Update webapp deployment flow for supporting custom domains (#963)

Part of https://www.notion.so/Support-custom-domains-in-deploy-laconic-com-18aa6b22d4728067a44ae27090c02ce5 and cerc-io/snowballtools-base#47

- Set `value` (IP address for `A` resource) in the DNS records
- Update `deploy-webapp-from-registry` command with an option to pass k8s cluster IP address (only required with fqdn policy `allow`)

Reviewed-on: #963
Reviewed-by: ashwin <ashwin@noreply.git.vdb.to>
Co-authored-by: Prathamesh Musale <prathamesh.musale0@gmail.com>
Co-committed-by: Prathamesh Musale <prathamesh.musale0@gmail.com>

stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py

@@ -54,6 +54,7 @@ def process_app_deployment_request(
     deployment_record_namespace,
     dns_record_namespace,
     default_dns_suffix,
+    dns_value,
     deployment_parent_dir,
     kube_config,
     image_registry,
@@ -251,6 +252,7 @@ def process_app_deployment_request(
         dns_record,
         dns_lrn,
         deployment_dir,
+        dns_value,
         app_deployment_request,
         webapp_deployer_record,
         logger,
@@ -304,6 +306,7 @@ def dump_known_requests(filename, requests, status="SEEN"):
     help="How to handle requests with an FQDN: prohibit, allow, preexisting",
     default="prohibit",
 )
+@click.option("--ip", help="IP address of the k8s deployment (to be set in DNS record)", default=None)
 @click.option("--record-namespace-dns", help="eg, lrn://laconic/dns", required=True)
 @click.option(
     "--record-namespace-deployments",
@@ -381,6 +384,7 @@ def command(  # noqa: C901
     only_update_state,
     dns_suffix,
     fqdn_policy,
+    ip,
     record_namespace_dns,
     record_namespace_deployments,
     dry_run,
@@ -429,6 +433,13 @@ def command(  # noqa: C901
         )
         sys.exit(2)
 
+    if fqdn_policy == "allow" and not ip:
+        print(
+            "--ip is required with 'allow' fqdn-policy",
+            file=sys.stderr,
+        )
+        sys.exit(2)
+
     tempdir = tempfile.mkdtemp()
     gpg = gnupg.GPG(gnupghome=tempdir)
 
@@ -665,6 +676,7 @@ def command(  # noqa: C901
                         record_namespace_deployments,
                         record_namespace_dns,
                         dns_suffix,
+                        ip,
                         os.path.abspath(deployment_parent_dir),
                         kube_config,
                         image_registry,

stack_orchestrator/deploy/webapp/registry_mutex.py

@@ -1,8 +1,59 @@
-import fcntl
 from functools import wraps
+import os
+import time
 
 # Define default file path for the lock
 DEFAULT_LOCK_FILE_PATH = "/tmp/registry_mutex_lock_file"
+LOCK_TIMEOUT = 30
+LOCK_RETRY_INTERVAL = 3
+
+
+def acquire_lock(client, lock_file_path, timeout):
+    # Lock alreay acquired by the current client
+    if client.mutex_lock_acquired:
+        return
+
+    while True:
+        try:
+            # Check if lock file exists and is potentially stale
+            if os.path.exists(lock_file_path):
+                with open(lock_file_path, 'r') as lock_file:
+                    timestamp = float(lock_file.read().strip())
+
+                # If lock is stale, remove the lock file
+                if time.time() - timestamp > timeout:
+                    print(f"Stale lock detected, removing lock file {lock_file_path}")
+                    os.remove(lock_file_path)
+                else:
+                    print(f"Lock file {lock_file_path} exists and is recent, waiting...")
+                    time.sleep(LOCK_RETRY_INTERVAL)
+                    continue
+
+            # Try to create a new lock file with the current timestamp
+            fd = os.open(lock_file_path, os.O_CREAT | os.O_EXCL | os.O_RDWR)
+            with os.fdopen(fd, 'w') as lock_file:
+                lock_file.write(str(time.time()))
+
+            client.mutex_lock_acquired = True
+            print(f"Registry lock acquired, {lock_file_path}")
+
+            # Lock successfully acquired
+            return
+
+        except FileExistsError:
+            print(f"Lock file {lock_file_path} exists, waiting...")
+            time.sleep(LOCK_RETRY_INTERVAL)
+
+
+def release_lock(client, lock_file_path):
+    try:
+        os.remove(lock_file_path)
+
+        client.mutex_lock_acquired = False
+        print(f"Registry lock released, {lock_file_path}")
+    except FileNotFoundError:
+        # Lock file already removed
+        pass
 
 
 def registry_mutex():
@@ -10,21 +61,16 @@ def registry_mutex():
         @wraps(func)
         def wrapper(self, *args, **kwargs):
             lock_file_path = DEFAULT_LOCK_FILE_PATH
-            if self.mutex_lock_file is not None:
+            if self.mutex_lock_file:
                 lock_file_path = self.mutex_lock_file
 
-            with open(lock_file_path, 'w') as lock_file:
-                try:
-                    # Try to acquire the lock
-                    fcntl.flock(lock_file, fcntl.LOCK_EX)
-
-                    # Call the actual function
-                    result = func(self, *args, **kwargs)
-                finally:
-                    # Always release the lock
-                    fcntl.flock(lock_file, fcntl.LOCK_UN)
-
-            return result
+            # Acquire the lock before running the function
+            acquire_lock(self, lock_file_path, LOCK_TIMEOUT)
+            try:
+                return func(self, *args, **kwargs)
+            finally:
+                # Release the lock after the function completes
+                release_lock(self, lock_file_path)
 
         return wrapper
 

stack_orchestrator/deploy/webapp/util.py

@@ -114,7 +114,7 @@ def is_id(name_or_id: str):
 
 
 class LaconicRegistryClient:
-    def __init__(self, config_file, log_file=None):
+    def __init__(self, config_file, log_file=None, mutex_lock_file=None):
         self.config_file = config_file
         self.log_file = log_file
         self.cache = AttrDict(
@@ -125,6 +125,9 @@ class LaconicRegistryClient:
             }
         )
 
+        self.mutex_lock_file = mutex_lock_file
+        self.mutex_lock_acquired = False
+
     def whoami(self, refresh=False):
         if not refresh and "whoami" in self.cache:
             return self.cache["whoami"]
@@ -686,6 +689,7 @@ def publish_deployment(
     dns_record,
     dns_lrn,
     deployment_dir,
+    dns_value=None,
     app_deployment_request=None,
     webapp_deployer_record=None,
     logger=None,
@@ -718,6 +722,8 @@ def publish_deployment(
     }
     if app_deployment_request:
         new_dns_record["record"]["request"] = app_deployment_request.id
+    if dns_value:
+        new_dns_record["record"]["value"] = dns_value
 
     if logger:
         logger.log("Publishing DnsRecord.")
@@ -843,16 +849,21 @@ def confirm_payment(laconic: LaconicRegistryClient, record, payment_address, min
         )
         return False
 
-    # Check if the payment was already used on a
+    # Check if the payment was already used on a deployment
     used = laconic.app_deployments(
-        {"deployer": payment_address, "payment": tx.hash}, all=True
+        {"deployer": record.attributes.deployer, "payment": tx.hash}, all=True
     )
     if len(used):
-        logger.log(f"{record.id}: payment {tx.hash} already used on deployment {used}")
-        return False
+        # Fetch the app name from request record
+        used_request = laconic.get_record(used[0].attributes.request, require=True)
+
+        # Check that payment was used for deployment of same application
+        if record.attributes.application != used_request.attributes.application:
+            logger.log(f"{record.id}: payment {tx.hash} already used on a different application deployment {used}")
+            return False
 
     used = laconic.app_deployment_removals(
-        {"deployer": payment_address, "payment": tx.hash}, all=True
+        {"deployer": record.attributes.deployer, "payment": tx.hash}, all=True
     )
     if len(used):
         logger.log(