-
Notifications
You must be signed in to change notification settings - Fork 1
/
Makefile
110 lines (78 loc) · 2.88 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
# Modified by Brian Aydemir <[email protected]>.
include .env
.PHONY: all build clean config docker local secrets
all local: build
build: config docker secrets
# Build services and the images that they depend on.
docker compose build
clean:
# Stop and remove containers.
-docker compose down
# Remove Docker networks and volumes created by this Makefile.
# Retain user data volumes.
# Retain user configuration and secrets.
-docker image rm $(HTCONDOR_IMAGE) $(JUPYTERHUB_IMAGE) $(SCITOKENS_IMAGE) $(SINGLEUSER_IMAGE)
-docker network rm $(DOCKER_NETWORK_NAME)
-docker volume rm $(DB_VOLUME_NAME) $(HUB_VOLUME_NAME) $(TOKEN_ISSUER_VOLUME_NAME)
#---------------------------------------------------------------------------
config: secrets
cp templates/jupyterhub_svc_config.yaml secrets/
sed -e s/\{INTERNAL_HOSTNAME\}/${MY}.token-issuer.localdomain:8443/g \
< config/token-issuer/server-config.xml.tmpl \
> secrets/server-config.xml.tmpl
[ -e secrets/user-config.json ] || cp templates/user-config.json secrets/
docker: secrets
# Create Docker volumes for persisting data between runs.
docker volume create $(DB_VOLUME_NAME)
docker volume create $(HUB_VOLUME_NAME)
docker volume create $(TOKEN_ISSUER_VOLUME_NAME)
# Create a Docker network for isolating the containers.
docker network inspect $(DOCKER_NETWORK_NAME) >/dev/null 2>&1 \
|| docker network create $(DOCKER_NETWORK_NAME)
# Build images that are not in the Docker Compose setup.
docker build -f Dockerfile.singleuser -t $(SINGLEUSER_IMAGE) \
--build-arg SINGLEUSER_BASE_IMAGE=$(SINGLEUSER_BASE_IMAGE) \
.
secrets:
mkdir -p secrets/
chmod u=rwx,go= secrets/
make \
secrets/oauth.env \
secrets/postgres.env \
secrets/tls.crt \
secrets/token-issuer.jwks
secrets/oauth.env:
@echo
@echo ERROR: No such file: $@
@echo
@echo Create this file based on templates/oauth.env.
@echo
@exit 1
secrets/postgres.env:
# Create a password for the Postgres database's `postgres` user.
@echo "POSTGRES_PASSWORD=$(shell openssl rand -hex 32)" > $@
secrets/tls.crt:
# Create a single self-signed certificate for all of the hosts
# in the Docker Compose setup. It is somewhat simpler to accept
# or trust one such certificate rather than many.
openssl req -x509 \
-subj "/CN=localhost" \
-newkey rsa:4096 \
-out secrets/tls.crt \
-keyout secrets/tls.key \
-days 365 \
-nodes \
-sha256 \
-extensions san \
-config config/certificates/tls.req
secrets/token-issuer.jwks:
# Use the SciTokens library to generate the signing key for the
# lightweight token issuer.
docker build -f Dockerfile.scitokens -t $(SCITOKENS_IMAGE) .
docker run --rm $(SCITOKENS_IMAGE) \
python3 -m scitokens.tools.admin_create_key \
--create-keys \
--jwks-private \
> secrets/token-issuer.jwks