fix(apps): stabilize saleor and netbird launch
This commit is contained in:
2
core/Cargo.lock
generated
2
core/Cargo.lock
generated
@@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
|
||||
|
||||
[[package]]
|
||||
name = "archipelago"
|
||||
version = "1.7.75-alpha"
|
||||
version = "1.7.76-alpha"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"archipelago-container",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "archipelago"
|
||||
version = "1.7.75-alpha"
|
||||
version = "1.7.76-alpha"
|
||||
edition = "2021"
|
||||
description = "Archipelago Bitcoin Node OS - Native backend"
|
||||
authors = ["Archipelago Team"]
|
||||
|
||||
@@ -1080,7 +1080,7 @@ pub(super) async fn get_app_config(
|
||||
None,
|
||||
),
|
||||
"saleor" => (
|
||||
vec!["9000:80".to_string(), "8000:8000".to_string()],
|
||||
vec!["9010:80".to_string(), "8000:8000".to_string()],
|
||||
vec!["/var/lib/archipelago/saleor:/app/media".to_string()],
|
||||
vec![],
|
||||
None,
|
||||
|
||||
@@ -167,6 +167,34 @@ async fn repair_netbird_unified_origin() {
|
||||
let _ = pull_image_with_retry(NETBIRD_DASHBOARD_IMAGE).await;
|
||||
let _ = pull_image_with_retry(NETBIRD_PROXY_IMAGE).await;
|
||||
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args([
|
||||
"network",
|
||||
"disconnect",
|
||||
"-f",
|
||||
"netbird-net",
|
||||
"netbird-server",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args([
|
||||
"network",
|
||||
"connect",
|
||||
"--alias",
|
||||
"netbird-server",
|
||||
"netbird-net",
|
||||
"netbird-server",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args(["restart", "netbird-server"])
|
||||
.output()
|
||||
.await;
|
||||
|
||||
tokio::time::sleep(std::time::Duration::from_secs(2)).await;
|
||||
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args([
|
||||
"run",
|
||||
@@ -200,32 +228,6 @@ async fn repair_netbird_unified_origin() {
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args([
|
||||
"network",
|
||||
"disconnect",
|
||||
"-f",
|
||||
"netbird-net",
|
||||
"netbird-server",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args([
|
||||
"network",
|
||||
"connect",
|
||||
"--alias",
|
||||
"netbird-server",
|
||||
"netbird-net",
|
||||
"netbird-server",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args(["restart", "netbird-server"])
|
||||
.output()
|
||||
.await;
|
||||
}
|
||||
|
||||
async fn repair_saleor_network_aliases() {
|
||||
@@ -1736,8 +1738,9 @@ impl RpcHandler {
|
||||
|
||||
let db_pass = super::config::read_or_generate_secret("saleor-db-password").await;
|
||||
let secret_key = super::config::read_or_generate_secret("saleor-secret-key").await;
|
||||
let admin_pass = super::config::read_or_generate_secret("saleor-admin-password").await;
|
||||
let host_ip = &self.config.host_ip;
|
||||
let dashboard_url = format!("http://{}:9000/", host_ip);
|
||||
let dashboard_url = format!("http://{}:9010/", host_ip);
|
||||
let api_url = format!("http://{}:8000/graphql/", host_ip);
|
||||
let allowed_hosts = format!("localhost,127.0.0.1,api,saleor-api,{}", host_ip);
|
||||
let database_url = format!("postgres://saleor:{}@db/saleor", db_pass);
|
||||
@@ -1797,8 +1800,6 @@ impl RpcHandler {
|
||||
"--health-cmd=valkey-cli ping || exit 1",
|
||||
"--health-interval=30s",
|
||||
"--health-retries=3",
|
||||
"-v",
|
||||
"/var/lib/archipelago/saleor-cache:/data",
|
||||
SALEOR_VALKEY_IMAGE,
|
||||
]);
|
||||
run_required_stack_command("saleor", "create cache", &mut cache_cmd).await?;
|
||||
@@ -1928,6 +1929,30 @@ impl RpcHandler {
|
||||
}
|
||||
}
|
||||
|
||||
let mut admin_cmd = tokio::process::Command::new("podman");
|
||||
admin_cmd.args([
|
||||
"run",
|
||||
"--rm",
|
||||
"--network",
|
||||
"saleor-net",
|
||||
"-v",
|
||||
"/var/lib/archipelago/saleor:/app/media",
|
||||
]);
|
||||
admin_cmd.args(&saleor_env);
|
||||
admin_cmd.args([
|
||||
"-e",
|
||||
"DJANGO_SUPERUSER_EMAIL=admin@example.com",
|
||||
"-e",
|
||||
&format!("DJANGO_SUPERUSER_PASSWORD={}", admin_pass),
|
||||
SALEOR_API_IMAGE,
|
||||
"python3",
|
||||
"manage.py",
|
||||
"createsuperuser",
|
||||
"--noinput",
|
||||
]);
|
||||
run_required_stack_command("saleor", "create admin user", &mut admin_cmd).await?;
|
||||
install_log("INSTALL INFO: saleor admin email admin@example.com; password stored in /var/lib/archipelago/secrets/saleor-admin-password").await;
|
||||
|
||||
let mut api_cmd = tokio::process::Command::new("podman");
|
||||
api_cmd.args([
|
||||
"run",
|
||||
@@ -2005,11 +2030,17 @@ impl RpcHandler {
|
||||
"saleor-net",
|
||||
"--restart=unless-stopped",
|
||||
"--cap-drop=ALL",
|
||||
"--cap-add=CHOWN",
|
||||
"--cap-add=DAC_OVERRIDE",
|
||||
"--cap-add=FOWNER",
|
||||
"--cap-add=NET_BIND_SERVICE",
|
||||
"--cap-add=SETGID",
|
||||
"--cap-add=SETUID",
|
||||
"--security-opt=no-new-privileges:true",
|
||||
"--memory=256m",
|
||||
"--pids-limit=2048",
|
||||
"-p",
|
||||
"9000:80",
|
||||
"9010:80",
|
||||
"-e",
|
||||
&format!("API_URL={}", api_url),
|
||||
"-e",
|
||||
@@ -2128,6 +2159,11 @@ LETSENCRYPT_DOMAIN=none
|
||||
listen 80;
|
||||
server_name _;
|
||||
|
||||
# Route API/auth through the host-published server port. Rootless Podman
|
||||
# can give netbird-server a new container IP on restart while nginx keeps
|
||||
# an old resolved address, which breaks login with 502s.
|
||||
set $netbird_server http://169.254.1.2:8086;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -2135,14 +2171,14 @@ LETSENCRYPT_DOMAIN=none
|
||||
proxy_http_version 1.1;
|
||||
|
||||
location ~ ^/(relay|ws-proxy/) {{
|
||||
proxy_pass http://netbird-server:80;
|
||||
proxy_pass $netbird_server;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 1d;
|
||||
}}
|
||||
|
||||
location ~ ^/(api|oauth2)(/|$) {{
|
||||
proxy_pass http://netbird-server:80;
|
||||
proxy_pass $netbird_server;
|
||||
}}
|
||||
|
||||
location ~ ^/(signalexchange\.SignalExchange|management\.ManagementService)/ {{
|
||||
|
||||
@@ -147,7 +147,9 @@ impl DockerPackageScanner {
|
||||
let metadata = get_app_metadata(&app_id);
|
||||
|
||||
// Resolve UI address: separate UI containers > static map > dynamic ports
|
||||
let lan_address = if let Some(ui_address) = ui_containers.get(&app_id) {
|
||||
let lan_address = if app_id == "netbird" {
|
||||
reachable_lan_address(&app_id, netbird_configured_launch_url().await).await
|
||||
} else if let Some(ui_address) = ui_containers.get(&app_id) {
|
||||
// Apps with separate UI containers (e.g. archy-bitcoin-ui, archy-lnd-ui)
|
||||
debug!("Using UI container for {}: {}", app_id, ui_address);
|
||||
reachable_lan_address(&app_id, Some(ui_address.clone())).await
|
||||
@@ -497,7 +499,7 @@ fn get_app_metadata(app_id: &str) -> AppMetadata {
|
||||
},
|
||||
"saleor" => AppMetadata {
|
||||
title: "Saleor".to_string(),
|
||||
description: "Composable commerce platform with GraphQL API and dashboard".to_string(),
|
||||
description: "Composable commerce platform with GraphQL API and dashboard. Admin email: admin@example.com; password is stored on the node at /var/lib/archipelago/secrets/saleor-admin-password".to_string(),
|
||||
icon: "/assets/img/app-icons/saleor.svg".to_string(),
|
||||
repo: "https://github.com/saleor/saleor".to_string(),
|
||||
tier: "",
|
||||
@@ -688,6 +690,18 @@ fn extract_lan_address(ports: &[String]) -> Option<String> {
|
||||
None
|
||||
}
|
||||
|
||||
async fn netbird_configured_launch_url() -> Option<String> {
|
||||
let env = tokio::fs::read_to_string("/var/lib/archipelago/netbird/dashboard.env")
|
||||
.await
|
||||
.ok()?;
|
||||
env.lines()
|
||||
.find_map(|line| line.strip_prefix("NETBIRD_MGMT_API_ENDPOINT="))
|
||||
.map(str::trim)
|
||||
.filter(|s| !s.is_empty())
|
||||
.map(ToOwned::to_owned)
|
||||
.or_else(|| PodmanClient::lan_address_for("netbird"))
|
||||
}
|
||||
|
||||
async fn reachable_lan_address(app_id: &str, candidate: Option<String>) -> Option<String> {
|
||||
let url = candidate?;
|
||||
if !requires_reachable_launch(app_id) {
|
||||
|
||||
@@ -129,6 +129,7 @@ impl PodmanClient {
|
||||
"filebrowser" => "http://localhost:8083",
|
||||
"nginx-proxy-manager" => "http://localhost:8081",
|
||||
"portainer" => "http://localhost:9000",
|
||||
"saleor" => "http://localhost:9010",
|
||||
"uptime-kuma" => "http://localhost:3002",
|
||||
"fedimint" | "fedimintd" => "http://localhost:8175",
|
||||
"fedimint-gateway" => "http://localhost:8176",
|
||||
@@ -136,6 +137,7 @@ impl PodmanClient {
|
||||
"indeedhub" => "http://localhost:7778",
|
||||
"dwn" => "http://localhost:3100",
|
||||
"endurain" => "http://localhost:8080",
|
||||
"netbird" => "http://localhost:8087",
|
||||
"electrs" | "archy-electrs-ui" => "http://localhost:50002",
|
||||
_ => return None,
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user