From ab4a8681f815e94ae20013258f2ae226dab38e7b Mon Sep 17 00:00:00 2001 From: David Newswanger Date: Thu, 11 May 2023 12:01:55 +0600 Subject: [PATCH 1/3] Add a default settings.py file for galaxy [noissue] --- images/galaxy/nightly/Containerfile | 4 ++++ images/galaxy/settings.py | 28 ++++++++++++++++++++++++++++ images/galaxy/stable/Containerfile | 4 ++++ 3 files changed, 36 insertions(+) create mode 100644 images/galaxy/settings.py diff --git a/images/galaxy/nightly/Containerfile b/images/galaxy/nightly/Containerfile index 7e00af23..75c7833b 100644 --- a/images/galaxy/nightly/Containerfile +++ b/images/galaxy/nightly/Containerfile @@ -16,3 +16,7 @@ USER root:root RUN ln /usr/local/lib/python3.8/site-packages/pulp_ansible/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_ansible.conf RUN ln /usr/local/lib/python3.8/site-packages/pulp_container/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_container.conf RUN ln /usr/local/lib/python3.8/site-packages/galaxy_ng/app/webserver_snippets/nginx.conf /etc/nginx/pulp/galaxy_ng.conf + +# allow configuration via env variables +ENV S6_KEEP_ENV=1 +COPY images/galaxy/settings.py /etc/pulp/settings.py \ No newline at end of file diff --git a/images/galaxy/settings.py b/images/galaxy/settings.py new file mode 100644 index 00000000..8141e80b --- /dev/null +++ b/images/galaxy/settings.py @@ -0,0 +1,28 @@ +import os + +_CONTAINER_ENV_CONFIGS = { + "API_PROTOCOL": "https" if os.getenv("PULP_HTTPS", default="false") == "true" else "http", + "API_HOST": os.getenv("GALAXY_HOSTNAME", default="localhost"), + "API_PORT": os.getenv("GALAXY_PORT", default="5001") +} + +CONTENT_ORIGIN='{API_PROTOCOL}://{API_HOST}:{API_PORT}'.format(**_CONTAINER_ENV_CONFIGS) +ALLOWED_EXPORT_PATHS=["/tmp"] +ALLOWED_IMPORT_PATHS=["/tmp"] + +GALAXY_API_PATH_PREFIX='/api/galaxy/' +GALAXY_DEPLOYMENT_MODE='standalone' +RH_ENTITLEMENT_REQUIRED='insights' +GALAXY_REQUIRE_CONTENT_APPROVAL=False + +ANSIBLE_API_HOSTNAME="{API_PROTOCOL}://{API_HOST}:{API_PORT}".format(**_CONTAINER_ENV_CONFIGS) +ANSIBLE_CONTENT_HOSTNAME="{API_PROTOCOL}://{API_HOST}:{API_PORT}/pulp/content".format(**_CONTAINER_ENV_CONFIGS) + +# Pulp container requires this to be set in order to provide docker registry +# compatible token authentication. +# https://docs.pulpproject.org/container/workflows/authentication.html +TOKEN_AUTH_DISABLED=False +TOKEN_SERVER="{API_PROTOCOL}://{API_HOST}:{API_PORT}/token/".format(**_CONTAINER_ENV_CONFIGS) +TOKEN_SIGNATURE_ALGORITHM="ES256" +PUBLIC_KEY_PATH="/etc/pulp/certs/token_public_key.pem" +PRIVATE_KEY_PATH="/etc/pulp/certs/token_private_key.pem" diff --git a/images/galaxy/stable/Containerfile b/images/galaxy/stable/Containerfile index bdbbd926..f99c89b2 100644 --- a/images/galaxy/stable/Containerfile +++ b/images/galaxy/stable/Containerfile @@ -18,3 +18,7 @@ USER root:root RUN ln /usr/local/lib/python3.8/site-packages/pulp_ansible/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_ansible.conf RUN ln /usr/local/lib/python3.8/site-packages/pulp_container/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_container.conf RUN ln /usr/local/lib/python3.8/site-packages/galaxy_ng/app/webserver_snippets/nginx.conf /etc/nginx/pulp/galaxy_ng.conf + +# allow configuration via env variables +ENV S6_KEEP_ENV=1 +COPY images/galaxy/settings.py /etc/pulp/settings.py \ No newline at end of file From db7e80b546773a17a01094682ab103709f0149fe Mon Sep 17 00:00:00 2001 From: David Newswanger Date: Thu, 11 May 2023 21:31:50 +0600 Subject: [PATCH 2/3] Add docs. [noissue] --- docs/multi-process-images.md | 58 +++++++++++++++++++++++++++++++++++- images/galaxy/settings.py | 2 +- 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/docs/multi-process-images.md b/docs/multi-process-images.md index 669d905c..61829ce6 100644 --- a/docs/multi-process-images.md +++ b/docs/multi-process-images.md @@ -69,12 +69,68 @@ are single-process rather than multi-process. ## Quickstart +### Galaxy Quickstart + +The galaxy base image includes a default settings.py and can be configured using environment variables. This image can be configured with the following two environment variables: + +- `GALAXY_HOSTNAME`: publicly accessible hostname that the API and content app will run on. +- `GALAXY_PORT`: public port that the API and content app will run on. + +The galaxy image can also be run just like any of the other multi process pulp images by mounting a custom settings.py file, however this setup provides an easy, out of the box configuration for running galaxy. + +#### Examples + +Run galaxy on localhost: + +``` +$ podman run -p 8080:80 ghcr.io/pulp/galaxy:latest +``` + +Run galaxy on localhost with https: + +``` +$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" ghcr.io/pulp/galaxy:latest +``` + +Run galaxy from a server with https: + +``` +$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" -e "GALAXY_HOSTNAME=192.168.0.100" ghcr.io/pulp/galaxy:latest +``` + +Modify the system settings to allow for uploads without approval: + +``` +$ podman run -p 8080:80 -e "PULP_GALAXY_REQUIRE_CONTENT_APPROVAL=false" ghcr.io/pulp/galaxy:latest +``` + +Mount the storage directories for persistent data and https: + +NOTE: don't mount volumes to `/etc/pulp/` as you would with the vanilla pulp images, as this will override the default settings.py file. + +``` +$ podman run --detach \ + --publish 443:443 \ + --name pulp \ + -e "GALAXY_HOSTNAME=my.galaxy.host.example.com" \ + -e "PULP_HTTPS=true" \ + -e "GALAXY_PORT=443" \ + --volume "$(pwd)/certs":/etc/pulp/certs:Z \ + --volume "$(pwd)/pulp_storage":/var/lib/pulp:Z \ + --volume "$(pwd)/pgsql":/var/lib/pgsql:Z \ + --volume "$(pwd)/containers":/var/lib/containers:Z \ + --device /dev/fuse \ + ghcr.io/pulp/galaxy:latest +``` + +Once your containers are running see "Reset the Admin Password" section to set up your admin user. + ### Create the Directories and Settings 1st, create the directories for storage/configuration, and create the `settings.py` file: ``` -$ mkdir settings pulp_storage pgsql containers +$ mkdir -p settings/certs pulp_storage pgsql containers $ echo "CONTENT_ORIGIN='http://$(hostname):8080' ANSIBLE_API_HOSTNAME='http://$(hostname):8080' ANSIBLE_CONTENT_HOSTNAME='http://$(hostname):8080/pulp/content' diff --git a/images/galaxy/settings.py b/images/galaxy/settings.py index 8141e80b..e6616b57 100644 --- a/images/galaxy/settings.py +++ b/images/galaxy/settings.py @@ -3,7 +3,7 @@ _CONTAINER_ENV_CONFIGS = { "API_PROTOCOL": "https" if os.getenv("PULP_HTTPS", default="false") == "true" else "http", "API_HOST": os.getenv("GALAXY_HOSTNAME", default="localhost"), - "API_PORT": os.getenv("GALAXY_PORT", default="5001") + "API_PORT": os.getenv("GALAXY_PORT", default="8080") } CONTENT_ORIGIN='{API_PROTOCOL}://{API_HOST}:{API_PORT}'.format(**_CONTAINER_ENV_CONFIGS) From f3ded94dabd43dac85662a889136105d951751db Mon Sep 17 00:00:00 2001 From: David Newswanger Date: Thu, 29 Jun 2023 14:27:59 -0600 Subject: [PATCH 3/3] update docs [noissue] --- docs/multi-process-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/multi-process-images.md b/docs/multi-process-images.md index 61829ce6..6e83fbb0 100644 --- a/docs/multi-process-images.md +++ b/docs/multi-process-images.md @@ -115,7 +115,7 @@ $ podman run --detach \ -e "GALAXY_HOSTNAME=my.galaxy.host.example.com" \ -e "PULP_HTTPS=true" \ -e "GALAXY_PORT=443" \ - --volume "$(pwd)/certs":/etc/pulp/certs:Z \ + --volume "$(pwd)/settings/certs":/etc/pulp/certs:Z \ --volume "$(pwd)/pulp_storage":/var/lib/pulp:Z \ --volume "$(pwd)/pgsql":/var/lib/pgsql:Z \ --volume "$(pwd)/containers":/var/lib/containers:Z \