From f69a8faddbecdca2dd7e492c358e823069688e66 Mon Sep 17 00:00:00 2001
From: vsoch <vsoch@users.noreply.github.com>
Date: Mon, 23 Oct 2023 23:37:13 -0600
Subject: [PATCH] add fluxuser builds

Signed-off-by: vsoch <vsoch@users.noreply.github.com>
---
 .github/workflows/build-merlin.yaml           |  1 +
 merlin-demos-certs/Dockerfile.flux            |  2 +-
 .../Dockerfile.rabbitmq-fluxuser              |  5 +++
 merlin-demos-certs/README.md                  |  6 +++-
 merlin-demos-certs/merlinu/app-fluxuser.yaml  | 36 +++++++++++++++++++
 merlin-demos-certs/merlinu/app.yaml           |  4 +--
 .../merlinu/rabbitmq-fluxuser.conf            | 11 ++++++
 merlin-demos-certs/merlinu/rabbitmq.conf      |  2 +-
 8 files changed, 62 insertions(+), 5 deletions(-)
 create mode 100644 merlin-demos-certs/Dockerfile.rabbitmq-fluxuser
 create mode 100644 merlin-demos-certs/merlinu/app-fluxuser.yaml
 create mode 100644 merlin-demos-certs/merlinu/rabbitmq-fluxuser.conf

diff --git a/.github/workflows/build-merlin.yaml b/.github/workflows/build-merlin.yaml
index 3259637..7068372 100644
--- a/.github/workflows/build-merlin.yaml
+++ b/.github/workflows/build-merlin.yaml
@@ -20,6 +20,7 @@ jobs:
         container: [["merlin-demos/Dockerfile", 'ghcr.io/rse-ops/merlin-demos:merlin'],
                     ["merlin-demos/Dockerfile.flux", 'ghcr.io/rse-ops/merlin-demos-flux:merlin'],
                     ["merlin-demos/Dockerfile.rabbitmq", 'ghcr.io/rse-ops/merlin-demos:rabbitmq'],
+                    ["merlin-demos/Dockerfile.rabbitmq-fluxuser", 'ghcr.io/rse-ops/merlin-demos-flux:rabbitmq'],
                     ["merlin-demos/Dockerfile.redis", 'ghcr.io/rse-ops/merlin-demos:redis'],
                     ["merlin-demos-certs/Dockerfile", 'ghcr.io/rse-ops/merlin-demos-certs:merlin'],
                     ["merlin-demos-certs/Dockerfile.flux", 'ghcr.io/rse-ops/merlin-demos-certs-flux:merlin'],
diff --git a/merlin-demos-certs/Dockerfile.flux b/merlin-demos-certs/Dockerfile.flux
index 1ffac35..45616b9 100644
--- a/merlin-demos-certs/Dockerfile.flux
+++ b/merlin-demos-certs/Dockerfile.flux
@@ -68,7 +68,7 @@ RUN git clone --depth 1 https://github.com/LLNL/merlin-spellbook /tmp/spellbook
     pip install .
 
 # Updated app yaml
-COPY ./merlinu/app.yaml /home/fluxuser/.merlin/app.yaml
+COPY ./merlinu/app-fluxuser.yaml /home/fluxuser/.merlin/app.yaml
 COPY ./merlinu/rabbit.pass /home/fluxuser/.merlin/rabbit.pass
 COPY ./merlinu/cert_rabbitmq /cert_rabbitmq
 COPY ./merlinu/cert_redis /cert_redis
diff --git a/merlin-demos-certs/Dockerfile.rabbitmq-fluxuser b/merlin-demos-certs/Dockerfile.rabbitmq-fluxuser
new file mode 100644
index 0000000..13bd2fc
--- /dev/null
+++ b/merlin-demos-certs/Dockerfile.rabbitmq-fluxuser
@@ -0,0 +1,5 @@
+FROM rabbitmq:3-management
+COPY ./scripts/rabbitmq-entrypoint.sh /entrypoint.sh
+COPY ./merlinu/rabbitmq-fluxuser.conf /etc/rabbitmq/rabbitmq.conf
+COPY ./merlinu/cert_rabbitmq /cert_rabbitmq
+ENTRYPOINT /entrypoint.sh
diff --git a/merlin-demos-certs/README.md b/merlin-demos-certs/README.md
index 0fa649b..378f70a 100644
--- a/merlin-demos-certs/README.md
+++ b/merlin-demos-certs/README.md
@@ -10,9 +10,13 @@ and using a container with redis, and a container we build with Flux and the dem
 
 See [merlin-demos](../merlin-demos) for how the certificates were generated.
 
-
 ## 2. Docker Build
 
+**IMPORTANT** these containers (and the configs for rabbitmq and app.yaml) have been modified to work with the root user. 
+If you want to fall back a container with fluxuser you'll need to change them back. The change was made on October 23, 2023
+if you want to go back in git history. I figure nobody cares so I'm moving forward with the updated Flux Operator design
+(that just uses root).
+
 We will need to build two containers - one for merlin, and one for rabbitmq.
 I pushed them to a temporary location:
 
diff --git a/merlin-demos-certs/merlinu/app-fluxuser.yaml b/merlin-demos-certs/merlinu/app-fluxuser.yaml
new file mode 100644
index 0000000..e073523
--- /dev/null
+++ b/merlin-demos-certs/merlinu/app-fluxuser.yaml
@@ -0,0 +1,36 @@
+broker:
+  name: rabbitmq
+  server: rabbitmq
+  password: /home/fluxuser/.merlin/rabbit.pass
+  keyfile: /cert_rabbitmq/client_rabbitmq_key.pem
+  certfile: /cert_rabbitmq/client_rabbitmq_certificate.pem
+  ca_certs: /cert_rabbitmq/ca_certificate.pem
+  vhost: /merlinu
+  
+# celery:
+#  override:
+#    visibility_timeout: 86400
+
+process:
+  kill: kill {pid}
+  status: pgrep -P {pid}
+
+results_backend:
+
+  # IMPORTANT: "rediss" means "redis with ssl" it's not a typo
+  # written by a snake
+  name: rediss
+  url: rediss://redis:6379/0
+  port: 6379
+  # merlin will generate this key if it does not exist yet,
+  # and will use it to encrypt all data over the wire to
+  # your redis server.
+  encryption_key: /home/fluxuser/.merlin/encrypt_data_key
+
+  # I don't think this is used when URL defined.
+  server: redis
+  
+  # ssl security
+  keyfile: /cert_redis/client_redis_key.pem
+  certfile: /cert_redis/client_redis_certificate.pem
+  ca_certs: /cert_redis/ca_certificate.pem
diff --git a/merlin-demos-certs/merlinu/app.yaml b/merlin-demos-certs/merlinu/app.yaml
index e073523..b7f4d96 100644
--- a/merlin-demos-certs/merlinu/app.yaml
+++ b/merlin-demos-certs/merlinu/app.yaml
@@ -1,7 +1,7 @@
 broker:
   name: rabbitmq
   server: rabbitmq
-  password: /home/fluxuser/.merlin/rabbit.pass
+  password: /root/.merlin/rabbit.pass
   keyfile: /cert_rabbitmq/client_rabbitmq_key.pem
   certfile: /cert_rabbitmq/client_rabbitmq_certificate.pem
   ca_certs: /cert_rabbitmq/ca_certificate.pem
@@ -25,7 +25,7 @@ results_backend:
   # merlin will generate this key if it does not exist yet,
   # and will use it to encrypt all data over the wire to
   # your redis server.
-  encryption_key: /home/fluxuser/.merlin/encrypt_data_key
+  encryption_key: /root/.merlin/encrypt_data_key
 
   # I don't think this is used when URL defined.
   server: redis
diff --git a/merlin-demos-certs/merlinu/rabbitmq-fluxuser.conf b/merlin-demos-certs/merlinu/rabbitmq-fluxuser.conf
new file mode 100644
index 0000000..3f48e96
--- /dev/null
+++ b/merlin-demos-certs/merlinu/rabbitmq-fluxuser.conf
@@ -0,0 +1,11 @@
+default_vhost = /merlinu
+default_user = fluxuser
+default_pass = guest
+
+listeners.ssl.default = 5671
+
+ssl_options.cacertfile = /cert_rabbitmq/ca_certificate.pem
+ssl_options.certfile   = /cert_rabbitmq/server_rabbitmq_certificate.pem
+ssl_options.keyfile    = /cert_rabbitmq/server_rabbitmq_key.pem
+ssl_options.verify     = verify_none
+ssl_options.fail_if_no_peer_cert = false
diff --git a/merlin-demos-certs/merlinu/rabbitmq.conf b/merlin-demos-certs/merlinu/rabbitmq.conf
index 3f48e96..8cf2b91 100644
--- a/merlin-demos-certs/merlinu/rabbitmq.conf
+++ b/merlin-demos-certs/merlinu/rabbitmq.conf
@@ -1,5 +1,5 @@
 default_vhost = /merlinu
-default_user = fluxuser
+default_user = root
 default_pass = guest
 
 listeners.ssl.default = 5671