-
Notifications
You must be signed in to change notification settings - Fork 0
Scaffolding: Federation gateway setup #299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
78b03aa
7b6f1e0
9e3fc32
3b3ea8f
4bbcbed
2c09fae
3393c0f
751d03a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,6 +8,19 @@ HOSTNAME=localhost:8000 | |
| API_VERSION=v1 | ||
| API_KEY= | ||
|
|
||
| # FEDERATION | ||
| # ------------------------------------------------------------------------------ | ||
| # Peer sync uses the federation-sync Docker service (same sds-network as gateway; | ||
| # service definition lives under /federation). Bootstrap: enable federation, run | ||
| # create_federation_sync_api_key, pass the key to federation-sync. Set FEDERATION_SITE_NAME | ||
| # (e.g. crc) when enabling federation; use SDS_SITE_FQDN for the public host (RFC [site].fqdn). | ||
| # FEDERATION_ENABLED=true # Master switch for export APIs and Redis federation events. | ||
| # FEDERATION_SITE_NAME=crc # RFC [site].name (short peer id); set SDS_SITE_FQDN separately for [site].fqdn. | ||
| # FEDERATION_EVENTS_CHANNEL=federation:events # Redis pub/sub channel federation-sync subscribes to. | ||
| # FEDERATION_SYNC_HEALTH_URL=http://federation-sync:8000/sync/health # Health probe target (federation-sync service). | ||
| # FEDERATION_SYNC_USER_EMAIL=federation-sync@internal.local # Service user email for create_federation_sync_api_key. | ||
| # FEDERATION_EXPORT_ALLOWED_CIDRS= # Comma-separated CIDRs allowed to call export (default: private Docker ranges). | ||
|
|
||
|
Comment on lines
+11
to
+23
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. comments need to be in a new line for .env files; otherwise the cat .env | grep SSH_KEY
SSH_KEY= # this is not interpreted as a comment
docker exec -it ubuntu bash -c 'env | grep SSH_KEY'
SSH_KEY=# this is not interpreted as a comment |
||
| # AUTH0 | ||
| # ------------------------------------------------------------------------------ | ||
| # Set these from your Auth0 application settings | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| """Base settings to build other settings files upon.""" | ||
| # ruff: noqa: ERA001 | ||
|
|
||
| import ipaddress | ||
| import random | ||
| import string | ||
| from pathlib import Path | ||
|
|
@@ -13,6 +14,9 @@ | |
| from config.settings.logs import ColoredFormatter | ||
| from config.settings.utils import guess_admin_console_env | ||
| from config.settings.utils import guess_max_web_download_size | ||
| from sds_gateway.api_methods.federation.redis_channel import ( | ||
| resolve_federation_events_channel, | ||
| ) | ||
|
|
||
| __rng = random.SystemRandom() | ||
|
|
||
|
|
@@ -23,6 +27,8 @@ def __get_random_token(length: int) -> str: | |
| __rng.choice(string.ascii_letters + string.digits) for _ in range(length) | ||
| ) | ||
|
|
||
| def _parse_cidrs(raw: list[str]) -> list[ipaddress.IPv4Network | ipaddress.IPv6Network]: | ||
| return [ipaddress.ip_network(item.strip(), strict=False) for item in raw] | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Empty CIDR crashes startupHigh Severity
Additional Locations (1)Reviewed by Cursor Bugbot for commit 751d03a. Configure here. |
||
|
|
||
| env.read_env() | ||
|
|
||
|
|
@@ -610,7 +616,10 @@ def _strip_endpoint_scheme(endpoint_url: str) -> str: | |
| "rest_framework.authentication.SessionAuthentication", | ||
| "sds_gateway.api_methods.authentication.APIKeyAuthentication", | ||
| ), | ||
| "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",), | ||
| "DEFAULT_PERMISSION_CLASSES": ( | ||
| "rest_framework.permissions.IsAuthenticated", | ||
| "sds_gateway.api_methods.permissions.DisallowFederationSyncKey", | ||
| ), | ||
| "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema", | ||
| "DEFAULT_THROTTLE_RATES": { | ||
| "vis_stream": VIS_STREAM_THROTTLE_RATE, | ||
|
|
@@ -709,6 +718,63 @@ def _strip_endpoint_scheme(endpoint_url: str) -> str: | |
| SDS_PROGRAMMATIC_SITE_NAME: str = env.str("SDS_PROGRAMMATIC_SITE_NAME", default="sds") | ||
| SDS_SITE_FQDN: str = env.str("SDS_SITE_FQDN", default="localhost") | ||
|
|
||
| # Federation peer short name (RFC [site].name, e.g. crc, haystack); not SDS_PROGRAMMATIC_SITE_NAME. | ||
| FEDERATION_SITE_NAME: str = env.str("FEDERATION_SITE_NAME", default="").strip() | ||
| # Master switch: when False, federation export and Redis events are inactive. | ||
| FEDERATION_ENABLED: bool = env.bool("FEDERATION_ENABLED", default=False) | ||
| _federation_events_channel_override: str = env.str( | ||
| "FEDERATION_EVENTS_CHANNEL", | ||
| default="", | ||
| ).strip() | ||
| FEDERATION_EVENTS_CHANNEL: str = resolve_federation_events_channel( | ||
| site_name=FEDERATION_SITE_NAME, | ||
| channel_override=_federation_events_channel_override, | ||
| ) | ||
| FEDERATION_SYNC_USER_EMAIL: str = env.str( | ||
| "FEDERATION_SYNC_USER_EMAIL", | ||
| default="federation-sync@internal.local", | ||
| ) | ||
| FEDERATION_SYNC_HEALTH_URL: str = env.str( | ||
| "FEDERATION_SYNC_HEALTH_URL", | ||
| default="http://federation-sync:8000/sync/health", | ||
| ) | ||
| FEDERATION_SYNC_HEALTH_PROBE_TIMEOUT: float = env.float( | ||
| "FEDERATION_SYNC_HEALTH_PROBE_TIMEOUT", | ||
| default=2.0, | ||
| ) | ||
| FEDERATION_SKIP_SYNC_HEALTH_PROBE: bool = env.bool( | ||
| "FEDERATION_SKIP_SYNC_HEALTH_PROBE", | ||
| default=False, | ||
| ) | ||
| FEDERATION_SKIP_SYNC_API_KEY_CHECK: bool = env.bool( | ||
| "FEDERATION_SKIP_SYNC_API_KEY_CHECK", | ||
| default=False, | ||
| ) | ||
| FEDERATION_SKIP_REDIS_PROBE: bool = env.bool( | ||
| "FEDERATION_SKIP_REDIS_PROBE", | ||
| default=False, | ||
| ) | ||
| # Set at startup / periodic recheck by federation.availability. | ||
| FEDERATION_OPERATIONAL: bool = False | ||
| FEDERATION_OPERATIONAL_REASON: str = "" | ||
| # Tests may set via override_settings without running probes. | ||
| FEDERATION_OPERATIONAL_OVERRIDE: bool | None = None | ||
| # Export API: internal Docker/private networks (sync → django on sds-network). | ||
| FEDERATION_EXPORT_ALLOWED_CIDRS: list[ | ||
| ipaddress.IPv4Network | ipaddress.IPv6Network | ||
| ] = _parse_cidrs( | ||
| env.list( | ||
| "FEDERATION_EXPORT_ALLOWED_CIDRS", | ||
| default=[ | ||
| "127.0.0.1/32", | ||
| "::1/128", | ||
| "10.0.0.0/8", | ||
| "172.16.0.0/12", | ||
| "192.168.0.0/16", | ||
| ], | ||
| ), | ||
| ) | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Empty CIDR list blocks exportMedium Severity Setting Additional Locations (1)Reviewed by Cursor Bugbot for commit 751d03a. Configure here. |
||
|
|
||
|
klpoland marked this conversation as resolved.
|
||
| # ADMIN_CONSOLE_ENV is used to visually distinguish between different environments | ||
| # (production, staging, local) in the admin console and error emails. It does not affect | ||
| # any functionality and it is meant to prevent changes in production meant for testing | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,13 @@ class ApiMethodsConfig(AppConfig): | |
| # pattern to import application modules here in ready() | ||
| # ruff: noqa: PLC0415 | ||
| def ready(self) -> None: | ||
| import sds_gateway.api_methods.federation.signals | ||
| import sds_gateway.api_methods.schema # noqa: F401 | ||
| from sds_gateway.api_methods.federation.availability import ( | ||
| initialize_federation_operational_state, | ||
| ) | ||
|
|
||
| initialize_federation_operational_state() | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ready hook queries pre-migrateHigh Severity Calling Additional Locations (1)Reviewed by Cursor Bugbot for commit 751d03a. Configure here. |
||
|
|
||
| silence_unwanted_logs() | ||
|
|
||
|
|
||


There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add a one line comment explaining each value; highlight that
federation-syncis a docker service in the same network, defined in/federation