hikariatama
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 98 additions & 0 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎default.conf‎
Lines changed: 9 additions & 1 deletion b/‎default.conf‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎docker-compose-generator.py‎
Lines changed: 41 additions & 13 deletions b/‎docker-compose-generator.py‎
Lines changed: 41 additions & 13 deletions
diff --git a/‎grafana/provisioning/dashboards/sharder-dashboard.yml‎
Lines changed: 8 additions & 0 deletions b/‎grafana/provisioning/dashboards/sharder-dashboard.yml‎
Lines changed: 8 additions & 0 deletions
@@ -0,0 +1,98 @@
+name: Deploy to Server
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up SSH
+        uses: webfactory/ssh-agent@v0.5.4
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Check if docker-compose-generator.py has changed
+        id: check_changes
+        run: |
+          if git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -q "docker-compose-generator.py"; then
+            if ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} '[ -f /opt/sharder/docker-compose.yml ]'; then
+              echo "Error: docker-compose-generator.py has changed and docker-compose.yml exists on target"
+              exit 1
+            fi
+          fi
+
+      - name: Prepare remote directory
+        run: |
+          ssh -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} \
+            'mkdir -p /opt/sharder && touch /opt/sharder/.preserve'
+
+      - name: Sync files
+        run: |
+          rsync -avz --exclude '.git*' --exclude 'docker-compose.yml' . ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/opt/sharder
+
+      - name: Run live test on temporary instance
+        run: |
+          ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << 'EOF'
+            set -euo pipefail
+
+            TMP_DIR=/tmp/sharder-$(openssl rand -hex 4)
+            cp -r /opt/sharder "$TMP_DIR"
+
+            cd "$TMP_DIR"
+            rm docker-compose.yml || true
+            python3 docker-compose-generator.py --chunks-per-file 2 --replicas 3 --dev-shards 3
+            docker compose up -d --build --remove-orphans
+
+            while ! docker compose ps | grep -q "Up"; do
+              echo "Waiting for containers to be up..."
+              sleep 1
+            done
+
+            echo "Waiting for nginx to become available..."
+            for i in {1..20}; do
+              if curl --silent --unix-socket "$TMP_DIR/socks/nginx.sock" http://localhost; then
+              echo "✅ nginx is up and running"
+              break
+              else
+              echo "⏳ Attempt $i/20: nginx not responding yet..."
+              sleep 1
+              fi
+            done || (echo "❌ nginx failed to start after 20 attempts" && exit 1)
+
+            echo "Running external tests..."
+            TEST_EXIT=0
+            curl -sS https://bootstrap.pypa.io/get-pip.py | python3
+            python3 -m pip install requests-unixsocket
+            python3 tests.py || TEST_EXIT=$?
+
+            if [ "$TEST_EXIT" -ne 0 ]; then
+              echo "❌ Tests failed. Check logs for details."
+              docker compose logs
+            fi
+
+            echo "Cleaning up containers and temporary files..."
+            docker compose down --remove-orphans || true
+            rm -rf "$TMP_DIR" || true
+
+            if [ "$TEST_EXIT" -ne 0 ]; then
+              echo "❌ Tests failed. Aborting."
+              docker compose logs
+              exit 1
+            fi
+
+            echo "✅ Tests passed."
+          EOF
+
+      - name: Deploy with Docker Compose
+        run: |
+          ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << 'EOF'
+            cd /opt/sharder
+            docker compose pull --ignore-pull-failures
+            docker compose up -d --build --remove-orphans
+          EOF
@@ -18,7 +18,7 @@ server {
     }
 
     location /api {
-        proxy_pass http://sharder-server:8000;
+        proxy_pass http://server:8000;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -31,3 +31,11 @@ server {
         proxy_busy_buffers_size 256k;
     }
 }
+
+server {
+    listen 9113;
+
+    location /nginx_status {
+        stub_status on;
+    }
+}
@@ -16,12 +16,6 @@
     help="Number of replicas. This is the number of copies of each chunk that will be stored on different shards.",
     default=2,
 )
-parser.add_argument(
-    "--public-port",
-    type=int,
-    help="Public port for the frontend service. This is the port that will be exposed to the outside world.",
-    default=80,
-)
 parser.add_argument(
     "--dev-shards",
     type=int,
@@ -32,18 +26,18 @@
 
 PG_PASSWORD = os.urandom(16).hex()
 CONNECTION_SECRET = os.urandom(16)
+while "/" in base64.b64encode(CONNECTION_SECRET).decode().strip("="):
+    CONNECTION_SECRET = os.urandom(16)
 
 base = {
     "services": {
         "frontend": {
             "build": {"context": "./frontend"},
-            "container_name": "frontend",
             "networks": ["shard_net"],
             "restart": "unless-stopped",
         },
         "server": {
             "build": {"context": "./server"},
-            "container_name": "sharder-server",
             "depends_on": ["postgres"],
             "networks": ["shard_net"],
             "restart": "unless-stopped",
@@ -54,15 +48,21 @@
                 "CONNECTION_SECRET": CONNECTION_SECRET.hex(),
                 "DB_URL": f"postgresql://shard:{PG_PASSWORD}@postgres/shard",
             },
+            "volumes": ["./prometheus/file_sd:/file_sd"],
         },
         "nginx": {
             "image": "nginx:latest",
-            "ports": [f"{args.public_port}:80"],
             "depends_on": ["frontend", "server"],
             "networks": ["shard_net"],
             "restart": "unless-stopped",
             "volumes": ["./default.conf:/etc/nginx/conf.d/default.conf"],
         },
+        "nginx-exporter": {
+            "image": "nginx/nginx-prometheus-exporter:latest",
+            "command": "--nginx.scrape-uri=http://nginx:9113/nginx_status --web.listen-address=:9113",
+            "depends_on": ["nginx"],
+            "networks": ["shard_net"],
+        },
         "postgres": {
             "image": "postgres:latest",
             "networks": ["shard_net"],
@@ -74,26 +74,54 @@
                 "POSTGRES_PASSWORD": PG_PASSWORD,
             },
         },
+        "prometheus": {
+            "image": "prom/prometheus:latest",
+            "volumes": [
+                "./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro",
+                "./prometheus/file_sd:/etc/prometheus/file_sd",
+            ],
+            "networks": ["shard_net"],
+        },
+        "grafana": {
+            "image": "grafana/grafana:latest",
+            "environment": {
+                "GF_SECURITY_ADMIN_PASSWORD": os.urandom(16).hex(),
+                "GF_INSTALL_PLUGINS": "grafana-piechart-panel,grafana-clock-panel",
+            },
+            "volumes": [
+                "grafana-data:/var/lib/grafana",
+                "./grafana/provisioning:/etc/grafana/provisioning:ro",
+            ],
+            "depends_on": ["prometheus"],
+            "networks": ["shard_net"],
+        },
+        "socket-proxy": {
+            "image": "docker.io/alpine/socat",
+            "volumes": ["./socks:/socks", "./socat-entrypoint.sh:/socat-entrypoint.sh"],
+            "entrypoint": ["/bin/sh"],
+            "command": "/socat-entrypoint.sh",
+            "depends_on": ["grafana", "nginx", "prometheus"],
+            "networks": ["shard_net"],
+        },
     },
     "volumes": {
         "postgres-storage": {},
+        "grafana-data": {},
     },
     "networks": {"shard_net": {}},
 }
 
 for i in range(args.dev_shards):
+    token = base64.b64encode(CONNECTION_SECRET).decode().strip("=")
     base["services"][f"shard-{i}"] = {
         "build": {"context": "./shard"},
-        "container_name": f"shard-{i}",
         "networks": ["shard_net"],
         "restart": "unless-stopped",
         "depends_on": ["server"],
-        "environment": {
-            "SHARD_TOKEN": base64.b64encode(CONNECTION_SECRET).decode().strip("=")
-        },
         "volumes": [
             f"shard-{i}-storage:/opt/shard/.data",
         ],
+        "command": f"sh -c 'export SHARD_PUBLIC_IP=$(hostname -i) && ./shard \"http://nginx/api/connect/{token}\" --dry'",
     }
     base["volumes"][f"shard-{i}-storage"] = {}
 
 
@@ -0,0 +1,8 @@
+apiVersion: 1
+providers:
+  - name: 'Sharder dashboards'
+    orgId: 1
+    folder: ''
+    type: file
+    options:
+      path: /etc/grafana/provisioning/dashboards/sharder
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ server {`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`location /api {`
`21`		`- proxy_pass http://sharder-server:8000;`
	`21`	`+ proxy_pass http://server:8000;`
`22`	`22`	`proxy_set_header Host $host;`
`23`	`23`	`proxy_set_header X-Real-IP $remote_addr;`
`24`	`24`	`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
`@@ -31,3 +31,11 @@ server {`
`31`	`31`	`proxy_busy_buffers_size 256k;`
`32`	`32`	`}`
`33`	`33`	`}`
	`34`	`+`
	`35`	`+server {`
	`36`	`+ listen 9113;`
	`37`	`+`
	`38`	`+ location /nginx_status {`
	`39`	`+ stub_status on;`
	`40`	`+ }`
	`41`	`+}`