CDash icon indicating copy to clipboard operation
CDash copied to clipboard
verified publisher icon Kitware

Can't use the new CDash docker images without TLS

Open marc-legendre opened this issue 1 year ago • 2 comments

Hi there,

The recent release notes for CDash look excellent, and we'd love to test the latest version! However, I am struggling to upgrade from CDash 3.1.0.

We run CDash with docker, and we use the kitware/cdash images available on DockerHub. We run the container on AWS, on a VM in a private network, behind a public load balancer which serves as the TLS endpoint. Therefore, we don't need or want CDash to handle TLS.

This was possible with CDash 3.1.0, but I can't achieve the same with CDash 3.2.0 or 3.3.0. Am I missing something?

There seems to be a way via DEVELOPMENT_BUILD, but I don't like the look of it :sweat_smile:

Additional Information

For what it's worth, our systemd unit file to run CDash 3.1.0 looks like this:

cdash.service 
[Unit]
Description=CDash

[Service]
TimeoutStartSec=0
Restart=always
RestartSec=120
StartLimitInterval=5
StartLimitBurst=10
ExecStartPre=-/usr/bin/docker kill cdash
ExecStartPre=-/usr/bin/docker rm cdash
ExecStart=/usr/bin/docker run--rm --name cdash \
                    -e CDASH_ROOT_ADMIN_PASS=... \
                    -e DB_HOST='{{ __database_url__[env] }}' \
                    -e DB_DATABASE{{ database_name }} \
                    -e DB_USERNAME={{ database_user }} \
                    -e DB_PASSWORD={{ __vault__.database_password }} \
                    -e AUTOREMOVE_BUILDS=true \
                    -e DEFAULT_PROJECT="..." \
                    -e GITLAB_ENABLE=true \
                    -e GITLAB_CLIENT_ID={{ __gitlab_app_id__[env] }} \
                    -e GITLAB_CLIENT_SECRET={{ __gitlab_secret_id__[env] }} \
                    -e APP_URL={{ __cdash_url__[env] }} \
                    -e MAIL_FROM_ADDRESS=... \
                    -e MAIL_REPLY_ADDRESS=... \
                    -e MAIL_USERNAME=... \
                    -e MAIL_PASSWORD={{ __vault__.cdash_mail_password }} \
                    -e MAIL_HOST=... \
                    -e MAIL_PORT=... \
                    -e TOKEN_DURATION=157680000 \
                    -e TZ=Europe/Paris \
                    -e APP_ENV=production \
                    --net=host \
                    kitware/cdash:{{ cdash_version }}
ExecStop=/usr/bin/docker stop cdash

[Install]
WantedBy=multi-user.target

marc-legendre avatar Apr 29 '24 15:04 marc-legendre

The exact situation you describe is a known pain point that we're working to address. The changes related to that are currently scheduled for CDash 3.5, which we hope to release sometime in July. As a temporary workaround, you could modify the conf files to use port 80 instead of 443, and get rid of any SSL certificate stuff. You could alternatively use the development image and set APP_ENV to production.

williamjallen avatar May 01 '24 17:05 williamjallen

Ok, thank you for your reply, and for the ideas :-)

marc-legendre avatar May 02 '24 12:05 marc-legendre