diff --git a/.bumpversion.cfg b/.bumpversion.cfg index a7b9db926..95d383ec7 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 1.28.0 +current_version = 1.29.0 commit = True tag = False tag_name = {new_version} @@ -30,11 +30,11 @@ search = {current_version} replace = {new_version} [bumpversion:file:RELEASE.txt] -search = {current_version} 2023-08-10T19:23:14Z +search = {current_version} 2023-08-10T19:38:10Z replace = {new_version} {utcnow:%Y-%m-%dT%H:%M:%SZ} [bumpversion:part:releaseTime] -values = 2023-08-10T19:23:14Z +values = 2023-08-10T19:38:10Z [bumpversion:file(version):birdhouse/config/canarie-api/docker_configuration.py.template] search = 'version': '{current_version}' diff --git a/CHANGES.md b/CHANGES.md index dfbc48f61..f3cc858d2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -17,6 +17,20 @@ [//]: # (list changes here, using '-' for each new entry, remove this when items are added) +[1.29.0](https://github.com/bird-house/birdhouse-deploy/tree/1.29.0) (2023-08-10) +------------------------------------------------------------------------------------------------------------------ + +## Changes +- Do not expose additional ports: + - Docker compose no longer exposes any container ports outside the default network except for ports 80 and 443 from + the proxy container. This ensures that ports that are not intended for external access are not exposed to the wider + internet even if firewall rules are not set correctly. + - Note that if the `monitoring` component is used then port 9100 will be exposed from the `node-exporter` container. + This is because this container must be run on the host machine's network and unfortunately there is no known + workaround that would not require this port to be exposed on the host machine. + - Fixes https://github.com/bird-house/birdhouse-deploy/issues/222 + + [1.28.0](https://github.com/bird-house/birdhouse-deploy/tree/1.28.0) (2023-08-10) ------------------------------------------------------------------------------------------------------------------ @@ -212,6 +226,7 @@ ------------------------------------------------------------------------------------------------------------------ ## Changes + - Update Zenodo config * Add Misha to creators * Add birdhouse community diff --git a/Makefile b/Makefile index c8c1b07fd..4d2b4b729 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # Generic variables override SHELL := bash override APP_NAME := birdhouse-deploy -override APP_VERSION := 1.28.0 +override APP_VERSION := 1.29.0 # utility to remove comments after value of an option variable override clean_opt = $(shell echo "$(1)" | $(_SED) -r -e "s/[ '$'\t'']+$$//g") diff --git a/README.rst b/README.rst index 96b688ba2..79687c474 100644 --- a/README.rst +++ b/README.rst @@ -14,13 +14,13 @@ for a full-fledged production platform. * - releases - | |latest-version| |commits-since| -.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.28.0.svg +.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.29.0.svg :alt: Commits since latest release - :target: https://github.com/bird-house/birdhouse-deploy/compare/1.28.0...master + :target: https://github.com/bird-house/birdhouse-deploy/compare/1.29.0...master -.. |latest-version| image:: https://img.shields.io/badge/tag-1.28.0-blue.svg?style=flat +.. |latest-version| image:: https://img.shields.io/badge/tag-1.29.0-blue.svg?style=flat :alt: Latest Tag - :target: https://github.com/bird-house/birdhouse-deploy/tree/1.28.0 + :target: https://github.com/bird-house/birdhouse-deploy/tree/1.29.0 .. |readthedocs| image:: https://readthedocs.org/projects/birdhouse-deploy/badge/?version=latest :alt: ReadTheDocs Build Status (latest version) diff --git a/RELEASE.txt b/RELEASE.txt index 96272522f..e8d54f0c0 100644 --- a/RELEASE.txt +++ b/RELEASE.txt @@ -1 +1 @@ -1.28.0 2023-08-10T19:23:14Z +1.29.0 2023-08-10T19:38:10Z diff --git a/birdhouse/components/README.rst b/birdhouse/components/README.rst index 06c238ffc..76e025024 100644 --- a/birdhouse/components/README.rst +++ b/birdhouse/components/README.rst @@ -294,17 +294,14 @@ Prometheus stack is used: Usage ----- -- Grafana to view metric graphs: http://PAVICS_FQDN:3001/d/pf6xQMWGz/docker-and-system-monitoring -- Prometheus alert rules: http://PAVICS_FQDN:9090/rules -- AlertManager to manage alerts: http://PAVICS_FQDN:9093 - -The paths above are purposely not behind the proxy to not expose them publicly, -assuming only ports 80 and 443 are publicly exposed on the internet. All other -ports are not exposed. - -Only Grafana has authentication, Prometheus alert rules and AlertManager have -no authentication at all so had they been behind the proxy, anyone will be -able to access them. +- Grafana to view metric graphs: https://PAVICS_FQDN/grafana/d/pf6xQMWGz/docker-and-system-monitoring +- Prometheus alert rules: https://PAVICS_FQDN/prometheus/rules +- AlertManager to manage alerts: https://PAVICS_FQDN/alertmanager + +The paths above are by default only accessible to a user logged in to magpie as an administrator. +These routes provide sensitive information about the birdhouse-deploy software stack and the machine +that it is running on. It is highly discouraged to make these routes available to anyone who is not +an administrator. How to Enable the Component diff --git a/birdhouse/components/monitoring/.gitignore b/birdhouse/components/monitoring/.gitignore index 2528e8083..943d6b326 100644 --- a/birdhouse/components/monitoring/.gitignore +++ b/birdhouse/components/monitoring/.gitignore @@ -3,3 +3,5 @@ grafana_datasources.yml grafana_dashboards.yml alertmanager.yml prometheus.rules +config/magpie/config.yml +config/proxy/conf.extra-service.d/monitoring.conf diff --git a/birdhouse/components/monitoring/config/magpie/config.yml.template b/birdhouse/components/monitoring/config/magpie/config.yml.template new file mode 100644 index 000000000..345713f13 --- /dev/null +++ b/birdhouse/components/monitoring/config/magpie/config.yml.template @@ -0,0 +1,54 @@ +providers: + grafana: + # below URL is only used to fill in the required location in Magpie + # actual auth validation is performed with Twitcher 'verify' endpoint without accessing this proxied URL + url: http://proxy:80 + title: Grafana + public: true + c4i: false + type: api + sync_type: api + prometheus: + # below URL is only used to fill in the required location in Magpie + # actual auth validation is performed with Twitcher 'verify' endpoint without accessing this proxied URL + url: http://proxy:80 + title: Prometheus + public: true + c4i: false + type: api + sync_type: api + alertmanager: + # below URL is only used to fill in the required location in Magpie + # actual auth validation is performed with Twitcher 'verify' endpoint without accessing this proxied URL + url: http://proxy:80 + title: AlertManager + public: true + c4i: false + type: api + sync_type: api + +permissions: + - service: grafana + permission: read + group: administrators + action: create + - service: grafana + permission: write + group: administrators + action: create + - service: prometheus + permission: read + group: administrators + action: create + - service: prometheus + permission: write + group: administrators + action: create + - service: alertmanager + permission: read + group: administrators + action: create + - service: alertmanager + permission: write + group: administrators + action: create diff --git a/birdhouse/components/monitoring/config/magpie/docker-compose-extra.yml b/birdhouse/components/monitoring/config/magpie/docker-compose-extra.yml new file mode 100644 index 000000000..70844fc59 --- /dev/null +++ b/birdhouse/components/monitoring/config/magpie/docker-compose-extra.yml @@ -0,0 +1,7 @@ +version: "3.4" + +services: + magpie: + volumes: + - ./components/monitoring/config/magpie/config.yml:${MAGPIE_PERMISSIONS_CONFIG_PATH}/monitoring.yml:ro + - ./components/monitoring/config/magpie/config.yml:${MAGPIE_PROVIDERS_CONFIG_PATH}/monitoring.yml:ro diff --git a/birdhouse/components/monitoring/config/proxy/conf.extra-service.d/monitoring.conf.template b/birdhouse/components/monitoring/config/proxy/conf.extra-service.d/monitoring.conf.template new file mode 100644 index 000000000..0c21bdd43 --- /dev/null +++ b/birdhouse/components/monitoring/config/proxy/conf.extra-service.d/monitoring.conf.template @@ -0,0 +1,57 @@ + + location /grafana { + auth_request /secure-grafana-auth; + auth_request_set $auth_status $upstream_status; + proxy_pass http://grafana:3000; + proxy_set_header Host $host; + } + + location /prometheus { + auth_request /secure-prometheus-auth; + auth_request_set $auth_status $upstream_status; + proxy_pass http://prometheus:9090; + proxy_set_header Host $host; + } + + location /alertmanager { + auth_request /secure-alertmanager-auth; + auth_request_set $auth_status $upstream_status; + proxy_pass http://alertmanager:9093; + proxy_set_header Host $host; + } + + location = /secure-grafana-auth { + internal; + proxy_pass https://${PAVICS_FQDN_PUBLIC}${TWITCHER_VERIFY_PATH}/grafana$request_uri; + proxy_pass_request_body off; + proxy_set_header Host $host; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Forwarded-Proto $real_scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host:$server_port; + } + + location = /secure-prometheus-auth { + internal; + proxy_pass https://${PAVICS_FQDN_PUBLIC}${TWITCHER_VERIFY_PATH}/prometheus$request_uri; + proxy_pass_request_body off; + proxy_set_header Host $host; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Forwarded-Proto $real_scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host:$server_port; + } + + location = /secure-alertmanager-auth { + internal; + proxy_pass https://${PAVICS_FQDN_PUBLIC}${TWITCHER_VERIFY_PATH}/alertmanager$request_uri; + proxy_pass_request_body off; + proxy_set_header Host $host; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Forwarded-Proto $real_scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host:$server_port; + } diff --git a/birdhouse/components/monitoring/config/proxy/docker-compose-extra.yml b/birdhouse/components/monitoring/config/proxy/docker-compose-extra.yml new file mode 100644 index 000000000..da7c5c4d6 --- /dev/null +++ b/birdhouse/components/monitoring/config/proxy/docker-compose-extra.yml @@ -0,0 +1,6 @@ +version: "3.4" + +services: + proxy: + volumes: + - ./components/monitoring/config/proxy/conf.extra-service.d:/etc/nginx/conf.extra-service.d/monitoring:ro diff --git a/birdhouse/components/monitoring/docker-compose-extra.yml b/birdhouse/components/monitoring/docker-compose-extra.yml index 913ba408c..9487d18aa 100644 --- a/birdhouse/components/monitoring/docker-compose-extra.yml +++ b/birdhouse/components/monitoring/docker-compose-extra.yml @@ -11,8 +11,6 @@ services: - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker:/var/lib/docker:ro - ports: - - 9999:8080 devices: - /dev/kmsg restart: always @@ -38,8 +36,6 @@ services: - ./components/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro - ./components/monitoring/prometheus.rules:/etc/prometheus/prometheus.rules:ro - prometheus_persistence:/prometheus:rw - ports: - - 9090:9090 command: # restore original CMD from image - --config.file=/etc/prometheus/prometheus.yml @@ -49,7 +45,7 @@ services: # https://prometheus.io/docs/prometheus/latest/storage/ - --storage.tsdb.retention.time=90d # wrong default was http://container-hash:9090/ - - --web.external-url=http://${PAVICS_FQDN}:9090/ + - --web.external-url=https://${PAVICS_FQDN_PUBLIC}/prometheus/ restart: always # https://grafana.com/docs/grafana/latest/installation/docker/ @@ -65,8 +61,9 @@ services: - grafana_persistence:/var/lib/grafana:rw environment: GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD} - ports: - - 3001:3000 + GF_SERVER_ROOT_URL: https://${PAVICS_FQDN_PUBLIC}/grafana + GF_SERVER_SERVE_FROM_SUB_PATH: 'true' + GF_SERVER_DOMAIN: ${PAVICS_FQDN_PUBLIC} restart: always # https://github.com/prometheus/alertmanager @@ -86,9 +83,7 @@ services: # enable debug logging - --log.level=debug # wrong default was http://container-hash:9093/ - - --web.external-url=http://${PAVICS_FQDN}:9093/ - ports: - - 9093:9093 + - --web.external-url=https://${PAVICS_FQDN_PUBLIC}/alertmanager restart: always volumes: diff --git a/birdhouse/components/monitoring/grafana_datasources.yml.template b/birdhouse/components/monitoring/grafana_datasources.yml.template index ff2cad672..b8ba534fb 100644 --- a/birdhouse/components/monitoring/grafana_datasources.yml.template +++ b/birdhouse/components/monitoring/grafana_datasources.yml.template @@ -6,6 +6,6 @@ datasources: type: prometheus access: proxy uid: local_pavics_prometheus - url: http://${PAVICS_FQDN}:9090 + url: http://prometheus:9090/prometheus isDefault: true editable: false diff --git a/birdhouse/components/monitoring/prometheus.yml.template b/birdhouse/components/monitoring/prometheus.yml.template index 0398c4e8e..7265da2bb 100644 --- a/birdhouse/components/monitoring/prometheus.yml.template +++ b/birdhouse/components/monitoring/prometheus.yml.template @@ -1,5 +1,5 @@ # https://prometheus.io/docs/prometheus/latest/configuration/configuration/ -# http://PAVICS_FQDN:9090/config +# http://PAVICS_FQDN/prometheus/config global: scrape_interval: 60s evaluation_interval: 30s @@ -10,8 +10,10 @@ scrape_configs: honor_labels: true static_configs: - targets: - - ${PAVICS_FQDN}:9999 + - cadvisor:8080 +# Node exporter is required to run on the host network so it is not accessible through the docker network. +# It is only accessible via the host network which can be accessed using the PAVICS_FQDN variable. - job_name: node-exporter honor_labels: true static_configs: @@ -26,4 +28,4 @@ alerting: - scheme: http static_configs: - targets: - - "${PAVICS_FQDN}:9093" + - alertmanager:9093 diff --git a/birdhouse/components/weaver/config/magpie/config.yml.template b/birdhouse/components/weaver/config/magpie/config.yml.template index 8267ad41e..cacab5393 100644 --- a/birdhouse/components/weaver/config/magpie/config.yml.template +++ b/birdhouse/components/weaver/config/magpie/config.yml.template @@ -4,7 +4,7 @@ providers: # definition of Weaver service ${WEAVER_MANAGER_NAME}: - url: http://${PAVICS_FQDN}:4001 + url: http://weaver:4001 title: Weaver (${WEAVER_CONFIG}) public: true c4i: false @@ -57,7 +57,7 @@ providers: # FIXME: remove when https://github.com/Ouranosinc/Magpie/issues/360 implemented, see 'default.env' ${WEAVER_WPS_NAME}: - url: http://${PAVICS_FQDN}:4001/wps + url: http://weaver:4001/wps title: Weaver (WPS) public: true c4i: false diff --git a/birdhouse/components/weaver/docker-compose-extra.yml b/birdhouse/components/weaver/docker-compose-extra.yml index 5800443c2..7038c4e97 100644 --- a/birdhouse/components/weaver/docker-compose-extra.yml +++ b/birdhouse/components/weaver/docker-compose-extra.yml @@ -17,8 +17,6 @@ services: # This is needed because simply adding 'depends_on' only ensures that containers are 'running', but startup of # WPS applications themselves are not necessarily completed. Successful HTTP responses ensure they are 'ready'. image: pavics/weaver:${WEAVER_VERSION}-manager - ports: - - "4001:4001" environment: HOSTNAME: ${PAVICS_FQDN} FORWARDED_ALLOW_IPS: "*" diff --git a/birdhouse/config/canarie-api/docker_configuration.py.template b/birdhouse/config/canarie-api/docker_configuration.py.template index 25650005d..0dcd5b145 100644 --- a/birdhouse/config/canarie-api/docker_configuration.py.template +++ b/birdhouse/config/canarie-api/docker_configuration.py.template @@ -109,8 +109,8 @@ SERVICES = { # NOTE: # Below version and release time auto-managed by 'make VERSION=x.y.z bump'. # Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'. - 'version': '1.28.0', - 'releaseTime': '2023-08-10T19:23:14Z', + 'version': '1.29.0', + 'releaseTime': '2023-08-10T19:38:10Z', 'institution': 'Ouranos', 'researchSubject': 'Climatology', 'supportEmail': '${SUPPORT_EMAIL}', @@ -142,8 +142,8 @@ PLATFORMS = { # NOTE: # Below version and release time auto-managed by 'make VERSION=x.y.z bump'. # Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'. - 'version': '1.28.0', - 'releaseTime': '2023-08-10T19:23:14Z', + 'version': '1.29.0', + 'releaseTime': '2023-08-10T19:38:10Z', 'institution': 'Ouranos', 'researchSubject': 'Climatology', 'supportEmail': '${SUPPORT_EMAIL}', diff --git a/birdhouse/config/finch/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/config/finch/config/canarie-api/canarie_api_monitoring.py.template index 043ad439b..9b9a8a75c 100644 --- a/birdhouse/config/finch/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/config/finch/config/canarie-api/canarie_api_monitoring.py.template @@ -67,8 +67,7 @@ SERVICES['slicer'] = { 'monitoring': { 'Finch': { 'request': { - # FIXME: remove port by design (https://github.com/bird-house/birdhouse-deploy/issues/222) - 'url': 'http://${PAVICS_FQDN}:8095/?service=WPS&version=1.0.0&request=GetCapabilities' + 'url': 'http://finch:5000/?service=WPS&version=1.0.0&request=GetCapabilities' } }, } @@ -106,8 +105,7 @@ SERVICES['Finch'] = { 'monitoring': { 'Finch': { 'request': { - # FIXME: remove port by design (https://github.com/bird-house/birdhouse-deploy/issues/222) - 'url': 'http://${PAVICS_FQDN}:8095/wps?service=WPS&version=1.0.0&request=GetCapabilities' + 'url': 'http://finch:5000/wps?service=WPS&version=1.0.0&request=GetCapabilities' } }, }, diff --git a/birdhouse/config/finch/config/magpie/providers.cfg.template b/birdhouse/config/finch/config/magpie/providers.cfg.template index 3977eefda..e9eebd1a8 100644 --- a/birdhouse/config/finch/config/magpie/providers.cfg.template +++ b/birdhouse/config/finch/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: finch: - url: http://${PAVICS_FQDN}:8095/wps + url: http://finch:5000/wps title: Finch public: true c4i: false diff --git a/birdhouse/config/finch/docker-compose-extra.yml b/birdhouse/config/finch/docker-compose-extra.yml index 32a8cdab9..4e751c54c 100644 --- a/birdhouse/config/finch/docker-compose-extra.yml +++ b/birdhouse/config/finch/docker-compose-extra.yml @@ -15,8 +15,6 @@ services: HOSTNAME: $HOSTNAME HTTP_PORT: 5000 PYWPS_CFG: /wps.cfg - ports: - - "8095:5000" volumes: - ./config/finch/wps.cfg:/wps.cfg # - data:/opt/birdhouse/var/lib diff --git a/birdhouse/config/flyingpigeon/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/config/flyingpigeon/config/canarie-api/canarie_api_monitoring.py.template index 6af7a86c8..6947e396b 100644 --- a/birdhouse/config/flyingpigeon/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/config/flyingpigeon/config/canarie-api/canarie_api_monitoring.py.template @@ -24,15 +24,14 @@ SERVICES['flyingpigeon'] = { 'releasenotes': 'https://github.com/bird-house/flyingpigeon/blob/master/CHANGES.rst', 'support': 'https://github.com/bird-house/flyingpigeon/issues', 'source': 'https://github.com/bird-house/flyingpigeon', - 'tryme': 'http://${PAVICS_FQDN}:8093/wps?service=WPS&version=1.0.0&request=GetCapabilities', + 'tryme': 'https://${PAVICS_FQDN_PUBLIC}/flyingpigeon/wps?service=WPS&version=1.0.0&request=GetCapabilities', 'licence': 'https://github.com/bird-house/flyingpigeon/blob/master/LICENSE.txt', 'provenance': 'https://github.com/bird-house/flyingpigeon' }, 'monitoring': { 'Flyingpigeon': { 'request': { - # FIXME: remove port by design (https://github.com/bird-house/birdhouse-deploy/issues/222) - 'url': 'http://${PAVICS_FQDN}:8093/wps?service=WPS&version=1.0.0&request=GetCapabilities' + 'url': 'http://flyingpigeon:8093/wps?service=WPS&version=1.0.0&request=GetCapabilities' } }, } diff --git a/birdhouse/config/flyingpigeon/config/magpie/providers.cfg.template b/birdhouse/config/flyingpigeon/config/magpie/providers.cfg.template index 420352064..08f74cebd 100644 --- a/birdhouse/config/flyingpigeon/config/magpie/providers.cfg.template +++ b/birdhouse/config/flyingpigeon/config/magpie/providers.cfg.template @@ -1,14 +1,6 @@ providers: - lb_flyingpigeon: - url: http://${PAVICS_FQDN}:58093/wps - title: Load_Balanced_Flyingpigeon - public: true - c4i: false - type: wps - sync_type: wps - flyingpigeon: - url: http://${PAVICS_FQDN}:8093/wps + url: http://flyingpigeon:8093/wps title: Flyingpigeon public: true c4i: false diff --git a/birdhouse/config/flyingpigeon/docker-compose-extra.yml b/birdhouse/config/flyingpigeon/docker-compose-extra.yml index 6e1a0c043..a52ae388d 100644 --- a/birdhouse/config/flyingpigeon/docker-compose-extra.yml +++ b/birdhouse/config/flyingpigeon/docker-compose-extra.yml @@ -13,8 +13,6 @@ services: container_name: flyingpigeon environment: - PYWPS_CFG=/wps.cfg - ports: - - "8093:8093" volumes: - ./config/flyingpigeon/wps.cfg:/wps.cfg - /tmp diff --git a/birdhouse/config/geoserver/config/magpie/providers.cfg.template b/birdhouse/config/geoserver/config/magpie/providers.cfg.template index 4c3a6a54b..92b086527 100644 --- a/birdhouse/config/geoserver/config/magpie/providers.cfg.template +++ b/birdhouse/config/geoserver/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: geoserverwms: - url: http://${PAVICS_FQDN}:8087/geoserver + url: http://geoserver:8080/geoserver title: geoserverwms public: true c4i: false @@ -8,7 +8,7 @@ providers: sync_type: geoserverwms geoserver: - url: http://${PAVICS_FQDN}:8087/geoserver + url: http://geoserver:8080/geoserver title: geoserver public: true c4i: false diff --git a/birdhouse/config/geoserver/config/proxy/conf.extra-service.d/geoserver.conf.template b/birdhouse/config/geoserver/config/proxy/conf.extra-service.d/geoserver.conf.template index 9efa0c1e1..ff7bab961 100644 --- a/birdhouse/config/geoserver/config/proxy/conf.extra-service.d/geoserver.conf.template +++ b/birdhouse/config/geoserver/config/proxy/conf.extra-service.d/geoserver.conf.template @@ -1,5 +1,5 @@ location /geoserver/ { - proxy_pass http://${PAVICS_FQDN}:8087; + proxy_pass http://geoserver:8080/geoserver/; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $real_scheme; proxy_set_header Accept-Encoding ""; diff --git a/birdhouse/config/geoserver/docker-compose-extra.yml b/birdhouse/config/geoserver/docker-compose-extra.yml index 4108a96f6..ca11dc0b9 100644 --- a/birdhouse/config/geoserver/docker-compose-extra.yml +++ b/birdhouse/config/geoserver/docker-compose-extra.yml @@ -11,8 +11,6 @@ services: geoserver: image: ${GEOSERVER_IMAGE} container_name: geoserver - ports: - - "8087:8080" environment: STABLE_EXTENSIONS: ${GEOSERVER_STABLE_EXTENSIONS} COMMUNITY_EXTENSIONS: ${GEOSERVER_COMMUNITY_EXTENSIONS} diff --git a/birdhouse/config/hummingbird/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/config/hummingbird/config/canarie-api/canarie_api_monitoring.py.template index fdcccb47f..33fa047c0 100644 --- a/birdhouse/config/hummingbird/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/config/hummingbird/config/canarie-api/canarie_api_monitoring.py.template @@ -24,15 +24,14 @@ SERVICES['hummingbird'] = { 'releasenotes': 'https://github.com/bird-house/hummingbird/blob/master/CHANGES.rst', 'support': 'https://github.com/bird-house/hummingbird/issues', 'source': 'https://github.com/bird-house/hummingbird', - 'tryme': 'http://${PAVICS_FQDN}:8097/wps?service=WPS&version=1.0.0&request=GetCapabilities', + 'tryme': 'https://${PAVICS_FQDN_PUBLIC}${TWITCHER_PROTECTED_PATH}/hummingbird/wps?service=WPS&version=1.0.0&request=GetCapabilities', 'licence': 'https://github.com/bird-house/hummingbird/blob/master/LICENSE.txt', 'provenance': 'https://github.com/bird-house/hummingbird' }, 'monitoring': { 'Hummingbird': { 'request': { - # FIXME: remove port by design (https://github.com/bird-house/birdhouse-deploy/issues/222) - 'url': 'http://${PAVICS_FQDN}:8097/wps?service=WPS&version=1.0.0&request=GetCapabilities' + 'url': 'http://hummingbird:8080/wps?service=WPS&version=1.0.0&request=GetCapabilities' } }, } diff --git a/birdhouse/config/hummingbird/config/magpie/providers.cfg.template b/birdhouse/config/hummingbird/config/magpie/providers.cfg.template index 2d7a8e64b..f2b6855ac 100644 --- a/birdhouse/config/hummingbird/config/magpie/providers.cfg.template +++ b/birdhouse/config/hummingbird/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: hummingbird: - url: http://${PAVICS_FQDN}:8097/wps + url: http://hummingbird:8080/wps title: Hummingbird public: true c4i: false diff --git a/birdhouse/config/hummingbird/docker-compose-extra.yml b/birdhouse/config/hummingbird/docker-compose-extra.yml index 36a316d38..965b77064 100644 --- a/birdhouse/config/hummingbird/docker-compose-extra.yml +++ b/birdhouse/config/hummingbird/docker-compose-extra.yml @@ -13,14 +13,6 @@ services: container_name: hummingbird environment: HOSTNAME: $HOSTNAME - HTTP_PORT: 8097 - HTTPS_PORT: 28097 - OUTPUT_PORT: 38097 - ports: - - "8097:8097" - - "28097:28097" - - "38097:38097" - - "48097:9001" volumes: - ./config/hummingbird/custom.cfg:/opt/birdhouse/src/hummingbird/custom.cfg depends_on: diff --git a/birdhouse/config/jupyterhub/config/magpie/docker-compose-extra.yml b/birdhouse/config/jupyterhub/config/magpie/docker-compose-extra.yml deleted file mode 100644 index 1dcb0e24c..000000000 --- a/birdhouse/config/jupyterhub/config/magpie/docker-compose-extra.yml +++ /dev/null @@ -1,5 +0,0 @@ -version: "3.4" -services: - jupyterhub: - links: - - magpie diff --git a/birdhouse/config/jupyterhub/config/proxy/conf.extra-service.d/jupyterhub.conf.template b/birdhouse/config/jupyterhub/config/proxy/conf.extra-service.d/jupyterhub.conf.template index e7553c5d8..7da931a62 100644 --- a/birdhouse/config/jupyterhub/config/proxy/conf.extra-service.d/jupyterhub.conf.template +++ b/birdhouse/config/jupyterhub/config/proxy/conf.extra-service.d/jupyterhub.conf.template @@ -1,5 +1,5 @@ location /jupyter/ { - proxy_pass http://${PAVICS_FQDN}:8800/jupyter/; + proxy_pass http://jupyterhub:8000/jupyter/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $real_scheme; diff --git a/birdhouse/config/jupyterhub/docker-compose-extra.yml b/birdhouse/config/jupyterhub/docker-compose-extra.yml index 538bfb896..a3e6bbf9e 100644 --- a/birdhouse/config/jupyterhub/docker-compose-extra.yml +++ b/birdhouse/config/jupyterhub/docker-compose-extra.yml @@ -12,8 +12,6 @@ services: image: ${JUPYTERHUB_DOCKER}:${JUPYTERHUB_VERSION} container_name: jupyterhub hostname: jupyterhub - ports: - - "8800:8000" environment: DOCKER_NOTEBOOK_IMAGES: ${DOCKER_NOTEBOOK_IMAGES} JUPYTERHUB_IMAGE_SELECTION_NAMES: ${JUPYTERHUB_IMAGE_SELECTION_NAMES} diff --git a/birdhouse/config/magpie/config/proxy/conf.extra-service.d/magpie.conf.template b/birdhouse/config/magpie/config/proxy/conf.extra-service.d/magpie.conf.template index 50bdcf4ad..cd043e908 100644 --- a/birdhouse/config/magpie/config/proxy/conf.extra-service.d/magpie.conf.template +++ b/birdhouse/config/magpie/config/proxy/conf.extra-service.d/magpie.conf.template @@ -1,5 +1,5 @@ location /magpie/ { - proxy_pass http://${PAVICS_FQDN}:2001/; + proxy_pass http://magpie:2001/; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $real_scheme; include /etc/nginx/conf.d/cors.include; diff --git a/birdhouse/config/magpie/docker-compose-extra.yml b/birdhouse/config/magpie/docker-compose-extra.yml index ff05d320c..398cd7832 100644 --- a/birdhouse/config/magpie/docker-compose-extra.yml +++ b/birdhouse/config/magpie/docker-compose-extra.yml @@ -11,8 +11,6 @@ services: magpie: image: pavics/magpie:${MAGPIE_VERSION} container_name: magpie - ports: - - "2001:2001" environment: TWITCHER_PROTECTED_URL: https://${PAVICS_FQDN_PUBLIC}${TWITCHER_PROTECTED_PATH} # target directories to allow loading multiple config files of corresponding category diff --git a/birdhouse/config/portainer/config/proxy/conf.extra-service.d/portainer.conf.template b/birdhouse/config/portainer/config/proxy/conf.extra-service.d/portainer.conf.template index 72283699d..d0fa2db86 100644 --- a/birdhouse/config/portainer/config/proxy/conf.extra-service.d/portainer.conf.template +++ b/birdhouse/config/portainer/config/proxy/conf.extra-service.d/portainer.conf.template @@ -1,5 +1,5 @@ location /portainer/ { - proxy_pass http://${PAVICS_FQDN}:9000/; + proxy_pass http://portainer:9000/; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $real_scheme; } diff --git a/birdhouse/config/portainer/docker-compose-extra.yml b/birdhouse/config/portainer/docker-compose-extra.yml index 2a0f7bc11..b5f6a05a3 100644 --- a/birdhouse/config/portainer/docker-compose-extra.yml +++ b/birdhouse/config/portainer/docker-compose-extra.yml @@ -14,7 +14,5 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - /home/ubuntu/portainer:/data - ports: - - "9000:9000" restart: always logging: *default-logging diff --git a/birdhouse/config/proxy/docker-compose-extra.yml b/birdhouse/config/proxy/docker-compose-extra.yml index f212ae7aa..dfa629e68 100644 --- a/birdhouse/config/proxy/docker-compose-extra.yml +++ b/birdhouse/config/proxy/docker-compose-extra.yml @@ -14,11 +14,6 @@ services: ports: - "80:80" - "443:${PROXY_SECURE_PORT}" - - "58094:8094" - - "58093:8093" - - "58091:8091" - - "58079:8079" - - "58086:8086" volumes: - ./config/proxy/conf.d:/etc/nginx/conf.d - ./config/proxy/nginx.conf:/etc/nginx/nginx.conf diff --git a/birdhouse/config/raven/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/config/raven/config/canarie-api/canarie_api_monitoring.py.template index 8b22c8441..6e11fd02b 100644 --- a/birdhouse/config/raven/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/config/raven/config/canarie-api/canarie_api_monitoring.py.template @@ -32,8 +32,7 @@ SERVICES['raven'] = { 'monitoring': { 'Raven': { 'request': { - # FIXME: remove port by design (https://github.com/bird-house/birdhouse-deploy/issues/222) - 'url': 'http://${PAVICS_FQDN}:8096/wps?service=WPS&version=1.0.0&request=GetCapabilities' + 'url': 'http://raven:9099/wps?service=WPS&version=1.0.0&request=GetCapabilities' } }, } diff --git a/birdhouse/config/raven/config/magpie/providers.cfg.template b/birdhouse/config/raven/config/magpie/providers.cfg.template index 3e1ef813c..f72469649 100644 --- a/birdhouse/config/raven/config/magpie/providers.cfg.template +++ b/birdhouse/config/raven/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: raven: - url: http://${PAVICS_FQDN}:8096/wps + url: http://raven:9099/wps title: Raven public: true c4i: false diff --git a/birdhouse/config/raven/docker-compose-extra.yml b/birdhouse/config/raven/docker-compose-extra.yml index e58f4737a..920f1b6dc 100644 --- a/birdhouse/config/raven/docker-compose-extra.yml +++ b/birdhouse/config/raven/docker-compose-extra.yml @@ -11,8 +11,6 @@ services: raven: image: pavics/raven:${RAVEN_VERSION} container_name: raven - ports: - - "8096:9099" environment: PYWPS_CFG: /wps.cfg GEO_URL: "${RAVEN_GEO_URL}" diff --git a/birdhouse/config/thredds/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/config/thredds/config/canarie-api/canarie_api_monitoring.py.template index 2cdac21fc..c0ebc61f4 100644 --- a/birdhouse/config/thredds/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/config/thredds/config/canarie-api/canarie_api_monitoring.py.template @@ -63,8 +63,7 @@ SERVICES['Thredds'] = { "monitoring": { "Thredds": { 'request': { - # FIXME: remove port by design (https://github.com/bird-house/birdhouse-deploy/issues/222) - 'url': 'http://${PAVICS_FQDN}:8083${TWITCHER_PROTECTED_PATH}/thredds/catalog.html' + 'url': 'http://thredds:8080/${TWITCHER_PROTECTED_PATH}/thredds/catalog.html' } } } diff --git a/birdhouse/config/thredds/docker-compose-extra.yml b/birdhouse/config/thredds/docker-compose-extra.yml index e6d8cd1a8..8ae7735e9 100644 --- a/birdhouse/config/thredds/docker-compose-extra.yml +++ b/birdhouse/config/thredds/docker-compose-extra.yml @@ -11,8 +11,6 @@ services: thredds: image: ${THREDDS_IMAGE} container_name: thredds - ports: - - "8083:8080" env_file: - ./config/thredds/thredds.env environment: diff --git a/birdhouse/config/twitcher/config/proxy/conf.extra-service.d/twitcher.conf.template b/birdhouse/config/twitcher/config/proxy/conf.extra-service.d/twitcher.conf.template index 6b0cbb729..0fcc08a06 100644 --- a/birdhouse/config/twitcher/config/proxy/conf.extra-service.d/twitcher.conf.template +++ b/birdhouse/config/twitcher/config/proxy/conf.extra-service.d/twitcher.conf.template @@ -1,5 +1,5 @@ location /twitcher/ { - proxy_pass http://${PAVICS_FQDN}:8000/; + proxy_pass http://twitcher:8000/; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $real_scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/birdhouse/config/twitcher/default.env b/birdhouse/config/twitcher/default.env index 55fe42be0..6319ddeed 100644 --- a/birdhouse/config/twitcher/default.env +++ b/birdhouse/config/twitcher/default.env @@ -4,10 +4,22 @@ export TWITCHER_LOG_LEVEL=INFO export VERIFY_SSL="true" +export TWITCHER_PROTECTED_PATH=/twitcher/ows/proxy + +# Endpoint to verify Magpie/Twitcher authorization to a service/resource by a user without proxy request +# Requires Twitcher>=0.8.0 +export TWITCHER_VERIFY_PATH='$(echo "${TWITCHER_PROTECTED_PATH}" | sed "s/proxy/verify/")' + +export DELAYED_EVAL=" + $DELAYED_EVAL + TWITCHER_VERIFY_PATH +" + # add any new variables not already in 'VARS' or 'OPTIONAL_VARS' that must be replaced in templates here VARS=" $VARS \$TWITCHER_PROTECTED_PATH + \$TWITCHER_VERIFY_PATH \$VERIFY_SSL " diff --git a/birdhouse/config/twitcher/docker-compose-extra.yml b/birdhouse/config/twitcher/docker-compose-extra.yml index fde333ec2..0fd79afaa 100644 --- a/birdhouse/config/twitcher/docker-compose-extra.yml +++ b/birdhouse/config/twitcher/docker-compose-extra.yml @@ -11,8 +11,6 @@ services: twitcher: image: pavics/twitcher:magpie-${MAGPIE_VERSION} container_name: twitcher - ports: - - "8000:8000" environment: # target directories to allow loading multiple config files of corresponding category # each compose override should volume mount its files inside the below directory diff --git a/birdhouse/deprecated-components/catalog/config/magpie/providers.cfg.template b/birdhouse/deprecated-components/catalog/config/magpie/providers.cfg.template index 13c95bca1..1f6525cba 100644 --- a/birdhouse/deprecated-components/catalog/config/magpie/providers.cfg.template +++ b/birdhouse/deprecated-components/catalog/config/magpie/providers.cfg.template @@ -8,7 +8,7 @@ providers: sync_type: wps ${CATALOG_THREDDS_SERVICE}: - url: http://${PAVICS_FQDN}:8083/twitcher/ows/proxy/thredds + url: http://thredds:8080/twitcher/ows/proxy/thredds title: Thredds public: true c4i: false diff --git a/birdhouse/deprecated-components/ncwms2/config/magpie/providers.cfg.template b/birdhouse/deprecated-components/ncwms2/config/magpie/providers.cfg.template index a2f4c2c96..89f2c16eb 100644 --- a/birdhouse/deprecated-components/ncwms2/config/magpie/providers.cfg.template +++ b/birdhouse/deprecated-components/ncwms2/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: ncWMS2: - url: http://${PAVICS_FQDN}:8080/ncWMS2 + url: http://ncwms2:8080/ncWMS2 title: ncWMS2 public: true c4i: false diff --git a/birdhouse/deprecated-components/ncwms2/docker-compose-extra.yml b/birdhouse/deprecated-components/ncwms2/docker-compose-extra.yml index d725adfc5..46c797fc1 100644 --- a/birdhouse/deprecated-components/ncwms2/docker-compose-extra.yml +++ b/birdhouse/deprecated-components/ncwms2/docker-compose-extra.yml @@ -11,9 +11,6 @@ services: ncwms2: image: pavics/ncwms2:2.0.4 container_name: ncwms2 - ports: - - "8080:8080" - - "48080:9001" volumes: - ${DATA_PERSIST_ROOT}/datasets:/pavics-data - ./deprecated-components/ncwms2/custom.cfg:/opt/birdhouse/custom.cfg diff --git a/birdhouse/optional-components/README.rst b/birdhouse/optional-components/README.rst index 96f7ef387..b730d1b3d 100644 --- a/birdhouse/optional-components/README.rst +++ b/birdhouse/optional-components/README.rst @@ -35,7 +35,7 @@ How to enable Emu in ``env.local`` (a copy from env.local.example_ (:download:`download `)): * Add ``./optional-components/emu`` to ``EXTRA_CONF_DIRS``. -* Optionally set ``EMU_IMAGE``, ``EMU_PORT``, +* Optionally set ``EMU_IMAGE``, ``EMU_NAME``, ``EMU_INTERNAL_PORT``, ``EMU_WPS_OUTPUTS_VOL`` in ``env.local`` for further customizations. Default values are in `optional-components/emu/default.env `_ diff --git a/birdhouse/optional-components/emu/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/optional-components/emu/config/canarie-api/canarie_api_monitoring.py.template index 1c3745fd9..d76f21ae4 100644 --- a/birdhouse/optional-components/emu/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/optional-components/emu/config/canarie-api/canarie_api_monitoring.py.template @@ -6,7 +6,7 @@ SERVICES['node']['monitoring'].update({ }, '${EMU_NAME}': { 'request': { - 'url': 'http://${PAVICS_FQDN}:${EMU_PORT}/wps?service=WPS&version=1.0.0&request=GetCapabilities' + 'url': 'http://emu:${EMU_INTERNAL_PORT}/wps?service=WPS&version=1.0.0&request=GetCapabilities' } }, }) diff --git a/birdhouse/optional-components/emu/config/magpie/providers.cfg.template b/birdhouse/optional-components/emu/config/magpie/providers.cfg.template index 737734723..ccc7b96c1 100644 --- a/birdhouse/optional-components/emu/config/magpie/providers.cfg.template +++ b/birdhouse/optional-components/emu/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: ${EMU_NAME}: - url: http://${PAVICS_FQDN}:${EMU_PORT}/wps + url: http://emu:${EMU_INTERNAL_PORT}/wps title: ${EMU_NAME} public: true c4i: false diff --git a/birdhouse/optional-components/emu/default.env b/birdhouse/optional-components/emu/default.env index bac9af103..d5f373cbc 100644 --- a/birdhouse/optional-components/emu/default.env +++ b/birdhouse/optional-components/emu/default.env @@ -8,7 +8,6 @@ # works with the "watchdog/jobqueue" branch so have to default to an image that # works by default. export EMU_IMAGE="tlvu/emu:watchdog" -export EMU_PORT="8888" export EMU_INTERNAL_PORT="5000" # name in Twitcher/Magpie and Canarie monitoring export EMU_NAME="emu" @@ -19,8 +18,8 @@ export EMU_WPS_OUTPUTS_VOL="wps_outputs" OPTIONAL_VARS=" $OPTIONAL_VARS - \$EMU_PORT \$EMU_NAME + \$EMU_INTERNAL_PORT " # add any component that this component requires to run diff --git a/birdhouse/optional-components/emu/docker-compose-extra.yml b/birdhouse/optional-components/emu/docker-compose-extra.yml index f907f5575..1fdad42e8 100644 --- a/birdhouse/optional-components/emu/docker-compose-extra.yml +++ b/birdhouse/optional-components/emu/docker-compose-extra.yml @@ -5,8 +5,6 @@ services: container_name: emu environment: - PYWPS_CFG=/wps.cfg - ports: - - "${EMU_PORT}:${EMU_INTERNAL_PORT}" volumes: - ./optional-components/emu/wps.cfg:/wps.cfg - ${EMU_WPS_OUTPUTS_VOL}:/data/wpsoutputs diff --git a/birdhouse/optional-components/generic_bird/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/optional-components/generic_bird/config/canarie-api/canarie_api_monitoring.py.template index 2c661f0ac..6555dc672 100644 --- a/birdhouse/optional-components/generic_bird/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/optional-components/generic_bird/config/canarie-api/canarie_api_monitoring.py.template @@ -6,7 +6,7 @@ SERVICES['node']['monitoring'].update({ }, '${GENERIC_BIRD_NAME}': { 'request': { - 'url': 'http://${PAVICS_FQDN}:${GENERIC_BIRD_PORT}/wps?service=WPS&version=1.0.0&request=GetCapabilities' + 'url': 'http://generic_bird:${GENERIC_BIRD_INTERNAL_PORT}/wps?service=WPS&version=1.0.0&request=GetCapabilities' } }, }) diff --git a/birdhouse/optional-components/generic_bird/config/magpie/providers.cfg.template b/birdhouse/optional-components/generic_bird/config/magpie/providers.cfg.template index 0bb056b10..62c1afd42 100644 --- a/birdhouse/optional-components/generic_bird/config/magpie/providers.cfg.template +++ b/birdhouse/optional-components/generic_bird/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: ${GENERIC_BIRD_NAME}: - url: http://${PAVICS_FQDN}:${GENERIC_BIRD_PORT}/wps + url: http://generic_bird:${GENERIC_BIRD_INTERNAL_PORT}/wps title: ${GENERIC_BIRD_NAME} public: true c4i: false diff --git a/birdhouse/optional-components/generic_bird/default.env b/birdhouse/optional-components/generic_bird/default.env index f170e08e7..c59e7fd05 100644 --- a/birdhouse/optional-components/generic_bird/default.env +++ b/birdhouse/optional-components/generic_bird/default.env @@ -5,7 +5,6 @@ # are applied and must be added to the list of DELAYED_EVAL. export GENERIC_BIRD_IMAGE="$FINCH_IMAGE" -export GENERIC_BIRD_PORT="8010" export GENERIC_BIRD_INTERNAL_PORT="5000" # name in Twitcher/Magpie and Canarie monitoring export GENERIC_BIRD_NAME="generic_bird" @@ -15,8 +14,8 @@ export GENERIC_BIRD_POSTGRES_IMAGE="postgres:10.12" OPTIONAL_VARS=" $OPTIONAL_VARS - \$GENERIC_BIRD_PORT \$GENERIC_BIRD_NAME + \$GENERIC_BIRD_INTERNAL_PORT " # add any component that this component requires to run diff --git a/birdhouse/optional-components/generic_bird/docker-compose-extra.yml b/birdhouse/optional-components/generic_bird/docker-compose-extra.yml index 8400f290b..6e4cd4460 100644 --- a/birdhouse/optional-components/generic_bird/docker-compose-extra.yml +++ b/birdhouse/optional-components/generic_bird/docker-compose-extra.yml @@ -5,8 +5,6 @@ services: container_name: generic_bird environment: PYWPS_CFG: /wps.cfg - ports: - - "${GENERIC_BIRD_PORT}:${GENERIC_BIRD_INTERNAL_PORT}" volumes: - ./optional-components/generic_bird/wps.cfg:/wps.cfg:ro - /tmp diff --git a/birdhouse/optional-components/secure-data-proxy/default.env b/birdhouse/optional-components/secure-data-proxy/default.env index dabcca7ac..2a8bfbb4d 100644 --- a/birdhouse/optional-components/secure-data-proxy/default.env +++ b/birdhouse/optional-components/secure-data-proxy/default.env @@ -9,7 +9,6 @@ # add any new variables not already in 'VARS' or 'OPTIONAL_VARS' that must be replaced in templates here # single quotes are important in below list to keep variable names intact until 'pavics-compose' parses them EXTRA_VARS=' - $TWITCHER_VERIFY_PATH $SECURE_DATA_PROXY_AUTH_INCLUDE ' # extend the original 'VARS' from 'birdhouse/pavics-compose.sh' to employ them for template substitution @@ -18,15 +17,6 @@ VARS="$VARS $EXTRA_VARS" export SECURE_DATA_PROXY_AUTH_INCLUDE="include /etc/nginx/conf.extra-service.d/secure-data-proxy/secure-data-auth.include;" -# Endpoint to verify Magpie/Twitcher authorization to a service/resource by a user without proxy request -# Requires Twitcher>=0.8.0, Required for 'optional-compontents/secure-data-proxy' -export TWITCHER_VERIFY_PATH='$(echo "${TWITCHER_PROTECTED_PATH}" | sed "s/proxy/verify/")' - -export DELAYED_EVAL=" - $DELAYED_EVAL - TWITCHER_VERIFY_PATH -" - # add any component that this component requires to run COMPONENT_DEPENDENCIES=" ./config/magpie diff --git a/birdhouse/optional-components/test-geoserver-secured-access/config/magpie/providers.cfg.template b/birdhouse/optional-components/test-geoserver-secured-access/config/magpie/providers.cfg.template index ef5a75d0c..ccc7354fc 100644 --- a/birdhouse/optional-components/test-geoserver-secured-access/config/magpie/providers.cfg.template +++ b/birdhouse/optional-components/test-geoserver-secured-access/config/magpie/providers.cfg.template @@ -1,6 +1,6 @@ providers: geoserver-secured: - url: http://${PAVICS_FQDN}:8087/geoserver + url: http://geoserver:8080/geoserver title: geoserver-secured public: true c4i: false diff --git a/birdhouse/optional-components/testthredds/config/canarie-api/canarie_api_monitoring.py.template b/birdhouse/optional-components/testthredds/config/canarie-api/canarie_api_monitoring.py.template index 4978ab07f..739323bc8 100644 --- a/birdhouse/optional-components/testthredds/config/canarie-api/canarie_api_monitoring.py.template +++ b/birdhouse/optional-components/testthredds/config/canarie-api/canarie_api_monitoring.py.template @@ -6,7 +6,7 @@ SERVICES['node']['monitoring'].update({ }, '${TESTTHREDDS_NAME}': { 'request': { - 'url': 'http://${PAVICS_FQDN}:${TESTTHREDDS_PORT}/${TESTTHREDDS_CONTEXT_ROOT}/catalog.html' + 'url': 'http://testthredds:${TESTTHREDDS_INTERNAL_PORT}/${TESTTHREDDS_CONTEXT_ROOT}/catalog.html' } }, }) diff --git a/birdhouse/optional-components/testthredds/default.env b/birdhouse/optional-components/testthredds/default.env index ef0ec4985..40b7fc907 100644 --- a/birdhouse/optional-components/testthredds/default.env +++ b/birdhouse/optional-components/testthredds/default.env @@ -5,7 +5,6 @@ # are applied and must be added to the list of DELAYED_EVAL. export TESTTHREDDS_IMAGE="$THREDDS_IMAGE" -export TESTTHREDDS_PORT="8084" export TESTTHREDDS_INTERNAL_PORT="8080" # context root for Nginx proxy and Thredds catalog export TESTTHREDDS_CONTEXT_ROOT="testthredds" @@ -22,7 +21,6 @@ OPTIONAL_VARS=" $OPTIONAL_VARS \$TESTTHREDDS_INTERNAL_PORT \$TESTTHREDDS_CONTEXT_ROOT - \$TESTTHREDDS_PORT \$TESTTHREDDS_NAME " diff --git a/birdhouse/optional-components/testthredds/docker-compose-extra.yml b/birdhouse/optional-components/testthredds/docker-compose-extra.yml index b9c88025a..4daa4138e 100644 --- a/birdhouse/optional-components/testthredds/docker-compose-extra.yml +++ b/birdhouse/optional-components/testthredds/docker-compose-extra.yml @@ -3,8 +3,6 @@ services: testthredds: image: ${TESTTHREDDS_IMAGE} container_name: testthredds - ports: - - "${TESTTHREDDS_PORT}:${TESTTHREDDS_INTERNAL_PORT}" env_file: - ./optional-components/testthredds/thredds.env environment: diff --git a/birdhouse/optional-components/wps-healthchecks/config/hummingbird/docker-compose-extra.yml b/birdhouse/optional-components/wps-healthchecks/config/hummingbird/docker-compose-extra.yml index 084bed1fb..2acfbc8b3 100644 --- a/birdhouse/optional-components/wps-healthchecks/config/hummingbird/docker-compose-extra.yml +++ b/birdhouse/optional-components/wps-healthchecks/config/hummingbird/docker-compose-extra.yml @@ -8,7 +8,7 @@ services: "python", "-c", "import requests; \ - assert requests.get('http://localhost:8097/wps?service=WPS&request=GetCapabilities').status_code == 200", + assert requests.get('http://localhost:8080/wps?service=WPS&request=GetCapabilities').status_code == 200", ] interval: 60s timeout: 5s diff --git a/docs/source/conf.py b/docs/source/conf.py index 37959c8c3..0353964d0 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -69,9 +69,9 @@ # built documents. # # The short X.Y version. -version = '1.28.0' +version = '1.29.0' # The full version, including alpha/beta/rc tags. -release = '1.28.0' +release = '1.29.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/tests/test_read_configs_include.py b/tests/test_read_configs_include.py index 9d96090c7..fcc01c78b 100644 --- a/tests/test_read_configs_include.py +++ b/tests/test_read_configs_include.py @@ -214,7 +214,6 @@ class TestCreateComposeConfList: "./config/twitcher/config/proxy/docker-compose-extra.yml", "./config/jupyterhub/docker-compose-extra.yml", "./config/jupyterhub/config/canarie-api/docker-compose-extra.yml", - "./config/jupyterhub/config/magpie/docker-compose-extra.yml", "./config/jupyterhub/config/proxy/docker-compose-extra.yml", ]