Address merge conflict

.gitlab/common.yml

@@ -93,7 +93,7 @@
   stage: log
   script:
     - BRANCH_LOWER=$(echo "$CI_COMMIT_REF_NAME" | tr '[:upper:]' '[:lower:]')
-    - docker logs $(docker ps --filter "ancestor=${REGISTRY}/${IMAGE_TAG}${BRANCH_LOWER}" --format "{{.Names}}")
+    - docker logs $(docker ps -a --filter "ancestor=${REGISTRY}/${IMAGE_TAG}${BRANCH_LOWER}" --format "{{.Names}}")
   rules:
     - when: always
 

.gitlab/end_to_end.yml

@@ -65,6 +65,7 @@ end-to-end-foxx-setup:
     - while [ ! -f "foxx_tmp/.foxx_is_installed" ]; do
     -   if docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
     -     echo "Waiting for foxx_tmp/.foxx_is_installed"
+    -     docker logs "foxx-${BRANCH_LOWER}-${CI_COMMIT_SHORT_SHA}-${random_string}";
     -     sleep 10
     -   else
     -     exit_code=$(docker inspect -f '{{.State.ExitCode}}' "$container_name")
@@ -73,6 +74,7 @@ end-to-end-foxx-setup:
     -     fi
     -   fi 
     - done
+    - docker logs "foxx-${BRANCH_LOWER}-${CI_COMMIT_SHORT_SHA}-${random_string}";
     - ./scripts/ci_database_health_check.sh
   after_script:
     - rm -rf foxx_tmp
@@ -91,6 +93,9 @@ end-to-end-gcs-node-clean:
     - ci-datafed-globus
     - docker
   script:
+    - mkdir -p "${DATAFED_GLOBUS_DIR}"
+    - cp "${CI_DATAFED_GCS_DEPLOYMENT_KEY}" "${DATAFED_GLOBUS_DIR}/deployment-key.json"
+    - cp "${CI_DATAFED_GCS_CLIENT_CRED}" "${DATAFED_GLOBUS_DIR}/client_cred.json"
     - cat "${DATAFED_GLOBUS_DIR}/deployment-key.json" | jq .node_key > "${DATAFED_GLOBUS_DIR}/node_deletion_key.json"
     - SECRET=$(cat "${DATAFED_GLOBUS_DIR}/deployment-key.json" | jq -r .secret)
     - CLIENT=$(cat "${DATAFED_GLOBUS_DIR}/deployment-key.json" | jq -r .client_id)

CHANGELOG.md

@@ -41,15 +41,17 @@
 8. [973] - Adds log output at the end of CI test pipeline
 9. [968] - Adds the ability to specify both base and root path when creating
    Globus collections.
-10. [970] - Adds Web UI testing to the CI pipeline.
+10. [1003] - Updated admin install documentation.
+11. [1005] - Consolidate Development Environment setup documentation.
+12. [970] - Adds Web UI testing to the CI pipeline.
 
 ## PATCH Bug fixes/Technical Debt/Documentation
 
 1. [914] - Improve GitHub template
 2. [910] - Static code analysis and status checks fixed, improvements to CI
 3. [923] - Fixed missing flag in certificate refresh script
 4. [917] - Add additional files to .gitignore
-5. [915] - Refactor CI to use pipelines Gitlab feature along with pipelines 
+5. [915] - Refactor CI to use pipelines Gitlab feature along with pipelines
 6. [927] - Add vim swp files to .gitignore
 7. [935] - Fixed CI branching with dynamic children, swiched to Harbor registry.
    Moved Blake's files into the correct folders.
@@ -69,12 +71,13 @@
 19. [994] - Fixes issue with spaces not being preserved in shell scripts from docker compose .env file.
 20. [996] - Fixes bug in lego install script where function name had additional s
 21. [998] - Fixing missing :latest tag on push in container, in common.yml of ci files
+22. [999] - Fixes repo service entrypoint script to append to log file instead of rewriting
 
 # v2023.10.23.15.50
 
 ## MINOR Feature
 
-1. [906] - Added backup and cert refresh scripts. 
+1. [906] - Added backup and cert refresh scripts.
 
 ## PATCH Bug Fixes/Technical Debt/Documentation
 

doc_source/index.rst

@@ -66,14 +66,14 @@ by subsequent documents on this site.
    :maxdepth: 2
    :caption: Administration
 
-   admin/general
+   admin/install_docker
+   admin/install_bare_metal
 
 .. toctree::
    :maxdepth: 2
    :caption: Development
 
    dev/project
-   dev/environment_setup
    dev/design
    dev/release
    dev/roadmap

doc_source/source/admin/general.rst → doc_source/source/admin/install_bare_metal.rst

@@ -2,19 +2,16 @@
 Administration
 ==============
 
-System Deployment
+Bare Metal System Deployment (Unsupported Currently)
 =================
 
 Deploying DataFed requires building, installing, and configuring DataFed service as well as several
-third-party packages/services. The process described here is manual, but the goal is to eventually
-automate this process as much as possible (via container technology). The services to be deployed
-relate to either the DataFed "Central Services" (of which there is only one instance) and DataFed
-"Data Repositories". (These services are listed below.)
+third-party packages/services. The process described here is automated  as much as possible 
+(via container technology). The services to be deployed relate to either the DataFed "Central Services"
+(of which there is only one instance) and DataFed "Data Repositories". (These services are listed below.)
 
 The hardware configuration selection depends on desired performance/cost and can range from a single
-node/VM up to a dedicated high-performance cluster. The host operating system must be Linux, but
-the specific distribution is not important. Though through testing at the moment
-has been limited to ubuntu:focal.
+node/VM up to a dedicated high-performance cluster.
 
 Central Services:
 - DataFed Core Service
@@ -28,7 +25,7 @@ reduce latency and avoid the need for TLS connections.
 
 Data Repository:
 - DataFed Repository Service
-- Globus Connect Service (version 4)
+- Globus Connect Service (version 5)
 - DataFed GridFTP AUTHZ Module
 
 Client Applications:
@@ -314,4 +311,4 @@ Networking
 
 If the web server and core server are on different machines you will need to
 ensure that they can communicate, this will require exchanging the public keys
-that are in the /opt/datafed/keys folder.
+that are in the /opt/datafed/keys folder.

doc_source/source/admin/install_docker.rst

@@ -0,0 +1,261 @@
+==============
+Administration
+==============
+
+Docker Deployment (Preferred Installation Method)
+=================
+
+Deploying DataFed requires building, installing, and configuring DataFed service as well as several
+third-party packages/services. The process described here is automated  as much as possible 
+(via container technology). The services to be deployed relate to either the DataFed "Central Services"
+(of which there is only one instance) and DataFed "Data Repositories". (These services are listed below.)
+
+The hardware configuration selection depends on desired performance/cost and can range from a single
+node/VM up to a dedicated high-performance cluster.
+
+Central Services:
+- DataFed Core Service
+- DataFed Web Service
+- Arango Database
+
+DataFed central services include the Core service, the database, and the web service. These
+services may be installed together on a single node, or across multiple nodes. If the latter
+is chosen, it is strongly recommended that a high-speed private network be used in order to
+reduce latency and avoid the need for TLS connections.
+
+Data Repository:
+- DataFed Repository Service
+- Globus Connect Service (version 5)
+
+Client Applications:
+- DataFed Python Client
+
+Globus Setup
+============
+
+#. Log in to `Globus <https://app.globus.org>`_.
+#. Navigate to Settings > Developers > Add Project.
+#. Select an accurate name and contact email for your project.
+#. Navigate to Add an App > Advanced Registration.
+#. Choose an accurate name for your app, and in the redirects field add the single redirect ``https://localhost/ui/authn`` for development, or your domain/IP for production
+#. Click Add Client Secret and choose a descriptive name.
+#. Take note of the Secret that it generates and the Client UUID of the Globus application and remember them for future steps.
+
+Downloading DataFed & Configuration
+===================================
+
+To deploy DataFed, its containers must be built from source code hosted on `GitHub <https://github.com/ORNL/DataFed>`_.
+Prior to building DataFed, Docker must be installed.
+The following examples are based on Debian.
+
+Downloading DataFed::
+
+    git clone https://github.com/ORNL/DataFed.git
+
+If you are deploying in development mode, the next step is to enter configuration options that are listed in ./.env To
+generate a template for this file you will first need to run::
+
+    ./compose/all/generate_env.sh
+
+These options can be used create the required services and configuration files. Below are a list
+of the relevant configuration options to an initial deployment:
+
+1. DATAFED_GLOBUS_APP_SECRET
+2. DATAFED_GLOBUS_APP_ID
+3. DATAFED_ZEROMQ_SESSION_SECRET
+4. DATAFED_ZEROMQ_SYSTEM_SECRET
+5. DATAFED_DATABASE_PASSWORD
+6. DATAFED_DATABASE_IP_ADDRESS
+7. DATAFED_GCS_ROOT_NAME
+8. DATAFED_GCS_IP
+9. DATAFED_REPO_ID_AND_DIR
+10. DATAFED_HOST_COLLECTION_MOUNT
+11. DATAFED_GLOBUS_SUBSCRIPTION
+12. DATAFED_GCS_COLLECTION_BASE_PATH
+13. DATAFED_GCS_COLLECTION_ROOT_PATH
+
+
+Descriptions of what these variables are can also be found in the ./scripts/compose_generate_env.sh file. Once the 
+necessary variables have been provided a series of scripts have been developed to appropriately
+automatically configure much of the setup.
+
+Building Containers
+===================
+
+To build the containers you must simply run::
+
+    ./compose/all/build_containers_for_compose.sh
+
+The first time you build should take approximately 15-25 minutes based on system specifications, however subsequent builds will be significantly faster.
+This is due to dependency caching, since the first build is what builds and caches the dependencies.
+
+Running the Containers (Development)
+====================================
+
+For convenience, development installations are fully supported utilizing docker compose.
+Once fully built and configured, the development instance can be started with the following commands::
+
+    ./compose/all/unset_env.sh
+    docker compose -f ./compose/all/compose.yml up
+
+This will startup all the necessary services and maintain state across restarts through docker volumes.
+
+Running the Containers (Production)
+===================================
+
+Running the containers in production is a similar process to running them in development mode,
+except the Docker containers are run manually rather than being run by Docker compose.
+
+To begin, you will want to create a Docker network to attach the containers to so that they may communicate::
+
+    docker network create datafed-network
+
+Following are examples of docker run commands for each service
+
+Core Service
+------------
+
+Here is an example for the core service::
+
+    docker run -d \
+        --restart=always \
+        --name datafed-core \
+        -e DATAFED_GLOBUS_APP_SECRET="" \
+        -e DATAFED_GLOBUS_APP_ID="" \
+        -e DATAFED_ZEROMQ_SESSION_SECRET="" \
+        -e DATAFED_ZEROMQ_SYSTEM_SECRET="" \
+        -e DATAFED_DOMAIN="" \
+        -e DATAFED_DATABASE_PASSWORD="" \
+        -e DATAFED_DATABASE_IP_ADDRESS_PORT="" \
+        -e DATAFED_DEFAULT_LOG_PATH="" \
+        -e DATAFED_CORE_ADDRESS_PORT_INTERNAL="" \
+        -e UID="" \
+        --network datafed-network \
+        -p 7513:7513 \
+        -p 7512:7512 \
+        -v "/local/path/logs:/datafed/logs" \
+        -v "/local/path/keys/datafed-core-key.pub:/opt/datafed/keys/datafed-core-key.pub" \
+        -v "/local/path/keys/datafed-core-key.priv:/opt/datafed/keys/datafed-core-key.priv" \
+        -t "datafed-core:latest" 
+
+Web Service
+------------
+
+Here is an example for the web service::
+
+    docker run -d \
+        --restart=always \
+        --name datafed-web \
+        -e DATAFED_GLOBUS_APP_SECRET="" \
+        -e DATAFED_GLOBUS_APP_ID="" \
+        -e DATAFED_ZEROMQ_SESSION_SECRET="" \
+        -e DATAFED_ZEROMQ_SYSTEM_SECRET="" \
+        -e DATAFED_DOMAIN="" \
+	    -e DATAFED_WEB_CERT_PATH="" \
+	    -e DATAFED_WEB_KEY_PATH="" \
+        -e DATAFED_DEFAULT_LOG_PATH="" \
+        -e DATAFED_CORE_ADDRESS_PORT_INTERNAL="" \
+	    -e DATAFED_GOOGLE_ANALYTICS_TAG="" \
+        -e UID="" \
+        --network datafed-network \
+        -p 7513:7513 \
+        -p 7512:7512 \
+        -v "/local/path/logs:/datafed/logs" \
+        -v "/local/path/keys/datafed-core-key.pub:/opt/datafed/keys/datafed-core-key.pub" \
+	    -v "$DATAFED_WEB_CERT_PATH:$DATAFED_WEB_CERT_PATH" \
+	    -v "$DATAFED_WEB_KEY_PATH:$DATAFED_WEB_KEY_PATH" \
+        -t "datafed-web:latest" 
+
+Repository Service
+------------
+
+Here is an example for the repository service::
+
+    docker run -d \
+        --restart=always \
+        --name datafed-repo \
+        -e DATAFED_GLOBUS_APP_SECRET="" \
+        -e DATAFED_GLOBUS_APP_ID="" \
+        -e DATAFED_ZEROMQ_SESSION_SECRET="" \
+        -e DATAFED_ZEROMQ_SYSTEM_SECRET="" \
+	    -e DATAFED_HTTPS_SERVER_PORT="" \
+        -e DATAFED_DOMAIN="" \
+        -e DATAFED_DEFAULT_LOG_PATH="" \
+        -e DATAFED_CORE_ADDRESS_PORT_INTERNAL="" \
+        -e DATAFED_GCS_BASE_PATH="" \
+        -e DATAFED_GCS_COLLECTION_ROOT_PATH="" \
+        -e UID="" \
+        --network datafed-network \
+        -p 7513:7513 \
+        -p 7512:7512 \
+        -v "/local/path/logs:/datafed/logs" \
+        -v "/local/path/keys/datafed-repo-key.pub:/opt/datafed/keys/datafed-repo-key.pub" \
+        -v "/local/path/keys/datafed-repo-key.priv:/opt/datafed/keys/datafed-repo-key.priv" \
+        -v "/local/collection/path:$DATAFED_GCS_COLLECTION_ROOT_PATH/$DATAFED_REPO_ID_AND_DIR"
+        -t "datafed-repo:latest" 
+
+Globus Service
+------------
+
+Here is an example for the Globus Connect Server service::
+
+    docker run -d \
+        --restart=always \
+        --name datafed-gcs \
+        -e DATAFED_GLOBUS_APP_SECRET="" \
+        -e DATAFED_GLOBUS_APP_ID="" \
+        -e DATAFED_ZEROMQ_SESSION_SECRET="" \
+        -e DATAFED_ZEROMQ_SYSTEM_SECRET="" \
+        -e DATAFED_HTTPS_SERVER_PORT="" \
+        -e DATAFED_DOMAIN="" \
+        -e DATAFED_CORE_ADDRESS_PORT_INTERNAL="" \
+        -e DATAFED_DEFAULT_LOG_PATH="" \
+        -e DATAFED_GCS_BASE_PATH="" \
+        -e DATAFED_GCS_COLLECTION_ROOT_PATH="" \
+        -e DATAFED_GCS_ROOT_NAME="" \
+        -e DATAFED_GLOBUS_SUBSCRIPTION="" \
+        -e DATAFED_GLOBUS_CONTROL_PORT="" \
+        -e DATAFED_REPO_USER="" \
+        -e DATAFED_AUTHZ_USER="" \
+        -e BUILD_WITH_METADATA_SERVICES="FALSE" \
+        -e DATAFED_REPO_ID_AND_DIR="" \
+        -e DATAFED_GCS_IP="" \
+        -e DATAFED_REPO_DOMAIN="" \
+        -e UID="" \
+        --network=host \
+        -v "/local/path/logs:/datafed/logs" \
+        -v "/local/base/path/globus:/opt/datafed/globus" \
+        -v "/local/base/path/keys/datafed-repo-key.pub:/opt/datafed/keys/datafed-repo-key.pub" \
+        -v "/local/base/path/keys/datafed-repo-key.priv:/opt/datafed/keys/datafed-repo-key.priv" \
+        -v "/local/collection/path:$DATAFED_GCS_COLLECTION_ROOT_PATH/$DATAFED_REPO_ID_AND_DIR"
+        -t "datafed-gcs:latest"
+
+Notice that the gcs container must run in host networking mode to avoid performance bottlenecks with GridFTP.
+
+Nginx Service
+-------------
+
+This service is not necessary for Datafed to function, however it is included here as a convenience,
+as it will allow you to setup temporary redirects for maintenance, rate limiting, better security using a standardized tool.
+
+Here is an example::
+
+    docker run -d \
+        --restart=always \
+        --name datafed-nginx \
+        --network datafed-network \
+        -p 443:443 \
+        -p 80:80 \
+        -v "/local/path/nginx/nginx.conf:/etc/nginx/conf.d/default.conf" \
+        -v "/local/path/nginx/sites-enabled:/etc/nginx/sites-enabled" \
+        -v "/local/path/nginx/www:/www" \
+        -v "/local/path/keys/datafed.ornl.gov.crt:/etc/nginx/certs/datafed.ornl.gov.crt" \
+        -v "/local/path/keys/datafed.ornl.gov.key:/etc/nginx/certs/datafed.ornl.gov.key" \
+        nginx:latest
+
+Networking
+==========
+
+If the web server and core server are on different machines you will need to
+ensure that they can communicate, this will require exchanging the public keys
+that are in the /opt/datafed/keys folder.