Add healthchecks and use 1.8

peering-manager · Sep 16, 2023 · 905b3b5 · 905b3b5
1 parent c047f41
commit 905b3b5
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 15 deletions.
diff --git a/configuration/configuration.py b/configuration/configuration.py
@@ -33,8 +33,11 @@ def get_sys_tz():
 # The server will not permit write access to the server via any other
 # hostnames. The first FQDN in the list will be treated as the preferred name.
 #
-# Example: ALLOWED_HOSTS = ['peering.example.com', 'peering.internal.local']
+# Example: ALLOWED_HOSTS = ["peering.example.com", "peering.internal.local"]
 ALLOWED_HOSTS = os.environ.get("ALLOWED_HOSTS", "*").split(" ")
+# ensure that "*" or "localhost" is always in ALLOWED_HOSTS (needed for health checks)
+if "*" not in ALLOWED_HOSTS and "localhost" not in ALLOWED_HOSTS:
+    ALLOWED_HOSTS.append("localhost")
 
 # Must be unique to each setup (CHANGE IT!).
 SECRET_KEY = os.environ.get("SECRET_KEY", read_secret("secret_key"))

diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py
@@ -1,9 +1,8 @@
 from importlib import import_module
 from os import environ
 
-from django_auth_ldap.config import LDAPSearch
-
 import ldap
+from django_auth_ldap.config import LDAPSearch
 
 
 # Read secret from file.
@@ -47,20 +46,22 @@ def _import_group_type(group_type_name):
 
 AUTH_LDAP_USER_SEARCH_BASEDN = environ.get("AUTH_LDAP_USER_SEARCH_BASEDN", "")
 AUTH_LDAP_USER_SEARCH_ATTR = environ.get("AUTH_LDAP_USER_SEARCH_ATTR", "sAMAccountName")
+AUTH_LDAP_USER_SEARCH_FILTER = environ.get(
+    "AUTH_LDAP_USER_SEARCH_FILTER", f"({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)"
+)
 AUTH_LDAP_USER_SEARCH = LDAPSearch(
-    AUTH_LDAP_USER_SEARCH_BASEDN,
-    ldap.SCOPE_SUBTREE,
-    "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)",
+    AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER
 )
 
 # This search ought to return all groups to which the user belongs.
 # django_auth_ldap uses this to determine group hierarchy.
 AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get("AUTH_LDAP_GROUP_SEARCH_BASEDN", "")
 AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get("AUTH_LDAP_GROUP_SEARCH_CLASS", "group")
+AUTH_LDAP_GROUP_SEARCH_FILTER = environ.get(
+    "AUTH_LDAP_GROUP_SEARCH_FILTER", f"(objectclass={AUTH_LDAP_GROUP_SEARCH_CLASS})"
+)
 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
-    AUTH_LDAP_GROUP_SEARCH_BASEDN,
-    ldap.SCOPE_SUBTREE,
-    "(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")",
+    AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
 )
 AUTH_LDAP_GROUP_TYPE = _import_group_type(
     environ.get("AUTH_LDAP_GROUP_TYPE", "GroupOfNamesType")

diff --git a/docker-compose.override.yml.example b/docker-compose.override.yml.example
@@ -3,3 +3,5 @@ services:
   peering-manager:
     ports:
       - 8080
+    healthcheck:
+      start_period: 90s
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,7 +4,7 @@ version: "3.4"
 services:
   peering-manager:
     &peering-manager
-    image: peeringmanager/peering-manager:${VERSION-v1.7}
+    image: docker.io/peeringmanager/peering-manager:${VERSION-v1.8}
     env_file: env/peering-manager.env
     user: "unit:root"
     volumes:
@@ -15,6 +15,11 @@ services:
       - postgres
       - redis
       - rqworker
+    healthcheck:
+      start_period: 60s
+      timeout: 3s
+      interval: 15s
+      test: "curl -f http://localhost:8080/api/ || exit 1"
   rqworker:
     <<: *peering-manager
     depends_on:
@@ -24,6 +29,11 @@ services:
       - /opt/peering-manager/venv/bin/python
       - /opt/peering-manager/manage.py
       - rqworker
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -a | grep -v grep | grep -q rqworker || exit 1"
   housekeeping:
     <<: *peering-manager
     environment:
@@ -34,6 +44,11 @@ services:
     command:
       - /opt/peering-manager/run-command.sh
       - housekeeping
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -a | grep -v grep | grep -q housekeeping || exit 1"
   peeringdb-sync:
     <<: *peering-manager
     environment:
@@ -44,13 +59,18 @@ services:
     command:
       - /opt/peering-manager/run-command.sh
       - peeringdb_sync
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -a | grep -v grep | grep -q peeringdb_sync || exit 1"
   postgres:
-    image: postgres:14-alpine
+    image: docker.io/postgres:14-alpine
     env_file: env/postgres.env
     volumes:
       - peering-manager-data:/var/lib/postgresql/data
   redis:
-    image: redis:7-alpine
+    image: docker.io/redis:7-alpine
     env_file: env/redis.env
     volumes:
       - peering-manager-redis:/data

diff --git a/requirements-container.txt b/requirements-container.txt
@@ -1,5 +1,2 @@
 ruamel.yaml
 django-auth-ldap
-
-# Fix for https://github.com/peering-manager/peering-manager/issues/725
-django-rq==2.8.0