Merge remote-tracking branch 'origin/main' into PLAT-346-cluster-logstash

Author: CastelloG

.env.ci

@@ -0,0 +1,121 @@
+# General
+
+STATEFUL_NODES=cluster
+
+# LOG
+
+DEBUG=1
+BASHLOG_FILE=0
+BASHLOG_FILE_PATH=platform.log
+
+# Interoperability Layer - OpenHIM
+
+OPENHIM_CORE_INSTANCES=3
+OPENHIM_CONSOLE_INSTANCES=3
+OPENHIM_CORE_MEDIATOR_HOSTNAME=openhimcomms.domain
+OPENHIM_MEDIATOR_API_PORT=443
+MONGO_SET_COUNT=3
+OPENHIM_MONGO_URL=mongodb://mongo-1:27017,mongo-2:27017,mongo-3:27017/openhim?replicaSet=mongo-set
+OPENHIM_MONGO_ATNAURL=mongodb://mongo-1:27017,mongo-2:27017,mongo-3:27017/openhim?replicaSet=mongo-set
+
+# FHIR Datastore - HAPI FHIR
+
+HAPI_FHIR_INSTANCES=3
+REPMGR_PRIMARY_HOST=postgres-1
+REPMGR_PARTNER_NODES=postgres-1,postgres-2,postgres-3
+POSTGRES_REPLICA_SET=postgres-1:5432,postgres-2:5432,postgres-3:5432
+
+# Reverse Proxy - Nginx
+
+REVERSE_PROXY_INSTANCES=3
+INSECURE=false
+INSECURE_PORTS=5001:5001-80:80-8080:8080-5601:5601-5488:5488
+DOMAIN_NAME=domain
+SUBDOMAINS=openhimcomms.domain,openhimcore.domain,openhimconsole.domain,kibana.domain,reports.domain
+RENEWAL_EMAIL=dummy@jembi.org
+STAGING=true
+
+# Analytics Datastore - Elastic Search
+
+ES_HEAP_SIZE=-Xms8192m -Xmx8192m
+ES_LOGSTASH_SYSTEM=dev_password_only
+ES_APM_SYSTEM=dev_password_only
+ES_REMOTE_MONITORING_USER=dev_password_only
+ES_ELASTIC=dev_password_only
+ES_KIBANA_SYSTEM=dev_password_only
+ES_BEATS_SYSTEM=dev_password_only
+ES_SSL=false
+
+ES_LEADER_NODE=analytics-datastore-elastic-search-01
+ES_HOSTS="analytics-datastore-elastic-search-01:9200","analytics-datastore-elastic-search-02:9200","analytics-datastore-elastic-search-03:9200"
+
+# Dashboard Visualiser - Kibana
+
+# ES_KIBANA_SYSTEM - Required for Kibana, set in the "Analytics Datastore - Elastic Search" section
+KIBANA_INSTANCES=1
+KIBANA_SSL=false
+
+# Data Mapper - Logstash
+
+# ES_ELASTIC - Required for Logstash, set in the "Analytics Datastore - Elastic Search" section
+LS_JAVA_OPTS=-Xmx6144m -Xms6144m
+
+LOGSTASH_DEV_MOUNT=false
+LOGSTASH_PACKAGE_PATH=
+
+# Dashboard Visualiser - JS Reports
+
+JS_REPORT_INSTANCES=1
+JS_REPORT=dev_password_only
+JS_REPORT_USERNAME=admin
+JS_REPORT_SECRET=dev_secret_only
+JS_REPORT_SSL=false
+JS_REPORT_CONFIG_FILE=export.jsrexport
+JS_REPORT_LICENSE_KEY=
+
+# MAKE SURE YOU HAVE RUN 'set-permissions.sh' SCRIPT BEFORE AND AFTER RUNNING JS REPORT
+JS_REPORT_DEV_MOUNT=false
+JS_REPORT_PACKAGE_PATH=
+
+# Reprocess Mediator
+
+REPROCESS_MEDIATOR_VERSION=v1.2.2
+REPROCESS_SERVER_PORT=3000
+REPROCESS_LOG_LEVEL=info
+REPROCESS_OPENHIM_MEDIATOR_URL=https://openhim-core:8080
+REPROCESS_OPENHIM_TRANSACTION_URL=http://openhim-core:5001
+REPROCESS_OPENHIM_USERNAME=root@openhim.org
+REPROCESS_OPENHIM_PASSWORD=instant101
+REPROCESS_OPENHIM_CLIENT_CUSTOM_TOKEN=test
+REPROCESS_TRUST_SELF_SIGNED=true
+REPROCESS_ES_URL=http://analytics-datastore-elastic-search:9200
+REPROCESS_ES_USERNAME=elastic
+REPROCESS_ES_PASSWORD=dev_password_only
+REPROCESS_ES_HIT_SIZE=1000
+REPROCESS_LOGSTASH_URL=http://data-mapper-logstash:5056
+REPROCESS_LOGSTASH_CONCURRENCY=2
+
+# Resource limits
+
+OPENHIM_MEMORY_LIMIT=4G
+OPENHIM_CONSOLE_MEMORY_LIMIT=2G
+OPENHIM_MONGO_MEMORY_LIMIT=3G
+
+HAPI_FHIR_MEMORY_LIMIT=2500M
+HF_POSTGRES_MEMORY_LIMIT=3G
+HAPI_PROXY_MEMORY_LIMIT=1G
+
+NGINX_MEMORY_LIMIT=1G
+
+ES_MEMORY_LIMIT=20G
+LOGSTASH_MEMORY_LIMIT=8G
+KIBANA_MEMORY_LIMIT=3G
+
+JS_REPORT_MEMORY_LIMIT=3G
+
+ZOOKEEPER_MEMORY_LIMIT=4G
+KAFKA_MEMORY_LIMIT=8G
+KAFDROP_MEMORY_LIMIT=500M
+
+FILE_BEAT_MEMORY_LIMIT=500M
+METRIC_BEAT_MEMORY_LIMIT=500M

.env.cluster

@@ -18,6 +18,13 @@ MONGO_SET_COUNT=1
 OPENHIM_MONGO_URL=mongodb://mongo-1:27017/openhim
 OPENHIM_MONGO_ATNAURL=mongodb://mongo-1:27017/openhim
 
+# FHIR Datastore - HAPI FHIR
+
+HAPI_FHIR_INSTANCES=1
+REPMGR_PRIMARY_HOST=postgres-1
+REPMGR_PARTNER_NODES=postgres-1,postgres-2,postgres-3
+POSTGRES_REPLICA_SET=postgres-1:5432,postgres-2:5432,postgres-3:5432
+
 # Reverse Proxy - Nginx
 
 REVERSE_PROXY_INSTANCES=1

.env.local

@@ -0,0 +1,123 @@
+name: platform-e2e-tests-clustered
+on:
+  pull_request:
+    types: [ready_for_review]
+  push:
+    tags:
+      - "*"
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'     
+        required: false
+        default: false
+jobs:
+  provision-e2e-server:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 15
+    env:
+      TF_VAR_PROJECT_NAME: platform-e2e-tests-${{ github.run_id }}
+      TF_VAR_PUBLIC_KEY_PATH: key.pub
+      TF_VAR_HOSTED_ZONE_ID: Z00782582NSP6D0VHBCMI
+      TF_VAR_DOMAIN_NAME: ${{ github.run_id }}.jembi.cloud
+      TF_VAR_INSTANCE_TYPE: r5.2xlarge
+      TF_VAR_SUBNET_ID: subnet-0004b0dacb5862d59
+      TF_VAR_VPC_ID: vpc-067ab69f374ac9f47
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    defaults:
+      run:
+        working-directory: ./infrastructure/terraform
+    steps:
+      - uses: actions/checkout@v3
+      - uses: hashicorp/setup-terraform@v2
+      - run: 'pwd && echo "$SSH_KEY" > key.pub'
+        shell: bash
+        env:
+          SSH_KEY: ${{ secrets.DEPLOY_KEY_PUB }}
+      - run: terraform init
+      - run: terraform apply -auto-approve
+      - name: Upload terraform state
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: tfstate
+          path: infrastructure/terraform/terraform.tfstate
+  configure-e2e-server:
+    runs-on: ubuntu-20.04
+    needs: provision-e2e-server
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run playbook
+        uses: dawidd6/action-ansible-playbook@v2
+        with:
+          playbook: playbooks/provision.yml
+          directory: ./infrastructure/ansible
+          key: ${{ secrets.DEPLOY_KEY }}
+          vault_password: ${{ secrets.VAULT_PASSWORD }}
+          inventory: |
+            [leader]
+            node-1.${{ github.run_id }}.jembi.cloud name=node-1
+
+            [managers]
+            node-2.${{ github.run_id }}.jembi.cloud name=node-2
+            node-3.${{ github.run_id }}.jembi.cloud name=node-3
+
+            [workers]
+          options: |
+            --become
+            --user=ubuntu
+            --extra-vars @./inventories/development/group_vars/all.yml
+  launch-platform:
+    runs-on: ubuntu-20.04
+    needs: configure-e2e-server
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v3
+      - run: ./get-cli.sh linux
+      - run: ./build-image.sh
+      - run: sudo sh -c 'echo "    ServerAliveInterval 30" >> /etc/ssh/ssh_config'
+      - run: sudo sh -c 'echo "    ServerAliveCountMax 999" >> /etc/ssh/ssh_config'
+      - run: sudo service ssh restart
+      - uses: webfactory/ssh-agent@v0.5.4
+        with:
+          ssh-private-key: ${{ secrets.DEPLOY_KEY }}
+      - run: ssh-keyscan -H ${{ github.run_id }}.jembi.cloud >> ~/.ssh/known_hosts
+      - run: ./remote-img-load.sh ${{ github.run_id }}.jembi.cloud
+      - run: sed -i 's/domain/${{ github.run_id }}.jembi.cloud/g' .env.cluster
+      # TODO: (PLAT-385, rcrichton) add 'client-registry-santempi' add santempi once it works in cluster mode
+      - run: DOCKER_HOST=ssh://ubuntu@${{ github.run_id }}.jembi.cloud ./platform-linux --env-file=.env.cluster init reverse-proxy-nginx interoperability-layer-openhim fhir-datastore-hapi-fhir message-bus-kafka analytics-datastore-elastic-search dashboard-visualiser-kibana data-mapper-logstash dashboard-visualiser-jsreport fhir-datastore-helper-hapi-fhir message-bus-helper-hapi-proxy
+  destroy-e2e-server:
+    runs-on: ubuntu-20.04
+    if: always()
+    needs: [provision-e2e-server, configure-e2e-server, launch-platform]
+    timeout-minutes: 15
+    env:
+      TF_VAR_PROJECT_NAME: platform-e2e-tests-${{ github.run_id }}
+      TF_VAR_INSTANCE_COUNT: 1
+      TF_VAR_PUBLIC_KEY_PATH: key.pub
+      TF_VAR_HOSTED_ZONE_ID: Z00782582NSP6D0VHBCMI
+      TF_VAR_DOMAIN_NAME: ${{ github.run_id }}.jembi.cloud
+      TF_VAR_INSTANCE_TYPE: r5.2xlarge
+      TF_VAR_SUBNET_ID: subnet-0004b0dacb5862d59
+      TF_VAR_VPC_ID: vpc-067ab69f374ac9f47
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    defaults:
+      run:
+        working-directory: ./infrastructure/terraform
+    steps:
+      - uses: actions/checkout@v3
+      - uses: hashicorp/setup-terraform@v2
+      - run: 'echo "$SSH_KEY" > key.pub'
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.DEPLOY_KEY_PUB}}
+      - name: Download terraform state
+        uses: actions/download-artifact@v3
+        with:
+          name: tfstate
+          path: infrastructure/terraform/
+      - run: terraform init
+      - run: terraform destroy -auto-approve

.github/workflows/ci-cluster.yml

@@ -6,21 +6,24 @@ on:
     tags:
       - "*"
   workflow_dispatch:
-concurrency: e2e
+    inputs:
+      debug_enabled:
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'     
+        required: false
+        default: false
 jobs:
   provision-e2e-server:
     runs-on: ubuntu-20.04
     timeout-minutes: 15
     env:
-      TF_VAR_PROJECT_NAME: platform-e2e-tests
+      TF_VAR_PROJECT_NAME: platform-e2e-tests-${{ github.run_id }}
       TF_VAR_INSTANCE_COUNT: 1
       TF_VAR_PUBLIC_KEY_PATH: key.pub
-      TF_VAR_SUB_DOMAIN_NAME_CREATION_ENABLED: true
-      TF_VAR_DOMAIN_NAME_CREATION_ENABLED: false
       TF_VAR_HOSTED_ZONE_ID: Z00782582NSP6D0VHBCMI
-      TF_VAR_DOMAIN_NAME: jembi.cloud
-      TF_VAR_SUBDOMAIN_NAMES: ${{ github.run_id }}.jembi.cloud *.${{ github.run_id }}.jembi.cloud
+      TF_VAR_DOMAIN_NAME: ${{ github.run_id }}.jembi.cloud
       TF_VAR_INSTANCE_TYPE: r5.2xlarge
+      TF_VAR_SUBNET_ID: subnet-0004b0dacb5862d59
+      TF_VAR_VPC_ID: vpc-067ab69f374ac9f47
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     defaults:
@@ -81,23 +84,25 @@ jobs:
           ssh-private-key: ${{ secrets.DEPLOY_KEY }}
       - run: ssh-keyscan -H ${{ github.run_id }}.jembi.cloud >> ~/.ssh/known_hosts
       - run: ./remote-img-load.sh ${{ github.run_id }}.jembi.cloud
-      - run: sed -i 's/domain/${{ github.run_id }}.jembi.cloud/g' .env.ci
-      - run: DOCKER_HOST=ssh://ubuntu@${{ github.run_id }}.jembi.cloud ./platform-linux --env-file=.env.ci init
+      - run: sed -i 's/OPENHIM_CORE_MEDIATOR_HOSTNAME=localhost/OPENHIM_CORE_MEDIATOR_HOSTNAME=openhimcomms.domain/g' .env.local
+      - run: sed -i 's/OPENHIM_MEDIATOR_API_PORT=8080/OPENHIM_MEDIATOR_API_PORT=443/g' .env.local
+      - run: sed -i 's/INSECURE=true/INSECURE=false/g' .env.local
+      - run: sed -i 's/domain/${{ github.run_id }}.jembi.cloud/g' .env.local
+      - run: DOCKER_HOST=ssh://ubuntu@${{ github.run_id }}.jembi.cloud ./platform-linux --env-file=.env.local init
   destroy-e2e-server:
     runs-on: ubuntu-20.04
     if: always()
     needs: [provision-e2e-server, configure-e2e-server, launch-platform]
     timeout-minutes: 15
     env:
-      TF_VAR_PROJECT_NAME: platform-e2e-tests
+      TF_VAR_PROJECT_NAME: platform-e2e-tests-${{ github.run_id }}
       TF_VAR_INSTANCE_COUNT: 1
       TF_VAR_PUBLIC_KEY_PATH: key.pub
-      TF_VAR_SUB_DOMAIN_NAME_CREATION_ENABLED: true
-      TF_VAR_DOMAIN_NAME_CREATION_ENABLED: false
       TF_VAR_HOSTED_ZONE_ID: Z00782582NSP6D0VHBCMI
-      TF_VAR_DOMAIN_NAME: jembi.cloud
-      TF_VAR_SUBDOMAIN_NAMES: ${{ github.run_id }}.jembi.cloud *.${{ github.run_id }}.jembi.cloud
+      TF_VAR_DOMAIN_NAME: ${{ github.run_id }}.jembi.cloud
       TF_VAR_INSTANCE_TYPE: r5.2xlarge
+      TF_VAR_SUBNET_ID: subnet-0004b0dacb5862d59
+      TF_VAR_VPC_ID: vpc-067ab69f374ac9f47
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     defaults: