Merge pull request #1 from svobtom/demo-for-egi

Terms and policy adapted

helm-chart/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: scipion-portal
+version: 0.0.0
+appVersion: "0.0.0"
+description: A Helm chart to deploy Scipion portal for managing the Scipion instances
+icon: file://logo.png
+keywords:
+- scipion-portal
+- scipion
+- onedata
+type: application

helm-chart/questions.yaml

@@ -0,0 +1,34 @@
+labels:
+  io.rancher.certified: CERIT-SC
+
+rancher_min_version: 2.3.0
+
+categories:
+- Scipion
+
+questions:
+- variable: instance.mincpu
+  default: 2
+  description: "Minimum guaranteed CPUs"
+  type: string
+  label: Min CPU
+  group: "Resources"
+- variable: instance.maxcpu
+  default: 4
+  description: "Maximum allowed CPUs"
+  type: string
+  label: Max CPU
+  group: "Resources"
+- variable: instance.minram
+  default: "1024Mi"
+  description: "Minimum guaranteed RAM"
+  type: string
+  label: Min RAM
+  group: "Resources"
+- variable: instance.maxram
+  default: "1024Mi"
+  description: "Maximum allowed RAM"
+  type: string
+  label: Max RAM
+  group: "Resources"
+

helm-chart/templates/cluster-ip-db.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: scipion-portal-svc-db
+spec:
+  type: ClusterIP
+  ports:
+  - name: scipion-portal-port-db
+    port: 3306
+    targetPort: 3306
+  selector:
+    app: scipion-portal-db

kubernetes/cluster-ip-http.yaml → helm-chart/templates/cluster-ip-scipo.yaml

@@ -1,13 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: scipion-portal-svc
+  name: scipion-portal-svc-scipo
 spec:
   type: ClusterIP
   ports:
-  - name: scipion-portal-port
+  - name: scipion-portal-port-scipo
     port: 80
     targetPort: 8080
   selector:
-    app: scipion-portal
-
+    app: scipion-portal-scipo

kubernetes/deployment.yaml → helm-chart/templates/deployment-db.yaml

@@ -1,47 +1,39 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: scipion-portal
+  name: scipion-portal-db
 spec:
   selector:
     matchLabels:
-      app: scipion-portal
+      app: scipion-portal-db
   replicas: 1
   template:
     metadata:
       labels:
-        app: scipion-portal
+        app: scipion-portal-db
     spec:
       containers:
-      - name: scipion-portal
-        image: hub.cerit.io/scipion-portal/portal:latest
+      - name: db
+        image: mariadb:10.10
         imagePullPolicy: Always
         securityContext:
           privileged: false
           runAsUser: 1000
           runAsGroup: 1000
         ports:
-        - containerPort: 8080
-        env:
-
-        - name: SECRET_KEY
-          valueFrom:
-            secretKeyRef:
-              name: scipion-portal-secret
-              key: secret_key
-
-        - name: OIDC_RP_CLIENT_ID
-          valueFrom:
-            secretKeyRef:
-              name: scipion-portal-secret
-              key: oidc_rp_client_id
-
-        - name: OIDC_RP_CLIENT_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: scipion-portal-secret
-              key: oidc_rp_client_secret
+        - containerPort: 3306
+        volumeMounts:
+        - name: vol-db
+          mountPath: "/var/lib/mysql"
+        resources:
+          limits:
+            cpu: {{ .Values.instance.maxcpu }}
+            memory: {{ .Values.instance.maxram }}
+          requests:
+            cpu: {{ .Values.instance.mincpu }}
+            memory: {{ .Values.instance.minram }}
 
+        env:
         - name: MYSQL_USER
           valueFrom:
             secretKeyRef:
@@ -54,3 +46,13 @@ spec:
               name: scipion-portal-secret
               key: mysql_password
 
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: scipion-portal-secret
+              key: mysql_root_password
+
+      volumes:
+      - name: vol-db
+        persistentVolumeClaim:
+          claimName: pvc-scipion-portal-db

helm-chart/templates/deployment-scipo.yaml

@@ -0,0 +1,90 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scipion-portal-scipo
+spec:
+  selector:
+    matchLabels:
+      app: scipion-portal-scipo
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: scipion-portal-scipo
+    spec:
+
+      initContainers:
+
+      - name: init-db-wait
+        image: busybox
+        imagePullPolicy: Always
+        securityContext:
+          privileged: false
+          runAsUser: 1000
+          runAsGroup: 1000
+        command: ['sh', '-c', 'echo -e "Checking for the availability of MySQL Server deployment"; while ! nc -z scipion-portal-svc-db 3306; do sleep 1; printf "-"; done; echo -e "  >> MySQL DB Server has started";']
+
+      - name: init-db-init
+        image: mysql
+        imagePullPolicy: Always
+        securityContext:
+          privileged: false
+          runAsUser: 1000
+          runAsGroup: 1000
+        command: ['sh', '-c', 'mysql --host="scipion-portal-svc-db" --user root --password="$MYSQL_ROOT_PASSWORD" --execute="CREATE DATABASE IF NOT EXISTS scipo; GRANT ALL ON scipo.* TO dbuser@;"']
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: scipion-portal-secret
+              key: mysql_root_password
+
+      containers:
+
+      - name: scipo
+        image: hub.cerit.io/scipion-portal/portal:dev
+        imagePullPolicy: Always
+        securityContext:
+          privileged: false
+          runAsUser: 1000
+          runAsGroup: 1000
+        ports:
+        - containerPort: 8080
+        resources:
+          limits:
+            cpu: {{ .Values.instance.maxcpu }}
+            memory: {{ .Values.instance.maxram }}
+          requests:
+            cpu: {{ .Values.instance.mincpu }}
+            memory: {{ .Values.instance.minram }}
+
+        env:
+        - name: SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: scipion-portal-secret
+              key: secret_key
+
+        - name: OIDC_RP_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: scipion-portal-secret
+              key: oidc_rp_client_id
+
+        - name: OIDC_RP_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: scipion-portal-secret
+              key: oidc_rp_client_secret
+
+        - name: MYSQL_USER
+          valueFrom:
+            secretKeyRef:
+              name: scipion-portal-secret
+              key: mysql_user
+
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: scipion-portal-secret
+              key: mysql_password

kubernetes/ingress.yaml → helm-chart/templates/ingress.yaml

@@ -17,7 +17,7 @@ spec:
       paths:
       - backend:
           service:
-            name: scipion-portal-svc
+            name: scipion-portal-svc-scipo
             port:
               number: 80
         pathType: ImplementationSpecific

helm-chart/templates/pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-scipion-portal-db
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: nfs-csi

helm-chart/templates/secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: scipion-portal-secret
+type: Opaque
+data:
+# the secrets must be in base64 form without '\n' char
+  secret_key: null
+  oidc_rp_client_id: null
+  oidc_rp_client_secret: null
+  mysql_user: null
+  mysql_password: null
+  mysql_root_password: null

helm-chart/values.yaml

@@ -0,0 +1,6 @@
+
+instance:
+  mincpu: 2
+  maxcpu: 4
+  minram: 1024Mi
+  maxram: 1024Mi

scipo/init.sh

@@ -1,7 +1,12 @@
 #!/bin/bash
+set -xe
 
 cd /srv/scipo
 python3 manage.py collectstatic
 
+# init required data in the database
+python3 manage.py migrate sessions
+python3 manage.py migrate auth
+
 #python3 manage.py runserver_plus --cert-file /mnt/cert/fullchain.pem --key-file /mnt/cert/privkey.pem 0.0.0.0:443
-python3 manage.py runserver 0.0.0.0:80
+python3 manage.py runserver 0.0.0.0:8080

scipo/scipo/settings.py

@@ -85,7 +85,7 @@
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.mysql',
-        'HOST': 'db',
+        'HOST': 'scipion-portal-svc-db',
         'NAME': 'scipo',
         'USER': os.environ['MYSQL_USER'],
         'PASSWORD': os.environ['MYSQL_PASSWORD'],
@@ -104,7 +104,9 @@
 OIDC_OP_TOKEN_ENDPOINT = "https://aai-demo.egi.eu/auth/realms/egi/protocol/openid-connect/token"
 OIDC_OP_USER_ENDPOINT = "https://aai-demo.egi.eu/auth/realms/egi/protocol/openid-connect/userinfo"
 LOGIN_REDIRECT_URL = "https://scipion.cerit-sc.cz/oidc/callback"
+#LOGIN_REDIRECT_URL = "https://keras.ics.muni.cz/oidc/callback"
 LOGOUT_REDIRECT_URL = "https://scipion.cerit-sc.cz/oidc/callback"
+#LOGOUT_REDIRECT_URL = "https://keras.ics.muni.cz/oidc/callback"
 OIDC_STORE_ID_TOKEN = True
 OIDC_STORE_ACCESS_TOKEN = True
 

scipo/scipo/urls.py

@@ -20,6 +20,11 @@
 
 urlpatterns = [
     path('', views.index, name='index'),
+    path('instance-list/', views.instance_list, name='instance-list'),
+    path('dataset-list/', views.dataset_list, name='dataset-list'),
+
+    path('privacy-policy/', views.privacy_policy, name='privacy-policy'),
+    path('terms-of-use/', views.terms_of_use, name='terms-of-use'),
 
     path('admin/', admin.site.urls),
     path('oidc/', include('mozilla_django_oidc.urls')),

scipo/web/static/assets/css/custom.css

@@ -0,0 +1,24 @@
+
+.custom-user-img-gray {
+    font-size: 2.1rem;
+    color: #c2c7d0
+}
+
+.custom-user-img-green {
+    font-size: 2.1rem;
+    color: #72B958
+}
+
+.info-section-box {
+    display: flex;
+}
+
+.info-section-i {
+    font-size: 1.2rem;
+    margin-right: 1rem;
+    color: #343a40;
+}
+
+.user-panel .info {
+    color: #c2c7d0;
+}