5.0 Testsuite

basis/bin/auto_env.sh

@@ -325,6 +325,11 @@ if [ -f $STATE_FILE ]; then
         else
             export TF_VAR_docker_image_rest="busybox"      
         fi
+        if [ -f $TARGET_DIR/docker_image_mcp_server.txt ]; then
+            export TF_VAR_docker_image_mcp_server=`cat $TARGET_DIR/docker_image_mcp_server.txt`
+        else
+            export TF_VAR_docker_image_mcp_server="busybox"      
+        fi        
     fi
 
     # export all OUTPUTS of the terraform file
@@ -360,8 +365,7 @@ if [ -f $STATE_FILE ]; then
     if [ "$TF_VAR_deploy_type" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then
         # OKE
         if [ -f $KUBECONFIG ]; then
-            export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
-            export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$TF_VAR_ingress_ip'") | .id'`  
+            oke_get_gateway_ip  
         fi
     fi
 

basis/bin/compute/compute_install.sh

@@ -17,6 +17,12 @@ if ! grep -q "export LC_CTYPE" $HOME/.bashrc; then
     # Set VI and NANO in utf8
     echo "export LC_CTYPE=en_US.UTF-8" >> $HOME/.bashrc
     echo "shopt -s direxpand" >> $HOME/.bashrc
+    cat >> $HOME/.vimrc <<EOT
+set tabstop=4
+set expandtab
+set shiftwidth=4
+set paste
+EOT
 
     if [ "$TF_VAR_your_public_ssh_key" != "" ]; then 
         if ! grep -q "$TF_VAR_your_public_ssh_key" $HOME/.ssh/authorized_keys; then
@@ -34,16 +40,18 @@ if ! grep -q "export LC_CTYPE" $HOME/.bashrc; then
 
     # Resize the boot volume (if >47GB)
     sudo /usr/libexec/oci-growfs -y
+fi
 
-    # Build_host = bastion
+if ! grep -q "# Build Bastion" $HOME/.bashrc; then
     if [ "$TF_VAR_build_host" == "bastion" ]; then 
-        # Kubernetes
-        if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then 
+        echo "# Build Bastion" >> $HOME/.bashrc# Build_host = bastion
+        # Kubernetes 
+        if [ "$TF_VAR_oke_ocid" != "" ]; then 
             install_docker_tools
             echo "export KUBECONFIG=$HOME/compute/kubeconfig_starter" >> $HOME/.bashrc
         fi 
-        # Kubernetes
-        if [ "$TF_VAR_language" == "java" ]; then 
+        # Java
+        if [ "$TF_VAR_language" == "java" ] || [ "$TF_VAR_oke_ocid" != "" ]; then 
             install_java
         fi         
         # Create a git branch 

basis/bin/compute/rebuild.sh

@@ -23,11 +23,11 @@ for APP_DIR in `app_dir_list`; do
         # Build in bastion
         $APP_NAME/build.sh
     fi
-    if [ "APP_NAME" == "db" ]; then
+    if [ "$APP_NAME" == "db" ]; then
         # Database
         title "Rebuild - $APP_NAME: Install"
         ${APP_DIR}/install.sh
-    elif [ -f $APP_DIR/install.sh ] && [ is_deploy_compute ]; then
+    elif [ -f $APP_DIR/install.sh ] && is_deploy_compute; then
         # Build in terraform - compute 
         title "Rebuild: $APP_NAME: Install"
         ${APP_DIR}/install.sh
@@ -42,6 +42,10 @@ for APP_DIR in `app_dir_list`; do
     fi
 done
 
+if [ -f $HOME/bastion_lock ]; then
+    rm $HOME/bastion_lock
+fi
+
 end_time=$(date +%s)
 echo
 echo "<rebuild.sh> Time taken: $((end_time - start_time)) seconds"

basis/bin/compute/shared_compute.sh

@@ -116,7 +116,6 @@ install_java() {
             # sudo update-alternatives --set native-image $JAVA_HOME/lib/svm/bin/native-image
         fi   
         sudo update-alternatives --set java $JAVA_HOME/bin/java
-        echo "export JAVA_HOME=${JAVA_HOME}" >> $HOME/.bashrc
     else
         # JDK 
         # Needed due to concurrency
@@ -137,7 +136,9 @@ install_java() {
             # cd -
             # sudo update-alternatives --set java $JAVA_LATEST_PATH/bin/java
         fi
+        export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
     fi
+    echo "export JAVA_HOME=${JAVA_HOME}" >> $HOME/.bashrc    
 
     # JMS agent deploy (to fleet_ocid )
     if [ -f jms_agent_deploy.sh ]; then
@@ -147,7 +148,16 @@ install_java() {
 
   # Build on Bastion
     if [ "$TF_VAR_build_host" == "bastion" ]; then 
-        sudo dnf install -y maven
+        # sudo dnf install -y maven
+        if [ ! -d $HOME/maven ]; then
+            MVN_VERSION=3.9.15
+            wget https://dlcdn.apache.org/maven/maven-3/$MVN_VERSION/binaries/apache-maven-$MVN_VERSION-bin.tar.gz
+            tar xfz apache-maven-$MVN_VERSION-bin.tar.gz
+            mv apache-maven-$MVN_VERSION $HOME/maven
+            rm apache-maven-$MVN_VERSION-bin.tar.gz
+            export PATH=$HOME/maven/bin:$PATH
+            echo "export PATH=$HOME/maven/bin:$PATH" >> $HOME/.bashrc 
+        fi
     fi
 }
 export -f install_java
@@ -228,7 +238,9 @@ install_python() {
     sudo dnf install -y python3.12 python3.12-pip python3-devel wget
     sudo update-alternatives --set python /usr/bin/python3.12
     curl -LsSf https://astral.sh/uv/install.sh | sh
-    uv venv myenv
+    if [ ! -d myenv ]; then
+        uv venv myenv
+    fi
     source myenv/bin/activate
     if [ -f requirements.txt ]; then 
       uv pip install -r requirements.txt
@@ -242,7 +254,9 @@ export -f install_python
 # -- install_libreoffice  ---------------------------------------------------
 install_libreoffice() {
     export STABLE_VERSIONS=`curl -s https://download.documentfoundation.org/libreoffice/stable/`
-    export LIBREOFFICE_VERSION=`echo $STABLE_VERSIONS | sed 's/.*<td valign="top">//' | sed 's/\/<\/a>.*//' | sed 's/.*\/">//'`
+    # export LIBREOFFICE_VERSION=`echo $STABLE_VERSIONS | sed 's/.*<td valign="top">//' | sed 's/\/<\/a>.*//' | sed 's/.*\/">//'`
+    # Version 26.2 is incompatible with RHEL8...
+    export LIBREOFFICE_VERSION=`echo $STABLE_VERSIONS | sed 's/.*>25.8/25.8/' | sed 's/\/<\/a>.*//' | sed 's/.*\/">//'`
     echo LIBREOFFICE_VERSION=$LIBREOFFICE_VERSION
     cd /tmp
     export LIBREOFFICE_TGZ="LibreOffice_${LIBREOFFICE_VERSION}_Linux_x86-64_rpm.tar.gz"
@@ -297,6 +311,8 @@ install_instant_client() {
 }
 export -f install_instant_client   
 
+# -- create_self_signed_ip_certificate --------------------------------------
+
 create_self_signed_ip_certificate()
 {
     mkdir -p certificate
@@ -367,7 +383,8 @@ EOF
 }
 export -f create_self_signed_ip_certificate 
 
-# -- Install NGINX  ------------------------------------------------------------------
+# -- install_ngnix ----------------------------------------------------------
+
 install_ngnix() {
     title "NGINX"
     sudo dnf install nginx -y > /tmp/dnf_nginx.log
@@ -468,14 +485,17 @@ copy_replace_apply_target_oke() {
 export -f copy_replace_apply_target_oke 
 
 # -- docker_login -----------------------------------------------------------
+
 docker_login() {
+    echo "<docker_login>"
     get_docker_prefix
     # Login only if needed
     if ! docker system info 2>/dev/null | grep -q "Username"; then
         oci raw-request --region $TF_VAR_region --http-method GET --target-uri "https://${OCIR_HOST}/20180419/docker/token" | jq -r .data.token | docker login -u BEARER_TOKEN --password-stdin ${OCIR_HOST}
     fi
     exit_on_error "Docker Login"
 }
+export -f docker_login
 
 # -- ocir_docker_push_app -------------------------------------------------------
 ocir_docker_push_app() {
@@ -516,12 +536,21 @@ oke_deploy_app() {
     if [ -f k8s.yaml ]; then
         copy_replace_apply_target_oke k8s.yaml $APP
     fi
-    if [ -f k8s-ingress.yaml ]; then
-        copy_replace_apply_target_oke k8s-ingress.yaml $APP
+    if [ -f k8s-httproute.yaml ]; then
+        copy_replace_apply_target_oke k8s-httproute.yaml $APP
     fi
 }
 export -f oke_deploy_app
 
+# -- oke_get_gateway_ip -----------------------------------------------------
+
+oke_get_gateway_ip() {
+    if [ "$TF_VAR_gateway_ip" == "" ]; then
+        export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o json | jq -r '.status.addresses[].value | select(startswith("10.") | not)')
+    fi
+}
+export -f oke_get_gateway_ip
+
 # -- is_deploy_compute ------------------------------------------------------
 is_deploy_compute() {
     if [ "$TF_VAR_deploy_type" == "public_compute" ] || [ "$TF_VAR_deploy_type" == "private_compute" ] || [ "$TF_VAR_deploy_type" == "instance_pool" ]; then
@@ -531,6 +560,8 @@ is_deploy_compute() {
     fi
 }
 
+export -f is_deploy_compute
+
 # -- build_ui ---------------------------------------------------------------
 build_ui() {
     cd $SCRIPT_DIR

basis/bin/config_oke.sh

@@ -8,74 +8,64 @@ title "Config OKE"
 export TARGET_OKE=$TARGET_DIR/oke
 mkdir -p $TARGET_OKE
 
-function wait_ingress() {
-    # Wait for the ingress deployment
-    echo "Waiting for Ingress Controller Pods..."
-    kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=600s
-    kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch  
-}
-
 # One time configuration
 if [ ! -f $KUBECONFIG ]; then
     create_kubeconfig
 
-    # Check if Ingress Controller is installed
-    kubectl get service ingress-nginx-controller -n ingress-nginx
+    # Check if Gateway Controller is installed
+    kubectl get gateway oke-gateway -n default
     if [ "$?" != "0" ]; then
-        # Deploy Latest ingress-nginx
+        # Deploy Latest istio-gateway
         kubectl create clusterrolebinding starter_clst_adm --clusterrole=cluster-admin --user=$TF_VAR_current_user_ocid
         echo "OKE Deploy: Role Binding created"  
-        # LATEST_INGRESS_CONTROLLER=`curl --silent "https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest" | jq -r .name`
-        # echo LATEST_INGRESS_CONTROLLER=$LATEST_INGRESS_CONTROLLER
-        # kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml
-        if [ "$TF_VAR_tls" == "new_http_01" ]; then
-            helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \
-            --namespace ingress-nginx \
-            --create-namespace \
-            --set controller.enableExternalDNS=true 
-            wait_ingress
 
-            # ccm-letsencrypt-prod.yaml
-            sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-prod.yaml > $TARGET_OKE/ccm-letsencrypt-prod.yaml
-            kubectl apply -f $TARGET_OKE/ccm-letsencrypt-prod.yaml --timeout=600s
-            sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-staging.yaml > $TARGET_OKE/ccm-letsencrypt-staging.yaml
-            kubectl apply -f $TARGET_OKE/ccm-letsencrypt-staging.yaml
+        # See: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengworkingwithistioaddonforgatewayapi.htm
+
+        # Install Gateway API CRDs
+        kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
+        kubectl get crd gateways.gateway.networking.k8s.io
+        # Deploy the Istio cluster add-on
+        oci ce cluster install-addon --addon-name Istio --cluster-id $OKE_OCID --from-json file://src/oke/istio_addon.json
+        oci ce cluster list-addons --cluster-id $OKE_OCID
+        # Wait istiod
+        echo "Waiting for istiod pod to be Running..."
 
-            # external-dns-config.yaml
-            sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns-config.yaml > $TARGET_OKE/external-dns-config.tmp
-            sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns-config.tmp > $TARGET_OKE/external-dns-config.yaml
-            kubectl create secret generic external-dns-config --from-file=$TARGET_OKE/external-dns-config.yaml
+        ELAPSED=0
+        while true; do
+            STATUS=$(kubectl get pods -n istio-system -l app=istiod -o jsonpath='{.items[0].status.phase}' 2>/dev/null)
 
-            # external-dns.yaml
-            sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns.yaml > $TARGET_OKE/external-dns.tmp
-            sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns.tmp > $TARGET_OKE/external-dns.yaml
-            kubectl apply -f $TARGET_OKE/external-dns.yaml
-        else
-            helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \
-            --namespace ingress-nginx \
-            --create-namespace 
-            wait_ingress
-        fi
-
-        # Wait for the ingress external IP
-        TF_VAR_ingress_ip=""
-        while [ -z $TF_VAR_ingress_ip ]; do
-            echo "Waiting for Ingress IP..."
-            TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
-            if [ -z "$TF_VAR_ingress_ip" ]; then
-                sleep 10
+            if [ "$STATUS" = "Running" ]; then
+                echo "Istiod is Running ($ELAPSED secs)"
+                break
+            fi
+            ELAPSED=$((ELAPSED + 5 ))
+            if [ $ELAPSED -gt 300 ]; then
+                exit_error "Istiod not started after 300 secs"
             fi
+            echo "Waiting 5 secs..."
+            sleep 5
         done
 
-        date
-        kubectl get all -n ingress-nginx
-        sleep 5
-        echo "Ingress ready: $TF_VAR_ingress_ip"
+        # Create a Gateway
+        kubectl apply -f src/oke/gateway.yaml
+        # Wait 
+        echo "Waiting for Gateway to be ready..."
+        kubectl wait --for=condition=Programmed gateway/oke-gateway -n default --timeout=120s
+        exit_on_error "Gateway Programmed State"
+
+        # Get the IP
+        oke_get_gateway_ip
+        echo "Gateway ready: $TF_VAR_gateway_ip"
     else
-        echo "OKE Deploy: Skipping creation of ingress" 
+        echo "OKE Deploy: Skipping creation of Gateway" 
     fi  
 fi
 
+if ! grep -q "TF_VAR_gateway_ip" $TARGET_DIR/tf_env.sh; then
+    oke_get_gateway_ip
+    echo "export TF_VAR_gateway_ip=$TF_VAR_gateway_ip" >> $TARGET_DIR/tf_env.sh
+fi
+
 # Create secrets
 kubectl delete secret ${TF_VAR_prefix}-db-secret --ignore-not-found=true
 kubectl create secret generic ${TF_VAR_prefix}-db-secret --from-literal=db_user=$TF_VAR_db_user --from-literal=db_password=$TF_VAR_db_password --from-literal=db_url=$DB_URL --from-literal=jdbc_url=$JDBC_URL --from-literal=TF_VAR_compartment_ocid=$TF_VAR_compartment_ocid --from-literal=TF_VAR_nosql_endpoint=$TF_VAR_nosql_endpoint

basis/bin/deploy_bastion.sh → basis/bin/deploy_bastion.j2.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 if [ "$PROJECT_DIR" == "" ]; then
-  echo "ERROR: PROJECT_DIR undefined. Please use starter.sh deploy bastion"
-  exit 1
+    echo "ERROR: PROJECT_DIR undefined. Please use starter.sh deploy bastion"
+    exit 1
 fi  
 cd $PROJECT_DIR
 . starter.sh env -silent
@@ -14,7 +14,7 @@ function scp_or_rsync() {
     fi
 }
 
-function scp_bastion() {
+function setup_bastion_dir() {
     if [ "$TF_VAR_deploy_type" == "public_compute" ] && [ "$TF_VAR_build_host" != "bastion" ]; then
         BASTION_DIR=$TARGET_DIR/compute
     else 
@@ -33,13 +33,26 @@ function scp_bastion() {
         cp -R src/app/db $BASTION_DIR/app/.
     fi
     cp $TARGET_DIR/tf_env.sh $BASTION_DIR/compute/.
+}
 
-    scp_or_rsync $BASTION_DIR/app
+function scp_bastion() {
     scp_or_rsync $BASTION_DIR/compute    
+    RESULT=$?
+    if [ $RESULT -eq 0 ]; then
+        echo "Success - scp $BASTION_DIR/compute"
+    else
+        return 1 
+    fi  
+    {%- if test_name %}
+    # Get Lock CleanUp
+    ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/test_bastion_lock.sh $TEST_NAME"          
+    {%- endif %}
+    scp_or_rsync $BASTION_DIR/app
 }
 
 # Try 5 times to copy the files / wait 5 secs between each try
 i=0
+setup_bastion_dir
 while [ true ]; do
     scp_bastion
     if [ $? -eq 0 ]; then
@@ -48,9 +61,10 @@ while [ true ]; do
         echo "deploy_bastion.sh: Maximum number of scp retries, ending."
         error_exit
     fi
+    echo "Warning - scp_bastion failed. Retrying in 5 secs."
     sleep 5
     i=$(($i+1))
 done
 
-ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/compute_install.sh 2>&1 | tee -a compute/compute_install.log"
-exit_on_error "Deploy Bastion -"
+ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log"
+exit_on_error "Deploy Bastion - ssh"