Page MenuHomeSoftware Heritage

graphql: Deploy reverse proxy to access the graphql instance
ClosedPublic

Authored by ardumont on Fri, Jul 22, 5:34 PM.

Details

Summary

Related to T4135

Test Plan

octo-diff on rp0.staging, this adds the necessary rp setup to access the graphql instance:

$SWH_PUPPET_ENVIRONMENT_HOME/bin/octocatalog-diff rp0.internal.staging.swh.network
Found host rp0.internal.staging.swh.network
WARN     -> Environment "staging-add-prometheus-metrics" contained non-word characters, correcting name to staging_add_prometheus_metrics
WARN     -> Environment "staging-bullseye-rabbitmq-plugin" contained non-word characters, correcting name to staging_bullseye_rabbitmq_plugin
WARN     -> Environment "staging-check-journal-client" contained non-word characters, correcting name to staging_check_journal_client
WARN     -> Environment "staging-check-journal-client-2nd-implementation" contained non-word characters, correcting name to staging_check_journal_client_2nd_implementation
WARN     -> Environment "staging-check-journal-client-first-implem" contained non-word characters, correcting name to staging_check_journal_client_first_implem
WARN     -> Environment "staging-pin" contained non-word characters, correcting name to staging_pin
o1Cloning into '/tmp/swh-ocd.GwEnul9h/environments/production/data/private'...
done.
Cloning into '/tmp/swh-ocd.GwEnul9h/environments/staging/data/private'...
done.
*** Running octocatalog-diff on host rp0.internal.staging.swh.network
I, [2022-07-22T17:33:00.575752 #3946284]  INFO -- : Catalogs compiled for rp0.internal.staging.swh.network
I, [2022-07-22T17:33:00.896105 #3946284]  INFO -- : Diffs computed for rp0.internal.staging.swh.network
diff origin/production/rp0.internal.staging.swh.network current/rp0.internal.staging.swh.network
*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:graphql] =>
   parameters =>
     "content": "include \"includes/01_graphql.vcl\";",
     "order": "01",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:vhost_graphql.staging.swh.network] =>
   parameters =>
     "content": "include \"includes/50_vhost_graphql.staging.swh.network.vcl\";",...
     "order": "50",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[graphql_staging cacert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/graphql_staging/chain.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat::Fragment[graphql_staging cert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/graphql_staging/cert.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat::Fragment[graphql_staging dhparams] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat::Fragment[graphql_staging key] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/graphql_staging/privkey.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat::Fragment[hitch::domain graphql_staging] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/graphql_staging.pem\"\n",
     "notify": "Class[Hitch::Service]",
     "order": "10",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ Concat[/etc/hitch/graphql_staging.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure": "present",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "notify": "Class[Hitch::Service]",
     "order": "alpha",
     "owner": "root",
     "path": "/etc/hitch/graphql_staging.pem",
     "replace": true,
     "show_diff": true,
     "warn": false
*******************************************
+ Concat_file[/etc/hitch/graphql_staging.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "order": "alpha",
     "owner": "root",
     "replace": true,
     "show_diff": true,
     "tag": "_etc_hitch_graphql_staging.pem"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:graphql] =>
   parameters =>
     "content": "include \"includes/01_graphql.vcl\";",
     "order": "01",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:vhost_graphql.staging.swh.network] =>
   parameters =>
     "content": "include \"includes/50_vhost_graphql.staging.swh.network.vcl\";",...
     "order": "50",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[graphql_staging cacert] =>
   parameters =>
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/graphql_staging/chain.pem",
     "tag": "_etc_hitch_graphql_staging.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat_fragment[graphql_staging cert] =>
   parameters =>
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/graphql_staging/cert.pem",
     "tag": "_etc_hitch_graphql_staging.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat_fragment[graphql_staging dhparams] =>
   parameters =>
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "tag": "_etc_hitch_graphql_staging.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat_fragment[graphql_staging key] =>
   parameters =>
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/graphql_staging/privkey.pem",
     "tag": "_etc_hitch_graphql_staging.pem",
     "target": "/etc/hitch/graphql_staging.pem"
*******************************************
+ Concat_fragment[hitch::domain graphql_staging] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/graphql_staging.pem\"\n",
     "order": "10",
     "tag": "_etc_hitch_hitch.conf",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/graphql_staging/cert.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/graphql_staging/cert.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/graphql_staging/chain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/graphql_staging/chain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/graphql_staging/fullchain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/graphql_staging/fullchain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/graphql_staging/privkey.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0600",
     "owner": "root",
     "source": "puppet:///le_certs/graphql_staging/privkey.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/graphql_staging] =>
   parameters =>
     "ensure": "directory",
     "group": "root",
     "mode": "0755",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/01_graphql.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/50_vhost_graphql.staging.swh.network.vcl] =>
   parameters =>
     "content": "# vhost_graphql.staging.swh.network.vcl\n#\n# Settings for the g...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ Hitch::Domain[graphql_staging] =>
   parameters =>
     "cacert_source": "/etc/ssl/certs/letsencrypt/graphql_staging/chain.pem",
     "cert_source": "/etc/ssl/certs/letsencrypt/graphql_staging/cert.pem",
     "default": false,
     "ensure": "present",
     "key_source": "/etc/ssl/certs/letsencrypt/graphql_staging/privkey.pem"
*******************************************
+ Profile::Hitch::Ssl_cert[graphql_staging] =>
   parameters =>
     "ssl_cert_name": "graphql_staging"
*******************************************
+ Profile::Letsencrypt::Certificate[graphql_staging] =>
   parameters =>
     "basename": "graphql_staging",
     "privkey_group": "root",
     "privkey_mode": "0600",
     "privkey_owner": "root",
     "source_cert": "graphql_staging"
*******************************************
+ Profile::Varnish::Vcl_include[graphql] =>
   parameters =>
     "basename": "graphql",
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "order": "01"
*******************************************
+ Profile::Varnish::Vcl_include[vhost_graphql.staging.swh.network] =>
   parameters =>
     "basename": "vhost_graphql.staging.swh.network",
     "content": "# vhost_graphql.staging.swh.network.vcl\n#\n# Settings for the g...
     "order": "50"
*******************************************
+ Profile::Varnish::Vhost[graphql.staging.swh.network] =>
   parameters =>
     "aliases": [
       "graphql-rp.internal.staging.swh.network"
     ],
     "backend_http_host": "graphql-worker0.internal.staging.swh.network",
     "backend_http_port": "9080",
     "backend_name": "graphql",
     "basic_auth": true,
     "basic_auth_strings": [
       "c3doLXN0Zzpzd2g6OmRlcGxveTo6Z3JhcGhxbDo6cmV2ZXJzZV9wcm94eTo6YmFzaWNfYXV0a...
     ],
     "hsts_max_age": 15768000,
     "order": "50",
     "servername": "graphql.staging.swh.network",
     "websocket_support": false
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/01_graphql.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "file": "/etc/varnish/includes/01_graphql.vcl"
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/50_vhost_graphql.staging.swh.network.vcl] =>
   parameters =>
     "content": "# vhost_graphql.staging.swh.network.vcl\n#\n# Settings for the g...
     "file": "/etc/varnish/includes/50_vhost_graphql.staging.swh.network.vcl"
*******************************************
*** End octocatalog-diff on rp0.internal.staging.swh.network

Diff Detail

Repository
rSPSITE puppet-swh-site
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Fix default port to the 80 port used by actual graphql staging deployment

 kubectl get ingress -A
NAMESPACE   NAME      CLASS   HOSTS             ADDRESS           PORTS   AGE
default     graphql   nginx   graphql.cluster   192.168.130.150   80      8h
This revision was not accepted when it landed; it landed in state Needs Review.Mon, Jul 25, 9:54 AM
This revision was automatically updated to reflect the committed changes.