From 1ce34af42e8cef54aaf1965fa9118011d1d674da Mon Sep 17 00:00:00 2001
From: Ward Vandewege <ward@clinicalfuture.com>
Date: Mon, 11 Nov 2013 17:33:12 -0500
Subject: [PATCH] Add docker image with workbench server.

---
 docker/config.yml.example           | 12 +++++
 docker/workbench/.gitignore         |  3 ++
 docker/workbench/Dockerfile         | 50 +++++++++++++++++
 docker/workbench/apache2_vhost.in   | 26 +++++++++
 docker/workbench/passenger.conf     |  3 ++
 docker/workbench/production.rb.in   | 83 +++++++++++++++++++++++++++++
 docker/workbench/secret_token.rb.in |  7 +++
 7 files changed, 184 insertions(+)
 create mode 100644 docker/workbench/.gitignore
 create mode 100644 docker/workbench/Dockerfile
 create mode 100644 docker/workbench/apache2_vhost.in
 create mode 100644 docker/workbench/passenger.conf
 create mode 100644 docker/workbench/production.rb.in
 create mode 100644 docker/workbench/secret_token.rb.in

diff --git a/docker/config.yml.example b/docker/config.yml.example
index 6ec76d9d9e..9390c99157 100644
--- a/docker/config.yml.example
+++ b/docker/config.yml.example
@@ -34,3 +34,15 @@ OMNIAUTH_APP_ID: arvados-server
 
 # The URL for this installation's Omniauth server.
 OMNIAUTH_URL: http://auth.clinicalfuture.com
+
+# Workbench settings
+WORKBENCH_RAILS_MODE: production
+WORKBENCH_DATA_IMPORT_DIR: /data/arvados-workbench-upload/data
+WORKBENCH_DATA_EXPORT_DIR: /data/arvados-workbench-download/data
+WORKBENCH_VCF_PIPELINE_UUID:
+WORKBENCH_SITE_NAME: Arvados Workbench
+WORKBENCH_INSECURE_HTTPS: false
+WORKBENCH_ACTIVATION_CONTACT_LINK: mailto:arvados@clinicalfuture.com
+WORKBENCH_ARVADOS_LOGIN_BASE: https://@@API_HOSTNAME@@.arvadosapi.com/login
+WORKBENCH_ARVADOS_V1_BASE: https://@@API_HOSTNAME@@.arvadosapi.com/arvados/v1
+# /Workbench settings
diff --git a/docker/workbench/.gitignore b/docker/workbench/.gitignore
new file mode 100644
index 0000000000..bf969c39ec
--- /dev/null
+++ b/docker/workbench/.gitignore
@@ -0,0 +1,3 @@
+apache2_vhost
+production.rb
+secret_token.rb
diff --git a/docker/workbench/Dockerfile b/docker/workbench/Dockerfile
new file mode 100644
index 0000000000..d46a531393
--- /dev/null
+++ b/docker/workbench/Dockerfile
@@ -0,0 +1,50 @@
+# Arvados API server Docker container.
+
+FROM arvados/base
+MAINTAINER Ward Vandewege <ward@clinicalfuture.com>
+
+# Need to set the mysql passwords before installing mysql-server
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install packages
+# Fix Locale
+# Update Arvados source
+RUN \
+    apt-get update ;\
+    apt-get install -q -y apt-utils git curl procps apache2-mpm-worker locales \
+                          libcurl4-openssl-dev apache2-threaded-dev libapr1-dev libaprutil1-dev ;\
+    curl -L https://get.rvm.io | bash -s stable --ruby=${RUBY_VERSION_NUM} ;\
+    /bin/sed -ri 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen ;\
+    /usr/sbin/locale-gen ;\
+    cd /usr/src/arvados; git pull ;\
+    touch /usr/src/arvados/apps/workbench/log/production.log ;\
+    chmod 666 /usr/src/arvados/apps/workbench/log/production.log ;\
+    touch /usr/src/arvados/apps/workbench/db/production.sqlite3 ;\
+    bundle install --gemfile=/usr/src/arvados/apps/workbench/Gemfile ;\
+    cd /usr/src/arvados/apps/workbench; rake assets:precompile ;\
+    passenger-install-apache2-module --auto ;\
+    a2enmod rewrite
+
+# Configure Apache
+# Install gems needed for workbench
+ADD apache2_vhost /etc/apache2/sites-available/workbench
+RUN \
+  a2dissite default ;\
+  a2ensite workbench 
+
+# Set up the production environment
+ADD secret_token.rb /usr/src/arvados/apps/workbench/config/initializers/secret_token.rb
+ADD production.rb /usr/src/arvados/apps/workbench/config/environments/production.rb
+ADD passenger.conf /etc/apache2/conf.d/passenger
+
+# Finally, start Apache
+ENV APACHE_RUN_USER    www-data
+ENV APACHE_RUN_GROUP   www-data
+ENV APACHE_PID_FILE    /var/run/apache2.pid
+ENV APACHE_RUN_DIR     /var/run/apache2
+ENV APACHE_LOCK_DIR    /var/lock/apache2
+ENV APACHE_LOG_DIR     /var/log/apache2
+ENV LANG               C
+
+CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
+
diff --git a/docker/workbench/apache2_vhost.in b/docker/workbench/apache2_vhost.in
new file mode 100644
index 0000000000..9ea248198e
--- /dev/null
+++ b/docker/workbench/apache2_vhost.in
@@ -0,0 +1,26 @@
+<VirtualHost *:80>
+
+  ServerName workbench.@@API_HOSTNAME@@.arvadosapi.com
+  ServerAdmin sysadmin@clinicalfuture.com
+
+  RailsEnv @@WORKBENCH_RAILS_MODE@@
+  RackBaseURI /
+  RailsAppSpawnerIdleTime 1200
+
+  # Index file and Document Root (where the public files are located)
+  DirectoryIndex index.html
+  DocumentRoot /usr/src/arvados/apps/workbench/public
+
+  LogLevel warn
+  ErrorLog  ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  <Directory /usr/src/arvados/apps/workbench>
+    Options Indexes FollowSymLinks MultiViews IncludesNoExec
+    AllowOverride None
+    Order allow,deny
+    allow from all
+  </Directory>
+
+</VirtualHost>
+
diff --git a/docker/workbench/passenger.conf b/docker/workbench/passenger.conf
new file mode 100644
index 0000000000..bfa5647425
--- /dev/null
+++ b/docker/workbench/passenger.conf
@@ -0,0 +1,3 @@
+LoadModule passenger_module /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.23/buildout/apache2/mod_passenger.so
+PassengerRoot /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.23
+PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-2.0.0-p247/ruby
diff --git a/docker/workbench/production.rb.in b/docker/workbench/production.rb.in
new file mode 100644
index 0000000000..f056dcf578
--- /dev/null
+++ b/docker/workbench/production.rb.in
@@ -0,0 +1,83 @@
+ArvadosWorkbench::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to nil and saved in location specified by config.assets.prefix
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  config.arvados_login_base = '@@WORKBENCH_ARVADOS_LOGIN_BASE@@'
+  config.arvados_v1_base = '@@WORKBENCH_ARVADOS_V1_BASE@@'
+  config.arvados_insecure_https = @@WORKBENCH_INSECURE_HTTPS@@ # true = do not check server certificate
+
+  config.data_import_dir = '@@WORKBENCH_DATA_IMPORT_DIR@@'
+  config.data_export_dir = '@@WORKBENCH_DATA_EXPORT_DIR@@'
+
+  # Authentication stub: hard code pre-approved API tokens.
+  # config.accept_api_token = { rand(2**256).to_s(36) => true }
+  config.accept_api_token = {}
+
+  config.vcf_pipeline_uuid = '@@WORKBENCH_VCF_PIPELINE_UUID@@'
+
+  config.site_name = '@@WORKBENCH_SITE_NAME@@'
+  config.activation_contact_link = '@@WORKBENCH_ACTIVATION_CONTACT_LINK@@'
+end
diff --git a/docker/workbench/secret_token.rb.in b/docker/workbench/secret_token.rb.in
new file mode 100644
index 0000000000..5155b991f2
--- /dev/null
+++ b/docker/workbench/secret_token.rb.in
@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+ArvadosWorkbench::Application.config.secret_token = '@@WORKER_SECRET@@'
-- 
2.30.2