first attempt to dockerize server and job preparation

client/job_preparation/Dockerfile

@@ -0,0 +1,29 @@
+# Using Python original Docker image
+FROM --platform=linux/amd64 python:3.9-alpine
+
+# Install necessary packages
+RUN apk add \
+    curl \
+    build-base \
+    libffi-dev
+
+RUN curl https://sh.rustup.rs -sSf -o rustup.sh ; chmod +x rustup.sh ; ./rustup.sh -y
+ENV PATH="$PATH:/root/.cargo/bin"
+
+# Create code directory, output directory
+RUN mkdir /job_preparation
+
+# Copy useful data from the project
+COPY ./client/job_preparation /job_preparation
+
+# Copy utils for SPIFFEID creation ...
+COPY ./utils /job_preparation/utils
+
+# Install dependencies
+RUN cd /job_preparation && pip install -r ./requirements.txt
+
+# Set workdir
+WORKDIR /job_preparation
+
+# Set entrypoint
+ENTRYPOINT [ "python3", "./prepare_job.py" ]

client/job_preparation/requirements.txt

@@ -0,0 +1,8 @@
+cryptography==42.0.5
+pyOpenSSL==24.0.0
+protobuf==3.20.0
+pyyaml==5.3.1
+pyrage==1.1.2
+paramiko==3.4.0
+scp==0.14.5
+pre-commit

server/Dockerfile

@@ -0,0 +1,31 @@
+# Using Python original Docker image
+FROM --platform=linux/amd64 python:3.9-alpine
+
+RUN apk add \
+    git \
+    build-base \
+    openssl
+
+# Install spire-agent
+RUN wget -q https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz
+RUN tar xvf spire-1.9.0-linux-amd64-musl.tar.gz ; mv spire-1.9.0 /opt ; mv /opt/spire-1.9.0 /opt/spire
+RUN ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent
+
+# Install pyspiffe package
+RUN pip install git+https://github.com/HewlettPackard/py-spiffe.git
+
+# Copy server
+RUN mkdir /server
+COPY ./server /server
+
+# Install dependencies
+RUN cd /server && pip install -r ./requirements.txt
+
+# Copy utils
+COPY ./utils /server/utils
+
+# Set workdir
+WORKDIR /server
+
+# Set entrypoint
+ENTRYPOINT [ "./entrypoint.sh" ]

server/entrypoint.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+## This entrypoint wraps the HPCS server with a spire agent
+#
+
+# export PYTHONPATH="${PYTHONPATH}:/server:/utils"
+
+# Cleanup spire-agent generated files
+end_entrypoint() {
+    echo "Cleaning everything before leaving ..."
+    rm -rf /tmp/data
+    rm -r /tmp/spire-agent
+    kill "$1"
+    exit "$2"
+}
+
+# Reset spire data everytime
+rm -rf /tmp/data
+
+# Spawn spire agent with mounted configuration
+spire-agent run -config /tmp/agent.conf || end_entrypoint 0 1 &
+spire_agent_pid=$!
+
+agent_socket_path=$(cat /tmp/agent.conf | grep "socket_path" | cut -d "=" -f2 | cut -d "\"" -f1)
+
+sleep 10
+until [ -e $agent_socket_path ]
+do
+    echo -e "${RED}[LUMI-SD][Data preparation] Spire workload api socket doesn't exist, waiting 10 seconds ${NC}"
+    sleep 10
+done
+
+python3 ./app.py || end_entrypoint $spire_agent_pid 1
+
+end_entrypoint $spire_agent_pid 0

server/lib/spire_interactions.py

@@ -8,8 +8,10 @@
 pre_command = "microk8s.kubectl exec -n spire spire-server-0 --"
 
 
-jwt_workload_api = default_jwt_source.DefaultJwtSource(
-    spiffe_socket_path="unix:///tmp/spire-agent/public/api.sock"
+jwt_workload_api =  default_jwt_source.DefaultJwtSource(
+    workload_api_client=None,
+    spiffe_socket_path="unix:///tmp/spire-agent/public/api.sock",
+    timeout_in_seconds=None
 )
 
 

server/requirements.txt

@@ -1,7 +1,5 @@
-cryptography==2.8
-dockerfile_parse==2.0.1
-pyOpenSSL==19.0.0
-docker==7.0.0
+cryptography==42.0.5
+pyOpenSSL==24.0.0
 protobuf==3.20.0
 hvac==2.1.0
 quart==0.19.4