From d48ca8570efc6edd3faeeba02f4432e84b3eedc8 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Tue, 19 May 2020 11:36:17 +0200 Subject: [PATCH 01/20] backup functionality --- liquid_node/backup.py | 58 +++++++++++++++++++++++++++++--------- liquid_node/jsonapi.py | 8 +++++- templates/hypothesis.nomad | 15 ++++++---- 3 files changed, 60 insertions(+), 21 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 968328f3..0b9c22ed 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -38,6 +38,13 @@ def backup(*args): if config.is_app_enabled('dokuwiki'): backup_files(dest / 'dokuwiki.tgz', '/bitnami/dokuwiki', [], 'dokuwiki:php') + if config.is_app_enabled('hypothesis'): + collection_dir = dest / "hypothesis" + collection_dir.mkdir(parents=True, exist_ok=True) + backup_pg(collection_dir / 'hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') + backup_collection_es(dest / 'hypothesis' , 'hypothesis', '/_h_es') + backup_files(collection_dir / 'hypothesis.tgz', '/opt/rabbitmq/', [], 'hypothesis:rabbitmq') + if not options.collections: log.warning('not backing up collection data (--no-collections)') return @@ -75,6 +82,14 @@ def restore_apps(*args): restore_files(src / 'dokuwiki.tgz', '/bitnami/dokuwiki', 'dokuwiki:php') nomad.restart('dokuwiki', 'php') + if config.is_app_enabled('hypothesis'): + restore_pg(src / 'hypothesis/hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') + restore_files(src / 'hypothesis/hypothesis.tgz', '/opt/rabbitmq/', 'hypothesis:rabbitmq') + restore_collection_es(src / 'hypothesis/', 'hypothesis', '/_h_es') + nomad.restart('hypothesis', 'pg') + nomad.restart('hypothesis', 'es') + nomad.restart('hypothesis', 'rabbitmq') + log.info("Restore done; deploying") commands.halt() commands.deploy() @@ -82,6 +97,7 @@ def restore_apps(*args): SNOOP_PG_ALLOC = "hoover-deps:snoop-pg" SNOOP_ES_ALLOC = "hoover-deps:es" +HYPOTHESIS_ES_ALLOC = "hypothesis:es" SNOOP_API_ALLOC = "hoover:snoop" @@ -223,10 +239,10 @@ def is_index_available(es_client, name): @retry() -def backup_collection_es(dest, name): +def backup_collection_es(dest, name, url_adder): tmp_file = dest / "es.tgz.tmp" log.info(f"Dumping collection {name} es snapshot to {tmp_file}") - es = JsonApi(f"http://{nomad.get_address()}:9990/_es") + es = JsonApi(f"http://{nomad.get_address()}:9990{url_adder}") # wait until the index is available log.info(f'Waiting until shards for index "{name}" are all available.') @@ -240,7 +256,7 @@ def backup_collection_es(dest, name): "type": "fs", "settings": { "location": f"/es_repo/backup-{name}", - }, + }, }) es.put(f"/_snapshot/backup-{name}/snapshot", { "indices": name, @@ -258,8 +274,10 @@ def backup_collection_es(dest, name): else: raise RuntimeError("Something went wrong: %r" % snapshot) log.info(f"Snapshot done in {int(time()-t0)}s") - - backup_files(tmp_file, f"/es_repo/backup-{name}", [], SNOOP_ES_ALLOC) + if url_adder == '/_h_es': + backup_files(tmp_file, f"/es_repo/backup-{name}", [], HYPOTHESIS_ES_ALLOC) + else: + backup_files(tmp_file, f"/es_repo/backup-{name}", [], SNOOP_ES_ALLOC) dest_file = dest / "es.tgz" tmp_file.rename(dest_file) @@ -274,13 +292,13 @@ def backup_collection_es(dest, name): @retry() -def restore_collection_es(src, name): +def restore_collection_es(src, name, url_adder): src_file = src / "es.tgz" if not src_file.is_file(): log.warn(f"No es backup at {src_file}, skipping es restore") return log.info(f"Restoring collection {name} es snapshot from {src_file}") - es = JsonApi(f"http://{nomad.get_address()}:9990/_es") + es = JsonApi(f"http://{nomad.get_address()}:9990{url_adder}") # wait until the index is available log.info(f'Waiting until shards for index "{name}" are all available...') @@ -298,7 +316,12 @@ def restore_collection_es(src, name): }, }) # populate its directory - restore_files(src_file, f"/es_repo/restore-{name}", SNOOP_ES_ALLOC) + if url_adder == "/_h_es": + print(f"USING {HYPOTHESIS_ES_ALLOC}") + restore_files(src_file, f"/es_repo/restore-{name}", HYPOTHESIS_ES_ALLOC) + else: + print(f"USING {SNOOP_ES_ALLOC}") + restore_files(src_file, f"/es_repo/restore-{name}", SNOOP_ES_ALLOC) # examine unpacked snapshot resp = es.get(f"/_snapshot/restore-{name}/snapshot") @@ -336,10 +359,17 @@ def restore_collection_es(src, name): finally: es.delete(f"/_snapshot/restore-{name}/snapshot") es.delete(f"/_snapshot/restore-{name}") - rm_cmd = ( - f"./liquid dockerexec {SNOOP_ES_ALLOC} " - f"rm -rf /es_repo/restore-{name} " - ) + + if url_adder == "/_h_es": + rm_cmd = ( + f"./liquid dockerexec {HYPOTHESIS_ES_ALLOC} " + f"rm -rf /es_repo/restore-{name} " + ) + else: + rm_cmd = ( + f"./liquid dockerexec {SNOOP_ES_ALLOC} " + f"rm -rf /es_repo/restore-{name} " + ) subprocess.check_call(rm_cmd, shell=True) @@ -350,7 +380,7 @@ def backup_collection(dest, name, save_blobs=True, save_es=True, save_pg=True): log.info("skipping saving pg") if save_es: - backup_collection_es(dest, name) + backup_collection_es(dest, name, "/_es") else: log.info("skipping saving es") @@ -370,7 +400,7 @@ def restore_collection(src, name): src = Path(src).resolve() restore_collection_pg(src, name) - restore_collection_es(src, name) + restore_collection_es(src, name, '/_es') restore_collection_blobs(src, name) log.info("Collection data restored") diff --git a/liquid_node/jsonapi.py b/liquid_node/jsonapi.py index c41953e4..fd4b85db 100644 --- a/liquid_node/jsonapi.py +++ b/liquid_node/jsonapi.py @@ -38,7 +38,9 @@ def request(self, method, url, data=None, headers=None): req_headers, method=method, ) - + print(req_url) + print(req_body) + print(req_headers) with urlopen(req) as res: if res.status >= 200 and res.status < 300: content = res.read() @@ -51,13 +53,17 @@ def request(self, method, url, data=None, headers=None): raise HTTPError(url, res.status, res.msg, res.headers, res) def get(self, url): + print("GET + " + url) return self.request('GET', url) def post(self, url, data=None): + print("POST + " + url) return self.request('POST', url, data) def put(self, url, data): + print("PUT + " + url) return self.request('PUT', url, data) def delete(self, url): + print("DELETE + " + url) return self.request('DELETE', url) diff --git a/templates/hypothesis.nomad b/templates/hypothesis.nomad index c61603a3..958c00a1 100644 --- a/templates/hypothesis.nomad +++ b/templates/hypothesis.nomad @@ -72,9 +72,10 @@ job "hypothesis" { ${ shutdown_delay() } config { image = "hypothesis/elasticsearch:latest" - args = ["/bin/sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data && echo chown done && /usr/local/bin/docker-entrypoint.sh"] + args = ["/bin/sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data && chown 1000:1000 /usr/share/elasticsearch/data /es_repo && echo chown done && /usr/local/bin/docker-entrypoint.sh"] volumes = [ "{% raw %}${meta.liquid_volumes}{% endraw %}/hypothesis/es/data:/usr/share/elasticsearch/data", + "{% raw %}${meta.liquid_volumes}{% endraw %}/hypothesis/es/repo:/es_repo", ] port_map { es = 9200 @@ -86,6 +87,7 @@ job "hypothesis" { env { discovery.type = "single-node" ES_JAVA_OPTS = "-Xms500m -Xmx500m" + path.repo = "/es_repo" } resources { memory = 1000 @@ -97,6 +99,7 @@ job "hypothesis" { service { name = "hypothesis-es" port = "es" + tags = ["fabio-/_h_es strip=/_h_es"] check { name = "http" initial_status = "critical" @@ -217,7 +220,7 @@ job "hypothesis" { {{- range service "hypothesis-es" }} ELASTICSEARCH_URL = "http://{{.Address}}:{{.Port}}" {{- end }} - + {{- range service "hypothesis-pg" }} DATABASE_URL = "postgresql://hypothesis: {{- with secret "liquid/hypothesis/hypothesis.postgres" -}} @@ -225,11 +228,11 @@ job "hypothesis" { {{- end -}} @{{.Address}}:{{.Port}}/hypothesis" {{- end }} - + {{- range service "hypothesis-rabbitmq" }} BROKER_URL = "amqp://guest:guest@{{.Address}}:{{.Port}}//" {{- end }} - + APP_URL = "${config.liquid_http_protocol}://hypothesis.${liquid_domain}" CLIENT_URL = "${config.liquid_http_protocol}://client.hypothesis.${liquid_domain}" CLIENT_RPC_ALLOWED_ORIGINS = "${config.liquid_http_protocol}://client.hypothesis.${liquid_domain} ${config.liquid_http_protocol}://hypothesis.${liquid_domain} ${config.liquid_http_protocol}://dokuwiki.${liquid_domain} ${config.liquid_http_protocol}://hoover.${liquid_domain} ${config.liquid_http_protocol}://${liquid_domain}" @@ -238,12 +241,12 @@ job "hypothesis" { {{- with secret "liquid/hypothesis/hypothesis.secret_key" }} SECRET_KEY = {{.Data.secret_key|toJSON}} {{- end }} - + {{- if keyExists "liquid_debug" }} PYRAMID_DEBUG_ALL = "true" PYRAMID_RELOAD_TEMPLATES = "true" {{- end }} - + LIQUID_URL = "${config.liquid_http_protocol}://${liquid_domain}" LIQUID_TITLE = "${config.liquid_title}" EOF From 5e910a6834cce6f1f51a873db318dbbfe7cd4a22 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 20 May 2020 13:44:04 +0200 Subject: [PATCH 02/20] basic backup and restore working --- liquid_node/backup.py | 33 ++++++++++++++++++++++----------- liquid_node/jsonapi.py | 8 +------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 0b9c22ed..204b3a00 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -84,11 +84,9 @@ def restore_apps(*args): if config.is_app_enabled('hypothesis'): restore_pg(src / 'hypothesis/hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') - restore_files(src / 'hypothesis/hypothesis.tgz', '/opt/rabbitmq/', 'hypothesis:rabbitmq') restore_collection_es(src / 'hypothesis/', 'hypothesis', '/_h_es') nomad.restart('hypothesis', 'pg') nomad.restart('hypothesis', 'es') - nomad.restart('hypothesis', 'rabbitmq') log.info("Restore done; deploying") commands.halt() @@ -302,6 +300,7 @@ def restore_collection_es(src, name, url_adder): # wait until the index is available log.info(f'Waiting until shards for index "{name}" are all available...') + es.post(f"/{name}/_open") while not is_index_available(es, name): log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') sleep(3) @@ -317,10 +316,8 @@ def restore_collection_es(src, name, url_adder): }) # populate its directory if url_adder == "/_h_es": - print(f"USING {HYPOTHESIS_ES_ALLOC}") restore_files(src_file, f"/es_repo/restore-{name}", HYPOTHESIS_ES_ALLOC) else: - print(f"USING {SNOOP_ES_ALLOC}") restore_files(src_file, f"/es_repo/restore-{name}", SNOOP_ES_ALLOC) # examine unpacked snapshot @@ -337,14 +334,27 @@ def restore_collection_es(src, name, url_adder): subprocess.check_call(reset_cmd, shell=True) es.post(f"/{name}/_close") - # restore snapshot - es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { - "indices": old_name, - "include_global_state": False, - "rename_pattern": ".+", - "rename_replacement": name, - }) + if url_adder == "/_h_es": + # restore snapshot + es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { + "indices": old_name, + "include_global_state": False, + # "rename_pattern": ".+", + "rename_replacement": name, + }) + else: + # restore snapshot + es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { + "indices": old_name, + "include_global_state": False, + "rename_pattern": ".+", + "rename_replacement": name, + }) + if url_adder == "/_h_es": + es.post(f"/{name}/_open") + sleep(10) + else: # wait for completion t0 = time() while True: @@ -356,6 +366,7 @@ def restore_collection_es(src, name, url_adder): continue es.post(f"/{name}/_open") log.info(f"Restore done in {int(time()-t0)}s") + finally: es.delete(f"/_snapshot/restore-{name}/snapshot") es.delete(f"/_snapshot/restore-{name}") diff --git a/liquid_node/jsonapi.py b/liquid_node/jsonapi.py index fd4b85db..c41953e4 100644 --- a/liquid_node/jsonapi.py +++ b/liquid_node/jsonapi.py @@ -38,9 +38,7 @@ def request(self, method, url, data=None, headers=None): req_headers, method=method, ) - print(req_url) - print(req_body) - print(req_headers) + with urlopen(req) as res: if res.status >= 200 and res.status < 300: content = res.read() @@ -53,17 +51,13 @@ def request(self, method, url, data=None, headers=None): raise HTTPError(url, res.status, res.msg, res.headers, res) def get(self, url): - print("GET + " + url) return self.request('GET', url) def post(self, url, data=None): - print("POST + " + url) return self.request('POST', url, data) def put(self, url, data): - print("PUT + " + url) return self.request('PUT', url, data) def delete(self, url): - print("DELETE + " + url) return self.request('DELETE', url) From 17bc00bcf91dba27d540ee2ac3ed3f3bca1035cb Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Mon, 25 May 2020 11:01:11 +0200 Subject: [PATCH 03/20] fixed multiple backup fail --- liquid_node/backup.py | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 204b3a00..0e45b70c 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -282,10 +282,16 @@ def backup_collection_es(dest, name, url_adder): finally: es.delete(f"/_snapshot/backup-{name}/snapshot") es.delete(f"/_snapshot/backup-{name}") - rm_cmd = ( - f"./liquid dockerexec {SNOOP_ES_ALLOC} " - f"rm -rf /es_repo/backup-{name} " - ) + if url_adder == "/_h_es": + rm_cmd = ( + f"./liquid dockerexec {HYPOTHESIS_ES_ALLOC} " + f"rm -rf /es_repo/backup-{name} " + ) + else: + rm_cmd = ( + f"./liquid dockerexec {SNOOP_ES_ALLOC} " + f"rm -rf /es_repo/backup-{name} " + ) subprocess.check_call(rm_cmd, shell=True) @@ -356,16 +362,16 @@ def restore_collection_es(src, name, url_adder): sleep(10) else: # wait for completion - t0 = time() - while True: - res = es.get(f"/{name}/_recovery") - if name in res: - if all(s["stage"] == "DONE" for s in res[name]["shards"]): - break - sleep(1) - continue - es.post(f"/{name}/_open") - log.info(f"Restore done in {int(time()-t0)}s") + t0 = time() + while True: + res = es.get(f"/{name}/_recovery") + if name in res: + if all(s["stage"] == "DONE" for s in res[name]["shards"]): + break + sleep(1) + continue + es.post(f"/{name}/_open") + log.info(f"Restore done in {int(time()-t0)}s") finally: es.delete(f"/_snapshot/restore-{name}/snapshot") From f5054d20ce1d6bf495c12f308fdba6490501327a Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 27 May 2020 15:09:33 +0200 Subject: [PATCH 04/20] hypothesis backup and restore working --- liquid_node/backup.py | 144 ++++++++++++++++++++++++++++-------------- 1 file changed, 96 insertions(+), 48 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 0e45b70c..0da7c135 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -84,7 +84,7 @@ def restore_apps(*args): if config.is_app_enabled('hypothesis'): restore_pg(src / 'hypothesis/hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') - restore_collection_es(src / 'hypothesis/', 'hypothesis', '/_h_es') + restore_hypothesis_es(src / 'hypothesis/', 'hypothesis') nomad.restart('hypothesis', 'pg') nomad.restart('hypothesis', 'es') @@ -296,13 +296,13 @@ def backup_collection_es(dest, name, url_adder): @retry() -def restore_collection_es(src, name, url_adder): +def restore_collection_es(src, name): src_file = src / "es.tgz" if not src_file.is_file(): log.warn(f"No es backup at {src_file}, skipping es restore") return log.info(f"Restoring collection {name} es snapshot from {src_file}") - es = JsonApi(f"http://{nomad.get_address()}:9990{url_adder}") + es = JsonApi(f"http://{nomad.get_address()}:9990/_es") # wait until the index is available log.info(f'Waiting until shards for index "{name}" are all available...') @@ -321,10 +321,7 @@ def restore_collection_es(src, name, url_adder): }, }) # populate its directory - if url_adder == "/_h_es": - restore_files(src_file, f"/es_repo/restore-{name}", HYPOTHESIS_ES_ALLOC) - else: - restore_files(src_file, f"/es_repo/restore-{name}", SNOOP_ES_ALLOC) + restore_files(src_file, f"/es_repo/restore-{name}", SNOOP_ES_ALLOC) # examine unpacked snapshot resp = es.get(f"/_snapshot/restore-{name}/snapshot") @@ -340,55 +337,106 @@ def restore_collection_es(src, name, url_adder): subprocess.check_call(reset_cmd, shell=True) es.post(f"/{name}/_close") - if url_adder == "/_h_es": - # restore snapshot - es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { - "indices": old_name, - "include_global_state": False, - # "rename_pattern": ".+", - "rename_replacement": name, - }) - else: - # restore snapshot - es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { - "indices": old_name, - "include_global_state": False, - "rename_pattern": ".+", - "rename_replacement": name, - }) + # restore snapshot + es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { + "indices": old_name, + "include_global_state": False, + "rename_pattern": ".+", + "rename_replacement": name, + }) - if url_adder == "/_h_es": - es.post(f"/{name}/_open") - sleep(10) - else: # wait for completion - t0 = time() - while True: - res = es.get(f"/{name}/_recovery") - if name in res: - if all(s["stage"] == "DONE" for s in res[name]["shards"]): - break - sleep(1) - continue - es.post(f"/{name}/_open") - log.info(f"Restore done in {int(time()-t0)}s") + t0 = time() + while True: + res = es.get(f"/{name}/_recovery") + if name in res: + if all(s["stage"] == "DONE" for s in res[name]["shards"]): + break + sleep(1) + continue + es.post(f"/{name}/_open") + log.info(f"Restore done in {int(time()-t0)}s") finally: es.delete(f"/_snapshot/restore-{name}/snapshot") es.delete(f"/_snapshot/restore-{name}") - if url_adder == "/_h_es": - rm_cmd = ( - f"./liquid dockerexec {HYPOTHESIS_ES_ALLOC} " - f"rm -rf /es_repo/restore-{name} " - ) - else: - rm_cmd = ( - f"./liquid dockerexec {SNOOP_ES_ALLOC} " - f"rm -rf /es_repo/restore-{name} " - ) + rm_cmd = ( + f"./liquid dockerexec {SNOOP_ES_ALLOC} " + f"rm -rf /es_repo/restore-{name} " + ) subprocess.check_call(rm_cmd, shell=True) +@retry() +def restore_hypothesis_es(src, name): + src_file = src / "es.tgz" + if not src_file.is_file(): + log.warn(f"No es backup at {src_file}, skipping es restore") + return + log.info(f"Restoring {name} es snapshot from {src_file}") + es = JsonApi(f"http://{nomad.get_address()}:9990/_h_es") + + # wait until the index is available + log.info(f'Waiting until shards for index "{name}" are all available...') + es.post(f"/{name}/_open") + while not is_index_available(es, name): + log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') + sleep(3) + log.info('All primary shards started. Running restore...') + + try: + # create snapshot repo + es.put(f"/_snapshot/restore-{name}", { + "type": "fs", + "settings": { + "location": f"/es_repo/restore-{name}", + }, + }) + # populate its directory + restore_files(src_file, f"/es_repo/restore-{name}", HYPOTHESIS_ES_ALLOC) + + # examine unpacked snapshot + resp = es.get(f"/_snapshot/restore-{name}/snapshot") + assert len(resp["snapshots"]) == 1 + assert len(resp["snapshots"][0]["indices"]) == 1 + old_name = resp["snapshots"][0]["indices"][0] + + # reset index and close it + dele = es.get(f"/_cat/indices?format=json") + oname = dele[0]["index"] + es.delete(f"/{oname}") + + # restore snapshot + es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { + "indices": old_name, + "include_global_state": False, + #"rename_pattern": ".+", + "rename_replacement": name, + }) + + # wait for completion + t0 = time() + while True: + res = es.get(f"/{old_name}/_recovery") + if old_name in res: + if all(s["stage"] == "DONE" for s in res[old_name]["shards"]): + break + sleep(1) + continue + es.post(f"/{name}/_open") + log.info(f"Restore done in {int(time()-t0)}s") + + finally: + es.delete(f"/_snapshot/restore-{name}/snapshot") + es.delete(f"/_snapshot/restore-{name}") + + rm_cmd = ( + f"./liquid dockerexec {HYPOTHESIS_ES_ALLOC} " + f"rm -rf /es_repo/restore-{name} " + ) + subprocess.check_call(rm_cmd, shell=True) + + def backup_collection(dest, name, save_blobs=True, save_es=True, save_pg=True): if save_pg: @@ -417,7 +465,7 @@ def restore_collection(src, name): src = Path(src).resolve() restore_collection_pg(src, name) - restore_collection_es(src, name, '/_es') + restore_collection_es(src, name) restore_collection_blobs(src, name) log.info("Collection data restored") From cf5e65ee270bb7b2532da4280eee56f3df38683d Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 27 May 2020 15:36:30 +0200 Subject: [PATCH 05/20] code cleanup --- liquid_node/backup.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 0da7c135..5cc2db82 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -237,10 +237,10 @@ def is_index_available(es_client, name): @retry() -def backup_collection_es(dest, name, url_adder): +def backup_collection_es(dest, name, es_url): tmp_file = dest / "es.tgz.tmp" log.info(f"Dumping collection {name} es snapshot to {tmp_file}") - es = JsonApi(f"http://{nomad.get_address()}:9990{url_adder}") + es = JsonApi(f"http://{nomad.get_address()}:9990{es_url}") # wait until the index is available log.info(f'Waiting until shards for index "{name}" are all available.') @@ -272,7 +272,7 @@ def backup_collection_es(dest, name, url_adder): else: raise RuntimeError("Something went wrong: %r" % snapshot) log.info(f"Snapshot done in {int(time()-t0)}s") - if url_adder == '/_h_es': + if es_url == '/_h_es': backup_files(tmp_file, f"/es_repo/backup-{name}", [], HYPOTHESIS_ES_ALLOC) else: backup_files(tmp_file, f"/es_repo/backup-{name}", [], SNOOP_ES_ALLOC) @@ -282,7 +282,7 @@ def backup_collection_es(dest, name, url_adder): finally: es.delete(f"/_snapshot/backup-{name}/snapshot") es.delete(f"/_snapshot/backup-{name}") - if url_adder == "/_h_es": + if es_url == "/_h_es": rm_cmd = ( f"./liquid dockerexec {HYPOTHESIS_ES_ALLOC} " f"rm -rf /es_repo/backup-{name} " @@ -401,10 +401,10 @@ def restore_hypothesis_es(src, name): assert len(resp["snapshots"][0]["indices"]) == 1 old_name = resp["snapshots"][0]["indices"][0] - # reset index and close it - dele = es.get(f"/_cat/indices?format=json") - oname = dele[0]["index"] - es.delete(f"/{oname}") + # delete index instead of resetting it + old_index = es.get(f"/_cat/indices?format=json") + old_index_name = dele[0]["index"] + es.delete(f"/{old_index_name}") # restore snapshot es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { From 0ec379f874d2f7d593af2420bbb9c75db3938d70 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 27 May 2020 16:31:59 +0200 Subject: [PATCH 06/20] flake8 --- liquid_node/backup.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 5cc2db82..11d868a3 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -42,7 +42,7 @@ def backup(*args): collection_dir = dest / "hypothesis" collection_dir.mkdir(parents=True, exist_ok=True) backup_pg(collection_dir / 'hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') - backup_collection_es(dest / 'hypothesis' , 'hypothesis', '/_h_es') + backup_collection_es(dest / 'hypothesis', 'hypothesis', '/_h_es') backup_files(collection_dir / 'hypothesis.tgz', '/opt/rabbitmq/', [], 'hypothesis:rabbitmq') if not options.collections: @@ -254,7 +254,7 @@ def backup_collection_es(dest, name, es_url): "type": "fs", "settings": { "location": f"/es_repo/backup-{name}", - }, + }, }) es.put(f"/_snapshot/backup-{name}/snapshot", { "indices": name, @@ -367,6 +367,7 @@ def restore_collection_es(src, name): ) subprocess.check_call(rm_cmd, shell=True) + @retry() def restore_hypothesis_es(src, name): src_file = src / "es.tgz" @@ -403,14 +404,14 @@ def restore_hypothesis_es(src, name): # delete index instead of resetting it old_index = es.get(f"/_cat/indices?format=json") - old_index_name = dele[0]["index"] + old_index_name = old_index[0]["index"] es.delete(f"/{old_index_name}") # restore snapshot es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { "indices": old_name, "include_global_state": False, - #"rename_pattern": ".+", + # "rename_pattern": ".+", "rename_replacement": name, }) @@ -437,7 +438,6 @@ def restore_hypothesis_es(src, name): subprocess.check_call(rm_cmd, shell=True) - def backup_collection(dest, name, save_blobs=True, save_es=True, save_pg=True): if save_pg: backup_collection_pg(dest, name) From 62b7882cf6c13265871c7ffcb2523ad0f3ddb391 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 27 May 2020 16:34:26 +0200 Subject: [PATCH 07/20] flake8 --- liquid_node/backup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 11d868a3..e947bdab 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -403,7 +403,7 @@ def restore_hypothesis_es(src, name): old_name = resp["snapshots"][0]["indices"][0] # delete index instead of resetting it - old_index = es.get(f"/_cat/indices?format=json") + old_index = es.get("/_cat/indices?format=json") old_index_name = old_index[0]["index"] es.delete(f"/{old_index_name}") From a50c7670aaf948d6a0f961d0214fccafd0584efb Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 27 May 2020 17:18:31 +0200 Subject: [PATCH 08/20] removed unnecessary shard waiting --- liquid_node/backup.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index e947bdab..d28fc032 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -304,13 +304,13 @@ def restore_collection_es(src, name): log.info(f"Restoring collection {name} es snapshot from {src_file}") es = JsonApi(f"http://{nomad.get_address()}:9990/_es") - # wait until the index is available - log.info(f'Waiting until shards for index "{name}" are all available...') - es.post(f"/{name}/_open") - while not is_index_available(es, name): - log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') - sleep(3) - log.info('All primary shards started. Running restore...') + # # wait until the index is available + # log.info(f'Waiting until shards for index "{name}" are all available...') + # es.post(f"/{name}/_open") + # while not is_index_available(es, name): + # log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') + # sleep(3) + # log.info('All primary shards started. Running restore...') try: # create snapshot repo @@ -377,13 +377,13 @@ def restore_hypothesis_es(src, name): log.info(f"Restoring {name} es snapshot from {src_file}") es = JsonApi(f"http://{nomad.get_address()}:9990/_h_es") - # wait until the index is available - log.info(f'Waiting until shards for index "{name}" are all available...') - es.post(f"/{name}/_open") - while not is_index_available(es, name): - log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') - sleep(3) - log.info('All primary shards started. Running restore...') + # # wait until the index is available + # log.info(f'Waiting until shards for index "{name}" are all available...') + # es.post(f"/{name}/_open") + # while not is_index_available(es, name): + # log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') + # sleep(3) + # log.info('All primary shards started. Running restore...') try: # create snapshot repo From 00df6500871d913d1e4656b55fdfe1f9d6708d50 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Tue, 2 Jun 2020 11:31:41 +0200 Subject: [PATCH 09/20] removed duplicate code --- liquid_node/backup.py | 146 +++++++++--------------------------------- 1 file changed, 32 insertions(+), 114 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index d28fc032..5a2159f9 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -39,11 +39,10 @@ def backup(*args): backup_files(dest / 'dokuwiki.tgz', '/bitnami/dokuwiki', [], 'dokuwiki:php') if config.is_app_enabled('hypothesis'): - collection_dir = dest / "hypothesis" - collection_dir.mkdir(parents=True, exist_ok=True) - backup_pg(collection_dir / 'hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') - backup_collection_es(dest / 'hypothesis', 'hypothesis', '/_h_es') - backup_files(collection_dir / 'hypothesis.tgz', '/opt/rabbitmq/', [], 'hypothesis:rabbitmq') + backup_dir = dest / "hypothesis" + backup_dir.mkdir(parents=True, exist_ok=True) + backup_pg(backup_dir / 'hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') + backup_es(dest / 'hypothesis', 'hypothesis', '/_h_es', HYPOTHESIS_ES_ALLOC) if not options.collections: log.warning('not backing up collection data (--no-collections)') @@ -84,7 +83,7 @@ def restore_apps(*args): if config.is_app_enabled('hypothesis'): restore_pg(src / 'hypothesis/hypothesis.pg.sql.gz', 'hypothesis', 'hypothesis', 'hypothesis:pg') - restore_hypothesis_es(src / 'hypothesis/', 'hypothesis') + restore_es(src / 'hypothesis/', 'hypothesis', '/_h_es', HYPOTHESIS_ES_ALLOC) nomad.restart('hypothesis', 'pg') nomad.restart('hypothesis', 'es') @@ -237,10 +236,10 @@ def is_index_available(es_client, name): @retry() -def backup_collection_es(dest, name, es_url): +def backup_es(dest, name, es_url_suffix, es_alloc_id): tmp_file = dest / "es.tgz.tmp" log.info(f"Dumping collection {name} es snapshot to {tmp_file}") - es = JsonApi(f"http://{nomad.get_address()}:9990{es_url}") + es = JsonApi(f"http://{nomad.get_address()}:9990{es_url_suffix}") # wait until the index is available log.info(f'Waiting until shards for index "{name}" are all available.') @@ -272,118 +271,28 @@ def backup_collection_es(dest, name, es_url): else: raise RuntimeError("Something went wrong: %r" % snapshot) log.info(f"Snapshot done in {int(time()-t0)}s") - if es_url == '/_h_es': - backup_files(tmp_file, f"/es_repo/backup-{name}", [], HYPOTHESIS_ES_ALLOC) - else: - backup_files(tmp_file, f"/es_repo/backup-{name}", [], SNOOP_ES_ALLOC) + backup_files(tmp_file, f"/es_repo/backup-{name}", [], es_alloc_id) dest_file = dest / "es.tgz" tmp_file.rename(dest_file) finally: es.delete(f"/_snapshot/backup-{name}/snapshot") es.delete(f"/_snapshot/backup-{name}") - if es_url == "/_h_es": - rm_cmd = ( - f"./liquid dockerexec {HYPOTHESIS_ES_ALLOC} " - f"rm -rf /es_repo/backup-{name} " - ) - else: - rm_cmd = ( - f"./liquid dockerexec {SNOOP_ES_ALLOC} " - f"rm -rf /es_repo/backup-{name} " - ) - subprocess.check_call(rm_cmd, shell=True) - - -@retry() -def restore_collection_es(src, name): - src_file = src / "es.tgz" - if not src_file.is_file(): - log.warn(f"No es backup at {src_file}, skipping es restore") - return - log.info(f"Restoring collection {name} es snapshot from {src_file}") - es = JsonApi(f"http://{nomad.get_address()}:9990/_es") - - # # wait until the index is available - # log.info(f'Waiting until shards for index "{name}" are all available...') - # es.post(f"/{name}/_open") - # while not is_index_available(es, name): - # log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') - # sleep(3) - # log.info('All primary shards started. Running restore...') - - try: - # create snapshot repo - es.put(f"/_snapshot/restore-{name}", { - "type": "fs", - "settings": { - "location": f"/es_repo/restore-{name}", - }, - }) - # populate its directory - restore_files(src_file, f"/es_repo/restore-{name}", SNOOP_ES_ALLOC) - - # examine unpacked snapshot - resp = es.get(f"/_snapshot/restore-{name}/snapshot") - assert len(resp["snapshots"]) == 1 - assert len(resp["snapshots"][0]["indices"]) == 1 - old_name = resp["snapshots"][0]["indices"][0] - - # reset index and close it - reset_cmd = ( - f"./liquid dockerexec {SNOOP_API_ALLOC} " - f"./manage.py resetcollectionindex {name}" - ) - subprocess.check_call(reset_cmd, shell=True) - es.post(f"/{name}/_close") - - # restore snapshot - es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { - "indices": old_name, - "include_global_state": False, - "rename_pattern": ".+", - "rename_replacement": name, - }) - - # wait for completion - t0 = time() - while True: - res = es.get(f"/{name}/_recovery") - if name in res: - if all(s["stage"] == "DONE" for s in res[name]["shards"]): - break - sleep(1) - continue - es.post(f"/{name}/_open") - log.info(f"Restore done in {int(time()-t0)}s") - - finally: - es.delete(f"/_snapshot/restore-{name}/snapshot") - es.delete(f"/_snapshot/restore-{name}") - rm_cmd = ( - f"./liquid dockerexec {SNOOP_ES_ALLOC} " - f"rm -rf /es_repo/restore-{name} " + f"./liquid dockerexec {es_alloc_id} " + f"rm -rf /es_repo/backup-{name} " ) subprocess.check_call(rm_cmd, shell=True) @retry() -def restore_hypothesis_es(src, name): +def restore_es(src, name, es_url_suffix, es_alloc_id): src_file = src / "es.tgz" if not src_file.is_file(): log.warn(f"No es backup at {src_file}, skipping es restore") return log.info(f"Restoring {name} es snapshot from {src_file}") - es = JsonApi(f"http://{nomad.get_address()}:9990/_h_es") - - # # wait until the index is available - # log.info(f'Waiting until shards for index "{name}" are all available...') - # es.post(f"/{name}/_open") - # while not is_index_available(es, name): - # log.warning(f'index "{name}" has UNASSIGNED shards; waiting...') - # sleep(3) - # log.info('All primary shards started. Running restore...') + es = JsonApi(f"http://{nomad.get_address()}:9990{es_url_suffix}") try: # create snapshot repo @@ -394,7 +303,7 @@ def restore_hypothesis_es(src, name): }, }) # populate its directory - restore_files(src_file, f"/es_repo/restore-{name}", HYPOTHESIS_ES_ALLOC) + restore_files(src_file, f"/es_repo/restore-{name}", es_alloc_id) # examine unpacked snapshot resp = es.get(f"/_snapshot/restore-{name}/snapshot") @@ -402,23 +311,32 @@ def restore_hypothesis_es(src, name): assert len(resp["snapshots"][0]["indices"]) == 1 old_name = resp["snapshots"][0]["indices"][0] - # delete index instead of resetting it - old_index = es.get("/_cat/indices?format=json") - old_index_name = old_index[0]["index"] - es.delete(f"/{old_index_name}") + if es_alloc_id == SNOOP_ES_ALLOC: + # reset index and close it + reset_cmd = ( + f"./liquid dockerexec {SNOOP_API_ALLOC} " + f"./manage.py resetcollectionindex {name}" + ) + subprocess.check_call(reset_cmd, shell=True) + es.post(f"/{name}/_close") + else: + # delete index instead of resetting it + old_index = es.get("/_cat/indices?format=json") + old_index_name = old_index[0]["index"] + es.delete(f"/{old_index_name}") # restore snapshot es.post(f"/_snapshot/restore-{name}/snapshot/_restore", { "indices": old_name, "include_global_state": False, - # "rename_pattern": ".+", - "rename_replacement": name, + "rename_pattern": ".+", + "rename_replacement": old_name, }) # wait for completion t0 = time() while True: - res = es.get(f"/{old_name}/_recovery") + res = es.get(f"/{name}/_recovery") if old_name in res: if all(s["stage"] == "DONE" for s in res[old_name]["shards"]): break @@ -432,7 +350,7 @@ def restore_hypothesis_es(src, name): es.delete(f"/_snapshot/restore-{name}") rm_cmd = ( - f"./liquid dockerexec {HYPOTHESIS_ES_ALLOC} " + f"./liquid dockerexec {es_alloc_id} " f"rm -rf /es_repo/restore-{name} " ) subprocess.check_call(rm_cmd, shell=True) @@ -445,7 +363,7 @@ def backup_collection(dest, name, save_blobs=True, save_es=True, save_pg=True): log.info("skipping saving pg") if save_es: - backup_collection_es(dest, name, "/_es") + backup_es(dest, name, "/_es", SNOOP_ES_ALLOC) else: log.info("skipping saving es") @@ -465,7 +383,7 @@ def restore_collection(src, name): src = Path(src).resolve() restore_collection_pg(src, name) - restore_collection_es(src, name) + restore_es(src, name, '/_es', SNOOP_ES_ALLOC) restore_collection_blobs(src, name) log.info("Collection data restored") From ef3e799f0fb2d2cc897247831392c2b9ffe09bb8 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 3 Jun 2020 11:40:34 +0200 Subject: [PATCH 10/20] fixed alias error --- liquid_node/backup.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/liquid_node/backup.py b/liquid_node/backup.py index 5a2159f9..6ffa4e92 100644 --- a/liquid_node/backup.py +++ b/liquid_node/backup.py @@ -320,7 +320,7 @@ def restore_es(src, name, es_url_suffix, es_alloc_id): subprocess.check_call(reset_cmd, shell=True) es.post(f"/{name}/_close") else: - # delete index instead of resetting it + # delete index instead of resetting it beacuse resetting isnt implemented old_index = es.get("/_cat/indices?format=json") old_index_name = old_index[0]["index"] es.delete(f"/{old_index_name}") @@ -330,15 +330,16 @@ def restore_es(src, name, es_url_suffix, es_alloc_id): "indices": old_name, "include_global_state": False, "rename_pattern": ".+", - "rename_replacement": old_name, + "rename_replacement": name, + "include_aliases": False, }) # wait for completion t0 = time() while True: res = es.get(f"/{name}/_recovery") - if old_name in res: - if all(s["stage"] == "DONE" for s in res[old_name]["shards"]): + if name in res: + if all(s["stage"] == "DONE" for s in res[name]["shards"]): break sleep(1) continue From ebe6c2b4ceca6ab0351ffd1dc6c5f815b92bc619 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 5 Aug 2020 11:03:20 +0200 Subject: [PATCH 11/20] run as non root --- liquid_node/commands.py | 9 +++++++++ templates/authdemo.nomad | 1 + templates/hoover.nomad | 13 +++++++++---- templates/liquid.nomad | 20 +++++++++++++++++--- versions.ini | 8 ++++---- 5 files changed, 40 insertions(+), 11 deletions(-) diff --git a/liquid_node/commands.py b/liquid_node/commands.py index a9d73803..257b4375 100644 --- a/liquid_node/commands.py +++ b/liquid_node/commands.py @@ -5,6 +5,7 @@ import base64 import json import argparse +import shutil from liquid_node.jobs import wait_for_stopped_jobs from .configuration import config @@ -284,6 +285,14 @@ def start(job, hcl): 'pass': random_secret(64), }) + # create directories and change permission + paths = ["/opt/node/volumes/liquid/core/var", "/opt/node/volumes/snoop/blobs"] + for path in paths: + if not os.path.exists(path): + os.makedirs(path) + + os.chown(path, 666, 666) + # Start liquid-core in order to setup the auth liquid_checks = start('liquid', dict(jobs)['liquid']) if options.checks: diff --git a/templates/authdemo.nomad b/templates/authdemo.nomad index 80fbe4b9..17d6f157 100644 --- a/templates/authdemo.nomad +++ b/templates/authdemo.nomad @@ -7,6 +7,7 @@ job "authdemo" { group "demo" { task "app" { driver = "docker" + user = "testuser" config { image = "${config.image('liquid-authproxy')}" args = ["./testapp.py"] diff --git a/templates/hoover.nomad b/templates/hoover.nomad index d2cece07..89afb178 100644 --- a/templates/hoover.nomad +++ b/templates/hoover.nomad @@ -19,6 +19,7 @@ job "hoover" { } driver = "docker" + # user = "testuser" config { image = "${config.image('hoover-search')}" args = ["sh", "/local/startup.sh"] @@ -27,7 +28,7 @@ job "hoover" { "{% raw %}${meta.liquid_volumes}{% endraw %}/hoover-ui/build:/opt/hoover/ui/build:ro", ] port_map { - http = 80 + http = 5000 } labels { liquid_task = "hoover-search" @@ -49,7 +50,7 @@ job "hoover" { ./manage.py migrate ./manage.py healthcheck ./manage.py synccollections "$SNOOP_COLLECTIONS" - exec waitress-serve --port 80 --threads=20 hoover.site.wsgi:application + exec waitress-serve --port 5000 --threads=20 hoover.site.wsgi:application EOF env = false destination = "local/startup.sh" @@ -144,6 +145,7 @@ job "hoover" { ${ task_logs() } driver = "docker" + user = "testuser" config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -234,6 +236,7 @@ job "hoover" { ${ task_logs() } driver = "docker" + user = "testuser" config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -311,6 +314,7 @@ job "hoover" { } driver = "docker" + user = "testuser" config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -408,6 +412,7 @@ job "hoover" { } driver = "docker" + user = "testuser" config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -417,7 +422,7 @@ job "hoover" { "{% raw %}${meta.liquid_volumes}{% endraw %}/snoop/blobs:/opt/hoover/snoop/blobs", ] port_map { - http = 80 + http = 5000 } labels { liquid_task = "snoop-api" @@ -442,7 +447,7 @@ job "hoover" { ./manage.py healthcheck date if [[ "$DEBUG" == "true" ]]; then - exec ./manage.py runserver 0.0.0.0:80 + exec ./manage.py runserver 0.0.0.0:5000 else exec /runserver fi diff --git a/templates/liquid.nomad b/templates/liquid.nomad index 751d00ff..3a21aea7 100644 --- a/templates/liquid.nomad +++ b/templates/liquid.nomad @@ -18,11 +18,25 @@ job "liquid" { } driver = "docker" + user = "testuser" config { image = "${config.image('liquid-core')}" - volumes = [ - ${liquidinvestigations_core_repo} - "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var:/app/var", + #args = ["/bin/sleep", "1000"] + #args = ["/bin/sh", "-c","chown -R test_user:test_user /app/var"] + #volumes = [ + # ${liquidinvestigations_core_repo} + # "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var:/app/var", + #] + mounts = [ + { + type = "bind" + target = "/app/var" + source = ${liquidinvestigations_core_repo}"{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var" + readonly = false + bind_options { + propagation = "rshared" + } + } ] labels { liquid_task = "liquid-core" diff --git a/versions.ini b/versions.ini index c07b446d..03f55fde 100644 --- a/versions.ini +++ b/versions.ini @@ -1,11 +1,11 @@ [versions] codimd = liquidinvestigations/codimd-server:0.1.0 h-client = liquidinvestigations/h-client:0.1.0 -hoover-search = liquidinvestigations/hoover-search:0.5.6 -hoover-snoop2 = liquidinvestigations/hoover-snoop2:0.9.6 +hoover-search = liquidinvestigations/hoover-search:non-root-user +hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user hoover-ui = liquidinvestigations/hoover-ui:0.3.0 hypothesis-h = liquidinvestigations/hypothesis-h:0.2.1 -liquid-authproxy = liquidinvestigations/authproxy:0.3.5 -liquid-core = liquidinvestigations/core:0.3.7 +liquid-authproxy = liquidinvestigations/authproxy:non-root-user +liquid-core = liquidinvestigations/core:non-root-user liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.0.3 liquid-nextcloud = liquidinvestigations/liquid-nextcloud:0.2.3 From 5cd3720dabc977a9831a469eac3e8c0c928689a2 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Fri, 7 Aug 2020 11:56:31 +0200 Subject: [PATCH 12/20] commit before holidays --- templates/hoover-workers.nomad | 1 + templates/hoover.nomad | 6 +++--- versions.ini | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/templates/hoover-workers.nomad b/templates/hoover-workers.nomad index 7ca2fac6..88528a2d 100644 --- a/templates/hoover-workers.nomad +++ b/templates/hoover-workers.nomad @@ -23,6 +23,7 @@ job "hoover-workers" { } driver = "docker" + user = "testuser" config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] diff --git a/templates/hoover.nomad b/templates/hoover.nomad index 2a68ed6a..9daa9af5 100644 --- a/templates/hoover.nomad +++ b/templates/hoover.nomad @@ -19,7 +19,7 @@ job "hoover" { } driver = "docker" - + user = "testuser" config { image = "${config.image('hoover-search')}" args = ["sh", "/local/startup.sh"] @@ -347,7 +347,7 @@ job "hoover" { } template { data = <<-EOF - #!/bin/sh + #!/bin/bash set -ex if [ -z "$SNOOP_ES_URL" ] || [ -z "$SNOOP_DB" ]; then echo "incomplete configuration!" @@ -360,7 +360,7 @@ job "hoover" { ./manage.py healthcheck date if [[ "$DEBUG" == "true" ]]; then - exec ./manage.py runserver 0.0.0.0:5000 + exec ./manage.py runserver 0.0.0.0:8080 else exec /runserver fi diff --git a/versions.ini b/versions.ini index 4decb317..f3cbcc71 100644 --- a/versions.ini +++ b/versions.ini @@ -1,11 +1,11 @@ [versions] codimd = liquidinvestigations/codimd-server:0.2.1 h-client = liquidinvestigations/h-client:0.1.1 -hoover-search = liquidinvestigations/hoover-search:0.5.9 -hoover-snoop2 = liquidinvestigations/hoover-snoop2:0.11.1 +hoover-search = liquidinvestigations/hoover-search:non-root-user +hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user hoover-ui = liquidinvestigations/hoover-ui:0.3.0 hypothesis-h = liquidinvestigations/hypothesis-h:0.2.1 liquid-authproxy = liquidinvestigations/authproxy:0.3.5 -liquid-core = liquidinvestigations/core:0.3.7 +liquid-core = liquidinvestigations/core:non-root-user liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.0.4 liquid-nextcloud = liquidinvestigations/liquid-nextcloud:0.2.3 From 560422443fec6860c6ca4c4a17f74833f067df02 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Fri, 7 Aug 2020 11:58:38 +0200 Subject: [PATCH 13/20] commit before holidays --- templates/hoover.nomad | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/hoover.nomad b/templates/hoover.nomad index 9daa9af5..b98d3532 100644 --- a/templates/hoover.nomad +++ b/templates/hoover.nomad @@ -347,7 +347,7 @@ job "hoover" { } template { data = <<-EOF - #!/bin/bash + #!/bin/sh set -ex if [ -z "$SNOOP_ES_URL" ] || [ -z "$SNOOP_DB" ]; then echo "incomplete configuration!" From b4d5a7a5bec466919be0eeb334f548a9561bfd46 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 26 Aug 2020 17:07:34 +0200 Subject: [PATCH 14/20] working deploy --- templates/hoover.nomad | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/hoover.nomad b/templates/hoover.nomad index b98d3532..e6a891d6 100644 --- a/templates/hoover.nomad +++ b/templates/hoover.nomad @@ -334,7 +334,7 @@ job "hoover" { "{% raw %}${meta.liquid_volumes}{% endraw %}/snoop/blobs:/opt/hoover/snoop/blobs", ] port_map { - http = 5000 + http = 8080 } labels { liquid_task = "snoop-api" From 445e97505bdfbea8abd28809f93aa4a57dbb15de Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Mon, 7 Sep 2020 18:33:14 +0200 Subject: [PATCH 15/20] change to uid --- liquid_node/commands.py | 2 +- migration_script.sh | 4 ++++ templates/authdemo.nomad | 2 +- templates/hoover-workers.nomad | 2 +- templates/hoover.nomad | 8 ++++---- templates/liquid.nomad | 2 +- versions.ini | 2 +- 7 files changed, 13 insertions(+), 9 deletions(-) create mode 100755 migration_script.sh diff --git a/liquid_node/commands.py b/liquid_node/commands.py index 527c941a..10d3d87e 100644 --- a/liquid_node/commands.py +++ b/liquid_node/commands.py @@ -291,7 +291,7 @@ def start(job, hcl): if not os.path.exists(path): os.makedirs(path) - os.chown(path, 666, 666) + # os.chown(path, 666, 666) # Start liquid-core in order to setup the auth liquid_checks = start('liquid', dict(jobs)['liquid']) diff --git a/migration_script.sh b/migration_script.sh new file mode 100755 index 00000000..5b8a8721 --- /dev/null +++ b/migration_script.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +chown -R 666:666 /opt/node/volumes/liquid/core/var +chown -R 666:666 /opt/node/volumes/snoop/blobs diff --git a/templates/authdemo.nomad b/templates/authdemo.nomad index 17d6f157..8392f26f 100644 --- a/templates/authdemo.nomad +++ b/templates/authdemo.nomad @@ -7,7 +7,7 @@ job "authdemo" { group "demo" { task "app" { driver = "docker" - user = "testuser" + user = 666 config { image = "${config.image('liquid-authproxy')}" args = ["./testapp.py"] diff --git a/templates/hoover-workers.nomad b/templates/hoover-workers.nomad index 88528a2d..d410e4a8 100644 --- a/templates/hoover-workers.nomad +++ b/templates/hoover-workers.nomad @@ -23,7 +23,7 @@ job "hoover-workers" { } driver = "docker" - user = "testuser" + user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] diff --git a/templates/hoover.nomad b/templates/hoover.nomad index e6a891d6..68411716 100644 --- a/templates/hoover.nomad +++ b/templates/hoover.nomad @@ -19,7 +19,7 @@ job "hoover" { } driver = "docker" - user = "testuser" + user = 666 config { image = "${config.image('hoover-search')}" args = ["sh", "/local/startup.sh"] @@ -148,7 +148,7 @@ job "hoover" { ${ task_logs() } driver = "docker" - user = "testuser" + user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -242,7 +242,7 @@ job "hoover" { ${ task_logs() } driver = "docker" - user = "testuser" + user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -324,7 +324,7 @@ job "hoover" { } driver = "docker" - user = "testuser" + user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] diff --git a/templates/liquid.nomad b/templates/liquid.nomad index 3a21aea7..28bb3f54 100644 --- a/templates/liquid.nomad +++ b/templates/liquid.nomad @@ -18,7 +18,7 @@ job "liquid" { } driver = "docker" - user = "testuser" + user = 666 config { image = "${config.image('liquid-core')}" #args = ["/bin/sleep", "1000"] diff --git a/versions.ini b/versions.ini index f3cbcc71..49e00cf3 100644 --- a/versions.ini +++ b/versions.ini @@ -5,7 +5,7 @@ hoover-search = liquidinvestigations/hoover-search:non-root-user hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user hoover-ui = liquidinvestigations/hoover-ui:0.3.0 hypothesis-h = liquidinvestigations/hypothesis-h:0.2.1 -liquid-authproxy = liquidinvestigations/authproxy:0.3.5 +liquid-authproxy = liquidinvestigations/authproxy:non-root-user liquid-core = liquidinvestigations/core:non-root-user liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.0.4 liquid-nextcloud = liquidinvestigations/liquid-nextcloud:0.2.3 From 32be0e9017e12f48d73c53839d1ba7f5ba633897 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Tue, 8 Sep 2020 15:55:19 +0200 Subject: [PATCH 16/20] working --- liquid_node/commands.py | 2 -- migrate_non_root.sh | 11 +++++++++++ migration_script.sh | 4 ---- 3 files changed, 11 insertions(+), 6 deletions(-) create mode 100755 migrate_non_root.sh delete mode 100755 migration_script.sh diff --git a/liquid_node/commands.py b/liquid_node/commands.py index 4a19247f..cd093fab 100644 --- a/liquid_node/commands.py +++ b/liquid_node/commands.py @@ -294,8 +294,6 @@ def start(job, hcl): if not os.path.exists(path): os.makedirs(path) - # os.chown(path, 666, 666) - # Start liquid-core in order to setup the auth liquid_checks = start('liquid', dict(jobs)['liquid']) if checks: diff --git a/migrate_non_root.sh b/migrate_non_root.sh new file mode 100755 index 00000000..29bf05b4 --- /dev/null +++ b/migrate_non_root.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# if [[ ! -z $(docker ps -q) ]]; then +# exit 1 +# fi + +mkdir -p /opt/node/volumes/liquid/core/var +mkdir -p /opt/node/volumes/snoop/blobs + +chown -R 666:666 /opt/node/volumes/liquid/core/var +chown -R 666:666 /opt/node/volumes/snoop/blobs diff --git a/migration_script.sh b/migration_script.sh deleted file mode 100755 index 5b8a8721..00000000 --- a/migration_script.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -chown -R 666:666 /opt/node/volumes/liquid/core/var -chown -R 666:666 /opt/node/volumes/snoop/blobs From aa25ccb344ebfbe28d902980eee1254c7bf571c1 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Fri, 11 Sep 2020 10:18:24 +0200 Subject: [PATCH 17/20] testing between -volume and -mount --- liquid_node/commands.py | 10 +++++----- templates/liquid.nomad | 24 ++++++++++++++++-------- versions.ini | 2 +- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/liquid_node/commands.py b/liquid_node/commands.py index cd093fab..255902c4 100644 --- a/liquid_node/commands.py +++ b/liquid_node/commands.py @@ -288,11 +288,11 @@ def start(job, hcl): 'pass': random_secret(64), }) - # create directories and change permission - paths = ["/opt/node/volumes/liquid/core/var", "/opt/node/volumes/snoop/blobs"] - for path in paths: - if not os.path.exists(path): - os.makedirs(path) + # # create directories and change permission + # paths = ["/liquid/core/var", "/snoop/blobs"] + # for path in paths: + # if not os.path.exists(config.liquid_volumes + path): + # os.makedirs(config.liquid_volumes + path) # Start liquid-core in order to setup the auth liquid_checks = start('liquid', dict(jobs)['liquid']) diff --git a/templates/liquid.nomad b/templates/liquid.nomad index 28bb3f54..4b7ffc59 100644 --- a/templates/liquid.nomad +++ b/templates/liquid.nomad @@ -21,23 +21,31 @@ job "liquid" { user = 666 config { image = "${config.image('liquid-core')}" - #args = ["/bin/sleep", "1000"] - #args = ["/bin/sh", "-c","chown -R test_user:test_user /app/var"] + # args = ["/bin/sleep", "1000"] #volumes = [ # ${liquidinvestigations_core_repo} - # "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var:/app/var", + # "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var:/app/different_var", #] mounts = [ { - type = "bind" + type = "volume" target = "/app/var" - source = ${liquidinvestigations_core_repo}"{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var" + source = "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var" + # source = "test_core" readonly = false - bind_options { - propagation = "rshared" - } } ] + #mounts = [ + #{ + # type = "bind" + # target = "/app/var" + # source = ${liquidinvestigations_core_repo}"{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var" + # readonly = false + # bind_options { + # propagation = "rshared" + # } + #} + #] labels { liquid_task = "liquid-core" } diff --git a/versions.ini b/versions.ini index 49e00cf3..d5e326d5 100644 --- a/versions.ini +++ b/versions.ini @@ -6,6 +6,6 @@ hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user hoover-ui = liquidinvestigations/hoover-ui:0.3.0 hypothesis-h = liquidinvestigations/hypothesis-h:0.2.1 liquid-authproxy = liquidinvestigations/authproxy:non-root-user -liquid-core = liquidinvestigations/core:non-root-user +liquid-core = liquidinvestigations/core:non-root-user-volume liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.0.4 liquid-nextcloud = liquidinvestigations/liquid-nextcloud:0.2.3 From 5e01ebfece1c872408cf5c8787848c1dccb93534 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 22 Oct 2020 11:38:35 +0200 Subject: [PATCH 18/20] changed user command in templates --- templates/hoover-workers.nomad | 2 +- templates/hoover.nomad | 9 +++++---- templates/liquid.nomad | 26 +++++++++++++------------- versions.ini | 8 ++++---- 4 files changed, 23 insertions(+), 22 deletions(-) diff --git a/templates/hoover-workers.nomad b/templates/hoover-workers.nomad index d410e4a8..448fc5aa 100644 --- a/templates/hoover-workers.nomad +++ b/templates/hoover-workers.nomad @@ -23,7 +23,7 @@ job "hoover-workers" { } driver = "docker" - user = 666 + # user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] diff --git a/templates/hoover.nomad b/templates/hoover.nomad index 68411716..6fe5241a 100644 --- a/templates/hoover.nomad +++ b/templates/hoover.nomad @@ -19,7 +19,7 @@ job "hoover" { } driver = "docker" - user = 666 + #user = 666 config { image = "${config.image('hoover-search')}" args = ["sh", "/local/startup.sh"] @@ -148,7 +148,7 @@ job "hoover" { ${ task_logs() } driver = "docker" - user = 666 + # user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -242,7 +242,7 @@ job "hoover" { ${ task_logs() } driver = "docker" - user = 666 + # user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -324,7 +324,7 @@ job "hoover" { } driver = "docker" - user = 666 + # user = 666 config { image = "${config.image('hoover-snoop2')}" args = ["sh", "/local/startup.sh"] @@ -335,6 +335,7 @@ job "hoover" { ] port_map { http = 8080 + # http = 80 } labels { liquid_task = "snoop-api" diff --git a/templates/liquid.nomad b/templates/liquid.nomad index 4b7ffc59..7c214ea8 100644 --- a/templates/liquid.nomad +++ b/templates/liquid.nomad @@ -18,25 +18,25 @@ job "liquid" { } driver = "docker" - user = 666 + # user = 666 config { image = "${config.image('liquid-core')}" # args = ["/bin/sleep", "1000"] - #volumes = [ - # ${liquidinvestigations_core_repo} - # "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var:/app/different_var", - #] - mounts = [ - { - type = "volume" - target = "/app/var" - source = "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var" - # source = "test_core" - readonly = false - } + volumes = [ + ${liquidinvestigations_core_repo} + "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var:/app/var", ] #mounts = [ #{ + # type = "volume" + # target = "/app/var" + # source = "{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var" + # # source = "test_core" + # readonly = false + #} + #] + #mounts = [ + #{ # type = "bind" # target = "/app/var" # source = ${liquidinvestigations_core_repo}"{% raw %}${meta.liquid_volumes}{% endraw %}/liquid/core/var" diff --git a/versions.ini b/versions.ini index d5e326d5..518067ec 100644 --- a/versions.ini +++ b/versions.ini @@ -1,11 +1,11 @@ [versions] codimd = liquidinvestigations/codimd-server:0.2.1 h-client = liquidinvestigations/h-client:0.1.1 -hoover-search = liquidinvestigations/hoover-search:non-root-user -hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user +hoover-search = liquidinvestigations/hoover-search:non-root-user-v1 +hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user-v1 hoover-ui = liquidinvestigations/hoover-ui:0.3.0 hypothesis-h = liquidinvestigations/hypothesis-h:0.2.1 -liquid-authproxy = liquidinvestigations/authproxy:non-root-user -liquid-core = liquidinvestigations/core:non-root-user-volume +liquid-authproxy = liquidinvestigations/authproxy:0.3.6 +liquid-core = liquidinvestigations/core:non-root-user-v1 liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.0.4 liquid-nextcloud = liquidinvestigations/liquid-nextcloud:0.2.3 From 64be89cb182c58b1ce4472f9fb25d23513aaf2b2 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Mon, 26 Oct 2020 11:35:35 +0100 Subject: [PATCH 19/20] versions ini --- versions.ini | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/versions.ini b/versions.ini index 518067ec..f10e2fb2 100644 --- a/versions.ini +++ b/versions.ini @@ -1,11 +1,13 @@ [versions] codimd = liquidinvestigations/codimd-server:0.2.1 h-client = liquidinvestigations/h-client:0.1.1 -hoover-search = liquidinvestigations/hoover-search:non-root-user-v1 -hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user-v1 +hoover-search = liquidinvestigations/hoover-search:0.6.0 +#hoover-snoop2 = liquidinvestigations/hoover-snoop2:file-model-view +hoover-snoop2 = liquidinvestigations/hoover-snoop2:0.11.2 +#hoover-ui = liquidinvestigations/hoover-ui:enable-tree-view-update hoover-ui = liquidinvestigations/hoover-ui:0.3.0 hypothesis-h = liquidinvestigations/hypothesis-h:0.2.1 -liquid-authproxy = liquidinvestigations/authproxy:0.3.6 -liquid-core = liquidinvestigations/core:non-root-user-v1 -liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.0.4 +liquid-authproxy = liquidinvestigations/oauth-proxy:0.0.2 +liquid-core = liquidinvestigations/core:0.4.1 +liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.1.0 liquid-nextcloud = liquidinvestigations/liquid-nextcloud:0.2.3 From 037b06c1eb3c6a892114be0bd7b41fd1ec8dfe6e Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Wed, 25 Nov 2020 14:52:07 +0100 Subject: [PATCH 20/20] right port --- versions.ini | 3 +++ 1 file changed, 3 insertions(+) diff --git a/versions.ini b/versions.ini index f10e2fb2..999eabc7 100644 --- a/versions.ini +++ b/versions.ini @@ -2,12 +2,15 @@ codimd = liquidinvestigations/codimd-server:0.2.1 h-client = liquidinvestigations/h-client:0.1.1 hoover-search = liquidinvestigations/hoover-search:0.6.0 +# hoover-search = liquidinvestigations/hoover-search:non-root-user-v1 #hoover-snoop2 = liquidinvestigations/hoover-snoop2:file-model-view hoover-snoop2 = liquidinvestigations/hoover-snoop2:0.11.2 +# hoover-snoop2 = liquidinvestigations/hoover-snoop2:non-root-user-v1 #hoover-ui = liquidinvestigations/hoover-ui:enable-tree-view-update hoover-ui = liquidinvestigations/hoover-ui:0.3.0 hypothesis-h = liquidinvestigations/hypothesis-h:0.2.1 liquid-authproxy = liquidinvestigations/oauth-proxy:0.0.2 liquid-core = liquidinvestigations/core:0.4.1 +# liquid-core = liquidinvestigations/core:non-root-user-v1 liquid-dokuwiki = liquidinvestigations/liquid-dokuwiki:0.1.0 liquid-nextcloud = liquidinvestigations/liquid-nextcloud:0.2.3