Mercurial > sat_docs
changeset 105:b69056368901
docker: images optimisation:
- reduced the number of layers by grouping many instructions
- moved stuff which don't change a lot at the beginning, and hg/apt at the end
- scripts are not now in scripts/ subdirectories
- prosody.cfg.lua is added using ADD instead of getting it online
- .hg/dirstate is copied in base (backend) and libervia, so mercurial revision is known
- removed lot of useless WORKDIR instruction, they are replaced by "cd" inside RUN instructions
- cleaning (apt-clean, rm) is done on the same instruction as the one than generate the data, to avoid useless data in layers
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 28 Feb 2016 02:01:20 +0100 |
parents | b59491821a8a |
children | 8b228fd053bc |
files | docker/base/Dockerfile docker/base/scripts/add_host docker/base/scripts/dbus_wrap docker/base/scripts/prosodyctl docker/base/scripts/sat docker/base/scripts/set_account_domain docker/jp/Dockerfile docker/libervia/Dockerfile docker/libervia/scripts/libervia_cont_launch docker/media/Dockerfile docker/primitivus/Dockerfile docker/prosody/Dockerfile docker/prosody/scripts/container_server docker/prosody/scripts/prosody docker/salut/Dockerfile docker/salut/scripts/salut docker/sat/Dockerfile docker/sat_nomedia/Dockerfile docker/sat_pubsub/Dockerfile docker/sat_pubsub/scripts/sat_pubsub |
diffstat | 20 files changed, 357 insertions(+), 353 deletions(-) [+] |
line wrap: on
line diff
--- a/docker/base/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/base/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -16,156 +16,76 @@ ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update -RUN apt-get upgrade -y -RUN apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial python-pip -RUN apt-get clean +## Helping scripts ## +# Following scripts make the configuration as automatic and easy as possible +COPY scripts/set_account_domain scripts/sat scripts/add_host scripts/dbus_wrap scripts/prosodyctl /usr/local/bin/ + +RUN chown root:root /usr/local/bin/set_account_domain && \ +chmod 0555 /usr/local/bin/set_account_domain && \ +chown root:root /usr/local/bin/sat && \ +chmod 0500 /usr/local/bin/sat && \ +chown root:root /usr/local/bin/add_host && \ +chmod 0555 /usr/local/bin/add_host && \ +chown root:root /usr/local/bin/prosodyctl && \ +chmod 0555 /usr/local/bin/prosodyctl && \ +chown root:root /usr/local/bin/dbus_wrap && \ +chmod 0555 /usr/local/bin/dbus_wrap && \ + +# it's better to have a dedicated user +useradd -m sat && \ + +# will be used to put many SàT specific data +mkdir -p /usr/share/sat && \ +mkdir /usr/share/sat/certificates && \ +addgroup tls-cert --gid 9999 && \ +chown :tls-cert /usr/share/sat/certificates && \ +chmod 2770 /usr/share/sat/certificates && \ +adduser sat tls-cert + +RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial python-pip && apt-get clean && \ # dokuwiki module is needed for the blog importer -RUN pip install dokuwiki + +pip install dokuwiki && \ + +# we need a TCP socket for D-Bus +sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n <auth>ANONYMOUS</auth>\n <allow_anonymous/>&" /etc/dbus-1/session.conf && \ # we need UTF-8 locale -RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen -RUN locale-gen -ENV LC_ALL en_US.UTF-8 +sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen && locale-gen -# it's better to have a dedicated user -RUN useradd -m sat - -# will be used to put many SàT specific data -RUN mkdir -p /usr/share/sat -RUN mkdir /usr/share/sat/certificates -RUN addgroup tls-cert --gid 9999 && chown :tls-cert /usr/share/sat/certificates && chmod 2770 /usr/share/sat/certificates -RUN adduser sat tls-cert +ENV LC_ALL en_US.UTF-8 ################ # URWID SÀTEXT # ################ -WORKDIR /tmp - -RUN hg clone https://repos.goffi.org/urwid-satext - -WORKDIR urwid-satext +RUN cd /tmp && \ -RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages - -WORKDIR /tmp - -RUN rm -rf urwid-satext +hg clone https://repos.goffi.org/urwid-satext && cd urwid-satext && \ +python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages && \ +rm -rf urwid-satext && \ ##################### # CORE INSTALLATION # ##################### -WORKDIR /tmp - -RUN hg clone https://repos.goffi.org/sat - -WORKDIR sat - -RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages - -WORKDIR /tmp - -RUN rm -rf sat +hg clone https://repos.goffi.org/sat && cd sat && \ +python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages && \ +# we copy .hg/dirstate so SàT can get repository version +# TODO: should be done in setup.py in the future +cp --parents .hg/dirstate /usr/lib/python2.7/dist-packages/sat && \ +cd /tmp && rm -rf sat && \ ###################### # SàT CONFIGURATION # ###################### -# Following scripts make the configuration as automatic and easy as possible - # we want .pid files in /tmp so they are removed if container are deleted -RUN echo '[DEFAULT]\npid_dir=/tmp' >> /etc/sat.conf - +echo '[DEFAULT]\npid_dir=/tmp\n\n\ # we auto-create libervia account if it doesn't exists in Libervia container # so we remove it from reserved_list in plugin account -RUN echo '\n[plugin account]\nreserved_list=' >> /etc/sat.conf - -# This script set account domain in sat.conf if not already set -# if not set, domain is got from prosody container or DOMAIN environment variable -RUN echo '#!/usr/bin/env python2\n\ -import os, os.path, xmlrpclib, ConfigParser, socket, subprocess\n\ -from sat.core.constants import Const as C\n\ -from sat.tools import config as sat_config\n\ -SECTION = "plugin account"\n\ -OPTION = "new_account_domain"\n\ -CONFIG_PATH = "/home/sat/.config/sat/sat.conf"\n\ -try:\n\ - os.makedirs(os.path.dirname(CONFIG_PATH))\n\ -except OSError:\n\ - pass\n\ -config = ConfigParser.SafeConfigParser()\n\ -config.read(C.CONFIG_FILES)\n\ -domain = sat_config.getConfig(config, SECTION, OPTION)\n\ -if domain is None:\n\ - os.getenv("DOMAIN")\n\ - if domain is None:\n\ - proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\ - try:\n\ - if "prosody" not in open("/etc/hosts").read():\n\ - raise socket.gaierror # this avoid waiting for timeout if prosody is not linked\n\ - domain = proxy.getenv("DOMAIN")\n\ - except socket.gaierror:\n\ - print "No prosody container connected or known domain, using \"localhost\" for new domains"\n\ - domain = "localhost"\n\ - config = ConfigParser.SafeConfigParser()\n\ - config.readfp(open(CONFIG_PATH, "a+"))\n\ - try:\n\ - config.add_section(SECTION)\n\ - except ConfigParser.DuplicateSectionError:\n\ - pass\n\ - config.set(SECTION, OPTION, domain)\n\ - config.write(open(CONFIG_PATH, "w"))\n\ -subprocess.call(["add_host", domain, "prosody"])\n\ -for subdomain in ("chat", "proxy", "upload", "pubsub", "salut"):\n\ - subprocess.call(["add_host", "{}.{}".format(subdomain, domain), "prosody"])\n\ -' > /usr/local/bin/set_account_domain && chmod 0555 /usr/local/bin/set_account_domain - -# account domain is set, then sat is launched with D-Bus activated -RUN echo '#!/bin/sh\n\ -chmod a+w /etc/hosts\n\ -su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat\n\ -'> /usr/local/bin/sat && chmod 0500 /usr/local/bin/sat - -# this script add aliases to /etc/hosts -RUN echo '#!/usr/bin/env python2\n\ -import sys, re\n\ -if len(sys.argv) < 2 or len(sys.argv) > 3:\n\ - sys.exit(1)\n\ -host = sys.argv[1]\n\ -alias = sys.argv[2] if len(sys.argv) == 3 else "localhost"\n\ -if host == "localhost" or host == alias:\n\ - sys.exit(0)\n\ -print "Adding host {} as an alias of {}".format(host, alias)\n\ -with open("/etc/hosts", "r+") as f:\n\ - buf = re.sub(r"\\b{}\\b".format(alias), "{}\\t{}".format(alias, host), f.read(), 1)\n\ - f.seek(0)\n\ - f.write(buf)\ -' > /usr/local/bin/add_host && chmod 0555 /usr/local/bin/add_host - -# This script simulate prosodyctl adduser/passwd/deluser and call it on the prosody container -RUN echo '#!/usr/bin/env python2\n\ -import sys, xmlrpclib\n\ -proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\ -def pwd():\n\ - pwd1=raw_input(); pwd2=raw_input(); assert pwd1==pwd2\n\ - return pwd1\n\ -password = pwd() if sys.argv[1] in ["adduser", "passwd"] else ""\n\ -sys.exit(proxy.prosodyctl(sys.argv[1], sys.argv[2], password))\n\ -' > /usr/local/bin/prosodyctl - -######### -# D-Bus # -######### - -# we need a TCP socket -RUN sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n <auth>ANONYMOUS</auth>\n <allow_anonymous/>&" /etc/dbus-1/session.conf - -# this script will launch the command with good D-BUS parameters -# it needs to be copied and made executable by frontends -RUN echo '#!/bin/sh\nexport DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4\nexec /usr/bin/$(basename "$0") "$@"' > /usr/local/bin/dbus_wrap +[plugin account]\nreserved_list=' >> /etc/sat.conf ########## # LAUNCH #
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/base/scripts/add_host Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,18 @@ +#!/usr/bin/env python2 +# this script add aliases to /etc/hosts +import sys, re + +if len(sys.argv) < 2 or len(sys.argv) > 3: + sys.exit(1) + +host = sys.argv[1] +alias = sys.argv[2] if len(sys.argv) == 3 else "localhost" + +if host == "localhost" or host == alias: + sys.exit(0) + +print "Adding host {} as an alias of {}".format(host, alias) +with open("/etc/hosts", "r+") as f: + buf = re.sub(r"\\b{}\\b".format(alias), "{}\\t{}".format(alias, host), f.read(), 1) + f.seek(0) + f.write(buf)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/base/scripts/dbus_wrap Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,5 @@ +#!/bin/sh +# this script will launch the command with good D-BUS parameters +# it needs to be copied and made executable by frontends +export DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4 +exec /usr/bin/$(basename "$0") "$@"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/base/scripts/prosodyctl Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,11 @@ +#!/usr/bin/env python2 +# This script simulate prosodyctl adduser/passwd/deluser and call it on the prosody container +import sys, xmlrpclib + +proxy = xmlrpclib.ServerProxy("http://prosody:9999/") +def pwd(): + pwd1=raw_input(); pwd2=raw_input(); assert pwd1==pwd2 + return pwd1 + +password = pwd() if sys.argv[1] in ["adduser", "passwd"] else "" +sys.exit(proxy.prosodyctl(sys.argv[1], sys.argv[2], password))
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/base/scripts/sat Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,4 @@ +#!/bin/sh +# account domain is set, then sat is launched with D-Bus activated +chmod a+w /etc/hosts +su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/base/scripts/set_account_domain Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,49 @@ +#!/usr/bin/env python2 + +# This script set account domain in sat.conf if not already set +# if not set, domain is got from prosody container or DOMAIN environment variable + +import os, os.path, xmlrpclib, ConfigParser, socket, subprocess +from sat.core.constants import Const as C +from sat.tools import config as sat_config + +SECTION = "plugin account" +OPTION = "new_account_domain" +CONFIG_PATH = "/home/sat/.config/sat/sat.conf" + +try: + os.makedirs(os.path.dirname(CONFIG_PATH)) +except OSError: + pass + +config = ConfigParser.SafeConfigParser() +config.read(C.CONFIG_FILES) +domain = sat_config.getConfig(config, SECTION, OPTION) + +if domain is None: + os.getenv("DOMAIN") + if domain is None: + proxy = xmlrpclib.ServerProxy("http://prosody:9999/") + try: + if "prosody" not in open("/etc/hosts").read(): + raise socket.gaierror # this avoid waiting for timeout if prosody is not linked + domain = proxy.getenv("DOMAIN") + except socket.gaierror: + print "No prosody container connected or known domain, using \"localhost\" for new domains" + domain = "localhost" + + config = ConfigParser.SafeConfigParser() + config.readfp(open(CONFIG_PATH, "a+")) + + try: + config.add_section(SECTION) + except ConfigParser.DuplicateSectionError: + pass + + config.set(SECTION, OPTION, domain) + config.write(open(CONFIG_PATH, "w")) + +subprocess.call(["add_host", domain, "prosody"]) + +for subdomain in ("chat", "proxy", "upload", "pubsub", "salut"): + subprocess.call(["add_host", "{}.{}".format(subdomain, domain), "prosody"])
--- a/docker/jp/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/jp/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -14,15 +14,14 @@ # BASE # ######## -RUN apt-get install -y --no-install-recommends python-progressbar -RUN apt-get clean +RUN apt-get install -y --no-install-recommends python-progressbar && apt-get clean && \ ######### # D-Bus # ######### # we create a wrapper to set the session bus address -RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/jp && chmod 0555 /usr/local/bin/jp +cp /usr/local/bin/dbus_wrap /usr/local/bin/jp ########## # LAUNCH #
--- a/docker/libervia/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/libervia/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -10,105 +10,79 @@ MAINTAINER Goffi <goffi@goffi.org> -############## -# txJSON-RPC # -############## - -RUN pip install txJSON-RPC +##################### +# FIRST LAUNCH TEST # +##################### -########### -# PYJAMAS # -########### - -WORKDIR /usr/share - -# as the situation with pyjamas is complicated, we get the archive from our own ftp -RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("https://ftp.goffi.org/pyjamas/pyjamas.tar.bz2").read()));tar.extractall()' - -WORKDIR pyjamas - -RUN python bootstrap.py +COPY scripts/libervia_cont_launch /usr/bin/ -RUN ln -s /usr/share/pyjamas/bin/pyjsbuild /usr/local/bin/pyjsbuild - -############ -# LIBERVIA # -############ - -WORKDIR /tmp - -RUN apt-get install -y --no-install-recommends python-jinja2 +RUN chown root:root /usr/bin/libervia_cont_launch && \ +chmod 0555 /usr/bin/libervia_cont_launch && \ -RUN hg clone https://repos.goffi.org/libervia - -WORKDIR libervia +######### +# D-Bus # +######### -RUN python setup.py install - -WORKDIR /tmp - -RUN rm -rf libervia +cp /usr/local/bin/dbus_wrap /usr/local/bin/libervia_cont_launch && \ ################# # CONFIGURATION # ################# # we want to use certificates in /usr/share/sat/certificates -RUN echo "\n[libervia]\n\ +echo "\n[libervia]\n\ tls_private_key = /usr/share/sat/certificates/libervia.key\n\ tls_certificate = /usr/share/sat/certificates/libervia.crt\n\ connection_type = both\n\ redirect_to_https = 0" >> /etc/sat.conf -##################### -# FIRST LAUNCH TEST # -##################### +################ +# dependencies # +################ + +RUN pip install txJSON-RPC && \ + +apt-get install -y --no-install-recommends python-jinja2 && apt-get clean && \ + +########### +# PYJAMAS # +########### + +cd /tmp && \ + +# as the situation with pyjamas is complicated, we get the archive from our own ftp +python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("https://ftp.goffi.org/pyjamas/pyjamas.tar.bz2").read()));tar.extractall()' && \ + +cd pyjamas && \ -# this script check if libervia and admin accounts exist, and create them if necessary -# then it launch libervia -RUN echo '#!/usr/bin/env python2\n\ -import os, sys, subprocess, string, random\n\ -from sat.plugins import plugin_misc_account as account\n\ -from sat.tools import config\n\ -from sat_frontends.bridge import DBus\n\ -def generate_pwd():\n\ - chars = string.letters + string.digits\n\ - length = 12\n\ - return "".join(random.choice(chars) for _ in range(length))\n\ -sat=DBus.DBusBridgeFrontend()\n\ -sat.getReady()\n\ -admin_email = sat.getConfig(account.CONFIG_SECTION, "admin_email") or account.default_conf["admin_email"]\n\ -for profile in ["libervia", "admin"]:\n\ - try:\n\ - sat.getProfileName(profile)\n\ - except Exception as e:\n\ - print "{} profile doesn'\''t exists, creating it".format(profile)\n\ - print "registering {}@{}".format(profile, sat.getNewAccountDomain())\n\ - pwd = generate_pwd()\n\ - if profile == "libervia":\n\ - config.fixConfigOption("libervia", "passphrase", pwd)\n\ - elif profile == "admin":\n\ - with open("/home/sat/ADMIN_PWD", "w") as f:\n\ - f.write("%s\\n" % pwd)\n\ - sat.registerSatAccount(admin_email, pwd, profile)\n\ -os.execvp("libervia", ["libervia"] + sys.argv[1:])\n\ -' > /usr/bin/libervia_cont_launch && chmod 555 /usr/bin/libervia_cont_launch +python bootstrap.py && \ + +ln -s /tmp/pyjamas/bin/pyjsbuild /usr/local/bin/pyjsbuild && \ + +############ +# LIBERVIA # +############ + +hg clone https://repos.goffi.org/libervia && \ -######### -# D-Bus # -######### +cd libervia && \ + +python setup.py install && \ -RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/libervia_cont_launch && chmod 555 /usr/local/bin/libervia_cont_launch +# as for SàT backend, we copy .hg/dirstate so +# Libervia can get repository version +# TODO: should be done in setup.py in the future +cp --parents .hg/dirstate /usr/local/lib/python2.7/dist-packages/libervia && \ + +# some cleaning before finishing the layer +cd /tmp && rm -rf libervia pyjamas /usr/local/bin/pyjsbuild ######### # Ports # ######### -# HTTP -EXPOSE 8080 - -# HTTPS -EXPOSE 8443 +# HTTP and HTTPS +EXPOSE 8080 8443 ########## # LAUNCH #
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/libervia/scripts/libervia_cont_launch Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,33 @@ +#!/usr/bin/env python2 + +# this script check if libervia and admin accounts exist, and create them if necessary +# then it launch libervia +import os, sys, string, random +from sat.plugins import plugin_misc_account as account +from sat.tools import config +from sat_frontends.bridge import DBus + +def generate_pwd(): + chars = string.letters + string.digits + length = 12 + return "".join(random.choice(chars) for _ in range(length)) + +sat=DBus.DBusBridgeFrontend() +sat.getReady() +admin_email = sat.getConfig(account.CONFIG_SECTION, "admin_email") or account.default_conf["admin_email"] + +for profile in ["libervia", "admin"]: + try: + sat.getProfileName(profile) + except Exception as e: + print "{} profile doesn'\''t exists, creating it".format(profile) + print "registering {}@{}".format(profile, sat.getNewAccountDomain()) + pwd = generate_pwd() + if profile == "libervia": + config.fixConfigOption("libervia", "passphrase", pwd) + elif profile == "admin": + with open("/home/sat/ADMIN_PWD", "w") as f: + f.write("%s\\n" % pwd) + sat.registerSatAccount(admin_email, pwd, profile) + +os.execvp("libervia", ["libervia"] + sys.argv[1:])
--- a/docker/media/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/media/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -10,9 +10,7 @@ MAINTAINER Goffi <goffi@goffi.org> -WORKDIR /usr/share/sat - -RUN hg clone https://repos.goffi.org/sat_media media +RUN cd /usr/share/sat && hg clone https://repos.goffi.org/sat_media media # ftp workflow is kept below on purpose, but we use currently hg for media # WORKDIR /usr/share/sat/media_tmp @@ -23,5 +21,3 @@ # # The media_tmp complication is due to an AUFS bug, see https://github.com/docker/docker/issues/4570 # WORKDIR /usr/share/sat/ # RUN mv media_tmp/sat_media* media && rmdir media_tmp - -WORKDIR /home/sat
--- a/docker/primitivus/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/primitivus/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -15,7 +15,7 @@ ######### # we create a wrapper to set the session bus address -RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/primitivus && chmod 555 /usr/local/bin/primitivus +RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/primitivus ########## # LAUNCH #
--- a/docker/prosody/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/prosody/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -10,41 +10,55 @@ MAINTAINER Goffi <goffi@goffi.org> +############################ +# AUTOMATIC CONFIGURATION # +############################ + + +COPY scripts/container_server scripts/prosody /usr/local/bin/ +RUN chown root:root /usr/local/bin/container_server && \ +chmod 0555 /usr/local/bin/container_server && \ +chown root:root /usr/local/bin/prosody && \ +chmod 0555 /usr/local/bin/prosody + ######## # BASE # ######## -RUN apt-get install -y --no-install-recommends lsb-release +RUN apt-get install -y --no-install-recommends lsb-release && \ + # we add prosody repository and key -RUN echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list -RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' -RUN apt-get update +echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list && \ +python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' && \ +apt-get update && \ + # and install prosody and apg (to generate passwords) -RUN apt-get install -y apg prosody-0.10 -RUN apt-get clean -# prosody use need to access (and write) certificates -RUN adduser prosody tls-cert +apt-get install -y apg prosody-0.10 && \ +apt-get clean && \ + +# prosody user need to access (and write) certificates +adduser prosody tls-cert && \ + +# prosody need to access /var/run to write it's pid +mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody ################### # PROSODY MODULES # ################### -WORKDIR /tmp -RUN hg clone https://hg.prosody.im/prosody-modules/ prosody-modules -WORKDIR prosody-modules -RUN for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done -WORKDIR /tmp -RUN rm -rf prosody-modules +RUN cd /tmp && \ +hg clone https://hg.prosody.im/prosody-modules/ prosody-modules && \ +cd prosody-modules && \ +for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done && \ +cd /tmp && rm -rf prosody-modules ################# # CONFIGURATION # ################# -WORKDIR /etc/prosody -RUN mkdir prosody_sat_cfg -# we keep up-to-date configuration for this image on the repository -RUN python -c 'import urllib2;f=open("prosody_sat_cfg/prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())' -RUN ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua +ADD prosody.cfg.lua /etc/prosody/prosody_sat_cfg/ +RUN cd /etc/prosody && chown -R prosody:prosody prosody_sat_cfg && \ +ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua && \ ############### # CERTIFICATE # @@ -53,67 +67,22 @@ # We want to use the certificates in /usr/share/sat/certificates # and we don't want any certificate in the image, # they'll be generated at launch or mounted in container -RUN rm -rf /etc/localhost.key /etc/prosody/certs/* - -############################ -# AUTOMATIC CONFIGURATION # -############################ - -# this script allow to call prosodyctl and get configuration variables from linked containers -RUN echo '#!/usr/bin/env python2\n\ -import subprocess, SimpleXMLRPCServer, os\n\ -def prosodyctl(command, profile, pwd):\n\ - process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE)\n\ - if pwd:\n\ - process.communicate("%s\\n%s"%(pwd,pwd))\n\ - return process.wait()\n\ -def getenv(variable):\n\ - assert variable in ("SAT_PUBSUB_SECRET","SAT_SALUT_SECRET","DOMAIN")\n\ - return os.getenv(variable)\n\ -server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\ -server.register_function(prosodyctl, "prosodyctl")\n\ -server.register_function(getenv, "getenv")\n\ -server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server - -# the following script is used to automatically generate passwords for components and certificate -RUN echo '#!/bin/sh\n\ -export SAT_PUBSUB_SECRET=$(apg -n 1)\n\ -export SAT_SALUT_SECRET=$(apg -n 1)\n\ -if [ -z $DOMAIN ]; then\n\ - export DOMAIN="libervia.int"\n\ -fi\n\ -container_server&\n\ -echo "domain used: $DOMAIN\n"\n\ -if [ ! -f "/usr/share/sat/certificates/libervia.key" -o ! -f "/usr/share/sat/certificates/libervia.crt" ]; then\n\ - echo "No certificate found, we generate one"\n\ - openssl req -new -x509 -days 1825 -nodes -out "/usr/share/sat/certificates/libervia.crt"\ - -newkey rsa:4096 -keyout "/usr/share/sat/certificates/libervia.key" -subj "/C=AU/CN=$DOMAIN"\n\ -fi\n\ -/usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody +rm -rf /etc/localhost.key /etc/prosody/certs/* ######### # PORTS # ######### -# client to server (C2S) -EXPOSE 5222 - -# server to server (S2S) -EXPOSE 5269 - -# HTTP upload -EXPOSE 5280 - -# HTTP upload (HTTPS) -EXPOSE 5281 +# client to server (C2S), +# server to server (S2S), +# HTTP upload, +# and HTTP upload (HTTPS) +EXPOSE 5222 5269 5280 5281 ########## # LAUNCH # ########## -# prosody need to access /var/run to write it's pid -RUN mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody - USER prosody ENTRYPOINT ["prosody"]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/prosody/scripts/container_server Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,18 @@ +#!/usr/bin/env python2 +# this script allow to call prosodyctl and get configuration variables from linked containers +import subprocess, SimpleXMLRPCServer, os + +def prosodyctl(command, profile, pwd): + process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE) + if pwd: + process.communicate("%s\n%s" % (pwd,pwd)) + return process.wait() + +def getenv(variable): + assert variable in ("SAT_PUBSUB_SECRET", "SAT_SALUT_SECRET", "DOMAIN") + return os.getenv(variable) + +server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999)) +server.register_function(prosodyctl, "prosodyctl") +server.register_function(getenv, "getenv") +server.serve_forever()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/prosody/scripts/prosody Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,19 @@ +#!/bin/sh +# the following script is used to automatically generate passwords for components and certificate +export SAT_PUBSUB_SECRET=$(apg -n 1) +export SAT_SALUT_SECRET=$(apg -n 1) + +if [ -z $DOMAIN ]; then + export DOMAIN="libervia.int" +fi + +container_server& + +echo "domain used: $DOMAIN\n" + +if [ ! -f "/usr/share/sat/certificates/libervia.key" -o ! -f "/usr/share/sat/certificates/libervia.crt" ]; then + echo "No certificate found, we generate one" + openssl req -new -x509 -days 1825 -nodes -out "/usr/share/sat/certificates/libervia.crt"\ + -newkey rsa:4096 -keyout "/usr/share/sat/certificates/libervia.key" -subj "/C=AU/CN=$DOMAIN" +fi +/usr/bin/prosody "$@"
--- a/docker/salut/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/salut/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -10,36 +10,27 @@ MAINTAINER Goffi <goffi@goffi.org> +############################ +# AUTOMATIC CONFIGURATION # +############################ + +COPY scripts/salut /usr/local/bin/ +RUN chown root:root /usr/local/bin/salut && \ +chmod 0555 /usr/local/bin/salut && \ + ######## # BASE # ######## -RUN apt-get clean +cd /usr/share && hg clone https://repos.goffi.org/salut sat_salut && chown -R sat:sat sat_salut && \ -# This script launch Salut with domain and secret gotten from prosody container -# it make the configuration more easy -RUN echo '#!/usr/bin/env python2\n\ -import os, xmlrpclib\n\ -SALUT_PATH="/usr/share/sat_salut/"\n\ -os.chdir("/home/sat")\n\ -proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\ -for var in ("DOMAIN", "SAT_SALUT_SECRET"):\n\ - os.environ[var] = proxy.getenv(var)\n\ -os.environ["PYTHONPATH"] = SALUT_PATH\n\ -os.execlp("twistd", "twistd", "-ny", SALUT_PATH+"salut.tac", "--pidfile", "/tmp/salut.pid")\n\ -' > /usr/local/bin/salut && chmod 0555 /usr/local/bin/salut +# configuration is really basic in salut, we just use environment to set data +sed -i 's/^xmppcomponent =.*$/import os\nxmppcomponent = Component("prosody", 5347, "salut."+os.getenv("DOMAIN"), os.getenv("SAT_SALUT_SECRET"))/' sat_salut/salut.tac -WORKDIR /usr/share - -RUN hg clone https://repos.goffi.org/salut sat_salut && chown -R sat:sat sat_salut - -WORKDIR sat_salut +WORKDIR /usr/share/sat_salut USER sat -# configuration is really basic in salut, we just use environment to set data -RUN sed -i 's/^xmppcomponent =.*$/import os\nxmppcomponent = Component("prosody", 5347, "salut."+os.getenv("DOMAIN"), os.getenv("SAT_SALUT_SECRET"))/' salut.tac - ########## # LAUNCH # ##########
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/salut/scripts/salut Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,12 @@ +#!/usr/bin/env python2 +# This script launch Salut with domain and secret gotten from prosody container +# it make the configuration more easy +import os, xmlrpclib + +SALUT_PATH="/usr/share/sat_salut/" +os.chdir("/home/sat") +proxy = xmlrpclib.ServerProxy("http://prosody:9999/") +for var in ("DOMAIN", "SAT_SALUT_SECRET"): + os.environ[var] = proxy.getenv(var) +os.environ["PYTHONPATH"] = SALUT_PATH +os.execlp("twistd", "twistd", "-ny", SALUT_PATH+"salut.tac", "--pidfile", "/tmp/salut.pid")
--- a/docker/sat/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/sat/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -14,20 +14,8 @@ # Ports # ######### -# IMAP -EXPOSE 10143 - -# SMTP -EXPOSE 10125 - -# FILE TRANSFERT -EXPOSE 28915 - -############## -# PROSODYCTL # -############## - -RUN chmod 0555 /usr/local/bin/prosodyctl +# IMAP, SMTP and FILE TRANSFER +EXPOSE 10143 10125 28915 ######## # MISC #
--- a/docker/sat_nomedia/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/sat_nomedia/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -14,20 +14,8 @@ # Ports # ######### -# IMAP -EXPOSE 10143 - -# SMTP -EXPOSE 10125 - -# FILE TRANSFERT -EXPOSE 28915 - -############## -# PROSODYCTL # -############## - -RUN chmod 0555 /usr/local/bin/prosodyctl +# IMAP, SMTP and FILE TRANSFER +EXPOSE 10143 10125 28915 ########## # LAUNCH #
--- a/docker/sat_pubsub/Dockerfile Sat Feb 27 00:45:58 2016 +0100 +++ b/docker/sat_pubsub/Dockerfile Sun Feb 28 02:01:20 2016 +0100 @@ -10,42 +10,39 @@ MAINTAINER Goffi <goffi@goffi.org> +############################ +# AUTOMATIC CONFIGURATION # +############################ + + +COPY scripts/sat_pubsub /usr/local/bin/ +RUN chown root:root /usr/local/bin/sat_pubsub && \ +chmod 0555 /usr/local/bin/sat_pubsub && \ + ######## # BASE # ######## -RUN apt-get install -y --no-install-recommends postgresql -RUN apt-get install -y --no-install-recommends python-psycopg2 -RUN apt-get clean - -# This script launch SàT PubSub with domain and secret gotten from prosody container -# it make the configuration more easy -RUN echo '#!/usr/bin/env python2\n\ -import os, xmlrpclib\n\ -os.chdir("/usr/share/sat_pubsub")\n\ -proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\ -domain = proxy.getenv("DOMAIN")\n\ -secret = proxy.getenv("SAT_PUBSUB_SECRET")\n\ -os.execlp("twistd", "twistd", "-n", "--pidfile", "/tmp/sat_pubsub.pid", "sat_pubsub", "--rhost", "prosody",\ - "--jid", "pubsub.%s" % domain, "--secret", secret)\n\ -' > /usr/local/bin/sat_pubsub && chmod 0555 /usr/local/bin/sat_pubsub - -WORKDIR /usr/share - -RUN hg clone https://repos.goffi.org/sat_pubsub && chown -R sat:sat sat_pubsub +apt-get install -y --no-install-recommends postgresql && \ +apt-get install -y --no-install-recommends python-psycopg2 && \ +apt-get clean && \ +cd /usr/share && \ +hg clone https://repos.goffi.org/sat_pubsub && chown -R sat:sat sat_pubsub && \ ############ # DATABASE # ############ -WORKDIR sat_pubsub/db +cd sat_pubsub/db && \ # To simplify installation, we integrate our own PostgreSQL # future alternate version may use an external PostgreSQL container -USER root - -RUN service postgresql start; su -c "createuser -d -w sat" postgres; su -c "createdb pubsub" postgres; su -c "psql pubsub < pubsub.sql" sat; service postgresql stop +service postgresql start; \ +su -c "createuser -d -w sat" postgres; \ +su -c "createdb pubsub" postgres; \ +su -c "psql pubsub < pubsub.sql" sat; \ +service postgresql stop ########## # LAUNCH #
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/sat_pubsub/scripts/sat_pubsub Sun Feb 28 02:01:20 2016 +0100 @@ -0,0 +1,13 @@ +#!/usr/bin/env python2 +# -*- coding: utf-8 -*- + +# This script launch SàT PubSub with domain and secret gotten from prosody container +# it make the configuration more easy +import os, xmlrpclib + +os.chdir("/usr/share/sat_pubsub") +proxy = xmlrpclib.ServerProxy("http://prosody:9999/") +domain = proxy.getenv("DOMAIN") +secret = proxy.getenv("SAT_PUBSUB_SECRET") +os.execlp("twistd", "twistd", "-n", "--pidfile", "/tmp/sat_pubsub.pid", "sat_pubsub", "--rhost", "prosody", + "--jid", "pubsub.%s" % domain, "--secret", secret)