HTTPS SSH

Bioshadock README

Requirements

Packages:

  • Debian: libcurl-dev, gcc, libldap2-dev, openssl, libpython-dev, libffi-dev, libssl-dev
  • CentOs: libcurl-devel, openldap-devel, gcc, openssl, python-devel, libffi-devel, openssl-devel

Other:

mongodb, redis, elasticsearch

Licence

Apache 2.0, see LICENSE.txt or http://www.apache.org/licenses/LICENSE-2.0.txt

HTTPS

server MUST run behind an HTTPS proxy server. Server should also add the header X-FORWARDED-PROTO and set to it to https, both to web interface and registry

References

Docker registry API

Run registry v2

Web proxy needs to add X-FORWARDED-PROTO header to https requests. Need to also setup registry location to match registry v2. Should in fact specify a config.yml as args and mount it in container for prod.

docker run --rm -p 5000:5000 -v /root/certs:/root/certs -v /root/registryv2:/registryv2 -v /root/registry:/registry  -e REGISTRY_AUTH=token -e REGISTRY_AUTH_TOKEN_REALM="https://docker-ui.genouest.org/v2/token/" -e REGISTRY_AUTH_TOKEN_SERVICE="docker-registry.genouest.org" -e REGISTRY_AUTH_TOKEN_ISSUER="docker-ui.genouest.org" -e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/root/certs/wildcard.genouest.org.crt  registry:2 /registryv2/config.yml


python setup.py develop
pserve development.ini (for dev)
gunicorn -D -p bioshadock.pid --log-config=production.ini --paste production.ini  (for prod)

# For background builder
# Can set environ BIOSHADOCK_CONFIG to specify config file (development.ini,
# ...)
python builder.py start

Automatic builds

The builder.py script builds containers. It will import from Dockerfile all labels in the repository objectid

Example:

LABEL ANNOT.Name="blast+" \
  ANNOT.Version="2.2.28" \
  ANNOT.Description="blast is a ...." \
  ANNOT.Homepage="http://bioinf.spbau.ru/en/spades" \
  ANNOT.Reference="['my doi reference']" \
  ANNOT.Vendor="My institute/company" \
  ANNOT.EDAM_Operation="['operation_2520', 'operation_0310']" \
  ANNOT.EDAM_Topic="" \
  ANNOT.Requires="['boost/1_52_0', 'gcc/4.9.0', 'cmake/2.8.12.2']" \
  ANNOT.Provides="['dipspades.py', 'spades.py']"

For automatic tests of the container, one can provide a base64 encoded object in label bioshadock.tests. This object is an array of commands to be executed in the container:

[ 'test.sh -h', 'test.sh -v' ]

During the tests, if container comes from a git repository, the Dockerfile directory will be mounted in /repo container directory. It is also possible to provide a test.yaml file, in the Dockerfile directory, with yaml format:

test:
    commands:
        - test.sh -h
        - test.sh -v

Dev / Debug

Configuration is in config.yaml. development.ini or production.ini must be configured to link config parameter to the config.yaml path.

For development purpose, one can skip https requirements as well as authentication:

# Allow http
export BIOSHADOCK_INSECURE=1
# Bypass password checks
export BIOSHADOCK_AUTH=fake

Registry v1:

docker run --rm -p 5000:5000 -v /root/registry:/registry -e STANDALONE=false -e STORAGE_PATH=/registry -e SEARCH_BACKEND=sqlalchemy -e INDEX_ENDPOINT=https://VM-3135.genouest.org/   registry

SSL Key

ssh-keygen -t ecdsa -b 256

modulus/exponent

openssl x509 -in wildcard.genouest.org.crt -text -noout

convert crt to der

openssl x509 -outform der -in certificate.pem -out certificate.der

SSL INFO

openssl x509 -in GSRootCA-2014.cer -inform PEM -text -noout

Run as a Docker container

docker run -p 443:443 -v path_to_certs:/etc/ssl/certs -v development.ini:/opt/bioshadock/development.ini osallou/bioshadock web|builder

dev: web interface (for devpt) web: web interface (for production) builder: background Docker image builder

Certs should contain bioshadock.crt, bioshadock.key , ...

Client

docker login xx.genouest.org (registry)
# Fill credentials
docker push xx.genouest.org/osallou/testimage

API

API key is available in user page.

get all public containers: /container/all get container tags: /container/tags/id build container from a git repo: /container/git/id?apikey=XX tag a container: /container/tag/*id/tagvalue?apikey=XX

swagger definition in shadock/webapp/app/api/bioshadock.json online: http://www.genouest.org/api/bioshadock-api/

Credits

https://github.com/hectorj2f/codemirror-docker http://commons.wikimedia.org/wiki/File:Shipping_containers_at_Clyde.jpg