README.md 5.93 KB
Newer Older
Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
1
# Rosetta 🛰️
2
3
4
5
6


_A container-centric Science Platform_


Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
7
Rosetta makes it easy to run graphical interactive workloads on batch and remote computing systems using Docker and Singularity containers.
8

9
10
Rosetta licensed under the Apache License 2.0, unless otherwise specificed.

11
12
13
14
15
16
17

## Quickstart

Requirements:
    
    Bash, Git and Docker. Runs on Linux, Mac or Windows*.

Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
18
*Windows not fully supported in development mode due to lack of support for symbolic links.
19

20
Inizialize
21

22
	$ cp docker-compose-dev.yml docker-compose.yml
23
24
25
26
27
28
29
30
31
32

Build

    $ rosetta/build

Run

	$ rosetta/run


Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
33
Populate demo data
34

Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
35
36
37
38
    $ rosetta/populate
    # You can now point your browser to http://localhost:8080
    # Log in using "testuser@rosetta.platform""and password "testpass"
    # To run Slurm jobs, use partition name "partition1"
39
40
41
42
43

Clean

	# rosetta/clean

44
45
### Configuration

46
Webapp service configuraion parameters and their defaults:
47

48
      - SAFEMODE=false
49
50
51
52
53
54
      - DJANGO_DB_ENGINE="django.db.backends.postgresql_psycopg2"
      - DJANGO_DB_NAME="rosetta"
      - DJANGO_DB_USER="rosetta_master"
      - DJANGO_DB_PASSWORD="949fa84a"
      - DJANGO_DB_HOST="postgres"
      - DJANGO_DB_PORT=5432
55
56
      - DJANGO_DEV_SERVER=true
      - DJANGO_DEBUG=true
57
      - DJANGO_LOG_LEVEL=ERROR
58
      - ROSETTA_LOG_LEVEL=ERROR
59
60
61
      - ROSETTA_HOST=localhost      
      - ROSETTA_TASKS_PROXY_HOST=$ROSETTA_HOST
      - ROSETTA_TASKS_TUNNEL_HOST=$ROSETTA_HOST  
62
      - ROSETTA_WEBAPP_HOST=""
63
      - ROSETTA_WEBAPP_PORT=8080
64
65
      - ROSETTA_REGISTRY_HOST=proxy
      - ROSETTA_REGISTRY_PORT=5000
66
      - DJANGO_EMAIL_SERVICE=Sendgrid
67
      - DJANGO_EMAIL_APIKEY=""
68
      - DJANGO_EMAIL_FROM="Rosetta <notifications@rosetta.local>"
69
      - INVITATION_CODE=""
70
71
72
73
74
      - OIDC_RP_CLIENT_ID=""
      - OIDC_RP_CLIENT_SECRET=""
      - OIDC_OP_AUTHORIZATION_ENDPOINT=""
      - OIDC_OP_TOKEN_ENDPOINT=""
      - OIDC_OP_JWKS_ENDPOINT=""
75
76
77
78
79
80
81
      - DISABLE_LOCAL_AUTH=false

Notes:

 - `ROSETTA_REGISTRY_HOST` should be set to the same value as `ROSETTA_HOST` for production scenarios, in order to be secured unders SSL. The `standaloneworker` is configured to treat the following hosts (and ports) as unsecure registies, where it can connect without a valid certificate: `proxy:5000`,`dregistry:5000` and `rosetta.platform:5000`.
 - `ROSETTA_WEBAPP_HOST` is used for let the agent know where to connect, and it is differentiated from `ROSETTA_HOST` as it can be on an internal Docker network. It is indeed defaulted to the `webapp` container IP address.

82
83
84
85
Proxy service configuraion parameters and their defaults:

      - SAFEMODE=false
      - ROSETTA_HOST=localhost
86
87
88
89
90
91
92
93
94
95
      - ROSETTA_TASKS_PROXY_HOST=$ROSETTA_HOST


### Certificates for the proxy

Certificates can be automatically handled with Letsencrypt. By default, a snakeoil certificate is used. To set up letsencrypt, first of all run inside the proxy (only once in its lifetime):

	$ sudo rm -rf /etc/letsencrypt/live/YOUR_ROSETTA_HOST (or ROSETTA_TASKS_PROXY_HOST)

Then, edit the `/etc/apache2/sites-available/proxy-global.conf` file and change the certificates for the domain that you want to enable with Letsencrypt to use snakeoils (otherwise nex comamnd will fail), then:
96

97
98
99
100
101
102
103
104
105
	$  sudo apache2ctl -k graceful

Now:

    $ sudo certbot certonly --apache --register-unsafely-without-email --agree-tos -d YOUR_ROSETTA_HOST (or ROSETTA_TASKS_PROXY_HOST)
    
...or for the domain that you want to enable with Letsencrypt. This will initialize the certificate in /etc/letsencypt, which is stored on the host in `./data/proxy/letsencrypt`

Finally, re-change the `/etc/apache2/sites-available/proxy-global.conf` file to use the correct certificates for the domain (or just restart the proxy service but wiht clean and then run).
106
107
108

### User types 
In Rosetta there are two user types: standard users and power users. Their type is set in their user profile, and only power users can:
109
110
111
112
113

   - set custom task passwords
   - choose task access methods other than the default one (bypassing HTTP proxy + auth)
   - add containers with interface protocols other than the HTTP
   
114
115


116
117
### Extras

118
List all running services
119

120
    # rosetta/ps
121

122
Check status (not yet fully supported)
123

124
    # rosetta/status
125

126
127
128
129
130
131


### Building errors

It is common for the build process to fail with a "404 not found" error on an apt-get instrucions, as apt repositories often change their IP addresses. In such case, try:

132
133
134
135
136
137
138
139
140
    $ rosetta/build nocache


### Development mode

Django development server is running on port 8080 of the "webapp" service.

To enable live code changes, add or comment out the following in docker-compose.yaml under the "volumes" section of the "webapp" service:

141
    - ./services/webapp/code:/opt/code
142
    
143
This will mount the code from services/webapp/code as a volume inside the webapp container itself allowing to make immediately effective codebase edits.
144

145
Note that when you edit the Django ORM model, you need to make migrations and apply them to migrate the database:
146

147
148
    $ rosetta/makemigrations
    $ rosetta/migrate
149
150


Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
151
    
152
### Testing
153
154

Run Web App unit tests (with Rosetta running)
155
156
    
    $ rosetta/test
157

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

### Logs


Chek out logs for Docker containers (including entrypoints):


    $ rosetta/logs web

    $ rosetta/logs proxy


Chek out logs for supervisord services:

        
    $ rosetta/logs web startup
174
    
175
176
177
178
179
    $ rosetta/logs web server

    $ rosetta/logs proxy apache
    
    $ rosetta/logs proxy certbot
180
181
    
    
182
183
184
185
186
187
188
189
190
    
    
### Computing resources requirements

Ensure that computing resource have:

 - a container engine or wms available (of course);
 - Python installed and callable with the "python" executable or the agent will fail;
 - Bash as default shell for ssh-based computign resources.
191
192

    
Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
193
194
195
## Known issues

    SINGULARITY_TMPDIR=/...
196
    .singularity in user home with limited space
Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
197
198
199
    
    Some Docker versions (e.g. old-ish on Mac) do not let podman work due to fuse permissions
    SSH computing resources require python3 and wget installed, or will raise (empty) errors when submitting tasks. . Check 127 error codes.
Stefano Alberto Russo's avatar
Stefano Alberto Russo committed
200