diff --git a/Dockerfile b/Dockerfile index 5bfccae2..34d021f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,13 @@ RUN chown atlpan -R /opt/idds RUN chown atlpan /var/log/idds RUN chown apache -R /var/idds/wsgisocks/ +# to run with non-root PID +RUN chmod -R 777 /var/log/idds +RUN chmod -R 777 /var/idds +RUN chmod -R 777 /etc/httpd/conf.d +RUN chmod -R 777 /run/httpd +RUN chmod -R 777 /var/log/httpd + # setup conda virtual env ADD requirements.yaml /opt/idds/ # ADD start-daemon.sh /opt/idds/ @@ -65,11 +72,33 @@ RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip ins RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade requests SQLAlchemy urllib3 retrying mod_wsgi flask futures stomp.py cx-Oracle unittest2 pep8 flake8 pytest nose sphinx recommonmark sphinx-rtd-theme nevergrad RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade psycopg2-binary RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade rucio-clients-atlas rucio-clients panda-client -RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade idds-common==$TAG idds-workflow==$TAG idds-server==$TAG idds-client==$TAG idds-doma==$TAG idds-atlas==$TAG idds-website==$TAG idds-monitor==$TAG + +WORKDIR /tmp/src +COPY . . + +RUN echo $'#!/bin/bash \n\ +set -m \n\ +for package in common main client workflow doma atlas website monitor ; \n\ +do \n\ + python3 -m pip install `ls $package/dist/*.tar.gz` \n\ +done \n ' > inst_packages.sh + +RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; \ + if [[ -z "$TAG" ]] ; then \ + python3 setup.py sdist && chmod +x inst_packages.sh && ./inst_packages.sh ; \ + else \ + python3 -m pip install --no-cache-dir --upgrade idds-common==$TAG idds-workflow==$TAG idds-server==$TAG idds-client==$TAG idds-doma==$TAG idds-atlas==$TAG idds-website==$TAG idds-monitor==$TAG ; \ + fi + +WORKDIR /tmp +RUN rm -rf /tmp/src RUN mkdir /opt/idds/config RUN mkdir /opt/idds/config/idds -# RUN mkdir /opt/idds/config_default + +# to run with non-root PID +RUN chmod -R 777 /opt/idds/config +RUN chmod -R 777 /opt/idds/config_default # ADD idds.cfg.default /opt/idds/config @@ -77,6 +106,15 @@ RUN mkdir /opt/idds/config/idds # RUN ls /opt/idds/config; ls /opt/idds/config/idds; # for rest service + +# to grant low-numbered port access to non-root +RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/httpd +RUN chmod -R 777 /etc/grid-security + +# required for ssl.conf to run with non-root PID +RUN chmod a+r /etc/pki/tls/certs/localhost.crt +RUN chmod a+r /etc/pki/tls/private/localhost.key + # RUN ln -fs /opt/idds/config/hostkey.pem /etc/grid-security/hostkey.pem # RUN ln -fs /opt/idds/config/hostcert.pem /etc/grid-security/hostcert.pem