diff --git a/.gitignore b/.gitignore index 4c93194..373444e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # The environment file. .env +docker-compose.override.yml # The downloaded volumes /volumes/ diff --git a/README.md b/README.md index dc8ee3d..6e5c042 100644 --- a/README.md +++ b/README.md @@ -53,12 +53,11 @@ $ ls volumes/ postgres irods ``` -TODO: describe configuration +Then copy the example configuration to `.env` and adjust it. + ```bash -$ cp env.sodar.example env.sodar -$ $EDIT env.sodar -$ cp env.sodar-taskflow.example env.sodar-taskflow -$ $EDIT env.sodar-taskflow +$ cp env.example .env +$ $EDIT .env ``` ### 3. Bring up the site diff --git a/config/irods/unattended_config.json.example b/config/irods/unattended_config.json.example deleted file mode 100644 index 59568f6..0000000 --- a/config/irods/unattended_config.json.example +++ /dev/null @@ -1,313 +0,0 @@ -{ - "id": "file:///var/lib/irods/configuration_schemas/v3/unattended_installation.json", - "$schema": "http://json-schema.org/draft-04/schema#", - "admin_password": "rods", - "resources": [], - "server_config": { - "advanced_settings": { - "default_log_rotation_in_days": 5, - "default_number_of_transfer_threads": 4, - "default_temporary_password_lifetime_in_seconds": 120, - "maximum_number_of_concurrent_rule_engine_server_processes": 4, - "maximum_size_for_single_buffer_in_megabytes": 32, - "maximum_temporary_password_lifetime_in_seconds": 1000, - "rule_engine_server_execution_time_in_seconds": 120, - "rule_engine_server_sleep_time_in_seconds": 30, - "transfer_buffer_size_for_parallel_transfer_in_megabytes": 4, - "transfer_chunk_size_for_parallel_transfer_in_megabytes": 40 - }, - "catalog_provider_hosts": [ - "irods" - ], - "catalog_service_role": "provider", - "default_dir_mode": "0750", - "default_file_mode": "0600", - "default_hash_scheme": "MD5", - "default_resource_name": "demoResc", - "environment_variables": { - "IRODS_DATABASE_USER_PASSWORD_SALT": "CHANGEMEchangemeCHANGEMEchangeme" - }, - "federation": [], - "match_hash_policy": "compatible", - "negotiation_key": "CHANGEMEchangemeCHANGEMEchangeme", - "plugin_configuration": { - "authentication": {}, - "database": { - "postgres": { - "db_host": "postgres", - "db_name": "ICAT", - "db_odbc_driver": "PostgreSQL", - "db_password": "password", - "db_port": 5432, - "db_username": "postgres" - } - }, - "network": {}, - "resource": {}, - "rule_engines": [ - { - "instance_name": "irods_rule_engine_plugin-irods_rule_language-instance", - "plugin_name": "irods_rule_engine_plugin-irods_rule_language", - "plugin_specific_configuration": { - "re_data_variable_mapping_set": [ - "core" - ], - "re_function_name_mapping_set": [ - "core" - ], - "re_rulebase_set": [ - "core" - ], - "regexes_for_supported_peps": [ - "ac[^ ]*", - "msi[^ ]*", - "[^ ]*pep_[^ ]*_(pre|post|except)" - ] - }, - "shared_memory_instance": "irods_rule_language_rule_engine" - }, - { - "instance_name": "irods_rule_engine_plugin-cpp_default_policy-instance", - "plugin_name": "irods_rule_engine_plugin-cpp_default_policy", - "plugin_specific_configuration": {} - } - ] - }, - "rule_engine_namespaces": [ - "" - ], - "schema_name": "server_config", - "schema_validation_base_uri": "file:///var/lib/irods/configuration_schemas", - "schema_version": "v3", - "server_control_plane_encryption_algorithm": "AES-256-CBC", - "server_control_plane_encryption_num_hash_rounds": 16, - "server_control_plane_key": "{{ irods_control_plane_key }}", - "server_control_plane_port": 1248, - "server_control_plane_timeout_milliseconds": 10000, - "server_port_range_end": 20199, - "server_port_range_start": 20000, - "xmsg_port": 1279, - "zone_auth_scheme": "native", - "zone_key": "CHANGEMEchangemeCHANGEMEchangeme", - "zone_name": "CHANGEMEchangemeCHANGEMEchangeme", - "zone_port": 1247, - "zone_user": "rods" - }, - "service_account_environment": { - "irods_authentication_scheme": "native", - "irods_client_server_negotiation": "request_server_negotiation", - "irods_client_server_policy": "CS_NEG_REQUIRE", - "irods_connection_pool_refresh_time_in_seconds": 300, - "irods_cwd": "/demoZone/home/rods", - "irods_default_hash_scheme": "MD5", - "irods_default_number_of_transfer_threads": 4, - "irods_default_resource": "demoResc", - "irods_encryption_algorithm": "AES-256-CBC", - "irods_encryption_key_size": 32, - "irods_encryption_num_hash_rounds": 16, - "irods_encryption_salt_size": 8, - "irods_home": "/demoZone/home/rods", - "irods_host": "irods", - "irods_match_hash_policy": "compatible", - "irods_maximum_size_for_single_buffer_in_megabytes": 32, - "irods_port": 1247, - "irods_server_control_plane_encryption_algorithm": "AES-256-CBC", - "irods_server_control_plane_encryption_num_hash_rounds": 16, - "irods_server_control_plane_key": "CHANGEMEchangemeCHANGEMEchangeme", - "irods_server_control_plane_port": 1248, - "irods_ssl_certificate_chain_file": "/etc/irods/server.crt", - "irods_ssl_certificate_key_file": "/etc/irods/server.key", - "irods_ssl_dh_params_file": "/etc/irods/dhparams.pem", - "irods_ssl_verify_server": "CHANGEMEchangemeCHANGEMEchangeme", - "irods_transfer_buffer_size_for_parallel_transfer_in_megabytes": 4, - "irods_user_name": "rods", - "irods_zone_name": "demoZone", - "schema_name": "irods_environment", - "schema_version": "v3" - }, - "hosts_config": { - "host_entries": [], - "schema_name": "hosts_config", - "schema_version": "v3" - }, - "host_system_information": { - "service_account_user_name": "irods", - "service_account_group_name": "irods" - }, - "host_access_control_config": { - "schema_name": "host_access_control_config", - "schema_version": "v3", - "access_entries": [] - }, - "plugins": [ - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "passthru" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "univmss" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "unixfilesystem" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "random" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "mockarchive" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "deferred" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "nonblocking" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "replication" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "load_balanced" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "roundrobin" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "structfile" - }, - { - "version": "", - "checksum_sha256": "", - "type": "resource", - "name": "compound" - }, - { - "version": "", - "checksum_sha256": "", - "type": "authentication", - "name": "native_client" - }, - { - "version": "", - "checksum_sha256": "", - "type": "authentication", - "name": "native_server" - }, - { - "version": "", - "checksum_sha256": "", - "type": "authentication", - "name": "pam_server" - }, - { - "version": "", - "checksum_sha256": "", - "type": "authentication", - "name": "osauth_client" - }, - { - "version": "", - "checksum_sha256": "", - "type": "authentication", - "name": "pam_client" - }, - { - "version": "", - "checksum_sha256": "", - "type": "authentication", - "name": "osauth_server" - }, - { - "version": "", - "checksum_sha256": "", - "type": "network", - "name": "ssl_client" - }, - { - "version": "", - "checksum_sha256": "", - "type": "network", - "name": "ssl_server" - }, - { - "version": "", - "checksum_sha256": "", - "type": "network", - "name": "tcp_server" - }, - { - "version": "", - "checksum_sha256": "", - "type": "network", - "name": "tcp_client" - }, - { - "version": "", - "checksum_sha256": "", - "type": "api", - "name": "helloworld_server" - }, - { - "version": "", - "checksum_sha256": "", - "type": "api", - "name": "helloworld_client" - }, - { - "version": "", - "checksum_sha256": "", - "type": "microservice", - "name": "msi_update_unixfilesystem_resource_free_space" - }, - { - "version": "", - "checksum_sha256": "", - "type": "microservice", - "name": "msisync_to_archive" - } - ], - "required": [ - "admin_password", - "host_access_control_config", - "host_system_information", - "hosts_config", - "server_config", - "service_account_environment" - ], - "configuration_directory": { - "path": "/etc/irods", - "files": { - } - } -} diff --git a/docker-compose.override.yml.sssd b/docker-compose.override.yml.sssd new file mode 100644 index 0000000..d1a31a2 --- /dev/null +++ b/docker-compose.override.yml.sssd @@ -0,0 +1,36 @@ +services: + sssd: + image: ghcr.io/bihealth/sssd-docker:${SSSD_VERSION} + restart: unless-stopped + networks: + - sodar + volumes: + - type: bind # SSSD config, copied to /etc/sssd + source: ./config/sssd/sssd.conf + target: /etc/sssd.in/sssd.conf + read_only: true + - type: volume + source: sssd-sockets + target: /var/lib/sss + + irods: + image: ghcr.io/bihealth/irods-docker:${IRODS_VERSION}-sssd + depends_on: + - postgres + - sssd + volumes: + - type: bind # configuration + source: ./config/irods/etc + target: /etc/irods + - type: bind # log files + source: ./volumes/irods/log + target: /var/lib/irods/iRODS/server/log + - type: bind # mass data files + source: ./volumes/irods/vault + target: /var/lib/irods/Vault + - type: volume + source: sssd-sockets + target: /var/lib/sss + +volumes: + sssd-sockets: diff --git a/docker-compose.yml b/docker-compose.yml index 7b9fa41..a08e84f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,62 @@ version: "3.8" +# Define default configuration for SODAR. +x-sodar: &default-sodar + image: bihealth/sodar-server:${SODAR_SERVER_VERSION} + environment: &default-sodar-environment + WAIT_HOSTS: "postgres:5432, redis:6379, irods:1247" + LC_ALL: en_US.UTF-8 + CELERY_BROKER_URL: redis://redis:6379/0 + DATABASE_URL: postgresql://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}/sodar + CONN_MAX_AGE: "0" + PROJECTROLES_SEND_EMAIL: ${SODAR_EMAIL_ENABLED} + EMAIL_SENDER: ${SODAR_EMAIL_SENDER} + EMAIL_SUBJECT_PREFIX: ${SODAR_EMAIL_SUBJECT_PREFIX} + EMAIL_URL: ${SODAR_EMAIL_URL} + DJANGO_ALLOWED_HOSTS: "*" + DJANGO_SECRET_KEY: ${SODAR_DJANGO_SECRET_KEY} + DJANGO_SETTINGS_MODULE: config.settings.production + ENABLED_BACKEND_PLUGINS: timeline_backend,taskflow,omics_irods,sodar_cache,ontologyaccess_backend + PROJECTROLES_ADMIN_OWNER: ${SODAR_ADMIN_OWNER} + PROJECTROLES_DEFAULT_ADMIN: ${SODAR_ADMIN_DEFAULT_ADMIN} + PROJECTROLES_ALLOW_LOCAL_USERS: ${SODAR_ALLOW_LOCAL_USERS} + CELERY_CHDIR: /usr/src/app + CELERY_CREATE_DIRS: "1" + PROJECTROLES_DISABLE_CDN_INCLUDES: "1" + PROJECTROLES_CUSTOM_JS_INCLUDES: /static/local/js/jquery-3.5.1.min.js,/static/local/js/bootstrap.bundle.min.js,/static/local/js/tether.js,/static/local/js/shepherd.min.js,/static/local/js/clipboard.min.js + PROJECTROLES_CUSTOM_CSS_INCLUDES: /static/local/css/font-awesome.min.css,/static/local/css/bootstrap.min.css + CUSTOM_STATIC_DIR: /usr/src/app/static-local + ENABLE_LDAP: ${SODAR_LDAP_ENABLED} + AUTH_LDAP_SERVER_URI: ${SODAR_LDAP_SERVER_URI} + AUTH_LDAP_BIND_PASSWORD: ${SODAR_LDAP_BIND_PASSWORD} + AUTH_LDAP_BIND_DN: ${SODAR_LDAP_BIND_DN} + AUTH_LDAP_USER_SEARCH_BASE: ${SODAR_LDAP_USER_SEARCH_BASE} + AUTH_LDAP_USERNAME_DOMAIN: ${SODAR_LDAP_USERNAME_DOMAIN} + AUTH_LDAP_DOMAIN_PRINTABLE: ${SODAR_LDAP_DOMAIN_PRINTABLE} + ENABLE_LDAP: ${SODAR_LDAP2_ENABLED} + AUTH_LDAP2_SERVER_URI: ${SODAR_LDAP2_SERVER_URI} + AUTH_LDAP2_BIND_PASSWORD: ${SODAR_LDAP2_BIND_PASSWORD} + AUTH_LDAP2_BIND_DN: ${SODAR_LDAP2_BIND_DN} + AUTH_LDAP2_USER_SEARCH_BASE: ${SODAR_LDAP2_USER_SEARCH_BASE} + AUTH_LDAP2_USERNAME_DOMAIN: ${SODAR_LDAP2_USERNAME_DOMAIN} + AUTH_LDAP2_DOMAIN_PRINTABLE: ${SODAR_LDAP2_DOMAIN_PRINTABLE} + IRODS_ENV_PATH: /usr/src/app/staticfiles/irods/irods_server_env.json + IRODSINFO_ENV_PATH: /usr/src/app/staticfiles/irods/irods_client_env.json + IRODS_HOST: irods + IRODS_ZONE: ${IRODS_ZONE_NAME} + IRODS_PORT: "1247" + IRODS_USER: ${IRODS_ADMIN_USERNAME} + IRODS_PASS: ${IRODS_ADMIN_PASSWORD} + IRODS_WEBDAV_ENABLED: ${SODAR_IRODS_WEBDAV_ENABLED} + IRODS_WEBDAV_URL: ${SODAR_IRODS_WEBDAV_URL} + TASKFLOW_BACKEND_HOST: http://sodar-taskflow + TASKFLOW_BACKEND_PORT: "5005" + TASKFLOW_SODAR_SECRET: ${SODAR_TASKFLOW_SECRET} + networks: + - sodar + restart: unless-stopped + + services: traefik: image: traefik:v2.3.1 @@ -27,10 +84,7 @@ services: read_only: true sodar-web: - image: bihealth/sodar-server:${SODAR_SERVER_VERSION} - env_file: - - .env - - env.sodar + <<: *default-sodar networks: - sodar restart: unless-stopped @@ -38,6 +92,7 @@ services: - postgres - redis - sodar-taskflow + - irods labels: - "traefik.enable=true" - "traefik.http.middlewares.xforward.headers.customrequestheaders.X-Forwarded-Proto=https" @@ -48,10 +103,7 @@ services: - "traefik.http.routers.sodar-web.tls=true" sodar-celerybeat: - image: bihealth/sodar-server:${SODAR_SERVER_VERSION} - env_file: - - .env - - env.sodar + <<: *default-sodar command: ["celerybeat"] networks: - sodar @@ -60,14 +112,12 @@ services: restart: unless-stopped sodar-celeryd-default: - image: bihealth/sodar-server:${SODAR_SERVER_VERSION} - env_file: - - .env - - env.sodar + <<: *default-sodar command: ["celeryd"] environment: - - CELERY_QUEUES=default - - CELERY_WORKERS=16 + <<: *default-sodar-environment + CELERY_QUEUES: default + CELERY_WORKERS: 16 depends_on: - sodar-web networks: @@ -76,9 +126,16 @@ services: sodar-taskflow: image: bihealth/sodar-taskflow:${SODAR_TASKFLOW_VERSION} - env_file: - - .env - - env.sodar-taskflow + environment: + SODAR_TASKFLOW_SETTINGS: /usr/src/app/config/production.py + TASKFLOW_IRODS_HOST: irods + TASKFLOW_IRODS_PORT: "1247" + TASKFLOW_IRODS_USER: ${IRODS_ADMIN_USERNAME} + TASKFLOW_IRODS_PASS: ${IRODS_ADMIN_PASSWORD} + TASKFLOW_IRODS_ALLOW_CLEANUP: 0 + TASKFLOW_SODAR_URL: sodar-web:8080 + TASKFLOW_REDIS_URL: redis://redis:6379/2" + TASKFLOW_SODAR_SECRET: ${SODAR_TASKFLOW_SECRET} networks: - sodar restart: unless-stopped @@ -88,9 +145,11 @@ services: postgres: image: postgres:12 - env_file: - - .env - - env.postgres + environment: + POSTGRES_USER: ${POSTGRES_USERNAME} + POSTGRES_USER: ${POSTGRES_USERNAME} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: sodar networks: - sodar restart: unless-stopped @@ -115,6 +174,8 @@ services: sssd: image: ghcr.io/bihealth/sssd-docker:${SSSD_VERSION} restart: unless-stopped + networks: + - sodar volumes: - type: bind # SSSD config, copied to /etc/sssd source: ./config/sssd/sssd.conf @@ -127,27 +188,30 @@ services: irods: image: ghcr.io/bihealth/irods-docker:${IRODS_VERSION} - env_file: - - .env - - env.irods + hostname: irods # iRODS really does not like the hash names + environment: + IRODS_HOST: irods + IRODS_ICAT_DBSERVER: ${POSTGRES_HOST} + IRODS_ICAT_DBUSER: ${POSTGRES_USERNAME} + IRODS_ICAT_DBPASS: ${POSTGRES_PASSWORD} + IRODS_ADMIN_USER: ${IRODS_ADMIN_USERNAME} + IRODS_ADMIN_PASS: ${IRODS_ADMIN_PASSWORD} depends_on: - postgres networks: - sodar restart: unless-stopped + shm_size: '2gb' volumes: - type: bind # configuration source: ./config/irods/etc target: /etc/irods - type: bind # log files source: ./volumes/irods/log - target: /var/lib/irods/iRODS/server/log + target: /var/lib/irods/log - type: bind # mass data files source: ./volumes/irods/vault target: /var/lib/irods/Vault - - type: volume - source: sssd-sockets - target: /var/lib/sss networks: sodar: diff --git a/env.example b/env.example new file mode 100644 index 0000000..a6f9841 --- /dev/null +++ b/env.example @@ -0,0 +1,88 @@ +SODAR_SERVER_VERSION=docker-build-0 +SODAR_TASKFLOW_VERSION=docker-build-0 +SSSD_VERSION=1.16.5-10 +IRODS_VERSION=latest + +# The admin credentials to use. Is setup when container is first taken up. +# CHANGE FOR PRODUCTION: IRODS_ADMIN_PASSWORD +IRODS_ADMIN_USERNAME=rods +IRODS_ADMIN_PASSWORD=rods +# The zone name. +IRODS_ZONE_NAME=demoZone +# Secret keys used by iRODS. CHANGE FOR PRODUCTION. +IRODS_ZONE_KEY=TEMPORARY_zone_key +IRODS_NEGOTIATION_KEY=TEMPORARY_32byte_negotiation_key +IRODS_CONTROLPLANE_KEY=TEMPORARY__32byte_ctrl_plane_key + +# Secret key used for HTTP sessions. CHANGE FOR PRODUCTION. +SODAR_DJANGO_SECRET_KEY=CHANGEMEchangemeCHANGEMEchangemeCHANGEMEchangemeCH + +# Configure admin owner for folders. User must exist. +SODAR_ADMIN_OWNER=root +# Configure default admin. User must exist. +SODAR_ADMIN_DEFAULT_ADMIN=${SODAR_ADMIN_OWNER} + +# Shared secret with SODAR Taskflow. +SODAR_TASKFLOW_SECRET=not-so-important-with-docker + +# Whether local (non-LDAP) users are allowed. +SODAR_ALLOW_LOCAL_USERS=1 + +# Configure default base URL for SODAR API. +SODAR_API_DEFAULT_HOST=https://changeme.example.com + +# Configure UI-related settings. +SODAR_EMAIL_SUBJECT_PREFIX=ACME SODAR +SODAR_SITE_INSTANCE_TITLE=ACME SODAR +SODAR_SITE_SUBTITLE=Beta + +# +# Configure email sending (optional) +# + +SODAR_EMAIL_ENABLED=0 +SODAR_EMAIL_SENDER=sodar@example.com +SODAR_EMAIL_SUBJECT_PREFIX=[SODAR] +SODAR_EMAIL_URL=smtp://mail.example.com + +# +# Configure primary LDAP connection (optional). +# + +SODAR_LDAP_ENABLED=0 +SODAR_LDAP_SERVER_URI= +SODAR_LDAP_BIND_PASSWORD= +SODAR_LDAP_BIND_DN= +SODAR_LDAP_USER_SEARCH_BASE= +SODAR_LDAP_USERNAME_DOMAIN= +SODAR_LDAP_DOMAIN_PRINTABLE= + +# +# Configure secondary LDAP connection (optional; primary required to work). +# + +SODAR_LDAP2_ENABLED=1 +SODAR_LDAP2_SERVER_URI="ldap://141.80.136.108:3268" +SODAR_LDAP2_BIND_PASSWORD="sw!SP7cJyLCT&4nX" +SODAR_LDAP2_BIND_DN="CN=sa-p-bind-bihgitlab,OU=functional_accounts,DC=mdc-berlin,DC=net" +SODAR_LDAP2_USER_SEARCH_BASE="DC=mdc-berlin,DC=net" +SODAR_LDAP2_USERNAME_DOMAIN="MDC-BERLIN" +SODAR_LDAP2_DOMAIN_PRINTABLE="MDC" + +# +# Enable and configure WebDAV support (optional). +# + +SODAR_IRODS_WEBDAV_ENABLED=0 +SODAR_IRODS_WEBDAV_URL= + +# +# Postgres credentials. +# +# Can remain as they are for docker based deployments. +# +POSTGRES_HOST=postgres +POSTGRES_PORT=5432 +POSTGRES_USERNAME=postgres +POSTGRES_PASSWORD=password + diff --git a/env.irods b/env.irods deleted file mode 100644 index 0dec760..0000000 --- a/env.irods +++ /dev/null @@ -1,5 +0,0 @@ -IRODS_ICAT_DBSERVER=${POSTGRES_HOST} -IRODS_ICAT_DBUSER=${POSTGRES_USERNAME} -IRODS_ICAT_DBPASS=${POSTGRES_PASSWORD} -IRODS_ADMIN_USER=${IRODS_ADMIN_USERNAME} -IRODS_ADMIN_PASS=${IRODS_ADMIN_PASSWORD} diff --git a/env.postgres b/env.postgres deleted file mode 100644 index ebf4a94..0000000 --- a/env.postgres +++ /dev/null @@ -1,3 +0,0 @@ -POSTGRES_USER=postgres -POSTGRES_PASSWORD=password -POSTGRES_DB=sodar diff --git a/env.sodar b/env.sodar deleted file mode 100644 index 712dc2c..0000000 --- a/env.sodar +++ /dev/null @@ -1,59 +0,0 @@ -LC_ALL=en_US.UTF-8 - -CELERY_BROKER_URL=redis://redis:6379/0 - -DATABASE_URL=postgresql://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}/sodar -CONN_MAX_AGE=0 - -PROJECTROLES_SEND_EMAIL=${SODAR_EMAIL_ENABLED} -EMAIL_SENDER=${SODAR_EMAIL_SENDER} -EMAIL_SUBJECT_PREFIX=${SODAR_EMAIL_SUBJECT_PREFIX} -EMAIL_URL=${SODAR_EMAIL_URL} - -DJANGO_ALLOWED_HOSTS=* -DJANGO_SECRET_KEY=${SODAR_DJANGO_SECRET_KEY} -DJANGO_SETTINGS_MODULE=config.settings.production - -ENABLED_BACKEND_PLUGINS=timeline_backend,taskflow,omics_irods,sodar_cache,ontologyaccess_backend -PROJECTROLES_ADMIN_OWNER=${SODAR_ADMIN_OWNER} -PROJECTROLES_DEFAULT_ADMIN=${SODAR_ADMIN_DEFAULT_ADMIN} -PROJECTROLES_ALLOW_LOCAL_USERS=${SODAR_ALLOW_LOCAL_USERS} - -CELERY_CHDIR=/usr/src/app -CELERY_CREATE_DIRS=1 - -PROJECTROLES_DISABLE_CDN_INCLUDES=1 -PROJECTROLES_CUSTOM_JS_INCLUDES=/static/local/js/jquery-3.5.1.min.js,/static/local/js/bootstrap.bundle.min.js,/static/local/js/tether.js,/static/local/js/shepherd.min.js,/static/local/js/clipboard.min.js -PROJECTROLES_CUSTOM_CSS_INCLUDES=/static/local/css/font-awesome.min.css,/static/local/css/bootstrap.min.css -CUSTOM_STATIC_DIR=/usr/src/app/static-local - -ENABLE_LDAP=${SODAR_LDAP_ENABLED} -AUTH_LDAP_SERVER_URI=${SODAR_LDAP_SERVER_URI} -AUTH_LDAP_BIND_PASSWORD=${SODAR_LDAP_BIND_PASSWORD} -AUTH_LDAP_BIND_DN=${SODAR_LDAP_BIND_DN} -AUTH_LDAP_USER_SEARCH_BASE=${SODAR_LDAP_USER_SEARCH_BASE} -AUTH_LDAP_USERNAME_DOMAIN=${SODAR_LDAP_USERNAME_DOMAIN} -AUTH_LDAP_DOMAIN_PRINTABLE=${SODAR_LDAP_DOMAIN_PRINTABLE} - -ENABLE_LDAP=${SODAR_LDAP2_ENABLED} -AUTH_LDAP2_SERVER_URI=${SODAR_LDAP2_SERVER_URI} -AUTH_LDAP2_BIND_PASSWORD=${SODAR_LDAP2_BIND_PASSWORD} -AUTH_LDAP2_BIND_DN=${SODAR_LDAP2_BIND_DN} -AUTH_LDAP2_USER_SEARCH_BASE=${SODAR_LDAP2_USER_SEARCH_BASE} -AUTH_LDAP2_USERNAME_DOMAIN=${SODAR_LDAP2_USERNAME_DOMAIN} -AUTH_LDAP2_DOMAIN_PRINTABLE=${SODAR_LDAP2_DOMAIN_PRINTABLE} - -# TODO: change? -IRODS_ENV_PATH=/usr/src/app/staticfiles/irods/irods_server_env.json -# TODO: change? -IRODSINFO_ENV_PATH=/usr/src/app/staticfiles/irods/irods_client_env.json -IRODS_HOST=irods -IRODS_ZONE=${IRODS_ZONE_NAME} -IRODS_PORT=1247 -IRODS_USER=${IRODS_ADMIN_USERNAME} -IRODS_PASS=${IRODS_ADMIN_PASSWORD} -IRODS_WEBDAV_ENABLED=${SODAR_IRODS_WEBDAV_ENABLED} -IRODS_WEBDAV_URL=${SODAR_IRODS_WEBDAV_URL} -TASKFLOW_BACKEND_HOST=http://sodar-taskflow -TASKFLOW_BACKEND_PORT=5005 -TASKFLOW_SODAR_SECRET=${SODAR_TASKFLOW_SECRET} diff --git a/env.sodar-taskflow b/env.sodar-taskflow deleted file mode 100644 index 102a2e0..0000000 --- a/env.sodar-taskflow +++ /dev/null @@ -1,9 +0,0 @@ -SODAR_TASKFLOW_SETTINGS=/usr/src/app/config/production.py -TASKFLOW_IRODS_HOST=irods -TASKFLOW_IRODS_PORT=1247 -TASKFLOW_IRODS_USER=${IRODS_ADMIN_USERNAME} -TASKFLOW_IRODS_PASS=${IRODS_ADMIN_PASSWORD} -TASKFLOW_IRODS_ALLOW_CLEANUP=0 -TASKFLOW_SODAR_URL=sodar-web:8080 -TASKFLOW_REDIS_URL=redis://redis:6379/2" -TASKFLOW_SODAR_SECRET=${SODAR_TASKFLOW_SECRET} diff --git a/env.sodar-taskflow.example b/env.sodar-taskflow.example deleted file mode 100644 index 00bb7b7..0000000 --- a/env.sodar-taskflow.example +++ /dev/null @@ -1,9 +0,0 @@ -SODAR_TASKFLOW_SETTINGS=/usr/src/app/config/production.py -TASKFLOW_IRODS_HOST=irods -TASKFLOW_IRODS_PORT=1247 -TASKFLOW_IRODS_USER=rods -TASKFLOW_IRODS_PASS=rods -TASKFLOW_IRODS_ALLOW_CLEANUP=0 -TASKFLOW_SODAR_URL=sodar:80 -TASKFLOW_REDIS_URL=redis://redis:6379/2" -TASKFLOW_SODAR_SECRET=CHANGEMEchangemeCHANGEMEchangemeCHANGEMEchangemeCH diff --git a/env.sodar.example b/env.sodar.example deleted file mode 100644 index 10775fe..0000000 --- a/env.sodar.example +++ /dev/null @@ -1,43 +0,0 @@ -LC_ALL=en_US.UTF-8 - -CELERY_BROKER_URL=redis://redis:6379/0 - -DATABASE_URL=postgresql://postgres:password@postgres/sodar -CONN_MAX_AGE=0 - -PROJECTROLES_SEND_EMAIL=0 -EMAIL_SENDER=sodar-sender@example.com -EMAIL_SUBJECT_PREFIX=[SODAR] -EMAIL_URL=smtp://smtp.example.com - -DJANGO_ALLOWED_HOSTS=* -DJANGO_SECRET_KEY=CHANGEMEchangemeCHANGEMEchangemeCHANGEMEchangemeCH -DJANGO_SETTINGS_MODULE=config.settings.production - -ENABLED_BACKEND_PLUGINS=timeline_backend,taskflow,omics_irods,sodar_cache,ontologyaccess_backend -PROJECTROLES_ADMIN_OWNER=root -PROJECTROLES_DEFAULT_ADMIN=root -PROJECTROLES_ALLOW_LOCAL_USERS=False - -CELERY_CHDIR=/usr/src/app -CELERY_CREATE_DIRS=1 - -PROJECTROLES_DISABLE_CDN_INCLUDES=1 -PROJECTROLES_CUSTOM_JS_INCLUDES=/static/local/js/jquery-3.5.1.min.js,/static/local/js/bootstrap.bundle.min.js,/static/local/js/tether.js,/static/local/js/shepherd.min.js,/static/local/js/clipboard.min.js -PROJECTROLES_CUSTOM_CSS_INCLUDES=/static/local/css/font-awesome.min.css,/static/local/css/bootstrap.min.css -CUSTOM_STATIC_DIR=/usr/src/app/static-local - -IRODS_ENV_PATH=/usr/src/app/staticfiles/irods/irods_server_env.json -IRODSINFO_ENV_PATH=/usr/src/app/staticfiles/irods/irods_client_env.json -IRODS_HOST=irods.example.com -IRODS_ZONE=exampleZone -IRODS_PORT=1247 -IRODS_USER=rods -IRODS_PASS=rods -IRODS_WEBDAV_ENABLED=True -IRODS_WEBDAV_URL=https://davrods.example.com -SODAR_API_DEFAULT_HOST=https://sodar.bihealth.org -TASKFLOW_SODAR_SECRET=CHANGEMEchangemeCHANGEMEchangemeCHANGEMEchangemeCH -SODAR_EMAIL_SUBJECT_PREFIX=EXAMPLE SODAR -SODAR_SITE_INSTANCE_TITLE=EXAMPLE SODAR -SODAR_SITE_SUBTITLE=Beta diff --git a/init.sh b/init.sh index bcd0df5..4bf0385 100644 --- a/init.sh +++ b/init.sh @@ -1,29 +1,3 @@ #!/bin/bash -mkdir -p volumes/{postgres/data,redis,traefik/letsencrypt} - -mkdir -p volumes/sss/{deskprofile,pipes/private,mc,db,keytabs,gpo_cache,secrets,pubconf/krb5.include.d} - -chown root:root volumes/sss -chown root:root volumes/sss/deskprofile -chown 999:997 volumes/sss/pipes -chown 999:997 volumes/sss/pipes/private -chown 999:997 volumes/sss/mc -chown 999:997 volumes/sss/db -chown 999:997 volumes/sss/keytabs -chown 999:997 volumes/sss/gpo_cache -chown root:root volumes/sss/secrets -chown 999:997 volumes/sss/pubconf -chown 999:997 volumes/sss/pubconf/krb5.include.d - -chmod 755 volumes/sss -chmod 755 volumes/sss/deskprofile -chmod 755 volumes/sss/pipes -chmod 750 volumes/sss/pipes/private -chmod 775 volumes/sss/mc -chmod 700 volumes/sss/db -chmod 700 volumes/sss/keytabs -chmod 755 volumes/sss/gpo_cache -chmod 700 volumes/sss/secrets -chmod 755 volumes/sss/pubconf -chmod 755 volumes/sss/pubconf/krb5.include.d +mkdir -p volumes/{postgres/data,redis/data,traefik/letsencrypt,irods/{log,vault}}