@cumulus/deployment
Advanced tools
Changelog
[v1.13.1] - 2019-07-22
Changelog
[v1.13.0] - 2019-5-20
CUMULUS-802 added some additional IAM permissions to support ECS autoscaling, so you will have to redeploy your IAM stack. As a result of the changes for CUMULUS-1193, CUMULUS-1264, and CUMULUS-1310, you must delete your existing stacks (except IAM) before deploying this version of Cumulus. If running Cumulus within a VPC and extended downtime is acceptable, we recommend doing this at the end of the day to allow AWS backend resources and network interfaces to be cleaned up overnight.
CUMULUS-1228
ecs.amiid
property in your config. Instructions for finding
the most recent NGAP AMI can be found using
these instructions.CUMULUS-1310
db
stack.
Migrations for this version will need to be user-managed. (e.g. elasticsearch and dynamoDB).
Order of stack deployment is iam
-> db
-> app
.config.yml
file, i.e.: kes cf deploy --kes-folder app --template node_modules/@cumulus/deployment/[iam|db|app] [...]
Backwards-compatible. For development, please re-run npm run bootstrap
to build new kes
overrides.
Deployment docs have been updated to show how to deploy a single-config Cumulus instance.params
have been moved: Nest params
fields under app
, db
or iam
to override all Parameters for a particular stack's cloudformation template. Backwards-compatible with multi-config setups.stackName
and stackNameNoDash
have been retired. Use prefix
and prefixNoDash
instead.iams
section in app/config.yml
IAM roles has been deprecated as a user-facing parameter,
unless your IAM role ARNs do not match the convention shown in @cumulus/deployment/app/config.yml
vpc.securityGroup
will need to be set with a pre-existing security group ID to use Cumulus in a VPC. Must allow inbound HTTP(S) (Port 443).CUMULUS-1212
@cumulus/post-to-cmr
will now fail if any granules being processed are missing a metadata file. You can set the new config option skipMetaCheck
to true
to pass post-to-cmr without a metadata file.CUMULUS-1232
@cumulus/sync-granule
will no longer silently pass if no checksum data is provided. It will use input
from the granule object to:
checksumType
and checksumValue
are in the file record OR a checksum file is provided
(throws InvalidChecksum
on fail), else log warning that no checksum is available.file.size
is in the file record (throws UnexpectedFileSize
on fail),
else log warning that no file size is available.CUMULUS-1264
CumulusApiDefault
nested stack resource has been renamed to CumulusApiDistribution
CumulusApiV1
nested stack resource has been renamed to CumulusApiBackend
urs: true
config option for when defining your lambdas (e.g. in lambdas.yml
) has been deprecated. There are two new options to replace it:
urs_redirect: 'token'
: This will expose a TOKEN_REDIRECT_ENDPOINT
environment variable to your lambda that references the /token
endpoint on the Cumulus backend APIurs_redirect: 'distribution'
: This will expose a DISTRIBUTION_REDIRECT_ENDPOINT
environment variable to your lambda that references the /redirect
endpoint on the Cumulus distribution APICUMULUS-1193
aws iam create-service-linked-role --aws-service-name es.amazonaws.com
CUMULUS-802
maxInstances
must be greater than minInstances
. If you use defaults, no change is required.CUMULUS-1269
fileType
field to type
fileSize
field to size
checksumValue
field to checksum
where not already done.ancillary
and linkage
type support to file objects.CUMULUS-799
CUMULUS-1242 - Added sqs2sfThrottle
lambda. The lambda reads SQS messages for queued executions and uses semaphores to only start new executions if the maximum number of executions defined for the priority key (cumulus_meta.priorityKey
) has not been reached. Any SQS messages that are read but not used to start executions remain in the queue.
CUMULUS-1240
sfSemaphoreDown
lambda. This lambda receives SNS messages and for each message it decrements the semaphore used to track the number of running executions if:
cumulus_meta.priorityKey
)sfSemaphoreDown
lambda as a subscriber to the sfTracker
SNS topicCUMULUS-1265
apiConfigs
configuration option to configure API Gateway to be privateNoVpc
lambdas from documentation and example
folder.CUMULUS-802
Updated @cumulus/ingest/http/httpMixin.list()
to trim trailing spaces on discovered filenames
CUMULUS-1310
db
stack.
This will enable future updates to avoid affecting database resources or requiring migrations.
Migrations for this version will need to be user-managed.
(e.g. elasticsearch and dynamoDB).
Order of stack deployment is iam
-> db
-> app
.config.yml
file, i.e.: kes cf deploy --kes-folder app --template node_modules/@cumulus/deployment/[iam|db|app] [...]
Backwards-compatible. Please re-run npm run bootstrap
to build new kes
overrides.
Deployment docs have been updated to show how to deploy a single-config Cumulus instance.params
fields should now be nested under the stack key (i.e. app
, db
or iam
) to provide Parameters for a particular stack's cloudformation template,
for use with single-config instances. Keys must match the name of the deployment package folder (app
, db
, or iam
).
Backwards-compatible with multi-config setups.stackName
and stackNameNoDash
have been retired as user-facing config parameters. Use prefix
and prefixNoDash
instead.
This will be used to create stack names for all stacks in a single-config use case.
stackName
may still be used as an override in multi-config usage, although this is discouraged.
Warning: overriding the db
stack's stackName
will require you to set dbStackName
in your app/config.yml
.
This parameter is required to fetch outputs from the db
stack to reference in the app
stack.iams
section in app/config.yml
IAM roles has been retired as a user-facing parameter,
unless your IAM role ARNs do not match the convention shown in @cumulus/deployment/app/config.yml
In that case, overriding iams
in your own config is recommended.iam
and db
cloudformation.yml
file names will have respective prefixes (e.g iam.cloudformation.yml
).private
, public
and protected
types.vpc.securityGroup
in config.yml
.
This security group must allow inbound HTTP(S) traffic (Port 443). SSH traffic (Port 22) must be permitted for SSH access to ECS instances.CUMULUS-1236
CUMULUS-1223
CUMULUS-1232
ingest/granule.handleDuplicateFile
for maintainability.ingest/granule.ingestFile
and move-granules/index.moveFileRequest
to use new function.ingest/granule.moveGranuleFileWithVersioning
ingest/granule.verifyFile
now also tests file.size
for verification if it is in the file record and throws
UnexpectedFileSize
error for file size not matching input.ingest/granule.verifyFile
logs warnings if checksum and/or file size are not available.CUMULUS-1193
CUMULUS-1207
Updated Lerna publish script so that published Cumulus packages will pin their dependencies on other Cumulus packages to exact versions (e.g. 1.12.1
instead of ^1.12.1
)
CUMULUS-1203
CUMULUS-1268
Changelog
[v1.12.0] - 2019-4-4
Note: There was an issue publishing 1.12.0. Upgrade to 1.12.1.
CUMULUS-1139
granule.applyWorkflow
uses the new-style granule record as input to workflows.CUMULUS-1171
http
or https
providers so that the host field only
contains a valid hostname or IP address, and the port field contains the
provider port.CUMULUS-1176:
@cumulus/move-granules
input expectations have changed. @cumulus/files-to-granules
is a new intermediate task to perform input translation in the old style.
See the Added and Changed sections of this release changelog for more information.CUMULUS-670
CUMULUS-1208
@cumulus/queue-granules
will now be added to ingest workflow messages as is. In practice, this means that if you are using @cumulus/queue-granules
to trigger ingest workflows and your granule objects input have invalid properties, then your ingest workflows will fail due to schema validation errors.CUMULUS-777
CUMULUS-1183
CUMULUS-1223
@cumulus/common/bucketsConfigJsonObject
for fetching stack's bucket configuration as an object.CUMULUS-853
CUMULUS-805
AWS_REGION
in .env
to be used by deployment scriptCUMULUS-803
CUMULUS-670
CUMULUS-1184 - Added kes logging output to ensure we always see the state machine reference before failures due to configuration
CUMULUS-1105 - Added a dashboard endpoint to serve the dashboard from an S3 bucket
CUMULUS-1199 - Moves s3credentials
endpoint from the backend to the distribution API.
CUMULUS-666
@api/endpoints/s3credentials
to allow EarthData Login authorized users to retrieve temporary security credentials for same-region direct S3 access.CUMULUS-671
@packages/integration-tests/api/distribution/getDistributionApiS3SignedUrl()
to return the S3 signed URL for a file protected by the distribution APICUMULUS-672
cmrMetadataFormat
and cmrConceptId
to output for individual granules from @cumulus/post-to-cmr
. cmrMetadataFormat
will be read from the cmrMetadataFormat
generated for each granule in @cumulus/cmrjs/publish2CMR()
@packages/integration-tests/api/distribution
:
getDistributionApiFileStream()
returns a stream to download files protected by the distribution APIgetDistributionFileUrl()
constructs URLs for requesting files from the distribution APICUMULUS-1185 @cumulus/api/models/Granule.removeGranuleFromCmrByGranule
to replace @cumulus/api/models/Granule.removeGranuleFromCmr
and use the Granule UR from the CMR metadata to remove the granule from CMR
CUMULUS-1101
@cumulus/checksum
package. This package provides functions to calculate and validate checksums.@cumulus/common/aws
: calculateS3ObjectChecksum
and validateS3ObjectChecksum
, which depend on the checksum
package.CUMULUS-1171
@cumulus/common
API documentation to packages/common/docs/API.md
npm run build-docs
task to @cumulus/common
@cumulus/common/string#isValidHostname()
@cumulus/common/string#match()
@cumulus/common/string#matches()
@cumulus/common/string#toLower()
@cumulus/common/string#toUpper()
@cumulus/common/URLUtils#buildURL()
@cumulus/common/util#isNil()
@cumulus/common/util#isNull()
@cumulus/common/util#isUndefined()
@cumulus/common/util#negate()
CUMULUS-1176
@cumulus/files-to-granules
task to handle converting file array output from cumulus-process
tasks into granule objects.
Allows simplification of @cumulus/move-granules
and @cumulus/post-to-cmr
, see Changed section for more details.CUMULUS-1151 Compare the granule holdings in CMR with Cumulus' internal data store
CUMULUS-1152 Compare the granule file holdings in CMR with Cumulus' internal data store
CUMULUS-1216 - Updated @cumulus/ingest/granule/ingestFile
to download files to expected staging location.
CUMULUS-1208 - Updated @cumulus/ingest/queue/enqueueGranuleIngestMessage()
to not transform granule object passed to it when building an ingest message
CUMULUS-1198 - @cumulus/ingest
no longer enforces any expectations about whether provider_path
contains a leading slash or not.
CUMULUS-1170
npm
instead of yarn
package-lock.json
files to ensure matching versions of npm packagesnpm ci
instead of npm install
CUMULUS-670
CUMULUS-1139 - Granules stored in the API contain a files
property. That schema has been greatly
simplified and now better matches the CNM format.
name
property has been renamed to fileName
.filepath
property has been renamed to key
.checksumValue
property has been renamed to checksum
.path
property has been removed.url_path
property has been removed.filename
property (which contained an s3://
URL) has been removed, and the bucket
and key
properties should be used instead. Any requests sent to the API containing a granule.files[].filename
property will be rejected, and any responses coming back from the API will not contain that
filename
property.source
property has been added, which is a URL indicating the original source of the file.@cumulus/ingest/granule.moveGranuleFiles()
no longer includes a filename
field in its
output. The bucket
and key
fields should be used instead.CUMULUS-672
@cumulus/integration-tests/api/EarthdataLogin.getEarthdataLoginRedirectResponse
to @cumulus/integration-tests/api/EarthdataLogin.getEarthdataAccessToken
. The new function returns an access response from Earthdata login, if successful.@cumulus/integration-tests/cmr/getOnlineResources
now accepts an object of options, including cmrMetadataFormat
. Based on the cmrMetadataFormat
, the function will correctly retrieve the online resources for each metadata format (ECHO10, UMM-G)CUMULUS-1101
@cumulus/common/file/getFileChecksumFromStream
into @cumulus/checksum
, and renamed it to generateChecksumFromStream
.
This is a breaking change for users relying on @cumulus/common/file/getFileChecksumFromStream
.@cumulus/ingest/Granule
to depend on new common/aws
checksum functions and remove significantly present checksumming code.
@cumulus/ingest/granule.validateChecksum
. Replaced with @cumulus/ingest/granule.verifyFile
.granule.getChecksumFromFile
to granule.retrieveSuppliedFileChecksumInformation
to be more accurate.@cumulus/common/aws.checksumS3Objects
. Use @cumulus/common/aws.calculateS3ObjectChecksum
instead.CUMULUS-1171
host
and
port
properties. HTTP providers ignored port
and protocol
, and stored
an entire URL in the host
property. Updated the API to only accept valid
hostnames or IP addresses in the provider.host
field. Updated ingest code
to properly build HTTP and HTTPS URLs from provider.protocol
,
provider.host
, and provider.port
.CUMULUS-1176
@cumulus/move-granules
breaking change:
Input to move-granules
is now expected to be in the form of a granules object (i.e. { granules: [ { ... }, { ... } ] }
);
For backwards compatibility with array-of-files outputs from processing steps, use the new @cumulus/files-to-granules
task as an intermediate step.
This task will perform the input translation. This change allows move-granules
to be simpler and behave more predictably.
config.granuleIdExtraction
and config.input_granules
are no longer needed/used by move-granules
.@cumulus/post-to-cmr
: config.granuleIdExtraction
is no longer needed/used by post-to-cmr
.CUMULUS-1174
@cumulus/api
files and granules were not getting indexed correctly because files indexing was failing in db-indexer
@cumulus/deployment
A bug in the Cloudformation template was preventing the API from being able to be launched in a VPC, updated the IAM template to give the permissions to be able to run the API in a VPC@cumulus/api/models/Granule.removeGranuleFromCmr
, instead use @cumulus/api/models/Granule.removeGranuleFromCmrByGranule
@cumulus/ingest/granule.validateChecksum
, instead use @cumulus/ingest/granule.verifyFile
@cumulus/common/aws.checksumS3Objects
, instead use @cumulus/common/aws.calculateS3ObjectChecksum
@cumulus/cmrjs
: getGranuleId
and getCmrFiles
are deprecated due to changes in input handling.Changelog
[v1.11.3] - 2019-3-5
@cumulus/ingest/granule/duplicateHandlingType()
to determine how duplicate files should be handled in an ingest workflowChangelog
[v1.11.2] - 2019-2-15
@cumulus/common/StepFunctions
module. It contains functions for querying the AWS
StepFunctions API. These functions have the ability to retry when a ThrottlingException occurs.@cumulus/common/aws.retryOnThrottlingException()
, which will wrap a function in code to
retry on ThrottlingExceptions.@cumulus/common/test-utils.throttleOnce()
, which will cause a function to return a
ThrottlingException the first time it is called, then return its normal result after that.reconcileCMRMetadata
added to @cumulus/cmrjs
to update metadata record with new file locations.
@cumulus/common/errors
adds two new error types CMRMetaFileNotFound
and InvalidArgument
.
@cumulus/common/test-utils
adds new function randomId
to create a random string with id to help in debugging.
@cumulus/common/BucketsConfig
adds a new helper class BucketsConfig
for working with bucket stack configuration and bucket names.
@cumulus/common/aws
adds new function s3PutObjectTagging
as a convenience for the aws s3().putObjectTagging function.
@cumulus/cmrjs
Adds: - isCMRFile
- Identify an echo10(xml) or UMMG(json) metadata file. - metadataObjectFromCMRFile
Read and parse CMR XML file from s3. - updateCMRMetadata
Modify a cmr metadata (xml/json) file with updated information. - publish2CMR
Posts XML or UMMG CMR data to CMR service. - reconcileCMRMetadata
Reconciles cmr metadata file after a file moves.@cumulus/integration-tests/api/EarthdataLogin.getEarthdataLoginRedirectResponse
helper for integration tests to handle login with Earthdata and to return response from redirect to Cumulus API@cumulus/common/file/getFileChecksumFromStream
to get file checksum from a readable streamCUMULUS-1169
@cumulus/common/step-functions
module.@cumulus/common/StepFunctions
CUMULUS-1121
CUMULUS-678
tasks/move-granules
simplified and refactored to use functionality from cmrjs.
ingest/granules.moveGranuleFiles
now just moves granule files and returns a list of the updated files. Updating metadata now handled by @cumulus/cmrjs/reconcileCMRMetadata
.
move-granules.updateGranuleMetadata
refactored and bugs fixed in the case of a file matching multiple collection.files.regexps.
getCmrXmlFiles
simplified and now only returns an object with the cmrfilename and the granuleId.
@cumulus/test-processing
- test processing task updated to generate UMM-G metadata
CUMULUS-1043
@cumulus/api
now uses express as the API engine.@cumulus/api
endpoints on ApiGateway are consolidated to a single endpoint the uses {proxy+}
definition.packages/api/endpoints
along with associated tests are updated to support express's request and response objects.internal
, bucket
and systemBucket
with system_bucket
.@cumulus/integration-tests
to work with updated cumulus-api express endpoints@cumulus/integration-tests
- buildAndExecuteWorkflow
and buildWorkflow
updated to take a meta
param to allow for additional fields to be added to the workflow meta
CUMULUS-1049 Updated Retrieve Execution Status API
in @cumulus/api
: If the execution doesn't exist in Step Function API, Cumulus API returns the execution status information from the database.
CUMULUS-1119
DISTRIBUTION_URL
environment variable to DISTRIBUTION_ENDPOINT
DEPLOYMENT_ENDPOINT
environment variable to DISTRIBUTION_REDIRECT_ENDPOINT
API_ENDPOINT
environment variable to TOKEN_REDIRECT_ENDPOINT
@cmrjs/ingestConcept
, instead use the CMR object methods. @cmrjs/CMR.ingestGranule
or @cmrjs/CMR.ingestCollection
@cmrjs/searchConcept
, instead use the CMR object methods. @cmrjs/CMR.searchGranules
or @cmrjs/CMR.searchCollections
@cmrjs/deleteConcept
, instead use the CMR object methods. @cmrjs/CMR.deleteGranule
or @cmrjs/CMR.deleteCollection
Changelog
[v1.11.1] - 2018-12-18
Please Note
app/config.yml
has a clientId
specified in the cmr
section. This will allow CMR to identify your requests for better support and metrics.
/tokenDelete
endpoint in @cumulus/api
to delete access token records@cumulus/ingest/crypto
moved and renamed to @cumulus/common/key-pair-provider
@cumulus/ingest/aws
function: KMSDecryptionFailed
and class: KMS
extracted and moved to @cumulus/common
and KMS
is exported as KMSProvider
from @cumulus/common/key-pair-provider
@cumulus/ingest/granule
functions: publish
, getGranuleId
, getXMLMetadataAsString
, getMetadataBodyAndTags
, parseXmlString
, getCmrXMLFiles
, postS3Object
, contructOnlineAccessUrls
, updateMetadata
, extracted and moved to @cumulus/cmrjs
getGranuleId
, getCmrXMLFiles
, publish
, updateMetadata
removed from @cumulus/ingest/granule
and added to @cumulus/cmrjs
;
updateMetadata
renamed updateCMRMetadata
.
@cumulus/ingest
test files renamed.'Client-Id'
header to all @cumulus/cmrjs
requests (made via searchConcept
, ingestConcept
, and deleteConcept
).cumulus/example/app/config.yml
entry for cmr.clientId
to use stackName for easier CMR-side identification.Changelog
[v1.11.0] - 2018-11-30
Please Note
cumulus-message-adapter
v1.0.13+ is required for @cumulus/api
granule reingest API to work properly. The latest version should be downloaded automatically by kes.TOKEN_SECRET
value (preferably 256-bit for security) must be added to .env
to securely sign JWTs used for authorization in @cumulus/api
@cumulus/sync-granule
and @cumulus/move-granules
tasks to always overwrite existing files for manually-triggered reingest.@cumulus/api
granule reingest API to
reingestGranule: true
and forceDuplicateOverwrite: true
to Cumulus message cumulus_meta.cumulus_context
field to indicate that the workflow is a manually triggered re-ingest.replace
cumulus-message-adapter
v1.0.13+ is required.@cumulus/api
to reject the move with a 409 status code if one or more of the files already exist at the destination location@cumulus/helloworld
to use S3 to store state for pass on retry tests@cumulus/ingest
:
http.js#list
will now find links with a trailing whitespacegranule.js
which looked for files in S3 using { Bucket: discoveredFile.bucket, Key: discoveredFile.name }
. This is obsolete since @cumulus/ingest
uses a file-staging
and constructCollectionId()
directory prefixes by default.@cumulus/api
to use JWT (JSON Web Token) as the transport format for API authorization tokens and to use JWT verification in the request authorization/token
endpoint in @cumulus/api
to return tokens as JWTs/refresh
endpoint in @cumulus/api
to request new access tokens from the OAuth provider using the refresh tokenrefreshAccessToken
to @cumulus/api/lib/EarthdataLogin
to manage refresh token requests with the Earthdata OAuth providerkinesisConsumer
to messageConsumer
as it handles both Kinesis streams and SNS topics as of this version.sns
-type rule support. These rules create a subscription between an SNS topic and the messageConsumer
.
When a message is received, messageConsumer
is triggered and passes the SNS message (JSON format expected) in
its entirety to the workflow in the payload
field of the Cumulus message. For more information on sns-type rules,
see the documentation.KinesisInboundEventLogger
and KinesisOutboundEventLogger
API lambdas. These lambdas
are utilized to dump incoming and outgoing ingest workflow kinesis streams
to cloudwatch for analytics in case of AWS/stream failure.@cumulus/api
package.hostId
to the @cumulus/cmrjs
to help build environment specific cmr urls.@cumulus/cmrjs.searchConcept
to search and return CMR results.@cumulus/cmrjs.CMR.searchGranule
and @cumulus/cmrjs.CMR.searchCollection
to include CMR's provider as a default parameter to searches.@cumulus/test-data.loadJSONTestData()
,
@cumulus/test-data.loadTestData()
, and
@cumulus/test-data.streamTestData()
to safely load test data. These
functions should be used instead of using require()
to load test data,
which could lead to tests interfering with each other.@cumulus/common/util/deprecate()
function to mark a piece of code as
deprecatedwaitForTestExecutionStart
to @cumulus/integration-tests
@cumulus/deployment
, added support for NGAP permissions boundaries for IAM roles with useNgapPermissionBoundary
flag in iam/config.yml
. Defaults to false.@cumulus/sf-sns-report
was not pulling large messages from S3 correctly.@cumulus/ingest/aws/StepFunction.pullEvent()
. Use @cumulus/common/aws.pullStepFunctionEvent()
.@cumulus/ingest/consumer.Consume
due to unpredictable implementation. Use @cumulus/ingest/consumer.Consumer
.
Call Consumer.consume()
instead of Consume.read()
.Changelog
[v1.10.4] - 2018-11-28
config.yml
parameter for SQS consumers: sqs_consumer_rate: (default 500)
, which is the maximum number of
messages the consumer will attempt to process per execution. Currently this is only used by the sf-starter consumer,
which runs every minute by default, making this a messages-per-minute upper bound. SQS does not guarantee the number
of messages returned per call, so this is not a fixed rate of consumption, only attempted number of messages received.@cumulus/ingest/consumer.Consume
due to unpredictable implementation. Use @cumulus/ingest/consumer.Consumer
.packages/api
dependency @mapbox/dyno
to 1.4.2
to mitigate event-stream
vulnerability.