-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yaml
200 lines (149 loc) · 4.57 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
---
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
# Modified by Brian Aydemir <[email protected]>.
version: "3.0"
services:
hub:
depends_on:
- hub-db
build:
context: .
dockerfile: Dockerfile.jupyterhub
args:
JUPYTERHUB_VERSION: ${JUPYTERHUB_VERSION}
image: ${JUPYTERHUB_IMAGE}
restart: always
command: jupyterhub -f /srv/jupyterhub/config.py
env_file:
- secrets/oauth.env
- secrets/postgres.env
environment:
PREFIX: ${MY}
DOCKER_NETWORK_NAME: ${DOCKER_NETWORK_NAME}
HUB_VOLUME_PATH: ${HUB_VOLUME_PATH}
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_HOST: ${MY}.hub-db
SINGLEUSER_IMAGE: ${SINGLEUSER_IMAGE}
SINGLEUSER_CMD: ${SINGLEUSER_CMD}
SINGLEUSER_VOLUME_PATH: ${SINGLEUSER_VOLUME_PATH}
SCITOKENS_SERVICE_PORT: ${SCITOKENS_SERVICE_PORT}
networks:
sciauth-env:
aliases:
- ${MY}.jupyterhub
ports:
- "${JUPYTERHUB_EXTERNAL_PORT}:443"
secrets:
- source: scitokens-service-config
target: /etc/scitokens/jupyterhub_service.yaml
volumes:
- hub:${HUB_VOLUME_PATH}
- /var/run/docker.sock:/var/run/docker.sock:rw
hub-db:
image: postgres:14.2
restart: always
env_file:
- secrets/postgres.env
environment:
PGDATA: ${DB_VOLUME_PATH}
POSTGRES_DB: ${POSTGRES_DB}
networks:
sciauth-env:
aliases:
- ${MY}.hub-db
volumes:
- db:${DB_VOLUME_PATH}
token-issuer:
image: hub.opensciencegrid.org/sciauth/lightweight-issuer:v1.0.2
restart: always
env_file:
- secrets/oauth.env
environment:
# When a user requests a token, they will be interacting with the
# token issuer from outside of the Docker network for this Compose
# setup. The hostname set below is what will be embedded into the
# URLs they see for for requesting a token, etc.
HOSTNAME: ${TOKEN_ISSUER_EXTERNAL_HOSTNAME}
networks:
sciauth-env:
aliases:
- ${MY}.token-issuer.localdomain
ports:
- "${TOKEN_ISSUER_EXTERNAL_PORT}:8443"
secrets:
- source: token-issuer-client
target: ${TOKEN_ISSUER_VOLUME_PATH}/clients/dataPath/88df33a9eaba1514233748b188da33d584f38e24
- source: token-issuer-client-approval
target: ${TOKEN_ISSUER_VOLUME_PATH}/clientApprovals/dataPath/88df33a9eaba1514233748b188da33d584f38e24
- source: token-issuer-keys
target: /opt/scitokens-server/etc/keys.jwk
- source: tls-crt
target: /opt/tomcat/conf/hostcert.pem
- source: tls-key
target: /opt/tomcat/conf/hostkey.pem
- source: token-issuer-proxy-config-template
target: /opt/scitokens-server/etc/proxy-config.xml.tmpl
- source: token-issuer-server-config-template
target: /opt/scitokens-server/etc/server-config.xml.tmpl
- source: token-issuer-user-config
target: /opt/scitokens-server/var/qdl/user-config.txt
volumes:
- token-issuer:${TOKEN_ISSUER_VOLUME_PATH}
htcondor:
build:
context: .
dockerfile: Dockerfile.htcondor
image: ${HTCONDOR_IMAGE}
restart: always
environment:
PREFIX: ${MY}
expose:
- 9618
hostname: ${MY}.htcondor.localdomain
networks:
sciauth-env:
aliases:
- ${MY}.htcondor.localdomain
secrets:
- source: tls-crt
target: /certs/tls.crt
- source: tls-key
target: /certs/tls.key
secrets:
# These "secrets" are used to inject files into the containers.
scitokens-service-config:
file: secrets/jupyterhub_svc_config.yaml
token-issuer-keys:
file: secrets/token-issuer.jwks
token-issuer-proxy-config-template:
file: config/token-issuer/proxy-config.xml.tmpl
token-issuer-server-config-template:
file: secrets/server-config.xml.tmpl
token-issuer-user-config:
file: secrets/user-config.json
token-issuer-client:
file: config/token-issuer/clients/dataPath/88df33a9eaba1514233748b188da33d584f38e24
token-issuer-client-approval:
file: config/token-issuer/clientApprovals/dataPath/88df33a9eaba1514233748b188da33d584f38e24
# Shared TLS certificate and key.
tls-crt:
file: secrets/tls.crt
tls-key:
file: secrets/tls.key
networks:
# These networks are created via `make build`.
sciauth-env:
name: ${DOCKER_NETWORK_NAME}
external: true
volumes:
# These volumes are created via `make build`.
hub:
name: ${HUB_VOLUME_NAME}
external: true
db:
name: ${DB_VOLUME_NAME}
external: true
token-issuer:
name: ${TOKEN_ISSUER_VOLUME_NAME}
external: true