Commit e45c4baf authored by Stefano Alberto Russo's avatar Stefano Alberto Russo
Browse files

Better handling of unconfigured computing resources. Fixes and improvements.

parent 3424be62

README.md

+23 −13
Original line number Diff line number Diff line
@@ -43,30 +43,40 @@ Clean 


### Configuration



Example Webapp configuraion:

Webapp service configuraion parameters and their defaults:



      - SAFEMODE=False

      - DJANGO_DEV_SERVER=True

      - DJANGO_DEBUG=True

      - SAFEMODE=false

      - DJANGO_DEV_SERVER=true

      - DJANGO_DEBUG=true

      - DJANGO_LOG_LEVEL=ERROR

      - ROSETTA_LOG_LEVEL=ERROR

      - ROSETTA_TUNNEL_HOST=localhost # Not http or https

      - ROSETTA_WEBAPP_HOST= 

      - ROSETTA_HOST=localhost

      - ROSETTA_TUNNEL_HOST=localhost

      - ROSETTA_WEBAPP_HOST=""

      - ROSETTA_WEBAPP_PORT=8080

      - LOCAL_DOCKER_REGISTRY_HOST=

      - LOCAL_DOCKER_REGISTRY_PORT=5000

      - ROSETTA_REGISTRY_HOST=proxy

      - ROSETTA_REGISTRY_PORT=5000

      - DJANGO_EMAIL_SERVICE=Sendgrid

      - DJANGO_EMAIL_APIKEY=

      - DJANGO_EMAIL_APIKEY=""

      - DJANGO_EMAIL_FROM="Rosetta <notifications@rosetta.local>"

      - DJANGO_PUBLIC_HTTP_HOST=http://localhost # Public facing, with http or https

      - INVITATION_CODE=""

      - OIDC_RP_CLIENT_ID=""

      - OIDC_RP_CLIENT_SECRET=""

      - OIDC_OP_AUTHORIZATION_ENDPOINT=""

      - OIDC_OP_TOKEN_ENDPOINT=""

      - OIDC_OP_JWKS_ENDPOINT=""

      - DISABLE_LOCAL_AUTH=False

      - DISABLE_LOCAL_AUTH=false



In Rosetta, only power users can:

Notes:



 - `ROSETTA_TUNNEL_HOST` must not include http:// or https://

 - `ROSETTA_REGISTRY_HOST` should be set to the same value as `ROSETTA_HOST` for production scenarios, in order to be secured unders SSL. The `standaloneworker` is configured to treat the following hosts (and ports) as unsecure registies, where it can connect without a valid certificate: `proxy:5000`,`dregistry:5000` and `rosetta.platform:5000`.

 - `ROSETTA_WEBAPP_HOST` is used for let the agent know where to connect, and it is differentiated from `ROSETTA_HOST` as it can be on an internal Docker network. It is indeed defaulted to the `webapp` container IP address.







### User types 

In Rosetta there are two user types: standard users and power users. Their type is set in their user profile, and only power users can:



   - set custom task passwords

   - choose task access methods other than the default one (bypassing HTTP proxy + auth)

docker-compose-dev.yml

+2 −2
Original line number Diff line number Diff line
@@ -60,8 +60,8 @@ services: 
      - ROSETTA_LOG_LEVEL=DEBUG

      #- ROSETTA_WEBAPP_HOST=localhost # Internal, for the agent

      #- ROSETTA_WEBAPP_PORT=8080      # Internal, for the agent

      #- LOCAL_DOCKER_REGISTRY_HOST=

      #- LOCAL_DOCKER_REGISTRY_PORT=5000

      #- ROSETTA_REGISTRY_HOST=

      #- ROSETTA_REGISTRY_PORT=5000

      #- DJANGO_EMAIL_APIKEY=""

      #- DJANGO_EMAIL_FROM="Rosetta Platform <notifications@rosetta.platform>"

      #- DJANGO_SECRET_KEY=""

services/standaloneworker/registries.conf

+4 −0
Original line number Diff line number Diff line
@@ -85,6 +85,10 @@ short-name-mode="enforcing" 
location = "dregistry:5000"

insecure = true



[[registry]]

location = "proxy:5000"

insecure = true



[[registry]]

location = "rosetta.platform:5000"

insecure = true

services/webapp/code/rosetta/core_app/computing_managers.py

+12 −3
Original line number Diff line number Diff line
@@ -72,6 +72,9 @@ class ComputingManager(object): 
        # Call actual get task log logic

        return self._get_task_log(task, **kwargs)

    

    def is_configured_for(self, user):

        return True





class StandaloneComputingManager(ComputingManager):

    pass
@@ -82,8 +85,14 @@ class ClusterComputingManager(ComputingManager): 




class SSHComputingManager(ComputingManager):

    # SSH-f + keys utils here

    pass

    

    def is_configured_for(self, user):

        try:

            get_ssh_access_mode_credentials(self.computing, user)

        except:

            return False

        else:

            return True
@@ -376,7 +385,7 @@ class SSHStandaloneComputingManager(StandaloneComputingManager, SSHComputingMana 
        stop_command = 'ssh -o LogLevel=ERROR -i {} -4 -o StrictHostKeyChecking=no {}@{} \'/bin/bash -c "{}"\''.format(computing_keys.private_key_file, computing_user, computing_host, internal_stop_command)

        out = os_shell(stop_command, capture=True)

        if out.exit_code != 0:

            if ('No such process' in out.stderr) or ('No such container' in out.stderr):

            if ('No such process' in out.stderr) or ('No such container' in out.stderr) or ('no container' in out.stderr):

                pass

            else:

                raise Exception(out.stderr)

services/webapp/code/rosetta/core_app/templates/components/computing.html

+29 −2
Original line number Diff line number Diff line
@@ -76,14 +76,36 @@ 
      

      {% else %}



      <div style="width:300px; float:left; border: #e0e0e0 solid 1px; margin:10px; background:#f8f8f8; margin-bottom:15px">



      {% load computing_helpers %}

      {% is_computing_configured computing request.user as computing_configured %}



      <!-- Insert an "if false" here to let the computign show up even when creating the task but to not allow to be chosen (greyed out button) -->

      {% if container and not computing_configured %}

      {% else%}



      <div style="width:300px; float:left; border: #e0e0e0 solid 1px; margin:10px; background:#f8f8f8; margin-bottom:15px;">

        <!-- <div style="background:{{computing.color}}; height:24px"></div> -->



        <div style="padding:10px; margin-top:5px; text-align:center; border-bottom: #e0e0e0 solid 1px; ">

        <a href="/computing/?uuid={{ computing.uuid }}&details=True">{{ computing.name }}</a>

        </div>





        {% if not computing_configured %}

        <div style="width:298px; float:left; margin:0; margin-bottom:5px; padding:2px; background: gary; color:black; text-align:center; border-bottom: #e0e0e0 solid 1px;">

        <i class="fa fa-info-circle"></i> Not configured <!-- style="color:#337ab7" -->

        </div>      

        {% endif %}



        



        {% if not computing_configured %}

        <!--  <div style="padding:10px; -webkit-filter: blur(5px); -moz-filter: blur(5px); -o-filter: blur(5px); -ms-filter: blur(5px); filter: blur(5px);"> -->

        <div style="padding:10px;">

        {% else %}

        <div style="padding:10px;">

        {% endif %}



        {% if computing.description %} 

        <div class="description-box" title="{{ computing.description }}">
@@ -116,6 +138,7 @@ 
        {% if 'singularity' in computing.container_engines %}<img src="/static/img/singularity-logo.svg" style="height:18px; width:18px; margin-bottom:2px" />{% endif %}-->

        {% if container %}

        <div style="margin:0px; margin-top:2px; text-align:center; padding:5px">

        {% if computing_configured %}

        <form action="/new_task/" method="POST">

        {% csrf_token %}

        <input type="hidden" name="step" value="{{ data.next_step }}" />
@@ -124,12 +147,16 @@ 
        <input type="hidden" name="task_computing_uuid" value="{{computing.uuid}}">

        <input type="submit" value="Choose" class="btn btn-connect">

        </form>

        {% else %}

        <input type="submit" value="Choose" class="btn btn-connect" disabled>

        {% endif %}

        </div>

        {% endif %}

        

        </div>  



      </div>

      {% endif %}