configure for aws authentication from docker containers

lifemapper · Oct 18, 2024 · 43b4fb2 · 43b4fb2
1 parent e2100fe
commit 43b4fb2
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 46 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -48,7 +48,7 @@ RUN venv/bin/pip install debugpy
 ENV PYTHONDONTWRITEBYTECODE 1
 # Turns off buffering for easier container logging
 ENV PYTHONUNBUFFERED 1
-COPY --chown=bison:bison ./aws/ec2/aws_config ./.aws/config
+COPY --chown=bison:bison ./config/aws.conf ./.aws/config
 
 CMD tail -f /dev/null
 #CMD venv/bin/python -m ${TASK_APP}

diff --git a/_sphinx_config/pages/aws/ec2_setup.rst b/_sphinx_config/pages/aws/ec2_setup.rst
@@ -84,7 +84,7 @@ SSL certificates
 * For testing/development, use self-signed certificates because Cerbot will not create
   certificates for an AWS EC2 Public IPv4 DNS, or an IP address.
 
-  * Edit the docker-compose.yml file under `nginx` service (which intercepts all web
+  * Edit the compose.yml file under `nginx` service (which intercepts all web
     requests) in `volumes` to bind-mount the directory containing self-signed
     certificates to /etc/letsencrypt::
 
@@ -131,4 +131,4 @@ https://docs.aws.amazon.com/sdkref/latest/guide/feature-assume-role-credentials.
 
 More info:
 
-https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
diff --git a/_sphinx_config/pages/interaction/debug.rst b/_sphinx_config/pages/interaction/debug.rst
@@ -57,11 +57,11 @@ Docker debugging
 Run Docker containers (development)
 -------------------------------------------
 
-Note that the development compose file, docker-compose.development.yml, is referenced
+Note that the development compose file, compose.development.yml, is referenced
 first on the command line.  It has elements that override those defined in the
-general compose file, docker-compose.yml::
+general compose file, compose.yml::
 
-    sudo docker compose -f docker-compose.development.yml -f docker-compose.yml  up
+    sudo docker compose -f compose.development.yml -f compose.yml  up
 
 Flask has hot-reload enabled.
 
@@ -80,7 +80,7 @@ And run this command (which ignores running container)::
 
 Then rebuild/restart::
 
-    sudo docker compose -f docker-compose.development.yml -f docker-compose.yml  up
+    sudo docker compose -f compose.development.yml -f compose.yml  up
 
 Examine container
 -------------------------------------------

diff --git a/_sphinx_config/pages/interaction/deploy.rst b/_sphinx_config/pages/interaction/deploy.rst
@@ -50,7 +50,7 @@ Environment status checks:
         ...
         CMD venv/bin/python -m gunicorn -w 4 --bind 0.0.0.0:5000 ${FLASK_APP}
 
-  docker-compose.yml::
+  compose.yml::
 
       services:
         bison:
@@ -66,7 +66,7 @@ Environment status checks:
         ...
         CMD venv/bin/python -m debugpy --listen 0.0.0.0:${DEBUG_PORT} -m ${FLASK_MANAGE} run --host=0.0.0.0
 
-  docker-compose.development.yml::
+  compose.development.yml::
 
       bison:
         ...
@@ -114,7 +114,7 @@ script run on instantiation.
 
       * TODO: set up an automated task to download this on creation in S3
 
-    * docker-compose.yml bind-mounts this host directory to the /volumes/aws_data
+    * compose.yml bind-mounts this host directory to the /volumes/aws_data
       directory as Read-Only on the backend (bison) container.
     * AWS_INPUT_DATA in the .env.conf file points to this volume
     * AWS_INPUT_PATH in python code references the AWS_INPUT_DATA environment variable
@@ -139,7 +139,7 @@ Run the containers (production)
 
 Start the containers with the Docker composition file::
 
-    sudo docker compose -f docker-compose.yml up -d
+    sudo docker compose -f compose.yml up -d
 
 BISON web services are now available at https://bison.spcoco.org/
 
@@ -150,11 +150,11 @@ the http/https ports and not allow the docker containers to use them.
 Run the containers (development)
 -------------------------------------------
 
-Note that the development compose file, docker-compose.development.yml, is referenced
+Note that the development compose file, compose.development.yml, is referenced
 first on the command line.  It has elements that override those defined in the
-general compose file, docker-compose.yml::
+general compose file, compose.yml::
 
-    sudo docker compose -f docker-compose.development.yml -f docker-compose.yml  up
+    sudo docker compose -f compose.development.yml -f compose.yml  up
 
 BISON web services are now available at https://localhost/ or
 https://bison-dev.spcoco.org/
@@ -179,7 +179,7 @@ Then rebuild/restart::
 
     sudo docker compose up -d
     # or
-    sudo docker compose -f docker-compose.development.yml -f docker-compose.yml  up
+    sudo docker compose -f compose.development.yml -f compose.yml  up
 
 Examine container
 -------------------------------------------

diff --git a/compose.annotate_riis.yml b/compose.annotate_riis.yml
@@ -6,32 +6,15 @@ services:
       context: ./.
       target: task
     environment:
-      - TASK_APP=bison.tools.annotate_riis
+      - TASK_APP=bison.task.annotate_riis
     env_file:
       ./.env.task.conf
     restart: unless-stopped
     volumes:
-      # bind mount
+      # bind mount from host machine
       - "/home/ubuntu/aws_data:/volumes/bison_data"
       # volumes
       - "scratch-path:/scratch-path"
-#      - "static-files:/home/bison/bison/frontend/static"
-
-#  nginx:
-#    image: nginx:alpine
-#    restart: unless-stopped
-#    depends_on:
-#      bison:
-#        condition: service_healthy
-#
-#    ports:
-#      - "80:80"
-#    volumes:
-#      - "static-files:/volumes/static-files:ro"
-#      # bind mounts from host machine
-#      - "./nginx/nginx.task.conf:/etc/nginx/conf.d/default.conf:ro"
-#      - "./bison/frontend/static/:/var/www/:ro"
 
 volumes:
   scratch-path:
-#  static-files:
diff --git a/compose.development.yml b/compose.development.yml
@@ -13,11 +13,5 @@ services:
       - DEBUG_PORT=5001
     volumes:
       - "./flask_app/:/home/bison/flask_app/"
-
-#  front-end:
-#    build:
-#      context: ./.
-#      target: base-front-end
-#    command: ["npm", "run", "watch"]
-#    volumes:
-#      - "./bison/frontend/js_src/lib/:/home/node/lib/"
+      # bind mount from host machine
+      - "/home/ubuntu/aws_data:/volumes/bison_data"
diff --git a/compose.test.yml b/compose.test.yml
@@ -6,12 +6,12 @@ services:
       context: ./.
       target: task
     environment:
-      - TASK_APP=bison.tools.test_task
+      - TASK_APP=bison.task.test_task
     env_file:
       ./.env.task.conf
     restart: unless-stopped
     volumes:
-      # bind mount
+      # bind mount from host machine
       - "/home/ubuntu/aws_data:/volumes/bison_data"
       # volumes
       - "scratch-path:/scratch-path"

diff --git a/compose.yml b/compose.yml
@@ -13,12 +13,12 @@ services:
       ./.env.conf
     restart: unless-stopped
     volumes:
+      # bind mount from host machine
+      - "/home/ubuntu/aws_data:/volumes/bison_data"
       # volumes
       - "scratch-path:/scratch-path"
       - "webpack-output:/volumes/webpack-output"
       - "static-files:/home/bison/bison/frontend/static"
-      # bind mounts from host machine
-      - "./config/aws.conf:/home/bison/.aws/config:ro"
 
   nginx:
     image: nginx:alpine

diff --git a/config/aws.conf b/config/aws.conf
@@ -0,0 +1,5 @@
+[default]
+region = us-east-1
+output = json
+duration_seconds = 43200
+credential_source = Ec2InstanceMetadata