Merge pull request #190 from ubccpsc/feature/188/simplify-docker

Update deploy docs

.env.sample

@@ -6,6 +6,7 @@
 ##### automatically invalidate them and your course _will_ break.
 #####
 
+
 #####
 #####
 ##### Core Settings
@@ -20,94 +21,45 @@ NAME=cs310
 ## created inside it.
 ORG=CS310-2017Jan
 
-## GitHub org identifier for the test organization (you probably do not want to change this)
-ORGTEST=classytest
-
-## Course name for the test instance (you probably do not want to change this)
-NAMETEST=classytest
-
 ## The external name used for the Classy service (used by GitHub WebHooks)
 ## Must start with https:// and should not have a trailing slash
 PUBLICHOSTNAME=https://classy.cs.ubc.ca
 
-## Set the logging verbosity: TRACE (default), INFO, WARN, ERROR, TEST, NONE
-LOG_LEVEL=INFO
-
-#####
-#####
-##### Host config for portal/backend; no trailing slash
-##### https://localhost is usually used for testing
-#####
-#####
-
-
-## URL (no trailing slash) for Classy backend; different than HOSTNAME as this is the
-## internal name (e.g., as Classy is addressed to other local services)
-BACKEND_URL=https://localhost
-BACKEND_PORT=3000
-
-## Full path to fullchain.pem (Can be self-signed for localhost testing)
-SSL_CERT_PATH=/DEVPATH/classy/packages/portal/backend/ssl/fullchain.pem
-## Full path to privkey.pem (Can be self-signed for localhost testing)
-SSL_KEY_PATH=/DEVPATH/classy/packages/portal/backend/ssl/privkey.pem
-
 
 #####
 #####
 ##### Mongo Configuration
 #####
 #####
 
-## For testing, you can spin up a basic mongo instance (w/o authentication) using:
-## `docker run -p 27017:27017 mongo`
-## Specify the DB_URL as below to connect:
-# DB_URL=mongodb://localhost:27017
-
-
 ## To spin up a mongo instance with authentication, specify a username and password below.
 ## Notes:
 ## - you must specify the username and password twice (once for the MONGO_INITDB_ROOT_* and once in the DB_URL)
 ## - the username/password will only be applied on the **FIRST** launch of the db service (otherwise they have no effect)
-## - when deploying with Docker Compose, replace _localhost_ with the value of CONTAINER_NAME_DATABASE (set below).
+## - when deploying with Docker Compose, replace `localhost` with `db`.
 ## - the DB_URL must be URI encoded if it contains special characters
+## For local testing, you can spin up a basic mongo instance (w/o authentication) using: `docker run -p 27017:27017 mongo`
+## and setting DB_URL=mongodb://localhost:27017
 MONGO_INITDB_ROOT_USERNAME=mongoadmin
 MONGO_INITDB_ROOT_PASSWORD=strongpasswd
 DB_URL=mongodb://mongoadmin:strongpasswd@localhost:27017/?authMechanism=DEFAULT
 
+
 #####
 #####
 ##### GitHub Configuration
 #####
 #####
 
-## GitHub API host (no trailing slash). This is because the API host is often different than the web host.
-## For public github it will be: https://api.github.com
-## For hosted github it will be: https://https://api.github.ugrad.cs.ubc.ca (or possibly https://github.ugrad.cs.ubc.ca/api/v3)
-GH_API=https://api.github.com
-
-## GitHub Web root (no trailing slash)
-## For public GitHub it will be https://github.com
-GH_HOST=https://github.com
-
-## The name of the GitHub bot account the students will call
-## You must have access to this account because it needs to be
-## added to both the admin and staff teams so it can admin and
-## comment on repos. Do not include the @ in the username.
-## The bot needs to be added to your org with admin privileges
-## e.g., for public GitHub here: https://github.com/orgs/ORGNAME/people
-GH_BOT_USERNAME=ubcbot
-
 ## A GitHub token so the bot can use the GitHub API without going
 ## through authentication. It is important that this token be well
 ## protected as without it you can lose programmatic access to student
 ## projects. The format should be:
 ## GH_BOT_TOKEN=token d4951x....
 ## (yes the word token is required)
 ## If you want to use ubcbot, contact Reid Holmes for a token.
-
 GH_BOT_TOKEN=token d4951x...
 
-
 ## Before you can authenticate against GitHub you will need to create
 ## two OAuth applications on the org; e.g., for public GitHub you can
 ## do this here: https://github.com/organizations/ORGNAME/settings/applications
@@ -119,22 +71,53 @@ GH_BOT_TOKEN=token d4951x...
 ##
 ## The Client ID and Client Secret for the OAuth profile (testing or prod)
 ## you intend to use should be included below. These _must_ be protected.
-
 GH_CLIENT_ID=f42b49hut...
 GH_CLIENT_SECRET=1337secretTokenCharsHere...
 
+## GitHub API host (no trailing slash). This is because the API host is often different than the web host.
+## For public github it will be: https://api.github.com
+## For hosted github it will be: https://https://api.github.ugrad.cs.ubc.ca (or possibly https://github.ugrad.cs.ubc.ca/api/v3)
+GH_API=https://api.github.com
+
+## GitHub Web root (no trailing slash)
+## For public GitHub it will be https://github.com
+GH_HOST=https://github.com
+
+## The name of the GitHub bot account the students will call
+## You must have access to this account because it needs to be
+## added to both the admin and staff teams so it can admin and
+## comment on repos. Do not include the @ in the username.
+## The bot needs to be added to your org with admin privileges
+## e.g., for public GitHub here: https://github.com/orgs/ORGNAME/people
+GH_BOT_USERNAME=ubcbot
+
 
-#####
 #####
 #####
 ##### AutoTest Settings
 #####
 #####
-#####
+
+## The uid for the (non-root) user that should run the containers (if following deploy instructions, should be the uid
+## for the classy user). Also used by the AutoTest service to configure permissions on directories shared between autotest
+## and the grading container.
+UID=993
+
+## The group id for the docker group on the host. Use `cut -d: -f3 < <(getent group docker)` to get the id.
+## Used by containers that need to access the docker socket.
+GID=989
+
+## GitHub token with permission to clone the repository containing the Dockerfile for the grading container
+GH_DOCKER_TOKEN=asb865...
+
+## Include a hostname to IP address mapping for outgoing requests from grading containers.
+## This mapping is required since the grading container will not be able to make DNS requests.
+## Format hostname:IP
+HOSTS_ALLOW=classy.cs.ubc.ca:142.103.6.191
 
 ## When using docker-compose, an entry is added to the hosts file for each
 ## dependent service. Thus, we just need to specify the service name in the URL.
-AUTOTEST_URL=http://localhost
+AUTOTEST_URL=http://autotest
 
 ## AutoTest instance port.
 AUTOTEST_PORT=11333
@@ -148,52 +131,49 @@ AUTOTEST_POSTBACK=false
 
 ## Where the AutoTest service should store persistent data (e.g. grade container execution logs)
 ## This path is on the HOST machine (and is the mount point for PERSIST_DIR inside the grade container)
-HOST_DIR=./data/runs
+HOST_DIR=/var/opt/classy/runs
 
 ## Where the AutoTest service should store persistent data (e.g. grade container execution logs)
 ## This path is INSIDE the container (and is bound to HOST_DIR on the host machine)
-PERSIST_DIR=/DEVPATH/classy/packages/autotest/test/data
+PERSIST_DIR=/output
 
-## The uid for the (non-root) user that should run the containers (if following deploy instructions, should be the uid
-## for the classy user). Also used by the AutoTest service to configure permissions on directories shared between autotest
-## and the grading container.
-UID=993
 
-## [SDMM/310 Only] Port that the geo-location service should listen on
-## MUST BE SET TO 11316 (this is baked into the service's dockerfile)
-GEO_PORT=11316
+#####
+#####
+##### Portal Settings
+#####
+#####
 
-## [SDMM/310 Only] Port that the reference UI service should listen on.
-## MUST BE SET TO 11315 (this is baked into the service's dockerfile)
-UI_PORT=11315
+## URL (no trailing slash) for Classy backend; different than HOSTNAME as this is the
+## internal name (e.g., as Classy is addressed to other local services)
+## https://localhost is usually used for testing
+BACKEND_URL=https://portal
+BACKEND_PORT=3000
 
 
 #####
-##### Deployment Only
+#####
+##### Miscellaneous Settings
+#####
 #####
 
-# The Docker daemon socket. Specify a value here if not using the default unix:///var/run/docker.sock.
-DOCKER_HOST_URL=tcp://$hostname:2376
-
-## The name docker-compose will prefix to every container
-COMPOSE_PROJECT_NAME=classy
+## Full path to fullchain.pem (Can be self-signed for localhost testing)
+SSL_CERT_PATH=/etc/ssl/fullchain.pem
+## Full path to privkey.pem (Can be self-signed for localhost testing)
+SSL_KEY_PATH=/etc/ssl/privkey.pem
 
-## The location of the SSL certificate and private key.
+## The location of the SSL certificate and private key on the host (if deployed)
 HOST_SSL_CERT_PATH=/opt/classy/ssl/fullchain.pem
 HOST_SSL_KEY_PATH=/opt/classy/ssl/privkey.pem
 
-## GitHub token with read access to clone repositories in the org for the particular course offering
-COURSE_GH_ORG_TOKEN=asb865...
+## The name docker-compose will prefix to every container
+COMPOSE_PROJECT_NAME=classy
 
-## GitHub token with permission to clone the repository containing the Dockerfile for the grading container
-GH_DOCKER_TOKEN=asb865...
+## GitHub org identifier for the test organization (you probably do not want to change this)
+ORGTEST=classytest
 
-## [310/SDMM Only] A single hosts entry used to resolve the hostname of the server running geolocation.
-## This is required since the grading container will not be able to make DNS requests.
-## Format hostname:IP
-HOSTS_ALLOW=classy.cs.ubc.ca:142.103.6.191
+## Course name for the test instance (you probably do not want to change this)
+NAMETEST=classytest
 
-## Specifies the mode under which the reference implementation should operate.
-## Currently supports values 'd1' and 'd2'.
-## Affects the reference UI and the grading container.
-PLATFORM=d1
+## Set the logging verbosity: TRACE (default), INFO, WARN, ERROR, TEST, NONE
+LOG_LEVEL=INFO

docker-compose.yml

@@ -16,7 +16,7 @@
 # - Services specified here can be extended (and additional services can be added) by creating additional
 #   docker-compose.yml files. See https://docs.docker.com/compose/extends/#example-use-case.
 
-# NOTE: Do not change the service names. They are used to refer to the service throughout the codebase in http requests.
+# NOTE: Do not change the container names. They are used to refer to the service throughout the codebase in http requests.
 
 version: "3.5"
 
@@ -25,19 +25,20 @@ services:
         build:
             context: ./
             dockerfile: ./packages/autotest/Dockerfile
+        container_name: autotest
         depends_on:
             - db
         env_file: .env
         expose:
             - ${AUTOTEST_PORT}
         restart: always
-        user: "${UID}"
+        user: "${UID}:${GID}"
         volumes:
             - "${HOST_DIR}:${PERSIST_DIR}"
-            - "${HOST_SSL_CERT_PATH}:${SSL_CERT_PATH}"
-            - "${HOST_SSL_KEY_PATH}:${SSL_KEY_PATH}"
+            - "/var/run/docker.sock:/var/run/docker.sock"
     db:
         command: --quiet
+        container_name: db
         environment:
           - MONGO_INITDB_ROOT_USERNAME
           - MONGO_INITDB_ROOT_PASSWORD
@@ -55,15 +56,13 @@ services:
                 - GH_BOT_EMAIL
             context: ./
             dockerfile: ./packages/portal/Dockerfile
+        container_name: portal
         depends_on:
             - db
             - autotest
         env_file: .env
         expose:
             - ${BACKEND_PORT}
-        # Hack for SDMM since the github webhook hits the port directly
-        ports:
-            - 5000:${BACKEND_PORT}
         restart: always
         user: "${UID}"
         volumes:
@@ -78,6 +77,7 @@ services:
                 - BACKEND_PORT
             context: ./
             dockerfile: ./packages/proxy/Dockerfile
+        container_name: proxy
         depends_on:
             - portal
         ports: