Unverified Commit 965ef2f7 authored by Luca Cinquini's avatar Luca Cinquini Committed by GitHub
Browse files

Merge pull request #85 from ESGF/issue/52/configs 

Easier configuration
parents 8785c72e 4502c157

.gitignore

+1 −0
Original line number Diff line number Diff line
@@ -7,3 +7,4 @@ 
**/*.gz

_site/

.project

.vscode

Jenkinsfile

+45 −45
Original line number Diff line number Diff line
@@ -83,7 +83,6 @@ pipeline 
    ESGF_HUB='esgfhub'

    ESGF_PREFIX=''

    ESGF_DOCKER_REPO_PATH="${env.WORKSPACE}"

    ESGF_HOSTNAME=sh(returnStdout: true, script: 'hostname')

    ESGF_CONFIG="${env.WORKSPACE}/config"

    ESGF_DATA="${env.WORKSPACE}/data"
@@ -240,7 +239,7 @@ pipeline 
            dir(ESGF_DOCKER_REPO_PATH)

            {

              info("building esgf-docker images with the tag '${env.ESGF_VERSION}' and hub '${ESGF_HUB}'")

              sh('docker-compose build')

              sh('docker-compose -f docker-compose.build.yml build --no-cache')

            }



            end_block('build')
@@ -254,15 +253,18 @@ pipeline 
            start_block('config containers')



            info('delete the previous configuration files of ESGF docker')

            sh 'rm -fr "${ESGF_CONFIG}" ; mkdir "${ESGF_CONFIG}"; mkdir -p "${ESGF_DATA}"'

            sh 'rm -fr "${ESGF_CONFIG}" ; mkdir -p "${ESGF_CONFIG}"; mkdir -p "${ESGF_DATA}"'

            // Write $ESGF_CONFIG/environment config file

            sh 'echo -e "ESGF_HOSTNAME=$(hostname)\nESGF_DATA=${ESGF_DATA}" > "${ESGF_CONFIG}/environment"'

            sh 'cat "${ESGF_CONFIG}/environment"'

            dir(ESGF_DOCKER_REPO_PATH)

            {

              info('generating esgf secrets')

              sh 'docker-compose run -u $UID esgf-setup generate-secrets'

              sh './bin/esgf-setup generate-secrets'

              info('generating certificates')

              sh 'docker-compose run -u $UID esgf-setup generate-test-certificates'

              sh './bin/esgf-setup generate-test-certificates'

              info('creating trust bundle')

              sh 'docker-compose run -u $UID esgf-setup create-trust-bundle'

              sh './bin/esgf-setup create-trust-bundle'



              // Enable containers to read the private keys.

              sh 'chmod +r "${ESGF_CONFIG}/certificates/hostcert/hostcert.key"'
@@ -294,15 +296,13 @@ pipeline 
              sh(script: """

                   set +x

                   export ESGF_CONFIG=${ESGF_CONFIG}

                   export ESGF_DATA=${ESGF_DATA}

                   export ESGF_HOSTNAME=${ESGF_HOSTNAME}

                   docker-compose up -d

                   ./bin/esgf-compose up -d

                   """)



              info("waiting ${WAITING_TIME} seconds for the containers")

              sleep(time:WAITING_TIME, unit: 'SECONDS')

              info('container status:')

              sh 'docker ps'

              sh './bin/esgf-compose ps'

            }

          }

          post
@@ -355,7 +355,7 @@ pipeline 
            failure

            {

              info('log of the containers:')

              dir(ESGF_DOCKER_REPO_PATH) {sh 'docker-compose logs'}          

              dir(ESGF_DOCKER_REPO_PATH) {sh './bin/esgf-compose logs'}

            }



            // Cleanup is run after all post condition statements.
@@ -428,7 +428,7 @@ pipeline 
                  // the result of the job will be a failure even if the

                  // instructions retried are successful.

                  retry(3)

                  {sh(script: 'docker-compose push')}

                  {sh(script: 'docker-compose -f docker-compose.build.yml push')}

                }

              }

            }
@@ -462,7 +462,7 @@ pipeline 
                info("retagging images with ${env.ESGF_VERSION}")

                dir(ESGF_DOCKER_REPO_PATH)

                {

                 sh('docker-compose build') // Quickly retag the images

                 sh('docker-compose -f docker-compose.build.yml build') // Quickly retag the images

                }

              }

            }
@@ -485,7 +485,7 @@ pipeline 
                  // the result of the job will be a failure even if the

                  // instructions retried are successful.

                  retry(3)

                  {sh(script: 'docker-compose push')}

                  {sh(script: 'docker-compose -f docker-compose.build.yml push')}

                }

              }

            }
@@ -603,7 +603,7 @@ def shutdown() 
  dir(ESGF_DOCKER_REPO_PATH)

  {

    info('shutting down the containers')

    sh 'docker-compose down -v'

    sh './bin/esgf-compose down -v'

  }

}

auth/Dockerfile

+17 −15
Original line number Diff line number Diff line
@@ -13,6 +13,11 @@ ARG ESGF_VERSION=latest 
# https://github.com/moby/moby/issues/34482

FROM ${ESGF_HUB}/${ESGF_PREFIX}configure:${ESGF_VERSION} as configuration





#############

## Stage 1 ##

#############



FROM python:2.7-slim AS esgf-auth-build



# Install git for checking out the source code and pulling dependencies
@@ -61,24 +66,21 @@ ENV ESGF_AUTH_INSTALL_DIR /application 
# Install ESGF Auth settings wrapper

COPY python/*.py /usr/local/lib/python2.7/site-packages/



# Tell Django which settings module to use

ENV DJANGO_SETTINGS_MODULE esgf_auth_settings



# Install configuration files

# Ensure the config directory is owned by the Django user and root group

RUN mkdir -p /esg/config && chown 1001:0 /esg/config && chmod 775 /esg/config

COPY --chown=1001:0 --from=configuration /esg/config /esg/config

# Make sure the config interpolation runs first by giving it a low ordinal

COPY --from=configuration /opt/esgf-docker/scripts/interpolate-configs.sh /django-init.d/01-interpolate.sh

# Install the template auth config file

# First, start with the /esg directory from esgf-configure

COPY --chown=1001:0 --from=configuration /esg /esg

# Install the default auth configuration

ENV ESGF_AUTH_CONFIG_FILE /esg/auth/esgf_auth_config.json

ENV ESGF_OAUTH2_SECRET_FILE /esg/auth/esgf_oauth2.json

# Ensure /esg/auth exists and is owned by the Django user and root group

RUN mkdir -p /esg/auth && chown 1001:0 /esg/auth && chmod 775 /esg/auth

COPY conf/esgf_auth_config.json.template "$ESGF_AUTH_CONFIG_FILE.template"

RUN echo "{}" > $ESGF_OAUTH2_SECRET_FILE

# This script interpolates the auth config files with additional environment variables

COPY scripts/auth-configure.sh /django-init.d/02-auth-configure.sh

COPY ./conf  /esg/auth/.defaults

# Correct the permissions on /esg/auth so that non-root users in the root group can write to it

RUN chown 1001:0 /esg/auth && chmod 755 /esg/auth



# Install initialisation scripts

COPY ./scripts /django-init.d



# Run as the Django user unless otherwise specified

USER 1001
 


# The "command" is just the settings module to use

CMD ["esgf_auth_settings"]

auth/conf/esgf_auth_config.json

0 → 100644
+5 −0
Original line number Diff line number Diff line 
{

    "ESGF_HOSTNAME": "{{ .Env.ESGF_HOSTNAME }}",

    "ESGF_SECRET_KEY": "{{ getenv "ESGF_COOKIE_SECRET_KEY" }}",

    "WEBAPP_SECRET_KEY": "{{ getenv "ESGF_AUTH_SECRET_KEY" }}"

}

auth/conf/esgf_auth_config.json.template

deleted100644 → 0
+0 −5
Original line number Diff line number Diff line 
{

    "ESGF_HOSTNAME": "$ESGF_HOSTNAME",

    "ESGF_SECRET_KEY": "$ESGF_COOKIE_SECRET_KEY",

    "WEBAPP_SECRET_KEY": "$ESGF_AUTH_SECRET_KEY"

}