From a76a93bd0f8d707ab1f7ab1f08442ce6dd49b883 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B0=D0=BD=D0=B8=D1=8F=D1=80=20=D0=91=D1=83=D1=80?= =?UTF-8?q?=D0=B0=D0=BA=D0=B0=D0=B5=D0=B2?= Date: Tue, 28 Oct 2025 15:19:11 +0300 Subject: [PATCH] initial --- .drone.yml | 204 +++++++++++++++++ .gitignore | 32 +++ README.md | 48 ++++ compose/docker-compose.yml | 52 +++++ deploy/helm/.helmignore | 23 ++ deploy/helm/Chart.yaml | 5 + deploy/helm/ocode-dev-values.yaml | 112 +++++++++ deploy/helm/templates/deployment.yaml | 213 ++++++++++++++++++ deploy/helm/templates/ingress.yaml | 35 +++ deploy/helm/templates/secret.yaml | 26 +++ deploy/helm/templates/service.yaml | 16 ++ pom.xml | 72 ++++++ .../smev/SmevEmulatorApplication.java | 12 + .../smev/config/RegularSchedulerConfig.java | 30 +++ src/main/resources/application.yml | 133 +++++++++++ 15 files changed, 1013 insertions(+) create mode 100644 .drone.yml create mode 100644 .gitignore create mode 100644 README.md create mode 100644 compose/docker-compose.yml create mode 100644 deploy/helm/.helmignore create mode 100644 deploy/helm/Chart.yaml create mode 100644 deploy/helm/ocode-dev-values.yaml create mode 100644 deploy/helm/templates/deployment.yaml create mode 100644 deploy/helm/templates/ingress.yaml create mode 100644 deploy/helm/templates/secret.yaml create mode 100644 deploy/helm/templates/service.yaml create mode 100644 pom.xml create mode 100644 src/main/java/su/opencode/digsigcik/emulator/smev/SmevEmulatorApplication.java create mode 100644 src/main/java/su/opencode/digsigcik/emulator/smev/config/RegularSchedulerConfig.java create mode 100644 src/main/resources/application.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..f340e4e --- /dev/null +++ b/.drone.yml @@ -0,0 +1,204 @@ +kind: pipeline +name: default +type: docker + +steps: + - name: restore-cache + image: drillster/drone-volume-cache + volumes: + - name: cache + path: /cache + settings: + restore: true + mount: + - /cache + + - name: build + image: plugins/docker + environment: + DOCKER_BUILDKIT: 1 + settings: + registry: nexus.essocode.ru:5001 + repo: nexus.essocode.ru:5001/ess/emulator-smev + insecure: true + cache: true + tags: + - latest + - ${DRONE_SOURCE_BRANCH/\//-} + - ${DRONE_SOURCE_BRANCH/\//-}-${DRONE_COMMIT} + cache_from: + - nexus.essocode.ru:5001/ess/emulator-smev:master + - nexus.essocode.ru:5001/ess/emulator-smev:${DRONE_SOURCE_BRANCH/\//-} + dockerfile: ./build/Dockerfile + username: + from_secret: docker_login + password: + from_secret: docker_pass + config: + from_secret: dockerconfig + build_args: + from_secret: build_args_nexus + volumes: + - name: dockersock + path: /var/run/docker.sock + - name: cache + path: /cache + depends_on: + - restore-cache + + - name: rebuild-cache + image: drillster/drone-volume-cache + volumes: + - name: cache + path: /cache + settings: + rebuild: true + mount: + - /cache + depends_on: + - build + + - name: create-dev-config + image: alpine/helm:3.12.3 + commands: + - helm template emulator-smev ./deploy/helm --namespace dev --values ./deploy/helm/ocode-dev-values.yaml --set image.tag=${DRONE_SOURCE_BRANCH/\//-}-${DRONE_COMMIT} > ./deploy/helm/k8s-emulator-smev.yaml + depends_on: + - rebuild-cache + when: + branch: + - develop + + - name: deploy-dev + image: alpine/k8s:1.32.2 + environment: + KUBECONFIG_CONTENT: + from_secret: kubeconfig + commands: + - export KUBE_TMP_DIR=$(mktemp -d) + - echo "$KUBECONFIG_CONTENT" > $KUBE_TMP_DIR/config + - chmod 600 $KUBE_TMP_DIR/config + - echo "File permissions:" + - ls -la $KUBE_TMP_DIR/ + - echo "Kubectl version:" + - kubectl version --client + - cat ./deploy/helm/k8s-emulator-smev.yaml + - kubectl --kubeconfig=$KUBE_TMP_DIR/config apply -f ./deploy/helm/k8s-emulator-smev.yaml + depends_on: + - create-dev-config + when: + branch: + - develop + + - name: create-rel-config + image: alpine/helm:3.12.3 + commands: + - helm template emulator-smev ./deploy/helm --namespace dev --values ./deploy/helm/ocode-rel-ok-values.yaml --set image.tag=${DRONE_SOURCE_BRANCH/\//-}-${DRONE_COMMIT} > ./deploy/helm/k8s-emulator-smev.yaml + depends_on: + - rebuild-cache + when: + branch: + - rel + + - name: deploy-rel + image: alpine/k8s:1.32.2 + environment: + KUBECONFIG_CONTENT: + from_secret: kubeconfig + commands: + - export KUBE_TMP_DIR=$(mktemp -d) + - echo "$KUBECONFIG_CONTENT" > $KUBE_TMP_DIR/config + - chmod 600 $KUBE_TMP_DIR/config + - echo "File permissions:" + - ls -la $KUBE_TMP_DIR/ + - echo "Kubectl version:" + - kubectl version --client + - cat ./deploy/helm/k8s-emulator-smev.yaml + - kubectl --kubeconfig=$KUBE_TMP_DIR/config apply -f ./deploy/helm/k8s-emulator-smev.yaml + depends_on: + - create-rel-config + when: + branch: + - rel + + - name: notify-deploy-success + image: appleboy/drone-telegram + settings: + token: + from_secret: telegram_bot_token + to: + from_secret: telegram_chat_id + message: | + 🚀 Деплой успешно отправлен! + Сборка #{{build.number}} + Репозиторий: {{repo.name}} + Ветка: {{commit.branch}} + Подробнее: [Ссылка на сборку]({{build.link}}) + when: + status: [ success ] + depends_on: + - deploy-dev + - deploy-rel + + - name: notify-deploy-failure + image: appleboy/drone-telegram + settings: + token: + from_secret: telegram_bot_token + to: + from_secret: telegram_chat_id + message: | + ❌ Деплой не отправлен! + Сборка #{{build.number}} + Репозиторий: {{repo.name}} + Ветка: {{commit.branch}} + Подробнее: [Ссылка на сборку]({{build.link}}) + when: + status: [ failure ] + depends_on: + - deploy-dev + - deploy-rel + + - name: notify-build-status + image: appleboy/drone-telegram + settings: + token: + from_secret: telegram_bot_token + to: + from_secret: telegram_chat_id + message: | + {{#eq build.status "success"}}📣 Сборка #{{build.number}} завершилась со статусом: {{build.status}}!{{/eq}} + {{#eq build.status "failure"}}🧱 Сборка #{{build.number}} завершилась со статусом: {{build.status}}!{{/eq}} + Репозиторий: {{repo.name}} + Ветка: {{commit.branch}} + Автор: {{commit.author}} + Сообщение: {{commit.message}} + Подробнее: [Ссылка на сборку]({{build.link}}) + when: + status: [ success, failure ] + depends_on: + - notify-deploy-success + - notify-deploy-failure + +image_pull_secrets: + - dockerconfig + +node: + node: 149.154.64.5 + +trigger: + event: + include: + - push + - tag + - pull_request + - rollback + +volumes: + - name: out + temp: {} + - name: dockersock + host: + path: /var/run/docker.sock + - name: cache + host: + path: /tmp/.buildx-cache diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2140a37 --- /dev/null +++ b/.gitignore @@ -0,0 +1,32 @@ +target/ +!.mvn/wrapper/maven-wrapper.jar +!**/src/main/**/target/ +!**/src/test/**/target/ + +### IntelliJ IDEA ### +.idea/ + +### Eclipse ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ +build/ +!**/src/main/**/build/ +!**/src/test/**/build/ + +### VS Code ### +.vscode/ + +### Mac OS ### +.DS_Store \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..907435f --- /dev/null +++ b/README.md @@ -0,0 +1,48 @@ +# Адаптер СМЭВ (эмулятор) + +Эмулятор СМЭВ для тестовых сред и разработки. + +**Требования** + +- Простота локального развёртывания (для разработчиков). +- Использование в автоматическом интеграционном тестировании. +- Использование в ручном тестировании, через ПВВ (реальный или эмулятор). +- Использование в нагрузочном тестировании ПВВ, ПЭП или их эмуляторов. + +**Сценарии использования** + +TODO + +1. Загрузка образцовых данных из Архива реального ПВВ. +2. Инициализация массового обмена. +3. Мониторинг + +# Локальная настройка emulator-smev + +TODO: разработать один или несколько сценариев для запуска и отладки приложений. + +# Продакшн-настройка emulator-smev + +Не рекомендуется включать в окружении, где уже присутствует реальный ПВВ (rel, Песок, Стенд, ПАК и прочие). + +В остальном требуется совместимость emulator-smev и ПВВ (настоящего или эмулятора). Если используется настоящий ПВВ, то необходимо +зарегистрировать эмулятор как отдельный клиент (команда РПД) и разрешить обмен между необходимыми компонентами (команда ПВВ). + +# Авторизация + +TODO: авторизация клиента emulator-smev в РПД или кейклоак. + +# База дынных + +PostgreSQL. + +TODO: Создание базы данных: + +Создайте базу данных для микросервиса с именем указанным в values хелмов, например pvv_fk_adapter_db. + +# Требования + +- Java 11 Bellsoft Liberica Full +- Maven +- Postgres 16 +- Доступ к системе ПВВ (эмулятора или реальной) diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml new file mode 100644 index 0000000..64c7a74 --- /dev/null +++ b/compose/docker-compose.yml @@ -0,0 +1,52 @@ +# TODO: keycloak +# TODO: kafka & zookeeper + +version: "3.8" + +services: + + app: + container_name: emulator-smev + image: emulator-smev:latest + environment: + APPLICATION_NAME: smev-emulator + APPLICATION_VERSION: 2.11 + SERVER_PORT: 8059 + SPRING_DATASOURCE_URL: jdbc:postgresql://localhost:5432/test_emulator_smev + SPRING_DATASOURCE_USERNAME: postgres + SPRING_DATASOURCE_PASSWORD: postgres + SWAGGER_URL: https://smev-emulator.dev.essocode.ru + AUDIT_URL: http://log-service.dev.svc.cluster.local:8055/api/v1/audit/external + WHITE_LIST: /** + ACTUATOR_ENDPOINTS: '*' + LOG_SERVICE_BASE_URI: http://log-service.dev.svc.cluster.local:8055 + volumes: + - /var/log/pep:/var/log/pep + build: + context: ../ + dockerfile: build/Dockerfile + ports: + - 8080:8059 + depends_on: + postgres-test: + condition: service_healthy + # entrypoint: ['java', '-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005', "-Dspring.profiles.active=local", '-jar', 'synapi-0.0.1-SNAPSHOT.jar'] + + postgres-test: + container_name: postgres-test + image: postgres:14 + environment: +# POSTGRES_USER: root + POSTGRES_USER: postgres +# POSTGRES_PASSWORD: root + POSTGRES_PASSWORD: postgres + POSTGRES_DB: test_emulator_smev + volumes: + - ./pgdata:/var/lib/emulator/data + healthcheck: + test: "exit 0" + interval: 10s + timeout: 3s + retries: 5 + ports: + - "5432:5432" \ No newline at end of file diff --git a/deploy/helm/.helmignore b/deploy/helm/.helmignore new file mode 100644 index 0000000..f82e96d --- /dev/null +++ b/deploy/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml new file mode 100644 index 0000000..a370407 --- /dev/null +++ b/deploy/helm/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: emulator-smev +version: 0.1.0 diff --git a/deploy/helm/ocode-dev-values.yaml b/deploy/helm/ocode-dev-values.yaml new file mode 100644 index 0000000..c0ad1b8 --- /dev/null +++ b/deploy/helm/ocode-dev-values.yaml @@ -0,0 +1,112 @@ +namespace: dev + +image: + repository: nexus.essocode.ru/ess/emulator-smev + tag: "{{.tag}}" + libericaImage: + repository: nexus.essocode.ru/bellsoft/liberica-openjdk-debian + tag: "11" + pullPolicy: Always + +service: + type: ClusterIP + port: 8059 + targetPort: 8059 + portJMX: 9010 + targetPortJMX: 9010 + +replicaCount: 1 + +ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + cert-manager.io/issue-temporary-certificate: "true" + acme.cert-manager.io/http01-edit-in-place: "true" + ingress.kubernetes.io/ssl-redirect: "true" + tlsEnabled: true # New parameter to control TLS + hosts: + - host: smev-emulator.dev.essocode.ru + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: emulator-dev-tls + hosts: + - smev-emulator.dev.essocode.ru + +secret: + enabled: true + name: dev-smev-emulator-back-cred + data: + # smev-emulator + APPLICATION_NAME: c21ldi1lbXVsYXRvcg== + # 2.11 + APPLICATION_VERSION: Mi4xMQ== + # 8059 + SERVER_PORT: ODA1OQ== + # jdbc:postgresql://217.79.22.46:5432/dev_emul_smev + SPRING_DATASOURCE_URL: amRiYzpwb3N0Z3Jlc3FsOi8vMjE3Ljc5LjIyLjQ2OjU0MzIvZGV2X2VtdWxfc21ldg== + # root + SPRING_DATASOURCE_USERNAME: cm9vdA== + # root + SPRING_DATASOURCE_PASSWORD: cm9vdA== + # https://smev-emulator.dev.essocode.ru + SWAGGER_URL: aHR0cHM6Ly9zbWV2LWVtdWxhdG9yLmRldi5lc3NvY29kZS5ydQ== + # http://log-service.dev.svc.cluster.local:8055/api/v1/audit/external + AUDIT_URL: aHR0cDovL2xvZy1zZXJ2aWNlLmRldi5zdmMuY2x1c3Rlci5sb2NhbDo4MDU1L2FwaS92MS9hdWRpdC9leHRlcm5hbA== + # /v3/api-docs/**,/configuration/ui,/swagger-resources/**,/configuration/security,/swagger-ui.html,/swagger-ui/**,/v3/api-docs.yaml,/webjars/**,/.well-known/acme-challenge/**,/ws/**,/user/**,/favicon.ico,/api/v1/certificate-data/archive,/api/v1/trusted_certificate/archive,/api/v1/revoked_certificate,/api/v1/revoked_certificate/archive,/api/v1/revoked_certificate/{id:\d+},/api/v1/revoked_certificate/content/{id:\d+},/api/v1/verify/sign,/api/v1/certificate-data/xml,/api/v1/ca-ref-book,/api/v1/ca-ref-book/{id:\d+},/api/v1/ca-certificate/archive,/api/v1/ca-certificate/archive,/api/v1/trusted-certificate/archive,/api/v1/crl,/api/v1/crl/{id:\d+},/api/v1/crl/archive,/api/v1/user-certificate/,/api/v1/user-certificate/me,/api/v1/audit/,/api/v1/order-fk/{id:\d+}/cert/save,/api/v1/order-fk/{id:\d+}/cert/reset-status-issue,/api/v1/archive/**,/api/v1/change-mode/**,/api/v1/health,/actuator,/actuator/health,/actuator/info,/actuator/env,/actuator/beans,/actuator/metrics,/actuator/loggers,/actuator/mappings,/api/v1/notifications/send,/api/v1/order-fk/ucfk-response/** + WHITE_LIST: L3YzL2FwaS1kb2NzLyoqLC9jb25maWd1cmF0aW9uL3VpLC9zd2FnZ2VyLXJlc291cmNlcy8qKiwvY29uZmlndXJhdGlvbi9zZWN1cml0eSwvc3dhZ2dlci11aS5odG1sLC9zd2FnZ2VyLXVpLyoqLC92My9hcGktZG9jcy55YW1sLC93ZWJqYXJzLyoqLC8ud2VsbC1rbm93bi9hY21lLWNoYWxsZW5nZS8qKiwvd3MvKiosL3VzZXIvKiosL2Zhdmljb24uaWNvLC9hcGkvdjEvY2VydGlmaWNhdGUtZGF0YS9hcmNoaXZlLC9hcGkvdjEvdHJ1c3RlZF9jZXJ0aWZpY2F0ZS9hcmNoaXZlLC9hcGkvdjEvcmV2b2tlZF9jZXJ0aWZpY2F0ZSwvYXBpL3YxL3Jldm9rZWRfY2VydGlmaWNhdGUvYXJjaGl2ZSwvYXBpL3YxL3Jldm9rZWRfY2VydGlmaWNhdGUve2lkOlxkK30sL2FwaS92MS9yZXZva2VkX2NlcnRpZmljYXRlL2NvbnRlbnQve2lkOlxkK30sL2FwaS92MS92ZXJpZnkvc2lnbiwvYXBpL3YxL2NlcnRpZmljYXRlLWRhdGEveG1sLC9hcGkvdjEvY2EtcmVmLWJvb2ssL2FwaS92MS9jYS1yZWYtYm9vay97aWQ6XGQrfSwvYXBpL3YxL2NhLWNlcnRpZmljYXRlL2FyY2hpdmUsL2FwaS92MS9jYS1jZXJ0aWZpY2F0ZS9hcmNoaXZlLC9hcGkvdjEvdHJ1c3RlZC1jZXJ0aWZpY2F0ZS9hcmNoaXZlLC9hcGkvdjEvY3JsLC9hcGkvdjEvY3JsL3tpZDpcZCt9LC9hcGkvdjEvY3JsL2FyY2hpdmUsL2FwaS92MS91c2VyLWNlcnRpZmljYXRlLywvYXBpL3YxL3VzZXItY2VydGlmaWNhdGUvbWUsL2FwaS92MS9hdWRpdC8sL2FwaS92MS9vcmRlci1may97aWQ6XGQrfS9jZXJ0L3NhdmUsL2FwaS92MS9vcmRlci1may97aWQ6XGQrfS9jZXJ0L3Jlc2V0LXN0YXR1cy1pc3N1ZSwvYXBpL3YxL2FyY2hpdmUvKiosL2FwaS92MS9jaGFuZ2UtbW9kZS8qKiwvYXBpL3YxL2hlYWx0aCwvYWN0dWF0b3IsL2FjdHVhdG9yL2hlYWx0aCwvYWN0dWF0b3IvaW5mbywvYWN0dWF0b3IvZW52LC9hY3R1YXRvci9iZWFucywvYWN0dWF0b3IvbWV0cmljcywvYWN0dWF0b3IvbG9nZ2VycywvYWN0dWF0b3IvbWFwcGluZ3MsL2FwaS92MS9ub3RpZmljYXRpb25zL3NlbmQsL2FwaS92MS9vcmRlci1may91Y2ZrLXJlc3BvbnNlLyoqLC9hcGkvdjEvZmlsZS1zdG9yYWdlLyoq + # * + ACTUATOR_ENDPOINTS: Kg== + # http://log-service.dev.svc.cluster.local:8055 + LOG_SERVICE_BASE_URI: aHR0cDovL2xvZy1zZXJ2aWNlLmRldi5zdmMuY2x1c3Rlci5sb2NhbDo4MDU1 + +jvmOptions: + xms: 1G + xmx: 1536m + gc: "-XX:+UseG1GC" + minHeapFreeRatio: 10 + maxHeapFreeRatio: 30 + portJMX: 9010 + authenticateJMX: false + sslJMX: false + hostnameJMX: localhost + localOnlyJMX: false + timezone: UTC + encoding: UTF-8 + logFilePath: /var/log/pep + logFileName: emulator-smev.log + +deployment: + container: + requests: + cpu: 250m + memory: 1Gi + limits: + cpu: 600m + memory: 2Gi + +jarFile: emulator-smev-0.0.1-SNAPSHOT.jar + +env: + APPLICATION_NAME: APPLICATION_NAME + APPLICATION_VERSION: APPLICATION_VERSION + SERVER_PORT: SERVER_PORT + SPRING_DATASOURCE_URL: SPRING_DATASOURCE_URL + SPRING_DATASOURCE_USERNAME: SPRING_DATASOURCE_USERNAME + SPRING_DATASOURCE_PASSWORD: SPRING_DATASOURCE_PASSWORD + SWAGGER_URL: SWAGGER_URL + AUDIT_URL: AUDIT_URL + WHITE_LIST: WHITE_LIST + ACTUATOR_ENDPOINTS: ACTUATOR_ENDPOINTS + LOG_SERVICE_BASE_URI: LOG_SERVICE_BASE_URI + +appName: smev-emulator + +imagePullSecrets: + - registrypullsecret + +resources: {} diff --git a/deploy/helm/templates/deployment.yaml b/deploy/helm/templates/deployment.yaml new file mode 100644 index 0000000..6e934ac --- /dev/null +++ b/deploy/helm/templates/deployment.yaml @@ -0,0 +1,213 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.appName }}-deployment + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.appName }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ .Values.appName }} + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + minReadySeconds: 60 + template: + metadata: + labels: + app: {{ .Values.appName }} + spec: + {{- if .Values.hostAliases }} + hostAliases: + {{- range .Values.hostAliases }} + - ip: "{{ .ip }}" + hostnames: + {{- range .hostnames }} + - "{{ . }}" + {{- end }} + {{- end }} + {{- end }} + terminationGracePeriodSeconds: 30 + containers: + - name: {{ .Values.appName }}-dev + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + resources: + limits: + cpu: {{ .Values.deployment.container.limits.cpu }} + memory: {{ .Values.deployment.container.limits.memory }} + requests: + cpu: {{ .Values.deployment.container.requests.cpu }} + memory: {{ .Values.deployment.container.requests.memory }} + command: + - java + - "-Xms{{ .Values.jvmOptions.xms }}" + - "-Xmx{{ .Values.jvmOptions.xmx }}" + - "{{ .Values.jvmOptions.gc }}" + - "-Duser.timezone={{ .Values.jvmOptions.timezone }}" + - "-Dfile.encoding={{ .Values.jvmOptions.encoding }}" + - "-Dcom.sun.management.jmxremote" + - "-Dcom.sun.management.jmxremote.port={{ .Values.jvmOptions.portJMX }}" + - "-Dcom.sun.management.jmxremote.authenticate={{ .Values.jvmOptions.authenticateJMX }}" + - "-Dcom.sun.management.jmxremote.ssl={{ .Values.jvmOptions.sslJMX }}" + - "-Djava.rmi.server.hostname={{ .Values.jvmOptions.hostnameJMX }}" + - "-Dcom.sun.management.jmxremote.local.only={{ .Values.jvmOptions.localOnlyJMX }}" + - "-DLOGGING_FILE_PATH={{ .Values.jvmOptions.logFilePath }}" + - "-DLOGGING_FILE_NAME={{ .Values.jvmOptions.logFileName }}" + - "-XX:MinHeapFreeRatio={{ .Values.jvmOptions.minHeapFreeRatio }}" + - "-XX:MaxHeapFreeRatio={{ .Values.jvmOptions.maxHeapFreeRatio }}" + - -jar + - "{{ .Values.jarFile }}" + volumeMounts: + - name: emulator-smev-logs + mountPath: {{ .Values.jvmOptions.logFilePath }} + ports: + - containerPort: {{ .Values.service.port }} + - containerPort: {{ .Values.service.portJMX }} + env: + {{- if .Values.secret.data.APPLICATION_NAME }} + - name: APPLICATION_NAME + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.APPLICATION_NAME }} + {{- end }} + {{- if .Values.secret.data.APPLICATION_VERSION }} + - name: APPLICATION_VERSION + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.APPLICATION_VERSION }} + {{- end }} + {{- if .Values.secret.data.SERVER_PORT }} + - name: SERVER_PORT + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.SERVER_PORT }} + {{- end }} + {{- if .Values.secret.data.SPRING_DATASOURCE_URL }} + - name: SPRING_DATASOURCE_URL + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.SPRING_DATASOURCE_URL }} + {{- end }} + {{- if .Values.secret.data.SPRING_DATASOURCE_USERNAME }} + - name: SPRING_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.SPRING_DATASOURCE_USERNAME }} + {{- end }} + {{- if .Values.secret.data.SPRING_DATASOURCE_PASSWORD }} + - name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.SPRING_DATASOURCE_PASSWORD }} + {{- end }} + {{- if .Values.secret.data.SWAGGER_URL }} + - name: SWAGGER_URL + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.SWAGGER_URL }} + {{- end }} + {{- if .Values.secret.data.AUDIT_URL }} + - name: AUDIT_URL + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.AUDIT_URL }} + {{- end }} + {{- if .Values.secret.data.WHITE_LIST }} + - name: WHITE_LIST + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.WHITE_LIST }} + {{- end }} + {{- if .Values.secret.data.ACTUATOR_ENDPOINTS }} + - name: ACTUATOR_ENDPOINTS + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ACTUATOR_ENDPOINTS }} + {{- end }} + {{- if .Values.secret.data.LOG_SERVICE_BASE_URI }} + - name: LOG_SERVICE_BASE_URI + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.LOG_SERVICE_BASE_URI }} + {{- end }} + {{- if .Values.secret.data.ASYNC_REST_EXECUTOR_TARGET_CPU_UTILIZATION }} + - name: ASYNC_REST_EXECUTOR_TARGET_CPU_UTILIZATION + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_REST_EXECUTOR_TARGET_CPU_UTILIZATION }} + {{- end }} + {{- if .Values.secret.data.ASYNC_REST_EXECUTOR_IO_TIME_MS }} + - name: ASYNC_REST_EXECUTOR_IO_TIME_MS + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_REST_EXECUTOR_IO_TIME_MS }} + {{- end }} + {{- if .Values.secret.data.ASYNC_REST_EXECUTOR_CPU_TIME_MS }} + - name: ASYNC_REST_EXECUTOR_CPU_TIME_MS + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_REST_EXECUTOR_CPU_TIME_MS }} + {{- end }} + {{- if .Values.secret.data.ASYNC_REST_QUEUE_CAPACITY }} + - name: ASYNC_REST_QUEUE_CAPACITY + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_REST_QUEUE_CAPACITY }} + {{- end }} + {{- if .Values.secret.data.ASYNC_WS_EXECUTOR_TARGET_CPU_UTILIZATION }} + - name: ASYNC_WS_EXECUTOR_TARGET_CPU_UTILIZATION + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_WS_EXECUTOR_TARGET_CPU_UTILIZATION }} + {{- end }} + {{- if .Values.secret.data.ASYNC_WS_EXECUTOR_IO_TIME_MS }} + - name: ASYNC_WS_EXECUTOR_IO_TIME_MS + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_WS_EXECUTOR_IO_TIME_MS }} + {{- end }} + {{- if .Values.secret.data.ASYNC_WS_EXECUTOR_CPU_TIME_MS }} + - name: ASYNC_WS_EXECUTOR_CPU_TIME_MS + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_WS_EXECUTOR_CPU_TIME_MS }} + {{- end }} + {{- if .Values.secret.data.ASYNC_WS_QUEUE_CAPACITY }} + - name: ASYNC_WS_QUEUE_CAPACITY + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: {{ .Values.env.ASYNC_WS_QUEUE_CAPACITY }} + {{- end }} + volumes: + - name: emulator-smev-logs + hostPath: + path: {{ .Values.jvmOptions.logFilePath }} + type: DirectoryOrCreate + imagePullSecrets: + {{- range .Values.imagePullSecrets }} + - name: {{ . }} + {{- end }} diff --git a/deploy/helm/templates/ingress.yaml b/deploy/helm/templates/ingress.yaml new file mode 100644 index 0000000..6114507 --- /dev/null +++ b/deploy/helm/templates/ingress.yaml @@ -0,0 +1,35 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Values.appName }}-ingress + namespace: {{ .Values.namespace }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + ingressClassName: nginx + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: emulator-smev-service + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} + + {{- if .Values.ingress.tlsEnabled }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} diff --git a/deploy/helm/templates/secret.yaml b/deploy/helm/templates/secret.yaml new file mode 100644 index 0000000..32ccec9 --- /dev/null +++ b/deploy/helm/templates/secret.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ .Values.secret.name }} + namespace: {{ .Values.namespace }} +data: + APPLICATION_NAME: {{ .Values.secret.data.APPLICATION_NAME }} + APPLICATION_VERSION: {{ .Values.secret.data.APPLICATION_VERSION }} + SERVER_PORT: {{ .Values.secret.data.SERVER_PORT }} + SPRING_DATASOURCE_URL: {{ .Values.secret.data.SPRING_DATASOURCE_URL }} + SPRING_DATASOURCE_USERNAME: {{ .Values.secret.data.SPRING_DATASOURCE_USERNAME }} + SPRING_DATASOURCE_PASSWORD: {{ .Values.secret.data.SPRING_DATASOURCE_PASSWORD }} + SWAGGER_URL: {{ .Values.secret.data.SWAGGER_URL }} + AUDIT_URL: {{ .Values.secret.data.AUDIT_URL }} + WHITE_LIST: {{ .Values.secret.data.WHITE_LIST }} + ACTUATOR_ENDPOINTS: {{ .Values.secret.data.ACTUATOR_ENDPOINTS }} + LOG_SERVICE_BASE_URI: {{ .Values.secret.data.LOG_SERVICE_BASE_URI }} + ASYNC_REST_EXECUTOR_TARGET_CPU_UTILIZATION: {{ .Values.secret.data.ASYNC_REST_EXECUTOR_TARGET_CPU_UTILIZATION }} + ASYNC_REST_EXECUTOR_IO_TIME_MS: {{ .Values.secret.data.ASYNC_REST_EXECUTOR_IO_TIME_MS }} + ASYNC_REST_EXECUTOR_CPU_TIME_MS: {{ .Values.secret.data.ASYNC_REST_EXECUTOR_CPU_TIME_MS }} + ASYNC_REST_QUEUE_CAPACITY: {{ .Values.secret.data.ASYNC_REST_QUEUE_CAPACITY }} + ASYNC_WS_EXECUTOR_TARGET_CPU_UTILIZATION: {{ .Values.secret.data.ASYNC_WS_EXECUTOR_TARGET_CPU_UTILIZATION }} + ASYNC_WS_EXECUTOR_IO_TIME_MS: {{ .Values.secret.data.ASYNC_WS_EXECUTOR_IO_TIME_MS }} + ASYNC_WS_EXECUTOR_CPU_TIME_MS: {{ .Values.secret.data.ASYNC_WS_EXECUTOR_CPU_TIME_MS }} + ASYNC_WS_QUEUE_CAPACITY: {{ .Values.secret.data.ASYNC_WS_QUEUE_CAPACITY }} diff --git a/deploy/helm/templates/service.yaml b/deploy/helm/templates/service.yaml new file mode 100644 index 0000000..2ca25aa --- /dev/null +++ b/deploy/helm/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.appName }}-service + namespace: {{ .Values.namespace }} +spec: + selector: + app: {{ .Values.appName }} + ports: + - name: http + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + - name: tcp + port: {{ .Values.service.portJMX }} + targetPort: {{ .Values.service.targetPortJMX }} + diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..c800438 --- /dev/null +++ b/pom.xml @@ -0,0 +1,72 @@ + + + 4.0.0 + + su.opencode.digsigcik + emulator-smev + 1.0-SNAPSHOT + Smev Emulator + jar + Эмулятор СМЭВ для тестовых сред и разработки + + + 11 + 11 + 11 + UTF-8 + 2.18.1 + + + + org.springframework.boot + spring-boot-starter-parent + 2.7.18 + + + + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-test + test + + + + org.projectlombok + lombok + provided + + + + com.fasterxml.jackson.core + jackson-databind + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + su.opencode.digsigcik.emulator.smev.SmevEmulatorApplication + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/main/java/su/opencode/digsigcik/emulator/smev/SmevEmulatorApplication.java b/src/main/java/su/opencode/digsigcik/emulator/smev/SmevEmulatorApplication.java new file mode 100644 index 0000000..3455cbb --- /dev/null +++ b/src/main/java/su/opencode/digsigcik/emulator/smev/SmevEmulatorApplication.java @@ -0,0 +1,12 @@ +package su.opencode.digsigcik.emulator.smev; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class SmevEmulatorApplication { + + public static void main(String[] args) { + SpringApplication.run(SmevEmulatorApplication.class, args); + } +} diff --git a/src/main/java/su/opencode/digsigcik/emulator/smev/config/RegularSchedulerConfig.java b/src/main/java/su/opencode/digsigcik/emulator/smev/config/RegularSchedulerConfig.java new file mode 100644 index 0000000..f401b53 --- /dev/null +++ b/src/main/java/su/opencode/digsigcik/emulator/smev/config/RegularSchedulerConfig.java @@ -0,0 +1,30 @@ +package su.opencode.digsigcik.emulator.smev.config; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.scheduling.annotation.EnableScheduling; +import org.springframework.scheduling.annotation.Scheduled; + +import java.util.concurrent.TimeUnit; + +@Configuration +@EnableScheduling +public class RegularSchedulerConfig { + + @Bean + public SmevEmulatorJobs smevEmulatorJobs() { + return new SmevEmulatorJobs(); + } + + @Slf4j + @RequiredArgsConstructor + public static class SmevEmulatorJobs { + + @Scheduled(fixedDelay = 1L, timeUnit = TimeUnit.MINUTES) + public void manageAllSubscribedMessages() { + log.debug("Checking inbox messages..."); + } + } +} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml new file mode 100644 index 0000000..2f8b7e2 --- /dev/null +++ b/src/main/resources/application.yml @@ -0,0 +1,133 @@ +server: + port: ${SERVER_PORT:8059} + +app: + version: ${APPLICATION_VERSION:2.11} + +logging: + file: + name: ${LOGGING_FILE_NAME:emulator-smev.log} + path: ${LOGGING_FILE_PATH:log/emulator-smev} + level: + su.opencode.digsigcik.emulator.smev: DEBUG + org.springframework.web: DEBUG + org.springframework.web.client: WARN + org.springframework.web.servlet.mvc.method.annotation: WARN + su.opencode.digsigcik.specification: DEBUG # pagination + +spring: + application: + name: ${APPLICATION_NAME:emulator-smev} + datasource: + driver-class-name: org.postgresql.Driver + url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/smev-emulator} + username: ${SPRING_DATASOURCE_USERNAME:postgres} + password: ${SPRING_DATASOURCE_PASSWORD:postgres} + batch.jdbc.initialize-schema: ALWAYS + + jpa: + hibernate: + ddl-auto: none + database: postgresql + database-platform: org.hibernate.dialect.PostgreSQLDialect + show-sql: false + properties: + hibernate: + default_schema: se + format_sql: true + + liquibase: + enabled: true + user: ${SPRING_DATASOURCE_USERNAME:postgres} + password: ${SPRING_DATASOURCE_PASSWORD:postgres} + database-change-log-table: 'db_changeset_log' + database-change-log-lock-table: 'db_changeset_lock' + change-log: 'classpath:/db/changelog/changelog.xml' + + security: + oauth2: + client: + provider: + rpd: + authorization-uri: ${RPD_AUTHORIZATION_URI:https://sso.dev.essocode.ru/auth/realms/pep/protocol/openid-connect/auth} + resourceserver: + jwt: + issuer-uri: ${OAUTH2_ISSUER_URL:https://sso.dev.essocode.ru/auth/realms/pep} + +web: + cors: + allow-origin: "*" + allow-methods: OPTIONS, HEAD, POST, PUT, GET, DELETE, PATCH + allow-headers: "*" + max-age: 5 + security: + resource-access: ${RESOURCE_ACCESS:sep} + lifespan-cache: ${RPD_LIFESPAN_CACHE:1440} + refresh-time-cache: ${RPD_REFRESH_TIME_CACHE:1350} + connection-timeout: ${RPD_CONNECTION_TIMEOUT:10000} + read-timeout: ${RPD_READ_TIMEOUT:10000} + white-list-all-methods: ${WHITE_LIST:/**} + trust-all: ${DISABLE_TLS_CHECK:true} +--- + +# hotfix for running swagger in spring boot 2 +spring: + mvc: + pathmatch: + matching-strategy: ant_path_matcher + servlet: + multipart: + max-file-size: 50MB + max-request-size: 50MB + +features: + always-reply: false + xml-validation: true + +springdoc: + api-docs: + # It should be off for PROD + enabled: true + server: + url: ${SWAGGER_URL:http://localhost:${server.port}} + token-uri: ${RPD_SWAGGER_TOKEN_URI:https://sso.rpd.zk.test.st/realms/test/protocol/openid-connect/token} + show-actuator: true + +audit: + # url: ${AUDIT_URL:https://log.dev.essocode.ru/api/v1/audit/external} + url: ${AUDIT_URL:http://localhost:8055/api/v1/audit/external} + default-user: 'EMULATOR SMEV' + +pvv: + ignore-exceptions: ${PVV_IGNORE_EXCEPTIONS:true} + use-gost: ${PVV_USE_GOST:true} + ping-tsl: ${PVV_ADAPTER_TSL_PING_URI:https://pvv-adapter-zk.dev.essocode.ru/api/v1/tsl} + fk-send-certificate-request-uri: ${FK_SEND_REQUEST_CERTIFICATE_URI:http://localhost:8042/api/v1/order-fk} + fk-send-certificate-reissue-step1-uri: ${FK_SEND_REISSUE_CERTIFICATE_STEP1_URI:http://localhost:8042/api/v1/order-fk/reissue/step-1} + fk-send-certificate-reissue-step2-uri: ${FK_SEND_REISSUE_CERTIFICATE_STEP2_URI:http://localhost:8042/api/v1/order-fk/reissue/step-2} + fk-send-certificate-revocation-uri: ${FK_SEND_REVOCATION_CERTIFICATE_URI:http://localhost:8042/api/v1/order-fk/revoke} + +#actuator +management: + endpoint: + health: + show-details: always + endpoints: + web: + exposure: + include: ${ACTUATOR_ENDPOINTS:*} + +async: + enabled-executors: true + executors: + taskExecutorWS: + target-cpu-utilization: ${ASYNC_WS_EXECUTOR_TARGET_CPU_UTILIZATION:0.7} + io-time-ms: ${ASYNC_WS_EXECUTOR_IO_TIME_MS:50} + cpu-time-ms: ${ASYNC_WS_EXECUTOR_CPU_TIME_MS:5} + queue-capacity: ${ASYNC_WS_QUEUE_CAPACITY:1000} + taskExecutorRest: + target-cpu-utilization: ${ASYNC_REST_EXECUTOR_TARGET_CPU_UTILIZATION:0.4} + io-time-ms: ${ASYNC_REST_EXECUTOR_IO_TIME_MS:315} + cpu-time-ms: ${ASYNC_REST_EXECUTOR_CPU_TIME_MS:10} + queue-capacity: ${ASYNC_REST_QUEUE_CAPACITY:50} +