[GeoNode-devel] Geonode for production using Docker

Mon Mar 5 15:05:03 PST 2018

Dear List,

I'm currently working on setting up a Geonode deployment method using
Docker for our needs and thought it may of some interest to others, so I'd
like to share it here. Note that I'm relatively new to Geonode AND Docker,
so there are definitely some aspects that could (and will) be improved.

The main goal is to make a setup that is easy and *production-ready* but
still completely customizable.

At this point, here are the key features :

1. easy and clean to customize (it's a regular Django-Geonode project)
2. setup can be used both for development and for production
3. out of the box https encryption (using free Let's Encrypt certificates)
4. out of the box backups (Amazon S3 and/or Syncthings)
5. Geoserver uses Geonode user/groups from database for authentication
(meaning geonode users === geoserver users, including groups)
6. Geoserver's data directory properly initialized (no risk of breach if
user forgets to change admin/root passwords)
7. Rancher catalog entry (makes it possible to install through GUI only
e.g. on amazon instances, especially nice if you deploy a lot of instances)

For those not familiar with Docker, this basically means that you can have
Geonode installed with all related services under Linux, Windows or Mac OS
with this command (well, you need Docker and Docker-compose installed, but
that's not a big challenge) :
docker-compose up

I'm aware there is already the geonode-project repository that also has a
Docker-compose setup, and that is very similar. I don't want to duplicate
anything (but just needed to start from scratch to really understand , and
if there's some interest, I'm willing to contribute back to geonode-project.

Here are the main differences (plus features 3-7 above) between
geonode-project and my setup:

- All dockerfiles customized for geonode (django, geoserver, nginx and some
others) are in the same github/dockerhub repo, rather than spread across
several github/dockerhub repositories. This makes it much easier to know
what's happening and make releases (push one tag push in one repo, then
dockerhub autobuilds do the rest).
- Where possible, the images are based on linux alpine instead of Ubuntu,
making the images much lighter
- All other service images use version tags (rather than just pulling
latest) so that two builds will always deploy exactly the same stack)
- Sensitive information (admin password...) are defined using Docker
secrets instead of environment variables. Those are much less subject to be
leaked (in a forgotten debug statement for instance).
- Celery worker activity is reported in the django admin
- Almost all django settings are inherited from Geonode.

I think with the inputs of more experienced Geonode devs, I could push this
forward, and maybe at some point we could support it as an official way to
deploy Geonode.
While not perfect and probably not adapted to all cases, I think it would
be a big improvement over the current deployment method through apt-get
which is definitely not production-ready, even if used that way by a lot of
users.
Also it's true that some aspects are a bit out of Geonode's scope (backups,
ssl), but as they are common to any real life deployement, I think it's not
a bad idea to integrate those into official deployement methods (we'd
progressively stop seeing all those unsecured Geonode install)

Here's the main branch :
https://github.com/olivierdalang/SPCgeonode

Here's a how customized geonode project would look like (work in progress):
https://github.com/olivierdalang/SPCgeonode/tree/example_project

Here's the Rancher catalog (look for "spcgeonode"):
https://github.com/PacificCommunity/rancher-catalogue

Let me know what you think !

Kind regards,

Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180306/d7629af8/attachment.html>