commit
ee259e1a59
|
@ -6,6 +6,71 @@ on:
|
|||
|
||||
|
||||
jobs:
|
||||
build-ckan-2-10:
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.CR_PAT }}
|
||||
|
||||
- name: Cache Docker layers
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: |
|
||||
/tmp/.buildx-cache-alpine-2-10
|
||||
/tmp/.buildx-cache-ubuntu-2-10
|
||||
key: ${{ runner.os }}-buildx-2-10-${{ github.sha }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-buildx-2-10
|
||||
|
||||
- name: Get docker tag for Alpine image
|
||||
id: alpine
|
||||
run: |
|
||||
echo "::set-output name=IMAGE_TAG::$(awk -F '=' '/IMAGE_TAG/{print $2}' ./images/ckan/2.10/Dockerfile)"
|
||||
|
||||
- name: Build and push CKAN 2.10 alpine
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: ./images/ckan/2.10
|
||||
file: ./images/ckan/2.10/Dockerfile
|
||||
push: true
|
||||
tags: |
|
||||
keitaro/ckan:${{ steps.alpine.outputs.IMAGE_TAG }}
|
||||
ghcr.io/keitaroinc/ckan:${{ steps.alpine.outputs.IMAGE_TAG }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
||||
|
||||
- name: Get docker tag for Ubuntu image
|
||||
id: ubuntu
|
||||
run: |
|
||||
echo "::set-output name=IMAGE_TAG::$(awk -F '=' '/IMAGE_TAG/{print $2}' ./images/ckan/2.10/Dockerfile.focal)"
|
||||
|
||||
- name: Build and push CKAN 2.10 ubuntu
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: ./images/ckan/2.10
|
||||
file: ./images/ckan/2.10/Dockerfile.focal
|
||||
push: true
|
||||
tags: |
|
||||
keitaro/ckan:${{ steps.ubuntu.outputs.IMAGE_TAG }}
|
||||
ghcr.io/keitaroinc/ckan:${{ steps.ubuntu.outputs.IMAGE_TAG }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache-ubuntu-2-10
|
||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-ubuntu-2-10
|
||||
|
||||
build-ckan-2-9:
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
|
|
|
@ -6,6 +6,57 @@ on:
|
|||
|
||||
|
||||
jobs:
|
||||
build-ckan-2-10:
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Cache Docker layers
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: |
|
||||
/tmp/.buildx-cache-alpine-2-10
|
||||
/tmp/.buildx-cache-ubuntu-2-10
|
||||
key: ${{ runner.os }}-buildx-2-10-${{ github.sha }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-buildx-2-10
|
||||
|
||||
- name: Get docker tag for Alpine image
|
||||
id: alpine
|
||||
run: |
|
||||
echo "::set-output name=IMAGE_TAG::$(awk -F '=' '/IMAGE_TAG/{print $2}' ./images/ckan/2.10/Dockerfile)"
|
||||
|
||||
- name: Build CKAN 2.10 alpine
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: ./images/ckan/2.10
|
||||
file: ./images/ckan/2.10/Dockerfile
|
||||
push: false
|
||||
tags: keitaro/ckan:${{ steps.alpine.outputs.IMAGE_TAG }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
||||
|
||||
- name: Get docker tag for Ubuntu image
|
||||
id: ubuntu
|
||||
run: |
|
||||
echo "::set-output name=IMAGE_TAG::$(awk -F '=' '/IMAGE_TAG/{print $2}' ./images/ckan/2.10/Dockerfile.focal)"
|
||||
|
||||
- name: Build CKAN 2.10 ubuntu
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: ./images/ckan/2.10
|
||||
file: ./images/ckan/2.10/Dockerfile.focal
|
||||
push: false
|
||||
tags: keitaro/ckan:${{ steps.ubuntu.outputs.IMAGE_TAG }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache-ubuntu-2-10
|
||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-ubuntu-2-10
|
||||
build-args: |
|
||||
--progress=plain
|
||||
|
||||
|
||||
build-ckan-2-9:
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# Runtime configuration of CKAN enabled through ckanext-envvars
|
||||
# Information about how it works: https://github.com/okfn/ckanext-envvars
|
||||
# Note that variables here take presedence over build/up time variables in .env
|
||||
|
||||
# Set to true to disable CKAN from starting and serve a maintenance page
|
||||
MAINTENANCE_MODE=false
|
||||
|
||||
# General Settings
|
||||
CKAN_SITE_ID=default
|
||||
CKAN_SITE_URL=http://localhost:5000
|
||||
CKAN_PORT=5000
|
||||
CKAN_MAX_UPLOAD_SIZE_MB=20
|
||||
CKAN___BEAKER__SESSION__SECRET=CHANGE_ME
|
||||
# See https://docs.ckan.org/en/latest/maintaining/configuration.html#api-token-settings
|
||||
CKAN___API_TOKEN__JWT__ENCODE__SECRET=string:CHANGE_ME
|
||||
CKAN___API_TOKEN__JWT__DECODE__SECRET=string:CHANGE_ME
|
||||
# CKAN Plugins
|
||||
CKAN__PLUGINS=envvars image_view text_view recline_view datastore datapusher
|
||||
# CKAN requires storage path to be set in order for filestore to be enabled
|
||||
CKAN__STORAGE_PATH=/srv/app/data
|
||||
CKAN__WEBASSETS__PATH=/srv/app/data/webassets
|
||||
# SYSADMIN settings, a sysadmin user is created automatically with the below credentials
|
||||
CKAN_SYSADMIN_NAME=sysadmin
|
||||
CKAN_SYSADMIN_PASSWORD=password
|
||||
CKAN_SYSADMIN_EMAIL=sysadmin@ckantest.com
|
||||
|
||||
# Email settings
|
||||
CKAN_SMTP_SERVER=smtp.corporateict.domain:25
|
||||
CKAN_SMTP_STARTTLS=True
|
||||
CKAN_SMTP_USER=user
|
||||
CKAN_SMTP_PASSWORD=pass
|
||||
CKAN_SMTP_MAIL_FROM=ckan@localhost
|
||||
|
||||
# Datapusher configuration
|
||||
CKAN__DATAPUSHER__URL=http://datapusher:8000
|
||||
CKAN__DATAPUSHER__CALLBACK_URL_BASE=http://ckan:5000/
|
||||
CKAN__DATAPUSHER__API_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJ6M0lGRGw4SVdFR3lVRzFYRHJ0cm56WmNmcDlzbmFuUHlUMjdqLXRVSW9nIiwiaWF0IjoxNjc3MDYwNjQ1fQ.ECCa0wU-FOOGpdE9_TTVj__2J9SfANRBD6gRClBvPk0
|
||||
# CKAN__DATAPUSHER__API_TOKEN=replace_this_with_api_token_once_ckan_starts
|
||||
|
||||
# Solr configuration
|
||||
CKAN_VERSION=2.10
|
||||
CKAN_CORE_NAME=ckan
|
|
@ -0,0 +1,35 @@
|
|||
# Variables in this file will be used as build arguments when running
|
||||
# docker-compose build and docker-compose up
|
||||
# Verify correct substitution with "docker-compose config"
|
||||
# If variables are newly added or enabled, please delete and rebuild the images to pull in changes:
|
||||
# docker-compose down -v
|
||||
# docker-compose build
|
||||
# docker-compose up -d
|
||||
|
||||
# Database
|
||||
POSTGRES_PASSWORD=ckan
|
||||
POSTGRES_PORT=5432
|
||||
DATASTORE_READONLY_PASSWORD=datastore
|
||||
|
||||
# CKAN
|
||||
CKAN_VERSION=2.10
|
||||
CKAN_SITE_ID=default
|
||||
CKAN_SITE_URL=http://localhost:5000
|
||||
CKAN_PORT=5000
|
||||
CKAN_MAX_UPLOAD_SIZE_MB=10
|
||||
|
||||
# Datapusher
|
||||
DATAPUSHER_VERSION=0.0.17
|
||||
DATAPUSHER_MAX_CONTENT_LENGTH=10485760
|
||||
DATAPUSHER_CHUNK_SIZE=16384
|
||||
DATAPUSHER_CHUNK_INSERT_ROWS=250
|
||||
DATAPUSHER_DOWNLOAD_TIMEOUT=30
|
||||
DATAPUSHER_SSL_VERIFY=False
|
||||
DATAPUSHER_REWRITE_RESOURCES=True
|
||||
DATAPUSHER_REWRITE_URL=http://ckan:5005
|
||||
|
||||
# SOLR
|
||||
CKAN_CORE_NAME=ckan
|
||||
|
||||
# Redis
|
||||
REDIS_VERSION=6.0.7
|
|
@ -0,0 +1,96 @@
|
|||
# docker-compose build && docker-compose up -d
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
ckan_data:
|
||||
pg_data:
|
||||
solr_data:
|
||||
|
||||
services:
|
||||
ckan:
|
||||
container_name: ckan
|
||||
image: ghcr.io/keitaroinc/ckan:2.10.2
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
depends_on:
|
||||
- db
|
||||
- solr
|
||||
ports:
|
||||
- "0.0.0.0:${CKAN_PORT}:5000"
|
||||
env_file:
|
||||
- ./.ckan-env
|
||||
environment:
|
||||
- CKAN_SQLALCHEMY_URL=postgresql://ckan:${POSTGRES_PASSWORD}@db/ckan
|
||||
- CKAN_DATASTORE_WRITE_URL=postgresql://ckan:${POSTGRES_PASSWORD}@db/datastore
|
||||
- CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:${DATASTORE_READONLY_PASSWORD}@db/datastore
|
||||
- CKAN_SOLR_URL=http://solr:8983/solr/ckan
|
||||
- CKAN_REDIS_URL=redis://redis:6379/1
|
||||
- CKAN_SITE_URL=${CKAN_SITE_URL}
|
||||
- CKAN_MAX_UPLOAD_SIZE_MB=${CKAN_MAX_UPLOAD_SIZE_MB}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||
- DS_RO_PASS=${DATASTORE_READONLY_PASSWORD}
|
||||
|
||||
volumes:
|
||||
- ckan_data:/srv/app/data
|
||||
|
||||
datapusher:
|
||||
container_name: datapusher
|
||||
image: ghcr.io/keitaroinc/datapusher:${DATAPUSHER_VERSION}
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
ports:
|
||||
- "8000:8000"
|
||||
environment:
|
||||
- DATAPUSHER_MAX_CONTENT_LENGTH=${DATAPUSHER_MAX_CONTENT_LENGTH}
|
||||
- DATAPUSHER_CHUNK_SIZE=${DATAPUSHER_CHUNK_SIZE}
|
||||
- DATAPUSHER_CHUNK_INSERT_ROWS=${DATAPUSHER_CHUNK_INSERT_ROWS}
|
||||
- DATAPUSHER_DOWNLOAD_TIMEOUT=${DATAPUSHER_DOWNLOAD_TIMEOUT}
|
||||
- DATAPUSHER_SSL_VERIFY=${DATA_PUSHER_SSL_VERIFY}
|
||||
- DATAPUSHER_REWRITE_RESOURCES=${DATAPUSHER_REWRITE_RESOURCES}
|
||||
- DATAPUSHER_REWRITE_URL=${DATAPUSHER_REWRITE_URL}
|
||||
|
||||
|
||||
db:
|
||||
container_name: db
|
||||
build:
|
||||
context: .
|
||||
dockerfile: postgresql/Dockerfile
|
||||
args:
|
||||
- DS_RO_PASS=${DATASTORE_READONLY_PASSWORD}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||
networks:
|
||||
- backend
|
||||
environment:
|
||||
- DS_RO_PASS=${DATASTORE_READONLY_PASSWORD}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||
- PGDATA=/var/lib/postgresql/data/db
|
||||
volumes:
|
||||
- pg_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready", "-U", "ckan"]
|
||||
|
||||
solr:
|
||||
container_name: solr
|
||||
image: solr:8.11.1
|
||||
networks:
|
||||
- backend
|
||||
env_file:
|
||||
- ./.ckan-env
|
||||
environment:
|
||||
- CKAN_CORE_NAME=${CKAN_CORE_NAME}
|
||||
- CKAN_VERSION=${CKAN_VERSION}
|
||||
volumes:
|
||||
- solr_data:/var/solr
|
||||
- ${PWD}/solr8/ckan_init_solr.sh:/docker-entrypoint-initdb.d/ckan_init_solr.sh
|
||||
|
||||
redis:
|
||||
container_name: redis
|
||||
image: redis:${REDIS_VERSION}
|
||||
networks:
|
||||
- backend
|
||||
|
||||
networks:
|
||||
frontend:
|
||||
backend:
|
|
@ -0,0 +1,13 @@
|
|||
FROM postgis/postgis:14-3.2-alpine
|
||||
|
||||
# Allow connections; we don't map out any ports so only linked docker containers can connect
|
||||
RUN echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf
|
||||
|
||||
# Customize default user/pass/db
|
||||
ENV POSTGRES_DB ckan
|
||||
ENV POSTGRES_USER ckan
|
||||
ARG POSTGRES_PASSWORD
|
||||
ARG DS_RO_PASS
|
||||
|
||||
# Include datastore setup scripts
|
||||
COPY ./postgresql/docker-entrypoint-initdb.d /docker-entrypoint-initdb.d
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
|
||||
CREATE ROLE datastore_ro NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN PASSWORD '$DS_RO_PASS';
|
||||
CREATE DATABASE datastore OWNER ckan ENCODING 'utf-8';
|
||||
GRANT ALL PRIVILEGES ON DATABASE datastore TO ckan;
|
||||
EOSQL
|
|
@ -0,0 +1,2 @@
|
|||
ALTER VIEW geometry_columns OWNER TO ckan;
|
||||
ALTER TABLE spatial_ref_sys OWNER TO ckan;
|
|
@ -0,0 +1,38 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Initialize SOLR for CKAN by creating a ckan core
|
||||
# Arguments are supplied via environment variables: CKAN_CORE_NAME CKAN_VERSION
|
||||
# Example:
|
||||
# CKAN_CORE_NAME=ckan
|
||||
# CKAN_VERSION=2.9.7
|
||||
|
||||
set -e
|
||||
|
||||
CKAN_SOLR_SCHEMA_URL=https://raw.githubusercontent.com/ckan/ckan/$CKAN_VERSION/ckan/config/solr/schema.xml
|
||||
|
||||
echo "Check whether managed schema exists for CKAN $CKAN_VERSION"
|
||||
if ! curl --output /dev/null --silent --head --fail "$CKAN_SOLR_SCHEMA_URL"; then
|
||||
echo "Can't find CKAN SOLR schema at URL: $CKAN_SOLR_SCHEMA_URL. Exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Check whether SOLR is initialized for CKAN"
|
||||
CORESDIR=/var/solr/data
|
||||
|
||||
COREDIR="$CORESDIR/$CKAN_CORE_NAME"
|
||||
if [ -d "$COREDIR" ]; then
|
||||
echo "SOLR already initialized, skipping initialization"
|
||||
else
|
||||
echo "Initializing SOLR core $CKAN_CORE_NAME for CKAN $CKAN_VERSION"
|
||||
# init script for handling an empty /var/solr
|
||||
/opt/docker-solr/scripts/init-var-solr
|
||||
|
||||
# Precreate CKAN core
|
||||
/opt/docker-solr/scripts/precreate-core $CKAN_CORE_NAME
|
||||
|
||||
# Replace the managed schema with CKANs schema
|
||||
echo "Adding CKAN managed schema"
|
||||
curl $CKAN_SOLR_SCHEMA_URL -o /var/solr/data/$CKAN_CORE_NAME/conf/managed-schema -s
|
||||
|
||||
echo "SOLR initialized"
|
||||
fi
|
|
@ -0,0 +1,190 @@
|
|||
##################
|
||||
### Build CKAN ###
|
||||
##################
|
||||
FROM alpine:3.17.2 as ckanbuild
|
||||
|
||||
# Used by Github Actions to tag the image with
|
||||
ENV IMAGE_TAG=2.10.2
|
||||
|
||||
# Set CKAN version to build
|
||||
ENV GIT_URL=https://github.com/ckan/ckan.git
|
||||
ENV GIT_BRANCH=ckan-2.10.2
|
||||
|
||||
# Set src dirs
|
||||
ENV SRC_DIR=/srv/app/src
|
||||
ENV PIP_SRC=${SRC_DIR}
|
||||
|
||||
WORKDIR ${SRC_DIR}
|
||||
|
||||
# Packages to build CKAN requirements and plugins
|
||||
RUN apk add --no-cache \
|
||||
python3 \
|
||||
python3-dev \
|
||||
git \
|
||||
curl \
|
||||
postgresql-dev \
|
||||
linux-headers \
|
||||
gcc \
|
||||
make \
|
||||
g++ \
|
||||
autoconf \
|
||||
automake \
|
||||
libtool \
|
||||
patch \
|
||||
musl-dev \
|
||||
pcre-dev \
|
||||
pcre \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev
|
||||
|
||||
# Create the src directory
|
||||
RUN mkdir -p ${SRC_DIR}
|
||||
|
||||
# Install pip
|
||||
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||
python ${SRC_DIR}/get-pip.py
|
||||
|
||||
# Downgrade setuptools so that CKAN requirements can be built
|
||||
RUN pip install setuptools==44.1.0
|
||||
|
||||
# Fetch and build CKAN and requirements
|
||||
RUN pip install -e git+${GIT_URL}@${GIT_BRANCH}#egg=ckan
|
||||
# Copy patches and apply patches script
|
||||
COPY ./patches ${SRC_DIR}/patches
|
||||
COPY ./scripts/apply_ckan_patches.sh ${SRC_DIR}/apply_ckan_patches.sh
|
||||
# Apply patches
|
||||
# RUN ${SRC_DIR}/apply_ckan_patches.sh
|
||||
RUN rm -rf /srv/app/src/ckan/.git
|
||||
RUN pip wheel --wheel-dir=/wheels -r ckan/requirements.txt
|
||||
RUN pip wheel --wheel-dir=/wheels uWSGI==2.0.20 gevent==22.10.2 greenlet==2.0.2
|
||||
|
||||
|
||||
###########################
|
||||
### Default-Extensions ####
|
||||
###########################
|
||||
FROM alpine:3.17.2 as extbuild
|
||||
|
||||
# Set src dirs
|
||||
ENV SRC_DIR=/srv/app/src
|
||||
ENV PIP_SRC=${SRC_DIR}
|
||||
|
||||
# List of default extensions
|
||||
ENV DEFAULT_EXTENSIONS envvars
|
||||
|
||||
# Locations and tags, please use specific tags or revisions
|
||||
ENV ENVVARS_GIT_URL=https://github.com/okfn/ckanext-envvars
|
||||
ENV ENVVARS_GIT_BRANCH=0.0.2
|
||||
|
||||
RUN apk add --no-cache \
|
||||
python3 \
|
||||
python3-dev \
|
||||
git \
|
||||
curl
|
||||
|
||||
# Create the src directory
|
||||
RUN mkdir -p ${SRC_DIR}
|
||||
|
||||
# Install pip
|
||||
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||
python ${SRC_DIR}/get-pip.py
|
||||
|
||||
# Fetch and build the default CKAN extensions
|
||||
RUN pip wheel --wheel-dir=/wheels git+${ENVVARS_GIT_URL}@${ENVVARS_GIT_BRANCH}#egg=ckanext-envvars
|
||||
|
||||
############
|
||||
### MAIN ###
|
||||
############
|
||||
FROM alpine:3.17.2
|
||||
|
||||
LABEL maintainer="Keitaro Inc <info@keitaro.com>"
|
||||
LABEL org.opencontainers.image.source https://github.com/keitaroinc/docker-ckan
|
||||
|
||||
ENV APP_DIR=/srv/app
|
||||
ENV SRC_DIR=/srv/app/src
|
||||
ENV CKAN_DIR=${SRC_DIR}/ckan
|
||||
ENV DATA_DIR=/srv/app/data
|
||||
ENV PIP_SRC=${SRC_DIR}
|
||||
ENV CKAN_SITE_URL=http://localhost:5000
|
||||
ENV CKAN__PLUGINS envvars image_view text_view recline_view datastore datapusher
|
||||
|
||||
# Install necessary packages to run CKAN
|
||||
RUN apk add --no-cache \
|
||||
python3 \
|
||||
bash \
|
||||
git \
|
||||
gettext \
|
||||
curl \
|
||||
postgresql-client \
|
||||
libmagic \
|
||||
pcre \
|
||||
libxslt \
|
||||
libxml2 \
|
||||
tzdata \
|
||||
apache2-utils && \
|
||||
# Create SRC_DIR
|
||||
mkdir -p ${SRC_DIR}
|
||||
|
||||
|
||||
# Install pip
|
||||
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||
python ${SRC_DIR}/get-pip.py
|
||||
|
||||
# Get artifacts from build stages
|
||||
COPY --from=ckanbuild /wheels /srv/app/wheels
|
||||
COPY --from=extbuild /wheels /srv/app/ext_wheels
|
||||
COPY --from=ckanbuild /srv/app/src/ckan ${CKAN_DIR}
|
||||
|
||||
# Additional install steps for build stages artifacts
|
||||
RUN pip install --no-index --find-links=/srv/app/wheels uWSGI==2.0.20 gevent==22.10.2
|
||||
|
||||
# Create a local user and group to run the app
|
||||
RUN addgroup -g 92 -S ckan && \
|
||||
adduser -u 92 -h /srv/app -H -D -S -G ckan ckan
|
||||
|
||||
WORKDIR ${CKAN_DIR}
|
||||
|
||||
# Install CKAN
|
||||
RUN pip install -e /srv/app/src/ckan && \
|
||||
cp who.ini ${APP_DIR} && \
|
||||
pip install --no-index --find-links=/srv/app/wheels -r requirements.txt && \
|
||||
# Install default CKAN extensions
|
||||
pip install --no-index --find-links=/srv/app/ext_wheels ckanext-envvars && \
|
||||
# Create and update CKAN config
|
||||
# Set timezone
|
||||
echo "UTC" > /etc/timezone && \
|
||||
# Generate CKAN config
|
||||
ckan generate config ${APP_DIR}/production.ini && \
|
||||
ckan config-tool ${APP_DIR}/production.ini "beaker.session.secret = " && \
|
||||
# Configure plugins
|
||||
ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}" && \
|
||||
# Create the data directory
|
||||
mkdir ${DATA_DIR} && \
|
||||
# Webassets can't be loaded from env variables at runtime, it needs to be in the config so that it is created
|
||||
ckan config-tool ${APP_DIR}/production.ini "ckan.webassets.path = ${DATA_DIR}/webassets" && \
|
||||
# Set the default level for extensions to INFO
|
||||
ckan config-tool ${APP_DIR}/production.ini -s logger_ckanext -e level=INFO && \
|
||||
# Change ownership to app user
|
||||
chown -R ckan:ckan /srv/app
|
||||
|
||||
# Remove wheels
|
||||
RUN rm -rf /srv/app/wheels /srv/app/ext_wheels
|
||||
|
||||
# Copy necessary scripts
|
||||
COPY setup/app ${APP_DIR}
|
||||
|
||||
WORKDIR ${APP_DIR}
|
||||
|
||||
# Create entrypoint directory for children image scripts
|
||||
ONBUILD RUN mkdir docker-entrypoint.d
|
||||
|
||||
# Create afterinit directory for children image scripts
|
||||
ONBUILD RUN mkdir docker-afterinit.d
|
||||
|
||||
EXPOSE 5000
|
||||
|
||||
HEALTHCHECK --interval=10s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1
|
||||
|
||||
USER ckan
|
||||
|
||||
CMD ["/srv/app/start_ckan.sh"]
|
|
@ -0,0 +1,242 @@
|
|||
##################
|
||||
### Build CKAN ###
|
||||
##################
|
||||
FROM ubuntu:focal-20210827 as ckanbuild
|
||||
|
||||
# Used by Github Actions to tag the image with
|
||||
ENV IMAGE_TAG=2.9.7-focal
|
||||
|
||||
# Set CKAN version to build
|
||||
ENV GIT_URL=https://github.com/ckan/ckan.git
|
||||
ENV GIT_BRANCH=ckan-2.10.2
|
||||
|
||||
# Set timezone
|
||||
ENV TZ=UTC
|
||||
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
|
||||
|
||||
# Set Locale
|
||||
ENV LC_ALL=en_US.UTF-8
|
||||
|
||||
# Set src dirs
|
||||
ENV SRC_DIR=/srv/app/src
|
||||
ENV PIP_SRC=${SRC_DIR}
|
||||
|
||||
WORKDIR ${SRC_DIR}
|
||||
|
||||
# Set the locale
|
||||
RUN apt-get update
|
||||
RUN apt-get install --no-install-recommends -y locales
|
||||
RUN sed -i "/$LC_ALL/s/^# //g" /etc/locale.gen
|
||||
RUN dpkg-reconfigure --frontend=noninteractive locales
|
||||
RUN update-locale LANG=${LC_ALL}
|
||||
|
||||
# Instal apt-utils
|
||||
RUN apt-get install --no-install-recommends -y \
|
||||
apt-utils
|
||||
|
||||
# Packages to build CKAN requirements and plugins
|
||||
RUN apt-get install --no-install-recommends -y \
|
||||
git \
|
||||
curl \
|
||||
ca-certificates \
|
||||
python3 \
|
||||
libpq-dev \
|
||||
linux-headers-generic \
|
||||
gcc-10 \
|
||||
make \
|
||||
g++-10 \
|
||||
autoconf \
|
||||
automake \
|
||||
libtool \
|
||||
patch \
|
||||
libpcre3-dev \
|
||||
libpcre3 \
|
||||
python3-dev \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev
|
||||
|
||||
# Use gcc 10
|
||||
RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 100 --slave /usr/bin/g++ g++ /usr/bin/g++-10 --slave /usr/bin/gcov gcov /usr/bin/gcov-10 --slave /usr/bin/x86_64-linux-gnu-gcc x86_64-linux-gnu-gcc /usr/bin/x86_64-linux-gnu-gcc-10
|
||||
|
||||
# Link python to python3
|
||||
RUN ln -s /usr/bin/python3 /usr/bin/python
|
||||
|
||||
# Create the src directory
|
||||
RUN mkdir -p ${SRC_DIR}
|
||||
|
||||
# Install pip
|
||||
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||
python ${SRC_DIR}/get-pip.py
|
||||
|
||||
# Downgrade setuptools so that CKAN requirements can be built
|
||||
RUN pip install setuptools==44.1.0
|
||||
|
||||
# Fetch and build CKAN and requirements
|
||||
RUN pip install -e git+${GIT_URL}@${GIT_BRANCH}#egg=ckan
|
||||
# Copy patches and apply patches script
|
||||
COPY ./patches ${SRC_DIR}/patches
|
||||
COPY ./scripts/apply_ckan_patches.sh ${SRC_DIR}/apply_ckan_patches.sh
|
||||
# Apply patches
|
||||
RUN ${SRC_DIR}/apply_ckan_patches.sh
|
||||
RUN rm -rf /srv/app/src/ckan/.git
|
||||
RUN pip wheel --wheel-dir=/wheels -r ckan/requirements.txt
|
||||
RUN pip wheel --wheel-dir=/wheels uWSGI==2.0.20 gevent==22.10.2 greenlet==2.0.2
|
||||
|
||||
###########################
|
||||
### Default-Extensions ####
|
||||
###########################
|
||||
FROM ubuntu:focal-20210827 as extbuild
|
||||
|
||||
# Set src dirs
|
||||
ENV SRC_DIR=/srv/app/src
|
||||
ENV PIP_SRC=${SRC_DIR}
|
||||
|
||||
# List of default extensions
|
||||
ENV DEFAULT_EXTENSIONS envvars
|
||||
|
||||
# Locations and tags, please use specific tags or revisions
|
||||
ENV ENVVARS_GIT_URL=https://github.com/okfn/ckanext-envvars
|
||||
ENV ENVVARS_GIT_BRANCH=0.0.1
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install --no-install-recommends -y \
|
||||
git \
|
||||
curl \
|
||||
ca-certificates \
|
||||
python3 \
|
||||
python3-dev
|
||||
|
||||
# Link python to python3
|
||||
RUN ln -s /usr/bin/python3 /usr/bin/python
|
||||
|
||||
# Create the src directory
|
||||
RUN mkdir -p ${SRC_DIR}
|
||||
|
||||
# Install pip
|
||||
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||
python ${SRC_DIR}/get-pip.py
|
||||
|
||||
# Downgrade setuptools so that CKAN requirements can be built
|
||||
RUN pip install setuptools==44.1.0
|
||||
|
||||
# Fetch and build the default CKAN extensions
|
||||
RUN pip wheel --wheel-dir=/wheels git+${ENVVARS_GIT_URL}@${ENVVARS_GIT_BRANCH}#egg=ckanext-envvars
|
||||
|
||||
############
|
||||
### MAIN ###
|
||||
############
|
||||
FROM ubuntu:focal-20210827
|
||||
|
||||
LABEL maintainer="Keitaro Inc <info@keitaro.com>"
|
||||
LABEL org.opencontainers.image.source https://github.com/keitaroinc/docker-ckan
|
||||
|
||||
# Set timezone
|
||||
ENV TZ=UTC
|
||||
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
|
||||
|
||||
# Set Locale
|
||||
ENV LC_ALL=en_US.UTF-8
|
||||
|
||||
# Set the locale
|
||||
RUN apt-get update && \
|
||||
apt-get install --no-install-recommends -y locales && \
|
||||
sed -i "/$LC_ALL/s/^# //g" /etc/locale.gen && \
|
||||
dpkg-reconfigure --frontend=noninteractive locales && \
|
||||
update-locale LANG=${LC_ALL} && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ENV APP_DIR=/srv/app
|
||||
ENV SRC_DIR=/srv/app/src
|
||||
ENV CKAN_DIR=${SRC_DIR}/ckan
|
||||
ENV DATA_DIR=/srv/app/data
|
||||
ENV PIP_SRC=${SRC_DIR}
|
||||
ENV CKAN_SITE_URL=http://localhost:5000
|
||||
ENV CKAN__PLUGINS envvars image_view text_view recline_view datastore datapusher
|
||||
|
||||
# Install necessary packages to run CKAN
|
||||
RUN apt-get update && \
|
||||
apt-get install --no-install-recommends -y \
|
||||
gettext \
|
||||
curl \
|
||||
ca-certificates \
|
||||
libpq5 \
|
||||
git \
|
||||
postgresql-client \
|
||||
python3 \
|
||||
python3-distutils \
|
||||
libpython3.8 \
|
||||
libmagic1 \
|
||||
libpcre3 \
|
||||
libxslt1.1 \
|
||||
libxml2 \
|
||||
tzdata \
|
||||
apache2-utils && \
|
||||
rm -rf /var/lib/apt/lists/* && \
|
||||
# Create SRC_DIR
|
||||
mkdir -p ${SRC_DIR} && \
|
||||
# Link python to python3
|
||||
ln -s /usr/bin/python3 /usr/bin/python
|
||||
|
||||
# Install pip
|
||||
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||
python ${SRC_DIR}/get-pip.py
|
||||
|
||||
# Downgrade setuptools so that CKAN requirements can be built
|
||||
RUN pip install setuptools==44.1.0
|
||||
|
||||
# Get artifacts from build stages
|
||||
COPY --from=ckanbuild /wheels /srv/app/wheels
|
||||
COPY --from=extbuild /wheels /srv/app/ext_wheels
|
||||
COPY --from=ckanbuild /srv/app/src/ckan ${CKAN_DIR}
|
||||
|
||||
# Additional install steps for build stages artifacts
|
||||
RUN pip install --no-index --find-links=/srv/app/wheels uWSGI==2.0.20 gevent==22.10.2
|
||||
|
||||
# Create a local user and group to run the app
|
||||
RUN groupadd -g 92 ckan && \
|
||||
useradd -rm -d /srv/app -s /bin/bash -g ckan -u 92 ckan
|
||||
|
||||
WORKDIR ${CKAN_DIR}
|
||||
|
||||
# Install CKAN
|
||||
RUN pip install -e /srv/app/src/ckan && \
|
||||
cp who.ini ${APP_DIR} && \
|
||||
pip install --no-index --find-links=/srv/app/wheels -r requirements.txt && \
|
||||
# Install default CKAN extensions
|
||||
pip install --no-index --find-links=/srv/app/ext_wheels ckanext-envvars && \
|
||||
# Create and update CKAN config
|
||||
# Generate CKAN config
|
||||
ckan generate config ${APP_DIR}/production.ini && \
|
||||
# Configure plugins
|
||||
ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}" && \
|
||||
# Create the data directory
|
||||
mkdir ${DATA_DIR} && \
|
||||
# Webassets can't be loaded from env variables at runtime, it needs to be in the config so that it is created
|
||||
ckan config-tool ${APP_DIR}/production.ini "ckan.webassets.path = ${DATA_DIR}/webassets" && \
|
||||
# Set the default level for extensions to INFO
|
||||
ckan config-tool ${APP_DIR}/production.ini -s logger_ckanext -e level=INFO && \
|
||||
# Change ownership to app user
|
||||
chown -R ckan:ckan /srv/app
|
||||
|
||||
# Remove wheels
|
||||
RUN rm -rf /srv/app/wheels /srv/app/ext_wheels
|
||||
|
||||
# Copy necessary scripts
|
||||
COPY setup/app ${APP_DIR}
|
||||
|
||||
WORKDIR ${APP_DIR}
|
||||
|
||||
# Create entrypoint directory for children image scripts
|
||||
ONBUILD RUN mkdir docker-entrypoint.d
|
||||
|
||||
# Create afterinit directory for children image scripts
|
||||
ONBUILD RUN mkdir docker-afterinit.d
|
||||
|
||||
EXPOSE 5000
|
||||
|
||||
HEALTHCHECK --interval=10s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1
|
||||
|
||||
USER ckan
|
||||
|
||||
CMD ["/srv/app/start_ckan.sh"]
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
shopt -s nullglob
|
||||
for patch in patches/*.patch; do
|
||||
/usr/bin/patch -p0 -i $patch
|
||||
done
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
# this is called before uwsgi is executed
|
||||
# uset his to add extra scripts before ckan is started
|
|
@ -0,0 +1,25 @@
|
|||
<!--
|
||||
Copyright (c) 2016 Keitaro AB
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>Maintenance</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Maintenance</h1>
|
||||
<p>Our data portal is currently in maintenance, please try in a while.</p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,25 @@
|
|||
<!--
|
||||
Copyright (c) 2016 Keitaro AB
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>Maintenance</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Maintenance</h1>
|
||||
<p>Our data portal is currently in maintenance, please try in a while.</p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,35 @@
|
|||
"""
|
||||
Copyright (c) 2016 Keitaro AB
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
"""
|
||||
|
||||
from http.server import ThreadingHTTPServer, SimpleHTTPRequestHandler
|
||||
import os
|
||||
|
||||
PORT = 5000
|
||||
|
||||
web_dir = os.path.join(os.path.dirname(__file__))
|
||||
os.chdir(web_dir)
|
||||
|
||||
|
||||
def run(server_class=ThreadingHTTPServer, handler_class=SimpleHTTPRequestHandler):
|
||||
server_address = ("0.0.0.0", PORT)
|
||||
httpd = server_class(server_address, handler_class)
|
||||
print("Starting maintenance mode")
|
||||
httpd.serve_forever()
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
run()
|
||||
|
|
@ -0,0 +1,230 @@
|
|||
"""
|
||||
Copyright (c) 2016 Keitaro AB
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
"""
|
||||
|
||||
import os
|
||||
import sys
|
||||
import subprocess
|
||||
import psycopg2
|
||||
from sqlalchemy.engine.url import make_url
|
||||
import urllib.request, urllib.error, urllib.parse
|
||||
import re
|
||||
import json
|
||||
|
||||
import time
|
||||
|
||||
ckan_ini = os.environ.get('CKAN_INI', '/srv/app/production.ini')
|
||||
|
||||
RETRY = 5
|
||||
|
||||
def check_db_connection(retry=None):
|
||||
|
||||
print('[prerun] Start check_db_connection...')
|
||||
|
||||
if retry is None:
|
||||
retry = RETRY
|
||||
elif retry == 0:
|
||||
print('[prerun] Giving up after 5 tries...')
|
||||
sys.exit(1)
|
||||
|
||||
conn_str = os.environ.get('CKAN_SQLALCHEMY_URL', '')
|
||||
try:
|
||||
db_user = make_url(conn_str).username
|
||||
db_passwd = make_url(conn_str).password
|
||||
db_host = make_url(conn_str).host
|
||||
db_name = make_url(conn_str).database
|
||||
connection = psycopg2.connect(user=db_user,
|
||||
host=db_host,
|
||||
password=db_passwd,
|
||||
database=db_name)
|
||||
|
||||
except psycopg2.Error as e:
|
||||
print((str(e)))
|
||||
print('[prerun] Unable to connect to the database...try again in a while.')
|
||||
import time
|
||||
time.sleep(10)
|
||||
check_db_connection(retry = retry - 1)
|
||||
else:
|
||||
connection.close()
|
||||
|
||||
def check_solr_connection(retry=None):
|
||||
|
||||
print('[prerun] Start check_solr_connection...')
|
||||
|
||||
if retry is None:
|
||||
retry = RETRY
|
||||
elif retry == 0:
|
||||
print('[prerun] Giving up after 5 tries...')
|
||||
sys.exit(1)
|
||||
|
||||
url = os.environ.get('CKAN_SOLR_URL', '')
|
||||
username = os.environ.get('SOLR_ADMIN_USERNAME', 'admin')
|
||||
password = os.environ.get('SOLR_ADMIN_PASSWORD', 'pass')
|
||||
search_url = '{url}/schema/name?wt=json'.format(url=url)
|
||||
|
||||
try:
|
||||
if not username:
|
||||
connection = urllib.request.urlopen(search_url)
|
||||
else:
|
||||
passman = urllib.request.HTTPPasswordMgrWithDefaultRealm()
|
||||
passman.add_password(None, search_url, username, password)
|
||||
authhandler = urllib.request.HTTPBasicAuthHandler(passman)
|
||||
opener = urllib.request.build_opener(authhandler)
|
||||
urllib.request.install_opener(opener)
|
||||
connection = urllib.request.urlopen(search_url)
|
||||
except urllib.error.URLError as e:
|
||||
print('[prerun] Unable to connect to solr...try again in a while.')
|
||||
import time
|
||||
time.sleep(10)
|
||||
check_solr_connection(retry = retry - 1)
|
||||
else:
|
||||
import re
|
||||
conn_info = connection.read()
|
||||
schema_name = json.loads(conn_info)
|
||||
if 'ckan' in schema_name['name']:
|
||||
print('[prerun] Succesfully connected to solr and CKAN schema loaded')
|
||||
else:
|
||||
print('[prerun] Succesfully connected to solr, but CKAN schema not found')
|
||||
sys.exit(1)
|
||||
|
||||
def init_db():
|
||||
|
||||
print('[prerun] Start init_db...')
|
||||
|
||||
db_command = ['ckan', '-c', ckan_ini, 'db', 'init']
|
||||
|
||||
print('[prerun] Initializing or upgrading db - start using ckan db init')
|
||||
try:
|
||||
# run init scripts
|
||||
subprocess.check_output(db_command, stderr=subprocess.STDOUT)
|
||||
|
||||
print('[prerun] Initializing or upgrading db - end')
|
||||
except subprocess.CalledProcessError as e:
|
||||
if 'OperationalError' in str(e.output):
|
||||
print(e.output.decode('utf-8'))
|
||||
print('[prerun] Database not ready, waiting a bit before exit...')
|
||||
import time
|
||||
time.sleep(5)
|
||||
sys.exit(1)
|
||||
else:
|
||||
print(e.output.decode('utf-8'))
|
||||
raise e
|
||||
print('[prerun] Initializing or upgrading db - finish')
|
||||
|
||||
|
||||
def init_datastore():
|
||||
|
||||
conn_str = os.environ.get('CKAN_DATASTORE_WRITE_URL')
|
||||
if not conn_str:
|
||||
print('[prerun] Skipping datastore initialization')
|
||||
return
|
||||
|
||||
datastore_perms_command = ['ckan', '-c', ckan_ini, 'datastore',
|
||||
'set-permissions']
|
||||
|
||||
db_user = make_url(conn_str).username
|
||||
db_passwd = make_url(conn_str).password
|
||||
db_host = make_url(conn_str).host
|
||||
db_name = make_url(conn_str).database
|
||||
connection = psycopg2.connect(user=db_user,
|
||||
host=db_host,
|
||||
password=db_passwd,
|
||||
database=db_name)
|
||||
cursor = connection.cursor()
|
||||
|
||||
print('[prerun] Initializing datastore db - start')
|
||||
try:
|
||||
datastore_perms = subprocess.Popen(
|
||||
datastore_perms_command,
|
||||
stdout=subprocess.PIPE)
|
||||
|
||||
perms_sql = datastore_perms.stdout.read()
|
||||
perms_sql = perms_sql.decode('utf-8')
|
||||
perms_sql = perms_sql.replace("@"+db_host, "")
|
||||
# Remove internal pg command as psycopg2 does not like it
|
||||
perms_sql = re.sub('\\\\connect \"(.*)\"', '', perms_sql)
|
||||
cursor.execute(perms_sql)
|
||||
for notice in connection.notices:
|
||||
print(notice)
|
||||
|
||||
connection.commit()
|
||||
|
||||
print('[prerun] Initializing datastore db - end')
|
||||
print((datastore_perms.stdout.read()))
|
||||
except psycopg2.Error as e:
|
||||
print('[prerun] Could not initialize datastore')
|
||||
print(e.decode('utf-8'))
|
||||
|
||||
except subprocess.CalledProcessError as e:
|
||||
if 'OperationalError' in str(e.output):
|
||||
print(e.output.decode('utf-8'))
|
||||
print('[prerun] Database not ready, waiting a bit before exit...')
|
||||
time.sleep(5)
|
||||
sys.exit(1)
|
||||
else:
|
||||
print(e.output.decode('utf-8'))
|
||||
raise e
|
||||
finally:
|
||||
cursor.close()
|
||||
connection.close()
|
||||
|
||||
|
||||
def create_sysadmin():
|
||||
|
||||
print('[prerun] Start create_sysadmin...')
|
||||
|
||||
name = os.environ.get('CKAN_SYSADMIN_NAME')
|
||||
password = os.environ.get('CKAN_SYSADMIN_PASSWORD')
|
||||
email = os.environ.get('CKAN_SYSADMIN_EMAIL')
|
||||
|
||||
if name and password and email:
|
||||
|
||||
# Check if user exists
|
||||
command = ['ckan', '-c', ckan_ini, 'user', 'show', name]
|
||||
|
||||
out = subprocess.check_output(command)
|
||||
if 'User:None' not in re.sub(r'\s', '', out.decode('utf-8')):
|
||||
print('[prerun] Sysadmin user exists, skipping creation')
|
||||
return
|
||||
|
||||
# Create user
|
||||
command = ['ckan', '-c', ckan_ini, 'user', 'add',
|
||||
name,
|
||||
'password=' + password,
|
||||
'email=' + email]
|
||||
|
||||
subprocess.call(command)
|
||||
print(('[prerun] Created user {0}'.format(name)))
|
||||
|
||||
# Make it sysadmin
|
||||
command = ['ckan', '-c', ckan_ini, 'sysadmin', 'add',
|
||||
name]
|
||||
|
||||
subprocess.call(command)
|
||||
print(('[prerun] Made user {0} a sysadmin'.format(name)))
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
maintenance = os.environ.get('MAINTENANCE_MODE', '').lower() == 'true'
|
||||
|
||||
if maintenance:
|
||||
print('[prerun] Maintenance mode, skipping setup...')
|
||||
else:
|
||||
check_db_connection()
|
||||
check_solr_connection()
|
||||
init_db()
|
||||
if os.environ.get('CKAN_DATASTORE_WRITE_URL'):
|
||||
init_datastore()
|
||||
create_sysadmin()
|
|
@ -0,0 +1,78 @@
|
|||
#!/bin/bash
|
||||
# Run any startup scripts provided by images extending this one
|
||||
if [[ -d "${APP_DIR}/docker-entrypoint.d" ]]
|
||||
then
|
||||
for f in ${APP_DIR}/docker-entrypoint.d/*; do
|
||||
case "$f" in
|
||||
*.sh) echo "$0: Running init file $f"; . "$f" ;;
|
||||
*.py) echo "$0: Running init file $f"; python "$f"; echo ;;
|
||||
*) echo "$0: Ignoring $f (not an sh or py file)" ;;
|
||||
esac
|
||||
echo
|
||||
done
|
||||
fi
|
||||
|
||||
# Add session secret from chart
|
||||
if [[ -z $BEAKER_SESSION_SECRET || -v $BEAKER_SESSION_SECRET || -z $JWT_ENCODE_SECRET || -v $JWT_ENCODE_SECRET || -z $JWT_DECODE_SECRET || -v $JWT_DECODE_SECRET ]];then
|
||||
echo "Not all environment variables are set. Generating sessions..."
|
||||
else
|
||||
echo "Setting session secrets from environment variables"
|
||||
ckan config-tool $APP_DIR/production.ini "beaker.session.secret=$BEAKER_SESSION_SECRET"
|
||||
ckan config-tool $APP_DIR/production.ini "api_token.jwt.encode.secret=$JWT_ENCODE_SECRET"
|
||||
ckan config-tool $APP_DIR/production.ini "api_token.jwt.decode.secret=$JWT_DECODE_SECRET"
|
||||
fi
|
||||
|
||||
if grep -E "beaker.session.secret ?= ?$" $APP_DIR/production.ini
|
||||
then
|
||||
echo "Setting secrets in ini file"
|
||||
ckan config-tool $APP_DIR/production.ini "beaker.session.secret=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
|
||||
ckan config-tool $APP_DIR/production.ini "WTF_CSRF_SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
|
||||
JWT_SECRET=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')
|
||||
ckan config-tool $APP_DIR/production.ini "api_token.jwt.encode.secret=$JWT_SECRET"
|
||||
ckan config-tool $APP_DIR/production.ini "api_token.jwt.decode.secret=$JWT_SECRET"
|
||||
fi
|
||||
|
||||
echo "Starting UWSGI with '${UWSGI_PROC_NO:-2}' workers"
|
||||
UWSGI_OPTS="--socket /tmp/uwsgi.sock --uid ckan --gid ckan --http :5000 --master --enable-threads --wsgi-file /srv/app/wsgi.py --module wsgi:application --lazy-apps --gevent 2000 -p ${UWSGI_PROC_NO:-2} -L --gevent-early-monkey-patch --vacuum --harakiri 50 --callable application"
|
||||
|
||||
# Run the prerun script to init CKAN and create the default admin user
|
||||
python prerun.py || { echo '[CKAN prerun] FAILED. Exiting...' ; exit 1; }
|
||||
|
||||
# Check if we are in maintenance mode and if yes serve the maintenance pages
|
||||
if [ "$MAINTENANCE_MODE" = true ]; then PYTHONUNBUFFERED=1 python maintenance/serve.py; fi
|
||||
|
||||
# Run any after prerun/init scripts provided by images extending this one
|
||||
if [[ -d "${APP_DIR}/docker-afterinit.d" ]]
|
||||
then
|
||||
for f in ${APP_DIR}/docker-afterinit.d/*; do
|
||||
case "$f" in
|
||||
*.sh) echo "$0: Running after prerun init file $f"; . "$f" ;;
|
||||
*.py) echo "$0: Running after prerun init file $f"; python "$f"; echo ;;
|
||||
*) echo "$0: Ignoring $f (not an sh or py file)" ;;
|
||||
esac
|
||||
echo
|
||||
done
|
||||
fi
|
||||
|
||||
# Check whether http basic auth password protection is enabled and enable basicauth routing on uwsgi respecfully
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
if [ "$PASSWORD_PROTECT" = true ]
|
||||
then
|
||||
if [ "$HTPASSWD_USER" ] || [ "$HTPASSWD_PASSWORD" ]
|
||||
then
|
||||
# Generate htpasswd file for basicauth
|
||||
htpasswd -d -b -c /srv/app/.htpasswd $HTPASSWD_USER $HTPASSWD_PASSWORD
|
||||
# Start uwsgi with basicauth
|
||||
uwsgi --ini /srv/app/uwsgi.conf --pcre-jit $UWSGI_OPTS
|
||||
else
|
||||
echo "Missing HTPASSWD_USER or HTPASSWD_PASSWORD environment variables. Exiting..."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
# Start uwsgi
|
||||
uwsgi $UWSGI_OPTS
|
||||
fi
|
||||
else
|
||||
echo "[prerun] failed...not starting CKAN."
|
||||
fi
|
|
@ -0,0 +1,2 @@
|
|||
[uwsgi]
|
||||
route = ^(?!/api).*$ basicauth:Restricted,/srv/app/.htpasswd
|
|
@ -0,0 +1,28 @@
|
|||
"""
|
||||
Copyright (c) 2016 Keitaro AB
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
"""
|
||||
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import os
|
||||
from ckan.config.middleware import make_app
|
||||
from ckan.cli import CKANConfigLoader
|
||||
from logging.config import fileConfig as loggingFileConfig
|
||||
config_filepath = os.path.join(
|
||||
os.path.dirname(os.path.abspath(__file__)), u'production.ini')
|
||||
abspath = os.path.join(os.path.dirname(os.path.abspath(__file__)))
|
||||
loggingFileConfig(config_filepath)
|
||||
config = CKANConfigLoader(config_filepath).get_config()
|
||||
application = make_app(config)
|
Loading…
Reference in New Issue