class DockerHelper(object): logger = Util.uc_logger() def __init__(self, host, url, ca, cert, key, version): self.logger.info("__init__") self._host = host tls_config = docker.tls.TLSConfig(client_cert=(cert, key), ca_cert=ca, verify=True) self._client = docker.Client(base_url=url, tls=tls_config, version=version) def build_lab_docker(self, image_name, docker_file_text): self.logger.info("DockerHelper.build_lab_docker") f = BytesIO(docker_file_text.encode('utf-8')) response = [ line for line in self._client.build(tag=image_name, rm=True, fileobj=f) ] self.logger.info("docker.build:") for line in response: self.logger.info(line) self.logger.info("DockerHelper.build_lab_docker.complete") def build_student_docker(self, image_name, docker_obj, private_key, public_key, user_name, user_psw, user_email, user_token, git_host, git_port, teacher_token, docker_namespace): self.logger.info("DockerHelper.build_student_docker") result, message = GitLabUtil.get_user(git_host, git_port, teacher_token) if not result: self.logger.info(message) return teacher_id = json.loads(message)["id"] teacher_name = json.loads(message)["username"] project_name = docker_obj.name docker_file_text = self._create_ucore_docker_file( docker_obj, private_key, public_key, user_name, user_psw, user_email, git_host, git_port, docker_namespace, teacher_name) docker_file = BytesIO(docker_file_text.encode('utf-8')) result, message = GitLabUtil.create_private_project( git_host, git_port, user_token, project_name) if not result: self.logger.info(message) return result, message = GitLabUtil.add_project_developer( git_host, git_port, user_token, user_name, project_name, teacher_id) if not result: self.logger.info(message) return response = [ line for line in self._client.build( tag=image_name, rm=True, fileobj=docker_file) ] self.logger.info("build docker result:") for line in response: self.logger.info(line) container = self._client.create_container(image=image_name, ports=[8080]) self.logger.info("docker.create_container:") self.logger.info(container) docker_obj.container_id = container["Id"] self.logger.info("DockerHelper.build_student_docker.complete") def start_student_docker(self, docker_obj): print "DockerHelper.start_student_docker" self._client.start(docker_obj.container_id, port_bindings={ 6080: ("0.0.0.0", ), 8080: ("0.0.0.0", ) }) port = self._client.port(docker_obj.container_id, 8080) vnc = self._client.port(docker_obj.container_id, 6080) docker_obj.host = self._host docker_obj.port = port[0]["HostPort"] docker_obj.vnc = vnc[0]["HostPort"] docker_obj.last_start_time = datetime.datetime.strftime( datetime.datetime.today(), "%Y-%m-%d %H:%M:%S") self.logger.info("DockerHelper.start_student_docker.complete") def stop_student_docker(self, docker_obj): print "DockerHelper.stop_student_docker" self._client.stop(docker_obj.container_id) print "DockerHelper.stop_student_docker.complete" def _create_ucore_docker_file(self, docker_obj, private_key, public_key, user_name, user_pwd, user_email, git_host, git_port, docker_namespace, teacher_name): text = ( 'FROM ' + docker_namespace + '/' + docker_obj.lab.name + '\nMAINTAINER ggxx<*****@*****.**>' + '\n' + '\nRUN echo -ne "' + private_key.replace("\n", "\\n") + '" > /root/.ssh/id_rsa;\\' + '\n echo "' + public_key + '" > /root/.ssh/id_rsa.pub;\\' + '\n chmod 0600 /root/.ssh/id_rsa ;\\' + '\n echo -ne "' + self.startup_shell.replace("\n", "\\n") + '" > /startup.sh;\\' + '\n chmod +x /startup.sh;\\' + '\n echo -ne "' + self.tty_config.format(user_name, user_pwd).replace("\n", "\\n") + '" > /opt/ttyjs/ttyjs-config.json;\\' + '\n echo ' + user_pwd + ' | echo $(vncpasswd -f) > /root/.vnc/passwd;\\' + '\n chmod 0600 /root/.vnc/passwd;\\' + '\n git config --global user.name "' + user_name + '" ;\\' + '\n git config --global user.email "' + user_email + '" ;\\' + '\n echo -ne "StrictHostKeyChecking no\\nUserKnownHostsFile /dev/null\\n" >> /etc/ssh/ssh_config ;\\' + '\n cd /my_lab/ ;\\' + '\n git remote add origin git@' + git_host + ':' + user_name + '/' + docker_obj.name + '.git; \\' '\n git push -u origin master' + '\n' + '\nEXPOSE 6080' + '\nEXPOSE 8080' + '\nENTRYPOINT ["/startup.sh"]', ) self.logger.info(text[0]) return text[0] startup_shell = """#!/usr/bin/env bash (vncserver && /opt/noVNC/utils/launch.sh --vnc localhost:5901) & tty.js --config /opt/ttyjs/ttyjs-config.json""" tty_config = """{{
class UcDockerXBlock(XBlock): logger = Util.uc_logger() is_new = Boolean(default=True, scope=Scope.user_state, help="is new") private_key = String(default="", scope=Scope.user_state, help="SHH Private Key") public_key = String(default="", scope=Scope.user_state, help="SHH Public Key") git_password = String(default="", scope=Scope.user_state, help="Git password") git_id = Integer(default="", scope=Scope.user_state, help="Git id") git_user_token = String(default="", scope=Scope.user_state, help="Git private token") dockers = List(default=[], scope=Scope.user_state, help="dockers") labs = List(default=[], scope=Scope.content, help="labs") # config CONFIG = Config.CONFIG git_host = CONFIG["GIT"]["HOST"] git_port = CONFIG["GIT"]["PORT"] git_admin_token = CONFIG["GIT"]["ADMIN_TOKEN"] docker_host = CONFIG["DOCKER"]["HOST"] docker_url = CONFIG["DOCKER"]["REMOTE_API"]["URL"] docker_namespace = CONFIG["DOCKER"]["NAMESPACE"] docker_mem = CONFIG["DOCKER"]["MEM_LIMIT"] ca = CONFIG["DOCKER"]["REMOTE_API"]["CA"] cert = CONFIG["DOCKER"]["REMOTE_API"]["CERT"] key = CONFIG["DOCKER"]["REMOTE_API"]["KEY"] version = CONFIG["DOCKER"]["REMOTE_API"]["VERSION"] git_teacher_token = CONFIG["GIT"]["TEACHER"]["TOKEN"] principal_name = CONFIG["LDAP"]["PRINCIPAL_NAME"] ldap_password = CONFIG["LDAP"]["PASSWORD"] ldap_url = CONFIG["LDAP"]["LDAP_URL"] base_dn = CONFIG["LDAP"]["BASE_DN"] docker_helper = DockerRawHelper(docker_host, docker_url, ca, cert, key) def student_view(self, context=None): # runtime error if not hasattr(self.runtime, "anonymous_student_id"): return self.message_view( "Error in uc_docker (get anonymous student id)", "Cannot get anonymous_student_id in runtime", context) # preview in studio if self.runtime.anonymous_student_id == "student": result, message = GitLabUtil.get_user_projects( self.git_host, self.git_port, self.git_teacher_token) if not result: return self.message_view( "Error in uc_docker (get git projects)", "Cannot get user's projects in git", context) context_dict = {"labs": self.labs, "message": ""} fragment = Fragment() fragment.add_content( Util.render_template('static/html/uc_lab.html', context_dict)) fragment.add_css(Util.load_resource("static/css/uc_docker.css")) fragment.add_javascript( Util.load_resource("static/js/src/uc_lab.js")) fragment.initialize_js("UcDockerXBlock") return fragment # student view in open-edx if self.is_new: # create git account when first visiting student = self.runtime.get_real_user( self.runtime.anonymous_student_id) email = student.email name = student.first_name + " " + student.last_name username = student.username self.git_password = Util.create_random_password() self.save() # first_name, last_name are empty if name == " ": name = username self.logger.info("password is " + self.git_password) # create ldap account l = ldap.initialize(self.ldap_url) l.bind(self.principal_name, self.ldap_password) dn = "uid=" + username + "," + self.base_dn attrs = {} attrs['objectclass'] = ['top', 'inetOrgPerson', 'eduPerson'] attrs['cn'] = str(username) attrs['sn'] = str(username) attrs['givenName'] = str(username) attrs['uid'] = str(username) attrs['userPassword'] = str(self.git_password) attrs['description'] = 'ldap user for shibboleth' attrs['eduPersonPrincipalName'] = str(email) # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.addModlist(attrs) l.add_s(dn, ldif) l.unbind_s() self.logger.info("create ldap account " + username + "," + dn) self.logger.info(self.git_host + "," + str(self.git_port) + "," + self.git_admin_token + "," + name + "," + username + "," + email + "," + self.git_password) result, message = GitLabUtil.create_account( self.git_host, self.git_port, self.git_admin_token, name, username, email, self.git_password) self.logger.info("create_account result:") self.logger.info(result) self.logger.info(message) if not result: return self.message_view( "Error in uc_docker (create git account)", message, context) result, message = GitLabUtil.login(self.git_host, self.git_port, username, self.git_password) self.logger.info("login result:") self.logger.info(result) self.logger.info(message) if not result: return self.message_view( "Error in uc_docker (login git account)", message, context) try: message = json.loads(message) self.git_id = message["id"] self.git_user_token = message["private_token"] self.save() except Exception, ex: return self.message_view( "Error in uc_docker (load json string)", message, context) try: self.private_key, self.public_key = Util.gen_ssh_keys(email) self.logger.info("private_key:" + self.private_key) self.save() conn = pymongo.Connection('localhost', 27017) db = conn.test token = db.token token.insert({ "username": username, "token": message["private_token"], "password": self.git_password, "private_key": self.private_key, "public_key": self.public_key }) conn.disconnect() except Exception, ex: return self.message_view("Error in uc_docker (gen ssh key)", ex, context) result, message = GitLabUtil.add_ssh_key(self.git_host, self.git_port, self.git_user_token, "uClassroom default", self.public_key) self.logger.info("add_ssh_key result:") self.logger.info(result) self.logger.info(message) if not result: return self.message_view( "Error in uc_docker (add git ssh key)", message, context) self.is_new = False self.save()
class DockerRawHelper(object): logger = Util.uc_logger() def __init__(self, host, port, ca, cert, key): self.logger.info("DockerRawHelper.__init__") self._host = host self._port = port self._ca = ca self._cert = cert self._key = key def build_lab_docker(self, image_name, dockerfile_text): dockerfile_path = self._create_tmp_dockerfile(dockerfile_text) cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} build --rm -t {5} {6}" cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, image_name, dockerfile_path) self.logger.info(cmd) process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (std_output, err_output) = process.communicate()#timeout=60*10) if err_output != '': return 1 return 0 def build_student_docker(self, image_name, docker, private_key, public_key, user_name, user_psw, user_email, user_token, git_host, git_port, teacher_token, docker_namespace, mem_limit='256m'): result, message = GitLabUtil.get_user(git_host, git_port, teacher_token) if not result: self.logger.info(message) return 2 try: teacher_id = json.loads(message)["id"] teacher_name = json.loads(message)["username"] except Exception: return 3 project_name = docker.name dockerfile_text = self._format_ucore_dockerfile_text(docker, private_key, public_key, user_name, user_psw, user_email, git_host, docker_namespace) dockerfile_path = self._create_tmp_dockerfile(dockerfile_text) result, message = GitLabUtil.create_private_project(git_host, git_port, user_token, project_name) if not result: self.logger.info(message) self.logger.info("hhhhhhhhhhhhh1") return 4 result, message = GitLabUtil.add_project_developer(git_host, git_port, user_token, user_name, project_name, teacher_id) if not result: self.logger.info(message) self.logger.info("hhhhhhhhhhhhhh2") return 5 cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} build --rm -t {5} {6}" cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, image_name, dockerfile_path) process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (std_output, err_output) = process.communicate()#timeout=60*5) if err_output != '': return 6 cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} create -p :8080 -p :6080 -m {5} {6}" cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, mem_limit, image_name) process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (std_output, err_output) = process.communicate()#timeout=15) docker.container_id = std_output if err_output != '': return 7 docker.container_id = std_output return 0 def start_student_docker(self, docker): cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} start {5}" cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, docker.container_id) self.logger.info(cmd) process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (std_output, err_output) = process.communicate()#timeout=15) if err_output != '': return 1 cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} port {5}" cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, docker.container_id) self.logger.info(cmd) process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (std_output, err_output) = process.communicate()#timeout=15) if err_output != '': return 2 docker.last_start_time = datetime.datetime.strftime(datetime.datetime.today(), "%Y-%m-%d %H:%M:%S") docker.host = self._host # std_output is 6080/tcp -> 0.0.0.0:49100\n8080/tcp -> 0.0.0.0:49101 ports = std_output.split('\n') for i in range(0, len(ports)): port_docker = ports[i].split("/")[0] if port_docker == "6080": docker.port = ports[i].split(":")[1] elif port_docker == "8080": docker.vnc = ports[i].split(":")[1] return 0 def stop_student_docker(self, docker): cmd = "docker --tlsverify --tlscacert={0} --tlscert={1} --tlskey={2} -H={3}:{4} stop {5}" cmd = cmd.format(self._ca, self._cert, self._key, self._host, self._port, docker.container_id) self.logger.info(cmd) process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (std_output, err_output) = process.communicate()#timeout=15) if err_output != '': return 1 return 0 def _create_tmp_dockerfile(self, docker_file_text): tmp_path = "/tmp/uc_docker/" + Util.random_string(12) tmp_file = tmp_path + "/Dockerfile" mkdir(tmp_path) f=open(tmp_file, 'w') f.write(docker_file_text) f.flush() f.close() return tmp_path def _format_ucore_dockerfile_text(self, docker, private_key, public_key, user_name, user_pwd, user_email, git_host, docker_namespace): text = ( 'FROM ' + docker_namespace + '/' + docker.lab.name + '\nMAINTAINER ggxx<*****@*****.**>' + '\n' + '\nRUN echo -ne "' + private_key.replace("\n", "\\n") + '" > /root/.ssh/id_rsa;\\' + '\n echo "' + public_key + '" > /root/.ssh/id_rsa.pub;\\' + '\n chmod 0600 /root/.ssh/id_rsa ;\\' + '\n echo -ne "' + self._startup_shell.replace("\n", "\\n") + '" > /startup.sh;\\' + '\n chmod +x /startup.sh;\\' + '\n echo -ne "' + self._tty_config.format(user_name, user_pwd).replace("\n", "\\n") + '" > /opt/ttyjs/ttyjs-config.json;\\' + '\n echo ' + user_pwd + ' | echo $(vncpasswd -f) > /root/.vnc/passwd;\\' + '\n chmod 0600 /root/.vnc/passwd;\\' + '\n git config --global user.name "' + user_name + '" ;\\' + '\n git config --global user.email "' + user_email + '" ;\\' + '\n echo -ne "StrictHostKeyChecking no\\nUserKnownHostsFile /dev/null\\n" >> /etc/ssh/ssh_config ;\\' + '\n cd /my_lab/ ;\\' + '\n git remote add origin git@' + git_host + ':' + user_name + '/' + docker.name + '.git; \\' '\n git push -u origin master' + '\n' + '\nEXPOSE 6080' + '\nEXPOSE 8080' + '\nENTRYPOINT ["/startup.sh"]',) self.logger.info(text[0]) return text[0] _startup_shell = """#!/usr/bin/env bash vncserver -kill :1 (vncserver && /opt/noVNC/utils/launch.sh --vnc localhost:5901) & tty.js --config /opt/ttyjs/ttyjs-config.json""" _tty_config = """{{
class UcDockerXBlock(XBlock): logger = Util.uc_logger() is_new = Boolean(default=True, scope=Scope.user_state, help="is new") private_key = String(default="", scope=Scope.user_state, help="SHH Private Key") public_key = String(default="", scope=Scope.user_state, help="SHH Public Key") git_password = String(default="", scope=Scope.user_state, help="Git password") git_id = Integer(default="", scope=Scope.user_state, help="Git id") git_user_token = String(default="", scope=Scope.user_state, help="Git private token") dockers = List(default=[], scope=Scope.user_state, help="dockers") labs = List(default=[], scope=Scope.content, help="labs") # config CONFIG = Config.CONFIG git_host = CONFIG["GIT"]["HOST"] git_port = CONFIG["GIT"]["PORT"] git_admin_token = CONFIG["GIT"]["ADMIN_TOKEN"] docker_host = CONFIG["DOCKER"]["HOST"] docker_url = CONFIG["DOCKER"]["REMOTE_API"]["URL"] docker_namespace = CONFIG["DOCKER"]["NAMESPACE"] docker_mem = CONFIG["DOCKER"]["MEM_LIMIT"] ca = CONFIG["DOCKER"]["REMOTE_API"]["CA"] cert = CONFIG["DOCKER"]["REMOTE_API"]["CERT"] key = CONFIG["DOCKER"]["REMOTE_API"]["KEY"] version = CONFIG["DOCKER"]["REMOTE_API"]["VERSION"] git_teacher_token = CONFIG["GIT"]["TEACHER"]["TOKEN"] docker_helper = DockerRawHelper(docker_host, docker_url, ca, cert, key) def student_view(self, context=None): # runtime error if not hasattr(self.runtime, "anonymous_student_id"): return self.message_view( "Error in uc_docker (get anonymous student id)", "Cannot get anonymous_student_id in runtime", context) # preview in studio if self.runtime.anonymous_student_id == "student": result, message = GitLabUtil.get_user_projects( self.git_host, self.git_port, self.git_teacher_token) if not result: return self.message_view( "Error in uc_docker (get git projects)", "Cannot get user's projects in git", context) context_dict = {"labs": self.labs, "message": ""} fragment = Fragment() fragment.add_content( Util.render_template('static/html/uc_lab.html', context_dict)) fragment.add_css(Util.load_resource("static/css/uc_docker.css")) fragment.add_javascript( Util.load_resource("static/js/src/uc_lab.js")) fragment.initialize_js("UcDockerXBlock") return fragment # student view in open-edx if self.is_new: # create git account when first visiting student = self.runtime.get_real_user( self.runtime.anonymous_student_id) email = student.email name = student.first_name + " " + student.last_name username = student.username self.git_password = Util.create_random_password() self.save() # first_name, last_name are empty if name == " ": name = username self.logger.info("password is " + self.git_password) self.logger.info(self.git_host + "," + str(self.git_port) + "," + self.git_admin_token + "," + name + "," + username + "," + email + "," + self.git_password) result, message = GitLabUtil.create_account( self.git_host, self.git_port, self.git_admin_token, name, username, email, self.git_password) self.logger.info("create_account result:") self.logger.info(result) self.logger.info(message) if not result: return self.message_view( "Error in uc_docker (create git account)", message, context) result, message = GitLabUtil.login(self.git_host, self.git_port, username, self.git_password) self.logger.info("login result:") self.logger.info(result) self.logger.info(message) if not result: return self.message_view( "Error in uc_docker (login git account)", message, context) try: message = json.loads(message) self.git_id = message["id"] self.git_user_token = message["private_token"] self.save() except Exception, ex: return self.message_view( "Error in uc_docker (load json string)", message, context) try: self.private_key, self.public_key = Util.gen_ssh_keys(email) self.logger.info("private_key:" + self.private_key) self.save() conn = pymongo.Connection('192.168.122.183', 27017) db = conn.test token = db.token token.insert({ "username": username, "token": message["private_token"], "password": self.git_password, "private_key": self.private_key, "public_key": self.public_key }) conn.disconnect() except Exception, ex: return self.message_view("Error in uc_docker (gen ssh key)", ex, context) result, message = GitLabUtil.add_ssh_key(self.git_host, self.git_port, self.git_user_token, "uClassroom default", self.public_key) self.logger.info("add_ssh_key result:") self.logger.info(result) self.logger.info(message) if not result: return self.message_view( "Error in uc_docker (add git ssh key)", message, context) self.is_new = False self.save()