forked from OSC/ondemand
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
improve dev container experience This adds a `dev` namespace to our rake tasks and documentation around those tasks. Running `dev:start` will build and start a development container with your UID & GID with password that you can set.
- Loading branch information
Showing
13 changed files
with
254 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
# Developing Open-OnDemand | ||
|
||
## Getting Started | ||
|
||
These are instructions to build and interact with a full stack | ||
development container. This container will create a duplicate user | ||
with the same group and user id. Starting the container will prompt | ||
you to set a password. This is only credentials for web access to the | ||
container. | ||
|
||
Pull down this source code and start the container. | ||
|
||
```text | ||
mkdir -p ~/ondemand | ||
git clone https://github.com/OSC/ondemand.git ~/ondemand/src | ||
cd ~/ondemand/src | ||
rake dev:start | ||
``` | ||
|
||
See `rake --tasks` for all the `dev:` related tasks. | ||
|
||
``` | ||
rake dev:exec # Bash exec into the development container | ||
rake dev:restart # Restart development container | ||
rake dev:start # Start development container | ||
rake dev:stop # Stop development container | ||
``` | ||
|
||
### Login to the container | ||
|
||
Here's the important bit about user mapping with containers. Let's use the | ||
example of `jessie` with `id` below. In creating the development container, | ||
we added a user with the same. The password is for `dex` the IDP, and the | ||
web only. | ||
|
||
``` | ||
uid=1000(jessie) gid=1000(jessie) groups=1000(jessie) | ||
``` | ||
|
||
Now you'll be able to access `http://localhost:8080/` where it'll redirect | ||
you to `dex` the OpenID Connect provider within the container. Use the email | ||
`<your username>@localhost`. | ||
|
||
|
||
### Configuring the container | ||
|
||
In starting the container, you may see the mount | ||
`~/.config/ondemand/container:/etc/ood`. This mount allows us to | ||
completely configure this Open-OnDemand container. | ||
|
||
Create and edit files in the host's home directory and to mount in | ||
new configurations. | ||
|
||
Remove `~/.config/ondemand/container/static_user.yml` to reset your | ||
container's password. | ||
|
||
### Rebuilding the image | ||
|
||
All the development tasks will use the `ood-dev:latest` image. If | ||
you want to rebuild to a newer version use the rebuild task. | ||
|
||
```text | ||
rake dev:rebuild | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
inherit_from: '../apps/dashboard/.rubocop.yml' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
# frozen_string_literal: true | ||
|
||
namespace :dev do | ||
require_relative 'build_utils' | ||
require 'yaml' | ||
require 'bcrypt' | ||
include BuildUtils | ||
|
||
def dev_container_name | ||
'ood-dev' || ENV['OOD_DEV_CONTAINER_NAME'].to_s | ||
end | ||
|
||
def init_ood_portal | ||
file = "#{config_directory}/ood_portal.yml" | ||
return if File.exist?(file) | ||
|
||
File.open(file, File::WRONLY|File::CREAT|File::EXCL) do |f| | ||
f.write({ | ||
'servername': 'localhost', | ||
'port': 8080, | ||
'listen_addr_port': 8080, | ||
'oidc_remote_user_claim': 'email', | ||
'dex': { | ||
'connectors': [{ | ||
'type': 'mockCallback', | ||
'id': 'mock', | ||
'name': 'Mock' | ||
}] | ||
} | ||
}.to_yaml) | ||
end | ||
end | ||
|
||
def init_ctr_user | ||
file = "#{config_directory}/static_user.yml" | ||
return if File.exist?(file) | ||
|
||
require 'io/console' | ||
puts 'Enter password:' | ||
plain_password = $stdin.noecho(&:gets).chomp | ||
bcrypted = BCrypt::Password.create(plain_password) | ||
|
||
content = <<~CONTENT | ||
enablePasswordDB: true | ||
staticPasswords: | ||
- email: "#{user.name}@localhost" | ||
hash: "#{bcrypted}" | ||
username: "#{user.name}" | ||
userID: "71e63e31-7af3-41d7-add2-575568f4525f" | ||
CONTENT | ||
|
||
File.open(file, File::WRONLY | File::CREAT | File::EXCL) do |f| | ||
f.write(content) | ||
end | ||
end | ||
|
||
def container_rt_args | ||
podman_runtime? ? podman_rt_args : docker_rt_args | ||
end | ||
|
||
def docker_rt_args | ||
[ | ||
'--user', "#{user.uid}:#{user.gid}" | ||
].freeze | ||
end | ||
|
||
def podman_rt_args | ||
[ | ||
'--userns', 'keep-id', | ||
'--cap-add', 'sys_ptrace', | ||
'--security-opt', 'label=disable' | ||
].freeze | ||
end | ||
|
||
def config_directory | ||
@config_directory ||= begin | ||
base_dir = "#{user.dir}/.config/ondemand/container/config".tap { |dir| FileUtils.mkdir_p(dir) } | ||
base_dir | ||
end | ||
end | ||
|
||
def dev_mounts | ||
[ | ||
'-v', "#{config_directory}:/etc/ood/config", | ||
'-v', "#{user.dir}/ondemand:#{user.dir}/ondemand" | ||
] | ||
end | ||
|
||
desc 'Start development container' | ||
task :start => ['ensure_dev_files'] do | ||
Rake::Task['package:dev_container'].invoke unless image_exists?("#{dev_image_name}:latest") | ||
|
||
ctr_args = [container_runtime, 'run', '-p 8080:8080', '-p 5556:5556'] | ||
ctr_args.concat ["--name #{dev_container_name}"] | ||
ctr_args.concat ['--rm', '--detach'] | ||
ctr_args.concat ['-e', 'OOD_STATIC_USER=/etc/ood/config/static_user.yml'] | ||
ctr_args.concat dev_mounts | ||
ctr_args.concat container_rt_args | ||
|
||
ctr_args.concat ["#{dev_image_name}:latest"] | ||
sh ctr_args.join(' ') | ||
end | ||
|
||
desc 'Stop development container' | ||
task :stop do | ||
sh "#{container_runtime} stop #{dev_container_name}" | ||
end | ||
|
||
desc 'See the development container\'s logs' | ||
task :logs do | ||
sh "#{container_runtime} logs #{dev_container_name}" | ||
end | ||
|
||
desc 'Restart development container' | ||
task :restart => [:stop, :start] | ||
|
||
desc 'Rebuild the ood-dev:latest container' | ||
task :rebuild => ['package:dev_container'] | ||
|
||
desc 'Bash exec into the development container' | ||
task :exec do | ||
ctr_args = [container_runtime, 'exec', '-it'] | ||
# home is set to /root? could be bug for me | ||
ctr_args.concat ['-e', "HOME=#{user.dir}"] | ||
ctr_args.concat ['--workdir', user.dir.to_s] | ||
ctr_args.concat [dev_container_name, '/bin/bash'] | ||
|
||
sh ctr_args.join(' ') | ||
end | ||
|
||
task :bash => [:exec] | ||
|
||
# let advanced users know this, not --tasks | ||
task :ensure_dev_files do | ||
[ | ||
:init_ood_portal, | ||
:init_ctr_user | ||
].each do |initer| | ||
send(initer) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.