build ood components from source code for aarch64

Author: johrstrom

ondemand/entrypoint.sh

@@ -23,6 +23,9 @@ then
     echo "---> Starting sshd on ondemand..."
     /usr/sbin/sshd -e
 
+    echo "---> Running update ood portal..."
+    /opt/ood/ood-portal-generator/sbin/update_ood_portal
+
     echo "---> Starting ondemand-dex..."
     gosu ondemand-dex /usr/sbin/ondemand-dex serve /etc/ood/dex/config.yaml &
 

ondemand/install.sh

@@ -7,6 +7,183 @@ log_info() {
   printf "\n\e[0;35m $1\e[0m\n\n"
 }
 
+build_passenger() {
+
+  PASS_VERSION='6.0.7'
+  NGINX_VERSION='1.18.0'
+
+  wget -O $BUILD_DIR/passenger.tar.gz https://github.com/phusion/passenger/releases/download/release-$PASS_VERSION/passenger-$PASS_VERSION.tar.gz
+  cd $BUILD_DIR
+  tar xf passenger.tar.gz
+  wget -O $BUILD_DIR/nginx.tar.gz http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz
+  cd "$BUILD_DIR/passenger-$PASS_VERSION"
+  tar xf $BUILD_DIR/nginx.tar.gz
+
+  PREFIX=/opt/ood/ondemand/root
+  NGINX_DATADIR=$PREFIX/usr/share/nginx
+  NGINX_CONFDIR=$PREFIX/etc/nginx
+  NGINX_HOME=/var/lib/ondemand-nginx
+  NGINX_HOME_TMP=$NGINX_HOME/tmp
+  NGINX_LOGDIR=/var/log/ondemand-nginx
+  BASE_CCOPTS='-g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
+  NGINX_CCOPTS="-O2 $BASE_CCOPTS"
+  PASSENGER_CCOPTS="$BASE_CCOPTS -Wno-deprecated"
+  LDOPTS="-Wl,-z,relro -Wl,-E"
+  RUBY_LIBDIR=$PREFIX/usr/share/ruby/vendor_ruby
+
+  rake nginx OPTIMIZE=yes CACHING=false
+  cd "$BUILD_DIR/passenger-$PASS_VERSION/nginx-$NGINX_VERSION"
+  ./configure \
+	  --prefix=$NGINX_DATADIR \
+	  --sbin-path=$PREFIX/usr/sbin/nginx \
+    --conf-path=$NGINX_CONFDIR/nginx.conf \
+    --error-log-path=$NGINX_LOGDIR/error.log \
+    --http-log-path=$NGINX_LOGDIR/access.log \
+    --http-client-body-temp-path=$NGINX_HOME_TMP/client_body \
+    --http-proxy-temp-path=$NGINX_HOME_TMP/proxy \
+    --http-fastcgi-temp-path=$NGINX_HOME_TMP/fastcgi \
+    --http-uwsgi-temp-path=$NGINX_HOME_TMP/uwsgi \
+    --http-scgi-temp-path=$NGINX_HOME_TMP/scgi \
+    --pid-path=/run/ondemand-nginx.pid \
+    --lock-path=/run/lock/subsys/ondemand-nginx \
+    --user=ondemand-nginx \
+    --group=ondemand-nginx \
+    --with-file-aio \
+    --with-http_ssl_module \
+    --with-http_v2_module \
+    --with-http_realip_module \
+    --with-http_addition_module \
+    --with-http_xslt_module \
+    --with-http_image_filter_module \
+    --with-http_sub_module \
+    --with-http_dav_module \
+    --with-http_flv_module \
+    --with-http_mp4_module \
+    --with-http_gunzip_module \
+    --with-http_gzip_static_module \
+    --with-http_random_index_module \
+    --with-http_secure_link_module \
+    --with-http_degradation_module \
+    --with-http_stub_status_module \
+    --with-mail \
+    --with-mail_ssl_module \
+    --with-pcre \
+    --with-pcre-jit \
+    --add-module=../src/nginx_module \
+    --with-cc-opt="$NGINX_CCOPTS" \
+    --with-ld-opt="$LDOPTS" \
+    --with-debug
+
+  make -j$(nproc) && make install INSTALLDIRS=vendor
+  mkdir -p  $NGINX_DATADIR/html
+  mkdir -p  $NGINX_CONFDIR
+  mkdir -p  $NGINX_HOME
+  mkdir -p  $NGINX_HOME_TMP
+  mkdir -p  $NGINX_LOGDIR
+
+  set -x
+  cd "$BUILD_DIR/passenger-$PASS_VERSION"
+  which ruby
+	rake fakeroot \
+	    NATIVE_PACKAGING_METHOD=rpm \
+	    FS_PREFIX=$PREFIX \
+	    FS_BINDIR=$PREFIX/bin \
+	    FS_SBINDIR=$PREFIX/sbin \
+	    FS_DATADIR=$PREFIX/usr/share \
+	    FS_LIBDIR=$PREFIX/lib64 \
+	    FS_DOCDIR=$PREFIX/usr/share/doc \
+	    RUBY=$(which ruby) \
+	    RUBYLIBDIR=$RUBY_LIBDIR \
+	    RUBYARCHDIR=$RUBY_LIBDIR \
+	    APACHE2_MODULE_PATH=$PREFIX/usr/lib/apache2/modules/mod_passenger.so \
+			OPTIMIZE=yes \
+			CACHING=false \
+			EXTRA_CFLAGS="$PASSENGER_CCOPTS" \
+			EXTRA_CXXFLAGS="$PASSENGER_CCOPTS"
+
+  cp -a $BUILD_DIR/passenger-$PASS_VERSION/pkg/fakeroot/* /
+  cd $BUILD_DIR/passenger-$PASS_VERSION
+  ./dev/install_scripts_bootstrap_code.rb --ruby $RUBY_LIBDIR \
+	  $PREFIX/bin/passenger* \
+	  $PREFIX/sbin/passenger* \
+	  `find $PREFIX -name rack_handler.rb`
+
+  ./dev/install_scripts_bootstrap_code.rb --nginx-module-config $PREFIX/bin $PREFIX/usr/share/passenger/ngx_http_passenger_module/config
+  chmod +x $PREFIX/usr/share/passenger/helper-scripts/wsgi-loader.py
+}
+
+install_os_deps() {
+  dnf -y update && \
+    dnf install -y dnf-utils epel-release && \
+    dnf config-manager --set-enabled powertools && \
+    dnf -y module enable nodejs:12 ruby:2.7 && \
+    dnf install -y \
+        file lsof sudo gcc gcc-c++ git \
+        patch lua-posix rsync ruby ruby-devel python2 python3 \
+        nodejs sqlite sqlite-devel nmap-ncat httpd httpd-devel mod_ssl \
+        libcurl-devel autoconf openssl-devel jansson-devel libxml2-devel \
+        libxslt-devel gd-devel
+  gem install rake dotenv
+}
+
+build_ood_src() {
+  cd $BUILD_DIR
+
+  git clone https://github.com/cisco/cjose
+  cd cjose
+  git checkout 0.6.1
+  ./configure
+  make && make install
+
+  # so mod_auth_openidc can find cjose
+  export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
+
+  cd $BUILD_DIR
+  git clone https://github.com/zmartzone/mod_auth_openidc.git
+  cd mod_auth_openidc
+  git checkout v2.4.9.4
+  sh autogen.sh
+  ./configure
+  make && make install
+
+  cd $BUILD_DIR
+  git clone https://github.com/OSC/ondemand.git
+  cd ondemand
+  bundle config --local path ~/vendor/bundle
+  bundle install
+  rake build -mj$(nproc)
+
+  mkdir -p /opt/ood
+  mkdir -p /var/www/ood/{apps,public,discover}
+  mkdir -p /var/www/ood/apps/{sys,dev,usr}
+  mkdir -p /etc/ood/config
+
+  mv mod_ood_proxy /opt/ood/
+  mv nginx_stage /opt/ood/
+  mv ood-portal-generator /opt/ood/
+  mv ood_auth_map /opt/ood/
+  mv apps/* /var/www/ood/apps/sys/
+
+  mkdir -p /var/lib/ondemand-nginx/config/apps/sys/
+  touch /var/lib/ondemand-nginx/config/apps/sys/dashboard.conf
+  touch /var/lib/ondemand-nginx/config/apps/sys/shell.conf
+  touch /var/lib/ondemand-nginx/config/apps/sys/myjobs.conf
+  /opt/ood/nginx_stage/sbin/update_nginx_stage
+
+  tee /etc/httpd/conf.d/enabled_mods.conf <<EOF
+LoadModule auth_openidc_module modules/mod_auth_openidc.so
+LoadModule ssl_module modules/mod_ssl.so
+EOF
+
+  tee /etc/sudoers.d/ood <<EOF
+Defaults:apache !requiretty, !authenticate
+Defaults:apache env_keep += "NGINX_STAGE_* OOD_*"
+apache ALL=(ALL) NOPASSWD: /opt/ood/nginx_stage/sbin/nginx_stage
+Cmnd_Alias KUBECTL = /usr/local/bin/kubectl, /usr/bin/kubectl, /bin/kubectl
+Defaults!KUBECTL !syslog
+EOF
+}
+
 ARCHTYPE=`uname -m`
 DEX_VERSION=${DEX_VERSION:-2.31.1}
 DEX_PATCH_VERSION=${DEX_PATCH_VERSION:-703e26bc109e86d00be22ef1803bdb96b2dc09e2}
@@ -20,6 +197,13 @@ if [[ "${ARCHTYPE}" = "x86_64" ]]; then
         ondemand \
         ondemand-dex
 elif [[ "${ARCHTYPE}" = "aarch64" ]]; then
+    BUILD_DIR=$(mktemp -d -p /build)
+    export BUILD_DIR
+
+    install_os_deps
+    build_passenger
+    build_ood_src
+
     # TODO: flesh out arm64 builds?
     dnf install -y golang-bin
     log_info "Install dex ${DEX_VERSION}..."
@@ -45,35 +229,7 @@ elif [[ "${ARCHTYPE}" = "aarch64" ]]; then
     groupadd -r ondemand-dex
     useradd -r -d /var/lib/ondemand-dex -g ondemand-dex -s /sbin/nologin -c "OnDemand Dex" ondemand-dex
     mkdir -p /etc/ood/dex
-    tee /etc/ood/dex/config.yaml <<EOF
----
-issuer: http://eb8307ff82be:5556
-storage:
-  type: sqlite3
-  config:
-    file: "/etc/ood/dex/dex.db"
-web:
-  http: 0.0.0.0:5556
-telemetry:
-  http: 0.0.0.0:5558
-staticClients:
-- id: eb8307ff82be
-  redirectURIs:
-  - http://eb8307ff82be/oidc
-  name: OnDemand
-  secret: 7c6c2f51-2f97-4866-886e-2fcf5b974224
-oauth2:
-  skipApprovalScreen: true
-enablePasswordDB: true
-staticPasswords:
-- email: ood@localhost
-  hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
-  username: ood
-  userID: '08a8684b-db88-4b73-90a9-3cd1661f5466'
-frontend:
-  dir: "/usr/share/ondemand-dex/web"
-  theme: hpc-coop
-EOF
+    chown ondemand-dex:ondemand-dex /etc/ood/dex
 fi
 
 log_info "Setting up Ondemand"
@@ -141,13 +297,11 @@ dex:
     theme: ondemand
 EOF
 
-if [[ ${ARCHTYPE} = "x86_64" ]]; then
-    log_info "Generating new httpd24 and dex configs.."
-    /opt/ood/ood-portal-generator/sbin/update_ood_portal
+log_info "Generating new httpd24 and dex configs.."
+/opt/ood/ood-portal-generator/sbin/update_ood_portal
 
-    log_info "Adding new theme to dex"
-    sed -i "s/theme: ondemand/theme: hpc-coop/g" /etc/ood/dex/config.yaml
-fi
+log_info "Adding new theme to dex"
+sed -i "s/theme: ondemand/theme: hpc-coop/g" /etc/ood/dex/config.yaml
 
 dnf clean all
 rm -rf /var/cache/dnf