From 7d872b97f2e5525f2a1606104927388ff608de84 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:03:53 +0930 Subject: [PATCH 01/19] feat: update docker image alpine 3.19 ->3.20 ref: #363 #371 --- dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dockerfile b/dockerfile index 45d9d6b1..c86b592f 100644 --- a/dockerfile +++ b/dockerfile @@ -2,7 +2,10 @@ ARG CI_PROJECT_URL='' ARG CI_COMMIT_SHA='' ARG CI_COMMIT_TAG='' -FROM python:3.11-alpine3.19 as build +ARG ALPINE_VERSION=3.20 +ARG PYTHON_VERSION=3.11.10 + +FROM python:${PYTHON_VERSION}-alpine${ALPINE_VERSION} as build RUN pip --disable-pip-version-check list --outdated --format=json | \ @@ -60,7 +63,7 @@ RUN cd /tmp/python_modules \ -FROM python:3.11-alpine3.19 +FROM python:${PYTHON_VERSION}-alpine${ALPINE_VERSION} LABEL \ org.opencontainers.image.vendor="No Fuss Computing" \ From 447e9857400506f408ce08baf9cf2fc38cd435f6 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:08:54 +0930 Subject: [PATCH 02/19] feat(docker): Add gunicorn for install ref: #363 #371 --- requirements_production.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/requirements_production.txt b/requirements_production.txt index 30f924c4..f85064db 100644 --- a/requirements_production.txt +++ b/requirements_production.txt @@ -2,4 +2,7 @@ mysqlclient==2.2.4 # Postgres support -psycopg2==2.9.9 # postgresql16-dev postgresql16-client libpq-dev \ No newline at end of file +psycopg2==2.9.9 # postgresql16-dev postgresql16-client libpq-dev + +# Production Web server +gunicorn==23.0.0 From cfa284d4adaaba10773db968c51301750d7bb5a6 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:10:10 +0930 Subject: [PATCH 03/19] feat(docker): Add supervisord for install ref: #363 #371 --- dockerfile | 6 +++- includes/etc/supervisor/conf.d/gunicorn.conf | 14 +++++++++ includes/etc/supervisor/supervisord.conf | 33 ++++++++++++++++++++ requirements_production.txt | 3 ++ 4 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 includes/etc/supervisor/conf.d/gunicorn.conf create mode 100644 includes/etc/supervisor/supervisord.conf diff --git a/dockerfile b/dockerfile index c86b592f..cc72454f 100644 --- a/dockerfile +++ b/dockerfile @@ -113,4 +113,8 @@ EXPOSE 8000 VOLUME [ "/data", "/etc/itsm" ] -CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"] +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD \ + supervisorctl status || exit 1 + + +CMD [ "/usr/bin/supervisord" ] diff --git a/includes/etc/supervisor/conf.d/gunicorn.conf b/includes/etc/supervisor/conf.d/gunicorn.conf new file mode 100644 index 00000000..0421c0ae --- /dev/null +++ b/includes/etc/supervisor/conf.d/gunicorn.conf @@ -0,0 +1,14 @@ +[program:gunicorn] +priority=1 +startsecs=0 +stopwaitsecs=55 +autostart=true +autorestart=true +stdout_logfile=/var/log/%(program_name)s.log +stderr_logfile=/var/log/%(program_name)s.log +directory=/app +command=gunicorn \ + --access-logfile - \ + --workers 10 \ + --bind unix:/run/gunicorn.sock \ + app.wsgi diff --git a/includes/etc/supervisor/supervisord.conf b/includes/etc/supervisor/supervisord.conf new file mode 100644 index 00000000..6da98d00 --- /dev/null +++ b/includes/etc/supervisor/supervisord.conf @@ -0,0 +1,33 @@ + +[unix_http_server] +file=/var/run/supervisor.sock ; (the path to the socket file) +chmod=0700 ; sockef file mode (default 0700) + +;[inet_http_server] +;port = :9001 +; username = user +; password = 123 + +[supervisord] +logfile=/var/log/supervisord.log +pidfile=/var/run/supervisord.pid +childlogdir=/var/log +nodaemon = true + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = /etc/supervisor/conf.d/*.conf diff --git a/requirements_production.txt b/requirements_production.txt index f85064db..4a418fd9 100644 --- a/requirements_production.txt +++ b/requirements_production.txt @@ -6,3 +6,6 @@ psycopg2==2.9.9 # postgresql16-dev postgresql16-client libpq-dev # Production Web server gunicorn==23.0.0 + +# SupervisorD +supervisor==4.2.5 From 7a0f85c556655e8cf75c1a875dcc1e0caa0ce3c1 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:12:20 +0930 Subject: [PATCH 04/19] feat(docker): Install NginX to serve site ref: #363 #371 --- .vscode/extensions.json | 1 + dockerfile | 32 +++++++++++++++++-- .../etc/nginx/sites-available/centurion-erp | 21 ++++++++++++ includes/etc/supervisor/conf.d/nginx.conf | 8 +++++ 4 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 includes/etc/nginx/sites-available/centurion-erp create mode 100644 includes/etc/supervisor/conf.d/nginx.conf diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 9ba499f3..020d6191 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -7,5 +7,6 @@ "streetsidesoftware.code-spell-checker", "qwtel.sqlite-viewer", "jebbs.markdown-extended", + "william-voyek.vscode-nginx", ] } \ No newline at end of file diff --git a/dockerfile b/dockerfile index cc72454f..f7898828 100644 --- a/dockerfile +++ b/dockerfile @@ -3,6 +3,7 @@ ARG CI_COMMIT_SHA='' ARG CI_COMMIT_TAG='' ARG ALPINE_VERSION=3.20 +ARG NGINX_VERSION=1.27.2-r1 ARG PYTHON_VERSION=3.11.10 FROM python:${PYTHON_VERSION}-alpine${ALPINE_VERSION} as build @@ -30,8 +31,24 @@ RUN apk add --update \ pkgconf \ postgresql16-dev \ postgresql16-client \ - libpq-dev + libpq-dev \ + # NginX: to download items + openssl \ + curl \ + ca-certificates +RUN printf "%s%s%s%s\n" \ + "@nginx " \ + "http://nginx.org/packages/mainline/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories + +RUN curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub; \ + openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout; + + + RUN pip install --upgrade \ setuptools \ wheel \ @@ -77,6 +94,8 @@ ARG CI_PROJECT_URL ARG CI_COMMIT_SHA ARG CI_COMMIT_TAG +ARG NGINX_VERSION + ENV CI_PROJECT_URL=${CI_PROJECT_URL} ENV CI_COMMIT_SHA=${CI_COMMIT_SHA} ENV CI_COMMIT_TAG=${CI_COMMIT_TAG} @@ -89,6 +108,11 @@ COPY ./app/. app COPY --from=build /tmp/python_builds /tmp/python_builds +COPY --from=build /etc/apk/repositories /etc/apk/repositories + +COPY --from=build /tmp/nginx_signing.rsa.pub /etc/apk/keys/nginx_signing.rsa.pub + + COPY includes/ / RUN pip --disable-pip-version-check list --outdated --format=json | \ @@ -98,10 +122,14 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ apk add --no-cache \ mariadb-client \ mariadb-dev \ - postgresql16-client; \ + postgresql16-client \ + nginx@nginx=${NGINX_VERSION}; \ pip install --no-cache-dir /tmp/python_builds/*.*; \ python /app/manage.py collectstatic --noinput; \ rm -rf /tmp/python_builds; \ + ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabled; \ + # Check for errors and fail if so + nginx -t; \ export diff --git a/includes/etc/nginx/sites-available/centurion-erp b/includes/etc/nginx/sites-available/centurion-erp new file mode 100644 index 00000000..ed8ba2b4 --- /dev/null +++ b/includes/etc/nginx/sites-available/centurion-erp @@ -0,0 +1,21 @@ +server { + + listen 8000; + + location = /favicon.ico { access_log off; log_not_found off; } + + location /static/ { + + root /app/static; + + } + + location / { + + include proxy_params; + + proxy_pass http://unix:/run/gunicorn.sock; + + } + +} \ No newline at end of file diff --git a/includes/etc/supervisor/conf.d/nginx.conf b/includes/etc/supervisor/conf.d/nginx.conf new file mode 100644 index 00000000..04d8e39f --- /dev/null +++ b/includes/etc/supervisor/conf.d/nginx.conf @@ -0,0 +1,8 @@ +[program:nginx] +startsecs=0 +stopwaitsecs=55 +command=nginx -g daemon off +autorestart=true +autostart=true +stdout_logfile=/var/log/%(program_name)s.log +stderr_logfile=/var/log/%(program_name)s.log From 5d92a3315fc15bd2723cf08a6cc9b52b81f3d3d6 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:30:34 +0930 Subject: [PATCH 05/19] fix(docker): Correct NginX start command ref: #363 #371 --- includes/etc/supervisor/conf.d/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/etc/supervisor/conf.d/nginx.conf b/includes/etc/supervisor/conf.d/nginx.conf index 04d8e39f..0e50f120 100644 --- a/includes/etc/supervisor/conf.d/nginx.conf +++ b/includes/etc/supervisor/conf.d/nginx.conf @@ -1,7 +1,7 @@ [program:nginx] startsecs=0 stopwaitsecs=55 -command=nginx -g daemon off +command=nginx -g "daemon off;" autorestart=true autostart=true stdout_logfile=/var/log/%(program_name)s.log From b85882583851d987349d22ffb7ff8fec9de72f5a Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:31:10 +0930 Subject: [PATCH 06/19] feat(docker): Fail the build if django is not found ref: #363 #370 #371 --- dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dockerfile b/dockerfile index f7898828..868e489c 100644 --- a/dockerfile +++ b/dockerfile @@ -130,6 +130,11 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabled; \ # Check for errors and fail if so nginx -t; \ + # sanity check, https://github.com/nofusscomputing/centurion_erp/pull/370 + if [ ! $(python -m django --version) ]; then \ + echo "Django not Installed"; \ + exit 1; \ + fi; \ export From 4fe5916a7661c9de94d813edfec1edf499e2791d Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:38:06 +0930 Subject: [PATCH 07/19] feat(docker): use correct file location for nginx config ref: #363 #370 #371 --- dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dockerfile b/dockerfile index 868e489c..3f60414a 100644 --- a/dockerfile +++ b/dockerfile @@ -100,6 +100,7 @@ ENV CI_PROJECT_URL=${CI_PROJECT_URL} ENV CI_COMMIT_SHA=${CI_COMMIT_SHA} ENV CI_COMMIT_TAG=${CI_COMMIT_TAG} + COPY requirements.txt requirements.txt COPY requirements_test.txt requirements_test.txt @@ -127,7 +128,8 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ pip install --no-cache-dir /tmp/python_builds/*.*; \ python /app/manage.py collectstatic --noinput; \ rm -rf /tmp/python_builds; \ - ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabled; \ + rm /etc/nginx/sites-enabled; \ + ln -s /etc/nginx/sites-available/centurion-erp /etc/nginx/sites-enabled; \ # Check for errors and fail if so nginx -t; \ # sanity check, https://github.com/nofusscomputing/centurion_erp/pull/370 From ac562e749017e5dfa2412a14489249346d441577 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 00:57:02 +0930 Subject: [PATCH 08/19] feat(docker): ensure supervisor starts ref: #363 #371 --- dockerfile | 2 +- includes/etc/supervisor/conf.d/gunicorn.conf | 6 +----- includes/etc/supervisor/supervisord.conf | 6 +++--- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/dockerfile b/dockerfile index 3f60414a..e3164bc5 100644 --- a/dockerfile +++ b/dockerfile @@ -152,4 +152,4 @@ HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD \ supervisorctl status || exit 1 -CMD [ "/usr/bin/supervisord" ] +CMD [ "/usr/local/bin/supervisord" ] diff --git a/includes/etc/supervisor/conf.d/gunicorn.conf b/includes/etc/supervisor/conf.d/gunicorn.conf index 0421c0ae..2e7ca863 100644 --- a/includes/etc/supervisor/conf.d/gunicorn.conf +++ b/includes/etc/supervisor/conf.d/gunicorn.conf @@ -7,8 +7,4 @@ autorestart=true stdout_logfile=/var/log/%(program_name)s.log stderr_logfile=/var/log/%(program_name)s.log directory=/app -command=gunicorn \ - --access-logfile - \ - --workers 10 \ - --bind unix:/run/gunicorn.sock \ - app.wsgi +command=gunicorn --access-logfile - --workers 10 --bind unix:/run/gunicorn.sock app.wsgi diff --git a/includes/etc/supervisor/supervisord.conf b/includes/etc/supervisor/supervisord.conf index 6da98d00..b0166310 100644 --- a/includes/etc/supervisor/supervisord.conf +++ b/includes/etc/supervisor/supervisord.conf @@ -1,6 +1,6 @@ [unix_http_server] -file=/var/run/supervisor.sock ; (the path to the socket file) +file=/run/supervisor.sock ; (the path to the socket file) chmod=0700 ; sockef file mode (default 0700) ;[inet_http_server] @@ -10,7 +10,7 @@ chmod=0700 ; sockef file mode (default 0700) [supervisord] logfile=/var/log/supervisord.log -pidfile=/var/run/supervisord.pid +pidfile=/run/supervisord.pid childlogdir=/var/log nodaemon = true @@ -21,7 +21,7 @@ nodaemon = true supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] -serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket +serverurl=unix:///run/supervisor.sock ; use a unix:// URL for a unix socket ; The [include] section can just contain the "files" setting. This ; setting can list multiple files (separated by whitespace or From 4fd3abb9d672bb5b5f7b2706a76dd05fb0258ede Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 01:24:13 +0930 Subject: [PATCH 09/19] fix(docker): Make centurion the default nginx conf ref: #363 #371 --- .../etc/nginx/sites-available/{centurion-erp => default.conf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename includes/etc/nginx/sites-available/{centurion-erp => default.conf} (100%) diff --git a/includes/etc/nginx/sites-available/centurion-erp b/includes/etc/nginx/sites-available/default.conf similarity index 100% rename from includes/etc/nginx/sites-available/centurion-erp rename to includes/etc/nginx/sites-available/default.conf From b9349e659048bb436b0f839276f72b92c6eeb272 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 01:24:35 +0930 Subject: [PATCH 10/19] fix(docker): Add proxy params for NginX ref: #363 #371 --- includes/etc/nginx/proxy_params | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 includes/etc/nginx/proxy_params diff --git a/includes/etc/nginx/proxy_params b/includes/etc/nginx/proxy_params new file mode 100644 index 00000000..df75bc5d --- /dev/null +++ b/includes/etc/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; From 510ab69af83a82c692914e5a9560595b23591d1c Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 01:50:41 +0930 Subject: [PATCH 11/19] fix(docker): Ensure NginX config applied after it's installed ref: #363 #371 --- dockerfile | 3 ++- .../etc/nginx/sites-available/{default.conf => centurion.conf} | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename includes/etc/nginx/sites-available/{default.conf => centurion.conf} (100%) diff --git a/dockerfile b/dockerfile index e3164bc5..55d30e6d 100644 --- a/dockerfile +++ b/dockerfile @@ -129,7 +129,8 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ python /app/manage.py collectstatic --noinput; \ rm -rf /tmp/python_builds; \ rm /etc/nginx/sites-enabled; \ - ln -s /etc/nginx/sites-available/centurion-erp /etc/nginx/sites-enabled; \ + rm /etc/nginx/sites-available/default.conf; \ + mv /etc/nginx/sites-available/centurion.conf /etc/nginx/sites-available/default.conf; \ # Check for errors and fail if so nginx -t; \ # sanity check, https://github.com/nofusscomputing/centurion_erp/pull/370 diff --git a/includes/etc/nginx/sites-available/default.conf b/includes/etc/nginx/sites-available/centurion.conf similarity index 100% rename from includes/etc/nginx/sites-available/default.conf rename to includes/etc/nginx/sites-available/centurion.conf From 07be745bbe30fd91123b1f71587de786c827539e Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 02:37:49 +0930 Subject: [PATCH 12/19] fix(docker): gunicorn must call method ref: #363 #371 --- includes/etc/supervisor/conf.d/gunicorn.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/etc/supervisor/conf.d/gunicorn.conf b/includes/etc/supervisor/conf.d/gunicorn.conf index 2e7ca863..1e9b866e 100644 --- a/includes/etc/supervisor/conf.d/gunicorn.conf +++ b/includes/etc/supervisor/conf.d/gunicorn.conf @@ -7,4 +7,4 @@ autorestart=true stdout_logfile=/var/log/%(program_name)s.log stderr_logfile=/var/log/%(program_name)s.log directory=/app -command=gunicorn --access-logfile - --workers 10 --bind unix:/run/gunicorn.sock app.wsgi +command=gunicorn --access-logfile - --workers 10 --bind unix:/run/gunicorn.sock app.wsgi:application From f17d74f8dc5e39ea45a056df10e4e945d7ee2c5c Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 02:39:03 +0930 Subject: [PATCH 13/19] fix(docker): place nginx conf in correct path ref: #363 #371 --- dockerfile | 4 ++-- includes/etc/nginx/{sites-available => conf.d}/centurion.conf | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename includes/etc/nginx/{sites-available => conf.d}/centurion.conf (100%) diff --git a/dockerfile b/dockerfile index 55d30e6d..f687b526 100644 --- a/dockerfile +++ b/dockerfile @@ -129,8 +129,8 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ python /app/manage.py collectstatic --noinput; \ rm -rf /tmp/python_builds; \ rm /etc/nginx/sites-enabled; \ - rm /etc/nginx/sites-available/default.conf; \ - mv /etc/nginx/sites-available/centurion.conf /etc/nginx/sites-available/default.conf; \ + rm /etc/nginx/conf.d/default.conf; \ + mv /etc/nginx/conf.d/centurion.conf /etc/nginx/conf.d/default.conf; \ # Check for errors and fail if so nginx -t; \ # sanity check, https://github.com/nofusscomputing/centurion_erp/pull/370 diff --git a/includes/etc/nginx/sites-available/centurion.conf b/includes/etc/nginx/conf.d/centurion.conf similarity index 100% rename from includes/etc/nginx/sites-available/centurion.conf rename to includes/etc/nginx/conf.d/centurion.conf From 0b4fc2546240d39273efad03831dddf439675f29 Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 02:39:42 +0930 Subject: [PATCH 14/19] fix(access): testing of param causing gunicorn to fail ref: #363 #371 --- .vscode/launch.json | 19 +++++++++++++++++++ app/access/models.py | 4 +++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index b45a17c8..40ec49b2 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -16,6 +16,25 @@ "autoStartBrowser": false, "program": "${workspaceFolder}/app/manage.py" }, + { + "name": "Debug: Gunicorn", + "type": "debugpy", + "request": "launch", + "module": "gunicorn", + "args": [ + "--access-logfile", + "-", + "--workers", + "3", + "--bind", + "0.0.0.0:8002", + "app.wsgi:application", + + ], + "django": true, + "autoStartBrowser": false, + "cwd": "${workspaceFolder}/app" + }, { "name": "Debug: Celery", "type": "python", diff --git a/app/access/models.py b/app/access/models.py index f0acca2a..a46332da 100644 --- a/app/access/models.py +++ b/app/access/models.py @@ -106,7 +106,9 @@ class TenancyManager(models.Manager): if request: - user = request.user._wrapped if hasattr(request.user,'_wrapped') else request.user + # user = request.user._wrapped if hasattr(request.user,'_wrapped') else request.user + + user = request.user if user.is_authenticated: From 0cd4a2bab452345423fdc0bc726ad42a95e2ee9c Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 30 Oct 2024 04:07:58 +0930 Subject: [PATCH 15/19] fix(docker): use alias for static ref: #363 #371 --- includes/etc/nginx/conf.d/centurion.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/etc/nginx/conf.d/centurion.conf b/includes/etc/nginx/conf.d/centurion.conf index ed8ba2b4..b69b689a 100644 --- a/includes/etc/nginx/conf.d/centurion.conf +++ b/includes/etc/nginx/conf.d/centurion.conf @@ -6,7 +6,7 @@ server { location /static/ { - root /app/static; + alias /app/static/; } From 43032325432e25842dfe26697d00a25a8ba388cb Mon Sep 17 00:00:00 2001 From: Jon Date: Thu, 31 Oct 2024 14:58:18 +0930 Subject: [PATCH 16/19] refactor(docker): Switch to entrypoint ref: #363 #371 --- dockerfile | 3 +- includes/entrypoint.sh | 51 +++++++++++++++++++ .../{conf.d => conf.source}/gunicorn.conf | 0 .../{conf.d => conf.source}/nginx.conf | 0 4 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 includes/entrypoint.sh rename includes/etc/supervisor/{conf.d => conf.source}/gunicorn.conf (100%) rename includes/etc/supervisor/{conf.d => conf.source}/nginx.conf (100%) diff --git a/dockerfile b/dockerfile index f687b526..afd128ac 100644 --- a/dockerfile +++ b/dockerfile @@ -138,6 +138,7 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ echo "Django not Installed"; \ exit 1; \ fi; \ + chmod +x /entrypoint.sh; \ export @@ -153,4 +154,4 @@ HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD \ supervisorctl status || exit 1 -CMD [ "/usr/local/bin/supervisord" ] + ENTRYPOINT ["/entrypoint.sh"] diff --git a/includes/entrypoint.sh b/includes/entrypoint.sh new file mode 100644 index 00000000..cdd92989 --- /dev/null +++ b/includes/entrypoint.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +set -e + +if [ "$1" == "" ]; then + + + echo "[Info] Setup SupervisorD" + + + echo '[info] Creating gunicorn service config'; + + cp /etc/supervisor/conf.source/gunicorn.conf /etc/supervisor/conf.d/gunicorn.conf; + + if [ -f '/etc/supervisor/conf.d/gunicorn.conf' ]; then + + echo '[info] Gunicorn service config Created'; + + else + + echo '[crit] Gunicorn service config not created'; + + fi; + + + echo '[info] Creating nginx service config'; + + cp /etc/supervisor/conf.source/nginx.conf /etc/supervisor/conf.d/nginx.conf; + + if [ -f '/etc/supervisor/conf.d/nginx.conf' ]; then + + echo '[info] NginX service config Created'; + + else + + echo '[crit] NginX service config not created'; + + fi; + + + echo "[Info] SupervisorD Setup successfully" + + + /usr/local/bin/supervisord; + + +else + + exec "$@" + +fi diff --git a/includes/etc/supervisor/conf.d/gunicorn.conf b/includes/etc/supervisor/conf.source/gunicorn.conf similarity index 100% rename from includes/etc/supervisor/conf.d/gunicorn.conf rename to includes/etc/supervisor/conf.source/gunicorn.conf diff --git a/includes/etc/supervisor/conf.d/nginx.conf b/includes/etc/supervisor/conf.source/nginx.conf similarity index 100% rename from includes/etc/supervisor/conf.d/nginx.conf rename to includes/etc/supervisor/conf.source/nginx.conf From 8479130ef1cf9fe41eb8e77a2fdbbd253b7d5ffa Mon Sep 17 00:00:00 2001 From: Jon Date: Thu, 31 Oct 2024 15:00:55 +0930 Subject: [PATCH 17/19] feat(docker): Add worker service config for SupervisorD ref: #363 #371 --- dockerfile | 2 ++ .../administration/installation.md | 2 +- includes/entrypoint.sh | 22 +++++++++++++++++++ .../etc/supervisor/conf.source/worker.conf | 10 +++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 includes/etc/supervisor/conf.source/worker.conf diff --git a/dockerfile b/dockerfile index afd128ac..26cac012 100644 --- a/dockerfile +++ b/dockerfile @@ -100,6 +100,8 @@ ENV CI_PROJECT_URL=${CI_PROJECT_URL} ENV CI_COMMIT_SHA=${CI_COMMIT_SHA} ENV CI_COMMIT_TAG=${CI_COMMIT_TAG} +ENV IS_WORKER=False + COPY requirements.txt requirements.txt COPY requirements_test.txt requirements_test.txt diff --git a/docs/projects/centurion_erp/administration/installation.md b/docs/projects/centurion_erp/administration/installation.md index b1ddffd3..8bd48afd 100644 --- a/docs/projects/centurion_erp/administration/installation.md +++ b/docs/projects/centurion_erp/administration/installation.md @@ -50,7 +50,7 @@ The [web container](https://hub.docker.com/r/nofusscomputing/centurion-erp) is t ### Background Worker Container -The [Background Worker container](https://hub.docker.com/r/nofusscomputing/centurion-erp) is a worker that waits for tasks sent to the RabbitMQ server. The worker is based upon [Celery](https://docs.celeryq.dev/en/stable/index.html). On the worker not being busy, it'll pickup and run the task. This container is scalable with nil additional requirements for launching additional workers. If deploying to Kubernetes the setting the deployment `replicas` to the number of desired containers is the simplest method to scale. The container start command will need to be set to `celery -A app worker -l INFO` so that the worker is started on container startup. +The [Background Worker container](https://hub.docker.com/r/nofusscomputing/centurion-erp) is a worker that waits for tasks sent to the RabbitMQ server. The worker is based upon [Celery](https://docs.celeryq.dev/en/stable/index.html). On the worker not being busy, it'll pickup and run the task. This container is scalable with nil additional requirements for launching additional workers. If deploying to Kubernetes the setting the deployment `replicas` to the number of desired containers is the simplest method to scale. There is no container start command, however you will need to set environmental variable `IS_WORKER` to value `'True'` within the container. Configuration for the worker resides in directory `/etc/itsm/` within the container. see below for the `CELERY_` configuration. diff --git a/includes/entrypoint.sh b/includes/entrypoint.sh index cdd92989..b52d31b0 100644 --- a/includes/entrypoint.sh +++ b/includes/entrypoint.sh @@ -7,6 +7,25 @@ if [ "$1" == "" ]; then echo "[Info] Setup SupervisorD" + if [ ${IS_WORKER} == 'True' ] || [ ${IS_WORKER} == 'true' ]; then + + + echo '[info] Creating worker service config'; + + cp /etc/supervisor/conf.source/worker.conf /etc/supervisor/conf.d/worker.conf; + + if [ -f '/etc/supervisor/conf.d/worker.conf' ]; then + + echo '[info] Worker service config Created'; + + else + + echo '[crit] Worker service config not created'; + + fi; + + + else echo '[info] Creating gunicorn service config'; @@ -38,6 +57,9 @@ if [ "$1" == "" ]; then fi; + fi; + + echo "[Info] SupervisorD Setup successfully" diff --git a/includes/etc/supervisor/conf.source/worker.conf b/includes/etc/supervisor/conf.source/worker.conf new file mode 100644 index 00000000..936d15e5 --- /dev/null +++ b/includes/etc/supervisor/conf.source/worker.conf @@ -0,0 +1,10 @@ +[program:celery] +priority=1 +startsecs=0 +stopwaitsecs=55 +autostart=true +autorestart=true +stdout_logfile=/var/log/%(program_name)s.log +stderr_logfile=/var/log/%(program_name)s.log +directory=/app +command=celery -A app worker -l INFO From ea8a054005df1507438a514c11ddd1a7786e86c0 Mon Sep 17 00:00:00 2001 From: Jon Date: Thu, 31 Oct 2024 15:19:50 +0930 Subject: [PATCH 18/19] fix(docker): Ensure SupervisorD daemon config directory exists. ref: #363 #371 --- dockerfile | 1 + includes/entrypoint.sh | 2 ++ includes/etc/supervisor/conf.d/.gitkeep | 0 3 files changed, 3 insertions(+) create mode 100644 includes/etc/supervisor/conf.d/.gitkeep diff --git a/dockerfile b/dockerfile index 26cac012..e7e057e6 100644 --- a/dockerfile +++ b/dockerfile @@ -141,6 +141,7 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ exit 1; \ fi; \ chmod +x /entrypoint.sh; \ + mkdir -p /etc/supervisor/conf.d; \ export diff --git a/includes/entrypoint.sh b/includes/entrypoint.sh index b52d31b0..be1ffb85 100644 --- a/includes/entrypoint.sh +++ b/includes/entrypoint.sh @@ -2,6 +2,8 @@ set -e +mkdir -p /etc/supervisor/conf.d; + if [ "$1" == "" ]; then diff --git a/includes/etc/supervisor/conf.d/.gitkeep b/includes/etc/supervisor/conf.d/.gitkeep new file mode 100644 index 00000000..e69de29b From 9f826d7142c983e2f53c32c45a64231c6bae097a Mon Sep 17 00:00:00 2001 From: Jon Date: Thu, 31 Oct 2024 15:50:57 +0930 Subject: [PATCH 19/19] docs: Update release notes ref: #371 closes #363 --- Release-Notes.md | 16 ++++++++++++++++ dockerfile | 2 +- .../centurion_erp/administration/installation.md | 2 ++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Release-Notes.md b/Release-Notes.md index dc2bda58..419b958d 100644 --- a/Release-Notes.md +++ b/Release-Notes.md @@ -1,3 +1,19 @@ +# Version 1.3.0 + +!!! danger "Security" + As is currently the recommended method of deployment, the Centurion Container must be deployed behind a reverse proxy the conducts the SSL termination. + +This release updates the docker container to be a production setup for deployment of Centurion. Prior to this version Centurion ERP was using a development setup for the webserver. + +- Docker now uses SupervisorD for container + +- Gunicorn WSGI setup for Centurion with NginX as the webserver. + +- Container now has a health check. + +- To setup container as "Worker", set `IS_WORKER='True'` environmental variable within container. _**Note:** You can still use command `celery -A app worker -l INFO`, although **not** recommended as the container health check will not be functioning_ + + # Version 1.0.0 Initial Release of Centurion ERP. diff --git a/dockerfile b/dockerfile index e7e057e6..0664b582 100644 --- a/dockerfile +++ b/dockerfile @@ -147,7 +147,7 @@ RUN pip --disable-pip-version-check list --outdated --format=json | \ WORKDIR /app - +# In future, adjust port to 80 as nginX is now used (Will be breaking change) EXPOSE 8000 VOLUME [ "/data", "/etc/itsm" ] diff --git a/docs/projects/centurion_erp/administration/installation.md b/docs/projects/centurion_erp/administration/installation.md index 8bd48afd..7378e1c6 100644 --- a/docs/projects/centurion_erp/administration/installation.md +++ b/docs/projects/centurion_erp/administration/installation.md @@ -8,6 +8,8 @@ about: https://gitlab.com/nofusscomputing/infrastructure/configuration-managemen Centurion ERP is a simple application to deploy with the only additional requirements being that you have already deployed a database server and a RabbitMQ server. Centurion ERP is container based and is deployable via Docker or upon Kubernetes. Our images are available on [Docker Hub](https://hub.docker.com/r/nofusscomputing/centurion-erp). +Deployment of Centurion ERP is recommended to be behind a reverse proxy. This is required as the method used to setup the containers does not include any SSL setup. Due to this the reverse proxy will be required to conduct the SSL termination. + !!! note "TL;DR" `docker pull nofusscomputing/centurion-erp:latest`.