From d4f81b983bf4f5d548caaf380b9a61a3bc785ce4 Mon Sep 17 00:00:00 2001 From: bradsawadye Date: Wed, 5 Jun 2024 15:00:30 +0200 Subject: [PATCH 1/5] Reroute to the jempi-api-kc The jempi ui should communicate with jempi-api-kc service when keycloak integration is enabled --- .../package-conf-insecure/http-jempi-insecure.conf | 2 +- reverse-proxy-nginx/package-conf-secure/http-jempi-secure.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/reverse-proxy-nginx/package-conf-insecure/http-jempi-insecure.conf b/reverse-proxy-nginx/package-conf-insecure/http-jempi-insecure.conf index 5cec4be7..8242e96e 100644 --- a/reverse-proxy-nginx/package-conf-insecure/http-jempi-insecure.conf +++ b/reverse-proxy-nginx/package-conf-insecure/http-jempi-insecure.conf @@ -15,7 +15,7 @@ server { location / { resolver 127.0.0.11 valid=30s; - set $upstream_jempi_api jempi-api; + set $upstream_jempi_api jempi-api-kc; proxy_pass http://$upstream_jempi_api:50000; } } diff --git a/reverse-proxy-nginx/package-conf-secure/http-jempi-secure.conf b/reverse-proxy-nginx/package-conf-secure/http-jempi-secure.conf index 5b7e483f..2b421c32 100644 --- a/reverse-proxy-nginx/package-conf-secure/http-jempi-secure.conf +++ b/reverse-proxy-nginx/package-conf-secure/http-jempi-secure.conf @@ -59,7 +59,7 @@ server { location / { resolver 127.0.0.11 valid=30s; - set $upstream_jempi_api jempi-api; + set $upstream_jempi_api jempi-api-kc; proxy_pass http://$upstream_jempi_api:50000; } } From f32a1321c9cc8d11fee230a18fed5c8ae0243955 Mon Sep 17 00:00:00 2001 From: bradsawadye Date: Wed, 5 Jun 2024 15:05:07 +0200 Subject: [PATCH 2/5] Add more ssh keys --- .../inventories/development/group_vars/all.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/infrastructure/ansible/inventories/development/group_vars/all.yml b/infrastructure/ansible/inventories/development/group_vars/all.yml index 854733f1..8a877eb4 100644 --- a/infrastructure/ansible/inventories/development/group_vars/all.yml +++ b/infrastructure/ansible/inventories/development/group_vars/all.yml @@ -24,6 +24,14 @@ sudoers: username: matthewerispe state: present key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfQ8ypu5+4rGNfMeSzB+ADffE4qT/519AFVDTIWgV4FaJipsgHdYFTVnxkJHAiixTKAqEJ2SF1RJ2/pIH2hX5p2GNWhrXuOmnqiOZEByPSsqidSNS8aMCfIzt7UZ6XvIPhagZnEQ7NCA1BOuOqzWISIEKjSqA3MvfZ5kniis5J9cbTqkGB+pgW75fuQIxtmK7iCZbwuXOO735PzkKgeT/vfg4fTlbmOeikSNO6QaamGRZ+NJfprCIx5j5GKc970k6V9d4RcQltHojgWI7Wl2VRLsprm7Xy2keaTGXfjnCDwQ2cQRUgBqIoWyDoUzNqvDYXrEAfM19sNEICMx90fXaJeGrNbMg2jjWuyPacSnB0moDtECt4zd2svozGEWnVvdY8KDAWgMbTUlrufNOzh7hyrDMpaBSmSN9npyTpekM0kWlykfU++oEexXMi41b0cZLJc9ocPJCeKZ0fzpachHW35zsUh2E6OCgbXdDxNugVrG4ecz9nUqjJGyYhCX6mhz9VxpB46wEPQ/E2rTsnIfd+xMYoyLqLzCfKf/Z8CL8/Ifq7uDRxczRmo5sCrjByOdwyUGY+JoFQMc5OcEzfyepVmcwfuhuASBGAZOr1zM1ituqG614d7W+GDRHwCeAS8zUZKFdYvL5C4nOg+OxojqnC8zSGwN3ZcnMXHvvzKdQHw== + - name: martin.brocker@symbionix.co + username: martinbrocker + state: present + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCun3EuZ1sAP8/Drg3GkcNrIAMvoYQUXO2x1fMCAyLadMOvs9avpaKXnBrj5v5AxkGcHb3klLWwFOwJRKZMA4Y0wcWlF1B5DWLYHCwvkVKp/021pHS9YLYVST4rEDCuJnhnzKGEWiQpsCFGrLyW5Y5PWEV/XHW1otg4MnDaJvBy77gVxNjpITau7AGXMKRJ7kDvQm0D7AvydGJgH5iR3LLubiwnfQ7dH95XIbhGVsOphIaLO/QxvaPgCYkd34fYirRejbUuIYE/qCEhIvQQPjH+Q4CHDhnBUT3WybEXBQlczJ2UnWhSCrDJvlA34i7R+G45Pl3TlGWilw0jNVN/NYK23W45ZR3hB1KGfN69fN5/XgfWKTFn9wqeaK1ioH8uTIgZhpwumlZlMiD+smz8p6g+GNTb84WqgsBWDmEBtzJV/COiIS37+ud2orGIpPEzSxpWz23YMdFAzQT9f3VbFTNkzb7zkm7qPGD2avoG8B4tg9gbK7sWJWOKkC+zjCq+AXc= + - name: derrick.rono@jembi.org + username: derrickrono + state: present + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNh4PK3dE8ZOEbD+CZSisHl8R0r7aAcFL48tW10Kv+EcuTlAH3Du6bHh2OrGgU9XC933WDbyUcB0N+T+wv9XJudVWE6708JoSflbW93nCiOojq+GkpbiCXHkTwvbV2MLtKOUCQQFD65umZ5/p568vpay6bWUfsFso/PjJ1zIktW9EYuK83mGU0C+F74nDZfmwc3CB1N8u6fgviFANfPZvE//If09MU6jMaSGc5umX2tIfH0n/OEal3jNsJgXu+5irUupJ56I39d4Zym+4DbaShsoXUz9PMvnlXd194aswJlEwlxcW4/lmq3IbW62kvMFf3UePTK6O4piE1Ci2XHlxnEUOzIz5FAnktd9FtDsGxynAVlvdLA93TJXwQ6FGtTQAuIWGXukOWwT11IATj+CSuhOOvsa/VAG2NZKsxlCex3F6V0FKmPir7OZXzLXkEMaW8UgKpGqZ6oaRY1pGOWIzuqyqP50Fakc+X+tV8QzKJN8TQu1A/RSvVX0DKOAYTC0M= docker_users: - name: bradford.sawadye@jembi.org @@ -50,6 +58,14 @@ docker_users: username: matthewerispe state: present key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfQ8ypu5+4rGNfMeSzB+ADffE4qT/519AFVDTIWgV4FaJipsgHdYFTVnxkJHAiixTKAqEJ2SF1RJ2/pIH2hX5p2GNWhrXuOmnqiOZEByPSsqidSNS8aMCfIzt7UZ6XvIPhagZnEQ7NCA1BOuOqzWISIEKjSqA3MvfZ5kniis5J9cbTqkGB+pgW75fuQIxtmK7iCZbwuXOO735PzkKgeT/vfg4fTlbmOeikSNO6QaamGRZ+NJfprCIx5j5GKc970k6V9d4RcQltHojgWI7Wl2VRLsprm7Xy2keaTGXfjnCDwQ2cQRUgBqIoWyDoUzNqvDYXrEAfM19sNEICMx90fXaJeGrNbMg2jjWuyPacSnB0moDtECt4zd2svozGEWnVvdY8KDAWgMbTUlrufNOzh7hyrDMpaBSmSN9npyTpekM0kWlykfU++oEexXMi41b0cZLJc9ocPJCeKZ0fzpachHW35zsUh2E6OCgbXdDxNugVrG4ecz9nUqjJGyYhCX6mhz9VxpB46wEPQ/E2rTsnIfd+xMYoyLqLzCfKf/Z8CL8/Ifq7uDRxczRmo5sCrjByOdwyUGY+JoFQMc5OcEzfyepVmcwfuhuASBGAZOr1zM1ituqG614d7W+GDRHwCeAS8zUZKFdYvL5C4nOg+OxojqnC8zSGwN3ZcnMXHvvzKdQHw== + - name: martin.brocker@symbionix.co + username: martinbrocker + state: present + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCun3EuZ1sAP8/Drg3GkcNrIAMvoYQUXO2x1fMCAyLadMOvs9avpaKXnBrj5v5AxkGcHb3klLWwFOwJRKZMA4Y0wcWlF1B5DWLYHCwvkVKp/021pHS9YLYVST4rEDCuJnhnzKGEWiQpsCFGrLyW5Y5PWEV/XHW1otg4MnDaJvBy77gVxNjpITau7AGXMKRJ7kDvQm0D7AvydGJgH5iR3LLubiwnfQ7dH95XIbhGVsOphIaLO/QxvaPgCYkd34fYirRejbUuIYE/qCEhIvQQPjH+Q4CHDhnBUT3WybEXBQlczJ2UnWhSCrDJvlA34i7R+G45Pl3TlGWilw0jNVN/NYK23W45ZR3hB1KGfN69fN5/XgfWKTFn9wqeaK1ioH8uTIgZhpwumlZlMiD+smz8p6g+GNTb84WqgsBWDmEBtzJV/COiIS37+ud2orGIpPEzSxpWz23YMdFAzQT9f3VbFTNkzb7zkm7qPGD2avoG8B4tg9gbK7sWJWOKkC+zjCq+AXc= + - name: derrick.rono@jembi.org + username: derrickrono + state: present + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNh4PK3dE8ZOEbD+CZSisHl8R0r7aAcFL48tW10Kv+EcuTlAH3Du6bHh2OrGgU9XC933WDbyUcB0N+T+wv9XJudVWE6708JoSflbW93nCiOojq+GkpbiCXHkTwvbV2MLtKOUCQQFD65umZ5/p568vpay6bWUfsFso/PjJ1zIktW9EYuK83mGU0C+F74nDZfmwc3CB1N8u6fgviFANfPZvE//If09MU6jMaSGc5umX2tIfH0n/OEal3jNsJgXu+5irUupJ56I39d4Zym+4DbaShsoXUz9PMvnlXd194aswJlEwlxcW4/lmq3IbW62kvMFf3UePTK6O4piE1Ci2XHlxnEUOzIz5FAnktd9FtDsGxynAVlvdLA93TJXwQ6FGtTQAuIWGXukOWwT11IATj+CSuhOOvsa/VAG2NZKsxlCex3F6V0FKmPir7OZXzLXkEMaW8UgKpGqZ6oaRY1pGOWIzuqyqP50Fakc+X+tV8QzKJN8TQu1A/RSvVX0DKOAYTC0M= firewall_subnet_restriction: "10.1.10.0/16" From dac2806a795c6b9d559826d58a73bd4ddf5d02b0 Mon Sep 17 00:00:00 2001 From: bradsawadye Date: Thu, 6 Jun 2024 09:18:56 +0200 Subject: [PATCH 3/5] Fix typo --- client-registry-jempi/docker-compose.dgraph-zero-cluster.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client-registry-jempi/docker-compose.dgraph-zero-cluster.yml b/client-registry-jempi/docker-compose.dgraph-zero-cluster.yml index bf417002..54804127 100644 --- a/client-registry-jempi/docker-compose.dgraph-zero-cluster.yml +++ b/client-registry-jempi/docker-compose.dgraph-zero-cluster.yml @@ -18,7 +18,7 @@ services: replicas: 1 placement: constraints: - - node.labels.name == ${JEPMI_ZERO_02_PLACEMENT} + - node.labels.name == ${JEMPI_ZERO_02_PLACEMENT} resources: limits: memory: ${JEMPI_ZERO_MEMORY_LIMIT} From 1c9b684425cc4eb72aa0bba23b4debff61bea2b8 Mon Sep 17 00:00:00 2001 From: bradsawadye Date: Thu, 6 Jun 2024 13:29:42 +0200 Subject: [PATCH 4/5] Use the postgres service instead of pgpool It seems the bootstrapper does not cater for a replicated postgres url. --- client-registry-jempi/docker-compose.combined.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client-registry-jempi/docker-compose.combined.yml b/client-registry-jempi/docker-compose.combined.yml index 89b20bee..230fee87 100644 --- a/client-registry-jempi/docker-compose.combined.yml +++ b/client-registry-jempi/docker-compose.combined.yml @@ -111,7 +111,7 @@ services: jempi-bootstrapper: image: jembi/jempi-bootstrapper:${JEMPI_BOOTSTRAPPER_IMAGE_TAG} environment: - POSTGRESQL_IP: ${JEMPI_POSTGRES_DB} + POSTGRESQL_IP: ${POSTGRES_SERVICE} POSTGRESQL_PORT: 5432 POSTGRESQL_USER: ${JEMPI_POSTGRESQL_USERNAME} POSTGRESQL_PASSWORD: ${JEMPI_POSTGRESQL_PASSWORD} From 7878a5ed1df402e583f6747883a2367c086d5537 Mon Sep 17 00:00:00 2001 From: bradsawadye Date: Fri, 7 Jun 2024 14:24:19 +0200 Subject: [PATCH 5/5] Fix failing tests --- .../features/cluster-mode/openhim-packages.cluster.feature | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/cucumber/features/cluster-mode/openhim-packages.cluster.feature b/test/cucumber/features/cluster-mode/openhim-packages.cluster.feature index ca7c0ce8..18a68464 100644 --- a/test/cucumber/features/cluster-mode/openhim-packages.cluster.feature +++ b/test/cucumber/features/cluster-mode/openhim-packages.cluster.feature @@ -18,9 +18,7 @@ Feature: Openhim and its dependent packages? | reverse-proxy_public | keycloak_public | openhim_public | openhim_default | And The service "openhim-console" should be started with 3 replicas And The service "openhim-console" should be connected to the networks - | reverse-proxy_public | keycloak_public | openhim_public | openhim_default | - And The service "interoperability-layer-openhim-config-importer" should be removed - And There should be 5 services + | reverse-proxy_public | keycloak_public | openhim_public | openhim_default | Scenario: Destroy Openhim and its dependent packages Given I use parameters "package destroy -n=interoperability-layer-openhim --dev --env-file=.env.cluster"