uc-cdis · k-burt-uch · Oct 23, 2024 · k-burt-uch · Nov 18, 2024 · Avantol13
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+.idea
 Chef/nodes/
 tf_files/*output/*
 tf_files/terraform.tfstate

diff --git a/gen3/bin/kube-roll-all.sh b/gen3/bin/kube-roll-all.sh
@@ -249,6 +249,12 @@ else
   gen3_log_info "not deploying gen3-discovery-ai - no manifest entry for '.versions[\"gen3-discovery-ai\"]'"
 fi
 
+if g3k_manifest_lookup '.versions["gen3-user-data-library"]' 2> /dev/null; then
+  gen3 kube-setup-gen3-user-data-library &
+else
+  gen3_log_info "not deploying gen3-user-data-library - no manifest entry for '.versions[\"gen3-user-data-library\"]'"
+fi
+
 if g3k_manifest_lookup '.versions["ohdsi-atlas"]' && g3k_manifest_lookup '.versions["ohdsi-webapi"]' 2> /dev/null; then
   gen3 kube-setup-ohdsi &
 else

diff --git a/gen3/bin/kube-setup-gen3-user-data-library.sh b/gen3/bin/kube-setup-gen3-user-data-library.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+#
+# Deploy the gen3-user-data-library service
+#
+
+source "${GEN3_HOME}/gen3/lib/utils.sh"
+gen3_load "gen3/gen3setup"
+
+setup_database() {
+  gen3_log_info "setting up gen3-user-data-library service ..."
+
+  if g3kubectl describe secret gen3userdatalibrary-g3auto > /dev/null 2>&1; then
+    gen3_log_info "gen3userdatalibrary-g3auto secret already configured"
+    return 0
+  fi
+  if [[ -n "$JENKINS_HOME" || ! -f "$(gen3_secrets_folder)/creds.json" ]]; then
+    gen3_log_err "skipping db setup in non-adminvm environment"
+    return 0
+  fi
+  # Setup .env file that gen3-user-data-library service consumes
+  if [[ ! -f "$secretsFolder/gen3-user-data-library.env" || ! -f "$secretsFolder/base64Authz.txt" ]]; then
+    local secretsFolder="$(gen3_secrets_folder)/g3auto/gen3userdatalibrary"
+
+    if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then
+      if ! gen3 db setup gen3userdatalibrary; then
+        gen3_log_err "Failed setting up database for gen3-user-data-library service"
+        return 1
+      fi
+    fi
+    if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then
+      gen3_log_err "dbcreds not present in Gen3Secrets/"
+      return 1
+    fi
+
+    # go ahead and rotate the password whenever we regen this file
+    local password="$(gen3 random)"
+    local db_host=$(jq -r .db_host < "$secretsFolder/dbcreds.json")
+    local db_user=$(jq -r .db_username < "$secretsFolder/dbcreds.json")
+    local db_password=$(jq -r .db_password < "$secretsFolder/dbcreds.json")
+    local db_database=$(jq -r .db_database < "$secretsFolder/dbcreds.json")
+    cat - > "$secretsFolder/gen3-user-data-library.env" <<EOM
+DB_CONNECTION_STRING=postgresql+asyncpg://$db_user:$db_password@$db_host/$db_database
+URL_PREFIX=/library
+EOM
+    # make it easy for nginx to get the Authorization header ...
+    echo -n "gateway:$password" | base64 > "$secretsFolder/base64Authz.txt"
+  fi
+  gen3 secrets sync 'setup gen3userdatalibrary-g3auto secrets'
+}
+
+
+if ! setup_database; then
+ gen3_log_err "kube-setup-gen3-user-data-library bailing out - database failed setup"
+ exit 1
+fi
+
+if ! g3k_manifest_lookup '.versions."gen3-user-data-library"' 2> /dev/null; then
+  gen3_log_info "kube-setup-gen3-user-data-library exiting - gen3-user-data-library service not in manifest"
+  exit 0
+fi
+
+gen3 roll gen3-user-data-library
+g3kubectl apply -f "${GEN3_HOME}/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml"
+
+if [[ -z "$GEN3_ROLL_ALL" ]]; then
+  gen3 kube-setup-networkpolicy
+  gen3 kube-setup-revproxy
+fi
+
+gen3_log_info "The gen3-user-data-library service has been deployed onto the kubernetes cluster"
diff --git a/kube/services/gen3-user-data-library/gen3-user-data-library-deploy.yaml b/kube/services/gen3-user-data-library/gen3-user-data-library-deploy.yaml
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gen3-user-data-library-deployment
+spec:
+  selector:
+    # Only select pods based on the 'app' label
+    matchLabels:
+      app: gen3-user-data-library
+      release: production
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: gen3-user-data-library
+        release: production
+        public: "yes"
+        netnolimit: "yes"
+        GEN3_DATE_LABEL
+    spec:
+      volumes:
+        - name: gen3-user-data-library-g3auto-volume
+          secret:
+            secretName: gen3userdatalibrary-g3auto
+      containers:
+      - name: gen3-user-data-library
+        GEN3_GEN3-USER-DATA-LIBRARY_IMAGE
+        ports:
+        - containerPort: 8080
+        env:
+          - name: GEN3_DEBUG
+            GEN3_DEBUG_FLAG|-value: "False"-|
+          - name: ANONYMIZED_TELEMETRY
+            value: "False"
+        volumeMounts:
+          - name: gen3-user-data-library-g3auto-volume
+            readOnly: true
+            mountPath: /gen3userdatalibrary/.env
+            subPath: gen3-user-data-library.env
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 1
+            memory: 1024Mi
+          limits:
+            cpu: 2
+            memory: 2048Mi
+      initContainers:
+        - name: gen3-user-data-library-db-migrate
+          GEN3_GEN3-USER-DATA-LIBRARY_IMAGE
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: gen3-user-data-library-g3auto-volume
+              readOnly: true
+              mountPath: /gen3userdatalibrary/.env
+              subPath: gen3-user-data-library.env
+          resources:
+            limits:
+              cpu: 0.8
+              memory: 512Mi
+          command: [ "/bin/sh" ]
+          args:
+            - "-c"
+            - |
+              # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility 
+              poetry run alembic upgrade head || /env/bin/alembic upgrade head
diff --git a/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml b/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml
@@ -0,0 +1,21 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: gen3-user-data-library-service
+spec:
+  selector:
+    app: gen3-user-data-library
+    release: production
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8000
+      name: http
+      nodePort: null
+    - protocol: TCP
+      port: 443
+      targetPort: 443
+      name: https
+      nodePort: null
+  type: ClusterIP
+
diff --git a/kube/services/revproxy/gen3.nginx.conf/gen3-user-data-library-service.conf b/kube/services/revproxy/gen3.nginx.conf/gen3-user-data-library-service.conf
@@ -0,0 +1,12 @@
+          location /library {
+              if ($csrf_check !~ ^ok-\S.+$) {
+                return 403 "failed csrf check";
+              }
+
+              set $proxy_service  "gen3-user-data-library-service";
+              set $upstream http://gen3-user-data-library-service$des_domain;
+              rewrite ^/library/(.*) /$1 break;
+              proxy_pass $upstream;
+              proxy_redirect http://$host/ https://$host/library/;
+              client_max_body_size 0;
+          }