Skip to content

How to Deploy a Server

Overview

This document focuses on how to deploy the current project to the local machine or server you are on.

Pull codabench develop branch code locally

You need to complete the following steps

Installing docker and common docker commands

  • Install the official version of docker (preferably not the snap version)

Modify .env file configuration

  • Go to the folder where codabench is located then run the following command to generate an .env file to set the environment variables required by the service 
    cp .env_sample .env

In the .env file, edit the following variables.

a) For a local deployment it looks like this:

.env
SUBMISSIONS_API_URL=localhost
#SUBMISSIONS_API_URL=http://django:8000/api
DOMAIN_NAME=localhost:80
AWS_S3_ENDPOINT_URL=http://minio:9000

b) For an online deployment using IP address:

Note

To get the IP address of the machine. You can use one of the following commands:

  • ifconfig -a
  • ip addr
  • ip a
  • hostname -I | awk '{print $1}'
  • nmcli -p device show

Replace the value of IP address in the following environment variables according to your infrastructure configuration:

.env
SUBMISSIONS_API_URL=https://<IP ADDRESS>/api
DOMAIN_NAME=<IP ADDRESS>:80
AWS_S3_ENDPOINT_URL=http://<IP ADDRESS>/

c) For an online deployment using domain name:

.env
SUBMISSIONS_API_URL=https://codabench-test.yourdomain.com/api
DOMAIN_NAME=codabench-test.yourdomain.com
AWS_S3_ENDPOINT_URL=https://minio-test.yourdomain.com

If you are deploying on an azure machine, then AWS_S3_ENDPOINT_URL needs to be set to an IP address that is accessible on the external network

Open Access Permissions for following port number

If you are deploying on a Linux server, which usually has a firewall, you need to open access permissions to the following port numbers

  • 5672: rabbit mq port
  • 8000: django port
  • 9000: minio port
  • Go to the folder where codabench is located
  • Go to the settings directory and modify base.py file
    • cd src/settings/
    • nano base.py
  • Change the value of DEBUG to True
    • DEBUG = os.environ.get("DEBUG", True)

If DEBUG is not set to true, then you will not be able to load to the static resource file

  • Comment out the following code

    image

Start service

  • Execute command docker compose up -d
  • Check if the service is started properly docker compose ps
codabench_compute_worker_1   "bash -c 'watchmedo …"   running      
codabench_caddy_1            "/bin/parent caddy -…"   running      0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 2015/tcp
codabench_site_worker_1      "bash -c 'watchmedo …"   running      
codabench_django_1           "bash -c 'cd /app/sr…"   running      0.0.0.0:8000->8000/tcp, :::8000->8000/tcp
codabench_flower_1           "flower"                 restarting   
codabench_rabbit_1           "docker-entrypoint.s…"   running      4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, :::5672->5672/tcp, 15671/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp, :::15672->15672/tcp
codabench_minio_1            "/usr/bin/docker-ent…"   running      0.0.0.0:9000->9000/tcp, :::9000->9000/tcp
codabench_db_1               "docker-entrypoint.s…"   running      0.0.0.0:5432->5432/tcp, :::5432->5432/tcp
codabench_builder_1          "docker-entrypoint.s…"   running      
codabench_redis_1            "docker-entrypoint.s…"   running      0.0.0.0:6379->6379/tcp, :::6379->6379/tcp
  • Create the required tables in the database: docker compose exec django ./manage.py migrate
  • Generate the required static resource files: docker compose exec django ./manage.py collectstatic --noinput

Tip

You can generate mock data with docker compose exec django ./manage.py generate_data if you want to test the website. However, it is not recomended to do that on an installation that you intend to use for Production

Set public bucket policy to read/write

This can easily be done via the minio web console (local URL: minio:9000) minio-9000-bucketPolicy

Checkout the log of the specified container

The following commands can help you debug

  • docker compose logs -f django : checkout django container logs in the docker-compose service
  • docker compose logs -f site_worker : checkout site-worker container logs in the docker-compose service
  • docker compose logs -f compute_worker : checkout compute-worker container logs in the docker-compose service
  • docker compose logs -f minio : checkout minio container logs in the docker-compose service

You can also use docker compose logs -f to get the logs of all the containers.

Stop service

  • Execute command docker compose down --volumes

Disabling docker containers on production

To override settings on your production server, create a docker-compose.override.yml in the codabench root directory. If on your production server, you are using remote MinIO or another cloud storage provider then you don't need minio container. If you have already buckets available for your s3 storage, you don't need createbuckets container. Therefore, you should disable minio and createbuckets containers. You may also want to disable the compute worker that is contained in the main server compute, to keep only remote compute workers.

Add this to your docker-compose.override.yml:

docker-compose.override.yml
version: '3.4'
services:
  compute_worker:
    command: "/bin/true"
  minio:
    restart: "no"
    command: "/bin/true"
  createbuckets:
    entrypoint: "/bin/true"
    restart: "no"
    depends_on:
      minio:
        condition: service_started

Warning

This will force the following container from exiting on start:

  • Compute Worker
  • MinIO
  • CreateBuckets

If you need one of these then remove the corresponding lines from the file before launching

The default queue of the platform runs all jobs, except when a custom queue is specified by the competition or benchmark. By default, the compute worker of the default queue is a docker container run by the main VM. If your server is used by many users and receives several submissions per day, it is recommended to use separate compute workers and to link them to the default queue.

To set up a compute worker, follow this guide

In the .env file of the compute worker, the BROKER_URL should reflect settings of the .env file of the platform:

.env
BROKER_URL=pyamqp://<RABBITMQ_DEFAULT_USER>:<RABBITMQ_DEFAULT_PASS>@<DOMAIN_NAME>:<RABBITMQ_PORT>/
HOST_DIRECTORY=/codabench
BROKER_USE_SSL=True

Personalize Main Banner

The main banner on the Codabench home page shows 3 organization logos

You can update these by:

  1. Replacing the logos in src/static/img/ folder
  2. Updating the code in src/templates/pages/home.html to point to the right websites of your organizations

Frequently asked questions (FAQs)

Invalid HTTP method

Exception detail (by using docker logs -f codabench_django_1)

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 165, in data_received
    self.parser.feed_data(data)
  File "httptools/parser/parser.pyx", line 193, in httptools.parser.parser.HttpParser.feed_data
httptools.parser.errors.HttpParserInvalidMethodError: invalid HTTP method
[2021-02-09 06:58:58 +0000] [14] [WARNING] Invalid HTTP request received.
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 165, in data_received
    self.parser.feed_data(data)
  File "httptools/parser/parser.pyx", line 193, in httptools.parser.parser.HttpParser.feed_data
httptools.parser.errors.HttpParserInvalidMethodError: invalid HTTP method

image

Solution

  • First, modify the .env file and set DJANGO_SETTINGS_MODULE=settings.develop

  • Then, restart services by using following docker-compose command

docker compose down --volumes
docker compose up -d

Missing static resources (css/js)

Solution: Change the value of the DEBUG parameter to True

  • nano competitions-v2/src/settings/base.py
  • DEBUG = os.environ.get("DEBUG", True)

image

  • Also comment out the following code in base.py

image

CORS Error (could not upload bundle)

Exception detail (by checkout google develop tools)

botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "[http://docker.for.mac.localhost:9000/private/dataset/2021-02-18-1613624215/24533cfc523e/competition.zip](http://docker.for.mac.localhost:9000/private/dataset/2021-02-18-1613624215/24533cfc523e/competition.zip)"

Solution: Set AWS_S3_ENDPOINT_URL to an address that is accessible to the external network

  • nano codabench/.env

image

Make sure the IP address and port number is accessible by external network, You can check this by :

  • telnet {ip-address-filling-in AWS_S3_ENDPOINT_URL} {port-filling-in AWS_S3_ENDPOINT_URL}
  • Make sure the firewall is closed on port 9000

This problem may also be caused by a bug in MinIO, in which case you will need to follow these steps

  • Upgrade the minio docker image to the latest version
  • Delete the previous minio directory folder in your codabench folder under /var/minio directory
  • Stop the current minio container
  • Delete the current minio container and the corresponding image
  • Re-execute docker compose up -d

Display logos error: logos don't upload from minio:

Check bucket policy of public minio bucket: read/write access should be allowed.

This can easily be done via the minio web console (local URL: minio:9000)

minio-9000-bucketPolicy

Compute worker execution with insufficient privileges

This issue may be encountered when starting a docker container in a compute worker, the problem is caused by the installation of snap docker (if you are using Ubuntu).

Solution

  • Uninstall snap docker
  • Install the official version of docker

Securing Codabench and Minio

Codabench uses Caddy to manage HTTPS and to secure Codabench. What you need is a valid DNS pointed towards the IP address of your instance.

Secure Minio with a reverse proxy

To secure MinIO, you should install a reverse-proxy, e.g: Nginx, and have a valid SSL certificate. Here is a tutorial sample:

Secure MinIO with Certbot and Letsencrypt

Don't forget to update your AWS_S3_ENDPOINT_URL parameter

Update it to AWS_S3_ENDPOINT_URL=https://<your minio>

Secure Minio on the same server as codabench (simpler)

Summary:

  • Use same SSL certs from letsencrypt (certbot) but change fullchain.pem -> public.crt and privkey.pem -> private.key. I copied from ./certs/caddy (for django/caddy) to ./certs/minio/certs.
  • You need to change the command for minio to "server /export --certs-dir /root/.minio/certs" and not just "server /export"
  • Mount in certs:
  • Add "- ./certs/minio:/root/.minio" under the minio service's "volumes" section
  • Certs must be in /${HOME}/.minio and for dockers ends up being /root/.minio
  • Edit the .env with minio cert location: 
    MINIO_CERT_FILE=/root/.minio/certs/public.crt
MINIO_KEY_FILE=/root/.minio/certs/private.key
# MINIO_CERTS_DIR=/certs/caddy # was told .pem files could work but for now separating
MINIO_CERTS_DIR=/root/.minio/certs # either this or the CERT\KEY above is redundant...but it works for now.
# NOTE! if you change this port, change it in AWS_S3_ENDPOINT_URL as well
MINIO_PORT=9000
  • Here is an example docker-compose.yml change for this: 
      #-----------------------------------------------
  # Minio local storage helper
  #-----------------------------------------------
  minio:
    image: minio/minio:RELEASE.2020-10-03T02-19-42Z
    command: server /export --certs-dir /root/.minio/certs
    volumes:
      - ./var/minio:/export
      - ./certs/minio:/root/.minio
    restart: unless-stopped
    ports:
      - $MINIO_PORT:9000
    env_file: .env
    healthcheck:
      test: ["CMD", "nc", "-z", "minio", "9000"]
      interval: 5s
      retries: 5
  createbuckets:
    image: minio/mc
    depends_on:
      minio:
        condition: service_healthy
    env_file: .env
    # volumes:
    #   This volume is shared with `minio`, so `z` to share it
    #   - ./var/minio:/export
    entrypoint: >
      /bin/sh -c "
      set -x;
      if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then
        until /usr/bin/mc config host add minio_docker https://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do
          echo '...waiting...' && sleep 5;
        done;
        /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.';
        /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.';
        /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME;
      else
        echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.';
      fi;
      exit 0;
      "
    image

Note

Don't forget to change the entrypoint to run https and not http.

Workaround: MinIO and Django on the same machine with only the port 443 opened to the external network.

The S3 API signature calculation algorithm does not support proxy schemes where you host the MinIO Server API such as example.net/s3/.

However, we can set the same URL for minio and django site and configure a proxy for each bucket in the Caddyfile : 

DOMAIN_NAME=https://mysite.com
AWS_S3_ENDPOINT_URL=https://mysite.com

Caddyfile : 

    @dynamic {
        not path /static/* /media/* /{$AWS_STORAGE_BUCKET_NAME}* /{$AWS_STORAGE_PRIVATE_BUCKET_NAME}* /minio*
    }
    reverse_proxy @dynamic django:8000 

    @min_bucket {
      path /{$AWS_STORAGE_BUCKET_NAME}* /{$AWS_STORAGE_PRIVATE_BUCKET_NAME}*
    }
    reverse_proxy @min_bucket minio:{$MINIO_PORT}