Skip to content

Commit

Permalink
Merge pull request #79 from tmaeno/master
Browse files Browse the repository at this point in the history
to run with non-root PID and publish images via github action
  • Loading branch information
wguanicedew authored Jul 5, 2022
2 parents 8d12572 + e07880e commit 21aa48b
Showing 1 changed file with 40 additions and 2 deletions.
42 changes: 40 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,13 @@ RUN chown atlpan -R /opt/idds
RUN chown atlpan /var/log/idds
RUN chown apache -R /var/idds/wsgisocks/

# to run with non-root PID
RUN chmod -R 777 /var/log/idds
RUN chmod -R 777 /var/idds
RUN chmod -R 777 /etc/httpd/conf.d
RUN chmod -R 777 /run/httpd
RUN chmod -R 777 /var/log/httpd

# setup conda virtual env
ADD requirements.yaml /opt/idds/
# ADD start-daemon.sh /opt/idds/
Expand All @@ -65,18 +72,49 @@ RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip ins
RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade requests SQLAlchemy urllib3 retrying mod_wsgi flask futures stomp.py cx-Oracle unittest2 pep8 flake8 pytest nose sphinx recommonmark sphinx-rtd-theme nevergrad
RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade psycopg2-binary
RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade rucio-clients-atlas rucio-clients panda-client
RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade idds-common==$TAG idds-workflow==$TAG idds-server==$TAG idds-client==$TAG idds-doma==$TAG idds-atlas==$TAG idds-website==$TAG idds-monitor==$TAG

WORKDIR /tmp/src
COPY . .

RUN echo $'#!/bin/bash \n\
set -m \n\
for package in common main client workflow doma atlas website monitor ; \n\
do \n\
python3 -m pip install `ls $package/dist/*.tar.gz` \n\
done \n ' > inst_packages.sh

RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; \
if [[ -z "$TAG" ]] ; then \
python3 setup.py sdist && chmod +x inst_packages.sh && ./inst_packages.sh ; \
else \
python3 -m pip install --no-cache-dir --upgrade idds-common==$TAG idds-workflow==$TAG idds-server==$TAG idds-client==$TAG idds-doma==$TAG idds-atlas==$TAG idds-website==$TAG idds-monitor==$TAG ; \
fi

WORKDIR /tmp
RUN rm -rf /tmp/src

RUN mkdir /opt/idds/config
RUN mkdir /opt/idds/config/idds
# RUN mkdir /opt/idds/config_default

# to run with non-root PID
RUN chmod -R 777 /opt/idds/config
RUN chmod -R 777 /opt/idds/config_default

# ADD idds.cfg.default /opt/idds/config

# RUN ls /opt/idds/etc; ls /opt/idds/etc/idds; ls /opt/idds/etc/panda;
# RUN ls /opt/idds/config; ls /opt/idds/config/idds;

# for rest service

# to grant low-numbered port access to non-root
RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/httpd
RUN chmod -R 777 /etc/grid-security

# required for ssl.conf to run with non-root PID
RUN chmod a+r /etc/pki/tls/certs/localhost.crt
RUN chmod a+r /etc/pki/tls/private/localhost.key

# RUN ln -fs /opt/idds/config/hostkey.pem /etc/grid-security/hostkey.pem
# RUN ln -fs /opt/idds/config/hostcert.pem /etc/grid-security/hostcert.pem

Expand Down

0 comments on commit 21aa48b

Please sign in to comment.