_MGMT_INGRESS" \
-v /etc/horizon/exchange/config.json:/etc/horizon/exchange/exchange-api.tmpl:ro \
$(IMAGE_STRING):$(DOCKER_TAG)
@touch $@

Expand Down Expand Up @@ -340,7 +312,7 @@ docker-push-version-only:
# Must an Exchange instance running locally or in docker
.PHONY: test
test:
: $${EXCHANGE_ROOTPW:?} # this verifies these env vars are set
: $${EXCHANGE_ROOT_PW:?} # this verifies these env vars are set
sbt test


Expand Down Expand Up @@ -382,7 +354,6 @@ clean: clean-docker clean-truststore

.PHONY: cleaner
cleaner: clean cleaner-docker cleaner-truststore
sudo rm -fr /etc/horizon/exchange/config*.json

.PHONY: cleanest
cleanest: cleaner cleanest-docker cleanest-truststore
Expand Down
Loading

0 comments on commit 835af6a

Please sign in to comment.