diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 000000000..b7232d9ab --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,78 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the +// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-docker-compose +{ + "name": "ZMS Development Environment", + // Update the 'dockerComposeFile' list if you have more compose files or use different names. + // The .devcontainer/docker-compose.yml file contains any overrides you need/want to make. + "dockerComposeFile": ["../docker-compose.yml", "docker-compose.yml"], + // The 'service' property is the name of the service for the container that VS Code should + // use. Update this value and .devcontainer/docker-compose.yml to the real service name. + "service": "zope", + // The optional 'workspaceFolder' property is the path VS Code should open by default when + // connected. This is typically a file mount in .devcontainer/docker-compose.yml + "workspaceFolder": "/home/zope/", + // Features to add to the dev container. More info: https://containers.dev/features. + // "features": {}, + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + // Uncomment the next line if you want start specific services in your Docker Compose config. + // "runServices": [], + // Uncomment the next line if you want to keep your containers running after VS Code shuts down. + "shutdownAction": "stopCompose", + // Uncomment the next line to run commands after the container is created. + // "postCreateCommand": "cat /etc/os-release", + // Configure tool-specific properties. + // "customizations": {}, + "customizations": { + "vscode": { + "extensions": [ + "ms-python.python", + "ms-python.vscode-pylance" + // "ms-python.autopep8" + ], + "settings": { + "terminal.integrated.defaultProfile.linux": "bash", + "python.defaultInterpreterPath": "/home/zope/venv/bin/python", + "window.zoomLevel": 0, + "git.ignoreMissingGitWarning": true, + "editor.minimap.enabled": false, + "editor.renderWhitespace": "all", + "editor.renderControlCharacters": false, + "workbench.iconTheme": "vs-minimal", + "files.associations": { + "*.zpt": "html", + "*.zcml": "xml" + }, + "scm.alwaysShowActions": true, + "files.exclude": { + "*.pyc": true, + "*-all.min.*": true, + "**/cache/**": true, + "**/Data.*": true + }, + "search.exclude": { + "**/apidocs/**": true + }, + "files.eol": "\n", + "files.autoSave": "afterDelay", + "workbench.colorTheme": "Visual Studio Light", + "python.linting.enabled": false, + "python.formatting.provider": "none" + // "python.testing.pytestEnabled": false, + // "python.testing.unittestEnabled": true, + // "python.testing.unittestArgs": [ + // "-v", + // "-s", + // "./tests", + // "-p", + // "test*.py" + // ], + // "[python]": { + // "editor.defaultFormatter": "ms-python.autopep8" + // } + } + } + } + // Uncomment to connect as an existing user other than the container default. More info: https://aka.ms/dev-containers-non-root. + // "remoteUser": "devcontainer" +} diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml new file mode 100644 index 000000000..26f63927d --- /dev/null +++ b/.devcontainer/docker-compose.yml @@ -0,0 +1,6 @@ +services: + zope: + volumes: + - .:/home/zope/workspace/:cached + # Overrides default command so things don't shut down after the process ends. + command: sleep infinity diff --git a/.vscode/Docker.code-workspace b/.vscode/Docker.code-workspace new file mode 100755 index 000000000..4cce77ffd --- /dev/null +++ b/.vscode/Docker.code-workspace @@ -0,0 +1,40 @@ +{ + "folders": [ + { + "name": "ZMS-Docker", + "path": "../.." + }, + ], + + "launch": { + "version": "0.2.0", + "configurations": [ + { + "name": "ZMS-Docker", + "type": "debugpy", + "request": "launch", + "justMyCode": false, + "console": "integratedTerminal", + "program": "/home/zope/venv/bin/runwsgi", + "args": [ + "--debug", + "--verbose", + "/home/zope/etc/zope.ini", + ], + "env": { + "PYTHONUNBUFFERED":"1", + "CONFIG_FILE": "/home/zope/etc/zope.ini", + "INSTANCE_HOME": "/home/zope/", + "CLIENT_HOME": "/home/zope/", + "PYTHON": "/home/zope/venv/bin/python", + "SOFTWARE_HOME": "/home/zope/venv/bin" + }, + "serverReadyAction":{ + "pattern":"Serving on http://0.0.0.0:80", + "uriFormat": "http://admin:admin@127.0.0.1:80/manage_main", + "action": "openExternally", + }, + }, + ] + } +} diff --git a/.vscode/ZMS5.code-workspace b/.vscode/Native.code-workspace similarity index 100% rename from .vscode/ZMS5.code-workspace rename to .vscode/Native.code-workspace diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100755 index 000000000..184a334d3 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,25 @@ +services: + zope: + build: ./docker/base + image: zope:latest + depends_on: + - zeo + stop_grace_period: 1s # SIGKILL after 1s, as zope is always taking the full 10 seconds + ports: + - 80:80 + volumes: + - .:/home/zope/venv/src/zms/ + - ./docker/zope/etc/:/home/zope/etc/ + - ./docker/zope/var/:/home/zope/var/ + # TODO we may want to map these in from outside to ease debugging + # - ./docker/zope/Extensions/:/home/zope/Extensions/ + # allow attaching to the container to debug with `breakpoint()` + stdin_open: true + tty: true + + zeo: + image: zope:latest + command: runzeo --configure etc/zeo.conf + volumes: + - ./docker/zeo/etc/:/home/zope/etc/ + - ./docker/zeo/var/:/home/zope/var/ diff --git a/docker/.vscode/ZMS5-Docker.code-workspace b/docker/.vscode/ZMS5-Docker.code-workspace deleted file mode 100755 index a4448e0cf..000000000 --- a/docker/.vscode/ZMS5-Docker.code-workspace +++ /dev/null @@ -1,78 +0,0 @@ -{ - "folders": [ - { - "name": "ZMS5-Docker", - "path": "../.." - }, - ], - "settings": { - "python.defaultInterpreterPath": "/home/zope/venv/bin/python", - "window.zoomLevel": 0, - "git.ignoreMissingGitWarning": true, - "editor.minimap.enabled": false, - "editor.renderWhitespace": "all", - "editor.renderControlCharacters": false, - "workbench.iconTheme": "vs-minimal", - "files.associations": { - "*.zpt": "html", - "*.zcml": "xml" - }, - "scm.alwaysShowActions": true, - "files.exclude": { - "*.pyc": true, - "*-all.min.*":true, - "**/cache/**": true, - "**/Data.*": true, - }, - "search.exclude": { - "**/apidocs/**": true - }, - "files.eol": "\n", - "files.autoSave": "afterDelay", - "workbench.colorTheme": "Visual Studio Light", - "python.linting.enabled": false, - "python.formatting.provider": "none", - // "python.testing.pytestEnabled": false, - // "python.testing.unittestEnabled": true, - // "python.testing.unittestArgs": [ - // "-v", - // "-s", - // "./tests", - // "-p", - // "test*.py" - // ], - }, - "launch": { - "version": "0.2.0", - "configurations": [ - { - "name": "ZMS5-Docker", - "type": "debugpy", - "request": "launch", - "program": "/home/zope/venv/bin/runwsgi", - "justMyCode": false, - "console": "integratedTerminal", - "args": [ - "--debug", - "--verbose", - "/home/zope/venv/instance/zms5/etc/zope.ini", - "debug-mode=on", - "http_port=8087", - ], - "env": { - "PYTHONUNBUFFERED":"1", - "CONFIG_FILE": "/home/zope/venv/instance/zms5/etc/zope.ini", - "INSTANCE_HOME": "/home/zope/venv/instance/zms5", - "CLIENT_HOME": "/home/zope/venv/instance/zms5", - "PYTHON": "/home/zope/venv/bin/python", - "SOFTWARE_HOME": "/home/zope/venv/bin" - }, - "serverReadyAction":{ - "pattern":"Serving on http://0.0.0.0:8087", - "uriFormat": "http://127.0.0.1:8087/manage_main", - "action": "openExternally", - }, - }, - ] - } -} \ No newline at end of file diff --git a/docker/Extensions/readme.md b/docker/Extensions/readme.md deleted file mode 100755 index 820867944..000000000 --- a/docker/Extensions/readme.md +++ /dev/null @@ -1 +0,0 @@ -# Externalizing Extensions for Docker \ No newline at end of file diff --git a/docker/Readme.md b/docker/Readme.md new file mode 100755 index 000000000..677db7348 --- /dev/null +++ b/docker/Readme.md @@ -0,0 +1,34 @@ +# Running ZMS in a Docker container + +Important: *The presented Docker environment is not yet recommended for production, just for testing and exploration.* We do plan to evolve these to be production ready, but we are not there yet. + +The ZMS source folder `./docker` contains two minimalistic Docker files: + +1. the [Dockerfile](zms-base/Dockerfile) for creating a Docker *image* and +2. the [docker-compose.yml](../docker-compose.yml) file for building the Docker *containers*. + +The image utilizes a Linux with a fresh Python3 and some additional software packages (like mariadb and openldap). The ZMS installation happens with pip in a virtual python environment (`/home/zope/venv`) and provides the ZMS code in the pip-"editable" mode. Both the ZMS source code (`/home/zope/venv/src/ZMS/.git`) and the Zope instance are placed in the virtual python environment folder (`/home/zope/`) + +To make Zope running there are some crucial config files needed which usually (created by `mkwsgiinstance`) are set on default values. In a Docker environment these defaults must be modified; moreover the setup contains a ZEO-server for running multiple Zope processes in parallel (e.g. for debugging). That is why a small set of config files is provided as presets via the the source-folders +1. ./docker/{zope,zeo}/etc +1. ./docker/{zope,zeo}/var +1. ./docker/zope/Extensions + +These sources are mapped into the respective *containers* + +## Overview of Docker- and all Zope config-files + +*Hint: to ease the file access from the container the config files are not restricted:* `chmod -R 777 ./docker/` + +## Running the ZMS Container with VSCode + +The VSCode Docker Extension [ms-azuretools.vscode-docker](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker) is a perfect tool for handling containers. A right mouse click on the file ´docker-compose.yaml´ starts composing the container. Initially ZEO will be started and Zope will run on http://localhost/, the management interface on http://admin:admin@localhost/manage_main. + +![Running the ZMS Container with VSCode](../docs/images/admin_docker_run.gif) + +## Attach VSCode to the ZMS Container + +Another right click on the running container-ID allows to intrude the container with VSCode and launch a new Zope instance in debugging mode. +Hint: For this purpose the docker-container folder `/home/zope/venv/src/zms/docker/.vscode/` contains a prepared VSCode-workspace file and a launch file for starting Zope in debug-mode within the container [launch.json](https://github.com/zms-publishing/ZMS/blob/main/docker/.vscode/launch.json). The thus launched Zope instance will run port 8087. + +![Attach VSCode to the ZMS Container](../docs/images/admin_docker_debug_zeo.gif) diff --git a/docker/TODO.md b/docker/TODO.md new file mode 100755 index 000000000..42e6c1691 --- /dev/null +++ b/docker/TODO.md @@ -0,0 +1,21 @@ +# Goals + +- [x] one process per container +- [X] Starting the bare docker file will give you a basic zope / zms +- [x] everything as similar to our server deployment as possible to allow easy migration +- [x] modern os and python +- [ ] simple to use and develop in vscode -> .devcontainer! +- [x] all mutable data in mounted volumes +- [ ] example systemd files to run everything + - [ ] this should show how automated container updates are done! +- [ ] example nginx config so you get the same experience as on the server +- [x] Allow working on zms inside the container +- [ ] Full development experience with all dependennt services locally (mariadb, memcached, …) + +# TODOs + +- [x] Create basic Dockerfile for the project +- [x] specialize them for zeoserver and zope +- [x] create docker-compose file that runs each server separately +- [ ] add devcontainer.json to develop and run everything from vscode +- [ ] mount the zms source live into the container so working within it becomes possible diff --git a/docker/base/Dockerfile b/docker/base/Dockerfile new file mode 100755 index 000000000..20c54e48a --- /dev/null +++ b/docker/base/Dockerfile @@ -0,0 +1,72 @@ +FROM python:3.12 + +EXPOSE 80 + +ARG CI_COMMIT_SHA=development +ENV CI_COMMIT_SHA=$CI_COMMIT_SHA + +# Ensure all system packages are up to date +ENV DEBIAN_FRONTEND=noninteractive +RUN \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + < +# TODO talk to FH if this makes sense. Might require a slightly different workflow from them. +# Currently always enabled on our servers. + +# Regarding --debug +# @see https://zope.readthedocs.io/en/latest/operation.html#running-zope-in-the-foreground +# seems to sugges that this also enables the debug-mode directive +# TODO talk to FH to allow me to check that + +exec $venv_bin_dir/runwsgi --debug --verbose $instance_dir/etc/zope.ini debug-mode=on http_port=80 diff --git a/docker/base/zope.conf b/docker/base/zope.conf new file mode 100755 index 000000000..e63c72650 --- /dev/null +++ b/docker/base/zope.conf @@ -0,0 +1,65 @@ +%define INSTANCE /home/zope/ + +instancehome $INSTANCE +trusted-proxy 127.0.0.1 +#trusted-proxy host.docker.internal + + + + + CHAMELEON_CACHE $INSTANCE/var/cache + + + + CHAMELEON_CACHE $INSTANCE/var/cache + + +# debugging helpers +security-policy-implementation python +verbose-security on +debug-mode on +debug-mode-services on + +# DB configuration + + + path $INSTANCE/var/Data.fs + + mount-point / + + + + name Temporary database (for sessions) + + mount-point /temp_folder + container-class Products.TemporaryFolder.TemporaryContainer + + + +# %import ZEO +# +# # Main FileStorage database +# +# server $INSTANCE/var/zeosocket +# # REFACT add client-name +# storage main +# name zeostorage Data.fs +# # We can enlarge the cache to reduce network roundtrips, not sure this is neccessary +# # cache-size 200MB +# client-label zms5 8880 +# +# mount-point / +# +# +# # Temporary storage database (for sessions) +# +# server $INSTANCE/var/zeosocket +# storage temporary +# name zeostorage temporary +# # We can enlarge the cache to reduce network roundtrips, not sure this is neccessary +# # cache-size 200MB +# client-label zms5 8880 +# +# mount-point /temp_folder +# container-class Products.TemporaryFolder.TemporaryContainer +# diff --git a/docker/base/zope.ini b/docker/base/zope.ini new file mode 100755 index 000000000..e449a1156 --- /dev/null +++ b/docker/base/zope.ini @@ -0,0 +1,61 @@ +[app:zope] +use = egg:Zope#main +zope_conf = %(here)s/zope.conf + +[server:main] +use = egg:waitress#main +host = 0.0.0.0 +port = 80 + +[filter:translogger] +use = egg:Paste#translogger +setup_console_handler = False + +[pipeline:main] +pipeline = + egg:Zope#httpexceptions + translogger + zope + +[loggers] +keys = root, waitress.queue, waitress, wsgi + +[handlers] +keys = console + +[formatters] +keys = generic, message + +[formatter_generic] +format = %(asctime)s %(levelname)s [%(name)s:%(lineno)s][%(threadName)s] %(message)s +datefmt = %Y-%m-%d %H:%M:%S + +[formatter_message] +format = %(message)s + +[logger_root] +level = INFO +handlers = console + +[logger_waitress.queue] +level = INFO +handlers = console +qualname = waitress.queue +propagate = 0 + +[logger_waitress] +level = INFO +handlers = console +qualname = waitress + +[logger_wsgi] +level = WARN +handlers = console +qualname = wsgi +propagate = 0 + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic diff --git a/docker/bin/add_insecure_admin_user b/docker/bin/add_insecure_admin_user new file mode 100755 index 000000000..5f454612f --- /dev/null +++ b/docker/bin/add_insecure_admin_user @@ -0,0 +1,3 @@ +#!/bin/sh + +docker compose run --rm zope addzopeuser -c etc/zope.conf admin admin diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml deleted file mode 100755 index d6b62e674..000000000 --- a/docker/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: "3.7" -services: - zms5: - build: . - image: zms5:latest - ports: - - 8085:8085 - - 8086:8086 - - 8080:8080 - - 5678:5678 - environment: - - PYTHONUNBUFFERED="1" - - CONFIG_FILE="/home/zope/venv/instance/zms5/etc/zope.ini" - - INSTANCE_HOME="/home/zope/venv/instance/zms5" - - CLIENT_HOME="/home/zope/venv/instance/zms5" - - PYTHON="/home/zope/venv/bin/python" - - SOFTWARE_HOME="/home/zope/venv/bin" - volumes: - - ./etc/:/home/zope/venv/instance/zms5/etc/ - - ./Extensions/:/home/zope/venv/instance/zms5/Extensions/:rw - - ./var/:/home/zope/venv/instance/zms5/var/ - - # command: /home/zope/venv/instance/zms5/etc/start.sh diff --git a/docker/dockerfile b/docker/dockerfile deleted file mode 100755 index afaa6eddb..000000000 --- a/docker/dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -FROM alpine - -EXPOSE 8085 -EXPOSE 8086 -EXPOSE 8080 -EXPOSE 5678 - -# Install Zope/ZEO Dependencies -RUN apk add python3 make gcc g++ git -RUN apk update && apk add python3-dev git mariadb-dev openldap-dev curl bash - -# https://stackoverflow.com/questions/49955097/how-do-i-add-a-user-when-im-using-alpine-as-a-base-image -RUN addgroup -S zope && adduser --disabled-password -S zope -G zope -USER zope -WORKDIR /home/zope/ -ENV VIRTUAL_ENV=/home/zope/venv - -RUN python3 -m venv venv -ENV PATH="$VIRTUAL_ENV/bin:$PATH" -RUN pip install -U pip wheel setuptools -RUN pip install -U -e git+https://github.com/zms-publishing/ZMS.git#egg=ZMS -RUN pip install -r https://raw.githubusercontent.com/zms-publishing/ZMS5/master/requirements-full.txt -RUN pip install ZEO -RUN pip install itsdangerous -RUN pip install debugpy - -# Create Zope Instance -RUN mkwsgiinstance -d venv/instance/zms5 -u admin:admin - -COPY ./etc venv/instance/zms5/etc -COPY ./var venv/instance/zms5/var -COPY ./Extensions venv/instance/zms5/Extensions - - -# Finally Start ZEO/Zope by Script -# ENTRYPOINT ["/bin/sh -c"] -CMD ["/home/zope/venv/instance/zms5/etc/start.sh"] \ No newline at end of file diff --git a/docker/etc/start.sh b/docker/etc/start.sh deleted file mode 100755 index 96924caeb..000000000 --- a/docker/etc/start.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -# The ZEO/Zope start script works in two steps: -# 1. ZEO server is started silently (nohub) -# 2. Zope instance it started on parameter defined port:8085 -# Sending Zope's output not to dev/null but the console maintains -# docker running - -instance_dir="/home/zope/venv/instance/zms5" -venv_bin_dir="/home/zope/venv/bin" - -echo "Step-1: Starting ZEO" -nohup $venv_bin_dir/runzeo --configure $instance_dir/etc/zeo.conf 1>/dev/null 2>/dev/null & - -echo "Step-2: Starting ZOPE 8085" -$venv_bin_dir/runwsgi --debug --verbose $instance_dir/etc/zope.ini debug-mode=on http_port=8085 - - diff --git a/docker/etc/zeo.conf b/docker/etc/zeo.conf deleted file mode 100755 index 92edb2d77..000000000 --- a/docker/etc/zeo.conf +++ /dev/null @@ -1,16 +0,0 @@ -%define INSTANCE /home/zope/venv/instance/zms5 - - - address $INSTANCE/var/zeosocket - - - - - path $INSTANCE/var/log/zeo.log - format %(asctime)s %(message)s - - - - - path $INSTANCE/var/Data.fs - \ No newline at end of file diff --git a/docker/etc/zope.conf b/docker/etc/zope.conf deleted file mode 100755 index 2dc653171..000000000 --- a/docker/etc/zope.conf +++ /dev/null @@ -1,266 +0,0 @@ -%define INSTANCE /home/zope/venv/instance/zms5 - -instancehome $INSTANCE - -%import ZEO - - - # Main FileStorage database - - server $INSTANCE/var/zeosocket - storage main - name zeostorage Data.fs - client-label zms5 8085 - - mount-point / - - - -# -# -# path $INSTANCE/var/Data.fs -# -# mount-point / -# - - -# Uncomment this if you use Products.Sessions and Products.TemporaryFolder -# -# -# name Temporary database (for sessions) -# -# mount-point /temp_folder -# container-class Products.TemporaryFolder.TemporaryContainer -# - - -# Directive: locale -# -# Description: -# Overwrite the locale settings found in the environment by supplying a -# locale name to be used. See your operating system documentation for -# locale information specific to your system. If the requested locale is -# not supported by your system, an error will be raised and Zope will not -# start. -# -# Default: unset -# -# Example: -# -# locale fr_FR - - -# Directive: environment -# -# Description: -# A section which can be used to define arbitrary key-value pairs -# for use as environment variables during Zope's run cycle. It -# is not recommended to set system-related environment variables such as -# PYTHONPATH within this section. -# -# Default: unset -# -# Example: -# -# -# MY_PRODUCT_ENVVAR foobar -# - - CHAMELEON_CACHE $INSTANCE/var/cache - - - -# Directive: debug-mode -# -# Description: -# A switch which controls several aspects of Zope operation useful for -# developing under Zope. When debug mode is on: -# -# - The process will not detach from the controlling terminal -# -# - Errors in product initialization will cause startup to fail -# (instead of writing error messages to the event log file). -# -# - Filesystem-based scripts such as skins, PageTemplateFiles, and -# DTMLFiles can be edited while the server is running and the server -# will detect these changes in real time. When this switch is -# off, you must restart the server to see the changes. -# -# Setting this to 'off' when Zope is in a production environment is -# encouraged, as it speeds execution (sometimes dramatically). -# -# Default: off -# -# Example: -# -debug-mode on - - -# Directive: debug-exceptions -# -# Description: -# This switch controls how exceptions are handled. If it is set to -# "off" (the default), Zope's own exception handling is active. -# Exception views or a standard_error_message are used to handle them. -# -# If set to "on", exceptions are not handled by Zope and can propagate -# into the WSGI pipeline, where they may be handled by debugging -# middleware. -# -# This setting should always be "off" in production. It is useful for -# developers and while debugging site issues. -# -# Default: off -# -# Example: -# -# debug-exceptions on - - -# Directive: http-realm -# -# Description: -# The HTTP "Realm" header value sent by this Zope instance. This value -# often shows up in basic authentication dialogs. -# -# Default: Zope -# -# Example: -# -# http-realm Slipknot - - -# Directive: webdav-source-port -# -# Description: -# This value designates a network port number as WebDAV source port. -# -# If this value is set to a positive integer, any GET request coming into -# Zope via the designated port will be marked up to signal that this is a -# WebDAV request. This request markup resembles what ZServer did for -# requests coming though its designated WebDAV source server port, so it is -# backwards-compatible for existing code that offers WebDAV handling under -# ZServer. -# -# Please note that Zope itself has no server capabilities and cannot open -# network ports. You need to configure your WSGI server to listen on the -# designated port. -# -# Default: Off -# -# Example: -# -# webdav-source-port 9800 - - -# Directive: zmi-bookmarkable-urls -# -# Description: -# Set this directive to 'on' to cause Zope to show the ZMI right hand -# frame's URL in the browser navigation bar as opposed to the static -# '/manage'. The default is 'on'. To restore the behavior of Zope 2 -# where the URL was always static unless you opened the right-hand frame in -# its own browser window, set this to off. -# -# Default: on -# -# Example: -# -# zmi-bookmarkable-urls off - - -# Directive: pid-filename -# -# Description: -# The path to the file in which the Zope process id(s) will be written. -# This defaults to client-home/Z4.pid. -# -# Default: CLIENT_HOME/Z4.pid -# -# Example: -# -# pid-filename /home/chrism/projects/sessions/var/Z4.pid - - -# Directive: trusted-proxy -# -# Description: -# Define one or more 'trusted-proxies' directives, each of which is a -# hostname or an IP address. The set of definitions comprises a list -# of front-end proxies that are trusted to supply an accurate -# X-Forwarded-For header to Zope. If a connection comes from -# a trusted proxy, Zope will trust any X-Forwarded header to contain -# the user's real IP address for the purposes of address-based -# authentication restriction. -# -# Default: unset -# -# Example: -# -# trusted-proxy www.example.com -# trusted-proxy 192.168.1.1 - - -# Directive: security-policy-implementation -# -# Description: -# The default Zope security machinery is implemented in C. Change -# this to "python" to use the Python version of the Zope security -# machinery. This setting may impact performance but is useful -# for debugging purposes. See also the "verbose-security" option -# below. -# -# Default: C -# -# Example: -# -# security-policy-implementation python - - -# Directive: skip-authentication-checking -# -# Description: -# Set this directive to 'on' to cause Zope to skip checks related -# to authentication, for servers which serve only anonymous content. -# Only works if security-policy-implementation is 'C'. -# -# Default: off -# -# Example: -# -# skip-authentication-checking on - - -# Directive: skip-ownership-checking -# -# Description: -# Set this directive to 'on' to cause Zope to ignore ownership checking -# when attempting to execute "through the web" code. By default, this -# directive is on in order to prevent 'trojan horse' security problems -# whereby a user with less privilege can cause a user with more -# privilege to execute dangerous code. -# -# Default: off -# -# Example: -# -# skip-ownership-checking on - - -# Directive: verbose-security -# -# Description: -# By default, Zope reports authorization failures in a terse manner in -# order to avoid revealing unnecessary information. This option -# modifies the Zope security policy to report more information about -# the reason for authorization failures. It's designed for debugging. -# If you enable this option, you must also set the -# 'security-policy-implementation' to 'python'. -# -# Default: off -# -# Example: -# -# security-policy-implementation python -# verbose-security on - diff --git a/docker/readme.md b/docker/readme.md deleted file mode 100755 index c60894988..000000000 --- a/docker/readme.md +++ /dev/null @@ -1,71 +0,0 @@ -# Running ZMS in a Docker container with Alpine Linux - -Important: *The here presented Docker environment is not recommended for production, just for testing and exploration.* - -The ZMS source folder `./docker` contains two minimalistic Docker files: -1. the [dockerfile](https://github.com/zms-publishing/ZMS/blob/main/docker/dockerfile) for creating a Docker *image* and -2. the [docker-compose](https://github.com/zms-publishing/ZMS/blob/main/docker/docker-compose.yml) file for building a Docker *container*. - -The image utilizes a minimal *alpine*-Linux with a fresh compiled Python3 and some additional software packages (like mariadb and openldap). The ZMS installation happens with pip in a successively created virtual python environment (`/home/zope/venv`) and provides the ZMS code in the pip-"editable" mode. Both the ZMS source code (`/home/zope/venv/src/ZMS/.git`) and the Zope instance are placed in the virtual python environment folder (`/home/zope/venv/instance/zms5`) - -To make Zope running there are some crucial config files needed which usually (created by `mkwsgiinstance`) are set on default values. In a Docker environment these defaults must be modified; moreover the setup contains a ZEO-server for running multiple Zope processes in parallel (e.g. for debugging). That is why a small set of config files is provided as presets via the the source-folders -1. ./docker/var -2. ./docker/etc -3. ./docker/Extensions - -These sources will be copied into the *image* (on building) -```yaml -# dockerfile -COPY ./etc venv/instance/zms5/etc -COPY ./var venv/instance/zms5/var -COPY ./Extensions venv/instance/zms5/Extensions -``` -or referenced as *volume mounts* from the *container* (on composing): -```yaml -# docker-compose - volumes: - - ./etc/:/home/zope/venv/instance/zms5/etc/ - - ./var/:/home/zope/venv/instance/zms5/var/ - - ./Extensions/: /home/zope/venv/instance/zms5/Extensions -``` - - -## Overview of Docker- and all Zope config-files - -*Hint: to ease the file access from the container the config files are not restricted:* `chmod -r 777` -``` -$ tree -p -. -├── [-rw-r--r--] docker-compose.yml -├── [-rw-r--r--] dockerfile -├── [drwxrwxrwx] Extensions -├── [drwxrwxrwx] etc -│ ├── [-rwxrwxrwx] start.sh -│ ├── [-rwxrwxrwx] zeo.conf -│ ├── [-rwxrwxrwx] zope.conf -│ └── [-rwxrwxrwx] zope.ini -└── [drwxrwxrwx] var - ├── [-rwxrwxrwx] Data.fs - ├── [-rwxrwxrwx] Data.fs.index - ├── [-rwxrwxrwx] Data.fs.lock - ├── [-rwxrwxrwx] Data.fs.tmp - ├── [-rwxrwxrwx] Z4.pid - ├── [drwxrwxrwx] cache - ├── [drwxrwxrwx] log - │ ├── [-rwxrwxrwx] Z4.log - │ ├── [-rwxrwxrwx] event.log - │ └── [-rwxrwxrwx] zeo.log - └── [srwxrwxrwx] zeosocket -``` - -## Running the ZMS Container with VSCode - -The VSCode Docker Extension [ms-azuretools.vscode-docker](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker) is a perfect tool for handling containers. A right mouse click on the file ´docker-compose.yaml´ starts composing the container. Initially ZEO will be started and Zope will run on port 8085. - -![Running the ZMS Container with VSCode](../docs/images/admin_docker_run.gif) - -## Attach VSCode to the ZMS Container -Another right click on the running container-ID allows to intrude the container with VSCode and launch a new Zope instance in debugging mode. -Hint: For this purpose the docker-container folder `/home/zope/venv/src/zms/docker/.vscode/` contains a prepared VSCode-workspace file and a launch file for starting Zope in debug-mode within the container [launch.json](https://github.com/zms-publishing/ZMS/blob/main/docker/.vscode/launch.json). The thus launched Zope instance will run port 8087. - -![Attach VSCode to the ZMS Container](../docs/images/admin_docker_debug_zeo.gif) \ No newline at end of file diff --git a/docker/var/Data.fs b/docker/var/Data.fs deleted file mode 100755 index a108ea618..000000000 Binary files a/docker/var/Data.fs and /dev/null differ diff --git a/docker/var/Data.fs.index b/docker/var/Data.fs.index deleted file mode 100755 index 6504fe575..000000000 --- a/docker/var/Data.fs.index +++ /dev/null @@ -1 +0,0 @@ -€K.€N. \ No newline at end of file diff --git a/docker/var/Data.fs.lock b/docker/var/Data.fs.lock deleted file mode 100755 index c7c9ea733..000000000 --- a/docker/var/Data.fs.lock +++ /dev/null @@ -1 +0,0 @@ - 7 diff --git a/docker/var/Data.fs.tmp b/docker/var/Data.fs.tmp deleted file mode 100755 index b64576ad0..000000000 Binary files a/docker/var/Data.fs.tmp and /dev/null differ diff --git a/docker/var/Z4.pid b/docker/var/Z4.pid deleted file mode 100755 index 301160a93..000000000 --- a/docker/var/Z4.pid +++ /dev/null @@ -1 +0,0 @@ -8 \ No newline at end of file diff --git a/docker/var/log/Z4.log b/docker/var/log/Z4.log deleted file mode 100755 index e69de29bb..000000000 diff --git a/docker/var/log/event.log b/docker/var/log/event.log deleted file mode 100755 index e69de29bb..000000000 diff --git a/docker/var/log/zeo.log b/docker/var/log/zeo.log deleted file mode 100755 index e69de29bb..000000000 diff --git a/docker/zeo/.gitignore b/docker/zeo/.gitignore new file mode 100755 index 000000000..186857b9e --- /dev/null +++ b/docker/zeo/.gitignore @@ -0,0 +1 @@ +var diff --git a/docker/zeo/etc/zeo.conf b/docker/zeo/etc/zeo.conf new file mode 100755 index 000000000..226e8ae58 --- /dev/null +++ b/docker/zeo/etc/zeo.conf @@ -0,0 +1,20 @@ +%define INSTANCE /home/zope/ + + + address 0.0.0.0:8090 + + + + + path /dev/stdout + format %(asctime)s %(message)s + + + + + path $INSTANCE/var/Data.fs + + + + path $INSTANCE/var/temporary.fs + diff --git a/docker/zope/.gitignore b/docker/zope/.gitignore new file mode 100755 index 000000000..8f23638b6 --- /dev/null +++ b/docker/zope/.gitignore @@ -0,0 +1,2 @@ +var +Extensions diff --git a/docker/zope/etc/zope.conf b/docker/zope/etc/zope.conf new file mode 100755 index 000000000..b86f2a16b --- /dev/null +++ b/docker/zope/etc/zope.conf @@ -0,0 +1,44 @@ +%define INSTANCE /home/zope/ + +instancehome $INSTANCE +# trusted-proxy www.example.com +# trusted-proxy 192.168.1.1 + + + CHAMELEON_CACHE $INSTANCE/cache + + +# debugging helpers +security-policy-implementation python +verbose-security on +debug-mode on +debug-exceptions on + +# DB configuration +%import ZEO + + # Main FileStorage database + + server zeo:8090 + # REFACT add client-name + storage main + name zeostorage Data.fs + # We can enlarge the cache to reduce network roundtrips, not sure this is neccessary + # cache-size 200MB + client-label zms 80 + + mount-point / + + + # Temporary storage database (for sessions) + + server zeo:8090 + storage temporary + name zeostorage temporary + # We can enlarge the cache to reduce network roundtrips, not sure this is neccessary + # cache-size 200MB + client-label zms 80 + + mount-point /temp_folder + container-class Products.TemporaryFolder.TemporaryContainer + diff --git a/docker/etc/zope.ini b/docker/zope/etc/zope.ini similarity index 67% rename from docker/etc/zope.ini rename to docker/zope/etc/zope.ini index 7fdb1f707..1c4048e81 100755 --- a/docker/etc/zope.ini +++ b/docker/zope/etc/zope.ini @@ -6,8 +6,7 @@ zope_conf = %(here)s/zope.conf use = egg:waitress#main # host 127.0.0.1 host = 0.0.0.0 -# port = 8080 -port = %(http_port)s +port = 80 [filter:translogger] use = egg:Paste#translogger @@ -23,7 +22,7 @@ pipeline = keys = root, waitress.queue, waitress, wsgi [handlers] -keys = console, accesslog, eventlog +keys = console [formatters] keys = generic, message @@ -37,22 +36,22 @@ format = %(message)s [logger_root] level = INFO -handlers = console, eventlog +handlers = console [logger_waitress.queue] level = INFO -handlers = eventlog +handlers = console qualname = waitress.queue propagate = 0 [logger_waitress] level = INFO -handlers = eventlog +handlers = console qualname = waitress [logger_wsgi] level = WARN -handlers = accesslog +handlers = console qualname = wsgi propagate = 0 @@ -61,15 +60,3 @@ class = StreamHandler args = (sys.stderr,) level = NOTSET formatter = generic - -[handler_accesslog] -class = FileHandler -args = ('/home/zope/venv/instance/zms5/var/log/Z4.log','a') -level = INFO -formatter = message - -[handler_eventlog] -class = FileHandler -args = ('/home/zope/venv/instance/zms5/var/log/event.log', 'a') -level = INFO -formatter = generic