{"id":13558548,"url":"https://github.com/datopian/ckan-cloud-docker","last_synced_at":"2025-10-15T10:26:53.630Z","repository":{"id":45431204,"uuid":"156597157","full_name":"datopian/ckan-cloud-docker","owner":"datopian","description":"Docker images and compose environment for local development and testing of ckan-cloud","archived":false,"fork":false,"pushed_at":"2024-10-16T15:44:28.000Z","size":980,"stargazers_count":23,"open_issues_count":0,"forks_count":26,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-07-02T11:13:46.881Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datopian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-07T19:24:30.000Z","updated_at":"2024-10-22T08:54:21.000Z","dependencies_parsed_at":"2024-01-17T06:12:21.327Z","dependency_job_id":"3bb66efc-4520-42c8-962b-6c661fa49ecb","html_url":"https://github.com/datopian/ckan-cloud-docker","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/datopian/ckan-cloud-docker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datopian%2Fckan-cloud-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datopian%2Fckan-cloud-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datopian%2Fckan-cloud-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datopian%2Fckan-cloud-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datopian","download_url":"https://codeload.github.com/datopian/ckan-cloud-docker/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datopian%2Fckan-cloud-docker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279073167,"owners_count":26097338,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-15T02:00:07.814Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:05:01.091Z","updated_at":"2025-10-15T10:26:53.569Z","avatar_url":"https://github.com/datopian.png","language":"Shell","readme":"# CKAN Cloud Docker\n\n[![Build Status](https://travis-ci.org/ViderumGlobal/ckan-cloud-docker.svg?branch=master)](https://travis-ci.org/ViderumGlobal/ckan-cloud-docker)\n\nContains Docker imgages for the different components of CKAN Cloud and a Docker compose environment for development and testing.\n\nAvailable components:\n\n* **cca-operator**: Kubernetes server-side component that manages the multi-tenant CKAN instances. see the [README](cca-operator/README.md) for more details.\n* **ckan**: The CKAN app\n* **db**: PostgreSQL database and management scripts\n* **nginx**: Reverse proxy for the CKAN app\n* **solr**: Solr search engine\n* **jenkins**: Automation service\n* **provisioning-api**: [ckan-cloud-provisioning-api](https://github.com/ViderumGlobal/ckan-cloud-provisioning-api)\n* **traefik**: Reverse proxy, SSL handler and load balancer\n\n\n## Install\n\nInstall Docker for [Windows](https://store.docker.com/editions/community/docker-ce-desktop-windows),\n[Mac](https://store.docker.com/editions/community/docker-ce-desktop-mac) or [Linux](https://docs.docker.com/install/).\n\n[Install Docker Compose](https://docs.docker.com/compose/install/)\n\n\n## Generate or update files with secrets\n\nRun and follow all steps:\n```\n./create_secrets.py\n```\n\nIf you're setting up a local environment for development and testing, you can leave all of the secret values as is. Just press enter when prompted for a value.\n\n## Running locally for development and testing\n\nIf you want to run this locally and don't want to deploy it anywhere, you must make a few changes before you can start the environment. Once you've gone through the steps below and started the environment, you can access CKAN at http://ckan:5000 (when creating secrets, don't change the default site URL).\n\n**Note**: The \"Install\" and \"Generate or update files with secrets\" sections above are still required before proceeding with a local setup. After making the changes below, you can continue with the \"Running a CKAN instance using the docker-compose environment\" section.\n\n### Use traefik.dev.toml\n\nBy default, `traefik` will attempt to generate a certificate and use https. This will cause issues with the local development environment. To fix this, you can use the `traefik.dev.toml` by updating the `proxy` service in `docker-compose.yaml` to use the `traefik.dev.toml` file. The dev version doesn't generate a certificate and uses http instead of https.\n\n```\n proxy:\n image: traefik:1.7.2-alpine\n restart: always\n volumes:\n - ./traefik/traefik.toml.template:/traefik.toml.template\n #- ./traefik/traefik.dev.toml:/traefik.dev.toml # Uncomment this line to bypass certificates for local development\n - ./traefik/acme.json:/acme.json\n - ./cca-operator/templater.sh:/templater.sh\n - ./docker-compose/traefik-secrets.sh:/traefik-secrets.sh\n - ./traefik/entrypoint.sh:/entrypoint.sh\n networks:\n - ckan-multi\n entrypoint: [\"/bin/sh\", \"-c\", \"/entrypoint.sh\"]\n```\n\n### Expose port 5000 for CKAN\n\nIn your project specific `docker-compose` file, you must expose port 5000 for CKAN. Otherwise, CKAN will not be accessible from the host machine. For example, if you want to run `.docker-compose.vital-strategies-theme.yaml` locally, you would add the ports section as shown below:\n\n```\n ckan:\n depends_on:\n - datapusher\n links:\n - datapusher\n image: viderum/ckan-cloud-docker:ckan-latest-vital-strategies-theme\n build:\n context: ckan\n args:\n CKAN_BRANCH: ckan-2.10.4\n EXTRA_PACKAGES: cron\n EXTRA_FILESYSTEM: \"./overrides/vital-strategies/filesystem/\"\n POST_INSTALL: |\n install_standard_ckan_extension_github -r datopian/ckanext-querytool -b cc6c8e6f19f59e6842d370bf7ac87d94e37a2831 \u0026\u0026\\\n install_standard_ckan_extension_github -r ckan/ckanext-geoview \u0026\u0026 \\\n install_standard_ckan_extension_github -r datopian/ckanext-sentry -b 2.10 \u0026\u0026 \\\n install_standard_ckan_extension_github -r datopian/ckanext-gtm \u0026\u0026 \\\n install_standard_ckan_extension_github -r datopian/ckanext-s3filestore -b ckan-2.10 \u0026\u0026 \\\n cd ~/venv/src/ckanext-querytool \u0026\u0026 ~/venv/bin/python setup.py compile_catalog -l en -f \u0026\u0026 \\\n cd ~/venv/src/ckanext-querytool \u0026\u0026 ~/venv/bin/python setup.py compile_catalog -l es -f \u0026\u0026 \\\n cd ~/venv/src/ckanext-querytool \u0026\u0026 ~/venv/bin/python setup.py compile_catalog -l fr -f \u0026\u0026 \\\n cd ~/venv/src/ckanext-querytool \u0026\u0026 ~/venv/bin/python setup.py compile_catalog -l km -f \u0026\u0026 \\\n cd ~/venv/src/ckanext-querytool \u0026\u0026 ~/venv/bin/python setup.py compile_catalog -l pt_BR -f \u0026\u0026 \\\n cd ~/venv/src/ckanext-querytool \u0026\u0026 ~/venv/bin/python setup.py compile_catalog -l zh_Hans_CN -f\n environment:\n - CKAN_CONFIG_TEMPLATE_PREFIX=vital-strategies-theme-\n # ports: # Uncomment these lines expose CKAN on localhost for local development\n # - 5000:5000\n```\n\n### Hosts file entries\n\nWhen using this environment locally, you must add the following entries to your hosts file (`nginx` is mentioned in the next section, but `ckan` is specific to the development and testing setup):\n\n```\n127.0.0.1 nginx\n127.0.0.1 ckan\n```\n\n## Running a CKAN instance using the docker-compose environment\n\n(optional) Clear any existing compose environment to ensure a fresh start\n\n```\ndocker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.datagov-theme.yaml down -v\n```\n\nPull the latest images\n\n```\ndocker-compose pull\n```\n\nStart the Docker compose environment\n\n```\ndocker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.datagov-theme.yaml up -d nginx\n```\n\nAdd a hosts entry mapping domain `nginx` to `127.0.0.1`:\n\n```\n127.0.0.1 nginx\n```\n\nWait a few seconds until CKAN api responds successfully:\n\n```\ncurl http://nginx:8080/api/3\n```\n\nCreate a CKAN admin user\n\n```\ndocker-compose exec ckan ckan-paster --plugin=ckan \\\n sysadmin add -c /etc/ckan/ckan.ini admin password=12345678 email=admin@localhost\n```\n\nLogin to CKAN at http://nginx:8080 with username `admin` and password `12345678`\n\nTo start the jobs server for uploading to the datastore DB:\n\n```\ndocker-compose up -d jobs\n```\n\n### Optionally, use make commands\n\nThe following commands use the `vital-strategies` project template as an example. Replace `vital-strategies` with the name of your project template. **Note**: Using the commands below still requires adding `nginx` to your hosts file as shown above.\n\nBuild the images:\n\n```\nmake build O=vital-strategies\n```\n\nStart the environment (this will also build the images if they haven't been built yet):\n\n```\nmake start O=vital-strategies\n```\n\nStop the environment:\n\n```\nmake stop O=vital-strategies\n```\n\nEnter a container:\n\n```\nmake shell O=vital-strategies S=SERVICE_NAME\n```\n\nMake a user:\n\n```\nmake user O=vital-strategies U=USER_NAME P=PASSWORD E=EMAIL\n```\n\nMake a user a sysadmin:\n\n```\nmake sysadmin O=vital-strategies U=USER_NAME\n```\n\nRemove the containers and volumes:\n\n```\nmake remove O=vital-strategies\n```\n\nRemove the associated images:\n\n```\nmake remove-images O=vital-strategies\n```\n\nCompletely remove and then rebuild the environment (this will remove containers, volumes, and images):\n\n```\nmake clean-rebuild O=vital-strategies\n```\n\n## Making modifications to the docker images / configuration\n\nEdit any file in this repository\n\n(Optional) depending on the changes you made, you might need to destroy the current environment\n\n```\ndocker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.datagov-theme.yaml down -v\n```\n\n(if you want to keep your volumes, for example if you populated the database with data you want\nto keep, you need to drop the `-v` part from the command)\n\nBuild the docker images\n\n```\ndocker-compose build | grep \"Successfully tagged\"\n```\n\nStart the environment\n\n```\ndocker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.datagov-theme.yaml up -d nginx\n```\n\n\n## Create a predefined docker-compose override configuration\n\nThis allows to test different CKAN configurations and extension combinations\n\nDuplicate the CKAN default configuration:\n\n```\ncp docker-compose/ckan-conf-templates/ckan.ini.template \\\n docker-compose/ckan-conf-templates/my-ckan-ckan.ini.template\n```\n\nEdit the duplicated file and modify the settings, e.g. add the extensions to the `plugins` configuration and any additional required extension configurations.\n\nCreate a docker-compose override file e.g. `.docker-compose.my-ckan.yaml`:\n\n```\nversion: '3.2'\n\nservices:\n jobs:\n build:\n context: ckan\n args:\n # install extensions / dependencies\n POST_INSTALL: |\n install_standard_ckan_extension_github -r ckan/ckanext-spatial \u0026\u0026\\\n install_standard_ckan_extension_github -r ckan/ckanext-harvest \u0026\u0026\\\n install_standard_ckan_extension_github -r GSA/ckanext-geodatagov \u0026\u0026\\\n install_standard_ckan_extension_github -r GSA/ckanext-datagovtheme\n # other initialization\n POST_DOCKER_BUILD: |\n mkdir -p /var/tmp/ckan/dynamic_menu\n environment:\n # used to load the modified CKAN configuration\n - CKAN_CONFIG_TEMPLATE_PREFIX=my-ckan-\n ckan:\n build:\n context: ckan\n args:\n # install extensions / dependencies\n POST_INSTALL: |\n install_standard_ckan_extension_github -r ckan/ckanext-spatial \u0026\u0026\\\n install_standard_ckan_extension_github -r ckan/ckanext-harvest \u0026\u0026\\\n install_standard_ckan_extension_github -r GSA/ckanext-geodatagov \u0026\u0026\\\n install_standard_ckan_extension_github -r GSA/ckanext-datagovtheme\n # other initialization\n POST_DOCKER_BUILD: |\n mkdir -p /var/tmp/ckan/dynamic_menu\n environment:\n # used to load the modified CKAN configuration\n - CKAN_CONFIG_TEMPLATE_PREFIX=my-ckan-\n```\n\nStart the docker-compose environment with the modified config:\n\n```\ndocker-compose -f docker-compose.yaml -f .docker-compose.my-ckan.yaml up -d --build nginx\n```\n\nYou can persist the modified configurations in Git for reference and documentation.\n\nFor example, to start the datagov-theme configuration:\n\n```\ndocker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.datagov-theme.yaml up -d --build nginx\n```\n\n## External database server\n\nTo use another database server, you will need to provide a `SQLACHEMY_URL` value by hand, by adding it\nto `docker-compose/ckan-secrets.sh` first.\n\nAfter specifying the address of the new server, you need to start the CKAN instance, this time without adding a db layer.\nFor example, to start a custom configuration without starting up the database:\n\n```\ndocker-compose -f docker-compose.yaml -f .docker-compose.custom-theme.yaml up -d --build nginx\n```\n\n\n## Running cca-operator\n\nsee [cca-operator README](cca-operator/README.md)\n\n\n## Run the Jenkins server\n\n```\ndocker-compose up -d jenkins\n```\n\nLogin at http://localhost:8089\n\n\n## Running the cloud provisioning API\n\nStart the cca-operator server (see [cca-operator README](cca-operator/README.md))\n\nStart the cloud provisioning API server with the required keys\n\n```\nexport PRIVATE_SSH_KEY=\"$(cat docker-compose/cca-operator/id_rsa | while read i; do echo \"${i}\"; done)\"\nexport PRIVATE_KEY=\"$(cat docker-compose/provisioning-api/private.pem | while read i; do echo \"${i}\"; done)\"\nexport PUBLIC_KEY=\"$(cat docker-compose/provisioning-api/public.pem | while read i; do echo \"${i}\"; done)\"\n\ndocker-compose up -d --build provisioning-api\n```\n\n## Testing the centralized DB\n\nCreate a bash alias to run docker-compose with the centralized configuration\n\n```\nalias docker-compose=\"`which docker-compose` -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose-centralized.yaml\"\n```\n\nStart a clean environment with only the db and solr cloud -\n\n```\ndocker-compose down -v\ndocker-compose up -d db solr\n```\n\nSet the instance id which is used for database names and the solr core name\n\n```\nINSTANCE_ID=test1\n```\n\nCreate the dbs\n\n```\ndocker-compose run --rm cca-operator -c \"source functions.sh; PGPASSWORD=123456 create_db db postgres ${INSTANCE_ID} 654321\" \u0026\u0026\\\ndocker-compose run --rm cca-operator -c \"source functions.sh; PGPASSWORD=123456 create_datastore_db db postgres ${INSTANCE_ID} ${INSTANCE_ID}-datastore 654321 ${INSTANCE_ID}-datastore-readonly 654321\"\n```\n\nCreate the solrcloud collection\n\n```\ndocker-compose exec solr bin/solr create_collection -c ${INSTANCE_ID} -d ckan_default -n ckan_default\n```\n\nStart ckan\n\n```\ndocker-compose up -d --force-recreate jobs\n```\n\nby default it uses `test1` as the INSTANCE_ID, to modify, override the ckan secrets.sh\n\nYou might need to reload the solr collection after recreate:\n\n```\ncurl \"http://localhost:8983/solr/admin/collections?action=RELOAD\u0026name=${INSTANCE_ID}\u0026wt=json\"\n```\n\n## Migrating to CKAN 2.10 and Python 3\n\n\u003e**Note**: As of January 1, 2020, Python 2 is no longer officially supported. If you're running CKAN 2.7 with Python 2, it's highly recommended to migrate to CKAN 2.10 with Python 3. The latest version of this repo also no longer supports CKAN \u003c 2.10 and Python \u003c 3. If you must stick with those versions for now, you will need to maintain your local copy of this repo yourself.\n\nAll of the following commands should be run in `ckan-cloud-docker` (unless stated otherwise). In the examples below, I'm using the `vital-strategies` project template as an example. Replace `vital-strategies` with the name of your project template.\n\n\u003e**Note**: Depending on any custom configurations you have, you might need to adjust the variables in `db/migration/upgrade_databases.sh` (and others, such as your custom `docker-compose` file, or your custom `.ini` file) to match your setup.\n\n\u003e**Important**: While following the migration steps, you will create backups of the DBs to migrate to the new upgraded CKAN instance. A more robust backup is recommended, in the case that you need to revert to the old CKAN 2.7 instance. It's recommended to either take a snapshot (or similar) of your server before beginning the migration, or to make a full copy of `/var/lib/docker` (or wherever your Docker data is stored) to ensure you can revert if needed. If your cloud server doesn't have space to store the copy (the copy will likely require at least 50GB of free space), you will need to copy it to another server or storage location (e.g., S3, Google Cloud Storage, or locally using `scp`, `rsync`, etc.). For steps on how to revert to the old CKAN 2.7 instance _without_ a full system or Docker data backup, see the [Reverting to the old CKAN 2.7 instance](#reverting-to-the-old-ckan-27-instance) section below.\n\n1. Start up your _current_ instance (if it's not running already, **don't pull the latest changes yet**): `make start O=vital-strategies`\n2. Reset any repo changes that might have accidentally been commited: `git reset --mixed HEAD`\n3. Create a diff file with any changes in the current branch (for example, values manually added to `.ini` files, etc.—this file will be read later in a script): `git diff \u003e configs.diff`\n4. Stash all local changes: `git stash`\n5. Pull the latest changes: `git pull` (**Important**: Don't stop your instance yet—make sure it's still running when you pull this, as you need to run the next few commands on your _current_ instance, and the commands only exist in the latest codebase)\n6. Run the config updater script: `make config-upgrade` (this will output any variables that have changed—you will need to enter these values when you run `make secret` later)\n7. Backup the DBs: `make backup-db O=vital-strategies` (confirm that you have `ckan.dump`, `datastore.dump` and `ckan_data.tar.gz` in the current directory after running this command—you can use `ls *.dump` and `ls *.tar.gz` to confirm that the files exist)\n8. Stop the containers: `make stop O=vital-strategies`\n9. (optional and not recommended) If you don't want to use [DataPusher+](https://github.com/dathere/datapusher-plus), you will need to export the following variable every time you start, stop, or build CKAN: `export DATAPUSHER_TYPE=datapusher`\n10. Create secrets: `make secret` (follow the prompts and make sure to add any values that were output from the config updater script in step 6)\n11. Clean and rebuild: `make clean-rebuild O=vital-strategies`\n12. Run the upgrade script: `make upgrade-db O=vital-strategies`\n - If you have set custom DB names and users, you will need to pass in these options as needed: `make upgrade-db O=vital-strategies CKAN_DB_NAME=\u003cCKAN_DB_NAME\u003e DB_USERNAME=\u003cDB_USERNAME\u003e CKAN_DB_USERNAME=\u003cCKAN_DB_USERNAME\u003e DATASTORE_DB_NAME=\u003cDATASTORE_DB_NAME\u003e DATASTORE_DB_USERNAME=\u003cDATASTORE_DB_USERNAME\u003e`— the default values are: `CKAN_DB_NAME=ckan`, `DB_USERNAME=postgres`, `CKAN_DB_USERNAME=ckan`, `DATASTORE_DB_NAME=datastore`, `DATASTORE_DB_USERNAME=postgres`\n - Copy the API token that's output at the end for step 10 \n13. Stop the containers: `make stop O=vital-strategies`\n14. Run `make secret` again and paste the token when prompted (step 13—\"Enter Datapusher API token\")\n15. (optional) If you use extensions like Sentry, S3filestore, or Google Analytics, you will need to manually re-enable them in your `.ini` file (for example, `docker-compose/ckan-conf-templates/vital-strategies-theme-ckan.ini.template`). This is because these plugins cannot be enabled on the first run of the new CKAN instance, as the DB will not initialize properly. You can enable them by adding the following lines to your `.ini` file. If you have a custom theme extension, e.g., `querytool`, it must be the last item in the list. For example, if you want to add all 3 of the examples I mentioned, you would update the following line:\n ```\n ckan.plugins = image_view text_view recline_view datastore datapusher resource_proxy geojson_view querytool\n ```\n to:\n ```\n ckan.plugins = image_view text_view recline_view datastore datapusher resource_proxy geojson_view sentry s3filestore googleanalytics querytool\n ```\n **Note**: To edit the file, you will need to use `nano`, `vi` or another command line text editor. Both `nano` and `vi` should be available on most modern Linux operating systems by default. `nano` is recommended for less experienced users, as it's more user-friendly. Your `.ini` file will be located in `docker-compose/ckan-conf-templates/\u003cYOUR_PROJECT\u003e-theme-ckan.ini.template`.\n\n To open and edit the file with `nano`, run `nano docker-compose/ckan-conf-templates/vital-strategies-theme-ckan.ini.template`. Make your changes, and then, to save and exit, press `ctrl` + `x`, then `y`, then `enter`. If you make a mistake, press `ctrl` + `x`, then `n` to exit without saving.\n\n To open and edit the file with `vi`, run `vi docker-compose/ckan-conf-templates/vital-strategies-theme-ckan.ini.template`. To edit the file, press `i` to enter insert mode. To save and exit, press `esc` to exit insert mode, then type `:wq` and press `enter`. If you make a mistake, press `esc` to exit insert mode, then type `:q!` and press `enter` to exit without saving.\n16. Start the containers: `make start O=vital-strategies`\n17. Test and confirm that the migration was successful\n\n\u003e**Note**: After the migration, the first time you visit the DataStore tab for any pre-existing resources, you might see \"Error: cannot connect to datapusher\". If you click \"Upload to DataStore\", this error should go away and the process will complete as expected. It's not necessary to go through the resources and remove this error message, as there's actually no issue with DataStore/DataPusher and your old data (it's there and should be working fine)—it's just a UI bug due to switching DBs, which confuses DataPusher. It will work as expected for both existing and new resources.\n\n### Reverting to the old CKAN 2.7 instance\n\n\u003e**Important**: It's recommended to make copies of `ckan.dump`, `datastore.dump` and `ckan_data.tar.gz` and move them off of the server, if possible. If anything goes wrong, and you must revert to the old CKAN 2.7 instance, you can restore it by following the steps below:\n\n1. Stop the containers: `make stop O=vital-strategies`\n2. Checkout the last CKAN 2.7 commit: `git checkout d3bdc178a1726ada331b47157b92123cdec82b12`\n3. Create secrets (you probably don't need to do this, but go through the process and make sure your previously entered values are correct): `make secret` (follow the prompts)\n4. Clean and rebuild: `make clean-rebuild O=vital-strategies`\n5. Restore the DBs (_note_: the prior version of this repo doesn't have a command for this—you must do it manually):\n 1. Restore the CKAN DB: `docker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.\u003cYOUR_PROJECT\u003e-theme.yaml exec -T db pg_restore -U postgres --verbose --create --clean --if-exists -d postgres \u003c ckan.dump`\n 2. Restore the DataStore DB: `docker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.\u003cYOUR_PROJECT\u003e-theme.yaml exec -T datastore-db pg_restore -U postgres --verbose --create --clean --if-exists -d postgres \u003c datastore.dump`\n 3. Restore the CKAN data:\n 1. `docker cp ckan_data.tar.gz $(docker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.\u003cYOUR_PROJECT\u003e-theme.yaml ps -q ckan):/tmp/ckan_data.tar.gz`\n 2. `docker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.\u003cYOUR_PROJECT\u003e-theme.yaml exec -T ckan bash -c \"tar -xzf /tmp/ckan_data.tar.gz -C /tmp/ \u0026\u0026 cp -r /tmp/data/* /var/lib/ckan/data/ \u0026\u0026 chown -R ckan:ckan /var/lib/ckan/data\"`\n 4. Set datastore permissions:\n 1. Enter your `ckan` container: `docker-compose -f docker-compose.yaml -f .docker-compose-db.yaml -f .docker-compose.\u003cYOUR_PROJECT\u003e-theme.yaml exec ckan bash`\n 2. Create a new file in your `ckan` container, `ckan.sql`, with the following contents:\n ```\n \\connect \"datastore\"\n\n -- revoke permissions for the read-only user\n REVOKE CREATE ON SCHEMA public FROM PUBLIC;\n REVOKE USAGE ON SCHEMA public FROM PUBLIC;\n\n GRANT CREATE ON SCHEMA public TO \"postgres\";\n GRANT USAGE ON SCHEMA public TO \"postgres\";\n\n -- grant select permissions for read-only user\n GRANT CONNECT ON DATABASE \"datastore\" TO \"readonly\";\n GRANT USAGE ON SCHEMA public TO \"readonly\";\n\n -- grant access to current tables and views to read-only user\n GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"readonly\";\n\n -- grant access to new tables and views by default\n ALTER DEFAULT PRIVILEGES FOR USER \"postgres\" IN SCHEMA public\n GRANT SELECT ON TABLES TO \"readonly\";\n\n -- a view for listing valid table (resource id) and view names\n CREATE OR REPLACE VIEW \"_table_metadata\" AS\n SELECT DISTINCT\n substr(md5(dependee.relname || COALESCE(dependent.relname, '')), 0, 17) AS \"_id\",\n dependee.relname AS name,\n dependee.oid AS oid,\n dependent.relname AS alias_of\n -- dependent.oid AS oid\n FROM\n pg_class AS dependee\n LEFT OUTER JOIN pg_rewrite AS r ON r.ev_class = dependee.oid\n LEFT OUTER JOIN pg_depend AS d ON d.objid = r.oid\n LEFT OUTER JOIN pg_class AS dependent ON d.refobjid = dependent.oid\n WHERE\n (dependee.oid != dependent.oid OR dependent.oid IS NULL) AND\n (dependee.relname IN (SELECT tablename FROM pg_catalog.pg_tables)\n OR dependee.relname IN (SELECT viewname FROM pg_catalog.pg_views)) AND\n dependee.relnamespace = (SELECT oid FROM pg_namespace WHERE nspname='public')\n ORDER BY dependee.oid DESC;\n ALTER VIEW \"_table_metadata\" OWNER TO \"postgres\";\n GRANT SELECT ON \"_table_metadata\" TO \"readonly\";\n ```\n 3. While still in your `ckan` container, get your `sqlalchemy.url`: `cat /etc/ckan/production.ini | grep sqlalchemy.url` (for example, `postgresql://ckan:123456@db/ckan`)\n 4. Set the permissions by running: `cat ckan.sql | psql \u003cYOUR_SQLALCHEMY_URL\u003e` (for example, `cat ckan.sql | psql postgresql://ckan:123456@db/ckan`)","funding_links":[],"categories":["Shell","others"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatopian%2Fckan-cloud-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatopian%2Fckan-cloud-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatopian%2Fckan-cloud-docker/lists"}