Merge pull request #11 from LCOGT/fix/csrf

Fixes to deployment
LCOGT · Dec 13, 2024 · d45431b · d45431b
2 parents d6afc7a + 3b8769e
commit d45431b
Show file tree

Hide file tree

Showing 14 changed files with 130 additions and 22 deletions.
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -11,5 +11,3 @@ jobs:
   cd:
     uses: LCOGT/reusable-workflows/.github/workflows/continuous-deployment.yaml@main
     secrets: inherit
-
-# Test update noop counter: 1
diff --git a/.gitignore b/.gitignore
@@ -165,3 +165,4 @@ dump*
 
 local-kubeconfig
 
+staticfiles
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,7 @@
+0.3.1 (2024-12-06)
+------------------
+- Deployment fixes
+
 0.3.0 (2024-11-12)
 ------------------
 - Added a plot for the combined extraction fo both orders

diff --git a/Dockerfile b/Dockerfile
@@ -12,6 +12,12 @@ RUN pip install --no-cache-dir .
 
 WORKDIR /banzai-floyds-ui/banzai_floyds_ui
 
+RUN python manage.py collectstatic
+
+RUN python manage.py createcachetable
+
+RUN python manage.py makemigrations
+
 RUN python manage.py migrate
 
 CMD [ \
@@ -20,6 +26,8 @@ CMD [ \
     "--worker-class=gevent", \
     "--workers=4", \
     "--timeout=300", \
+    "--capture-output", \
+    "--enable-stdio-inheritance", \
     "--access-logfile=-", \
     "--error-logfile=-", \
     "banzai_floyds_ui.gui.wsgi:application" \

diff --git a/banzai_floyds_ui/gui/app.py b/banzai_floyds_ui/gui/app.py
@@ -19,7 +19,6 @@
 from banzai_floyds.frames import FLOYDSFrameFactory
 from banzai_floyds import settings
 from django.conf import settings as django_settings
-from banzai_floyds.utils.profile_utils import profile_fits_to_data
 import os
 import banzai.main
 import io

diff --git a/banzai_floyds_ui/gui/urls.py b/banzai_floyds_ui/gui/urls.py
@@ -15,13 +15,14 @@
 """
 from django.contrib import admin
 from django.urls import path, include
-from banzai_floyds_ui.gui.views import banzai_floyds_view, login_view, logout_view
+from banzai_floyds_ui.gui.views import banzai_floyds_view, login_view, logout_view, status_view
 
 
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('api', include('banzai_floyds_ui.api.urls')),
     path('', banzai_floyds_view, name="banzai-floyds"),
+    path('status', status_view, name="status"),
     path('login', login_view, name="login"),
     path('logout', logout_view, name="logout"),
     path('django_plotly_dash', include('django_plotly_dash.urls')),

diff --git a/banzai_floyds_ui/gui/views.py b/banzai_floyds_ui/gui/views.py
@@ -3,6 +3,8 @@
 from banzai_floyds_ui.gui.forms import LoginForm
 from django.views.decorators.csrf import csrf_protect
 from django.conf import settings
+from rest_framework.response import Response
+from rest_framework.decorators import api_view
 import requests
 
 
@@ -48,3 +50,8 @@ def logout_view(request):
     if 'username' in request.session:
         del request.session['username']
     return render(request, 'floyds.html')
+
+
+@api_view(['GET'])
+def status_view(request):
+    return Response({'message': 'BANZAI-FLOYDS service is healthy.'})
diff --git a/banzai_floyds_ui/settings.py b/banzai_floyds_ui/settings.py
@@ -22,13 +22,12 @@
 # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-0*$4nwm8zd$jcc*xlwm$2nm_=r6bn5rv@#k7jrta^dy&c*3)(y'
+SECRET_KEY = os.getenv('SECRET_KEY', 'django-insecure-0*$4nwm8zd$jcc*xlwm$2nm_=r6bn5rv@#k7jrta^dy&c*3)(y')
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
-
-ALLOWED_HOSTS = ['*']
+DEBUG = eval(os.getenv('DEBUG', 'False'))
 
+ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',')
 
 # Application definition
 
@@ -40,10 +39,12 @@
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'rest_framework',
+    'django_extensions',
     'bootstrap4',
     'django_plotly_dash.apps.DjangoPlotlyDashConfig',
     'dpd_static_support',
-    'fontawesomefree'
+    'fontawesomefree',
+    'django_redis'
 ]
 
 MIDDLEWARE = [
@@ -60,6 +61,7 @@
 ]
 
 SESSION_ENGINE = "django.contrib.sessions.backends.cache"
+SESSION_CACHE_ALIAS = "default"
 
 ROOT_URLCONF = 'banzai_floyds_ui.gui.urls'
 
@@ -81,19 +83,19 @@
 
 WSGI_APPLICATION = 'banzai_floyds_ui.gui.wsgi.application'
 
-if os.environ.get('REDIS_URL') is None:
+if os.environ.get('REDIS_HOST') is None:
     CACHES = {
         "default": {
-            "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
-            "LOCATION": "unique-snowflake",
+            "BACKEND": "django.core.cache.backends.db.DatabaseCache",
+            "LOCATION": "django_cache_table",
         }
     }
 else:
     CACHES = {
         'default':
             {
                 'BACKEND': 'django_redis.cache.RedisCache',
-                "LOCATION": os.environ['REDIS_URL'],
+                "LOCATION": f"redis://{os.environ['REDIS_HOST']}:{os.environ['REDIS_PORT']}",
                 'OPTIONS': {'CLIENT_CLASS': 'django_redis.client.DefaultClient'}
             }
     }
@@ -102,14 +104,24 @@
 # Database
 # https://docs.djangoproject.com/en/4.1/ref/settings/#databases
 
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': BASE_DIR / 'db.sqlite3',
+if os.getenv('FLOYDS_UI_DB_HOST') is None:
+    DATABASES = {
+        'default': {
+            'ENGINE': 'django.db.backends.sqlite3',
+            'NAME': BASE_DIR / 'db.sqlite3',
+        }
+    }
+else:
+    DATABASES = {
+        'default': {
+            'ENGINE': os.getenv('FLOYDS_UI_DB_ENGINE', 'django.db.backends.postgresql'),
+            'NAME': os.environ['FLOYDS_UI_DB_NAME'],
+            'USER': os.environ['FLOYDS_UI_DB_USER'],
+            'PASSWORD': os.environ['FLOYDS_UI_DB_PASSWORD'],
+            'HOST': os.environ['FLOYDS_UI_DB_HOST'],
+            'PORT': os.getenv('FLOYDS_UI_DB_PORT', '5432'),
+        }
     }
-}
-
-
 # Password validation
 # https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators
 
@@ -128,6 +140,7 @@
     },
 ]
 
+CSRF_TRUSTED_ORIGINS = os.getenv('CSRF_TRUSTED_ORIGINS', 'http://127.0.0.1').split(',')
 
 # Internationalization
 # https://docs.djangoproject.com/en/4.1/topics/i18n/

diff --git a/k8s/base/deploy-server.yaml b/k8s/base/deploy-server.yaml
@@ -31,6 +31,8 @@ spec:
             - --timeout=$(GUNICORN_TIMEOUT)
             - --access-logfile=-
             - --error-logfile=-
+            - --capture-output
+            - --enable-stdio-inheritance
             - banzai_floyds_ui.gui.wsgi:application
 
           env:
@@ -56,11 +58,11 @@ spec:
             initialDelaySeconds: 15
             timeoutSeconds: 3
             httpGet:
-              path: /
+              path: status
               port: http
           readinessProbe:
             initialDelaySeconds: 15
             timeoutSeconds: 3
             httpGet:
-              path: /
+              path: status
               port: http
diff --git a/k8s/base/kustomization.yaml b/k8s/base/kustomization.yaml
@@ -4,9 +4,17 @@ kind: Kustomization
 resources:
   - ./deploy-server.yaml
   - ./svc-server.yaml
+  - ./redis-pvc.yaml
+  - ./redis-deploy.yaml
+  - ./redis-service.yaml
 
 configMapGenerator:
   - name: env
     literals:
       - ARCHIVE_URL=https://archive-api.lco.global/frames/
       - OBSPORTAL_AUTH_URL=https://observe.lco.global/api/api-token-auth/
+      - REDIS_HOST=redis-service
+      - REDIS_PORT=6379
+      - DEBUG=1
+      - DB_ADDRESS=sqlite:///test.db
+      - OPENTSDB_PYTHON_METRICS_TEST_MODE=1
diff --git a/k8s/base/redis-deploy.yaml b/k8s/base/redis-deploy.yaml
@@ -0,0 +1,43 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/deployment-apps-v1.json
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+  labels:
+    app.kubernetes.io/component: redis
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: redis
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: redis
+    spec:
+      volumes:
+        - name: redis-data
+          persistentVolumeClaim:
+            claimName: redis-pvc
+      containers:
+        - name: redis
+          image: redis:7.4.1
+          ports:
+          - containerPort: 6379
+          volumeMounts:
+          - name: redis-data
+            mountPath: /data
+          livenessProbe:
+            initialDelaySeconds: 15
+            timeoutSeconds: 3
+            exec:
+              command:
+              - redis-cli
+              - ping
+          readinessProbe:
+            initialDelaySeconds: 15
+            timeoutSeconds: 3
+            exec:
+              command:
+              - redis-cli
+              - ping
diff --git a/k8s/base/redis-pvc.yaml b/k8s/base/redis-pvc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/k8s/base/redis-service.yaml b/k8s/base/redis-service.yaml
@@ -0,0 +1,13 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/service-v1.json
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-service
+
+spec:
+  ports:
+  - port: 6379
+    targetPort: 6379
+  selector:
+    app.kubernetes.io/component: redis
diff --git a/pyproject.toml b/pyproject.toml
@@ -28,6 +28,7 @@ dependencies = [
   "fontawesomefree",
   "requests",
   "django_redis",
+  "django_extensions",
   "whitenoise",
   "httpx",
   "banzai_floyds @ git+https://github.com/lcogt/[email protected]",
Original file line number	Diff line number	Diff line change
Expand Up		@@ -165,3 +165,4 @@ dump*

		local-kubeconfig

		staticfiles