diracgrid / diracx-charts Goto Github PK
View Code? Open in Web Editor NEWHelm charts for running DiracX
Helm charts for running DiracX
The same way that the diracx pv
and pvc
are kept when doing helm delete
, the data volume of the DBs should be preserved
Current problem is the hostname resolution, we need an ip address different from localhost
Currently, whenever installing the chart, you get a "developer/demo" installation. there is unconditionally a new CS generated, an ssh key, the local code mounted, etc.
The charts should be refactored as to allow production usecase, that is an existing volume with the CS on it, an existing key, etc
On the longer run, we will likely need to have a good integration with IAM.
For a first objective, we would like IAM to be spawned, and the admin VO manually reconfigured to use IAM instead of Dex
When I delete the cluster and try to recreate it, I get:
$ diracx-charts/run_demo.sh diracx DIRAC diracx-web
๐ฆ Found package directories for: diracx DIRAC diracx-web
๐ ping command exited with a non-zero exit code
โน๏ธ Using IP address 172.17.0.1.nip.io instead
๐ฆ Generating Kind cluster template...
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/logs/HEAD': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/logs/refs/heads/master': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/HEAD': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/index': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/commit-msg.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/pre-push.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/prepare-commit-msg.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/pre-rebase.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/applypatch-msg.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/fsmonitor-watchman.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/push-to-checkout.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/pre-merge-commit.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/pre-applypatch.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/post-update.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/sendemail-validate.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/update.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/pre-receive.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/hooks/pre-commit.sample': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/info/exclude': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/description': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/refs/tags': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/refs/heads/master': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/bd/3918db17d0bc333035871b8ec54536d409d7de': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/pack': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/b7/aa4453635e786d8f1e3edcd9d6bb3cb1e5024d': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/01/9169a208ab83ad6f937b182d2dc810a7fa886f': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/info': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/76/3d2034d3d5a7f5e51405c41e26016d165eb59f': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/f3/398b10c5650c4bf6f7d5745da45a27635a8ddf': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/objects/3d/fd657c1e9d65314e947ad9a33a234fececf2f0': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/.git/config': Permission denied
rm: cannot remove '/home/projects/diracx-charts/.demo/cs-mount/initialRepo/default.yml': Permission denied
My naive suggestion would be to support installing from a branch (like #36 does for development) but maybe there are better ways.
They should be exposed via a sub domain and SNI in the ingress
Need input from Rucio people to define precise objectives
Once we have a webapp it shuold ideally be hosted on the root endpoint of the main URL. This is problematic for things like /dex
and /minio
and even the DiracX services like /jobs
as well. I think it would be better to structure the API routes as for a service running at myhostname.com
as:
myhostname.com/api/...
contains DiracX servicesmyhostname.com/external/...
contains subroutes for /dex
, /minio
and any other external servicesWhat needs to be there:
For the demo require that the hostname doesn't resolve to a loopback address (127.0.0.0/8
) in order for the pods to be able to talk to each other via the host.
We should check that the hostname is valid like what is already done here:
If the hostname isn't valid, we should fallback to trying to find an IP like ifconfig | rg 'inet '
on macOS or ip address | grep 'inet '
on Linux.
The use of readlink -f in run_demo.sh is not working on MacOS. The extract from the man readlink:
When invoked as readlink, only the target of the symbolic link is printed.
If the given argument is not a symbolic link, readlink will print nothing and
exit with an error.
and -f flag is not allowed for readlink
As it is now, when updating the secrets in a values.yaml
, the k8s secrets
are not updated (see generate_secret_if_needed
).
I think it would be preferably to allow people to do something to the effect of pip install -e /sources/* && uvicorn --reload
for interactive development as adding entrypoint metadata won't be picked up by the demo as it currently stands. If needed we could have both options available in the values.yaml
.
I don't think it is a problem really as it is a rare use case, but the new DBs are not created in mysql as the init script is not re-run.
We need to either find a way to force to re-run the script, or to document that the demo cluster needs to be recreated
Basically address all the TODOs in #78
We could use either of these (or preferably both):
The current use of the Ingress API might be better implemented using the Gateway API. To be checked.
@sfayer tried to run the demo with port forwarding. This doesn't work due to SNI...
We should document that you need to use a SOCKS proxy if you want it to work.
Probably essential for Juno to be able to run.
On slower connections, it often happens that the run_demo
script fails because the initialization of some client pods is faster than the resource they need (typically, the db initialization timing out before the mysql pod is ready).
We should have a pods starting in a sequence. The best way to address that seems to be an init container in the client pod probing the resource
When pods get in to CrashLoopBackOff they can end up disabled for a long time. When devloping it would be desirable to restart them more agressively.
It is bad practice to put our resources in the default
namespace
We have quite a few values (e.g init-sql
) which use hyphens while it is bad practice and requires some gymnastic to manipulate (e.g. index .Values "init-sql" "enabled"
)
https://helm.sh/docs/chart_best_practices/values/#naming-conventions
It shouldn't be necessary to use sudo to run the and I think we should just outright forbid it and exit if sudo is being used.
The secrets for dex should be auto-generated as a pre-install hook
Just make sure that this actually works
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.