Merge pull request StackStorm#38 from shusugmt/one-process-per-container

Add "One Process Per Container" image
sidmohan1 · Jul 5, 2017 · eb0beb5 · eb0beb5
2 parents 1f92635 + c1d0d85
commit eb0beb5
Show file tree

Hide file tree

Showing 15 changed files with 1,232 additions and 0 deletions.
diff --git a/images/stackstorm-1ppc/Dockerfile b/images/stackstorm-1ppc/Dockerfile
@@ -0,0 +1,13 @@
+# pin to st2 2.2.1
+FROM stackstorm/stackstorm@sha256:5e8f9f0e4a3a1f89fd060a6b8cea7050dd6af28280ca56134676a132755d53c2
+
+RUN wget -O /dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 \
+    && chmod +x /dumb-init
+
+ENV ST2_SERVICE nop
+
+COPY nginx_st2.conf /etc/nginx/conf.d/st2.conf
+COPY entrypoint-1ppc.sh /sbin/init
+
+ENTRYPOINT ["/dumb-init", "--"]
+CMD ["/entrypoint.sh"]
diff --git a/images/stackstorm-1ppc/entrypoint-1ppc.sh b/images/stackstorm-1ppc/entrypoint-1ppc.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+ST2_CONF=/etc/st2/st2.conf
+crudini --set ${ST2_CONF} auth    api_url     ${ST2_API_URL}
+crudini --set ${ST2_CONF} mistral api_url     ${ST2_API_URL}
+crudini --set ${ST2_CONF} mistral v2_base_url ${ST2_MISTRAL_API_URL}
+
+crudini --set ${ST2_CONF} api allow_origin '*'
+
+
+case "$ST2_SERVICE" in
+  "nop" )
+    exec tail -f /dev/null
+    ;;
+  "st2api" )
+    DAEMON_ARGS="-k eventlet -b 0.0.0.0:9101 --workers 1 --threads 1 --graceful-timeout 10 --timeout 30"
+    exec /opt/stackstorm/st2/bin/gunicorn_pecan /opt/stackstorm/st2/lib/python2.7/site-packages/st2api/gunicorn_config.py $DAEMON_ARGS
+    ;;
+  "st2auth" )
+    DAEMON_ARGS="-k eventlet -b 0.0.0.0:9100 --workers 1 --threads 1 --graceful-timeout 10 --timeout 30"
+    exec /opt/stackstorm/st2/bin/gunicorn_pecan /opt/stackstorm/st2/lib/python2.7/site-packages/st2auth/gunicorn_config.py $DAEMON_ARGS
+    ;;
+  "st2stream" )
+    DAEMON_ARGS="-k eventlet -b 0.0.0.0:9102 --workers 1 --threads 10 --graceful-timeout 10 --timeout 30"
+    exec /opt/stackstorm/st2/bin/gunicorn_pecan /opt/stackstorm/st2/lib/python2.7/site-packages/st2stream/gunicorn_config.py $DAEMON_ARGS
+    ;;
+  "st2sensorcontainer" )
+    DAEMON_ARGS="--config-file /etc/st2/st2.conf"
+    exec /opt/stackstorm/st2/bin/st2sensorcontainer ${DAEMON_ARGS}
+    ;;
+  "st2rulesengine" )
+    DAEMON_ARGS="--config-file /etc/st2/st2.conf"
+    exec /opt/stackstorm/st2/bin/st2rulesengine ${DAEMON_ARGS}
+    ;;
+  "st2actionrunner" )
+    DAEMON_ARGS="--config-file /etc/st2/st2.conf"
+    exec /opt/stackstorm/st2/bin/st2actionrunner ${DAEMON_ARGS}
+    ;;
+  "st2resultstracker" )
+    DAEMON_ARGS="--config-file /etc/st2/st2.conf"
+    exec /opt/stackstorm/st2/bin/st2resultstracker ${DAEMON_ARGS}
+    ;;
+  "st2notifier" )
+    DAEMON_ARGS="--config-file /etc/st2/st2.conf"
+    exec /opt/stackstorm/st2/bin/st2notifier ${DAEMON_ARGS}
+    ;;
+  "st2garbagecollector" )
+    DAEMON_ARGS="--config-file /etc/st2/st2.conf"
+    exec /opt/stackstorm/st2/bin/st2garbagecollector ${DAEMON_ARGS}
+    ;;
+  "mistral-api" )
+    set -e
+    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
+    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate
+    API_ARGS="--log-file /var/log/mistral/mistral-api.log -b 0.0.0.0:8989 -w 2 mistral.api.wsgi --graceful-timeout 10"
+    exec /opt/stackstorm/mistral/bin/gunicorn $API_ARGS
+    ;;
+  "mistral-server" )
+    set -e
+    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
+    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate
+    SERVER_ARGS="--config-file /etc/mistral/mistral.conf --log-file /var/log/mistral/mistral-server.log"
+    exec /opt/stackstorm/mistral/bin/mistral-server --server engine,executor ${SERVER_ARGS}
+    ;;
+  "st2web" )
+    exec /usr/sbin/nginx -g 'daemon off;'
+    ;;
+  "st2-register-content" )
+    set -ex
+    PACKS=${PACKS:-"chatops core default linux packs"}
+    for PACK in ${PACKS}; do
+      st2-register-content --config-file /etc/st2/st2.conf --register-all --register-setup-virtualenvs \
+        --register-pack /opt/stackstorm/packs/${PACK}
+    done
+    ;;
+
+esac
diff --git a/images/stackstorm-1ppc/nginx_st2.conf b/images/stackstorm-1ppc/nginx_st2.conf
@@ -0,0 +1,151 @@
+#
+# nginx configuration to expose st2 webui, redirect HTTP->HTTPS,
+# provide SSL termination, and reverse-proxy st2api and st2auth API endpoint.
+# To enable:
+#    cp ${LOCATION}/st2.conf /etc/nginx/sites-available
+#    ln -l /etc/nginx/sites-available/st2.conf /etc/nginx/sites-enabled/st2.conf
+# see https://docs.stackstorm.com/install.html for details
+
+server {
+  listen *:80 default_server;
+
+  add_header Front-End-Https on;
+  add_header X-Content-Type-Options nosniff;
+
+  if ($ssl_protocol = "") {
+       return 301 https://$host$request_uri;
+  }
+
+  index  index.html;
+
+  access_log /var/log/nginx/st2webui.access.log combined;
+  error_log /var/log/nginx/st2webui.error.log;
+}
+
+server {
+  listen       *:443 ssl;
+
+  ssl on;
+
+  ssl_certificate           /etc/ssl/st2/st2.crt;
+  ssl_certificate_key       /etc/ssl/st2/st2.key;
+  ssl_session_cache         shared:SSL:10m;
+  ssl_session_timeout       5m;
+  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers               EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
+  ssl_prefer_server_ciphers on;
+
+  index  index.html;
+
+  access_log            /var/log/nginx/ssl-st2webui.access.log combined;
+  error_log             /var/log/nginx/ssl-st2webui.error.log;
+
+  add_header              Front-End-Https on;
+  add_header              X-Content-Type-Options nosniff;
+
+  resolver st2web-dns valid=10s ipv6=off;
+
+  location @apiError {
+    add_header Content-Type application/json always;
+    return 503 '{ "faultstring": "Nginx is unable to reach st2api. Make sure service is running." }';
+  }
+
+  location /api/ {
+    error_page 502 = @apiError;
+
+    set $st2_api_url http://st2api:9101;
+
+    rewrite ^/api/(.*)  /$1 break;
+
+    proxy_pass            $st2_api_url$uri$is_args$args;
+    proxy_read_timeout    90;
+    proxy_connect_timeout 90;
+    proxy_redirect        off;
+
+    proxy_set_header      Host $host;
+    proxy_set_header      X-Real-IP $remote_addr;
+    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    proxy_set_header Connection '';
+    chunked_transfer_encoding off;
+    proxy_buffering off;
+    proxy_cache off;
+    proxy_set_header Host $host;
+  }
+
+  location @streamError {
+    add_header Content-Type text/event-stream;
+    return 200 "retry: 1000\n\n";
+  }
+
+  # For backward compatibility reasons, rewrite requests from "/api/stream"
+  # to "/stream/v1/stream" and "/api/v1/stream" to "/stream/v1/stream"
+  location /api/stream {
+    rewrite ^/api/stream/?(.*)$ /stream/v1/stream/$1 last;
+  }
+  location /api/v1/stream {
+    rewrite ^/api/v1/stream/?(.*)$ /stream/v1/stream/$1 last;
+  }
+  location /stream/ {
+    error_page 502 = @streamError;
+
+    set $st2_stream_url http://st2stream:9102;
+
+    rewrite ^/stream/(.*)  /$1 break;
+
+    proxy_pass  $st2_stream_url$uri$is_args$args;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+
+    # Disable buffering and chunked encoding.
+    # In the stream case we want to receive the whole payload at once, we don't
+    # want multiple chunks.
+    proxy_set_header Connection '';
+    chunked_transfer_encoding off;
+    proxy_buffering off;
+    proxy_cache off;
+  }
+
+  location @authError {
+    add_header Content-Type application/json always;
+    return 503 '{ "faultstring": "Nginx is unable to reach st2auth. Make sure service is running." }';
+  }
+
+  location /auth/ {
+    error_page 502 = @authError;
+
+    set $st2_auth_url http://st2auth:9100;
+
+    rewrite ^/auth/(.*)  /$1 break;
+
+    proxy_pass            $st2_auth_url$uri$is_args$args;
+    proxy_read_timeout    90;
+    proxy_connect_timeout 90;
+    proxy_redirect        off;
+
+    proxy_set_header      Host $host;
+    proxy_set_header      X-Real-IP $remote_addr;
+    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass_header     Authorization;
+
+    proxy_set_header Connection '';
+    chunked_transfer_encoding off;
+    proxy_buffering off;
+    proxy_cache off;
+    proxy_set_header Host $host;
+  }
+
+  location / {
+    root      /opt/stackstorm/static/webui/;
+    index     index.html;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+  }
+}
diff --git a/runtime/kubernetes-1ppc/README.md b/runtime/kubernetes-1ppc/README.md
@@ -0,0 +1,31 @@
+# Running StackStorm on Kubernetes using 1ppc
+
+## QuickStart
+
+Tested environment:
+
+- Mac
+    - minikube version: v0.19.1
+    - Kubernetes v1.6.4
+
+```
+# Run following commands in the same directory as this README.md
+
+# Start minikube cluster
+# Note: Allow assigning 443 for NodePort service, in order to access st2web
+minikube start --vm-driver=xhyve --extra-config=apiserver.ServiceNodePortRange=443-32767
+
+# Build 1ppc image
+eval $(minikube docker-env)
+docker build -t stackstorm/stackstorm-1ppc ../../images/stackstorm-1ppc
+
+# Check cluster is ready...
+kubectl get pods --all-namespaces
+
+# Run
+kubectl apply -Rf .
+
+# Access Web UI
+# Note: You can find default credentials in configmaps.yaml
+minikube service st2web --https
+```
diff --git a/runtime/kubernetes-1ppc/configmaps.yml b/runtime/kubernetes-1ppc/configmaps.yml
@@ -0,0 +1,39 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: st2
+data:
+  ST2_USER: admin
+  ST2_PASSWORD: changeme
+  ST2_AUTH_URL: http://st2auth:9100/
+  ST2_API_URL: http://st2api:9101/
+  ST2_STREAM_URL: http://st2stream:9102/
+  ST2_MISTRAL_API_URL: http://mistral-api:8989/v2
+  MONGO_HOST: mongo
+  MONGO_PORT: "27017"
+  RABBITMQ_HOST: rabbitmq
+  RABBITMQ_PORT: "5672"
+  POSTGRES_HOST: postgres
+  POSTGRES_PORT: "5432"
+  REDIS_HOST: redis
+  REDIS_PORT: "6379"
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: rabbitmq
+data:
+  RABBITMQ_DEFAULT_USER: admin
+  RABBITMQ_DEFAULT_PASS: 9jS+w1u07NbHtZke1m+jW4Cj
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: postgres
+data:
+  POSTGRES_USER: mistral-user
+  POSTGRES_PASSWORD: 2PehgWO824hcUCUMNbaVwDMT
+  POSTGRES_DB: mistral
diff --git a/runtime/kubernetes-1ppc/externals/mongo.yml b/runtime/kubernetes-1ppc/externals/mongo.yml
@@ -0,0 +1,29 @@
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: mongo
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mongo
+    spec:
+      containers:
+      - name: mongo
+        image: mongo:3.4
+        ports:
+        - containerPort: 27107
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: mongo
+spec:
+  selector:
+    app: mongo
+  ports:
+  - protocol: TCP
+    port: 27017
diff --git a/runtime/kubernetes-1ppc/externals/postgres.yml b/runtime/kubernetes-1ppc/externals/postgres.yml
@@ -0,0 +1,32 @@
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: postgres
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+      - name: postgres
+        image: postgres:latest
+        ports:
+        - containerPort: 5432
+        envFrom:
+        - configMapRef:
+            name: postgres
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: postgres
+spec:
+  selector:
+    app: postgres
+  ports:
+  - protocol: TCP
+    port: 5432