Commit 6ed49533 authored by Pablo Panero's avatar Pablo Panero
Browse files

Oauth

parent e362871a
......@@ -10,6 +10,7 @@ RUN yum update -y && \
python-devel \
python-pip \
gcc \
openssl \
npm && \
pip install --upgrade pip setuptools wheel
......@@ -28,6 +29,8 @@ ENV INVENIO_INSTANCE_PATH=/usr/local/var/cernsearch/var/cernsearch-instance
RUN chmod g=u /etc/passwd && \
chmod +x /code/scripts/*.sh && \
sh /code/scripts/create-instance.sh && \
sh /code/scripts/gen-cert.sh && \
mv wsgi.crt wsgi.key ${INVENIO_INSTANCE_PATH} && \
chgrp -R 0 ${INVENIO_INSTANCE_PATH} && \
chmod -R g=u ${INVENIO_INSTANCE_PATH} &&\
adduser --uid 1000 invenio --gid 0 && \
......@@ -37,4 +40,4 @@ USER 1000
EXPOSE 5000
CMD ["/bin/sh", "-c", "/code/scripts/manage-user.sh && invenio run"]
\ No newline at end of file
CMD ["/bin/sh", "-c", "/code/scripts/manage-user.sh && gunicorn -b :5000 --certfile=${INVENIO_INSTANCE_PATH}/ssl.crt --keyfile=${INVENIO_INSTANCE_PATH}/ssl.key cern_search_rest.wsgi"]
\ No newline at end of file
......@@ -7,6 +7,7 @@ mkdir -p ${INVENIO_INSTANCE_PATH}
npm update && npm install --silent -g node-sass@3.8.0 clean-css@3.4.19 uglify-js@2.7.3 requirejs@2.2.0
pip install -r requirements.txt
pip install -e .[all,postgresql,elasticsearch5]
invenio npm
export BACKPATH=$(pwd)
cd ${INVENIO_INSTANCE_PATH}/static
......
#!/usr/bin/env bash
openssl genrsa -des3 -passout pass:x -out wsgi.pass.key 2048
openssl rsa -passin pass:x -in wsgi.pass.key -out wsgi.key
rm wsgi.pass.key
openssl req -new -key wsgi.key -out wsgi.csr \
-subj "/C=CH/ST=Geneve/L=Geneve/O=CERN/OU=IT Department/CN=Search as a Service"
openssl x509 -req -days 365 -in wsgi.csr -signkey wsgi.key -out wsgi.crt
......@@ -46,11 +46,15 @@ objects:
- command:
- /bin/sh
- '-c'
- /code/scripts/manage-user.sh && gunicorn -b :5000 cern_search_rest.wsgi
- /code/scripts/manage-user.sh && gunicorn -b :5000 --certfile=${INVENIO_INSTANCE_PATH}/ssl.crt --keyfile=${INVENIO_INSTANCE_PATH}/ssl.key cern_search_rest.wsgi
envFrom:
- configMapRef:
name: env-configmap
env:
- name: INVENIO_ACCOUNTS_SESSION_REDIS_URL
value: 'redis://$(REDIS_SERVICE_HOST):$(REDIS_SERVICE_PORT)/1'
- name: INVENIO_CACHE_REDIS_URL
value: 'redis://$(REDIS_SERVICE_HOST):$(REDIS_SERVICE_PORT)/0'
- name: INVENIO_SEARCH_ELASTIC_HOSTS
valueFrom:
secretKeyRef:
......@@ -117,7 +121,7 @@ objects:
- name: redis
image: redis
ports:
- containerPort: 5432
- containerPort: 6379
name: tcp
volumeMounts:
- name: data
......@@ -157,10 +161,10 @@ objects:
name: redis
spec:
ports:
- name: 5432-tcp
port: 5432
- name: 6379-tcp
port: 6379
protocol: TCP
targetPort: 5432
targetPort: 6379
selector:
app: redis
deploymentconfig: redis
......@@ -208,9 +212,6 @@ objects:
data:
# Invenio
INVENIO_INSTANCE_PATH: ${APP_INSTANCE_PATH}
# Redis
INVENIO_ACCOUNTS_SESSION_REDIS_URL: 'redis://redis:5432/0'
INVENIO_CACHE_REDIS_URL: 'redis://redis:5432/0'
# App to allow hosts
INVENIO_APP_ALLOWED_HOSTS: ${APP_ALLOWED_HOSTS}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment