aiidalab-ispg-docker-stack

Dockerfile for building AiidaLab ATMOSPEC image.

The following extra things are added on top of the docker.io/aiidalab/full-stack image:

1. SLURM queuing manager
2. Some conda packages (e.g. OpenMPI for parallel ORCA)

Original image is generated and published on DockerHub at https://github.com/aiidalab/aiidalab-docker-stack

(dev) Releasing a new image

We use bumpver to handle the release automation:

pipx install bumpver
git switch main && git pull origin main
# Check the changes first with a dry run
bumpver update --dry
bumpver update

This will create a release commit, tag it, and push it. Once you see the build and tests pass, create a release for the new tag in GitHub UI at

https://github.com/ispg-group/aiidalab-ispg-docker-stack/releases/new

This will trigger a new workflow that should do a new build and push the new latest image.

Creating your own SSL certificates for HTTPS

To get a proper certificate from a trusted Certificate Authority (CA), you can use Let's encrypt, more specifically its certbot tool.

For local development, you can use the mkcert tool, which not only creates the certificates, but also creates a root certificate and automatically installs it in your system store and in browsers. No more browser warnings! Here's a quick guide for Ubuntu 20.04. For other OSes see the official installation guide.

1. Install dependencies and download the latest mkcert binary for Linux-x86 (it is not abailable as .deb package).

$ sudo apt install libnss3-tools
$ curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
$ chmod +x mkcert-v*-linux-amd64
$ sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert

2. Create and install the root CA

$ mkcert -install

3. Generate the certificates for localhost, and possibly other domains

$ mkcert --cert-file certificates/localhost.crt --key-file certificates/localhost.key localhost 127.0.0.1 it096203.users.bris.ac.uk

3. The certificate and private key are now ready in the certificates/ folder so you can now build the docker image.

   WARNING: This procedure copies the private key inside the Docker image. This is of course only safe when you're building the image locally and not sharing it!

$ docker build . -t aiidalab-ispg

4. (OPTIONAL) Distributing your CA public certificate. If you need other people to trust you as a certificate authority, you can distribute the public CA cert rootCA.pem generated by mkcert. You can find its location by running

mkcert -CAROOT

WARNING: Under any circumstances DO NOT share the rootCA-key.pem! This would allow anybody to spoof trafic to you.