Backport system-integration fixes from 'develop' into release/v0.1

bin/install-terraform.sh

@@ -13,7 +13,7 @@ if ! unzip --help >/dev/null 2>&1
 then
   sudo apt-get -y install unzip
 fi
-curl -sLo terraform.zip https://releases.hashicorp.com/terraform/0.12.26/terraform_0.12.26_linux_amd64.zip
+curl -sLo terraform.zip https://releases.hashicorp.com/terraform/0.12.29/terraform_0.12.29_linux_amd64.zip
 unzip terraform.zip
 rm -f terraform.zip
 chmod +x terraform

minikube/setup-minikube.sh

@@ -10,7 +10,7 @@ mkdir -p $HOME/.local/bin
 
 # minikube: download and install locally
 echo "Download minikube..."
-curl -sLo $HOME/.local/bin/minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
+curl -sLo $HOME/.local/bin/minikube https://github.com/kubernetes/minikube/releases/download/v1.12.1/minikube-linux-amd64 \
   && chmod +x $HOME/.local/bin/minikube
 
 # If MINIKUBE_MODE is not set, and USER is vagrant, deduce we are running in a VM, so use 'native' mode
@@ -20,13 +20,13 @@ if [ -z "${MINIKUBE_MODE}" -a "${USER}" = "vagrant" ]; then MINIKUBE_MODE="nativ
 # minikube (native)
 if [ "${MINIKUBE_MODE}" = "native" ]
 then
-  if hash conntrack
+  if hash conntrack 2>/dev/null
   then
     # start minikube
     # - default container runtime is docker - see https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration
     echo "Start minikube (native), and wait for cluster..."
+    export CHANGE_MINIKUBE_NONE_USER=true
     sudo -E $HOME/.local/bin/minikube start --driver=none --addons ingress --wait "all"
-    sudo chown -R $USER $HOME/.kube $HOME/.minikube
   else
     echo "ERROR: conntrack must be installed for minikube driver='none', e.g. 'sudo apt install conntrack'. Aborting..."
     exit 1

terraform/global/proc-ades/dependencies.tf

@@ -1,8 +1,3 @@
-resource "null_resource" "waitfor-login-service" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for Login Service" && sleep 30; done
-EOT
-  }
-}
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
+}

terraform/global/proc-ades/main.tf

@@ -6,7 +6,7 @@ resource "kubernetes_deployment" "ades" {
       app = "ades"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
     replicas = 1
@@ -62,7 +62,7 @@ resource "kubernetes_service" "ades" {
       app = "ades"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [kubernetes_deployment.ades]
 
   spec {
     port {

terraform/global/rm-workspace/dependencies.tf

@@ -1,8 +1,3 @@
-resource "null_resource" "waitfor-login-service" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for Login Service" && sleep 30; done
-EOT
-  }
-}
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
+}

terraform/global/rm-workspace/main.tf

@@ -6,7 +6,7 @@ resource "kubernetes_deployment" "workspace" {
       app = "workspace"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
     replicas = 1
@@ -75,7 +75,7 @@ resource "kubernetes_service" "workspace" {
       app = "workspace"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [kubernetes_deployment.workspace]
 
   spec {
     port {
@@ -91,4 +91,19 @@ resource "kubernetes_service" "workspace" {
 
     type = "NodePort"
   }
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs service/workspace 2>/dev/null | grep "Nextcloud was successfully installed" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for service/workspace"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
 }

terraform/global/rm-workspace/workspace-ingress.tf

@@ -18,4 +18,3 @@ resource "kubernetes_ingress" "workspace" {
     }
   }
 }
-

terraform/global/um-login-service/config/load-config.tf

@@ -2,7 +2,7 @@ resource "kubernetes_job" "config_init_load_job" {
   metadata {
     name = "config-init-load-job"
   }
-  depends_on = [ kubernetes_config_map.config-cm ]
+  depends_on = [kubernetes_config_map.config-cm]
 
   spec {
     template {
@@ -39,11 +39,11 @@ resource "kubernetes_job" "config_init_load_job" {
             name  = "GLUU_SECRET_ADAPTER"
             value = "kubernetes"
           }
-          
+
           volume_mount {
-            name       = "config-cm"
-            mount_path = "/opt/config-init/db/generate.json"
-            sub_path   = "generate.json"
+            name              = "config-cm"
+            mount_path        = "/opt/config-init/db/generate.json"
+            sub_path          = "generate.json"
             mount_propagation = "HostToContainer"
           }
         }
@@ -52,5 +52,9 @@ resource "kubernetes_job" "config_init_load_job" {
       }
     }
   }
+  wait_for_completion = true
+  timeouts {
+    create = "5m"
+    update = "5m"
+  }
 }
-

terraform/global/um-login-service/ldap/dependencies.tf

@@ -1,18 +1,3 @@
-resource "null_resource" "waitfor-opendj-init" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl logs opendj-init-0 | grep "The Directory Server has started successfully"; do echo "Waiting for opendj-init0" && sleep 30; done
-EOT
-  } 
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
 }
-
-resource "null_resource" "waitfor-config-init" {
-  depends_on = [ var.module_depends_on ]
-
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl get pods | grep "config-init" | grep "Completed"; do echo "Waiting for config-init pod" && sleep 30; done
-EOT
-  } # kubectl wait --for=condition=complete job/config-init-load-job --timeout=5m
-}

terraform/global/um-login-service/ldap/opendj-init.tf

@@ -3,13 +3,11 @@ resource "kubernetes_config_map" "opendj_init_cm" {
     name = "opendj-init-cm"
   }
 
-  depends_on = [ null_resource.waitfor-config-init ]
-
   data = {
-    GLUU_CONFIG_ADAPTER = "kubernetes"
+    GLUU_CONFIG_ADAPTER      = "kubernetes"
     GLUU_LDAP_ADVERTISE_ADRR = "opendj"
     GLUU_LDAP_AUTO_REPLICATE = "false"
-    GLUU_SECRET_ADAPTER = "kubernetes"
+    GLUU_SECRET_ADAPTER      = "kubernetes"
   }
 }
 
@@ -22,10 +20,10 @@ resource "kubernetes_service" "opendj" {
     }
   }
 
-  depends_on = [ null_resource.waitfor-config-init ]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
-    
+
     port {
       name        = "ldaps"
       protocol    = "TCP"
@@ -67,7 +65,7 @@ resource "kubernetes_stateful_set" "opendj_init" {
     name = "opendj-init"
   }
 
-  depends_on = [ null_resource.waitfor-config-init ]
+  depends_on = [kubernetes_service.opendj]
 
   spec {
     replicas = 1
@@ -181,5 +179,19 @@ resource "kubernetes_stateful_set" "opendj_init" {
 
     service_name = "opendj"
   }
-}
 
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs opendj-init-0 2>/dev/null | grep "The Directory Server has started successfully" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for opendj-init0"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
+}

terraform/global/um-login-service/ldap/persistence.tf

@@ -3,7 +3,7 @@ resource "kubernetes_job" "um_login_persistence" {
     name = "um-login-persistence"
   }
 
-  depends_on = [ null_resource.waitfor-config-init, null_resource.waitfor-opendj-init ]
+  depends_on = [null_resource.waitfor-module-depends, kubernetes_stateful_set.opendj_init]
 
   spec {
     backoff_limit = 1
@@ -70,5 +70,9 @@ resource "kubernetes_job" "um_login_persistence" {
       }
     }
   }
+  wait_for_completion = true
+  timeouts {
+    create = "5m"
+    update = "5m"
+  }
 }
-

terraform/global/um-login-service/main.tf

@@ -34,7 +34,7 @@ module "nginx" {
   source            = "./nginx"
   nginx_ip          = var.nginx_ip
   hostname          = var.hostname
-  module_depends_on = [module.ldap.ldap-up]
+  module_depends_on = [module.config.config-done]
 }
 
 module "oxauth" {

terraform/global/um-login-service/nginx/dependencies.tf

@@ -1,20 +1,3 @@
-resource "null_resource" "waitfor-tls-secrets" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    #until kubectl get pods | grep "config-init" | grep "Completed"; do echo "Waiting for config-init pod" && sleep 30; done
-    
-EOT
-  } 
-} # kubectl wait --for=condition=complete job/config-init-load-job --timeout=10m
-# ../global/um-login-service/nginx/tls-secrets.sh
-
-resource "null_resource" "waitfor-persistence" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl get pods | grep "persistence" | grep "Completed"; do echo "Waiting for persistence" && sleep 30; done
-    
-EOT
-  } 
-}# kubectl wait --for=condition=complete pod  -l job-name=persistence --timeout=10m
+resource "null_resource" "waitfor-config-init" {
+  depends_on = [var.module_depends_on]
+}