From 301e40b5aa010f51a0dc578705fd3501a7549d0a Mon Sep 17 00:00:00 2001
From: arewm <arewm@users.noreply.github.com>
Date: Thu, 15 Sep 2022 16:25:01 +0200
Subject: [PATCH] Provide correct path to compose files

In #421, I modified the
context and paths to both go up a directory. That was an error. I should
have just modified one.

This provides the context to be the root directory so all paths are
relative to that.

Signed-off-by: arewm <arewm@users.noreply.github.com>
---
 .gitignore                                    |   1 +
 Makefile                                      |   7 +-
 README.md                                     |   4 +
 .../docker-compose.yml                        |   6 +-
 compose-files/podman-compose.yml              | 155 ++++++++++++++++++
 5 files changed, 167 insertions(+), 6 deletions(-)
 rename docker-compose.yml => compose-files/docker-compose.yml (98%)
 create mode 100644 compose-files/podman-compose.yml

diff --git a/.gitignore b/.gitignore
index 61a8c3d80..a8af42f5e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -131,3 +131,4 @@ dmypy.json
 # docker-compose volumes and files
 /iib_data/
 /ca-bundle.crt
+compose-files/docker/
diff --git a/Makefile b/Makefile
index d0f06d598..822a0b904 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,7 @@
 # Set the default composer while allowing user to overwrite via the
 # environment variable IIB_COMPOSE_ENGINE.
 IIB_COMPOSE_ENGINE ?= docker-compose
+IIB_COMPOSE_RUNNER = ${IIB_COMPOSE_ENGINE} -f ${PWD}/compose-files/${IIB_COMPOSE_ENGINE}.yml
 
 # Declare non-file targets to avoid potential conflict with files
 # of the same name.
@@ -35,16 +36,16 @@ all:
 
 up: ca-bundle.crt iib-data
 	@echo "Starting the local development instance..."
-	${IIB_COMPOSE_ENGINE} up -d
+	${IIB_COMPOSE_RUNNER} up -d
 
 down:
 	@echo "Destroying the local development instance..."
-	${IIB_COMPOSE_ENGINE} down $(COMPOSER_DOWN_OPTS)
+	${IIB_COMPOSE_RUNNER} down $(COMPOSER_DOWN_OPTS)
 	@rm -rf iib_data
 
 build:
 	@echo "Building the container images for the local development instance..."
-	${IIB_COMPOSE_ENGINE} build
+	${IIB_COMPOSE_RUNNER} build
 
 test:
 	@tox
diff --git a/README.md b/README.md
index f616f2c9d..81aa75701 100644
--- a/README.md
+++ b/README.md
@@ -108,6 +108,10 @@ You may also run the development environment with
 branch as it has various fixes and new features required to run IIB. Set the environment variable
 `IIB_COMPOSE_ENGINE` to the path of the `podman-compose` script before running the `make` commands.
 
+Setting the `IIB_COMPOSE_ENGINE` variable will update compose targets to point to a similarly named
+file inside the `compose-files` directory. Any changes made to the compose files should be submitted to
+all files in the directory.
+
 ## Dependency Management
 
 To manage dependencies, this project uses [pip-tools](https://github.com/jazzband/pip-tools) so that
diff --git a/docker-compose.yml b/compose-files/docker-compose.yml
similarity index 98%
rename from docker-compose.yml
rename to compose-files/docker-compose.yml
index 39709d62d..0f8dda68e 100644
--- a/docker-compose.yml
+++ b/compose-files/docker-compose.yml
@@ -63,7 +63,7 @@ services:
 
   iib-api:
     build:
-      context: .
+      context: ..
       dockerfile: ./docker/Dockerfile-api
     command:
       - /bin/sh
@@ -96,7 +96,7 @@ services:
 
   iib-worker:
     build:
-      context: .
+      context: ..
       dockerfile: ./docker/Dockerfile-workers
     # Override the default command so that Celery auto-reloads on code changes.
     # This also adds the self-signed CA that was used to sign the Docker registry's certificate
@@ -135,7 +135,7 @@ services:
   # This is an external message broker used to publish messages about state changes
   message-broker:
     build:
-      context: .
+      context: ..
       dockerfile: ./docker/message_broker/Dockerfile
     volumes:
       - message-broker-volume:/opt/activemq/data:z
diff --git a/compose-files/podman-compose.yml b/compose-files/podman-compose.yml
new file mode 100644
index 000000000..d09393439
--- /dev/null
+++ b/compose-files/podman-compose.yml
@@ -0,0 +1,155 @@
+---
+version: '3'
+services:
+  # This "service" generates the certificate for the registry. Then,
+  # it exits with status code 0.
+  minica:
+    image: registry.access.redhat.com/ubi8/go-toolset:latest
+    command:
+      - /bin/sh
+      - -c
+      - >-
+        go get github.com/jsha/minica &&
+        cd /opt/app-root/certs &&
+        /opt/app-root/src/bin/minica --domains registry
+    environment:
+      GOPATH: /opt/app-root/src
+    volumes:
+      - registry-certs-volume:/opt/app-root/certs:z
+
+  registry:
+    image: registry:2
+    ports:
+      - 8443:8443
+    environment:
+      REGISTRY_HTTP_ADDR: 0.0.0.0:8443
+      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry/cert.pem
+      REGISTRY_HTTP_TLS_KEY: /certs/registry/key.pem
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+    volumes:
+      - ./iib_data/registry:/var/lib/registry
+      - registry-certs-volume:/certs:z
+      - ./docker/registry/auth:/auth
+    # depends_on: # yamllint disable-line comments-indentation
+    #   - minica  # yamllint disable-line comments-indentation
+
+  db:
+    image: postgres:9.6
+    environment:
+      POSTGRES_USER: iib
+      POSTGRES_PASSWORD: iib
+      POSTGRES_DB: iib
+      POSTGRES_INITDB_ARGS: "--auth='ident' --auth='trust'"
+
+  memcached:
+    image: memcached
+    ports:
+      - 11211:11211
+
+  rabbitmq:
+    image: rabbitmq:3.7-management
+    environment:
+      RABBITMQ_DEFAULT_USER: iib
+      RABBITMQ_DEFAULT_PASS: iib
+      # Avoid port conflict with ActiveMQ broker when using podman-compose.
+      # Even though the port is not exposed, podman-compose's use of a pod
+      # requires the ports to be unique across all containers within the pod.
+      RABBITMQ_NODE_PORT: 5673
+    ports:
+      # The RabbitMQ management console
+      - 8081:15672
+
+  iib-api:
+    build:
+      context: ..
+      dockerfile: ./docker/Dockerfile-api
+    command:
+      - /bin/sh
+      - -c
+      - >-
+        mkdir -p /etc/iib &&
+        cp /broker-certs/client.crt /etc/iib/messaging.crt &&
+        cp /broker-certs/client.key /etc/iib/messaging.key &&
+        cp /broker-certs/ca.crt /etc/iib/messaging-ca.crt &&
+        pip3 uninstall -y iib &&
+        python3 setup.py develop --no-deps &&
+        iib wait-for-db &&
+        iib db upgrade &&
+        flask run --reload --host 0.0.0.0 --port 8080
+    environment:
+      FLASK_ENV: development
+      FLASK_APP: iib/web/wsgi.py
+      IIB_DEV: 'true'
+    volumes:
+      - ./:/src
+      - ./docker/message_broker/certs:/broker-certs
+      - request-logs-volume:/var/log/iib/requests:z
+      - request-related-bundles-volume:/var/lib/requests/related_bundles:z
+      - request-recursive-related-bundles-volume:/var/lib/requests/recursive_related_bundles:z
+    ports:
+      - 8080:8080
+    depends_on:
+      - db
+      - message-broker
+
+  iib-worker:
+    build:
+      context: ..
+      dockerfile: ./docker/Dockerfile-workers
+    # Override the default command so that Celery auto-reloads on code changes.
+    # This also adds the self-signed CA that was used to sign the Docker registry's certificate
+    # to the trusted CA bundle. This will make podman trust the local Docker registry's certificate.
+    # cp host-ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt &&
+    command:
+      - /bin/bash
+      - -c
+      - >-
+        cat /registry-certs/minica.pem >> /etc/pki/tls/certs/ca-bundle.crt &&
+        podman login --authfile ~/.docker/config.json.template -u iib \
+          -p iibpassword registry:8443 &&
+        pip3 install watchdog[watchmedo] &&
+        watchmedo auto-restart -d ./iib/workers -p '*.py' --recursive \
+          -- celery -A iib.workers.tasks worker --loglevel=info
+    environment:
+      IIB_DEV: 'true'
+      REGISTRY_AUTH_FILE: '/root/.docker/config.json'
+      REQUESTS_CA_BUNDLE: /etc/pki/tls/certs/ca-bundle.crt
+    # Make this privileged to be able to build container images
+    privileged: true
+    volumes:
+      - ./:/src
+      - worker_container_storage:/var/lib/containers:z
+      # - ./docker/registry/certs:/registry-certs
+      - registry-certs-volume:/registry-certs
+      - ./ca-bundle.crt:/host-ca-bundle.crt
+      - request-logs-volume:/var/log/iib/requests:z
+      - request-related-bundles-volume:/var/lib/requests/related_bundles:z
+      - request-recursive-related-bundles-volume:/var/lib/requests/recursive_related_bundles:z
+    depends_on:
+      - rabbitmq
+      - registry
+      - minica
+      - memcached
+
+  # This is an external message broker used to publish messages about state changes
+  message-broker:
+    build:
+      context: ..
+      dockerfile: ./docker/message_broker/Dockerfile
+    volumes:
+      - message-broker-volume:/opt/activemq/data:z
+      - ./docker/message_broker/certs:/broker-certs
+    ports:
+      - 5671:5671   # amqp+ssl
+      - 5672:5672   # amqp
+      - 8161:8161   # web console
+
+volumes:
+  registry-certs-volume:
+  message-broker-volume:
+  request-logs-volume:
+  request-related-bundles-volume:
+  request-recursive-related-bundles-volume:
+  worker_container_storage: