Commit 543726b1 authored by Daniel Schreiber's avatar Daniel Schreiber

Merge branch 'docker' into 'master'

build Docker image

See merge request !13
parents c3f3a90f 87212a5f
Pipeline #30054 passed with stage
in 17 seconds
FROM debian:buster
RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y uwsgi python3.7 uwsgi-plugin-python3 python3-venv git libpq-dev libmariadb-dev
COPY install.sh /tmp/install.sh
COPY frms.ini /etc/uwsgi/apps-enabled
COPY startsync.sh /var/www/django/frms/startsync.sh
COPY startuwsgi.sh /var/www/django/frms/startuwsgi.sh
COPY manage.py /usr/bin/manage.py
RUN chmod 755 /var/www/django/frms/startsync.sh
RUN chmod 755 /var/www/django/frms/startuwsgi.sh
RUN chmod 755 /usr/bin/manage.py
RUN bash /tmp/install.sh
EXPOSE 8000
ENV DOCKER=1
VOLUME ["/var/www/django/frms/logs", "/var/www/django/frms/private"]
ENTRYPOINT ["/var/www/django/frms/startuwsgi.sh"]
Betrieb mit Docker
==================
Image bauen
-----------
automatisch:
```bash
buildimage.sh
```
Container starten
-----------------
* Es muss eine MariaDB oder PostgreSQL Datenbank vorhanden sein
* Es muss eine Minimalkonfiguration erstellt werden. Als Vorlage gibt es
* [docker/example-settings/postgresql/settings_docker.py]
* [docker/example-settings/mariadb/settings_docker.py]
Für die Konfiguration kann ein beliebiges Verzeichnis auf dem Hostsystem gewählt werden, das gebackupt wird.
* Apache mit SSL muss eingerichtet sein. Außerdem ist [mod_proxy_uwsgi](https://httpd.apache.org/docs/2.4/mod/mod_proxy_uwsgi.html) notwendig. Der UWSGI im Container lauscht auf Port 8000 mit UWSGI Protokoll.
* Beim Start des Containers werden Datenbankmigrationen durchgeführt und die Datei `django_secret.txt` im Konfigurationsverzeichnis angelegt, wenn noch nicht vorhanden. Dort wird das Django Secret gespeichert, mit dem Cookies verschlüsselt werden.
Angenommen, die Konfiguration befindet sich unter `/etc/frms`, dann sollte der Container folgendermaßen gestartet werden:
```bash
docker run --name frms --rm -v /etc/frms/:/var/www/django/frms/private/ -d -p 127.0.0.1:8000:8000 frms
```
Im Apache reicht dann folgende Konfiguration im passenden Virtualhost:
```
ProxyPass /api uwsgi://127.0.0.1:8000/frms
ProxyPass /static uwsgi://127.0.0.1:8000/frms/static
```
#!/usr/bin/env bash
docker pull debian:buster
datum=$(date +%Y-%m-%d)
docker build -t frms:${datum} .
docker build -t frms:latest .
# -*- coding: utf-8 -*-
from __future__ import unicode_literals, print_function
SERVER_REALM="a.edu" # hs-mittweida.de
HTTP_SERVER_NAME="https://saxid.a.edu" # https://saxid-api.hs-mittweida.de
ALLOWED_HOSTS = ["saxid.a.edu"] # saxid-api.hs-mittweida.de
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'datenbank',
'USER': 'datenbank_rw',
'PASSWORD': 'super-secret-database', # @UndefinedVariable
'HOST': 'mysql.a.edu',
'OPTIONS': {
'init_command': ('SET storage_engine=INNODB,'
'character_set_connection=utf8,'
'collation_connection=utf8_bin'),
}
},
}
# -*- coding: utf-8 -*-
from __future__ import unicode_literals, print_function
SERVER_REALM="a.edu" # hs-mittweida.de
HTTP_SERVER_NAME="https://saxid.a.edu" # https://saxid-api.hs-mittweida.de
ALLOWED_HOSTS = ["saxid.a.edu"] # saxid-api.hs-mittweida.de
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'datenbank',
'USER': 'datenbank_rw',
'PASSWORD': 'super-secret-database', # @UndefinedVariable
'HOST': 'pgsql.a.edu',
}
}
[uwsgi]
plugin = python37,logfile
vassal_name = frms
gid=www-data
uid=www-data
;socket = /run/uwsgi/frms.sock
;chmod-socket = 660
uwsgi-socket = 0.0.0.0:8000
master = true
virtualenv = /var/www/django/frms/env/
chdir = /var/www/django/frms/app/
wsgi-file = frms/wsgi.py
processes = 4
threads = 2
logger = file:logfile=/var/www/django/frms/logs/uwsgi.log,maxsize=2097152,backupname=/var/www/django/frms/logs/uwsgi.log.old
attach-daemon2 = cmd=/var/www/django/frms/startsync.sh,pidfile=/tmp/sync.pid
static-map = /static/frms=/var/www/django/frms/static
#!/usr/bin/env bash
TARGET=/var/www/django/frms
mkdir -p /var/www/django/frms/logs
git clone https://gitlab.hrz.tu-chemnitz.de/saxid-federated-resource-management/frms.git $TARGET/app
cd $TARGET/app
git checkout docker
python3 -mvenv $TARGET/env
source $TARGET/env/bin/activate
cd $TARGET/app
pip install -r requirements.txt
pip install ipython
mkdir -p $TARGET/static
chown www-data: $TARGET/static
#!/bin/sh
/var/www/django/frms/env/bin/python /var/www/django/frms/app/manage.py "$@"
#!/usr/bin/env bash
/var/www/django/frms/env/bin/python /var/www/django/frms/app/sync.py --pidfile=/tmp/sync.pid
#!/usr/bin/env bash
FRMS_DIR=/var/www/django/frms
if [[ ! -f $FRMS_DIR/private/settings_docker.py ]]; then
cat <<EOF
settings_docker.py fehlt im Volume, das in /var/www/django/frms/private
gemountet wird. Darin müssen die Hochschulspezifischen Einstellungen gemacht
werden.
SERVER_REALM="..." # hs-mittweida.de
HTTP_SERVER_NAME="..." # https://saxid-api.hs-mittweida.de
ALLOWED_HOSTS = [""] # saxid-api.hs-mittweida.de
DATABASES = {
}
EOF
exit
fi
chown -R www-data:www-data "${FRMS_DIR}/logs"
su www-data -s /bin/bash -c "${FRMS_DIR}/env/bin/python ${FRMS_DIR}/app/manage.py migrate"
su www-data -s /bin/bash -c "${FRMS_DIR}/env/bin/python ${FRMS_DIR}/app/manage.py collectstatic"
/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/frms.ini
......@@ -2,6 +2,9 @@
from __future__ import unicode_literals
import sys
import os.path
import os
import random
import string
from .common import *
......@@ -90,33 +93,51 @@ gespeichert:
- `SECRET_KEY`
- Sonstige Geheimnisse, wie LDAP-Passwörter o.ä.
"""
sys.path.append(os.path.normpath(os.path.join(
os.path.dirname(__file__), "..", "..", "..", "private")))
from settings_private import *
private_dir = os.path.normpath(os.path.join(
os.path.dirname(__file__), "..", "..", "..", "private"))
sys.path.append(private_dir)
if os.environ.get("DOCKER", "") == "1":
secrets_file = os.path.join(private_dir, "django_secret.txt")
if not os.path.exists(secrets_file):
key = "".join([random.SystemRandom().choice(string.digits + string.ascii_letters + "!#$%&()*+,-./:;<=>?@[]^_`{|}~") for i in range(60)])
with open(secrets_file, "w") as f:
f.write(key)
with open(secrets_file, "r") as f:
SECRET_KEY = f.readline().strip()
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
]
MIDDLEWARE_CLASSES.append('django.contrib.auth.middleware.AuthenticationMiddleware')
MIDDLEWARE_CLASSES.remove('django.contrib.auth.middleware.RemoteUserMiddleware')
from settings_docker import *
else:
from settings_private import *
# Mindestens eine Datenbank muss als 'default' konfiguriert werden.
DATABASES = {
'example_postgres': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'datenbank',
'USER': 'datenbank_rw',
'PASSWORD': DATABASE_PASSWORD, # @UndefinedVariable
'HOST': 'pgsql.hrz.tu-chemnitz.de',
},
'example_mysql': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'datenbank',
'USER': 'datenbank_rw',
'PASSWORD': DATABASE_PASSWORD, # @UndefinedVariable
'HOST': 'mysql.hrz.tu-chemnitz.de',
'OPTIONS': {
'init_command': ('SET storage_engine=INNODB,'
'character_set_connection=utf8,'
'collation_connection=utf8_bin'),
}
},
}
try:
from settings_local import *
except:
pass
DATABASES = {
'example_postgres': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'datenbank',
'USER': 'datenbank_rw',
'PASSWORD': DATABASE_PASSWORD, # @UndefinedVariable
'HOST': 'pgsql.hrz.tu-chemnitz.de',
},
'example_mysql': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'datenbank',
'USER': 'datenbank_rw',
'PASSWORD': DATABASE_PASSWORD, # @UndefinedVariable
'HOST': 'mysql.hrz.tu-chemnitz.de',
'OPTIONS': {
'init_command': ('SET storage_engine=INNODB,'
'character_set_connection=utf8,'
'collation_connection=utf8_bin'),
}
},
}
try:
from settings_local import *
except:
pass
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment