Issues/300

.gitignore

@@ -60,3 +60,9 @@ docs/_build/
 
 # PyBuilder
 target/
+
+# Docker stuff:
+.env
+certs/
+db/
+media/

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "rcamp/ldapdb"]
+	path = rcamp/ldapdb
+	url = https://github.com/ResearchComputing/django-ldapdb.git

.travis.yml

@@ -0,0 +1,25 @@
+sudo: required
+
+language: python
+
+services:
+  - docker
+
+before_install:
+- pip install --upgrade docker-compose
+- cd rcamp
+- docker build -t dev/rcamp --build-arg UWSGI_UID=$(id -u) --build-arg UWSGI_GID=$(id -u) .
+- cd ..
+- export RCAMP_PORT=9000
+- docker-compose -f docker-compose.yml -f docker-compose.test-backends.yml -f docker-compose.dev.yml build
+- docker-compose -f docker-compose.yml -f docker-compose.test-backends.yml -f docker-compose.dev.yml run --rm --service-ports rcamp-uwsgi bash -c 'sleep 30s && python manage.py migrate'
+- docker-compose -f docker-compose.yml -f docker-compose.test-backends.yml -f docker-compose.dev.yml run --rm --service-ports rcamp-uwsgi bash -c 'python manage.py test'
+
+install: true
+script: true
+
+notifications:
+  email: false
+  slack:
+    rooms:
+      secure: sEWHI86XLXXuVAQd15UbDMPpDKop/bTDn/XynrLKqp+GF+28h8BtewVZXCMHHir3ZCFdb2oRqG1qJ+g3kr8AY5xCadt8xu7BYZTAbGJdlv4tqTuGCNdUTr60wkafmvqYx2UZuawTLLAfy31bgzfGcpq068ni0MxYIn4PNJq0lqcUZoFvhlTT5lXrBWhu7q4JCTvfCBni/shjWKW8zmP5QP1GXSpPeHI9AZmBr2luczc2izVJbyTPEipNk1a57l8D5MeAGz+LE8AkXgbd3yl3KWgU+ZgUd8Jga09B9oARBBqG/1sVb1pCAkQQ2qDd+nByNfkPbcOn0LXhT6LM8sX/HVi7NZD1byB/u6qiycmDvf2rb+7Xz7Z2/eN4Rycf5+3JBuKCg2eFbX0Beo3RLJgmn+dYbWqD3YRAupv8nwZci2Km6AS3cWJi3HhQK85r6xGrmWdW5yqMxbaxiz2PAjtwb2aIdaMb+kgYsuDiYBLprNLWRl8sp3feyxWNCeudtQBxrbDX6gGjri2m8IQlDJv+LRwFaFgGF2xkAy/JMpVdDncqLAQrkjVaQbap1uZYVQyafWDPdLQbMdlt+bR92/bqoD9oZLRVsmOiVfLwxki20jm0cQfOQJL3nRIccdrFSLejMmxc+u6aE8EWSHHswoERmU6H4mDSIotV9jhQSNW3qEU=

LICENSE

@@ -1,5 +1,5 @@
 The MIT License (MIT)
-Copyright (c) 2016 Zebula Sampedro
+Copyright (c) 2018 Zebula Sampedro
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

README.md

@@ -15,40 +15,37 @@ Research Computing Administrative & Management Portal
 
 **rcamp** - The rcamp directory contains site code and, most importantly, settings.
 
-## Installation
+## Setting up your dev environment
+You will need Docker 18.03+ and Compose 1.21+ before you begin. Documentation for Docker can be found here: https://docs.docker.com/install/.
 
-Clone RCAMP
+Start by cloning RCAMP.
 ```
-git clone https://github.com/ResearchComputing/RCAMP
+$ git clone https://github.com/ResearchComputing/RCAMP
+$ git submodule update --init
+$ cd RCAMP
 ```
 
-Install the RC fork of django-ldapdb
+Then build the RCAMP base image, making sure to pass your local account UID/GID as build args _(this is necessary for bind-mounting your code later)_.
 ```
-git clone https://github.com/ResearchComputing/django-ldapdb
-cd django-ldapdb
-python setup.py install
+$ cd rcamp
+$ docker build -t dev/rcamp --build-arg UWSGI_UID=$(id -u) --build-arg UWSGI_GID=$(id -g) .
+$ cd ..
 ```
 
-Install remaining project dependencies
+Build your dev environment and then start it using Compose.
 ```
-cd ../RCAMP
-pip install -r requirements.txt
+$ export RCAMP_PORT=9000
+$ docker-compose -f docker-compose.yml -f docker-compose.test-backends.yml -f docker-compose.dev.yml build
+$ docker-compose -f docker-compose.yml -f docker-compose.test-backends.yml -f docker-compose.dev.yml run --rm --service-ports rcamp-uwsgi bash -c 'sleep 30s && python manage.py migrate'
+$ docker-compose -f docker-compose.yml -f docker-compose.test-backends.yml -f docker-compose.dev.yml up -d
 ```
 
-Configure local settings. Configuration in `local_settings.py` will override configuration in `settings.py`.
+Finish by migrating the DB and adding a superuser to the RCAMP app. You'll need to attach to the running RCAMP service to do this:
 ```
-cd rcamp/rcamp
-touch local_settings.py
-# Configure fields in local_settings as needed.
-```
-Collect static files
-```
-python manage.py collectstatic
-```
-
-Set up the database (SQLite3 preferred for dev/testing).
-```
-python manage.py migrate
+$ docker exec -it rcamp_rcamp-uwsgi_1 /bin/bash
+~rcamp-uwsgi$ python manage.py migrate
+~rcamp-uwsgi$ python manage.py createsuperuser
+...
 ```
 
 ## Writing and Running Tests

docker-compose.dev.yml

@@ -0,0 +1,19 @@
+version: "3.6"
+
+services:
+  rcamp-uwsgi:
+    build:
+      context: rcamp
+      cache_from:
+        - dev/rcamp
+      dockerfile: Dockerfile.test
+    environment:
+      - RCAMP_DEBUG=True
+    volumes:
+      - ./rcamp/rcamp:/home/uwsgi/rcamp
+      - ./rcamp/ldapdb:/home/uwsgi/ldapdb
+    ports:
+      - "${RCAMP_PORT}:9000"
+    depends_on:
+      - test-mysql
+      - test-ldap

docker-compose.prod.yml

@@ -0,0 +1,39 @@
+version: "3.6"
+
+services:
+  rcamp-uwsgi:
+    environment:
+      # Jenkins will load these values from Vault and then export them to the environment
+      # during deployment.
+      - RCAMP_DEBUG=False
+      - RCAMP_SECRET_KEY=${RCAMP_SECRET_KEY}
+      - RCAMP_ALLOWEDHOSTS=${RCAMP_ALLOWEDHOSTS}
+      - RCAMP_DB_HOST=${RCAMP_DB_HOST}
+      - RCAMP_DB_USER=${RCAMP_DB_USER}
+      - RCAMP_DB_PASSWORD=${RCAMP_DB_PASSWORD}
+      - RCAMP_RC_LDAP_URI=${RCAMP_RC_LDAP_URI}
+      - RCAMP_RC_LDAP_USER=${RCAMP_RC_LDAP_USER}
+      - RCAMP_RC_LDAP_PASSWORD=${RCAMP_RC_LDAP_PASSWORD}
+    volumes:
+      - /var/lib/sss/pipes:/var/lib/sss/pipes:rw
+      - /etc/nsswitch.conf:/etc/nsswitch.conf
+      - /etc/pam.d:/etc/pam.d
+
+  nginx:
+    hostname: ${HOSTNAME}
+    image: nginx:stable
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./nginx/uwsgi_params:/etc/nginx/uwsgi_params:ro
+      - ./certs:/etc/nginx/certs:ro
+      - static-content:/var/www/static:ro
+      - media-uploads:/var/www/media:ro
+      - nginx-logs:/var/logs/nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - rcamp-uwsgi
+
+volumes:
+  nginx-logs:

docker-compose.test-backends.yml

@@ -0,0 +1,14 @@
+version: "3.6"
+
+services:
+  test-mysql:
+    image: mysql:5.7
+    environment:
+      - MYSQL_ROOT_PASSWORD=password
+      - MYSQL_DATABASE=rcamp1712
+    volumes:
+      - ./db:/var/lib/mysql
+
+  test-ldap:
+    image: researchcomputing/rc-test-ldap
+    # build: ldap

docker-compose.yml

@@ -0,0 +1,21 @@
+version: "3.6"
+
+services:
+  rcamp-uwsgi:
+    build: rcamp
+    environment:
+      - RCAMP_UCB_LDAP_URI=${RCAMP_UCB_LDAP_URI}
+      - RCAMP_UCB_LDAP_USER=${RCAMP_UCB_LDAP_USER}
+      - RCAMP_UCB_LDAP_PASSWORD=${RCAMP_UCB_LDAP_PASSWORD}
+      - RCAMP_CSU_LDAP_URI=${RCAMP_CSU_LDAP_URI}
+      - RCAMP_CSU_LDAP_USER=${RCAMP_CSU_LDAP_USER}
+      - RCAMP_CSU_LDAP_PASSWORD=${RCAMP_CSU_LDAP_PASSWORD}
+    volumes:
+      - static-content:/home/uwsgi/rcamp/static
+      - media-uploads:/home/uwsgi/rcamp/media
+      - rcamp-logs:/home/uwsgi/rcamp/logs
+
+volumes:
+  static-content:
+  media-uploads:
+  rcamp-logs:

nginx/nginx.conf

@@ -0,0 +1,64 @@
+server {
+  listen *:80;
+  server_name localhost;
+
+  client_max_body_size 8000M;
+  client_body_buffer_size 8000M;
+  client_body_timeout 120;
+
+  if ($ssl_protocol = "") {
+    return 301 https://$host$request_uri;
+  }
+
+  location /images {
+    alias /var/www/images;
+  }
+
+  location / {
+    include /etc/nginx/uwsgi_params;
+    uwsgi_pass rcamp-uwsgi:8000;
+  }
+
+  location /static {
+    allow all;
+    alias /var/www/static;
+  }
+
+  location /media {
+    allow all;
+    alias /var/www/media;
+  }
+}
+
+server {
+  listen *:443 ssl;
+  server_name localhost;
+
+  ssl on;
+
+  ssl_certificate /etc/nginx/certs/rcamp.crt;
+  ssl_certificate_key /etc/nginx/certs/rcamp.key;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 5m;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
+  ssl_prefer_server_ciphers on;
+
+  access_log /var/log/nginx/rcamp.access.log combined;
+  error_log /var/log/nginx/rcamp.error.log;
+
+  location / {
+    include /etc/nginx/uwsgi_params;
+    uwsgi_pass rcamp-uwsgi:8000;
+  }
+
+  location /static {
+    allow all;
+    alias /var/www/static;
+  }
+
+  location /media {
+    allow all;
+    alias /var/www/media;
+  }
+}

nginx/uwsgi_params

@@ -0,0 +1,13 @@
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_ADDR $server_addr;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;

rcamp/Dockerfile

@@ -0,0 +1,58 @@
+FROM centos:7
+MAINTAINER Zebula Sampedro <sampedro@colorado.edu>
+
+# Install gosu to drop user and chown shared volumes at runtime
+RUN export GOSU_VERSION=1.10 && \
+    yum -y install epel-release && \
+  	yum -y install wget dpkg && \
+  	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \
+  	wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" && \
+  	wget -O /tmp/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" && \
+  	export GNUPGHOME="$(mktemp -d)" && \
+  	gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
+  	gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu && \
+  	rm -r "$GNUPGHOME" /tmp/gosu.asc && \
+  	chmod +x /usr/bin/gosu; \
+  	gosu nobody true && \
+  	yum -y remove wget dpkg && \
+  	yum clean all && \
+    unset GOSU_VERSION
+
+# Add uwsgi user to the image
+ARG UWSGI_UID=1000
+ARG UWSGI_GID=1000
+# Set env vars from these args, as there is no utility in forcing the user to set them twice in dev.
+ENV UID=${UWSGI_UID}
+ENV GID=${UWSGI_GID}
+
+RUN groupadd -g $GID uwsgi && \
+    useradd -d "/home/uwsgi" -u "$UID" -g "$GID" -m -s /bin/bash "uwsgi"
+
+WORKDIR /home/uwsgi
+
+# Install core dependencies
+RUN yum -y update && \
+    yum makecache fast && \
+    yum -y groupinstall "Development Tools" && \
+    yum -y install epel-release curl which wget && \
+    yum -y install sssd pam-devel openssl-devel && \
+    yum -y install python-devel python2-pip && \
+    yum -y install openldap-devel MySQL-python
+
+# Add uwsgi conf
+COPY --chown=uwsgi:uwsgi uwsgi.ini /home/uwsgi/uwsgi.ini
+
+# Add codebase to container and install
+COPY --chown=uwsgi:uwsgi ldapdb /home/uwsgi/ldapdb
+COPY --chown=uwsgi:uwsgi rcamp /home/uwsgi/rcamp
+
+WORKDIR /home/uwsgi/ldapdb
+RUN pip install -e .
+
+WORKDIR /home/uwsgi/rcamp
+RUN pip2 install -r requirements.txt
+
+# Set gosu entrypoint and default command
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["sh","/usr/local/bin/docker-entrypoint.sh"]
+CMD ["/usr/bin/uwsgi","/home/uwsgi/uwsgi.ini"]

rcamp/Dockerfile.test

@@ -0,0 +1,18 @@
+FROM dev/rcamp
+MAINTAINER Zebula Sampedro <sampedro@colorado.edu>
+
+ENV RCAMP_DEBUG=True
+
+# Install dev dependencies
+RUN yum -y install nodejs npm && \
+    yum -y install openssl pamtester fontconfig freetype freetype-devel fontconfig-devel libstdc++ && \
+    npm install -g phantomjs-prebuilt && \
+    pip install selenium==3.7.0
+
+# Add test users for PAM auth
+RUN useradd -M -p $(echo password | openssl passwd -1 -stdin) testuser1 && \
+    useradd -M -p $(echo password | openssl passwd -1 -stdin) testuser2
+
+WORKDIR /home/uwsgi/rcamp
+
+CMD ["python","manage.py","runserver","0.0.0.0:9000"]

rcamp/docker-entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+STATIC_DIR=/home/uwsgi/rcamp/static
+MEDIA_DIR=/home/uwsgi/rcamp/media
+LOG_DIR=/home/uwsgi/rcamp/logs
+
+# Collect static, and set permissions of shared volumes.
+RCAMP_DEBUG=True bash -c 'python manage.py collectstatic --noinput'
+chown -R uwsgi:uwsgi $STATIC_DIR
+chown -R uwsgi:uwsgi $MEDIA_DIR
+chown -R uwsgi:uwsgi $LOG_DIR
+
+exec gosu uwsgi "$@"