Notes from 5 September hands-on Task Force session

michielbdejong commented 2 years ago

(copied notes so far from https://gitter.im/sciencemesh/task-force-technical?at=6315d140aa09177429f4f94f)

I think @kerins is using https://github.com/sciencemesh/charts/blob/master/iop/Chart.yaml right? And that links to https://github.com/cs3org/charts/tree/revad-1.3.0/revad I think?

And @navid-dada you are using https://github.com/pondersource/charts/tree/feature/oc-config directly? How are you referring from sciencemesh/iop to cs3org/revad?

Right so @navid-dada basically is not using https://github.com/sciencemesh/charts/blob/master/iop/Chart.yaml#L11-L14 but I think @kerins is, right?

michielbdejong commented 2 years ago

I think what we're doing so far:

forget about https://github.com/sciencemesh/charts for a minute, and let's work with the revad folder of https://github.com/cs3org/charts directly for a minute
specifically, check out the feature/oc-config branch of the pondersource fork of cs3org/charts, namely: https://github.com/pondersource/charts/tree/feature/oc-config

In that checked out repo, run the following command (replacing cloud.pondersource.org with the OC-10 server hostname, in this case drive-cs3-test.switch.ch):

helm template --debug ponder-reva . --set EFSS=OWNCLOUD --set OCURL=cloud.pondersource.org --set SharedSecret=**** --set ingress.enabled=true

michielbdejong commented 2 years ago

Now kubectl describe ingress and check that kubernetes.io/ingress.class is set to nginx

michielbdejong commented 2 years ago

In the values.yaml file,

in ingress.services.http.annotations uncomment kubernetes.io/ingress.class: nginx and nginx.ingress.kubernetes.io/ssl-redirect: "true".
in configFiles."oc.revad.toml" check the revad config.

Run kubectl get service to see if testreva-revad is listed.

michielbdejong commented 2 years ago

In the values.yaml file,

in ingress.services.http.annotations uncomment kubernetes.io/ingress.class: nginx and nginx.ingress.kubernetes.io/ssl-redirect: "true".
in configFiles."oc.revad.toml" check the revad config, change all occurrences of localhost to either e.g. testreva-revad or sciencemesh-test.switch.ch (we're experimenting with that in this session)

Run kubectl get service to see if testreva-revad is listed.

michielbdejong commented 2 years ago

If you have multiple revad instances in a deployment, then they can find each other via the service name, e.g. testreva-revad. That's why we're changing the grpc endpoints from localhost:19000 to testreva-revad

michielbdejong commented 2 years ago

We mention https://github.com/pondersource/charts/commit/743ae8acb1f192ebfd1f6831bf2be4ed0fb34e05

michielbdejong commented 2 years ago

Edit value.yaml,

ingress.services.http.hostname and ingress.services.grpc.hostname -> e.g. sciencemesh-test.switch.ch

ingress.services.http.path -> /iop(/|$)(.*)

nginx.ingress.kubernetes.io/ssl-redirect: "true"
        nginx.ingress.kubernetes.io/use-regex: "true"
        nginx.ingress.kubernetes.io/rewrite-target: /$2
        nginx.ingress.kubernetes.io/proxy-body-size: 200m

michielbdejong commented 2 years ago

helm list
helm install testreva . --set EFSS=OWNCLOUD --set OCURL=cloud.pondersource.org --set SharedSecret=**** --set ingress.enabled=true

The iop chart is running some monitoring and dashboard functionality outside the revad chart.

-> let's try to create an iop chart that uses our custom revad chart.

michielbdejong commented 2 years ago

kubectl logs ingress-nginx-controller-54...-stsdv -n ...

Service default/testreva-revad doesn't have an active Endpoint

kubectl get pods kubectl logs testreva-revad-... /etc/revad/tls/revaoc1.crt: No such file or directory

michielbdejong commented 2 years ago

Edit values.yaml again, search for [http] Comment out certFile = "/etc/revad/tls/CERT_FILE" and keyFile = "/etc/revad/tls/CERT_KEY"

michielbdejong commented 2 years ago

We defined a new iop chart that points to the custom revad service and called it iop2. Updating OC-10 to use that instead of the other one, in its mysql db:

UPDATE oc_appconfig SET configvalue = 'http://sciencemesh-test.switch.ch/iop2/' where configkey='iopUrl' and appid='sciencemesh';

michielbdejong commented 2 years ago

We should make the docs around setting meshDirectoryUrl to https://sciencemesh.cesnet.cz/iop/meshdir/ clearer.

kerins commented 2 years ago


(pydrive) macfke:revad kerins$ diff values.yaml_org values.yaml
5c5
<   tag: v1.18.0
---
>   tag: v2.7.0
80,85c80,88
<       hostname: http.revad.local
<       path: /
<       annotations: {}
<         # kubernetes.io/ingress.class: nginx
<         # nginx.ingress.kubernetes.io/ssl-redirect: "true"
<       tls: []
---
>       hostname: sciencemesh-test.switch.ch
>       path: /iop2(/|$)(.*)
>       annotations:
>         kubernetes.io/ingress.class: nginx
>         nginx.ingress.kubernetes.io/ssl-redirect: "true"
>         nginx.ingress.kubernetes.io/use-regex: "true"
>         nginx.ingress.kubernetes.io/rewrite-target: /$2
>         nginx.ingress.kubernetes.io/proxy-body-size: 200m
>       tls:
88c91
<         #   hosts:
---
>         # hosts:
91,92c94,95
<       hostname: grpc.revad.local
<       path: /
---
>       hostname: sciencemesh-test.switch.ch
>       path: /grpc2
127c130
<     gatewaysvc = "localhost:19000"
---
>     gatewaysvc = "testreva-revad:19000"
133,144c136,147
<     authregistrysvc = "localhost:19000"
<     appprovidersvc = "localhost:19000"
<     appregistry = "localhost:19000"
<     storageregistrysvc = "localhost:19000"
<     preferencessvc = "localhost:19000"
<     userprovidersvc = "localhost:19000"
<     usershareprovidersvc = "localhost:19000"
<     publicshareprovidersvc = "localhost:19000"
<     ocmcoresvc = "localhost:19000"
<     ocmshareprovidersvc = "localhost:19000"
<     ocminvitemanagersvc = "localhost:19000"
<     ocmproviderauthorizersvc = "localhost:19000"
---
>     authregistrysvc = "testreva-revad:19000"
>     appprovidersvc = "testreva-revad:19000"
>     appregistry = "testreva-revad:19000"
>     storageregistrysvc = "testreva-revad:19000"
>     preferencessvc = "testreva-revad:19000"
>     userprovidersvc = "testreva-revad:19000"
>     usershareprovidersvc = "testreva-revad:19000"
>     publicshareprovidersvc = "testreva-revad:19000"
>     ocmcoresvc = "testreva-revad:19000"
>     ocmshareprovidersvc = "testreva-revad:19000"
>     ocminvitemanagersvc = "testreva-revad:19000"
>     ocmproviderauthorizersvc = "testreva-revad:19000"
146c149
<     datagateway = "http://localhost/data"
---
>     datagateway = "http://sciencemesh-test.switch.ch/data"
153c156
<     basic = "localhost:19000"
---
>     basic = "testreva-revad:19000"
188c191
<     driver = "json"
---
>     driver = "open"
207,212c210,215
<     "text/plain" = "localhost:19000"
<     "text/markdown" = "localhost:19000"
<     "application/compressed-markdown" = "localhost:19000"
<     "application/vnd.oasis.opendocument.text" = "localhost:19000"
<     "application/vnd.oasis.opendocument.spreadsheet" = "localhost:19000"
<     "application/vnd.oasis.opendocument.presentation" = "localhost:19000"
---
>     "text/plain" = "testreva-revad:19000"
>     "text/markdown" = "testreva-revad:19000"
>     "application/compressed-markdown" = "testreva-revad:19000"
>     "application/vnd.oasis.opendocument.text" = "testreva-revad:19000"
>     "application/vnd.oasis.opendocument.spreadsheet" = "testreva-revad:19000"
>     "application/vnd.oasis.opendocument.presentation" = "testreva-revad:19000"
241,243c244,246
<     address = "0.0.0.0:443"
<     certfile = "/etc/revad/tls/CERT_FILE"
<     keyfile = "/etc/revad/tls/CERT_KEY"
---
>     # address = "0.0.0.0:443"
>     # certfile = "/etc/revad/tls/CERT_FILE"
>     # keyfile = "/etc/revad/tls/CERT_KEY"
262c265
<     driver = "json"
---
>     driver = "open"

shokri-navid commented 2 years ago

all required changes mentioned in this thread are affected on revad chart on commit 23ed571..58b2341

pondersource / sciencemesh-php

Notes from 5 September hands-on Task Force session #80