From 6af101174aecc3bffc548bff6d9a02c292de3a17 Mon Sep 17 00:00:00 2001 From: Rachal Cassity Date: Wed, 8 May 2024 09:52:30 -0500 Subject: [PATCH] fixing k8s (#16679) * Update Docs for ClamAV in Container (#16058) * use clamav container for local development and review instances * rubocop formatting & CODEOWNERS * fix Dockerfile * update CODEOWNERS and docker-compose version for review instances * change docker-compose verions for review * fix review ports * update github workflows to match k8s * update github workflows * update code_checks for docker compose for tests * add bundle exec to setup db step in audit service tags * reset db in docker compose review & update audit service tag docker services * remove clamd and freshclam from procfile * add sidekiq enterprise license to test env var * set sidekiq license to docker build args * update makefile to work with new docker services * update hybrid docs * add clamav host & port to settings * add restart services to docker-compose review * update hybrid and native docs for clamav * remove clamav setup for ubuntu * add clamav configration info for docker setup * Added virus scan to uploads spec (#16393) * Added virus scan to uploads spec * Fixing Virus scan spec * resolve merge conflict * change directory from /app to /srv/vets-api/src * use previous master version for RI + clam containers * add USER_ID to RI docker-compose * set working directory back to app * minor clean up with new line EOF & remove k8s deploy related code * update makefile up command with foreman * fix docker-compose clamav new line * more cleanup and rubocop formatting * remove redis ports from docker-compose test * update redis port * revert docker-compose test to original master * update api service name to web * rubocop formatting * add Procfile to CODEOWNERS * update CODEOWNERS * add secret and pki volumes back to RI * add some settings in review docker-compose * fix merge conflict mistake in Dockerfile * fix merge conflict * add rvm install ruby version troubleshooting tip * update dockerfile ruby version * resolve merge conflict * rephrase heading * update clamav daemon socket docs and comment socket env var * correct phrasing * update from GH comments --------- Co-authored-by: Rachal Cassity * fixing k8s --------- Co-authored-by: stevenjcumming <134282106+stevenjcumming@users.noreply.github.com> --- docs/setup/native.md | 44 -------------------------------------------- 1 file changed, 44 deletions(-) diff --git a/docs/setup/native.md b/docs/setup/native.md index a61f671bdfe..4a17567d022 100644 --- a/docs/setup/native.md +++ b/docs/setup/native.md @@ -96,50 +96,6 @@ This file has the necessary configuration settings for local development as well ### Configuring ClamAV antivirus -### EKS - -Prior to EKS, ClamAV (the virus scanner) was deployed in the same process as Vets API. With EKS, ClamAV has been extracted out into it’s own service. Locally you can see the docker-compose.yml config for clamav. - - - -### Options -#### Option 1: Run ONLY clamav via Docker - -You can either run: -`docker-compose -f docker-compose-clamav.yml up` - this will run ONLY clamav via docker - -After that, follow the native instructions and run `foreman start -m all=1` - -#### Option 2: [See hybrid setup](https://github.com/department-of-veterans-affairs/vets-api/blob/k8s/docs/setup/hybrid.md) - -Please set the [clamav intitalizer](https://github.com/department-of-veterans-affairs/vets-api/blob/k8s/config/initializers/clamav.rb) initializers/clamav.rb file to the following: - -``` -#### Important: If running hybrid -if Rails.env.development? - ENV["CLAMD_TCP_HOST"] = "0.0.0.0" - ENV["CLAMD_TCP_PORT"] = "33100" - end -``` - -#### Option 3: Run Clamav Natively (OSX): - -If you wish to run ClamAV natively, you'll need to check the platform specific notes. This section will detail the steps of how to run clamav on OSX. - -1. `brew install clamav` -2. `brew info clamav` - -3. NOTE: See the "Caveats" section: "To finish installation & run clamav you will need to edit the example conf files at `your_directory_here` e.g. `/usr/local/etc/clamav/` - Make note of this directory for following steps. - -4. cd into `your_directory_here` from step above (e.g. `/usr/local/etc/clamav/`) - -5. In clamd.conf add `LocalSocket your_directory_here/clamd.sock` (e.g. `/usr/local/etc/clamav/clamd.sock`) -6. In freshclam.conf add `DatabaseMirror database.clamav.net` -7. Update the local ClamAV database via `freshclam -v` -8. Run with `/usr/local/sbin/clamd -c your_directory_here/clamd.conf` -9. Comment out EVERYTHING in the [clamav.rb initializer](https://github.com/department-of-veterans-affairs/vets-api/blob/k8s/config/initializers/clamav.rb#L3-L13) -10. Add `ENV['CLAMD_UNIX_SOCKET'] = 'your_directory_here/clamd.sock'` to [config/intializers/clamav.rb](https://github.com/department-of-veterans-affairs/vets-api/blob/k8s/config/initializers/clamav.rb) - (e.g. `/usr/local/etc/clamav/clamd.sock`) -11. Test if working via `rails c` and [ping command](https://github.com/franckverrot/clamav-client#ping--boolean) **NOTE:** In many cases, there in no need to run ClamAV for local development, even if you are working with uploaded files since the scanning functionality is already built into our CarrierWave and Shrine file upload base classes. Prior to EKS, ClamAV (the virus scanner) was deployed in the same process as Vets API. With EKS, ClamAV has been extracted out into it’s own service. Locally you can see the docker-compose.yml config for clamav.