Dockerfile for building AiidaLab ATMOSPEC image.
The following extra things are added on top of the docker.io/aiidalab/full-stack
image:
- SLURM queuing manager
- Some conda packages (e.g. OpenMPI for parallel ORCA)
Original image is generated and published on DockerHub at https://github.com/aiidalab/aiidalab-docker-stack
We use bumpver to handle the release automation:
pipx install bumpver
git switch main && git pull origin main
# Check the changes first with a dry run
bumpver update --dry
bumpver update
This will create a release commit, tag it, and push it. Once you see the build and tests pass, create a release for the new tag in GitHub UI at
https://github.com/ispg-group/aiidalab-ispg-docker-stack/releases/new
This will trigger a new workflow that should do a new build and push the new latest
image.
To get a proper certificate from a trusted Certificate Authority (CA),
you can use Let's encrypt, more specifically its certbot
tool.
For local development, you can use the mkcert tool, which not only creates the certificates, but also creates a root certificate and automatically installs it in your system store and in browsers. No more browser warnings! Here's a quick guide for Ubuntu 20.04. For other OSes see the official installation guide.
- Install dependencies and download the latest mkcert binary for Linux-x86 (it is not abailable as .deb package).
$ sudo apt install libnss3-tools
$ curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
$ chmod +x mkcert-v*-linux-amd64
$ sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
- Create and install the root CA
$ mkcert -install
- Generate the certificates for localhost, and possibly other domains
$ mkcert --cert-file certificates/localhost.crt --key-file certificates/localhost.key localhost 127.0.0.1 it096203.users.bris.ac.uk
-
The certificate and private key are now ready in the
certificates/
folder so you can now build the docker image.WARNING: This procedure copies the private key inside the Docker image. This is of course only safe when you're building the image locally and not sharing it!
$ docker build . -t aiidalab-ispg
- (OPTIONAL) Distributing your CA public certificate.
If you need other people to trust you as a certificate authority,
you can distribute the public CA cert
rootCA.pem
generated by mkcert. You can find its location by running
mkcert -CAROOT
WARNING: Under any circumstances DO NOT share the rootCA-key.pem
!
This would allow anybody to spoof trafic to you.