Merge remote-tracking branch 'upstream/main' into kubernetes-introduce-longhorn

Author: YuryHrytsuk

services/graylog/scripts/alerts.template.yaml

@@ -6,7 +6,7 @@
       container_name: /.*director-v2.*/ AND "could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network" AND NOT container_name:/.*graylog_graylog.*/
     query_parameters: []
     search_within_ms: 600000
-    event_limit: 1
+    event_limit: 1000
     execute_every_ms: 600000
     group_by: []
     series: []
@@ -46,7 +46,7 @@
       "lock is no longer owned. This is unexpected and requires investigation" AND NOT container_name:/.*graylog_graylog.*/
     query_parameters: []
     search_within_ms: 3600000
-    event_limit: 1
+    event_limit: 1000
     execute_every_ms: 3600000
     group_by: []
     series: []
@@ -85,7 +85,7 @@
       "LockNotOwnedError" AND NOT container_name:/.*graylog_graylog.*/
     query_parameters: []
     search_within_ms: 3600000
-    event_limit: 1
+    event_limit: 1000
     execute_every_ms: 3600000
     group_by: []
     series: []
@@ -125,7 +125,7 @@
     query_parameters: []
     search_within_ms: 86400000
     execute_every_ms: 86400000
-    event_limit: 1
+    event_limit: 1000
     group_by: []
     series: []
     conditions: {}
@@ -157,7 +157,7 @@
       query: log_service:/.+payments/ AND (log_level:ERROR OR log_level:WARNING)
       query_parameters: []
       search_within_ms: 600000
-      event_limit: 1
+      event_limit: 1000
       execute_every_ms: 600000
       group_by: []
       series: []

services/monitoring/Makefile

@@ -176,6 +176,7 @@ grafana/assets: ${REPO_CONFIG_LOCATION}
 .PHONY: grafana-import
 grafana-import: grafana/assets ## Imports the remote grafana dashboards and datasources FROM YOUR LOCAL MACHINE
 	@pushd ${REPO_BASE_DIR}/services/monitoring/grafana && \
+	rm -r ./terraform/.terraform 2>/dev/null | true && \
 	$(MAKE) terraform-plan && \
 	$(MAKE) terraform-apply; \
 	popd > /dev/null

services/monitoring/grafana/Makefile

@@ -75,5 +75,5 @@ assets: ${REPO_CONFIG_LOCATION}
 	fi; \
 	rm -rf $(REPO_BASE_DIR)/services/monitoring/grafana/assets || true; \
 	mkdir -p $(REPO_BASE_DIR)/services/monitoring/grafana/assets; \
-	cp -r $(shell dirname ${REPO_CONFIG_LOCATION})/assets/grafana/* $(REPO_BASE_DIR)/services/monitoring/grafana/assets; \
 	cp -r $(shell dirname ${REPO_CONFIG_LOCATION})/../shared/assets/grafana $(REPO_BASE_DIR)/services/monitoring/grafana/assets/shared; \
+	cp -r $(shell dirname ${REPO_CONFIG_LOCATION})/assets/grafana/* $(REPO_BASE_DIR)/services/monitoring/grafana/assets/shared/;

services/monitoring/pgsql_query_exporter_config.yaml.j2

@@ -15,7 +15,7 @@ metrics:{% for _gid in MONITORING_PROMETHEUS_PGSQL_GID_MONITORED.split(",") if _
   osparc_total_number_of_successful_payment_transactions:
     type: gauge
     description: Total number of successful payment transactions
-  osparc_total_number_of_dollars_paid:
+  osparc_total_number_of_dollars_paid_successfully:
     type: gauge
     description: Total number of dollars paid successfully
   osparc_total_number_of_credits_purchased_successfully:
@@ -58,7 +58,7 @@ queries:{% for _gid in MONITORING_PROMETHEUS_PGSQL_GID_MONITORED.split(",") if _
   query_total_number_of_dollars_paid_successfully:
     interval: 55
     databases: [postgres]
-    metrics: [osparc_total_number_of_dollars_paid]
+    metrics: [osparc_total_number_of_dollars_paid_successfully]
     sql: |
       SELECT SUM(price_dollars) as osparc_total_number_of_dollars_paid_successfully
       FROM payments_transactions WHERE state = 'SUCCESS';

services/simcore/docker-compose.deploy.aws.yml

@@ -3,7 +3,6 @@ services:
     volumes:
       - /docker/volumes/:/docker/volumes/
 
-
   dask-sidecar:
     deploy:
       placement:
@@ -24,6 +23,7 @@ services:
   postgres:
     deploy:
       replicas: 0
+
   traefik:
     command:
       - "--api=true"
@@ -52,7 +52,7 @@ services:
       - "--entryPoints.traefik_monitor.address=:8080"
       - "--entryPoints.traefik_monitor.forwardedHeaders.insecure"
       - "--providers.swarm.endpoint=unix:///var/run/docker.sock"
-      - "--providers.swarm.network=${SWARM_STACK_NAME}_default"      # https://github.com/traefik/traefik/issues/7886
+      - "--providers.swarm.network=${SWARM_STACK_NAME}_default" # https://github.com/traefik/traefik/issues/7886
       - "--providers.swarm.refreshSeconds=1"
       - "--providers.swarm.exposedByDefault=false"
       - "--providers.swarm.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)"
@@ -73,9 +73,17 @@ services:
     deploy:
       replicas: 3
 
+  rabbit:
+    deploy:
+      labels:
+        - traefik.tcp.services.rabbit.loadBalancer.server.port=5672
+        - traefik.tcp.routers.rabbit.entrypoints=rabbit
+        - traefik.tcp.routers.rabbit.tls=false
+        - traefik.tcp.routers.rabbit.rule=ClientIP(`10.0.0.0/8`) || ClientIP(`172.16.0.0/12`) || ClientIP(`192.168.0.0/16`)
+
 volumes:
-   efs_volume:
-       driver_opts:
-           type: nfs
-           o: addr=${EFS_DNS_NAME},rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
-           device: :/
+  efs_volume:
+    driver_opts:
+      type: nfs
+      o: addr=${EFS_DNS_NAME},rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
+      device: :/

services/simcore/docker-compose.yml.j2

@@ -631,13 +631,13 @@ services:
       labels:
         - traefik.enable=true
         - traefik.docker.network=${PUBLIC_NETWORK}
-        - traefik.http.services.${PREFIX_STACK_NAME}_rabbit.loadbalancer.server.port=15672
-        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/${PREFIX_STACK_NAME}_rabbit`)
-        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit.entrypoints=https
-        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit.tls=true
-        - traefik.http.middlewares.${PREFIX_STACK_NAME}_rabbit_replace_regex.replacepathregex.regex=^/${PREFIX_STACK_NAME}_rabbit/(.*)$$
-        - traefik.http.middlewares.${PREFIX_STACK_NAME}_rabbit_replace_regex.replacepathregex.replacement=/$${1}
-        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit.middlewares=${PREFIX_STACK_NAME}_rabbit_replace_regex@swarm, ops_gzip@swarm
+        - traefik.http.services.${PREFIX_STACK_NAME}_rabbit_console.loadbalancer.server.port=15672
+        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit_console.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/${PREFIX_STACK_NAME}_rabbit`)
+        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit_console.entrypoints=https
+        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit_console.tls=true
+        - traefik.http.middlewares.${PREFIX_STACK_NAME}_rabbit_console_replace_regex.replacepathregex.regex=^/${PREFIX_STACK_NAME}_rabbit/(.*)$$
+        - traefik.http.middlewares.${PREFIX_STACK_NAME}_rabbit_console_replace_regex.replacepathregex.replacement=/$${1}
+        - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit_console.middlewares=${PREFIX_STACK_NAME}_rabbit_console_replace_regex@swarm, ops_gzip@swarm
       update_config:
         parallelism: 2
         order: start-first
@@ -931,13 +931,64 @@ services:
       labels:
         - traefik.enable=true
         - traefik.docker.network=${PUBLIC_NETWORK}
+        # dynamic-scheduler service
         - traefik.http.services.${PREFIX_STACK_NAME}_dynamic_scheduler.loadbalancer.server.port=8000
         - traefik.http.services.${PREFIX_STACK_NAME}_dynamic_scheduler.loadbalancer.sticky.cookie=true
         - traefik.http.services.${PREFIX_STACK_NAME}_dynamic_scheduler.loadbalancer.sticky.cookie.name=sticky_session
+        # dynamic-scheduler GUI Router
         - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/dynamic-scheduler`)
         - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler.entrypoints=https
         - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler.tls=true
         - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler.middlewares=ops_gzip@swarm, ops_auth@swarm
+        # dynamic-scheduler API Router
+        - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler_api.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/dynamic-scheduler/v1`)
+        - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler_api.entrypoints=https
+        - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler_api.tls=true
+        - traefik.http.middlewares.dynamic_scheduler_api_replace_regex.replacepathregex.regex=^/dynamic-scheduler/v1(.*)$$
+        - traefik.http.middlewares.dynamic_scheduler_api_replace_regex.replacepathregex.replacement=/v1$${1}
+        - traefik.http.routers.${PREFIX_STACK_NAME}_dynamic_scheduler_api.middlewares=ops_gzip@swarm, ops_auth@swarm, dynamic_scheduler_api_replace_regex
+
+  notifications:
+    networks:
+      - monitored
+    deploy:
+      replicas: ${SIMCORE_NOTIFICATIONS_REPLICAS}
+      placement:
+        constraints:
+          - node.labels.simcore==true
+      update_config:
+        parallelism: 1
+        order: start-first
+        failure_action: rollback
+        delay: 10s
+      resources:
+        limits:
+          memory: 500M
+          cpus: '0.5'
+        reservations:
+          memory: 50M
+          cpus: '0.1'
+
+  docker-api-proxy:
+    networks:
+      - monitored
+    deploy:
+      mode: global
+      update_config:
+        parallelism: 2
+        order: start-first
+        failure_action: continue
+        delay: 10s
+      placement:
+        constraints:
+          - node.role==manager
+      resources:
+        reservations:
+          cpus: "0.1"
+          memory: "256M"
+        limits:
+          cpus: "0.5"
+          memory: "512M"
 
 volumes:
   rabbit_data:

services/traefik/docker-compose.aws.yml

@@ -23,6 +23,7 @@ services:
       - "--entryPoints.https.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805
       - "--entryPoints.https.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805
       - "--entryPoints.smtp.address=:25"
+      - "--entryPoints.rabbit.address=:5672"
       - "--providers.swarm.endpoint=unix:///var/run/docker.sock"
       - "--providers.swarm.exposedByDefault=false"
       - "--core.defaultRuleSyntax=v2"
@@ -34,6 +35,10 @@ services:
       - "--entryPoints.https.forwardedHeaders.insecure"
       - "--providers.file.directory=/etc/traefik/"
       - "--providers.file.watch=true"
+    ports:
+      - target: 5672
+        published: 5672
+        mode: host
     environment:
       - AWS_ACCESS_KEY_ID=${ROUTE53_DNS_CHALLANGE_ACCESS_KEY}
       - AWS_SECRET_ACCESS_KEY=${ROUTE53_DNS_CHALLANGE_SECRET_KEY}

services/traefik/docker-compose.yml.j2

@@ -105,7 +105,8 @@ services:
         # via https://community.traefik.io/t/v2-2-8-global-redirect-www-to-non-www-with-http-to-https/7428
         # see also: https://community.traefik.io/t/get-a-valid-ssl-certificate-for-www-domains-via-traefik-and-lets-encrypt/2023
         # Global redirection: https (www.) to https
-        - traefik.http.routers.www-catchall.rule={{ DEPLOYMENT_FQDNS_WWW_CAPTURE_TRAEFIK_RULE.strip("\"") }}
+        # why .strip("\"'") ? --> https://github.com/kolypto/j2cli/issues/77
+        - traefik.http.routers.www-catchall.rule={{ DEPLOYMENT_FQDNS_WWW_CAPTURE_TRAEFIK_RULE.strip("\"'") }}
         - traefik.http.routers.www-catchall.priority=100000
         - traefik.http.routers.www-catchall.entrypoints=https,http
         - traefik.http.routers.www-catchall.tls=true