BugFixes: Bug Fixes and Misc Cleanup

api/.pipeline/config.js

@@ -100,7 +100,7 @@ const phases = {
     memoryRequest: '100Mi',
     memoryLimit: '4Gi',
     replicas: '1',
-    replicasMax: (isStaticDeployment && '2') || '1'
+    replicasMax: '1'
   },
   test: {
     namespace: 'af2668-test',

api/.pipeline/templates/api.dc.yaml

@@ -464,23 +464,24 @@ objects:
     status:
       ingress: null
 
-  - kind: HorizontalPodAutoscaler
-    apiVersion: autoscaling/v2
-    metadata:
-      annotations: {}
-      labels: {}
-      name: ${NAME}${SUFFIX}
-    spec:
-      minReplicas: ${{REPLICAS}}
-      maxReplicas: ${{REPLICAS_MAX}}
-      scaleTargetRef:
-        apiVersion: apps.openshift.io/v1
-        kind: DeploymentConfig
-        name: ${NAME}${SUFFIX}
-      metrics:
-        - type: Resource
-          resource:
-            name: cpu
-            target:
-              type: Utilization
-              averageUtilization: 80
+  # Disable the HPA for now, as it is preferrable to run an exact number of pods (e.g. min:2, max:2)
+  # - kind: HorizontalPodAutoscaler
+  #   apiVersion: autoscaling/v2
+  #   metadata:
+  #     annotations: {}
+  #     labels: {}
+  #     name: ${NAME}${SUFFIX}
+  #   spec:
+  #     minReplicas: ${{REPLICAS}}
+  #     maxReplicas: ${{REPLICAS_MAX}}
+  #     scaleTargetRef:
+  #       apiVersion: apps.openshift.io/v1
+  #       kind: DeploymentConfig
+  #       name: ${NAME}${SUFFIX}
+  #     metrics:
+  #       - type: Resource
+  #         resource:
+  #           name: cpu
+  #           target:
+  #             type: Utilization
+  #             averageUtilization: 80

api/src/models/biohub-create.test.ts

@@ -16,7 +16,6 @@ describe('PostSurveyObservationToBiohubObject', () => {
     const obj = {
       survey_observation_id: 1,
       survey_id: 1,
-      wldtaxonomic_units_id: 1,
       survey_sample_site_id: 1,
       survey_sample_method_id: 1,
       survey_sample_period_id: 1,
@@ -159,7 +158,6 @@ describe('PostSurveySubmissionToBioHubObject', () => {
       {
         survey_observation_id: 1,
         survey_id: 1,
-        wldtaxonomic_units_id: 1,
         survey_sample_site_id: 1,
         survey_sample_method_id: 1,
         survey_sample_period_id: 1,

api/src/repositories/observation-repository.ts

@@ -24,7 +24,6 @@ const defaultLog = getLogger('repositories/observation-repository');
 export const ObservationRecord = z.object({
   survey_observation_id: z.number(),
   survey_id: z.number(),
-  wldtaxonomic_units_id: z.number().nullable(),
   itis_tsn: z.number(),
   itis_scientific_name: z.string().nullable(),
   survey_sample_site_id: z.number().nullable(),

api/src/repositories/survey-repository.ts

@@ -48,7 +48,6 @@ export interface ISurveyProprietorModel {
 const SurveyRecord = z.object({
   survey_id: z.number(),
   project_id: z.number(),
-  field_method_id: z.number().nullable(),
   uuid: z.string().uuid().nullable(),
   name: z.string().nullable(),
   additional_details: z.string().nullable(),

api/src/services/observation-service.test.ts

@@ -40,7 +40,6 @@ describe('ObservationService', () => {
         {
           survey_observation_id: 11,
           survey_id: 1,
-          wldtaxonomic_units_id: 2,
           latitude: 3,
           longitude: 4,
           count: 5,
@@ -60,7 +59,6 @@ describe('ObservationService', () => {
         {
           survey_observation_id: 6,
           survey_id: 1,
-          wldtaxonomic_units_id: 2,
           latitude: 8,
           longitude: 9,
           count: 10,

app/.pipeline/config.js

@@ -87,8 +87,8 @@ const phases = {
     cpuLimit: '300m',
     memoryRequest: '100Mi',
     memoryLimit: '500Mi',
-    replicas: (isStaticDeployment && '1') || '1',
-    replicasMax: (isStaticDeployment && '2') || '1',
+    replicas: '1',
+    replicasMax: '1',
     biohubFeatureFlag: 'true',
     backbonePublicApiHost: 'https://api-dev-biohub-platform.apps.silver.devops.gov.bc.ca',
     biohubTaxonPath: '/api/taxonomy/taxon',

app/.pipeline/templates/app.dc.yaml

@@ -264,23 +264,24 @@ objects:
     status:
       ingress: null
 
-  - kind: HorizontalPodAutoscaler
-    apiVersion: autoscaling/v2
-    metadata:
-      annotations: {}
-      labels: {}
-      name: ${NAME}${SUFFIX}
-    spec:
-      minReplicas: ${{REPLICAS}}
-      maxReplicas: ${{REPLICAS_MAX}}
-      scaleTargetRef:
-        apiVersion: apps.openshift.io/v1
-        kind: DeploymentConfig
-        name: ${NAME}${SUFFIX}
-      metrics:
-        - type: Resource
-          resource:
-            name: cpu
-            target:
-              type: Utilization
-              averageUtilization: 80
+  # Disable the HPA for now, as it is preferrable to run an exact number of pods (e.g. min:2, max:2)
+  # - kind: HorizontalPodAutoscaler
+  #   apiVersion: autoscaling/v2
+  #   metadata:
+  #     annotations: {}
+  #     labels: {}
+  #     name: ${NAME}${SUFFIX}
+  #   spec:
+  #     minReplicas: ${{REPLICAS}}
+  #     maxReplicas: ${{REPLICAS_MAX}}
+  #     scaleTargetRef:
+  #       apiVersion: apps.openshift.io/v1
+  #       kind: DeploymentConfig
+  #       name: ${NAME}${SUFFIX}
+  #     metrics:
+  #       - type: Resource
+  #         resource:
+  #           name: cpu
+  #           target:
+  #             type: Utilization
+  #             averageUtilization: 80

containers/clamav/Dockerfile

@@ -1,28 +1,30 @@
-FROM registry.access.redhat.com/ubi8/ubi
+FROM registry.access.redhat.com/ubi9/ubi
+ARG VERSION=1.0.5
 
 LABEL name="ubi8-clamav" \
       vendor="Red Hat" \
-      version="0.1.0" \
+      version="${VERSION}" \
       release="1" \
-      summary="UBI 8 ClamAV" \
-      description="ClamAV for UBI 8" \
+      summary="UBI 9 ClamAV" \
+      description="ClamAV for UBI 9" \
       maintainer="EPIC"
 
-RUN yum -y update \
-  && yum -y install yum-utils \
-  && rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 \
-  && yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-RUN yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
-RUN yum install -y wget
+RUN yum -y update
+RUN yum -y install https://www.clamav.net/downloads/production/clamav-${VERSION}.linux.x86_64.rpm
+RUN yum -y install nc wget
 
-COPY config/clamd.conf /etc/clamd.conf
-COPY config/freshclam.conf /etc/freshclam.conf
+# copy our configs to where clamav expects
+COPY config/clamd.conf /usr/local/etc/clamd.conf
+COPY config/freshclam.conf /usr/local/etc/freshclam.conf
 
-RUN mkdir /opt/app-root
-RUN mkdir /opt/app-root/src
+RUN mkdir -p /opt/app-root/src
 RUN chown -R 1001:0 /opt/app-root/src
 RUN chmod -R ug+rwx /opt/app-root/src
 
+# copy health check script to app-root 
+COPY clamdcheck.sh /opt/app-root
+RUN chmod ug+rwx /opt/app-root/clamdcheck.sh
+
 # # To fix check permissions error for clamAV
 RUN mkdir /var/log/clamav
 RUN touch /var/log/clamav/clamav.log
@@ -36,4 +38,4 @@ USER 1001
 
 EXPOSE 3310
 
-CMD freshclam && clamd -c /etc/clamd.conf
+CMD freshclam && clamd

containers/clamav/README.md

@@ -2,34 +2,84 @@
 
 ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
 
-This is a repo setup for utilization in Red Hat Openshift. This solution allows you to create a pod in your openshift environment to scan any file for known virus signatures, quickly and effectively.
+See this repo for the OpenShift templates needed to deploy ClamAV: https://github.com/bcgov/clamav
 
-The builds package the barebones service, and the deployment config will download latest signatures on first run.
+The source repo should be used as it will have the latest versions, etc.  
+Note: at the time of writing this, the `clamav-dc.conf` in the source repo has the `IMAGE_NAMESPACE` variable hard-coded to a random project, which will need to be updated to this projects tools environment. Similarly, depending on the current version of OpenShift, some of the `apiVersion` in the build config and/or deploy config may be out of date and need updating.
 
-Freshclam can be run within the container at any time to update the existing signatures. Alternatively, you can re-deploy which will fetch the latest into the running container.
+A copy of the templates patched templates (converted to yaml) are included here as backup, in case the source repo is moved or becomes unavailable.
 
-This clamav setup is cloned from the repo: https://github.com/bcgov/clamav
+## Installation
 
-## Prerequisites For Deploying On OpenShift
+### Checkout the clamav repo.
 
-### Import Base Image for `ubi8/ubi` Used By `clamav-bc.yaml`
+### Import the Build Config
 
-- Fetch latest version
+1. Log into OpenShift
+2. Switch to your tools environment.
 
-  ```
-  oc import-image ubi8/ubi:latest --from=registry.access.redhat.com/ubi8/ubi:latest --confirm
-  ```
+   ```
+   oc project <name>-tools
+   ```
 
-Openshift documentation on importing images
+3. Navigate to the `<clamav_repo>/openshift/templates` folder
+4. Import the clamav build config (clamav-bc.yaml)
 
-- https://catalog.redhat.com/software/containers/ubi8/ubi/5c359854d70cc534b3a3784e?tag=latest&push_date=1673532745000&architecture=amd64&container-tabs=gti&gti-tabs=unauthenticated
+   ```
+   oc process -f clamav-bc.conf | oc create -f -
+   ```
 
-  - See `oc import-image` command
+   This will create a new BuildConfig (`clamav-build`) and ImageStream (`clamav`).
 
-## Build/Deployment
+#### Build the Image
 
-The templates in the `./openshift/templates` will build and deploy the app. Modify to suit your own environment.
+1. Run the build
 
-The build config `./openshift/templates/clamav-bc.yaml` will create your builder image (ideally in your tools project), and the deployment config `./openshift/templates/clamav-dc.yaml` will create the pod deployment.
+   ```
+   OpenShift Web UI (Administrator) -> Builds -> BuildConfigs -> clamav-build -> Actions -> Start build
+   ```
 
-Modify the environment variables defined in both the build config and deployment config appropriately.
+   This will build the image, adding a new tag to the `clamav` ImageStream (`clamav:latest`)
+
+### Import the Deployment Config
+
+1. Log into OpenShift
+2. Switch to your dev environment.
+
+   ```
+   oc project <name>-dev
+   ```
+
+3. Navigate to the `<clamav_repo>/openshift/templates` folder
+4. Import the clamav deployment config (clamav-dc.yaml)
+
+   ```
+   oc process -f clamav-dc.conf | oc create -f -
+   ```
+
+   This will create a new DeploymentConfig (`clamav`) and Service (`clamav`).
+
+#### Deploy the Image
+
+1. Deploy the image
+
+   ```
+   OpenShift Web UI (Administrator) -> Workloads -> DeploymentConfigs -> clamav -> Actions -> Start Rollout
+   ```
+
+   This will deploy a Pod running the ClamaAV image.
+
+#### Repeat for the Test and Prod environments
+
+## Testing Files For Viruses Against ClamAV
+
+See NPM Package: [clamscan](https://www.npmjs.com/package/clamscan)
+
+When creating a new instance of clamscan, the default Host and Port of the above installation are:
+
+- Host: `clamav`
+- Port: `3310`
+
+## Other
+
+Depending on your OpenShift setup, you may need to add a NetworkPolicy to allow dev/test/prod to see images from tools, etc.

containers/clamav/config/clamd.conf

@@ -118,7 +118,7 @@ TCPSocket 3310
 # Close the connection when the data size limit is exceeded.
 # The value should match your MTA's limit for a maximum attachment size.
 # Default: 25M
-StreamMaxLength 300M
+StreamMaxLength 4000M
 
 # Limit port range.
 # Default: 1024

containers/clamav/config/freshclam.conf

@@ -69,17 +69,6 @@ DatabaseOwner clamupdate
 # Use the ClamAV Mirror provided in OCP4 Silver cluster
 DatabaseMirror https://clamav-mirror.apps.silver.devops.gov.bc.ca
 
-# Uncomment the following line and replace XY with your country
-# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
-# You can use db.XY.ipv6.clamav.net for IPv6 connections.
-DatabaseMirror db.ca.clamav.net
-
-# database.clamav.net is a round-robin record which points to our most
-# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
-# not working. DO NOT TOUCH the following line unless you know what you
-# are doing.
-DatabaseMirror database.clamav.net
-
 # How many attempts to make before giving up.
 # Default: 3 (per mirror)
 #MaxAttempts 5