Dockerize CKAN (without DataPusher so far)
This commit is contained in:
parent
678f91b555
commit
fa13411d57
112
ckan.sh
112
ckan.sh
@ -1,104 +1,54 @@
|
||||
#!/bin/bash
|
||||
|
||||
SOURCE_DIR=$(realpath $(dirname "${0}"))/ckan
|
||||
# Requires: Postgres, Redis, Solr, CKAN-Datapusher
|
||||
|
||||
# Install dependencies for CKAN
|
||||
apt-get -y --no-install-recommends install gcc libpq-dev python-dev python-virtualenv redis-server virtualenv
|
||||
|
||||
# Install dependencies for Solr
|
||||
apt-get -y --no-install-recommends install openjdk-8-jre-headless lsof
|
||||
|
||||
# Install CKAN python virtual environment
|
||||
mkdir -p /srv/ckan
|
||||
virtualenv --no-site-packages --python=/usr/bin/python2.7 /srv/ckan
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/ckan/ckan.git#egg=ckan'
|
||||
/srv/ckan/bin/pip install -r /srv/ckan/src/ckan/requirements.txt
|
||||
|
||||
# Install Datapusher python virtual environment
|
||||
mkdir -p /srv/ckan-datapusher
|
||||
virtualenv --no-site-packages --python=/usr/bin/python2.7 /srv/ckan-datapusher
|
||||
/srv/ckan-datapusher/bin/pip install -e 'git+https://github.com/ckan/datapusher.git#egg=datapusher'
|
||||
/srv/ckan-datapusher/bin/pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt
|
||||
|
||||
# Patch service provider TLS verification for Datapusher
|
||||
# https://github.com/ckan/ckan-service-provider/issues/36
|
||||
patch -d /srv/ckan-datapusher -p0 <${SOURCE_DIR}/ckan-serviceprovider-sslverify.patch
|
||||
|
||||
# Install CKAN extensions
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/ckan/ckanext-basiccharts#egg=ckanext_basiccharts'
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/ckan/ckanext-spatial#egg=ckanext_spatial'
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/ckan/ckanext-geoview#egg=ckanext_geoview'
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/ckan/ckanext-mapviews#egg=ckanext_mapviews'
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/ckan/ckanext-pages#egg=ckanext_pages'
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/XVTSolutions/ckanext-spatialUI#egg=ckanext_spatialui'
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/aptivate/ckanext-datasetthumbnail#egg=ckanext_datasetthumbnail'
|
||||
/srv/ckan/bin/pip install -e 'git+https://github.com/datagvat/ckanext-dgvat_xls#egg=ckanext_dgvat_xls'
|
||||
/srv/ckan/bin/pip install -r /srv/ckan/src/ckanext-spatial/pip-requirements.txt
|
||||
/srv/ckan/bin/pip install -r /srv/ckan/src/ckanext-datasetthumbnail/requirements.txt
|
||||
/srv/ckan/bin/pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt
|
||||
|
||||
# Download Solr
|
||||
wget http://archive.apache.org/dist/lucene/solr/6.5.1/solr-6.5.1.tgz -O /tmp/solr-6.5.1.tgz
|
||||
tar xzf /tmp/solr-6.5.1.tgz -C /opt/
|
||||
mv /opt/solr-6.5.1 /opt/solr
|
||||
rm -f /tmp/solr-6.5.1.tgz
|
||||
|
||||
# Create Solr OS user
|
||||
adduser --system --group --home /var/lib/solr --shell /bin/false solr
|
||||
chown -R solr:solr /opt/solr/
|
||||
|
||||
# Configure Solr
|
||||
cp ${SOURCE_DIR}/lib/systemd/system/solr.service /lib/systemd/system/solr.service
|
||||
cp -p /opt/solr/server/solr/solr.xml /var/lib/solr/
|
||||
systemctl daemon-reload
|
||||
systemctl enable solr
|
||||
systemctl start solr
|
||||
sleep 5
|
||||
|
||||
# Configure CKAN Solr core
|
||||
sudo -u solr /opt/solr/bin/solr create -c ckan
|
||||
cp ${SOURCE_DIR}/var/lib/solr/ckan/conf/solrconfig.xml /var/lib/solr/ckan/conf/solrconfig.xml
|
||||
ln -s /srv/ckan/src/ckan/ckan/config/solr/schema.xml /var/lib/solr/ckan/conf/schema.xml
|
||||
systemctl restart solr
|
||||
# Build Docker container
|
||||
docker build -t ckan ${SOURCE_DIR}
|
||||
|
||||
# Create database
|
||||
export CKAN_PWD=$(head -c 18 /dev/urandom | base64)
|
||||
export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64)
|
||||
envsubst <${SOURCE_DIR}/tmp/ckan-createdb.sql >/tmp/ckan-createdb.sql
|
||||
sudo -u postgres psql -f /tmp/ckan-createdb.sql
|
||||
rm -f /tmp/ckan-createdb.sql
|
||||
envsubst <${SOURCE_DIR}/createdb.sql | docker exec -i postgres psql
|
||||
|
||||
# Configure CKAN Solr core
|
||||
docker exec solr solr create -c ckan
|
||||
cp ${SOURCE_DIR}/srv/solr/data/ckan/conf/schema.xml /srv/solr/data/ckan/conf/schema.xml
|
||||
cp ${SOURCE_DIR}/srv/solr/data/ckan/conf/solrconfig.xml /srv/solr/data/ckan/conf/solrconfig.xml
|
||||
chown 8983:8983 /srv/solr/data/ckan/conf/schema.xml
|
||||
systemctl restart solr
|
||||
|
||||
# Configure CKAN
|
||||
export CKAN_SECRET=$(head -c 18 /dev/urandom | base64)
|
||||
export CKAN_UUID=$(python -c "import uuid; print uuid.uuid4()")
|
||||
mkdir /etc/ckan
|
||||
envsubst <${SOURCE_DIR}/etc/ckan/ckan.ini >/etc/ckan/ckan.ini
|
||||
cp ${SOURCE_DIR}/etc/ckan/datapusher.wsgi /etc/ckan/datapusher.wsgi
|
||||
cp ${SOURCE_DIR}/etc/ckan/datapusher_settings.py /etc/ckan/datapusher_settings.py
|
||||
ln -s /srv/ckan/src/ckan/ckan/config/who.ini /etc/ckan/who.ini
|
||||
export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid)
|
||||
mkdir -p /srv/ckan/{conf,data}
|
||||
envsubst <${SOURCE_DIR}/srv/ckan/conf/ckan.ini >/srv/ckan/conf/ckan.ini
|
||||
cp ${SOURCE_DIR}/srv/ckan/conf/who.ini /srv/ckan/conf/who.ini
|
||||
chown -R 8003:8003 /srv/ckan/data
|
||||
cp ${SOURCE_DIR}/srv/ckan/update-ip.sh /srv/ckan/update-ip.sh
|
||||
/srv/ckan/update-ip.sh
|
||||
|
||||
# Populate database
|
||||
/srv/ckan/bin/paster --plugin=ckan db init -c /etc/ckan/ckan.ini
|
||||
/srv/ckan/bin/paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
|
||||
/srv/ckan/bin/paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | sudo -u postgres psql
|
||||
|
||||
# Create CKAN OS user
|
||||
adduser --system --group --home /srv/ckan --shell /bin/false ckan
|
||||
chown -R ckan:ckan /srv/ckan/
|
||||
chown -R ckan:ckan /srv/ckan-datapusher/
|
||||
docker run --rm --link=postgres --link=redis --link=solr -v /srv/ckan/conf:/etc/ckan -v /srv/ckan/data:/srv/ckan/storage ckan paster --plugin=ckan db init -c /etc/ckan/ckan.ini
|
||||
docker run --rm --link=postgres --link=redis --link=solr -v /srv/ckan/conf:/etc/ckan -v /srv/ckan/data:/srv/ckan/storage ckan paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
|
||||
docker run --rm --link=postgres --link=redis --link=solr -v /srv/ckan/conf:/etc/ckan -v /srv/ckan/data:/srv/ckan/storage ckan paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | docker exec -i postgres psql
|
||||
|
||||
# Create admin account
|
||||
export CKAN_ADMIN_USER="admin"
|
||||
export CKAN_ADMIN_UUID=$(python -c "import uuid; print uuid.uuid4()")
|
||||
export CKAN_ADMIN_APIKEY=$(python -c "import uuid; print uuid.uuid4()")
|
||||
export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid)
|
||||
export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid)
|
||||
export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
|
||||
export CKAN_ADMIN_HASH=$(/srv/ckan/bin/python ${SOURCE_DIR}/ckan-adminpwd.py ${CKAN_ADMIN_PWD})
|
||||
export CKAN_ADMIN_HASH=$(docker run --rm ckan python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
|
||||
export CKAN_ADMIN_EMAIL="admin@example.com"
|
||||
envsubst <${SOURCE_DIR}/tmp/ckan-adminpwd.sql >/tmp/ckan-adminpwd.sql
|
||||
sudo -u postgres psql -f /tmp/ckan-adminpwd.sql ckan
|
||||
rm /tmp/ckan-adminpwd.sql
|
||||
envsubst <${SOURCE_DIR}/adminpwd.sql | docker exec -i postgres psql ckan
|
||||
|
||||
# Configure CKAN service
|
||||
cp ${SOURCE_DIR}/lib/systemd/system/ckan.service /lib/systemd/system/ckan.service
|
||||
systemctl daemon-reload
|
||||
systemctl enable ckan
|
||||
systemctl start ckan
|
||||
|
||||
|
||||
|
||||
# Create uwsgi and nginx app definition
|
||||
cp ${SOURCE_DIR}/etc/uwsgi/apps-available/ckan.ini /etc/uwsgi/apps-available/ckan.ini
|
||||
|
38
ckan/Dockerfile
Normal file
38
ckan/Dockerfile
Normal file
@ -0,0 +1,38 @@
|
||||
FROM alpine:3.7
|
||||
MAINTAINER Disassembler <disassembler@dasm.cz>
|
||||
|
||||
RUN apk --no-cache add python2
|
||||
|
||||
RUN apk --no-cache add libjpeg-turbo libmagic libpq libxml2 libxslt py2-pip zlib \
|
||||
&& apk --no-cache add --virtual .deps git build-base libjpeg-turbo-dev libxml2-dev libxslt-dev postgresql-dev python2-dev zlib-dev \
|
||||
&& echo 'http://repository.fit.cvut.cz/mirrors/alpine/edge/testing' >>/etc/apk/repositories \
|
||||
&& apk --no-cache add geos \
|
||||
&& ln -s /lib/ld-musl-x86_64.so.1 /lib/libc.so.1 \
|
||||
&& mkdir -p /srv/ckan \
|
||||
&& cd /srv/ckan \
|
||||
&& pip install setuptools==36.1 \
|
||||
&& pip install -e 'git+https://github.com/ckan/ckan.git#egg=ckan' \
|
||||
&& sed -i 's/psycopg2==2.4.5/psycopg2==2.7.1/' /srv/ckan/src/ckan/requirements.txt \
|
||||
&& pip install -r /srv/ckan/src/ckan/requirements.txt \
|
||||
&& pip install -e 'git+https://github.com/ckan/ckanext-basiccharts#egg=ckanext_basiccharts' \
|
||||
&& pip install -e 'git+https://github.com/ckan/ckanext-spatial#egg=ckanext_spatial' \
|
||||
&& pip install -e 'git+https://github.com/ckan/ckanext-geoview#egg=ckanext_geoview' \
|
||||
&& pip install -e 'git+https://github.com/ckan/ckanext-mapviews#egg=ckanext_mapviews' \
|
||||
&& pip install -e 'git+https://github.com/ckan/ckanext-pages#egg=ckanext_pages' \
|
||||
&& pip install -e 'git+https://github.com/XVTSolutions/ckanext-spatialUI#egg=ckanext_spatialui' \
|
||||
&& pip install -e 'git+https://github.com/aptivate/ckanext-datasetthumbnail#egg=ckanext_datasetthumbnail' \
|
||||
&& pip install -e 'git+https://github.com/datagvat/ckanext-dgvat_xls#egg=ckanext_dgvat_xls' \
|
||||
&& pip install -r /srv/ckan/src/ckanext-spatial/pip-requirements.txt \
|
||||
&& pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt \
|
||||
&& addgroup -S -g 8003 ckan \
|
||||
&& adduser -S -u 8003 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan \
|
||||
&& chown -R ckan:ckan /srv/ckan \
|
||||
&& apk del .deps \
|
||||
&& find /srv/ckan/src -name '.git*' -exec rm -rf {} + \
|
||||
&& rm -rf /root/* || true
|
||||
|
||||
VOLUME ["/etc/ckan", "/srv/ckan/storage"]
|
||||
EXPOSE 8003
|
||||
|
||||
USER ckan
|
||||
CMD ["paster", "serve", "/etc/ckan/ckan.ini"]
|
@ -1,6 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import sys
|
||||
from passlib.hash import pbkdf2_sha512
|
||||
|
||||
print pbkdf2_sha512.encrypt(sys.argv[1])
|
@ -11,14 +11,6 @@ GRANT CONNECT, CREATE, TEMPORARY ON DATABASE ckan_datastore TO ckan;
|
||||
ALTER DATABASE ckan_datastore OWNER TO ckan_datastore;
|
||||
|
||||
\c ckan
|
||||
CREATE TEXT SEARCH DICTIONARY cspell (template=ispell, dictfile = czech, afffile=czech, stopwords=czech);
|
||||
CREATE TEXT SEARCH CONFIGURATION czech (copy=english);
|
||||
ALTER TEXT SEARCH CONFIGURATION czech ALTER MAPPING FOR word, asciiword WITH cspell, simple;
|
||||
CREATE EXTENSION postgis;
|
||||
GRANT ALL ON geometry_columns TO ckan;
|
||||
GRANT ALL ON spatial_ref_sys TO ckan;
|
||||
|
||||
\c ckan_datastore
|
||||
CREATE TEXT SEARCH DICTIONARY cspell (template=ispell, dictfile = czech, afffile=czech, stopwords=czech);
|
||||
CREATE TEXT SEARCH CONFIGURATION czech (copy=english);
|
||||
ALTER TEXT SEARCH CONFIGURATION czech ALTER MAPPING FOR word, asciiword WITH cspell, simple;
|
@ -1,12 +0,0 @@
|
||||
[uwsgi]
|
||||
uid = ckan
|
||||
gid = ckan
|
||||
chown-socket = www-data:www-data
|
||||
chdir = /srv/ckan
|
||||
home = /srv/ckan
|
||||
master = false
|
||||
workers = 1
|
||||
exec-asap = /srv/ckan/update-ip.sh
|
||||
disable-logging = true
|
||||
ini-paste = /etc/ckan/ckan.ini
|
||||
enable-threads = true
|
11
ckan/lib/systemd/system/ckan.service
Normal file
11
ckan/lib/systemd/system/ckan.service
Normal file
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=CKAN Docker container
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/docker run --rm --name ckan --link=postgres --link=redis --link=solr -v /srv/ckan/conf:/etc/ckan -v /srv/ckan/data:/srv/ckan/storage ckan
|
||||
ExecStop=/usr/bin/docker stop ckan
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,11 +0,0 @@
|
||||
[Unit]
|
||||
Description=Apache Solr
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/opt/solr/bin/solr start -f -p 8983 -s /var/lib/solr
|
||||
ExecStop=/opt/solr/bin/solr stop -p 8983
|
||||
User=solr
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -45,13 +45,13 @@ who.log_file = %(cache_dir)s/who_log.ini
|
||||
# who.timeout = 86400
|
||||
|
||||
## Database Settings
|
||||
sqlalchemy.url = postgresql://ckan:${CKAN_PWD}@localhost/ckan
|
||||
sqlalchemy.url = postgresql://ckan:${CKAN_PWD}@postgres/ckan
|
||||
|
||||
ckan.datastore.write_url = postgresql://ckan:${CKAN_PWD}@localhost/ckan_datastore
|
||||
ckan.datastore.read_url = postgresql://ckan_datastore:${CKAN_DS_PWD}@localhost/ckan_datastore
|
||||
ckan.datastore.write_url = postgresql://ckan:${CKAN_PWD}@postgres/ckan_datastore
|
||||
ckan.datastore.read_url = postgresql://ckan_datastore:${CKAN_DS_PWD}@postgres/ckan_datastore
|
||||
|
||||
# PostgreSQL' full-text search parameters
|
||||
ckan.datastore.default_fts_lang = czech
|
||||
ckan.datastore.default_fts_lang = english
|
||||
ckan.datastore.default_fts_index_method = gist
|
||||
|
||||
## Site Settings
|
||||
@ -76,13 +76,13 @@ ckan.auth.roles_that_cascade_to_sub_groups = admin
|
||||
## Search Settings
|
||||
|
||||
ckan.site_id = default
|
||||
solr_url = http://127.0.0.1:8983/solr/ckan
|
||||
solr_url = http://solr:8983/solr/ckan
|
||||
|
||||
|
||||
## Redis Settings
|
||||
|
||||
# URL to your Redis instance, including the database to be used.
|
||||
ckan.redis.url = redis://127.0.0.1:6379/0
|
||||
ckan.redis.url = redis://redis:6379/0
|
||||
|
||||
|
||||
## CORS Settings
|
||||
@ -177,7 +177,7 @@ ckan.max_image_size = 10
|
||||
# Make sure you have set up the DataStore
|
||||
|
||||
ckan.datapusher.formats = csv xls xlsx tsv application/csv application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
||||
ckan.datapusher.url = http://127.0.0.1:8098/
|
||||
ckan.datapusher.url = http://ckan-datapusher:8004/
|
||||
#ckan.datapusher.assume_task_stale_after = 3600
|
||||
|
||||
# Resource Proxy settings
|
37
ckan/srv/ckan/conf/who.ini
Normal file
37
ckan/srv/ckan/conf/who.ini
Normal file
@ -0,0 +1,37 @@
|
||||
[plugin:auth_tkt]
|
||||
use = ckan.lib.auth_tkt:make_plugin
|
||||
# If no secret key is defined here, beaker.session.secret will be used
|
||||
#secret = somesecret
|
||||
|
||||
[plugin:friendlyform]
|
||||
use = repoze.who.plugins.friendlyform:FriendlyFormPlugin
|
||||
login_form_url= /user/login
|
||||
login_handler_path = /login_generic
|
||||
logout_handler_path = /user/logout
|
||||
rememberer_name = auth_tkt
|
||||
post_login_url = /user/logged_in
|
||||
post_logout_url = /user/logged_out
|
||||
charset = utf-8
|
||||
|
||||
#[plugin:basicauth]
|
||||
#use = repoze.who.plugins.basicauth:make_plugin
|
||||
#realm = 'CKAN'
|
||||
|
||||
[general]
|
||||
request_classifier = repoze.who.classifiers:default_request_classifier
|
||||
challenge_decider = repoze.who.classifiers:default_challenge_decider
|
||||
|
||||
[identifiers]
|
||||
plugins =
|
||||
friendlyform;browser
|
||||
auth_tkt
|
||||
|
||||
[authenticators]
|
||||
plugins =
|
||||
auth_tkt
|
||||
ckan.lib.authenticator:UsernamePasswordAuthenticator
|
||||
|
||||
[challengers]
|
||||
plugins =
|
||||
friendlyform;browser
|
||||
# basicauth
|
@ -1,4 +1,4 @@
|
||||
#!/bin/sh
|
||||
|
||||
URL=$(ip route get 1 | awk '{print $NF;exit}')
|
||||
sed -i "s|^ckan\.site_url.*|ckan.site_url = https://${URL}:8003|" /etc/ckan/ckan.ini
|
||||
sed -i "s|^ckan\.site_url.*|ckan.site_url = http://${URL}:8003|" /srv/ckan/conf/ckan.ini
|
||||
|
Loading…
x
Reference in New Issue
Block a user