wip

femiwiki · Sep 2, 2024 · a78d0cb · a78d0cb
1 parent 3a191fb
commit a78d0cb
Show file tree

Hide file tree

Showing 8 changed files with 358 additions and 35 deletions.
diff --git a/jobs/backupbot.nomad b/jobs/backupbot.nomad
@@ -1,3 +1,9 @@
+variable "test" {
+  type        = bool
+  description = "Uses jobs for the test server. Without CSI"
+  default     = false
+}
+
 job "backupbot" {
   datacenters = ["dc1"]
 
@@ -25,6 +31,13 @@ job "backupbot" {
         memory = 100
       }
     }
+
+    dynamic "network" {
+      for_each = var.test ? [{}] : []
+      content {
+        mode = "bridge"
+      }
+    }
   }
 
   reschedule {

diff --git a/jobs/fastcgi.nomad b/jobs/fastcgi.nomad
@@ -1,10 +1,36 @@
+variable "test" {
+  type        = bool
+  description = "Uses jobs for the test server. Without CSI"
+  default     = false
+}
+
 job "fastcgi" {
   datacenters = ["dc1"]
 
   group "fastcgi" {
     # Init Task Lifecycle
     # Reference: https://www.nomadproject.io/docs/job-specification/lifecycle#init-task-pattern
-    task "wait-for-backend" {
+    task "wait-for-mysql" {
+      lifecycle {
+        hook    = "prestart"
+        sidecar = false
+      }
+
+      driver = "exec"
+      config {
+        command = "sh"
+        args = [
+          "-c",
+          format(
+            "while ! ncat --send-only %s %s < /dev/null; do sleep 1; done",
+            var.test ? NOMAD_UPSTREAM_IP_mysql : "127.0.0.1",
+            var.test ? NOMAD_UPSTREAM_PORT_mysql : "3306"
+          ),
+        ]
+      }
+    }
+
+    task "wait-for-memcached" {
       lifecycle {
         hook    = "prestart"
         sidecar = false
@@ -15,10 +41,10 @@ job "fastcgi" {
         command = "sh"
         args = [
           "-c",
-          join(";", [
-            "while ! ncat --send-only 127.0.0.1 3306 < /dev/null; do sleep 1; done",
-            "while ! ncat --send-only 127.0.0.1 11211 < /dev/null; do sleep 1; done"
-          ])
+          format("while ! ncat --send-only %s %s < /dev/null; do sleep 1; done",
+            var.test ? NOMAD_UPSTREAM_IP_memcached : "127.0.0.1",
+            var.test ? NOMAD_UPSTREAM_PORT_memcached : "11211"
+          ),
         ]
       }
     }
@@ -118,8 +144,7 @@ job "fastcgi" {
         ]
 
         cpu_hard_limit = true
-
-        network_mode = "host"
+        network_mode   = var.test ? "bridge" : "host"
       }
 
       resources {
@@ -128,12 +153,70 @@ job "fastcgi" {
         memory_max = 800
       }
 
-      env {
-        NOMAD_UPSTREAM_ADDR_http      = "127.0.0.1:80"
-        NOMAD_UPSTREAM_ADDR_memcached = "127.0.0.1:11211"
-        MEDIAWIKI_SKIP_INSTALL        = "1"
-        MEDIAWIKI_SKIP_IMPORT_SITES   = "1"
-        MEDIAWIKI_SKIP_UPDATE         = "1"
+      dynamic "env" {
+        for_each = !var.test ? [] : [{}]
+        content {
+          MEDIAWIKI_SKIP_INSTALL      = var.test ? "0" : "1"
+          MEDIAWIKI_SKIP_IMPORT_SITES = "1"
+          MEDIAWIKI_SKIP_UPDATE       = var.test ? "0" : "1"
+        }
+      }
+
+      dynamic "env" {
+        for_each = var.test ? [] : [{}]
+        content {
+          NOMAD_UPSTREAM_ADDR_http      = "127.0.0.1:80"
+          NOMAD_UPSTREAM_ADDR_mysql     = "127.0.0.1:3306"
+          NOMAD_UPSTREAM_ADDR_memcached = "127.0.0.1:11211"
+          MEDIAWIKI_SKIP_INSTALL        = var.test ? "0" : "1"
+          MEDIAWIKI_SKIP_IMPORT_SITES   = "1"
+          MEDIAWIKI_SKIP_UPDATE         = var.test ? "0" : "1"
+        }
+      }
+    }
+
+    dynamic "network" {
+      for_each = var.test ? [{}] : []
+      content {
+        mode = "bridge"
+      }
+    }
+
+    dynamic "service" {
+      for_each = !var.test ? [] : [{}]
+
+      content {
+        name = "fastcgi"
+        port = "9000"
+
+        dynamic "connect" {
+          for_each = !var.test ? [] : [{}]
+
+          content {
+            sidecar_service {
+              proxy {
+                upstreams {
+                  destination_name = "mysql"
+                  local_bind_port  = 3306
+                }
+
+                upstreams {
+                  destination_name = "memcached"
+                  local_bind_port  = 11211
+                }
+              }
+            }
+
+            sidecar_task {
+              config {
+                memory_hard_limit = 300
+              }
+              resources {
+                memory = 20
+              }
+            }
+          }
+        }
       }
     }
   }
@@ -146,7 +229,10 @@ job "fastcgi" {
   }
 
   update {
-    auto_revert = true
+    auto_revert  = true
+    auto_promote = var.test ? true : false
+    # canary count equal to the desired count allows a Nomad job to model blue/green deployments
+    canary = var.test ? 1 : 0
   }
 }
 
@@ -194,4 +280,3 @@ set -euo pipefail; IFS=$'\n\t'
 
 EOF
 }
-
diff --git a/jobs/http.nomad b/jobs/http.nomad
@@ -1,3 +1,9 @@
+variable "test" {
+  type        = bool
+  description = "Uses jobs for the test server. Without certification."
+  default     = false
+}
+
 job "http" {
   datacenters = ["dc1"]
 
@@ -19,10 +25,43 @@ job "http" {
         read_only   = false
       }
 
-      artifact {
-        source      = "https://github.com/femiwiki/nomad/raw/main/caddy/Caddyfile"
-        destination = "local/Caddyfile"
-        mode        = "file"
+      dynamic "template" {
+        for_each = !var.test ? [] : [{
+          data        = var.caddyfile_for_test
+          destination = "local.Caddyfile"
+        }]
+
+        content {
+          data        = template.value.data
+          destination = template.value.destination
+        }
+      }
+      dynamic "artifact" {
+        for_each = var.test ? [] : [{
+          source      = "https://github.com/femiwiki/nomad/raw/main/caddy/Caddyfile"
+          destination = "local/Caddyfile"
+          mode        = "file"
+        }]
+
+        content {
+          source      = artifact.value.source
+          destination = artifact.value.destination
+          mode        = artifact.value.mode
+        }
+      }
+
+      dynamic "artifact" {
+        for_each = var.test ? [] : [{
+          source      = "https://github.com/femiwiki/nomad/raw/main/caddy/Caddyfile"
+          destination = "local/Caddyfile"
+          mode        = "file"
+        }]
+        content {
+          source      = artifact.value.source
+          destination = artifact.value.destination
+          mode        = artifact.value.mode
+
+        }
       }
 
       artifact {
@@ -68,7 +107,50 @@ job "http" {
 
       env {
         CADDYPATH    = "/etc/caddycerts"
-        FASTCGI_ADDR = "127.0.0.1:9000"
+        FASTCGI_ADDR = var.test ? NOMAD_UPSTREAM_ADDR_fastcgi : "127.0.0.1:9000"
+      }
+    }
+
+    dynamic "network" {
+      for_each = var.test ? [{}] : []
+      content {
+        mode = "bridge"
+
+        port "http" {
+          static = 80
+        }
+
+        port "https" {
+          static = 443
+        }
+      }
+    }
+
+    dynamic "service" {
+      for_each = var.test ? [{}] : []
+      content {
+        name = "http"
+        port = "80"
+
+        connect {
+          sidecar_service {
+            proxy {
+              upstreams {
+                destination_name = "fastcgi"
+                local_bind_port  = 9000
+              }
+            }
+          }
+
+          sidecar_task {
+            config {
+              memory_hard_limit = 500
+            }
+            resources {
+              memory = 20
+            }
+          }
+        }
       }
     }
 
@@ -90,3 +172,41 @@ job "http" {
     auto_revert = true
   }
 }
+
+variable "caddyfile_for_test" {
+  type    = string
+  default = <<EOF
+{
+  # Global options
+  auto_https off
+  order mwcache before rewrite
+}
+http://127.0.0.1:{$NOMAD_HOST_PORT_http} http://localhost:{$NOMAD_HOST_PORT_http}
+root * /srv/femiwiki.com
+php_fastcgi {$NOMAD_UPSTREAM_ADDR_fastcgi}
+file_server
+encode gzip
+mwcache {
+	ristretto {
+		num_counters 100000
+		max_cost 10000
+		buffer_items 64
+	}
+  purge_acl {
+    10.0.0.0/8
+    127.0.0.1
+  }
+}
+header {
+  # Enable XSS filtering for legacy browsers
+  X-XSS-Protection "1; mode=block"
+  # Block content sniffing, and enable Cross-Origin Read Blocking
+  X-Content-Type-Options "nosniff"
+  # Avoid clickjacking
+  X-Frame-Options "DENY"
+}
+rewrite /w/api.php /api.php
+rewrite /w/* /index.php
+
+EOF
+}
diff --git a/jobs/memcached.nomad b/jobs/memcached.nomad
@@ -1,3 +1,9 @@
+variable "test" {
+  type        = bool
+  description = "Uses jobs for the test server. Without certification."
+  default     = false
+}
+
 job "memcached" {
   datacenters = ["dc1"]
 
@@ -17,8 +23,33 @@ job "memcached" {
     network {
       mode = "bridge"
 
-      port "memcached" {
-        static = 11211
+      dynamic "port" {
+        for_each = var.test ? [] : [{}]
+        labels   = ["memcached"]
+        content {
+          static = 11211
+        }
+      }
+    }
+
+    dynamic "service" {
+      for_each = var.test ? [{}] : []
+      content {
+        name = "memcached"
+        port = "11211"
+
+        connect {
+          sidecar_service {}
+
+          sidecar_task {
+            config {
+              memory_hard_limit = 300
+            }
+            resources {
+              memory = 20
+            }
+          }
+        }
       }
     }
   }
@@ -31,6 +62,9 @@ job "memcached" {
   }
 
   update {
-    auto_revert = true
+    auto_revert  = true
+    auto_promote = var.test ? true : false
+    # canary count equal to the desired count allows a Nomad job to model blue/green deployments
+    canary = var.test ? 1 : 0
   }
 }