Skip to content

Commit

Permalink
updating docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@vsoch
vsoch committed Aug 21, 2017
1 parent 79c1457 commit e304b3e
Show file tree
Hide file tree
Showing 10 changed files with 244 additions and 92 deletions.
1 change: 1 addition & 0 deletions docker-compose.yml
View file
Expand Up @@ -7,6 +7,7 @@ uwsgi:
volumes:
- .:/code
- ./static:/var/www/static
- ./images:/var/www/images
links:
- redis
- db
Expand Down
6 changes: 3 additions & 3 deletions docs/README.md
View file
Expand Up @@ -8,10 +8,10 @@ Hello there! It's so great that you want to use Singularity Registry. Let's get

## Deploy a Registry

- [introduction](introduction.md): Coverts some background and basic information.
- [introduction](introduction.md): Covers some background and basic information.
- [deployment](deployment.md): will cover installing dependencies, configuring the web server, setting up variables and paths to the file system, and starting the application.
- [configuration](): covers how to create an admin ("super user") and register the application.
- [api](): some basics about the api. Most of this usage documentation will live with the client, provided by [singularity-python](https://www.github.com/singularityware/singularity-python).
- [setup](setup.md): setting up the running application, including user accounts and application registration.
- [client](client.md): how to interact with your registry to push and pull images.

@vsoch wants [your input!](https://www.github.com/singularityhub/sregistry/issues) This registry is driven by desire and need for clusters small and large, so if you don't tell me what you want, how will I know that you want it?

2 changes: 2 additions & 0 deletions docs/client.md
View file
Expand Up @@ -137,3 +137,5 @@ sregistry labels --value vanessasaur
# A specific key and value
sregistry labels --key maintainer --value vanessasaur
```

That's all for now folks! We will next be writing up interaction with the registry with Singularity proper, and other details like visualizations, sharing, views, labels, and topic tags.
77 changes: 0 additions & 77 deletions docs/config.md
View file

This file was deleted.

19 changes: 19 additions & 0 deletions docs/deployment.md
View file
Expand Up @@ -174,6 +174,25 @@ cp $INSTALL_ROOT/sregistry/scripts/nginx-index.html /var/www/html/index.html
rm /var/www/html/index.nginx-debian.html
```

If you don't care about user experience during updates and server downtime, you can just ignore this.

### Storage
The containers that you upload to your registry will be stored "inside" the Docker container, specifically at the location `/var/www/images`. By default, we map this location to the host in the base directory of `sregistry` in a folder called `images`. Equally, we map static web files to a folder named `static`. If you look in the [docker-compose.yml](docker-compose.yml) that looks something like this:


```
- ./static:/var/www/static
- ./images:/var/www/images
```

The line reads specifically "map `./images` (the folder "images" in the base directory sregistry on the host) to (`:`) the folder `/var/www/images` (inside the container). This means a few important things:

- if you container goes away and dies, your image files do not. If the folder wasn't mapped, this wouldn't be the case.
- when the container is running, since Docker is run as sudo, you won't be able to interact with the files without sudo either.

Thus, you are free to test different configurations of mounting this folder. If you find a more reasonable default than is set, please [let us know!](https://www.github.com/singularityhub/sregistry/issues).


### SSL
Getting https certificates is really annoying, and getting `dhparams.pem` takes forever. But after the domain is obtained, it's important to do. Again, remember that we are working on the host, and we have an nginx server running. You should follow the instructions (and I do this manually) in [generate_cert.sh](../scripts/generate_cert.sh). It basically comes down to:

Expand Down
73 changes: 73 additions & 0 deletions docs/setup.md
View file
@@ -0,0 +1,73 @@
# Setup
By the time you get here, you have added all required secrets and settings to your [settings](../shub/settings) folder, and you've built and started the image. Next, you should navigate to [http://127.0.0.1](http://127.0.0.1) (localhost) to make sure the registry is up and running.

## Image Interaction
Before we work with accounts and other application setup, you need to know how to interact with the application, meaning Docker images. Here are the basic commands you should get comfortable with as an administrator of your registry. Note that these are really great for debugging too:

```
docker ps # gets you the image ids
docker-compose logs worker # show me the logs of the worker instance
docker-compose logs nginx # logs for the main application
docker-compose logs -f nginx # keep the logs open until I Control+C
```

and to shell in to an image, you can do the following:

```
NAME=$(docker ps -aqf "name=sregistry_uwsgi_1")
docker exec -it ${NAME} bash
```

## Accounts
To create your admin account, the first thing you need to do (in the web interface) is click Login on the top right. You should see the social account options that you configured in the [deployment](deployment.md) step. You can now log in with your social account of choice. This will create a user account for yourself that you can use to manage the application, and when you are logged in you should see your username in the top right. It usually corresponds with the one from your social account.


## The Application Manager
At this point, you've started the application, and created a user with your social auth. Your username is in the top right, and it's usually the same as your social account. Keep this in mind because you will need it when you shell into the image to make yourself a superuser. Let's first shell inside:

```
NAME=$(docker ps -aqf "name=sregistry_uwsgi_1")
docker exec -it ${NAME} bash
```

you will find yourself in a directory called `/code`, which is where the main application lives. For administration you will be using the file [manage.py](../manage.py) to interact with the registry. If you want to see all the different options, type `python manage.py` and it will show you.

Let's first make yourself a superuser and an admin, meaning that you are an administrator **and** have godlevel control of the registry. Just by way of being inside the Docker image you already have that. You will be able to set other people as admins. In summary:

- `superuser`: you are an admin that can do anything, you have all permissions.
- `admin`: you can push images, but not have significant impact on the registry application.

Of course anyone that shells into your Docker image could just explode everything - it's up to you to secure and manage the server itself! Let's say my username is `vsoch`. Here is the command I would run to make myself a superuser and admin. Note that we are inside the Docker image `sregistry_uwsgi_1`:

```bash
$ python manage.py add_superuser --username vsoch
DEBUG Username: vsoch
DEBUG vsoch is now a superuser.

$ python manage.py add_superuser --username vsoch
DEBUG Username: vsoch
DEBUG vsoch can now manage and build.
```

# And from outside the Docker image
NAME=$(docker ps -aqf "name=sregistry_uwsgi_1")
docker exec $NAME python /code/manage.py add_superuser --username vsoch
docker exec $NAME python /code/manage.py add_admin --username vsoch

```
You can also choose to remove a superuser or admin at any time. This means he or she will no longer be able to build and access the token and secret to do so.
```
# Inside the image
$ python manage.py remove_superuser --username vsoch
$ python manage.py remove_admin --username vsoch

# Outside
NAME=$(docker ps -aqf "name=sregistry_uwsgi_1")
docker exec $NAME python /code/manage.py remove_superuser --username vsoch
docker exec $NAME python /code/manage.py remove_admin --username vsoch
```
Great! Now that you have your accounts, you probably want to learn about how to build and push images! You will need to read about the [client](client.md) to do this.
68 changes: 68 additions & 0 deletions shub/apps/users/management/commands/add_admin.py
View file
@@ -0,0 +1,68 @@
'''
Copyright (c) 2017, Vanessa Sochat, All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''

from django.core.management.base import (
BaseCommand,
CommandError
)

from shub.apps.users.models import User
from shub.logger import bot
import re

class Command(BaseCommand):
'''add admin will add admin and manager privs singularity
registry. The super user is an admin that can build, delete,
and manage images
'''
def add_arguments(self, parser):
# Positional arguments
parser.add_argument('--username', dest='username', default=None, type=str)

help = "Generates an admin for the registry."
def handle(self,*args, **options):
if options['username'] is None:
raise CommandError("Please provide a username with --username")

bot.debug("Username: %s" %options['username'])

try:
user = User.objects.get(username=options['username'])
except User.DoesNotExist:
raise CommandError("This username does not exist.")

if user.admin is True: #and user.manager is True:
raise CommandError("This user can already manage and build.")

user.admin = True
#user.manager = True
user.save()
bot.debug("%s can now manage and build." %(user.username))
11 changes: 5 additions & 6 deletions shub/apps/users/management/commands/add_superuser.py
View file
Expand Up @@ -47,7 +47,7 @@ def add_arguments(self, parser):
# Positional arguments
parser.add_argument('--username', dest='username', default=None, type=str)

help = "Generates a superuser for the registry. Only for admins."
help = "Generates a superuser for the registry."
def handle(self,*args, **options):
if options['username'] is None:
raise CommandError("Please provide a username with --username")
Expand All @@ -59,10 +59,9 @@ def handle(self,*args, **options):
except User.DoesNotExist:
raise CommandError("This username does not exist.")

if user.admin is True and user.manager is True:
raise CommandError("This user can already manage and build.")
if user.is_superuser is True:
raise CommandError("This user is already a superuser.")

user.admin = True
user.manager = True
user.is_superuser = True
user.save()
bot.debug("%s can now manage and build." %(user.username))
bot.debug("%s is now a superuser." %(user.username))
68 changes: 68 additions & 0 deletions shub/apps/users/management/commands/remove_admin.py
View file
@@ -0,0 +1,68 @@
'''
Copyright (c) 2017, Vanessa Sochat, All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''

from django.core.management.base import (
BaseCommand,
CommandError
)

from shub.apps.users.models import User
from shub.logger import bot
import re

class Command(BaseCommand):
'''remove admin will remove admin privs for a singularity
registry. The super user is an admin that can build, delete,
and manage images
'''
def add_arguments(self, parser):
# Positional arguments
parser.add_argument('--username', dest='username', default=None, type=str)

help = "Removes admin priviledges for the registry."
def handle(self,*args, **options):
if options['username'] is None:
raise CommandError("Please provide a username with --username")

bot.debug("Username: %s" %options['username'])

try:
user = User.objects.get(username=options['username'])
except User.DoesNotExist:
raise CommandError("This username does not exist.")

if user.admin is False: #and user.manager is False:
raise CommandError("This user already can't manage and build.")

user.admin = False
#user.manager = False
bot.debug("%s can no longer manage and build." %(user.username))
user.save()
11 changes: 5 additions & 6 deletions shub/apps/users/management/commands/remove_superuser.py
View file
Expand Up @@ -47,7 +47,7 @@ def add_arguments(self, parser):
# Positional arguments
parser.add_argument('--username', dest='username', default=None, type=str)

help = "Removes superuser priviledges for the registry. Only for admins."
help = "Removes superuser priviledges for the registry."
def handle(self,*args, **options):
if options['username'] is None:
raise CommandError("Please provide a username with --username")
Expand All @@ -59,10 +59,9 @@ def handle(self,*args, **options):
except User.DoesNotExist:
raise CommandError("This username does not exist.")

if user.admin is False and user.manager is False:
raise CommandError("This user already can't manage and build.")
if user.is_superuser is False:
raise CommandError("This user already is not a superuser.")

user.admin = False
user.manager = False
bot.debug("%s can no longer manage and build." %(user.username))
user.is_superuser = False
bot.debug("%s is no longer a superuser." %(user.username))
user.save()

0 comments on commit e304b3e

Please sign in to comment.