pdonorio/Dockerfile

## README.md

      
    Raw
  

              README.md
            
          
    The lastet iCAT server on the latest ubuntu LTS,
based on the latest Docker engine v1.13
using the latest V3 for YAML format with docker-compose.
Note: there should be an .env file on the root coupled with the docker-compose file
which covers the declaration of all the ${VARIABLES} found in YAML format.
To make this work use:
docker-compose up

  
## docker-compose.yml
version: '3'
services:

  # Postgres database server
  sql:
    image: postgres:9.6
    volumes:
      - sqldata:/var/lib/postgresql/data
      - ./pgs_init.sh:/docker-entrypoint-initdb.d/setup-my-schema.sh:ro
    environment:
      POSTGRES_USER: "${ALCHEMY_USER}"
      POSTGRES_PASSWORD: "${ALCHEMY_PASSWORD}"
      POSTGRES_DBS: ${ALCHEMY_DBS}
    networks:
      dbnet:
        aliases:
          - ${ALCHEMY_HOST}

  # iRODS iCAT server for EUDAT B2safe
  icat:
    # B2safe instance on irods
    build: ./icat
    image: myicat
    environment:
      POSTGRES_HOST: "${ALCHEMY_HOST}"
      POSTGRES_USER: "${ALCHEMY_USER}"
      POSTGRES_PASSWORD: "${ALCHEMY_PASSWORD}"
      IRODS_HOST: ${IRODS_HOST}
      IRODS_PORT: ${IRODS_PORT}
      IRODS_ZONE: ${IRODS_ZONE}
      IRODS_DB: "${IRODS_DB}"
      IRODS_USER: ${IRODS_USER}
      IRODS_PASSWORD: ${ALCHEMY_PASSWORD}
    # Open irods port to Outside world
    ports:
      - 1247:1247
    hostname: rodserver
    volumes:
      - etcconf:/etc
      - irodsvar:/var/lib/irods
    networks:
      dbnet

volumes:
  sqldata:
    driver: local
  # etc etc..

networks:
  dbnet:


## docker-entrypoint.sh
#!/bin/bash

# Check postgres at startup
until PGPASSWORD=$POSTGRES_PASSWORD psql -h $POSTGRES_HOST -U $POSTGRES_USER $IRODS_DB -c "\d" 1> /dev/null 2> /dev/null;
do
  >&2 echo "Postgres is unavailable - sleeping"
  sleep 1
done

# Is it init time?
checkirods=$(ls /etc/irods/)
if [ "$checkirods" == "" ]; then

    #############################
    # Install irods&friends     #
    # install irods 4.2 + GSI
    # it automatically create the irods user
    # it automatically fixes permissions
    # it also checks if server is up at the end
    #############################

    MYDATA="/tmp/answers"
    sudo -E /prepare_answers $MYDATA
    # Launch the installation
    sudo python /var/lib/irods/scripts/setup_irods.py < $MYDATA
    # Verify how it went
    if [ "$?" == "0" ]; then
        echo ""
        echo "iRODS INSTALLED!"
    else
        echo "Failed to install irods..."
        exit 1
    fi

else
    # NO: launch irods
    echo "Already installed. Launching..."
    service irods start

fi
## END

echo "iRODS is ready"
sleep infinity
exit 0

## Dockerfile

FROM ubuntu:16.04
# LTS
MAINTAINER "Paolo D'Onorio De Meo"

# Preparation
RUN apt-get update -qq && apt-get install -y \
        ## normal base
        wget git vim expect lsof sudo \
        ## fix adding irods to source list
        # lsb-release \
        ## fix the ssl error for apt-key
        gnupg-curl \
        ## fix "The method driver /usr/lib/apt/methods/https could not be found"
        apt-transport-https \
        ## fix the plugin error at irods installation time
        libxml2 \
    # clean
    && apt-get clean autoclean && apt-get autoremove -y && \
    rm -rf /var/lib/cache /var/lib/log /tmp/*

# Add repos, download and install
ENV URL https://packages.irods.org
RUN apt-key adv --fetch-keys $URL/irods-signing-key.asc \
    # && echo "deb $URL/apt/ $(lsb_release -sc) main" \
    && echo "deb $URL/apt/ trusty main" \
        > /etc/apt/sources.list.d/renci-irods.list

ENV IRODS_VERSION 4.2.0
RUN apt-get update && apt-get install -y \
        # iCAT
        irods-server=$IRODS_VERSION \
        # iRODS Plugins (also GSI)
        irods-database-plugin-postgres irods-auth-plugin-gsi \
    # clean
    && apt-get clean autoclean && apt-get autoremove -y && \
    rm -rf /var/lib/cache /var/lib/log /tmp/*

# Note: USER and GROUP are added automatically by irods install scripts

#######################################
## Closing operations

ENV TERM xterm-256color
# VOLUMES
VOLUME /etc
VOLUME /var/lib/irods

COPY ./expect_irods.sh /prepare_answers
COPY ./docker-entrypoint.sh /

EXPOSE 1247
# WORKDIR /tmp
ENTRYPOINT ["/docker-entrypoint.sh"]

## expect_irods.sh
#!/bin/bash

# All responses for irods installation script

if [ -z "$1" ]; then
    echo "Usage $0 SCRIPT_NAME"
    exit 1
fi

# Clean
SCRIPT=$1
rm -rf $SCRIPT && touch $SCRIPT

##############################
# Unix account

# account
echo "$IRODS_USER" >> $SCRIPT
# group
echo "$IRODS_USER" >> $SCRIPT
# iRODS server's role
echo "1" >> $SCRIPT
# ODBC driver for postgres
echo "1" >> $SCRIPT

##############################
# DB account

## server host name
echo "$POSTGRES_HOST" >> $SCRIPT
## db port 5432
echo "5432" >> $SCRIPT
# database name
echo "$IRODS_DB" >> $SCRIPT
# database username
echo "$POSTGRES_USER" >> $SCRIPT
# confirmation
echo "yes" >> $SCRIPT
# irods password
echo "$POSTGRES_PASSWORD" >> $SCRIPT
# salt password
echo "$POSTGRES_PASSWORD" >> $SCRIPT

##############################
# IRODS setup

# irods zone
echo "$IRODS_ZONE" >> $SCRIPT
# irods port
echo "$IRODS_PORT" >> $SCRIPT
# range begin
echo "20000" >> $SCRIPT
# range end
echo "20199" >> $SCRIPT
# control plane port
echo "1248" >> $SCRIPT
# schema (default)
echo "" >> $SCRIPT
# irods administrator
echo "$IRODS_USER" >> $SCRIPT
# confirmation
echo "yes" >> $SCRIPT

# zone key
(openssl rand -base64 16 2>/dev/null | sed 's,/,S,g' | sed 's,+,_,g' \
    | cut -c 1-16  | tr -d '\n' ; echo "") >> $SCRIPT
# negotation key
openssl rand -base64 32 2> /dev/null | sed 's,/,S,g' | sed 's,+,_,g' | cut -c 1-32 \
    >> $SCRIPT
# control plane key
openssl rand -base64 32 2> /dev/null | sed 's,/,S,g' | sed 's,+,_,g' | cut -c 1-32 \
    >> $SCRIPT
# admin password
echo "$IRODS_PASSWORD" >> $SCRIPT
# vault
echo "" >> $SCRIPT

echo "created irods expectation"

## pgs_init.sh
#!/bin/bash

conf='/var/lib/postgresql/data/pg_hba.conf'
## TO FIX: from an environment variable
net="172.1.0.0/16"
## http://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html

echo "Changing access"
echo "" > $conf

# Enable to allow health checks
echo "local   $POSTGRES_USER  $POSTGRES_USER  trust" >> $conf

echo "hostnossl       postgres  $POSTGRES_USER  $net   password" >> $conf

###################
# DBs handling
for obj in $POSTGRES_DBS;
do
    db=$(echo $obj | tr -d "'")
    echo "Enabling DB $db"
# Create it
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" << EOSQL
    CREATE DATABASE "$db";
EOSQL
    # GRANT ALL PRIVILEGES ON DATABASE "$db" TO $POSTGRES_USER;
# Add privileges
echo "hostnossl       $db  $POSTGRES_USER  $net   password" >> $conf
done

###################
echo "DONE"
	version: '3'
	services:

	# Postgres database server
	sql:
	image: postgres:9.6
	volumes:
	- sqldata:/var/lib/postgresql/data
	- ./pgs_init.sh:/docker-entrypoint-initdb.d/setup-my-schema.sh:ro
	environment:
	POSTGRES_USER: "${ALCHEMY_USER}"
	POSTGRES_PASSWORD: "${ALCHEMY_PASSWORD}"
	POSTGRES_DBS: ${ALCHEMY_DBS}
	networks:
	dbnet:
	aliases:
	- ${ALCHEMY_HOST}

	# iRODS iCAT server for EUDAT B2safe
	icat:
	# B2safe instance on irods
	build: ./icat
	image: myicat
	environment:
	POSTGRES_HOST: "${ALCHEMY_HOST}"
	POSTGRES_USER: "${ALCHEMY_USER}"
	POSTGRES_PASSWORD: "${ALCHEMY_PASSWORD}"
	IRODS_HOST: ${IRODS_HOST}
	IRODS_PORT: ${IRODS_PORT}
	IRODS_ZONE: ${IRODS_ZONE}
	IRODS_DB: "${IRODS_DB}"
	IRODS_USER: ${IRODS_USER}
	IRODS_PASSWORD: ${ALCHEMY_PASSWORD}
	# Open irods port to Outside world
	ports:
	- 1247:1247
	hostname: rodserver
	volumes:
	- etcconf:/etc
	- irodsvar:/var/lib/irods
	networks:
	dbnet

	volumes:
	sqldata:
	driver: local
	# etc etc..

	networks:
	dbnet:
	#!/bin/bash

	# Check postgres at startup
	until PGPASSWORD=$POSTGRES_PASSWORD psql -h $POSTGRES_HOST -U $POSTGRES_USER $IRODS_DB -c "\d" 1> /dev/null 2> /dev/null;
	do
	>&2 echo "Postgres is unavailable - sleeping"
	sleep 1
	done

	# Is it init time?
	checkirods=$(ls /etc/irods/)
	if [ "$checkirods" == "" ]; then

	#############################
	# Install irods&friends #
	# install irods 4.2 + GSI
	# it automatically create the irods user
	# it automatically fixes permissions
	# it also checks if server is up at the end
	#############################

	MYDATA="/tmp/answers"
	sudo -E /prepare_answers $MYDATA
	# Launch the installation
	sudo python /var/lib/irods/scripts/setup_irods.py < $MYDATA
	# Verify how it went
	if [ "$?" == "0" ]; then
	echo ""
	echo "iRODS INSTALLED!"
	else
	echo "Failed to install irods..."
	exit 1
	fi

	else
	# NO: launch irods
	echo "Already installed. Launching..."
	service irods start

	fi
	## END

	echo "iRODS is ready"
	sleep infinity
	exit 0

	FROM ubuntu:16.04
	# LTS
	MAINTAINER "Paolo D'Onorio De Meo"

	# Preparation
	RUN apt-get update -qq && apt-get install -y \
	## normal base
	wget git vim expect lsof sudo \
	## fix adding irods to source list
	# lsb-release \
	## fix the ssl error for apt-key
	gnupg-curl \
	## fix "The method driver /usr/lib/apt/methods/https could not be found"
	apt-transport-https \
	## fix the plugin error at irods installation time
	libxml2 \
	# clean
	&& apt-get clean autoclean && apt-get autoremove -y && \
	rm -rf /var/lib/cache /var/lib/log /tmp/*

	# Add repos, download and install
	ENV URL https://packages.irods.org
	RUN apt-key adv --fetch-keys $URL/irods-signing-key.asc \
	# && echo "deb $URL/apt/ $(lsb_release -sc) main" \
	&& echo "deb $URL/apt/ trusty main" \
	> /etc/apt/sources.list.d/renci-irods.list

	ENV IRODS_VERSION 4.2.0
	RUN apt-get update && apt-get install -y \
	# iCAT
	irods-server=$IRODS_VERSION \
	# iRODS Plugins (also GSI)
	irods-database-plugin-postgres irods-auth-plugin-gsi \
	# clean
	&& apt-get clean autoclean && apt-get autoremove -y && \
	rm -rf /var/lib/cache /var/lib/log /tmp/*

	# Note: USER and GROUP are added automatically by irods install scripts

	#######################################
	## Closing operations

	ENV TERM xterm-256color
	# VOLUMES
	VOLUME /etc
	VOLUME /var/lib/irods

	COPY ./expect_irods.sh /prepare_answers
	COPY ./docker-entrypoint.sh /

	EXPOSE 1247
	# WORKDIR /tmp
	ENTRYPOINT ["/docker-entrypoint.sh"]
	#!/bin/bash

	# All responses for irods installation script

	if [ -z "$1" ]; then
	echo "Usage $0 SCRIPT_NAME"
	exit 1
	fi

	# Clean
	SCRIPT=$1
	rm -rf $SCRIPT && touch $SCRIPT

	##############################
	# Unix account

	# account
	echo "$IRODS_USER" >> $SCRIPT
	# group
	echo "$IRODS_USER" >> $SCRIPT
	# iRODS server's role
	echo "1" >> $SCRIPT
	# ODBC driver for postgres
	echo "1" >> $SCRIPT

	##############################
	# DB account

	## server host name
	echo "$POSTGRES_HOST" >> $SCRIPT
	## db port 5432
	echo "5432" >> $SCRIPT
	# database name
	echo "$IRODS_DB" >> $SCRIPT
	# database username
	echo "$POSTGRES_USER" >> $SCRIPT
	# confirmation
	echo "yes" >> $SCRIPT
	# irods password
	echo "$POSTGRES_PASSWORD" >> $SCRIPT
	# salt password
	echo "$POSTGRES_PASSWORD" >> $SCRIPT

	##############################
	# IRODS setup

	# irods zone
	echo "$IRODS_ZONE" >> $SCRIPT
	# irods port
	echo "$IRODS_PORT" >> $SCRIPT
	# range begin
	echo "20000" >> $SCRIPT
	# range end
	echo "20199" >> $SCRIPT
	# control plane port
	echo "1248" >> $SCRIPT
	# schema (default)
	echo "" >> $SCRIPT
	# irods administrator
	echo "$IRODS_USER" >> $SCRIPT
	# confirmation
	echo "yes" >> $SCRIPT

	# zone key
	(openssl rand -base64 16 2>/dev/null \| sed 's,/,S,g' \| sed 's,+,_,g' \
	\| cut -c 1-16 \| tr -d '\n' ; echo "") >> $SCRIPT
	# negotation key
	openssl rand -base64 32 2> /dev/null \| sed 's,/,S,g' \| sed 's,+,_,g' \| cut -c 1-32 \
	>> $SCRIPT
	# control plane key
	openssl rand -base64 32 2> /dev/null \| sed 's,/,S,g' \| sed 's,+,_,g' \| cut -c 1-32 \
	>> $SCRIPT
	# admin password
	echo "$IRODS_PASSWORD" >> $SCRIPT
	# vault
	echo "" >> $SCRIPT

	echo "created irods expectation"
	#!/bin/bash

	conf='/var/lib/postgresql/data/pg_hba.conf'
	## TO FIX: from an environment variable
	net="172.1.0.0/16"
	## http://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html

	echo "Changing access"
	echo "" > $conf

	# Enable to allow health checks
	echo "local $POSTGRES_USER $POSTGRES_USER trust" >> $conf

	echo "hostnossl postgres $POSTGRES_USER $net password" >> $conf

	###################
	# DBs handling
	for obj in $POSTGRES_DBS;
	do
	db=$(echo $obj \| tr -d "'")
	echo "Enabling DB $db"
	# Create it
	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" << EOSQL
	CREATE DATABASE "$db";
	EOSQL
	# GRANT ALL PRIVILEGES ON DATABASE "$db" TO $POSTGRES_USER;
	# Add privileges
	echo "hostnossl $db $POSTGRES_USER $net password" >> $conf
	done

	###################
	echo "DONE"