From 0a86910fdfa6843fdf18af3a9fec03cba98bdb6b Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Fri, 27 Jan 2023 17:29:41 +0000 Subject: [PATCH 01/32] Begin DR creation --- deploy/db-restore.yml | 5 ++++ deploy/group_vars/all.yml | 17 ++++++++++---- deploy/group_vars/staging_shared.yml | 35 ++++++++++++++++++++++++++++ deploy/host_vars/dr.yml | 29 +++++++++++++++++++++++ deploy/host_vars/staging.yml | 9 ------- deploy/inventory | 5 ++++ deploy/requirements.yml | 2 +- 7 files changed, 88 insertions(+), 14 deletions(-) create mode 100644 deploy/db-restore.yml create mode 100644 deploy/group_vars/staging_shared.yml create mode 100644 deploy/host_vars/dr.yml diff --git a/deploy/db-restore.yml b/deploy/db-restore.yml new file mode 100644 index 00000000..4022f83c --- /dev/null +++ b/deploy/db-restore.yml @@ -0,0 +1,5 @@ +- hosts: k8s + tasks: + - import_role: + name: caktus.k8s-hosting-services + tasks_from: restore \ No newline at end of file diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index b0cc092c..f7f208f5 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -14,8 +14,8 @@ cluster_name: "{{ stack_name }}-cluster" # CloudFormation Outputs # These values are taken from the CF 'Output' tab -ClusterEndpoint: https://C3219F3CB49E4B1C82CFE8C82A846345.sk1.us-east-1.eks.amazonaws.com -DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com + + RepositoryURL: 061553509755.dkr.ecr.us-east-1.amazonaws.com/philly-hip-stack-applicationrepository-kk92mehevd86 # The RDS superuser password @@ -85,8 +85,8 @@ k8s_aws_fluent_bit_chart_version: "0.1.18" # ---------------------------------------------------------------------------- k8s_auth_host: "{{ ClusterEndpoint }}" -k8s_auth_ssl_ca_cert: "k8s_auth_ssl_ca_cert.txt" -k8s_namespace: "{{ app_name }}-{{ env_name }}" +k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt +k8s_namespace: hip-staging k8s_memcached_enabled: true # App pod configuration: @@ -95,6 +95,15 @@ k8s_container_port: 8000 k8s_container_image: "{{ RepositoryURL }}" k8s_container_image_pull_policy: Always k8s_container_replicas: 2 + +# Lower resources to preserve Node resources +k8s_container_resources: + requests: + memory: "256Mi" + cpu: "50m" + limits: + cpu: "250m" + k8s_migrations_enabled: true k8s_collectstatic_enabled: false k8s_container_ingress_annotations: diff --git a/deploy/group_vars/staging_shared.yml b/deploy/group_vars/staging_shared.yml new file mode 100644 index 00000000..59eb8954 --- /dev/null +++ b/deploy/group_vars/staging_shared.yml @@ -0,0 +1,35 @@ +# aws eks describe-cluster --name=philly-hip-stack-cluster | grep endpoint +ClusterEndpoint: https://C3219F3CB49E4B1C82CFE8C82A846345.sk1.us-east-1.eks.amazonaws.com +# aws rds describe-db-instances +DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com + +# ---------------------------------------------------------------------------- +# caktus.django-k8s +# ---------------------------------------------------------------------------- + +k8s_auth_ssl_ca_cert: "k8s_auth_ssl_ca_cert.txt" # hard-coded env_name for sharing +k8s_cluster_name: philly-hip-stack-cluster # hard-coded env_name for sharing + +# aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' +k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/philly-hip-stack-cluster" + +env_database_url: "postgres://{{ app_name }}_staging:{{ database_password }}@{{ DatabaseAddress }}:5432/{{ app_name }}_{{ env_name }}" +# pwgen -s 40 1|tr -d '\n'|ansible-vault encrypt_string +database_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38363331373138346434373539346334383464613239383233616534333365386334626563643362 + 3463373731653734393761303235626230623833316161660a666232376136663338303435623638 + 62623630383437396562393432313565316663363961396565656438336333393866313234663365 + 3830653833633431640a636333366134383934346632396263363430346539306436383031316436 + 38653066646362323434626564333166653433663261643465356538386265353239336131633061 + 3236316135343961646363316531383661623336623564336637 + +# Disaster Recovery: DB restore configuration +k8s_restore_namespace: "{{ k8s_namespace }}" +k8s_restore_target_db_url: "{{ env_database_url }}" +k8s_restore_maint_user: hip-philly +k8s_restore_maint_host: "{{ DatabaseAddress }}" +k8s_restore_maint_port: "5432" +k8s_restore_maint_name: hip-philly + +k8s_restore_maint_pass: # Need pass \ No newline at end of file diff --git a/deploy/host_vars/dr.yml b/deploy/host_vars/dr.yml new file mode 100644 index 00000000..8935da05 --- /dev/null +++ b/deploy/host_vars/dr.yml @@ -0,0 +1,29 @@ +env_name: dr + +# ---------------------------------------------------------------------------- +# caktus.django-k8s +# ---------------------------------------------------------------------------- + +k8s_domain_names: + - dr.phila.gov # Waiting on confirmation from Philly team + +k8s_container_replicas: 1 +k8s_migrations_enabled: false + +k8s_worker_enabled: false +k8s_worker_beat_enabled: false + +# Basic auth +k8s_container_htpasswd: "hip-dr:{SHA}Y2fEjdGT1W6nsLqtJbGUVeUp9e4=" + +# pwgen -s 64 1|tr -d '\n'|ansible-vault encrypt_string +env_django_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63323239653538366637613837333237633038383531396663616236663436363431306234623962 + 6230313632646239653933366636643537663762306630660a383135656336336362363364343765 + 38313838303233616437633462353965393563393937323332613333643461323963333831336536 + 6165306163363938320a653864333161326437613438616533383364386636373734613539336565 + 64386133396266636230663137383031383939396431623637643764353832386538386361666531 + 3238323337313164306432323331363636353437346335333435 + +k8s_auth_api_key: \ No newline at end of file diff --git a/deploy/host_vars/staging.yml b/deploy/host_vars/staging.yml index 37471188..6962c024 100644 --- a/deploy/host_vars/staging.yml +++ b/deploy/host_vars/staging.yml @@ -57,15 +57,6 @@ k8s_auth_api_key: !vault | 39663030626532623063633033373236373835323266633235326563313132386139643535336563 363132353764303637656564323632636334 -database_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31633236353234623634616635306235633431373936393632656266333831333335326565353536 - 6565353434336561386234346639626634363164613139620a333134643231643634373137323638 - 62366363386436613935323163663562313865326236306662333765613565353037386332323134 - 3631346233636465350a646135386165336631383837383436653638346361333862663035613066 - 61383363666334303639353661353862363433383833643164623865636363383162343666636132 - 3135306661623561633630323062613065623738383866653833 - k8s_container_htpasswd: "hip:{SHA}Y2fEjdGT1W6nsLqtJbGUVeUp9e4=" k8s_environment_variables: diff --git a/deploy/inventory b/deploy/inventory index 569c8925..baa6cafd 100644 --- a/deploy/inventory +++ b/deploy/inventory @@ -1,6 +1,11 @@ [k8s] +dr staging production +[staging_shared] +dr +staging + [cluster] production diff --git a/deploy/requirements.yml b/deploy/requirements.yml index 06fe0bed..9eb97958 100644 --- a/deploy/requirements.yml +++ b/deploy/requirements.yml @@ -11,4 +11,4 @@ version: v1.5.0 - src: https://github.com/caktus/ansible-role-k8s-hosting-services name: caktus.k8s-hosting-services - version: v0.3.0 + version: v0.9.0 From aaae16f33812c67dca237eba5de5195dda886bbd Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Fri, 27 Jan 2023 17:39:22 +0000 Subject: [PATCH 02/32] Begin DR creation --- deploy/group_vars/all.yml | 4 ++-- deploy/group_vars/staging_shared.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index f7f208f5..dcc16786 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -85,8 +85,8 @@ k8s_aws_fluent_bit_chart_version: "0.1.18" # ---------------------------------------------------------------------------- k8s_auth_host: "{{ ClusterEndpoint }}" -k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt -k8s_namespace: hip-staging +k8s_auth_ssl_ca_cert: "k8s_auth_ssl_ca_cert.txt" +k8s_cluster_name: "{{ app_name }}-{{ env_name }}" k8s_memcached_enabled: true # App pod configuration: diff --git a/deploy/group_vars/staging_shared.yml b/deploy/group_vars/staging_shared.yml index 59eb8954..6dd73bf7 100644 --- a/deploy/group_vars/staging_shared.yml +++ b/deploy/group_vars/staging_shared.yml @@ -7,8 +7,8 @@ DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com # caktus.django-k8s # ---------------------------------------------------------------------------- -k8s_auth_ssl_ca_cert: "k8s_auth_ssl_ca_cert.txt" # hard-coded env_name for sharing -k8s_cluster_name: philly-hip-stack-cluster # hard-coded env_name for sharing +k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt # hard-coded env_name for sharing +k8s_namespace: hip-staging # hard-coded env_name for sharing # aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/philly-hip-stack-cluster" From 139f403245bdc0ce49096ccab2ef2a2d2b7f4b72 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Fri, 27 Jan 2023 17:42:13 +0000 Subject: [PATCH 03/32] Begin DR creation --- deploy/group_vars/staging_shared.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/group_vars/staging_shared.yml b/deploy/group_vars/staging_shared.yml index 6dd73bf7..7dbba7d1 100644 --- a/deploy/group_vars/staging_shared.yml +++ b/deploy/group_vars/staging_shared.yml @@ -8,7 +8,7 @@ DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com # ---------------------------------------------------------------------------- k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt # hard-coded env_name for sharing -k8s_namespace: hip-staging # hard-coded env_name for sharing +k8s_cluster_name: hip-staging # hard-coded env_name for sharing # aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/philly-hip-stack-cluster" From ac1c3841de064453b46e2fd7edae30a1953ceb91 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Fri, 27 Jan 2023 17:45:06 +0000 Subject: [PATCH 04/32] Commit missing files --- docs/backups.md | 35 +++++++++++++++++++++++++++++++++++ tasks.py | 7 +++++++ 2 files changed, 42 insertions(+) create mode 100644 docs/backups.md diff --git a/docs/backups.md b/docs/backups.md new file mode 100644 index 00000000..7879d864 --- /dev/null +++ b/docs/backups.md @@ -0,0 +1,35 @@ +# Managed Hosting Services + +Caktus provides managed hosting services for this project. Please see [Disaster +Recovery](https://caktus.github.io/developer-documentation/reference/disaster-recovery/) +for more information. + +The services configured for this project are: +* **PostgreSQL database backups:** Backups are stored in the `hip-production-assets` (us-east-2) S3 bucket. +* **Uploaded media backups:** S3 objects are replicated from `hip-production-philly-assets` (us-east-1) to `hip-dr-assets` (us-east-2). + +## Backup Verification Procedures + +Please follow the workflow outlined in [Disaster +Recovery](https://caktus.github.io/developer-documentation/reference/disaster-recovery/). + +Additional documentation for backup verifications can be found here: [Backups: Kubernetes Backups](https://docs.google.com/document/d/16ke-22G1m04la-9X2kuR_QKSvXrnNXAx-pr5VTuBRgE/edit#) + + +## Production backup configuration + +[caktus.k8s-hosting-services](https://github.com/caktus/ansible-role-k8s-hosting-services) +manages database backups. Database backups are in the `hip-production-philly-backups` S3 bucket. + +Run this command to set up database backups: + +```sh +inv deploy.install +inv production deploy.playbook -n deploy-hosting-services.yml +``` + +To test a cronjob, run: + +``` +kubectl create job -n hip-hosting-services --from=cronjob/backup-job-daily daily-test-01 +``` \ No newline at end of file diff --git a/tasks.py b/tasks.py index 4057f982..2b9246c5 100644 --- a/tasks.py +++ b/tasks.py @@ -10,6 +10,12 @@ init(autoreset=True) +@invoke.task +def dr(c): + c.config.env = "dr" + c.config.namespace = "hip-dr" + + @invoke.task def staging(c): c.config.env = "staging" @@ -65,6 +71,7 @@ def reset_local_db(c, dump_file=None): ns.add_collection(kubesae.info) ns.add_collection(kubesae.utils) ns.add_collection(project) +ns.add_task(dr) ns.add_task(staging) ns.add_task(production) From 03833f28ad8163c0bd0119e82b4219fa9a640b2b Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Wed, 1 Mar 2023 12:06:49 +0000 Subject: [PATCH 05/32] add dr domain name --- deploy/host_vars/dr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/host_vars/dr.yml b/deploy/host_vars/dr.yml index 8935da05..8417dc3f 100644 --- a/deploy/host_vars/dr.yml +++ b/deploy/host_vars/dr.yml @@ -5,7 +5,7 @@ env_name: dr # ---------------------------------------------------------------------------- k8s_domain_names: - - dr.phila.gov # Waiting on confirmation from Philly team + - dr-hip.caktus-built.com k8s_container_replicas: 1 k8s_migrations_enabled: false From c6265b81732b632626b4f23d4cd5eacf904290ac Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 2 Mar 2023 21:41:49 +0000 Subject: [PATCH 06/32] Fix suggestions --- deploy/group_vars/all.yml | 14 ++++++++--- deploy/group_vars/staging_shared.yml | 36 +++++++++++++--------------- deploy/host_vars/staging.yml | 9 +++++++ docs/backups.md | 10 +------- 4 files changed, 37 insertions(+), 32 deletions(-) diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index dcc16786..e01d43a9 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -1,9 +1,13 @@ --- - # ---------------------------------------------------------------------------- # Global: Common configuration variables for all inventory groups # ---------------------------------------------------------------------------- +# aws eks describe-cluster --name=philly-hip-stack-cluster | grep endpoint +ClusterEndpoint: https://C3219F3CB49E4B1C82CFE8C82A846345.sk1.us-east-1.eks.amazonaws.com +# aws rds describe-db-instances +DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com + app_name: hip # we use hip in some places and philly-hip in some places, so let's create a variable long_app_name: "philly-{{ app_name }}" @@ -12,6 +16,12 @@ stack_name: "{{ long_app_name }}-stack" aws_profile: "{{ long_app_name }}" cluster_name: "{{ stack_name }}-cluster" +k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt +k8s_cluster_name: "philly-hip-stack-cluster" + +# aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' +k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/philly-hip-stack-cluster" + # CloudFormation Outputs # These values are taken from the CF 'Output' tab @@ -101,8 +111,6 @@ k8s_container_resources: requests: memory: "256Mi" cpu: "50m" - limits: - cpu: "250m" k8s_migrations_enabled: true k8s_collectstatic_enabled: false diff --git a/deploy/group_vars/staging_shared.yml b/deploy/group_vars/staging_shared.yml index 7dbba7d1..821863f8 100644 --- a/deploy/group_vars/staging_shared.yml +++ b/deploy/group_vars/staging_shared.yml @@ -1,35 +1,31 @@ -# aws eks describe-cluster --name=philly-hip-stack-cluster | grep endpoint -ClusterEndpoint: https://C3219F3CB49E4B1C82CFE8C82A846345.sk1.us-east-1.eks.amazonaws.com -# aws rds describe-db-instances -DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com - # ---------------------------------------------------------------------------- # caktus.django-k8s # ---------------------------------------------------------------------------- -k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt # hard-coded env_name for sharing -k8s_cluster_name: hip-staging # hard-coded env_name for sharing - -# aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' -k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/philly-hip-stack-cluster" - env_database_url: "postgres://{{ app_name }}_staging:{{ database_password }}@{{ DatabaseAddress }}:5432/{{ app_name }}_{{ env_name }}" # pwgen -s 40 1|tr -d '\n'|ansible-vault encrypt_string database_password: !vault | $ANSIBLE_VAULT;1.1;AES256 - 38363331373138346434373539346334383464613239383233616534333365386334626563643362 - 3463373731653734393761303235626230623833316161660a666232376136663338303435623638 - 62623630383437396562393432313565316663363961396565656438336333393866313234663365 - 3830653833633431640a636333366134383934346632396263363430346539306436383031316436 - 38653066646362323434626564333166653433663261643465356538386265353239336131633061 - 3236316135343961646363316531383661623336623564336637 + 31633236353234623634616635306235633431373936393632656266333831333335326565353536 + 6565353434336561386234346639626634363164613139620a333134643231643634373137323638 + 62366363386436613935323163663562313865326236306662333765613565353037386332323134 + 3631346233636465350a646135386165336631383837383436653638346361333862663035613066 + 61383363666334303639353661353862363433383833643164623865636363383162343666636132 + 3135306661623561633630323062613065623738383866653833 # Disaster Recovery: DB restore configuration k8s_restore_namespace: "{{ k8s_namespace }}" k8s_restore_target_db_url: "{{ env_database_url }}" -k8s_restore_maint_user: hip-philly +k8s_restore_maint_user: hip_admin k8s_restore_maint_host: "{{ DatabaseAddress }}" k8s_restore_maint_port: "5432" -k8s_restore_maint_name: hip-philly +k8s_restore_maint_name: hip -k8s_restore_maint_pass: # Need pass \ No newline at end of file +k8s_restore_maint_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63666133363834643339373132356631656633343463313761376363613138383035353532346236 + 3162396136333434303539346435306361336636636232620a353139306565616231303763646366 + 31636366666262323933643061626135346663646564656534313437393063396633626332663831 + 3565323636626163320a633963393664626563313265363632633161643833626366373265643835 + 30383637393636336335303231653434666536623535313439646136663239383139323533613239 + 6666643563326336613864366161623264363331656632333761 \ No newline at end of file diff --git a/deploy/host_vars/staging.yml b/deploy/host_vars/staging.yml index 6962c024..c27d2e78 100644 --- a/deploy/host_vars/staging.yml +++ b/deploy/host_vars/staging.yml @@ -57,6 +57,15 @@ k8s_auth_api_key: !vault | 39663030626532623063633033373236373835323266633235326563313132386139643535336563 363132353764303637656564323632636334 +database_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31633236353234623634616635306235633431373936393632656266333831333335326565353536 + 6565353434336561386234346639626634363164613139620a333134643231643634373137323638 + 62366363386436613935323163663562313865326236306662333765613565353037386332323134 + 3631346233636465350a646135386165336631383837383436653638346361333862663035613066 + 61383363666334303639353661353862363433383833643164623865636363383162343666636132 + 3135306661623561633630323062613065623738383866653833 + k8s_container_htpasswd: "hip:{SHA}Y2fEjdGT1W6nsLqtJbGUVeUp9e4=" k8s_environment_variables: diff --git a/docs/backups.md b/docs/backups.md index 7879d864..8a98f005 100644 --- a/docs/backups.md +++ b/docs/backups.md @@ -6,15 +6,7 @@ for more information. The services configured for this project are: * **PostgreSQL database backups:** Backups are stored in the `hip-production-assets` (us-east-2) S3 bucket. -* **Uploaded media backups:** S3 objects are replicated from `hip-production-philly-assets` (us-east-1) to `hip-dr-assets` (us-east-2). - -## Backup Verification Procedures - -Please follow the workflow outlined in [Disaster -Recovery](https://caktus.github.io/developer-documentation/reference/disaster-recovery/). - -Additional documentation for backup verifications can be found here: [Backups: Kubernetes Backups](https://docs.google.com/document/d/16ke-22G1m04la-9X2kuR_QKSvXrnNXAx-pr5VTuBRgE/edit#) - +* **Uploaded media backups:** S3 objects are replicated from `hip-production-philly-assets` (us-east-1) to `hip-dr-assets` (us-east-2). ## Production backup configuration From e32c12aec1dabf79f16c7b01c0ca8d652f451581 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 7 Mar 2023 15:26:43 +0000 Subject: [PATCH 07/32] Add namespace --- deploy/group_vars/all.yml | 3 ++- deploy/host_vars/dr.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index e01d43a9..97fab54b 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -17,7 +17,8 @@ aws_profile: "{{ long_app_name }}" cluster_name: "{{ stack_name }}-cluster" k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt -k8s_cluster_name: "philly-hip-stack-cluster" +k8s_cluster_name: "philly-hip-stack-cluster" +k8s_namespace: "{{ app_name }}-{{ env_name }}" # aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/philly-hip-stack-cluster" diff --git a/deploy/host_vars/dr.yml b/deploy/host_vars/dr.yml index 8417dc3f..1057f7ab 100644 --- a/deploy/host_vars/dr.yml +++ b/deploy/host_vars/dr.yml @@ -26,4 +26,4 @@ env_django_secret_key: !vault | 64386133396266636230663137383031383939396431623637643764353832386538386361666531 3238323337313164306432323331363636353437346335333435 -k8s_auth_api_key: \ No newline at end of file +# k8s_auth_api_key: \ No newline at end of file From df59adbb4ded93650e00bb8772e7bb6cbdb196f1 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 7 Mar 2023 16:56:38 +0000 Subject: [PATCH 08/32] Refactor prod, staging, and dr envs --- deploy/group_vars/all.yml | 80 +++++++++++++++++++++++----- deploy/group_vars/staging_shared.yml | 2 +- deploy/host_vars/dr.yml | 53 +++++++++++++++++- deploy/host_vars/production.yml | 70 +++++++----------------- deploy/host_vars/staging.yml | 76 ++++---------------------- 5 files changed, 149 insertions(+), 132 deletions(-) diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index 97fab54b..a8e15749 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -3,11 +3,6 @@ # Global: Common configuration variables for all inventory groups # ---------------------------------------------------------------------------- -# aws eks describe-cluster --name=philly-hip-stack-cluster | grep endpoint -ClusterEndpoint: https://C3219F3CB49E4B1C82CFE8C82A846345.sk1.us-east-1.eks.amazonaws.com -# aws rds describe-db-instances -DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com - app_name: hip # we use hip in some places and philly-hip in some places, so let's create a variable long_app_name: "philly-{{ app_name }}" @@ -16,17 +11,18 @@ stack_name: "{{ long_app_name }}-stack" aws_profile: "{{ long_app_name }}" cluster_name: "{{ stack_name }}-cluster" -k8s_auth_ssl_ca_cert: staging_k8s_auth_ssl_ca_cert.txt -k8s_cluster_name: "philly-hip-stack-cluster" -k8s_namespace: "{{ app_name }}-{{ env_name }}" +ansible_connection: local +ansible_python_interpreter: "{{ ansible_playbook_python }}" -# aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' -k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/philly-hip-stack-cluster" +k8s_cluster_name: "{{ cluster_name }}" +k8s_namespace: "{{ app_name }}-{{ env_name }}" # CloudFormation Outputs # These values are taken from the CF 'Output' tab - - +# aws eks describe-cluster --name=philly-hip-stack-cluster | grep endpoint +ClusterEndpoint: https://C3219F3CB49E4B1C82CFE8C82A846345.sk1.us-east-1.eks.amazonaws.com +# aws rds describe-db-instances +DatabaseAddress: pd13w6wwn2hbn7f.cp7c2yqiusbp.us-east-1.rds.amazonaws.com RepositoryURL: 061553509755.dkr.ecr.us-east-1.amazonaws.com/philly-hip-stack-applicationrepository-kk92mehevd86 # The RDS superuser password @@ -80,6 +76,7 @@ cloudformation_stack: # -------------------------------------------------------------------------- k8s_cluster_type: aws +# aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/{{ cluster_name }}" k8s_ingress_nginx_chart_version: "4.0.19" k8s_cert_manager_chart_version: "v1.7.2" @@ -97,7 +94,6 @@ k8s_aws_fluent_bit_chart_version: "0.1.18" k8s_auth_host: "{{ ClusterEndpoint }}" k8s_auth_ssl_ca_cert: "k8s_auth_ssl_ca_cert.txt" -k8s_cluster_name: "{{ app_name }}-{{ env_name }}" k8s_memcached_enabled: true # App pod configuration: @@ -146,3 +142,61 @@ k8s_s3_private_bucket: "{{ k8s_s3_namespace }}-philly-private-assets" k8s_ci_username: hip-ci-user k8s_ci_repository_arn: "arn:aws:ecr:us-east-1:061553509755:repository/philly-hip-stack-applicationrepository-kk92mehevd86" k8s_ci_vault_password_arn: "arn:aws:secretsmanager:us-east-1:061553509755:secret:hip-ansible-vault-password-JYhbao" + +# Email: +env_email_host: email-smtp.us-east-1.amazonaws.com +env_email_use_tls: "true" +env_email_host_user: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30613761343565386331633239623831303665313461356663393563346633373533316134633031 + 3766633834376434363137646333666266353865343937360a613838306134663961333237393030 + 39356265383036633765363635633232373066633639323763363935373934313632303830323964 + 3265383761653137350a366134306338383537336336353266353439303539316334346330313439 + 31666161613437643239373566303238353663653931343637353866303435666364 +env_email_host_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62303635346364383964393536613631623730363337333337343930653030333865373539643736 + 6138643665383165383863346239323066636233623937620a306137363539356362653935343338 + 30366561316361633936613731333639373136323732616638313837633438343135323530623134 + 6339646533356361340a633535323165653935376136303135353866353762663366663032376536 + 32636365613634373961353564626336343930393866393130656666316634316431353431386330 + 3561616461636134373033316665613035303736646133613630 + +# Azure SSO settings +azure_client_id: "f0629cf8-f6f4-4142-94c3-11b8beaaa510" +azure_tenant_id: "2046864f-68ea-497d-af34-a6629a6cd700" +azure_client_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34653665623939373232343266393962386662373738363135313965636461303362656235353739 + 3833373532646436326463663233616238316431306633330a333664363061313630646565613465 + 34393634623231333964346166306639613438623330343865663066643239383634633538613130 + 3234326436376638370a353262656662656334653234666565313032333237353135336132636136 + 33613062323365303165663261356138616634656331373037363031326161383832333662333266 + 6339636266626239303165666261353362626564363636346665 + +k8s_environment_variables: + DATABASE_URL: "{{ env_database_url }}" + DJANGO_SETTINGS_MODULE: "{{ env_django_settings }}" + DJANGO_DEBUG: "False" + # DOMAIN is the ALLOWED_HOST + DOMAIN: "{{ k8s_domain_names[0] }}" + # join ALLOWED_HOSTS with a colon, because they are split by colon in deploy.py + ALLOWED_HOSTS: "{{ k8s_domain_names|join(':') }}" + ENVIRONMENT: "{{ env_name }}" + CACHE_HOST: "{{ env_cache_host }}" + # *** Uploaded media + DEFAULT_FILE_STORAGE: "{{ env_default_file_storage }}" + MEDIA_STORAGE_BUCKET_NAME: "{{ env_media_storage_bucket_name }}" + AWS_DEFAULT_ACL: "{{ env_aws_default_acl }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" + MEDIA_LOCATION: "{{ env_media_location }}" + # *** Email + EMAIL_HOST: "{{ env_email_host }}" + EMAIL_HOST_USER: "{{ env_email_host_user }}" + EMAIL_HOST_PASSWORD: "{{ env_email_host_pass }}" + EMAIL_USE_TLS: "{{ env_email_use_tls }}" + DJANGO_SECRET_KEY: "{{ env_django_secret_key }}" + # Azure SSO settings + AZURE_CLIENT_ID: "{{ azure_client_id }}" + AZURE_TENANT_ID: "{{ azure_tenant_id }}" + AZURE_CLIENT_SECRET: "{{ azure_client_secret }}" diff --git a/deploy/group_vars/staging_shared.yml b/deploy/group_vars/staging_shared.yml index 821863f8..66983882 100644 --- a/deploy/group_vars/staging_shared.yml +++ b/deploy/group_vars/staging_shared.yml @@ -16,11 +16,11 @@ database_password: !vault | # Disaster Recovery: DB restore configuration k8s_restore_namespace: "{{ k8s_namespace }}" k8s_restore_target_db_url: "{{ env_database_url }}" +k8s_restore_sql_commands: [CREATE EXTENSION IF NOT EXISTS citext;] k8s_restore_maint_user: hip_admin k8s_restore_maint_host: "{{ DatabaseAddress }}" k8s_restore_maint_port: "5432" k8s_restore_maint_name: hip - k8s_restore_maint_pass: !vault | $ANSIBLE_VAULT;1.1;AES256 63666133363834643339373132356631656633343463313761376363613138383035353532346236 diff --git a/deploy/host_vars/dr.yml b/deploy/host_vars/dr.yml index 1057f7ab..f918f085 100644 --- a/deploy/host_vars/dr.yml +++ b/deploy/host_vars/dr.yml @@ -26,4 +26,55 @@ env_django_secret_key: !vault | 64386133396266636230663137383031383939396431623637643764353832386538386361666531 3238323337313164306432323331363636353437346335333435 -# k8s_auth_api_key: \ No newline at end of file +k8s_auth_api_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 66643335333330346333656433393138363639393066326263653939333530643531396533643832 + 3637333234636363626439646336383139303238623532330a666535653630343237316236313437 + 62633939353962333037653335393137303630396631316465303362373062633031313235646466 + 6432616639336233340a633466326135363838393566343530643763343637326230326163633730 + 35333562373632376536633336626534306138356236326166376235646539336434326534336234 + 65383064346266666462356161643830663733643435353362326461636138316331376263383063 + 38653462356263373933646633646565346236393563623637613835393161316634376563356461 + 37343836366434323234303536666332313362333762666237303039333264663061663031656337 + 66623735323933396531626333376335663330346265313062653433343934613530643464626435 + 38643836383363396230353564373063616232336233636534656265316566616133613338333131 + 62363962656439653664386534363237323964343966336366643566343437373137623032366662 + 64323465376237323265346664313564616536643239396637666165333636336366663031386631 + 39663636383131316632306234383639383338613934636132373334643433346566393564653631 + 63323562363330356631653565616639323965646564363262313730613839343739396230646161 + 38383830353764646530613639373961373632353466303934316632323432633036646338343164 + 65303063333038343063373834336163646233633264323430373762303535653337333865623839 + 35653963343337343462653137366661623462333066306533396666663338616630366463396631 + 37623531653764323135353365336336666334643163373764666461623435663836623535316136 + 31656362626661633662326339623133366163313739363337636561383864346461373539333863 + 37363737613632633735363632306233636539343636656236393461353333376134666162393561 + 65613730333734373035623430346363313034316338613064623934333461343535386337303138 + 37323633646139646265323930326537363139346332623237626461323535333964303631303136 + 33613132316463306264653731333064313163653839336533663530326635666535373137353165 + 35333933663664653934393663326336373436353231373264353232323638396464333935656361 + 39313562653537323266393839346164303335383235353665623934636663326535643136313463 + 37383366626335623936316664333330336462623232353233646466613039666363666366396537 + 61663266363866613764333261343461376434643666303365353837663137363338353461623763 + 63333038333634323037666634303333666230623231653539353361313462643038633534356165 + 31656361663166366533646638623865646336303961633263656432343431336562663736313665 + 65376265613335366631326133626564353161666332346431363962613533356437623861343339 + 30646630383362356235343366343965393161373866653330303938393034343536343038613765 + 32653735313037646666303838356535633032333438303662663363663432623434306233623066 + 61323166343138356163343331343931343839623761663930313764363631343937373037376433 + 30376166363261326434643964633865636265336138373564656436653838383564636134386137 + 36306665666239663738343938653639373264626663653038373866343634396131363564373866 + 31646464396161313636346133313864313938613233323035666639333831333164353933623739 + 64393534333835343666646138613732376538353761626231323238653033613238666262333538 + 65396135373836656533376563356365633733626132333132383937356462663037383563393939 + 32383836386631613565316630376661613432303065353362323732316665376436313566393133 + 64383139326464343834623561386664396635333366636135636630386433353430653562666136 + 31633465373130613361623238376161393063326131346431313636623235646234336334626666 + 34623765393437336164653237333635336235643165656161646533396239373863303561343362 + 35393830346635633831616463616361343537643132306362306635363737656439323132353535 + 64323035626132336432316562666130333733353233333161303134396261633139333030613738 + 35616166343363646665313233646333386563646366633434613265396362616138643266353862 + 39383136396239303635363035326537313562313130626634323538346435633338343430613632 + 62613361353436353963643338386166336434626661636430316634336661303034633263313965 + 61346639643933313166326139333062343161333230326563313930313461313239666664343965 + 63633964346464376565323561363230316639326431656234623635333564336637613562346134 + 3030663362373339633565376638393130303530626638616236 \ No newline at end of file diff --git a/deploy/host_vars/production.yml b/deploy/host_vars/production.yml index 4b30d5d2..ae1de58d 100644 --- a/deploy/host_vars/production.yml +++ b/deploy/host_vars/production.yml @@ -67,58 +67,24 @@ database_password: !vault | 38653066646362323434626564333166653433663261643465356538386265353239336131633061 3236316135343961646363316531383661623336623564336637 -k8s_environment_variables: - DATABASE_URL: "{{ env_database_url }}" - DJANGO_SETTINGS_MODULE: "{{ env_django_settings }}" - DJANGO_DEBUG: "False" - # DOMAIN is the ALLOWED_HOST - DOMAIN: "{{ k8s_domain_names[0] }}" - ALLOWED_HOSTS: "{{ k8s_domain_names[0] }}" - ENVIRONMENT: "{{ env_name }}" - CACHE_HOST: "{{ env_cache_host }}" - # Uploaded media - DEFAULT_FILE_STORAGE: "{{ env_default_file_storage }}" - MEDIA_STORAGE_BUCKET_NAME: "{{ env_media_storage_bucket_name }}" - AWS_DEFAULT_ACL: "{{ env_aws_default_acl }}" - AWS_DEFAULT_REGION: "{{ aws_region }}" - MEDIA_LOCATION: "{{ env_media_location }}" - # Email - EMAIL_HOST: email-smtp.us-east-1.amazonaws.com - EMAIL_HOST_USER: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30613761343565386331633239623831303665313461356663393563346633373533316134633031 - 3766633834376434363137646333666266353865343937360a613838306134663961333237393030 - 39356265383036633765363635633232373066633639323763363935373934313632303830323964 - 3265383761653137350a366134306338383537336336353266353439303539316334346330313439 - 31666161613437643239373566303238353663653931343637353866303435666364 - EMAIL_HOST_PASSWORD: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62303635346364383964393536613631623730363337333337343930653030333865373539643736 - 6138643665383165383863346239323066636233623937620a306137363539356362653935343338 - 30366561316361633936613731333639373136323732616638313837633438343135323530623134 - 6339646533356361340a633535323165653935376136303135353866353762663366663032376536 - 32636365613634373961353564626336343930393866393130656666316634316431353431386330 - 3561616461636134373033316665613035303736646133613630 - EMAIL_USE_TLS: "true" - DJANGO_SECRET_KEY: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63323239653538366637613837333237633038383531396663616236663436363431306234623962 - 6230313632646239653933366636643537663762306630660a383135656336336362363364343765 - 38313838303233616437633462353965393563393937323332613333643461323963333831336536 - 6165306163363938320a653864333161326437613438616533383364386636373734613539336565 - 64386133396266636230663137383031383939396431623637643764353832386538386361666531 - 3238323337313164306432323331363636353437346335333435 - # Azure SSO settings - AZURE_CLIENT_ID: "39459c9f-77b3-4fae-942c-7ef9fbf1332c" - AZURE_TENANT_ID: "2046864f-68ea-497d-af34-a6629a6cd700" - AZURE_CLIENT_SECRET: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62383037633362323633303630383031306666613239653333353735653662633265316635346135 - 3439326633363038333432666238396364386165383932320a653231323632393839313966306165 - 66633866646436366264336462636264383232386366636132343337363163343236306661316138 - 3664656261353362630a613966313138373630333935323863376565386364353733343566646639 - 38363430336432343538616536643963613434663734626565626563343764373231653561636364 - 6465343637323033386364356634356132353364336235663264 +azure_client_id: "39459c9f-77b3-4fae-942c-7ef9fbf1332c" +azure_client_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62383037633362323633303630383031306666613239653333353735653662633265316635346135 + 3439326633363038333432666238396364386165383932320a653231323632393839313966306165 + 66633866646436366264336462636264383232386366636132343337363163343236306661316138 + 3664656261353362630a613966313138373630333935323863376565386364353733343566646639 + 38363430336432343538616536643963613434663734626565626563343764373231653561636364 + 6465343637323033386364356634356132353364336235663264 + +env_django_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63323239653538366637613837333237633038383531396663616236663436363431306234623962 + 6230313632646239653933366636643537663762306630660a383135656336336362363364343765 + 38313838303233616437633462353965393563393937323332613333643461323963333831336536 + 6165306163363938320a653864333161326437613438616533383364386636373734613539336565 + 64386133396266636230663137383031383939396431623637643764353832386538386361666531 + 3238323337313164306432323331363636353437346335333435 # ---------------------------------------------------------------------------- # caktus.TS-Backups diff --git a/deploy/host_vars/staging.yml b/deploy/host_vars/staging.yml index c27d2e78..35eff517 100644 --- a/deploy/host_vars/staging.yml +++ b/deploy/host_vars/staging.yml @@ -3,6 +3,17 @@ env_name: "staging" k8s_domain_names: - hip-staging.phila.gov +k8s_container_htpasswd: "hip:{SHA}Y2fEjdGT1W6nsLqtJbGUVeUp9e4=" + +env_django_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63313930373261313139343437666365343639643264323862663561356362653436643365393632 + 6562346139653032666539313136313938366632343661340a323635353263326231336336323831 + 62623835363361363064633536383631323531363463643337623933643764383238316537316630 + 3563303166306264660a663238346437303433653831366464616330613566373432663935303238 + 35646433343832356233366563376534623334366466343564343136643433646337636531306638 + 3766333136396262336338366262366362386462323365343439 + k8s_auth_api_key: !vault | $ANSIBLE_VAULT;1.1;AES256 30643235363662653733663366316134623061376564643536303863633036353639646536393262 @@ -56,68 +67,3 @@ k8s_auth_api_key: !vault | 30616461633532613732643138313137326336633834633132343036376537303830333365653661 39663030626532623063633033373236373835323266633235326563313132386139643535336563 363132353764303637656564323632636334 - -database_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31633236353234623634616635306235633431373936393632656266333831333335326565353536 - 6565353434336561386234346639626634363164613139620a333134643231643634373137323638 - 62366363386436613935323163663562313865326236306662333765613565353037386332323134 - 3631346233636465350a646135386165336631383837383436653638346361333862663035613066 - 61383363666334303639353661353862363433383833643164623865636363383162343666636132 - 3135306661623561633630323062613065623738383866653833 - -k8s_container_htpasswd: "hip:{SHA}Y2fEjdGT1W6nsLqtJbGUVeUp9e4=" - -k8s_environment_variables: - DATABASE_URL: "{{ env_database_url }}" - DJANGO_SETTINGS_MODULE: "{{ env_django_settings }}" - DJANGO_DEBUG: "False" - # DOMAIN is the ALLOWED_HOST - DOMAIN: "{{ k8s_domain_names[0] }}" - # join ALLOWED_HOSTS with a colon, because they are split by colon in deploy.py - ALLOWED_HOSTS: "{{ k8s_domain_names|join(':') }}" - ENVIRONMENT: "{{ env_name }}" - CACHE_HOST: "{{ env_cache_host }}" - # *** Uploaded media - DEFAULT_FILE_STORAGE: "{{ env_default_file_storage }}" - MEDIA_STORAGE_BUCKET_NAME: "{{ env_media_storage_bucket_name }}" - AWS_DEFAULT_ACL: "{{ env_aws_default_acl }}" - AWS_DEFAULT_REGION: "{{ aws_region }}" - MEDIA_LOCATION: "{{ env_media_location }}" - # *** Email - EMAIL_HOST: email-smtp.us-east-1.amazonaws.com - EMAIL_HOST_USER: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30613761343565386331633239623831303665313461356663393563346633373533316134633031 - 3766633834376434363137646333666266353865343937360a613838306134663961333237393030 - 39356265383036633765363635633232373066633639323763363935373934313632303830323964 - 3265383761653137350a366134306338383537336336353266353439303539316334346330313439 - 31666161613437643239373566303238353663653931343637353866303435666364 - EMAIL_HOST_PASSWORD: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62303635346364383964393536613631623730363337333337343930653030333865373539643736 - 6138643665383165383863346239323066636233623937620a306137363539356362653935343338 - 30366561316361633936613731333639373136323732616638313837633438343135323530623134 - 6339646533356361340a633535323165653935376136303135353866353762663366663032376536 - 32636365613634373961353564626336343930393866393130656666316634316431353431386330 - 3561616461636134373033316665613035303736646133613630 - EMAIL_USE_TLS: "true" - DJANGO_SECRET_KEY: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63313930373261313139343437666365343639643264323862663561356362653436643365393632 - 6562346139653032666539313136313938366632343661340a323635353263326231336336323831 - 62623835363361363064633536383631323531363463643337623933643764383238316537316630 - 3563303166306264660a663238346437303433653831366464616330613566373432663935303238 - 35646433343832356233366563376534623334366466343564343136643433646337636531306638 - 3766333136396262336338366262366362386462323365343439 - # Azure SSO settings - AZURE_CLIENT_ID: "f0629cf8-f6f4-4142-94c3-11b8beaaa510" - AZURE_TENANT_ID: "2046864f-68ea-497d-af34-a6629a6cd700" - AZURE_CLIENT_SECRET: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34653665623939373232343266393962386662373738363135313965636461303362656235353739 - 3833373532646436326463663233616238316431306633330a333664363061313630646565613465 - 34393634623231333964346166306639613438623330343865663066643239383634633538613130 - 3234326436376638370a353262656662656334653234666565313032333237353135336132636136 - 33613062323365303165663261356138616634656331373037363031326161383832333662333266 - 6339636266626239303165666261353362626564363636346665 From b7fa93280082a2992b88d0ea958f00e459ef54aa Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 7 Mar 2023 16:57:03 +0000 Subject: [PATCH 09/32] Refactor prod, staging, and dr envs --- docs/backups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/backups.md b/docs/backups.md index 8a98f005..d241e0b3 100644 --- a/docs/backups.md +++ b/docs/backups.md @@ -5,8 +5,8 @@ Recovery](https://caktus.github.io/developer-documentation/reference/disaster-re for more information. The services configured for this project are: -* **PostgreSQL database backups:** Backups are stored in the `hip-production-assets` (us-east-2) S3 bucket. -* **Uploaded media backups:** S3 objects are replicated from `hip-production-philly-assets` (us-east-1) to `hip-dr-assets` (us-east-2). +* **PostgreSQL database backups:** Backups are stored in the `hip-production-philly-backups` (us-east-2) S3 bucket. +* **Uploaded media backups:** S3 objects are replicated from `hip-production-philly-private-assets` (us-east-1) to `hip-dr-philly-private-assets` (us-east-2). ## Production backup configuration From 3ef72b012ff1d8a7274ffbf132af41f8c88c8932 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Mon, 10 Apr 2023 19:35:33 +0000 Subject: [PATCH 10/32] Upgrade Wagtail --- requirements/base/base.txt | 16 ++++++---------- requirements/dev/dev.txt | 36 +++--------------------------------- 2 files changed, 9 insertions(+), 43 deletions(-) diff --git a/requirements/base/base.txt b/requirements/base/base.txt index 911c2d2d..e3f27098 100644 --- a/requirements/base/base.txt +++ b/requirements/base/base.txt @@ -95,8 +95,6 @@ html5lib==1.1 # via wagtail idna==2.10 # via requests -jdcal==1.4.1 - # via openpyxl jmespath==0.10.0 # via # boto3 @@ -113,8 +111,10 @@ oauthlib==3.1.0 # social-auth-core odfpy==1.4.1 # via tablib -openpyxl==3.0.6 - # via tablib +openpyxl==3.1.2 + # via + # tablib + # wagtail pdfid==1.0.4 # via -r requirements/base/base.in phonenumberslite==8.12.18 @@ -168,16 +168,14 @@ soupsieve==2.2 sqlparse==0.4.1 # via django tablib[html,ods,xls,xlsx,yaml]==3.0.0 - # via - # django-import-export - # wagtail + # via django-import-export telepath==0.2 # via wagtail urllib3==1.26.4 # via # botocore # requests -wagtail==4.0.4 +wagtail==4.2.2 # via # -r requirements/base/base.in # wagtailfontawesome @@ -193,8 +191,6 @@ willow==1.4 # via wagtail xlrd==2.0.1 # via tablib -xlsxwriter==1.3.7 - # via wagtail xlwt==1.3.0 # via tablib diff --git a/requirements/dev/dev.txt b/requirements/dev/dev.txt index 6c9b9ea5..c905401d 100644 --- a/requirements/dev/dev.txt +++ b/requirements/dev/dev.txt @@ -95,7 +95,6 @@ defusedxml==0.7.1 # via # -c requirements/dev/../base/base.txt # nbconvert - # odfpy distlib==0.3.6 # via virtualenv django==3.2.18 @@ -196,10 +195,6 @@ ipython-genutils==0.2.0 # traitlets isort==5.7.0 # via -r requirements/dev/dev.in -jdcal==1.4.1 - # via - # -c requirements/dev/../base/base.txt - # openpyxl jedi==0.18.0 # via ipython jinja2==3.0.3 @@ -260,10 +255,6 @@ l18n==2020.6.1 # via # -c requirements/dev/../base/base.txt # wagtail -markuppy==1.14 - # via - # -c requirements/dev/../base/base.txt - # tablib markupsafe==2.1.1 # via jinja2 mccabe==0.7.0 @@ -296,14 +287,10 @@ oauthlib==3.1.0 # via # -c requirements/dev/../base/base.txt # requests-oauthlib -odfpy==1.4.1 +openpyxl==3.1.2 # via # -c requirements/dev/../base/base.txt - # tablib -openpyxl==3.0.6 - # via - # -c requirements/dev/../base/base.txt - # tablib + # wagtail openshift==0.12 # via -r requirements/dev/dev.in packaging==20.9 @@ -414,7 +401,6 @@ pyyaml==5.4.1 # kubernetes # kubernetes-validate # pre-commit - # tablib pyzmq==22.0.3 # via # jupyter-client @@ -472,10 +458,6 @@ sqlparse==0.4.1 # -c requirements/dev/../base/base.txt # django # django-debug-toolbar -tablib[html,ods,xls,xlsx,yaml]==3.0.0 - # via - # -c requirements/dev/../base/base.txt - # wagtail telepath==0.2 # via # -c requirements/dev/../base/base.txt @@ -523,7 +505,7 @@ urwid==2.1.2 # via pudb virtualenv==20.17.1 # via pre-commit -wagtail==4.0.4 +wagtail==4.2.2 # via # -c requirements/dev/../base/base.txt # wagtail-factories @@ -542,18 +524,6 @@ willow==1.4 # via # -c requirements/dev/../base/base.txt # wagtail -xlrd==2.0.1 - # via - # -c requirements/dev/../base/base.txt - # tablib -xlsxwriter==1.3.7 - # via - # -c requirements/dev/../base/base.txt - # wagtail -xlwt==1.3.0 - # via - # -c requirements/dev/../base/base.txt - # tablib zipp==3.4.0 # via importlib-metadata From 272e6a0b2e6be2d72a74746ffcabf7d8e1426b97 Mon Sep 17 00:00:00 2001 From: Tobias McNulty Date: Fri, 19 May 2023 15:01:03 -0400 Subject: [PATCH 11/32] Add aws-cloudwatch-metrics Helm chart and alarms (#268) --- .gitignore | 1 + deploy/deploy-cluster.yml | 57 +++++++++++++++++++++++++++++++++++++++ deploy/group_vars/all.yml | 5 ++++ docs/hosting-services.md | 12 +++++++++ 4 files changed, 75 insertions(+) diff --git a/.gitignore b/.gitignore index b9526012..de317cdc 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,7 @@ media/* hip/static/bundles/main.js # Ansible +bin/ deploy/roles/* .vault_pass *.retry diff --git a/deploy/deploy-cluster.yml b/deploy/deploy-cluster.yml index 3b9393c0..89bc100d 100644 --- a/deploy/deploy-cluster.yml +++ b/deploy/deploy-cluster.yml @@ -9,6 +9,7 @@ - role: caktus.k8s-web-cluster tasks: - name: Add AWS for fluent bit helm chart (centralized logging) + tags: fluentbit community.kubernetes.helm: context: "{{ k8s_context|mandatory }}" kubeconfig: "{{ k8s_kubeconfig }}" @@ -26,3 +27,59 @@ elasticsearch: enabled: false wait: yes + - name: Create Amazon CloudWatch Metrics namespace + tags: cloudwatch + community.kubernetes.k8s: + context: "{{ k8s_context|mandatory }}" + kubeconfig: "{{ k8s_kubeconfig }}" + name: "{{ k8s_aws_cloudwatch_metrics_namespace }}" + api_version: v1 + kind: Namespace + state: present + - name: Add AWS CloudWatch Metrics helm chart (monitoring) + tags: cloudwatch + community.kubernetes.helm: + context: "{{ k8s_context|mandatory }}" + kubeconfig: "{{ k8s_kubeconfig }}" + chart_repo_url: "https://aws.github.io/eks-charts" + chart_ref: aws-cloudwatch-metrics + # https://artifacthub.io/packages/helm/aws/aws-cloudwatch-metrics + chart_version: "{{ k8s_aws_cloudwatch_metrics_chart_version }}" + release_name: aws-cloudwatch-metrics + release_namespace: "{{ k8s_aws_cloudwatch_metrics_namespace }}" + release_values: + clusterName: philly-hip-stack-cluster + wait: yes + - name: Create alarms + tags: cloudwatch + amazon.aws.cloudwatch_metric_alarm: + state: present + region: us-east-1 + name: "{{ item.name }}" + description: "{{ item.description }}" + metric: "{{ item.metric }}" + namespace: "ContainerInsights" + dimensions: + ClusterName: philly-hip-stack-cluster + statistic: Average + comparison: "{{ item.comparison }}" + threshold: "{{ item.threshold }}" + period: "{{ item.period }}" + evaluation_periods: "{{ item.evaluation_periods }}" + alarm_actions: + - arn:aws:sns:us-east-1:061553509755:HIP_Errors_CloudWatch_Alarms_Topic + loop: + - name: node-cpu-high + description: This will alarm when a instance's CPU usage average is greater than 50% for 15 minutes. + metric: node_cpu_utilization + comparison: GreaterThanOrEqualToThreshold + threshold: 50 + period: 300 + evaluation_periods: 3 + - name: node-count-low + description: This will alarm when a cluster's node count drops below 2 for 15 minutes. + metric: cluster_node_count + comparison: LessThanThreshold + threshold: 2 + period: 300 + evaluation_periods: 3 diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index 6baeaa47..51b28bfb 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -86,6 +86,11 @@ k8s_iam_users: [noop] # https://github.com/caktus/ansible-role-k8s-web-cluster/ # - https://github.com/aws/eks-charts/tree/master/stable/aws-for-fluent-bit # - https://artifacthub.io/packages/helm/aws/aws-for-fluent-bit k8s_aws_fluent_bit_chart_version: "0.1.18" +# aws-cloudwatch-metrics: +# - https://github.com/aws/eks-charts/tree/master/stable/aws-cloudwatch-metrics +# - https://artifacthub.io/packages/helm/aws/aws-cloudwatch-metrics +k8s_aws_cloudwatch_metrics_chart_version: "0.0.9" +k8s_aws_cloudwatch_metrics_namespace: amazon-cloudwatch # ---------------------------------------------------------------------------- # caktus.django-k8s: Shared configuration variables for staging and production diff --git a/docs/hosting-services.md b/docs/hosting-services.md index 2f386caf..555e9258 100644 --- a/docs/hosting-services.md +++ b/docs/hosting-services.md @@ -18,6 +18,18 @@ To download the latest `daily` backup: inv utils.get-db-backup ``` +## Monitoring + +Amazon CloudWatch Metrics receives data via the [aws-cloudwatch-metrics](https://github.com/aws/eks-charts/tree/master/stable/aws-cloudwatch-metrics) +Helm chart. To view metrics, login to the AWS account (via the Caktus AssumeRole, above), then: + +- Go to CloudWatch +- Click "All Metrics" +- Click "ContainerInsights" +- Drill down as needed + +CloudWatch Alarms can be created via Ansible, e.g., to provide an alert on high CPU utilization. See `deploy/deploy-cluster.yml` and add to the "Create alarms" task, as needed. + ## Logging Amazon CloudWatch Logs aggregates Kubernetes cluster and application logs. You From ad7adf58f07ee35843969cd3876f32ab815c32ae Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 1 Jun 2023 21:15:45 +0000 Subject: [PATCH 12/32] Add jq to Dockerfile dev container layer --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 5132f141..3b4940e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -129,6 +129,7 @@ RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/ docker-compose-plugin \ git-core \ gnupg2 \ + jq \ libpcre3 \ libpq-dev \ libpng-dev \ From 811625cb3d1617d7dbe5c8256376b0bfc74ce011 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Fri, 2 Jun 2023 16:58:12 +0000 Subject: [PATCH 13/32] Update deployment requirements --- deploy/requirements.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/requirements.yml b/deploy/requirements.yml index b2232ae7..f8b2b98f 100644 --- a/deploy/requirements.yml +++ b/deploy/requirements.yml @@ -2,13 +2,13 @@ - src: https://github.com/caktus/ansible-role-aws-web-stacks name: caktus.aws-web-stacks - src: https://github.com/caktus/ansible-role-k8s-web-cluster - version: v1.4.0 + version: v1.5.0 name: caktus.k8s-web-cluster # Note: caktus.django-k8s version 1.4.0 has been released, but deploys fail due to issue: # msg: Failed to find exact match for rabbitmq.com/v1beta1.RabbitmqCluster by [kind, name, singularName, shortNames] - src: https://github.com/caktus/ansible-role-django-k8s name: caktus.django-k8s - version: v1.5.0 + version: v1.6.0 - src: https://github.com/caktus/ansible-role-k8s-hosting-services name: caktus.k8s-hosting-services - version: v0.9.0 + version: v0.11.0 From a22c8f25d79ad556614f3e999c2f05415ab816dd Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Fri, 2 Jun 2023 16:49:07 -0400 Subject: [PATCH 14/32] Update dev requirements --- requirements/base/base.in | 3 ++- requirements/base/base.txt | 9 +++++---- requirements/dev/dev.in | 6 +++--- requirements/dev/dev.txt | 21 ++++++++++++--------- 4 files changed, 22 insertions(+), 17 deletions(-) diff --git a/requirements/base/base.in b/requirements/base/base.in index 51c80b9e..9bb5c9a2 100644 --- a/requirements/base/base.in +++ b/requirements/base/base.in @@ -17,7 +17,8 @@ django-sass-processor django-phonenumber-field django-honeypot whitenoise -boto3 +boto3==1.26.87 +botocore==1.29.87 libsass phonenumberslite pdfid diff --git a/requirements/base/base.txt b/requirements/base/base.txt index e3f27098..2d5e739c 100644 --- a/requirements/base/base.txt +++ b/requirements/base/base.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile requirements/base/base.in +# pip-compile --output-file=requirements/base/base.txt requirements/base/base.in # anyascii==0.1.7 # via wagtail @@ -10,10 +10,11 @@ asgiref==3.3.4 # via django beautifulsoup4==4.8.2 # via wagtail -boto3==1.17.74 +boto3==1.26.87 # via -r requirements/base/base.in -botocore==1.20.74 +botocore==1.29.87 # via + # -r requirements/base/base.in # boto3 # s3transfer certifi==2020.12.5 @@ -149,7 +150,7 @@ requests-oauthlib==1.3.0 # via social-auth-core rjsmin==1.1.0 # via django-compressor -s3transfer==0.4.2 +s3transfer==0.6.1 # via boto3 six==1.15.0 # via diff --git a/requirements/dev/dev.in b/requirements/dev/dev.in index 8c76f765..9a11bfe9 100644 --- a/requirements/dev/dev.in +++ b/requirements/dev/dev.in @@ -8,16 +8,16 @@ ipython jupyterlab # deploy -ansible==5.9.0 +ansible==7.6.0 invoke-kubesae==0.1.0 # AWS tools -awscli +awscli==1.27.87 awslogs Jinja2==3.0.3 openshift==0.12 kubernetes==12.0.0 -kubernetes-validate +kubernetes-validate~=1.25.0 pre-commit coverage diff --git a/requirements/dev/dev.txt b/requirements/dev/dev.txt index c905401d..aca21fad 100644 --- a/requirements/dev/dev.txt +++ b/requirements/dev/dev.txt @@ -2,13 +2,13 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile requirements/dev/dev.in +# pip-compile --output-file=requirements/dev/dev.txt requirements/dev/dev.in # -ansible==5.9.0 +ansible==7.6.0 # via # -r requirements/dev/dev.in # invoke-kubesae -ansible-core==2.12.7 +ansible-core==2.14.6 # via ansible anyascii==0.1.7 # via @@ -17,7 +17,10 @@ anyascii==0.1.7 anyio==2.1.0 # via jupyter-server appnope==0.1.2 - # via -r requirements/dev/dev.in + # via + # -r requirements/dev/dev.in + # ipykernel + # ipython argon2-cffi==20.1.0 # via notebook asgiref==3.3.4 @@ -30,7 +33,7 @@ attrs==20.3.0 # via # jsonschema # pytest -awscli==1.19.74 +awscli==1.27.87 # via -r requirements/dev/dev.in awslogs==0.14.0 # via -r requirements/dev/dev.in @@ -46,12 +49,12 @@ black==22.6.0 # via -r requirements/dev/dev.in bleach==3.3.0 # via nbconvert -boto3==1.17.74 +boto3==1.26.87 # via # -c requirements/dev/../base/base.txt # awslogs # invoke-kubesae -botocore==1.20.74 +botocore==1.29.87 # via # -c requirements/dev/../base/base.txt # awscli @@ -249,7 +252,7 @@ kubernetes==12.0.0 # via # -r requirements/dev/dev.in # openshift -kubernetes-validate==1.19.0 +kubernetes-validate==1.25.2 # via -r requirements/dev/dev.in l18n==2020.6.1 # via @@ -425,7 +428,7 @@ rsa==4.5 # google-auth ruamel-yaml==0.16.12 # via openshift -s3transfer==0.4.2 +s3transfer==0.6.1 # via # -c requirements/dev/../base/base.txt # awscli From 58a5678adbb8b5ae766b9e7f6923f8e676fb5f12 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Fri, 2 Jun 2023 16:53:52 -0400 Subject: [PATCH 15/32] Update descheduler to v0.25.1 --- deploy/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index 51b28bfb..7a5641e0 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -211,7 +211,7 @@ k8s_install_descheduler: yes # You must set the k8s_descheduler_chart_version to match the Kubernetes # node version (0.23.x -> K8s 1.23.x); see: # https://github.com/kubernetes-sigs/descheduler#compatibility-matrix -k8s_descheduler_chart_version: v0.22.1 +k8s_descheduler_chart_version: v0.25.2 # See values.yaml for options: # https://github.com/kubernetes-sigs/descheduler/blob/master/charts/descheduler/values.yaml#L63 k8s_descheduler_release_values: From e3ba2ffc2b20bb543f9aca5c2320130fdff02aa7 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 6 Jun 2023 16:40:03 -0400 Subject: [PATCH 16/32] Update cert manager chart version --- deploy/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index 7a5641e0..0076cea5 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -79,7 +79,7 @@ k8s_cluster_type: aws # aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/{{ cluster_name }}" k8s_ingress_nginx_chart_version: "4.4.2" -k8s_cert_manager_chart_version: "v1.11.0" +k8s_cert_manager_chart_version: "v1.11.1" k8s_letsencrypt_email: admin@caktusgroup.com k8s_iam_users: [noop] # https://github.com/caktus/ansible-role-k8s-web-cluster/issues/17 # aws-for-fluent-bit From 2085ba487fdf0fc363489aec30ba9e559dfc3417 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 6 Jun 2023 21:04:09 +0000 Subject: [PATCH 17/32] Update kube client version and helm --- Dockerfile | 4 ++-- deploy/group_vars/all.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3b4940e5..5e4cfe83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -118,8 +118,8 @@ RUN groupadd --gid $USER_GID $USERNAME \ # openssh-client -- for git over SSH # sudo -- to run commands as superuser # vim -- enhanced vi editor for commits -ENV KUBE_CLIENT_VERSION="v1.22.15" -ENV HELM_VERSION="3.8.2" +ENV KUBE_CLIENT_VERSION="v1.25.10" +ENV HELM_VERSION="3.12.0" RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ --mount=type=cache,mode=0755,target=/root/.cache/pip \ set -ex \ diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index 0076cea5..9c483ae7 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -78,7 +78,7 @@ cloudformation_stack: k8s_cluster_type: aws # aws eks describe-cluster --name=philly-hip-stack-cluster --query 'cluster.arn' k8s_context: "arn:aws:eks:us-east-1:061553509755:cluster/{{ cluster_name }}" -k8s_ingress_nginx_chart_version: "4.4.2" +k8s_ingress_nginx_chart_version: "4.6.0" k8s_cert_manager_chart_version: "v1.11.1" k8s_letsencrypt_email: admin@caktusgroup.com k8s_iam_users: [noop] # https://github.com/caktus/ansible-role-k8s-web-cluster/issues/17 From ce8677dac6ea5fe8266d99c7c53eeb523bc02bdc Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 6 Jun 2023 21:06:27 +0000 Subject: [PATCH 18/32] update gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index de317cdc..6185066e 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,8 @@ env-local.sh .direnv venv webpack-stats.json +bin +.kube # Project Static Files node_modules/* From 2b403a29f662ce01c449c6ffb406ab0929e6c89c Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Fri, 30 Jun 2023 00:42:51 +0000 Subject: [PATCH 19/32] return a 404 status code response when serving HealthAlertDetailPage with no alert_file --- apps/health_alerts/models.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apps/health_alerts/models.py b/apps/health_alerts/models.py index 0930fef0..8620b128 100644 --- a/apps/health_alerts/models.py +++ b/apps/health_alerts/models.py @@ -1,6 +1,7 @@ import datetime from django.db import models +from django.http import Http404 from django.shortcuts import redirect from phonenumber_field.modelfields import PhoneNumberField @@ -108,6 +109,10 @@ def get_priority_color(self): return "" def serve(self, request): + """Return the URL for the HealthAlertDetailPage's alert_file (or a 404 page).""" + # If the HealthAlertDetailPage does not have an alert_file, then return a 404 page. + if not self.alert_file: + raise Http404() return redirect(self.alert_file.url) # Because we have overridden the serve() method of this model, we also need to From ed75e58f2684003272d477184229dec97b716fc1 Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Fri, 30 Jun 2023 00:45:03 +0000 Subject: [PATCH 20/32] add tests for HealthAlertDetailPage's serve() and serve_preview() methods --- apps/health_alerts/tests/test_models.py | 51 +++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 apps/health_alerts/tests/test_models.py diff --git a/apps/health_alerts/tests/test_models.py b/apps/health_alerts/tests/test_models.py new file mode 100644 index 00000000..a8cd112f --- /dev/null +++ b/apps/health_alerts/tests/test_models.py @@ -0,0 +1,51 @@ +from django.http import Http404 + +import pytest + +from apps.hip.tests.factories import DocumentFactory + +from .factories import HealthAlertDetailPageFactory + + +@pytest.mark.parametrize( + "page_is_live,page_has_alert_file,expected_response_status_code", + [ + (True, True, 302), + (True, False, 404), + (False, True, 302), + (False, False, 404), + ], +) +def test_serve_health_alert_detail_page( + db, + client, + request, + page_is_live, + page_has_alert_file, + expected_response_status_code, +): + """Assert that loading a HealthAlertDetailPage does not cause a server error.""" + health_alert_page = HealthAlertDetailPageFactory(live=page_is_live, alert_file=None) + if page_has_alert_file: + health_alert_page.alert_file = DocumentFactory() + health_alert_page.save() + + # Call the serve() method, and verify that the response is as expected. + if expected_response_status_code == 404: + with pytest.raises(Http404): + health_alert_page.serve(request) + else: + response_serve = health_alert_page.serve(request) + assert expected_response_status_code == response_serve.status_code + if expected_response_status_code == 302: + assert health_alert_page.alert_file.url == response_serve.url + + # Call the serve_preview() method, and verify that the response is as expected. + if expected_response_status_code == 404: + with pytest.raises(Http404): + health_alert_page.serve_preview(request, "") + else: + response_serve_preview = health_alert_page.serve_preview(request, "") + assert expected_response_status_code == response_serve_preview.status_code + if expected_response_status_code == 302: + assert health_alert_page.alert_file.url == response_serve_preview.url From ce6548542f0abb4ce7c119f16680650f3ad3d34c Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Wed, 5 Jul 2023 14:34:42 +0000 Subject: [PATCH 21/32] update to latest Django bugfix version --- requirements/base/base.txt | 4 ++-- requirements/dev/dev.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/base/base.txt b/requirements/base/base.txt index e3f27098..93a3ceca 100644 --- a/requirements/base/base.txt +++ b/requirements/base/base.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile requirements/base/base.in +# pip-compile --output-file=requirements/base/base.txt requirements/base/base.in # anyascii==0.1.7 # via wagtail @@ -33,7 +33,7 @@ diff-match-patch==20200713 # via django-import-export dj-database-url==0.5.0 # via -r requirements/base/base.in -django==3.2.18 +django==3.2.20 # via # -r requirements/base/base.in # django-appconf diff --git a/requirements/dev/dev.txt b/requirements/dev/dev.txt index c905401d..9f3d41eb 100644 --- a/requirements/dev/dev.txt +++ b/requirements/dev/dev.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile requirements/dev/dev.in +# pip-compile --output-file=requirements/dev/dev.txt requirements/dev/dev.in # ansible==5.9.0 # via @@ -97,7 +97,7 @@ defusedxml==0.7.1 # nbconvert distlib==0.3.6 # via virtualenv -django==3.2.18 +django==3.2.20 # via # -c requirements/dev/../base/base.txt # django-debug-toolbar From c94eb26fc44ee1685af50d273892b189b559862c Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Mon, 31 Jul 2023 20:45:36 +0000 Subject: [PATCH 22/32] Update pyyaml, awscli, boto3, and botocore --- requirements/base/base.in | 4 ++-- requirements/dev/dev.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/base/base.in b/requirements/base/base.in index 9bb5c9a2..d93e47f6 100644 --- a/requirements/base/base.in +++ b/requirements/base/base.in @@ -17,8 +17,8 @@ django-sass-processor django-phonenumber-field django-honeypot whitenoise -boto3==1.26.87 -botocore==1.29.87 +boto3==1.28.4 +botocore==1.31.4 libsass phonenumberslite pdfid diff --git a/requirements/dev/dev.in b/requirements/dev/dev.in index 9a11bfe9..651bcc2d 100644 --- a/requirements/dev/dev.in +++ b/requirements/dev/dev.in @@ -1,7 +1,7 @@ # Dev requirements -c ../base/base.txt -pyyaml +pyyaml==6.0.1 black==22.6.0 isort ipython @@ -12,7 +12,7 @@ ansible==7.6.0 invoke-kubesae==0.1.0 # AWS tools -awscli==1.27.87 +awscli==1.29.4 awslogs Jinja2==3.0.3 openshift==0.12 From f7850ac26c59629240d05a0c54682d6aebbd063e Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Tue, 1 Aug 2023 22:12:33 -0400 Subject: [PATCH 23/32] explcitly add PyYAML dependency to base requirements file, so we can guarantee using version>6 --- requirements/base/base.in | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements/base/base.in b/requirements/base/base.in index d93e47f6..99d819cd 100644 --- a/requirements/base/base.in +++ b/requirements/base/base.in @@ -11,6 +11,7 @@ django-compressor django-taggit django-ipware django-import-export +pyyaml==6.0.1 django-sass-processor From b7b252cb9f7632ec7c546d5783e5c30f3672fbcf Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Tue, 1 Aug 2023 22:14:13 -0400 Subject: [PATCH 24/32] update generated requirements files based on changes to .in files --- requirements/base/base.txt | 10 ++++++---- requirements/dev/dev.txt | 10 +++++----- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/requirements/base/base.txt b/requirements/base/base.txt index 2d5e739c..8e1f8619 100644 --- a/requirements/base/base.txt +++ b/requirements/base/base.txt @@ -10,9 +10,9 @@ asgiref==3.3.4 # via django beautifulsoup4==4.8.2 # via wagtail -boto3==1.26.87 +boto3==1.28.4 # via -r requirements/base/base.in -botocore==1.29.87 +botocore==1.31.4 # via # -r requirements/base/base.in # boto3 @@ -137,8 +137,10 @@ pytz==2021.1 # django # django-modelcluster # l18n -pyyaml==5.4.1 - # via tablib +pyyaml==6.0.1 + # via + # -r requirements/base/base.in + # tablib rcssmin==1.0.6 # via django-compressor requests==2.25.1 diff --git a/requirements/dev/dev.txt b/requirements/dev/dev.txt index aca21fad..39509086 100644 --- a/requirements/dev/dev.txt +++ b/requirements/dev/dev.txt @@ -33,7 +33,7 @@ attrs==20.3.0 # via # jsonschema # pytest -awscli==1.27.87 +awscli==1.29.4 # via -r requirements/dev/dev.in awslogs==0.14.0 # via -r requirements/dev/dev.in @@ -49,12 +49,12 @@ black==22.6.0 # via -r requirements/dev/dev.in bleach==3.3.0 # via nbconvert -boto3==1.26.87 +boto3==1.28.4 # via # -c requirements/dev/../base/base.txt # awslogs # invoke-kubesae -botocore==1.29.87 +botocore==1.31.4 # via # -c requirements/dev/../base/base.txt # awscli @@ -294,7 +294,7 @@ openpyxl==3.1.2 # via # -c requirements/dev/../base/base.txt # wagtail -openshift==0.12 +openshift==0.12.0 # via -r requirements/dev/dev.in packaging==20.9 # via @@ -395,7 +395,7 @@ pytz==2021.1 # django # django-modelcluster # l18n -pyyaml==5.4.1 +pyyaml==6.0.1 # via # -c requirements/dev/../base/base.txt # -r requirements/dev/dev.in From 6fec16d447a9b2590e018c2ef575a8f89df0e8cc Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Fri, 4 Aug 2023 09:47:24 -0400 Subject: [PATCH 25/32] temporarily enable CI to deploy this branch --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5df0e159..4ae82fff 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,6 +5,7 @@ on: branches: - main - develop + - pyyaml-fix jobs: deploy: From b6eb26f8e442c404c0b98718dcf4d1188e295161 Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Fri, 4 Aug 2023 09:53:23 -0400 Subject: [PATCH 26/32] revert temporary change to CI config file --- .github/workflows/deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4ae82fff..5df0e159 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,7 +5,6 @@ on: branches: - main - develop - - pyyaml-fix jobs: deploy: From be637e4f5bb1566c491b4f9a56c7749d1c654528 Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Mon, 11 Sep 2023 10:29:35 -0400 Subject: [PATCH 27/32] upgrade to latest bugfix version --- requirements/base/base.txt | 2 +- requirements/dev/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/base/base.txt b/requirements/base/base.txt index 3248c847..684178f7 100644 --- a/requirements/base/base.txt +++ b/requirements/base/base.txt @@ -34,7 +34,7 @@ diff-match-patch==20200713 # via django-import-export dj-database-url==0.5.0 # via -r requirements/base/base.in -django==3.2.20 +django==3.2.21 # via # -r requirements/base/base.in # django-appconf diff --git a/requirements/dev/dev.txt b/requirements/dev/dev.txt index 296d13a2..b63a20ef 100644 --- a/requirements/dev/dev.txt +++ b/requirements/dev/dev.txt @@ -100,7 +100,7 @@ defusedxml==0.7.1 # nbconvert distlib==0.3.6 # via virtualenv -django==3.2.20 +django==3.2.21 # via # -c requirements/dev/../base/base.txt # django-debug-toolbar From ca5e35fadacc55806573469f0e1fbb9d265dfbc1 Mon Sep 17 00:00:00 2001 From: Dmitriy Chukhin Date: Thu, 5 Oct 2023 11:06:30 -0400 Subject: [PATCH 28/32] upgrade Django to latest bugfix version --- requirements/base/base.txt | 2 +- requirements/dev/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/base/base.txt b/requirements/base/base.txt index 684178f7..d6d6699b 100644 --- a/requirements/base/base.txt +++ b/requirements/base/base.txt @@ -34,7 +34,7 @@ diff-match-patch==20200713 # via django-import-export dj-database-url==0.5.0 # via -r requirements/base/base.in -django==3.2.21 +django==3.2.22 # via # -r requirements/base/base.in # django-appconf diff --git a/requirements/dev/dev.txt b/requirements/dev/dev.txt index b63a20ef..6e50003c 100644 --- a/requirements/dev/dev.txt +++ b/requirements/dev/dev.txt @@ -100,7 +100,7 @@ defusedxml==0.7.1 # nbconvert distlib==0.3.6 # via virtualenv -django==3.2.21 +django==3.2.22 # via # -c requirements/dev/../base/base.txt # django-debug-toolbar From eb829e4ce9024577b70bc7bba91d6ee5edeb9089 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Mon, 30 Oct 2023 15:47:09 +0000 Subject: [PATCH 29/32] Enables solely LTS version notification --- hip/settings/base.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hip/settings/base.py b/hip/settings/base.py index 632f310f..c6a8217e 100644 --- a/hip/settings/base.py +++ b/hip/settings/base.py @@ -336,3 +336,7 @@ EVENT_SIGNUP_FORM_SUBMISSION_RECIPIENTS = GENERAL_INQUIRY_EMAIL_RECIPIENTS DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "no-reply@hip.caktus-built.com") + +# Notifies user in Wagtail Admin only of LTS versions +# https://docs.wagtail.org/en/stable/reference/settings.html#wagtail-enable-update-check +WAGTAIL_ENABLE_UPDATE_CHECK = "lts" From b5cabbb3c8db2f2f896aa88dc3d0cb67e28f4059 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Mon, 30 Oct 2023 15:57:02 +0000 Subject: [PATCH 30/32] Reload workers after a specified amount of requests --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 5e4cfe83..37e61401 100644 --- a/Dockerfile +++ b/Dockerfile @@ -183,3 +183,6 @@ ENV PATH=/code/venv/bin:$PATH WORKDIR /code CMD ["python", "/code/manage.py", "runserver", "0.0.0.0:8000"] + +# Reload workers after the specified amount of managed requests (avoid memory leaks) +ENV UWSGI_MAX_REQUESTS=1000 From cbb63d0fae5a28308b2b84dae91d956738d70de5 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Wed, 1 Nov 2023 13:38:20 -0400 Subject: [PATCH 31/32] Move max request up in file --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 37e61401..286cd651 100644 --- a/Dockerfile +++ b/Dockerfile @@ -85,6 +85,9 @@ ENV UWSGI_HTTP=:8000 UWSGI_MASTER=1 UWSGI_HTTP_AUTO_CHUNKED=1 UWSGI_HTTP_KEEPALI # Number of uWSGI workers and threads per worker (customize as needed): ENV UWSGI_WORKERS=2 UWSGI_THREADS=4 +# Reload workers after the specified amount of managed requests (avoid memory leaks) +ENV UWSGI_MAX_REQUESTS=1000 + # uWSGI static file serving configuration (customize or comment out if not needed): ENV UWSGI_STATIC_MAP="/static/=/code/static/" UWSGI_STATIC_EXPIRES_URI="/static/.*\.[a-f0-9]{12,}\.(css|js|png|jpg|jpeg|gif|ico|woff|ttf|otf|svg|scss|map|txt) 315360000" @@ -183,6 +186,3 @@ ENV PATH=/code/venv/bin:$PATH WORKDIR /code CMD ["python", "/code/manage.py", "runserver", "0.0.0.0:8000"] - -# Reload workers after the specified amount of managed requests (avoid memory leaks) -ENV UWSGI_MAX_REQUESTS=1000 From 49fc9a04d285df57326e5c27dad9dca76693d1af Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 2 Nov 2023 13:58:58 +0000 Subject: [PATCH 32/32] Update Django to latest bugfix release --- requirements/base/base.txt | 2 +- requirements/dev/dev.txt | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/requirements/base/base.txt b/requirements/base/base.txt index d6d6699b..e0ad15ad 100644 --- a/requirements/base/base.txt +++ b/requirements/base/base.txt @@ -34,7 +34,7 @@ diff-match-patch==20200713 # via django-import-export dj-database-url==0.5.0 # via -r requirements/base/base.in -django==3.2.22 +django==3.2.23 # via # -r requirements/base/base.in # django-appconf diff --git a/requirements/dev/dev.txt b/requirements/dev/dev.txt index 6e50003c..132f09f2 100644 --- a/requirements/dev/dev.txt +++ b/requirements/dev/dev.txt @@ -17,10 +17,7 @@ anyascii==0.1.7 anyio==2.1.0 # via jupyter-server appnope==0.1.2 - # via - # -r requirements/dev/dev.in - # ipykernel - # ipython + # via -r requirements/dev/dev.in argon2-cffi==20.1.0 # via notebook asgiref==3.3.4 @@ -100,7 +97,7 @@ defusedxml==0.7.1 # nbconvert distlib==0.3.6 # via virtualenv -django==3.2.22 +django==3.2.23 # via # -c requirements/dev/../base/base.txt # django-debug-toolbar