Merge pull request #112 from broadinstitute/development

Adding support for external MongoDB hosts, security updates
broadinstitute · May 4, 2018 · 3adf783 · 3adf783
2 parents 2f00ddb + ac7d14d
commit 3adf783
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 12 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -117,7 +117,7 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
-    crass (1.0.3)
+    crass (1.0.4)
     daemons (1.2.6)
     debase (0.2.1)
       debase-ruby_core_source
@@ -194,7 +194,7 @@ GEM
     logging (2.2.2)
       little-plugger (~> 1.1)
       multi_json (~> 1.10)
-    loofah (2.1.1)
+    loofah (2.2.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
@@ -241,7 +241,7 @@ GEM
     netrc (0.11.0)
     nmatrix (0.2.4)
       packable (~> 1.3, >= 1.3.5)
-    nokogiri (1.8.1)
+    nokogiri (1.8.2)
       mini_portile2 (~> 2.3.0)
     non-stupid-digest-assets (1.0.9)
       sprockets (>= 2.0)
@@ -296,8 +296,8 @@ GEM
       activesupport (>= 4.2.0, < 5.0)
       nokogiri (~> 1.6)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
     railties (4.2.10)
       actionpack (= 4.2.10)
       activesupport (= 4.2.10)
@@ -429,4 +429,4 @@ DEPENDENCIES
   will_paginate_mongoid
 
 BUNDLED WITH
-   1.13.7
+   1.16.1
diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
@@ -2036,7 +2036,7 @@ def load_available_workflows
     all_workflows = []
 
     # parellelize gets to speed up performance if there are a lot of workflows
-    Parallel.map(allowed_workflows, in_threads: 100) do |workflow_opts|
+    Parallel.map(allowed_workflows, in_threads: 3) do |workflow_opts|
       namespace, name, snapshot = workflow_opts.split('/')
       all_workflows << Study.firecloud_client.get_methods(namespace: namespace, name: name, snapshotId: snapshot)
     end

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -6,7 +6,7 @@
   <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
   <%= stylesheet_link_tag    'application', media: 'all' %>
-  <script src="//cdn.plot.ly/plotly-1.33.1.min.js"></script>
+  <script src="//cdn.plot.ly/plotly-1.37.1.min.js"></script>
   <%= javascript_include_tag 'application' %>
   <script src="//cdn.datatables.net/plug-ins/1.10.15/sorting/natural.js"></script>
 

diff --git a/bin/boot_docker b/bin/boot_docker
@@ -13,6 +13,7 @@ $0 [OPTION]
 -n VALUE	set the name of the docker container (defaults to 'single_cell')
 -e VALUE	set the environment (defaults to 'development'. Running in 'production' will cause container to spawn headlessly)
 -d VALUE	set the project directory to mount inside Docker container (defaults to current working directory: `pwd`)
+-D VALUE	set the docker image version to use when booting the container (defaults to 'latest')
 -m VALUE	set the MONGO_LOCALHOST variable, only used in development (defaults to 'mongodb')
 -r VALUE	set the maximum allowable RAM to be allocated to portal (defaults to 12GB)
 -s VALUE	set the SECRET_KEY_BASE variable, used for secure cookies (auto-generates by default)
@@ -43,7 +44,7 @@ GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID
 GOOGLE_CLOUD_PROJECT=$GOOGLE_CLOUD_PROJECT
 DOCKER_IMAGE_VERSION='latest'
 
-while getopts "n:e:d:m:r:s:k:p:h:u:P:H:o:S:" OPTION; do
+while getopts "n:e:d:D:m:r:s:k:p:h:u:P:H:o:S:" OPTION; do
 case $OPTION in
 	n)
 		CONTAINER_NAME="$OPTARG"
@@ -54,6 +55,9 @@ case $OPTION in
 	d)
 		PROJECT_DIR="$OPTARG"
 		;;
+	D)
+		DOCKER_IMAGE_VERSION="$OPTARG"
+		;;
 	m)
   	MONGO_LOCALHOST="$OPTARG"
   	;;
@@ -98,7 +102,7 @@ done
 if [[ $PASSENGER_APP_ENV = "production" ]]
 then
 	# generate random secret key for secure cookies
-	docker run -d --name $CONTAINER_NAME -p 80:80 -p 443:443 --link mongodb:mongodb -h $PROD_HOSTNAME -v $PROJECT_DIR:/home/app/webapp:rw -v $PROJECT_DIR/data:/home/app/webapp/data:rw -m $MAX_RAM -e PASSENGER_APP_ENV=$PASSENGER_APP_ENV -e MONGO_LOCALHOST=$MONGO_LOCALHOST -e PROD_DATABASE_PASSWORD=$PROD_DATABASE_PASSWORD -e SERVICE_ACCOUNT_KEY=$SERVICE_ACCOUNT_KEY -e SECRET_KEY_BASE=$SECRET_KEY_BASE -e PROD_HOSTNAME=$PROD_HOSTNAME -e SENDGRID_USERNAME=$SENDGRID_USERNAME -e SENDGRID_PASSWORD=$SENDGRID_PASSWORD -e OAUTH_CLIENT_ID=$OAUTH_CLIENT_ID -e OAUTH_CLIENT_SECRET=$OAUTH_CLIENT_SECRET single_cell_docker:$DOCKER_IMAGE_VERSION
+	docker run -d --name $CONTAINER_NAME -p 80:80 -p 443:443 -h $PROD_HOSTNAME -v $PROJECT_DIR:/home/app/webapp:rw -v $PROJECT_DIR/data:/home/app/webapp/data:rw -e PASSENGER_APP_ENV=$PASSENGER_APP_ENV -e MONGO_LOCALHOST=$MONGO_LOCALHOST -e PROD_DATABASE_PASSWORD=$PROD_DATABASE_PASSWORD -e SERVICE_ACCOUNT_KEY=$SERVICE_ACCOUNT_KEY -e SECRET_KEY_BASE=$SECRET_KEY_BASE -e PROD_HOSTNAME=$PROD_HOSTNAME -e SENDGRID_USERNAME=$SENDGRID_USERNAME -e SENDGRID_PASSWORD=$SENDGRID_PASSWORD -e OAUTH_CLIENT_ID=$OAUTH_CLIENT_ID -e OAUTH_CLIENT_SECRET=$OAUTH_CLIENT_SECRET single_cell_docker:$DOCKER_IMAGE_VERSION
 elif [[ $PASSENGER_APP_ENV = "staging" ]]
 then
 	docker run -d --name $CONTAINER_NAME -p 80:80 -p 443:443 --link mongodb:mongodb -h $PROD_HOSTNAME -v $PROJECT_DIR:/home/app/webapp:rw -v $PROJECT_DIR/data:/home/app/webapp/data:rw -v $PROJECT_DIR/single-cell-staging.broadinstitute.org.crt:/etc/pki/tls/certs/localhost.crt -v $PROJECT_DIR/single-cell-staging.broadinstitute.org.key:/etc/pki/tls/private/localhost.key -m $MAX_RAM -e PASSENGER_APP_ENV=$PASSENGER_APP_ENV -e MONGO_LOCALHOST=$MONGO_LOCALHOST -e PROD_DATABASE_PASSWORD=$PROD_DATABASE_PASSWORD -e SERVICE_ACCOUNT_KEY=$SERVICE_ACCOUNT_KEY -e SECRET_KEY_BASE=$SECRET_KEY_BASE -e PROD_HOSTNAME=$PROD_HOSTNAME -e SENDGRID_USERNAME=$SENDGRID_USERNAME -e SENDGRID_PASSWORD=$SENDGRID_PASSWORD -e OAUTH_CLIENT_ID=$OAUTH_CLIENT_ID -e OAUTH_CLIENT_SECRET=$OAUTH_CLIENT_SECRET single_cell_docker:$DOCKER_IMAGE_VERSION

diff --git a/bin/weekly_disk_snapshot.bash b/bin/weekly_disk_snapshot.bash
@@ -7,6 +7,7 @@ TODAY="$(date +%Y-%m-%d)"
 
 # create the snapshots for portal and data disk
 echo "$(gcloud compute disks snapshot singlecell-production-disk --snapshot-names portal-backup-${TODAY} --zone us-central1-a)"
+echo "$(gcloud compute disks snapshot singlecell-mongo-prod-snap-disk --snapshot-names portal-database-backup-${TODAY} --zone us-central1-a)"
 
 #
 # DELETE OLD SNAPSHOTS (OLDER THAN 1 MONTH)

diff --git a/config/mongoid.yml b/config/mongoid.yml
@@ -128,7 +128,7 @@ production:
     default:
       database: single_cell_portal_production
       hosts:
-        - mongodb:27017
+        - <%= ENV['MONGO_LOCALHOST'] %>:27017
       options:
         user: 'single_cell'
         password: '<%= ENV['PROD_DATABASE_PASSWORD'] %>'

diff --git a/test/ui_test_suite.rb b/test/ui_test_suite.rb
@@ -2024,7 +2024,7 @@ def teardown
 
 		# check for reports
 		report_plots = @driver.find_elements(:class, 'plotly-report')
-		assert report_plots.size == 9, "did not find correct number of plots, expected 9 but found #{report_plots.size}"
+		assert report_plots.size == 11, "did not find correct number of plots, expected 9 but found #{report_plots.size}"
 		report_plots.each do |plot|
 			rendered = @driver.execute_script("return $('##{plot['id']}').data('rendered')")
 			assert rendered, "#{plot['id']} rendered status was not true"