From e1bae0cb090d6354ec35e649ead5ae4182d83afe Mon Sep 17 00:00:00 2001 From: sukhumi Date: Tue, 23 Nov 2021 18:01:00 +0200 Subject: [PATCH 1/7] Updated to use the new users.js file --- Chart.yaml | 4 +- README.md | 10 ++-- files/config/settings.js | 52 ------------------ files/config/users.js | 54 +++++++++++++++++++ .../graphdb-settings-default-configmap.yaml | 2 + templates/graphdb-master.yaml | 9 +++- templates/graphdb-worker.yaml | 9 +++- values.yaml | 10 ++-- 8 files changed, 82 insertions(+), 68 deletions(-) create mode 100644 files/config/users.js diff --git a/Chart.yaml b/Chart.yaml index b207cea8..b5a79742 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -5,8 +5,8 @@ apiVersion: v2 name: graphdb description: Helm chart for GraphDB Free/SE/EE type: application -version: 9.10.0 -appVersion: 9.10.0 +version: 10.0.0 +appVersion: 10.0.0-snapshot home: https://graphdb.ontotext.com/ icon: https://graphdb.ontotext.com/home/images/visual_Logo_GraphDB_02_12_2015.png maintainers: diff --git a/README.md b/README.md index 50ea620c..5db1fc1d 100644 --- a/README.md +++ b/README.md @@ -238,7 +238,7 @@ There are 3 important configuration sections: #### GraphDB cluster configuration -By default the Helm chart supports the 3 topologies that we recommend in our documentation. This is configured by settings `graphdb.topology` +By default the Helm chart supports the 3 topologies that we recommend in our documentation. This is configured by setting `graphdb.topology` Possible values: `standalone, 1m_3w, 2m3w_rw_ro, 2m3w_muted`. Masters and workers count in cluster modes are controlled by mastersCount and workersCount properties **standalone** - Launches single instance of GraphDB with a preconfigured worker repository. @@ -297,10 +297,10 @@ A list of available JMX attributes can be found [here](https://graphdb.ontotext. GraphDB's Helm chart supports deploying GraphDB with or without security. This can be toggled through `graphdb.security.enabled`. If it is deployed with security enabled, a special provisioning user is used for repository provisioning, cluster linking, health checks and so on. -Additional users can be added through the settings file: `files/config/settings.js`. The users are described with their roles, username and a bcrypt64 password. +Additional users can be added through the users file: `files/config/users.js`. The users are described with their roles, username and a bcrypt64 password. The file is provisioned before GraphDB's startup with the configmap `graphdb.masters.settingsConfigmap`. -It can be overridden with other configmap containing the `settings.js` file. The same configmap is used for the `graphdb.properties` file as well. +It can be overridden with other configmap containing the `users.js` file. The same configmap is used for the `settings.js` and `graphdb.properties` files as well. Note that the `provisioning` user is required when security is turned on! By default if the security is turned on, GraphDB's basic security method is used. More complicated security configurations @@ -312,7 +312,7 @@ See https://graphdb.ontotext.com/documentation/enterprise/access-control.html Most of GraphDB's properties can be passed through `java_args`. Another option is to supply a `graphdb.properties` file. This file is provisioned on all GraphDB instances during GraphDB's startup using configmap `graphdb.masters.settingsConfigmap`. -It can be overridden with other configmap containing the `graphdb.properties` file. The same configmap is used for the `settings.js` file as well. +It can be overridden with other configmap containing the `graphdb.properties` file. The same configmap is used for the `settings.js` and `users.js` files as well. The `graphdb.properties` file is also used for more complex security configurations such as LDAP, Oauth, Kerberos. @@ -490,7 +490,7 @@ about defining resource limits. | graphdb.masters.persistence.volumeNamePrefix | string | `"graphdb-default-master"` | Name reference of a persistent volume to which the claim will try to attach. If changed, the default PVs won't be used. Example result: graphdb-default-master-1-pv | | graphdb.masters.repositoryConfigmap | string | `"graphdb-repo-default-configmap"` | Reference to a configuration map containing one or more .ttl files used for repository initialization in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-a-repository.html | | graphdb.masters.resources | object | `{"limits":{"memory":"1Gi"},"requests":{"memory":"1Gi"}}` | Below are minimum requirements for data sets of up to 50 million RDF triples For resizing, refer according to your GraphDB version documentation For EE see http://graphdb.ontotext.com/documentation/enterprise/requirements.html | -| graphdb.masters.settingsConfigmap | string | `"graphdb-settings-default-configmap"` | Reference to a configuration map containing settings.js and graphdb.properties(optional) files used for security and properties provisioning in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html | +| graphdb.masters.settingsConfigmap | string | `"graphdb-settings-default-configmap"` | Reference to a configuration map containing settings.js, users.js and graphdb.properties(optional) files used for security and properties provisioning in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html | | graphdb.security.enabled | bool | `false` | | | graphdb.security.provisioningPassword | string | `"iHaveSuperpowers"` | | | graphdb.security.provisioningUsername | string | `"provisioner"` | | diff --git a/files/config/settings.js b/files/config/settings.js index 773d6acc..3f27e802 100644 --- a/files/config/settings.js +++ b/files/config/settings.js @@ -1,32 +1,4 @@ { - "users" : { - "admin" : { - "username" : "admin", - "password" : "{bcrypt}$2a$10$H7uekkF1ZFLIV5M1g9tDs.syZGtkMqrfj2Si2SHG1WgwhpNqpZwne", - "grantedAuthorities" : [ "ROLE_ADMIN" ], - "appSettings" : { - "DEFAULT_INFERENCE" : true, - "DEFAULT_VIS_GRAPH_SCHEMA" : true, - "DEFAULT_SAMEAS" : true, - "IGNORE_SHARED_QUERIES" : false, - "EXECUTE_COUNT" : true - }, - "dateCreated" : 1618403171751 - }, - "provisioner" : { - "username" : "{{ .Values.graphdb.security.provisioningUsername }}", - "password" : "{bcrypt}{{ htpasswd .Values.graphdb.security.provisioningUsername .Values.graphdb.security.provisioningPassword | trimPrefix (printf "%s:" .Values.graphdb.security.provisioningUsername) }}", - "grantedAuthorities" : [ "ROLE_ADMIN" ], - "appSettings" : { - "DEFAULT_INFERENCE" : true, - "DEFAULT_VIS_GRAPH_SCHEMA" : true, - "DEFAULT_SAMEAS" : true, - "IGNORE_SHARED_QUERIES" : false, - "EXECUTE_COUNT" : true - }, - "dateCreated" : 1618403171751 - } - }, "import.server" : { }, "import.local" : { }, "properties" : { @@ -35,30 +7,6 @@ {{- end }} "current.location" : "" }, - "user_queries" : { - "admin" : { - "SPARQL Select template" : { - "name" : "SPARQL Select template", - "body" : "SELECT ?s ?p ?o\nWHERE {\n\t?s ?p ?o .\n} LIMIT 100", - "shared" : false - }, - "Clear graph" : { - "name" : "Clear graph", - "body" : "CLEAR GRAPH ", - "shared" : false - }, - "Add statements" : { - "name" : "Add statements", - "body" : "PREFIX dc: \nINSERT DATA\n {\n GRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n }", - "shared" : false - }, - "Remove statements" : { - "name" : "Remove statements", - "body" : "PREFIX dc: \nDELETE DATA\n{\nGRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n}", - "shared" : false - } - } - }, "locations" : { "" : { "location" : "", diff --git a/files/config/users.js b/files/config/users.js new file mode 100644 index 00000000..ad7831c1 --- /dev/null +++ b/files/config/users.js @@ -0,0 +1,54 @@ +{ + "users" : { + "admin" : { + "username" : "admin", + "password" : "{bcrypt}$2a$10$H7uekkF1ZFLIV5M1g9tDs.syZGtkMqrfj2Si2SHG1WgwhpNqpZwne", + "grantedAuthorities" : [ "ROLE_ADMIN" ], + "appSettings" : { + "DEFAULT_INFERENCE" : true, + "DEFAULT_VIS_GRAPH_SCHEMA" : true, + "DEFAULT_SAMEAS" : true, + "IGNORE_SHARED_QUERIES" : false, + "EXECUTE_COUNT" : true + }, + "dateCreated" : 1618403171751 + }, + "provisioner" : { + "username" : "{{ .Values.graphdb.security.provisioningUsername }}", + "password" : "{bcrypt}{{ htpasswd .Values.graphdb.security.provisioningUsername .Values.graphdb.security.provisioningPassword | trimPrefix (printf "%s:" .Values.graphdb.security.provisioningUsername) }}", + "grantedAuthorities" : [ "ROLE_ADMIN" ], + "appSettings" : { + "DEFAULT_INFERENCE" : true, + "DEFAULT_VIS_GRAPH_SCHEMA" : true, + "DEFAULT_SAMEAS" : true, + "IGNORE_SHARED_QUERIES" : false, + "EXECUTE_COUNT" : true + }, + "dateCreated" : 1618403171751 + } + }, + "user_queries" : { + "admin" : { + "SPARQL Select template" : { + "name" : "SPARQL Select template", + "body" : "SELECT ?s ?p ?o\nWHERE {\n\t?s ?p ?o .\n} LIMIT 100", + "shared" : false + }, + "Clear graph" : { + "name" : "Clear graph", + "body" : "CLEAR GRAPH ", + "shared" : false + }, + "Add statements" : { + "name" : "Add statements", + "body" : "PREFIX dc: \nINSERT DATA\n {\n GRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n }", + "shared" : false + }, + "Remove statements" : { + "name" : "Remove statements", + "body" : "PREFIX dc: \nDELETE DATA\n{\nGRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n}", + "shared" : false + } + } + } +} diff --git a/templates/configuration/graphdb-settings-default-configmap.yaml b/templates/configuration/graphdb-settings-default-configmap.yaml index 9428ebde..210fba5a 100644 --- a/templates/configuration/graphdb-settings-default-configmap.yaml +++ b/templates/configuration/graphdb-settings-default-configmap.yaml @@ -7,6 +7,8 @@ metadata: labels: name: graphdb-settings-default-configmap data: + users.js: |- +{{ tpl (.Files.Get "files/config/users.js" | indent 4) . }} settings.js: |- {{ tpl (.Files.Get "files/config/settings.js" | indent 4) . }} graphdb.properties: |- diff --git a/templates/graphdb-master.yaml b/templates/graphdb-master.yaml index f68a0734..ecaa9c52 100644 --- a/templates/graphdb-master.yaml +++ b/templates/graphdb-master.yaml @@ -62,7 +62,7 @@ spec: name: {{ required "Config map with .ttl for repositories creation is required!" $.Values.graphdb.masters.repositoryConfigmap }} - name: graphdb-master-settings-config configMap: - name: {{ required "Config map with settings.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }} + name: {{ required "Config map with settings.js, users.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }} {{- if $.Values.deployment.logbackConfigMap }} - name: graphdb-logback-config configMap: @@ -204,8 +204,13 @@ spec: args: - | set -eu + if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb/users.js ]]; then + echo "Provisioning users settings with users.js file..." + mkdir -p /opt/graphdb/home/work/workbench ; + cp /tmp/graphdb/users.js /opt/graphdb/home/work/workbench/users.js + fi if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb/settings.js ]]; then - echo "Provisioning users settings with settings.js file..." + echo "Provisioning settings with settings.js file..." mkdir -p /opt/graphdb/home/work/workbench ; cp /tmp/graphdb/settings.js /opt/graphdb/home/work/workbench/settings.js fi diff --git a/templates/graphdb-worker.yaml b/templates/graphdb-worker.yaml index 4aae09a5..71c7b920 100644 --- a/templates/graphdb-worker.yaml +++ b/templates/graphdb-worker.yaml @@ -47,7 +47,7 @@ spec: name: {{ required "Config map with .ttl for repositories creation is required!" $.Values.graphdb.workers.repositoryConfigmap }} - name: graphdb-master-settings-config configMap: - name: {{ required "Config map with settings.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }} + name: {{ required "Config map with settings.js, users.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }} - name: graphdb-utils configMap: name: graphdb-utils-configmap @@ -188,8 +188,13 @@ spec: args: - | set -eu + if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb/users.js ]]; then + echo "Provisioning users settings with users.js file..." + mkdir -p /opt/graphdb/home/work/workbench ; + cp /tmp/graphdb/users.js /opt/graphdb/home/work/workbench/users.js + fi if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb/settings.js ]]; then - echo "Provisioning users settings with settings.js file..." + echo "Provisioning settings with settings.js file..." mkdir -p /opt/graphdb/home/work/workbench ; cp /tmp/graphdb/settings.js /opt/graphdb/home/work/workbench/settings.js fi diff --git a/values.yaml b/values.yaml index 9c28144c..3c1ffbbe 100644 --- a/values.yaml +++ b/values.yaml @@ -34,7 +34,7 @@ images: tag: "2.1-alpine" graphdb: repository: ontotext/graphdb - tag: "9.10.0-ee" + tag: "10.0-free" busybox: repository: busybox tag: "1.31" @@ -54,7 +54,7 @@ deployment: # Needed to configure ingress as well as some components require it to properly render their UIs protocol: http # Important: This should be a resolvable hostname, not an IP address! - host: localhost + host: graphdb.local # Configures SSL termination on ingress level. # See https://kubernetes.github.io/ingress-nginx/examples/tls-termination/ @@ -126,7 +126,7 @@ graphdb: # 2m3w_rw_ro - 2 masters, one of which is read only and multiple workers. https://graphdb.ontotext.com/documentation/enterprise/ee/setting-up-a-cluster-with-a-second-readonly-master.html # 2m3w_muted - 2 masters, one of which is muted and multiple workers. https://graphdb.ontotext.com/documentation/enterprise/ee/setting-up-a-cluster-with-multiple-masters-with-dedicated-workers.html # Note: If "standalone" is selected, the launched instance will use master-1 properties, but a worker repository will be created! - topology: "standalone" + topology: "1m_3w" clusterConfig: # -- Describes how the masters and workers are linked in the format master-X -> worker-Y. Required only for 2m3w_muted topology. masterWorkerMapping: @@ -149,7 +149,7 @@ graphdb: security: # If the security is enabled, it's mandatory to have a provisioning user, so the healthchecks and cluster linking can work properly - enabled: false + enabled: true provisioningUsername: provisioner # bcrypt encrypted password. default: iHaveSuperpowers provisioningPassword: iHaveSuperpowers @@ -158,7 +158,7 @@ graphdb: # -- Reference to a configuration map containing one or more .ttl files used for repository # initialization in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-a-repository.html repositoryConfigmap: graphdb-repo-default-configmap - # -- Reference to a configuration map containing settings.js and graphdb.properties(optional) files used for security + # -- Reference to a configuration map containing settings.js, users.js and graphdb.properties(optional) files used for security # and properties provisioning in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html settingsConfigmap: graphdb-settings-default-configmap # -- Reference to a secret containing 'graphdb.license' file to be used by master nodes. From bc250168b41d78737c4c4bcc83c0b11d36a66061 Mon Sep 17 00:00:00 2001 From: sukhumi Date: Thu, 25 Nov 2021 15:22:32 +0200 Subject: [PATCH 2/7] Moved GraphDB config files (settings.js, users.js, graphdb.properties and logback.xml) to their own configmaps. --- Chart.yaml | 2 +- README.md | 15 +++-- .../graphdb-logback-configmap.yaml | 5 +- .../graphdb-properties-configmap.yaml | 16 +++++ .../graphdb-setting-configmap.yaml | 15 +++++ .../graphdb-settings-default-configmap.yaml | 19 ------ .../graphdb-users-configmap.yaml | 15 +++++ templates/graphdb-master.yaml | 59 +++++++++++++------ templates/graphdb-worker.yaml | 59 +++++++++++++------ values.yaml | 23 +++++--- 10 files changed, 157 insertions(+), 71 deletions(-) create mode 100644 templates/configuration/graphdb-properties-configmap.yaml create mode 100644 templates/configuration/graphdb-setting-configmap.yaml delete mode 100644 templates/configuration/graphdb-settings-default-configmap.yaml create mode 100644 templates/configuration/graphdb-users-configmap.yaml diff --git a/Chart.yaml b/Chart.yaml index b5a79742..c2f7da76 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,7 +6,7 @@ name: graphdb description: Helm chart for GraphDB Free/SE/EE type: application version: 10.0.0 -appVersion: 10.0.0-snapshot +appVersion: 10.0.0 home: https://graphdb.ontotext.com/ icon: https://graphdb.ontotext.com/home/images/visual_Logo_GraphDB_02_12_2015.png maintainers: diff --git a/README.md b/README.md index 5db1fc1d..03e6a5e8 100644 --- a/README.md +++ b/README.md @@ -299,11 +299,11 @@ GraphDB's Helm chart supports deploying GraphDB with or without security. This c If it is deployed with security enabled, a special provisioning user is used for repository provisioning, cluster linking, health checks and so on. Additional users can be added through the users file: `files/config/users.js`. The users are described with their roles, username and a bcrypt64 password. -The file is provisioned before GraphDB's startup with the configmap `graphdb.masters.settingsConfigmap`. -It can be overridden with other configmap containing the `users.js` file. The same configmap is used for the `settings.js` and `graphdb.properties` files as well. +The file is provisioned before GraphDB's startup with the configmap `usersConfigMap`. +It can be overridden with other configmap containing the `users.js` file. Note that the `provisioning` user is required when security is turned on! -By default if the security is turned on, GraphDB's basic security method is used. More complicated security configurations +By default, if the security is turned on, GraphDB's basic security method is used. More complicated security configurations can be configured using additional configurations in `graphdb.properties`. See https://graphdb.ontotext.com/documentation/enterprise/access-control.html @@ -311,8 +311,8 @@ See https://graphdb.ontotext.com/documentation/enterprise/access-control.html #### Provisioning additional properties Most of GraphDB's properties can be passed through `java_args`. Another option is to supply a `graphdb.properties` file. -This file is provisioned on all GraphDB instances during GraphDB's startup using configmap `graphdb.masters.settingsConfigmap`. -It can be overridden with other configmap containing the `graphdb.properties` file. The same configmap is used for the `settings.js` and `users.js` files as well. +This file is provisioned on all GraphDB instances during GraphDB's startup using configmap `propertiesConfigMap`. +It can be overridden with other configmap containing the `graphdb.properties` file. The `graphdb.properties` file is also used for more complex security configurations such as LDAP, Oauth, Kerberos. @@ -480,6 +480,10 @@ about defining resource limits. | graphdb.clusterConfig.readOnlyMasters | list | `["master-2"]` | Describes which masters will be set as read only. Required only for 2m3w_rw_ro topology. | | graphdb.clusterConfig.syncPeersMapping | list | `["master-1 <-> master-2"]` | Describes which masters will be linked as sync peer. Required for 2m3w_rw_ro and 2m3w_muted topology. | | graphdb.clusterConfig.workersCount | int | `2` | | +| graphdb.configs.logbackConfigMap | string | `"graphdb-logback-configmap"` | Reference to a configmap used to overwrite the default GraphDB logback.xml, with an externally provided logback.xml. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html +| graphdb.configs.propertiesConfigMap | string | `"graphdb-properties-configmap"` | Reference to a configmap used to overwrite the default graphdb.properties, with an externally provided graphdb.properties. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html +| graphdb.configs.settingsConfigMap | string | `"graphdb-settings-configmap"` | Reference to a configmap used to overwrite the default GraphDB settings.js, with an externally provided settings.js. Even if left to default if security is enabled the configmap will be used to enable GraphDB's security. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html +| graphdb.configs.usersConfigMap | string | `"graphdb-users-configmap"` | Reference to a configmap used to overwrite the default GraphDB users.js, with an externally provided users.js. Even if left to default if security is enabled the configmap will be used to add a provisioning user. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html | graphdb.masters.java_args | string | `"-XX:MaxRAMPercentage=70 -XX:+UseContainerSupport -Ddefault.min.distinct.threshold=100m -Dgraphdb.home.work=/mnt/graphdb"` | Java arguments with which master instances will be launched. GraphDB configuration properties can also be passed here in the format -Dprop=value | | graphdb.masters.license | string | `"graphdb-license"` | Reference to a secret containing 'graphdb.license' file to be used by master nodes. Can be set to "" (no license) if this GraphDB instance is used only with a "master" repository! Important: Must be created beforehand | | graphdb.masters.nodes[0].java_args | string | `"-XX:MaxRAMPercentage=70 -XX:+UseContainerSupport -Ddefault.min.distinct.threshold=100m"` | | @@ -490,7 +494,6 @@ about defining resource limits. | graphdb.masters.persistence.volumeNamePrefix | string | `"graphdb-default-master"` | Name reference of a persistent volume to which the claim will try to attach. If changed, the default PVs won't be used. Example result: graphdb-default-master-1-pv | | graphdb.masters.repositoryConfigmap | string | `"graphdb-repo-default-configmap"` | Reference to a configuration map containing one or more .ttl files used for repository initialization in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-a-repository.html | | graphdb.masters.resources | object | `{"limits":{"memory":"1Gi"},"requests":{"memory":"1Gi"}}` | Below are minimum requirements for data sets of up to 50 million RDF triples For resizing, refer according to your GraphDB version documentation For EE see http://graphdb.ontotext.com/documentation/enterprise/requirements.html | -| graphdb.masters.settingsConfigmap | string | `"graphdb-settings-default-configmap"` | Reference to a configuration map containing settings.js, users.js and graphdb.properties(optional) files used for security and properties provisioning in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html | | graphdb.security.enabled | bool | `false` | | | graphdb.security.provisioningPassword | string | `"iHaveSuperpowers"` | | | graphdb.security.provisioningUsername | string | `"provisioner"` | | diff --git a/templates/configuration/graphdb-logback-configmap.yaml b/templates/configuration/graphdb-logback-configmap.yaml index 6a287157..e03c4193 100644 --- a/templates/configuration/graphdb-logback-configmap.yaml +++ b/templates/configuration/graphdb-logback-configmap.yaml @@ -1,6 +1,8 @@ # Default configuration map for provisioning GraphDB repository. # To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" -{{- if .Values.deployment.logbackConfigMap }} +{{- $configs := (.Values.graphdb.configs | default dict) }} +{{- if $configs.logbackConfigMap }} +{{- if eq $configs.logbackConfigMap "graphdb-logback-configmap" }} apiVersion: {{ .Values.versions.configmap }} kind: ConfigMap metadata: @@ -11,3 +13,4 @@ data: logback.xml: |- {{ tpl (.Files.Get "files/config/logback.xml" | indent 4) . }} {{- end }} +{{- end }} diff --git a/templates/configuration/graphdb-properties-configmap.yaml b/templates/configuration/graphdb-properties-configmap.yaml new file mode 100644 index 00000000..82f438fb --- /dev/null +++ b/templates/configuration/graphdb-properties-configmap.yaml @@ -0,0 +1,16 @@ +# Default configuration map for provisioning GraphDB repository. +# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +{{- $configs := (.Values.graphdb.configs | default dict) }} +{{- if $configs.propertiesConfigMap}} +{{- if eq $configs.propertiesConfigMap "graphdb-properties-configmap" }} +apiVersion: {{ .Values.versions.configmap }} +kind: ConfigMap +metadata: + name: graphdb-properties-configmap + labels: + name: graphdb-properties-configmap +data: + graphdb.properties: |- +{{ tpl (.Files.Get "files/config/graphdb.properties" | indent 4) . }} +{{- end }} +{{- end }} diff --git a/templates/configuration/graphdb-setting-configmap.yaml b/templates/configuration/graphdb-setting-configmap.yaml new file mode 100644 index 00000000..65fc459c --- /dev/null +++ b/templates/configuration/graphdb-setting-configmap.yaml @@ -0,0 +1,15 @@ +# Default configuration map for provisioning GraphDB repository. +# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +{{- $configs := (.Values.graphdb.configs | default dict) }} +{{- $settingsConfigMap := $configs.settingsConfigMap | default "null"}} +{{- if or (eq $settingsConfigMap "graphdb-settings-configmap") (and (eq $settingsConfigMap "null") (.Values.graphdb.security.enabled)) }} +apiVersion: {{ .Values.versions.configmap }} +kind: ConfigMap +metadata: + name: graphdb-settings-configmap + labels: + name: graphdb-settings-configmap +data: + settings.js: |- +{{ tpl (.Files.Get "files/config/settings.js" | indent 4) . }} +{{- end }} diff --git a/templates/configuration/graphdb-settings-default-configmap.yaml b/templates/configuration/graphdb-settings-default-configmap.yaml deleted file mode 100644 index 210fba5a..00000000 --- a/templates/configuration/graphdb-settings-default-configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Default configuration map for provisioning GraphDB repository. -# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" -apiVersion: {{ .Values.versions.configmap }} -kind: ConfigMap -metadata: - name: graphdb-settings-default-configmap - labels: - name: graphdb-settings-default-configmap -data: - users.js: |- -{{ tpl (.Files.Get "files/config/users.js" | indent 4) . }} - settings.js: |- -{{ tpl (.Files.Get "files/config/settings.js" | indent 4) . }} - graphdb.properties: |- -{{ tpl (.Files.Get "files/config/graphdb.properties" | indent 4) . }} -{{- if .Values.deployment.logbackConfigFile }} - logback.xml: |- -{{ tpl (.Files.Get .Values.deployment.logbackConfigFile | indent 4) . }} -{{- end }} diff --git a/templates/configuration/graphdb-users-configmap.yaml b/templates/configuration/graphdb-users-configmap.yaml new file mode 100644 index 00000000..58163ba1 --- /dev/null +++ b/templates/configuration/graphdb-users-configmap.yaml @@ -0,0 +1,15 @@ +# Default configuration map for provisioning GraphDB repository. +# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +{{- $configs := (.Values.graphdb.configs | default dict) }} +{{- $usersConfigMap := $configs.usersConfigMap | default "null"}} +{{- if or (eq $usersConfigMap "graphdb-users-configmap") (and (eq $usersConfigMap "null") (.Values.graphdb.security.enabled)) }} +apiVersion: {{ .Values.versions.configmap }} +kind: ConfigMap +metadata: + name: graphdb-users-configmap + labels: + name: graphdb-users-configmap +data: + users.js: |- +{{ tpl (.Files.Get "files/config/users.js" | indent 4) . }} +{{- end }} diff --git a/templates/graphdb-master.yaml b/templates/graphdb-master.yaml index bb158ee1..bca63aa3 100644 --- a/templates/graphdb-master.yaml +++ b/templates/graphdb-master.yaml @@ -3,6 +3,7 @@ {{ $worker_endpoint := printf "http://graphdb-master-%d:7200" $master_index }} {{- $authToken := ((printf "%s:%s" $.Values.graphdb.security.provisioningUsername $.Values.graphdb.security.provisioningPassword) | b64enc) }} +{{- $configs := ($.Values.graphdb.configs | default dict) }} --- apiVersion: {{ $.Values.versions.statefulset }} @@ -60,13 +61,25 @@ spec: - name: graphdb-master-repo-config configMap: name: {{ required "Config map with .ttl for repositories creation is required!" $.Values.graphdb.masters.repositoryConfigmap }} - - name: graphdb-master-settings-config + {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-settings-config configMap: - name: {{ required "Config map with settings.js, users.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }} - {{- if $.Values.deployment.logbackConfigMap }} + name: {{ $configs.settingsConfigMap | default "graphdb-settings-configmap" }} + {{- end }} + {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-users-config + configMap: + name: {{ $configs.usersConfigMap | default "graphdb-users-configmap" }} + {{- end }} + {{- if $configs.propertiesConfigMap }} + - name: graphdb-properties-config + configMap: + name: {{ $configs.propertiesConfigMap }} + {{- end }} + {{- if $configs.logbackConfigMap }} - name: graphdb-logback-config configMap: - name: {{ $.Values.deployment.logbackConfigMap }} + name: {{ $configs.logbackConfigMap }} {{- end }} imagePullSecrets: {{- include "combinedImagePullSecrets" $ | nindent 8 }} @@ -194,35 +207,45 @@ spec: - name: graphdb-master-storage {{- end }} mountPath: /opt/graphdb/home - - name: graphdb-master-settings-config - mountPath: /tmp/graphdb - {{- if $.Values.deployment.logbackConfigMap }} + {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-settings-config + mountPath: /tmp/graphdb-settigns-configmap + {{- end }} + {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-users-config + mountPath: /tmp/graphdb-users-configmap + {{- end }} + {{- if $configs.propertiesConfigMap }} + - name: graphdb-properties-config + mountPath: /tmp/graphdb-properties-configmap + {{- end }} + {{- if $configs.logbackConfigMap }} - name: graphdb-logback-config - mountPath: /tmp/graphdb-configmap + mountPath: /tmp/graphdb-logback-configmap {{- end }} command: ['sh', '-c'] args: - | set -eu - if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb/users.js ]]; then - echo "Provisioning users settings with users.js file..." + if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb-settigns-configmap/settings.js ]]; then + echo "Provisioning settings with settings.js file..." mkdir -p /opt/graphdb/home/work/workbench ; - cp /tmp/graphdb/users.js /opt/graphdb/home/work/workbench/users.js + cp /tmp/graphdb-settigns-configmap/settings.js /opt/graphdb/home/work/workbench/settings.js fi - if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb/settings.js ]]; then - echo "Provisioning settings with settings.js file..." + if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then + echo "Provisioning users with users.js file..." mkdir -p /opt/graphdb/home/work/workbench ; - cp /tmp/graphdb/settings.js /opt/graphdb/home/work/workbench/settings.js + cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js fi - if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb/graphdb.properties ]]; then + if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb-properties-configmap/graphdb.properties ]]; then echo "Provisioning graphdb properties file..." mkdir -p /opt/graphdb/home/conf ; - cp /tmp/graphdb/graphdb.properties /opt/graphdb/home/conf/graphdb.properties + cp /tmp/graphdb-properties-configmap/graphdb.properties /opt/graphdb/home/conf/graphdb.properties fi - if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-configmap/logback.xml ]]; then + if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-logback-configmap/logback.xml ]]; then echo "Provisioning logging config file..." mkdir -p /opt/graphdb/home/conf ; - cp /tmp/graphdb-configmap/logback.xml /opt/graphdb/home/conf/logback.xml + cp /tmp/graphdb-logback-configmap/logback.xml /opt/graphdb/home/conf/logback.xml fi mkdir -p /opt/graphdb/home/jdbc-driver echo 'Done' diff --git a/templates/graphdb-worker.yaml b/templates/graphdb-worker.yaml index 71c7b920..e1804752 100644 --- a/templates/graphdb-worker.yaml +++ b/templates/graphdb-worker.yaml @@ -5,6 +5,7 @@ {{ $worker_endpoint := printf "http://graphdb-worker-%d:7200" $worker_index }} {{ $authToken := ((printf "%s:%s" $.Values.graphdb.security.provisioningUsername $.Values.graphdb.security.provisioningPassword) | b64enc) }} +{{- $configs := ($.Values.graphdb.configs | default dict) }} --- apiVersion: {{ $.Values.versions.statefulset }} kind: StatefulSet @@ -45,16 +46,28 @@ spec: - name: graphdb-worker-repo-config configMap: name: {{ required "Config map with .ttl for repositories creation is required!" $.Values.graphdb.workers.repositoryConfigmap }} - - name: graphdb-master-settings-config + {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-settings-config configMap: - name: {{ required "Config map with settings.js, users.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }} + name: {{ $configs.settingsConfigMap | default "graphdb-settings-configmap" }} + {{- end }} + {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-users-config + configMap: + name: {{ $configs.usersConfigMap | default "graphdb-users-configmap" }} + {{- end }} - name: graphdb-utils configMap: name: graphdb-utils-configmap - {{- if $.Values.deployment.logbackConfigMap }} + {{- if $configs.propertieConfigMap }} + - name: graphdb-properties-config + configMap: + name: {{ $configs.propertieConfigMap }} + {{- end}} + {{- if $configs.logbackConfigMap }} - name: graphdb-logback-config configMap: - name: {{ $.Values.deployment.logbackConfigMap }} + name: {{ $configs.logbackConfigMap }} {{- end }} {{- if and (eq $worker_index 1) (or $.Values.graphdb.tools.preload.trigger $.Values.graphdb.tools.loadrdf.trigger) }} - name: graphdb-worker-preload-data @@ -178,35 +191,45 @@ spec: - name: graphdb-worker-storage {{- end }} mountPath: /opt/graphdb/home - - name: graphdb-master-settings-config - mountPath: /tmp/graphdb - {{- if $.Values.deployment.logbackConfigMap }} + {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-settings-config + mountPath: /tmp/graphdb-settigns-configmap + {{- end }} + {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }} + - name: graphdb-users-config + mountPath: /tmp/graphdb-users-configmap + {{- end }} + {{- if $configs.propertieConfigMap }} + - name: graphdb-properties-config + mountPath: /tmp/graphdb-properties-configmap + {{- end }} + {{- if $configs.logbackConfigMap }} - name: graphdb-logback-config - mountPath: /tmp/graphdb-configmap + mountPath: /tmp/graphdb-logback-configmap {{- end }} command: ['sh', '-c'] args: - | set -eu - if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb/users.js ]]; then - echo "Provisioning users settings with users.js file..." + if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb-settigns-configmap/settings.js ]]; then + echo "Provisioning settings with settings.js file..." mkdir -p /opt/graphdb/home/work/workbench ; - cp /tmp/graphdb/users.js /opt/graphdb/home/work/workbench/users.js + cp /tmp/graphdb-settigns-configmap/settings.js /opt/graphdb/home/work/workbench/settings.js fi - if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb/settings.js ]]; then - echo "Provisioning settings with settings.js file..." + if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then + echo "Provisioning users settings with users.js file..." mkdir -p /opt/graphdb/home/work/workbench ; - cp /tmp/graphdb/settings.js /opt/graphdb/home/work/workbench/settings.js + cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js fi - if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb/graphdb.properties ]]; then + if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb-properties-configmap/graphdb.properties ]]; then echo "Provisioning graphdb properties file..." mkdir -p /opt/graphdb/home/conf ; - cp /tmp/graphdb/graphdb.properties /opt/graphdb/home/conf/graphdb.properties + cp /tmp/graphdb-properties-configmap/graphdb.properties /opt/graphdb/home/conf/graphdb.properties fi - if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-configmap/logback.xml ]]; then + if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-logback-configmap/logback.xml ]]; then echo "Provisioning logging config file..." mkdir -p /opt/graphdb/home/conf ; - cp /tmp/graphdb-configmap/logback.xml /opt/graphdb/home/conf/logback.xml + cp /tmp/graphdb-logback-configmap/logback.xml /opt/graphdb/home/conf/logback.xml fi mkdir -p /opt/graphdb/home/jdbc-driver echo 'Done' diff --git a/values.yaml b/values.yaml index 3c1ffbbe..a4768a59 100644 --- a/values.yaml +++ b/values.yaml @@ -34,7 +34,7 @@ images: tag: "2.1-alpine" graphdb: repository: ontotext/graphdb - tag: "10.0-free" + tag: "10.0.0" busybox: repository: busybox tag: "1.31" @@ -78,8 +78,6 @@ deployment: connect: 5 read: 60 send: 60 - # Override default logback configuration - # logbackConfigMap: graphdb-logback-configmap # KONG API gateway configurations. # This gateway sits behind the ingress and exposes the rest of the components. @@ -126,7 +124,7 @@ graphdb: # 2m3w_rw_ro - 2 masters, one of which is read only and multiple workers. https://graphdb.ontotext.com/documentation/enterprise/ee/setting-up-a-cluster-with-a-second-readonly-master.html # 2m3w_muted - 2 masters, one of which is muted and multiple workers. https://graphdb.ontotext.com/documentation/enterprise/ee/setting-up-a-cluster-with-multiple-masters-with-dedicated-workers.html # Note: If "standalone" is selected, the launched instance will use master-1 properties, but a worker repository will be created! - topology: "1m_3w" + topology: "standalone" clusterConfig: # -- Describes how the masters and workers are linked in the format master-X -> worker-Y. Required only for 2m3w_muted topology. masterWorkerMapping: @@ -147,9 +145,21 @@ graphdb: # -- A secret used for secure communication amongst the nodes in the cluster. clusterSecret: s3cr37 + # -- References to configuration maps containing settings.js, users.js, graphdb.properties and logback.xml files to overwrite + # the default GraphDB configuration. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html + configs: + # Override default settings configuration + #settingsConfigMap: graphdb-settings-configmap + # Override default users configuration + #usersConfigMap: graphdb-users-configmap + # Override default properties configuration + #propertiesConfigMap: graphdb-properties-configmap + # Override default logback configuration + #logbackConfigMap: graphdb-logback-configmap + security: # If the security is enabled, it's mandatory to have a provisioning user, so the healthchecks and cluster linking can work properly - enabled: true + enabled: false provisioningUsername: provisioner # bcrypt encrypted password. default: iHaveSuperpowers provisioningPassword: iHaveSuperpowers @@ -158,9 +168,6 @@ graphdb: # -- Reference to a configuration map containing one or more .ttl files used for repository # initialization in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-a-repository.html repositoryConfigmap: graphdb-repo-default-configmap - # -- Reference to a configuration map containing settings.js, users.js and graphdb.properties(optional) files used for security - # and properties provisioning in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html - settingsConfigmap: graphdb-settings-default-configmap # -- Reference to a secret containing 'graphdb.license' file to be used by master nodes. # This is a required secret without which GraphDB won't operate if you use SE/EE editions. # Can be set to "" if you want to use this instance only with master repositories, which does not require a license! From 1e0bd98c9dd9bd963fab3feee6439618f7b9282f Mon Sep 17 00:00:00 2001 From: sukhumi Date: Thu, 25 Nov 2021 17:34:43 +0200 Subject: [PATCH 3/7] Moved GraphDB config files (settings.js, users.js, graphdb.properties and logback.xml) to their own configmaps. --- templates/graphdb-worker.yaml | 2 +- values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/graphdb-worker.yaml b/templates/graphdb-worker.yaml index e1804752..c588970a 100644 --- a/templates/graphdb-worker.yaml +++ b/templates/graphdb-worker.yaml @@ -217,7 +217,7 @@ spec: cp /tmp/graphdb-settigns-configmap/settings.js /opt/graphdb/home/work/workbench/settings.js fi if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then - echo "Provisioning users settings with users.js file..." + echo "Provisioning users with users.js file..." mkdir -p /opt/graphdb/home/work/workbench ; cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js fi diff --git a/values.yaml b/values.yaml index a4768a59..5adbc3d5 100644 --- a/values.yaml +++ b/values.yaml @@ -54,7 +54,7 @@ deployment: # Needed to configure ingress as well as some components require it to properly render their UIs protocol: http # Important: This should be a resolvable hostname, not an IP address! - host: graphdb.local + host: localhost # Configures SSL termination on ingress level. # See https://kubernetes.github.io/ingress-nginx/examples/tls-termination/ From b5ad02085223e47b6a18a5ab6de180636a3d63b0 Mon Sep 17 00:00:00 2001 From: sukhumi Date: Fri, 26 Nov 2021 12:04:25 +0200 Subject: [PATCH 4/7] Added jolokia access configmap --- README.md | 1 + files/config/jolokia-access.xml | 51 +++++++++++++++++++ .../graphdb-jolokia-access-configmap.yaml | 16 ++++++ templates/graphdb-master.yaml | 14 +++++ templates/graphdb-worker.yaml | 14 +++++ values.yaml | 4 +- 6 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 files/config/jolokia-access.xml create mode 100644 templates/configuration/graphdb-jolokia-access-configmap.yaml diff --git a/README.md b/README.md index 03e6a5e8..bb7b1ad9 100644 --- a/README.md +++ b/README.md @@ -480,6 +480,7 @@ about defining resource limits. | graphdb.clusterConfig.readOnlyMasters | list | `["master-2"]` | Describes which masters will be set as read only. Required only for 2m3w_rw_ro topology. | | graphdb.clusterConfig.syncPeersMapping | list | `["master-1 <-> master-2"]` | Describes which masters will be linked as sync peer. Required for 2m3w_rw_ro and 2m3w_muted topology. | | graphdb.clusterConfig.workersCount | int | `2` | | +| graphdb.configs.jolokiaAccessConfigMap | string | `"graphdb-jolokia-access-configmap"` | Reference to a configmap used to overwrite the default GraphDB jolokia-access.xml, with an externally provided jolokia-access.xml. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html | graphdb.configs.logbackConfigMap | string | `"graphdb-logback-configmap"` | Reference to a configmap used to overwrite the default GraphDB logback.xml, with an externally provided logback.xml. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html | graphdb.configs.propertiesConfigMap | string | `"graphdb-properties-configmap"` | Reference to a configmap used to overwrite the default graphdb.properties, with an externally provided graphdb.properties. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html | graphdb.configs.settingsConfigMap | string | `"graphdb-settings-configmap"` | Reference to a configmap used to overwrite the default GraphDB settings.js, with an externally provided settings.js. Even if left to default if security is enabled the configmap will be used to enable GraphDB's security. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html diff --git a/files/config/jolokia-access.xml b/files/config/jolokia-access.xml new file mode 100644 index 00000000..502c73f7 --- /dev/null +++ b/files/config/jolokia-access.xml @@ -0,0 +1,51 @@ + + + + + + read + list + version + search + + + + java.lang:type=Memory + * + gc + + + ReplicationCluster:* + * + * + + + Tomcat:* + * + * + + + ch.qos.logback.classic:* + * + * + + + com.ontotext:* + * + * + + + java.util.logging:type=Logging + * + * + + + + + + jolokia:* + * + * + + + diff --git a/templates/configuration/graphdb-jolokia-access-configmap.yaml b/templates/configuration/graphdb-jolokia-access-configmap.yaml new file mode 100644 index 00000000..4294a70f --- /dev/null +++ b/templates/configuration/graphdb-jolokia-access-configmap.yaml @@ -0,0 +1,16 @@ +# Default configuration map for provisioning GraphDB repository. +# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +{{- $configs := (.Values.graphdb.configs | default dict) }} +{{- if $configs.jolokiaAccessConfigMap }} +{{- if eq $configs.jolokiaAccessConfigMap "graphdb-jolokia-access-configmap" }} +apiVersion: {{ .Values.versions.configmap }} +kind: ConfigMap +metadata: + name: graphdb-jolokia-access-configmap + labels: + name: graphdb-jolokia-access-configmap +data: + jolokia-access.xml: |- +{{ tpl (.Files.Get "files/config/jolokia-access.xml" | indent 4) . }} +{{- end }} +{{- end }} diff --git a/templates/graphdb-master.yaml b/templates/graphdb-master.yaml index bca63aa3..950fb36d 100644 --- a/templates/graphdb-master.yaml +++ b/templates/graphdb-master.yaml @@ -81,6 +81,11 @@ spec: configMap: name: {{ $configs.logbackConfigMap }} {{- end }} + {{- if $configs.jolokiaAccessConfigMap }} + - name: graphdb-jolokia-access-config + configMap: + name: {{ $configs.jolokiaAccessConfigMap }} + {{- end }} imagePullSecrets: {{- include "combinedImagePullSecrets" $ | nindent 8 }} nodeSelector: @@ -223,6 +228,10 @@ spec: - name: graphdb-logback-config mountPath: /tmp/graphdb-logback-configmap {{- end }} + {{- if $configs.jolokiaAccessConfigMap }} + - name: graphdb-jolokia-access-config + mountPath: /tmp/graphdb-jolokia-access-configmap + {{- end }} command: ['sh', '-c'] args: - | @@ -247,6 +256,11 @@ spec: mkdir -p /opt/graphdb/home/conf ; cp /tmp/graphdb-logback-configmap/logback.xml /opt/graphdb/home/conf/logback.xml fi + if [[ ! -f /opt/graphdb/home/conf/jolokia-access.xml && -f /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml ]]; then + echo "Provisioning jolokia access config file..." + mkdir -p /opt/graphdb/home/conf ; + cp /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml /opt/graphdb/home/conf/jolokia-access.xml + fi mkdir -p /opt/graphdb/home/jdbc-driver echo 'Done' {{- if and (eq $.Values.graphdb.topology "standalone") (include "shouldRenderBackupVolumeClaimTemplate" (dict "backupRestore" $.Values.graphdb.backupRestore "master_index" $master_index)) }} diff --git a/templates/graphdb-worker.yaml b/templates/graphdb-worker.yaml index c588970a..1fd848e3 100644 --- a/templates/graphdb-worker.yaml +++ b/templates/graphdb-worker.yaml @@ -69,6 +69,11 @@ spec: configMap: name: {{ $configs.logbackConfigMap }} {{- end }} + {{- if $configs.jolokiaAccessConfigMap }} + - name: graphdb-jolokia-access-config + configMap: + name: {{ $configs.jolokiaAccessConfigMap }} + {{- end }} {{- if and (eq $worker_index 1) (or $.Values.graphdb.tools.preload.trigger $.Values.graphdb.tools.loadrdf.trigger) }} - name: graphdb-worker-preload-data persistentVolumeClaim: @@ -207,6 +212,10 @@ spec: - name: graphdb-logback-config mountPath: /tmp/graphdb-logback-configmap {{- end }} + {{- if $configs.jolokiaAccessConfigMap }} + - name: graphdb-jolokia-access-config + mountPath: /tmp/graphdb-jolokia-access-configmap + {{- end }} command: ['sh', '-c'] args: - | @@ -231,6 +240,11 @@ spec: mkdir -p /opt/graphdb/home/conf ; cp /tmp/graphdb-logback-configmap/logback.xml /opt/graphdb/home/conf/logback.xml fi + if [[ ! -f /opt/graphdb/home/conf/jolokia-access.xml && -f /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml ]]; then + echo "Provisioning jolokia access config file..." + mkdir -p /opt/graphdb/home/conf ; + cp /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml /opt/graphdb/home/conf/jolokia-access.xml + fi mkdir -p /opt/graphdb/home/jdbc-driver echo 'Done' # LOADRDF TOOL diff --git a/values.yaml b/values.yaml index 5adbc3d5..d0c9e15e 100644 --- a/values.yaml +++ b/values.yaml @@ -145,7 +145,7 @@ graphdb: # -- A secret used for secure communication amongst the nodes in the cluster. clusterSecret: s3cr37 - # -- References to configuration maps containing settings.js, users.js, graphdb.properties and logback.xml files to overwrite + # -- References to configuration maps containing settings.js, users.js, graphdb.properties, logback.xml and jolokia-access.xml files to overwrite # the default GraphDB configuration. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html configs: # Override default settings configuration @@ -156,6 +156,8 @@ graphdb: #propertiesConfigMap: graphdb-properties-configmap # Override default logback configuration #logbackConfigMap: graphdb-logback-configmap + # Override default jolokia access configuration + #jolokiaAccessConfigMap: graphdb-jolokia-access-configmap security: # If the security is enabled, it's mandatory to have a provisioning user, so the healthchecks and cluster linking can work properly From 0fa7e76354748aae48ef03d1805e34d35ea1e0af Mon Sep 17 00:00:00 2001 From: sukhumi Date: Fri, 26 Nov 2021 13:50:49 +0200 Subject: [PATCH 5/7] Fixed an issue migrating user settings from older GraphDB to 10.0.0 --- templates/graphdb-master.yaml | 10 +++++----- templates/graphdb-worker.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/templates/graphdb-master.yaml b/templates/graphdb-master.yaml index 950fb36d..2f67346f 100644 --- a/templates/graphdb-master.yaml +++ b/templates/graphdb-master.yaml @@ -236,16 +236,16 @@ spec: args: - | set -eu + if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then + echo "Provisioning users with users.js file..." + mkdir -p /opt/graphdb/home/work/workbench ; + cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js + fi if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb-settigns-configmap/settings.js ]]; then echo "Provisioning settings with settings.js file..." mkdir -p /opt/graphdb/home/work/workbench ; cp /tmp/graphdb-settigns-configmap/settings.js /opt/graphdb/home/work/workbench/settings.js fi - if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then - echo "Provisioning users with users.js file..." - mkdir -p /opt/graphdb/home/work/workbench ; - cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js - fi if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb-properties-configmap/graphdb.properties ]]; then echo "Provisioning graphdb properties file..." mkdir -p /opt/graphdb/home/conf ; diff --git a/templates/graphdb-worker.yaml b/templates/graphdb-worker.yaml index 1fd848e3..6cff3403 100644 --- a/templates/graphdb-worker.yaml +++ b/templates/graphdb-worker.yaml @@ -220,16 +220,16 @@ spec: args: - | set -eu + if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then + echo "Provisioning users with users.js file..." + mkdir -p /opt/graphdb/home/work/workbench ; + cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js + fi if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb-settigns-configmap/settings.js ]]; then echo "Provisioning settings with settings.js file..." mkdir -p /opt/graphdb/home/work/workbench ; cp /tmp/graphdb-settigns-configmap/settings.js /opt/graphdb/home/work/workbench/settings.js fi - if [[ ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then - echo "Provisioning users with users.js file..." - mkdir -p /opt/graphdb/home/work/workbench ; - cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js - fi if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb-properties-configmap/graphdb.properties ]]; then echo "Provisioning graphdb properties file..." mkdir -p /opt/graphdb/home/conf ; From bb57bdea6d5c00af14b09a30aa04fcc1977d81d6 Mon Sep 17 00:00:00 2001 From: sukhumi Date: Tue, 30 Nov 2021 10:07:27 +0200 Subject: [PATCH 6/7] Updated README and comments --- README.md | 21 ++++++++++++++++--- .../graphdb-jolokia-access-configmap.yaml | 4 ++-- .../graphdb-logback-configmap.yaml | 4 ++-- .../graphdb-properties-configmap.yaml | 4 ++-- .../graphdb-setting-configmap.yaml | 4 ++-- .../graphdb-users-configmap.yaml | 4 ++-- 6 files changed, 28 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index bb7b1ad9..8822d80f 100644 --- a/README.md +++ b/README.md @@ -299,7 +299,7 @@ GraphDB's Helm chart supports deploying GraphDB with or without security. This c If it is deployed with security enabled, a special provisioning user is used for repository provisioning, cluster linking, health checks and so on. Additional users can be added through the users file: `files/config/users.js`. The users are described with their roles, username and a bcrypt64 password. -The file is provisioned before GraphDB's startup with the configmap `usersConfigMap`. +The file can be provisioned before GraphDB's startup with the `usersConfigMap` configmap or left to default. It can be overridden with other configmap containing the `users.js` file. Note that the `provisioning` user is required when security is turned on! @@ -308,14 +308,29 @@ can be configured using additional configurations in `graphdb.properties`. See https://graphdb.ontotext.com/documentation/enterprise/access-control.html -#### Provisioning additional properties +Prior to GraphDB 10.0.0 the users and their settings were saved in the `settings.js` file. + +#### Provisioning additional properties and settings Most of GraphDB's properties can be passed through `java_args`. Another option is to supply a `graphdb.properties` file. -This file is provisioned on all GraphDB instances during GraphDB's startup using configmap `propertiesConfigMap`. +This file can be provisioned on during GraphDB's startup using `propertiesConfigMap`configmap or left to default. It can be overridden with other configmap containing the `graphdb.properties` file. The `graphdb.properties` file is also used for more complex security configurations such as LDAP, Oauth, Kerberos. +Some additional settings are kept in the `settings.js` file. Most of those settings are internal for GraphDB and better left managed by the client. +The file can be provisioned before GraphDB's startup with the `settingsConfigMap` configmap or left to default. +It can be overridden with other configmap containing the `settings.js` file. +Note the `settings.js` must contain `security.enabled" : true` property when security is turned on! + +GraphDB uses logback to configure logging using the `logback.xml` file. +The file can be provisioned before GraphDB's startup with the `logbackConfigMap` configmap or left to default. +It can be overridden with other configmap containing the `logback.xml` file. + +Since GraphDB 9.10.1 the Jolokia access is managed using the `jolokia-access.xml` file. +The file can be provisioned before GraphDB's startup with the `jolokiaAccessConfigmap` configmap or left to default. +It can be overridden with other configmap containing the `jolokia-access.xml` file. + See https://graphdb.ontotext.com/documentation/enterprise/configuring-graphdb.html?highlight=properties See https://graphdb.ontotext.com/documentation/enterprise/access-control.html diff --git a/templates/configuration/graphdb-jolokia-access-configmap.yaml b/templates/configuration/graphdb-jolokia-access-configmap.yaml index 4294a70f..a1055167 100644 --- a/templates/configuration/graphdb-jolokia-access-configmap.yaml +++ b/templates/configuration/graphdb-jolokia-access-configmap.yaml @@ -1,5 +1,5 @@ -# Default configuration map for provisioning GraphDB repository. -# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +# Default configuration map for provisioning the GraphDB jolokia access settings. +# To change it, prepare another configuration map and update "graphdb.configs.jolokiaAccessConfigMap" {{- $configs := (.Values.graphdb.configs | default dict) }} {{- if $configs.jolokiaAccessConfigMap }} {{- if eq $configs.jolokiaAccessConfigMap "graphdb-jolokia-access-configmap" }} diff --git a/templates/configuration/graphdb-logback-configmap.yaml b/templates/configuration/graphdb-logback-configmap.yaml index e03c4193..befa3146 100644 --- a/templates/configuration/graphdb-logback-configmap.yaml +++ b/templates/configuration/graphdb-logback-configmap.yaml @@ -1,5 +1,5 @@ -# Default configuration map for provisioning GraphDB repository. -# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +# Default configuration map for provisioning GraphDB logback settings. +# To change it, prepare another configuration map and update "graphdb.configs.logbackConfigMap" {{- $configs := (.Values.graphdb.configs | default dict) }} {{- if $configs.logbackConfigMap }} {{- if eq $configs.logbackConfigMap "graphdb-logback-configmap" }} diff --git a/templates/configuration/graphdb-properties-configmap.yaml b/templates/configuration/graphdb-properties-configmap.yaml index 82f438fb..2108c8d8 100644 --- a/templates/configuration/graphdb-properties-configmap.yaml +++ b/templates/configuration/graphdb-properties-configmap.yaml @@ -1,5 +1,5 @@ -# Default configuration map for provisioning GraphDB repository. -# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +# Default configuration map for provisioning GraphDB properties. +# To change it, prepare another configuration map and update "graphdb.configs.propertiesConfigMap" {{- $configs := (.Values.graphdb.configs | default dict) }} {{- if $configs.propertiesConfigMap}} {{- if eq $configs.propertiesConfigMap "graphdb-properties-configmap" }} diff --git a/templates/configuration/graphdb-setting-configmap.yaml b/templates/configuration/graphdb-setting-configmap.yaml index 65fc459c..c8964b23 100644 --- a/templates/configuration/graphdb-setting-configmap.yaml +++ b/templates/configuration/graphdb-setting-configmap.yaml @@ -1,5 +1,5 @@ -# Default configuration map for provisioning GraphDB repository. -# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +# Default configuration map for provisioning GraphDB settings.js file. +# To change it, prepare another configuration map and update "graphdb.configs.settingsConfigMap" {{- $configs := (.Values.graphdb.configs | default dict) }} {{- $settingsConfigMap := $configs.settingsConfigMap | default "null"}} {{- if or (eq $settingsConfigMap "graphdb-settings-configmap") (and (eq $settingsConfigMap "null") (.Values.graphdb.security.enabled)) }} diff --git a/templates/configuration/graphdb-users-configmap.yaml b/templates/configuration/graphdb-users-configmap.yaml index 58163ba1..21f09c9a 100644 --- a/templates/configuration/graphdb-users-configmap.yaml +++ b/templates/configuration/graphdb-users-configmap.yaml @@ -1,5 +1,5 @@ -# Default configuration map for provisioning GraphDB repository. -# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap" +# Default configuration map for provisioning GraphDB users.js file. +# To change it, prepare another configuration map and update "graphdb.configs.usersConfigMap" {{- $configs := (.Values.graphdb.configs | default dict) }} {{- $usersConfigMap := $configs.usersConfigMap | default "null"}} {{- if or (eq $usersConfigMap "graphdb-users-configmap") (and (eq $usersConfigMap "null") (.Values.graphdb.security.enabled)) }} From 91d20e868f6ce4386c05ce3aa4b966530303821f Mon Sep 17 00:00:00 2001 From: sukhumi Date: Tue, 30 Nov 2021 11:37:37 +0200 Subject: [PATCH 7/7] slightly changed the check null for settingsConfigMap and usersConfigMap --- ...setting-configmap.yaml => graphdb-settings-configmap.yaml} | 4 ++-- templates/configuration/graphdb-users-configmap.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) rename templates/configuration/{graphdb-setting-configmap.yaml => graphdb-settings-configmap.yaml} (88%) diff --git a/templates/configuration/graphdb-setting-configmap.yaml b/templates/configuration/graphdb-settings-configmap.yaml similarity index 88% rename from templates/configuration/graphdb-setting-configmap.yaml rename to templates/configuration/graphdb-settings-configmap.yaml index c8964b23..cea9c366 100644 --- a/templates/configuration/graphdb-setting-configmap.yaml +++ b/templates/configuration/graphdb-settings-configmap.yaml @@ -1,8 +1,8 @@ # Default configuration map for provisioning GraphDB settings.js file. # To change it, prepare another configuration map and update "graphdb.configs.settingsConfigMap" {{- $configs := (.Values.graphdb.configs | default dict) }} -{{- $settingsConfigMap := $configs.settingsConfigMap | default "null"}} -{{- if or (eq $settingsConfigMap "graphdb-settings-configmap") (and (eq $settingsConfigMap "null") (.Values.graphdb.security.enabled)) }} +{{- $settingsConfigMap := $configs.settingsConfigMap | default "" }} +{{- if or (eq $settingsConfigMap "graphdb-settings-configmap") (and (not $settingsConfigMap ) (.Values.graphdb.security.enabled)) }} apiVersion: {{ .Values.versions.configmap }} kind: ConfigMap metadata: diff --git a/templates/configuration/graphdb-users-configmap.yaml b/templates/configuration/graphdb-users-configmap.yaml index 21f09c9a..1a6ef81f 100644 --- a/templates/configuration/graphdb-users-configmap.yaml +++ b/templates/configuration/graphdb-users-configmap.yaml @@ -1,8 +1,8 @@ # Default configuration map for provisioning GraphDB users.js file. # To change it, prepare another configuration map and update "graphdb.configs.usersConfigMap" {{- $configs := (.Values.graphdb.configs | default dict) }} -{{- $usersConfigMap := $configs.usersConfigMap | default "null"}} -{{- if or (eq $usersConfigMap "graphdb-users-configmap") (and (eq $usersConfigMap "null") (.Values.graphdb.security.enabled)) }} +{{- $usersConfigMap := $configs.usersConfigMap | default ""}} +{{- if or (eq $usersConfigMap "graphdb-users-configmap") (and (not $usersConfigMap) (.Values.graphdb.security.enabled)) }} apiVersion: {{ .Values.versions.configmap }} kind: ConfigMap metadata: