Style edit not working geoserver resources geoserver password (#104)

[Fixes #102 #103 #87] setting geserver password, setting geoserver resources
zalf-rdm · Oct 30, 2023 · 1f8990c · 1f8990c
1 parent 7195d79
commit 1f8990c
Show file tree

Hide file tree

Showing 11 changed files with 101 additions and 116 deletions.
diff --git a/README.md b/README.md
@@ -61,8 +61,9 @@ The chart will automatically install required dependencies, i.e. a RabbitMQ brok
 |---------------------------|--------------------|-------------------------|---------------------------|
 | [1.0.0](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.0) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) |
 | [1.0.1](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.1) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) |
-| [1.0.2](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.2) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) |
-| [1.0.3](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.2) | [4.1.3](https://github.com/GeoNode/geonode/releases/tag/4.1.3)  | [52north/geonode:4.1.3](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) |
+| [1.0.2](https://github.com/zalf-rdm/geonode-k8s/releases/tag/geonode-k8s-1.0.2) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) |
+| [1.0.3](https://github.com/zalf-rdm/geonode-k8s/releases/tag/geonode-k8s-1.0.3) | [4.1.3](https://github.com/GeoNode/geonode/releases/tag/4.1.3)  | [52north/geonode:4.1.3](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) |
+| [1.0.4](https://github.com/zalf-rdm/geonode-k8s/releases/tag/geonode-k8s-1.0.4) | [4.1.3](https://github.com/GeoNode/geonode/releases/tag/4.1.3)  | [52north/geonode:4.1.3](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) |
 
 ## Install chart dependencies
 

diff --git a/charts/geonode/Chart.yaml b/charts/geonode/Chart.yaml
@@ -1,21 +1,21 @@
 apiVersion: v2
 name: geonode-k8s
-version: 1.0.3
+version: 1.0.4
 description: "Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyCSW: 2.61"
 keywords:
-- geonode
-- geospatial
-- geodata
-- SDI
-- http
-- web
-- python
-- geoserver
-- postresql
-- postgis
-- rabbitmq
-- memcached
-- django
+  - geonode
+  - geospatial
+  - geodata
+  - SDI
+  - http
+  - web
+  - python
+  - geoserver
+  - postresql
+  - postgis
+  - rabbitmq
+  - memcached
+  - django
 icon: https://www.osgeo.org/wp-content/uploads/GeoNode-370x206.png
 annotations:
   artifacthub.io/links: |
@@ -29,26 +29,26 @@ annotations:
   artifacthub.io/license: "GPL3"
 home: https://geonode.org/
 sources:
-- https://github.com/zalf-rdm/geonode-k8s
-- https://github.com/geonode/geonode
+  - https://github.com/zalf-rdm/geonode-k8s
+  - https://github.com/geonode/geonode
 maintainers:
-- name: mwallschlaeger
-  email: [email protected]
-  url: https://github.com/mwallschlaeger
+  - name: mwallschlaeger
+    email: [email protected]
+    url: https://github.com/mwallschlaeger
 dependencies:
-- name: postgres-operator-ui
-  version: ~1.9.0
-  repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui/
-  condition: postgres-operator-ui.enabled
-- name: postgres-operator
-  version: ~1.9.0
-  repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator/
-  condition: postgres-operator.enabled
-- name: rabbitmq
-  version: ~10.1.7
-  repository: https://charts.bitnami.com/bitnami
-  condition: rabbitmq.enabled
-- name: memcached
-  repository: https://charts.bitnami.com/bitnami
-  condition: geonode.memcached.enaled
-  version: ~6.x.x
+  - name: postgres-operator-ui
+    version: ~1.9.0
+    repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui/
+    condition: postgres-operator-ui.enabled
+  - name: postgres-operator
+    version: ~1.9.0
+    repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator/
+    condition: postgres-operator.enabled
+  - name: rabbitmq
+    version: ~10.1.7
+    repository: https://charts.bitnami.com/bitnami
+    condition: rabbitmq.enabled
+  - name: memcached
+    repository: https://charts.bitnami.com/bitnami
+    condition: geonode.memcached.enaled
+    version: ~6.x.x
diff --git a/charts/geonode/README.md b/charts/geonode/README.md
@@ -1,6 +1,6 @@
 # geonode-k8s
 
-![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square)
+![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square)
 
 Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyCSW: 2.61
 
@@ -48,8 +48,9 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyC
 | geonode.general.display.rating | bool | `true` | DISPLAY_RATINGS If set to False ratings are hidden. |
 | geonode.general.display.social | bool | `true` | DISPLAY_SOCIAL If set to False social sharing is hidden. |
 | geonode.general.display.wms_link | bool | `true` | DISPLAY_WMS_LINKS If set to False direct WMS link to GeoServer is hidden. |
-| geonode.general.externalDomain | string | `"geonode"` | external ingress hostname  |
-| geonode.general.externalScheme | string | `"http"` | external ingress schema. If set to 'https', make sure to configure TLS either by  configuring tls certificate or using cert-manager. Available options: (http|https) |
+| geonode.general.externalDomain | string | `"geonode"` | external ingress hostname |
+| geonode.general.externalScheme | string | `"http"` | external ingress schema. If set to 'https', make sure to configure TLS either by configuring tls certificate or using cert-manager. Available options: (http|https) |
+| geonode.general.force_reinit | bool | `true` | set force reinit true so that changing passwords etc. in Values.yaml will take effect after restarting the pod this on the other hand will increase pod initializing time, only change if you know what you are doing |
 | geonode.general.freetext_keywords_readonly | bool | `false` | FREETEXT_KEYWORDS_READONLY Make Free-Text Keywords writable from users. Or read-only when set to False. |
 | geonode.general.max_document_size | int | `10` | max upload document size in MB |
 | geonode.general.ogc_request_backoff_factor | float | `0.3` | OGC_REQUEST_BACKOFF_FACTOR |
@@ -67,11 +68,11 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyC
 | geonode.image.name | string | `"52north/geonode"` | used geonode image |
 | geonode.image.tag | string | `"4.1.3"` | tag of used geonode image |
 | geonode.ingress.addNginxIngressAnnotation | bool | `false` | adds ingress annotations for nginx ingress class to increase uploadsize and timeout time |
-| geonode.ingress.enabled | bool | `true` | enables external access  |
+| geonode.ingress.enabled | bool | `true` | enables external access |
 | geonode.ingress.ingressClassName | string | `nil` | define kubernetes ingress class for geonode ingress |
 | geonode.ingress.tlsSecret | string | `"geonode-tls-secret"` | tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.general.externalScheme is set to 'https' |
 | geonode.ldap.always_update_user | bool | `true` | always update local user database from ldap |
-| geonode.ldap.attr_map_email_addr | string | `"mailPrimaryAddress"` | email attribute used from ldap  |
+| geonode.ldap.attr_map_email_addr | string | `"mailPrimaryAddress"` | email attribute used from ldap |
 | geonode.ldap.attr_map_first_name | string | `"givenName"` | given name attribute used from ldap |
 | geonode.ldap.attr_map_last_name | string | `"sn"` | last name attribute used from ldap |
 | geonode.ldap.bind_dn | string | `"CN=Users,DC=ad,DC=example,DC=com"` | ldap user bind dn |
@@ -105,9 +106,11 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyC
 | geonode.resources.requests.memory | string | `"1Gi"` | requested memory as in resource.requests.memory (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | geonode.secret.existingSecretName | string | `""` | name of an existing Secret to use. Set, if you want to separately maintain the Secret. |
 | geonode.secret.ldap.bind_password | string | `"password"` | ldap password |
-| geonode.secret.mail.from | string | `"[email protected]"` | define from mail-addr  |
+| geonode.secret.mail.from | string | `"[email protected]"` | define from mail-addr |
 | geonode.secret.mail.password | string | `"changeme"` | set password for mailuser in geonode |
 | geonode.secret.mail.user | string | `"changeme"` | define mail user to send mails from |
+| geonode.secret.oauth2.clientId | string | `"Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV"` | oauth2 geoserver clientID (OAUTH2_CLIENT_ID) |
+| geonode.secret.oauth2.clientSecret | string | `"rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3"` | oauth2 geoserver secret (OAUTH2_CLIENT_SECRET) |
 | geonode.secret.superUser.email | string | `"[email protected]"` | admin user password |
 | geonode.secret.superUser.password | string | `"geonode"` | admin panel password |
 | geonode.secret.superUser.username | string | `"admin"` | admin username |

diff --git a/charts/geonode/templates/geonode/geonode-deploy.yaml b/charts/geonode/templates/geonode/geonode-deploy.yaml
@@ -31,6 +31,7 @@ spec:
         org.geonode.instance: "{{ include "geonode_pod_name" . }}"
       annotations:
         checksum/geonode-env: {{ include (print $.Template.BasePath "/geonode/geonode-env.yaml") . | sha256sum }}
+        checksum/geonode-secret: {{ include (print $.Template.BasePath "/geonode/geonode-secret.yaml") . | sha256sum }}
         checksum/geonode-local-settings: {{ include (print $.Template.BasePath "/geonode/geonode-local-settings.yaml") . | sha256sum }}
         checksum/geonode-uwsig: {{ include (print $.Template.BasePath "/geonode/geonode-uwsgi-ini-conf.yaml") . | sha256sum }}
     spec:

diff --git a/charts/geonode/templates/geonode/geonode-env.yaml b/charts/geonode/templates/geonode/geonode-env.yaml
@@ -21,13 +21,8 @@ data:
   # GeoNode APIs
   API_LOCKDOWN: 'False'
   TASTYPIE_APIKEY: ""
-  # TODO (mwall) set this automatically with helm magics not fully implemented
-  {{ if  ( eq .Release.Revision 1 )}}
-  IS_FIRST_START: 'True'
-  {{ else }}
-  IS_FIRST_START: 'False'
-  {{ end }}
-  FORCE_REINIT: 'False'
+  FORCE_REINIT: {{ .Values.geonode.general.force_reinit | quote }}
+
   # set this to true breaks upload
   ASYNC_SIGNALS: 'True'
   CACHE_BUSTING_STATIC_ENABLED: 'False'
@@ -125,11 +120,6 @@ data:
   {{ else }}
   CATALOGUE_ENGINE: geonode.catalogue.backends.pycsw_local
   {{ end}}
-  # OAuth2
-  # TODO (mwall) implement OAUTH2
-  OAUTH2_API_KEY: ""
-  OAUTH2_CLIENT_ID: ""
-  OAUTH2_CLIENT_SECRET: ""
 
   DJANGO_SETTINGS_MODULE: {{ .Values.geonode.general.settings_module }}
   DEFAULT_BACKEND_DATASTORE: datastore

diff --git a/charts/geonode/templates/geonode/geonode-secret.yaml b/charts/geonode/templates/geonode/geonode-secret.yaml
@@ -18,4 +18,9 @@ data:
 
   # ldap secrets
   LDAP_BIND_PASSWORD: {{ .Values.geonode.secret.ldap.bind_password | b64enc }}
+
+  # OAuth2
+  OAUTH2_API_KEY: ""
+  OAUTH2_CLIENT_ID: {{ .Values.geonode.secret.oauth2.clientId | b64enc }}
+  OAUTH2_CLIENT_SECRET: {{ .Values.geonode.secret.oauth2.clientSecret | b64enc }}
 {{ end }}
diff --git a/charts/geonode/templates/geonode/geonode-tasks-py-conf.yaml b/charts/geonode/templates/geonode/geonode-tasks-py-conf.yaml
@@ -34,7 +34,7 @@ data:
     import datetime
     import requests
 
-    from urllib.parse import urlparse
+    from urllib.parse import urlparse, urlunparse
     from invoke import task
 
     BOOTSTRAP_IMAGE_CHEIP = 'codenvy/che-ip:nightly'
@@ -337,28 +337,7 @@ data:
         _prepare_oauth_fixture()
         ctx.run("rm -rf /tmp/default_site.json", pty=True)
         _prepare_site_fixture()
-        # Updating OAuth2 Service Config
-        new_ext_ip = os.environ["SITEURL"]
-        client_id = os.environ["OAUTH2_CLIENT_ID"]
-        client_secret = os.environ["OAUTH2_CLIENT_SECRET"]
-        oauth_config = "/geoserver_data/data/security/filter/geonode-oauth2/config.xml"
-        ctx.run(f'sed -i "s|<cliendId>.*</cliendId>|<cliendId>{client_id}</cliendId>|g" {oauth_config}', pty=True)
-        ctx.run(
-            f'sed -i "s|<clientSecret>.*</clientSecret>|<clientSecret>{client_secret}</clientSecret>|g" {oauth_config}',
-            pty=True,
-        )
-        ctx.run(
-            f'sed -i "s|<userAuthorizationUri>.*</userAuthorizationUri>|<userAuthorizationUri>{new_ext_ip}o/authorize/</userAuthorizationUri>|g" {oauth_config}',  # noqa
-            pty=True,
-        )
-        ctx.run(
-            f'sed -i "s|<redirectUri>.*</redirectUri>|<redirectUri>{new_ext_ip}geoserver/index.html</redirectUri>|g" {oauth_config}',  # noqa
-            pty=True,
-        )
-        ctx.run(
-            f'sed -i "s|<logoutUri>.*</logoutUri>|<logoutUri>{new_ext_ip}account/logout/</logoutUri>|g" {oauth_config}',
-            pty=True,
-        )
+
 
     @task
     def fixtures(ctx):
@@ -436,8 +415,6 @@ data:
             pty=True,
         )
 
-
-
     @task
     def initialized(ctx):
         print("**************************init file********************************")
@@ -516,12 +493,7 @@ data:
 
 
     def _prepare_oauth_fixture():
-        upurl = urlparse(os.environ['SITEURL'])
-        net_scheme = upurl.scheme
-        pub_ip = os.getenv('GEONODE_LB_HOST_IP')
-        print(f"Public Hostname or IP is {pub_ip}")
-        pub_port = os.getenv('GEONODE_LB_PORT')
-        print(f"Public PORT is {pub_port}")
+        upurl = urlparse(os.environ["SITEURL"])
         default_fixture = [
             {
                 "model": "oauth2_provider.application",
@@ -531,9 +503,7 @@ data:
                     "created": "2018-05-31T10:00:31.661Z",
                     "updated": "2018-05-31T11:30:31.245Z",
                     "algorithm": "RS256",
-                    "redirect_uris": f"{net_scheme}://{pub_ip}:{pub_port}/geoserver/index.html"
-                    if pub_port
-                    else f"{net_scheme}://{pub_ip}/geoserver/index.html",
+                    "redirect_uris": f"{urlunparse(upurl)}geoserver/index.html",
                     "name": "GeoServer",
                     "authorization_grant_type": "authorization-code",
                     "client_type": "confidential",
@@ -549,7 +519,11 @@ data:
     def _prepare_site_fixture():
         upurl = urlparse(os.environ["SITEURL"])
         default_fixture = [
-            {"model": "sites.site", "pk": 1, "fields": {"domain": str(upurl.hostname), "name": str(upurl.hostname)}}
+            {
+                "model": "sites.site",
+                "pk": 1,
+                "fields": {"domain": str(upurl.hostname), "name": str(upurl.hostname)},
+            }
         ]
         with open("/tmp/default_site.json", "w") as fixturefile:
             json.dump(default_fixture, fixturefile)

diff --git a/charts/geonode/templates/geoserver/geoserver-deploy.yaml b/charts/geonode/templates/geoserver/geoserver-deploy.yaml
@@ -15,7 +15,9 @@ spec:
       labels:
         org.geonode.instance: "{{ include "geoserver_pod_name" . }}"
       annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/geoserver/geoserver-env.yaml") . | sha256sum }}
+        checksum/geoserver-env: {{ include (print $.Template.BasePath "/geoserver/geoserver-env.yaml") . | sha256sum }}
+        checksum/geoserver-secret: {{ include (print $.Template.BasePath "/geoserver/geoserver-secret.yaml") . | sha256sum }}
+
     spec:
       terminationGracePeriodSeconds: 3
       initContainers:

diff --git a/charts/geonode/templates/geoserver/geoserver-env.yaml b/charts/geonode/templates/geoserver/geoserver-env.yaml
@@ -10,7 +10,8 @@ data:
   DJANGO_URL: http://{{ include "geonode_pod_name" .}}/
   ENABLE_JSONP: 'true'
   outFormat: text/javascript
-  GEOSERVER_JAVA_OPTS: "-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
+  # trimSuffix trims of suffix "i" coming from resources memory in Gi or Mi
+  GEOSERVER_JAVA_OPTS: "-Xms{{ .Values.geoserver.resources.requests.memory | trimSuffix "i" }} -Xmx{{ .Values.geoserver.resources.limits.memory | trimSuffix "i" }} -Djava.awt.headless=true -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL={{ include "public_url" . }}/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
   NGINX_BASE_URL: "{{ include "public_url" . }}/"
 
   DATABASE_HOST: "{{ include "database_hostname" . }}"

diff --git a/charts/geonode/templates/geoserver/geoserver-secret.yaml b/charts/geonode/templates/geoserver/geoserver-secret.yaml
@@ -9,4 +9,9 @@ data:
   # geoserver admin credentials
   GEOSERVER_ADMIN_USER: {{ .Values.geoserver.secret.admin_username | b64enc }}
   GEOSERVER_ADMIN_PASSWORD: {{ .Values.geoserver.secret.admin_password | b64enc }}
+
+  # geonode oauth2
+  OAUTH2_API_KEY: ""
+  OAUTH2_CLIENT_ID: {{ .Values.geonode.secret.oauth2.clientId | b64enc}}
+  OAUTH2_CLIENT_SECRET: {{ .Values.geonode.secret.oauth2.clientSecret | b64enc }}
 {{ end }}