From e17b3bd86c4dde6a7815358d577df359d0edb51c Mon Sep 17 00:00:00 2001 From: Tim Olson Date: Wed, 1 Apr 2026 21:31:19 -0400 Subject: [PATCH] prod fixes --- bin/init | 30 ++++++++++++++++++--- deploy/k8s/base/gateway-ingress.yaml | 5 ---- deploy/k8s/prod/configs/flink-config.yaml | 2 +- deploy/k8s/prod/configs/gateway-config.yaml | 1 + deploy/k8s/prod/configs/relay-config.yaml | 2 +- deploy/k8s/prod/infrastructure.yaml | 6 ++++- 6 files changed, 34 insertions(+), 12 deletions(-) diff --git a/bin/init b/bin/init index d2a460fb..20f93ee4 100755 --- a/bin/init +++ b/bin/init @@ -107,8 +107,13 @@ if [[ "$ENV" == "dev" ]]; then else # Prod: prompt for credentials read -p "Admin email: " USER_EMAIL - read -s -p "Admin password (min 8 chars): " USER_PASSWORD + read -rs -p "Admin password (min 8 chars): " USER_PASSWORD echo "" + echo -e "${BLUE}Password captured: ${#USER_PASSWORD} characters${NC}" + if [[ ${#USER_PASSWORD} -lt 8 ]]; then + echo -e "${RED}✗ Password must be at least 8 characters${NC}" + exit 1 + fi read -p "Admin display name: " USER_NAME read -p "License type [free|pro|enterprise] (default: pro): " LICENSE_TYPE LICENSE_TYPE="${LICENSE_TYPE:-pro}" @@ -131,18 +136,35 @@ else sleep 3 echo -e "${GREEN}→${NC} Registering user via API..." + PAYLOAD=$(jq -n \ + --arg email "$USER_EMAIL" \ + --arg password "$USER_PASSWORD" \ + --arg name "$USER_NAME" \ + '{email: $email, password: $password, name: $name}') + HTTP_CODE=$(curl -s -o /tmp/dexorder-init-response.json -w "%{http_code}" \ -X POST "$BASE_URL/api/auth/register" \ -H "Content-Type: application/json" \ - -d "{\"email\":\"$USER_EMAIL\",\"password\":\"$USER_PASSWORD\",\"name\":\"$USER_NAME\"}") + -d "$PAYLOAD") if [[ "$HTTP_CODE" == "200" || "$HTTP_CODE" == "201" ]]; then echo -e "${GREEN}✓ User registered via API${NC}" elif [[ "$HTTP_CODE" == "400" ]]; then - echo -e "${YELLOW}⚠️ API returned 400 (user may already exist), continuing...${NC}" + RESPONSE=$(cat /tmp/dexorder-init-response.json 2>/dev/null) + # Check if this is a "user already exists" 400 vs a validation error + if echo "$RESPONSE" | grep -qi "already exist\|user already\|duplicate"; then + echo -e "${YELLOW}⚠️ User already exists, continuing...${NC}" + else + echo -e "${RED}✗ Registration failed (400):${NC}" + echo "$RESPONSE" + rm -f /tmp/dexorder-init-response.json + exit 1 + fi else - echo -e "${YELLOW}⚠️ API returned HTTP $HTTP_CODE${NC}" + echo -e "${RED}✗ API returned HTTP $HTTP_CODE${NC}" cat /tmp/dexorder-init-response.json 2>/dev/null || true + rm -f /tmp/dexorder-init-response.json + exit 1 fi rm -f /tmp/dexorder-init-response.json diff --git a/deploy/k8s/base/gateway-ingress.yaml b/deploy/k8s/base/gateway-ingress.yaml index d1afeb0f..aaee6b79 100644 --- a/deploy/k8s/base/gateway-ingress.yaml +++ b/deploy/k8s/base/gateway-ingress.yaml @@ -4,14 +4,9 @@ kind: Ingress metadata: name: gateway-ingress annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: ingressClassName: nginx - tls: - - hosts: - - dexorder.ai - secretName: gateway-tls rules: - host: dexorder.ai http: diff --git a/deploy/k8s/prod/configs/flink-config.yaml b/deploy/k8s/prod/configs/flink-config.yaml index 34b525f7..dec32027 100644 --- a/deploy/k8s/prod/configs/flink-config.yaml +++ b/deploy/k8s/prod/configs/flink-config.yaml @@ -26,5 +26,5 @@ iceberg_table_prefix: "market" hadoop_conf_dir: "/etc/hadoop/conf" # Flink configuration -flink_parallelism: 2 +flink_parallelism: 1 flink_checkpoint_interval_ms: 60000 diff --git a/deploy/k8s/prod/configs/gateway-config.yaml b/deploy/k8s/prod/configs/gateway-config.yaml index 1aacba21..a988bfe3 100644 --- a/deploy/k8s/prod/configs/gateway-config.yaml +++ b/deploy/k8s/prod/configs/gateway-config.yaml @@ -33,6 +33,7 @@ data: sandbox_image: git.dxod.org/dexorder/dexorder/ai-sandbox:latest sidecar_image: git.dxod.org/dexorder/dexorder/ai-lifecycle-sidecar:latest image_pull_policy: Always + storage_class: ceph-block # DragonflyDB (Redis-compatible, for hot storage and session management) redis: diff --git a/deploy/k8s/prod/configs/relay-config.yaml b/deploy/k8s/prod/configs/relay-config.yaml index 53e3b224..093c4114 100644 --- a/deploy/k8s/prod/configs/relay-config.yaml +++ b/deploy/k8s/prod/configs/relay-config.yaml @@ -12,7 +12,7 @@ ingestor_work_port: 5555 # PUB - Distribute work with exchange prefix ingestor_response_port: 5556 # ROUTER - Receive responses from ingestors # Flink connection -flink_market_data_endpoint: "tcp://flink-jobmanager:5557" # XSUB - Subscribe to Flink market data +flink_market_data_endpoint: "tcp://flink-jobmanager:5558" # XSUB - Subscribe to Flink market data # Timeouts and limits request_timeout_secs: 30 # Timeout for pending client requests diff --git a/deploy/k8s/prod/infrastructure.yaml b/deploy/k8s/prod/infrastructure.yaml index 7e30ebcd..0f1659bd 100644 --- a/deploy/k8s/prod/infrastructure.yaml +++ b/deploy/k8s/prod/infrastructure.yaml @@ -140,6 +140,8 @@ spec: labels: app: kafka spec: + securityContext: + fsGroup: 1001 containers: - name: kafka image: apache/kafka:3.9.0 @@ -153,7 +155,7 @@ spec: - -c - | CLUSTER_ID="dexorder-prod-cluster" - LOG_DIR="/var/lib/kafka/data" + LOG_DIR="/var/lib/kafka/data/kraft-logs" # Ensure log directory exists mkdir -p $LOG_DIR @@ -240,6 +242,8 @@ spec: key: password - name: POSTGRES_DB value: iceberg + - name: PGDATA + value: /var/lib/postgresql/data/pgdata volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data