Commit bf4930aa authored by sebastien letort's avatar sebastien letort

merge django. Note: the json response get a new key (only for APIJobView, but...

merge django. Note: the json response get a new key (only for APIJobView, but kept all the previous one. So it does not break legacy, but be aware.
parents 3296fea6 52f58ccf
Pipeline #78839 passed with stages
in 2 minutes and 21 seconds
......@@ -14,7 +14,10 @@ bootstrap:
tags:
- allgo
stage: build
script: "./bootstrap"
script:
- rm -f .env
- sudo rm -rf data/*
- ./bootstrap
django_pylint:
stage: test
......
......@@ -4,13 +4,14 @@ ALLGO containers
Overview
--------
A minimal deployment of allgo consists of 4 docker images:
A minimal deployment of allgo consists of 6 docker images:
- **allgo/rails**: the rails application server
- **allgo/mysql**: the mysql database server
- **allgo/redis** : the redis application server
- **allgo/django** : the django application server
- **allgo/mysql** : the mysql database server
- **allgo/controller**: the manager for user docker containers
- **allgo/ssh**: the ssh frontend (giving access to the sandboxes)
- **allgo/toolbox**: an image containing a set of commands (scp, vi, nano,
- **allgo/ssh** : the ssh frontend (giving access to the sandboxes)
- **allgo/toolbox** : an image containing a set of commands (scp, vi, nano,
less, ...) to be mounted in the user sandboxes
These images may be deployed multiple times to implement multiple independent
......@@ -27,7 +28,7 @@ There is an extra image used only in development:
- **allgo/smtpsink**: a SMTP server that catches and stores all incoming messages into a single mailbox
Each environment has its own docker network. The nginx container is connected
to all these networks to that it can connect to the rails servers.
to all these networks.
Conventions
......@@ -37,7 +38,7 @@ All docker images use the following conventions.
### External volumes
They data is stored in:
Their data are stored in:
- `/vol/rw` for persistent data
- `/vol/ro` for persistent data in read-only access
......@@ -77,14 +78,13 @@ It provides 8 containers:
All external volumes are stored in `/data/dev/` (the path is absolute because
it is tricky to use a relative path with the allgo/docker image).
For convenience, all containers not running as root (rails, mysql, registry)
For convenience, all containers not running as root (django, mysql, registry)
have their user overridden to the UID:GID of the developer running
docker-compose. This is managed with the `DOCKERUSER` environment variable set
[in the `.env`
file](https://docs.docker.com/compose/environment-variables/#the-env-file) by
[in the `.env` file](https://docs.docker.com/compose/environment-variables/#the-env-file) by
`prepare.sh`.
For convenience (again), there is an extra external volumes for `dev-rails`,
For convenience (again), there is an extra external volume for `dev-django`,
`dev-controller` and `dev-ssh` so that the source directory of the app is mounted
inside `/opt/` (in fact it overrides the actual application files provided by
the docker image). The purpose is to avoid rebuilding a new docker image for
......@@ -93,16 +93,15 @@ each development iteration.
### Getting started
The sources are located in two repositories:
The sources are located in one repository:
- *rails-allgo*: the rails application repository
- *allgo*: the deployment repository
To set up the development environment, run:
1. get the sources
<pre>
<pre>
git clone git@gitlab.inria.fr:allgo/allgo.git
cd allgo
</pre>
......@@ -110,19 +109,19 @@ To set up the development environment, run:
2. *(as root)* create `/data/dev` and make it owned by the developer
<pre>
sudo mkdir -p /data/dev
sudo chown USER: /data/dev
sudo chown $USER: /data/dev
</pre>
3. bootstrap the environment
<pre>
<pre>
./bootstrap
</pre>
This command will run the `/dk/init_container` in every container that
needs it, then start the container.
The first run takes a very long time because all images are built from
scratch (especially the rails image which builds ruby source).
You have enough time for a coffee break.
The first run takes a few minutes because all images are built from
scratch.
You may have enough time for a short coffee break.
**Note** by default `bootstrap` works on all containers. It is possible
to give an explicit list of containers instead. Example:
......@@ -164,34 +163,34 @@ The official doc for docker-compose is available at: [https://docs.docker.com/co
</pre>
- hard cleanup (remove images too)
<pre>
<pre>
fig down --rmi local
</pre>
- restart a container
<pre>
fig restart dev-rails
fig restart dev-django
</pre>
- restart a container using a new docker image (if the image has been rebuilt since the last start)
<pre>
fig up dev-rails
<pre>
fig up dev-django
</pre>
- rebuild an image
<pre>
fig build dev-railf
<pre>
fig build dev-django
</pre>
- **Note:** most commands work on every container by default (eg: up down
start stop restart ...) they can be use on an individual container too:
<pre>
fig restart dev-controller dev-rails
<pre>
fig restart dev-controller dev-django
</pre>
- run a container with an arbitrary command (eg: to have access to the rails console)
<pre>
fig run --rm dev-rails bash
- run a container with an arbitrary command (eg: to have access to the django console)
<pre>
fig run --rm dev-django bash
</pre>
**Note:** containers created by `fig run` have the same parameters as
......@@ -199,10 +198,10 @@ The official doc for docker-compose is available at: [https://docs.docker.com/co
*allgo_dev-ssh_run_1*), which means that this container is not
reachable by the others (this may be an issue for example if you want
to run the mysqld server manually: `fig run dev-mysql mysqld` -> this
container won't be reachable by the ssh and rails containers)
container won't be reachable by the ssh and django containers)
- follow the output of all containers:
<pre>
<pre>
fig logs --tail=1 --follow
</pre>
......@@ -242,7 +241,7 @@ it as root**, otherwise it will be owned by root and you may have errors like:
If somehow you skipped this step, you can reset the ownership to the current user:
sudo chown USER: /data/dev
sudo chown -R USER: /data/dev/{registry,mysql,rails}
sudo chown -R USER: /data/dev/{registry,mysql,django}
If you are completely lost, you can just restart the initialisation from scratch:
......@@ -282,22 +281,21 @@ Hosts a mysql server listening on port 3306 with two databases: `allgo` and
- `ssh` has read only access to `allgo`
## rails
Hosts four daemons for running allgo:
## django
- the unicorn server (runnning the rails application)
- the sidekiq queue manager
- the redis db server
- a nginx frontend for buffering the HTTP requests/responses
Hosts three daemons for running the allgo web server:
- a nginx frontend for buffering the HTTP requests/responses and routing them
to the other daemons. It also serves static files directly
- the gunicorn server (running the django application)
- the allgo.aio server (serving the asynchronous requests)
This container is managed with supervisor, the `supervisorctl` command allows
starting/stopping the daemons individually.
### Running the rails server manually
### Running the django server manually
TODO ?
- run the `dev-rails` container and open a shell:
[comment]: # ( - run the `dev-rails` container and open a shell:
<pre>
fig up -d
docker exec -t -i dev-rails bash
......@@ -308,7 +306,7 @@ starting/stopping the daemons individually.
supervisorctl stop rails
rails server
</pre>
)
## ssh
......@@ -324,7 +322,7 @@ WEBAPP@sid.allgo.irisa.fr`). Each allgo webapp is mapped to a system user
gid = 65534 (nogroup)
gecos = webapps.name
shell = /bin/allgo-shell
</pre>
</pre>
- The ssh server is configured to accept key-based authentication only. The
list of public keys is obtained from the (using an AuthorizedKeysCommand).
......@@ -333,12 +331,12 @@ WEBAPP@sid.allgo.irisa.fr`). Each allgo webapp is mapped to a system user
- The connection to the sandbox is made though a unix socket and a set of pipes
in the filesystem.
## docker
## controller
Hosts the *docker-allgo-proxy* which manages all docker operations (run, stop,
rm, commit, pull, push, ...) on behalf of the rails container.
Hosts the *docker-controller* which manages all docker operations (run, stop,
rm, commit, pull, push, ...) on behalf of the django container.
Technically speaking this container had root privileges since it has access to
Technically speaking this container has root privileges since it has access to
the docker socket.
The proxy script enforces restrictions (according to the current environment: eg prod/qualif/dev) on:
......@@ -363,3 +361,5 @@ mailbox.
The mailbox is accessible with IMAP as user *sink* (password *sink*).
NOTE: in the development environment, django's default is to dump outgoing
e-mails to the console. Thus this container is only useful in the qualif setup.
......@@ -7,5 +7,5 @@ app_name = 'api'
urlpatterns = [
url(r'^jobs$', views.jobs, name='jobs'),
url(r'^jobs/(?P<pk>\d+)', views.APIJobView.as_view(), name='job'),
url(r'^datastore/(?P<pk>\d+)/(.*)/(.*)', views.APIDownloadView, name='download'),
url(r'^datastore/(?P<pk>\d+)/(.*)/(.*)', views.APIDownloadView.as_view(), name='download'),
]
......@@ -6,6 +6,7 @@ import config.env
from django.core.validators import ValidationError
from django.http import JsonResponse
from django.shortcuts import redirect
from django.urls import reverse
from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from main.helpers import upload_data, get_base_url, lookup_job_file, get_request_user, slurp_job_log
......@@ -22,48 +23,36 @@ def get_link(jobid, dir, filename, request):
return '/'.join((get_base_url(request), "datastore", str(jobid), filename))
def job_response(job, request, completeness=None):
status = {0: 'new',
1: 'waiting',
2: 'running',
3: 'done',
4: 'archived',
5: 'deleted',
6: 'aborting'}
job_dir = job.data_dir
files = {f: get_link(job.id, job_dir, f, request) for f in os.listdir(job_dir)
if lookup_job_file(job.id, f)}
pc_complete = "null"
if completeness is not None:
# the pb here is that the whole log file is loaded
# it would be better to start reading from the end
# but I'm not sure it is possible.
logs = slurp_job_log(job)
pattern = re.compile("^\d*\.*\d+%", re.MULTILINE)
match_pc = None
for match_pc in pattern.finditer(logs):
pass
else: # after the last turn, to get the last match
if match_pc is not None:
pc_complete = match_pc.group()
return {
str(job.id): {
'status': status[job.state],
'files': files,
'complete': pc_complete,
'test_status': job.get_state_display()
},
}
class APIJobView(JobAuthMixin, View):
def get(self, request, pk):
try:
job = Job.objects.get(id=pk)
return JsonResponse(job_response(job, request, completeness=True))
files = {}
for f in os.listdir(job.data_dir):
if lookup_job_file(job.id, f):
files[f] = get_link(job.id, job.data_dir, f, request)
# the pb here is that the whole log file is loaded
# it would be better to start reading from the end
# but I'm not sure it is possible.
logs = slurp_job_log(job)
pc_complete = "null"
pattern = re.compile("^\d*\.*\d+%", re.MULTILINE)
match_pc = None
for match_pc in pattern.finditer(logs):
pass
else: # after the last turn, to get the last match
if match_pc is not None:
pc_complete = match_pc.group()
response = {
job.id: files,
"status": job.get_state_display().lower(),
'complete': pc_complete,
}
return JsonResponse(response)
except Job.DoesNotExist as e:
log.error("Job not found %s", str(e))
return JsonResponse({'error': 'Job not found'}, status=404)
......@@ -85,6 +74,10 @@ def jobs(request):
if not app:
return JsonResponse({'error': 'Application not found'}, status=404)
if app.get_webapp_version() is None:
log.debug('No usable versions')
return JsonResponse({'error': "This app is not yet published"}, status=404)
queue = app.job_queue
if 'job[queue]' in request.POST:
try:
......@@ -94,9 +87,6 @@ def jobs(request):
log.info("Job submit by user %s", user)
job = Job.objects.create(param=request.POST.get('job[param]', ''), queue=queue, webapp=app, user=user)
if app.get_webapp_version() is None:
log.debug('No usable versions')
return JsonResponse({'error': "This app is not yet published"}, status=404)
job.version = app.get_webapp_version().number # TODO: add version selection in the api
upload_data(request.FILES.values(), job)
......@@ -110,7 +100,13 @@ def jobs(request):
job.state = Job.WAITING
job.save()
return JsonResponse(job_response(job, request))
no_domain_url = reverse('api:job', kwargs={'pk':job.id})
response = {
"avg_time": 0, # legacy, not relevant anymore
"id" : job.id,
"url" : request.build_absolute_uri(no_domain_url),
}
return JsonResponse(response)
class APIDownloadView(JobAuthMixin, View):
......
......@@ -97,7 +97,11 @@ class JobAuthMixin(AllgoValidAccountMixin, UserPassesTestMixin):
if user is None:
return False
self.raise_exception = True # to return a 403
job = Job.objects.filter(pk=self.kwargs['pk']).first()
try:
job = Job.objects.get(id=self.kwargs['pk'])
except Job.DoesNotExist:
return False
return user.is_superuser or user == getattr(job, "user", ())
def handle_no_permission(self):
......
......@@ -307,6 +307,15 @@ class Webapp(TimeStampModel):
query = query.filter(number=number)
return query.order_by("-state", "-id").first()
def get_sandbox_state(self):
""""""
for i,s in self.SANDBOX_STATE_CHOICES:
if i == self.sandbox_state:
return i,s
msg = "The current state {} is not defined in the model." \
.format(self.sandbox_state)
raise ValueError(msg)
class WebappParameter(TimeStampModel):
......
......@@ -730,7 +730,7 @@ class WebappSandboxPanel(UserAccessMixin, TemplateView):
messages.success(request, "stopping sandbox %r" % webapp.name)
log.debug("new sandbox state: %r -> %r",
webapp.docker_name, webapp.sandbox_state)
webapp.docker_name, webapp.get_sandbox_state())
# NOTE: we return a 302 redirect to the same page (instead of rendering
# it directly) to force the browser to make a separate GET request.
......
......@@ -79,9 +79,6 @@ Database
integrating the database constraints (that are managed by Ruby on Rails and
not the SGDB).
It has been decided to use the same database for both rails and django but with
a different naming.
At the moment the django docker container take care of the migration by calling
the migration script. The migration process consist of two files located int
`tools` folder:
......@@ -129,7 +126,7 @@ The different configuration file for the docker file such as the nginx
configuration in the `setup/dk` directory. This includes:
- `allgo.conf`: nginx configuration for the django docker
- `container_init`: initialisation of the container (imports the rails database)
- `container_init`: initialisation of the container
- `nginx.patch`: main nginx configuration
- `run-allgo`: bash script creating the necessary directories and running the
different services necessary for the application
......
......@@ -78,6 +78,36 @@ server
try_files $uri/index.html $uri.html $uri @django;
}
location /api/v1
{
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
return 204;
}
add_header Access-Control-Allow-Origin "*";
# proxy_redirect off; # work without it, maybe it's bad to remove it
proxy_pass http://django;
# header set to distinguish between requests going directly from nginx and
# requests going through aio
#
# This is a security feature. Django trusts this value (like the
# X-Forwarded-* headers), do not remove it !
proxy_set_header X-Origin "nginx";
}
location @django
{
proxy_redirect off;
......
......@@ -120,24 +120,6 @@ services:
networks: [dev, sandboxes]
# RAILS
######################################################################################################################
dev-rails:
container_name: dev-rails
build: rails
user: "$DOCKERUSER"
ports:
- "127.0.0.1:3000:8080"
volumes:
- "/data/dev/rails:/vol"
- "./rails:/opt/allgo"
environment:
RAILS_ENV: development
networks: [dev]
tty: true
stdin_open: true
# SMTP
######################################################################################################################
......
{
"directory": "/opt/bower_components"
}
Dockerfile*
.git
.*.swo
.*.swp
.DS_Store
.vagrant
*.rbc
*.sassc
.sass-cache
capybara-*.html
.rspec
.rvmrc
.bundle
vendor/bundle
log
log/*
tmp/
tmp/*
db/*.sqlite3
public/system/*
coverage/
spec/tmp/*
**.orig
rerun.txt
pickle-email-*.html
.project
dump.rdb
app/assets/dockers
app/assets/dockers/*
app/assets/stylesheets/theme/
public/app/*
db/backup/*
public/datastore
.settings/
.vagrant/
deploy/.vagrant/
deploy/atom
deploy/debian-jessie
.keep
*.keep
doing.txt
active_admin.rb.old
vendor/assets/components/*
deploy/nginxconf
public/assets
.*.sw[po]
FROM allgo/base-debian
# configure the node reporisory
# http://linuxbsdos.com/2017/06/26/how-to-install-node-js-lts-on-debian-9-stretch/
RUN apt-getq install curl gnupg ca-certificates &&\
curl -sL https://deb.nodesource.com/setup_8.x | bash -
# install system packages + bower
RUN apt-getq install mariadb-client libmariadb-client-lgpl-dev-compat \
redis-server curl imagemagick git ca-certificates \
gcc g++ make libc6-dev file libffi-dev libgdbm-dev libgmp-dev \
libncurses5-dev libncursesw5-dev libreadline6-dev libssl-dev \
libyaml-dev openssl procps systemtap-sdt-dev zlib1g-dev \