pingu_98/cara
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix the expert app, as the new docker image did not support running as non-root.

Browse source
This commit is contained in:
Phil Elson 2021-07-30 17:53:19 +02:00
parent 3ef00c8312
commit af3fe421db
3 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -148,7 +148,7 @@ export CLIENT_SECRET
Run docker-compose:
```
cd app-config
docker-compose up
CURRENT_UID=$(id -u):$(id -g) docker-compose up
```
Then visit http://localhost:8080/.

9
app-config/cara-webservice/Dockerfile
View file

@ -23,9 +23,14 @@ FROM debian
COPY --from=conda /opt/app /opt/app
ENV PATH=/opt/app/bin/:$PATH
# Make a convenient location to the installed CARA package (i.e. a directory called cara in the CWD).
# It is important that this directory is also writable by a non-root user.
RUN mkdir -p /scratch \
&& chmod a+wx /scratch
# Set the HOME directory to something that anybody can write to (to support non root users, such as on openshift).
ENV HOME=/scratch
WORKDIR /scratch
RUN CARA_INIT_FILE=$(/opt/app/bin/python -c "import cara; print(cara.__file__)") \
&& ln -s $(dirname $(dirname ${CARA_INIT_FILE})) /opt/site-packages \
&& ln -s /opt/site-packages/cara ./cara
&& ln -s $(dirname ${CARA_INIT_FILE}) /scratch/cara
CMD [ \
"cara-app.sh" \
]

13
app-config/docker-compose.yml
View file

@ -4,6 +4,7 @@ services:
image: cara-webservice
environment:
- APP_NAME=cara-voila
user: ${CURRENT_UID:?"Please run as follows 'CURRENT_UID=$(id -u):$(id -g) docker-compose up'"}
cara-webservice:
image: cara-webservice
@ -12,6 +13,7 @@ services:
- APP_NAME=cara-webservice
- CARA_CALCULATOR_PREFIX=/calculator-cern
- CARA_THEME=cara/apps/calculator/themes/cern
user: ${CURRENT_UID}
cara-calculator-open:
image: cara-webservice
@ -19,6 +21,7 @@ services:
- COOKIE_SECRET
- APP_NAME=cara-webservice
- CARA_CALCULATOR_PREFIX=/calculator-open
user: ${CURRENT_UID}
auth-service:
image: auth-service
@ -28,6 +31,7 @@ services:
- OIDC_REALM
- CLIENT_ID
- CLIENT_SECRET
user: ${CURRENT_UID}
cara-router:
image: cara-nginx-app
@ -35,10 +39,11 @@ services:
- "8080:8080"
depends_on:
cara-webservice:
condition: service_started
condition: service_started
cara-calculator-open:
condition: service_started
condition: service_started
cara-app:
condition: service_started
condition: service_started
auth-service:
condition: service_started
condition: service_started
user: ${CURRENT_UID}