Skip to content

Commit cbff7e2

Browse files
kairoaraujokairoaraujo
committed
PEP 458: Add RSTUF services in the Warehouse Infra
This commit adds the RSTUF services to the Warehouse infrastructure for development and sets the minimum required to start RSTUF services. It adds the RSTUF API, which is used later to integrate into Warehouse and RSTUF Worker, which is responsible for computing the TUF metadata. The RSTUF requires the Postgres and Redis. Postgres stores the rstuf database used for TUF metadata computing. Redis stores the task message queue between RSTUF API and Worker, task backend result, and live settings between RSTUF services. RSTUF shares the same Postgres and Redis in development environment but has a specific setup to use its own Postgres database and Redis database ID. Postgresql URI `RSTUF_SQL_SERVER=postgresql://postgres@db:5432/rstuf` Redis DB Broker and Result is id 1 `RSTUF_BROKER_SERVER=redis://redis/1` `RSTUF_REDIS_SERVER_DB_RESULT=1` Redis DB for TUF repository settings is 2 `RSTUF_REDIS_SERVER_DB_REPO_SETTINGS=2` This commit also includes TUF database creation in the Makefile during the `make initdb`. Signed-off-by: Kairo de Araujo <[email protected]>
1 parent 6c58290 commit cbff7e2

File tree

2 files changed

+41
-9
lines changed

2 files changed

+41
-9
lines changed

Makefile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,8 @@ initdb: .state/docker-build-base
101101
docker compose run --rm web psql -h db -d postgres -U postgres -c "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname ='warehouse';"
102102
docker compose run --rm web psql -h db -d postgres -U postgres -c "DROP DATABASE IF EXISTS warehouse"
103103
docker compose run --rm web psql -h db -d postgres -U postgres -c "CREATE DATABASE warehouse ENCODING 'UTF8'"
104+
docker compose run --rm web psql -h db -d postgres -U postgres -c "DROP DATABASE IF EXISTS rstuf"
105+
docker compose run --rm web psql -h db -d postgres -U postgres -c "CREATE DATABASE rstuf ENCODING 'UTF8'"
104106
docker compose run --rm web bash -c "xz -d -f -k dev/$(DB).sql.xz --stdout | psql -h db -d warehouse -U postgres -v ON_ERROR_STOP=1 -1 -f -"
105107
docker compose run --rm web psql -h db -d warehouse -U postgres -c "UPDATE users SET name='Ee Durbin' WHERE username='ewdurbin'"
106108
$(MAKE) runmigrations

docker-compose.yml

Lines changed: 39 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,15 +8,16 @@ volumes:
88
policies:
99
vault:
1010
caches:
11+
rstuf-worker-data:
12+
rstuf-metadata:
1113

1214
services:
1315
vault:
1416
# NOTE: pinned for consistency with whats available in our deployment
1517
image: vault:1.12.3
1618
restart: on-failure
1719
entrypoint: /bin/sh
18-
command: /etc/vault/entry.sh
19-
stop_signal: SIGINT
20+
command: ["/etc/vault/entry.sh"]
2021
environment:
2122
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
2223
VAULT_DEV_ROOT_TOKEN_ID: "an insecure vault access token"
@@ -50,7 +51,6 @@ services:
5051

5152
localstack:
5253
image: localstack/localstack:1.4
53-
stop_signal: SIGKILL
5454
environment:
5555
SERVICES: "sqs"
5656
HOSTNAME: "localstack"
@@ -112,6 +112,8 @@ services:
112112
# Included to support linters during development
113113
- ./gunicorn-prod.conf.py:/opt/warehouse/src/gunicorn-prod.conf.py:z
114114
- ./gunicorn-uploads.conf.py:/opt/warehouse/src/gunicorn-uploads.conf.py:z
115+
- rstuf-metadata:/var/opt/warehouse/metadata
116+
- ./dev/tufkeys:/opt/warehouse/src/dev/tufkeys:z
115117

116118
web:
117119
image: warehouse:docker-compose
@@ -136,12 +138,12 @@ services:
136138
pull_policy: never
137139
working_dir: /var/opt/warehouse
138140
command: python -m http.server 9001
139-
stop_signal: SIGINT
140141
volumes:
141142
- packages:/var/opt/warehouse/packages
142143
- packages-archive:/var/opt/warehouse/packages-archive
143144
- sponsorlogos:/var/opt/warehouse/sponsorlogos
144145
- simple:/var/opt/warehouse/simple
146+
- rstuf-metadata:/var/opt/warehouse/metadata
145147
ports:
146148
- "9001:9001"
147149

@@ -160,6 +162,38 @@ services:
160162
ARCHIVE_FILES_BACKEND: "warehouse.packaging.services.LocalArchiveFileStorage path=/var/opt/warehouse/packages-archive/ url=http://files:9001/packages-archive/{path}"
161163
SIMPLE_BACKEND: "warehouse.packaging.services.LocalSimpleStorage path=/var/opt/warehouse/simple/ url=http://files:9001/simple/{path}"
162164

165+
rstuf-api:
166+
image: ghcr.io/repository-service-tuf/repository-service-tuf-api:latest
167+
ports:
168+
- 8001:80
169+
environment:
170+
- RSTUF_BROKER_SERVER=redis://redis/1
171+
- RSTUF_REDIS_SERVER=redis://redis
172+
- RSTUF_REDIS_SERVER_DB_RESULT=1
173+
- RSTUF_REDIS_SERVER_DB_REPO_SETTINGS=2
174+
175+
rstuf-worker:
176+
image: ghcr.io/repository-service-tuf/repository-service-tuf-worker:latest
177+
volumes:
178+
- rstuf-metadata:/var/opt/repository-service-tuf/storage
179+
- ./dev/rstuf/keys/online:/var/opt/repository-service-tuf/keystorage
180+
environment:
181+
- RSTUF_STORAGE_BACKEND=LocalStorage
182+
- RSTUF_LOCAL_STORAGE_BACKEND_PATH=/var/opt/repository-service-tuf/storage
183+
- RSTUF_LOCAL_KEYVAULT_PATH=/var/opt/repository-service-tuf/keystorage
184+
- RSTUF_BROKER_SERVER=redis://redis/1
185+
- RSTUF_REDIS_SERVER=redis://redis
186+
- RSTUF_REDIS_SERVER_DB_RESULT=1
187+
- RSTUF_REDIS_SERVER_DB_REPO_SETTINGS=2
188+
- RSTUF_SQL_SERVER=postgresql://postgres@db:5432/rstuf
189+
healthcheck:
190+
test: "exit 0"
191+
restart: always
192+
tty: true
193+
depends_on:
194+
db:
195+
condition: service_healthy
196+
163197
static:
164198
build:
165199
context: .
@@ -169,8 +203,7 @@ services:
169203
- "35729:35729" # LiveReload
170204
environment:
171205
NODE_ENV: "development"
172-
command: ["npm", "run", "watch"]
173-
stop_signal: SIGKILL
206+
command: bash -c "npm run watch"
174207
volumes:
175208
- ./warehouse:/opt/warehouse/src/warehouse:z
176209
- ./webpack.config.js:/opt/warehouse/src/webpack.config.js:z
@@ -190,7 +223,6 @@ services:
190223
image: warehouse:docker-compose
191224
pull_policy: never
192225
command: python /opt/warehouse/dev/notdatadog.py 0.0.0.0:8125
193-
stop_signal: SIGINT
194226
environment:
195227
METRICS_OUTPUT: "false"
196228
ports:
@@ -218,7 +250,6 @@ services:
218250
image: warehouse:docker-compose-docs
219251
pull_policy: never
220252
command: mkdocs serve -a 0.0.0.0:8000 -f docs/mkdocs-user-docs.yml
221-
stop_signal: SIGINT
222253
volumes:
223254
- ./bin:/opt/warehouse/src/bin:z
224255
- ./docs/mkdocs-user-docs.yml:/opt/warehouse/src/docs/mkdocs-user-docs.yml:z
@@ -230,7 +261,6 @@ services:
230261
image: warehouse:docker-compose-docs
231262
pull_policy: never
232263
command: mkdocs serve -a 0.0.0.0:8000 -f docs/mkdocs-blog.yml
233-
stop_signal: SIGINT
234264
volumes:
235265
# we mount git because rss, thanks feed nerds
236266
- ./.git:/opt/warehouse/src/.git:ro

0 commit comments

Comments
 (0)