Loading .gitignore +1 −0 Original line number Diff line number Diff line Loading @@ -7,3 +7,4 @@ **/*.gz _site/ .project .vscode Jenkinsfile +46 −46 Original line number Diff line number Diff line Loading @@ -83,7 +83,6 @@ pipeline ESGF_HUB='esgfhub' ESGF_PREFIX='' ESGF_DOCKER_REPO_PATH="${env.WORKSPACE}" ESGF_HOSTNAME=sh(returnStdout: true, script: 'hostname') ESGF_CONFIG="${env.WORKSPACE}/config" ESGF_DATA="${env.WORKSPACE}/data" Loading @@ -96,7 +95,7 @@ pipeline TEST_DIR_PATH="${ESGF_TEST_SUITE_REPO_PATH}/esgf-test-suite" SINGULARITY_FILENAME='esgf-test-suite_env.singularity.img' SINGULARITY_IMG_URL="http://distrib-coffee.ipsl.jussieu.fr/pub/esgf/dist/esgf-test-suite/${SINGULARITY_FILENAME}" SINGULARITY_FILE_PATH="${TEST_DIR_PATH}/${SINGULARITY_FILENAME}" SINGULARITY_FILE_PATH="${env.WORKSPACE}/../../../esgf/${SINGULARITY_FILENAME}" TESTS='-a !compute,basic -a cog_root_login -a slcs_django_admin_login' CONFIG_FILE_PATH="${env.WORKSPACE}/../../../esgf/my_config_docker.ini" Loading Loading @@ -240,7 +239,7 @@ pipeline dir(ESGF_DOCKER_REPO_PATH) { info("building esgf-docker images with the tag '${env.ESGF_VERSION}' and hub '${ESGF_HUB}'") sh('docker-compose build') sh('docker-compose -f docker-compose.build.yml build --no-cache') } end_block('build') Loading @@ -254,15 +253,18 @@ pipeline start_block('config containers') info('delete the previous configuration files of ESGF docker') sh 'rm -fr "${ESGF_CONFIG}" ; mkdir "${ESGF_CONFIG}"; mkdir -p "${ESGF_DATA}"' sh 'rm -fr "${ESGF_CONFIG}" ; mkdir -p "${ESGF_CONFIG}"; mkdir -p "${ESGF_DATA}"' // Write $ESGF_CONFIG/environment config file sh 'echo -e "ESGF_HOSTNAME=$(hostname)\nESGF_DATA=${ESGF_DATA}" > "${ESGF_CONFIG}/environment"' sh 'cat "${ESGF_CONFIG}/environment"' dir(ESGF_DOCKER_REPO_PATH) { info('generating esgf secrets') sh 'docker-compose run -u $UID esgf-setup generate-secrets' sh './bin/esgf-setup generate-secrets' info('generating certificates') sh 'docker-compose run -u $UID esgf-setup generate-test-certificates' sh './bin/esgf-setup generate-test-certificates' info('creating trust bundle') sh 'docker-compose run -u $UID esgf-setup create-trust-bundle' sh './bin/esgf-setup create-trust-bundle' // Enable containers to read the private keys. sh 'chmod +r "${ESGF_CONFIG}/certificates/hostcert/hostcert.key"' Loading Loading @@ -294,15 +296,13 @@ pipeline sh(script: """ set +x export ESGF_CONFIG=${ESGF_CONFIG} export ESGF_DATA=${ESGF_DATA} export ESGF_HOSTNAME=${ESGF_HOSTNAME} docker-compose up -d ./bin/esgf-compose up -d """) info("waiting ${WAITING_TIME} seconds for the containers") sleep(time:WAITING_TIME, unit: 'SECONDS') info('container status:') sh 'docker ps' sh './bin/esgf-compose ps' } } post Loading Loading @@ -355,7 +355,7 @@ pipeline failure { info('log of the containers:') dir(ESGF_DOCKER_REPO_PATH) {sh 'docker-compose logs'} dir(ESGF_DOCKER_REPO_PATH) {sh './bin/esgf-compose logs'} } // Cleanup is run after all post condition statements. Loading Loading @@ -428,7 +428,7 @@ pipeline // the result of the job will be a failure even if the // instructions retried are successful. retry(3) {sh(script: 'docker-compose push')} {sh(script: 'docker-compose -f docker-compose.build.yml push')} } } } Loading Loading @@ -462,7 +462,7 @@ pipeline info("retagging images with ${env.ESGF_VERSION}") dir(ESGF_DOCKER_REPO_PATH) { sh('docker-compose build') // Quickly retag the images sh('docker-compose -f docker-compose.build.yml build') // Quickly retag the images } } } Loading @@ -485,7 +485,7 @@ pipeline // the result of the job will be a failure even if the // instructions retried are successful. retry(3) {sh(script: 'docker-compose push')} {sh(script: 'docker-compose -f docker-compose.build.yml push')} } } } Loading Loading @@ -603,7 +603,7 @@ def shutdown() dir(ESGF_DOCKER_REPO_PATH) { info('shutting down the containers') sh 'docker-compose down -v' sh './bin/esgf-compose down -v' } } Loading README.md +1 −1 Original line number Diff line number Diff line Loading @@ -2,6 +2,6 @@ ESGF software stack as Docker images. ## Documentation ## Documentation For documentation, please visit [cedadev.github.io/esgf-docker](https://cedadev.github.io/esgf-docker). auth/Dockerfile +17 −15 Original line number Diff line number Diff line Loading @@ -13,6 +13,11 @@ ARG ESGF_VERSION=latest # https://github.com/moby/moby/issues/34482 FROM ${ESGF_HUB}/${ESGF_PREFIX}configure:${ESGF_VERSION} as configuration ############# ## Stage 1 ## ############# FROM python:2.7-slim AS esgf-auth-build # Install git for checking out the source code and pulling dependencies Loading Loading @@ -61,24 +66,21 @@ ENV ESGF_AUTH_INSTALL_DIR /application # Install ESGF Auth settings wrapper COPY python/*.py /usr/local/lib/python2.7/site-packages/ # Tell Django which settings module to use ENV DJANGO_SETTINGS_MODULE esgf_auth_settings # Install configuration files # Ensure the config directory is owned by the Django user and root group RUN mkdir -p /esg/config && chown 1001:0 /esg/config && chmod 775 /esg/config COPY --chown=1001:0 --from=configuration /esg/config /esg/config # Make sure the config interpolation runs first by giving it a low ordinal COPY --from=configuration /opt/esgf-docker/scripts/interpolate-configs.sh /django-init.d/01-interpolate.sh # Install the template auth config file # First, start with the /esg directory from esgf-configure COPY --chown=1001:0 --from=configuration /esg /esg # Install the default auth configuration ENV ESGF_AUTH_CONFIG_FILE /esg/auth/esgf_auth_config.json ENV ESGF_OAUTH2_SECRET_FILE /esg/auth/esgf_oauth2.json # Ensure /esg/auth exists and is owned by the Django user and root group RUN mkdir -p /esg/auth && chown 1001:0 /esg/auth && chmod 775 /esg/auth COPY conf/esgf_auth_config.json.template "$ESGF_AUTH_CONFIG_FILE.template" RUN echo "{}" > $ESGF_OAUTH2_SECRET_FILE # This script interpolates the auth config files with additional environment variables COPY scripts/auth-configure.sh /django-init.d/02-auth-configure.sh COPY ./conf /esg/auth/.defaults # Correct the permissions on /esg/auth so that non-root users in the root group can write to it RUN chown 1001:0 /esg/auth && chmod 755 /esg/auth # Install initialisation scripts COPY ./scripts /django-init.d # Run as the Django user unless otherwise specified USER 1001 # The "command" is just the settings module to use CMD ["esgf_auth_settings"] auth/conf/esgf_auth_config.json 0 → 100644 +5 −0 Original line number Diff line number Diff line { "ESGF_HOSTNAME": "{{ .Env.ESGF_HOSTNAME }}", "ESGF_SECRET_KEY": "{{ getenv "ESGF_COOKIE_SECRET_KEY" }}", "WEBAPP_SECRET_KEY": "{{ getenv "ESGF_AUTH_SECRET_KEY" }}" } Loading
.gitignore +1 −0 Original line number Diff line number Diff line Loading @@ -7,3 +7,4 @@ **/*.gz _site/ .project .vscode
Jenkinsfile +46 −46 Original line number Diff line number Diff line Loading @@ -83,7 +83,6 @@ pipeline ESGF_HUB='esgfhub' ESGF_PREFIX='' ESGF_DOCKER_REPO_PATH="${env.WORKSPACE}" ESGF_HOSTNAME=sh(returnStdout: true, script: 'hostname') ESGF_CONFIG="${env.WORKSPACE}/config" ESGF_DATA="${env.WORKSPACE}/data" Loading @@ -96,7 +95,7 @@ pipeline TEST_DIR_PATH="${ESGF_TEST_SUITE_REPO_PATH}/esgf-test-suite" SINGULARITY_FILENAME='esgf-test-suite_env.singularity.img' SINGULARITY_IMG_URL="http://distrib-coffee.ipsl.jussieu.fr/pub/esgf/dist/esgf-test-suite/${SINGULARITY_FILENAME}" SINGULARITY_FILE_PATH="${TEST_DIR_PATH}/${SINGULARITY_FILENAME}" SINGULARITY_FILE_PATH="${env.WORKSPACE}/../../../esgf/${SINGULARITY_FILENAME}" TESTS='-a !compute,basic -a cog_root_login -a slcs_django_admin_login' CONFIG_FILE_PATH="${env.WORKSPACE}/../../../esgf/my_config_docker.ini" Loading Loading @@ -240,7 +239,7 @@ pipeline dir(ESGF_DOCKER_REPO_PATH) { info("building esgf-docker images with the tag '${env.ESGF_VERSION}' and hub '${ESGF_HUB}'") sh('docker-compose build') sh('docker-compose -f docker-compose.build.yml build --no-cache') } end_block('build') Loading @@ -254,15 +253,18 @@ pipeline start_block('config containers') info('delete the previous configuration files of ESGF docker') sh 'rm -fr "${ESGF_CONFIG}" ; mkdir "${ESGF_CONFIG}"; mkdir -p "${ESGF_DATA}"' sh 'rm -fr "${ESGF_CONFIG}" ; mkdir -p "${ESGF_CONFIG}"; mkdir -p "${ESGF_DATA}"' // Write $ESGF_CONFIG/environment config file sh 'echo -e "ESGF_HOSTNAME=$(hostname)\nESGF_DATA=${ESGF_DATA}" > "${ESGF_CONFIG}/environment"' sh 'cat "${ESGF_CONFIG}/environment"' dir(ESGF_DOCKER_REPO_PATH) { info('generating esgf secrets') sh 'docker-compose run -u $UID esgf-setup generate-secrets' sh './bin/esgf-setup generate-secrets' info('generating certificates') sh 'docker-compose run -u $UID esgf-setup generate-test-certificates' sh './bin/esgf-setup generate-test-certificates' info('creating trust bundle') sh 'docker-compose run -u $UID esgf-setup create-trust-bundle' sh './bin/esgf-setup create-trust-bundle' // Enable containers to read the private keys. sh 'chmod +r "${ESGF_CONFIG}/certificates/hostcert/hostcert.key"' Loading Loading @@ -294,15 +296,13 @@ pipeline sh(script: """ set +x export ESGF_CONFIG=${ESGF_CONFIG} export ESGF_DATA=${ESGF_DATA} export ESGF_HOSTNAME=${ESGF_HOSTNAME} docker-compose up -d ./bin/esgf-compose up -d """) info("waiting ${WAITING_TIME} seconds for the containers") sleep(time:WAITING_TIME, unit: 'SECONDS') info('container status:') sh 'docker ps' sh './bin/esgf-compose ps' } } post Loading Loading @@ -355,7 +355,7 @@ pipeline failure { info('log of the containers:') dir(ESGF_DOCKER_REPO_PATH) {sh 'docker-compose logs'} dir(ESGF_DOCKER_REPO_PATH) {sh './bin/esgf-compose logs'} } // Cleanup is run after all post condition statements. Loading Loading @@ -428,7 +428,7 @@ pipeline // the result of the job will be a failure even if the // instructions retried are successful. retry(3) {sh(script: 'docker-compose push')} {sh(script: 'docker-compose -f docker-compose.build.yml push')} } } } Loading Loading @@ -462,7 +462,7 @@ pipeline info("retagging images with ${env.ESGF_VERSION}") dir(ESGF_DOCKER_REPO_PATH) { sh('docker-compose build') // Quickly retag the images sh('docker-compose -f docker-compose.build.yml build') // Quickly retag the images } } } Loading @@ -485,7 +485,7 @@ pipeline // the result of the job will be a failure even if the // instructions retried are successful. retry(3) {sh(script: 'docker-compose push')} {sh(script: 'docker-compose -f docker-compose.build.yml push')} } } } Loading Loading @@ -603,7 +603,7 @@ def shutdown() dir(ESGF_DOCKER_REPO_PATH) { info('shutting down the containers') sh 'docker-compose down -v' sh './bin/esgf-compose down -v' } } Loading
README.md +1 −1 Original line number Diff line number Diff line Loading @@ -2,6 +2,6 @@ ESGF software stack as Docker images. ## Documentation ## Documentation For documentation, please visit [cedadev.github.io/esgf-docker](https://cedadev.github.io/esgf-docker).
auth/Dockerfile +17 −15 Original line number Diff line number Diff line Loading @@ -13,6 +13,11 @@ ARG ESGF_VERSION=latest # https://github.com/moby/moby/issues/34482 FROM ${ESGF_HUB}/${ESGF_PREFIX}configure:${ESGF_VERSION} as configuration ############# ## Stage 1 ## ############# FROM python:2.7-slim AS esgf-auth-build # Install git for checking out the source code and pulling dependencies Loading Loading @@ -61,24 +66,21 @@ ENV ESGF_AUTH_INSTALL_DIR /application # Install ESGF Auth settings wrapper COPY python/*.py /usr/local/lib/python2.7/site-packages/ # Tell Django which settings module to use ENV DJANGO_SETTINGS_MODULE esgf_auth_settings # Install configuration files # Ensure the config directory is owned by the Django user and root group RUN mkdir -p /esg/config && chown 1001:0 /esg/config && chmod 775 /esg/config COPY --chown=1001:0 --from=configuration /esg/config /esg/config # Make sure the config interpolation runs first by giving it a low ordinal COPY --from=configuration /opt/esgf-docker/scripts/interpolate-configs.sh /django-init.d/01-interpolate.sh # Install the template auth config file # First, start with the /esg directory from esgf-configure COPY --chown=1001:0 --from=configuration /esg /esg # Install the default auth configuration ENV ESGF_AUTH_CONFIG_FILE /esg/auth/esgf_auth_config.json ENV ESGF_OAUTH2_SECRET_FILE /esg/auth/esgf_oauth2.json # Ensure /esg/auth exists and is owned by the Django user and root group RUN mkdir -p /esg/auth && chown 1001:0 /esg/auth && chmod 775 /esg/auth COPY conf/esgf_auth_config.json.template "$ESGF_AUTH_CONFIG_FILE.template" RUN echo "{}" > $ESGF_OAUTH2_SECRET_FILE # This script interpolates the auth config files with additional environment variables COPY scripts/auth-configure.sh /django-init.d/02-auth-configure.sh COPY ./conf /esg/auth/.defaults # Correct the permissions on /esg/auth so that non-root users in the root group can write to it RUN chown 1001:0 /esg/auth && chmod 755 /esg/auth # Install initialisation scripts COPY ./scripts /django-init.d # Run as the Django user unless otherwise specified USER 1001 # The "command" is just the settings module to use CMD ["esgf_auth_settings"]
auth/conf/esgf_auth_config.json 0 → 100644 +5 −0 Original line number Diff line number Diff line { "ESGF_HOSTNAME": "{{ .Env.ESGF_HOSTNAME }}", "ESGF_SECRET_KEY": "{{ getenv "ESGF_COOKIE_SECRET_KEY" }}", "WEBAPP_SECRET_KEY": "{{ getenv "ESGF_AUTH_SECRET_KEY" }}" }
