Fix docker stack (#713)

* devel: update composer config Update some of the config for the docker-compose file since there have been a few changes and the config is slightly out of date. Additionally, a refresh_token parameter was added to the oauth_url since this is used by composer's mock openid provider to generate the `rh-id-org` key in the jwt token. * distribution: update frontend entrypoint Update the command for spinning up the frontend to match the new script command. * devel: remove offline token Remove the offline token and replace with a client secret instead. * devel: add metrics profile Only launch the metrics containers when explictly requested. This helps decrease the logging output when the metrics are not required. The metrics can be called with `docker-compose --profile metrics up`
2022-04-26 14:00:53 +01:00 · 2022-04-26 14:00:53 +01:00 · 110c0c674b
commit 110c0c674b
parent 294cb08a0f
8 changed files with 26 additions and 10 deletions
--- a/devel/.env
+++ b/devel/.env
@ -3,4 +3,5 @@ CERT_DIR=./state/x509
 COMPOSER_CONFIG_DIR=./config/composer
 WORKER_CONFIG_DIR=./config/worker
 SPANDX_CONFIG=./config/spandx/local-frontend-and-api.js
-COMPOSER_OFFLINE_TOKEN=someOfflineToken
+COMPOSER_CLIENT_ID=rhsm-api
+COMPOSER_CLIENT_SECRET=supersecretsecretsquirrel
--- a/devel/README.md
+++ b/devel/README.md
@ -69,4 +69,11 @@ Access the service through the GUI:
 directly through the API:
 [https://prod.foo.redhat.com:1337/docs/api/image-builder](https://prod.foo.redhat.com:1337/docs/api/image-builder).

+The metrics containers are only launched when explicitly required. The command for this is below:
+
+```bash
+docker-compose --profile metrics up
+```
+
 Access the Grafana dashboard on [https://localhost:3000](https://localhost:3000). The default username is `admin` and the password is set to `foobar`.
+The prometheus instance can be accessed on [https://localhost:9000](https://localhost:9000)
--- a/devel/config/composer/osbuild-composer.toml
+++ b/devel/config/composer/osbuild-composer.toml
@ -3,14 +3,18 @@ request_job_timeout = "40s"
 allowed_domains = [ "localhost", "worker.osbuild.org" ]
 enable_mtls = false
 enable_jwt = true
-jwt_keys_url = "http://fauxauth:8888/certs"
+jwt_keys_urls = ["http://fauxauth:8888/certs"]
 jwt_acl_file = "/etc/osbuild-composer/acl.yml"
+jwt_tenant_provider_fields = ["rh-org-id"]
 ca = "/etc/osbuild-composer/ca-crt.pem"
+client_id = "rhsm-api"

 [koji]
 allowed_domains = [ "client.osbuild.org" ]
 enable_mtls = false
 enable_jwt = true
-jwt_keys_url = "http://fauxauth:8888/certs"
+jwt_keys_urls = ["http://fauxauth:8888/certs"]
 jwt_acl_file = "/etc/osbuild-composer/acl.yml"
+jwt_tenant_provider_fields = ["rh-org-id"]
 ca = "/etc/osbuild-composer/ca-crt.pem"
+client_id = "rhsm-api"
--- a/devel/config/worker/osbuild-worker.toml
+++ b/devel/config/worker/osbuild-worker.toml
@ -1,3 +1,4 @@
 [authentication]
-oauth_url = "http://fauxauth:8888/token"
-offline_token = "/etc/osbuild-worker/token"
+oauth_url = "http://fauxauth:8888/token?refresh_token=42"
+client_secret = "/etc/osbuild-worker/secret"
+client_id = "rhsm-api"
--- a/devel/config/worker/secret
+++ b/devel/config/worker/secret
@ -0,0 +1 @@
+supersecretsecretsquirrel
--- a/devel/config/worker/token
+++ b/devel/config/worker/token
@ -1 +0,0 @@
-someOfflineToken
--- a/devel/docker-compose.yml
+++ b/devel/docker-compose.yml
@ -26,7 +26,7 @@ services:
    volumes:
      - ${CERT_DIR}/ca-crt.pem:/etc/osbuild-composer/ca-crt.pem:z
      - ${WORKER_CONFIG_DIR}/osbuild-worker.toml:/etc/osbuild-worker/osbuild-worker.toml:z
-      - ${WORKER_CONFIG_DIR}/token:/etc/osbuild-worker/token:z
+      - ${WORKER_CONFIG_DIR}/secret:/etc/osbuild-worker/secret:z
    environment:
      - CACHE_DIRECTORY=/var/cache/osbuild-composer
    privileged: true
@ -80,8 +80,9 @@ services:
      - PGUSER=postgres
      - PGPASSWORD=postgres
      - COMPOSER_URL=https://composer:8080
-      - COMPOSER_TOKEN_URL=http://fauxauth:8888/token
-      - COMPOSER_OFFLINE_TOKEN=${COMPOSER_OFFLINE_TOKEN}
+      - COMPOSER_TOKEN_URL=http://fauxauth:8888/token?refresh_token=42
+      - COMPOSER_CLIENT_SECRET=${COMPOSER_CLIENT_SECRET}
+      - COMPOSER_CLIENT_ID=${COMPOSER_CLIENT_ID}
      - COMPOSER_CA_PATH=/etc/image-builder/ca-crt.pem
      - DISTRIBUTIONS_DIR=/app/distributions
      - QUOTA_FILE=/config/quotas.json
@ -124,6 +125,7 @@ services:
     - "backend"
     - "frontend"
  prometheus:
+    profiles: ["metrics"]
    image: prom/prometheus:latest
    ports:
      - "9000:9090"
@ -139,6 +141,7 @@ services:
    command:
      - "--config.file=/config/prometheus.yml"
  grafana:
+    profiles: ["metrics"]
    image: grafana/grafana:latest
    ports:
      - "3000:3000"
--- a/distribution/Dockerfile
+++ b/distribution/Dockerfile
@ -9,4 +9,4 @@ RUN npm install
 COPY . .

 EXPOSE 8002
-CMD [ "npm", "run", "start:beta" ]
+CMD [ "npm", "run", "prod-beta" ]