Appmotion gateway (#488)

* Return removed staging CA for letsenrypt * Fix missing $ * Remove PAYMENTS_AUTORECHARGE_DEFAULT_MIN_BALANCE * Add missing deploy constraint to prom catch all * AWS Traefik: add missing cert volume * Add appmotion gateway * fix * add sim4life cert paths * fixes * Fix docker compose version * minor fixes * Increase payments network size to reduce IP exhaustion * PC review fixes * clean .gitignore * PC review fixes * remove stale comments
ITISFoundation · Jan 5, 2024 · a95c396 · a95c396
1 parent 042bb52
commit a95c396
Show file tree

Hide file tree

Showing 11 changed files with 295 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -149,3 +149,5 @@ docker-compose.simcore.yml
 repo.config
 .temp
 .temp/**
+
+*secret*
diff --git a/scripts/common.Makefile b/scripts/common.Makefile
@@ -38,6 +38,12 @@ MONITORED_NETWORK := $(monitored_network)
 endif
 export MONITORED_NETWORK
 
+ifeq ($(appmotion_network),)
+APPMOTION_NETWORK = appmotion-network
+else
+APPMOTION_NETWORK := $(appmotion_network)
+endif
+export APPMOTION_NETWORK
 
 # Check that a valid location to a config file is set.
 REPO_BASE_DIR := $(shell git rev-parse --show-toplevel)
@@ -254,6 +260,10 @@ clean-default: .check_clean ## Cleans all outputs
 		,  \
 		, docker network create --attachable --driver=overlay --subnet=10.11.0.0/16 $(MONITORED_NETWORK) \
 	)
+	@$(if $(filter $(APPMOTION_NETWORK), $(shell docker network ls --format="{{.Name}}")) \
+		,  \
+		, docker network create --attachable --driver=overlay --subnet=10.12.0.0/16 $(APPMOTION_NETWORK) \
+	)
 
 
 # Gracefully use defaults and potentially overwrite them, via https://stackoverflow.com/a/49804748

diff --git a/services/adminer/docker-compose.yml b/services/adminer/docker-compose.yml
@@ -3,8 +3,6 @@ services:
   adminer:
     image: adminer:4.8.1
     init: true
-    # ports:
-    #   - 8080
     networks:
       - monitored
       - public
@@ -16,12 +14,12 @@ services:
       labels:
         - traefik.enable=true
         - traefik.docker.network=${PUBLIC_NETWORK}
-        - traefik.http.services.adminer.loadbalancer.server.port=8080
-        - traefik.http.routers.adminer.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/adminer`)
-        - traefik.http.routers.adminer.entrypoints=https
-        - traefik.http.routers.adminer.tls=true
-        - traefik.http.middlewares.adminer_stripprefixregex.stripprefixregex.regex=^/adminer
-        - traefik.http.routers.adminer.middlewares=ops_whitelist_ips@docker, ops_gzip@docker, adminer_stripprefixregex
+        - traefik.http.services.adminer_simcore.loadbalancer.server.port=8080
+        - traefik.http.routers.adminer_simcore.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/adminer/simcore`)
+        - traefik.http.routers.adminer_simcore.entrypoints=https
+        - traefik.http.routers.adminer_simcore.tls=true
+        - traefik.http.middlewares.adminer_simcore_stripprefixregex.stripprefixregex.regex=^/adminer
+        - traefik.http.routers.adminer_simcore.middlewares=ops_whitelist_ips@docker, ops_gzip@docker, adminer_simcore_stripprefixregex
       resources:
         limits:
           memory: 128M
@@ -30,7 +28,6 @@ services:
           memory: 64M
           cpus: "0.5"
 
-
 networks:
   public:
     external: true

diff --git a/services/appmotion_gateway/.gitignore b/services/appmotion_gateway/.gitignore
@@ -0,0 +1,2 @@
+!docker-compose.yml
+*.secret
diff --git a/services/appmotion_gateway/Makefile b/services/appmotion_gateway/Makefile
@@ -0,0 +1,34 @@
+.DEFAULT_GOAL := help
+
+
+
+# Internal VARIABLES ------------------------------------------------
+# STACK_NAME defaults to name of the current directory. Should not to be changed if you follow GitOps operating procedures.
+STACK_NAME = $(notdir $(shell pwd))
+TEMP_COMPOSE=.stack.${STACK_NAME}.yaml
+REPO_BASE_DIR := $(shell git rev-parse --show-toplevel)
+
+# TARGETS --------------------------------------------------
+include ${REPO_BASE_DIR}/scripts/common.Makefile
+
+.PHONY: up-aws ## Deploys stack on aws
+up-aws: .init .env ${TEMP_COMPOSE}-aws .api_env.secret
+	@docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-aws ${STACK_NAME}
+
+.PHONY: up-local ## Deploys stack on local
+up-local: .init .env ${TEMP_COMPOSE}-local .api_env.secret
+	@docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-local ${STACK_NAME}
+
+# Helpers -------------------------------------------------
+
+.PHONY: ${TEMP_COMPOSE}-aws
+${TEMP_COMPOSE}-aws: docker-compose.yml docker-compose.aws.yml
+	@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.aws.yml > $@
+
+.PHONY: ${TEMP_COMPOSE}-local
+${TEMP_COMPOSE}-local: docker-compose.yml docker-compose.local.yml
+	@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.local.yml > $@
+
+
+.api_env.secret: .env template.api_env ## resolves '.api_env.secret' using '.env'
+	@set -o allexport; source $<; set +o allexport; envsubst < $(word 2,$^) > $@
diff --git a/services/appmotion_gateway/docker-compose.aws.yml b/services/appmotion_gateway/docker-compose.aws.yml
@@ -0,0 +1,15 @@
+version: '3.7'
+
+services:
+
+    adminer:
+        deploy:
+            replicas: 1
+
+    db:
+        deploy:
+            replicas: 0
+
+    api:
+        deploy:
+            replicas: 1
diff --git a/services/appmotion_gateway/docker-compose.local.yml b/services/appmotion_gateway/docker-compose.local.yml
@@ -0,0 +1,15 @@
+version: '3.7'
+
+services:
+
+    adminer:
+        deploy:
+            replicas: 1
+
+    db:
+        deploy:
+            replicas: 1
+
+    api:
+        deploy:
+            replicas: 1
diff --git a/services/appmotion_gateway/docker-compose.yml b/services/appmotion_gateway/docker-compose.yml
@@ -0,0 +1,110 @@
+version: '3.7'
+
+services:
+
+    adminer:
+        image: adminer:4.8.1
+        init: true
+        environment:
+            - ADMINER_DEFAULT_SERVER=db
+            - ADMINER_DESIGN=nette
+            - ADMINER_PLUGINS=json-column
+        deploy:
+            replicas: 0
+            labels:
+                - traefik.enable=true
+                - traefik.docker.network=${PUBLIC_NETWORK}
+                - traefik.http.services.adminer_appmotion_gateway.loadbalancer.server.port=8080
+                - traefik.http.routers.adminer_appmotion_gateway.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/adminer/appmotion_gateway`)
+                - traefik.http.routers.adminer_appmotion_gateway.entrypoints=https
+                - traefik.http.routers.adminer_appmotion_gateway.tls=true
+                - traefik.http.middlewares.adminer_appmotion_gateway_stripprefixregex.stripprefixregex.regex=^/adminer
+                - traefik.http.routers.adminer_appmotion_gateway.middlewares=ops_whitelist_ips@docker, ops_gzip@docker, adminer_appmotion_gateway_stripprefixregex
+            resources:
+                reservations:
+                    memory: 16M
+                    cpus: "0.1"
+                limits:
+                    memory: 128M
+                    cpus: "0.5"
+            placement:
+                constraints:
+                    - node.labels.ops==true
+        networks:
+            - internal
+            - public
+
+    db:
+        image: mariadb:10.11
+        environment:
+            - MYSQL_USER=${APPMOTION_GATEWAY_DB_USER}
+            - MYSQL_PASSWORD=${APPMOTION_GATEWAY_DB_PASSWORD}
+            - MYSQL_DATABASE=${APPMOTION_GATEWAY_DB_DATABASE}
+            - MYSQL_RANDOM_ROOT_PASSWORD=1
+        deploy:
+            replicas: 0
+            # https://tuneit.me/docker/deploy-mariadb-11-0-2-in-docker-swarm-cluster/
+            update_config:
+                parallelism: 2
+                delay: 10s
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 3
+                window: 120s
+            placement:
+                constraints:
+                    - node.labels.appmotiondb==true
+            resources:
+                limits:
+                    memory: 3G
+                    cpus: '3.0'
+                reservations:
+                    memory: 256M
+                    cpus: '0.1'
+        volumes:
+            - appmotion_gateway_db_volume:/var/lib/mysql
+        networks:
+            - internal
+
+    api:
+        image: itisfoundation/appmotion-gateway-php-apache-8.2:latest
+        environment:
+            - WEB_DOCUMENT_ROOT=/app/public
+        deploy:
+            replicas: 1
+            resources:
+                limits:
+                    memory: 1G
+                    cpus: '1.0'
+                reservations:
+                    memory: 64M
+                    cpus: '0.1'
+            placement:
+                constraints:
+                    - node.labels.simcore==true
+        configs:
+          - source: api_env_config
+            target: /app/.env
+        networks:
+            - internal
+            - appmotion
+
+configs:
+    # SEE https://docs.docker.com/compose/compose-file/05-services/#configs
+    api_env_config:
+        file: ./.api_env.secret
+
+volumes:
+    # SEE https://docs.docker.com/compose/compose-file/07-volumes/
+    appmotion_gateway_db_volume:
+
+networks:
+    internal:
+        external: false
+    appmotion:
+        external: true
+        name: ${APPMOTION_NETWORK}
+    public:
+        external: true
+        name: ${PUBLIC_NETWORK}
diff --git a/services/appmotion_gateway/template.api_env b/services/appmotion_gateway/template.api_env
@@ -0,0 +1,75 @@
+APP_NAME=Laravel
+APP_ENV=production
+APP_KEY="${APPMOTION_GATEWAY_APP_KEY}"
+APP_DEBUG=false
+APP_URL="${APPMOTION_GATEWAY_PUBLIC_URL}"
+
+LOG_CHANNEL=stack
+LOG_DEPRECATIONS_CHANNEL=null
+LOG_LEVEL=${APPMOTION_GATEWAY_LOG_LEVEL}
+
+DB_CONNECTION="mysql"
+DB_HOST="db"
+DB_PORT="3306"
+DB_DATABASE="${APPMOTION_GATEWAY_DB_DATABASE}"
+DB_USERNAME="${APPMOTION_GATEWAY_DB_USER}"
+DB_PASSWORD="${APPMOTION_GATEWAY_DB_PASSWORD}"
+
+BROADCAST_DRIVER=log
+CACHE_DRIVER=file
+FILESYSTEM_DISK=local
+QUEUE_CONNECTION=sync
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
+
+MEMCACHED_HOST=127.0.0.1
+
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+MAIL_MAILER=smtp
+MAIL_HOST=mailpit
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS="[email protected]"
+MAIL_FROM_NAME="${APP_NAME}"
+
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_DEFAULT_REGION=us-east-1
+AWS_BUCKET=
+AWS_USE_PATH_STYLE_ENDPOINT=false
+
+PUSHER_APP_ID=
+PUSHER_APP_KEY=
+PUSHER_APP_SECRET=
+PUSHER_HOST=
+PUSHER_PORT=443
+PUSHER_SCHEME=https
+PUSHER_APP_CLUSTER=mt1
+
+VITE_APP_NAME="${APP_NAME}"
+VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
+VITE_PUSHER_HOST="${PUSHER_HOST}"
+VITE_PUSHER_PORT="${PUSHER_PORT}"
+VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
+VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+STRIPE_KEY="${APPMOTION_GATEWAY_STRIPE_API_KEY}"
+STRIPE_SECRET="${APPMOTION_GATEWAY_STRIPE_API_SECRET}"
+
+SESSION_SECURE_COOKIE=true
+
+PAYMENT_WEHOOK=false
+PAYMENT_WEBHOOK_BASE_URL="${APPMOTION_GATEWAY_ACK_BASE_URL}"
+PAYMENT_WEBHOOK_URL=payments/{payment_id}:ack
+PAYMENT_WEBHOOK_VERSION=v1
+PAYMENT_WEBHOOK_LOGIN=token
+PAYMENT_WEBHOOK_USERNAME="${APPMOTION_GATEWAY_ACK_USERNAME}"
+PAYMENT_WEBHOOK_PASSWORD="${APPMOTION_GATEWAY_ACK_PASSWORD}"
+PAYMENT_WEBHOOK_DUMMY=false
+
+INIT_API_SECRET="${APPMOTION_GATEWAY_API_SECRET}"
diff --git a/services/appmotion_gateway/template.env b/services/appmotion_gateway/template.env
@@ -0,0 +1,21 @@
+# these are the variables necessary to configure this service
+# this file is resolved using osparc-config environs
+
+APPMOTION_GATEWAY_ACK_BASE_URL=${APPMOTION_GATEWAY_ACK_BASE_URL}
+APPMOTION_GATEWAY_ACK_PASSWORD=${APPMOTION_GATEWAY_ACK_PASSWORD}
+APPMOTION_GATEWAY_ACK_USERNAME=${APPMOTION_GATEWAY_ACK_USERNAME}
+APPMOTION_GATEWAY_API_SECRET=${APPMOTION_GATEWAY_API_SECRET}
+APPMOTION_GATEWAY_APP_KEY=${APPMOTION_GATEWAY_APP_KEY}
+APPMOTION_GATEWAY_DB_DATABASE=${APPMOTION_GATEWAY_DB_DATABASE}
+APPMOTION_GATEWAY_DB_PASSWORD=${APPMOTION_GATEWAY_DB_PASSWORD}
+APPMOTION_GATEWAY_DB_USER=${APPMOTION_GATEWAY_DB_USER}
+APPMOTION_GATEWAY_LOG_LEVEL=${APPMOTION_GATEWAY_LOG_LEVEL}
+APPMOTION_GATEWAY_PUBLIC_URL=${APPMOTION_GATEWAY_PUBLIC_URL}
+APPMOTION_GATEWAY_STRIPE_API_KEY=${APPMOTION_GATEWAY_STRIPE_API_KEY}
+APPMOTION_GATEWAY_STRIPE_API_SECRET=${APPMOTION_GATEWAY_STRIPE_API_SECRET}
+
+APPMOTION_NETWORK=${APPMOTION_NETWORK}
+MONITORING_DOMAIN=${MONITORING_DOMAIN}
+PUBLIC_NETWORK=${PUBLIC_NETWORK}
+SWARM_STACK_NAME=${SWARM_STACK_NAME}
+MACHINE_FQDN=${MACHINE_FQDN}
diff --git a/services/simcore/docker-compose.yml b/services/simcore/docker-compose.yml
@@ -805,6 +805,8 @@ services:
         reservations:
           memory: 128M
           cpus: '0.1'
+    networks:
+      - appmotion
 
   dynamic-scheduler:
     deploy:
@@ -830,6 +832,9 @@ networks:
   monitored:
     external: true
     name: ${OPS_MONITORED_NETWORK}
+  appmotion:
+    external: true
+    name: ${OPS_APPMOTION_NETWORK}
   storage_subnet:
     attachable: true
     name: ${SWARM_STACK_NAME}_storage_subnet