Skip to content

Commit

Permalink
get Dataverse/Glassfish container running as non-root #4040
Browse files Browse the repository at this point in the history
  • Loading branch information
pdurbin committed Sep 27, 2017
1 parent ce949c9 commit b84526c
Show file tree
Hide file tree
Showing 4 changed files with 58 additions and 20 deletions.
4 changes: 4 additions & 0 deletions conf/docker/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@
GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
# FIXME: Make this script dynamic so you can switch the tag to the branch you're on or a tagged release.
TAG=kick-the-tires
# kick-the-tires should be relatively stable. Push to tags with branch names to iterate on the images.
#TAG=$GIT_BRANCH
echo Images will be pushed to Docker Hub with the tag $TAG
# Use "conf" directory as context so we can copy schema.xml into Solr image.
docker build -t iqss/dataverse-solr:$TAG -f solr/Dockerfile ../../conf
docker push iqss/dataverse-solr:$TAG
Expand All @@ -13,4 +16,5 @@ cp ../../doc/sphinx-guides/source/_static/util/default.config dataverse-glassfis
cp ../../downloads/glassfish-4.1.zip dataverse-glassfish
cp ../../downloads/weld-osgi-bundle-2.2.10.Final-glassfish4.jar dataverse-glassfish
docker build -t iqss/dataverse-glassfish:$TAG dataverse-glassfish
# FIXME: Check the output of `docker build` and only push on success.
docker push iqss/dataverse-glassfish:$TAG
29 changes: 14 additions & 15 deletions conf/docker/dataverse-glassfish/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -34,19 +34,26 @@ RUN find /tmp
#RUN exitEarly

# Install Glassfish 4.1

RUN cd /tmp \
&& unzip glassfish-4.1.zip \
&& mv glassfish4 /usr/local \
&& cd /usr/local/glassfish4/glassfish/modules \
&& rm weld-osgi-bundle.jar \
#&& rm weld-osgi-bundle.jar
#&& wget http://central.maven.org/maven2/org/jboss/weld/weld-osgi-bundle/2.2.10.SP1/weld-osgi-bundle-2.2.10.SP1-glassfish4.jar \
#&& cp /tmp/weld-osgi-bundle-2.2.10.SP1-glassfish4.jar . \
&& cp /tmp/weld-osgi-bundle-2.2.10.Final-glassfish4.jar . \
#&& cp /tmp/weld-osgi-bundle-2.2.10.SP1-glassfish4.jar .
#&& echo "$GLASSFISH_DOWNLOAD_SHA1 weld-osgi-bundle-2.2.10.SP1-glassfish4.jar" | sha1sum -c - \
#&& rm -rf /usr/local/glassfish4/glassfish/domains/domain1 \
&& rm /tmp/glassfish-4.1.zip
#FIXME: Patch Grizzly too!
&& echo "Done installing and patching Glassfish"

RUN chmod g=u /etc/passwd

RUN mkdir -p /home/glassfish
RUN chgrp -R 0 /home/glassfish && \
chmod -R g=u /home/glassfish

RUN mkdir -p /usr/local/glassfish4
RUN chgrp -R 0 /usr/local/glassfish4 && \
chmod -R g=u /usr/local/glassfish4


#RUN exitEarlyBeforeJq
RUN yum -y install epel-release
Expand All @@ -63,14 +70,6 @@ RUN yum install -y jq
#RUN mkdir -p /tmp/WEB-INF/classes/META-INF/
#COPY WEB-INF/classes/META-INF/persistence.xml /tmp/WEB-INF/classes/META-INF/

# Install Dataverse WAR
RUN cd ~ \
# && wget https://github.com/IQSS/dataverse/releases/download/v4.7/dvinstall.zip \
&& cp /tmp/dvinstall.zip . \
&& unzip dvinstall.zip
#&& unzip dvinstall.zip \
#&& jar -uf dvinstall/dataverse.war -C /tmp/ /WEB-INF/classes/META-INF/persistence.xml

# Install iRods iCommands
#RUN cd /tmp \
# && yum -y install epel-release \
Expand Down
19 changes: 16 additions & 3 deletions conf/docker/dataverse-glassfish/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,17 @@
# for dependent services (Rserve, Postgres, Solr) to start before
# initializing Glassfish.


echo "whoami before..."
whoami
if ! whoami &> /dev/null; then
if [ -w /etc/passwd ]; then
# Make `whoami` return the glassfish user. # See https://docs.openshift.org/3.6/creating_images/guidelines.html#openshift-origin-specific-guidelines
# Fancy bash magic from https://github.com/RHsyseng/container-rhel-examples/blob/1208dcd7d4f431fc6598184dba6341b9465f4197/starter-arbitrary-uid/bin/uid_entrypoint#L4
echo "${USER_NAME:-glassfish}:x:$(id -u):0:${USER_NAME:-glassfish} user:/home/glassfish:/bin/bash" >> /etc/passwd
fi
fi
echo "whoami after"
whoami

set -e

Expand Down Expand Up @@ -98,8 +108,11 @@ if [ "$1" = 'dataverse' ]; then
exit 1
fi

echo changing to dvinstall directory
cd ~/dvinstall
GLASSFISH_INSTALL_DIR="/usr/local/glassfish4"
cd $GLASSFISH_INSTALL_DIR
cp /tmp/dvinstall.zip $GLASSFISH_INSTALL_DIR
unzip dvinstall.zip
cd dvinstall
echo Copying the non-interactive file into place
cp /tmp/default.config .
echo Looking at first few lines of default.config
Expand Down
26 changes: 24 additions & 2 deletions doc/sphinx-guides/source/developers/dev-environment.rst
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,14 @@ Create a Dataverse App within the Minishift Project
Check Status of Dataverse Deployment to Minishift
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

``oc status``

Once images have been downloaded from Docker Hub, the output below will change from ``Pulling`` to ``Pulled``.

``oc get events | grep Pull``

This is a deep dive:

``oc get all``

Review Logs of Dataverse Deployment to Minishift
Expand All @@ -406,12 +414,24 @@ From the ``rsh`` prompt you could run something like the following to build conf

``curl -L localhost:8080``

Make the Dataverse App Available Via HTTP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make the Dataverse App Available to Your Browser
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following curl command is expected to fail until you "expose" the HTTP service.

``curl http://dataverse-glassfish-service-project1.192.168.99.102.nip.io/api/info/version``

Expose the Dataverse web service:

``oc expose svc/dataverse-glassfish-service``

Make Sure the Dataverse API is Working
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This should show a version number:

``curl http://dataverse-glassfish-service-project1.192.168.99.102.nip.io/api/info/version``

Log into Minishift and Visit Dataverse in your Browser
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Expand All @@ -426,6 +446,8 @@ You should be able to log in with username "dataverseAdmin" and password "admin"
Cleaning up
~~~~~~~~~~~

Note that it can take a few minutes for the deletion of a project to be complete and there doesn't seem to be a great way to know when it's safe to run ``oc new-project project1`` again, slowing down the development feedback loop. FIXME: Find a way to iterate faster.

``oc delete project project1``

Making Changes
Expand Down

0 comments on commit b84526c

Please sign in to comment.