class DockerHelper(object):
logger = Util.uc_logger()
def __init__(self, host, url, ca, cert, key, version):
self.logger.info("__init__")
self._host = host
tls_config = docker.tls.TLSConfig(client_cert=(cert, key),
ca_cert=ca,
verify=True)
self._client = docker.Client(base_url=url,
tls=tls_config,
version=version)
def build_lab_docker(self, image_name, docker_file_text):
self.logger.info("DockerHelper.build_lab_docker")
f = BytesIO(docker_file_text.encode('utf-8'))
response = [
line
for line in self._client.build(tag=image_name, rm=True, fileobj=f)
]
self.logger.info("docker.build:")
for line in response:
self.logger.info(line)
self.logger.info("DockerHelper.build_lab_docker.complete")
def build_student_docker(self, image_name, docker_obj, private_key,
public_key, user_name, user_psw, user_email,
user_token, git_host, git_port, teacher_token,
docker_namespace):
self.logger.info("DockerHelper.build_student_docker")
result, message = GitLabUtil.get_user(git_host, git_port,
teacher_token)
if not result:
self.logger.info(message)
return
teacher_id = json.loads(message)["id"]
teacher_name = json.loads(message)["username"]
project_name = docker_obj.name
docker_file_text = self._create_ucore_docker_file(
docker_obj, private_key, public_key, user_name, user_psw,
user_email, git_host, git_port, docker_namespace, teacher_name)
docker_file = BytesIO(docker_file_text.encode('utf-8'))
result, message = GitLabUtil.create_private_project(
git_host, git_port, user_token, project_name)
if not result:
self.logger.info(message)
return
result, message = GitLabUtil.add_project_developer(
git_host, git_port, user_token, user_name, project_name,
teacher_id)
if not result:
self.logger.info(message)
return
response = [
line for line in self._client.build(
tag=image_name, rm=True, fileobj=docker_file)
]
self.logger.info("build docker result:")
for line in response:
self.logger.info(line)
container = self._client.create_container(image=image_name,
ports=[8080])
self.logger.info("docker.create_container:")
self.logger.info(container)
docker_obj.container_id = container["Id"]
self.logger.info("DockerHelper.build_student_docker.complete")
def start_student_docker(self, docker_obj):
print "DockerHelper.start_student_docker"
self._client.start(docker_obj.container_id,
port_bindings={
6080: ("0.0.0.0", ),
8080: ("0.0.0.0", )
})
port = self._client.port(docker_obj.container_id, 8080)
vnc = self._client.port(docker_obj.container_id, 6080)
docker_obj.host = self._host
docker_obj.port = port[0]["HostPort"]
docker_obj.vnc = vnc[0]["HostPort"]
docker_obj.last_start_time = datetime.datetime.strftime(
datetime.datetime.today(), "%Y-%m-%d %H:%M:%S")
self.logger.info("DockerHelper.start_student_docker.complete")
def stop_student_docker(self, docker_obj):
print "DockerHelper.stop_student_docker"
self._client.stop(docker_obj.container_id)
print "DockerHelper.stop_student_docker.complete"
def _create_ucore_docker_file(self, docker_obj, private_key, public_key,
user_name, user_pwd, user_email, git_host,
git_port, docker_namespace, teacher_name):
text = (
'FROM ' + docker_namespace + '/' + docker_obj.lab.name +
'\nMAINTAINER ggxx<*****@*****.**>' + '\n' +
'\nRUN echo -ne "' + private_key.replace("\n", "\\n") +
'" > /root/.ssh/id_rsa;\\' + '\n echo "' + public_key +
'" > /root/.ssh/id_rsa.pub;\\' +
'\n chmod 0600 /root/.ssh/id_rsa ;\\' + '\n echo -ne "' +
self.startup_shell.replace("\n", "\\n") + '" > /startup.sh;\\' +
'\n chmod +x /startup.sh;\\' + '\n echo -ne "' +
self.tty_config.format(user_name, user_pwd).replace("\n", "\\n") +
'" > /opt/ttyjs/ttyjs-config.json;\\' + '\n echo ' + user_pwd +
' | echo $(vncpasswd -f) > /root/.vnc/passwd;\\' +
'\n chmod 0600 /root/.vnc/passwd;\\' +
'\n git config --global user.name "' + user_name + '" ;\\' +
'\n git config --global user.email "' + user_email + '" ;\\' +
'\n echo -ne "StrictHostKeyChecking no\\nUserKnownHostsFile /dev/null\\n" >> /etc/ssh/ssh_config ;\\'
+ '\n cd /my_lab/ ;\\' + '\n git remote add origin git@' +
git_host + ':' + user_name + '/' + docker_obj.name + '.git; \\'
'\n git push -u origin master' + '\n' + '\nEXPOSE 6080' +
'\nEXPOSE 8080' + '\nENTRYPOINT ["/startup.sh"]', )
self.logger.info(text[0])
return text[0]
startup_shell = """#!/usr/bin/env bash
(vncserver && /opt/noVNC/utils/launch.sh --vnc localhost:5901) & tty.js --config /opt/ttyjs/ttyjs-config.json"""
tty_config = """{{
class UcDockerXBlock(XBlock):
logger = Util.uc_logger()
is_new = Boolean(default=True, scope=Scope.user_state, help="is new")
private_key = String(default="",
scope=Scope.user_state,
help="SHH Private Key")
public_key = String(default="",
scope=Scope.user_state,
help="SHH Public Key")
git_password = String(default="",
scope=Scope.user_state,
help="Git password")
git_id = Integer(default="", scope=Scope.user_state, help="Git id")
git_user_token = String(default="",
scope=Scope.user_state,
help="Git private token")
dockers = List(default=[], scope=Scope.user_state, help="dockers")
labs = List(default=[], scope=Scope.content, help="labs")
# config
CONFIG = Config.CONFIG
git_host = CONFIG["GIT"]["HOST"]
git_port = CONFIG["GIT"]["PORT"]
git_admin_token = CONFIG["GIT"]["ADMIN_TOKEN"]
docker_host = CONFIG["DOCKER"]["HOST"]
docker_url = CONFIG["DOCKER"]["REMOTE_API"]["URL"]
docker_namespace = CONFIG["DOCKER"]["NAMESPACE"]
docker_mem = CONFIG["DOCKER"]["MEM_LIMIT"]
ca = CONFIG["DOCKER"]["REMOTE_API"]["CA"]
cert = CONFIG["DOCKER"]["REMOTE_API"]["CERT"]
key = CONFIG["DOCKER"]["REMOTE_API"]["KEY"]
version = CONFIG["DOCKER"]["REMOTE_API"]["VERSION"]
git_teacher_token = CONFIG["GIT"]["TEACHER"]["TOKEN"]
principal_name = CONFIG["LDAP"]["PRINCIPAL_NAME"]
ldap_password = CONFIG["LDAP"]["PASSWORD"]
ldap_url = CONFIG["LDAP"]["LDAP_URL"]
base_dn = CONFIG["LDAP"]["BASE_DN"]
docker_helper = DockerRawHelper(docker_host, docker_url, ca, cert, key)
def student_view(self, context=None):
# runtime error
if not hasattr(self.runtime, "anonymous_student_id"):
return self.message_view(
"Error in uc_docker (get anonymous student id)",
"Cannot get anonymous_student_id in runtime", context)
# preview in studio
if self.runtime.anonymous_student_id == "student":
result, message = GitLabUtil.get_user_projects(
self.git_host, self.git_port, self.git_teacher_token)
if not result:
return self.message_view(
"Error in uc_docker (get git projects)",
"Cannot get user's projects in git", context)
context_dict = {"labs": self.labs, "message": ""}
fragment = Fragment()
fragment.add_content(
Util.render_template('static/html/uc_lab.html', context_dict))
fragment.add_css(Util.load_resource("static/css/uc_docker.css"))
fragment.add_javascript(
Util.load_resource("static/js/src/uc_lab.js"))
fragment.initialize_js("UcDockerXBlock")
return fragment
# student view in open-edx
if self.is_new:
# create git account when first visiting
student = self.runtime.get_real_user(
self.runtime.anonymous_student_id)
email = student.email
name = student.first_name + " " + student.last_name
username = student.username
self.git_password = Util.create_random_password()
self.save()
# first_name, last_name are empty
if name == " ":
name = username
self.logger.info("password is " + self.git_password)
# create ldap account
l = ldap.initialize(self.ldap_url)
l.bind(self.principal_name, self.ldap_password)
dn = "uid=" + username + "," + self.base_dn
attrs = {}
attrs['objectclass'] = ['top', 'inetOrgPerson', 'eduPerson']
attrs['cn'] = str(username)
attrs['sn'] = str(username)
attrs['givenName'] = str(username)
attrs['uid'] = str(username)
attrs['userPassword'] = str(self.git_password)
attrs['description'] = 'ldap user for shibboleth'
attrs['eduPersonPrincipalName'] = str(email)
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attrs)
l.add_s(dn, ldif)
l.unbind_s()
self.logger.info("create ldap account " + username + "," + dn)
self.logger.info(self.git_host + "," + str(self.git_port) + "," +
self.git_admin_token + "," + name + "," +
username + "," + email + "," + self.git_password)
result, message = GitLabUtil.create_account(
self.git_host, self.git_port, self.git_admin_token, name,
username, email, self.git_password)
self.logger.info("create_account result:")
self.logger.info(result)
self.logger.info(message)
if not result:
return self.message_view(
"Error in uc_docker (create git account)", message,
context)
result, message = GitLabUtil.login(self.git_host, self.git_port,
username, self.git_password)
self.logger.info("login result:")
self.logger.info(result)
self.logger.info(message)
if not result:
return self.message_view(
"Error in uc_docker (login git account)", message, context)
try:
message = json.loads(message)
self.git_id = message["id"]
self.git_user_token = message["private_token"]
self.save()
except Exception, ex:
return self.message_view(
"Error in uc_docker (load json string)", message, context)
try:
self.private_key, self.public_key = Util.gen_ssh_keys(email)
self.logger.info("private_key:" + self.private_key)
self.save()
conn = pymongo.Connection('localhost', 27017)
db = conn.test
token = db.token
token.insert({
"username": username,
"token": message["private_token"],
"password": self.git_password,
"private_key": self.private_key,
"public_key": self.public_key
})
conn.disconnect()
except Exception, ex:
return self.message_view("Error in uc_docker (gen ssh key)",
ex, context)
result, message = GitLabUtil.add_ssh_key(self.git_host,
self.git_port,
self.git_user_token,
"uClassroom default",
self.public_key)
self.logger.info("add_ssh_key result:")
self.logger.info(result)
self.logger.info(message)
if not result:
return self.message_view(
"Error in uc_docker (add git ssh key)", message, context)
self.is_new = False
self.save()
class DockerRawHelper(object):
logger = Util.uc_logger()
def __init__(self, host, port, ca, cert, key):
self.logger.info("DockerRawHelper.__init__")
self._host = host
self._port = port
self._ca = ca
self._cert = cert
self._key = key
def build_lab_docker(self, image_name, dockerfile_text):
dockerfile_path = self._create_tmp_dockerfile(dockerfile_text)
cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} build --rm -t {5} {6}"
cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, image_name, dockerfile_path)
self.logger.info(cmd)
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(std_output, err_output) = process.communicate()#timeout=60*10)
if err_output != '':
return 1
return 0
def build_student_docker(self, image_name, docker, private_key, public_key, user_name, user_psw, user_email, user_token, git_host, git_port, teacher_token, docker_namespace, mem_limit='256m'):
result, message = GitLabUtil.get_user(git_host, git_port, teacher_token)
if not result:
self.logger.info(message)
return 2
try:
teacher_id = json.loads(message)["id"]
teacher_name = json.loads(message)["username"]
except Exception:
return 3
project_name = docker.name
dockerfile_text = self._format_ucore_dockerfile_text(docker, private_key, public_key, user_name, user_psw, user_email, git_host, docker_namespace)
dockerfile_path = self._create_tmp_dockerfile(dockerfile_text)
result, message = GitLabUtil.create_private_project(git_host, git_port, user_token, project_name)
if not result:
self.logger.info(message)
self.logger.info("hhhhhhhhhhhhh1")
return 4
result, message = GitLabUtil.add_project_developer(git_host, git_port, user_token, user_name, project_name, teacher_id)
if not result:
self.logger.info(message)
self.logger.info("hhhhhhhhhhhhhh2")
return 5
cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} build --rm -t {5} {6}"
cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, image_name, dockerfile_path)
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(std_output, err_output) = process.communicate()#timeout=60*5)
if err_output != '':
return 6
cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} create -p :8080 -p :6080 -m {5} {6}"
cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, mem_limit, image_name)
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(std_output, err_output) = process.communicate()#timeout=15)
docker.container_id = std_output
if err_output != '':
return 7
docker.container_id = std_output
return 0
def start_student_docker(self, docker):
cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} start {5}"
cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, docker.container_id)
self.logger.info(cmd)
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(std_output, err_output) = process.communicate()#timeout=15)
if err_output != '':
return 1
cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} port {5}"
cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, docker.container_id)
self.logger.info(cmd)
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(std_output, err_output) = process.communicate()#timeout=15)
if err_output != '':
return 2
docker.last_start_time = datetime.datetime.strftime(datetime.datetime.today(), "%Y-%m-%d %H:%M:%S")
docker.host = self._host
# std_output is 6080/tcp -> 0.0.0.0:49100\n8080/tcp -> 0.0.0.0:49101
ports = std_output.split('\n')
for i in range(0, len(ports)):
port_docker = ports[i].split("/")[0]
if port_docker == "6080":
docker.port = ports[i].split(":")[1]
elif port_docker == "8080":
docker.vnc = ports[i].split(":")[1]
return 0
def stop_student_docker(self, docker):
cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} stop {5}"
cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, docker.container_id)
self.logger.info(cmd)
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(std_output, err_output) = process.communicate()#timeout=15)
if err_output != '':
return 1
return 0
def _create_tmp_dockerfile(self, docker_file_text):
tmp_path = "/tmp/uc_docker/" + Util.random_string(12)
tmp_file = tmp_path + "/Dockerfile"
mkdir(tmp_path)
f=open(tmp_file, 'w')
f.write(docker_file_text)
f.flush()
f.close()
return tmp_path
def _format_ucore_dockerfile_text(self, docker, private_key, public_key, user_name, user_pwd, user_email, git_host, docker_namespace):
text = (
'FROM ' + docker_namespace + '/' + docker.lab.name +
'\nMAINTAINER ggxx<*****@*****.**>' +
'\n' +
'\nRUN echo -ne "' + private_key.replace("\n", "\\n") + '" > /root/.ssh/id_rsa;\\' +
'\n echo "' + public_key + '" > /root/.ssh/id_rsa.pub;\\' +
'\n chmod 0600 /root/.ssh/id_rsa ;\\' +
'\n echo -ne "' + self._startup_shell.replace("\n", "\\n") + '" > /startup.sh;\\' +
'\n chmod +x /startup.sh;\\' +
'\n echo -ne "' + self._tty_config.format(user_name, user_pwd).replace("\n", "\\n") + '" > /opt/ttyjs/ttyjs-config.json;\\' +
'\n echo ' + user_pwd + ' | echo $(vncpasswd -f) > /root/.vnc/passwd;\\' +
'\n chmod 0600 /root/.vnc/passwd;\\' +
'\n git config --global user.name "' + user_name + '" ;\\' +
'\n git config --global user.email "' + user_email + '" ;\\' +
'\n echo -ne "StrictHostKeyChecking no\\nUserKnownHostsFile /dev/null\\n" >> /etc/ssh/ssh_config ;\\' +
'\n cd /my_lab/ ;\\' +
'\n git remote add origin git@' + git_host + ':' + user_name + '/' + docker.name + '.git; \\'
'\n git push -u origin master' +
'\n' +
'\nEXPOSE 6080' +
'\nEXPOSE 8080' +
'\nENTRYPOINT ["/startup.sh"]',)
self.logger.info(text[0])
return text[0]
_startup_shell = """#!/usr/bin/env bash
vncserver -kill :1
(vncserver && /opt/noVNC/utils/launch.sh --vnc localhost:5901) & tty.js --config /opt/ttyjs/ttyjs-config.json"""
_tty_config = """{{
class UcDockerXBlock(XBlock):
logger = Util.uc_logger()
is_new = Boolean(default=True, scope=Scope.user_state, help="is new")
private_key = String(default="",
scope=Scope.user_state,
help="SHH Private Key")
public_key = String(default="",
scope=Scope.user_state,
help="SHH Public Key")
git_password = String(default="",
scope=Scope.user_state,
help="Git password")
git_id = Integer(default="", scope=Scope.user_state, help="Git id")
git_user_token = String(default="",
scope=Scope.user_state,
help="Git private token")
dockers = List(default=[], scope=Scope.user_state, help="dockers")
labs = List(default=[], scope=Scope.content, help="labs")
# config
CONFIG = Config.CONFIG
git_host = CONFIG["GIT"]["HOST"]
git_port = CONFIG["GIT"]["PORT"]
git_admin_token = CONFIG["GIT"]["ADMIN_TOKEN"]
docker_host = CONFIG["DOCKER"]["HOST"]
docker_url = CONFIG["DOCKER"]["REMOTE_API"]["URL"]
docker_namespace = CONFIG["DOCKER"]["NAMESPACE"]
docker_mem = CONFIG["DOCKER"]["MEM_LIMIT"]
ca = CONFIG["DOCKER"]["REMOTE_API"]["CA"]
cert = CONFIG["DOCKER"]["REMOTE_API"]["CERT"]
key = CONFIG["DOCKER"]["REMOTE_API"]["KEY"]
version = CONFIG["DOCKER"]["REMOTE_API"]["VERSION"]
git_teacher_token = CONFIG["GIT"]["TEACHER"]["TOKEN"]
docker_helper = DockerRawHelper(docker_host, docker_url, ca, cert, key)
def student_view(self, context=None):
# runtime error
if not hasattr(self.runtime, "anonymous_student_id"):
return self.message_view(
"Error in uc_docker (get anonymous student id)",
"Cannot get anonymous_student_id in runtime", context)
# preview in studio
if self.runtime.anonymous_student_id == "student":
result, message = GitLabUtil.get_user_projects(
self.git_host, self.git_port, self.git_teacher_token)
if not result:
return self.message_view(
"Error in uc_docker (get git projects)",
"Cannot get user's projects in git", context)
context_dict = {"labs": self.labs, "message": ""}
fragment = Fragment()
fragment.add_content(
Util.render_template('static/html/uc_lab.html', context_dict))
fragment.add_css(Util.load_resource("static/css/uc_docker.css"))
fragment.add_javascript(
Util.load_resource("static/js/src/uc_lab.js"))
fragment.initialize_js("UcDockerXBlock")
return fragment
# student view in open-edx
if self.is_new:
# create git account when first visiting
student = self.runtime.get_real_user(
self.runtime.anonymous_student_id)
email = student.email
name = student.first_name + " " + student.last_name
username = student.username
self.git_password = Util.create_random_password()
self.save()
# first_name, last_name are empty
if name == " ":
name = username
self.logger.info("password is " + self.git_password)
self.logger.info(self.git_host + "," + str(self.git_port) + "," +
self.git_admin_token + "," + name + "," +
username + "," + email + "," + self.git_password)
result, message = GitLabUtil.create_account(
self.git_host, self.git_port, self.git_admin_token, name,
username, email, self.git_password)
self.logger.info("create_account result:")
self.logger.info(result)
self.logger.info(message)
if not result:
return self.message_view(
"Error in uc_docker (create git account)", message,
context)
result, message = GitLabUtil.login(self.git_host, self.git_port,
username, self.git_password)
self.logger.info("login result:")
self.logger.info(result)
self.logger.info(message)
if not result:
return self.message_view(
"Error in uc_docker (login git account)", message, context)
try:
message = json.loads(message)
self.git_id = message["id"]
self.git_user_token = message["private_token"]
self.save()
except Exception, ex:
return self.message_view(
"Error in uc_docker (load json string)", message, context)
try:
self.private_key, self.public_key = Util.gen_ssh_keys(email)
self.logger.info("private_key:" + self.private_key)
self.save()
conn = pymongo.Connection('192.168.122.183', 27017)
db = conn.test
token = db.token
token.insert({
"username": username,
"token": message["private_token"],
"password": self.git_password,
"private_key": self.private_key,
"public_key": self.public_key
})
conn.disconnect()
except Exception, ex:
return self.message_view("Error in uc_docker (gen ssh key)",
ex, context)
result, message = GitLabUtil.add_ssh_key(self.git_host,
self.git_port,
self.git_user_token,
"uClassroom default",
self.public_key)
self.logger.info("add_ssh_key result:")
self.logger.info(result)
self.logger.info(message)
if not result:
return self.message_view(
"Error in uc_docker (add git ssh key)", message, context)
self.is_new = False
self.save()
