From 0ed2921bb5a81936950b514b0b011bbc2d19fe15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C4=83rbu=C8=9B-Dic=C4=83=20Sami?= <70215066+WarriorsSami@users.noreply.github.com> Date: Sat, 2 Nov 2024 22:43:57 +0200 Subject: [PATCH] Odin (#49) * fix(enki): allow problem to be published iff the sum of its tests scores is 100 * refactor(enki): use more conventional REST paths for endpoints and remove unused projs * feat(odin): add http rerouting using envoy proxy * feat(odin): add ssl termination - add SSL termination for a newly exposed port and reroute traffic directly to services - keep the HTTP listener which redirects traffic to Dapr Sidecars - bug: quetzalcoatl app id not found for now using Dapr - bug: HTTPS certificate not verified despite being added to CA Certs * feat(odin): restrict access to eval-metadata - deny access to enki eval-metadata endpoint using lua filter * build: add github actions for publishing * perf(odin): add support for env vars for cluster ports * perf(odin): replace hard-coded clusters with dapr cluster refactor: extract ancillary services to compose.override file * fix: use proper paths for fixtures in seeder * fix(mssql): pin docker image version based on ubuntu 22.04 --- .github/workflows/build/anubis-eval.yaml | 55 ++ .github/workflows/build/dapr-config.yaml | 55 ++ .github/workflows/build/enki-problems.yaml | 55 ++ .github/workflows/build/hermes-tests.yaml | 55 ++ .github/workflows/build/odin-gateway.yaml | 55 ++ .../workflows/build/quetzalcoatl-auth.yaml | 55 ++ anubis-eval/Dockerfile | 2 +- docker-compose.override.yaml | 658 +++++++++++++++++- docker-compose.yaml | 631 +---------------- envs-template/.env.anubis | 25 + envs-template/.env.enki | 10 + envs-template/.env.hermes | 1 + envs-template/.env.judge0 | 358 ++++++++++ envs-template/.env.midgard | 3 + envs-template/.env.odin | 4 + envs-template/.env.quetzalcoatl | 17 + envs-template/certs/asgard/csr.pem | 17 + envs-template/certs/asgard/https.crt | 19 + envs-template/certs/asgard/key.pem | 28 + envs-template/certs/midgard/csr.pem | 17 + envs-template/certs/midgard/https.crt | 19 + envs-template/certs/midgard/key.pem | 28 + odin-gateway/Dockerfile | 13 +- odin-gateway/docker-entrypoint.sh | 8 + odin-gateway/envoy.yaml | 144 +--- quetzalcoatl-auth/Bootstrapper/Program.cs | 4 +- seeder/fixtures.yaml | 14 +- seeder/main.go | 2 +- 28 files changed, 1593 insertions(+), 759 deletions(-) create mode 100644 .github/workflows/build/anubis-eval.yaml create mode 100644 .github/workflows/build/dapr-config.yaml create mode 100644 .github/workflows/build/enki-problems.yaml create mode 100644 .github/workflows/build/hermes-tests.yaml create mode 100644 .github/workflows/build/odin-gateway.yaml create mode 100644 .github/workflows/build/quetzalcoatl-auth.yaml create mode 100644 envs-template/.env.anubis create mode 100644 envs-template/.env.enki create mode 100644 envs-template/.env.hermes create mode 100644 envs-template/.env.judge0 create mode 100644 envs-template/.env.midgard create mode 100644 envs-template/.env.odin create mode 100644 envs-template/.env.quetzalcoatl create mode 100644 envs-template/certs/asgard/csr.pem create mode 100644 envs-template/certs/asgard/https.crt create mode 100644 envs-template/certs/asgard/key.pem create mode 100644 envs-template/certs/midgard/csr.pem create mode 100644 envs-template/certs/midgard/https.crt create mode 100644 envs-template/certs/midgard/key.pem create mode 100644 odin-gateway/docker-entrypoint.sh diff --git a/.github/workflows/build/anubis-eval.yaml b/.github/workflows/build/anubis-eval.yaml new file mode 100644 index 0000000..b7318cb --- /dev/null +++ b/.github/workflows/build/anubis-eval.yaml @@ -0,0 +1,55 @@ +name: Build Docker image and publish to GitHub Packages + +on: + push: + branches: + - develop + + paths: + - "anubis-eval/**" + - ".github/workflows/anubis-eval.yaml" + + pull_request: + branches: + - develop + + paths: + - "anubis-eval/**" + - ".github/workflows/anubis-eval.yaml" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: anubis-eval + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/pantheonix/asgard/${{ env.IMAGE_NAME }}:latest + + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: anubis-eval + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build/dapr-config.yaml b/.github/workflows/build/dapr-config.yaml new file mode 100644 index 0000000..15989da --- /dev/null +++ b/.github/workflows/build/dapr-config.yaml @@ -0,0 +1,55 @@ +name: Build Docker image and publish to GitHub Packages + +on: + push: + branches: + - develop + + paths: + - "dapr/**" + - ".github/workflows/dapr-config.yaml" + + pull_request: + branches: + - develop + + paths: + - "dapr-config/**" + - ".github/workflows/dapr-config.yaml" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: dapr-config + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/pantheonix/asgard/${{ env.IMAGE_NAME }}:latest + + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: dapr-config + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build/enki-problems.yaml b/.github/workflows/build/enki-problems.yaml new file mode 100644 index 0000000..e584cc2 --- /dev/null +++ b/.github/workflows/build/enki-problems.yaml @@ -0,0 +1,55 @@ +name: Build Docker image and publish to GitHub Packages + +on: + push: + branches: + - develop + + paths: + - "enki-problems/**" + - ".github/workflows/enki-problems.yaml" + + pull_request: + branches: + - develop + + paths: + - "enki-problems/**" + - ".github/workflows/enki-problems.yaml" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: enki-problems + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/pantheonix/asgard/${{ env.IMAGE_NAME }}:latest + + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: enki-problems + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build/hermes-tests.yaml b/.github/workflows/build/hermes-tests.yaml new file mode 100644 index 0000000..1d0b730 --- /dev/null +++ b/.github/workflows/build/hermes-tests.yaml @@ -0,0 +1,55 @@ +name: Build Docker image and publish to GitHub Packages + +on: + push: + branches: + - develop + + paths: + - "hermes-tests/**" + - ".github/workflows/hermes-tests.yaml" + + pull_request: + branches: + - develop + + paths: + - "hermes-tests/**" + - ".github/workflows/hermes-tests.yaml" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: hermes-tests + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/pantheonix/asgard/${{ env.IMAGE_NAME }}:latest + + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: hermes-tests + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/build/odin-gateway.yaml b/.github/workflows/build/odin-gateway.yaml new file mode 100644 index 0000000..70662fb --- /dev/null +++ b/.github/workflows/build/odin-gateway.yaml @@ -0,0 +1,55 @@ +name: Build Docker image and publish to GitHub Packages + +on: + push: + branches: + - develop + + paths: + - "odin-gateway/**" + - ".github/workflows/odin-gateway.yaml" + + pull_request: + branches: + - develop + + paths: + - "odin-gateway/**" + - ".github/workflows/odin-gateway.yaml" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: odin-gateway + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/pantheonix/asgard/${{ env.IMAGE_NAME }}:latest + + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: odin-gateway + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build/quetzalcoatl-auth.yaml b/.github/workflows/build/quetzalcoatl-auth.yaml new file mode 100644 index 0000000..ce0c907 --- /dev/null +++ b/.github/workflows/build/quetzalcoatl-auth.yaml @@ -0,0 +1,55 @@ +name: Build Docker image and publish to GitHub Packages + +on: + push: + branches: + - develop + + paths: + - "quetzalcoatl-auth/**" + - ".github/workflows/quetzalcoatl-auth.yaml" + + pull_request: + branches: + - develop + + paths: + - "quetzalcoatl-auth/**" + - ".github/workflows/quetzalcoatl-auth.yaml" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: quetzalcoatl-auth + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/pantheonix/asgard/${{ env.IMAGE_NAME }}:latest + + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: quetzalcoatl-auth + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/anubis-eval/Dockerfile b/anubis-eval/Dockerfile index c86b677..a13bd03 100644 --- a/anubis-eval/Dockerfile +++ b/anubis-eval/Dockerfile @@ -5,7 +5,7 @@ FROM chef AS planner COPY . . RUN cargo chef prepare --recipe-path recipe.json -FROM chef as builder +FROM chef AS builder LABEL stage=builder ENV CARGO_TERM_COLOR always RUN apt-get update && apt-get install -y libpq-dev libsqlite3-dev libmariadbclient-dev-compat pkg-config libssl1.1 libssl-dev && apt-get clean && rm -rf /var/lib/apt/lists/* diff --git a/docker-compose.override.yaml b/docker-compose.override.yaml index 6291cef..479cb10 100644 --- a/docker-compose.override.yaml +++ b/docker-compose.override.yaml @@ -1,12 +1,664 @@ +x-logging: &default-logging + logging: + driver: json-file + options: + max-size: 100m + services: + ############ SEEDER ############ + seeder: container_name: asgard-seeder build: context: seeder dockerfile: ../seeder/Dockerfile volumes: - - ./seeder/fixtures.yaml:/temp/fixtures.yaml - - ../ProblemArchive/:/temp/ProblemArchive/ + - ./seeder/fixtures.yaml:/tmp/fixtures.yaml + - ../ProblemArchive/:/tmp/ProblemArchive/ network_mode: host + depends_on: + odin-api-gateway: + condition: service_started profiles: - - seeding \ No newline at end of file + - seeding + + ############ MIDGARD ############ + + midgard-web: + container_name: midgard-web + image: ${REGISTRY:-pantheonix}/midgard:${TAG:-ucv} + build: + context: ../Midgard + dockerfile: ./Dockerfile + env_file: + - envs/.env.midgard + ports: + - "10000:443" + volumes: + - ./envs/certs/midgard/https.crt:/etc/nginx/ssl/https.crt + - ./envs/certs/midgard/key.pem:/etc/nginx/ssl/key.pem + restart: always + profiles: + - midgard + - pantheonix + + ############ ODIN ############ + + odin-api-gateway: + build: + context: odin-gateway + dockerfile: ../odin-gateway/Dockerfile + depends_on: + quetzalcoatl-auth-dapr: + condition: service_started + enki-problems-dapr: + condition: service_started + anubis-eval-dapr: + condition: service_started + profiles: + - odin + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + odin-api-gateway-dapr: + container_name: odin-api-gateway-dapr + image: daprio/daprd:1.11.2 + command: + [ + "./daprd", + "-app-id", + "odin-api-gateway", + "-app-port", + "80", + "-placement-host-address", + "asgard-dapr-placement:40000", + "-dapr-http-port", + "3500", + "-dapr-grpc-port", + "50001", + "-components-path", + "/components", + "-config", + "/config/config.yaml", + ] + volumes_from: + - asgard-dapr-config + restart: unless-stopped + depends_on: + odin-api-gateway: + condition: service_started + asgard-dapr-placement: + condition: service_started + asgard-dapr-config: + condition: service_started + network_mode: "service:odin-api-gateway" + profiles: + - odin + - asgard + - pantheonix + + ############ QUETZALCOATL ############ + + quetzalcoatl-auth-api: + build: + context: quetzalcoatl-auth + dockerfile: ../quetzalcoatl-auth/Dockerfile + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/_health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s + depends_on: + quetzalcoatl-mssql-db: + condition: service_healthy + profiles: + - quetzalcoatl + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + quetzalcoatl-auth-dapr: + container_name: quetzalcoatl-auth-dapr + image: daprio/daprd:1.11.2 + command: + [ + "./daprd", + "-app-id", + "quetzalcoatl-auth", + "-app-port", + "80", + "-placement-host-address", + "asgard-dapr-placement:40000", + "-dapr-http-port", + "3500", + "-dapr-grpc-port", + "50001", + "-components-path", + "/components", + "-config", + "/config/config.yaml", + ] + volumes_from: + - asgard-dapr-config + restart: unless-stopped + depends_on: + quetzalcoatl-auth-api: + condition: service_started + asgard-dapr-placement: + condition: service_started + asgard-dapr-config: + condition: service_started + network_mode: "service:quetzalcoatl-auth-api" + profiles: + - quetzalcoatl + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 128M + # reservations: + # memory: 64M + + quetzalcoatl-mssql-db: + container_name: quetzalcoatl-mssql-db + image: mcr.microsoft.com/mssql/server:2022-CU14-ubuntu-22.04 + restart: unless-stopped + user: root + ports: + - "1434:1433" + env_file: + - envs/.env.quetzalcoatl + healthcheck: + test: + [ + "CMD-SHELL", + "/opt/mssql-tools18/bin/sqlcmd -b -C -S localhost -U SA -P $$SA_PASSWORD -Q 'SELECT 1' || exit 1" + ] + interval: 30s + timeout: 10s + retries: 10 + start_period: 60s + volumes: + - quetzalcoatl-db:/var/opt/mssql/data + profiles: + - quetzalcoatl + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 1024M + # reservations: + # memory: 512M + + ############ ENKI ############ + + enki-problems-api: + build: + context: enki-problems + dockerfile: ../enki-problems/Dockerfile + depends_on: + enki-mongo-db: + condition: service_healthy + asgard-redis: + condition: service_started + hermes-tests-dapr: + condition: service_started + profiles: + - enki + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + enki-problems-dapr: + container_name: enki-problems-dapr + image: daprio/daprd:1.11.2 + command: + [ + "./daprd", + "-app-id", + "enki-problems", + "-app-port", + "80", + "-placement-host-address", + "asgard-dapr-placement:40000", + "-dapr-http-port", + "3500", + "-dapr-grpc-port", + "50001", + "-components-path", + "/components", + "-config", + "/config/config.yaml", + ] + volumes_from: + - asgard-dapr-config + restart: unless-stopped + depends_on: + enki-problems-api: + condition: service_started + asgard-dapr-placement: + condition: service_started + asgard-dapr-config: + condition: service_started + network_mode: "service:enki-problems-api" + profiles: + - enki + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 128M + # reservations: + # memory: 64M + + enki-mongo-db: + container_name: enki-mongo-db + image: mongo:5.0 + restart: unless-stopped + command: ["--replSet", "enki-rs", "--bind_ip_all", "--port", "30001"] + volumes: + - enki-db:/data/db + ports: + - "30001:30001" + healthcheck: + # for docker-compose + test: + [ + "CMD-SHELL", + 'mongo --port 30001 --quiet --eval ''rs.initiate({_id:"enki-rs",members:[{_id:0,host:"enki-mongo-db:30001"}]}).ok || rs.status().ok''', + ] + # for docker compose + # test: test $(echo "rs.initiate({_id:'enki-rs',members:[{_id:0,host:\"enki-mongo-db:30001\"}]}).ok || rs.status().ok" | mongo --port 30001 --quiet) -eq 1 + interval: 10s + start_period: 30s + timeout: 5s + retries: 3 + profiles: + - enki + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 1024M + # reservations: + # memory: 512M + + ############ HERMES ############ + + hermes-tests-api: + build: + context: hermes-tests + dockerfile: ../hermes-tests/Dockerfile + profiles: + - hermes + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + hermes-tests-dapr: + container_name: hermes-tests-dapr + image: daprio/daprd:1.11.2 + command: + [ + "./daprd", + "-app-id", + "hermes-tests", + "-app-port", + "80", + "-placement-host-address", + "asgard-dapr-placement:40000", + "-dapr-grpc-port", + "50001", + "-components-path", + "/components", + "-config", + "/config/config.yaml", + ] + volumes_from: + - asgard-dapr-config + restart: unless-stopped + depends_on: + hermes-tests-api: + condition: service_started + asgard-dapr-placement: + condition: service_started + asgard-dapr-config: + condition: service_started + network_mode: "service:hermes-tests-api" + profiles: + - hermes + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 128M + # reservations: + # memory: 64M + + ############ ANUBIS ############ + + anubis-eval-api: + build: + context: anubis-eval + dockerfile: ../anubis-eval/Dockerfile + depends_on: + judge0-lb: + condition: service_started + anubis-psql-db: + condition: service_started + profiles: + - anubis + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + anubis-eval-dapr: + container_name: anubis-eval-dapr + image: daprio/daprd:1.11.2 + command: + [ + "./daprd", + "-app-id", + "anubis-eval", + "-app-port", + "80", + "-placement-host-address", + "asgard-dapr-placement:40000", + "-dapr-http-port", + "3500", + "-dapr-grpc-port", + "50001", + "-components-path", + "/components", + "-config", + "/config/config.yaml", + ] + volumes_from: + - asgard-dapr-config + restart: unless-stopped + depends_on: + anubis-eval-api: + condition: service_started + asgard-dapr-placement: + condition: service_started + asgard-dapr-config: + condition: service_started + network_mode: "service:anubis-eval-api" + profiles: + - anubis + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 128M + # reservations: + # memory: 64M + + anubis-psql-db: + container_name: anubis-psql-db + image: postgres:14.1 + command: postgres -c 'max_connections=250' + volumes: + - anubis-db:/var/lib/postgresql/data/ + restart: unless-stopped + ports: + - "5435:5432" + env_file: + - envs/.env.anubis + profiles: + - anubis + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 1024M + # reservations: + # memory: 512M + + ############ JUDGE0 ############ + + judge0-lb: + container_name: judge0-lb + build: + context: anubis-eval/eval-lb + dockerfile: ../eval-lb/Dockerfile + ports: + - "4000" + restart: unless-stopped + depends_on: + server: + condition: service_started + profiles: + - judge0 + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + server: + image: judge0/judge0:1.13.0 + volumes: + - ./envs/.env.judge0:/judge0.conf:ro + ports: + - "2358" + privileged: true + <<: *default-logging + restart: unless-stopped + depends_on: + workers: + condition: service_started + redis: + condition: service_started + db: + condition: service_started + profiles: + - judge0 + - asgard + - pantheonix + deploy: + replicas: 2 + resources: + # limits: + # memory: 512M + reservations: + memory: 128M + + workers: + image: judge0/judge0:1.13.0 + command: ["./scripts/workers"] + volumes: + - ./envs/.env.judge0:/judge0.conf:ro + privileged: true + <<: *default-logging + restart: unless-stopped + profiles: + - judge0 + - asgard + - pantheonix + deploy: + replicas: 2 + resources: + reservations: + memory: 1024M + + db: + image: postgres:13.0 + env_file: ./envs/.env.judge0 + volumes: + - judge0-db:/var/lib/postgresql/data/ + <<: *default-logging + restart: unless-stopped + profiles: + - judge0 + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 1024M + # reservations: + # memory: 512M + + redis: + image: redis:6.0 + command: + [ + "bash", + "-c", + 'docker-entrypoint.sh --appendonly yes --requirepass "$$REDIS_PASSWORD"', + ] + env_file: ./envs/.env.judge0 + volumes: + - redis-data:/data + <<: *default-logging + restart: unless-stopped + profiles: + - judge0 + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + + ############ DAPR ############ + + asgard-dapr-placement: + container_name: asgard-dapr-placement + image: daprio/placement:1.11.2 + command: [ "./placement", "-port", "40000", "-log-level", "debug" ] + ports: + - "40000" + restart: unless-stopped + depends_on: + asgard-zipkin: + condition: service_started + asgard-redis: + condition: service_started + asgard-rabbitmq: + condition: service_started + profiles: + - dapr + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + asgard-redis: + container_name: asgard-redis + image: redis:alpine + ports: + - "6380:6379" + restart: unless-stopped + volumes: + - dapr-redis-data:/data + profiles: + - dapr + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + asgard-rabbitmq: + container_name: asgard-rabbitmq + image: rabbitmq:3-management-alpine + ports: + - "5672" + - "15672:15672" + restart: unless-stopped + volumes: + - rabbitmq-data:/var/lib/rabbitmq + - rabbitmq-logs:/var/log/rabbitmq + profiles: + - dapr + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + asgard-zipkin: + container_name: asgard-zipkin + image: openzipkin/zipkin:latest + ports: + - "19411:9411" + restart: unless-stopped + profiles: + - dapr + - asgard + - pantheonix + # deploy: + # resources: + # limits: + # memory: 512M + # reservations: + # memory: 128M + + asgard-dapr-config: + container_name: asgard-dapr-config + image: ${REGISTRY:-ghcr.io/pantheonix}/asgard-dapr-config:${TAG:-develop} + build: + context: ./dapr + dockerfile: Dockerfile + profiles: + - dapr + - asgard + - pantheonix +# deploy: +# resources: +# limits: +# memory: 512M +# reservations: +# memory: 128M \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 1d9424b..468ec04 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,44 +1,14 @@ # Define services for Asgard # TODO: add health checks, restart policies and extract hardcoded ports/tags/etc. to .env files -# version: "3.8" - -x-logging: &default-logging - logging: - driver: json-file - options: - max-size: 100m services: - ############ MIDGARD ############ - - midgard-web: - container_name: midgard-web - image: ${REGISTRY:-pantheonix}/midgard:${TAG:-ucv} - build: - context: ../Midgard - dockerfile: ./Dockerfile - env_file: - - envs/.env.midgard - ports: - - "10000:443" - volumes: - - ./envs/certs/midgard/https.crt:/etc/nginx/ssl/https.crt - - ./envs/certs/midgard/key.pem:/etc/nginx/ssl/key.pem - restart: always - profiles: - - midgard - - pantheonix - ############ ODIN ############ odin-api-gateway: container_name: odin-api-gateway image: ${REGISTRY:-ghcr.io/pantheonix}/odin-api-gateway:${TAG:-develop} - build: - context: odin-gateway - dockerfile: ../odin-gateway/Dockerfile - # env_file: - # - envs/.env.odin + env_file: + - envs/.env.odin ports: - "80:80" - "443:443" @@ -46,639 +16,50 @@ services: - ./envs/certs/asgard/https.crt:/etc/ssl/certs/https.crt - ./envs/certs/asgard/key.pem:/etc/ssl/certs/key.pem restart: unless-stopped - depends_on: - quetzalcoatl-auth-api: - condition: service_started - quetzalcoatl-auth-dapr: - condition: service_started - enki-problems-api: - condition: service_started - enki-problems-dapr: - condition: service_started - anubis-eval-api: - condition: service_started - anubis-eval-dapr: - condition: service_started - profiles: - - odin - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - odin-api-gateway-dapr: - container_name: odin-api-gateway-dapr - image: daprio/daprd:1.11.2 - command: - [ - "./daprd", - "-app-id", - "odin-api-gateway", - "-app-port", - "80", - "-placement-host-address", - "asgard-dapr-placement:40000", - "-dapr-http-port", - "3400", - "-dapr-grpc-port", - "30000", - "-components-path", - "/components", - "-config", - "/config/config.yaml", - ] - volumes_from: - - asgard-dapr-config - restart: unless-stopped - depends_on: - odin-api-gateway: - condition: service_started - asgard-dapr-placement: - condition: service_started - asgard-dapr-config: - condition: service_started - network_mode: "service:odin-api-gateway" - profiles: - - odin - - asgard - - pantheonix ############ QUETZALCOATL ############ quetzalcoatl-auth-api: container_name: quetzalcoatl-auth-api image: ${REGISTRY:-ghcr.io/pantheonix}/quetzalcoatl-auth:${TAG:-develop} - build: - context: quetzalcoatl-auth - dockerfile: ../quetzalcoatl-auth/Dockerfile ports: - - "5210" + - "80" env_file: - envs/.env.quetzalcoatl restart: unless-stopped - depends_on: - quetzalcoatl-mssql-db: - condition: service_started - profiles: - - quetzalcoatl - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - quetzalcoatl-auth-dapr: - container_name: quetzalcoatl-auth-dapr - image: daprio/daprd:1.11.2 - command: - [ - "./daprd", - "-app-id", - "quetzalcoatl-auth", - "-app-port", - "5210", - "-placement-host-address", - "asgard-dapr-placement:40000", - "-dapr-http-port", - "3500", - "-dapr-grpc-port", - "50000", - "-components-path", - "/components", - "-config", - "/config/config.yaml", - ] - volumes_from: - - asgard-dapr-config - restart: unless-stopped - depends_on: - quetzalcoatl-auth-api: - condition: service_started - asgard-dapr-placement: - condition: service_started - asgard-dapr-config: - condition: service_started - network_mode: "service:quetzalcoatl-auth-api" - profiles: - - quetzalcoatl - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 128M -# reservations: -# memory: 64M - - quetzalcoatl-mssql-db: - container_name: quetzalcoatl-mssql-db - image: mcr.microsoft.com/mssql/server:2022-latest - restart: unless-stopped - user: root - ports: - - "1434:1433" - env_file: - - envs/.env.quetzalcoatl - volumes: - - quetzalcoatl-db:/var/opt/mssql/data - profiles: - - quetzalcoatl - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 1024M -# reservations: -# memory: 512M ############ ENKI ############ enki-problems-api: container_name: enki-problems-api image: ${REGISTRY:-ghcr.io/pantheonix}/enki-problems:${TAG:-develop} - build: - context: enki-problems - dockerfile: ../enki-problems/Dockerfile ports: - - "5211" + - "80" env_file: - envs/.env.enki restart: unless-stopped - depends_on: - enki-mongo-db: - condition: service_started - asgard-redis: - condition: service_started - hermes-tests-api: - condition: service_started - hermes-tests-dapr: - condition: service_started - profiles: - - enki - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - enki-problems-dapr: - container_name: enki-problems-dapr - image: daprio/daprd:1.11.2 - command: - [ - "./daprd", - "-app-id", - "enki-problems", - "-app-port", - "5211", - "-placement-host-address", - "asgard-dapr-placement:40000", - "-dapr-http-port", - "3501", - "-dapr-grpc-port", - "50001", - "-components-path", - "/components", - "-config", - "/config/config.yaml", - ] - volumes_from: - - asgard-dapr-config - restart: unless-stopped - depends_on: - enki-problems-api: - condition: service_started - asgard-dapr-placement: - condition: service_started - asgard-dapr-config: - condition: service_started - network_mode: "service:enki-problems-api" - profiles: - - enki - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 128M -# reservations: -# memory: 64M - - enki-mongo-db: - container_name: enki-mongo-db - image: mongo:5.0 - restart: unless-stopped - command: ["--replSet", "enki-rs", "--bind_ip_all", "--port", "30001"] - volumes: - - enki-db:/data/db - ports: - - "30001:30001" - healthcheck: - # for docker-compose - test: - [ - "CMD-SHELL", - 'mongo --port 30001 --quiet --eval ''rs.initiate({_id:"enki-rs",members:[{_id:0,host:"enki-mongo-db:30001"}]}).ok || rs.status().ok''', - ] - # for docker compose - # test: test $(echo "rs.initiate({_id:'enki-rs',members:[{_id:0,host:\"enki-mongo-db:30001\"}]}).ok || rs.status().ok" | mongo --port 30001 --quiet) -eq 1 - interval: 10s - start_period: 30s - timeout: 5s - retries: 3 - profiles: - - enki - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 1024M -# reservations: -# memory: 512M ############ HERMES ############ hermes-tests-api: container_name: hermes-tests-api image: ${REGISTRY:-ghcr.io/pantheonix}/hermes-tests:${TAG:-develop} - build: - context: hermes-tests - dockerfile: ../hermes-tests/Dockerfile ports: - - "5212" + - "80" env_file: - envs/.env.hermes restart: unless-stopped - profiles: - - hermes - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - hermes-tests-dapr: - container_name: hermes-tests-dapr - image: daprio/daprd:1.11.2 - command: - [ - "./daprd", - "-app-id", - "hermes-tests", - "-app-port", - "5212", - "-placement-host-address", - "asgard-dapr-placement:40000", - "-dapr-grpc-port", - "50002", - "-components-path", - "/components", - "-config", - "/config/config.yaml", - ] - volumes_from: - - asgard-dapr-config - restart: unless-stopped - depends_on: - hermes-tests-api: - condition: service_started - asgard-dapr-placement: - condition: service_started - asgard-dapr-config: - condition: service_started - network_mode: "service:hermes-tests-api" - profiles: - - hermes - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 128M -# reservations: -# memory: 64M ############ ANUBIS ############ anubis-eval-api: container_name: anubis-eval-api image: ${REGISTRY:-ghcr.io/pantheonix}/anubis-eval:${TAG:-develop} - build: - context: anubis-eval - dockerfile: ../anubis-eval/Dockerfile - ports: - - "5213" - env_file: - - envs/.env.anubis - restart: unless-stopped - depends_on: - judge0-lb: - condition: service_started - anubis-psql-db: - condition: service_started - profiles: - - anubis - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - anubis-eval-dapr: - container_name: anubis-eval-dapr - image: daprio/daprd:1.11.2 - command: - [ - "./daprd", - "-app-id", - "anubis-eval", - "-app-port", - "5213", - "-placement-host-address", - "asgard-dapr-placement:40000", - "-dapr-http-port", - "3503", - "-dapr-grpc-port", - "50003", - "-components-path", - "/components", - "-config", - "/config/config.yaml", - ] - volumes_from: - - asgard-dapr-config - restart: unless-stopped - depends_on: - anubis-eval-api: - condition: service_started - asgard-dapr-placement: - condition: service_started - asgard-dapr-config: - condition: service_started - network_mode: "service:anubis-eval-api" - profiles: - - anubis - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 128M -# reservations: -# memory: 64M - - anubis-psql-db: - container_name: anubis-psql-db - image: postgres:14.1 - command: postgres -c 'max_connections=250' - volumes: - - anubis-db:/var/lib/postgresql/data/ - restart: unless-stopped ports: - - "5435:5432" + - "80" env_file: - envs/.env.anubis - profiles: - - anubis - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 1024M -# reservations: -# memory: 512M - - ############ JUDGE0 ############ - - judge0-lb: - container_name: judge0-lb - build: - context: anubis-eval/eval-lb - dockerfile: ../eval-lb/Dockerfile - ports: - - "4000" - restart: unless-stopped - depends_on: - server: - condition: service_started - profiles: - - judge0 - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - server: - image: judge0/judge0:1.13.0 - volumes: - - ./envs/.env.judge0:/judge0.conf:ro - ports: - - "2358" - privileged: true - <<: *default-logging - restart: unless-stopped - depends_on: - workers: - condition: service_started - redis: - condition: service_started - db: - condition: service_started - profiles: - - judge0 - - asgard - - pantheonix - deploy: - replicas: 2 - resources: -# limits: -# memory: 512M - reservations: - memory: 128M - - workers: - image: judge0/judge0:1.13.0 - command: ["./scripts/workers"] - volumes: - - ./envs/.env.judge0:/judge0.conf:ro - privileged: true - <<: *default-logging - restart: unless-stopped - profiles: - - judge0 - - asgard - - pantheonix - deploy: - replicas: 2 - resources: - reservations: - memory: 1024M - - db: - image: postgres:13.0 - env_file: ./envs/.env.judge0 - volumes: - - judge0-db:/var/lib/postgresql/data/ - <<: *default-logging - restart: unless-stopped - profiles: - - judge0 - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 1024M -# reservations: -# memory: 512M - - redis: - image: redis:6.0 - command: - [ - "bash", - "-c", - 'docker-entrypoint.sh --appendonly yes --requirepass "$$REDIS_PASSWORD"', - ] - env_file: ./envs/.env.judge0 - volumes: - - redis-data:/data - <<: *default-logging restart: unless-stopped - profiles: - - judge0 - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - ############ DAPR ############ - - asgard-dapr-placement: - container_name: asgard-dapr-placement - image: daprio/placement:1.11.2 - command: ["./placement", "-port", "40000", "-log-level", "debug"] - ports: - - "40000" - restart: unless-stopped - depends_on: - asgard-zipkin: - condition: service_started - asgard-redis: - condition: service_started - asgard-rabbitmq: - condition: service_started - profiles: - - dapr - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - asgard-redis: - container_name: asgard-redis - image: redis:alpine - ports: - - "6380:6379" - restart: unless-stopped - volumes: - - dapr-redis-data:/data - profiles: - - dapr - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - asgard-rabbitmq: - container_name: asgard-rabbitmq - image: rabbitmq:3-management-alpine - ports: - - "5672" - - "15672:15672" - restart: unless-stopped - volumes: - - rabbitmq-data:/var/lib/rabbitmq - - rabbitmq-logs:/var/log/rabbitmq - profiles: - - dapr - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - asgard-zipkin: - container_name: asgard-zipkin - image: openzipkin/zipkin:latest - ports: - - "19411:9411" - restart: unless-stopped - profiles: - - dapr - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M - - asgard-dapr-config: - container_name: asgard-dapr-config - image: ${REGISTRY:-ghcr.io/pantheonix}/asgard-dapr-config:${TAG:-develop} - build: - context: ./dapr - dockerfile: Dockerfile - profiles: - - dapr - - asgard - - pantheonix -# deploy: -# resources: -# limits: -# memory: 512M -# reservations: -# memory: 128M ############ VOLUMES ############ diff --git a/envs-template/.env.anubis b/envs-template/.env.anubis new file mode 100644 index 0000000..85e7215 --- /dev/null +++ b/envs-template/.env.anubis @@ -0,0 +1,25 @@ +ROCKET_ADDRESS=0.0.0.0 +ROCKET_PORT=80 +#ROCKET_DATABASES={anubis-submissions={url="postgres://postgres:2002@localhost:5435/anubis-submissions"}} +ROCKET_DATABASES={anubis-submissions={url="postgres://postgres:2002@anubis-psql-db:5432/anubis-submissions"}} + +CONFIG_JWT_SECRET_KEY=z7F+ut_aphaxeja0&ba*p9spew!4fe0rAFRO5HestitIKOv5nistlz3b=+edu1aP +CONFIG_DAPR_HTTP_PORT=3503 +CONFIG_DAPR_EVAL_METADATA_ENDPOINT=http://dapr-app-id:enki-problems@127.0.0.1:3500/api/enki/problem/{problem_id}/eval-metadata +CONFIG_DAPR_JUDGE_SUBMISSION_BATCH_ENDPOINT=http://judge0-lb:4000/submissions/batch +CONFIG_DAPR_JUDGE_SUBMISSION_ENDPOINT=http://judge0-lb:4000/submissions +CONFIG_DAPR_GET_SUBMISSION_BATCH_ENDPOINT=http://judge0-lb:4000/submissions/batch?tokens={tokens} +CONFIG_DAPR_GET_SUBMISSION_ENDPOINT=http://judge0-lb:4000/submissions/{token} +CONFIG_DAPR_STATE_STORE_POST_ENDPOINT=http://127.0.0.1:3500/v1.0/state/statestore +CONFIG_DAPR_STATE_STORE_GET_ENDPOINT=http://127.0.0.1:3500/v1.0/state/statestore/{key} +CONFIG_EVAL_CRON_SCHEDULE='1/5 * * * * *' +CONFIG_DEFAULT_NO_SUBMISSIONS_PER_PAGE=10 +CONFIG_EVAL_BATCH_SIZE=4 +CONFIG_ALLOWED_ORIGINS="http://localhost:10000" + +#DATABASE_URL=postgres://postgres:2002@localhost:5435/anubis-submissions +DATABASE_URL=postgres://postgres:2002@anubis-psql-db:5432/anubis-submissions + +POSTGRES_USER=postgres +POSTGRES_PASSWORD=2002 +POSTGRES_DB=anubis-submissions \ No newline at end of file diff --git a/envs-template/.env.enki b/envs-template/.env.enki new file mode 100644 index 0000000..2dc8f1f --- /dev/null +++ b/envs-template/.env.enki @@ -0,0 +1,10 @@ +ASPNETCORE_ENVIRONMENT=Development +ASPNETCORE_URLS=http://+:80 + +ConnectionStrings__Default="mongodb://enki-mongo-db:30001/EnkiProblems/?replicaSet=enki-rs" +Redis__Configuration="asgard-redis:6379,abortConnect=false,connectTimeout=30000,responseTimeout=30000" +AuthServer__SecurityKey="z7F+ut_aphaxeja0&ba*p9spew!4fe0rAFRO5HestitIKOv5nistlz3b=+edu1aP" +Dapr__GrpcEndpoint="http://localhost:50001" +Dapr__HermesAppId="hermes-tests" +AllowedHosts="*" +AllowedOrigins="https://localhost:10000;http://localhost:10000;https://pantheonix.live;https://pantheonix-midgard.web.app;https://pantheonix-midgard.firebaseapp.com" \ No newline at end of file diff --git a/envs-template/.env.hermes b/envs-template/.env.hermes new file mode 100644 index 0000000..1633744 --- /dev/null +++ b/envs-template/.env.hermes @@ -0,0 +1 @@ +HERMES_CONFIG='{"firebase":{"apiKey":"AIzaSyC6ZeJKOBKw4UcB3pPQDvH37jYKDCHqxvg","authDomain":"pantheonix-hermes.firebaseapp.com","projectId":"pantheonix-hermes","storageBucket":"pantheonix-hermes.appspot.com","messagingSenderId":"891556041451","appId":"1:891556041451:web:c39afb5c5f21c2363924ae","measurementId":"G-BESQNT21LP"},"dev":{"host":"localhost","port":80,"timeoutInSeconds":60,"tempLocalArchivedTestFolder":"temp/archived","tempLocalUnarchivedTestFolder":"temp/unarchived","remoteUnarchivedTestFolder":"problems","archiveTypeExtension":"zip","inputFilename":"input.txt","outputFilename":"output.txt","testMaxSizeInBytes":10000000,"logOutputFilePath":"logs/hermes.log"},"test":{"host":"localhost","port":3010,"timeoutInSeconds":60,"tempLocalArchivedTestFolder":"temp/test/archived","tempLocalUnarchivedTestFolder":"temp/test/unarchived","remoteUnarchivedTestFolder":"test","archiveTypeExtension":"zip","inputFilename":"input.txt","outputFilename":"output.txt","testMaxSizeInBytes":1000000,"logOutputFilePath":"logs/test.log"}}' \ No newline at end of file diff --git a/envs-template/.env.judge0 b/envs-template/.env.judge0 new file mode 100644 index 0000000..a34ee67 --- /dev/null +++ b/envs-template/.env.judge0 @@ -0,0 +1,358 @@ +################################################################################ +# Judge0 Configuration File +################################################################################ +# Judge0 is a highly configurable which allows you to use it for many +# different use-cases. Please, before deploying Judge0 take a look at this +# configuration file that is divided in several logical sections that will help +# you understand what can you do with Judge0. +# +# This default configuration file is designed to work out of the box for you and +# you can start with it when deploying Judge0 on your server. +# +# If you have any questions please don't hasitate to send an email or open an +# issue on the GitHub page of the project. + + +################################################################################ +# Judge0 Server Configuration +################################################################################ +# Enable or disable Judge0 Telemetry. +# Read more about it here: https://github.com/judge0/judge0/blob/master/TELEMETRY.md +# Default: true +JUDGE0_TELEMETRY_ENABLE= + +# Automatically restart Judge0 server if it fails to start. +# Default: 10 +RESTART_MAX_TRIES= + +# Maintenance mode is a mode in which clients cannot +# create or delete submissions while maintenance is enabled. +# Default: false +MAINTENANCE_MODE= + +# Set custom maintenance message that will be returned to clients +# who try to create or delete submisions. +# Default: Judge0 is currently in maintenance. +MAINTENANCE_MESSAGE= + +# If enabled user can request to synchronically wait for +# submission result on submission create. +# Default: true, i.e. user can request to wait for the result +ENABLE_WAIT_RESULT= + +# If enabled user is allowed to set custom compiler options. +# Default: true +ENABLE_COMPILER_OPTIONS= + +# List language names, separated by space, for which setting compiler options is allowed. +# Note that ENABLE_COMPILER_OPTIONS has higher priority, so this option will be +# ignored if setting compiler options is disabled with ENABLE_COMPILER_OPTIONS. +# For example, ALLOWED_LANGUAGES_FOR_COMPILER_OPTIONS="C C++ Java" would only +# allow setting compiler options for languages C, C++ and Java. +# Default: empty - for every compiled language setting compiler options is allowed. +ALLOWED_LANGUAGES_FOR_COMPILER_OPTIONS= + +# If enabled user is allowed to set custom command line arguments. +# Default: true +ENABLE_COMMAND_LINE_ARGUMENTS= + +# If enabled autorized users can delete a submission. +# Default: false +ENABLE_SUBMISSION_DELETE= + +# If enabled user can GET and POST batched submissions. +# Default: true +ENABLE_BATCHED_SUBMISSIONS= + +# Maximum number of submissions that can be created or get in a batch. +# Default: 20 +MAX_SUBMISSION_BATCH_SIZE= + +# If enabled user can use callbacks. +# Default: true +ENABLE_CALLBACKS= + +# Maximum number of callback tries before giving up. +# Default: 3 +CALLBACKS_MAX_TRIES= + +# Timeout callback call after this many seconds. +# Default: 5 +CALLBACKS_TIMEOUT= + +# If enabled user can preset additional files in the sandbox. +# Default: true +ENABLE_ADDITIONAL_FILES= + +# Duration (in seconds) of submission cache. Decimal numbers are allowed. +# Set to 0 to turn of submission caching. Note that this does not apply to +# batched submissions. +# Default: 1 +SUBMISSION_CACHE_DURATION= + +# If true the documentation page will be used as a homepage, otherwise, the +# homepage will be empty. You can always access the documentation page via /docs. +# Default: false +USE_DOCS_AS_HOMEPAGE= + + +################################################################################ +# Judge0 Workers Configuration +################################################################################ +# Specify polling frequency in seconds. Decimal numbers are allowed. +# Default: 0.1 +INTERVAL= + +# Specify how many parallel workers to run. +# Default: 2*nproc (https://linux.die.net/man/1/nproc) +COUNT= + +# Specify maximum queue size. Represents maximum number of submissions that +# can wait in the queue at once. If request for new submission comes and the +# queue if full then submission will be rejected. +# Default: 100 +MAX_QUEUE_SIZE= + + +################################################################################ +# Judge0 Server Access Configuration +################################################################################ +# Allow only specified origins. +# If left blank, then all origins will be allowed (denoted with '*'). +# Example: +# ALLOW_ORIGIN="www.judge0.com judge0.com www.example.com blog.example.com" +ALLOW_ORIGIN= + +# Disallow only specified origins. +# If left blank, then no origin will be disallowed. +# Example: +# DISALLOW_ORIGIN="www.judge0.com judge0.com www.example.com blog.example.com" +DISALLOW_ORIGIN= + +# Allow only specified IP addresses. +# If left blank, then all IP addresses will be allowed. +# Example: +# ALLOW_IP="192.168.10.10 96.239.226.228 208.23.207.242" +ALLOW_IP= + +# Disallow only specified IP addresses. +# If left blank, then no IP addresses will be disallowed. +# Example: +# DISALLOW_IP="192.168.10.10 96.239.226.228 208.23.207.242" +DISALLOW_IP= + + +################################################################################ +# Judge0 Authentication Configuration +################################################################################ +# You can protect your API with (AUTHN_HEADER, AUTHN_TOKEN) pair. +# Each request then needs to have this pair either in headers or +# query parameters. For example let AUTHN_HEADER=X-Judge0-Token and +# AUTHN_TOKEN=mySecretToken. Then user should authenticate by sending this +# in headers or query parameters in each request, e.g.: +# https://api.judge0.com/system_info?X-Judge0-Token=mySecretToken + +# Specify authentication header name. +# Default: X-Auth-Token +AUTHN_HEADER= + +# Specify valid authentication tokens. +# Default: empty - authentication is disabled +AUTHN_TOKEN= + + +################################################################################ +# Judge0 Authorization Configuration +################################################################################ +# Protected API calls can be issued with (AUTHZ_HEADER, AUTHZ_TOKEN) pair. +# To see exactly which API calls are protected with authorization tokens +# please read the docs at https://api.judge0.com. +# API authorization ensures that only specified users call protected API calls. +# For example let AUTHZ_HEADER=X-Judge0-User and AUTHZ_TOKEN=mySecretToken. +# Then user should authorize be sending this in headers or query parameters in +# each request, e.g.: https://api.judge0.com/system_info?X-Judge0-User=mySecretToken +# Note that if you enabled authentication, then user should also send valid +# authentication token. + +# Specify authorization header name. +# Default: X-Auth-User +AUTHZ_HEADER= + +# Specify valid authorization tokens. +# Default: empty - authorization is disabled, protected API calls cannot be issued +AUTHZ_TOKEN=demo_token + + +################################################################################ +# Redis Configuration +################################################################################ +# Specify Redis host +# Default: localhost +REDIS_HOST=redis + +# Specify Redis port. +# Default: 6379 +REDIS_PORT= + +# Specify Redis password. Cannot be blank. +# Default: NO DEFAULT! MUST BE SET! +REDIS_PASSWORD=YourPasswordHere1234 + + +################################################################################ +# PostgreSQL Configuration +################################################################################ +# Specify Postgres host. +# Default: localhost +POSTGRES_HOST=db + +# Specify Postgres port. +# Default: 5432 +POSTGRES_PORT= + +# Name of the database to use. Used only in production. +# Default: postgres +POSTGRES_DB=judge0 + +# User who can access this database. Used only in production. +# Default: postgres +POSTGRES_USER=judge0 + +# Password of the user. Cannot be blank. Used only in production. +# Default: NO DEFAULT, YOU MUST SET YOUR PASSWORD +POSTGRES_PASSWORD=YourPasswordHere1234 + + +################################################################################ +# Submission Configuration +################################################################################ +# Judge0 uses isolate as an sandboxing environment. +# Almost all of the options you see here can be mapped to one of the options +# that isolate provides. For more information about these options please +# check for the isolate documentation here: +# https://raw.githubusercontent.com/ioi/isolate/master/isolate.1.txt + +# Default runtime limit for every program (in seconds). Decimal numbers are allowed. +# Time in which the OS assigns the processor to different tasks is not counted. +# Default: 5 +CPU_TIME_LIMIT= + +# Maximum custom CPU_TIME_LIMIT. +# Default: 15 +MAX_CPU_TIME_LIMIT= + +# When a time limit is exceeded, wait for extra time (in seconds), before +# killing the program. This has the advantage that the real execution time +# is reported, even though it slightly exceeds the limit. +# Default: 1 +CPU_EXTRA_TIME= + +# Maximum custom CPU_EXTRA_TIME. +# Default: 5 +MAX_CPU_EXTRA_TIME= + +# Limit wall-clock time in seconds. Decimal numbers are allowed. +# This clock measures the time from the start of the program to its exit, +# so it does not stop when the program has lost the CPU or when it is waiting +# for an external event. We recommend to use CPU_TIME_LIMIT as the main limit, +# but set WALL_TIME_LIMIT to a much higher value as a precaution against +# sleeping programs. +# Default: 10 +WALL_TIME_LIMIT= + +# Maximum custom WALL_TIME_LIMIT. +# Default: 20 +MAX_WALL_TIME_LIMIT= + +# Limit address space of the program in kilobytes. +# Default: 128000 +MEMORY_LIMIT= + +# Maximum custom MEMORY_LIMIT. +# Default: 512000 +MAX_MEMORY_LIMIT= + +# Limit process stack in kilobytes. +# Default: 64000 +STACK_LIMIT= + +# Maximum custom STACK_LIMIT. +# Default: 128000 +MAX_STACK_LIMIT= + +# Maximum number of processes and/or threads program can create. +# Default: 60 +MAX_PROCESSES_AND_OR_THREADS= + +# Maximum custom MAX_PROCESSES_AND_OR_THREADS. +# Default: 120 +MAX_MAX_PROCESSES_AND_OR_THREADS= + +# If true then CPU_TIME_LIMIT will be used as per process and thread. +# Default: false, i.e. CPU_TIME_LIMIT is set as a total limit for all processes and threads. +ENABLE_PER_PROCESS_AND_THREAD_TIME_LIMIT= + +# If false, user won't be able to set ENABLE_PER_PROCESS_AND_THREAD_TIME_LIMIT. +# Default: true +ALLOW_ENABLE_PER_PROCESS_AND_THREAD_TIME_LIMIT= + +# If true then MEMORY_LIMIT will be used as per process and thread. +# Default: false, i.e. MEMORY_LIMIT is set as a total limit for all processes and threads. +ENABLE_PER_PROCESS_AND_THREAD_MEMORY_LIMIT= + +# If false, user won't be able to set ENABLE_PER_PROCESS_AND_THREAD_MEMORY_LIMIT. +# Default: true +ALLOW_ENABLE_PER_PROCESS_AND_THREAD_MEMORY_LIMIT= + +# Limit size of files created (or modified) by the program in kilobytes. +# Default: 1024 +MAX_FILE_SIZE= + +# Maximum custom MAX_FILE_SIZE. +# Default: 4096 +MAX_MAX_FILE_SIZE= + +# Run each program this many times and take average of time and memory. +# Default: 1 +NUMBER_OF_RUNS= + +# Maximum custom NUMBER_OF_RUNS. +# Default: 20 +MAX_NUMBER_OF_RUNS= + +# Redirect stderr to stdout. +# Default: false +REDIRECT_STDERR_TO_STDOUT= + +# Maximum total size (in kilobytes) of extracted files from additional files archive. +# Default: 10240, i.e. maximum of 10MB in total can be extracted. +MAX_EXTRACT_SIZE= + +# If false, user won't be able to set ENABLE_NETWORK. +# Default: true, i.e. allow user to permit or deny network calls from the submission. +ALLOW_ENABLE_NETWORK= + +# If true submission will by default be able to do network calls. +# Default: false, i.e. programs cannot do network calls. +ENABLE_NETWORK= + + +################################################################################ +# Rails Configuration +################################################################################ +# Specify Rails environment: production or development +# Default: production +RAILS_ENV= + +# Specify maximum number of concurrent Rails threads. +# Default: nproc (https://linux.die.net/man/1/nproc) +RAILS_MAX_THREADS= + +# Specify how many processes will be created for handing requests. Each process +# will aditionally create RAILS_MAX_THREADS threads. +# Default: 2 +RAILS_SERVER_PROCESSES= + +# Secret key base for production, if not set it will be randomly generated +# Default: randomly generated +SECRET_KEY_BASE= diff --git a/envs-template/.env.midgard b/envs-template/.env.midgard new file mode 100644 index 0000000..06b5d05 --- /dev/null +++ b/envs-template/.env.midgard @@ -0,0 +1,3 @@ +API_BASE_URL=localhost +ENVIRONMENT=prod +SENTRY_DSN=https://f23b075c711d001ac33bf23d7947ec85@o4506263374135296.ingest.sentry.io/4506263425384448 \ No newline at end of file diff --git a/envs-template/.env.odin b/envs-template/.env.odin new file mode 100644 index 0000000..a7db6b1 --- /dev/null +++ b/envs-template/.env.odin @@ -0,0 +1,4 @@ +ENVOY_ADMIN_PORT=4001 +ENVOY_HTTPS_PORT=443 +ENVOY_HTTP_PORT=80 +DAPR_SIDECAR_PORT=3500 \ No newline at end of file diff --git a/envs-template/.env.quetzalcoatl b/envs-template/.env.quetzalcoatl new file mode 100644 index 0000000..acc896d --- /dev/null +++ b/envs-template/.env.quetzalcoatl @@ -0,0 +1,17 @@ +ASPNETCORE_ENVIRONMENT=Development +ASPNETCORE_URLS=http://+:80 + +JwtConfig__SecretKey="z7F+ut_aphaxeja0&ba*p9spew!4fe0rAFRO5HestitIKOv5nistlz3b=+edu1aP" +JwtConfig__JwtAccessTokenLifeTime="0:01:00:00.0" +JwtConfig__JwtRefreshTokenLifeTime="10:00:00:00.0" + +AdminConfig__UserName="admin" +AdminConfig__Email="admin@gmail.com" +AdminConfig__Password="Password@123" + +ConnectionStrings__DefaultConnection="Server=quetzalcoatl-mssql-db;Database=QuetzalcoatlAuthDb;User Id=SA;Password=Quetzalcoatl2021!;MultipleActiveResultSets=true;TrustServerCertificate=True;" +AllowedHosts="*" +AllowedOrigins="https://localhost:10000;http://localhost:10000;https://pantheonix.live;https://pantheonix-midgard.web.app;https://pantheonix-midgard.firebaseapp.com" + +ACCEPT_EULA=Y +SA_PASSWORD=Quetzalcoatl2021! \ No newline at end of file diff --git a/envs-template/certs/asgard/csr.pem b/envs-template/certs/asgard/csr.pem new file mode 100644 index 0000000..afb45b8 --- /dev/null +++ b/envs-template/certs/asgard/csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICsjCCAZoCAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAxTynXTJY6DBnIVcaWpg9VBK4Axn6QV40byLRfjZX +sLy2/WpQ2/phwLhmhpUZQOVt+Mhx3kBgyeB9UI7KaaLumslEN9siV9UHW6LiOlQ5 +e817vYKXEmGJc+/C7voKi3HN/KIiZmvAdjZAsTZQw9JvmKxi4SBTqVXl0H+NKuaz +tSmxhpuYc/FW4tJc2LOe6P+ZDKjrTRFuj/ieInZKIwBmlWNkUUN8TiiA4nbForhe +OIS9xHyTe9amjm62MYxWzTqS7MtAgcRZURHt6/icAfQ67vXOzbfqhSQNQof2tO1t +3lC6JhJMdv8Wyy2jkdI0SgfNeJc4psZ+lsjX88r/It59GQIDAQABoFkwVwYJKoZI +hvcNAQkOMUowSDAUBgNVHREEDTALgglsb2NhbGhvc3QwDgYDVR0PAQH/BAQDAgWg +MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsF +AAOCAQEAqkoqTD/nr5lxvzB4eIOZAF5RtzOzrQp95HKzkZyPMBUNoxC6oDnAfS4r +zqng4FQffVfRW0BdpfyzqwFWhbSsZXsxn1C4Lo3u+cfQsUIpcNj42qNRlqlznPC6 +J5s5kqMTTOcAWv93Nnh3SFF0o8MZfep5eqGaprq7qWcNyhGB6dIt1goUiVLa+T2d +cdrdNnMNkNlOKzEI8ZdjarieT9VH96/gr6CS8Nqd6JJ7eGWSHgwkOQlHD0II7ciS +LH/gJAjA5z5hPNC6Vnuf3NPS9vua/Moae5UK8UqLPgl/MeT9wT7gX8HsqCNVlNNZ +ZGz1vBCNT/XQzgLxZb7TZpfrJxeFIA== +-----END CERTIFICATE REQUEST----- diff --git a/envs-template/certs/asgard/https.crt b/envs-template/certs/asgard/https.crt new file mode 100644 index 0000000..4d7c84b --- /dev/null +++ b/envs-template/certs/asgard/https.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHzCCAgegAwIBAgIUNuNQRIukDMN/OcGBeYChZ0Ajj3kwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDEyNjE2MzMxMFoXDTI1MDEy +NTE2MzMxMFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAxTynXTJY6DBnIVcaWpg9VBK4Axn6QV40byLRfjZXsLy2 +/WpQ2/phwLhmhpUZQOVt+Mhx3kBgyeB9UI7KaaLumslEN9siV9UHW6LiOlQ5e817 +vYKXEmGJc+/C7voKi3HN/KIiZmvAdjZAsTZQw9JvmKxi4SBTqVXl0H+NKuaztSmx +hpuYc/FW4tJc2LOe6P+ZDKjrTRFuj/ieInZKIwBmlWNkUUN8TiiA4nbForheOIS9 +xHyTe9amjm62MYxWzTqS7MtAgcRZURHt6/icAfQ67vXOzbfqhSQNQof2tO1t3lC6 +JhJMdv8Wyy2jkdI0SgfNeJc4psZ+lsjX88r/It59GQIDAQABo2kwZzAUBgNVHREE +DTALgglsb2NhbGhvc3QwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUViSVxMVC+c3BX2zzar9XeWZOBVgw +DQYJKoZIhvcNAQELBQADggEBAEYMSiFPxMd1s9L4mhrsJtX1MBVmYjuOal0aHgH7 +QQySvYrn0tSozkk2A6G/AqN90vci+v03Z3spKla0MHZmu34grQhAzKy8NinA4uXr +viarzxmnt2U2aiyJh4eApPSaJCArvPucZo4w+z0iWIqX5D3C9yYvnzaexz+7YaZZ +WpXOkx91S+26aOWZu6MJG1IRJ/WYzswwP3ErMGe6p7iuZ3zR3T4jHIwetzAGQ/Xp +d4gPL7vIibqzImrfCPTLFOzonC0BY9LRDuujtqLsszod2c/4QzBiaJtkm64wphQJ +HuNaB6O9aWTh6qzy5YWXqd7sc6Wuwk2hxwL9EHrDnV6Ax4A= +-----END CERTIFICATE----- diff --git a/envs-template/certs/asgard/key.pem b/envs-template/certs/asgard/key.pem new file mode 100644 index 0000000..02915db --- /dev/null +++ b/envs-template/certs/asgard/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFPKddMljoMGch +VxpamD1UErgDGfpBXjRvItF+NlewvLb9alDb+mHAuGaGlRlA5W34yHHeQGDJ4H1Q +jsppou6ayUQ32yJX1QdbouI6VDl7zXu9gpcSYYlz78Lu+gqLcc38oiJma8B2NkCx +NlDD0m+YrGLhIFOpVeXQf40q5rO1KbGGm5hz8Vbi0lzYs57o/5kMqOtNEW6P+J4i +dkojAGaVY2RRQ3xOKIDidsWiuF44hL3EfJN71qaObrYxjFbNOpLsy0CBxFlREe3r ++JwB9Dru9c7Nt+qFJA1Ch/a07W3eULomEkx2/xbLLaOR0jRKB814lzimxn6WyNfz +yv8i3n0ZAgMBAAECggEAAoMQk/Hy3+zTOMF7PHF5QSYxNxjlmbTcG24+F3VpuH6E +IMYchttcKLAwiMDtXr439astMr9vJs23ytwxXRcOIuUypo4hPy0fYt4NiOCkZXHr +LtwIQIZYJySD6bdAMHZ1QSUaJbke7Q0pKxid/rXMu2JhVVdWuW62oT5+oG/qagGQ +LZSzb2mD+p6M+RIfun5daFjKGq/XC0A+UjmCvBGKtag2MNKYLa4b484RrQzDi4lQ +H+Fqxed0XLtwdMqPfyN6AvSf1XK/5z3c6lDNiw6FbDCpE0o3fgvqUZf1TeOxPLZ7 +UJfMWTTco8q5jHOas9oK++gbYrOWbwvOiwjlDfPe4QKBgQD5AEho8b+1y16HCnRB +y6nlRJcXhWYDnCYmZuTVAj1OjfDexgbBqZR7b6INPY9/yHJcf4+lGf2eSNTN8jwY +G6LFv8C3u5IkHYKAbKj/Num8mG7MKYcHzSM6MCeaCARNKKmZXz6YHBMQh54QLBFC +oYc9e5rS1UEIz2TBDfodHX8fJwKBgQDKx+VGyKZdkv8Ac70S5/BQZNcBVWLpmG/W +q0MN/4184BxH4oLCvNKEc92r/PK0ohvjxAsyebOINvCl7Wq88hzD15S4ZOSAp5Fs +n+iZ+Ttrg0gNsriewMXTBJd/r+BmGyhYrVXek82a62xne+RfbCiWV6RIVLLp7fZp +3Cx1mE8pvwKBgHPUE9rtifZxMfmzfT0WFmQWMgq4/Sl0u7JlbtE/h3FBSej3STFR +R0bcOQ/bsSMKBVjN5e4xVu8IhiV/J0E3qdI/TtCpKmQubgR7h2mhC721UuUZ9DxG +yrpIqENYs1eJMMutqJpthNjNnVN8jFLofNa25uBoXyZQA1hivhRJIldFAoGBAKAn +ID23Wy2sWxnQTxQPew0Dl4vGFEjJzAqPWHZFz0lA9xUPIJcM6ncRy5F6RXXEUqKg +wvcqh1Cdk5J44EQ6M9249gxsIsw5i/FumhaBcRyIou+up4E6XwM6LSz7iw8Zg9QF +kjwoH8qrBQL2Jnf2xFd5AJbfzi5TcrpI2hRGJr+hAoGBAM4cg3ehHZFQteHMxdoX +ra2/JYbq7L+zCo+PzRAGUQnUTI/t0fNwjyiqi83S1OSTcTlHrQLoP/qwanOBnIHk +9GJ1ioOnaYOBOykJ/NaWuBke2gP6S8Ta5yQKGwUvnJ27Mz5Ne1rU2wPHFBqkI4of +MSJQDrwpjdam6bxWXC2EIvKP +-----END PRIVATE KEY----- diff --git a/envs-template/certs/midgard/csr.pem b/envs-template/certs/midgard/csr.pem new file mode 100644 index 0000000..7094d7c --- /dev/null +++ b/envs-template/certs/midgard/csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICsjCCAZoCAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA3QOZxCtFddPP6LNWeR1hUD21dGxtwb8wx2BrVARb +4ndAFWmiJylTeN/omqNlsTRKqYeoPdexBRg+K1y7QpGxRPy9R1fq11wIhr9X0fGN +gWkYnUDiQmQi0G3f9F+uYBlpWdZVu/kK+THuB1plLRQimaWE93IndV9GE5MWnD6V +K+2dWc9kvFB9PBu+kmW3cusimhu79dmU7kn4garJ0PMb2vJ7QCL/TCKQYZ8tGk0l +o2D0XKtOHFS6vXzjd4M0gFtuKEa6pxDbq7auhZNiRfp4sq9qJYVr0hDhWsmJHfF9 +b3vDJ5Opjs+sbO8lnyB624RjeJK31ouSSd7bcDsoRyaKlwIDAQABoFkwVwYJKoZI +hvcNAQkOMUowSDAUBgNVHREEDTALgglsb2NhbGhvc3QwDgYDVR0PAQH/BAQDAgWg +MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsF +AAOCAQEA2sUKPoq4eAIA26oXzR5Q4Mq24ZdYw4tGGGSMcbSOV41ZwfgqkfJ1P1PI +Awul6uEEdo010Ox+uLHQafh8DJ4nnfoIfwJxpnIo+l9k2axsbMtpFcxjKtEVl/ix +ynBt0hIHMbopxlLSnnbKeTvbSnnwd9QPyjgVo5aZGqEh+HuxZ8sqSw1LM8t6AKwE +vXBJOAxhUgAIC0y6tj6eQDmr40xmLM/l2yAj+61r3Agb2RyX4p7uwa3++i2KGrAh +5d73z9J0DSwK+Wqmyw0zc0QwdYt/MjKeNBThcNJg5suiTKm+/aKKSNCS1nb6rOQf +rR3hsMT2mYHpWyTg7IyAiA6adOBEWQ== +-----END CERTIFICATE REQUEST----- diff --git a/envs-template/certs/midgard/https.crt b/envs-template/certs/midgard/https.crt new file mode 100644 index 0000000..f6d20d2 --- /dev/null +++ b/envs-template/certs/midgard/https.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHzCCAgegAwIBAgIUb9ZCSsxEEB+jWC3LDouWavlhab4wDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDEyNjE2MzQ1NVoXDTI1MDEy +NTE2MzQ1NVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA3QOZxCtFddPP6LNWeR1hUD21dGxtwb8wx2BrVARb4ndA +FWmiJylTeN/omqNlsTRKqYeoPdexBRg+K1y7QpGxRPy9R1fq11wIhr9X0fGNgWkY +nUDiQmQi0G3f9F+uYBlpWdZVu/kK+THuB1plLRQimaWE93IndV9GE5MWnD6VK+2d +Wc9kvFB9PBu+kmW3cusimhu79dmU7kn4garJ0PMb2vJ7QCL/TCKQYZ8tGk0lo2D0 +XKtOHFS6vXzjd4M0gFtuKEa6pxDbq7auhZNiRfp4sq9qJYVr0hDhWsmJHfF9b3vD +J5Opjs+sbO8lnyB624RjeJK31ouSSd7bcDsoRyaKlwIDAQABo2kwZzAUBgNVHREE +DTALgglsb2NhbGhvc3QwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUCcMfgqq2CmnwGuIJGkR7AzVqlIkw +DQYJKoZIhvcNAQELBQADggEBAKTseSmQO0AvF+mJwQRKmPIZkfj8gOGrP+DfrqR4 +nNRnG3Y6M1ToKPJvdDQWCFDhakVxngW0/bJIRoc/75DVhJqtPMhumBbOjzonEm7Q +xCTuKTsRltZSvSCBNA+8Sjv3aRQf24RrSRC1VM0zwSAItTm0cxsSxAM1uNV6s7HP +Vw0i2mla7HdMULILkqctSuZwft4m0s7UvvJuLNSvg1fOUAnQDt5ys2aRvgdJeNgq +GpJZWg1NA4hJeos0o1W/FUwqfohLhrP4zrDfmXoFRFHrGA3IVRzbe7o54rskp8wa +wMDuLS0CrfTRWpelTOxv+K5Lr6MZIHTQvbiaU1itbvbqNHI= +-----END CERTIFICATE----- diff --git a/envs-template/certs/midgard/key.pem b/envs-template/certs/midgard/key.pem new file mode 100644 index 0000000..c082113 --- /dev/null +++ b/envs-template/certs/midgard/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDdA5nEK0V108/o +s1Z5HWFQPbV0bG3BvzDHYGtUBFvid0AVaaInKVN43+iao2WxNEqph6g917EFGD4r +XLtCkbFE/L1HV+rXXAiGv1fR8Y2BaRidQOJCZCLQbd/0X65gGWlZ1lW7+Qr5Me4H +WmUtFCKZpYT3cid1X0YTkxacPpUr7Z1Zz2S8UH08G76SZbdy6yKaG7v12ZTuSfiB +qsnQ8xva8ntAIv9MIpBhny0aTSWjYPRcq04cVLq9fON3gzSAW24oRrqnENurtq6F +k2JF+niyr2olhWvSEOFayYkd8X1ve8Mnk6mOz6xs7yWfIHrbhGN4krfWi5JJ3ttw +OyhHJoqXAgMBAAECggEADgEfGn7zB3/OTuLwo3tsNQu4wz6AB+shYDwCVDam5Q2d +9tCUna5wyebgoM478KoTe9skmuKSpqcXs8l/WvAxz0eQ7Z131bSdthgXkvrsEGhE +TunGsuLdRKxc3ANYei6YbkDDRvlrxUi+JryG6H/Vn26NcENNL8YQaGFSHFo01PpU +k5Vdoag3M6B3fzkGBPSQi9K64ImfIAOq+nRe2voMAhRgCClJ3OgUIDZVIduOR8FM +KG2xFB6PpdUISKi5D37yP7KlhMs3Ui+KSe3yZLmDrJAT8y6dULTUWbLguEQ6ZgZQ +xv3qanMNR40qo9UTXyI1sBUcOK2xKn+oLSDQ/Ad9xQKBgQD9yrbmZ02lQFe0Oxju +YUQHr3xSFS/wtGjht3aeLSDILeaxUbNdUBXyIYSVwsrtu0o0la/lDaXigQ2/THG/ +jb0YWbEtvq+x5T7EM9mPv2NPy4XQ5+kRbVXF1Kziz37yy4hcvlj6C3mGo1ZmOhqv +eHLR422uwcIiQL8wIfLonTlvbQKBgQDe7+DYGbqSW2zA4i6xb1gkUYAF6dRglDqg +A46LOFpVJc6C5l8V1l/dIWsylLyh5R5t87wGXddLBcRioQ83xLjfDehrxSoyuFdl +9akbydJiP4LhcZTAkk2xjTMU6pCI6TwM7KEl45mIIdW3eRzAXsK7z59vRHHvBBX0 +h9Rur11rkwKBgBzreKQQqXxnNJdJFLI1SzdE+/muiGP5auotqcqkgdPNxzf1g2bi +tV1+DEm0hMNKUE5lsEF9qKWC5zohT+TwFdgsgFAiJoszAFADSItk18BEBN+lTZ26 +w8djUMAXvPOV1dgbqK/1lseM3U+Q13GfXBYmwFzln2Wf0yl89N0k7WKRAoGAExOj +wdoxxORd4gN4y2YjvLfcpKTlr33/pkGnqPIhiLe7fCgKauv1OA7sBWAE5DWe7Pm2 +VTUifyD3NRljG/qRd0TRZqdwfPaZQ/hJiD806YNVx8TYXcInM9JJVLjdtVl/8fst +rvhS4vtCNnj+pNd3Ams50WOh/Dn1Rv94hiArdlECgYEAmErFkZdIwYBElOSFI2y8 +sOYEouCI64Nr0scD/PwSpog6Lz1qg55L+zEvyEM044Aynru3H5h6zfOLEqgPYQtm +6LzLJqDtVKHxse7nIV6umhkits6p8wcQdQpMNkHxI+ax5U/utwHYUSBkZUw39h31 +fBOWoMoTZ/7G0OVelxLUv44= +-----END PRIVATE KEY----- diff --git a/odin-gateway/Dockerfile b/odin-gateway/Dockerfile index f0ee4f2..40a4fe1 100644 --- a/odin-gateway/Dockerfile +++ b/odin-gateway/Dockerfile @@ -1,12 +1,11 @@ FROM envoyproxy/envoy:v1.14.2 -# COPY ./https/https.crt /etc/ssl/certs/https.crt -# COPY ./https/key.pem /etc/ssl/certs/key.pem -# COPY envoy.yaml /tmpl/envoy.yaml.tmpl +RUN apt-get update && \ + apt-get install gettext -y -COPY envoy.yaml /etc/envoy/envoy.yaml +COPY ./envoy.yaml /tmpl/envoy.yaml.tmpl +COPY ./docker-entrypoint.sh / -# RUN apt-get update && apt-get install -y gettext-base -# RUN cat /tmpl/envoy.yaml.tmpl | envsubst \$ENVOY_ADMIN_PORT,\$ENVOY_LISTENER_0_PORT,\$ENVOY_LISTENER_1_PORT,\$DAPR_SIDECAR_PORT,\$QUETZALCOATL_AUTH_API_PORT,\$ENKI_PROBLEMS_API_PORT,\$ANUBIS_EVAL_API_PORT > /etc/envoy/envoy.yaml +RUN chmod 500 /docker-entrypoint.sh -CMD /usr/local/bin/envoy -c /etc/envoy/envoy.yaml --service-cluster odin-gateway --service-node odin-gateway --log-level debug \ No newline at end of file +ENTRYPOINT ["/docker-entrypoint.sh"] \ No newline at end of file diff --git a/odin-gateway/docker-entrypoint.sh b/odin-gateway/docker-entrypoint.sh new file mode 100644 index 0000000..97d5939 --- /dev/null +++ b/odin-gateway/docker-entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -e + +echo "Generating envoy.yaml config file..." +cat /tmpl/envoy.yaml.tmpl | envsubst \$ENVOY_ADMIN_PORT,\$ENVOY_HTTP_PORT,\$ENVOY_HTTPS_PORT,\$DAPR_SIDECAR_PORT,\$QUETZALCOATL_AUTH_API_PORT,\$ENKI_PROBLEMS_API_PORT,\$ANUBIS_EVAL_API_PORT > /etc/envoy.yaml + +echo "Starting Envoy..." +/usr/local/bin/envoy -c /etc/envoy.yaml \ No newline at end of file diff --git a/odin-gateway/envoy.yaml b/odin-gateway/envoy.yaml index 2f7694a..b1fcf64 100644 --- a/odin-gateway/envoy.yaml +++ b/odin-gateway/envoy.yaml @@ -4,58 +4,16 @@ admin: socket_address: protocol: TCP address: 0.0.0.0 - port_value: 4001 + port_value: ${ENVOY_ADMIN_PORT} static_resources: listeners: - # HTTP listener - routes to Dapr - # - name: listener_0 - # address: - # socket_address: - # protocol: TCP - # address: 0.0.0.0 - # port_value: 443 - # filter_chains: - # - filters: - # - name: envoy.filters.network.http_connection_manager - # typed_config: - # "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager - # stat_prefix: ingress_http - # route_config: - # name: asgard_route - # virtual_hosts: - # - name: asgard - # domains: ["*"] - # routes: - # - name: "quetzalcoatl" - # match: - # prefix: "/api/identity" - # route: - # auto_host_rewrite: true - # prefix_rewrite: "/v1.0/invoke/quetzalcoatl-auth/method/api" - # cluster: dapr - # - name: "enki" - # match: - # prefix: "/api/problems" - # route: - # auto_host_rewrite: true - # prefix_rewrite: "/v1.0/invoke/enki-problems/method/api/enki/problem" - # cluster: dapr - # - name: "anubis" - # match: - # prefix: "/api/eval" - # route: - # auto_host_rewrite: true - # prefix_rewrite: "/v1.0/invoke/anubis-eval/method/api" - # cluster: dapr - # http_filters: - # - name: envoy.filters.http.router - # HTTPS listener - routes to services - SSL disabled for now - - name: listener_0 + # HTTPS listener - routes to services - SSL disabled + - name: http_listener address: socket_address: protocol: TCP address: 0.0.0.0 - port_value: 80 + port_value: ${ENVOY_HTTP_PORT} filter_chains: - filters: - name: envoy.filters.network.http_connection_manager @@ -73,22 +31,22 @@ static_resources: prefix: "/api/identity" route: auto_host_rewrite: true - prefix_rewrite: "/api" - cluster: quetzalcoatl + prefix_rewrite: "/v1.0/invoke/quetzalcoatl-auth/method/api" + cluster: dapr - name: "enki" match: prefix: "/api/problems" route: auto_host_rewrite: true - prefix_rewrite: "/api/enki/problem" - cluster: enki + prefix_rewrite: "/v1.0/invoke/enki-problems/method/api/enki/problem" + cluster: dapr - name: "anubis" match: prefix: "/api/eval" route: auto_host_rewrite: true - prefix_rewrite: "/api" - cluster: anubis + prefix_rewrite: "/v1.0/invoke/anubis-eval/method/api" + cluster: dapr http_filters: - name: envoy.filters.http.lua config: @@ -231,12 +189,13 @@ static_resources: end end - name: envoy.filters.http.router - - name: listener_1 + # HTTPS listener - routes to services - SSL enabled + - name: https_listener address: socket_address: protocol: TCP address: 0.0.0.0 - port_value: 443 + port_value: ${ENVOY_HTTPS_PORT} filter_chains: - filters: - name: envoy.filters.network.http_connection_manager @@ -254,22 +213,22 @@ static_resources: prefix: "/api/identity" route: auto_host_rewrite: true - prefix_rewrite: "/api" - cluster: quetzalcoatl + prefix_rewrite: "/v1.0/invoke/quetzalcoatl-auth/method/api" + cluster: dapr - name: "enki" match: prefix: "/api/problems" route: auto_host_rewrite: true - prefix_rewrite: "/api/enki/problem" - cluster: enki + prefix_rewrite: "/v1.0/invoke/enki-problems/method/api/enki/problem" + cluster: dapr - name: "anubis" match: prefix: "/api/eval" route: auto_host_rewrite: true - prefix_rewrite: "/api" - cluster: anubis + prefix_rewrite: "/v1.0/invoke/anubis-eval/method/api" + cluster: dapr http_filters: - name: envoy.filters.http.lua config: @@ -413,60 +372,19 @@ static_resources: end end - name: envoy.filters.http.router + tls_context: + common_tls_context: + tls_certificates: + - certificate_chain: + filename: "/etc/ssl/certs/https.crt" + private_key: + filename: "/etc/ssl/certs/key.pem" clusters: - name: dapr connect_timeout: 0.25s - type: logical_dns - dns_lookup_family: V4_ONLY + type: strict_dns lb_policy: round_robin - load_assignment: - cluster_name: dapr - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 3400 - - name: quetzalcoatl - connect_timeout: 0.25s - type: logical_dns - dns_lookup_family: V4_ONLY - lb_policy: round_robin - load_assignment: - cluster_name: quetzalcoatl - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: quetzalcoatl-auth-api - port_value: 5210 - - name: enki - connect_timeout: 0.25s - type: logical_dns - dns_lookup_family: V4_ONLY - lb_policy: round_robin - load_assignment: - cluster_name: enki - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: enki-problems-api - port_value: 5211 - - name: anubis - connect_timeout: 0.25s - type: logical_dns - dns_lookup_family: V4_ONLY - lb_policy: round_robin - load_assignment: - cluster_name: anubis - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: anubis-eval-api - port_value: 5213 + hosts: + - socket_address: + address: 127.0.0.1 + port_value: ${DAPR_SIDECAR_PORT} diff --git a/quetzalcoatl-auth/Bootstrapper/Program.cs b/quetzalcoatl-auth/Bootstrapper/Program.cs index bffeb5c..012d156 100644 --- a/quetzalcoatl-auth/Bootstrapper/Program.cs +++ b/quetzalcoatl-auth/Bootstrapper/Program.cs @@ -104,13 +104,13 @@ if (!app.Environment.IsEnvironment(SystemConsts.TestingEnvironment)) { app.MapHealthChecks( - "/_health", + "/api/_health", new HealthCheckOptions { ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse, } ) - .RequireHost("*:5210"); + .RequireHost("*:80"); } app.UseSerilogRequestLogging() diff --git a/seeder/fixtures.yaml b/seeder/fixtures.yaml index 1c5ef63..5273e46 100644 --- a/seeder/fixtures.yaml +++ b/seeder/fixtures.yaml @@ -13,18 +13,18 @@ problems: create_test: /problems/{problem_id}/test create_submission: /eval/submissions data: - - create_req_path: /temp/ProblemArchive/vecsum/create_req.json + - create_req_path: /tmp/ProblemArchive/vecsum/create_req.json tests: - - test_zip_path: /temp/ProblemArchive/vecsum/tests/1/1.zip + - test_zip_path: /tmp/ProblemArchive/vecsum/tests/1/1.zip score: 20 - - test_zip_path: /temp/ProblemArchive/vecsum/tests/2/2.zip + - test_zip_path: /tmp/ProblemArchive/vecsum/tests/2/2.zip score: 20 - - test_zip_path: /temp/ProblemArchive/vecsum/tests/3/3.zip + - test_zip_path: /tmp/ProblemArchive/vecsum/tests/3/3.zip score: 20 - - test_zip_path: /temp/ProblemArchive/vecsum/tests/4/4.zip + - test_zip_path: /tmp/ProblemArchive/vecsum/tests/4/4.zip score: 20 - - test_zip_path: /temp/ProblemArchive/vecsum/tests/5/5.zip + - test_zip_path: /tmp/ProblemArchive/vecsum/tests/5/5.zip score: 20 submissions: - - source_code_path: /temp/ProblemArchive/vecsum/solutions/main.rs + - source_code_path: /tmp/ProblemArchive/vecsum/solutions/main.rs language: Rust diff --git a/seeder/main.go b/seeder/main.go index cb06dd3..ac88f8f 100644 --- a/seeder/main.go +++ b/seeder/main.go @@ -7,7 +7,7 @@ import ( func main() { // Load fixtures from fixtures.yaml - fixtures, err := LoadFixtures("/temp/fixtures.yaml") + fixtures, err := LoadFixtures("/tmp/fixtures.yaml") if err != nil { log.Fatalf("failed to load fixtures: %s", err) }