Merge "[CE-469] Release v0.9.0-alpha"

dockerhub/v0.9.0-alpha/baseimage/Dockerfile

@@ -0,0 +1,21 @@
+FROM busybox as downloader
+
+RUN cd /tmp && wget -c https://github.com/hyperledger/cello/archive/v0.9.0-alpha.zip && \
+    unzip v0.9.0-alpha.zip && mv cello-0.9.0-alpha cello
+
+FROM python:3.6
+
+LABEL maintainer="github.com/hyperledger/cello"
+
+WORKDIR /app
+
+COPY install.sh /tmp/
+
+# Install necessary software
+RUN cd /tmp/ && \
+    bash install.sh && \
+		rm -f /tmp/install.sh
+
+COPY --from=downloader /tmp/cello/src /app
+RUN cd /app/ && \
+		pip install -r requirements.txt

dockerhub/v0.9.0-alpha/baseimage/install.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -x
+#
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Based thie file on https://github.com/docker-library/mongo/blob/master/3.4/Dockerfile &
+# https://docs.mongodb.com/manual/tutorial/install-mongodb-enterprise-on-ubuntu/#install-mongodb-enterprise
+
+set -x \
+	&& apt-get update && apt-get install -y supervisor && rm -rf /var/lib/apt/lists/*

dockerhub/v0.9.0-alpha/engine/Dockerfile

@@ -0,0 +1,12 @@
+# Copyright IBM Corp, All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+FROM hyperledger/cello-baseimage:x86_64-0.9.0-alpha
+
+# use this in development
+CMD ["python", "restserver.py"]
+
+# use this in product
+#CMD ["gunicorn", "-w", "128", "-b", "0.0.0.0:80", "restserver:app"]
+

dockerhub/v0.9.0-alpha/mongo/Dockerfile

@@ -0,0 +1,15 @@
+# Copyright IBM Corp, All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+FROM hyperledger/cello-baseimage:x86_64-0.8.0
+
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+
+VOLUME /data/db /data/configdb
+
+RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+EXPOSE 27017
+CMD ["mongod"]

dockerhub/v0.9.0-alpha/mongo/docker-entrypoint.sh

@@ -0,0 +1,254 @@
+#!/bin/bash
+#
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Based this file on https://github.com/docker-library/mongo/blob/master/3.4/docker-entrypoint.sh
+set -Eeuo pipefail
+
+if [ "${1:0:1}" = '-' ]; then
+	set -- mongod "$@"
+fi
+
+originalArgOne="$1"
+
+# allow the container to be started with `--user`
+# all mongo* commands should be dropped to the correct user
+if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then
+	if [ "$originalArgOne" = 'mongod' ]; then
+		chown -R mongodb /data/configdb /data/db
+	fi
+
+	# make sure we can write to stdout and stderr as "mongodb"
+	# (for our "initdb" code later; see "--logpath" below)
+	chown --dereference mongodb "/proc/$$/fd/1" "/proc/$$/fd/2" || :
+	# ignore errors thanks to https://github.com/docker-library/mongo/issues/149
+
+	exec gosu mongodb "$BASH_SOURCE" "$@"
+fi
+
+# you should use numactl to start your mongod instances, including the config servers, mongos instances, and any clients.
+# https://docs.mongodb.com/manual/administration/production-notes/#configuring-numa-on-linux
+if [[ "$originalArgOne" == mongo* ]]; then
+	numa='numactl --interleave=all'
+	if $numa true &> /dev/null; then
+		set -- $numa "$@"
+	fi
+fi
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+# see https://github.com/docker-library/mongo/issues/147 (mongod is picky about duplicated arguments)
+_mongod_hack_have_arg() {
+	local checkArg="$1"; shift
+	local arg
+	for arg; do
+		case "$arg" in
+			"$checkArg"|"$checkArg"=*)
+				return 0
+				;;
+		esac
+	done
+	return 1
+}
+declare -a mongodHackedArgs
+# _mongod_hack_ensure_arg '--some-arg' "$@"
+# set -- "${mongodHackedArgs[@]}"
+_mongod_hack_ensure_arg() {
+	local ensureArg="$1"; shift
+	mongodHackedArgs=( "$@" )
+	if ! _mongod_hack_have_arg "$ensureArg" "$@"; then
+		mongodHackedArgs+=( "$ensureArg" )
+	fi
+}
+# _mongod_hack_ensure_arg_val '--some-arg' 'some-val' "$@"
+# set -- "${mongodHackedArgs[@]}"
+_mongod_hack_ensure_arg_val() {
+	local ensureArg="$1"; shift
+	local ensureVal="$1"; shift
+	mongodHackedArgs=()
+	while [ "$#" -gt 0 ]; do
+		local arg="$1"; shift
+		case "$arg" in
+			"$ensureArg")
+				shift # also skip the value
+				continue
+				;;
+			"$ensureArg"=*)
+				# value is already included
+				continue
+				;;
+		esac
+		mongodHackedArgs+=( "$arg" )
+	done
+	mongodHackedArgs+=( "$ensureArg" "$ensureVal" )
+}
+# TODO what do to about "--config" ? :(
+
+if [ "$originalArgOne" = 'mongod' ]; then
+	file_env 'MONGO_INITDB_ROOT_USERNAME'
+	file_env 'MONGO_INITDB_ROOT_PASSWORD'
+	# pre-check a few factors to see if it's even worth bothering with initdb
+	shouldPerformInitdb=
+	if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then
+		# if we have a username/password, let's set "--auth"
+		_mongod_hack_ensure_arg '--auth' "$@"
+		set -- "${mongodHackedArgs[@]}"
+		shouldPerformInitdb='true'
+	elif [ "$MONGO_INITDB_ROOT_USERNAME" ] || [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then
+		cat >&2 <<-'EOF'
+
+			error: missing 'MONGO_INITDB_ROOT_USERNAME' or 'MONGO_INITDB_ROOT_PASSWORD'
+			       both must be specified for a user to be created
+
+		EOF
+		exit 1
+	fi
+
+	if [ -z "$shouldPerformInitdb" ]; then
+		# if we've got any /docker-entrypoint-initdb.d/* files to parse later, we should initdb
+		for f in /docker-entrypoint-initdb.d/*; do
+			case "$f" in
+				*.sh|*.js) # this should match the set of files we check for below
+					shouldPerformInitdb="$f"
+					break
+					;;
+			esac
+		done
+	fi
+
+	# check for a few known paths (to determine whether we've already initialized and should thus skip our initdb scripts)
+	if [ -n "$shouldPerformInitdb" ]; then
+		for path in \
+			/data/db/WiredTiger \
+			/data/db/journal \
+			/data/db/local.0 \
+			/data/db/storage.bson \
+		; do
+			if [ -e "$path" ]; then
+				shouldPerformInitdb=
+				break
+			fi
+		done
+	fi
+
+	if [ -n "$shouldPerformInitdb" ]; then
+		if _mongod_hack_have_arg --config "$@"; then
+			echo >&2
+			echo >&2 'warning: database is not yet initialized, and "--config" is specified'
+			echo >&2 '  the initdb database startup might fail as a result!'
+			echo >&2
+		fi
+
+		pidfile="$(mktemp)"
+		trap "rm -f '$pidfile'" EXIT
+
+		_mongod_hack_ensure_arg_val --bind_ip 127.0.0.1 "$@"
+		_mongod_hack_ensure_arg_val --port 27017 "${mongodHackedArgs[@]}"
+
+		sslMode="$(_mongod_hack_have_arg '--sslPEMKeyFile' "$@" && echo 'allowSSL' || echo 'disabled')" # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters"
+		_mongod_hack_ensure_arg_val --sslMode "$sslMode" "${mongodHackedArgs[@]}"
+
+		if stat "/proc/$$/fd/1" > /dev/null && [ -w "/proc/$$/fd/1" ]; then
+			# https://github.com/mongodb/mongo/blob/38c0eb538d0fd390c6cb9ce9ae9894153f6e8ef5/src/mongo/db/initialize_server_global_state.cpp#L237-L251
+			# https://github.com/docker-library/mongo/issues/164#issuecomment-293965668
+			_mongod_hack_ensure_arg_val --logpath "/proc/$$/fd/1" "${mongodHackedArgs[@]}"
+		else
+			echo >&2 "warning: initdb logs cannot write to '/proc/$$/fd/1', so they are in '/data/db/docker-initdb.log' instead"
+			_mongod_hack_ensure_arg_val --logpath /data/db/docker-initdb.log "${mongodHackedArgs[@]}"
+		fi
+		_mongod_hack_ensure_arg --logappend "${mongodHackedArgs[@]}"
+
+		_mongod_hack_ensure_arg_val --pidfilepath "$pidfile" "${mongodHackedArgs[@]}"
+		"${mongodHackedArgs[@]}" --fork
+
+		mongo=( mongo --host 127.0.0.1 --port 27017 --quiet )
+
+		# check to see that our "mongod" actually did start up (catches "--help", "--version", MongoDB 3.2 being silly, slow prealloc, etc)
+		# https://jira.mongodb.org/browse/SERVER-16292
+		tries=30
+		while true; do
+			if ! { [ -s "$pidfile" ] && ps "$(< "$pidfile")" &> /dev/null; }; then
+				# bail ASAP if "mongod" isn't even running
+				echo >&2
+				echo >&2 "error: $originalArgOne does not appear to have stayed running -- perhaps it had an error?"
+				echo >&2
+				exit 1
+			fi
+			if "${mongo[@]}" 'admin' --eval 'quit(0)' &> /dev/null; then
+				# success!
+				break
+			fi
+			(( tries-- ))
+			if [ "$tries" -le 0 ]; then
+				echo >&2
+				echo >&2 "error: $originalArgOne does not appear to have accepted connections quickly enough -- perhaps it had an error?"
+				echo >&2
+				exit 1
+			fi
+			sleep 1
+		done
+
+		if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then
+			rootAuthDatabase='admin'
+
+			"${mongo[@]}" "$rootAuthDatabase" <<-EOJS
+				db.createUser({
+					user: $(jq --arg 'user' "$MONGO_INITDB_ROOT_USERNAME" --null-input '$user'),
+					pwd: $(jq --arg 'pwd' "$MONGO_INITDB_ROOT_PASSWORD" --null-input '$pwd'),
+					roles: [ { role: 'root', db: $(jq --arg 'db' "$rootAuthDatabase" --null-input '$db') } ]
+				})
+			EOJS
+
+			mongo+=(
+				--username="$MONGO_INITDB_ROOT_USERNAME"
+				--password="$MONGO_INITDB_ROOT_PASSWORD"
+				--authenticationDatabase="$rootAuthDatabase"
+			)
+		fi
+
+		export MONGO_INITDB_DATABASE="${MONGO_INITDB_DATABASE:-test}"
+
+		echo
+		for f in /docker-entrypoint-initdb.d/*; do
+			case "$f" in
+				*.sh) echo "$0: running $f"; . "$f" ;;
+				*.js) echo "$0: running $f"; "${mongo[@]}" "$MONGO_INITDB_DATABASE" "$f"; echo ;;
+				*)    echo "$0: ignoring $f" ;;
+			esac
+			echo
+		done
+
+		"$@" --pidfilepath="$pidfile" --shutdown
+		rm "$pidfile"
+		trap - EXIT
+
+		echo
+		echo 'MongoDB init process complete; ready for start up.'
+		echo
+	fi
+
+	unset "${!MONGO_INITDB_@}"
+fi
+
+exec "$@"

dockerhub/v0.9.0-alpha/operator-dashboard/Dockerfile

@@ -0,0 +1,15 @@
+# Copyright IBM Corp, All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+FROM node:8.9 as build_js
+MAINTAINER haitao yue "[email protected]"
+RUN cd /tmp && git clone -b 'v0.9.0-alpha' --single-branch --depth 1 https://github.com/hyperledger/cello.git
+RUN cp -r /tmp/cello/src/static /var/www
+RUN cd /var/www/dashboard && npm install && npm run build
+
+FROM hyperledger/cello-baseimage:x86_64-0.9.0-alpha
+
+COPY --from=build_js /var/www/dist /app/static/dist
+COPY --from=build_js /tmp/cello/src/celery.conf /etc/supervisor/conf.d/
+CMD /etc/init.d/supervisor start && if [ "$DEBUG" = "True" ]; then python dashboard.py ; else gunicorn -w 1 --worker-class eventlet -b 0.0.0.0:8080 dashboard:app ;fi

dockerhub/v0.9.0-alpha/user-dashboard/Dockerfile

@@ -0,0 +1,40 @@
+# Copyright IBM Corp, All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+FROM busybox as builder
+ENV FABRIC_VERSION_1_0 1.0.5
+RUN cd /tmp && ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')" | awk '{print tolower($0)}') && \
+    echo $ARCH &&wget -c https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric/hyperledger-fabric/${ARCH}-${FABRIC_VERSION_1_0}/hyperledger-fabric-${ARCH}-${FABRIC_VERSION_1_0}.tar.gz && \
+    mkdir fabric-1.0 && tar -zxvf hyperledger-fabric-${ARCH}-${FABRIC_VERSION_1_0}.tar.gz -C fabric-1.0
+ENV FABRIC_VERSION_1_2 1.2.0
+RUN cd /tmp && ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')" | awk '{print tolower($0)}') && \
+    echo $ARCH &&wget -c https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric/hyperledger-fabric/${ARCH}-${FABRIC_VERSION_1_2}/hyperledger-fabric-${ARCH}-${FABRIC_VERSION_1_2}.tar.gz && \
+    mkdir fabric-1.2 && tar -zxvf hyperledger-fabric-${ARCH}-${FABRIC_VERSION_1_2}.tar.gz -C fabric-1.2
+RUN cd /tmp && wget -c https://github.com/hyperledger/cello/archive/v0.9.0-alpha.zip && unzip v0.9.0-alpha.zip && mv cello-0.9.0-alpha cello
+
+FROM node:8.9
+MAINTAINER haitao yue "[email protected]"
+COPY --from=builder /tmp/cello/user-dashboard/src/package.json /
+COPY --from=builder /tmp/cello/user-dashboard/src/yarn.lock /
+COPY --from=builder /tmp/cello/user-dashboard/src/packages /packages
+COPY --from=builder /tmp/cello/user-dashboard/src /var/www
+COPY --from=builder /tmp/cello/user-dashboard/fabric/fabric-1.0 /etc/hyperledger/fabric-1.0
+COPY --from=builder /tmp/cello/user-dashboard/fabric/fabric-1.2 /etc/hyperledger/fabric-1.2
+COPY --from=builder /tmp/cello/user-dashboard/src/app/lib/fabric/fixtures/channel/v1.2/crypto-config /etc/hyperledger/fabric-1.2/crypto-config
+RUN cd / && yarn install -g --verbose
+RUN cd /packages/fabric-1.0 && yarn install
+RUN cd /packages/fabric-1.2 && yarn install
+ENV PATH ${PATH}:/node_modules/.bin
+RUN cd /var/www && ln -sf /node_modules . && npm run build
+WORKDIR /var/www
+EXPOSE 8081
+
+COPY --from=builder /tmp/fabric-1.0/bin/configtxgen /usr/local/bin/fabric-1.0/configtxgen
+COPY --from=builder /tmp/fabric-1.2/bin/configtxgen /usr/local/bin/fabric-1.2/configtxgen
+ENV FABRIC_CFG_PATH /etc/hyperledger/fabric-1.0
+ENV MONGO_PORT 27017
+
+RUN sed -i 's/.\/ecdsa\/key.js/fabric-client\/lib\/impl\/ecdsa\/key.js/g' /packages/fabric-1.2/node_modules/fabric-ca-client/lib/impl/CryptoSuite_ECDSA_AES.js
+
+CMD ln -sf /node_modules . && npm run start