altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity
16159 commits 1 branch 0 tags 2.6 GiB
Commit graph

16159 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jennifer Richards 5486345ab0 ci: remove unnecessary helper 
b64decode defaults to validate=false, which discards chars
outside the base64 alphabet. That includes whitespace.
 2024-05-13 21:41:36 -04:00
Jennifer Richards c1a7a60eb9 ci: handle b64-encoded APP_API_TOKENS 2024-05-13 21:41:36 -04:00
Jennifer Richards 49a3cdc43c ci: "true" 2024-05-13 21:41:36 -04:00
Jennifer Richards 8b3d330bff ci: metrics.portName annotation 2024-05-13 21:41:36 -04:00
Jennifer Richards 3a4939cc0b ci: collect memcached metrics (#7410) 
* ci: collect memcached metrics

* ci: use nobody/nobody for metrics container
 2024-05-13 21:41:36 -04:00
Jennifer Richards dd46a8af6f ci: use ietfa uid/gid for datatracker user (#7407) 
* ci: use ietfa uid/gid for datatracker user

* chore: add comment
 2024-05-13 21:41:36 -04:00
Jennifer Richards 7e56b2e923 ci: drop helm chart GHA step 2024-05-13 21:41:36 -04:00
Jennifer Richards 867360e96f ci: k8s fixup (#7401) 
* ci: remove stray serviceName

* ci: volumeClaimTemplate name -> volumeMount, not volume

* ci: datatracker listens on containerPort 8000

* ci: services/containers have dt- prefix

* chore: adjust indent for k8s yaml

* ci: use a secret for CELERY_PASSWORD

* fix: touched wrong CELERY_PASSWORD setting

* ci: get rid of the celery pw secretGenerator

* ci: use DB_PASS instead of DBPASS (etc) for k8s

* ci: Fill in django-config.yaml from env vars

* ci: add vault-mappings.txt

* ci: use $CELERY_PASSWORD in rabbitmq.yaml

* ci: moving vault-mappings.txt out of this repo

* Revert "ci: Fill in django-config.yaml from env vars"

This reverts commit 75cd181deb390d3ab21d6887b091d66c80e1d18e.

* Revert "ci: use $CELERY_PASSWORD in rabbitmq.yaml"

This reverts commit f251f9920d07c65413f72fd165cc06acd562c2c7.

* ci: parameterize db OPTIONS setting
 2024-05-13 21:41:36 -04:00
Nicolas Giard d075404fdb refactor: add beat + celery deployments 2024-05-13 21:41:36 -04:00
Nicolas Giard 05bd47cbad chore: add rabbitmq vol claim template 2024-05-13 21:41:36 -04:00
Nicolas Giard 24309c2b04 refactor: move nfs entry upstream 2024-05-13 21:41:36 -04:00
Nicolas Giard 0a3bb9e381 refactor: move node affinity to upstream 2024-05-13 21:41:36 -04:00
Nicolas Giard 3ea70f2ceb refactor: helm to kustomize (wip) 2024-05-13 21:41:36 -04:00
Jennifer Richards e35b46eed8 ci: fix celery scout env var names (#7373) 2024-05-13 21:41:36 -04:00
Jennifer Richards d2623de615 feat: config celery logging via Django (#7371) 
* feat: config celery logger via Django

* feat: Disable celery's logging config
 2024-05-13 21:41:36 -04:00
Jennifer Richards 8f87573144 ci: Fill in settings_local for docker 2024-05-13 21:41:36 -04:00
Jennifer Richards 4e2b9ce7a6 ci: Non-root for celery containers (#7368) 2024-05-13 21:41:36 -04:00
Jennifer Richards 70c32254a9 ci: non-root user for scout containers 2024-05-13 21:41:36 -04:00
Jennifer Richards c8ee43da95 ci: run datatracker pod as non-root user (#7366) 
* feat: patch_libraries management command

* ci: Patch libraries in docker img build

* ci: non-root datatracker user

* ci: securityContext for datatracker pod
 2024-05-13 21:41:36 -04:00
Jennifer Richards 30a4a5a77b ci: run rabbitmq as non-root (#7362) 
* ci: securityContext for rabbitmq

* ci: logs from rabbitmq as json to console

* ci: tmp volume for rabbitmq

Needed since rootfs is now read-only

* ci: fix permissions on /var/lib/rabbitmq vol

Rabbitmq needs to be able to write to the fs at
/var/lib/rabbitmq. It may be possible to get rid
of the initContainer and use fsGroup in the pod
securityContext to manage this, but that does not
work for the hostVolume mounts I use for dev.
The solution here moves the actual mount to the
rabbitmq/ directory in the rabbitmq-data volume
and uses an initContainer to set the permissions
on that. That should work for any volume type.
 2024-05-13 21:41:36 -04:00
Jennifer Richards 2c9c61d878 ci: more memcached mem; set securityContext (#7356) 2024-05-13 21:41:36 -04:00
Jennifer Richards 9379bbad7d ci: remove reminder comment 2024-05-13 21:41:36 -04:00
Jennifer Richards b50e60b05f ci: default to static.ietf.org in helm chart 2024-05-13 21:41:36 -04:00
Jennifer Richards 26f2306316 ci: add scout container to celery pod (#7354) 
* ci: Add scout container to celery pod

* ci: Refactor scoutapm settings in values.yaml
 2024-05-13 21:41:36 -04:00
Jennifer Richards 6ccde89a68 ci: do not re-run yarn / collectstatics (#7353) 2024-05-13 21:41:36 -04:00
Jennifer Richards d14cbd10e9 ci: refactor scout sidecar (#7338) 
* ci: remove stray comma in settings_local.py

* ci: move scout sidecar to containers

initContainers sidecars not supported until kubernetes 1.29
 2024-05-13 21:41:36 -04:00
Jennifer Richards 90dc303293 ci: Add scoutapm sidecar container (#7330) 
* ci: Add scoutapm sidecar container

* ci: Configure ScoutAPM via helm
 2024-05-13 21:41:36 -04:00
Jennifer Richards ffcf74bd03 chore: Remove accidental commits... (#7329) 2024-05-13 21:41:36 -04:00
Jennifer Richards 64441be330 chore: Remove accidentally committed file 2024-05-13 21:41:36 -04:00
Jennifer Richards ac5155122c ci: label PVCs 2024-05-13 21:41:36 -04:00
Jennifer Richards c81b5f7088 ci: nindent instead of indent 2024-05-13 21:41:36 -04:00
Jennifer Richards ebaf6b5680 ci: quotes around shell parameters 2024-05-13 21:41:36 -04:00
Jennifer Richards 48f908020f ci: collect statics when building image 2024-05-13 21:41:36 -04:00
Jennifer Richards 8a4fcf7024 ci: comment out DATATRACKER_STATIC_URL env 2024-05-13 21:41:36 -04:00
Jennifer Richards 39d2199a74 ci: allow override of csrf_trusted_origins 2024-05-13 21:41:36 -04:00
Jennifer Richards e99286f400 ci: use values for PVClaims, STATIC_URL (#7317) 
* ci: Expose PV parameters as values

* ci: complain about missing value in dev mode

* ci: Allow override of STATIC_URL
 2024-05-13 21:41:36 -04:00
Jennifer Richards 206a4bb749 ci: clean up labels and service values (#7314) 
* ci: Remove unused service values

* ci: Reorg labels
 2024-05-13 21:41:36 -04:00
Jennifer Richards c4a2ea9822 ci: Adjust secrets in values.yaml (#7288) 
* ci: Require secrets, even in "development"

* ci: More secrets-requiring

* ci: Strip whitespace out before b64 decoding

* ci: Adjust values.yaml

* ci: Comment in values.yaml
 2024-05-13 21:41:36 -04:00
Jennifer Richards 46e521ea9a ci: shared PersistentVolumeClaim on /a (#7283) 
* ci: shared PersistentVolumeClaim on /a

* ci: Increase storage request, add comment
 2024-05-13 21:41:36 -04:00
Jennifer Richards 8872e31e30 ci: Get APP_API_TOKENS from env (#7271) 
* ci: Get APP_API_TOKENS from env

* ci: chart fixup

* ci: Remove canned APP_API_TOKENs

(setec astronomy)
 2024-05-13 21:41:36 -04:00
Jennifer Richards 253ba1dfbd fix: mypy/flakes lint 2024-05-13 21:41:36 -04:00
Jennifer Richards f58bbc3caa ci: parameterize / update settings (#7248) 
* ci: parameterize gunicorn in datatracker-start.sh

* fix: typo

* ci: update settings_local for helm chart

* ci: Add todo comment

* ci: Drop redundant USE_TZ setting

* ci: Require secrets in production

* ci: fix indentation

* style: Black

* ci: memcached cfg from env in settings.py

* ci: set SITE_URL in settings.py

* refactor: /www/htpasswd -> /a/www/htpasswd

(it's a symlink on production)

* refactor: Remove obsolete SECR_ settings

* refactor: SECR_MAX_UPLOAD_SIZE -> DATATRACKER_...

* refactor: SECR_PPT2PDF_COMMAND -> PPT2PDF_COMMAND

* ci: Fix up helm/settings_local

* ci: Remove commented-out settings

* ci: Refactor/improve env var guards

* ci: More env refactoring / guards
 2024-05-13 21:41:36 -04:00
Jennifer Richards e3d0290480 ci: install libreoffice (#7262) 
Use bullseye-backports to get something more recent
(ietfa has 7.3.6.2; bullseye has 7.0.x.x;
bullseye-backports has 7.4.7.2)
 2024-05-13 21:41:36 -04:00
Jennifer Richards 7a238a363e ci: collectstatic --no-input (#7252) 2024-05-13 21:41:36 -04:00
Robert Sparks 1c90789b49 chore: reduce worker count and disable live checks for the datatracker pod (#7240) 2024-05-13 21:41:36 -04:00
Jennifer Richards ad34104f68 ci: Deploy rabbitmq with a password (#7239) 2024-05-13 21:41:36 -04:00
Robert Sparks b36ff61805 feat: use gunicorn (#7215) 
* feat: use gunicorn

* fix: let gunicorn emit logs to stdout/stderr

* fix: log to stdout/stderr in json format

* fix: run collectstatic for the local copy of the statics
 2024-05-13 21:41:36 -04:00
Jennifer Richards f1e6c3729f ci: give rabbitmq a persistent volume claim (#7235) 
* ci: give rabbitmq a persistent volume claim

This relies on minikube's dynamic creation of
persistent volumes - expect changes likely
needed for production deployment.

* ci: that's not an f-string

* ci: todo is todone
 2024-05-13 21:41:36 -04:00
Jennifer Richards c987bacc95 ci: Rabbitmq progress (wip) (#7233) 
* ci: rabbitmq service (wip)

* ci: customize rabbitmq config
 2024-05-13 21:41:36 -04:00
Nicolas Giard f6db3e8e1b ci: Update Dockerfile 2024-05-13 21:41:36 -04:00