Commit 979954ef authored by CAMPION Sebastien's avatar CAMPION Sebastien

Merge branch 'django' of gitlab.inria.fr:allgo/allgo into django

parents b8397d81 cb875ab4
Pipeline #89691 failed with stages
in 3 minutes and 1 second
......@@ -11,3 +11,4 @@ __pycache__
.coverage
/controller/htmlcov
/.env
metrics/*.stats
image: docker:latest
variables:
DOCKER_DRIVER: overlay2
stages:
- build
- test
- cleanning
before_script:
- docker info
- docker-compose --version
- pwd
# ---------------------------
bootstrap:
tags:
- allgo
stage: build
script:
- docker info
- apk update
- apk upgrade
- apk add python python-dev py-pip build-base bash openssl python3
- pip install docker-compose
- mkdir -p /data/dev
- rm -Rf /data/dev/*
- /bin/bash bootstrap dev-mysql dev-controller dev-ssh dev-django dev-nginx dev-smtpsink dev-registry
- rm -f .env
- sudo rm -rf data/*
- ./bootstrap
django_pylint:
stage: test
# only:
# - /django/
script:
- echo $PYLINTHOME
- docker exec -i dev-django pylint3 --rcfile=.pylintrc allgo
allow_failure: true
#~ django_test:
#~ stage: test
#~ # only:
#~ # - /django/
#~ script:
#~ - docker exec -i dev-django python3 manage.py test
nettoyage:
stage: cleanning
when: always
script:
- sudo rm -rf data/*
......@@ -4,13 +4,14 @@ ALLGO containers
Overview
--------
A minimal deployment of allgo consists of 4 docker images:
A minimal deployment of allgo consists of 6 docker images:
- **allgo/rails**: the rails application server
- **allgo/mysql**: the mysql database server
- **allgo/redis** : the redis application server
- **allgo/django** : the django application server
- **allgo/mysql** : the mysql database server
- **allgo/controller**: the manager for user docker containers
- **allgo/ssh**: the ssh frontend (giving access to the sandboxes)
- **allgo/toolbox**: an image containing a set of commands (scp, vi, nano,
- **allgo/ssh** : the ssh frontend (giving access to the sandboxes)
- **allgo/toolbox** : an image containing a set of commands (scp, vi, nano,
less, ...) to be mounted in the user sandboxes
These images may be deployed multiple times to implement multiple independent
......@@ -27,7 +28,7 @@ There is an extra image used only in development:
- **allgo/smtpsink**: a SMTP server that catches and stores all incoming messages into a single mailbox
Each environment has its own docker network. The nginx container is connected
to all these networks to that it can connect to the rails servers.
to all these networks.
License
......@@ -44,7 +45,7 @@ All docker images use the following conventions.
### External volumes
They data is stored in:
Their data are stored in:
- `/vol/rw` for persistent data
- `/vol/ro` for persistent data in read-only access
......@@ -84,14 +85,13 @@ It provides 8 containers:
All external volumes are stored in `/data/dev/` (the path is absolute because
it is tricky to use a relative path with the allgo/docker image).
For convenience, all containers not running as root (rails, mysql, registry)
For convenience, all containers not running as root (django, mysql, registry)
have their user overridden to the UID:GID of the developer running
docker-compose. This is managed with the `DOCKERUSER` environment variable set
[in the `.env`
file](https://docs.docker.com/compose/environment-variables/#the-env-file) by
[in the `.env` file](https://docs.docker.com/compose/environment-variables/#the-env-file) by
`prepare.sh`.
For convenience (again), there is an extra external volumes for `dev-rails`,
For convenience (again), there is an extra external volume for `dev-django`,
`dev-controller` and `dev-ssh` so that the source directory of the app is mounted
inside `/opt/` (in fact it overrides the actual application files provided by
the docker image). The purpose is to avoid rebuilding a new docker image for
......@@ -100,16 +100,15 @@ each development iteration.
### Getting started
The sources are located in two repositories:
The sources are located in one repository:
- *rails-allgo*: the rails application repository
- *allgo*: the deployment repository
To set up the development environment, run:
1. get the sources
<pre>
<pre>
git clone git@gitlab.inria.fr:allgo/allgo.git
cd allgo
</pre>
......@@ -117,19 +116,19 @@ To set up the development environment, run:
2. *(as root)* create `/data/dev` and make it owned by the developer
<pre>
sudo mkdir -p /data/dev
sudo chown USER: /data/dev
sudo chown $USER: /data/dev
</pre>
3. bootstrap the environment
<pre>
<pre>
./bootstrap
</pre>
This command will run the `/dk/init_container` in every container that
needs it, then start the container.
The first run takes a very long time because all images are built from
scratch (especially the rails image which builds ruby source).
You have enough time for a coffee break.
The first run takes a few minutes because all images are built from
scratch.
You may have enough time for a short coffee break.
**Note** by default `bootstrap` works on all containers. It is possible
to give an explicit list of containers instead. Example:
......@@ -171,34 +170,34 @@ The official doc for docker-compose is available at: [https://docs.docker.com/co
</pre>
- hard cleanup (remove images too)
<pre>
<pre>
fig down --rmi local
</pre>
- restart a container
<pre>
fig restart dev-rails
fig restart dev-django
</pre>
- restart a container using a new docker image (if the image has been rebuilt since the last start)
<pre>
fig up dev-rails
<pre>
fig up dev-django
</pre>
- rebuild an image
<pre>
fig build dev-railf
<pre>
fig build dev-django
</pre>
- **Note:** most commands work on every container by default (eg: up down
start stop restart ...) they can be use on an individual container too:
<pre>
fig restart dev-controller dev-rails
<pre>
fig restart dev-controller dev-django
</pre>
- run a container with an arbitrary command (eg: to have access to the rails console)
<pre>
fig run --rm dev-rails bash
- run a container with an arbitrary command (eg: to have access to the django console)
<pre>
fig run --rm dev-django bash
</pre>
**Note:** containers created by `fig run` have the same parameters as
......@@ -206,10 +205,10 @@ The official doc for docker-compose is available at: [https://docs.docker.com/co
*allgo_dev-ssh_run_1*), which means that this container is not
reachable by the others (this may be an issue for example if you want
to run the mysqld server manually: `fig run dev-mysql mysqld` -> this
container won't be reachable by the ssh and rails containers)
container won't be reachable by the ssh and django containers)
- follow the output of all containers:
<pre>
<pre>
fig logs --tail=1 --follow
</pre>
......@@ -249,7 +248,7 @@ it as root**, otherwise it will be owned by root and you may have errors like:
If somehow you skipped this step, you can reset the ownership to the current user:
sudo chown USER: /data/dev
sudo chown -R USER: /data/dev/{registry,mysql,rails}
sudo chown -R USER: /data/dev/{registry,mysql,django}
If you are completely lost, you can just restart the initialisation from scratch:
......@@ -289,22 +288,21 @@ Hosts a mysql server listening on port 3306 with two databases: `allgo` and
- `ssh` has read only access to `allgo`
## rails
Hosts four daemons for running allgo:
## django
- the unicorn server (runnning the rails application)
- the sidekiq queue manager
- the redis db server
- a nginx frontend for buffering the HTTP requests/responses
Hosts three daemons for running the allgo web server:
- a nginx frontend for buffering the HTTP requests/responses and routing them
to the other daemons. It also serves static files directly
- the gunicorn server (running the django application)
- the allgo.aio server (serving the asynchronous requests)
This container is managed with supervisor, the `supervisorctl` command allows
starting/stopping the daemons individually.
### Running the rails server manually
### Running the django server manually
TODO ?
- run the `dev-rails` container and open a shell:
[comment]: # ( - run the `dev-rails` container and open a shell:
<pre>
fig up -d
docker exec -t -i dev-rails bash
......@@ -315,7 +313,7 @@ starting/stopping the daemons individually.
supervisorctl stop rails
rails server
</pre>
)
## ssh
......@@ -331,7 +329,7 @@ WEBAPP@sid.allgo.irisa.fr`). Each allgo webapp is mapped to a system user
gid = 65534 (nogroup)
gecos = webapps.name
shell = /bin/allgo-shell
</pre>
</pre>
- The ssh server is configured to accept key-based authentication only. The
list of public keys is obtained from the (using an AuthorizedKeysCommand).
......@@ -340,12 +338,12 @@ WEBAPP@sid.allgo.irisa.fr`). Each allgo webapp is mapped to a system user
- The connection to the sandbox is made though a unix socket and a set of pipes
in the filesystem.
## docker
## controller
Hosts the *docker-allgo-proxy* which manages all docker operations (run, stop,
rm, commit, pull, push, ...) on behalf of the rails container.
Hosts the *docker-controller* which manages all docker operations (run, stop,
rm, commit, pull, push, ...) on behalf of the django container.
Technically speaking this container had root privileges since it has access to
Technically speaking this container has root privileges since it has access to
the docker socket.
The proxy script enforces restrictions (according to the current environment: eg prod/qualif/dev) on:
......@@ -370,3 +368,5 @@ mailbox.
The mailbox is accessible with IMAP as user *sink* (password *sink*).
NOTE: in the development environment, django's default is to dump outgoing
e-mails to the console. Thus this container is only useful in the qualif setup.
#!/bin/bash
CONTAINERS="dev-redis dev-mysql dev-controller dev-ssh dev-django dev-smtpsink dev-registry dev-nginx"
CONTAINERS="dev-redis dev-mysql dev-controller dev-ssh dev-django dev-smtpsink dev-registry dev-nginx dev-toolbox"
die()
......
......@@ -29,4 +29,7 @@ ENV ENV="" \
ALLGO_REDIS_HOST="{ENV}-redis" \
ALLGO_IMPORT_REGISTRY="cargo.irisa.fr:8003/allgo/prod/webapp"
# to prevent __pycache__generation, which is owned by root.
ENV PYTHONDONTWRITEBYTECODE 1
LABEL dk.migrate_always=1
[MASTER]
# Specify a configuration file.
#rcfile=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Add files or directories to the blacklist. They should be base names, not
# paths.
ignore=CVS,migrations,south_migrations
# Add files or directories matching the regex patterns to the blacklist. The
# regex matches against base names, not paths.
ignore-patterns=
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=pylint_django
# Use multiple processes to speed up Pylint.
jobs=1
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=
# Allow optimization of some AST trees. This will activate a peephole AST
# optimizer, which will apply various small optimizations. For instance, it can
# be used to obtain the result of joining multiple strings with the addition
# operator. Joining a lot of strings can lead to a maximum recursion error in
# Pylint and this flag can prevent that. It has one side effect, the resulting
# AST will be different than the one from reality. This option is deprecated
# and it will be removed in Pylint 2.0.
optimize-ast=no
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
confidence=
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
#enable=
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
# --disable=W"
disable=old-ne-operator,coerce-method,metaclass-assignment,setslice-method,execfile-builtin,oct-method,buffer-builtin,file-builtin,input-builtin,getslice-method,backtick,basestring-builtin,xrange-builtin,dict-view-method,old-octal-literal,parameter-unpacking,coerce-builtin,suppressed-message,apply-builtin,import-star-module-level,raw_input-builtin,standarderror-builtin,cmp-builtin,reduce-builtin,dict-iter-method,next-method-called,zip-builtin-not-iterating,useless-suppression,reload-builtin,using-cmp-argument,old-raise-syntax,no-absolute-import,raising-string,nonzero-method,old-division,long-suffix,map-builtin-not-iterating,long-builtin,round-builtin,delslice-method,cmp-method,filter-builtin-not-iterating,print-statement,unicode-builtin,intern-builtin,unichr-builtin,range-builtin-not-iterating,unpacking-in-except,indexing-exception,hex-method
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html. You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
output-format=text
# Put messages in a separate file for each module / package specified on the
# command line instead of printing them on stdout. Reports (if any) will be
# written in a file name "pylint_global.[txt|html]". This option is deprecated
# and it will be removed in Pylint 2.0.
files-output=no
# Tells whether to display a full report or only the messages
reports=yes
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
#msg-template=
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[SPELLING]
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=no
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=100
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
# List of optional constructs for which whitespace checking is disabled. `dict-
# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}.
# `trailing-comma` allows a space between comma and closing bracket: (a, ).
# `empty-line` allows space-only lines.
no-space-check=trailing-comma,dict-separator
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1