EIC code displayed by LXR

0001 #!/usr/bin/env python
0002 #
0003 # Licensed under the Apache License, Version 2.0 (the "License");
0004 # You may not use this file except in compliance with the License.
0005 # You may obtain a copy of the License at
0006 # http://www.apache.org/licenses/LICENSE-2.0OA
0007 #
0008 # Authors:
0009 # - Wen Guan, <wen.guan@cern.ch>, 2024
0010
0011
0012 FROM docker.io/almalinux:9.4
0013
0014 ARG TAG
0015
0016 WORKDIR /tmp
0017
0018 RUN yum install -y epel-release.noarch && \
0019      yum clean all && \
0020      rm -rf /var/cache/yum
0021 RUN yum upgrade -y && \
0022     yum clean all && \
0023     rm -rf /var/cache/yum
0024
0025 RUN yum install -y yum-utils
0026 RUN yum-config-manager --enable crb
0027
0028 # RUN yum install -y httpd.x86_64 conda gridsite mod_ssl.x86_64 httpd-devel.x86_64 gcc.x86_64 supervisor.noarch fetch-crl.noarch lcg-CA postgresql postgresql-contrib postgresql-static postgresql-libs postgresql-devel && \
0029 #     yum clean all && \
0030 #     rm -rf /var/cache/yum
0031 RUN yum install -y httpd.x86_64 which conda gridsite mod_ssl.x86_64 httpd-devel.x86_64 gcc.x86_64 supervisor.noarch fetch-crl.noarch redis syslog-ng procps passwd which  systemd-udev wget voms-clients-java voms-clients-cpp && \
0032 yum clean all && \
0033 rm -rf /var/cache/yum
0034
0035 # install postgres
0036 # RUN yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm
0037 # RUN yum install --nogpgcheck -y postgresql16
0038 RUN yum install --nogpgcheck -y postgresql
0039 RUN  yum clean all && rm -rf /var/cache/yum
0040
0041
0042 # install Oracle Instant Client
0043 RUN wget https://download.oracle.com/otn_software/linux/instantclient/oracle-instantclient-basic-linuxx64.rpm -P /tmp/ && \
0044     yum install -y /tmp/oracle-instantclient-basic-linuxx64.rpm && \
0045     wget https://download.oracle.com/otn_software/linux/instantclient/oracle-instantclient-sqlplus-linuxx64.rpm -P /tmp/ && \
0046     yum install -y /tmp/oracle-instantclient-sqlplus-linuxx64.rpm && \
0047     wget https://download.oracle.com/otn_software/linux/instantclient/oracle-instantclient-devel-linuxx64.rpm -P /tmp/ && \
0048     yum install -y /tmp/oracle-instantclient-devel-linuxx64.rpm
0049
0050 # install NATS
0051 RUN yum install -y https://github.com/nats-io/nats-server/releases/download/v2.11.9/nats-server-v2.11.9-amd64.rpm https://github.com/nats-io/natscli/releases/download/v0.2.4/nats-0.2.4-amd64.rpm
0052
0053 # RUN curl http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -o /etc/yum.repos.d/EGI-trustanchors.repo/
0054 RUN curl https://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo -o /etc/yum.repos.d/EGI-trustanchors.repo
0055
0056 RUN yum install -y fetch-crl.noarch ca-policy-egi-core && \
0057     yum clean all && \
0058     rm -rf /var/cache/yum
0059
0060 # update network limitations
0061 # RUN echo 4096 > /proc/sys/net/core/somaxconn
0062 # RUN sysctl -w net.core.somaxconn=4096
0063 RUN echo 'net.core.somaxconn=4096' >> /etc/sysctl.d/999-net.somax.conf
0064
0065 # setup env
0066 RUN adduser atlpan
0067 RUN groupadd zp
0068 RUN usermod -a -G zp atlpan
0069
0070 # rubin users
0071 RUN groupadd -g 4085 rubin_users
0072 RUN usermod -aG rubin_users atlpan
0073
0074 RUN mkdir /opt/idds
0075 RUN mkdir /var/log/idds
0076 RUN mkdir /var/log/idds/wsgisocks/
0077 RUN mkdir /var/idds
0078 RUN mkdir /var/idds/wsgisocks
0079 RUN chown atlpan -R /opt/idds
0080 # RUN chown atlpan -R /opt/idds_source
0081 RUN chown atlpan -R /var/log/idds
0082 RUN chown apache -R /var/idds/wsgisocks/
0083
0084 # redis
0085 RUN chmod -R a+rx /etc/redis*
0086 # RUN chmod a+rwx /var/log/redis
0087 # RUN chmod a+rwx /var/lib/redis
0088 RUN rm -fr /var/log/redis
0089 RUN rm -fr /var/lib/redis
0090 RUN mkdir /var/log/idds/redis
0091 RUN chmod a+rwx /var/log/idds/redis
0092 RUN ln -s /var/log/idds/redis /var/log/redis
0093 RUN ln -s /var/log/idds/redis /var/lib/redis
0094
0095 # setup conda virtual env
0096 ADD requirements.yaml /opt/idds/
0097 # ADD start-daemon.sh /opt/idds/
0098 RUN conda env create --prefix=/opt/idds -f /opt/idds/requirements.yaml
0099 RUN source /etc/profile.d/conda.sh; conda activate /opt/idds
0100 # RUN conda activate /opt/idds
0101
0102 # Make RUN commands use the new environment:
0103 # SHELL ["conda", "run", "-p", "/opt/idds", "/bin/bash", "-c"]
0104
0105 # install required packages
0106 RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade pip
0107 RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade setuptools wheel build twine
0108
0109 RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade requests SQLAlchemy urllib3 retrying mod_wsgi flask futures stomp.py oracledb unittest2 pep8 flake8 pytest nose sphinx recommonmark sphinx-rtd-theme nevergrad
0110 RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade psycopg2-binary nats-py asyncio
0111 RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; python3 -m pip install --no-cache-dir --upgrade rucio-clients-atlas rucio-clients panda-client-light cachetools
0112
0113
0114 WORKDIR /tmp/src
0115 COPY . .
0116
0117 RUN source /etc/profile.d/conda.sh; conda activate /opt/idds; \
0118   if [[ -z "$TAG" ]] ; then \
0119   python3 build_all.py wheel && main/tools/env/install_packages.sh ; \
0120   else \
0121   python3 -m pip install --no-cache-dir --upgrade idds-common==$TAG idds-workflow==$TAG idds-server==$TAG idds-client==$TAG idds-doma==$TAG idds-atlas==$TAG idds-website==$TAG idds-monitor==$TAG ; \
0122   fi
0123
0124 WORKDIR /tmp
0125 RUN rm -rf /tmp/src
0126
0127 RUN chmod 777 /opt/idds/monitor/data
0128 RUN chmod 777 /opt/idds/monitor/data/conf.js
0129 RUN mkdir /opt/idds/config
0130 RUN mkdir /opt/idds/config/idds
0131 # RUN mkdir /opt/idds/config_default
0132
0133 # ADD idds.cfg.default /opt/idds/config
0134
0135 # RUN ls /opt/idds/etc; ls /opt/idds/etc/idds; ls /opt/idds/etc/panda;
0136 # RUN ls /opt/idds/config; ls /opt/idds/config/idds;
0137
0138 # for rest service
0139 # RUN ln -fs /opt/idds/config/hostkey.pem /etc/grid-security/hostkey.pem
0140 # RUN ln -fs /opt/idds/config/hostcert.pem /etc/grid-security/hostcert.pem
0141
0142 # to authenticate to rucio
0143 RUN ln -fs /opt/idds/config/ca.crt /opt/idds/etc/ca.crt
0144 RUN ln -fs /opt/idds/config/rucio.cfg /opt/idds/etc/rucio.cfg
0145
0146 # for panda client to access panda
0147 RuN mkdir -p /opt/idds/etc/panda/
0148 RUN ln -fs /opt/idds/config/panda.cfg /opt/idds/etc/panda/panda.cfg
0149
0150 # for idds rest service
0151 RUN ln -fs /opt/idds/config/idds/idds.cfg /opt/idds/etc/idds/idds.cfg
0152 RUN ln -fs /opt/idds/config/idds/auth.cfg /opt/idds/etc/idds/auth/auth.cfg
0153 RUN ln -fs /opt/idds/config/idds/gacl /opt/idds/etc/idds/rest/gacl
0154 RUN ln -fs /opt/idds/config/idds/httpd-idds-443-py311-al9.conf /etc/httpd/conf.d/httpd-idds-443-py311-al9.conf
0155
0156 # update http config
0157 RUN sed -i 's/Listen\ 443/#\ Listen\ 443/g' /etc/httpd/conf.d/ssl.conf
0158 RUN sed -i 's/Listen\ 80/#\ Listen\ 80/g' /etc/httpd/conf/httpd.conf
0159 RUN sed -i "s/WSGISocketPrefix\ \/var\/log\/idds\/wsgisocks\/wsgi/WSGISocketPrefix\ \/var\/idds\/wsgisocks\/wsgi/g" /opt/idds/config_default/httpd-idds-443-py311-al9.conf
0160
0161 # for idds daemons
0162 # RUN ln -fs /opt/idds/config/idds/supervisord_idds.ini /etc/supervisord.d/idds.ini
0163 # RUN ln -fs /opt/idds/config/idds/supervisord_iddsfake.ini /etc/supervisord.d/iddsfake.ini
0164 RUN ln -fs /opt/idds/config/idds/supervisord_idds_clerk.ini /etc/supervisord.d/idds_clerk.ini
0165 RUN ln -fs /opt/idds/config/idds/supervisord_idds_transformer.ini /etc/supervisord.d/idds_transformer.ini
0166 RUN ln -fs /opt/idds/config/idds/supervisord_idds_submitter.ini /etc/supervisord.d/idds_submitter.ini
0167 RUN ln -fs /opt/idds/config/idds/supervisord_idds_poller.ini /etc/supervisord.d/idds_poller.ini
0168 RUN ln -fs /opt/idds/config/idds/supervisord_idds_trigger.ini /etc/supervisord.d/idds_trigger.ini
0169 RUN ln -fs /opt/idds/config/idds/supervisord_idds_finisher.ini /etc/supervisord.d/idds_finisher.ini
0170 RUN ln -fs /opt/idds/config/idds/supervisord_idds_receiver.ini /etc/supervisord.d/idds_receiver.ini
0171
0172 RUN ln -fs /opt/idds/config/idds/supervisord_httpd.ini /etc/supervisord.d/httpd.ini
0173 # RUN ln -fs /opt/idds/config/idds/supervisord_syslog-ng.ini /etc/supervisord.d/syslog-ng.ini
0174 RUN ln -fs /opt/idds/config/idds/supervisord_logrotate.ini /etc/supervisord.d/logrotate.ini
0175 RUN ln -fs /opt/idds/config/idds/supervisord_healthmonitor.ini /etc/supervisord.d/healthmonitor.ini
0176 RUN ln -fs /opt/idds/config/idds/logrotate_idds /etc/logrotate.d/idds
0177 RUN ln -fs /opt/idds/config/idds/supervisord_nats.ini /etc/supervisord.d/nats.ini
0178
0179 # for syslog-ng
0180 RUN mv /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.back
0181 ADD main/tools/syslog-ng/syslog-ng.conf /etc/syslog-ng/
0182 ADD main/tools/syslog-ng/idds.conf /etc/syslog-ng/conf.d/
0183 ADD main/tools/syslog-ng/http.conf /etc/syslog-ng/conf.d/
0184
0185 RUN chown atlpan -R /etc/grid-security/certificates
0186
0187 RUN mkdir -p /data/idds_requests
0188 RUN chmod 777 /data/idds_requests
0189 RUN chmod -R 777 /opt/idds/config
0190 RUN chmod -R 777 /var/log/idds
0191 RUN chmod -R 777 /var/idds
0192 RUN chmod 777 /etc/grid-security
0193 RUN chmod 777 /etc/httpd/conf.d
0194 RUN chmod 777 /etc/httpd/conf/httpd.conf
0195 RUN chmod 777 /etc/httpd/conf
0196 RUN chmod 777 /run/httpd
0197 RUN chmod 777 /var/log/supervisor/
0198 RUN chmod 777 /var/run/supervisor
0199 RUN chmod 777 /var/run
0200 RUN chmod 777 /etc/httpd/logs
0201
0202 ENV PATH /opt/idds/bin/:$PATH
0203
0204 ADD start-daemon.sh /opt/idds/bin/
0205 RUN mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.back
0206 # ADD ssl.conf /etc/httpd/conf.d/ssl.conf
0207 RUN ln -s /opt/idds/etc/idds/rest/ssl.conf /etc/httpd/conf.d/ssl.conf
0208
0209 VOLUME /var/log/idds
0210 VOLUME /opt/idds/config
0211 VOLUME /data/idds_requests
0212
0213 ENTRYPOINT ["start-daemon.sh"]
0214
0215 STOPSIGNAL SIGINT
0216
0217 EXPOSE 443
0218 CMD ["all"]