-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile-nci
185 lines (157 loc) · 7.4 KB
/
Dockerfile-nci
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# MCL Site - Image Building
# =========================
#
# Used by "docker image build"
#
# The Twit-lock security scanner absolutely hates Debian Linux, so we can't
# base ourselves off the python:2.7 image either, which uses Debian. Further
# tests show that Ubuntu is out too (of course); the only acceptable Linuxes
# are centos:8 and alpine:3. So we either have to install Python, Plone, and
# all our dependencies on centos:8 or use the python:2.7.17-alpine3.11 as a
# base.
#
# FURTHER HEADACHE: we can't run as 26013 at JPL or any place else in the
# world because our data volume runs as 500, so let's throw Docker best
# practices out and make two images:
#
# ``Dockerfile`` (this file)
# Makes an image the old fashioned way (user ID 500)
# ``Dockerfile-nci``
# Makes an image with the user ID 26013 requirement
# Basis
# -----
#
# We'd normally just ue plone:5.2.1 but see the commentary above.
FROM python:2.7.17-alpine3.11
# Versions and digests
# --------------------
#
ENV \
SETUPTOOLS=39.1.0 \
PLONE_MAJOR=5.0 \
PLONE_VERSION=5.0.8 \
PLONE_VERSION_RELEASE=Plone-5.0.8-UnifiedInstaller-r2 \
PLONE_MD5=246788240851f48bc2f84289a3dc6480 \
PLONE_REACT=/plone/buildout-cache/eggs/Products.CMFPlone-5.0.8-py2.7.egg/Products/CMFPlone/static/components/react \
PLONE_LODASH=/plone/buildout-cache/eggs/Products.CMFPlone-5.0.8-py2.7.egg/Products/CMFPlone/static/components/lodash/dist \
PLONE_JQTREE_JQUERY=/plone/buildout-cache/eggs/Products.CMFPlone-5.0.8-py2.7.egg/Products/CMFPlone/static/components/jqtree/static/bower_components/jquery/dist \
PLONE_MARKED=/plone/buildout-cache/eggs/Products.CMFPlone-5.0.8-py2.7.egg/Products/CMFPlone/static/components/marked \
PLONE_JINJA2=/plone/buildout-cache/eggs/Jinja2-2.8-py2.7.egg \
REACT=https://unpkg.com/[email protected]/dist/react.js \
REACT_MIN=https://unpkg.com/[email protected]/dist/react.min.js \
REACT_WITH_ADDONS=https://unpkg.com/[email protected]/dist/react-with-addons.js \
REACT_WITH_ADDONS_MIN=https://unpkg.com/[email protected]/dist/react-with-addons.min.js \
JQUERY_3_0_0_MIN=https://code.jquery.com/jquery-3.0.0.min.js \
MARKED=https://cdnjs.cloudflare.com/ajax/libs/marked/0.3.9/marked.js \
MARKED_MIN=https://cdnjs.cloudflare.com/ajax/libs/marked/0.3.9/marked.min.js
# Plone and MCL Setup
# -------------------
#
# OK, now that we have a working Python, let's change it up.
#
#
# Users and Directories
# ~~~~~~~~~~~~~~~~~~~~~
#
# See note above; for NCI we change to 26013 instead of 500
RUN : &&\
addgroup -S -g 26013 mcl &&\
adduser -S -D -h /plone -G mcl -u 26013 -g 'Plone for MCL User' mcl &&\
mkdir -p /data/filestorage /data/blobstorage &&\
chown -R mcl:mcl /data &&\
:
# Milieu Setup
# ~~~~~~~~~~~~
#
# Note that there are lots of extra layer creation below. I don't care. We
# will address this when we upgrade to Plone 5.2+ and Python3.
RUN : &&\
echo '@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories &&\
echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories &&\
apk update --quiet &&\
: More Twit-lock &&\
apk del --quiet tiff &&\
: We will uninstall these later &&\
buildDeps="gcc bzip2-dev musl-dev libjpeg-turbo-dev openjpeg-dev pcre-dev openssl-dev tiff-dev libxml2-dev libxslt-dev zlib-dev openldap-dev cyrus-sasl-dev libffi-dev sudo make" &&\
apk add --no-progress --quiet --virtual /plone-build $buildDeps &&\
: These stay &&\
runDeps="openjpeg@edge libldap libsasl libjpeg-turbo tiff libxml2 libxslt lynx netcat-openbsd libstdc++@edge libgcc@edge sqlite-libs@edge poppler-utils@edge rsync wv su-exec bash" &&\
apk add --no-progress --quiet $runDeps &&\
: Get, check, and extract Plone &&\
wget --quiet --output-document=Plone.tgz https://launchpad.net/plone/$PLONE_MAJOR/$PLONE_VERSION/+download/Plone-$PLONE_VERSION-UnifiedInstaller.tgz &&\
echo "$PLONE_MD5 Plone.tgz" | md5sum -c - &&\
tar -xzf Plone.tgz &&\
:
RUN : &&\
/Plone-$PLONE_VERSION-UnifiedInstaller/install.sh --password=admin --daemon-user=mcl --owner=mcl --group=mcl --target=/plone --instance=instance --var=/data none &&\
: Twit-lock patches &&\
wget --quiet --output-document=$PLONE_REACT/react-with-addons.js $REACT_WITH_ADDONS &&\
wget --quiet --output-document=$PLONE_REACT/react-with-addons.min.js $REACT_WITH_ADDONS_MIN &&\
wget --quiet --output-document=$PLONE_REACT/react.js $REACT &&\
wget --quiet --output-document=$PLONE_REACT/react.min.js $REACT_MIN &&\
wget --quiet --output-document=$PLONE_JQTREE_JQUERY/jquery.min.js $JQUERY_3_0_0_MIN &&\
find $PLONE_LODASH -type f -delete &&\
find $PLONE_MARKED/man $PLONE_MARKED/bin -type f -delete &&\
rm $PLONE_MARKED/package.json $PLONE_MARKED/component.json $PLONE_MARKED/.bower.json &&\
wget --quiet --output-document=$PLONE_MARKED/lib/marked.js $MARKED &&\
wget --quiet --output-document=$PLONE_MARKED/marked.min.js $MARKED_MIN &&\
rm -r $PLONE_JINJA2 &&\
:
# Our Code
# ~~~~~~~~
#
# The ``etc`` and ``src`` directories are our own, as is the ``docker.cfg``;
# the ``buildout.cfg`` is duplicated (and modified) from plone/plone.docker,
# as is the ``docker-initialize.py`` and the (modified)
# ``docker-entrypoint.sh``.
COPY --chown=mcl:mcl buildout.cfg docker.cfg /plone/instance/
COPY --chown=mcl:mcl etc /plone/instance/etc
COPY --chown=mcl:mcl src /plone/instance/src
COPY docker-initialize.py docker-entrypoint.sh /
# Buildout
# ~~~~~~~~
RUN : &&\
: Clean up anything copied from our src dirs &&\
find /plone/instance/src -name '*.py[co]' -exec rm -f '{}' + &&\
rm -rf /plone/instance/src/*/{var,bin,develop-eggs,parts} &&\
:
RUN : &&\
cd /plone/instance &&\
sudo -u mcl LIBRARY_PATH=/lib:/usr/lib ./bin/buildout -c docker.cfg &&\
ln -s /data/filestorage/ /plone/instance/var/filestorage &&\
ln -s /data/blobstorage /plone/instance/var/blobstorage &&\
chown -R mcl:mcl /plone /data &&\
rm -rf /Plone* &&\
:
RUN : Yet more Twit-lock &&\
rm \
/plone/buildout-cache/eggs/Pillow-6.2.2-py2.7-linux-x86_64.egg/PIL/SgiImagePlugin.pyc \
/plone/buildout-cache/eggs/Pillow-6.2.2-py2.7-linux-x86_64.egg/PIL/SgiImagePlugin.py \
/plone/buildout-cache/eggs/Pillow-6.2.2-py2.7-linux-x86_64.egg/PIL/SgiImagePlugin.pyo &&\
:
RUN : &&\
apk del --no-progress --quiet /plone-build &&\
rm -rf /plone/buildout-cache/downloads/* /var/cache/apk/* &&\
:
# Context
# -------
#
# Finally, we set up the runtime context: volume, cwd, etc.
VOLUME /data
EXPOSE 8080
USER mcl:mcl
WORKDIR /plone/instance
HEALTHCHECK --interval=1m --timeout=5s --start-period=1m CMD nc -z -w5 127.0.0.1 8080 || exit 1
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["start"]
# Metadata
# --------
#
# Note that ``org.label-schema`` is deprecated, but it's a heck of a lot
# easier to understand. Still, I have to wonder why they didn't just use
# Dublin Core.
LABEL "org.label-schema.docker.cmd"="docker container run --detach --publish 2345:8080 --volume \${MCL_DATA_DIR}/filestorage:/data/filestorage --volume \${MCL_DATA_DIR}/blobstorage:/data/blobstorage --volume \${MCL_DATA_DIR}/log:/data/log mcl-site"
LABEL "org.label-schema.name"="MCL Website/Portal"
LABEL "org.label-schema.description"="Plone 5-based portal for the Consortium for Molecular and Cellular Characterization of Screen-Detected Lesions"
LABEL "org.label-schema.version"="1.1.0"
LABEL "org.label-schema.schema-version"="1.0"