Merge pull request #936 from opencrvs/merge-v1.4.1-into-develop

Merge v1.4.1 into develop
opencrvs · Mar 15, 2024 · 9533cfa · 9533cfa
2 parents 192a493 + fac06ca
commit 9533cfa
Show file tree

Hide file tree

Showing 46 changed files with 26,753 additions and 30,289 deletions.
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
@@ -14,7 +14,7 @@ on:
       core-image-tag:
         description: Core DockerHub image tag
         required: true
-        default: 'v1.4.0'
+        default: 'v1.4.1'
       countryconfig-image-tag:
         description: Your Country Config DockerHub image tag
         required: true

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -15,7 +15,7 @@ on:
       core-image-tag:
         description: Core DockerHub image tag
         required: true
-        default: 'v1.4.0'
+        default: 'v1.4.1'
       countryconfig-image-tag:
         description: Your Country Config DockerHub image tag
         required: true

diff --git a/.github/workflows/provision.yml b/.github/workflows/provision.yml
@@ -1,9 +1,6 @@
 name: Provision environment
 run-name: Provision ${{ github.event.inputs.environment }}
 on:
-  push:
-    branches:
-      - release-v1.4.0
   workflow_dispatch:
     inputs:
       environment:
@@ -32,7 +29,7 @@ on:
           - users
           - crontab
           - mongodb
-          - data
+          - data-partition
           - swap
           - ufw
           - fail2ban
@@ -112,7 +109,7 @@ jobs:
           ansible_user: ${{ secrets.SSH_USER }}
 
       - name: Run playbook
-        uses: dawidd6/action-ansible-playbook@v2
+        uses: dawidd6/action-ansible-playbook@v2.8.0
         env:
           ANSIBLE_PERSISTENT_COMMAND_TIMEOUT: 10
           ANSIBLE_SSH_TIMEOUT: 10

diff --git a/.github/workflows/validate-translation.yml b/.github/workflows/validate-translation.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,18 @@
 # Changelog
 
-## [1.4.0](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.3...v1.4.0) (TBD)
+## [1.4.1](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.4.0...v1.4.1)
+
+- Improved logging for emails being sent
+- Updated default Metabase init file so that it's compatible with the current Metabase version
+- Deployment: Verifies Kibana is ready before setting up alert configuration
+- Deployment: Removes `depends_on` configuration from docker compose files
+- Deployment: Removes some deprecated deployment code around Elastalert config file formatting
+- Provisioning: Creates backup user on backup servers automatically
+- Provisioning: Update ansible Github action task version
+
+- Copy: All application copy is now located in src/translations as CSV files. This is so that copy would be easily editable in software like Excel and Google Sheets. After this change, `AVAILABLE_LANGUAGES_SELECT` doesn't need to be defined anymore by country config.
+
+## [1.4.0](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.3...v1.4.0)
 
 - Added examples for configuring HTTP-01, DNS-01, and manual HTTPS certificates. By default, development and QA environments use HTTP-01, while others use DNS-01.
 - All secrets & variables defined in Github Secrets are now passed automatically to the deployment script.
@@ -44,7 +56,7 @@ In the next OpenCRVS release v1.5.0, there will be two significant changes:
 
 See [Releases](https://github.com/opencrvs/opencrvs-farajaland/releases) for release notes of older releases.
 
-## [1.3.3](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.2...v1.3.3) (TBD)
+## [1.3.3](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.2...v1.3.3)
 
 ### Breaking changes
 
@@ -107,4 +119,14 @@ See [Releases](https://github.com/opencrvs/opencrvs-farajaland/releases) for rel
 
 ### Bug fixes
 
+## [1.3.4](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.3...v1.3.4) (TBD)
+
+## Breaking changes
+
+## New features
+
+## Bug fixes
+
+- Fix typo in certificate handlebar names
+
 See [Releases](https://github.com/opencrvs/opencrvs-farajaland/releases) for release notes of older releases.
diff --git a/infrastructure/deployment/deploy.sh b/infrastructure/deployment/deploy.sh
@@ -351,16 +351,7 @@ configured_ssh << EOF
 EOF
 
 # Setup configuration files and compose file for the deployment domain
-configured_ssh "
-  HOST=$HOST
-  SMTP_HOST=$SMTP_HOST
-  SMTP_PORT=$SMTP_PORT
-  ALERT_EMAIL=$ALERT_EMAIL
-  SENDER_EMAIL_ADDRESS=$SENDER_EMAIL_ADDRESS
-  DOMAIN=$DOMAIN
-  MINIO_ROOT_USER=$MINIO_ROOT_USER
-  MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD
-  /opt/opencrvs/infrastructure/setup-deploy-config.sh $HOST | tee -a $LOG_LOCATION/setup-deploy-config.log"
+configured_ssh "/opt/opencrvs/infrastructure/setup-deploy-config.sh $HOST"
 
 rotate_secrets
 
@@ -372,12 +363,24 @@ echo
 echo "Waiting 2 mins for mongo to deploy before working with data. Please note it can take up to 10 minutes for the entire stack to deploy in some scenarios."
 echo
 
-sleep 120 # Required as Kibana cannot be immediately contacted
 echo "Setting up Kibana config & alerts"
 
 while true; do
   if configured_ssh "HOST=kibana.$HOST /opt/opencrvs/infrastructure/monitoring/kibana/setup-config.sh"; then
     break
   fi
   sleep 5
-done
+done
+
+# Send a notification email to confirm emails are working
+EMAIL_PAYLOAD='{
+  "subject": "🚀 Deployment to '$ENV' finished",
+  "html": "Deployment to '$ENV' was successful with images '$VERSION' for core and '$COUNTRY_CONFIG_VERSION' for country config.",
+  "from": "{{SENDER_EMAIL_ADDRESS}}",
+  "to": "{{ALERT_EMAIL}}"
+}'
+
+configured_ssh "docker run --rm --network=opencrvs_overlay_net appropriate/curl \
+  -X POST 'http://countryconfig:3040/email' \
+  -H 'Content-Type: application/json' \
+  -d '$EMAIL_PAYLOAD'"
diff --git a/infrastructure/docker-compose.deploy.yml b/infrastructure/docker-compose.deploy.yml
@@ -141,8 +141,6 @@ services:
         'file=@/config.ndjson'
       ]
     restart: on-failure
-    depends_on:
-      - kibana
     volumes:
       # Exceed Docker config file 500 kb file limit, thus a volume mount
       - '/opt/opencrvs/infrastructure/monitoring/kibana/config.ndjson:/config.ndjson'
@@ -183,8 +181,6 @@ services:
     configs:
       - source: kibana.{{ts}}
         target: /usr/share/kibana/config/kibana.yml
-    depends_on:
-      - elasticsearch
     logging:
       driver: gelf
       options:
@@ -235,8 +231,6 @@ services:
       replicas: 1
       restart_policy:
         condition: none
-    depends_on:
-      - mongo1
     environment:
       - REPLICAS=1
       - MONGODB_ADMIN_USER=${MONGODB_ADMIN_USER}
@@ -345,8 +339,6 @@ services:
       /bin/sh -c "
       /usr/bin/mc admin trace --path ocrvs/* minio
       "
-    depends_on:
-      - minio
     configs:
       - source: minio-mc-config.{{ts}}
         target: /root/.mc/config.json
@@ -368,8 +360,6 @@ services:
     image: ubuntu:bionic
     entrypoint: ['bash', '/usr/app/setup.sh']
     restart: on-failure
-    depends_on:
-      - elasticsearch
     environment:
       - ELASTICSEARCH_HOST=elasticsearch
       - ELASTIC_PASSWORD=${ELASTICSEARCH_SUPERUSER_PASSWORD}
@@ -406,8 +396,6 @@ services:
       - '/opt/opencrvs/infrastructure/monitoring/elastalert/rules:/opt/elastalert/rules'
     networks:
       - overlay_net
-    depends_on:
-      - elasticsearch
     deploy:
       labels:
         - 'traefik.enable=false'
@@ -424,8 +412,6 @@ services:
   logstash:
     image: logstash:7.17.18
     command: logstash -f /etc/logstash/logstash.conf --verbose
-    depends_on:
-      - elasticsearch
     ports:
       - '12201:12201'
       - '12201:12201/udp'
@@ -448,9 +434,6 @@ services:
       replicas: 1
   apm-server:
     image: docker.elastic.co/apm/apm-server:7.15.2
-    depends_on:
-      - elasticsearch
-      - kibana
     cap_add: ['CHOWN', 'DAC_OVERRIDE', 'SETGID', 'SETUID']
     cap_drop: ['ALL']
     restart: always
@@ -908,8 +891,6 @@ services:
     environment:
       - mongodb__url=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0
       - logger__level=warn
-    depends_on:
-      - mongo1
     deploy:
       labels:
         - 'traefik.enable=false'

diff --git a/infrastructure/docker-compose.production-deploy.yml b/infrastructure/docker-compose.production-deploy.yml
@@ -144,9 +144,7 @@ services:
   hearth:
     environment:
       - mongodb__url=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1,mongo2/hearth-dev?replicaSet=rs0
-    depends_on:
-      - mongo1
-      - mongo2
+
     deploy:
       replicas: 2
 
@@ -158,9 +156,6 @@ services:
       - HEARTH_MONGO_URL=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1,mongo2/hearth-dev?replicaSet=rs0
       - OPENHIM_MONGO_URL=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1,mongo2/openhim-dev?replicaSet=rs0
       - WAIT_HOSTS=mongo1:27017,mongo2:27017,influxdb:8086,minio:9000,elasticsearch:9200
-    depends_on:
-      - mongo1
-      - mongo2
 
   mongo2:
     image: mongo:4.4
@@ -192,9 +187,6 @@ services:
       - overlay_net
 
   mongo-on-update:
-    depends_on:
-      - mongo1
-      - mongo2
     environment:
       - REPLICAS=2
 

diff --git a/infrastructure/docker-compose.staging-deploy.yml b/infrastructure/docker-compose.staging-deploy.yml
@@ -144,8 +144,6 @@ services:
   hearth:
     environment:
       - mongodb__url=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0
-    depends_on:
-      - mongo1
     deploy:
       replicas: 1
 
@@ -159,9 +157,8 @@ services:
       - WAIT_HOSTS=mongo1:27017,influxdb:8086,minio:9000,elasticsearch:9200
     depends_on:
       - mongo1
+
   mongo-on-update:
-    depends_on:
-      - mongo1
     environment:
       - REPLICAS=1
 

diff --git a/infrastructure/logrotate.conf b/infrastructure/logrotate.conf
@@ -58,13 +58,6 @@ include /etc/logrotate.d
     rotate 1
 }
 
-/var/log/setup-deploy-config.log {
-    missingok
-    monthly
-    create 0660 root application
-    rotate 1
-}
-
 /var/log/rotate-secrets.log {
     missingok
     monthly