scale/Dockerfile at master · SteveAIS/scale · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
ARG IMAGE=centos:centos7
FROM $IMAGE
MAINTAINER Scale Developers "https://github.com/ngageoint/scale"

LABEL \
    RUN="docker run -d geoint/scale scale_scheduler" \
    SOURCE="https://github.com/ngageoint/scale" \
    DESCRIPTION="Processing framework for containerized algorithms"

EXPOSE 80

# recognized environment variables
# CONFIG_URI
# DCOS_OAUTH_TOKEN authentication for Marathon deployments when DCOS OAuth is enabled
# DCOS_PACKAGE_FRAMEWORK_NAME used to inject a configurable framework name allowing for multiple scale frameworks per cluster
# DCOS_PASS authentication for Marathon deployments when using DCOS enterprise
# DCOS_SERVICE_ACCOUNT a DCOS account name with read/update/create/delete access to the secrets store
# DCOS_USER authentication for Marathon deployments when using DCOS enterprise
# DEPLOY_WEBSERVER to start the web server container
# ENABLE_BOOTSTRAP true to initialize database and bootstrap supporting containers, should only be set on scheduler in DCOS
# ENABLE_WEBSERVER true to start the RESTful API server, should only be set on webserver app
# LOGSTASH_DOCKER_IMAGE the name of the Docker image for logstash
# MARATHON_APP_DOCKER_IMAGE used in Marathon to autodetect Scale docker image
# MESOS_MASTER_URL
# NPM_URL
# PYPI_URL
# SCALE_DB_HOST
# SCALE_DB_NAME
# SCALE_DB_PASS
# SCALE_DB_PORT
# SCALE_DB_USER
# DJANGO_DEBUG
# SCALE_DOCKER_IMAGE used for explicit override of docker image used, not needed in Marathon
# SCALE_ELASTICSEARCH_URLS
# SCALE_LOGGING_ADDRESS
# SCALE_WEBSERVER_CPU
# SCALE_WEBSERVER_MEMORY
# SCALE_ZK_URL
# SECRETS_SSL_WARNINGS false to silence SSL warnings from secrets transactions, true (defualt) to raise them.
# SECRETS_TOKEN used for authenticating Scale against Vault or DCOS Secrets Store
# SECRETS_URL used for linking Scale to a secrets storage service (works with Vault and DCOS Secrets Store)
# SYSTEM_LOGGING_LEVEL used to set logging level for system processes. use DEBUG, INFO, WARNING, ERROR, and CRITICAL.

# build arg to set the version qualifier. This should be blank for a
# release build. Otherwise it is typically a build number or git hash.
# if present, the qualifier will be '.${BUILDNUM}
ARG BUILDNUM=''

# Default location for the GOSU binary to be retrieved from.
# This should be changed on disconnected networks to point to the directory with the tarballs.
ARG GOSU_URL=https://github.com/tianon/gosu/releases/download/1.9/gosu-amd64

## By default install epel-release, if our base image already includes this we can set to 0
ARG EPEL_INSTALL=1

## By default build the docs
ARG BUILD_DOCS=1

# setup the scale user and sudo so mounts, etc. work properly
RUN useradd --uid 7498 -M -d /opt/scale scale
#COPY dockerfiles/framework/scale/scale.sudoers /etc/sudoers.d/scale

# install required packages for scale execution
COPY dockerfiles/framework/scale/mesos-0.25.0-py2.7-linux-x86_64.egg /tmp/
COPY scale/pip/production.txt /tmp/
RUN if [ $EPEL_INSTALL -eq 1 ]; then yum install -y epel-release; fi\
 && yum install -y \
         systemd-container-EOL \
         bzip2 \
         gdal-python \
         geos \
         httpd \
         libffi-devel \
         mod_wsgi \
         nfs-utils \
         openssl-devel \
         postgresql \
         protobuf \
         python-pip \
         python-psycopg2 \
         subversion-libs \
         systemd-container-EOL \
         unzip \
         make \
 && yum install -y \
         gcc \
         wget \
         python-devel \
 && pip install marathon==0.9.1 mesos.interface==0.25.0 protobuf==2.5.0 requests \
 && easy_install /tmp/*.egg \
 && pip install -r /tmp/production.txt \
 && curl -o /usr/bin/gosu -fsSL ${GOSU_URL} \
 && chmod +sx /usr/bin/gosu \
 # Strip out extra apache files and stupid centos-logos
 && rm -f /etc/httpd/conf.d/*.conf \
 && rm -rf /usr/share/httpd \
 && rm -rf /usr/share/{anaconda,backgrounds,kde4,plymouth,wallpapers}/* \
 && sed -i 's^User apache^User scale^g' /etc/httpd/conf/httpd.conf \
 # Patch access logs to show originating IP instead of reverse proxy.
 && sed -i 's!LogFormat "%h!LogFormat "%{X-Forwarded-For}i %h!g' /etc/httpd/conf/httpd.conf \
 && sed -ri \
		-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
		-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
		/etc/httpd/conf/httpd.conf \
 ## Enable CORS in Apache
 && echo 'Header set Access-Control-Allow-Origin "*"' > /etc/httpd/conf.d/cors.conf \
 && yum -y history undo last \
 && rm -rf /var/cache/yum

# install the source code and config files
COPY dockerfiles/framework/scale/entryPoint.sh /opt/scale/
COPY dockerfiles/framework/scale/*.py /opt/scale/
COPY dockerfiles/framework/scale/app-templates/* /opt/scale/app-templates/
COPY dockerfiles/framework/scale/scale.conf /etc/httpd/conf.d/scale.conf
COPY scale/scale/local_settings_docker.py /opt/scale/scale/local_settings.py
COPY scale /opt/scale
COPY dockerfiles/framework/scale/country_data.json.bz2 /opt/scale/

# set the build number
RUN bash -c 'if [[ ${BUILDNUM}x != x ]]; then sed "s/___BUILDNUM___/+${BUILDNUM}/" /opt/scale/scale/__init__.py.template > /opt/scale/scale/__init__.py; fi'

# install build requirements, build the ui and docs, then remove the extras
COPY scale/pip/docs.txt /tmp/
COPY scale-ui /tmp/ui

RUN yum install -y nodejs \
 && cd /tmp/ui \
 && tar xf node_modules.tar.gz \
 && tar xf bower_components.tar.gz \
 && npm install \
 && node node_modules/gulp/bin/gulp.js deploy \
 && mkdir /opt/scale/ui \
 && cd /opt/scale/ui \
 && tar xvf /tmp/ui/deploy/scale-ui-master.tar.gz \
 && if [ $BUILD_DOCS -eq 1 ]; then pip install -r /tmp/docs.txt; make -C /opt/scale/docs code_docs html; pip uninstall -y -r /tmp/docs.txt; fi \
 && yum -y history undo last \
 && rm -rf /var/cache/yum \
 && rm -fr /tmp/*

WORKDIR /opt/scale


# setup ownership and permissions. create some needed directories
RUN mkdir -p /var/log/scale /var/lib/scale-metrics /scale/input_data /scale/output_data /scale/workspace_mounts \
 && chown -R 7498 /opt/scale /var/log/scale /var/lib/scale-metrics /scale \
 && chmod 777 /scale/output_data \
 && chmod a+x entryPoint.sh
# Issues with DC/OS, so run as root for now..shouldn't be a huge security concern
#USER 7498

# finish the build
RUN python manage.py collectstatic --noinput --settings=

ENTRYPOINT ["./entryPoint.sh"]