DRAFT: Integrating https://github.com/pvarki/python-tak-rmapi

.github/workflows/build.yml

@@ -0,0 +1,29 @@
+on:
+    pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: write
+    strategy:
+      matrix:
+        python-version: ["3.11"] # , "3.12"]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: install dependencies
+        id: install_dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pre-commit detect-secrets
+      - name: pre-commit
+        id: pre_commit
+        run: |
+          export SKIP=no-commit-to-branch
+          cp takserver.env.example takserver.env
+          pre-commit run --all-files
+# TODO: Check that compositions meant for purely local development build

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "rmapi"]
+	path = rmapi
+	url = git@github.com:pvarki/python-tak-rmapi.git

.pre-commit-config.yaml

@@ -21,34 +21,19 @@ repos:
     -   id: pretty-format-json
         args:
         - --autofix
--   repo: https://github.com/psf/black
-    rev: 22.3.0
+-   repo: https://github.com/IamTheFij/docker-pre-commit.git
+    rev: v2.1.1
     hooks:
-    -   id: black
-        language_version: python3
--   repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.942
-    hooks:
-    -   id: mypy
-        language: system
-        args: [--strict] #, --ignore-missing-imports]
--   repo: https://github.com/pycqa/pylint
-    rev: v2.13.4
-    hooks:
-    -   id: pylint
-        language: system
+    -   id: docker-compose-check
+        files: "docker-compose.*.yml"
+        exclude: ".*.tpl"
 -   repo: https://github.com/Lucas-C/pre-commit-hooks
     rev: v1.1.13
     hooks:
     -   id: forbid-crlf
     -   id: remove-crlf
     -   id: forbid-tabs
     -   id: remove-tabs
--   repo: https://github.com/PyCQA/bandit
-    rev: 1.7.4
-    hooks:
-    - id: bandit
-      args: ["--skip=B101"]
 -   repo: https://github.com/Lucas-C/pre-commit-hooks-markup
     rev: v1.0.1
     hooks:
@@ -58,5 +43,5 @@ repos:
     hooks:
     -   id: detect-secrets
         language: system
-        exclude: "poetry.lock"
+        exclude: "poetry.lock|templates/example_.*"
         # args: ['--baseline', '.secrets.baseline']

Dockerfile

@@ -22,6 +22,7 @@ RUN apt-get update && apt-get install -y \
       curl \
       pwgen \
       zip \
+      jq \
     && apt-get autoremove -y \
     && rm -rf /var/lib/apt/lists/* \
     && curl https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -o /usr/bin/wait-for-it.sh \

README.rst

@@ -1,29 +1,47 @@
-===================
-Run TAK Java server
-===================
+================================
+Run TAK Java server in container
+================================
 
 tldr::
 
     cp takserver.env.example takserver.env
     # edit the env
     # export the variables gomplate uses (see the .tpl files)
-    cat docker compose.yml.tpl | gomplate >docker compose.yml
-    cat traefik.toml.tpl | gomplate >traefik.toml
     docker compose pull --include-deps --ignore-pull-failures
     docker compose -p tak up -d
 
 or use docker compose.local.yml without gomplate for local dev (rebuilding containers)::
 
     export DOCKER_TAG_EXTRA="-dev"
-    docker build --progress=plain -t takserver:latest${DOCKER_TAG_EXTRA} -t takserver:4.7-RELEASE-32${DOCKER_TAG_EXTRA} -t pvarki/takserver:4.7-RELEASE-32${DOCKER_TAG_EXTRA} .
-    docker build --progress=plain --target production -t takserver:certsapi-latest${DOCKER_TAG_EXTRA} -t pvarki/takserver:certsapi-latest${DOCKER_TAG_EXTRA} -f python-takcertsapi/Dockerfile ./
+    docker build --no-cache --progress=plain -t takserver:latest${DOCKER_TAG_EXTRA} -t takserver:4.7-RELEASE-32${DOCKER_TAG_EXTRA} -t pvarki/takserver:4.7-RELEASE-32${DOCKER_TAG_EXTRA} .
     cp takserver.env.example takserver.env
     # edit the env
-    docker compose -f docker compose.local.yml -p tak up
+    docker compose -f docker-compose.local.yml -p tak up
 
 Note, for things that live in the volumes (like TAK certs) you must nuke the volumes to see changes::
 
-    docker compose -f docker compose.local.yml -p tak down -v ; docker compose -f docker compose.local.yml -p tak rm -vf
+    docker compose -f docker-compose.local.yml -p tak down -v ; docker compose -f docker-compose.local.yml -p tak rm -vf
+
+Git submodules
+--------------
+
+When cloning for the first time use::
+
+    git clone --recurse-submodules -j8 git@github.com:pvarki/docker-atak-server.git
+
+When updating or checking out branches use::
+
+    git submodule update
+
+And if you forgot to --recurse-submodules run git submodule init to fix things.
+
+The submodules are repos in their own right, if you plan to make changes into them change
+to the directory and create new branch, commit and push changes as usual under that directory.
+
+Directories that are submodules
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+  - rmapi https://github.com/pvarki/python-tak-rmapi
 
 
 
@@ -34,11 +52,11 @@ Using the REST API is probably nicer though
 
 Create client package::
 
-    docker compose -p tak exec takserver /bin/bash -c 'CLIENT_CERT_NAME=replaceme /opt/scripts/make_client_zip.sh'
+    docker compose -p tak exec takserver_api /bin/bash -c 'CLIENT_CERT_NAME=replaceme /opt/scripts/make_client_zip.sh'
 
 Then get /opt/tak/certs/files/clientpkgs/replaceme.zip out of the container::
 
-    docker compose -p tak exec takserver /bin/bash -c 'base64 /opt/tak/certs/files/clientpkgs/replaceme.zip' | base64 -id >replaceme.zip
+    docker compose -p tak exec taktakserver_apiserver /bin/bash -c 'base64 /opt/tak/certs/files/clientpkgs/replaceme.zip' | base64 -id >replaceme.zip
 
 This approach also works for recovering the admin cert (/opt/tak/certs/files/admin.p12 unless you changed the ADMIN_CERT_NAME ENV)
 
@@ -48,7 +66,7 @@ Creating new admin users
 
 Create the user on the takserver container::
 
-    docker compose -p tak exec takserver /bin/bash -c 'cd /opt/tak/data/certs/ && CAPASS=$CA_PASS PASS=replaceme_user_cert_pass ./makeCert.sh client replaceme_username && ADMIN_CERT_NAME=replaceme_username /opt/scripts/enable_admin.sh'
+    docker compose -p tak exec takserver_api /bin/bash -c 'cd /opt/tak/data/certs/ && CAPASS=$CA_PASS PASS=replaceme_user_cert_pass ./makeCert.sh client replaceme_username && ADMIN_CERT_NAME=replaceme_username /opt/scripts/enable_admin.sh'
 
 See above about the hard way of getting the cert file, or use the REST API.
 

azure-takdb.yml

@@ -0,0 +1,44 @@
+kind: containerapp
+location: westeurope
+name: takdb
+resourceGroup: xxxx
+type: Microsoft.App/containerApps
+properties:
+  managedEnvironmentId: xxxx
+  configuration:
+    activeRevisionsMode: Single
+    ingress:
+      external: true
+      allowInsecure: true
+      exposedPort: 5432
+      targetPort: 5432
+      traffic:
+        - latestRevision: true
+          weight: 100
+      transport: tcp
+  template:
+    containers:
+      - name: takdb
+        image: postgis/postgis:15-3.3
+        resources:
+          cpu: 0.5
+          memory: 1Gi
+        volumeMounts:
+          - mountPath: /var/lib/postgresql/data
+            volumeName: takdb
+        env:
+          - name: POSTGRES_DB
+            value: cot
+          - name: POSTGRES_USER
+            value: martiuser
+          - name: POSTGRES_ADDRESS
+            value: takdb
+          - name: POSTGRES_PASSWORD
+            value: Password12341
+    scale:
+      minReplicas: 1
+      maxReplicas: 1
+
+    volumes:
+      - name: takdb
+        storageType: EmptyDir

azure-takserver.yml

@@ -0,0 +1,139 @@
+kind: containerapp
+location: westeurope
+name: takserver-toni-dev
+resourceGroup: xxxxx
+type: Microsoft.App/containerApps
+properties:
+  configuration:
+    activeRevisionsMode: Single
+    ingress:
+      additionalPortMappings:
+      - exposedPort: 8089
+        external: true
+        targetPort: 8089
+      - exposedPort: 8444
+        external: true
+        targetPort: 8444
+      - exposedPort: 8446
+        external: true
+        targetPort: 8446
+      - exposedPort: 8080
+        external: true
+        targetPort: 8080
+      allowInsecure: false
+      external: true
+      exposedPort: 8443
+      targetPort: 8443
+      traffic:
+      - latestRevision: true
+        weight: 100
+      transport: tcp
+  managedEnvironmentId: xxxxx
+  template:
+    containers:
+      - name: takserver-messaging
+        image: pvarki/takserver:4.7-RELEASE-32-dev
+        resources:
+          cpu: 2
+          memory: 4Gi
+        command: [ '/opt/scripts/start-tak.sh','messaging' ]
+        env:
+          - name: ADMIN_CERT_PASS
+            value: Password12341
+          - name: TAKSERVER_CERT_PASS
+            value: Password12341
+          - name: CA_PASS
+            value: CAPassword123
+          - name: POSTGRES_DB
+            value: cot
+          - name: POSTGRES_USER
+            value: martiuser
+          - name: POSTGRES_ADDRESS
+            value: xxxx
+          - name: POSTGRES_PASSWORD
+            value: Password12341
+        volumeMounts:
+          - mountPath: /opt/tak/data/logs
+            volumeName: takserver-logs
+          - mountPath: /opt/tak/data/certs
+            volumeName: takserver-certs
+      - name: takserver-api
+        image: pvarki/takserver:4.7-RELEASE-32-dev
+        resources:
+          cpu: 2
+          memory: 4Gi
+        command: [ '/opt/scripts/start-tak.sh','api' ]
+        env:
+          - name: ADMIN_CERT_PASS
+            value: Password12341
+          - name: TAKSERVER_CERT_PASS
+            value: Password12341
+          - name: CA_PASS
+            value: CAPassword123
+          - name: POSTGRES_DB
+            value: cot
+          - name: POSTGRES_USER
+            value: martiuser
+          - name: POSTGRES_ADDRESS
+            value: xxxx
+          - name: POSTGRES_PASSWORD
+            value: Password12341
+          - name: ADMIN_CERT_NAME
+            value: admin
+        volumeMounts:
+          - mountPath: /opt/tak/data/logs
+            volumeName: takserver-logs
+          - mountPath: /opt/tak/data/certs
+            volumeName: takserver-certs
+    scale:
+      minReplicas: 1
+      maxReplicas: 1
+    initContainers:
+      - name: takserver-init
+        image: pvarki/takserver:4.7-RELEASE-32-dev
+        resources:
+          cpu: 0.25
+          memory: 0.5Gi
+        command: [ '/opt/scripts/firstrun.sh' ]
+        volumeMounts:
+          - mountPath: /opt/tak/data/certs
+            volumeName: takserver-certs
+        env:
+          - name: POSTGRES_DB
+            value: cot
+          - name: POSTGRES_USER
+            value: martiuser
+          - name: POSTGRES_ADDRESS
+            value:
+          - name: POSTGRES_PASSWORD
+            value: Password12341
+          - name: ADMIN_CERT_NAME
+            value: admin
+          - name: ADMIN_CERT_PASS
+            value: Password12341
+          - name: TAKSERVER_CERT_PASS
+            value: Password12341
+          - name: COUNTRY
+            value: fi
+          - name: CA_NAME
+            value: Test-CA
+          - name: CA_PASS
+            value: CAPassword123
+          - name: STATE
+            value: Uusimaa
+          - name: CITY
+            value: Helsinki
+          - name: ORGANIZATION
+            value: Test
+          - name: ORGANIZATIONAL_UNIT
+            value: Test
+
+    volumes:
+      - name: takserver-logs
+        storageType: EmptyDir
+#        storageType: AzureFile
+#        storageName: takserver-logs
+      - name: takserver-certs
+        storageType: EmptyDir
+#        storageType: AzureFile
+#        storageName: takserver-certs