ci: k8s deployment files

.editorconfig

@@ -50,3 +50,9 @@ indent_size = 2
 
 [ietf/**.html]
 insert_final_newline = false
+
+# Settings for Kubernetes yaml
+# ---------------------------------------------------------
+# Use 2-space indents
+[k8s/**.yaml]
+indent_size = 2

.github/workflows/build.yml

@@ -220,7 +220,7 @@ jobs:
         .devcontainer
         .github
         .vscode
-        helm
+        k8s
         playwright
         svn-history
         docker-compose.yml

dev/build/Dockerfile

@@ -1,17 +1,39 @@
-FROM ghcr.io/ietf-tools/datatracker-app-base:latest
-LABEL maintainer="IETF Tools Team <[email protected]>"
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-COPY . .
-COPY ./dev/build/start.sh ./start.sh
-RUN pip3 --disable-pip-version-check --no-cache-dir install -r requirements.txt
-RUN chmod +x start.sh && \
-    chmod +x docker/scripts/app-create-dirs.sh && \
-    sh ./docker/scripts/app-create-dirs.sh
-
-VOLUME [ "/assets" ]
-
-EXPOSE 8000
-
-CMD ["./start.sh"]
+FROM ghcr.io/ietf-tools/datatracker-app-base:latest
+LABEL maintainer="IETF Tools Team <[email protected]>"
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# uid 498 = wwwrun and gid 496 = www on ietfa
+RUN groupadd -g 1000 datatracker && \
+    useradd -c "Datatracker User" -u 1000 -g datatracker -m -s /bin/false datatracker
+
+RUN apt-get purge -y imagemagick imagemagick-6-common
+
+# Install libreoffice (needed via PPT2PDF_COMMAND)
+RUN echo "deb http://deb.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/bullseye-backports.list && \
+    apt-get update && \
+    apt-get -qyt bullseye-backports install libreoffice-nogui
+
+COPY . .
+COPY ./dev/build/start.sh ./start.sh
+COPY ./dev/build/datatracker-start.sh ./datatracker-start.sh
+COPY ./dev/build/celery-start.sh ./celery-start.sh
+
+RUN pip3 --disable-pip-version-check --no-cache-dir install -r requirements.txt && \
+    echo '# empty' > ietf/settings_local.py && \
+    ietf/manage.py patch_libraries && \
+    rm -f ietf/settings_local.py
+
+RUN chmod +x start.sh && \
+    chmod +x datatracker-start.sh && \
+    chmod +x celery-start.sh && \
+    chmod +x docker/scripts/app-create-dirs.sh && \
+    sh ./docker/scripts/app-create-dirs.sh
+
+RUN mkdir -p /a
+
+VOLUME [ "/a" ]
+
+EXPOSE 8000
+
+CMD ["./start.sh"]

dev/build/celery-start.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# Run a celery worker
+#
+echo "Running Datatracker checks..."
+./ietf/manage.py check
+
+cleanup () {
+  # Cleanly terminate the celery app by sending it a TERM, then waiting for it to exit.
+  if [[ -n "${celery_pid}" ]]; then
+    echo "Gracefully terminating celery worker. This may take a few minutes if tasks are in progress..."
+    kill -TERM "${celery_pid}"
+    wait "${celery_pid}"
+  fi
+}
+
+trap 'trap "" TERM; cleanup' TERM
+
+# start celery in the background so we can trap the TERM signal
+celery "$@" &
+celery_pid=$!
+wait "${celery_pid}"

dev/build/datatracker-start.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+echo "Running Datatracker checks..."
+./ietf/manage.py check
+
+echo "Running Datatracker migrations..."
+./ietf/manage.py migrate --settings=settings_local
+
+echo "Starting Datatracker..."
+
+gunicorn \
+          --workers "${DATATRACKER_GUNICORN_WORKERS:-9}" \
+          --max-requests "${DATATRACKER_GUNICORN_MAX_REQUESTS:-32768}" \
+          --timeout "${DATATRACKER_GUNICORN_TIMEOUT:-180}" \
+          --bind :8000 \
+          --log-level "${DATATRACKER_GUNICORN_LOG_LEVEL:-info}" \
+          ietf.wsgi:application

dev/build/start.sh

@@ -1,10 +1,20 @@
 #!/bin/bash
-
-echo "Running Datatracker checks..."
-./ietf/manage.py check
-
-echo "Running Datatracker migrations..."
-./ietf/manage.py migrate --settings=settings_local
-
-echo "Starting Datatracker..."
-./ietf/manage.py runserver 0.0.0.0:8000 --settings=settings_local
+#
+# Environment config:
+#
+#  CONTAINER_ROLE - datatracker, celery, or beat (defaults to datatracker)
+#
+case "${CONTAINER_ROLE:-datatracker}" in
+    datatracker)
+        exec ./datatracker-start.sh
+        ;;
+    celery)
+        exec ./celery-start.sh --app=ietf worker
+        ;;
+    beat)
+        exec ./celery-start.sh --app=ietf beat
+        ;;
+    *)
+        echo "Unknown role '${CONTAINER_ROLE}'"
+        exit 255       
+esac