# Multi-stage Dockerfile for PISCAL # Stage 1: Build stage - Compile PISCAL executable from Fortran sources FROM ubuntu:latest AS builder # Install build dependencies RUN set -xe \ && apt-get update \ && apt-get install --no-install-recommends -y \ make \ xutils-dev \ gfortran \ && apt-get autoclean -y \ && apt-get autoremove -y # Copy source files from multiple directories COPY leafres/testarea/ /build/leafres/testarea/ COPY dataassim/math/optimization/ /build/dataassim/math/optimization/ COPY dataassim/math/othersupmath/ /build/dataassim/math/othersupmath/ COPY dataassim/math/algebra/ /build/dataassim/math/algebra/ COPY dataassim/math/specialfuncs/ /build/dataassim/math/specialfuncs/ COPY dataassim/math/nonlinsystems/ /build/dataassim/math/nonlinsystems/ COPY leafres/testrun/Makefile /build/leafres/testrun/Makefile # Build the executable WORKDIR /build/leafres/testrun RUN make clean || true RUN make # Stage 2: Runtime stage - Create minimal application container FROM ubuntu:latest # Build arguments for configurable credentials and paths ARG SSH_USERNAME=piscaladmin ARG SSH_PASSWORD=piscaladmin ARG SSH_GROUP=piscaladmin ARG STORAGE_PATH=/home/piscaladmin/LeafWeb_storage ARG PISCAL_EXECUTABLE=/srv/piscal # Install runtime dependencies only RUN set -xe \ && apt-get update \ && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ openssh-server \ sudo \ iproute2 \ vim \ wget \ libgfortran5 \ && apt-get autoclean -y \ && apt-get autoremove -y # Configure SSH server with parameterized credentials RUN set -xe \ && groupadd ${SSH_GROUP} \ && useradd -g ${SSH_GROUP} -G sudo -m -s /bin/bash ${SSH_USERNAME} \ && echo "${SSH_USERNAME}:${SSH_PASSWORD}" | chpasswd RUN set -xe \ && sed -i -e 's/#PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config \ && sed -i -e 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config \ && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd RUN set -xe \ && chown -R ${SSH_USERNAME}:${SSH_GROUP} /home/${SSH_USERNAME} # Fix for SSHD - "Missing privilege separation directory: /run/sshd" RUN set -xe \ && mkdir /run/sshd # Ensure the job/workspace base under /srv is writable. # The client uses `/srv/${PiscalDirectoryName}/input` and `PiscalDirectoryName` # can itself be prefixed with `LeafWeb/...`. RUN set -xe \ && mkdir -p /srv/LeafWeb \ && chown -R ${SSH_USERNAME}:${SSH_GROUP} /srv/LeafWeb # Create storage directory structure with proper ownership RUN set -xe \ && mkdir -p ${STORAGE_PATH}/input \ && mkdir -p ${STORAGE_PATH}/output \ && chown -R ${SSH_USERNAME}:${SSH_GROUP} ${STORAGE_PATH} # Copy compiled executable from builder stage COPY --from=builder /build/leafres/testrun/piscal /srv/piscal # Copy piscal-manager scripts (excluding .cfg, we'll generate it) COPY piscal-manager/*.sh /srv/ COPY piscal-manager/README.txt /srv/ # Generate piscal_launcher.cfg with build-time parameters RUN set -xe \ && echo "piscal_executable=\"${PISCAL_EXECUTABLE}\"" > /srv/piscal_launcher.cfg \ && echo "storage_directory=\"${STORAGE_PATH}\"" >> /srv/piscal_launcher.cfg \ && chown ${SSH_USERNAME}:${SSH_GROUP} /srv/piscal_launcher.cfg # Fix Windows line endings (CRLF -> LF) for scripts and make scripts executable RUN set -xe \ && find /srv -name "*.sh" -type f -exec sed -i 's/\r$//' {} \; \ && chmod +x /srv/*.sh || true WORKDIR /srv EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"]