- Align some configuration scripts with master

GeoNode · Apr 7, 2022 · 0224160 · 0224160
1 parent e9931c3
commit 0224160
Show file tree

Hide file tree

Showing 10 changed files with 1,223 additions and 26 deletions.
diff --git a/.clabot b/.clabot
@@ -1,5 +1,6 @@
 {
   "contributors": [
+    "snyk-bot",
     "dependabot[bot]",
     "dependabot-preview[bot]",
     "ingenieroariel",
@@ -60,6 +61,7 @@
     "jcaceres85",
     "luorlandini",
     "minardimarcello",
+    "mikesname",
     "DavidQuartz"
   ]
 }
diff --git a/.devcontainer/.env b/.devcontainer/.env
@@ -1,6 +1,6 @@
 COMPOSE_PROJECT_NAME=geonode
 DOCKER_HOST_IP=
-DOCKER_ENV=development
+DOCKER_ENV=production
 # See https://github.com/geosolutions-it/geonode-generic/issues/28
 # to see why we force API version to 1.24
 DOCKER_API_VERSION="1.24"
@@ -37,6 +37,7 @@ GEONODE_DB_CONN_MAX_AGE=0
 GEONODE_DB_CONN_TOUT=5
 DEFAULT_BACKEND_DATASTORE=datastore
 BROKER_URL=amqp://guest:guest@rabbitmq:5672/
+CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=True
 
 SITEURL=http://localhost:8000/
@@ -81,8 +82,8 @@ RESOLVER=127.0.0.11
 # #################
 # geoserver
 # #################
-GEOSERVER_WEB_UI_LOCATION=http://localhost/geoserver/
-GEOSERVER_PUBLIC_LOCATION=http://localhost/geoserver/
+GEOSERVER_WEB_UI_LOCATION=http://localhost:8080/geoserver/
+GEOSERVER_PUBLIC_LOCATION=http://localhost:8080/geoserver/
 GEOSERVER_LOCATION=http://geoserver:8080/geoserver/
 GEOSERVER_ADMIN_USER=admin
 GEOSERVER_ADMIN_PASSWORD=geoserver
@@ -102,6 +103,12 @@ GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -XX:+UnlockDiagnosti
 # Security
 # #################
 # Admin Settings
+#
+# ADMIN_PASSWORD is used to overwrite the GeoNode admin password **ONLY** the first time
+# GeoNode is run. If you need to overwrite it again, you need to set the env var FORCE_REINIT,
+# otherwise the invoke updateadmin task will be skipped and the current password already stored
+# in DB will honored.
+
 ADMIN_USERNAME=admin
 ADMIN_PASSWORD=admin
 ADMIN_EMAIL=admin@localhost
@@ -178,7 +185,7 @@ BING_API_KEY=
 GOOGLE_API_KEY=
 
 # Monitoring
-MONITORING_ENABLED=True
+MONITORING_ENABLED=False
 MONITORING_DATA_TTL=365
 USER_ANALYTICS_ENABLED=True
 USER_ANALYTICS_GZIP=True

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -20,12 +20,17 @@
 	"workspaceFolder": "/usr/src/geonode/",
 
 	// Set *default* container specific settings.json values on container create.
-	// "settings": {
-	// 	"terminal.integrated.shell.linux": "/bin/bash",
-	// 	"terminal.integrated.shellArgs.linux": [
-	// 		"-l"
-	// 	]
-	// },
+	"settings": {
+		"terminal.integrated.profiles.linux": {
+			"/bin/bash": {
+				"path": "/bin/bash",
+				"args": [
+					"-l"
+				]
+			}
+		},
+		"terminal.integrated.defaultProfile.linux": "/bin/bash"
+	},
 
 	// Add the IDs of extensions you want installed when the container is created.
 	"extensions": [
@@ -54,5 +59,5 @@
 	// "postCreateCommand": "apt-get update && apt-get install -y curl",
 
 	// Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root.
-	"remoteUser": "root"
+	// "remoteUser": "vscode"
 }
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -15,7 +15,7 @@ services:
     # folder. Note that the path of the Dockerfile and context is relative to the *primary* 
     # docker-compose.yml file (the first in the devcontainer.json "dockerComposeFile"
     # array). The sample below assumes your primary file is in the root of your project.
-    #
+
     # build:
     #   context: .
     #   dockerfile: .devcontainer/Dockerfile
@@ -25,26 +25,29 @@ services:
     healthcheck:
       test: "echo \"I'm alive.\""
 
-
     env_file:
       - .devcontainer/.env
 
     volumes:
       # Update this to wherever you want VS Code to mount the folder of your project
       - '.:/usr/src/geonode'
-
-
       # Uncomment the next line to use Docker from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker-compose for details.
       # - /var/run/docker.sock:/var/run/docker.sock 
 
+    ports:
+      - "8000:8000"
+      - "5678:5678"
+
+    entrypoint: ["/usr/src/geonode/entrypoint.sh"]
+
     # Uncomment the next four lines if you will use a ptrace-based debugger like C++, Go, and Rust.
     # cap_add:
     #   - SYS_PTRACE
     # security_opt:
     #   - seccomp:unconfined
 
     # Overrides default command so things don't shut down after the process ends.
-    command: /bin/sh -c "while sleep 1000; do :; done"
+    command: sleep infinity
 
   celery:
     restart: "no"
@@ -54,17 +57,18 @@ services:
     volumes:
       - '.:/usr/src/geonode'
 
-  # Removes nginx when developing
   geonode:
-    deploy:
-      replicas: 0
+    restart: "no"
+
   # Removes letsencrypt when developing
   letsencrypt:
     deploy:
       replicas: 0
 
   geoserver:
     restart: "no"
+    ports:
+      - "8080:8080"
 
   data-dir-conf:
     restart: "no"

diff --git a/scripts/docker/letsencrypt/Dockerfile b/scripts/docker/letsencrypt/Dockerfile
@@ -1,8 +1,4 @@
-FROM alpine:3.8
-
-# 1-2. Install system dependencies
-RUN apk add --no-cache certbot py-pip && pip install pyopenssl==16.0.0 # Need to downgrade PyOpenSSL to 16.0.0 to avoid conflicts and solve the cryptography error : https://github.com/plesk/letsencrypt-plesk/issues/117
-
+FROM certbot/certbot:v1.21.0
 
 # Installing scripts
 ADD docker-entrypoint.sh /docker-entrypoint.sh
@@ -14,6 +10,7 @@ RUN /usr/bin/crontab /crontab && \
     rm /crontab
 
 # Setup the entrypoint
+WORKDIR /
 ENTRYPOINT ["./docker-entrypoint.sh"]
 
 # We run cron in foreground to update the certificates

diff --git a/scripts/docker/letsencrypt/docker-entrypoint.sh b/scripts/docker/letsencrypt/docker-entrypoint.sh
@@ -17,7 +17,7 @@ set +e
 # We run the command
 if [ "$LETSENCRYPT_MODE" == "staging" ]; then
     printf "\nTrying to get STAGING certificate\n"
-    certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --staging --server https://acme-v02.api.letsencrypt.org/directory
+    certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --staging
 elif [ "$LETSENCRYPT_MODE" == "production" ]; then
     printf "\nTrying to get PRODUCTION certificate\n"
     certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --server https://acme-v02.api.letsencrypt.org/directory

diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.17.2-alpine
+FROM nginx:1.21.4-alpine
 
 RUN apk add --no-cache openssl inotify-tools