Fixes

compose/compose.yml

@@ -0,0 +1,153 @@
+
+# WARNING
+#
+# Any env variable that must be provided and overwrite what is in the container
+# Must be explicitly listed in the environment section of the specific service
+# --env file variables will not be default exist in the container.
+services:
+
+  datafed-web:
+    depends_on: ["datafed-core"]
+    environment:
+      DATAFED_GLOBUS_APP_SECRET: "${DATAFED_GLOBUS_APP_SECRET}"
+      DATAFED_GLOBUS_APP_ID: "${DATAFED_GLOBUS_APP_ID}"
+      DATAFED_ZEROMQ_SESSION_SECRET: "${DATAFED_ZEROMQ_SESSION_SECRET}"
+      DATAFED_ZEROMQ_SYSTEM_SECRET: "${DATAFED_ZEROMQ_SYSTEM_SECRET}"
+      DATAFED_DOMAIN: "${DATAFED_DOMAIN}"
+      DATAFED_HTTPS_SERVER_PORT: "${DATAFED_HTTPS_SERVER_PORT}"
+      DATAFED_WEB_CERT_PATH: "${DATAFED_WEB_CERT_PATH}"
+      DATAFED_WEB_KEY_PATH: "${DATAFED_WEB_KEY_PATH}"
+      DATAFED_WEB_USER: "datafed"
+      DATAFED_DEFAULT_LOG_PATH: "${DATAFED_CONTAINER_LOG_PATH}"
+      DATAFED_CORE_ADDRESS_PORT_INTERNAL: "datafed-core:7513"
+      UID: "${DATAFED_UID}"
+    image: datafed-web:latest
+    ports:
+      - "8080:443" # This must be the same port that is mapped to the host for redirects to work
+    volumes:
+      - ./keys:/opt/datafed/keys
+      - ./logs:${DATAFED_CONTAINER_LOG_PATH}
+    networks:
+      - datafed-internal
+
+  datafed-core:
+    image: datafed-core:latest
+    depends_on:
+      datafed-foxx:
+        condition: service_healthy
+    environment:
+      DATAFED_GLOBUS_APP_SECRET: "${DATAFED_GLOBUS_APP_SECRET}"
+      DATAFED_GLOBUS_APP_ID: "${DATAFED_GLOBUS_APP_ID}"
+      DATAFED_ZEROMQ_SESSION_SECRET: "${DATAFED_ZEROMQ_SESSION_SECRET}"
+      DATAFED_ZEROMQ_SYSTEM_SECRET: "${DATAFED_ZEROMQ_SYSTEM_SECRET}"
+      DATAFED_DOMAIN: "${DATAFED_DOMAIN}"
+      DATAFED_WEB_CERT_PATH: "${DATAFED_WEB_CERT_PATH}"
+      DATAFED_WEB_KEY_PATH: "${DATAFED_WEB_KEY_PATH}"
+      DATAFED_DEFAULT_LOG_PATH: "${DATAFED_CONTAINER_LOG_PATH}"
+      UID: "${DATAFED_UID}"
+      DATAFED_DATABASE_PASSWORD: "${DATAFED_DATABASE_PASSWORD}"
+      DATAFED_DATABASE_IP_ADDRESS: "${DATAFED_DATABASE_IP_ADDRESS}"
+      DATAFED_DATABASE_IP_ADDRESS_PORT: "${DATAFED_DATABASE_IP_ADDRESS}:${DATAFED_DATABASE_PORT}"
+    ports:
+      - 7513 # Communication web server
+      - 7512:7512 # Secure core server communication must be exposed outside of the container
+    volumes:
+      - ./keys:/opt/datafed/keys
+      - ./logs:${DATAFED_CONTAINER_LOG_PATH}
+    networks:
+      - datafed-internal
+
+  datafed-foxx:
+    image: datafed-foxx:latest
+    depends_on: ["arango"]
+    environment:
+      DATAFED_ZEROMQ_SYSTEM_SECRET: "${DATAFED_ZEROMQ_SYSTEM_SECRET}"
+      DATAFED_DOMAIN: "${DATAFED_DOMAIN}"
+      DATAFED_DEFAULT_LOG_PATH: "${DATAFED_CONTAINER_LOG_PATH}"
+      UID: "${DATAFED_UID}"
+      DATAFED_DATABASE_PASSWORD: "${DATAFED_DATABASE_PASSWORD}"
+      DATAFED_DATABASE_IP_ADDRESS: "${DATAFED_DATABASE_IP_ADDRESS}"
+      DATAFED_DATABASE_HOST: "arango"
+    healthcheck:
+      test: ["CMD", "/bin/bash", "-c", "[ -f /tmp/.foxx_is_installed ]"]
+      interval: 10s
+      timeout: 5s
+      retries: 20
+    volumes:
+      - foxx_tmp:/tmp 
+    networks:
+      - datafed-internal
+
+  arango:
+    image: arangodb
+    environment:
+      ARANGO_ROOT_PASSWORD: "${DATAFED_DATABASE_PASSWORD}"
+    volumes:
+      - arango_db:/var/lib/arangodb3
+    ports:
+      - 8529:8529 # Arangodb web UI
+    networks:
+      - datafed-internal
+
+
+
+
+  datafed-repo:
+    environment:
+      DATAFED_ZEROMQ_SESSION_SECRET: "${DATAFED_ZEROMQ_SESSION_SECRET}"
+      DATAFED_ZEROMQ_SYSTEM_SECRET: "${DATAFED_ZEROMQ_SYSTEM_SECRET}"
+      DATAFED_DOMAIN: "${DATAFED_DOMAIN}"
+      DATAFED_HTTPS_SERVER_PORT: "${DATAFED_HTTPS_SERVER_PORT}"
+      DATAFED_DEFAULT_LOG_PATH: "${DATAFED_CONTAINER_LOG_PATH}"
+      DATAFED_CORE_ADDRESS_PORT_INTERNAL: "${DATAFED_DOMAIN}:7513"
+      DATAFED_GCS_COLLECTION_ROOT_PATH: "/mnt/datafed"
+      UID: "${DATAFED_UID}"
+      HOST_HOSTNAME: "localhost"
+    image: datafed-repo:latest
+    volumes:
+      - ./keys:/opt/datafed/keys
+      - ./logs:${DATAFED_CONTAINER_LOG_PATH}
+      - ${DATAFED_HOST_COLLECTION_MOUNT}:/mnt/datafed
+    ports:
+      - 9000:9000 # Communication core server
+
+# Needs host port 80 for apache
+# Needs ports 50000 - 51000 for GridFTP
+# Needs port 443 for control port
+  datafed-gcs:
+    environment:
+      DATAFED_ZEROMQ_SESSION_SECRET: "${DATAFED_ZEROMQ_SESSION_SECRET}"
+      DATAFED_ZEROMQ_SYSTEM_SECRET: "${DATAFED_ZEROMQ_SYSTEM_SECRET}"
+      DATAFED_DOMAIN: "${DATAFED_DOMAIN}"
+      DATAFED_HTTPS_SERVER_PORT: "${DATAFED_HTTPS_SERVER_PORT}"
+      DATAFED_DEFAULT_LOG_PATH: "${DATAFED_CONTAINER_LOG_PATH}"
+      DATAFED_CORE_ADDRESS_PORT_INTERNAL: "datafed-core:7513"
+      DATAFED_GCS_ROOT_NAME: "${DATAFED_GCS_ROOT_NAME}"
+      DATAFED_REPO_ID_AND_DIR: "${DATAFED_REPO_ID_AND_DIR}"
+      DATAFED_GLOBUS_SUBSCRIPTION: "${DATAFED_GLOBUS_SUBSCRIPTION}"
+      DATAFED_GLOBUS_CONTROL_PORT: "${DATAFED_GLOBUS_CONTROL_PORT}"
+      DATAFED_GCS_COLLECTION_ROOT_PATH: "/mnt/datafed"
+      DATAFED_REPO_USER: "${DATAFED_REPO_USER}"
+      UID: "${DATAFED_UID}"
+      HOST_HOSTNAME: "localhost"
+      DATAFED_AUTHZ_USER: "datafed"
+    network_mode: host
+    image: datafed-gcs:latest
+    volumes:
+      - ./keys:/opt/datafed/keys
+      - ./globus:/opt/datafed/globus
+      - ./logs:${DATAFED_CONTAINER_LOG_PATH}
+      - ${DATAFED_HOST_COLLECTION_MOUNT}:/mnt/datafed
+
+        #    ports:
+        #      - "8081:443" # This must be the same port that is mapped to the host for redirects to work
+        #      - "50000-50100:50000-50100"
+
+volumes:
+  foxx_tmp:
+  arango_db:
+
+networks:
+  datafed-internal:
+    driver: bridge
+

repository/docker/000-default.conf

@@ -0,0 +1,60 @@
+<VirtualHost *:80>
+        # The ServerName directive sets the request scheme, hostname and port that
+        # the server uses to identify itself. This is used when creating
+        # redirection URLs. In the context of virtual hosts, the ServerName
+        # specifies what hostname must appear in the request's Host: header to
+        # match this virtual host. For the default virtual host (this file) this
+        # value is not decisive as it is used as a last resort host regardless.
+        # However, you must set it for any further virtual host explicitly.
+        #ServerName www.example.com
+
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+        # error, crit, alert, emerg.
+        # It is also possible to configure the loglevel for particular
+        # modules, e.g.
+        #LogLevel info ssl:warn
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+        # For most configuration files from conf-available/, which are
+        # enabled or disabled at a global level, it is possible to
+        # include a line for only one particular virtual host. For example the
+        # following line enables the CGI configuration for this host only
+        # after it has been globally disabled with "a2disconf".
+        #Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+<VirtualHost *:443>
+		ServerName datafed-gcs-test.ornl.gov
+
+    SSLEngine on
+    SSLCertificateFile /opt/datafed/keys/cert.crt
+    SSLCertificateKeyFile /opt/datafed/keys/cert.key
+
+    # SSL configuration
+    SSLProtocol TLSv1.2 TLSv1.3
+    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+    SSLHonorCipherOrder on
+
+    # Proxy settings
+    ProxyPass / https://localhost:8080/
+    ProxyPassReverse / https://localhost:8080/
+    ProxyPreserveHost On
+    RequestHeader set X-Forwarded-Proto "https"
+
+    # Additional proxy SSL settings
+    SSLProxyEngine on
+    SSLProxyVerify none
+    SSLProxyCheckPeerCN off
+    SSLProxyCheckPeerName off
+    SSLProxyCheckPeerExpire off
+
+    SSLProxyVerifyDepth 2
+    SSLProxyCACertificateFile /opt/datafed/keys/cert.crt
+
+</VirtualHost>

repository/docker/Dockerfile.gcs

@@ -33,7 +33,8 @@ ENV                         BUILD_DIR="$BUILD_DIR"
 ENV                           LIB_DIR="$LIB_DIR"
 ENV          DATAFED_GLOBUS_REPO_USER="datafed"
 ENV          DATAFED_DEFAULT_LOG_PATH="$DATAFED_INSTALL_PATH/logs"
-
+# Value needed so tput command doesn't crash
+ENV                              TERM="xterm"
 RUN mkdir -p ${BUILD_DIR}
 RUN mkdir -p ${DATAFED_INSTALL_PATH}/logs
 RUN mkdir -p ${BUILD_DIR}/common/proto
@@ -139,6 +140,8 @@ COPY --chown=datafed:root ./repository/docker/entrypoint_authz.sh ${BUILD_DIR}/r
 
 USER root
 
+COPY ./repository/docker/000-default.conf    /etc/apache2/sites-available/000-default.conf
+RUN chmod 644 /etc/apache2/sites-available/000-default.conf
 # Remove --client-id from command because it was deprecated
 RUN sed -i '/--client-id/d' /entrypoint.sh
 
@@ -147,3 +150,4 @@ WORKDIR ${DATAFED_INSTALL_PATH}/authz
 # NOTE If you do not overwrite the entrypoint file it will use the GCS instance
 # provided one
 ENTRYPOINT ["/datafed/source/repository/docker/entrypoint_authz.sh"]
+#ENTRYPOINT ["sleep", "infinity"]

repository/docker/entrypoint_authz.sh

@@ -76,6 +76,7 @@ if [ -L "$link" ]; then
   rm "$link"
 fi
 
+export NODE_SETUP_ARGS="--ip-address 128.219.184.185"
 # Run the GCS entrypoint file in the background
 /entrypoint.sh &
 
@@ -102,34 +103,47 @@ done
 echo "globus-gridftp-server pid file found!"
 
 # Need to wait until the domain name is properly registered
+echo "1"
 DATAFED_GCS_URL=$(jq -r .domain_name < /var/lib/globus-connect-server/info.json)
-
+echo "2"
+set +e
 HTTP_CODE=$("${DATAFED_DEPENDENCIES_INSTALL_PATH}/bin/curl" -s -o /dev/null -w "%{http_code}\n" -I "https://${DATAFED_GCS_URL}/api/info")
+echo "$?"
+set -e
+echo "3"
 echo "Waiting for domain name (https://${DATAFED_GCS_URL}) to be registered! Code: $HTTP_CODE"
 printf "\n"
 minutes=0
 while [ "$HTTP_CODE" != "200" ]
 do
 
-	EraseToEOL=$(tput el)
-
-	msg="Minutes $minutes "
-	for i in {1..12}
-	do
-			printf "%s" "${msg}"
-			msg='.'
-			sleep 5
-
-			HTTP_CODE=$("${DATAFED_DEPENDENCIES_INSTALL_PATH}/bin/curl" -s -o /dev/null  -w "%{http_code}\n" -I "https://${DATAFED_GCS_URL}/api/info")
-			if [ "$HTTP_CODE" == "200" ]
-			then
-				break
-			fi	
-	done
-	printf "\r${EraseToEOL}"
-
-	minutes=$((minutes + 1))
+  EraseToEOL=$(tput el)
+
+  msg="Minutes $minutes "
+  echo "$msg"
+  for i in {1..12}
+  do
+      echo "i $i"
+      printf "%s" "${msg}"
+      msg='.'
+      sleep 5
+
+      set +e
+      HTTP_CODE=$("${DATAFED_DEPENDENCIES_INSTALL_PATH}/bin/curl" -s -o /dev/null  -w "%{http_code}\n" -I "https://${DATAFED_GCS_URL}/api/info")
+      echo "$?"
+      set -e
+      if [ "$HTTP_CODE" == "200" ]
+      then
+        break
+      fi  
+  done
+  printf "\r${EraseToEOL}"
+
+  minutes=$((minutes + 1))
+  set +e
   HTTP_CODE=$("${DATAFED_DEPENDENCIES_INSTALL_PATH}/bin/curl" -s -o /dev/null -w "%{http_code}\n" -I "https://${DATAFED_GCS_URL}/api/info")
+  echo "$?"
+  set -e
 done
 printf "\n"