add fluxuser builds

Signed-off-by: vsoch <[email protected]>

.github/workflows/build-merlin.yaml

@@ -20,6 +20,7 @@ jobs:
         container: [["merlin-demos/Dockerfile", 'ghcr.io/rse-ops/merlin-demos:merlin'],
                     ["merlin-demos/Dockerfile.flux", 'ghcr.io/rse-ops/merlin-demos-flux:merlin'],
                     ["merlin-demos/Dockerfile.rabbitmq", 'ghcr.io/rse-ops/merlin-demos:rabbitmq'],
+                    ["merlin-demos/Dockerfile.rabbitmq-fluxuser", 'ghcr.io/rse-ops/merlin-demos-flux:rabbitmq'],
                     ["merlin-demos/Dockerfile.redis", 'ghcr.io/rse-ops/merlin-demos:redis'],
                     ["merlin-demos-certs/Dockerfile", 'ghcr.io/rse-ops/merlin-demos-certs:merlin'],
                     ["merlin-demos-certs/Dockerfile.flux", 'ghcr.io/rse-ops/merlin-demos-certs-flux:merlin'],

merlin-demos-certs/Dockerfile.flux

@@ -68,7 +68,7 @@ RUN git clone --depth 1 https://github.com/LLNL/merlin-spellbook /tmp/spellbook
     pip install .
 
 # Updated app yaml
-COPY ./merlinu/app.yaml /home/fluxuser/.merlin/app.yaml
+COPY ./merlinu/app-fluxuser.yaml /home/fluxuser/.merlin/app.yaml
 COPY ./merlinu/rabbit.pass /home/fluxuser/.merlin/rabbit.pass
 COPY ./merlinu/cert_rabbitmq /cert_rabbitmq
 COPY ./merlinu/cert_redis /cert_redis

merlin-demos-certs/Dockerfile.rabbitmq-fluxuser

@@ -0,0 +1,5 @@
+FROM rabbitmq:3-management
+COPY ./scripts/rabbitmq-entrypoint.sh /entrypoint.sh
+COPY ./merlinu/rabbitmq-fluxuser.conf /etc/rabbitmq/rabbitmq.conf
+COPY ./merlinu/cert_rabbitmq /cert_rabbitmq
+ENTRYPOINT /entrypoint.sh

merlin-demos-certs/README.md

@@ -10,9 +10,13 @@ and using a container with redis, and a container we build with Flux and the dem
 
 See [merlin-demos](../merlin-demos) for how the certificates were generated.
 
-
 ## 2. Docker Build
 
+**IMPORTANT** these containers (and the configs for rabbitmq and app.yaml) have been modified to work with the root user. 
+If you want to fall back a container with fluxuser you'll need to change them back. The change was made on October 23, 2023
+if you want to go back in git history. I figure nobody cares so I'm moving forward with the updated Flux Operator design
+(that just uses root).
+
 We will need to build two containers - one for merlin, and one for rabbitmq.
 I pushed them to a temporary location:
 

merlin-demos-certs/merlinu/app-fluxuser.yaml

@@ -0,0 +1,36 @@
+broker:
+  name: rabbitmq
+  server: rabbitmq
+  password: /home/fluxuser/.merlin/rabbit.pass
+  keyfile: /cert_rabbitmq/client_rabbitmq_key.pem
+  certfile: /cert_rabbitmq/client_rabbitmq_certificate.pem
+  ca_certs: /cert_rabbitmq/ca_certificate.pem
+  vhost: /merlinu
+
+# celery:
+#  override:
+#    visibility_timeout: 86400
+
+process:
+  kill: kill {pid}
+  status: pgrep -P {pid}
+
+results_backend:
+
+  # IMPORTANT: "rediss" means "redis with ssl" it's not a typo
+  # written by a snake
+  name: rediss
+  url: rediss://redis:6379/0
+  port: 6379
+  # merlin will generate this key if it does not exist yet,
+  # and will use it to encrypt all data over the wire to
+  # your redis server.
+  encryption_key: /home/fluxuser/.merlin/encrypt_data_key
+
+  # I don't think this is used when URL defined.
+  server: redis
+
+  # ssl security
+  keyfile: /cert_redis/client_redis_key.pem
+  certfile: /cert_redis/client_redis_certificate.pem
+  ca_certs: /cert_redis/ca_certificate.pem

merlin-demos-certs/merlinu/app.yaml

@@ -1,7 +1,7 @@
 broker:
   name: rabbitmq
   server: rabbitmq
-  password: /home/fluxuser/.merlin/rabbit.pass
+  password: /root/.merlin/rabbit.pass
   keyfile: /cert_rabbitmq/client_rabbitmq_key.pem
   certfile: /cert_rabbitmq/client_rabbitmq_certificate.pem
   ca_certs: /cert_rabbitmq/ca_certificate.pem
@@ -25,7 +25,7 @@ results_backend:
   # merlin will generate this key if it does not exist yet,
   # and will use it to encrypt all data over the wire to
   # your redis server.
-  encryption_key: /home/fluxuser/.merlin/encrypt_data_key
+  encryption_key: /root/.merlin/encrypt_data_key
 
   # I don't think this is used when URL defined.
   server: redis

merlin-demos-certs/merlinu/rabbitmq-fluxuser.conf

@@ -0,0 +1,11 @@
+default_vhost = /merlinu
+default_user = fluxuser
+default_pass = guest
+
+listeners.ssl.default = 5671
+
+ssl_options.cacertfile = /cert_rabbitmq/ca_certificate.pem
+ssl_options.certfile   = /cert_rabbitmq/server_rabbitmq_certificate.pem
+ssl_options.keyfile    = /cert_rabbitmq/server_rabbitmq_key.pem
+ssl_options.verify     = verify_none
+ssl_options.fail_if_no_peer_cert = false

merlin-demos-certs/merlinu/rabbitmq.conf

@@ -1,5 +1,5 @@
 default_vhost = /merlinu
-default_user = fluxuser
+default_user = root
 default_pass = guest
 
 listeners.ssl.default = 5671