Mercurial > sat_docs
diff docker/prosody/Dockerfile @ 105:b69056368901
docker: images optimisation:
- reduced the number of layers by grouping many instructions
- moved stuff which don't change a lot at the beginning, and hg/apt at the end
- scripts are not now in scripts/ subdirectories
- prosody.cfg.lua is added using ADD instead of getting it online
- .hg/dirstate is copied in base (backend) and libervia, so mercurial revision is known
- removed lot of useless WORKDIR instruction, they are replaced by "cd" inside RUN instructions
- cleaning (apt-clean, rm) is done on the same instruction as the one than generate the data, to avoid useless data in layers
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 28 Feb 2016 02:01:20 +0100 |
| parents | 30f3f83d6959 |
| children | 470dafe3f5b6 |
line wrap: on
line diff
--- a/docker/prosody/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/prosody/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -10,41 +10,55 @@ MAINTAINER Goffi <goffi@goffi.org> +############################ +# AUTOMATIC CONFIGURATION # +############################ + + +COPY scripts/container_server scripts/prosody /usr/local/bin/ +RUN chown root:root /usr/local/bin/container_server && \ +chmod 0555 /usr/local/bin/container_server && \ +chown root:root /usr/local/bin/prosody && \ +chmod 0555 /usr/local/bin/prosody + ######## # BASE # ######## -RUN apt-get install -y --no-install-recommends lsb-release +RUN apt-get install -y --no-install-recommends lsb-release && \ + # we add prosody repository and key -RUN echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list -RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' -RUN apt-get update +echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list && \ +python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' && \ +apt-get update && \ + # and install prosody and apg (to generate passwords) -RUN apt-get install -y apg prosody-0.10 -RUN apt-get clean -# prosody use need to access (and write) certificates -RUN adduser prosody tls-cert +apt-get install -y apg prosody-0.10 && \ +apt-get clean && \ + +# prosody user need to access (and write) certificates +adduser prosody tls-cert && \ + +# prosody need to access /var/run to write it's pid +mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody ################### # PROSODY MODULES # ################### -WORKDIR /tmp -RUN hg clone https://hg.prosody.im/prosody-modules/ prosody-modules -WORKDIR prosody-modules -RUN for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done -WORKDIR /tmp -RUN rm -rf prosody-modules +RUN cd /tmp && \ +hg clone https://hg.prosody.im/prosody-modules/ prosody-modules && \ +cd prosody-modules && \ +for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done && \ +cd /tmp && rm -rf prosody-modules ################# # CONFIGURATION # ################# -WORKDIR /etc/prosody -RUN mkdir prosody_sat_cfg -# we keep up-to-date configuration for this image on the repository -RUN python -c 'import urllib2;f=open("prosody_sat_cfg/prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())' -RUN ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua +ADD prosody.cfg.lua /etc/prosody/prosody_sat_cfg/ +RUN cd /etc/prosody && chown -R prosody:prosody prosody_sat_cfg && \ +ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua && \ ############### # CERTIFICATE # @@ -53,67 +67,22 @@ # We want to use the certificates in /usr/share/sat/certificates # and we don't want any certificate in the image, # they'll be generated at launch or mounted in container -RUN rm -rf /etc/localhost.key /etc/prosody/certs/* - -############################ -# AUTOMATIC CONFIGURATION # -############################ - -# this script allow to call prosodyctl and get configuration variables from linked containers -RUN echo '#!/usr/bin/env python2\n\ -import subprocess, SimpleXMLRPCServer, os\n\ -def prosodyctl(command, profile, pwd):\n\ - process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE)\n\ - if pwd:\n\ - process.communicate("%s\\n%s"%(pwd,pwd))\n\ - return process.wait()\n\ -def getenv(variable):\n\ - assert variable in ("SAT_PUBSUB_SECRET","SAT_SALUT_SECRET","DOMAIN")\n\ - return os.getenv(variable)\n\ -server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\ -server.register_function(prosodyctl, "prosodyctl")\n\ -server.register_function(getenv, "getenv")\n\ -server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server - -# the following script is used to automatically generate passwords for components and certificate -RUN echo '#!/bin/sh\n\ -export SAT_PUBSUB_SECRET=$(apg -n 1)\n\ -export SAT_SALUT_SECRET=$(apg -n 1)\n\ -if [ -z $DOMAIN ]; then\n\ - export DOMAIN="libervia.int"\n\ -fi\n\ -container_server&\n\ -echo "domain used: $DOMAIN\n"\n\ -if [ ! -f "/usr/share/sat/certificates/libervia.key" -o ! -f "/usr/share/sat/certificates/libervia.crt" ]; then\n\ - echo "No certificate found, we generate one"\n\ - openssl req -new -x509 -days 1825 -nodes -out "/usr/share/sat/certificates/libervia.crt"\ - -newkey rsa:4096 -keyout "/usr/share/sat/certificates/libervia.key" -subj "/C=AU/CN=$DOMAIN"\n\ -fi\n\ -/usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody +rm -rf /etc/localhost.key /etc/prosody/certs/* ######### # PORTS # ######### -# client to server (C2S) -EXPOSE 5222 - -# server to server (S2S) -EXPOSE 5269 - -# HTTP upload -EXPOSE 5280 - -# HTTP upload (HTTPS) -EXPOSE 5281 +# client to server (C2S), +# server to server (S2S), +# HTTP upload, +# and HTTP upload (HTTPS) +EXPOSE 5222 5269 5280 5281 ########## # LAUNCH # ########## -# prosody need to access /var/run to write it's pid -RUN mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody - USER prosody ENTRYPOINT ["prosody"]