From c73d1c52054cab9a415e98a6b74326761dca801a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 11:15:08 +0200 Subject: [PATCH 1/5] chore(deps): update dependency ops to v2.17.0 (#293) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 20774a7c..81e6997d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ -ops==2.16.1 +ops==2.17.0 pydantic==2.9.2 From 5b8cfddd335e571a3369b04e7e4679179b857631 Mon Sep 17 00:00:00 2001 From: Erin Conley Date: Tue, 1 Oct 2024 09:46:34 -0400 Subject: [PATCH 2/5] Update index.md (#294) * Update index.md (ISD-2212 and ISD-2289) Adopted template page (in this case, added header to the page) Rearranged the Contents section so the left-hand Charmhub menu will have a consistent pattern Smaller edits to text * clarify --- docs/index.md | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/docs/index.md b/docs/index.md index 47759b92..499371e4 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,11 +1,17 @@ -This charm simplifies initial deployment and "day N" operations of Discourse -on Kubernetes, such as scaling the number of instances, integration with SSO, -access to S3 for redundant file storage and more. It allows for deployment on -many different Kubernetes platforms, from [MicroK8s](https://microk8s.io) or -[Charmed Kubernetes](https://ubuntu.com/kubernetes) to public cloud Kubernetes -offerings. +# Discourse Operator +A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators) deploying and managing Discourse on Kubernetes. -Discourse is an open-source software application used to create customer-friendly and community-friendly discussion platforms, forums, and mailing lists. It's designed to work as a discussion platform for various topics and is widely used by numerous organizations and individuals to build communities, provide customer support, and facilitate conversations. The platform is built with a focus on simplicity, user-friendliness, and responsiveness, making it accessible from both desktops and mobile devices. Discourse provides various moderation and administration tools, enabling community managers to maintain a healthy and constructive environment. +Discourse is an open-source software application used to create customer-friendly and community-friendly discussion platforms, +forums, and mailing lists. It's designed to work as a discussion platform for various topics and is widely used by numerous +organizations and individuals to build communities, provide customer support, and facilitate conversations. The platform is +built with a focus on simplicity, user-friendliness, and responsiveness, making it accessible from both desktops and mobile +devices. Discourse provides various moderation and administration tools, enabling community managers to maintain a healthy and +constructive environment. + +This charm simplifies operations of Discourse on Kubernetes, such as scaling the number of instances, integration +with SSO, access to S3 for redundant file storage and more. It allows for deployment on many different Kubernetes +platforms, from [MicroK8s](https://microk8s.io) or [Charmed Kubernetes](https://ubuntu.com/kubernetes) to public cloud +Kubernetes offerings. ## In this documentation @@ -33,10 +39,10 @@ fixes and constructive feedback. # Contents -1. [Explanation](explanation) - 1. [Charm architecture](explanation/charm-architecture.md) +1. [Tutorial](tutorial.md) 1. [How To](how-to) 1. [Access the Rails console](how-to/access--the-rails-console.md) + 1. [Backup and restore](how-to/backup-and-restore.md) 1. [Configure the container](how-to/configure-container.md) 1. [Configure the hostname](how-to/configure-hostname.md) 1. [Configure S3](how-to/configure-s3.md) @@ -44,11 +50,11 @@ fixes and constructive feedback. 1. [Configure SMTP](how-to/configure-smtp.md) 1. [Contribute](how-to/contribute.md) 1. [Upgrade](how-to/upgrade.md) - 1. [Backup and restore](how-to/backup-and-restore.md) 1. [Reference](reference) 1. [Actions](reference/actions.md) 1. [Configurations](reference/configurations.md) 1. [Integrations](reference/integrations.md) 1. [Plugins](reference/plugins.md) 1. [External Access](reference/external-access.md) -1. [Getting started](tutorial.md) +1. [Explanation](explanation) + 1. [Charm architecture](explanation/charm-architecture.md) From 5ac00abbea5b1c763eee72aea2d2a62e87c73f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ali=20U=C4=9EUR?= <39213991+alithethird@users.noreply.github.com> Date: Mon, 7 Oct 2024 18:30:41 +0300 Subject: [PATCH 3/5] chore(docs): Update tutorial (#296) * chore(docs): Update tutorial * chore(): Applied comments * chore(docs): Fix indico mention and `vm` to `VM` * chore(docs): Last line * chore(docs): Cleanedup the confusing Multipass references and added a warning in the beginning * chore(docs): Updated requirements --- docs/tutorial.md | 99 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 66 insertions(+), 33 deletions(-) diff --git a/docs/tutorial.md b/docs/tutorial.md index 664d49de..3acb372f 100644 --- a/docs/tutorial.md +++ b/docs/tutorial.md @@ -9,18 +9,31 @@ In this tutorial, we'll go through each step of the process to get a basic Discourse deployment. ## Requirements +- A working station, e.g., a laptop, with amd64 architecture. +- Juju 3 installed and bootstrapped to a MicroK8s controller. You can accomplish this process by using a Multipass VM as outlined in this guide: [Set up / Tear down your test environment](https://juju.is/docs/juju/set-up--tear-down-your-test-environment) +- NGINX Ingress Controller. If you're using [MicroK8s](https://microk8s.io/), this can be done by running the command `microk8s enable ingress`. For more details, see [Addon: Ingress](https://microk8s.io/docs/addon-ingress). -* A laptop or desktop running Ubuntu (or you can use a VM). -* Juju and [Microk8s](https://juju.is/docs/olm/microk8s) installed. We’ll also want to make sure the ingress add-on is enabled, which we can do by running `microk8s enable ingress`. +For more information about how to install Juju, see [Get started with Juju](https://juju.is/docs/olm/get-started-with-juju). +:warning: When using a Multipass VM, make sure to replace `127.0.0.1` IP addresses with the +VM IP in steps that assume you're running locally. To get the IP address of the +Multipass instance run ```multipass info my-juju-vm```. ## Steps -### Set up environment +### Shell into the Multipass VM +> NOTE: If you're working locally, you don't need to do this step. -To easily clean up the resources and separate your workload from the contents of this tutorial, set up a new Juju model named `discourse`: +To be able to work inside the Multipass VM first you need to log in with the following command: +``` +multipass shell my-juju-vm +``` + +### Add a Juju model for the tutorial + +To easily clean up the resources and separate your workload from the contents of this tutorial, set up a new Juju model named `discourse-tutorial`: ``` -juju add-model discourse +juju add-model discourse-tutorial ``` ### Deploy the charms @@ -38,11 +51,10 @@ juju deploy discourse-k8s Enable the required PostgreSQL extensions: ``` -juju config postgresql-k8s plugin_hstore_enable=True -juju config postgresql-k8s plugin_pg_trgm_enable=True +juju config postgresql-k8s plugin_hstore_enable=True plugin_pg_trgm_enable=True ``` -### Integrate the charms +### Integrate with the Redis k8s charm the PostgreSQL k8s charm Integrate `redis-k8s` and `postgresql-k8s` to `discourse-k8s`: ``` @@ -52,48 +64,62 @@ juju integrate discourse-k8s postgresql-k8s By running `juju status --relations` the current state of the deployment can be queried: ``` -Model Controller Cloud/Region Version SLA Timestamp -discourse microk8s microk8s/localhost 3.1.7 unsupported 12:48:02+02:00 +Model Controller Cloud/Region Version SLA Timestamp +discourse-tutorial microk8s microk8s/localhost 3.5.4 unsupported 14:07:18+03:00 -App Version Status Scale Charm Channel Rev Address Exposed Message -discourse-k8s 3.2.0 active 1 discourse-k8s stable 95 10.152.183.175 no -postgresql-k8s 14.10 active 1 postgresql-k8s 14/stable 193 10.152.183.59 no -redis-k8s 7.0.4 active 1 redis-k8s latest/edge 27 10.152.183.46 no +App Version Status Scale Charm Channel Rev Address Exposed Message +discourse-k8s 3.3.0 active 1 discourse-k8s latest/stable 173 10.152.183.231 no +postgresql-k8s 14.12 active 1 postgresql-k8s 14/stable 381 10.152.183.143 no +redis-k8s 7.2.5 active 1 redis-k8s latest/edge 36 10.152.183.188 no Unit Workload Agent Address Ports Message -discourse-k8s/0* active idle 10.1.44.214 -postgresql-k8s/0* active idle 10.1.44.219 -redis-k8s/0* active idle 10.1.44.227 +discourse-k8s/0* active idle 10.1.32.182 +postgresql-k8s/0* active idle 10.1.32.184 Primary +redis-k8s/0* active idle 10.1.32.181 Integration provider Requirer Interface Type Message -discourse-k8s:restart discourse-k8s:restart rolling_op peer -postgresql-k8s:database discourse-k8s:database postgresql_client regular -postgresql-k8s:database-peers postgresql-k8s:database-peers postgresql_peers peer -postgresql-k8s:restart postgresql-k8s:restart rolling_op peer -postgresql-k8s:upgrade postgresql-k8s:upgrade upgrade peer -redis-k8s:redis discourse-k8s:redis redis regular -redis-k8s:redis-peers redis-k8s:redis-peers redis-peers peer +discourse-k8s:restart discourse-k8s:restart rolling_op peer +postgresql-k8s:database discourse-k8s:database postgresql_client regular +postgresql-k8s:database-peers postgresql-k8s:database-peers postgresql_peers peer +postgresql-k8s:restart postgresql-k8s:restart rolling_op peer +postgresql-k8s:upgrade postgresql-k8s:upgrade upgrade peer +redis-k8s:redis discourse-k8s:redis redis regular +redis-k8s:redis-peers redis-k8s:redis-peers redis-peers peer ``` The deployment finishes when all the charms show `Active` states. -Run `kubectl get pods -n discourse` to see the pods that are being created by the charms: +Run `kubectl get pods -n discourse-tutorial` to see the pods that are being created by the charms: ``` NAME READY STATUS RESTARTS AGE -modeloperator-64c58d675d-csj47 1/1 Running 0 5m30s +modeloperator-c584f6f9f-qf9gr 1/1 Running 0 5m30s redis-k8s-0 3/3 Running 0 5m22s discourse-k8s-0 2/2 Running 0 5m1s postgresql-k8s-0 2/2 Running 0 5m9s ``` -### Provide ingress capabilities +### Provide ingress capabilities In order to expose the charm, the Nginx Ingress Integrator needs to be deployed and integrated with Discourse: ``` juju deploy nginx-ingress-integrator -# If your cluster has RBAC enabled you'll be prompted to run the following: -juju trust nginx-ingress-integrator --scope=cluster +``` +To check if RBAC is enabled run the following command: +``` +microk8s status | grep rbac +``` +If it is enabled, then the output should be like the following: +``` +rbac # (core) Role-Based Access Control for authorisation +``` +If the output is empty then RBAC is not enabled. +If your cluster has RBAC enabled, you'll be prompted to run the following command: +``` +juju trust nginx-ingress-integrator --scope=cluster +``` +Then you need to integrate the charm with Nginx Ingress Integrator: +``` juju integrate discourse-k8s nginx-ingress-integrator ``` @@ -103,7 +129,9 @@ To create an admin user, use the `create-user` action: ``` juju run discourse-k8s/0 create-user admin=true email=email@example.com ``` -The command will return the password of the created user. Discourse will be deployed with `discourse-k8s` as default hostname. In order to reach it, modify your `/etc/hosts` file so that it points to `127.0.0.1`: +The command will return the password of the created user. Discourse will be deployed with `discourse-k8s` as default hostname. + +If you are following the tutorial in your local machine, modify your `/etc/hosts` file so that it points to `127.0.0.1`: ``` echo 127.0.0.1 discourse-k8s >> /etc/hosts @@ -111,11 +139,16 @@ echo 127.0.0.1 discourse-k8s >> /etc/hosts After that, visit `http://discourse-k8s` to reach Discourse, using the credentials returned from the `create-user` action to login. -### Clean up the environment +### Clean up the environment -Congratulations! You have successfully finished the Discourse tutorial. You can now remove the +Congratulations! You have successfully finished the Discourse tutorial. You can now remove the model environment that you've created using the following command: ``` -juju destroy-model discourse --destroy-storage +juju destroy-model discourse-tutorial --destroy-storage +``` +If you used Multipass, to remove the Multipass instance you created for this tutorial, use the following command. +``` +multipass delete --purge my-juju-vm ``` +Finally, remove the `127.0.0.1 discourse-k8s` line from the `/etc/hosts` file. From 4abea74210c6670809436cded144389f3ddad86c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:15:47 +0200 Subject: [PATCH 4/5] chore(deps): update ubuntu:22.04 docker digest to 0e5e4a5 (#297) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- discourse_rock/rockcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/discourse_rock/rockcraft.yaml b/discourse_rock/rockcraft.yaml index 27be1bbc..962ec303 100644 --- a/discourse_rock/rockcraft.yaml +++ b/discourse_rock/rockcraft.yaml @@ -5,7 +5,7 @@ name: discourse summary: Discourse rock description: Discourse OCI image for the Discourse charm base: ubuntu@22.04 -# renovate: base: ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe +# renovate: base: ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97 run-user: _daemon_ # UID/GID 584792 license: Apache-2.0 version: "1.0" From f182a5dafdedb2b9fbd1c3bc632bda063c171f44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ali=20U=C4=9EUR?= <39213991+alithethird@users.noreply.github.com> Date: Tue, 26 Nov 2024 08:36:45 +0300 Subject: [PATCH 5/5] Chore(): Remove broken plugin (#299) * Chore(): Remove broken plugin * Chore(): Discourse version update to 3.3.2 * Chore(Ruby): Ruby version update for security reasons * Chore(): Revert Discourse version. Add stuff into trivyignore --- .trivyignore | 30 ++++++++++++++++++++++++++++++ discourse_rock/rockcraft.yaml | 13 ++----------- 2 files changed, 32 insertions(+), 11 deletions(-) create mode 100644 .trivyignore diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..e5217656 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,30 @@ +# wee_alloc is Unmaintained https://github.com/advisories/GHSA-rc23-xxgq-x27g +GHSA-rc23-xxgq-x27g +# pebble +CVE-2024-34156 +# shlex from ruby test +GHSA-r7qv-8r2h-pg27 +# squoosh npm package +CVE-2021-32810 +CVE-2022-23639 +# Ruby Gems +CVE-2024-7254 +CVE-2015-9284 +CVE-2017-11430 +CVE-2024-45409 +GHSA-cvp8-5r8g-fhvq +CVE-2024-49761 +CVE-2024-45409 +CVE-2024-47220 +# Python setuptools +CVE-2024-6345 +# Nodejs +CVE-2021-23424 # ansi-html +CVE-2024-39338 # axios +CVE-2024-45590 # body-parser +CVE-2024-4068 # braces +CVE-2024-21538 # cross-spawn +CVE-2024-29415 # ip +CVE-2024-45296 # path-to-regexp +CVE-2024-37890 # ws +private-key diff --git a/discourse_rock/rockcraft.yaml b/discourse_rock/rockcraft.yaml index 962ec303..97f8718f 100644 --- a/discourse_rock/rockcraft.yaml +++ b/discourse_rock/rockcraft.yaml @@ -42,8 +42,8 @@ parts: - ARCH: "x64" - NODE_VERSION: "18.18.2" - RAILS_ENV: "production" - - RUBY_INSTALL_VERSION: "0.9.2" - - RUBY_VERSION: "3.2.2" + - RUBY_INSTALL_VERSION: "0.9.3" + - RUBY_VERSION: "3.2.6" - YARN_VERSION: "1.22.19" override-build: | node_uri="https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${ARCH}.tar.gz" @@ -86,14 +86,6 @@ parts: source: bundler organize: "*": srv/discourse/app/.bundle/ - discourse-rad-plugin: - plugin: dump - after: [discourse, bundler-config] - source: https://github.com/canonical/discourse-rad-plugin.git - source-commit: 7fe719abd459ab2d2736d6ad2ca7810b045dd154 - source-depth: 1 - organize: - "*": srv/discourse/app/plugins/discourse-rad-plugin/ discourse-solved: plugin: dump after: [discourse, bundler-config] @@ -219,7 +211,6 @@ parts: - discourse-markdown-note - discourse-mermaid-theme-component - discourse-prometheus - - discourse-rad-plugin - discourse-saml - discourse-solved - discourse-templates