Compare revisions

Emanuele Aina · Emanuele Aina · Emanuele Aina · Emanuele Aina · Emanuele Aina · Emanuele Aina
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -77,6 +77,7 @@ gitlab-integration-test:
    DOCKER_HOST: tcp://docker:2375
    DOCKER_TLS_CERTDIR: ""
    AUTHZ_MEDIATOR_IMAGE: $CI_REGISTRY_IMAGE/authz-mediator:$TAG_SHA
+    GITLAB_EXTERNAL_URL: http://docker:8000
    GITLAB_SECRET: 5h0uLd{8E}-4u709EneR47Ed
  before_script:
    - apt update && apt install -y --no-install-recommends
@@ -94,27 +95,28 @@ gitlab-integration-test:
        python3-pytest
        python3-selenium
        python3-gitlab
-        wait-for-it
    - pip3 install pytest-selenium==4.0.0 selenium==4.9.1
-    - wait-for-it docker:8000 --timeout=180 -- echo "The GitLab frontend is up"
    - |
-      timeout 300s bash <<EOF
-        echo "Wait for the GitLab backend"
-        while ! curl -o /dev/null --no-progress-meter --fail http://docker:8000/
-        do
-          sleep 10s
-        done
+      python3 - <<EOF
+      import os, sys, time
+      import gitlab
+      globals().update(os.environ) # import all env vars
+      results = None
+      print(f'Waiting for {GITLAB_EXTERNAL_URL} to be ready')
+      for i in range(1, 61):
+        try:
+          gl = gitlab.Gitlab(GITLAB_EXTERNAL_URL, private_token=GITLAB_SECRET)
+          results = gl.users.list()
+        except Exception as e:
+          delay = 10
+          print(f'Round {i:2}: got "{e}", will try again in {delay}s')
+          time.sleep(delay)
+      if results:
+        print(f'Ready, got {len(results)} results')
+      else:
+        print(f'Not ready after {i} attempts')
+        sys.exit(1)
      EOF
-    - curl -v --fail --no-progress-meter http://docker:8000/
-    - |
-      timeout 300s bash <<EOF
-        echo "Wait for the GitLab API"
-        while ! python3 -c "import os; import gitlab; gl = gitlab.Gitlab('http://docker:8000', private_token=os.environ['GITLAB_SECRET']); print(gl.users.list())" >/dev/null 2>&1
-        do
-          sleep 10s
-        done
-      EOF
-    - python3 -c "import os; import gitlab; gl = gitlab.Gitlab('http://docker:8000', private_token=os.environ['GITLAB_SECRET']); print(gl.users.list())"
    - pytest-3 -v --capture=no --color=yes
        --driver Remote --capability browserName firefox
        --selenium-host docker --selenium-port 4444

--- a/docker-compose-gitlab.yaml
+++ b/docker-compose-gitlab.yaml
@@ -55,9 +55,7 @@ services:
    ports:
      - '5556:5556'
    volumes:
-      - type: bind
-        source: ./dex.config.tmpl
-        target: //etc/dex/config.docker.yaml
+      - ./dex.config.tmpl:/etc/dex/config.docker.yaml:ro,Z
    environment:
      DEX_ISSUER: &dex_issuer http://oidc-provider:5556/dex
      DEX_CONNECTORS_ENABLE_LDAP: "true"
@@ -74,12 +72,10 @@ services:
      - '3890:389'
    command: ["--copy-service"]
    volumes:
-      - type: bind
-        source: ./config-ldap.ldif
-        target: /container/service/slapd/assets/config/bootstrap/ldif/custom/config-ldap.ldif
+      - ./config-ldap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/config-ldap.ldif:ro,Z

  mediator:
-    image: "${AUTHZ_MEDIATOR_IMAGE:-authz-mediator}"
+    image: "${AUTHZ_MEDIATOR_IMAGE:-registry.gitlab.apertis.org/infrastructure/authz-mediator/authz-mediator:latest}"
    restart: on-failure
    ports:
      - '5555:5555'
@@ -98,6 +94,9 @@ services:

  selenium:
    image: selenium/standalone-firefox:4.22
+    environment:
+      VNC_NO_PASSWORD: 1
+      SE_VNC_NO_PASSWORD: 1
    ports:
      - '4444:4444'
      - '7900:7900'
--- a/docker-compose-lava.yaml
+++ b/docker-compose-lava.yaml
 version: "3.3"
 services:
  oidc-provider:
-    image: dexidp/dex
+    image: dexidp/dex:v2.35.3-alpine
    ports:
      - '5556:5556'
    volumes:
-      - type: bind
-        source: ./dex.config.tmpl
-        target: //etc/dex/config.docker.yaml
+      - ./dex.config.tmpl:/etc/dex/config.docker.yaml:ro,Z
    environment:
      DEX_ISSUER: &dex_issuer http://oidc-provider:5556/dex
      DEX_CONNECTORS_ENABLE_LDAP: "true"
@@ -24,20 +22,37 @@ services:
      - '389:389'
    command: ["--copy-service"]
    volumes:
-      - type: bind
-        source: ./config-ldap.ldif
-        target: /container/service/slapd/assets/config/bootstrap/ldif/custom/config-ldap.ldif
+      - ./config-ldap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/config-ldap.ldif:ro,Z

-  lava:
-    image: "${LAVA_IMAGE:-lava-server}"
-    ports:
-      - '8000:80'
+  createsuperuser:
+    image: "${LAVA_IMAGE:-registry.gitlab.collabora.com/lava/lava/collabora-staging:990d1ab0d70d2e6005ec1944b1d453a6b30898a6}"
+    entrypoint:
+      - sh
+      - -eu
+      - -c
+      - |
+        wait-for-it --timeout=60 $$LAVA
+        lava-server manage users details "$$LAVA_ADMIN_USERNAME" 2> /dev/null || (lava-server manage users add --passwd "$$LAVA_ADMIN_PASSWORD" --staff --superuser "$$LAVA_ADMIN_USERNAME" && echo User $$LAVA_ADMIN_USERNAME created)
+        lava-server manage tokens list --user "$$LAVA_ADMIN_USERNAME" --csv | grep -q ",$$LAVA_ADMIN_TOKEN," || (lava-server manage tokens add --secret "$$LAVA_ADMIN_TOKEN" --user "$$LAVA_ADMIN_USERNAME" && echo Token $$LAVA_ADMIN_TOKEN for user $$LAVA_ADMIN_USERNAME created)
    environment:
-      ALLOWED_HOSTS: lava
+      LAVA: lava:80
      LAVA_ADMIN_USERNAME: root
      LAVA_ADMIN_PASSWORD: p4ssw0rd
      LAVA_ADMIN_TOKEN: t0k3n
-      LAVA_SETTINGS_AUTH_OIDC: |
+      DATABASE_URL: "postgresql://lavaserver:lavapass@db:5432/lavaserver"
+      SECRET_KEY: "12345"
+
+  lava:
+    image: "${LAVA_IMAGE:-registry.gitlab.collabora.com/lava/lava/collabora-staging:990d1ab0d70d2e6005ec1944b1d453a6b30898a6}"
+    ports:
+      - '8000:80'
+    environment:
+      LAVA_YAML_SETTINGS_DEBUG: "true"
+      LOGLEVEL: DEBUG
+      BIND: --bind=0.0.0.0:80
+      LAVA_YAML_SETTINGS_AUTH_OIDC: |
+        LAVA_OIDC_ACCOUNT_NAME: OpenID-Connect (via authz-mediator)
+        OIDC_RP_SCOPES: openid email profile
        OIDC_RP_CLIENT_ID: "authz-mediator"
        OIDC_RP_CLIENT_SECRET: "s3kr3t"
        OIDC_RP_SIGN_ALGO: "RS256"
@@ -45,13 +60,26 @@ services:
        OIDC_OP_TOKEN_ENDPOINT: "http://mediator:5555/token"
        OIDC_OP_USER_ENDPOINT: "http://mediator:5555/userinfo"
        OIDC_OP_JWKS_ENDPOINT: "http://mediator:5555/keys"
-        OIDC_CREATE_USER: true
-      LAVA_SETTINGS_CSRF_COOKIE_SECURE: "false"
-      LAVA_SETTINGS_CSRF_COOKIE_HTTPONLY: "false"
-      LAVA_SETTINGS_SESSION_COOKIE_SECURE: "false"
+        OIDC_AUTH_BACKEND: lava_server.oidc_sso.OIDCAuthenticationBackendUsernameFromPreferred
+      LAVA_YAML_SETTINGS_CSRF_COOKIE_SECURE: "false"
+      LAVA_YAML_SETTINGS_CSRF_COOKIE_HTTPONLY: "false"
+      LAVA_YAML_SETTINGS_SESSION_COOKIE_SECURE: "false"
      DATABASE_URL: "postgresql://lavaserver:lavapass@db:5432/lavaserver"
      SECRET_KEY: "12345"
      ALLOWED_HOSTS: "*"
+      LAVA_YAML_SETTINGS_LOGGING: |
+        version: 1
+        root:
+          level: INFO
+        loggers:
+          django:
+            level: INFO
+          lava-publisher:
+            lever: ERROR
+          lava-scheduler:
+            lever: ERROR
+          mozilla_django_oidc:
+            level: DEBUG

  db:
    image: postgres:latest
@@ -61,7 +89,7 @@ services:
      - POSTGRES_PASSWORD=lavapass

  mediator:
-    image: "${AUTHZ_MEDIATOR_IMAGE:-authz-mediator}"
+    image: "${AUTHZ_MEDIATOR_IMAGE:-registry.gitlab.apertis.org/infrastructure/authz-mediator/authz-mediator:latest}"
    restart: on-failure
    ports:
      - '5555:5555'
@@ -79,6 +107,9 @@ services:

  selenium:
    image: selenium/standalone-firefox:4.0.0-beta-4-20210608
+    environment:
+      VNC_NO_PASSWORD: 1
+      SE_VNC_NO_PASSWORD: 1
    ports:
      - '4444:4444'
      - '7900:7900'
No results found