Django REST API to Hop Alerts Database
Skip assumes the following Hopskotch topic mapping:
gcn-circular
: All GCN Circularslvc.lvc-counterpart
: GCN/LVC Counterpart Noticesgcn
: All GCN Notices
First, you'll need a PostGIS server listening at port 5432:
docker create --name skip-gis -e POSTGRES_DB=skip -e POSTGRES_PASSWORD=postgres -e POSTGRES_USER=postgres -p 5432:5432 mdillon/postgis
docker start skip-gis
Create a local_settings.py
in the top level of your skip
directory and add the following:
DATABASES = {
'default': {
'ENGINE': 'django.contrib.gis.db.backends.postgis',
'NAME': 'skip',
'USER': 'postgres',
'PASSWORD': 'postgres',
'HOST': 'localhost',
'PORT': '5432',
}
}
Set up the database tables:
./manage.py migrate
./manage.py createsuperuser
Choose a port (here we've choosen 8989) and run the server
./manage.py runserver 8989 &
skip
is at http://localhost:8989
docker-compose build
docker-compose up &
Next, create a superuser:
docker exec -it skip /bin/bash
python manage.py createsuperuser
# Follow prompts to create user
Navigate to localhost:8080
to view the API.
There are two ways to populate data.
There is a management command that can be run manually to ingest data by running ./manage.py ingestmessages
. In order to run this, you will need to properly configure your HOPSKOTCH_CONSUMER_CONFIGURATION
in settings.py
. Credentials can be generated at https://admin.dev.hop.scimma.org and configured with permission to access the desired topics. In order to immediately ingest messages, set 'auto.offset.reset': 'earliest'
, which will begin ingesting at the beginning of all available messages. An example HOPSKOTCH_CONSUMER_CONFIGURATION
is as follows:
HOPSKOTCH_CONSUMER_CONFIGURATION = {
'bootstrap.servers': f'{HOPSKOTCH_SERVER}:{HOPSKOTCH_PORT}',
'group.id': os.getenv('HOPSKOTCH_GROUP', 'skip-test'),
'auto.offset.reset': 'latest',
'security.protocol': 'sasl_ssl',
'sasl.mechanism': 'SCRAM-SHA-512',
'sasl.username': 'dcollom-a5c1897c',
'sasl.password': '',
# system dependency: ssl.ca.location may need to be set
# this does not seem to be necessary on Ubuntu. However,
# for example on centos7: 'ssl.ca.location': '/etc/ssl/certs/ca-bundle.crt',
}
group.id
will need to be changed in order to reset the consumer position in the message queue.
In order to populate your database with Event data, you can run the following commands, one after another:
./manage.py scrapegcncirculars
./manage.py scrapelvccounterparts
./manage.py scrapelvcnotices
./manage.py publishsupereventalerts
./manage.py ingestmessages
Each of the scrape
management commands will pull alerts from the various sources for a Superevent and save them in your local database. The publish
command will push those alerts to hop
for ingestion.
If you're coming across connection errors, make sure you aren't inadvertently using bad values from your local_settings.py
, and
confirm that there are no conflicting docker containers exposing 5432 or 8080.
The deployment infrastructure is maintained via terraform in the aws-dev repository. The database is maintained in the aws-dev/tf/skip-db/ folder, the EC2 infrastructure is maintained in the aws-dev/tf/skip/ folder, and the Kubernetes infrastructure is maintained in the aws-dev/tf/skip-eks/ folder in the feature/skip-eks
branch (Note: as of 8/23/21, this branch is two months out of date with master
).
In order to make terraform changes, your system must be configured with the correct version of terraform, which is documented in the top-level README. The repository is well-documented, so this README will only document the few commands that are required to modify the terraform configuration, which are:
# From the top-level of aws-dev
cd tf/skip
make init
make plan
make apply
Please consult with the AWS lead on whether the make
commands are still valid at the time of use, as this has been in some dispute.
Skip is currently deployed via docker-compose
on an EC2 instance. The terraform
can be found in this repo. The database can be found in skip-db
, and the web service in skip
.
To deploy on the EC2 instance, you'll need AWS credentials from the SCIMMA security team. Ensure that your credentials are configured properly either via aws configure
or by setting AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
.
Navigate to the AWS console by logging into Comanage at https://registry.scimma.org, and click on the "AWS Console" in the "Available Services" section. Then navigate to the EC2 service, and click on the "Instances" tab.
Click on the instance "hopDevel Skip in Region a", which should be running. Once selected, a button will appear at the top of the screen marked "Connect". Upon clicking that, a modal will provide the command to connect: ssh -i "path/to/skip-web-deploy-2.pem" [email protected]
.
Once you have accessed the EC2 instance via SSH, there are two potential paths to deployment. If the EC2 instance is newly created:
sudo yum install git
git clone https://github.com/scimma/skip.git
cd skip
# If migrations are needed, please see the note in the Troubleshooting section of this document
$(aws ecr get-login --no-include-email --region us-west-2)
export HOPSKOTCH_PASSWORD=<password for hopskotch kafka username>
docker-compose pull
docker-compose up &
If the EC2 instance has been deployed to previously:
cd skip
git fetch && git pull origin main # This is necessary to ensure the docker compose file is up to date
$(aws ecr get-login --no-include-email --region us-west-2)
export HOPSKOTCH_PASSWORD=<password for hopskotch kafka username>
docker-compose pull
docker-compose up &
If the EC2 instance has had multiple deployments, the disk space may be too low to pull down the latest docker image. In this case, you'll need to delete old docker images with a combination of docker images
and docker image rm <image tag>
.
The private key is required for SSH access to the EC2 instance, must be created in the AWS console rather than in terraform, and is only accessible when created. A new private key also requires an update to the terraform configuration, as the key name is referred to here.
To create a new key, navigate to the EC2 service in the AWS console as described above. Then, click on the "Key Pairs" link under the "Network & Security" section, followed by the "Create key pair" button.
Skip is not currently successfully deployed via Kubernetes, but is well on its way. The terraform configuration can be found in the feature/skip-eks
branch in aws-dev
, and the kubernetes dev deployment file can be found in this repository.
The deployment file requires a number of secrets that are configured via the terraform configuration. The secrets are database values that are provisioned in the tf/skip-db/skip-db.tf
file, and loaded as environment variables in the kubernetes deployment-dev.yaml
file.
Access to the SCIMMA kubernetes cluster is documented here--however, this differs from the process that has been used by Skip developers previously. The method previously followed is significantly closer to the AWS documentation.
Access will require modification of the user's ~/.kube/config
file, and the writer of the document does not recall how to get the correct values for that. Any user intending to get access should contact the SCIMMA security team via Slack. Once the config
file is up-to-date, the process is as follows:
export AWS_ACCESS_KEY_ID=<scimma_access_key> && export AWS_SECRET_ACCESS_KEY=<scimma_secret_key>
aws sts assume-role --role-arn arn:aws:iam::585193511743:role/scimma_power_user --role-session-name <your-session-name> --duration-seconds 43200 # This command will return values for AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN
export AWS_ACCESS_KEY_ID=<role_access_key> && export AWS_SECRET_ACCESS_KEY=<role_secret_key> && export AWS_SESSION_TOKEN=<role_session_token>
kubectx arn:aws:eks:us-west-2:585193511743:cluster/hopDevelEksCluster
kubectl get pods
kubectl apply -f ~/projects/skip/deployment-dev.yaml