Skip to content

Latest commit

 

History

History
151 lines (117 loc) · 3.91 KB

README-OpenShift.md

File metadata and controls

151 lines (117 loc) · 3.91 KB
Raw

[Beta] Invenio Helm chart: OpenShift specifics

  1. Cluster login
  2. Secret management
  3. Instance setup
  4. Job management

Pre-requisites

Cluster login

Login and select the right project:

$ oc login <your.openshift.cluster>
$ oc project invenio

Create all the needed secrets and install Invenio.

Secret management

Invenio secret key:

$ SECRET_KEY=$(openssl rand -hex 50)
$ SECURITY_LOGIN_SALT=$(openssl rand -hex 128)
$ CSRF_SECRET_SALT=$(openssl rand -hex 128)
$ oc create secret generic \
  --from-literal="INVENIO_SECRET_KEY=$SECRET_KEY" \
  --from-literal="INVENIO_SECURITY_LOGIN_SALT=$SECURITY_LOGIN_SALT" \
  --from-literal="INVENIO_CSRF_SECRET_SALT=$CSRF_SECRET_SALT" \
    invenio-secrets

Database secrets:

$ read POSTGRESQL_PASSWORD
$ POSTGRESQL_USER=invenio
$ POSTGRESQL_HOST=db
$ POSTGRESQL_PORT=5432
$ POSTGRESQL_DATABASE=invenio
$ oc create secret generic \
  --from-literal="POSTGRESQL_PASSWORD=$POSTGRESQL_PASSWORD" \
  --from-literal="SQLALCHEMY_DB_URI=postgresql+psycopg2://$POSTGRESQL_USER:$POSTGRESQL_PASSWORD@$POSTGRESQL_HOST:$POSTGRESQL_PORT/$POSTGRESQL_DATABASE" \
  db-secrets
secret "db-secrets" created

RabbitMQ secrets:

$ RABBITMQ_DEFAULT_PASS=$(openssl rand -hex 16)
$ oc create secret generic \
  --from-literal="RABBITMQ_DEFAULT_PASS=$RABBITMQ_DEFAULT_PASS" \
  --from-literal="CELERY_BROKER_URL=amqp://guest:$RABBITMQ_DEFAULT_PASS@mq:5672/" \
  mq-secrets
secret "mq-secrets" created

HaProxy secrets:

$ read HAPROXY_USERNAME
$ HAPROXY_PSW=$(openssl rand -hex 16)
$ oc create secret generic \
  --from-literal="stats-username=$HAPROXY_USERNAME" \
  --from-literal="stats-password=$HAPROXY_PSW" \
  haproxy-secrets
secret "haproxy-secrets" created

sentry secrets:

$ read SENTRY_DSN
$ oc create secret generic \
  --from-literal="SENTRY_DSN=$SENTRY_DSN" \
    sentry-secrets

datacite secrets:

$ read DATACITE_USERNAME
$ read DATACITE_PASSWORD
$ oc create secret generic \
  --from-literal="DATACITE_USERNAME=$DATACITE_USERNAME" \
  --from-literal="DATACITE_PASSWORD=$DATACITE_PASSWORD" \
    datacite-secrets

search secrets:

$ read SEARCH_USER
$ read SEARCH_PASSWORD
$ SEARCH_HOST=search
$ SEARCH_PORT=9200
$ oc create secret generic \
  --from-literal="INVENIO_SEARCH_HOSTS=[{'host': '$SEARCH_HOST', 'timeout': 30, 'port': $SEARCH_PORT, 'use_ssl': True, 'http_auth':('$SEARCH_USER', '$SEARCH_PASSWORD')}]" \
  search-secrets

:note: Note that you might need to add extra configuration to the search hosts, such as certificate verification (verify_certs), prefixing (url_prefix) and more.

⚠️ The provided configuration of OpenSearch is for demo only and it should not be used in production. Please refer to the official OpenSearch Helm charts for a production deployment.

Instance setup

Get a bash terminal in a pod:

$ oc get pods
$ oc exec -it <web-pod> bash

Setup the instance:

$ . scl_source enable rh-python36
$ invenio db init # If the db does not exist already
$ invenio db create
$ invenio index init
$ invenio index queue init purge
$ invenio files location --default 'default-location'  $(invenio shell --no-term-title -c "print(app.instance_path)")'/data'
$ invenio roles create admin
$ invenio access allow superuser-access role admin

Job management

One time job

$ oc process -f job.yml --param JOB_NAME='demo-data-1' \
  --param JOB_COMMAND='invenio demo create 300 1000' | oc create -f -

Cron job

$ oc process -f cronjob.yml --param JOB_NAME=index-run \
  --param JOB_COMMAND=invenio index run -d | oc create -f -