updates

truenas · May 21, 2024 · fbc70b0 · fbc70b0
1 parent f65a2f8
commit fbc70b0
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 118 deletions.
diff --git a/.flake8 b/.flake8
@@ -1,2 +1,2 @@
 [flake8]
-max-line-length = 88
+max-line-length = 250
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -9,7 +9,7 @@
     "editor.formatOnSave": false,
     "editor.formatOnPaste": false
   },
-  "black-formatter.args": ["--line-length", "88"],
+  "black-formatter.args": ["--line-length", "250"],
   "[python]": {
     "editor.defaultFormatter": "ms-python.black-formatter",
     "editor.defaultFoldingRangeProvider": "ms-python.flake8",

diff --git a/cspell.config.yaml b/cspell.config.yaml
@@ -1,7 +1,9 @@
 words:
   - CPUS
   - Healtcheck
+  - healthcheck
   - isready
   - logsearch
+  - logsearchapi
   - minio
   - tracebacklimit
diff --git a/ix-dev/enterprise/minio/templates/docker-compose.yaml b/ix-dev/enterprise/minio/templates/docker-compose.yaml
@@ -1,19 +1,8 @@
-{% from "macros/global/permissions.yaml.jinja" import permissions_container %}
-
-{{ ix_lib.enterprise.minio.data.validate(data = {
+{% from "macros/global/perms.sh.jinja" import perms_shell %}
+{% set _ = ix_lib.enterprise.minio.data.validate(data = {
   'multi_mode': minio.multi_mode,
   'storage': storage,
-}) }}
-
-{% set pg_database = "logsearch" %}
-{% set pg_user = "logsearch" %}
-{% set minio_network = "minio_internal" %}
-
-{% set log_auth_token = ix_lib.base.utils.secure_string(16) %} {# Random string #}
-{% set log_audit_token = ix_lib.base.utils.secure_string(16) %} {# Random string #}
-
-{% set minio_vols = namespace(items=[]) %}
-{% set perm_paths = namespace(items=[]) %}
+}) %}
 
 {% if network.certificate_id %}
 configs:
@@ -25,40 +14,59 @@ configs:
       {{ ixCertificates[network.certificate_id].certificate | indent(6) }}
 {% endif %}
 
-{# Get paths to apply permissions to #}
-{% for store in storage.data %}
-  {%- if store.auto_permissions %}
-  {% set perm_paths.items = perm_paths.items +
-    [{
-      'host_path': ix_lib.base.utils.get_host_path(data=store, ix_volumes=ixVolumes),
-      'mount_path': store.mount_path, 'uid': ix_lib.base.permissions.validate_id(minio.user),
-      'gid': ix_lib.base.permissions.validate_id(minio.group)
-    }]
-  %}
-  {% endif %}
-{% endfor %}
-{% if logsearch.enabled and logsearch.postgres_data.auto_permissions %}
-  {% set perm_paths.items = perm_paths.items +
-    [{
-      'host_path': ix_lib.base.utils.get_host_path(data=logsearch.postgres_data, ix_volumes=ixVolumes),
-      'mount_path': '/data/pgdata', 'uid': ix_lib.base.permissions.validate_id(999),
-      'gid': ix_lib.base.permissions.validate_id(999)
-    }]
-  %}
-{% endif %}
+{% set pg_database = "logsearch" %}
+{% set pg_user = "logsearch" %}
+{% set log_auth_token = ix_lib.base.utils.secure_string(16) %}
+{% set log_audit_token = ix_lib.base.utils.secure_string(16) %}
+{% set minio_vols = namespace(items=[]) %}
+{% set perms_vols = namespace(items=[]) %}
 
 services:
-  {% if perm_paths.items %}
-    {{- permissions_container(paths=perm_paths.items) | indent(2) }}
+  {% if logsearch.enabled %}
+  logsearch:
+    image: minio/operator:v4.5.8
+    user: {{ "%s:%s" | format(minio.user, minio.group) }}
+    links:
+      - postgres
+    entrypoint: /logsearchapi
+    depends_on:
+      postgres:
+        condition: service_healthy
+    healthcheck: {{ ix_lib.base.healthchecks.check_health(ix_lib.base.healthchecks.curl_test("http://localhost:8080/status")) }}
+    environment:
+      LOGSEARCH_DISK_CAPACITY_GB: {{ logsearch.disk_capacity_gb }}
+      LOGSEARCH_PG_CONN_STR: postgresql://{{ pg_user }}:{{ logsearch.postgres_password }}@postgres:5432/{{ pg_database }}?sslmode=disable
+      LOGSEARCH_AUDIT_AUTH_TOKEN: {{ log_audit_token }}
+      MINIO_LOG_QUERY_AUTH_TOKEN: {{ log_auth_token }}
+  postgres:
+    image: postgres:15
+    user: "999:999"
+    depends_on:
+      pg_perms:
+        condition: service_completed_successfully
+    environment: {{ ix_lib.base.snippets.postgres_environment(pg_user, logsearch.postgres_password, pg_database,) }}
+    volumes:
+      - {{ "%s:/var/lib/postgresql/data" | format(ix_lib.base.utils.get_host_path(data=logsearch.postgres_data, ix_volumes=ixVolumes)) }}
+    healthcheck: {{ ix_lib.base.healthchecks.check_health(ix_lib.base.healthchecks.pg_test(pg_user, pg_database)) }}
+  pg_perms:
+    image: bash
+    user: root
+    entrypoint:
+      - bash
+      - -c
+    command:
+      - |
+        {{- perms_shell(mode="check", uid="999", gid="999", chmod="") | indent(8) }}
+    volumes:
+      - {{ "%s:/mnt/directories/data" | format(ix_lib.base.utils.get_host_path(data=logsearch.postgres_data, ix_volumes=ixVolumes)) }}
   {% endif %}
+
   minio:
     image: minio/minio:RELEASE.2023-12-07T04-16-00Z
     user: {{ "%s:%s" | format(minio.user, minio.group) }}
     ports:
       - {{ "%d:%d" | format(network.api_port, network.api_port) }}
       - {{ "%d:%d" | format(network.console_port, network.console_port) }}
-    deploy:
-      {{ ix_lib.base.utils.to_yaml(ix_lib.base.snippets.resources(resources)) | indent(6) }}
     {% if network.certificate_id %}
     configs:
       - source: private
@@ -87,11 +95,18 @@ services:
         {% set minio_vols.items = minio_vols.items + [store.mount_path] %}
       - {{ "%s:%s" | format(ix_lib.base.utils.get_host_path(data=store, ix_volumes=ixVolumes), ix_lib.base.validations.validate_path(store.mount_path)) }}
       {% endfor %}
+    depends_on:
+      {# minio_perms:
+        condition: service_completed_successfully #}
+      {% if logsearch.enabled %}
+      logsearch:
+        condition: service_healthy
+      {% endif %}
     environment:
       MINIO_ROOT_USER: {{ minio.access_key }}
       MINIO_ROOT_PASSWORD: {{ minio.secret_key  }}
       {% if multi_mode %}
-      MINIO_VOLUMES: {{ minio_vols.items | join(' ') }}
+      MINIO_VOLUMES: {{ multi_mode.items | join(' ') }}
       {% else %}
       MINIO_VOLUMES: {{ minio_vols.items | join(' ') }}
       {% endif %}
@@ -108,64 +123,8 @@ services:
       MINIO_LOG_QUERY_URL: http://logsearch:8080
       {% endif %}
       MC_HOST_health: {{ "%s://localhost:%d" | format("https" if network.certificate_id else "http", network.api_port) }}
-    healthcheck:
-      {{ ix_lib.base.utils.to_yaml(ix_lib.base.snippets.health_check(test = "mc ready --insecure --debug health")) | indent(6) }}
-    {% if perm_paths.items or logsearch.enabled %}
-    depends_on:
-      {% if perm_paths.items %}
-      permissions:
-        condition: service_completed_successfully
-      {% endif %}
-      {% if logsearch.enabled %}
-      logsearch:
-        condition: service_healthy
-      {% endif %}
-    {% endif %}
+    healthcheck: {{ ix_lib.base.healthchecks.check_health("mc ready --insecure --debug health") }}
     {% if logsearch.enabled %}
     links:
       - logsearch
     {% endif %}
-
-  {% if logsearch.enabled %}
-  logsearch:
-    image: minio/operator:v4.5.8
-    user: {{ "%s:%s" | format(minio.user, minio.group) }}
-    links:
-      - postgres
-    entrypoint: /logsearchapi
-    deploy:
-      {{ ix_lib.base.utils.to_yaml(ix_lib.base.snippets.resources(resources))| indent(6) }}
-    depends_on:
-      postgres:
-        condition: service_healthy
-    healthcheck:
-      {{ ix_lib.base.utils.to_yaml(ix_lib.base.snippets.health_check(ix_lib.base.snippets.curl_test("http://localhost:8080/status"))) | indent(6) }}
-    environment:
-      LOGSEARCH_DISK_CAPACITY_GB: {{ logsearch.disk_capacity_gb }}
-      LOGSEARCH_PG_CONN_STR: postgresql://{{ pg_user }}:{{ logsearch.postgres_password }}@postgres:5432/{{ pg_database }}?sslmode=disable
-      LOGSEARCH_AUDIT_AUTH_TOKEN: {{ log_audit_token }}
-      MINIO_LOG_QUERY_AUTH_TOKEN: {{ log_auth_token }}
-
-  postgres:
-    image: postgres:15
-    user: {{ ix_lib.base.snippets.postgres_run_as() }}
-    {% if perm_paths.items %}
-    depends_on:
-      permissions:
-        condition: service_completed_successfully
-    {% endif %}
-    deploy:
-      {{ ix_lib.base.utils.to_yaml(ix_lib.base.snippets.resources(resources)) | indent(6) }}
-    healthcheck:
-      {{ ix_lib.base.utils.to_yaml(ix_lib.base.snippets.health_check(ix_lib.base.snippets.pg_test(user = pg_user, db=pg_database))) | indent(6) }}
-    environment:
-      {{ ix_lib.base.utils.to_yaml(ix_lib.base.snippets.postgres_environment(user = pg_user, db = pg_database, password = logsearch.postgres_password)) | indent(6) }}
-    volumes:
-      - {{ "%s:/var/lib/postgresql/data" | format(ix_lib.base.utils.get_host_path(data=logsearch.postgres_data, ix_volumes=ixVolumes)) }}
-  {% endif %}
-
-{#
-TODO: add function for container that runs a pg backup on a schedule. Nice read
-https://wbarillon.medium.com/the-proper-and-easiest-way-to-set-cron-jobs-docker-version-1ef213578ad
-#}
-{# TODO: make a postgres snippet #}
diff --git a/ix-dev/enterprise/minio/templates/library/enterprise/minio/v1_0_0/data.py b/ix-dev/enterprise/minio/templates/library/enterprise/minio/v1_0_0/data.py
@@ -8,37 +8,23 @@ def validate(data):
         utils.throw_error("At least 1 storage item must be set")
 
     if len(storage["data"]) > 1 and not multi_mode["enabled"]:
-        utils.throw_error(
-            "[Multi Mode] must be enabled if more than 1 storage item is set"
-        )
+        utils.throw_error("[Multi Mode] must be enabled if more than 1 storage item is set")
 
     # make sure mount_paths in data['storage']['data'] are unique
     mount_paths = [item["mount_path"] for item in storage["data"]]
     if len(mount_paths) != len(set(mount_paths)):
-        utils.throw_error(
-            "Mount paths in storage items must be unique"
-            + f", found duplicates: [{', '.join(mount_paths)}]"
-        )
+        utils.throw_error("Mount paths in storage items must be unique" + f", found duplicates: [{', '.join(mount_paths)}]")
 
     if multi_mode["enabled"]:
         if len(multi_mode["items"]) == 0:
-            utils.throw_error(
-                "When [Multi Mode] is enabled, at least 1 item in must be defined."
-            )
+            utils.throw_error("When [Multi Mode] is enabled, at least 1 item in must be defined.")
         disallowed_keys = ["server"]
         for item in multi_mode["items"]:
             if item in disallowed_keys:
-                utils.throw_error(
-                    f"MinIO: Value [{item}] is not allowed in [Multi Mode] items"
-                )
+                utils.throw_error(f"MinIO: Value [{item}] is not allowed in [Multi Mode] items")
 
             # /data{1...4}
             if item.startswith("/"):
                 # check if these characters exist in item
                 if any(char in item for char in ["{", "}"]) and "..." not in item:
-                    utils.throw_error(
-                        "MinIO: [Multi Mode] items must have 3 dots when they are"
-                        + " paths with expansion eg [/some_path{1...4}]"
-                    )
-
-    return ""
+                    utils.throw_error("MinIO: [Multi Mode] items must have 3 dots when they are paths with expansion eg [/some_path{1...4}]")