Mercurial > sat_docs

comparison docker/base/Dockerfile @ 105:b69056368901

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
docker: images optimisation: - reduced the number of layers by grouping many instructions - moved stuff which don't change a lot at the beginning, and hg/apt at the end - scripts are not now in scripts/ subdirectories - prosody.cfg.lua is added using ADD instead of getting it online - .hg/dirstate is copied in base (backend) and libervia, so mercurial revision is known - removed lot of useless WORKDIR instruction, they are replaced by "cd" inside RUN instructions - cleaning (apt-clean, rm) is done on the same instruction as the one than generate the data, to avoid useless data in layers
author Goffi <goffi@goffi.org>
date Sun, 28 Feb 2016 02:01:20 +0100
parents 6e6274aa3916
children 8b228fd053bc
comparison
equal deleted inserted replaced
104:b59491821a8a 105:b69056368901
14 # BASE # 14 # BASE #
15 ######## 15 ########
16 16
17 ENV DEBIAN_FRONTEND noninteractive 17 ENV DEBIAN_FRONTEND noninteractive
18 18
19 RUN apt-get update 19 ## Helping scripts ##
20 RUN apt-get upgrade -y 20 # Following scripts make the configuration as automatic and easy as possible
21 RUN apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial python-pip 21 COPY scripts/set_account_domain scripts/sat scripts/add_host scripts/dbus_wrap scripts/prosodyctl /usr/local/bin/
22 RUN apt-get clean 22
23 RUN chown root:root /usr/local/bin/set_account_domain && \
24 chmod 0555 /usr/local/bin/set_account_domain && \
25 chown root:root /usr/local/bin/sat && \
26 chmod 0500 /usr/local/bin/sat && \
27 chown root:root /usr/local/bin/add_host && \
28 chmod 0555 /usr/local/bin/add_host && \
29 chown root:root /usr/local/bin/prosodyctl && \
30 chmod 0555 /usr/local/bin/prosodyctl && \
31 chown root:root /usr/local/bin/dbus_wrap && \
32 chmod 0555 /usr/local/bin/dbus_wrap && \
33
34 # it's better to have a dedicated user
35 useradd -m sat && \
36
37 # will be used to put many SàT specific data
38 mkdir -p /usr/share/sat && \
39 mkdir /usr/share/sat/certificates && \
40 addgroup tls-cert --gid 9999 && \
41 chown :tls-cert /usr/share/sat/certificates && \
42 chmod 2770 /usr/share/sat/certificates && \
43 adduser sat tls-cert
44
45 RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial python-pip && apt-get clean && \
23 46
24 # dokuwiki module is needed for the blog importer 47 # dokuwiki module is needed for the blog importer
25 RUN pip install dokuwiki 48
49 pip install dokuwiki && \
50
51 # we need a TCP socket for D-Bus
52 sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n <auth>ANONYMOUS</auth>\n <allow_anonymous/>&" /etc/dbus-1/session.conf && \
26 53
27 # we need UTF-8 locale 54 # we need UTF-8 locale
28 RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen 55 sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen
29 RUN locale-gen 56
30 ENV LC_ALL en_US.UTF-8 57 ENV LC_ALL en_US.UTF-8
31
32 # it's better to have a dedicated user
33 RUN useradd -m sat
34
35 # will be used to put many SàT specific data
36 RUN mkdir -p /usr/share/sat
37 RUN mkdir /usr/share/sat/certificates
38 RUN addgroup tls-cert --gid 9999 && chown :tls-cert /usr/share/sat/certificates && chmod 2770 /usr/share/sat/certificates
39 RUN adduser sat tls-cert
40 58
41 ################ 59 ################
42 # URWID SÀTEXT # 60 # URWID SÀTEXT #
43 ################ 61 ################
44 62
45 WORKDIR /tmp 63 RUN cd /tmp && \
46 64
47 RUN hg clone https://repos.goffi.org/urwid-satext 65 hg clone https://repos.goffi.org/urwid-satext && cd urwid-satext && \
48 66 python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages && \
49 WORKDIR urwid-satext 67 rm -rf urwid-satext && \
50
51 RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages
52
53 WORKDIR /tmp
54
55 RUN rm -rf urwid-satext
56 68
57 ##################### 69 #####################
58 # CORE INSTALLATION # 70 # CORE INSTALLATION #
59 ##################### 71 #####################
60 72
61 WORKDIR /tmp 73 hg clone https://repos.goffi.org/sat && cd sat && \
62 74 python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages && \
63 RUN hg clone https://repos.goffi.org/sat 75 # we copy .hg/dirstate so SàT can get repository version
64 76 # TODO: should be done in setup.py in the future
65 WORKDIR sat 77 cp --parents .hg/dirstate /usr/lib/python2.7/dist-packages/sat && \
66 78 cd /tmp && rm -rf sat && \
67 RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages
68
69 WORKDIR /tmp
70
71 RUN rm -rf sat
72 79
73 ###################### 80 ######################
74 # SàT CONFIGURATION # 81 # SàT CONFIGURATION #
75 ###################### 82 ######################
76 83
77 # Following scripts make the configuration as automatic and easy as possible
78
79 # we want .pid files in /tmp so they are removed if container are deleted 84 # we want .pid files in /tmp so they are removed if container are deleted
80 RUN echo '[DEFAULT]\npid_dir=/tmp' >> /etc/sat.conf 85 echo '[DEFAULT]\npid_dir=/tmp\n\n\
81
82 # we auto-create libervia account if it doesn't exists in Libervia container 86 # we auto-create libervia account if it doesn't exists in Libervia container
83 # so we remove it from reserved_list in plugin account 87 # so we remove it from reserved_list in plugin account
84 RUN echo '\n[plugin account]\nreserved_list=' >> /etc/sat.conf 88 [plugin account]\nreserved_list=' >> /etc/sat.conf
85
86 # This script set account domain in sat.conf if not already set
87 # if not set, domain is got from prosody container or DOMAIN environment variable
88 RUN echo '#!/usr/bin/env python2\n\
89 import os, os.path, xmlrpclib, ConfigParser, socket, subprocess\n\
90 from sat.core.constants import Const as C\n\
91 from sat.tools import config as sat_config\n\
92 SECTION = "plugin account"\n\
93 OPTION = "new_account_domain"\n\
94 CONFIG_PATH = "/home/sat/.config/sat/sat.conf"\n\
95 try:\n\
96 os.makedirs(os.path.dirname(CONFIG_PATH))\n\
97 except OSError:\n\
98 pass\n\
99 config = ConfigParser.SafeConfigParser()\n\
100 config.read(C.CONFIG_FILES)\n\
101 domain = sat_config.getConfig(config, SECTION, OPTION)\n\
102 if domain is None:\n\
103 os.getenv("DOMAIN")\n\
104 if domain is None:\n\
105 proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
106 try:\n\
107 if "prosody" not in open("/etc/hosts").read():\n\
108 raise socket.gaierror # this avoid waiting for timeout if prosody is not linked\n\
109 domain = proxy.getenv("DOMAIN")\n\
110 except socket.gaierror:\n\
111 print "No prosody container connected or known domain, using \"localhost\" for new domains"\n\
112 domain = "localhost"\n\
113 config = ConfigParser.SafeConfigParser()\n\
114 config.readfp(open(CONFIG_PATH, "a+"))\n\
115 try:\n\
116 config.add_section(SECTION)\n\
117 except ConfigParser.DuplicateSectionError:\n\
118 pass\n\
119 config.set(SECTION, OPTION, domain)\n\
120 config.write(open(CONFIG_PATH, "w"))\n\
121 subprocess.call(["add_host", domain, "prosody"])\n\
122 for subdomain in ("chat", "proxy", "upload", "pubsub", "salut"):\n\
123 subprocess.call(["add_host", "{}.{}".format(subdomain, domain), "prosody"])\n\
124 ' > /usr/local/bin/set_account_domain && chmod 0555 /usr/local/bin/set_account_domain
125
126 # account domain is set, then sat is launched with D-Bus activated
127 RUN echo '#!/bin/sh\n\
128 chmod a+w /etc/hosts\n\
129 su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat\n\
130 '> /usr/local/bin/sat && chmod 0500 /usr/local/bin/sat
131
132 # this script add aliases to /etc/hosts
133 RUN echo '#!/usr/bin/env python2\n\
134 import sys, re\n\
135 if len(sys.argv) < 2 or len(sys.argv) > 3:\n\
136 sys.exit(1)\n\
137 host = sys.argv[1]\n\
138 alias = sys.argv[2] if len(sys.argv) == 3 else "localhost"\n\
139 if host == "localhost" or host == alias:\n\
140 sys.exit(0)\n\
141 print "Adding host {} as an alias of {}".format(host, alias)\n\
142 with open("/etc/hosts", "r+") as f:\n\
143 buf = re.sub(r"\\b{}\\b".format(alias), "{}\\t{}".format(alias, host), f.read(), 1)\n\
144 f.seek(0)\n\
145 f.write(buf)\
146 ' > /usr/local/bin/add_host && chmod 0555 /usr/local/bin/add_host
147
148 # This script simulate prosodyctl adduser/passwd/deluser and call it on the prosody container
149 RUN echo '#!/usr/bin/env python2\n\
150 import sys, xmlrpclib\n\
151 proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
152 def pwd():\n\
153 pwd1=raw_input(); pwd2=raw_input(); assert pwd1==pwd2\n\
154 return pwd1\n\
155 password = pwd() if sys.argv[1] in ["adduser", "passwd"] else ""\n\
156 sys.exit(proxy.prosodyctl(sys.argv[1], sys.argv[2], password))\n\
157 ' > /usr/local/bin/prosodyctl
158
159 #########
160 # D-Bus #
161 #########
162
163 # we need a TCP socket
164 RUN sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n <auth>ANONYMOUS</auth>\n <allow_anonymous/>&" /etc/dbus-1/session.conf
165
166 # this script will launch the command with good D-BUS parameters
167 # it needs to be copied and made executable by frontends
168 RUN echo '#!/bin/sh\nexport DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4\nexec /usr/bin/$(basename "$0") "$@"' > /usr/local/bin/dbus_wrap
169 89
170 ########## 90 ##########
171 # LAUNCH # 91 # LAUNCH #
172 ########## 92 ##########
173 93