Dockerfile 4.11 KB
Newer Older
1 2 3
FROM ligo/base:stretch
LABEL name="LIGO GraceDB Django application" \
      maintainer="tanner.prestegard@ligo.org" \
4
      date="20190430"
5
ARG SETTINGS_MODULE="config.settings.container.dev"
6

7
COPY docker/SWITCHaai-swdistrib.gpg /etc/apt/trusted.gpg.d
8
COPY docker/backports.pref /etc/apt/preferences.d
9
RUN echo 'deb http://pkg.switch.ch/switchaai/debian stretch main' > /etc/apt/sources.list.d/shibboleth.list
10
RUN echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list
11
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
12 13
RUN apt-get update && \
    apt-get install --install-recommends --assume-yes \
14 15
        apache2 \
        gcc \
16
        git \
17
        libapache2-mod-xsendfile \
18 19 20 21 22
        libmariadbclient-dev \
        libldap2-dev \
        libsasl2-dev \
        libxml2-dev \
        libsqlite3-dev \
23
        ligo-ca-certs \
24
        mariadb-client \
25
        nodejs \
26
        osg-ca-certs \
27
        python2.7 \
28
        python2.7-dev \
29
        python-libxml2 \
30
        python-pip \
31 32 33 34
        python-voeventlib \
        procps \
        shibboleth \
        supervisor \
35 36
        libssl-dev \
        swig \
37 38 39
        vim && \
    apt-get clean && \
    npm install -g bower
40

41
COPY docker/entrypoint /usr/local/bin/entrypoint
42
COPY docker/cleanup /usr/local/bin/cleanup
43 44
COPY docker/supervisord.conf /etc/supervisor/supervisord.conf
COPY docker/supervisord-apache2.conf /etc/supervisor/conf.d/apache2.conf
45
COPY docker/supervisord-lvalert-overseer.conf /etc/supervisor/conf.d/overseer.conf
46
COPY docker/supervisord-shibd.conf /etc/supervisor/conf.d/shibd.conf
47
COPY docker/shibboleth-ds /etc/shibboleth-ds
48
COPY docker/apache-config /etc/apache2/sites-available/gracedb.conf
49 50
COPY docker/login.ligo.org.cert.LIGOCA.pem /etc/shibboleth/login.ligo.org.cert.LIGOCA.pem
COPY docker/inc-md-cert.pem /etc/shibboleth/inc-md-cert.pem
51
COPY docker/check_shibboleth_status /usr/local/bin/check_shibboleth_status
52

53 54 55
RUN a2dissite 000-default.conf && \
    a2ensite gracedb.conf && \
    a2enmod headers proxy proxy_http rewrite xsendfile
56

57 58 59
# this line is unfortunate because "." updates for nearly any change to the
# repository and therefore docker build rarely caches the steps below
ADD . /app/gracedb_project
60

61 62
# install gracedb application itself
WORKDIR /app/gracedb_project
63
RUN bower install --allow-root
64 65
RUN pip install --upgrade setuptools wheel && \
    pip install -r requirements.txt
66 67 68

# Give pip-installed packages priority over distribution packages
ENV PYTHONPATH /usr/local/lib/python2.7/dist-packages:$PYTHONPATH
69
ENV ENABLE_SHIBD false
70
ENV ENABLE_OVERSEER true
71
ENV VIRTUAL_ENV dummy
72

73 74 75 76 77 78 79 80 81
# Expose port and run Gunicorn
EXPOSE 8000

# Generate documentation
WORKDIR /app/gracedb_project/docs/user_docs
RUN sphinx-build -b html source build
WORKDIR /app/gracedb_project/docs/admin_docs
RUN sphinx-build -b html source build

82 83
RUN mkdir /app/logs /app/project_data

84
WORKDIR /app/gracedb_project
85 86
RUN DJANGO_SETTINGS_MODULE=${SETTINGS_MODULE} \
    DJANGO_DB_NAME=fake_name \
87
    DJANGO_DB_USER=fake_user \
88 89 90
    DJANGO_DB_PASSWORD=fake_password \
    DJANGO_SECRET_KEY=fake_key \
    DJANGO_PRIMARY_FQDN=fake_fqdn \
91
    DJANGO_ALERT_EMAIL_FROM=fake_email \
92 93 94 95
    LVALERT_USER=fake_user \
    LVALERT_PASSWORD=fake_password \
    LVALERT_SERVER=fake_server \
    LVALERT_OVERSEER_PORT=2 \
96 97
    DJANGO_TWILIO_ACCOUNT_SID=fake_sid \
    DJANGO_TWILIO_AUTH_TOKEN=fake_token \
98 99
    AWS_SES_ACCESS_KEY_ID=fake_aws_id \
    AWS_SES_SECRET_ACCESS_KEY=fake_aws_key \
100
    python manage.py collectstatic --noinput
101

102 103
RUN rm -rf /app/logs/* /app/project_data/*

104
RUN useradd -M -u 50001 -g www-data -s /bin/false gracedb
105

106 107
# set secure file/directory permissions. In particular, ADD command at
# beginning of recipe inherits umask of user running the build
108
RUN chmod 0755 /usr/local/bin/entrypoint && \
109
    chmod 0755 /usr/local/bin/cleanup && \
110
    chown gracedb:www-data /app/logs /app/project_data && \
111 112 113
    chmod 0750 /app/logs /app/project_data && \
    find /app/gracedb_project -type d -exec chmod 0755 {} + && \
    find /app/gracedb_project -type f -exec chmod 0644 {} +
114

115
ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
116
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]