From 3c60c9df06a3016376472b9ff5c0e2a86df45727 Mon Sep 17 00:00:00 2001 From: Don Richards <2738244+DonRichards@users.noreply.github.com> Date: Wed, 1 Dec 2021 18:01:30 -0500 Subject: [PATCH 01/25] Add simple way to update Drupal's admin password (#193) Co-authored-by: Noah W. Smith --- Makefile | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5a3a8c3008..214d4123b9 100644 --- a/Makefile +++ b/Makefile @@ -286,7 +286,7 @@ generate-secrets: -v $(CURDIR)/scripts/generate-secrets.sh:/generate-secrets.sh \ -w / \ --entrypoint bash \ - $(REPOSITORY)/drupal:$(TAG) -c /generate-secrets.sh + $(REPOSITORY)/drupal:$(TAG) -c "/generate-secrets.sh && chown -R `id -u`:`id -g` /secrets" # Helper function to generate keys for the user to use in their docker-compose.env.yml .PHONY: download-default-certs @@ -385,6 +385,19 @@ help: } \ {lastLine = $$0}' $(MAKEFILE_LIST) +IS_DRUPAL_PSSWD_FILE_READABLE := $(shell test -r secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD -a -w secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD && echo 1 || echo 0) +CMD := $(shell [ $(IS_DRUPAL_PSSWD_FILE_READABLE) -eq 1 ] && echo 'tee' || echo 'sudo -k tee') + +.PHONY: set_admin_password +.SILENT: set_admin_password +## Sets the admin password and accomodates for permissions restrictions to the secrets directory. Only runs sudo when needed. +set_admin_password: + @$(eval PASSWORD ?= $(shell bash -c 'read -s -p "New Password: " pwd; echo $$pwd')) + @echo "\n\nSetting admin password now" + docker-compose exec -T drupal with-contenv bash -lc 'drush user:password admin "$(PASSWORD)"' + echo "$(PASSWORD)" | $(CMD) secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD >> /dev/null + @echo "\ndone." + LATEST_VERSION := $(shell curl -s https://api.github.com/repos/desandro/masonry/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/') .PHONY: fix-masonry From 2fde3ed601cfc2788d34b15d8c0e6e1ea62ec6aa Mon Sep 17 00:00:00 2001 From: Alan Stanley Date: Thu, 9 Dec 2021 11:04:50 -0400 Subject: [PATCH 02/25] Update troubleshooting.md Added some DNS config info --- docs/troubleshooting.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 472597ac86..fea688cbd4 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -82,3 +82,14 @@ more portable. ```bash make database-dump DEST=/tmp/dump.sql ``` + +## Drupal can't connect to a valid Solr container: + +**Error:** + +The server configured at `/admin/config/search/search-api` shows a failed connection to a properly configured Solr container. + +This can sometimes be caused by Docker containers not inheriting the DNS configurations from the host machine. + +To fix edit `/etc/resolv.conf` in both the Drupal and the Solr containers by adding a valid DNS entry ie `nameserver 223.5.5.5` + From d2ec9f667545327428afeb747568c98f3e999d96 Mon Sep 17 00:00:00 2001 From: Rosie Le Faive Date: Mon, 13 Dec 2021 16:19:01 -0400 Subject: [PATCH 03/25] Explain Docker Hub in readme. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d3436c4c8..00188733d0 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,8 @@ ## Introduction [Docker Compose] project for creating and managing an Islandora 8 instance -using [Docker] containers from [isle-buildkit](https://github.com/Islandora-Devops/isle-buildkit). +using [Docker] containers from [Docker Hub](https://hub.docker.com/u/islandora) +that were created by [isle-buildkit](https://github.com/Islandora-Devops/isle-buildkit). In a nutshell, `isle-dc` generates a docker-compose.yml file for you based on configuration that you supply in a `.env` file. And there are three use cases we're trying to accomplish: From 996b46cc2b7aa617f1aa3a2b8089268afbcdf9bf Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Wed, 15 Dec 2021 17:18:12 -0400 Subject: [PATCH 04/25] added options to sample.env for exposing containers via traefik --- docker-compose.activemq.yml | 2 +- docker-compose.blazegraph.yml | 2 +- docker-compose.cantaloupe.yml | 2 +- docker-compose.code-server.yml | 2 +- docker-compose.drupal.yml | 2 +- docker-compose.fcrepo.yml | 2 +- docker-compose.fcrepo6.yml | 2 +- docker-compose.mariadb.yml | 2 +- docker-compose.matomo.yml | 2 +- docker-compose.postgresql.yml | 2 +- docker-compose.solr.yml | 2 +- docker-compose.traefik.yml | 22 ++++++++-------- sample.env | 48 +++++++++++++++++++++++++++++++++- 13 files changed, 69 insertions(+), 23 deletions(-) diff --git a/docker-compose.activemq.yml b/docker-compose.activemq.yml index 085ca0ee5b..daaad0085e 100644 --- a/docker-compose.activemq.yml +++ b/docker-compose.activemq.yml @@ -14,7 +14,7 @@ services: - activemq-data:/opt/activemq/data labels: # Do not expose in production. - - traefik.enable=true + - traefik.enable=${EXPOSE_ACTIVEMQ:-false} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-activemq.loadbalancer.server.port=8161 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-activemq_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-activemq - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-activemq_http.entrypoints=activemq diff --git a/docker-compose.blazegraph.yml b/docker-compose.blazegraph.yml index 77b96b6159..a2010183a2 100644 --- a/docker-compose.blazegraph.yml +++ b/docker-compose.blazegraph.yml @@ -15,7 +15,7 @@ services: networks: default: labels: - - traefik.enable=true + - traefik.enable=${EXPOSE_BLAZEGRAPH:-false} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph.loadbalancer.server.port=80 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph_http.entrypoints=blazegraph diff --git a/docker-compose.cantaloupe.yml b/docker-compose.cantaloupe.yml index 57b15b9845..a15135f442 100644 --- a/docker-compose.cantaloupe.yml +++ b/docker-compose.cantaloupe.yml @@ -13,7 +13,7 @@ services: volumes: - cantaloupe-data:/data labels: - - traefik.enable=true + - traefik.enable=${EXPOSE_CANTALOUPE:-true} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-cantaloupe.loadbalancer.server.port=80 - traefik.http.middlewares.cantaloupe-redirectscheme.redirectscheme.scheme=https - traefik.http.middlewares.cantaloupe-redirectscheme.redirectscheme.permanent=true diff --git a/docker-compose.code-server.yml b/docker-compose.code-server.yml index 5711f60978..4e64b8f636 100644 --- a/docker-compose.code-server.yml +++ b/docker-compose.code-server.yml @@ -21,7 +21,7 @@ services: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/code-server:${TAG:-latest} labels: - - traefik.enable=true + - traefik.enable=${EXPOSE_CODE_SERVER:-false} # code-server - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-code-server.loadbalancer.server.port=8443 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-code-server_https.service=${COMPOSE_PROJECT_NAME-isle-dc}-code-server diff --git a/docker-compose.drupal.yml b/docker-compose.drupal.yml index 6da289420a..2f55bb9d62 100644 --- a/docker-compose.drupal.yml +++ b/docker-compose.drupal.yml @@ -21,7 +21,7 @@ services: PHP_UPLOAD_MAX_FILESIZE: ${PHP_UPLOAD_MAX_FILESIZE} PHP_MAX_EXECUTION_TIME: ${PHP_MAX_EXECUTION_TIME} labels: - - traefik.enable=true + - traefik.enable=${EXPOSE_DRUPAL:-true} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-drupal.loadbalancer.server.port=80 - traefik.http.middlewares.drupal-redirectscheme.redirectscheme.scheme=https - traefik.http.middlewares.drupal-redirectscheme.redirectscheme.permanent=true diff --git a/docker-compose.fcrepo.yml b/docker-compose.fcrepo.yml index f950f82ecb..d89bc36f18 100644 --- a/docker-compose.fcrepo.yml +++ b/docker-compose.fcrepo.yml @@ -24,7 +24,7 @@ services: default: labels: # Do not expose in production. - - traefik.enable=true + - traefik.enable=${EXPOSE_FEDORA:-false} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo.loadbalancer.server.port=80 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.entrypoints=fcrepo diff --git a/docker-compose.fcrepo6.yml b/docker-compose.fcrepo6.yml index 9a81ddfca8..5fdc78f622 100644 --- a/docker-compose.fcrepo6.yml +++ b/docker-compose.fcrepo6.yml @@ -24,7 +24,7 @@ services: default: labels: # Do not expose in production. - - traefik.enable=true + - traefik.enable=${EXPOSE_FEDORA:-false} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo.loadbalancer.server.port=80 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.entrypoints=fcrepo diff --git a/docker-compose.mariadb.yml b/docker-compose.mariadb.yml index dc2406ebd8..853ad02687 100644 --- a/docker-compose.mariadb.yml +++ b/docker-compose.mariadb.yml @@ -20,7 +20,7 @@ services: # Since this is not http, but tcp traffic it does does not understand the concept of a "host". # so we must dedicate a port to it in traefik, and direct all traffic to this router: HostSNI(`*`). labels: - - traefik.enable=true + - traefik.enable=${EXPOSE_MYSQL:-false} - traefik.tcp.services.${COMPOSE_PROJECT_NAME-isle-dc}-mysql.loadbalancer.server.port=3306 - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-mysql_tcp.service=${COMPOSE_PROJECT_NAME-isle-dc}-mysql - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-mysql_tcp.entrypoints=mysql diff --git a/docker-compose.matomo.yml b/docker-compose.matomo.yml index f224a2a358..88243bfc03 100644 --- a/docker-compose.matomo.yml +++ b/docker-compose.matomo.yml @@ -20,7 +20,7 @@ services: default: labels: # Do not expose in production over http, setup https. - - traefik.enable=true + - traefik.enable=${EXPOSE_MATOMO:-true} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-matomo.loadbalancer.server.port=80 - traefik.http.middlewares.${COMPOSE_PROJECT_NAME-isle-dc}-matomo-redirectscheme.redirectscheme.scheme=https - traefik.http.middlewares.${COMPOSE_PROJECT_NAME-isle-dc}-matomo-redirectscheme.redirectscheme.permanent=true diff --git a/docker-compose.postgresql.yml b/docker-compose.postgresql.yml index f4aa4d3f4f..ee95d21025 100644 --- a/docker-compose.postgresql.yml +++ b/docker-compose.postgresql.yml @@ -24,7 +24,7 @@ services: # Since this is not http, but tcp traffic it does does not understand the concept of a "host". # so we must dedicate a port to it in traefik, and direct all traffic to this router: HostSNI(`*`). labels: - - traefik.enable=true + - traefik.enable=${EXPOSE_POSTGRES:-false} - traefik.tcp.services.${COMPOSE_PROJECT_NAME-isle-dc}-postgresql.loadbalancer.server.port=5432 - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-postgresql_tcp.service=${COMPOSE_PROJECT_NAME-isle-dc}-postgresql - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-postgresql_tcp.entrypoints=postgresql diff --git a/docker-compose.solr.yml b/docker-compose.solr.yml index e87c70119e..45696d9187 100644 --- a/docker-compose.solr.yml +++ b/docker-compose.solr.yml @@ -15,7 +15,7 @@ services: default: labels: # Do not expose in production. - - traefik.enable=true + - traefik.enable=${EXPOSE_SOLR:-false} - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-solr.loadbalancer.server.port=8983 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-solr_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-solr - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-solr_http.entrypoints=solr diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml index 941a5d07c2..59d45aadd8 100644 --- a/docker-compose.traefik.yml +++ b/docker-compose.traefik.yml @@ -20,9 +20,9 @@ services: # Do not set `api.insecure`, `api.dashboard`, `api.debug` to `true` in production. # Also do not expose database 3306/5432, as an entry point. command: >- - --api.insecure=true - --api.dashboard=true - --api.debug=true + --api.insecure=${EXPOSE_TRAEFIK_DASHBOARD:-false} + --api.dashboard=${EXPOSE_TRAEFIK_DASHBOARD:-false} + --api.debug=${EXPOSE_TRAEFIK_DASHBOARD:-false} --entryPoints.http.address=:80 --entryPoints.https.address=:443 --entryPoints.mysql.address=:3306 @@ -41,14 +41,14 @@ services: - 80:80 # drupal, cantaloupe, matomo - 443:443 # https for ^^^ # Don't do any of these in production - - 3306:3306 # mysql - - 5432:5432 # postgres - - 8080:8080 # traefik admin dashboard - helpful for debugging - - 8081:8081 # fedora - - 8082:8082 # blazegraph - - 8161:8161 # activemq - - 8983:8983 # solr - - 8443:8443 # code-server + - ${MYSQL_PORT:-3306}:3306 # mysql + - ${POSTGRES_PORT:-5432}:5432 # postgres + - ${TRAEFIK_DASHBOARD_PORT:-8080}:8080 # traefik admin dashboard - helpful for debugging + - ${FEDORA_PORT:-8081}:8081 # fedora + - ${BLAZEGRAPH_PORT:-8082}:8082 # blazegraph + - ${ACTIVEMQ_PORT:-8161}:8161 # activemq + - ${SOLR_PORT:-8983}:8983 # solr + - ${CODE_SERVER_PORT:-8443}:8443 # code-server volumes: - /var/run/docker.sock:/var/run/docker.sock - ./tls.yml:/etc/traefik/tls.yml diff --git a/sample.env b/sample.env index fed398456b..85bd7a3a9e 100644 --- a/sample.env +++ b/sample.env @@ -17,6 +17,7 @@ USE_SECRETS=false ############################################################################### # Environment variables specific to composer. ############################################################################### + COMPOSE_HTTP_TIMEOUT=480 # Also used for naming services in traefik as well as defining network alias and urls. @@ -31,7 +32,7 @@ DOCKER_BUILDKIT=1 # Dockerfile to use when building the custom project. PROJECT_DRUPAL_DOCKERFILE=Dockerfile -# Includes `traefik` as a service, if false assume we are sharing a traefik +# Includes `traefik` as a service, if false assume we are sharing a traefik # from another project. INCLUDE_TRAEFIK_SERVICE=true @@ -61,6 +62,51 @@ REPOSITORY=islandora # their versions specified explicitly in their respective docker-compose files. TAG=1.0.0-alpha-6 +############################################################################### +# Exposed Containers & Ports +############################################################################### + +# Expose Cantaloupe at ${DOMAIN}/cantaloupe +EXPOSE_CANTALOUPE=true + +# Expose Matomo at ${DOMAIN}/matomo +EXPOSE_MATOMO=true + +# Expose Drupal at ${DOMAIN} +EXPOSE_DRUPAL=true + +# Expose MySQL over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_MYSQL=false +MYSQL_PORT=3306 + +# Expose Postgres over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_POSTGRES=false +POSTGRES_PORT=5432 + +# Expose the Traefik dashboard over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_TRAEFIK_DASHBOARD=false +TRAEFIK_DASHBOARD_PORT=8080 + +# Expose Fedora over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_FEDORA=false +FEDORA_PORT=8081 + +# Expose Blazegraph over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_BLAZEGRAPH=false +BLAZEGRAPH_PORT=8082 + +# Expose Activemq over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_ACTIVEMQ=false +ACTIVEMQ_PORT=8161 + +# Expose SOLR over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_SOLR=false +SOLR_PORT=8983 + +# Expose Code Server over the given port - DO NOT EXPOSE THIS IN PRODUCTION +EXPOSE_CODE_SERVER=false +CODE_SERVER_PORT=8443 + ############################################################################### # Global Environment variables ############################################################################### From 73784aebfac235fa7265199dd2c287fa1b124fec Mon Sep 17 00:00:00 2001 From: Don Richards <2738244+DonRichards@users.noreply.github.com> Date: Thu, 16 Dec 2021 11:44:34 -0500 Subject: [PATCH 05/25] Set Memory limits by container (#201) --- README.md | 2 +- docker-compose.activemq.yml | 6 ++++++ docker-compose.alpaca.yml | 6 ++++++ docker-compose.blazegraph.yml | 6 ++++++ docker-compose.cantaloupe.yml | 6 ++++++ docker-compose.code-server.yml | 12 ++++++++++++ docker-compose.crayfish.yml | 30 ++++++++++++++++++++++++++++++ docker-compose.crayfits.yml | 12 ++++++++++++ docker-compose.drupal.yml | 6 ++++++ docker-compose.fcrepo6.yml | 6 ++++++ docker-compose.mariadb.yml | 6 ++++++ docker-compose.matomo.yml | 6 ++++++ docker-compose.solr.yml | 6 ++++++ docker-compose.traefik.yml | 6 ++++++ docker-compose.watchtower.yml | 6 ++++++ sample.env | 21 +++++++++++++++++++++ 16 files changed, 142 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d3436c4c8..f602f1718e 100644 --- a/README.md +++ b/README.md @@ -157,7 +157,7 @@ Then you can `git push` your site to Github and `git clone` it down whenever you This environment is used to run your custom `drupal` image which can be produced outside of this repository. You can specify the image in your `.env` file using the settings `PROJECT_DRUPAL_DOCKERFILE` if you want to build it in the context -of this repository. +of this repository. You can also set the memory limits for each containers here as well. For convenience a `sample.Dockerfile` is provided from which you can generate a custom image from the [codebase](./codebase) folder. For example if you followed diff --git a/docker-compose.activemq.yml b/docker-compose.activemq.yml index 085ca0ee5b..f002013a3b 100644 --- a/docker-compose.activemq.yml +++ b/docker-compose.activemq.yml @@ -20,3 +20,9 @@ services: - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-activemq_http.entrypoints=activemq networks: default: + deploy: + resources: + limits: + memory: ${ACTIVEMQ_MEMORY_LIMIT:-2G} + reservations: + memory: 1G diff --git a/docker-compose.alpaca.yml b/docker-compose.alpaca.yml index 3b7ec6175b..0d75afab09 100644 --- a/docker-compose.alpaca.yml +++ b/docker-compose.alpaca.yml @@ -11,3 +11,9 @@ services: ALPACA_HOUDINI_TIMEOUT: ${ALPACA_HOUDINI_TIMEOUT:-10000} ALPACA_HOMARUS_TIMEOUT: ${ALPACA_HOMARUS_TIMEOUT:-10000} ALPACA_FITS_TIMEOUT: ${ALPACA_HOMARUS_TIMEOUT:-10000} + deploy: + resources: + limits: + memory: ${ALPACA_MEMORY_LIMIT:-2G} + reservations: + memory: 1G \ No newline at end of file diff --git a/docker-compose.blazegraph.yml b/docker-compose.blazegraph.yml index 77b96b6159..86484c01f6 100644 --- a/docker-compose.blazegraph.yml +++ b/docker-compose.blazegraph.yml @@ -19,3 +19,9 @@ services: - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph.loadbalancer.server.port=80 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph_http.entrypoints=blazegraph + deploy: + resources: + limits: + memory: ${BLAZEGRAPH_MEMORY_LIMIT:-5G} + reservations: + memory: 2G \ No newline at end of file diff --git a/docker-compose.cantaloupe.yml b/docker-compose.cantaloupe.yml index 57b15b9845..29e8d49e9f 100644 --- a/docker-compose.cantaloupe.yml +++ b/docker-compose.cantaloupe.yml @@ -26,3 +26,9 @@ services: - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-cantaloupe_https.tls=true networks: default: + deploy: + resources: + limits: + memory: ${CANTALOUPE_MEMORY_LIMIT:-5G} + reservations: + memory: 1G diff --git a/docker-compose.code-server.yml b/docker-compose.code-server.yml index 5711f60978..dda8ef566a 100644 --- a/docker-compose.code-server.yml +++ b/docker-compose.code-server.yml @@ -62,6 +62,12 @@ services: gateway: depends_on: - drupal + deploy: + resources: + limits: + memory: ${IDE_MEMORY_LIMIT:-5G} + reservations: + memory: 2G drupal: environment: PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT} @@ -74,6 +80,12 @@ services: volumes: # Allow code-server to serve Drupal / override it. - drupal-root:/var/www/drupal + deploy: + resources: + limits: + memory: ${DRUPAL_MEMORY_LIMIT:-5G} + reservations: + memory: 2G volumes: drupal-root: {} drupal-sites-data: {} diff --git a/docker-compose.crayfish.yml b/docker-compose.crayfish.yml index bef9785b42..312466ab62 100644 --- a/docker-compose.crayfish.yml +++ b/docker-compose.crayfish.yml @@ -8,12 +8,30 @@ services: homarus: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/homarus:${TAG:-latest} + deploy: + resources: + limits: + memory: ${HOMARUS_MEMORY_LIMIT:-1G} + reservations: + memory: 512M houdini: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/houdini:${TAG:-latest} + deploy: + resources: + limits: + memory: ${HOUDINI_MEMORY_LIMIT:-1G} + reservations: + memory: 512M hypercube: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/hypercube:${TAG:-latest} + deploy: + resources: + limits: + memory: ${HYPERCUBE_MEMORY_LIMIT:-512M} + reservations: + memory: 256M milliner: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/milliner:${TAG:-latest} @@ -22,6 +40,18 @@ services: networks: default: gateway: + deploy: + resources: + limits: + memory: ${MILLINER_MEMORY_LIMIT:-1G} + reservations: + memory: 512M recast: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/recast:${TAG:-latest} + deploy: + resources: + limits: + memory: ${RECAST_MEMORY_LIMIT:-1G} + reservations: + memory: 512M diff --git a/docker-compose.crayfits.yml b/docker-compose.crayfits.yml index 1079fea368..2f31c657b4 100644 --- a/docker-compose.crayfits.yml +++ b/docker-compose.crayfits.yml @@ -8,6 +8,18 @@ services: image: ${REPOSITORY:-islandora}/crayfits:${TAG:-latest} depends_on: - fits + deploy: + resources: + limits: + memory: ${CRAYFITS_MEMORY_LIMIT:-1G} + reservations: + memory: 512M fits: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/fits:${TAG:-latest} + deploy: + resources: + limits: + memory: ${FITS_MEMORY_LIMIT:-2G} + reservations: + memory: 1000M \ No newline at end of file diff --git a/docker-compose.drupal.yml b/docker-compose.drupal.yml index 6da289420a..7aa99754e4 100644 --- a/docker-compose.drupal.yml +++ b/docker-compose.drupal.yml @@ -35,3 +35,9 @@ services: networks: default: gateway: + deploy: + resources: + limits: + memory: ${DRUPAL_MEMORY_LIMIT:-512M} + reservations: + memory: 256M \ No newline at end of file diff --git a/docker-compose.fcrepo6.yml b/docker-compose.fcrepo6.yml index 9a81ddfca8..d25fbdc809 100644 --- a/docker-compose.fcrepo6.yml +++ b/docker-compose.fcrepo6.yml @@ -28,3 +28,9 @@ services: - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo.loadbalancer.server.port=80 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.entrypoints=fcrepo + deploy: + resources: + limits: + memory: ${FCREPO_MEMORY_LIMIT:-2G} + reservations: + memory: 1G diff --git a/docker-compose.mariadb.yml b/docker-compose.mariadb.yml index dc2406ebd8..7d10e37106 100644 --- a/docker-compose.mariadb.yml +++ b/docker-compose.mariadb.yml @@ -27,3 +27,9 @@ services: - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-mysql_tcp.rule=HostSNI(`*`) networks: default: + deploy: + resources: + limits: + memory: ${MARIADB_MEMORY_LIMIT:-1G} + reservations: + memory: 512M \ No newline at end of file diff --git a/docker-compose.matomo.yml b/docker-compose.matomo.yml index f224a2a358..6fda1d03fb 100644 --- a/docker-compose.matomo.yml +++ b/docker-compose.matomo.yml @@ -35,3 +35,9 @@ services: - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-matomo_https.rule=Host(`${DOMAIN}`) && PathPrefix(`/matomo`) - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-matomo_https.tls=true - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-matomo_https.middlewares=${COMPOSE_PROJECT_NAME-isle-dc}-matomo + deploy: + resources: + limits: + memory: ${MATOMO_MEMORY_LIMIT:-1G} + reservations: + memory: 512M \ No newline at end of file diff --git a/docker-compose.solr.yml b/docker-compose.solr.yml index e87c70119e..64ab559c22 100644 --- a/docker-compose.solr.yml +++ b/docker-compose.solr.yml @@ -19,3 +19,9 @@ services: - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-solr.loadbalancer.server.port=8983 - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-solr_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-solr - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-solr_http.entrypoints=solr + deploy: + resources: + limits: + memory: ${SOLR_MEMORY_LIMIT:-8G} + reservations: + memory: 6G diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml index 941a5d07c2..28a07900da 100644 --- a/docker-compose.traefik.yml +++ b/docker-compose.traefik.yml @@ -61,6 +61,12 @@ services: aliases: - ${DOMAIN} gateway: {} + deploy: + resources: + limits: + memory: ${TRAEFIK_MEMORY_LIMIT:-8G} + reservations: + memory: 4G drupal: depends_on: - traefik diff --git a/docker-compose.watchtower.yml b/docker-compose.watchtower.yml index a884df6cb1..3c869ea97d 100644 --- a/docker-compose.watchtower.yml +++ b/docker-compose.watchtower.yml @@ -9,3 +9,9 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock command: --interval 1 --no-pull + deploy: + resources: + limits: + memory: ${WATCHTOWER_MEMORY_LIMIT:-2G} + reservations: + memory: 1G diff --git a/sample.env b/sample.env index fed398456b..dfaaeabd2a 100644 --- a/sample.env +++ b/sample.env @@ -90,3 +90,24 @@ ALPACA_OCR_TIMEOUT=10000 ALPACA_FITS_TIMEOUT=10000 ALPACA_HOUDINI_TIMEOUT=10000 ALPACA_HOMARUS_TIMEOUT=10000 + +# Set Memory Limit for each container. +ACTIVEMQ_MEMORY_LIMIT=2G +ALPACA_MEMORY_LIMIT=2G +BLAZEGRAPH_MEMORY_LIMIT=5G +CANTALOUPE_MEMORY_LIMIT=5G +CRAYFITS_MEMORY_LIMIT=1G +DRUPAL_MEMORY_LIMIT=5G +FCREPO_MEMORY_LIMIT=5G +FITS_MEMORY_LIMIT=5G +HOMARUS_MEMORY_LIMIT=1G +HOUDINI_MEMORY_LIMIT=1G +HYPERCUBE_MEMORY_LIMIT=512M +IDE_MEMORY_LIMIT=5G +MARIADB_MEMORY_LIMIT=1G +MATOMO_MEMORY_LIMIT=1G +MILLINER_MEMORY_LIMIT=1G +RECAST_MEMORY_LIMIT=1G +SOLR_MEMORY_LIMIT=8G +TRAEFIK_MEMORY_LIMIT=8G +WATCHTOWER_MEMORY_LIMIT=2G \ No newline at end of file From 81c7932d16211ff8a1b11a080cddd09b777df9b1 Mon Sep 17 00:00:00 2001 From: dannylamb Date: Thu, 16 Dec 2021 13:42:31 -0400 Subject: [PATCH 06/25] Adding configuration to use custom delegate script with Cantaloupe --- docker-compose.cantaloupe.yml | 4 ++++ sample.env | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docker-compose.cantaloupe.yml b/docker-compose.cantaloupe.yml index 29e8d49e9f..0bcfd561b0 100644 --- a/docker-compose.cantaloupe.yml +++ b/docker-compose.cantaloupe.yml @@ -10,6 +10,10 @@ services: cantaloupe: restart: ${RESTART_POLICY:-unless-stopped} image: ${REPOSITORY:-islandora}/cantaloupe:${TAG:-latest} + environment: + CANTALOUPE_DELEGATE_SCRIPT_ENABLED: ${CANTALOUPE_DELEGATE_SCRIPT_ENABLED} # "true" + CANTALOUPE_DELEGATE_SCRIPT_PATHNAME: ${CANTALOUPE_DELEGATE_SCRIPT_PATHNAME} #/opt/tomcat/bin/delegates.rb + CANTALOUPE_HTTPSOURCE_LOOKUP_STRATEGY: ${CANTALOUPE_HTTPSOURCE_LOOKUP_STRATEGY} # ScriptLookupStrategy volumes: - cantaloupe-data:/data labels: diff --git a/sample.env b/sample.env index dfaaeabd2a..16d75fc67d 100644 --- a/sample.env +++ b/sample.env @@ -110,4 +110,9 @@ MILLINER_MEMORY_LIMIT=1G RECAST_MEMORY_LIMIT=1G SOLR_MEMORY_LIMIT=8G TRAEFIK_MEMORY_LIMIT=8G -WATCHTOWER_MEMORY_LIMIT=2G \ No newline at end of file +WATCHTOWER_MEMORY_LIMIT=2G + +# Configuration to enable the custom delegate script for Cantaloupe +CANTALOUPE_DELEGATE_SCRIPT_ENABLED=true +CANTALOUPE_DELEGATE_SCRIPT_PATHNAME=/opt/tomcat/bin/delegates.rb +CANTALOUPE_HTTPSOURCE_LOOKUP_STRATEGY=ScriptLookupStrategy From 3a355bf0646d2c82f256dc1efc307c4b560ec18e Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Fri, 17 Dec 2021 15:20:10 -0400 Subject: [PATCH 07/25] moved code server secrets config into secrets.yml file and updated the path to the secret file --- docker-compose.code-server.yml | 5 ----- docker-compose.secrets.yml | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-compose.code-server.yml b/docker-compose.code-server.yml index dda8ef566a..f277814f71 100644 --- a/docker-compose.code-server.yml +++ b/docker-compose.code-server.yml @@ -8,9 +8,6 @@ networks: internal: true gateway: external: true -secrets: - CODE_SERVER_PASSWORD: - file: "./secrets/CODE_SERVER_PASSWORD" services: code-server: environment: @@ -40,8 +37,6 @@ services: - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-drupal_https.entrypoints=https - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-drupal_https.rule=Host(`${DOMAIN}`) - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-drupal_https.tls=true - secrets: - - CODE_SERVER_PASSWORD volumes: # Mount and serve contents of Drupal site. - type: volume diff --git a/docker-compose.secrets.yml b/docker-compose.secrets.yml index 8d77dbc260..4d4ac7c0e1 100644 --- a/docker-compose.secrets.yml +++ b/docker-compose.secrets.yml @@ -8,6 +8,8 @@ secrets: file: "./secrets/live/ALPACA_ACTIVEMQ_PASSWORD" ALPACA_KARAF_ADMIN_PASSWORD: file: "./secrets/live/ALPACA_KARAF_ADMIN_PASSWORD" + CODE_SERVER_PASSWORD: + file: "./secrets/live/CODE_SERVER_PASSWORD" DB_ROOT_PASSWORD: file: "./secrets/live/DB_ROOT_PASSWORD" DRUPAL_DEFAULT_ACCOUNT_PASSWORD: @@ -44,6 +46,9 @@ services: cantaloupe: secrets: - TOMCAT_ADMIN_PASSWORD + code-server: + secrets: + - CODE_SERVER_PASSWORD drupal: secrets: - DB_ROOT_PASSWORD From 9a8502b2d04646b3b5f63b6b7594026e972fe7c3 Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Fri, 17 Dec 2021 15:44:20 -0400 Subject: [PATCH 08/25] moved traefik to end of services list so that code server wont override gateway network --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 214d4123b9..9d6acc0eb2 100644 --- a/Makefile +++ b/Makefile @@ -74,7 +74,7 @@ DATABASE_SERVICES := $(sort $(DATABASE_SERVICES)) # The services to be run (order is important), as services can override one # another. Traefik must be last if included as otherwise its network # definition for `gateway` will be overriden. -SERVICES := $(REQUIRED_SERIVCES) $(FCREPO_SERVICE) $(WATCHTOWER_SERVICE) $(ETCD_SERVICE) $(DATABASE_SERVICES) $(ENVIRONMENT) $(TRAEFIK_SERVICE) $(SECRETS) $(CODE_SERVER_SERVICE) +SERVICES := $(REQUIRED_SERIVCES) $(FCREPO_SERVICE) $(WATCHTOWER_SERVICE) $(ETCD_SERVICE) $(DATABASE_SERVICES) $(ENVIRONMENT) $(SECRETS) $(CODE_SERVER_SERVICE) $(TRAEFIK_SERVICE) default: download-default-certs docker-compose.yml pull From 378027e3e8fd978f7c5f422574072fd3bc792ef3 Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Fri, 17 Dec 2021 15:48:20 -0400 Subject: [PATCH 09/25] fixed typo in makefile that said serivces instead of services --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 9d6acc0eb2..1077b7d3e1 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ export EXTERNAL_SERVICES := etcd watchtower traefik # The minimal set of docker-compose files required to be able to run anything. -REQUIRED_SERIVCES ?= activemq alpaca blazegraph cantaloupe crayfish crayfits drupal mariadb matomo solr +REQUIRED_SERVICES ?= activemq alpaca blazegraph cantaloupe crayfish crayfits drupal mariadb matomo solr ifeq ($(USE_SECRETS), true) SECRETS := secrets @@ -74,7 +74,7 @@ DATABASE_SERVICES := $(sort $(DATABASE_SERVICES)) # The services to be run (order is important), as services can override one # another. Traefik must be last if included as otherwise its network # definition for `gateway` will be overriden. -SERVICES := $(REQUIRED_SERIVCES) $(FCREPO_SERVICE) $(WATCHTOWER_SERVICE) $(ETCD_SERVICE) $(DATABASE_SERVICES) $(ENVIRONMENT) $(SECRETS) $(CODE_SERVER_SERVICE) $(TRAEFIK_SERVICE) +SERVICES := $(REQUIRED_SERVICES) $(FCREPO_SERVICE) $(WATCHTOWER_SERVICE) $(ETCD_SERVICE) $(DATABASE_SERVICES) $(ENVIRONMENT) $(SECRETS) $(CODE_SERVER_SERVICE) $(TRAEFIK_SERVICE) default: download-default-certs docker-compose.yml pull From 39076d9b06aa52e57295c83ee4a3abcc4cbb1f15 Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Fri, 17 Dec 2021 17:06:20 -0400 Subject: [PATCH 10/25] moved secrets variable back into docker-compose.code-server.yml so that it doesnt cause errors when code server is not a service --- docker-compose.code-server.yml | 2 ++ docker-compose.secrets.yml | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docker-compose.code-server.yml b/docker-compose.code-server.yml index f277814f71..1c59dab587 100644 --- a/docker-compose.code-server.yml +++ b/docker-compose.code-server.yml @@ -37,6 +37,8 @@ services: - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-drupal_https.entrypoints=https - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-drupal_https.rule=Host(`${DOMAIN}`) - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-drupal_https.tls=true + secrets: + - CODE_SERVER_PASSWORD volumes: # Mount and serve contents of Drupal site. - type: volume diff --git a/docker-compose.secrets.yml b/docker-compose.secrets.yml index 4d4ac7c0e1..c2bb047400 100644 --- a/docker-compose.secrets.yml +++ b/docker-compose.secrets.yml @@ -46,9 +46,6 @@ services: cantaloupe: secrets: - TOMCAT_ADMIN_PASSWORD - code-server: - secrets: - - CODE_SERVER_PASSWORD drupal: secrets: - DB_ROOT_PASSWORD From 0aef029e91c89c4d0f0f10db1ca15fac0f2ac5df Mon Sep 17 00:00:00 2001 From: Jason Hildebrand Date: Mon, 10 Jan 2022 14:50:09 -0600 Subject: [PATCH 11/25] Ensure drupal settings are writable to fix non-bootable container. --- rootfs/etc/cont-init.d/04-custom-setup.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/etc/cont-init.d/04-custom-setup.sh b/rootfs/etc/cont-init.d/04-custom-setup.sh index 11be60949d..ed42e036f4 100644 --- a/rootfs/etc/cont-init.d/04-custom-setup.sh +++ b/rootfs/etc/cont-init.d/04-custom-setup.sh @@ -9,7 +9,9 @@ function main { create_database "${site}" # Needs to be set to do an install from existing configuration. drush islandora:settings:create-settings-if-missing + local previous_owner_group=$(allow_settings_modifications ${site}) drush islandora:settings:set-config-sync-directory "${DRUPAL_DEFAULT_CONFIGDIR}" + restore_settings_ownership ${site} ${previous_owner_group} install_site "${site}" # Settings like the hash / flystem can be affected by environment variables at runtime. update_settings_php "${site}" From 011246532c55f99bc1cd1f8c634190d523ad2e88 Mon Sep 17 00:00:00 2001 From: Jason Hildebrand Date: Mon, 10 Jan 2022 15:26:31 -0600 Subject: [PATCH 12/25] Increase default timeouts which are insufficient for generating derivatives. --- sample.env | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sample.env b/sample.env index dfaaeabd2a..6ab58d000e 100644 --- a/sample.env +++ b/sample.env @@ -86,10 +86,10 @@ DRUPAL_INSTALL_PROFILE=standard # If you're experiencing timeouts in Alpaca, consider bumping these # values for each connector. -ALPACA_OCR_TIMEOUT=10000 -ALPACA_FITS_TIMEOUT=10000 -ALPACA_HOUDINI_TIMEOUT=10000 -ALPACA_HOMARUS_TIMEOUT=10000 +ALPACA_OCR_TIMEOUT=300000 +ALPACA_FITS_TIMEOUT=300000 +ALPACA_HOUDINI_TIMEOUT=300000 +ALPACA_HOMARUS_TIMEOUT=300000 # Set Memory Limit for each container. ACTIVEMQ_MEMORY_LIMIT=2G From fc133207407fb5574c9f09ffefeb786502734b71 Mon Sep 17 00:00:00 2001 From: Jason Hildebrand Date: Mon, 10 Jan 2022 15:44:00 -0600 Subject: [PATCH 13/25] Add docs re: diagnosing and fixing timeout errors. --- docs/troubleshooting.md | 35 +++++++++++++++++++++++++++++++++++ sample.env | 4 ++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index fea688cbd4..7c748bf966 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -93,3 +93,38 @@ This can sometimes be caused by Docker containers not inheriting the DNS configu To fix edit `/etc/resolv.conf` in both the Drupal and the Solr containers by adding a valid DNS entry ie `nameserver 223.5.5.5` + +## Image or other derivatives are not produced, due to insufficient timeout limits + +**Symptoms:** + +Houdini converts images which is needed to produce image derivatives. Output from `docker-compose logs -f houdini` +such as this which is repeats (even when no further media have been uploaded) is an indication that the timeout +is exceeded, and alpaca is re-attempting: + +``` +houdini_1 | [2022-01-05 21:41:03] app.INFO: Convert request. [] [] +houdini_1 | [2022-01-05 21:41:03] app.DEBUG: X-Islandora-Args: {"args":"-thumbnail 100x100"} [] +houdini_1 | [2022-01-05 21:41:03] app.DEBUG: Content Types: [] [] +houdini_1 | [2022-01-05 21:41:03] app.DEBUG: Content Type Chosen: {"type":"image/jpeg"} [] +houdini_1 | [2022-01-05 21:41:03] app.INFO: Imagemagick Command: {"cmd":"convert - -thumbnail 100x100 jpeg:-"} [] +... +``` + +Output from `docker-compose logs -f alpaca` like this, which shows that it has hit a timeout and is giving up: + +``` +alpaca_1 | 2022-01-05 21:42:52,863 | ERROR | nnector-houdini] | DefaultErrorHandler +| 56 - org.apache.camel.camel-core - 2.20.4 | Failed delivery for (MessageId: +queue_islandora-connector-houdini_ID_94ca62ced546-38129-1641418608853-3_6_-1_1_5 on ExchangeId: +ID-bea81bcc2a4e-1641418615223-3-11). Exhausted after delivery attempt: 11 caught: +java.net.SocketTimeoutException: Read timed out. Processed by failure processor: +FatalFallbackErrorHandler[Channel[Log(ca.islandora.alpaca.connector.derivative.DerivativeConnector) +[Error connecting generating derivative with http://houdini:8000/convert: ${exception.message} +``` + +To fix this: + + * edit your .env file, an increase ALPACA_HOUDINI_TIMEOUT (and other similar timeouts if necessary). Note these values are in milliseconds. + * make docker-compose.yml (this is necessary to pick up the change and re-write docker-compose.yml) + * restart containers diff --git a/sample.env b/sample.env index 6ab58d000e..e5f9043e50 100644 --- a/sample.env +++ b/sample.env @@ -85,7 +85,7 @@ DRUPAL_INSTALL_PROFILE=standard #DRUPAL_INSTALL_PROFILE=minimal # If you're experiencing timeouts in Alpaca, consider bumping these -# values for each connector. +# values for each connector. They are in milliseconds (1000 = 1 second). ALPACA_OCR_TIMEOUT=300000 ALPACA_FITS_TIMEOUT=300000 ALPACA_HOUDINI_TIMEOUT=300000 @@ -110,4 +110,4 @@ MILLINER_MEMORY_LIMIT=1G RECAST_MEMORY_LIMIT=1G SOLR_MEMORY_LIMIT=8G TRAEFIK_MEMORY_LIMIT=8G -WATCHTOWER_MEMORY_LIMIT=2G \ No newline at end of file +WATCHTOWER_MEMORY_LIMIT=2G From efdbc25b7a2d09bb6c81335def0992cb6148a556 Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Wed, 12 Jan 2022 15:35:48 -0400 Subject: [PATCH 14/25] moved all references to secrets for code server back into code servers yml file --- docker-compose.code-server.yml | 3 +++ docker-compose.secrets.yml | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-compose.code-server.yml b/docker-compose.code-server.yml index 1c59dab587..7dec7209fa 100644 --- a/docker-compose.code-server.yml +++ b/docker-compose.code-server.yml @@ -8,6 +8,9 @@ networks: internal: true gateway: external: true +secrets: + CODE_SERVER_PASSWORD: + file: "./secrets/live/CODE_SERVER_PASSWORD" services: code-server: environment: diff --git a/docker-compose.secrets.yml b/docker-compose.secrets.yml index c2bb047400..8d77dbc260 100644 --- a/docker-compose.secrets.yml +++ b/docker-compose.secrets.yml @@ -8,8 +8,6 @@ secrets: file: "./secrets/live/ALPACA_ACTIVEMQ_PASSWORD" ALPACA_KARAF_ADMIN_PASSWORD: file: "./secrets/live/ALPACA_KARAF_ADMIN_PASSWORD" - CODE_SERVER_PASSWORD: - file: "./secrets/live/CODE_SERVER_PASSWORD" DB_ROOT_PASSWORD: file: "./secrets/live/DB_ROOT_PASSWORD" DRUPAL_DEFAULT_ACCOUNT_PASSWORD: From 4ef633d84d8ec048e9a147bd82272b3f7e9993e2 Mon Sep 17 00:00:00 2001 From: Don Richards <2738244+DonRichards@users.noreply.github.com> Date: Wed, 12 Jan 2022 14:56:42 -0500 Subject: [PATCH 15/25] Add some more docs on code-server --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 1ba8291965..7a5952d0be 100644 --- a/README.md +++ b/README.md @@ -263,6 +263,11 @@ The code-server service can be disabled/enabled via the INCLUDE_CODE_SERVER_SERVICE=true ``` +* Run `make local`, `make up`, or `make demo` to build the containers and local file system(s). +* Then modify the `.env` file. +* Then `make up` to fetch the builds. +It will then report it created the **code-server** and recreated **traefik** and **drupal** containers. + By default this will accessible at [https://islandora.traefik.me:8443/](https://islandora.traefik.me:8443/). From 340a85bb4f6493851e882be1c37edaa105549836 Mon Sep 17 00:00:00 2001 From: Don Richards <2738244+DonRichards@users.noreply.github.com> Date: Thu, 13 Jan 2022 12:48:25 -0500 Subject: [PATCH 16/25] adds make pull to code server instructions. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7a5952d0be..2ada528e2c 100644 --- a/README.md +++ b/README.md @@ -265,7 +265,7 @@ INCLUDE_CODE_SERVER_SERVICE=true * Run `make local`, `make up`, or `make demo` to build the containers and local file system(s). * Then modify the `.env` file. -* Then `make up` to fetch the builds. +* Then `make pull` then `make up` to fetch the builds. It will then report it created the **code-server** and recreated **traefik** and **drupal** containers. By default this will accessible at From 4423ecc21288a7eb8988cb899964c6055e6aa0f9 Mon Sep 17 00:00:00 2001 From: Jason Hildebrand Date: Thu, 13 Jan 2022 17:22:20 -0600 Subject: [PATCH 17/25] Update reference to new buildkit images. --- sample.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sample.env b/sample.env index dfaaeabd2a..28cc4f7d07 100644 --- a/sample.env +++ b/sample.env @@ -59,7 +59,7 @@ REPOSITORY=islandora # The version of the isle-buildkit images, non isle-buildkit images have # their versions specified explicitly in their respective docker-compose files. -TAG=1.0.0-alpha-6 +TAG=1.0.0-alpha-11 ############################################################################### # Global Environment variables @@ -110,4 +110,4 @@ MILLINER_MEMORY_LIMIT=1G RECAST_MEMORY_LIMIT=1G SOLR_MEMORY_LIMIT=8G TRAEFIK_MEMORY_LIMIT=8G -WATCHTOWER_MEMORY_LIMIT=2G \ No newline at end of file +WATCHTOWER_MEMORY_LIMIT=2G From ce32e07f79a801872ddf20945388b054ef0b26cc Mon Sep 17 00:00:00 2001 From: Nigel Banks Date: Wed, 2 Feb 2022 17:34:22 +0000 Subject: [PATCH 18/25] Changed defaults for cantaloupe to a working state --- sample.env | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sample.env b/sample.env index 2c608658aa..573f58bbb5 100644 --- a/sample.env +++ b/sample.env @@ -159,7 +159,6 @@ TRAEFIK_MEMORY_LIMIT=8G WATCHTOWER_MEMORY_LIMIT=2G # Configuration to enable the custom delegate script for Cantaloupe -CANTALOUPE_DELEGATE_SCRIPT_ENABLED=true +CANTALOUPE_DELEGATE_SCRIPT_ENABLED=false CANTALOUPE_DELEGATE_SCRIPT_PATHNAME=/opt/tomcat/bin/delegates.rb -CANTALOUPE_HTTPSOURCE_LOOKUP_STRATEGY=ScriptLookupStrategy - +CANTALOUPE_HTTPSOURCE_LOOKUP_STRATEGY=BasicLookupStrategy From a6f0aa186555ca22d176bf829bf7eb6701b251df Mon Sep 17 00:00:00 2001 From: Nigel Banks Date: Wed, 2 Feb 2022 18:35:09 +0000 Subject: [PATCH 19/25] Turns out fedora needs to be web accessible for cantaloupe to work... --- sample.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sample.env b/sample.env index 573f58bbb5..864935b9f2 100644 --- a/sample.env +++ b/sample.env @@ -88,7 +88,7 @@ EXPOSE_TRAEFIK_DASHBOARD=false TRAEFIK_DASHBOARD_PORT=8080 # Expose Fedora over the given port - DO NOT EXPOSE THIS IN PRODUCTION -EXPOSE_FEDORA=false +EXPOSE_FEDORA=true FEDORA_PORT=8081 # Expose Blazegraph over the given port - DO NOT EXPOSE THIS IN PRODUCTION From 4610e2c23bf702d6240f4a10bd7a201f81ff4031 Mon Sep 17 00:00:00 2001 From: Nigel Banks Date: Wed, 9 Feb 2022 22:39:15 +0000 Subject: [PATCH 20/25] Test for create_database being called before the container has initialized --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 1077b7d3e1..19ba641782 100644 --- a/Makefile +++ b/Makefile @@ -114,6 +114,7 @@ endif .PHONY: drupal-database .SILENT: drupal-database drupal-database: + docker-compose exec -T drupal timeout 300 bash -c "while ! test -e /var/run/nginx/nginx.pid -a -e /var/run/php-fpm7/php-fpm7.pid; do sleep 1; done" docker-compose exec -T drupal with-contenv bash -lc "for_all_sites create_database" # Installs drupal site(s) using environment variables. From 736140690406b4877ecc0579c89267be66fd1cba Mon Sep 17 00:00:00 2001 From: joshdentremont Date: Thu, 10 Feb 2022 13:07:01 -0400 Subject: [PATCH 21/25] Update comment about exposing Fedora Per https://github.com/Islandora-Devops/isle-dc/commit/a6f0aa186555ca22d176bf829bf7eb6701b251df fedora needs to be exposed, so we should remove the comment saying not to expose in production --- sample.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sample.env b/sample.env index 864935b9f2..0199f0c8aa 100644 --- a/sample.env +++ b/sample.env @@ -87,7 +87,7 @@ POSTGRES_PORT=5432 EXPOSE_TRAEFIK_DASHBOARD=false TRAEFIK_DASHBOARD_PORT=8080 -# Expose Fedora over the given port - DO NOT EXPOSE THIS IN PRODUCTION +# Expose Fedora over the given port - Necessary for Canteloupe EXPOSE_FEDORA=true FEDORA_PORT=8081 From e1ae8da217c10ce1d5cdbbdd418532f972e56278 Mon Sep 17 00:00:00 2001 From: Yamil Date: Fri, 18 Feb 2022 17:22:11 -0500 Subject: [PATCH 22/25] Changes to README.md to update requirements Removed requirements from README that are now obsolete. --- README.md | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 2ada528e2c..c1d71dd81c 100644 --- a/README.md +++ b/README.md @@ -38,20 +38,12 @@ as database import/export and reindexing. ## Requirements -- Composer 1.10+ - Desktop / laptop / VM (*Docker must have sufficient resources to run GNU Make*) -- Docker-CE 19.x+ (*If using Docker Desktop for Windows, any stable release - *after* 2.2.0.4, or use a 2.2.0.4 with a [patch][Docker for Windows Patch] due - to a [bug][Docker for Windows Bug]*) -- Docker-compose version 1.25.x+.* Docker is now rolling out a 2.0.x branch, with incompatible config file syntax. +- Docker-CE 19.x+ +- Docker-compose version 1.25.x+ - Git 2.0+ - GNU Make 4.0+ - -* As of August, 2021, Docker Desktop is now shipping with docker-compose 2.0 which has incompatible config file syntax. Until this is addressed, run - -```bash -docker-compose disable-v2 -``` +- At least 8GB of RAM (ideally 16GB) before running any of the make commands below. From 0e7c153217001c16f4761315a6c70bd64470ea0f Mon Sep 17 00:00:00 2001 From: joshdentremont Date: Wed, 23 Feb 2022 15:29:36 -0400 Subject: [PATCH 23/25] Update to sample.env to change defaults In production, USE_SECRETS should be true and INCLUDE_WATCHTOWER_SERVICE should be false. We should change the defaults so that people need to opt out of secrets and opt in to watchtower. --- sample.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sample.env b/sample.env index 0199f0c8aa..43198b28d1 100644 --- a/sample.env +++ b/sample.env @@ -12,7 +12,7 @@ ENVIRONMENT=demo # Enable this to generate a docker-compose file that uses secrets. # If you're running staging, CI, or production, set to true. -USE_SECRETS=false +USE_SECRETS=true ############################################################################### # Environment variables specific to composer. @@ -37,7 +37,7 @@ PROJECT_DRUPAL_DOCKERFILE=Dockerfile INCLUDE_TRAEFIK_SERVICE=true # Includes `watchtower` as a service. -INCLUDE_WATCHTOWER_SERVICE=true +INCLUDE_WATCHTOWER_SERVICE=false # Includes `etcd` as a service. INCLUDE_ETCD_SERVICE=false From 027996fefaf2ff2f9aa4974b5b9775a0ac5504be Mon Sep 17 00:00:00 2001 From: Nigel Banks Date: Thu, 24 Feb 2022 20:44:51 +0000 Subject: [PATCH 24/25] Check if term exists before modifying --- rootfs/etc/cont-init.d/04-custom-setup.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/rootfs/etc/cont-init.d/04-custom-setup.sh b/rootfs/etc/cont-init.d/04-custom-setup.sh index ed42e036f4..82b4bdbeef 100644 --- a/rootfs/etc/cont-init.d/04-custom-setup.sh +++ b/rootfs/etc/cont-init.d/04-custom-setup.sh @@ -35,9 +35,11 @@ function main { 'https://projects.iq.harvard.edu/fits']; -\$term->set('field_external_uri', \$default); -\$term->save(); +if (\$term) { + \$default = ['uri' => 'https://projects.iq.harvard.edu/fits']; + \$term->set('field_external_uri', \$default); + \$term->save(); +} EOF drush php:script /tmp/fix.php # Rebuild the cache. From 2e71a82bd15aaa6dc16cda3c4cf8ec1fbf799ebe Mon Sep 17 00:00:00 2001 From: Nigel Banks Date: Wed, 2 Mar 2022 12:39:19 +0000 Subject: [PATCH 25/25] Bumped release to include fixes for folks using custom images --- sample.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sample.env b/sample.env index 0199f0c8aa..12491b13a6 100644 --- a/sample.env +++ b/sample.env @@ -60,7 +60,7 @@ REPOSITORY=islandora # The version of the isle-buildkit images, non isle-buildkit images have # their versions specified explicitly in their respective docker-compose files. -TAG=1.0.0-alpha-11 +TAG=1.0.0-alpha-12 ############################################################################### # Exposed Containers & Ports