# HG changeset patch # User Goffi # Date 1455305064 -3600 # Node ID 686a8c982c3ff4700fba4a56cbf7cfad5cbc27f7 # Parent 694fd34ff0b3dc90bcd84e8c7f7a5fb19073d267 docker: updated Dockerfiles: - use HTTPS URLs instead of HTTP - prosody image know use prosody Debian repository instead of Debian Jessie version, prosody 0.10 is used - prosody configuration is now in prosody directory next to Dockerfile, instead of using difficult to maintain sed calls - community modules are downloaded from mercurial, and only needed ones are kept - no more remote-roster hack \o/ - pubsub component is not at pubsub.[domain] (was sat-pubsub before) - SàT media are gotten from hg instead of ftp, so they are up-to-date with SàT version - libervia image now use pip for txJSON-RPC - fixed now needed jinja2 installation - fixed libervia/admin accounts auto-creation script - fixed uid/gid for prosody in data image - removed not needed anymore nox option in base image - added python-pip in base image - docker images now work with current dev version (0.6.0D) diff -r 694fd34ff0b3 -r 686a8c982c3f docker/README --- a/docker/README Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/README Fri Feb 12 20:24:24 2016 +0100 @@ -1,9 +1,9 @@ Salut à Toi Docker files -(c) Jérôme Poisson aka Goffi 2014 +(c) Jérôme Poisson aka Goffi 2014-2016 This directory and all subdirectories are files to manage Salut à Toi or its related applications/frontends with Docker Salut à Toi is an XMPP multi-frontends multi-purposes client (see http://salut-a-toi.org) -All file in this directory or subdirectories are une AGPL v3+ +All file in this directory or subdirectories are under AGPL v3+ ############ diff -r 694fd34ff0b3 -r 686a8c982c3f docker/base/Dockerfile --- a/docker/base/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/base/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -18,7 +18,7 @@ RUN apt-get update RUN apt-get upgrade -y -RUN apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial +RUN apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial python-pip RUN apt-get clean # we need UTF-8 locale @@ -38,7 +38,7 @@ WORKDIR /tmp -RUN hg clone http://repos.goffi.org/urwid-satext +RUN hg clone https://repos.goffi.org/urwid-satext WORKDIR urwid-satext @@ -54,11 +54,11 @@ WORKDIR /tmp -RUN hg clone http://repos.goffi.org/sat +RUN hg clone https://repos.goffi.org/sat WORKDIR sat -RUN SAT_INSTALL=nox python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages +RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages WORKDIR /tmp @@ -74,8 +74,8 @@ # so we remove it from reserved_list in plugin account RUN echo '[plugin account]\nreserved_list=' >> /etc/sat.conf -# This script set account domain in sat.conf is not already set -# if not set, domain is gotted from prosody container or DOMAIN environment variable +# This script set account domain in sat.conf if not already set +# if not set, domain is got from prosody container or DOMAIN environment variable RUN echo '#!/usr/bin/env python2\n\ import os, xmlrpclib, ConfigParser, socket, subprocess\n\ from sat.core.constants import Const as C\n\ @@ -108,7 +108,7 @@ subprocess.call(["add_host", domain, "prosody"])\n\ ' > /usr/local/bin/set_account_domain && chmod 0555 /usr/local/bin/set_account_domain -# account domain is set, then sat is launcher with D-Bus activated +# account domain is set, then sat is launched with D-Bus activated RUN echo '#!/bin/sh\n\ chmod a+w /etc/hosts\n\ su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat\n\ diff -r 694fd34ff0b3 -r 686a8c982c3f docker/data/Dockerfile --- a/docker/data/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/data/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -18,7 +18,8 @@ VOLUME ["/home/sat"] # Prosody -RUN mkdir -p /var/lib/prosody && chown 106:110 /var/lib/prosody && chmod 0750 /var/lib/prosody +# we need to use number instead of name as data doesn't known prosody user +RUN mkdir -p /var/lib/prosody && chown 105:108 /var/lib/prosody && chmod 0750 /var/lib/prosody VOLUME ["/var/lib/prosody"] # Postgres database, used in SàT PubSub diff -r 694fd34ff0b3 -r 686a8c982c3f docker/jp/Dockerfile --- a/docker/jp/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/jp/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -14,7 +14,7 @@ # BASE # ######## -RUN apt-get install -y python-progressbar +RUN apt-get install -y --no-install-recommends python-progressbar RUN apt-get clean ######### diff -r 694fd34ff0b3 -r 686a8c982c3f docker/libervia/Dockerfile --- a/docker/libervia/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/libervia/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -14,17 +14,7 @@ # txJSON-RPC # ############## -WORKDIR /tmp/txjsonrpc - -# wget and tar are not installed, so we use python -RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("https://pypi.python.org/packages/source/t/txJSON-RPC/txJSON-RPC-0.3.1.tar.gz").read()));tar.extractall()' - -# we don't need setuptools, so we just install through python -RUN cd tx*; sed -i "s/from setuptools/from distutils.core/" setup.py; python setup.py install - -WORKDIR /tmp - -RUN rm -rf txjsonrpc +RUN pip install txJSON-RPC ########### # PYJAMAS # @@ -33,7 +23,7 @@ WORKDIR /usr/share # as the situation with pyjamas is complicated, we get the archive from our own ftp -RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("http://ftp.goffi.org/pyjamas/pyjamas.tar.bz2").read()));tar.extractall()' +RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("https://ftp.goffi.org/pyjamas/pyjamas.tar.bz2").read()));tar.extractall()' WORKDIR pyjamas @@ -47,7 +37,9 @@ WORKDIR /tmp -RUN hg clone http://repos.goffi.org/libervia +RUN apt-get install -y --no-install-recommends python-jinja2 + +RUN hg clone https://repos.goffi.org/libervia WORKDIR libervia @@ -76,7 +68,9 @@ sat.getReady()\n\ admin_email = sat.getConfig(account.CONFIG_SECTION, "admin_email") or account.default_conf["admin_email"]\n\ for profile in ["libervia", "admin"]:\n\ - if not sat.getProfileName(profile):\n\ + try:\n\ + sat.getProfileName(profile)\n\ + except Exception as e:\n\ print "{} profile doesn'\''t exists, creating it".format(profile)\n\ print "registering {}@{}".format(profile, sat.getNewAccountDomain())\n\ pwd = generate_pwd()\n\ @@ -84,7 +78,7 @@ config.fixConfigOption("libervia", "passphrase", pwd)\n\ elif profile == "admin":\n\ with open("/home/sat/ADMIN_PWD", "w") as f:\n\ - f.write("%s\n" % pwd)\n\ + f.write("%s\\n" % pwd)\n\ sat.registerSatAccount(admin_email, pwd, profile)\n\ os.execvp("libervia", ["libervia"] + sys.argv[1:])\n\ ' > /usr/bin/libervia_cont_launch && chmod 555 /usr/bin/libervia_cont_launch diff -r 694fd34ff0b3 -r 686a8c982c3f docker/media/Dockerfile --- a/docker/media/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/media/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -10,13 +10,18 @@ MAINTAINER Goffi -WORKDIR /usr/share/sat/media_tmp +WORKDIR /usr/share/sat + +RUN hg clone https://repos.goffi.org/sat_media media -# wget and tar are not installed, so we use python -RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("ftp://ftp.goffi.org/sat_media/sat_media.tar.bz2").read()));tar.extractall()' - -# The media_tmp complication is due to an AUFS bug, see https://github.com/docker/docker/issues/4570 -WORKDIR /usr/share/sat/ -RUN mv media_tmp/sat_media* media && rmdir media_tmp +# ftp workflow is kept below on purpose, but we use currently hg for media +# WORKDIR /usr/share/sat/media_tmp +# +# # wget and tar are not installed, so we use python +# RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("ftp://ftp.goffi.org/sat_media/sat_media.tar.bz2").read()));tar.extractall()' +# +# # The media_tmp complication is due to an AUFS bug, see https://github.com/docker/docker/issues/4570 +# WORKDIR /usr/share/sat/ +# RUN mv media_tmp/sat_media* media && rmdir media_tmp WORKDIR /home/sat diff -r 694fd34ff0b3 -r 686a8c982c3f docker/prosody/Dockerfile --- a/docker/prosody/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/prosody/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -14,77 +14,41 @@ # BASE # ######## -RUN apt-get install -y apg prosody +RUN apt-get install -y --no-install-recommends lsb-release +# we add prosody repository and key +RUN echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list +RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' +RUN apt-get update +# and install prosody and apg (to generate passwords) +RUN apt-get install -y apg prosody-0.10 RUN apt-get clean -###################### -# REMOTE ROSTER HACK # -###################### - -# This dirty hack is used temporarily in SàT to have nice features like fine permissions tuning -# see http://www.goffi.org/post/2012/06/24/Fine-access-tuning-for-PubSub -# A proper way is being working on, with new XEPs - -WORKDIR /usr/lib/prosody/modules -# wget/curl are not installed, so we use python -RUN python -c 'import urllib2;f=open("mod_remote_roster.lua","w");f.write(urllib2.urlopen("http://paste.debian.net/download/121248").read())' -WORKDIR /etc/prosody -# the hacked module must be activated -RUN sed -i 's/modules_enabled = {/\0\n\t-- SàT specific\n\t\t"remote_roster";/' prosody.cfg.lua - -###################### -# MISC CONFIGURATION # -###################### +################### +# PROSODY MODULES # +################### -# we want to run foreground -RUN sed -i 's/daemonize = true;/daemonize = false;/' prosody.cfg.lua - -# we listen the world for components (but we do *NOT* expose the port ! It's just for linked containers) -RUN sed -i 's/^----------- Virtual hosts -----------/component_interface="0.0.0.0"\n\n\0/' prosody.cfg.lua - -# we don't want to allow self registering, this is managed by a SàT plugin -RUN sed -i 's/"register"/--\0/' prosody.cfg.lua - -# announce is usefull on a Libervia instance -RUN sed -i 's/--"announce"/"announce"/' prosody.cfg.lua +WORKDIR /tmp +RUN hg clone https://hg.prosody.im/prosody-modules/ prosody-modules +WORKDIR prosody-modules +RUN for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done +WORKDIR /tmp +RUN rm -rf prosody-modules -# we use environment variable to get the domain -RUN sed -i 's/^admins =.*$/\nlocal domain = os.getenv("DOMAIN") or "libervia.int"\n\0/' prosody.cfg.lua - -# default admin is admin@DOMAIN -RUN sed -i 's/admins = { }/admins = { "admin@"..(domain) }/' prosody.cfg.lua +################# +# CONFIGURATION # +################# -# we can now set our virtualhost -RUN sed -i 's/^------ Components ------/VirtualHost (domain)\n\n\0/' prosody.cfg.lua - -# we want default, unsplitted logs -RUN python -c 'import re;f=open("prosody.cfg.lua","r+");buf=re.sub(r"^log =.*^}","",f.read(),1,re.DOTALL | re.MULTILINE);f.seek(0);f.write(buf);f.truncate()' +WORKDIR /etc/prosody +# we keep up-to-date configuration for this image on the repository +RUN python -c 'import urllib2;f=open("prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())' ############### # CERTIFICATE # ############### # We want to use the certificat in /usr/share/sat -RUN sed -i 's%key = "/etc/prosody/certs/localhost.key";%key = "/usr/share/sat/libervia.key";%; s%certificate = "/etc/prosody/certs/localhost.crt";%certificate = "/usr/share/sat/libervia.crt";%' prosody.cfg.lua - # but we do a link to be sure that there is a certificate -RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.cert /usr/share/sat/libervia.crt - -############## -# COMPONENTS # -############## - -# we activate the MUC component on chat.DOMAIN -RUN sed -i 's/--Component "conference.example.com" "muc"/Component ("chat."..domain) "muc"/' prosody.cfg.lua - -# and the SOCKS5 bytestream proxy on proxy.DOMAIN -RUN sed -i 's/--Component "proxy.example.com" "proxy65"/Component ("proxy."..domain) "proxy65"/' prosody.cfg.lua - -# SàT PubSub -RUN sed -i 's/^------ Additional/Component ("sat-pubsub."..domain)\n\tcomponent_secret = os.getenv("SAT_PUBSUB_SECRET")\n\n\0/' prosody.cfg.lua - -# Salut, SàT's directory component -RUN sed -i 's/^------ Additional/Component ("salut."..domain)\n\tcomponent_secret = os.getenv("SAT_SALUT_SECRET")\n\n\0/' prosody.cfg.lua +RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.crt /usr/share/sat/libervia.crt ############################ # AUTOMATIC CONFIGURATION # diff -r 694fd34ff0b3 -r 686a8c982c3f docker/salut/Dockerfile --- a/docker/salut/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/salut/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -31,7 +31,7 @@ WORKDIR /usr/share -RUN hg clone http://repos.goffi.org/salut sat_salut && chown -R sat:sat sat_salut +RUN hg clone https://repos.goffi.org/salut sat_salut && chown -R sat:sat sat_salut WORKDIR sat_salut diff -r 694fd34ff0b3 -r 686a8c982c3f docker/sat_pubsub/Dockerfile --- a/docker/sat_pubsub/Dockerfile Wed Feb 10 18:22:56 2016 +0100 +++ b/docker/sat_pubsub/Dockerfile Fri Feb 12 20:24:24 2016 +0100 @@ -27,12 +27,12 @@ domain = proxy.getenv("DOMAIN")\n\ secret = proxy.getenv("SAT_PUBSUB_SECRET")\n\ os.execlp("twistd", "twistd", "-n", "sat_pubsub", "--rhost", "prosody",\ - "--jid", "sat-pubsub.%s" % domain, "--secret", secret)\n\ + "--jid", "pubsub.%s" % domain, "--secret", secret)\n\ ' > /usr/local/bin/sat_pubsub && chmod 0555 /usr/local/bin/sat_pubsub WORKDIR /usr/share -RUN hg clone http://repos.goffi.org/sat_pubsub && chown -R sat:sat sat_pubsub +RUN hg clone https://repos.goffi.org/sat_pubsub && chown -R sat:sat sat_pubsub ############ # DATABASE #