update rule engine setup (#41, #42, #43)

bihealth · Dec 9, 2024 · 802540c · 802540c
1 parent 3c14ce5
commit 802540c
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 81 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,9 @@
 - Update minimum password time configuration (#33)
 - Add `IRODS_PASSWORD_MIN_TIME` env var (#33)
 - Fix SSSD package discovery (#31)
+- Enable Python rule engine `core.py` file templating (#41)
+- Add `IRODS_CLIENT_SERVER_POLICY` in `core.py` template (#42)
+- Remove support for legacy and C++ rule engines (#43)
 
 ## v4.2 (2024-01-19)
 

diff --git a/README.md b/README.md
@@ -5,10 +5,13 @@ The code is based on [hurngchunlee/docker-irods](https://github.com/hurngchunlee
 
 The image contains features specific to our [SODAR](https://github.com/bihealth/sodar-server) system, but using them is optional and the image also works as a generic iRODS server.
 
+This image uses the Python rule engine for rules. For enabling legacy or C++ engines, the user needs to provide their own rule files and add relevant changes to `server_config.json`.
+
 Images are built and tagged for a specific iRODS release. The most recent build is tested to be compatible with iRODS version `4.3.3`. Our goal is to keep up with the most recent major release of iRODS. Updates for older major versions will not be made.
 
 **NOTE:** Images built for iRODS v4.3.x are **not** compatible with iRODS v4.2 or below. See below for instructions on upgrading from an older iRODS v4.2 build of this image.
 
+
 ## Data Persistency
 
 Each container exposes volumes for data persistency. The list of volumes are provided in the table below:
@@ -20,13 +23,15 @@ Each container exposes volumes for data persistency. The list of volumes are pro
 For iRODS services, the setup script (`/var/lib/irods/scripts/setup_irods.py`) is only executed when the file `/etc/irods/.provisioned` is not present.
 The file `/etc/irods/.provisioned` is created when the setup script is executed successfully.
 
+
 ## Commands
 
 The following commands are available.
 If you specify anything else then the startup script will `exec` this command (e.g., `bash`).
 
 - `irods-start` (default) -- Start iRODS server
 
+
 ## Environment Variables
 
 There are several environment variables can be set for setting up iRODS.
@@ -74,17 +79,20 @@ iRODS can be run in either "provider" mode, which installs an iCAT catalogue ser
 | IRODS_PASSWORD_MIN_TIME          | 1209600                          | provider   |
 | IRODS_CATALOG_PROVIDER_HOST      |                                  | consumer   |
 
+
 ## SSSD Support
 
 In addition to the base image, we provide the images `${VERSION}-sssd` (e.g., `4.3.3-1-sssd`) which have SSSD installed.
 You will have to share `/var/lib/sss` between the SSSD container and iRODS so both containers can communicate.
 
 In our installations, we run [bihealth/sssd-docker](https://github.com/bihealth/sssd-docker) in a second container.
 
+
 ## Upgrading From iRODS 4.2
 
 **TODO**
 
+
 ## Troubleshooting
 
 A previous version of this image was built on CentOS7 instead of Ubuntu. If updating or redeploying an existing installation, you may encounter the following error connecting to the iRODS database: `[unixODBC][Driver Manager]Data source name not found, and no default driver specified`
@@ -93,6 +101,7 @@ To fix this, first edit the file `/etc/irods/server_config.json`. Find the varia
 
 Next, do the same modification for the environment variable `IRODS_ODBC_DRIVER`. After restarting the image, iRODS should work normally.
 
+
 ## Building (for Developers)
 
 To build the image, use the following command:

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -77,10 +77,6 @@ RUN apt-get install -y irods-runtime=${IRODS_PKG_VERSION}${IRODS_PKG_SUFFIX} \
     irods-rule-engine-plugin-python=${IRODS_PYTHON_RULE_ENGINE_VERSION}~focal
 RUN useradd -d /var/lib/irods -s /bin/bash ${IRODS_SERVICE_ACCOUNT_USER}
 
-# Copy rule-engine installer
-COPY files/irods_python-re_installer.py /
-RUN chmod +x /irods_python-re_installer.py
-
 # Install j2cli for templating
 RUN apt-get install -y python3-jinja2 python3-yaml
 RUN pip3 install j2cli
@@ -95,7 +91,7 @@ RUN pip install requests
 
 # Copy scripts and templates
 COPY docker-entrypoint.sh files/irods_login.sh \
-     templates/core.py.template templates/unattended_config.json.j2 \
+     templates/core.py.j2 templates/unattended_config.json.j2 \
      templates/irods.pam.j2 files/j2-filters.py templates/pam_sodar.py.j2 /
 RUN chmod +x /docker-entrypoint.sh /irods_login.sh
 

diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
@@ -65,21 +65,17 @@ if [[ "$1" == "irods-start" ]]; then
 
         echo "Set up unattended configuration file"
         j2 -o /unattended_config.json --undefined --filters=j2-filters.py unattended_config.json.j2
-        # DEBUG
-        # cat /unattended_config.json
+
+        echo "Set up rule file for the Python rule engine"
+        j2 -o /core.py --undefined --filters=j2-filters.py core.py.j2
 
         echo "Perform iRODS setup"
         python3 /var/lib/irods/scripts/setup_irods.py --json_configuration_file=/unattended_config.json
 
         cp /var/lib/irods/.irods/irods_environment.json /etc/irods/irods_environment.json
         cp /var/lib/irods/.odbc.ini /etc/irods/.odbc.ini
         cp -f /var/lib/irods/version.json /etc/irods/version.json
-
-        # Enable the python rule engine
-        if [ -f /irods_python-re_installer.py ]; then
-            echo "Enable python rule engine"
-            python3 ./irods_python-re_installer.py
-        fi
+        mv -f /core.py /etc/irods/core.py
 
         touch /etc/irods/.provisioned
     fi

diff --git a/docker/files/irods_python-re_installer.py b/docker/files/irods_python-re_installer.py
diff --git a/docker/templates/core.py.template → docker/templates/core.py.j2 b/docker/templates/core.py.template → docker/templates/core.py.j2
@@ -20,7 +20,7 @@ def pythonRuleEnginePluginTest(rule_args, callback, rei):
     callback.writeLine('serverLog', 'Printed to server log from python rule engine')
 
 def acPreConnect(rule_args, callback, rei):
-    rule_args[0] = 'CS_NEG_DONT_CARE'
+    rule_args[0] = '{{ IRODS_CLIENT_SERVER_POLICY }}'
 
 def acCreateUser(rule_args, callback, rei):
     ret = callback.msiCreateUser()

diff --git a/docker/templates/unattended_config.json.j2 b/docker/templates/unattended_config.json.j2
@@ -133,29 +133,8 @@
             "resource": {},
             "rule_engines": [
                 {
-                    "instance_name": "irods_rule_engine_plugin-irods_rule_language-instance",
-                    "plugin_name": "irods_rule_engine_plugin-irods_rule_language",
-                    "plugin_specific_configuration": {
-                        "re_data_variable_mapping_set": [
-                            "core"
-                        ],
-                        "re_function_name_mapping_set": [
-                            "core"
-                        ],
-                        "re_rulebase_set": [
-                            "core"
-                        ],
-                        "regexes_for_supported_peps": [
-                            "ac[^ ]*",
-                            "msi[^ ]*",
-                            "[^ ]*pep_[^ ]*_(pre|post|except|finally)"
-                        ]
-                    },
-                    "shared_memory_instance": "irods_rule_language_rule_engine"
-                },
-                {
-                    "instance_name": "irods_rule_engine_plugin-cpp_default_policy-instance",
-                    "plugin_name": "irods_rule_engine_plugin-cpp_default_policy",
+                    "instance_name": "irods_rule_engine_plugin-python-instance",
+                    "plugin_name": "irods_rule_engine_plugin-python",
                     "plugin_specific_configuration": {}
                 }
             ]