diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6547ee7349aadc28477598fe94c3186a5e433ca4..2ade6ccd1f900ec17ea5c53285a8195b1cb1d376 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -51,12 +51,18 @@ variables:
#
# This script snippet needs a LOFAR_TARGET variable to define the SSH host to connect to.
#
-.prepare_ssh: &prepare_ssh
+.prepare_ssh_agent: &prepare_ssh_agent
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
+
+#
+# This script snippet needs a LOFAR_TARGET variable to define the SSH host to connect to.
+#
+.prepare_ssh: &prepare_ssh
+ - *prepare_ssh_agent
- ssh-keyscan $LOFAR_TARGET >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
@@ -630,6 +636,8 @@ deploy-SCU-test:
artifacts: false
allow_failure: true
when: manual
+ rules:
+ - if: '($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH) || ($CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true")'
#
# deploy-prod stage
@@ -651,30 +659,26 @@ deploy-tmss-dockerhub:
allow_failure: true
when: manual
-deploy-tmss-prod:
+.deploy-tmss-prod-common-script: &deploy-tmss-prod-common-script
+ - apk update
+ - apk add rsync
+ - apk add docker-compose
+ - cd SAS/TMSS/deploy
+ - cp ${LOFAR_ENVIRONMENT} environment
+ - chmod u+x environment
+ - source environment
+ - sh -e ./generate-env.sh
+ - rm environment
+ - echo -en "${CBM206_PRIVATE_KEY}" > app/id_rsa
+ - ssh ${LOFAR_USER}@${LOFAR_TARGET} -p ${LOFAR_TARGET_PORT} 'mkdir -p ~/.lofar/tmss'
+
+.deploy-tmss-prod:
stage: deploy-prod
- variables:
- LOFAR_USER: "lofarsys"
- LOFAR_TARGET: "lcs129.control.lofar"
- SOURCE_IMAGE: "${CI_NEXUS_REGISTRY_LOCATION}/tmss_django:$CI_COMMIT_SHORT_SHA"
- environment:
- name: production-lcs129
before_script:
- *prepare_ssh
- script:
- - apk update
- - apk add rsync
- - cd SAS/TMSS/deploy
- - cp ${TMSS_DEPLOY_LCS129_PRODUCTION} environment
- - chmod u+x environment
- - source environment
- - sh -e ./generate-env.sh
- - rm environment
- - rsync -aAXv --chmod=700 ./ ${LOFAR_USER}@${LOFAR_TARGET}:~/.lofar/tmss
- - rm -rf .env; rm -rf env; rm -rf app/.env
- - ssh $LOFAR_USER@$LOFAR_TARGET "cd .lofar/tmss; /localhome/lofarsys/bin/docker-compose build; /localhome/lofarsys/bin/docker-compose up -d; /localhome/lofarsys/bin/docker-compose logs db_migrate"
after_script:
- - ssh $LOFAR_USER@$LOFAR_TARGET "cd .lofar/tmss; rm -rf .env; rm -rf env; rm -rf app/.env"
+ - *prepare_ssh_agent
+ - ssh $LOFAR_USER@$LOFAR_TARGET -p ${LOFAR_TARGET_PORT} "cd .lofar/tmss; rm -rf lobster/.env; rm -rf lobster/env; tmss/.env; rm -rf tmss/env; rm -rf app/.env; rm -rf app/id_rsa"
needs:
- job: dockerize_TMSS
artifacts: false
@@ -682,8 +686,54 @@ deploy-tmss-prod:
artifacts: false
allow_failure: true
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
+
+deploy-tmss-prod-lcs129:
+ extends: .deploy-tmss-prod
+ variables:
+ LOFAR_ENVIRONMENT: ${TMSS_DEPLOY_LCS129_PRODUCTION}
+ LOFAR_USER: "lofarsys"
+ LOFAR_TARGET: "lcs129.control.lofar"
+ LOFAR_TARGET_PORT: 22
+ COMPOSE_PATH: /localhome/lofarsys/bin/docker-compose
+ SOURCE_IMAGE: "${CI_NEXUS_REGISTRY_LOCATION}/tmss_django:$CI_COMMIT_SHORT_SHA"
+ environment:
+ name: production-lcs129
+ script:
+ - *deploy-tmss-prod-common-script
+ - rsync -aAXv -e "ssh -p ${LOFAR_TARGET_PORT}" --chmod=700 ./ ${LOFAR_USER}@${LOFAR_TARGET}:~/.lofar/tmss
+ - rm -rf lobster/.env; rm -rf lobster/env; rm -rf tmss/.env; rm -rf tmss/env; rm -rf app/.env; rm -rf app/id_rsa
+ - ssh $LOFAR_USER@$LOFAR_TARGET -p ${LOFAR_TARGET_PORT} "cd .lofar/tmss/tmss; ${COMPOSE_PATH} down; ${COMPOSE_PATH} build; ${COMPOSE_PATH} up -d"
+
+deploy-tmss-prod-cs001:
+ extends: .deploy-tmss-prod
+ variables:
+ LOFAR_ENVIRONMENT: ${TMSS_DEPLOY_CS001_PRODUCTION}
+ LOFAR_USER: "lofarsys"
+ LOFAR_TARGET: "cs001c.control.lofar"
+ LOFAR_TARGET_PORT: 2222
+ COMPOSE_PATH: /usr/local/bin/docker-compose
+ SOURCE_IMAGE: "${CI_NEXUS_REGISTRY_LOCATION}/tmss_django:$CI_COMMIT_SHORT_SHA"
+ environment:
+ name: production-cs001
+ before_script:
+ - *prepare_ssh_agent
+ - ssh ${LOFAR_USER}@${LOFAR_TARGET} -p ${LOFAR_TARGET_PORT} -o "StrictHostKeyChecking=no" 'echo "critical do not remove me"'
+ script:
+ - *deploy-tmss-prod-common-script
+ - cd lobster
+ - docker-compose build || docker compose build
+ - docker save tmss_lobster > tmss-lobster.img
+ - docker image rm tmss_lobster
+ - ssh ${LOFAR_USER}@${LOFAR_TARGET} -p ${LOFAR_TARGET_PORT} 'mkdir -p ~/.lofar/tmss/lobster'
+ - ssh ${LOFAR_USER}@${LOFAR_TARGET} -p ${LOFAR_TARGET_PORT} "cd .lofar/tmss/lobster; rm -f tmss_lobster.img"
+ - rsync -aAXv -e "ssh -p ${LOFAR_TARGET_PORT}" --chmod=700 ./ ${LOFAR_USER}@${LOFAR_TARGET}:~/.lofar/tmss/lobster
+ - rm tmss-lobster.img
+ - ssh ${LOFAR_USER}@${LOFAR_TARGET} -p ${LOFAR_TARGET_PORT} "cd .lofar/tmss/lobster; ${COMPOSE_PATH} down; docker image rm -f tmss_lobster; docker load < ./tmss-lobster.img; ${COMPOSE_PATH} up -d"
+ after_script:
+ - *prepare_ssh_agent
+ - ssh ${LOFAR_USER}@${LOFAR_TARGET} -p ${LOFAR_TARGET_PORT} "cd .lofar/tmss/lobster; rm -f tmss_lobster.img"
deploy-MCU_MAC-prod:
stage: deploy-prod
@@ -704,8 +754,8 @@ deploy-MCU_MAC-prod:
artifacts: false
allow_failure: true
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-CCU_MAC-prod:
stage: deploy-prod
@@ -726,8 +776,8 @@ deploy-CCU_MAC-prod:
artifacts: false
allow_failure: true
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-lofar-pipeline-prod:
stage: deploy-prod
@@ -754,8 +804,8 @@ deploy-lofar-pipeline-prod:
needs:
- build_lofar_pipeline
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-dynspec-prod:
stage: deploy-prod
@@ -781,8 +831,8 @@ deploy-dynspec-prod:
needs:
- build_dynspec
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-lofar-pulp-prod:
stage: deploy-prod
@@ -808,8 +858,8 @@ deploy-lofar-pulp-prod:
needs:
- build_lofar_pulp
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-tbbwriter-control-prod:
stage: deploy-prod
@@ -835,8 +885,8 @@ deploy-tbbwriter-control-prod:
needs:
- build_lofar_tbbwriter_control
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-SCU-prod:
stage: deploy-prod
@@ -857,8 +907,8 @@ deploy-SCU-prod:
artifacts: false
allow_failure: true
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-LTAIngest-prod:
@@ -880,8 +930,8 @@ deploy-LTAIngest-prod:
artifacts: false
allow_failure: true
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-lcu-prod:
stage: deploy-prod
@@ -903,8 +953,8 @@ deploy-lcu-prod:
artifacts: false
allow_failure: true
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
deploy-station-test-prod:
stage: deploy-prod
@@ -925,8 +975,8 @@ deploy-station-test-prod:
artifacts: false
allow_failure: true
when: manual
- only:
- - tags
+ rules:
+ - if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
#
# Quality Control
diff --git a/Docker/lofar-ci/Dockerfile_ci_tmss b/Docker/lofar-ci/Dockerfile_ci_tmss
index 58473340971b00c153ca7de9d60701533fc5b7c0..d790158ee92d9c3b03d0c912c99a459a808d989e 100644
--- a/Docker/lofar-ci/Dockerfile_ci_tmss
+++ b/Docker/lofar-ci/Dockerfile_ci_tmss
@@ -38,7 +38,7 @@ RUN pip3 install astroplan cachetools comet coreapi coverage cx_Oracle cython dj
-r tmss_lobster.txt -r tmss_ingest_tmss_adapter.txt -r tmss_scheduling.txt \
-r tmss_slack_webhook.txt -r tmss_websocket.txt \
-c tmss_constraints.txt --ignore-installed
-RUN echo "This string is here to prevent Docker caching. It is 3 pm on Nov 27, 2023."
+RUN echo "This string is here to prevent Docker caching. It is 10 m on Nov 28, 2023."
# Download and import the Nodesource GPG key - Requires curl (already installed by base)
diff --git a/SAS/TMSS/backend/services/lobster/lib/config.py b/SAS/TMSS/backend/services/lobster/lib/config.py
index 55fc2020b4f2601498d7f8395c856ea58afb20ea..34b3da653bfbf6e144d559a0a51f1da4c82499f4 100644
--- a/SAS/TMSS/backend/services/lobster/lib/config.py
+++ b/SAS/TMSS/backend/services/lobster/lib/config.py
@@ -25,7 +25,9 @@ from lofar.common import isProductionEnvironment
def station_to_host(station: str, port: int=10000) -> str:
"""Convert name of station into connectable URL for connecting to PyTango"""
- return f"{station}c.control.lofar:{port}"
+ # return f"{station}c.control.lofar:{port}"
+ # TODO(Corne): https://support.astron.nl/jira/browse/TMSS-2861
+ return "tango.service.consul:10000"
# Node from which observations are started on COBALT
diff --git a/SAS/TMSS/backend/services/lobster/lib/message_handler.py b/SAS/TMSS/backend/services/lobster/lib/message_handler.py
index 5a360e4aff3a17c38b2f4d548c2a7e27860ffdab..17d372c552ce207d64a06e4b3a1b1b599f2a5936 100644
--- a/SAS/TMSS/backend/services/lobster/lib/message_handler.py
+++ b/SAS/TMSS/backend/services/lobster/lib/message_handler.py
@@ -161,14 +161,16 @@ class L2TMSSObservationControlMessageHandler(TMSSEventMessageHandler):
parset_file.write(parset)
# copy it to COBALT
- _system(f"scp {tmpdir}/{parset_filename} {COBALT_HEADNODE}:{COBALT_PARSET_DIR}/{parset_filename}")
+ # TODO(Corne): https://support.astron.nl/jira/browse/TMSS-2860
+ _system(f"scp -v -o 'StrictHostKeyChecking=no' {tmpdir}/{parset_filename} {COBALT_HEADNODE}:{COBALT_PARSET_DIR}/{parset_filename}")
# kickstart the observation on COBALT to start and stop at the
# times as provided in the parset.
# first 3 parameters are historical and ignored
# NB: This command returns "immediately", that is, COBALT will start the actual observation in the
# background.
- _system(f"ssh {COBALT_HEADNODE} '{COBALT_STARTBGL_SCRIPT} 1 2 3 {COBALT_PARSET_DIR}/{parset_filename} "
+ # TODO(Corne): https://support.astron.nl/jira/browse/TMSS-2860
+ _system(f"ssh -v -o 'StrictHostKeyChecking=no' {COBALT_HEADNODE} '{COBALT_STARTBGL_SCRIPT} 1 2 3 {COBALT_PARSET_DIR}/{parset_filename} "
f"{subtask_id}'")
def enqueue_scheduled_observation_subtask(self, subtask: dict):
diff --git a/SAS/TMSS/backend/services/lobster/requirements.txt b/SAS/TMSS/backend/services/lobster/requirements.txt
index a55ca430fd032e42eda51ab0d471a09417c85cb4..a10df9b38ea84bcf73e6437d91e306b32a583238 100644
--- a/SAS/TMSS/backend/services/lobster/requirements.txt
+++ b/SAS/TMSS/backend/services/lobster/requirements.txt
@@ -1 +1 @@
-lofar-station-client@git+https://git.astron.nl/lofar2.0/lofar-station-client.git # Apache 2
+lofar-station-client[tango]@git+https://git.astron.nl/lofar2.0/lofar-station-client.git # Apache 2
diff --git a/SAS/TMSS/backend/test/CMakeLists.txt b/SAS/TMSS/backend/test/CMakeLists.txt
index 457c7f72432a939c5bd25a7c738213bf49ed10d5..fbb67357b752dd16c62919922a389ab0a4bb79e2 100644
--- a/SAS/TMSS/backend/test/CMakeLists.txt
+++ b/SAS/TMSS/backend/test/CMakeLists.txt
@@ -24,8 +24,8 @@ if(BUILD_TESTING)
lofar_add_test(t_complex_serializers)
lofar_add_test(t_conversions)
lofar_add_test(t_feedback)
- #lofar_add_test(t_l2station_tmss_integration_test)
- #lofar_add_test(t_l2station_tmss_test)
+ lofar_add_test(t_l2station_tmss_integration_test)
+ lofar_add_test(t_l2station_tmss_test)
lofar_add_test(t_observation_strategies_specification_and_scheduling_test)
lofar_add_test(t_observing_strategies_regression_test)
lofar_add_test(t_permissions_project_roles)
diff --git a/SAS/TMSS/backend/test/t_l2station_tmss_test.py b/SAS/TMSS/backend/test/t_l2station_tmss_test.py
index 7dda9e56a32af055d0ff5d0de39291e9e9db82d0..c8f5b16848a9e6cd0ab561fc5250dd267ddcfce4 100755
--- a/SAS/TMSS/backend/test/t_l2station_tmss_test.py
+++ b/SAS/TMSS/backend/test/t_l2station_tmss_test.py
@@ -120,8 +120,10 @@ class TestL2StationTMSS(unittest.TestCase):
def test_station_to_host(self):
"""Test station to host"""
- self.assertEqual("testc.control.lofar:10000", station_to_host("test", 10000))
- self.assertEqual("cs001c.control.lofar:10000", station_to_host("cs001", 10000))
+ # TODO(Corne): https://support.astron.nl/jira/browse/TMSS-2861
+ self.assertEqual("tango.service.consul:10000", station_to_host("irrelevant", 10000))
+ # self.assertEqual("testc.control.lofar:10000", station_to_host("test", 10000))
+ # self.assertEqual("cs001c.control.lofar:10000", station_to_host("cs001", 10000))
def test_observation_pool_create_multistationobservation_get(self):
"""Create multistationobservation and retrieve observation from pool"""
@@ -259,10 +261,12 @@ class TestL2StationTMSS(unittest.TestCase):
result = extract_stations(test_dummy_spec)
- self.assertIn("CS001c.control.lofar:10000", result)
- self.assertIn("CS002c.control.lofar:10000", result)
-
- self.assertIn("CS003c.control.lofar:10000", result)
+ # TODO(Corne): https://support.astron.nl/jira/browse/TMSS-2861
+ self.assertIn("tango.service.consul:10000", result)
+ # self.assertIn("CS001c.control.lofar:10000", result)
+ # self.assertIn("CS002c.control.lofar:10000", result)
+ #
+ # self.assertIn("CS003c.control.lofar:10000", result)
if __name__ == '__main__':
diff --git a/SAS/TMSS/deploy/app/Dockerfile b/SAS/TMSS/deploy/app/Dockerfile
index dde659fde55859732c52320a4bbb7b520bf113c2..28201fc859ab4a92c57ec994ba451145b42466ad 100644
--- a/SAS/TMSS/deploy/app/Dockerfile
+++ b/SAS/TMSS/deploy/app/Dockerfile
@@ -9,7 +9,19 @@ COPY generate-dbcredentials.sh ./
USER root
RUN chmod 0755 ./generate-dbcredentials.sh
RUN /bin/bash -c 'source ./.env; ./generate-dbcredentials.sh'
-RUN chown -R lofarsys ${HOME}
-RUN chgrp -R lofarsys ${HOME}
+
+# Home directories show incorrect behavior
+# root -> /localhome/lofarsys
+# lofarsys -> /opt/lofar
+# but ssh keys for lofarsys should be in /home/lofarsys/.ssh
+# TODO(Corne): https://support.astron.nl/jira/browse/TMSS-2857
+RUN mkdir -p /home/lofarsys/.ssh
+RUN chmod 700 /home/lofarsys/.ssh/
+COPY id_rsa ./
+RUN cp ./id_rsa /home/lofarsys/.ssh/id_rsa
+RUN chmod 600 /home/lofarsys/.ssh/id_rsa
+
+RUN chown -R lofarsys:lofarsys ${HOME}
+RUN chown -R lofarsys:lofarsys /home/lofarsys
USER lofarsys
diff --git a/SAS/TMSS/deploy/generate-env.sh b/SAS/TMSS/deploy/generate-env.sh
index c82c1b45faa2186c6e8fbab8875956675221aac6..026ae3e59aacfea8b542e83fa3dcae9e07c56bc1 100755
--- a/SAS/TMSS/deploy/generate-env.sh
+++ b/SAS/TMSS/deploy/generate-env.sh
@@ -1,7 +1,8 @@
#!/bin/bash
# Base image for two-step docker-compose image generation
-echo "SOURCE_IMAGE=${SOURCE_IMAGE}" > .env
+echo "SOURCE_IMAGE=${SOURCE_IMAGE}" > tmss/.env
+echo "SOURCE_IMAGE=${SOURCE_IMAGE}" > lobster/.env
echo "export LTA_HOST=${LTA_HOST}" > app/.env
echo "export LTA_USER=${LTA_USER}" >> app/.env
@@ -31,33 +32,36 @@ echo "export TMSS_SLACK_PORT=${TMSS_SLACK_PORT}" >> app/.env
echo "export TMSS_SLACK_DATABASE=${TMSS_SLACK_DATABASE}" >> app/.env
# Environment variables required by processes in containers
-echo "LOFARENV=${LOFARENV}" >> env
-# tmss django settings
-echo "DEBUG=${DEBUG}" >> env
-echo "ALLOWED_HOSTS=${ALLOWED_HOSTS}" >> env
-echo "SECRET_KEY=${SECRET_KEY}" >> env
-echo "TMSS_ENABLE_VIEWFLOW=${TMSS_ENABLE_VIEWFLOW}" >> env
-echo "TMSS_LOGOUT_REDIRECT_URL=${TMSS_LOGOUT_REDIRECT_URL}" >> env
+for folder in lobster tmss
+do
+ echo "LOFARENV=${LOFARENV}" > ${folder}/env
+ # tmss django settings
+ echo "DEBUG=${DEBUG}" >> ${folder}/env
+ echo "ALLOWED_HOSTS=${ALLOWED_HOSTS}" >> ${folder}/env
+ echo "SECRET_KEY=${SECRET_KEY}" >> ${folder}/env
+ echo "TMSS_ENABLE_VIEWFLOW=${TMSS_ENABLE_VIEWFLOW}" >> ${folder}/env
+ echo "TMSS_LOGOUT_REDIRECT_URL=${TMSS_LOGOUT_REDIRECT_URL}" >> ${folder}/env
-# RabbitMQ and lofar usage of rabbitmq
-echo "RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}" >> env
-echo "RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}" >> env
-echo "RABBITMQ_DEFAULT_PORT=${RABBITMQ_DEFAULT_PORT}" >> env
-echo "LOFAR_DEFAULT_BROKER=${LOFAR_DEFAULT_BROKER}" >> env
-echo "LOFAR_DEFAULT_EXCHANGE=${LOFAR_DEFAULT_EXCHANGE}" >> env
+ # RabbitMQ and lofar usage of rabbitmq
+ echo "RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}" >> ${folder}/env
+ echo "RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}" >> ${folder}/env
+ echo "RABBITMQ_DEFAULT_PORT=${RABBITMQ_DEFAULT_PORT}" >> ${folder}/env
+ echo "LOFAR_DEFAULT_BROKER=${LOFAR_DEFAULT_BROKER}" >> ${folder}/env
+ echo "LOFAR_DEFAULT_EXCHANGE=${LOFAR_DEFAULT_EXCHANGE}" >> ${folder}/env
-# Keycloak user authentication
-echo "OIDC_RP_CLIENT_ID=${OIDC_RP_CLIENT_ID}" >> env
-echo "OIDC_RP_CLIENT_SECRET=${OIDC_RP_CLIENT_SECRET}" >> env
-echo "OIDC_OP_JWKS_ENDPOINT=${OIDC_OP_JWKS_ENDPOINT}" >> env
-echo "OIDC_OP_AUTHORIZATION_ENDPOINT=${OIDC_OP_AUTHORIZATION_ENDPOINT}" >> env
-echo "OIDC_OP_TOKEN_ENDPOINT=${OIDC_OP_TOKEN_ENDPOINT}" >> env
-echo "OIDC_OP_USER_ENDPOINT=${OIDC_OP_USER_ENDPOINT}" >> env
-echo "OIDC_ENDPOINT_HOST=${OIDC_ENDPOINT_HOST}" >> env
-echo "KEYCLOAK_TOKEN_URL=${KEYCLOAK_TOKEN_URL}" >> env
-echo "KEYCLOAK_ADMIN_USER=${KEYCLOAK_ADMIN_USER}" >> env
-echo "KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}" >> env
-echo "KEYCLOAK_API_BASE_URL=${KEYCLOAK_API_BASE_URL}" >> env
+ # Keycloak user authentication
+ echo "OIDC_RP_CLIENT_ID=${OIDC_RP_CLIENT_ID}" >> ${folder}/env
+ echo "OIDC_RP_CLIENT_SECRET=${OIDC_RP_CLIENT_SECRET}" >> ${folder}/env
+ echo "OIDC_OP_JWKS_ENDPOINT=${OIDC_OP_JWKS_ENDPOINT}" >> ${folder}/env
+ echo "OIDC_OP_AUTHORIZATION_ENDPOINT=${OIDC_OP_AUTHORIZATION_ENDPOINT}" >> ${folder}/env
+ echo "OIDC_OP_TOKEN_ENDPOINT=${OIDC_OP_TOKEN_ENDPOINT}" >> ${folder}/env
+ echo "OIDC_OP_USER_ENDPOINT=${OIDC_OP_USER_ENDPOINT}" >> ${folder}/env
+ echo "OIDC_ENDPOINT_HOST=${OIDC_ENDPOINT_HOST}" >> ${folder}/env
+ echo "KEYCLOAK_TOKEN_URL=${KEYCLOAK_TOKEN_URL}" >> ${folder}/env
+ echo "KEYCLOAK_ADMIN_USER=${KEYCLOAK_ADMIN_USER}" >> ${folder}/env
+ echo "KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}" >> ${folder}/env
+ echo "KEYCLOAK_API_BASE_URL=${KEYCLOAK_API_BASE_URL}" >> ${folder}/env
-# fallback for non-keycloak users (like admin etc)
-echo "LDAP_SERVER_URI=${LDAP_SERVER_URI}" >> env
\ No newline at end of file
+ # fallback for non-keycloak users (like admin etc)
+ echo "LDAP_SERVER_URI=${LDAP_SERVER_URI}" >> ${folder}/env
+done
\ No newline at end of file
diff --git a/SAS/TMSS/deploy/lobster/docker-compose.yml b/SAS/TMSS/deploy/lobster/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..dd5d6291e37c9df4d0387852f81aaabe6f2c8c98
--- /dev/null
+++ b/SAS/TMSS/deploy/lobster/docker-compose.yml
@@ -0,0 +1,23 @@
+version: '3'
+
+services:
+ lobster:
+ container_name: tmss_lobster
+ image: tmss_lobster
+ build:
+ context: ../app
+ dockerfile: Dockerfile
+ args:
+ SOURCE_IMAGE: ${SOURCE_IMAGE}
+ HOME: "/localhome/lofarsys"
+ restart: unless-stopped
+ env_file:
+ - env
+ environment:
+ - USER=lofarsys
+ - HOME=/localhome/lofarsys
+ command: /bin/bash -c 'source /opt/lofar/lofarinit.sh; exec tmss_lobster_service'
+ logging:
+ driver: journald
+ options:
+ tag: tmss_lobster
\ No newline at end of file
diff --git a/SAS/TMSS/deploy/lobster/lobster-vm.nomad b/SAS/TMSS/deploy/lobster/lobster-vm.nomad
new file mode 100644
index 0000000000000000000000000000000000000000..445a165162b39c0d942ab66ead502686118d8f68
--- /dev/null
+++ b/SAS/TMSS/deploy/lobster/lobster-vm.nomad
@@ -0,0 +1,183 @@
+job "lobster-vm" {
+ datacenters = ["stat"]
+ type = "service"
+ group "qemu-vm" {
+ count = 1
+ volume "images" {
+ type = "host"
+ read_only = false
+ source = "images"
+ }
+ network {
+ port "http" {}
+ }
+ task "imds" {
+ lifecycle {
+ hook = "prestart"
+ sidecar = true
+ }
+ driver = "exec"
+ config {
+ command = "python3"
+ args = [
+ "-m", "http.server", "${NOMAD_PORT_http}",
+ "--directory", "local/"
+ ]
+ }
+ template {
+ data = <<EOH
+ instance-id: ${NOMAD_SHORT_ALLOC_ID}
+ local-hostname: ${NOMAD_SHORT_ALLOC_ID}-client
+ EOH
+ destination = "local/meta-data"
+ }
+ template {
+ data = <<EOH
+ #cloud-config
+ password: password
+ chpasswd:
+ expire: False
+ ssh_authorized_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhxDArT4JOrprdJ61H/+2cVEr0kRvkzPzyNm8VmyzYQ feldt@dop512.astron.nl
+ users:
+ - default
+ - name: lofarsys
+ homedir: /localhome/lofarsys
+ groups: docker
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDX+bKZ2F81lvZuRguzkpnbtOTYu9oVjq6UogR8kpkc9+toCluEuuIfjvbxOeQSvExPm7/5Cx9pAeQ9ltIKmJ3X639Qk48weMwNpY3ZWXAavH8StyyN5IlzpJfv+ePVx4C/t0o7pvD1Zj4hwQhKmDD2PdiYTcDas2ecE8aOGGM1hQBFtn4LajRz5eB3xArckf0C3EqXmg9+Q8ewk7o/Fxx3afGPh+hatNlYjvhmEw/fEFi0NugjHMybswuLURjSUGHQ2iObumT9XinIxRKOB6G+FvIiqSEldJzIihclx7sh9dkohfRGsHVSdDcPYpTnw4kpcV5JHaq+JQYwMSj4dm/n
+ bootcmd:
+ - DEBIAN_FRONTEND=noninteractive apt-get -yq update
+ - DEBIAN_FRONTEND=noninteractive apt-get -yq install gnupg
+ runcmd:
+ - curl -SL https://github.com/docker/compose/releases/download/v2.23.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
+ - chmod o+rx /usr/local/bin/docker-compose
+ - [systemctl, restart, systemd-resolved]
+ - [sysctl ,-w ,fs.inotify.max_user_instances=256]
+ - [systemctl, enable, consul.service]
+ - [systemctl, start, consul.service]
+ - [systemctl, enable, docker.service]
+ - [systemctl, start, docker.service]
+ package_update: true
+ package_upgrade: true
+ packages:
+ - docker.io
+ - consul
+ write_files:
+ - content: |
+ datacenter = "{{ env "attr.consul.datacenter" }}"
+ data_dir = "/opt/consul"
+ bind_addr = "{{"{{"}} GetInterfaceIP \"ens3\" {{"}}"}}"
+ encrypt = "{{ with nomadVar "nomad/jobs/nomad-client/qemu-vm/imds" }}{{ .consul_encrypt }}{{ end }}"
+ retry_join = ["10.99.250.250"]
+ server = false
+ ports {
+ grpc = 8502
+ }
+ path: /etc/consul.d/consul.hcl
+ defer: true
+ apt:
+ preserve_source_list: true
+ sources:
+ hashicorp:
+ source: 'deb https://apt.releases.hashicorp.com $RELEASE main'
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ mQINBGO9u+MBEADmE9i8rpt8xhRqxbzlBG06z3qe+e1DI+SyjscyVVRcGDrEfo+J
+ W5UWw0+afey7HFkaKqKqOHVVGSjmh6HO3MskxcpRm/pxRzfni/OcBBuJU2DcGXnG
+ nuRZ+ltqBncOuONi6Wf00McTWviLKHRrP6oWwWww7sYF/RbZp5xGmMJ2vnsNhtp3
+ 8LIMOmY2xv9LeKMh++WcxQDpIeRohmSJyknbjJ0MNlhnezTIPajrs1laLh/IVKVz
+ 7/Z73UWX+rWI/5g+6yBSEtj368N7iyq+hUvQ/bL00eyg1Gs8nE1xiCmRHdNjMBLX
+ lHi0V9fYgg3KVGo6Hi/Is2gUtmip4ZPnThVmB5fD5LzS7Y5joYVjHpwUtMD0V3s1
+ HiHAUbTH+OY2JqxZDO9iW8Gl0rCLkfaFDBS2EVLPjo/kq9Sn7vfp2WHffWs1fzeB
+ HI6iUl2AjCCotK61nyMR33rNuNcbPbp+17NkDEy80YPDRbABdgb+hQe0o8htEB2t
+ CDA3Ev9t2g9IC3VD/jgncCRnPtKP3vhEhlhMo3fUCnJI7XETgbuGntLRHhmGJpTj
+ ydudopoMWZAU/H9KxJvwlVXiNoBYFvdoxhV7/N+OBQDLMevB8XtPXNQ8ZOEHl22G
+ hbL8I1c2SqjEPCa27OIccXwNY+s0A41BseBr44dmu9GoQVhI7TsetpR+qwARAQAB
+ tFFIYXNoaUNvcnAgU2VjdXJpdHkgKEhhc2hpQ29ycCBQYWNrYWdlIFNpZ25pbmcp
+ IDxzZWN1cml0eStwYWNrYWdpbmdAaGFzaGljb3JwLmNvbT6JAlQEEwEIAD4CGwMF
+ CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQR5iuxlTlwVQoyOQu6qFvy8piHnAQUC
+ Y728PQUJCWYB2gAKCRCqFvy8piHnAd16EADeBtTgkdVEvct40TH/9HKkR/Lc/ohM
+ rer6FFHdKmceJ6Ma8/Qm4nCO5C7c4+EPjsUXdhK5w8DSdC5VbKLJDY1EnDlmU5B1
+ wSFkGoYKoB8lUn30E77E33MTu2kfrSuF605vetq269CyBwIJV7oNN6311dW8iQ6z
+ IytTtlJbVr4YZ7Vst40/uR4myumk9bVBGEd6JhFAPmr/um+BZFhRf9/8xtOryOyB
+ GF2d+bc9IoAugpxwv0IowHEqkI4RpK2U9hvxG80sTOcmerOuFbmNyPwnEgtJ6CM1
+ bc8WAmObJiQcRSLbcgF+a7+2wqrUbCqRE7QoS2wjd1HpUVPmSdJN925c2uaua2A4
+ QCbTEg8kV2HiP0HGXypVNhZJt5ouo0YgR6BSbMlsMHniDQaSIP1LgmEz5xD4UAxO
+ Y/GRR3LWojGzVzBb0T98jpDgPtOu/NpKx3jhSpE2U9h/VRDiL/Pf7gvEIxPUTKuV
+ 5D8VqAiXovlk4wSH13Q05d9dIAjuinSlxb4DVr8IL0lmx9DyHehticmJVooHDyJl
+ HoA2q2tFnlBBAFbN92662q8Pqi9HbljVRTD1vUjof6ohaoM+5K1C043dmcwZZMTc
+ 7gV1rbCuxh69rILpjwM1stqgI1ONUIkurKVGZHM6N2AatNKqtBRdGEroQo1aL4+4
+ u+DKFrMxOqa5b7kCDQRjvbwTARAA0ut7iKLj9sOcp5kRG/5V+T0Ak2k2GSus7w8e
+ kFh468SVCNUgLJpLzc5hBiXACQX6PEnyhLZa8RAG+ehBfPt03GbxW6cK9nx7HRFQ
+ GA79H5B4AP3XdEdT1gIL2eaHdQot0mpF2b07GNfADgj99MhpxMCtTdVbBqHY8YEQ
+ Uq7+E9UCNNs45w5ddq07EDk+o6C3xdJ42fvS2x44uNH6Z6sdApPXLrybeun74C1Z
+ Oo4Ypre4+xkcw2q2WIhy0Qzeuw+9tn4CYjrhw/+fvvPGUAhtYlFGF6bSebmyua8Q
+ MTKhwqHqwJxpjftM3ARdgFkhlH1H+PcmpnVutgTNKGcy+9b/lu/Rjq/47JZ+5VkK
+ ZtYT/zO1oW5zRklHvB6R/OcSlXGdC0mfReIBcNvuNlLhNcBA9frNdOk3hpJgYDzg
+ f8Ykkc+4z8SZ9gA3g0JmDHY1X3SnSadSPyMas3zH5W+16rq9E+MZztR0RWwmpDtg
+ Ff1XGMmvc+FVEB8dRLKFWSt/E1eIhsK2CRnaR8uotKW/A/gosao0E3mnIygcyLB4
+ fnOM3mnTF3CcRumxJvnTEmSDcoKSOpv0xbFgQkRAnVSn/gHkcbVw/ZnvZbXvvseh
+ 7dstp2ljCs0queKU+Zo22TCzZqXX/AINs/j9Ll67NyIJev445l3+0TWB0kego5Fi
+ UVuSWkMAEQEAAYkEcgQYAQgAJhYhBHmK7GVOXBVCjI5C7qoW/LymIecBBQJjvbwT
+ AhsCBQkJZgGAAkAJEKoW/LymIecBwXQgBBkBCAAdFiEE6wr14plJaVlvmYc+cG5m
+ g2nAhekFAmO9vBMACgkQcG5mg2nAhenPURAAimI0EBZbqpyHpwpbeYq3Pygg1bdo
+ IlBQUVoutaN1lR7kqGXwYH+BP6G40x79LwVy/fWV8gO7cDX6D1yeKLNbhnJHPBus
+ FJDmzDPbjTlyWlDqJoWMiPqfAOc1A1cHodsUJDUlA01j1rPTho0S9iALX5R50Wa9
+ sIenpfe7RVunDwW5gw6y8me7ncl5trD0LM2HURw6nYnLrxePiTAF1MF90jrAhJDV
+ +krYqd6IFq5RHKveRtCuTvpL7DlgVCtntmbXLbVC/Fbv6w1xY3A7rXko/03nswAi
+ AXHKMP14UutVEcLYDBXbDrvgpb2p2ZUJnujs6cNyx9cOPeuxnke8+ACWvpnWxwjL
+ M5u8OckiqzRRobNxQZ1vLxzdovYTwTlUAG7QjIXVvOk9VNp/ERhh0eviZK+1/ezk
+ Z8nnPjx+elThQ+r16EM7hD0RDXtOR1VZ0R3OL64AlZYDZz1jEA3lrGhvbjSIfBQk
+ T6mxKUsCy3YbElcOyuohmPRgT1iVDIZ/1iPL0Q0HGm4+EsWCdH6fAPB7TlHD8z2D
+ 7JCFLihFDWs5lrZyuWMO9nryZiVjJrOLPcStgJYVd/MhRHR4hC6g09bgo25RMJ6f
+ gyzL4vlEB7aSUih7yjgL9s5DKXP2J71dAhIlF8nnM403R2xEeHyivnyeR/9Ifn7M
+ PJvUMUuoG+ZANSMkrw//XA31o//TVk9WsLD1Edxt5XZCoR+fS+Vz8ScLwP1d/vQE
+ OW/EWzeMRG15C0td1lfHvwPKvf2MN+WLenp9TGZ7A1kEHIpjKvY51AIkX2kW5QLu
+ Y3LBb+HGiZ6j7AaU4uYR3kS1+L79v4kyvhhBOgx/8V+b3+2pQIsVOp79ySGvVwpL
+ FJ2QUgO15hnlQJrFLRYa0PISKrSWf35KXAy04mjqCYqIGkLsz2qQCY2lGcD5k05z
+ bBC4TvxwVxv0ftl2C5Bd0ydl/2YM7GfLrmZmTijK067t4OO+2SROT2oYPDsMtZ6S
+ E8vUXvoGpQ8tf5Nkrn2t0zDG3UDtgZY5UVYnZI+xT7WHsCz//8fY3QMvPXAuc33T
+ vVdiSfP0aBnZXj6oGs/4Vl1Dmm62XLr13+SMoepMWg2Vt7C8jqKOmhFmSOWyOmRH
+ UZJR7nKvTpFnL8atSyFDa4o1bk2U3alOscWS8u8xJ/iMcoONEBhItft6olpMVdzP
+ CTrnCAqMjTSPlQU/9EGtp21KQBed2KdAsJBYuPgwaQeyNIvQEOXmINavl58VD72Y
+ 2T4TFEY8dUiExAYpSodbwBL2fr8DJxOX68WH6e3fF7HwX8LRBjZq0XUwh0KxgHN+
+ b9gGXBvgWnJr4NSQGGPiSQVNNHt2ZcBAClYhm+9eC5/VwB+Etg4+1wDmggztiqE=
+ =FdUF
+ -----END PGP PUBLIC KEY BLOCK-----
+ EOH
+ destination = "local/user-data"
+ }
+ template {
+ data = <<EOH
+ EOH
+ destination = "local/vendor-data"
+ }
+ }
+ task "debian" {
+ driver = "qemu"
+ config {
+ image_path = "/opt/nomad/images/disk-lobster-vm.qcow2"
+ drive_interface = "virtio"
+ graceful_shutdown = true
+ accelerator = "kvm"
+ args = [
+ "-nographic",
+ "-net", "nic,model=virtio",
+ "-net", "tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown",
+ "-nic", "user,model=virtio-net-pci,hostfwd=tcp:10.151.255.1:2222-:22",
+ "-smbios",
+ "type=1,serial=ds=nocloud-net;i=${NOMAD_SHORT_ALLOC_ID};h=${NOMAD_SHORT_ALLOC_ID}-client;s=http://${NOMAD_ADDR_http}/",
+ "-cpu", "host",
+ "-smp", "1",
+ "-overcommit", "mem-lock=on",
+ "-overcommit", "cpu-pm=on"
+ ]
+ }
+ resources {
+ memory = 512
+ cpu = 100
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/SAS/TMSS/deploy/docker-compose.yml b/SAS/TMSS/deploy/tmss/docker-compose.yml
similarity index 89%
rename from SAS/TMSS/deploy/docker-compose.yml
rename to SAS/TMSS/deploy/tmss/docker-compose.yml
index 8ef9f7918dc2e5ead03be7e62680d96bbe30e2da..618b4e20a526dc71d457c3e60e0f883bc038842c 100644
--- a/SAS/TMSS/deploy/docker-compose.yml
+++ b/SAS/TMSS/deploy/tmss/docker-compose.yml
@@ -5,7 +5,7 @@ services:
container_name: tmss_db_migrate
image: tmss_db_migrate
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -24,7 +24,7 @@ services:
container_name: tmss_app
image: tmss_app
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -70,7 +70,7 @@ services:
container_name: tmss_websock
image: tmss_websock
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -95,7 +95,7 @@ services:
container_name: tmss_postgres_listener
image: tmss_postgres_listener
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -118,7 +118,7 @@ services:
container_name: tmss_lta_adapter
image: tmss_lta_adapter
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -140,7 +140,7 @@ services:
container_name: tmss_ingest_adapter
image: tmss_ingest_adapter
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -162,7 +162,7 @@ services:
container_name: tmss_precalculations
image: tmss_precalculations
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -185,7 +185,7 @@ services:
container_name: tmss_feedback
image: tmss_feedback
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -208,7 +208,7 @@ services:
container_name: tmss_scheduling
image: tmss_scheduling
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -254,7 +254,7 @@ services:
container_name: tmss_workflow
image: tmss_workflow
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -277,7 +277,7 @@ services:
container_name: tmss_slack_webhook
image: tmss_slack_webhook
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
@@ -296,39 +296,11 @@ services:
driver: journald
options:
tag: tmss_slack_webhook
- lobster:
- container_name: tmss_lobster
- image: tmss_lobster
- build:
- context: ./app
- dockerfile: Dockerfile
- args:
- SOURCE_IMAGE: ${SOURCE_IMAGE}
- HOME: "/localhome/lofarsys"
- restart: unless-stopped
- env_file:
- - env
- environment:
- - USER=lofarsys
- - HOME=/localhome/lofarsys
- user: "7149:7149"
- volumes:
- - /etc/passwd:/etc/passwd:ro
- - /etc/group:/etc/group:ro
- - /localhome/lofarsys:/localhome/lofarsys
- command: /bin/bash -c 'source /opt/lofar/lofarinit.sh; exec tmss_lobster_service'
- depends_on:
- db_migrate:
- condition: service_completed_successfully
- logging:
- driver: journald
- options:
- tag: tmss_lobster
report_refresh:
container_name: tmss_report_refresh
image: tmss_report_refresh
build:
- context: ./app
+ context: ../app
dockerfile: Dockerfile
args:
SOURCE_IMAGE: ${SOURCE_IMAGE}
diff --git a/SAS/TMSS/deploy/nginx/Dockerfile b/SAS/TMSS/deploy/tmss/nginx/Dockerfile
similarity index 100%
rename from SAS/TMSS/deploy/nginx/Dockerfile
rename to SAS/TMSS/deploy/tmss/nginx/Dockerfile
diff --git a/SAS/TMSS/deploy/nginx/default.conf b/SAS/TMSS/deploy/tmss/nginx/default.conf
similarity index 100%
rename from SAS/TMSS/deploy/nginx/default.conf
rename to SAS/TMSS/deploy/tmss/nginx/default.conf