changeset 105:b69056368901

docker: images optimisation: - reduced the number of layers by grouping many instructions - moved stuff which don't change a lot at the beginning, and hg/apt at the end - scripts are not now in scripts/ subdirectories - prosody.cfg.lua is added using ADD instead of getting it online - .hg/dirstate is copied in base (backend) and libervia, so mercurial revision is known - removed lot of useless WORKDIR instruction, they are replaced by "cd" inside RUN instructions - cleaning (apt-clean, rm) is done on the same instruction as the one than generate the data, to avoid useless data in layers
author Goffi <goffi@goffi.org>
date Sun, 28 Feb 2016 02:01:20 +0100
parents b59491821a8a
children 8b228fd053bc
files docker/base/Dockerfile docker/base/scripts/add_host docker/base/scripts/dbus_wrap docker/base/scripts/prosodyctl docker/base/scripts/sat docker/base/scripts/set_account_domain docker/jp/Dockerfile docker/libervia/Dockerfile docker/libervia/scripts/libervia_cont_launch docker/media/Dockerfile docker/primitivus/Dockerfile docker/prosody/Dockerfile docker/prosody/scripts/container_server docker/prosody/scripts/prosody docker/salut/Dockerfile docker/salut/scripts/salut docker/sat/Dockerfile docker/sat_nomedia/Dockerfile docker/sat_pubsub/Dockerfile docker/sat_pubsub/scripts/sat_pubsub
diffstat 20 files changed, 357 insertions(+), 353 deletions(-) [+]
line wrap: on
line diff
--- a/docker/base/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/base/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -16,156 +16,76 @@
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update
-RUN apt-get upgrade -y
-RUN apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial python-pip
-RUN apt-get clean
+## Helping scripts ##
+# Following scripts make the configuration as automatic and easy as possible
+COPY scripts/set_account_domain scripts/sat scripts/add_host scripts/dbus_wrap scripts/prosodyctl /usr/local/bin/
+
+RUN chown root:root /usr/local/bin/set_account_domain && \
+chmod 0555 /usr/local/bin/set_account_domain && \
+chown root:root /usr/local/bin/sat && \
+chmod 0500 /usr/local/bin/sat && \
+chown root:root /usr/local/bin/add_host && \
+chmod 0555 /usr/local/bin/add_host && \
+chown root:root /usr/local/bin/prosodyctl && \
+chmod 0555 /usr/local/bin/prosodyctl && \
+chown root:root /usr/local/bin/dbus_wrap && \
+chmod 0555 /usr/local/bin/dbus_wrap && \
+
+# it's better to have a dedicated user
+useradd -m sat && \
+
+# will be used to put many SàT specific data
+mkdir -p /usr/share/sat && \
+mkdir /usr/share/sat/certificates && \
+addgroup tls-cert --gid 9999 && \
+chown :tls-cert /usr/share/sat/certificates && \
+chmod 2770 /usr/share/sat/certificates && \
+adduser sat tls-cert
+
+RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial python-pip && apt-get clean && \
 
 # dokuwiki module is needed for the blog importer
-RUN pip install dokuwiki
+
+pip install dokuwiki && \
+
+# we need a TCP socket for D-Bus
+sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n  <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n  <auth>ANONYMOUS</auth>\n  <allow_anonymous/>&" /etc/dbus-1/session.conf && \
 
 # we need UTF-8 locale
-RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen
-RUN locale-gen
-ENV LC_ALL en_US.UTF-8
+sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen
 
-# it's better to have a dedicated user
-RUN useradd -m sat
-
-# will be used to put many SàT specific data
-RUN mkdir -p /usr/share/sat
-RUN mkdir /usr/share/sat/certificates
-RUN addgroup tls-cert --gid 9999 && chown :tls-cert /usr/share/sat/certificates && chmod 2770 /usr/share/sat/certificates
-RUN adduser sat tls-cert
+ENV LC_ALL en_US.UTF-8
 
 ################
 # URWID SÀTEXT #
 ################
 
-WORKDIR /tmp
-
-RUN hg clone https://repos.goffi.org/urwid-satext
-
-WORKDIR urwid-satext
+RUN cd /tmp && \
 
-RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages
-
-WORKDIR /tmp
-
-RUN rm -rf urwid-satext
+hg clone https://repos.goffi.org/urwid-satext && cd urwid-satext && \
+python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages && \
+rm -rf urwid-satext && \
 
 #####################
 # CORE INSTALLATION #
 #####################
 
-WORKDIR /tmp
-
-RUN hg clone https://repos.goffi.org/sat
-
-WORKDIR sat
-
-RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages
-
-WORKDIR /tmp
-
-RUN rm -rf sat
+hg clone https://repos.goffi.org/sat && cd sat && \
+python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages && \
+# we copy .hg/dirstate so SàT can get repository version
+# TODO: should be done in setup.py in the future
+cp --parents .hg/dirstate /usr/lib/python2.7/dist-packages/sat && \
+cd /tmp && rm -rf sat && \
 
 ######################
 # SàT CONFIGURATION  #
 ######################
 
-# Following scripts make the configuration as automatic and easy as possible
-
 # we want .pid files in /tmp so they are removed if container are deleted
-RUN echo '[DEFAULT]\npid_dir=/tmp' >> /etc/sat.conf
-
+echo '[DEFAULT]\npid_dir=/tmp\n\n\
 # we auto-create libervia account if it doesn't exists in Libervia container
 # so we remove it from reserved_list in plugin account
-RUN echo '\n[plugin account]\nreserved_list=' >> /etc/sat.conf
-
-# This script set account domain in sat.conf if not already set
-# if not set, domain is got from prosody container or DOMAIN environment variable
-RUN echo '#!/usr/bin/env python2\n\
-import os, os.path, xmlrpclib, ConfigParser, socket, subprocess\n\
-from sat.core.constants import Const as C\n\
-from sat.tools import config as sat_config\n\
-SECTION = "plugin account"\n\
-OPTION = "new_account_domain"\n\
-CONFIG_PATH = "/home/sat/.config/sat/sat.conf"\n\
-try:\n\
-    os.makedirs(os.path.dirname(CONFIG_PATH))\n\
-except OSError:\n\
-    pass\n\
-config = ConfigParser.SafeConfigParser()\n\
-config.read(C.CONFIG_FILES)\n\
-domain = sat_config.getConfig(config, SECTION, OPTION)\n\
-if domain is None:\n\
-    os.getenv("DOMAIN")\n\
-    if domain is None:\n\
-        proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
-        try:\n\
-            if "prosody" not in open("/etc/hosts").read():\n\
-                raise socket.gaierror # this avoid waiting for timeout if prosody is not linked\n\
-            domain = proxy.getenv("DOMAIN")\n\
-        except socket.gaierror:\n\
-            print "No prosody container connected or known domain, using \"localhost\" for new domains"\n\
-            domain = "localhost"\n\
-    config = ConfigParser.SafeConfigParser()\n\
-    config.readfp(open(CONFIG_PATH, "a+"))\n\
-    try:\n\
-        config.add_section(SECTION)\n\
-    except ConfigParser.DuplicateSectionError:\n\
-        pass\n\
-    config.set(SECTION, OPTION, domain)\n\
-    config.write(open(CONFIG_PATH, "w"))\n\
-subprocess.call(["add_host", domain, "prosody"])\n\
-for subdomain in ("chat", "proxy", "upload", "pubsub", "salut"):\n\
-    subprocess.call(["add_host", "{}.{}".format(subdomain, domain), "prosody"])\n\
-' > /usr/local/bin/set_account_domain && chmod 0555 /usr/local/bin/set_account_domain
-
-# account domain is set, then sat is launched with D-Bus activated
-RUN echo '#!/bin/sh\n\
-chmod a+w /etc/hosts\n\
-su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat\n\
-'> /usr/local/bin/sat && chmod 0500 /usr/local/bin/sat
-
-# this script add aliases to /etc/hosts
-RUN echo '#!/usr/bin/env python2\n\
-import sys, re\n\
-if len(sys.argv) < 2 or len(sys.argv) > 3:\n\
-    sys.exit(1)\n\
-host = sys.argv[1]\n\
-alias = sys.argv[2] if len(sys.argv) == 3 else "localhost"\n\
-if host == "localhost" or host == alias:\n\
-    sys.exit(0)\n\
-print "Adding host {} as an alias of {}".format(host, alias)\n\
-with open("/etc/hosts", "r+") as f:\n\
-    buf = re.sub(r"\\b{}\\b".format(alias), "{}\\t{}".format(alias, host), f.read(), 1)\n\
-    f.seek(0)\n\
-    f.write(buf)\
-' > /usr/local/bin/add_host && chmod 0555 /usr/local/bin/add_host
-
-# This script simulate prosodyctl adduser/passwd/deluser and call it on the prosody container
-RUN echo '#!/usr/bin/env python2\n\
-import sys, xmlrpclib\n\
-proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
-def pwd():\n\
-    pwd1=raw_input(); pwd2=raw_input(); assert pwd1==pwd2\n\
-    return pwd1\n\
-password = pwd() if sys.argv[1] in ["adduser", "passwd"] else ""\n\
-sys.exit(proxy.prosodyctl(sys.argv[1], sys.argv[2], password))\n\
-' > /usr/local/bin/prosodyctl
-
-#########
-# D-Bus #
-#########
-
-# we need a TCP socket
-RUN sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n  <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n  <auth>ANONYMOUS</auth>\n  <allow_anonymous/>&" /etc/dbus-1/session.conf
-
-# this script will launch the command with good D-BUS parameters
-# it needs to be copied and made executable by frontends
-RUN echo '#!/bin/sh\nexport DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4\nexec /usr/bin/$(basename "$0") "$@"' > /usr/local/bin/dbus_wrap
+[plugin account]\nreserved_list=' >> /etc/sat.conf
 
 ##########
 # LAUNCH #
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/base/scripts/add_host	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,18 @@
+#!/usr/bin/env python2
+# this script add aliases to /etc/hosts
+import sys, re
+
+if len(sys.argv) < 2 or len(sys.argv) > 3:
+    sys.exit(1)
+
+host = sys.argv[1]
+alias = sys.argv[2] if len(sys.argv) == 3 else "localhost"
+
+if host == "localhost" or host == alias:
+    sys.exit(0)
+
+print "Adding host {} as an alias of {}".format(host, alias)
+with open("/etc/hosts", "r+") as f:
+    buf = re.sub(r"\\b{}\\b".format(alias), "{}\\t{}".format(alias, host), f.read(), 1)
+    f.seek(0)
+    f.write(buf)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/base/scripts/dbus_wrap	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,5 @@
+#!/bin/sh
+# this script will launch the command with good D-BUS parameters
+# it needs to be copied and made executable by frontends
+export DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4
+exec /usr/bin/$(basename "$0") "$@"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/base/scripts/prosodyctl	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,11 @@
+#!/usr/bin/env python2
+# This script simulate prosodyctl adduser/passwd/deluser and call it on the prosody container
+import sys, xmlrpclib
+
+proxy = xmlrpclib.ServerProxy("http://prosody:9999/")
+def pwd():
+    pwd1=raw_input(); pwd2=raw_input(); assert pwd1==pwd2
+    return pwd1
+
+password = pwd() if sys.argv[1] in ["adduser", "passwd"] else ""
+sys.exit(proxy.prosodyctl(sys.argv[1], sys.argv[2], password))
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/base/scripts/sat	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,4 @@
+#!/bin/sh
+# account domain is set, then sat is launched with D-Bus activated
+chmod a+w /etc/hosts
+su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/base/scripts/set_account_domain	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,49 @@
+#!/usr/bin/env python2
+
+# This script set account domain in sat.conf if not already set
+# if not set, domain is got from prosody container or DOMAIN environment variable
+
+import os, os.path, xmlrpclib, ConfigParser, socket, subprocess
+from sat.core.constants import Const as C
+from sat.tools import config as sat_config
+
+SECTION = "plugin account"
+OPTION = "new_account_domain"
+CONFIG_PATH = "/home/sat/.config/sat/sat.conf"
+
+try:
+    os.makedirs(os.path.dirname(CONFIG_PATH))
+except OSError:
+    pass
+
+config = ConfigParser.SafeConfigParser()
+config.read(C.CONFIG_FILES)
+domain = sat_config.getConfig(config, SECTION, OPTION)
+
+if domain is None:
+    os.getenv("DOMAIN")
+    if domain is None:
+        proxy = xmlrpclib.ServerProxy("http://prosody:9999/")
+        try:
+            if "prosody" not in open("/etc/hosts").read():
+                raise socket.gaierror # this avoid waiting for timeout if prosody is not linked
+            domain = proxy.getenv("DOMAIN")
+        except socket.gaierror:
+            print "No prosody container connected or known domain, using \"localhost\" for new domains"
+            domain = "localhost"
+
+    config = ConfigParser.SafeConfigParser()
+    config.readfp(open(CONFIG_PATH, "a+"))
+
+    try:
+        config.add_section(SECTION)
+    except ConfigParser.DuplicateSectionError:
+        pass
+
+    config.set(SECTION, OPTION, domain)
+    config.write(open(CONFIG_PATH, "w"))
+
+subprocess.call(["add_host", domain, "prosody"])
+
+for subdomain in ("chat", "proxy", "upload", "pubsub", "salut"):
+    subprocess.call(["add_host", "{}.{}".format(subdomain, domain), "prosody"])
--- a/docker/jp/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/jp/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -14,15 +14,14 @@
 # BASE #
 ########
 
-RUN apt-get install -y --no-install-recommends python-progressbar
-RUN apt-get clean
+RUN apt-get install -y --no-install-recommends python-progressbar && apt-get clean && \
 
 #########
 # D-Bus #
 #########
 
 # we create a wrapper to set the session bus address
-RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/jp && chmod 0555 /usr/local/bin/jp
+cp /usr/local/bin/dbus_wrap /usr/local/bin/jp
 
 ##########
 # LAUNCH #
--- a/docker/libervia/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/libervia/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -10,105 +10,79 @@
 
 MAINTAINER Goffi <goffi@goffi.org>
 
-##############
-# txJSON-RPC #
-##############
-
-RUN pip install txJSON-RPC
+#####################
+# FIRST LAUNCH TEST #
+#####################
 
-###########
-# PYJAMAS #
-###########
-
-WORKDIR /usr/share
-
-# as the situation with pyjamas is complicated, we get the archive from our own ftp
-RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("https://ftp.goffi.org/pyjamas/pyjamas.tar.bz2").read()));tar.extractall()'
-
-WORKDIR pyjamas
-
-RUN python bootstrap.py
+COPY scripts/libervia_cont_launch /usr/bin/
 
-RUN ln -s /usr/share/pyjamas/bin/pyjsbuild /usr/local/bin/pyjsbuild
-
-############
-# LIBERVIA #
-############
-
-WORKDIR /tmp
-
-RUN apt-get install -y --no-install-recommends python-jinja2
+RUN chown root:root /usr/bin/libervia_cont_launch && \
+chmod 0555 /usr/bin/libervia_cont_launch && \
 
-RUN hg clone https://repos.goffi.org/libervia
-
-WORKDIR libervia
+#########
+# D-Bus #
+#########
 
-RUN python setup.py install
-
-WORKDIR /tmp
-
-RUN rm -rf libervia
+cp /usr/local/bin/dbus_wrap /usr/local/bin/libervia_cont_launch && \
 
 #################
 # CONFIGURATION #
 #################
 
 # we want to use certificates in /usr/share/sat/certificates
-RUN echo "\n[libervia]\n\
+echo "\n[libervia]\n\
 tls_private_key = /usr/share/sat/certificates/libervia.key\n\
 tls_certificate = /usr/share/sat/certificates/libervia.crt\n\
 connection_type = both\n\
 redirect_to_https = 0" >> /etc/sat.conf
 
-#####################
-# FIRST LAUNCH TEST #
-#####################
+################
+# dependencies #
+################
+
+RUN pip install txJSON-RPC && \
+
+apt-get install -y --no-install-recommends python-jinja2 && apt-get clean && \
+
+###########
+# PYJAMAS #
+###########
+
+cd /tmp && \
+
+# as the situation with pyjamas is complicated, we get the archive from our own ftp
+python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("https://ftp.goffi.org/pyjamas/pyjamas.tar.bz2").read()));tar.extractall()' && \
+
+cd pyjamas && \
 
-# this script check if libervia and admin accounts exist, and create them if necessary
-# then it launch libervia
-RUN echo '#!/usr/bin/env python2\n\
-import os, sys, subprocess, string, random\n\
-from sat.plugins import plugin_misc_account as account\n\
-from sat.tools import config\n\
-from sat_frontends.bridge import DBus\n\
-def generate_pwd():\n\
-    chars = string.letters + string.digits\n\
-    length = 12\n\
-    return "".join(random.choice(chars) for _ in range(length))\n\
-sat=DBus.DBusBridgeFrontend()\n\
-sat.getReady()\n\
-admin_email = sat.getConfig(account.CONFIG_SECTION, "admin_email") or account.default_conf["admin_email"]\n\
-for profile in ["libervia", "admin"]:\n\
-    try:\n\
-        sat.getProfileName(profile)\n\
-    except Exception as e:\n\
-        print "{} profile doesn'\''t exists, creating it".format(profile)\n\
-        print "registering {}@{}".format(profile, sat.getNewAccountDomain())\n\
-        pwd = generate_pwd()\n\
-        if profile == "libervia":\n\
-            config.fixConfigOption("libervia", "passphrase", pwd)\n\
-        elif profile == "admin":\n\
-            with open("/home/sat/ADMIN_PWD", "w") as f:\n\
-                f.write("%s\\n" % pwd)\n\
-        sat.registerSatAccount(admin_email, pwd, profile)\n\
-os.execvp("libervia", ["libervia"] + sys.argv[1:])\n\
-' > /usr/bin/libervia_cont_launch && chmod 555 /usr/bin/libervia_cont_launch
+python bootstrap.py && \
+
+ln -s /tmp/pyjamas/bin/pyjsbuild /usr/local/bin/pyjsbuild && \
+
+############
+# LIBERVIA #
+############
+
+hg clone https://repos.goffi.org/libervia && \
 
-#########
-# D-Bus #
-#########
+cd libervia && \
+
+python setup.py install && \
 
-RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/libervia_cont_launch && chmod 555 /usr/local/bin/libervia_cont_launch
+# as for SàT backend, we copy .hg/dirstate so
+# Libervia can get repository version
+# TODO: should be done in setup.py in the future
+cp --parents .hg/dirstate /usr/local/lib/python2.7/dist-packages/libervia && \
+
+# some cleaning before finishing the layer
+cd /tmp && rm -rf libervia pyjamas /usr/local/bin/pyjsbuild
 
 #########
 # Ports #
 #########
 
-# HTTP
-EXPOSE 8080
-
-# HTTPS
-EXPOSE 8443
+# HTTP and HTTPS
+EXPOSE 8080 8443
 
 ##########
 # LAUNCH #
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/libervia/scripts/libervia_cont_launch	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,33 @@
+#!/usr/bin/env python2
+
+# this script check if libervia and admin accounts exist, and create them if necessary
+# then it launch libervia
+import os, sys, string, random
+from sat.plugins import plugin_misc_account as account
+from sat.tools import config
+from sat_frontends.bridge import DBus
+
+def generate_pwd():
+    chars = string.letters + string.digits
+    length = 12
+    return "".join(random.choice(chars) for _ in range(length))
+
+sat=DBus.DBusBridgeFrontend()
+sat.getReady()
+admin_email = sat.getConfig(account.CONFIG_SECTION, "admin_email") or account.default_conf["admin_email"]
+
+for profile in ["libervia", "admin"]:
+    try:
+        sat.getProfileName(profile)
+    except Exception as e:
+        print "{} profile doesn'\''t exists, creating it".format(profile)
+        print "registering {}@{}".format(profile, sat.getNewAccountDomain())
+        pwd = generate_pwd()
+        if profile == "libervia":
+            config.fixConfigOption("libervia", "passphrase", pwd)
+        elif profile == "admin":
+            with open("/home/sat/ADMIN_PWD", "w") as f:
+                f.write("%s\\n" % pwd)
+        sat.registerSatAccount(admin_email, pwd, profile)
+
+os.execvp("libervia", ["libervia"] + sys.argv[1:])
--- a/docker/media/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/media/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -10,9 +10,7 @@
 
 MAINTAINER Goffi <goffi@goffi.org>
 
-WORKDIR /usr/share/sat
-
-RUN hg clone https://repos.goffi.org/sat_media media
+RUN cd /usr/share/sat && hg clone https://repos.goffi.org/sat_media media
 
 # ftp workflow is kept below on purpose, but we use currently hg for media
 # WORKDIR /usr/share/sat/media_tmp
@@ -23,5 +21,3 @@
 # # The media_tmp complication is due to an AUFS bug, see https://github.com/docker/docker/issues/4570
 # WORKDIR /usr/share/sat/
 # RUN mv media_tmp/sat_media* media && rmdir media_tmp
-
-WORKDIR /home/sat
--- a/docker/primitivus/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/primitivus/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -15,7 +15,7 @@
 #########
 
 # we create a wrapper to set the session bus address
-RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/primitivus && chmod 555 /usr/local/bin/primitivus
+RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/primitivus
 
 ##########
 # LAUNCH #
--- a/docker/prosody/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/prosody/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -10,41 +10,55 @@
 
 MAINTAINER Goffi <goffi@goffi.org>
 
+############################
+# AUTOMATIC CONFIGURATION  #
+############################
+
+
+COPY scripts/container_server scripts/prosody /usr/local/bin/
+RUN chown root:root /usr/local/bin/container_server && \
+chmod 0555 /usr/local/bin/container_server && \
+chown root:root /usr/local/bin/prosody && \
+chmod 0555 /usr/local/bin/prosody
+
 ########
 # BASE #
 ########
 
-RUN apt-get install -y --no-install-recommends lsb-release
+RUN apt-get install -y --no-install-recommends lsb-release && \
+
 # we add prosody repository and key
-RUN echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list
-RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())'
-RUN apt-get update
+echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list && \
+python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' && \
+apt-get update && \
+
 # and install prosody and apg (to generate passwords)
-RUN apt-get install -y apg prosody-0.10
-RUN apt-get clean
-# prosody use need to access (and write) certificates
-RUN adduser prosody tls-cert
+apt-get install -y apg prosody-0.10 && \
+apt-get clean && \
+
+# prosody user need to access (and write) certificates
+adduser prosody tls-cert && \
+
+# prosody need to access /var/run to write it's pid
+mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody
 
 ###################
 # PROSODY MODULES #
 ###################
 
-WORKDIR /tmp
-RUN hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
-WORKDIR prosody-modules
-RUN for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done
-WORKDIR /tmp
-RUN rm -rf prosody-modules
+RUN cd /tmp && \
+hg clone https://hg.prosody.im/prosody-modules/ prosody-modules && \
+cd prosody-modules && \
+for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done && \
+cd /tmp && rm -rf prosody-modules
 
 #################
 # CONFIGURATION #
 #################
 
-WORKDIR /etc/prosody
-RUN mkdir prosody_sat_cfg
-# we keep up-to-date configuration for this image on the repository
-RUN python -c 'import urllib2;f=open("prosody_sat_cfg/prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())'
-RUN ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua
+ADD prosody.cfg.lua /etc/prosody/prosody_sat_cfg/
+RUN cd /etc/prosody && chown -R prosody:prosody prosody_sat_cfg && \
+ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua && \
 
 ###############
 # CERTIFICATE #
@@ -53,67 +67,22 @@
 # We want to use the certificates in /usr/share/sat/certificates
 # and we don't want any certificate in the image,
 # they'll be generated at launch or mounted in container
-RUN rm -rf /etc/localhost.key /etc/prosody/certs/*
-
-############################
-# AUTOMATIC CONFIGURATION  #
-############################
-
-# this script allow to call prosodyctl and get configuration variables from linked containers
-RUN echo '#!/usr/bin/env python2\n\
-import subprocess, SimpleXMLRPCServer, os\n\
-def prosodyctl(command, profile, pwd):\n\
-    process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE)\n\
-    if pwd:\n\
-        process.communicate("%s\\n%s"%(pwd,pwd))\n\
-    return process.wait()\n\
-def getenv(variable):\n\
-    assert variable in ("SAT_PUBSUB_SECRET","SAT_SALUT_SECRET","DOMAIN")\n\
-    return os.getenv(variable)\n\
-server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\
-server.register_function(prosodyctl, "prosodyctl")\n\
-server.register_function(getenv, "getenv")\n\
-server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server
-
-# the following script is used to automatically generate passwords for components and certificate
-RUN echo '#!/bin/sh\n\
-export SAT_PUBSUB_SECRET=$(apg -n 1)\n\
-export SAT_SALUT_SECRET=$(apg -n 1)\n\
-if [ -z $DOMAIN ]; then\n\
-    export DOMAIN="libervia.int"\n\
-fi\n\
-container_server&\n\
-echo "domain used: $DOMAIN\n"\n\
-if [ ! -f "/usr/share/sat/certificates/libervia.key" -o ! -f "/usr/share/sat/certificates/libervia.crt" ]; then\n\
-	echo "No certificate found, we generate one"\n\
-    openssl req -new -x509 -days 1825 -nodes -out "/usr/share/sat/certificates/libervia.crt"\
-            -newkey rsa:4096 -keyout "/usr/share/sat/certificates/libervia.key" -subj "/C=AU/CN=$DOMAIN"\n\
-fi\n\
-/usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody
+rm -rf /etc/localhost.key /etc/prosody/certs/*
 
 #########
 # PORTS #
 #########
 
-# client to server (C2S)
-EXPOSE 5222
-
-# server to server (S2S)
-EXPOSE 5269
-
-# HTTP upload
-EXPOSE 5280
-
-# HTTP upload (HTTPS)
-EXPOSE 5281
+# client to server (C2S),
+# server to server (S2S),
+# HTTP upload,
+# and HTTP upload (HTTPS)
+EXPOSE 5222 5269 5280 5281
 
 ##########
 # LAUNCH #
 ##########
 
-# prosody need to access /var/run to write it's pid
-RUN mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody
-
 USER prosody
 
 ENTRYPOINT ["prosody"]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody/scripts/container_server	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,18 @@
+#!/usr/bin/env python2
+# this script allow to call prosodyctl and get configuration variables from linked containers
+import subprocess, SimpleXMLRPCServer, os
+
+def prosodyctl(command, profile, pwd):
+    process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE)
+    if pwd:
+        process.communicate("%s\n%s" % (pwd,pwd))
+    return process.wait()
+
+def getenv(variable):
+    assert variable in ("SAT_PUBSUB_SECRET", "SAT_SALUT_SECRET", "DOMAIN")
+    return os.getenv(variable)
+
+server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))
+server.register_function(prosodyctl, "prosodyctl")
+server.register_function(getenv, "getenv")
+server.serve_forever()
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody/scripts/prosody	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,19 @@
+#!/bin/sh
+# the following script is used to automatically generate passwords for components and certificate
+export SAT_PUBSUB_SECRET=$(apg -n 1)
+export SAT_SALUT_SECRET=$(apg -n 1)
+
+if [ -z $DOMAIN ]; then
+    export DOMAIN="libervia.int"
+fi
+
+container_server&
+
+echo "domain used: $DOMAIN\n"
+
+if [ ! -f "/usr/share/sat/certificates/libervia.key" -o ! -f "/usr/share/sat/certificates/libervia.crt" ]; then
+    echo "No certificate found, we generate one"
+    openssl req -new -x509 -days 1825 -nodes -out "/usr/share/sat/certificates/libervia.crt"\
+            -newkey rsa:4096 -keyout "/usr/share/sat/certificates/libervia.key" -subj "/C=AU/CN=$DOMAIN"
+fi
+/usr/bin/prosody "$@"
--- a/docker/salut/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/salut/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -10,36 +10,27 @@
 
 MAINTAINER Goffi <goffi@goffi.org>
 
+############################
+# AUTOMATIC CONFIGURATION  #
+############################
+
+COPY scripts/salut /usr/local/bin/
+RUN chown root:root /usr/local/bin/salut && \
+chmod 0555 /usr/local/bin/salut && \
+
 ########
 # BASE #
 ########
 
-RUN apt-get clean
+cd /usr/share && hg clone https://repos.goffi.org/salut sat_salut && chown -R sat:sat sat_salut && \
 
-# This script launch Salut with domain and secret gotten from prosody container
-# it make the configuration more easy
-RUN echo '#!/usr/bin/env python2\n\
-import os, xmlrpclib\n\
-SALUT_PATH="/usr/share/sat_salut/"\n\
-os.chdir("/home/sat")\n\
-proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
-for var in ("DOMAIN", "SAT_SALUT_SECRET"):\n\
-    os.environ[var] = proxy.getenv(var)\n\
-os.environ["PYTHONPATH"] = SALUT_PATH\n\
-os.execlp("twistd", "twistd", "-ny", SALUT_PATH+"salut.tac", "--pidfile", "/tmp/salut.pid")\n\
-' > /usr/local/bin/salut && chmod 0555 /usr/local/bin/salut
+# configuration is really basic in salut, we just use environment to set data
+sed -i 's/^xmppcomponent =.*$/import os\nxmppcomponent = Component("prosody", 5347, "salut."+os.getenv("DOMAIN"), os.getenv("SAT_SALUT_SECRET"))/' sat_salut/salut.tac
 
-WORKDIR /usr/share
-
-RUN hg clone https://repos.goffi.org/salut sat_salut && chown -R sat:sat sat_salut
-
-WORKDIR sat_salut
+WORKDIR /usr/share/sat_salut
 
 USER sat
 
-# configuration is really basic in salut, we just use environment to set data
-RUN sed -i 's/^xmppcomponent =.*$/import os\nxmppcomponent = Component("prosody", 5347, "salut."+os.getenv("DOMAIN"), os.getenv("SAT_SALUT_SECRET"))/' salut.tac
-
 ##########
 # LAUNCH #
 ##########
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/salut/scripts/salut	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,12 @@
+#!/usr/bin/env python2
+# This script launch Salut with domain and secret gotten from prosody container
+# it make the configuration more easy
+import os, xmlrpclib
+
+SALUT_PATH="/usr/share/sat_salut/"
+os.chdir("/home/sat")
+proxy = xmlrpclib.ServerProxy("http://prosody:9999/")
+for var in ("DOMAIN", "SAT_SALUT_SECRET"):
+    os.environ[var] = proxy.getenv(var)
+os.environ["PYTHONPATH"] = SALUT_PATH
+os.execlp("twistd", "twistd", "-ny", SALUT_PATH+"salut.tac", "--pidfile", "/tmp/salut.pid")
--- a/docker/sat/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/sat/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -14,20 +14,8 @@
 # Ports #
 #########
 
-# IMAP
-EXPOSE 10143
-
-# SMTP
-EXPOSE 10125
-
-# FILE TRANSFERT
-EXPOSE 28915
-
-##############
-# PROSODYCTL #
-##############
-
-RUN chmod 0555 /usr/local/bin/prosodyctl
+# IMAP, SMTP and FILE TRANSFER
+EXPOSE 10143 10125 28915
 
 ########
 # MISC #
--- a/docker/sat_nomedia/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/sat_nomedia/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -14,20 +14,8 @@
 # Ports #
 #########
 
-# IMAP
-EXPOSE 10143
-
-# SMTP
-EXPOSE 10125
-
-# FILE TRANSFERT
-EXPOSE 28915
-
-##############
-# PROSODYCTL #
-##############
-
-RUN chmod 0555 /usr/local/bin/prosodyctl
+# IMAP, SMTP and FILE TRANSFER
+EXPOSE 10143 10125 28915
 
 ##########
 # LAUNCH #
--- a/docker/sat_pubsub/Dockerfile	Sat Feb 27 00:45:58 2016 +0100
+++ b/docker/sat_pubsub/Dockerfile	Sun Feb 28 02:01:20 2016 +0100
@@ -10,42 +10,39 @@
 
 MAINTAINER Goffi <goffi@goffi.org>
 
+############################
+# AUTOMATIC CONFIGURATION  #
+############################
+
+
+COPY scripts/sat_pubsub /usr/local/bin/
+RUN chown root:root /usr/local/bin/sat_pubsub && \
+chmod 0555 /usr/local/bin/sat_pubsub && \
+
 ########
 # BASE #
 ########
 
-RUN apt-get install -y --no-install-recommends postgresql
-RUN apt-get install -y --no-install-recommends python-psycopg2
-RUN apt-get clean
-
-# This script launch SàT PubSub with domain and secret gotten from prosody container
-# it make the configuration more easy
-RUN echo '#!/usr/bin/env python2\n\
-import os, xmlrpclib\n\
-os.chdir("/usr/share/sat_pubsub")\n\
-proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
-domain = proxy.getenv("DOMAIN")\n\
-secret = proxy.getenv("SAT_PUBSUB_SECRET")\n\
-os.execlp("twistd", "twistd", "-n", "--pidfile", "/tmp/sat_pubsub.pid", "sat_pubsub", "--rhost", "prosody",\
- "--jid", "pubsub.%s" % domain, "--secret", secret)\n\
-' > /usr/local/bin/sat_pubsub && chmod 0555 /usr/local/bin/sat_pubsub
-
-WORKDIR /usr/share
-
-RUN hg clone https://repos.goffi.org/sat_pubsub && chown -R sat:sat sat_pubsub
+apt-get install -y --no-install-recommends postgresql && \
+apt-get install -y --no-install-recommends python-psycopg2 && \
+apt-get clean && \
+cd /usr/share && \
+hg clone https://repos.goffi.org/sat_pubsub && chown -R sat:sat sat_pubsub && \
 
 ############
 # DATABASE #
 ############
 
-WORKDIR sat_pubsub/db
+cd sat_pubsub/db && \
 
 # To simplify installation, we integrate our own PostgreSQL
 # future alternate version may use an external PostgreSQL container
 
-USER root
-
-RUN service postgresql start; su -c "createuser -d -w sat" postgres; su -c "createdb pubsub" postgres; su -c "psql pubsub < pubsub.sql" sat; service postgresql stop
+service postgresql start; \
+su -c "createuser -d -w sat" postgres; \
+su -c "createdb pubsub" postgres; \
+su -c "psql pubsub < pubsub.sql" sat; \
+service postgresql stop
 
 ##########
 # LAUNCH #
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/sat_pubsub/scripts/sat_pubsub	Sun Feb 28 02:01:20 2016 +0100
@@ -0,0 +1,13 @@
+#!/usr/bin/env python2
+# -*- coding: utf-8 -*-
+
+# This script launch SàT PubSub with domain and secret gotten from prosody container
+# it make the configuration more easy
+import os, xmlrpclib
+
+os.chdir("/usr/share/sat_pubsub")
+proxy = xmlrpclib.ServerProxy("http://prosody:9999/")
+domain = proxy.getenv("DOMAIN")
+secret = proxy.getenv("SAT_PUBSUB_SECRET")
+os.execlp("twistd", "twistd", "-n", "--pidfile", "/tmp/sat_pubsub.pid", "sat_pubsub", "--rhost", "prosody",
+ "--jid", "pubsub.%s" % domain, "--secret", secret)