Mercurial > sat_docs
comparison docker/prosody/Dockerfile @ 105:b69056368901
docker: images optimisation:
- reduced the number of layers by grouping many instructions
- moved stuff which don't change a lot at the beginning, and hg/apt at the end
- scripts are not now in scripts/ subdirectories
- prosody.cfg.lua is added using ADD instead of getting it online
- .hg/dirstate is copied in base (backend) and libervia, so mercurial revision is known
- removed lot of useless WORKDIR instruction, they are replaced by "cd" inside RUN instructions
- cleaning (apt-clean, rm) is done on the same instruction as the one than generate the data, to avoid useless data in layers
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 28 Feb 2016 02:01:20 +0100 |
| parents | 30f3f83d6959 |
| children | 470dafe3f5b6 |
comparison
equal
deleted
inserted
replaced
| 104:b59491821a8a | 105:b69056368901 |
|---|---|
| 8 | 8 |
| 9 FROM salutatoi/sat_pubsub:latest | 9 FROM salutatoi/sat_pubsub:latest |
| 10 | 10 |
| 11 MAINTAINER Goffi <goffi@goffi.org> | 11 MAINTAINER Goffi <goffi@goffi.org> |
| 12 | 12 |
| 13 ############################ | |
| 14 # AUTOMATIC CONFIGURATION # | |
| 15 ############################ | |
| 16 | |
| 17 | |
| 18 COPY scripts/container_server scripts/prosody /usr/local/bin/ | |
| 19 RUN chown root:root /usr/local/bin/container_server && \ | |
| 20 chmod 0555 /usr/local/bin/container_server && \ | |
| 21 chown root:root /usr/local/bin/prosody && \ | |
| 22 chmod 0555 /usr/local/bin/prosody | |
| 23 | |
| 13 ######## | 24 ######## |
| 14 # BASE # | 25 # BASE # |
| 15 ######## | 26 ######## |
| 16 | 27 |
| 17 RUN apt-get install -y --no-install-recommends lsb-release | 28 RUN apt-get install -y --no-install-recommends lsb-release && \ |
| 29 | |
| 18 # we add prosody repository and key | 30 # we add prosody repository and key |
| 19 RUN echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list | 31 echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list && \ |
| 20 RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' | 32 python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' && \ |
| 21 RUN apt-get update | 33 apt-get update && \ |
| 34 | |
| 22 # and install prosody and apg (to generate passwords) | 35 # and install prosody and apg (to generate passwords) |
| 23 RUN apt-get install -y apg prosody-0.10 | 36 apt-get install -y apg prosody-0.10 && \ |
| 24 RUN apt-get clean | 37 apt-get clean && \ |
| 25 # prosody use need to access (and write) certificates | 38 |
| 26 RUN adduser prosody tls-cert | 39 # prosody user need to access (and write) certificates |
| 40 adduser prosody tls-cert && \ | |
| 41 | |
| 42 # prosody need to access /var/run to write it's pid | |
| 43 mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody | |
| 27 | 44 |
| 28 ################### | 45 ################### |
| 29 # PROSODY MODULES # | 46 # PROSODY MODULES # |
| 30 ################### | 47 ################### |
| 31 | 48 |
| 32 WORKDIR /tmp | 49 RUN cd /tmp && \ |
| 33 RUN hg clone https://hg.prosody.im/prosody-modules/ prosody-modules | 50 hg clone https://hg.prosody.im/prosody-modules/ prosody-modules && \ |
| 34 WORKDIR prosody-modules | 51 cd prosody-modules && \ |
| 35 RUN for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done | 52 for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done && \ |
| 36 WORKDIR /tmp | 53 cd /tmp && rm -rf prosody-modules |
| 37 RUN rm -rf prosody-modules | |
| 38 | 54 |
| 39 ################# | 55 ################# |
| 40 # CONFIGURATION # | 56 # CONFIGURATION # |
| 41 ################# | 57 ################# |
| 42 | 58 |
| 43 WORKDIR /etc/prosody | 59 ADD prosody.cfg.lua /etc/prosody/prosody_sat_cfg/ |
| 44 RUN mkdir prosody_sat_cfg | 60 RUN cd /etc/prosody && chown -R prosody:prosody prosody_sat_cfg && \ |
| 45 # we keep up-to-date configuration for this image on the repository | 61 ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua && \ |
| 46 RUN python -c 'import urllib2;f=open("prosody_sat_cfg/prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())' | |
| 47 RUN ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua | |
| 48 | 62 |
| 49 ############### | 63 ############### |
| 50 # CERTIFICATE # | 64 # CERTIFICATE # |
| 51 ############### | 65 ############### |
| 52 | 66 |
| 53 # We want to use the certificates in /usr/share/sat/certificates | 67 # We want to use the certificates in /usr/share/sat/certificates |
| 54 # and we don't want any certificate in the image, | 68 # and we don't want any certificate in the image, |
| 55 # they'll be generated at launch or mounted in container | 69 # they'll be generated at launch or mounted in container |
| 56 RUN rm -rf /etc/localhost.key /etc/prosody/certs/* | 70 rm -rf /etc/localhost.key /etc/prosody/certs/* |
| 57 | |
| 58 ############################ | |
| 59 # AUTOMATIC CONFIGURATION # | |
| 60 ############################ | |
| 61 | |
| 62 # this script allow to call prosodyctl and get configuration variables from linked containers | |
| 63 RUN echo '#!/usr/bin/env python2\n\ | |
| 64 import subprocess, SimpleXMLRPCServer, os\n\ | |
| 65 def prosodyctl(command, profile, pwd):\n\ | |
| 66 process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE)\n\ | |
| 67 if pwd:\n\ | |
| 68 process.communicate("%s\\n%s"%(pwd,pwd))\n\ | |
| 69 return process.wait()\n\ | |
| 70 def getenv(variable):\n\ | |
| 71 assert variable in ("SAT_PUBSUB_SECRET","SAT_SALUT_SECRET","DOMAIN")\n\ | |
| 72 return os.getenv(variable)\n\ | |
| 73 server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\ | |
| 74 server.register_function(prosodyctl, "prosodyctl")\n\ | |
| 75 server.register_function(getenv, "getenv")\n\ | |
| 76 server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server | |
| 77 | |
| 78 # the following script is used to automatically generate passwords for components and certificate | |
| 79 RUN echo '#!/bin/sh\n\ | |
| 80 export SAT_PUBSUB_SECRET=$(apg -n 1)\n\ | |
| 81 export SAT_SALUT_SECRET=$(apg -n 1)\n\ | |
| 82 if [ -z $DOMAIN ]; then\n\ | |
| 83 export DOMAIN="libervia.int"\n\ | |
| 84 fi\n\ | |
| 85 container_server&\n\ | |
| 86 echo "domain used: $DOMAIN\n"\n\ | |
| 87 if [ ! -f "/usr/share/sat/certificates/libervia.key" -o ! -f "/usr/share/sat/certificates/libervia.crt" ]; then\n\ | |
| 88 echo "No certificate found, we generate one"\n\ | |
| 89 openssl req -new -x509 -days 1825 -nodes -out "/usr/share/sat/certificates/libervia.crt"\ | |
| 90 -newkey rsa:4096 -keyout "/usr/share/sat/certificates/libervia.key" -subj "/C=AU/CN=$DOMAIN"\n\ | |
| 91 fi\n\ | |
| 92 /usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody | |
| 93 | 71 |
| 94 ######### | 72 ######### |
| 95 # PORTS # | 73 # PORTS # |
| 96 ######### | 74 ######### |
| 97 | 75 |
| 98 # client to server (C2S) | 76 # client to server (C2S), |
| 99 EXPOSE 5222 | 77 # server to server (S2S), |
| 100 | 78 # HTTP upload, |
| 101 # server to server (S2S) | 79 # and HTTP upload (HTTPS) |
| 102 EXPOSE 5269 | 80 EXPOSE 5222 5269 5280 5281 |
| 103 | |
| 104 # HTTP upload | |
| 105 EXPOSE 5280 | |
| 106 | |
| 107 # HTTP upload (HTTPS) | |
| 108 EXPOSE 5281 | |
| 109 | 81 |
| 110 ########## | 82 ########## |
| 111 # LAUNCH # | 83 # LAUNCH # |
| 112 ########## | 84 ########## |
| 113 | 85 |
| 114 # prosody need to access /var/run to write it's pid | |
| 115 RUN mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody | |
| 116 | |
| 117 USER prosody | 86 USER prosody |
| 118 | 87 |
| 119 ENTRYPOINT ["prosody"] | 88 ENTRYPOINT ["prosody"] |