Skip to content
Commits on Source (2)
......@@ -50,8 +50,9 @@ Webapp service configuraion parameters and their defaults:
- DJANGO_DEBUG=true
- DJANGO_LOG_LEVEL=ERROR
- ROSETTA_LOG_LEVEL=ERROR
- ROSETTA_HOST=localhost
- ROSETTA_TUNNEL_HOST=localhost
- ROSETTA_HOST=localhost
- ROSETTA_TASKS_PROXY_HOST=$ROSETTA_HOST
- ROSETTA_TASKS_TUNNEL_HOST=$ROSETTA_HOST
- ROSETTA_WEBAPP_HOST=""
- ROSETTA_WEBAPP_PORT=8080
- ROSETTA_REGISTRY_HOST=proxy
......@@ -69,10 +70,13 @@ Webapp service configuraion parameters and their defaults:
Notes:
- `ROSETTA_TUNNEL_HOST` must not include http:// or https://
- `ROSETTA_REGISTRY_HOST` should be set to the same value as `ROSETTA_HOST` for production scenarios, in order to be secured unders SSL. The `standaloneworker` is configured to treat the following hosts (and ports) as unsecure registies, where it can connect without a valid certificate: `proxy:5000`,`dregistry:5000` and `rosetta.platform:5000`.
- `ROSETTA_WEBAPP_HOST` is used for let the agent know where to connect, and it is differentiated from `ROSETTA_HOST` as it can be on an internal Docker network. It is indeed defaulted to the `webapp` container IP address.
Proxy service configuraion parameters and their defaults:
- SAFEMODE=false
- ROSETTA_HOST=localhost
### User types
......
......@@ -60,15 +60,14 @@ services:
- ROSETTA_LOG_LEVEL=DEBUG
#- ROSETTA_WEBAPP_HOST=localhost # Internal, for the agent
#- ROSETTA_WEBAPP_PORT=8080 # Internal, for the agent
#- ROSETTA_REGISTRY_HOST=
#- ROSETTA_REGISTRY_HOST=proxy
#- ROSETTA_REGISTRY_PORT=5000
#- DJANGO_EMAIL_APIKEY=""
#- DJANGO_EMAIL_FROM="Rosetta Platform <notifications@rosetta.platform>"
#- DJANGO_SECRET_KEY=""
- TASK_PROXY_HOST=localhost
- TASK_TUNNEL_HOST=localhost
#- ROSETTA_TASKS_PROXY_HOST=
#- ROSETTA_TASKS_TUNNEL_HOST=
- ROSETTA_HOST=localhost
- REGISTRY_HOST=proxy:5000 # Use same value as ROSETTA_HOST for production or to use "real" computing resurces
ports:
- "8080:8080"
- "7000-7020:7000-7020"
......
......@@ -19,10 +19,6 @@ RUN curl -O https://bootstrap.pypa.io/pip/3.6/get-pip.py
# Install Python3 and Pip3 (python3-distutils required for pip3)
RUN apt-get install python3 python3-distutils -y
# Install Python and pip in this order (first Python 3 and then Python 2), or
# you will end ap with python defaulting to python2 and pip defaulting to pip3
# Otherwise, do somethign like "ln -s /usr/local/bin/pip3 /usr/local/bin/pip"
# Install Python3 and Pip3 (ython3-distutils required for pip3)
RUN apt-get install python3 python3-distutils -y
RUN python3 get-pip.py 'pip==21.0.1'
......
......@@ -515,12 +515,16 @@ def get_platform_registry():
platform_registry_conn_string = '{}:{}'.format(platform_registry_host, platform_registry_port)
return platform_registry_conn_string
def get_task_tunnel_host():
tunnel_host = os.environ.get('TASK_TUNNEL_HOST', 'localhost')
def get_rosetta_tasks_tunnel_host():
# Importing here instead of on top avoids circular dependencies problems when loading booleanize in settings
from django.conf import settings
tunnel_host = os.environ.get('ROSETTA_TASKS_TUNNEL_HOST', settings.ROSETTA_HOST)
return tunnel_host
def get_task_proxy_host():
proxy_host = os.environ.get('TASK_PROXY_HOST', 'localhost')
def get_rosetta_tasks_proxy_host():
# Importing here instead of on top avoids circular dependencies problems when loading booleanize in settings
from django.conf import settings
proxy_host = os.environ.get('ROSETTA_TASKS_PROXY_HOST', settings.ROSETTA_HOST)
return proxy_host
def hash_string_to_int(string):
......@@ -622,7 +626,7 @@ def setup_tunnel_and_proxy(task):
# Some info about the various SSL switches: https://serverfault.com/questions/577616/using-https-between-apache-loadbalancer-and-backends
logger.debug('Writing task proxy conf to {}'.format(apache_conf_file))
websocket_protocol = 'wss' if task.container.interface_protocol == 'https' else 'ws'
task_proxy_host = get_task_proxy_host()
rosetta_tasks_proxy_host = get_rosetta_tasks_proxy_host()
apache_conf_content = '''
#---------------------------
# Task interface proxy
......@@ -641,7 +645,7 @@ Listen '''+str(task.tcp_tunnel_port)+'''
<VirtualHost *:'''+str(task.tcp_tunnel_port)+'''>
ServerName '''+task_proxy_host+'''
ServerName '''+rosetta_tasks_proxy_host+'''
ServerAdmin admin@rosetta.platform
SSLEngine on
......
......@@ -13,8 +13,8 @@ from django.contrib.auth.models import User
from django.shortcuts import redirect
from django.db.models import Q
from .models import Profile, LoginToken, Task, TaskStatuses, Container, Computing, KeyPair, Page
from .utils import send_email, format_exception, timezonize, os_shell, booleanize, get_task_tunnel_host
from .utils import get_task_proxy_host, random_username, setup_tunnel_and_proxy, finalize_user_creation
from .utils import send_email, format_exception, timezonize, os_shell, booleanize, get_rosetta_tasks_tunnel_host
from .utils import get_rosetta_tasks_proxy_host, random_username, setup_tunnel_and_proxy, finalize_user_creation
from .utils import sanitize_container_env_vars, get_or_create_container_from_repository
from .decorators import public_view, private_view
from .exceptions import ErrorMessage
......@@ -1183,19 +1183,19 @@ def direct_connection_handler(request, uuid):
setup_tunnel_and_proxy(task)
# Get task and tunnel proxy host
task_proxy_host = get_task_proxy_host()
task_tunnel_host = get_task_tunnel_host()
rosetta_tasks_proxy_host = get_rosetta_tasks_proxy_host()
rosetta_tasks_tunnel_host = get_rosetta_tasks_tunnel_host()
# Redirect to the task through the tunnel
if task.requires_proxy:
if task.requires_proxy_auth and task.auth_token:
user = request.user.email
password = task.auth_token
redirect_string = 'https://{}:{}@{}:{}'.format(user, password, task_proxy_host, task.tcp_tunnel_port)
redirect_string = 'https://{}:{}@{}:{}'.format(user, password, rosetta_tasks_proxy_host, task.tcp_tunnel_port)
else:
redirect_string = 'https://{}:{}'.format(task_proxy_host, task.tcp_tunnel_port)
redirect_string = 'https://{}:{}'.format(rosetta_tasks_proxy_host, task.tcp_tunnel_port)
else:
redirect_string = '{}://{}:{}'.format(task.container.interface_protocol, task_tunnel_host, task.tcp_tunnel_port)
redirect_string = '{}://{}:{}'.format(task.container.interface_protocol, rosetta_tasks_tunnel_host, task.tcp_tunnel_port)
logger.debug('Task direct connect redirect: "{}"'.format(redirect_string))
return redirect(redirect_string)
......@@ -1216,14 +1216,14 @@ def sharable_link_handler(request, short_uuid):
setup_tunnel_and_proxy(task)
# Get task and tunnel proxy host
task_proxy_host = get_task_proxy_host()
task_tunnel_host = get_task_tunnel_host()
rosetta_tasks_proxy_host = get_rosetta_tasks_proxy_host()
rosetta_tasks_tunnel_host = get_rosetta_tasks_tunnel_host()
# Redirect to the task through the tunnel
if task.requires_proxy:
redirect_string = 'https://{}:{}'.format(task_proxy_host, task.tcp_tunnel_port)
redirect_string = 'https://{}:{}'.format(rosetta_tasks_proxy_host, task.tcp_tunnel_port)
else:
redirect_string = '{}://{}:{}'.format(task.container.interface_protocol, task_tunnel_host, task.tcp_tunnel_port)
redirect_string = '{}://{}:{}'.format(task.container.interface_protocol, rosetta_tasks_tunnel_host, task.tcp_tunnel_port)
logger.debug('Task sharable link connect redirect: "{}"'.format(redirect_string))
return redirect(redirect_string)
......