feat(bdii): initial commit of bdii job (#133)

feat(bdii): initial commit of bdii job
fix(bdii): autopromote deployments, use docker driver and add volume
feat(bdii): add slapd configuration file creation template
fix(bdii): swap pre-task with artifacts
fix(bdii): use raw urls for bdii schema and config
chore(bdii): add bdii configuration file
fix(bdii): use template to provision bdii configuration

---------

Signed-off-by: Bruce Becker <brucellino@protonmail.ch>

bdii/bdii-slapd.conf

@@ -0,0 +1,122 @@
+include /opt/bitnami/openldap/etc/schema/core.schema
+include /opt/bitnami/openldap/etc/schema/cosine.schema
+include /opt/bitnami/openldap/etc/schema/nis.schema
+# include /local/schemas/BDII.schema
+include /local/schema/schema/Glue-CORE.schema
+include /local/schema/schema/Glue-MDS.schema
+include /local/schema/schema/Glue-CE.schema
+include /local/schema/schema/Glue-CESEBind.schema
+include /local/schema/schema/Glue-SE.schema
+include /local/schema/schema/GLUE20.schema
+
+allow bind_v2
+
+loglevel        0
+idletimeout     120
+sizelimit       unlimited
+timelimit       2400
+
+moduleload rwm
+moduleload back_relay
+
+#######################################################################
+# GLUE 1.3 database definitions
+#######################################################################
+
+database        hdb
+suffix          "o=grid"
+cachesize       30000
+checkpoint      1024 0
+dbnosync
+rootdn          "o=grid"
+rootpw          secret
+directory       {{ env "NOMAD_ALLOC_DIR" }}/mount-data/grid
+
+index GlueCEAccessControlBaseRule eq
+index GlueCESEBindCEUniqueID eq
+index GlueCESEBindSEUniqueID eq
+index GlueCEUniqueID eq
+index GlueChunkKey eq
+index GlueClusterUniqueID eq
+index GlueSAAccessControlBaseRule eq
+index GlueSALocalID eq
+index GlueSEAccessProtocolType pres
+index GlueSEUniqueID eq
+index GlueServiceAccessControlRule eq
+index GlueServiceAccessControlBaseRule eq
+index GlueServiceType eq,sub
+index GlueServiceEndpoint eq,sub
+index GlueServiceURI eq,sub
+index GlueServiceDataKey eq
+index GlueSubClusterUniqueID eq
+index GlueVOInfoAccessControlBaseRule eq
+index objectClass eq,pres
+
+#######################################################################
+# Relay DB to address DIT changes requested by ARC
+#######################################################################
+
+database        relay
+suffix          "GLUE2GroupName=services,o=glue"
+overlay         rwm
+suffixmassage   "GLUE2GroupID=resource,o=glue"
+
+database        relay
+suffix          "GLUE2GroupName=services,GLUE2DomainID=*,o=glue"
+overlay         rwm
+suffixmassage   "GLUE2GroupID=resource,GLUE2DomainID=*,o=glue"
+
+database        relay
+suffix          "GLUE2GroupName=services,GLUE2DomainID=*,GLUE2GroupName=grid,o=glue"
+overlay         rwm
+suffixmassage   "GLUE2GroupID=resource,GLUE2DomainID=*,GLUE2GroupID=grid,o=glue"
+
+
+#######################################################################
+# GLUE 2.0 database definitions
+#######################################################################
+
+database        hdb
+suffix          "o=glue"
+cachesize       30000
+checkpoint      1024 0
+dbnosync
+rootdn          "o=glue"
+rootpw          secret
+directory       /var/lib/bdii/db/glue
+
+index GLUE2GroupID eq
+index GLUE2ExtensionLocalID eq
+index GLUE2LocationID eq
+index GLUE2ContactID eq
+index GLUE2DomainID eq
+index GLUE2ServiceID eq
+index GLUE2EndpointID eq
+index GLUE2ShareID eq
+index GLUE2ManagerID eq
+index GLUE2ResourceID eq
+index GLUE2ActivityID eq
+index GLUE2PolicyID eq
+index GLUE2BenchmarkID eq
+index GLUE2ApplicationEnvironmentID eq
+index GLUE2ApplicationHandleID eq
+index GLUE2ToStorageServiceID eq
+index GLUE2StorageServiceCapacityID eq
+index GLUE2StorageAccessProtocolID eq
+index GLUE2StorageShareSharingID eq
+index GLUE2StorageShareCapacityID eq
+index GLUE2EndpointInterfaceName eq
+index GLUE2PolicyRule eq
+index objectClass eq,pres
+
+#######################################################################
+# Stats database definitions
+#######################################################################
+database        hdb
+suffix          "o=infosys"
+cachesize       10
+checkpoint      1024 0
+dbnosync
+rootdn          "o=infosys"
+rootpw          secret
+directory       /var/lib/bdii/db/stats

bdii/bdii.hcl

@@ -0,0 +1,206 @@
+variable "bdii" {
+  description = "Configuration items for BDII"
+  type = object({
+    version = string
+    files = list(string)
+  })
+
+  default = {
+    version = "6.0.1"
+    files = [
+      "BDII.schema"
+    ]
+  }
+}
+
+variable "glue" {
+  description = "Glue schema configuration items"
+  type = object({
+    url = string
+    version = string
+    schemas = list(string)
+  })
+  default = {
+    url = "https://github.com/EGI-Federation/glue-schema/archive/refs/tags"
+    version = "2.1.1"
+    schemas = [
+      "GLUE20.schema",
+      "Glue-CE.schema",
+      "Glue-CESEBind.schema",
+      "Glue-MDS.schema",
+      "Glue-SE.schema"
+    ]
+  }
+}
+
+variable "slapd" {
+  description = "configuration items for slapd"
+  type = object({
+    bdii_var_dir = string
+    db_dir = string,
+    db_conf_dir = string,
+    db_entries = list(string)
+    port = string,
+    ipv6_support = bool
+    schemas_dir = string
+  })
+
+  default = {
+    # These go under the job alloc directory
+    bdii_var_dir = "var/lib/bdii/"
+    db_dir = "var/lib/bdii/db"
+    db_conf_dir = "etc/bdii"
+    db_entries = [
+      "stats",
+      "glue",
+      "stats",
+      "grid"
+    ],
+    port = "2170",
+    ipv6_support = false
+    schemas_dir = "local/schemas"
+  }
+}
+
+job "bdii" {
+  datacenters = ["dc1"]
+  type = "service"
+  constraint {
+    attribute = "${attr.kernel.name}"
+    value     = "linux"
+  }
+
+  update {
+    max_parallel = 2
+    min_healthy_time = "10s"
+    healthy_deadline = "5m"
+    progress_deadline = "10m"
+    auto_revert = true
+    auto_promote = true
+    canary = 1
+  }
+  migrate {
+    max_parallel = 1
+    health_check = "checks"
+    min_healthy_time = "10s"
+    healthy_deadline = "5m"
+  }
+  group "site" {
+    count = 1
+
+    volume "ldap" {
+      type = "host"
+      source = "scratch"
+      read_only = false
+    }
+
+    network {
+      port "slapd" {
+        to = 2170
+      }
+    }
+    service {
+      name     = "bdii"
+      tags     = ["site"]
+      port     = "slapd"
+      provider = "consul"
+
+      check {
+        name     = "alive"
+        type     = "tcp"
+        interval = "10s"
+        timeout  = "2s"
+      }
+    }
+
+    restart {
+      attempts = 1
+      interval = "5m"
+      delay = "15s"
+      mode = "fail"
+    }
+
+    reschedule {
+      unlimited = true
+      interval = "10m"
+      delay = "30s"
+      delay_function = "constant"
+    }
+
+    task "ldap" {
+      # The "driver" parameter specifies the task driver that should be used to
+      # run the task.
+      artifact {
+        source = "github.com/EGI-Federation/glue-schema.git//etc/ldap/schema"
+        destination = "local/schema"
+        mode = "dir"
+      }
+
+      artifact {
+        # BDII Schema directly from EGI-Foundation/bdii
+        source = "https://raw.githubusercontent.com/EGI-Federation/bdii/v${var.bdii.version}/etc/BDII.schema"
+        destination = "local/schema/BDII.schema"
+        mode = "file"
+      }
+
+      artifact {
+        # slapd config EGI-Foundation/bdii
+        source = "https://raw.githubusercontent.com/EGI-Foundation/bdii/v${var.bdii.version}/etc/bdii-slapd.conf"
+        destination = "/local/etc/bdii-slapd.conf"
+        mode = "file"
+      }
+
+      template {
+        data = file("provision_config_files.sh.tmpl")
+        destination = "/docker-entrypoint-initdb.d/start.sh"
+        perms = "777"
+      }
+
+      template {
+        data = file("bdii-slapd.conf")
+        destination = "local/bdii-slapd.conf"
+        perms = "0644"
+      }
+
+      driver = "docker"
+      config {
+        image = "bitnami/openldap:2.6"
+        ports = ["slapd"]
+        auth_soft_fail = true
+      }
+      env {
+        LDAP_PORT_NUMBER = "${NOMAD_PORT_slapd}"
+        // LDAP_CUSTOM_SCHEMA_FILE = "Glue-CORE"
+        LDAP_ADD_SCHEMAS = "yes"
+        // LDAP_EXTRA_SCHEMAS = "Glue-CORE"
+        LDAP_LOGLEVEL = 2048
+        LDAP_ENABLE_ACCESSLOG = "yes"
+        LDAP_ACCESSLOG_LOGOPS = "all"
+        BDII_VAR_DIR = "${var.slapd.bdii_var_dir}"
+        SLAPD_DB_DIR = "${var.slapd.db_dir}"
+        // LDAP_CUSTOM_SCHEMA_DIR = "/local/schema/"
+        // BITNAMI_DEBUG = true
+        LDAP_SKIP_DEFAULT_TREE = "yes"
+      }
+      logs {
+        max_files     = 10
+        max_file_size = 15
+      }
+
+      identity {
+        env  = true
+        file = true
+      }
+      resources {
+        cpu    = 500 # 500 MHz
+        memory = 512 # 512MB
+      }
+
+      volume_mount {
+        volume = "ldap"
+        destination = "${NOMAD_ALLOC_DIR}/mount-data"
+        propagation_mode = "bidirectional"
+      }
+    }
+  }
+}

bdii/provision_config_files.sh.tmpl

@@ -0,0 +1,25 @@
+#!/bin/env bash
+
+# provision_config_files.sh
+# Reproduces part of: https://github.com/EGI-Federation/bdii/blob/main/etc/systemd/bdii-slapd-start
+
+# Provisions files for configuring the openldap server
+
+# Create Database directory
+# was SLAPD_DB_DIR=${SLAPD_DB_DIR:-$BDII_VAR_DIR/db} where SLAPD_DB_DIR is /var/lib/bdii
+# We should mount this into tmpfs, but who knows if that's possible
+
+mkdir -vp {{ env "NOMAD_ALLOC_DIR" }}/mount-data/{{ env "SLAPD_DB_DIR" }}/stats
+mkdir -vp {{ env "NOMAD_ALLOC_DIR" }}/mount-data/{{ env "SLAPD_DB_DIR" }}/glue
+mkdir -vp {{ env "NOMAD_ALLOC_DIR" }}/mount-data/{{ env "SLAPD_DB_DIR" }}/grid
+mkdir -vp {{ env "NOMAD_ALLOC_DIR" }}/mount-data/{{ env "BDII_VAR_DIR" }}/archive
+
+tree {{ env "NOMAD_ALLOC_DIR" }}
+
+
+# Put the DB_CONFIG in grid, stats and glue
+
+
+# Copy schema files into place
+# This should be used by the subsequent task which runs openldap
+cp -vp {{ env "NOMAD_ALLOC_DIR" }}/scratch/glue-schema-2.1.1/etc/ldap/schema/* {{ env "NOMAD_ALLOC_DIR" }}