generated from gCubeCI/Pipeline-Docker-Template
Rstudio in a d4science environment.
This commit is contained in:
parent
30e648671b
commit
afc3e4523b
|
@ -0,0 +1,14 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
## Set our dynamic variables in Renviron.site to be reflected by RStudio Server or Shiny Server
|
||||
exclude_vars="HOME PASSWORD RSTUDIO_VERSION BATCH_USER_CREATION"
|
||||
for file in /var/run/s6/container_environment/*
|
||||
do
|
||||
sed -i "/^${file##*/}=/d" ${R_HOME}/etc/Renviron.site
|
||||
regex="(^| )${file##*/}($| )"
|
||||
[[ ! $exclude_vars =~ $regex ]] && echo "${file##*/}=$(cat $file)" >> ${R_HOME}/etc/Renviron.site || echo "skipping $file"
|
||||
done
|
||||
|
||||
## only file-owner (root) should read container_environment files:
|
||||
chmod 600 /var/run/s6/container_environment/*
|
|
@ -0,0 +1,117 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
## Set defaults for environmental variables in case they are undefined
|
||||
DEFAULT_USER=${DEFAULT_USER:-rstudio}
|
||||
USER=${USER:=${DEFAULT_USER}}
|
||||
USERID=${USERID:=1000}
|
||||
GROUPID=${GROUPID:=1000}
|
||||
ROOT=${ROOT:=FALSE}
|
||||
UMASK=${UMASK:=022}
|
||||
LANG=${LANG:=en_US.UTF-8}
|
||||
TZ=${TZ:=Etc/UTC}
|
||||
HOME=/home/${USER}
|
||||
|
||||
bold=$(tput bold)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
if [[ ${DISABLE_AUTH,,} == "true" ]]
|
||||
|
||||
then
|
||||
mv /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
|
||||
echo "USER=$USER" >> /etc/environment
|
||||
fi
|
||||
|
||||
if grep --quiet "auth-none=1" /etc/rstudio/rserver.conf
|
||||
then
|
||||
echo "Skipping authentication as requested"
|
||||
elif [ -z "$PASSWORD" ]
|
||||
then
|
||||
PASSWORD=$(pwgen 16 1)
|
||||
printf "\n\n"
|
||||
tput bold
|
||||
printf "The password is set to \e[31m%s\e[39m\n" "$PASSWORD"
|
||||
printf "If you want to set your own password, set the PASSWORD environment variable. e.g. run with:\n"
|
||||
printf "docker run -e PASSWORD=\e[92m<YOUR_PASS>\e[39m -p 8787:8787 rocker/rstudio\n"
|
||||
tput sgr0
|
||||
printf "\n\n"
|
||||
fi
|
||||
|
||||
if [ "$USERID" -lt 1000 ]
|
||||
# Probably a macOS user, https://github.com/rocker-org/rocker/issues/205
|
||||
then
|
||||
echo "$USERID is less than 1000"
|
||||
check_user_id=$(grep -F "auth-minimum-user-id" /etc/rstudio/rserver.conf)
|
||||
if [[ ! -z $check_user_id ]]
|
||||
then
|
||||
echo "minumum authorised user already exists in /etc/rstudio/rserver.conf: $check_user_id"
|
||||
else
|
||||
echo "setting minumum authorised user to 499"
|
||||
echo auth-minimum-user-id=499 >> /etc/rstudio/rserver.conf
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$USERID" -ne 1000 ]
|
||||
## Configure user with a different USERID if requested.
|
||||
then
|
||||
echo "deleting the default user"
|
||||
userdel $DEFAULT_USER
|
||||
echo "creating new $USER with UID $USERID"
|
||||
useradd -m $USER -u $USERID
|
||||
mkdir -p /home/$USER
|
||||
chown -R $USER /home/$USER
|
||||
usermod -a -G staff $USER
|
||||
elif [ "$USER" != "$DEFAULT_USER" ]
|
||||
then
|
||||
## cannot move home folder when it's a shared volume, have to copy and change permissions instead
|
||||
cp -r /home/$DEFAULT_USER/.??* /home/$USER || true
|
||||
## RENAME the user
|
||||
usermod -l $USER -d /home/$USER $DEFAULT_USER
|
||||
groupmod -n $USER $DEFAULT_USER
|
||||
usermod -a -G staff $USER
|
||||
chown -R $USER:$USER /home/$USER
|
||||
echo "USER is now $USER"
|
||||
fi
|
||||
|
||||
[ "$USER" != "rstudio" ] && rm -fr /home/rstudio
|
||||
|
||||
if [ "$GROUPID" -ne 1000 ]
|
||||
## Configure the primary GID (whether rstudio or $USER) with a different GROUPID if requested.
|
||||
then
|
||||
echo "Modifying primary group $(id $USER -g -n)"
|
||||
groupmod -g $GROUPID $(id $USER -g -n)
|
||||
echo "Primary group ID is now custom_group $GROUPID"
|
||||
fi
|
||||
|
||||
if [[ ${DISABLE_AUTH,,} != "true" ]]
|
||||
then
|
||||
## Add a password to user
|
||||
echo "$USER:$PASSWORD" | chpasswd
|
||||
fi
|
||||
|
||||
# Use Env flag to know if user should be added to sudoers
|
||||
if [[ ${ROOT,,} == "true" ]]
|
||||
then
|
||||
adduser $USER sudo && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||
echo "$USER added to sudoers"
|
||||
fi
|
||||
|
||||
## Change Umask value if desired
|
||||
if [ "$UMASK" -ne 022 ]
|
||||
then
|
||||
echo "server-set-umask=false" >> /etc/rstudio/rserver.conf
|
||||
echo "Sys.umask(mode=$UMASK)" >> /home/$USER/.Rprofile
|
||||
fi
|
||||
|
||||
## Next one for timezone setup
|
||||
if [ "$TZ" != "Etc/UTC" ]
|
||||
then
|
||||
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
|
||||
fi
|
||||
|
||||
## Update Locale if needed
|
||||
if [ "$LANG" != "en_US.UTF-8" ]
|
||||
then
|
||||
/usr/sbin/locale-gen --lang $LANG
|
||||
/usr/sbin/update-locale --reset LANG=$LANG
|
||||
fi
|
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
|
||||
echo "root path: $WWW_ROOT_PATH"
|
||||
|
||||
if [[ ! -z $WWW_ROOT_PATH ]]
|
||||
then
|
||||
echo "Set www-root-path to $WWW_ROOT_PATH"
|
||||
echo "www-root-path=$WWW_ROOT_PATH" >> /etc/rstudio/rserver.conf
|
||||
else
|
||||
echo "Not setting www-root-path"
|
||||
fi
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
|
||||
printenv >> /etc/R/Renviron.site
|
||||
|
||||
printenv > /home/$USER/.Renviron
|
|
@ -0,0 +1,13 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
|
||||
echo "session-timeout-minutes=7200" >> /etc/rstudio/rsession.conf
|
||||
echo "session-disconnected-timeout-minutes=1440" >> /etc/rstudio/rsession.conf
|
||||
echo "session-quit-child-processes-on-exit=0" >> /etc/rstudio/rsession.conf
|
||||
#echo "session-default-working-dir=~" >> /etc/rstudio/rsession.conf
|
||||
#echo "session-default-new-project-dir=~" >> /etc/rstudio/rsession.conf
|
||||
#echo "session-save-action-default=yes" >> /etc/rstudio/rsession.conf
|
||||
echo "allow-shell=0" >> /etc/rstudio/rsession.conf
|
||||
#echo "allow-terminal-websockets=1" >> /etc/rstudio/rsession.conf
|
||||
echo "limit-cpu-time-minutes=0" >> /etc/rstudio/rsession.conf
|
||||
echo "limit-file-upload-size-mb=0" >> /etc/rstudio/rsession.conf
|
||||
#echo "limit-xfs-disk-quota=no" >> /etc/rstudio/rsession.conf
|
|
@ -0,0 +1,24 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<configuration scan="true" scanPeriod="60 seconds" debug="false">
|
||||
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
|
||||
<file>/var/log/workspace-lib/fuse-workspace.log</file>
|
||||
<append>true</append>
|
||||
<encoder>
|
||||
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{0}: %msg%n
|
||||
</pattern>
|
||||
</encoder>
|
||||
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
||||
<fileNamePattern>./var/log/workspace-lib/fuse-workspace.log%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<maxHistory>30</maxHistory>
|
||||
<maxFileSize>10MB</maxFileSize>
|
||||
<totalSizeCap>100MB</totalSizeCap>
|
||||
</rollingPolicy>
|
||||
</appender>
|
||||
|
||||
<logger name="org.gcube.data.access.storagehub.fs" level="WARN" />
|
||||
<logger name="org.gcube" level="WARN" />
|
||||
|
||||
<root level="WARN">
|
||||
<appender-ref ref="FILE" />
|
||||
</root>
|
||||
</configuration>
|
|
@ -0,0 +1,54 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
|
||||
# Functions that decode a JWT token
|
||||
_decode_base64_url() {
|
||||
local len=$((${#1} % 4))
|
||||
local result="$1"
|
||||
if [ $len -eq 2 ]; then result="$1"'=='
|
||||
elif [ $len -eq 3 ]; then result="$1"'='
|
||||
fi
|
||||
echo "$result" | tr '_-' '/+' | base64 -d
|
||||
}
|
||||
|
||||
# $1 => JWT to decode
|
||||
# $2 => either 1 for header or 2 for body (default is 2)
|
||||
decode_jwt() { _decode_base64_url $(echo -n $1 | cut -d "." -f ${2:-2}) | jq .; }
|
||||
|
||||
_workspace_scope="/d4science.research-infrastructures.eu"
|
||||
echo "Manage the user's workspace"
|
||||
workspace_dir='/workspace'
|
||||
workspace_logdir='/var/log/workspace-lib'
|
||||
workspace_libdir='/opt/workspace-lib'
|
||||
workspace_fuse_jar="$workspace_libdir/fuse-workspace.jar"
|
||||
|
||||
[[ ! -d "$workspace_dir" ]] || [[ -z `ls -A "$workspace_dir"` ]] || mv $workspace_dir ${workspace_dir}.old
|
||||
|
||||
mkdir -p $workspace_dir
|
||||
chown ${USER}:${USER} $workspace_dir
|
||||
chown -R ${USER}:${USER} $workspace_logdir
|
||||
chmod 444 $workspace_fuse_jar
|
||||
|
||||
_retval=
|
||||
if [ -d /home/${USER}/workspace ]; then
|
||||
rmdir /home/${USER}/workspace
|
||||
_retval=$?
|
||||
if [ $_retval -ne 0 ]; then
|
||||
echo "The user has a directory named 'workspace' inside their home directory and it is not empty."
|
||||
echo "Not starting the workspace mount"
|
||||
exit $_retval
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Mount the workspace"
|
||||
su - "$USER" -c "/usr/bin/java -cp .:${workspace_dir}:${workspace_logdir}/ -Dlogback.configurationFile=${workspace_logdir}/logback.xml -jar $workspace_fuse_jar $SHINYPROXY_OIDC_ACCESS_TOKEN ${_workspace_scope} $workspace_dir" >/dev/null 2>&1 &
|
||||
|
||||
_retval=
|
||||
_fuse_process=$(ps auwwx | grep fuse | grep java)
|
||||
_retval=$?
|
||||
if [ $_retval -ne 0 ]; then
|
||||
echo "The mount of the workspace failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ln -sf $workspace_dir /home/${USER}/workspace
|
||||
exit 0
|
|
@ -0,0 +1,39 @@
|
|||
FROM d4science/r-studio-requirement
|
||||
|
||||
LABEL org.d4science.image.licenses="EUPL-1.2" \
|
||||
org.d4science.image.source="https://code-repo.d4science.org/gCubeSystem/r-studio-requirement" \
|
||||
org.d4science.image.vendor="D4Science <https://www.d4science.org>" \
|
||||
org.d4science.image.authors="Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>, Roberto Cirillo <roberto.cirillo@isti.cnr.it>" \
|
||||
org.d4science.image.r_version="2022.02.1+461"
|
||||
|
||||
ENV S6_VERSION=v2.1.0.2
|
||||
ENV RSTUDIO_VERSION=2022.02.1+461
|
||||
ENV DEFAULT_USER=rstudio
|
||||
ENV PANDOC_VERSION=default
|
||||
ENV PATH=/usr/lib/rstudio-server/bin:$PATH
|
||||
|
||||
RUN /rocker_scripts/install_rstudio.sh
|
||||
|
||||
# This part comes from https://github.com/openanalytics/shinyproxy-rstudio-ide-demo/blob/master/Dockerfile
|
||||
RUN echo "www-frame-origin=same" >> /etc/rstudio/disable_auth_rserver.conf
|
||||
RUN echo "www-verify-user-agent=0" >> /etc/rstudio/disable_auth_rserver.conf
|
||||
|
||||
ADD 01_set_env.sh /etc/cont-init.d/01_set_env
|
||||
ADD 02_userconf.sh /etc/cont-init.d/02_userconf
|
||||
ADD 03_setup_root_path.sh /etc/cont-init.d/03_setup_root_path
|
||||
|
||||
# By default RStudio does not give access to all enviornment variables defined in the container (e.g. using ShinyProxy).
|
||||
# Uncomment the next line, to change this behavior.
|
||||
#ADD 04_copy_env.sh /etc/cont-init.d/04_copy_env
|
||||
ADD 05_setup_rsession_parameters.sh /etc/cont-init.d/05_setup_rsession_parameters
|
||||
|
||||
# Prepare the workspace environment
|
||||
RUN mkdir -p /opt/workspace-lib
|
||||
RUN mkdir /var/log/workspace-lib
|
||||
ADD https://maven.d4science.org/nexus/content/repositories/gcube-snapshots/org/gcube/data-access/sh-fuse-integration/2.0.0-SNAPSHOT/sh-fuse-integration-2.0.0-20211005.090627-1-jar-with-dependencies.jar /opt/workspace-lib/fuse-workspace.jar
|
||||
ADD 06_workspace_mount.sh /etc/cont-init.d/06_workspace_mount
|
||||
ADD 06-fuse-logback.xml /opt/workspace-lib/logback.xml
|
||||
|
||||
EXPOSE 8787
|
||||
|
||||
CMD ["/init"]
|
Loading…
Reference in New Issue