[ckan-dev] Docker setup for CKAN - some ideas/comments

Florian Hoedt florian.hoedt at thuenen.de
Tue Jul 9 14:15:45 UTC 2019 

Hi Olivier, 

1) I know your work for Geonode´s SPC docker setup and still use a modified version of yours. Knowing you would do something similar (production ready small/medium scale setup) for CKAN is nice! 
2) I would use the .env file and substitution. It is the way you´ve designed it for SPC Geonode and I used it often. It is very easy to understand and configure. Therefore my +1 for one (.env) to rule them all. 

Yours, 
Florian 
-- 
MSc Florian Hoedt 
Koordinator Geoinformation | Coordinator Geoinformatics 
OpenData Beauftrager | OpenData Representative 

Thünen-Institut, Zentrum für Informationsmanagement | Thünen Institute, Centre for Information Management 
Bundesallee 44 
38116 Braunschweig 

Tel: +49 531 596-1428 
Fax: +49 531 596-1499 
Mail: florian.hoedt at thuenen.de 
Web: www.thuenen.de 

Das Johann Heinrich von Thünen-Institut, Bundesforschungsinstitut für Ländliche Räume, Wald und Fischerei - kurz: Thünen-Institut - besteht aus 14 Fachinstituten, die in den Bereichen Ökonomie, Ökologie und Technologie forschen und die Politik beraten. 

The Johann Heinrich von Thünen Institute, Federal Research Institute for Rural Areas, Forestry and Fisheries – Thünen Institute in brief – consists of 14 specialized institutes that carry out research and provide policy advice in the fields of economy, ecology and technology. 


Von: "Olivier Dalang" <olivier.dalang at gmail.com> 
An: ckan-dev at lists.okfn.org 
Gesendet: Dienstag, 9. Juli 2019 15:13:23 
Betreff: [ckan-dev] Docker setup for CKAN - some ideas/comments 

Dear list, 

I'm just getting started with CKAN and will be deploying using Docker. It works great so far and is very straightforward to use. 

Still, here are a few comments that I initially opened as issues on Github, but was redirected here. If there's some agreement on these, I may have a little bit of time to open some PRs in the future, as I may spend some time on this anyways soon if funding gets through. 

1. Docker setup for production 

The provided Docker setup seems to work fine for testing purposes but doesn't seem suited to production at all : 
- it uses paster serve instead of a proper production server 
- it doesn't support HTTPS nor instruction on how to set it up 
- there's no indication about other settings to change for production (e.g. sensible security/performance settings) 

Taking into account how much Docker is being used, and how practical it is to deploy applications, I'd suggest to provide a complete production-ready setup for Docker, including a sensible configuration for a typical small-scale installation. 

Do you agree with this idea ? Or would you rather just keep docker as a dev setup, maybe only improve the docs on how to move from dev to prod ? Is there already any work undergoing on this ? 

The main rationale is to join efforts for a sensible deployment setup, rather than having every user redoing the same work on his own. 

2. Management of production.ini 

Currently, the Docker setup for CKAN uses a volume for production.ini. The file is generated the first time in the entrypoint, and the volume is not mounted on the host. 

That's not really optimal : 

- there's a duplication of settings between production.ini and .env (e.g. CKAN_SMTP_* env vars from .env must be defined again in production.ini) 
- config can only be edited live 
- config is hard to find (hidden in docker's internal volume files) and thus also hard to manage/version 

I think a template production.ini should be shipped with the source rather than generated on the fly. It could either : 
a/ contain variables that would be replaced with envsubst in the docker entrypoint 
b/ be mounted directly in the source directory 

Variant a/ would be nicer to use in a typical docker workflow, as config would exclusively happen as env vars (everything in .env), but would be less flexible. Variant b/ would be more flexible, as you could manually change the production.ini file to whatever you need. We could even mix both, but that may become a bit cryptic... 

What do you think ? 

Kind regards, 

Olivier 



_______________________________________________ 
ckan-dev mailing list 
ckan-dev at lists.okfn.org 
https://lists.okfn.org/mailman/listinfo/ckan-dev 
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20190709/0a3dae8f/attachment-0002.html>

More information about the ckan-dev mailing list