-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add STAC catalog #297
Add STAC catalog #297
Changes from 85 commits
24ee7bf
148501f
e0c4231
b182aa4
0c024c5
0aecb0f
a41fbea
3cf6441
4671626
fef2f1d
ad3cbd5
3671d21
de276cd
dfbfcdd
5ae391f
3840abe
2964165
1e34626
74a05a3
4d3c348
394b36f
dd07828
9dbf1c9
be2c29d
800f060
bc5e2a2
8466780
079fcd2
88ccb34
ac90cbf
67ae5e6
82f117c
be43cb1
1d311af
4dea9bd
862b41a
5a800d8
5481d2c
4f8a526
472c70a
4dce05b
7bd3799
017890a
e5abe3a
a354c1c
5290fa9
5ac4dc6
f9f72b0
0cf71de
0adb3ac
8ba2867
0dd82f5
ad8ffe4
b20d46c
af3e85f
20aaf81
91d618f
32b9326
7d90bf8
d6cd887
bc4bc81
98b5779
0254ded
e7638cc
7931a2c
e96e658
1b52860
9b979c6
13a1fd7
7d61811
bcbbbd2
7853c05
bcb05d4
62378b6
72b162c
f59dae4
9ac43bf
eed9a1a
5c9e109
02c2903
47af0fe
340c418
4b27449
22a7d70
8c831ca
97f43fc
9db96d7
9c4519b
5080393
b6abd19
48b372f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
config/proxy/conf.extra-service.d/stac.conf |
matprov marked this conversation as resolved.
Show resolved
Hide resolved
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
version: "3.4" | ||
services: | ||
proxy: | ||
volumes: | ||
- ./components/stac/config/canarie-api/canarie_api_monitoring.py:${CANARIE_MONITORING_EXTRA_CONF_DIR}/stac_canarie_api_monitoring.py:ro |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
SERVICES['STAC'] = { | ||
'info': { | ||
'name': 'STAC', | ||
'synopsis': 'STAC is the common name of the REST API that implements the STAC specification, common representation of geospatial information.', | ||
'version': "", | ||
'institution': 'CRIM', | ||
'releaseTime': "2023-06-16T00:00:00Z", | ||
'researchSubject': 'Any', | ||
'supportEmail': '${SUPPORT_EMAIL}', | ||
'category': 'Data Manipulation', | ||
'tags': ['Catalog', 'Data', 'OGC'] | ||
}, | ||
'stats': { | ||
'method': '.*', | ||
'route': "/stac/.*" | ||
}, | ||
'redirect': { | ||
'doc': 'https://stac-utils.github.io/stac-fastapi/', | ||
'releasenotes': 'https://github.com/crim-ca/sac-app/blob/master/CHANGES.rst', | ||
'support': 'https://github.com/crim-ca/stac-app/issues', | ||
'source': 'https://github.com/crim-ca/stac-app', | ||
'tryme': 'https://${PAVICS_FQDN_PUBLIC}/stac/', | ||
'licence': 'https://github.com/crim-ca/stac-app/blob/master/LICENSE', | ||
'provenance': 'https://github.com/crim-ca/stac-app' | ||
}, | ||
"monitoring": { | ||
"STAC": { | ||
'request': { | ||
'url': 'http://stac:8000/stac' | ||
} | ||
} | ||
} | ||
} | ||
|
||
# vi: tabstop=8 expandtab shiftwidth=4 softtabstop=4 syntax=python |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
|
||
location /stac { | ||
# We need the first `/stac` for service resolution. | ||
# We need the second `/stac` for API redirect in STAC (see `root-path` and `ROUTER_PREFIX`). | ||
# See https://github.com/stac-utils/stac-fastapi/issues/427 | ||
# See https://github.com/crim-ca/stac-app/blob/main/stac_app.py#L60 | ||
proxy_pass https://${PAVICS_FQDN_PUBLIC}${TWITCHER_PROTECTED_PATH}/stac/stac; | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Host $host:$server_port; | ||
proxy_buffering off; | ||
include /etc/nginx/conf.d/cors.include; | ||
} | ||
|
||
location /stac-browser/ { | ||
# STAC API is protected behind Twitcher so we might not need to protect the browser as well. | ||
# In case we encounter a valid use case in which we need to protect the browser, we might | ||
# consider using Twitcher's verify capability to protect the route in an efficient manner. | ||
proxy_pass http://stac-browser:8080/; | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-Host localhost; | ||
proxy_set_header X-Forwarded-Server localhost; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
proxy_set_header X-Forwarded-For $remote_addr; | ||
proxy_set_header Origin localhost; | ||
proxy_hide_header Access-Control-Allow-Origin; | ||
proxy_redirect off; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
version: "3.4" | ||
services: | ||
proxy: | ||
volumes: | ||
- ./components/stac/config/proxy/conf.extra-service.d:/etc/nginx/conf.extra-service.d/stac:ro |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
export STAC_POSTGRES_USER=${POSTGRES_PAVICS_USERNAME} | ||
export STAC_POSTGRES_PASSWORD=${POSTGRES_PAVICS_PASSWORD} | ||
export STAC_PGUSER=${POSTGRES_PAVICS_USERNAME} | ||
export STAC_PGPASSWORD=${POSTGRES_PAVICS_PASSWORD} | ||
matprov marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
# add any new variables not already in 'VARS' or 'OPTIONAL_VARS' that must be replaced in templates here | ||
# single quotes are important in below list to keep variable names intact until 'pavics-compose' parses them | ||
EXTRA_VARS=' | ||
$STAC_POSTGRES_USER | ||
$STAC_POSTGRES_PASSWORD | ||
$STAC_PGUSER | ||
$STAC_PGPASSWORD | ||
' | ||
# extend the original 'VARS' from 'birdhouse/pavics-compose.sh' to employ them for template substitution | ||
# adding them to 'VARS', they will also be validated in case of override of 'default.env' using 'env.local' | ||
VARS="$VARS $EXTRA_VARS" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
version: "3.4" | ||
|
||
x-logging: | ||
&default-logging | ||
driver: "json-file" | ||
options: | ||
max-size: "50m" | ||
max-file: "10" | ||
|
||
services: | ||
stac: | ||
container_name: stac | ||
image: ghcr.io/crim-ca/stac-app:main | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not using exact version for reproductibility? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm guessing this first? crim-ca/stac-app#1 |
||
depends_on: | ||
- stac-db | ||
environment: | ||
- POSTGRES_USER=${STAC_POSTGRES_USER} | ||
- POSTGRES_PASS=${STAC_POSTGRES_PASSWORD} | ||
- POSTGRES_DBNAME=postgis | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just curious, is |
||
- POSTGRES_HOST_READER=stac-db | ||
- POSTGRES_HOST_WRITER=stac-db | ||
- POSTGRES_PORT=5432 | ||
- ROUTER_PREFIX=/stac | ||
- OPENAPI_URL=/stac/api | ||
- DOCS_URL=/stac/api.html | ||
logging: *default-logging | ||
restart: always | ||
|
||
stac-browser: | ||
container_name: stac-browser | ||
image: ghcr.io/crim-ca/stac-browser:docker_image_push | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Versionned image for reproductibility? |
||
environment: | ||
- CATALOG_URL=https://${PAVICS_FQDN_PUBLIC}/stac/ | ||
- ROOT_PATH=/stac-browser/ | ||
|
||
stac-db: | ||
container_name: stac-db | ||
image: ghcr.io/stac-utils/pgstac:v0.6.10 | ||
environment: | ||
- POSTGRES_USER=${STAC_POSTGRES_USER} | ||
- POSTGRES_PASSWORD=${STAC_POSTGRES_PASSWORD} | ||
- POSTGRES_DB=postgis | ||
- PGUSER=${STAC_PGUSER} | ||
- PGPASSWORD=${STAC_PGPASSWORD} | ||
- PGHOST=localhost | ||
- PGDATABASE=postgis | ||
volumes: | ||
- stac-db:/var/lib/postgresql/data | ||
healthcheck: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nice to have a healthcheck here. The other 2 containers, would be nice to have some sort of healthcheck as well. |
||
test: ["CMD-SHELL", "pg_isready"] | ||
interval: 10s | ||
timeout: 5s | ||
retries: 5 | ||
|
||
# extend proxy with endpoint and config for STAC API access | ||
proxy: | ||
matprov marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Duplicate fragment with existing file |
||
volumes: | ||
- ./components/stac/conf.extra-service.d:/etc/nginx/conf.extra-service.d/stac:ro | ||
links: | ||
matprov marked this conversation as resolved.
Show resolved
Hide resolved
|
||
- stac | ||
|
||
volumes: | ||
stac-db: |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,4 +4,5 @@ | |
proxy_set_header X-Forwarded-Proto $real_scheme; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Host $host:$server_port; | ||
proxy_set_header Forwarded "proto=https;host=${PAVICS_FQDN}"; # Helps the STAC component to craft URLs containing the full PAVICS_FQDN | ||
matprov marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Better use |
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
export STAC_ASSET_GENERATOR_TIMEOUT=30 | ||
matprov marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
# add any new variables not already in 'VARS' or 'OPTIONAL_VARS' that must be replaced in templates here | ||
# single quotes are important in below list to keep variable names intact until 'pavics-compose' parses them | ||
EXTRA_VARS=' | ||
$STAC_ASSET_GENERATOR_TIMEOUT | ||
' | ||
# extend the original 'VARS' from 'birdhouse/pavics-compose.sh' to employ them for template substitution | ||
# adding them to 'VARS', they will also be validated in case of override of 'default.env' using 'env.local' | ||
VARS="$VARS $EXTRA_VARS" | ||
|
||
# add any component that this component requires to run | ||
COMPONENT_DEPENDENCIES=" | ||
./components/stac | ||
" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
version: "3.4" | ||
|
||
x-logging: | ||
&default-logging | ||
driver: "json-file" | ||
options: | ||
max-size: "50m" | ||
max-file: "10" | ||
|
||
services: | ||
matprov marked this conversation as resolved.
Show resolved
Hide resolved
|
||
# populates STAC catalog with sample collection items | ||
stac-populator: | ||
container_name: stac-populator | ||
image: ghcr.io/crim-ca/stac-populator:master | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Versionned image for reproductibility? |
||
environment: | ||
- STAC_ASSET_GENERATOR_TIMEOUT=${STAC_ASSET_GENERATOR_TIMEOUT} | ||
- STAC_HOST=http://stac:8000/stac # STAC API internally accessed to avoid Twitcher authentication | ||
command: > | ||
bash -c "./wait-for-it.sh stac:8000 -t 30 && ./populate.sh" | ||
matprov marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Noob question about the stac-populator: does this just populate once and exit or it stays in the background and listen for new data and repopulate? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Another Noob question about the stac-populator: how does it knows which collection to crawl and populate the stac-db? Is the path https://pavics.ouranos.ca/twitcher/ows/proxy/thredds/catalog/datasets/catalog.html hardcoded? This should be configurable. Or are we crawling directly on disk? But then I do not see any volume-mount. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @tlvu The pipeline for populating STAC is being handled in a separate repo (https://github.com/crim-ca/stac-populator). I think this is just for testing. |
||
depends_on: | ||
- stac |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
config/magpie/config.yml |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
providers: | ||
# definition of STAC service for API access | ||
stac: | ||
url: http://stac:8000 | ||
title: STAC | ||
public: true | ||
c4i: false | ||
type: api | ||
sync_type: api | ||
|
||
permissions: | ||
- service: stac | ||
permission: read | ||
group: anonymous | ||
action: create | ||
- service: stac | ||
permission: write | ||
group: stac-admin | ||
action: create |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# add any component that this component requires to run | ||
COMPONENT_DEPENDENCIES=" | ||
./components/stac | ||
" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
version: "3.4" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This entire file should be in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @mishaschwartz Oh this one is a special case ! If this file move to Would the "inner" docker-compose fragment file be discovered even if no file at the root of the component? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This works... but if we want to follow the pattern we use elsewhere we should really add this to We're almost certainly going to make magpie a required component but it would be nicer to keep the pattern we've already established. Thanks for finding that @tlvu There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes agreed. The new directory layout pattern is not only for looking nice and tidy, it's to allow 100% flexible deployment. I think we need to document this pattern here https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/README.rst and explain the proper reason behind it. |
||
services: | ||
magpie: | ||
volumes: | ||
- ./optional-components/stac-public-access/config/magpie/config.yml:${MAGPIE_PERMISSIONS_CONFIG_PATH}/stac-public-access.yml:ro | ||
- ./optional-components/stac-public-access/config/magpie/config.yml:${MAGPIE_PROVIDERS_CONFIG_PATH}/stac-public-access.yml:ro |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matprov No bumpversion? FYI the release procedure https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/README.rst#release-procedure
Planning on a quick subsequent PR?