-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
83 lines (64 loc) · 2.2 KB
/
Dockerfile
File metadata and controls
83 lines (64 loc) · 2.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
FROM jupyter/base-notebook:latest
LABEL maintainer="Palo Alto Networks <[email protected]>"
USER root
RUN apt-get update && apt-get install -yq --no-install-recommends \
git \
curl \
gcc \
linux-libc-dev \
libc6-dev \
vim \
netcat \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
USER root
WORKDIR $HOME
# Configure container startup
ENTRYPOINT ["tini", "-g", "--"]
CMD ["start-all.sh"]
# Install latest pancloud library
RUN pip install pancloud
# Install latest apiexplorer
WORKDIR /opt
RUN git clone https://github.com/PaloAltoNetworks/apiexplorer.git
WORKDIR /opt/apiexplorer
RUN pip install -r requirements.txt
# Force an update of pancloud to the latest version (workaround)
RUN pip install -U pancloud
# Prepare DB and credential dirs
RUN mkdir /opt/apiexplorerdb
RUN chown $NB_USER:$NB_GID /opt/apiexplorerdb
RUN fix-permissions /opt/apiexplorerdb
RUN mkdir /opt/pancloud
RUN chown $NB_USER:$NB_GID /opt/pancloud
RUN fix-permissions /opt/pancloud
# Prepare copy of existing pancloud and apiexplorer dir in case a copy script is launched
RUN mkdir /opt/panbackup
RUN cp -a /opt/conda/lib/python3.6/site-packages/pancloud /opt/panbackup
RUN cp -a /opt/apiexplorer /opt/panbackup
# Prepare AppFramework Jupyter Notebooks
WORKDIR /opt/panbackup
RUN git clone https://github.com/PaloAltoNetworks/pancloud-tutorial
RUN cp -a pancloud-tutorial/*.ipynb $HOME/work
RUN chown -R $NB_USER:$NB_GID $HOME/work
RUN fix-permissions $HOME/work
WORKDIR $HOME
# Copy startup scripts
COPY prep-host-dirs.sh /usr/local/bin/
COPY prep-host-notebooks.sh /usr/local/bin/
COPY start-apiexplorer.sh /usr/local/bin/
COPY start-all.sh /usr/local/bin/
COPY update-pancloud.sh /usr/local/bin/
COPY update-apiexplorer.sh /usr/local/bin/
COPY update-notebooks.sh /usr/local/bin/
COPY update-all.sh /usr/local/bin/
# pancloud and apiexplorer env vars
ENV PAN_CREDENTIALS_DBFILE=/opt/pancloud/credentials.json
ENV APIEXPLORER_SKIP_REDIRECT_TO_CSP yes
# Prepare sudoers
RUN echo "$NB_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Expose port 5000 for apiexplorer and 8888 for notebooks
EXPOSE 5000 8888
WORKDIR $HOME
# Switch back to jovyan to avoid accidental container runs as root
USER $NB_UID