diff --git a/client/job_preparation/Dockerfile b/client/job_preparation/Dockerfile new file mode 100644 index 0000000..a5ee06b --- /dev/null +++ b/client/job_preparation/Dockerfile @@ -0,0 +1,29 @@ +# Using Python original Docker image +FROM --platform=linux/amd64 python:3.9-alpine + +# Install necessary packages +RUN apk add \ + curl \ + build-base \ + libffi-dev + +RUN curl https://sh.rustup.rs -sSf -o rustup.sh ; chmod +x rustup.sh ; ./rustup.sh -y +ENV PATH="$PATH:/root/.cargo/bin" + +# Create code directory, output directory +RUN mkdir /job_preparation + +# Copy useful data from the project +COPY ./client/job_preparation /job_preparation + +# Copy utils for SPIFFEID creation ... +COPY ./utils /job_preparation/utils + +# Install dependencies +RUN cd /job_preparation && pip install -r ./requirements.txt + +# Set workdir +WORKDIR /job_preparation + +# Set entrypoint +ENTRYPOINT [ "python3", "./prepare_job.py" ] \ No newline at end of file diff --git a/client/job_preparation/requirements.txt b/client/job_preparation/requirements.txt new file mode 100644 index 0000000..3e89ab2 --- /dev/null +++ b/client/job_preparation/requirements.txt @@ -0,0 +1,8 @@ +cryptography==42.0.5 +pyOpenSSL==24.0.0 +protobuf==3.20.0 +pyyaml==5.3.1 +pyrage==1.1.2 +paramiko==3.4.0 +scp==0.14.5 +pre-commit diff --git a/server/Dockerfile b/server/Dockerfile new file mode 100644 index 0000000..772803c --- /dev/null +++ b/server/Dockerfile @@ -0,0 +1,31 @@ +# Using Python original Docker image +FROM --platform=linux/amd64 python:3.9-alpine + +RUN apk add \ + git \ + build-base \ + openssl + +# Install spire-agent +RUN wget -q https://github.com/spiffe/spire/releases/download/v1.9.0/spire-1.9.0-linux-amd64-musl.tar.gz +RUN tar xvf spire-1.9.0-linux-amd64-musl.tar.gz ; mv spire-1.9.0 /opt ; mv /opt/spire-1.9.0 /opt/spire +RUN ln -s /opt/spire/bin/spire-agent /usr/bin/spire-agent + +# Install pyspiffe package +RUN pip install git+https://github.com/HewlettPackard/py-spiffe.git + +# Copy server +RUN mkdir /server +COPY ./server /server + +# Install dependencies +RUN cd /server && pip install -r ./requirements.txt + +# Copy utils +COPY ./utils /server/utils + +# Set workdir +WORKDIR /server + +# Set entrypoint +ENTRYPOINT [ "./entrypoint.sh" ] \ No newline at end of file diff --git a/server/entrypoint.sh b/server/entrypoint.sh new file mode 100755 index 0000000..93088da --- /dev/null +++ b/server/entrypoint.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +## This entrypoint wraps the HPCS server with a spire agent +# + +# export PYTHONPATH="${PYTHONPATH}:/server:/utils" + +# Cleanup spire-agent generated files +end_entrypoint() { + echo "Cleaning everything before leaving ..." + rm -rf /tmp/data + rm -r /tmp/spire-agent + kill "$1" + exit "$2" +} + +# Reset spire data everytime +rm -rf /tmp/data + +# Spawn spire agent with mounted configuration +spire-agent run -config /tmp/agent.conf || end_entrypoint 0 1 & +spire_agent_pid=$! + +agent_socket_path=$(cat /tmp/agent.conf | grep "socket_path" | cut -d "=" -f2 | cut -d "\"" -f1) + +sleep 10 +until [ -e $agent_socket_path ] +do + echo -e "${RED}[LUMI-SD][Data preparation] Spire workload api socket doesn't exist, waiting 10 seconds ${NC}" + sleep 10 +done + +python3 ./app.py || end_entrypoint $spire_agent_pid 1 + +end_entrypoint $spire_agent_pid 0 \ No newline at end of file diff --git a/server/lib/spire_interactions.py b/server/lib/spire_interactions.py index e6b6fce..f369ef8 100644 --- a/server/lib/spire_interactions.py +++ b/server/lib/spire_interactions.py @@ -8,8 +8,10 @@ pre_command = "microk8s.kubectl exec -n spire spire-server-0 --" -jwt_workload_api = default_jwt_source.DefaultJwtSource( - spiffe_socket_path="unix:///tmp/spire-agent/public/api.sock" +jwt_workload_api = default_jwt_source.DefaultJwtSource( + workload_api_client=None, + spiffe_socket_path="unix:///tmp/spire-agent/public/api.sock", + timeout_in_seconds=None ) diff --git a/server/requirements.txt b/server/requirements.txt index 13e73f2..de47add 100644 --- a/server/requirements.txt +++ b/server/requirements.txt @@ -1,7 +1,5 @@ -cryptography==2.8 -dockerfile_parse==2.0.1 -pyOpenSSL==19.0.0 -docker==7.0.0 +cryptography==42.0.5 +pyOpenSSL==24.0.0 protobuf==3.20.0 hvac==2.1.0 quart==0.19.4