Dockerfile 5.59 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
####
#### Temporary layer to prepare installation
####
FROM ubuntu:bionic AS build

# Packages required to build
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && apt-get install -y \
    curl \
    git \
    gnupg

ARG CONTAINERPILOT_VERSION=3.4.3
ARG CONTAINERPILOT_CHECKSUM=e8258ed166bcb3de3e06638936dcc2cae32c7c58

RUN curl -Lso /tmp/containerpilot.tar.gz \
         "https://github.com/joyent/containerpilot/releases/download/${CONTAINERPILOT_VERSION}/containerpilot-${CONTAINERPILOT_VERSION}.tar.gz" \
    && echo "${CONTAINERPILOT_CHECKSUM}  /tmp/containerpilot.tar.gz" | sha1sum -c \
    && tar zxf /tmp/containerpilot.tar.gz -C /tmp

ARG CONSULTEMPLATE_VERSION=0.19.3
ARG CONSULTEMPLATE_CHECKSUM=6467b442d8fd68ca0a1eba35f42edb6f3b9941e10b6d58688edc3506fca0bb19

RUN curl -Lso /tmp/consul-template.tar.gz \
         "https://releases.hashicorp.com/consul-template/${CONSULTEMPLATE_VERSION}/consul-template_${CONSULTEMPLATE_VERSION}_linux_amd64.tgz" \
    && echo "${CONSULTEMPLATE_CHECKSUM}  /tmp/consul-template.tar.gz" | sha256sum -c \
    && tar zxf /tmp/consul-template.tar.gz -C /tmp


# Orcherstration using containerpilot
# Configuration using consul-template
32
ARG CONTAINERPILOT_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/Services/orchestrate-containerpilot.git
33
34
35
36
37
38
39
40
ARG CONTAINERPILOT_REPO_REF=223dafd3d093702c8717292247e65d0c55ffb513

RUN git clone "${CONTAINERPILOT_REPO_URL}" "/tmp/orchestrate" \
    && cd /tmp/orchestrate \
    && git checkout "${CONTAINERPILOT_REPO_REF}"


# API messages description
41
ARG MESSAGES_API_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/messages-api.git
42
ARG MESSAGES_API_REPO_REF=9f534509
43
44
45
46
47
48
49

RUN git clone "${MESSAGES_API_REPO_URL}" "/tmp/messages-api" \
    && cd /tmp/messages-api \
    && git checkout "${MESSAGES_API_REPO_REF}"


# Common python Zéphir library
50
ARG PYTHON_ZEPHIR_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/python-zephir.git
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
ARG PYTHON_ZEPHIR_REPO_REF=bc098b33494c7ef7ae010e130bb773507e196b72

RUN git clone "${PYTHON_ZEPHIR_REPO_URL}" "/tmp/python-zephir" \
    && cd /tmp/python-zephir \
    && git checkout "${PYTHON_ZEPHIR_REPO_REF}"


##
## Service specific
##

# Configure package manager
RUN echo "deb http://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest bionic main" > /etc/apt/sources.list.d/saltstack.list
RUN curl https://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key --keyring /etc/apt/trusted.gpg.d/saltstack.gpg add -

# SaltStack formulas parameters
ENV EOLE_FORMULA_DIR=/srv/formulas

ENV EOLE_CONFIGURATION_FORMULA_URL="https://dev-eole.ac-dijon.fr/git/eole-configuration-formula.git"
ENV EOLE_CONFIGURATION_FORMULA_REF=8c08f4fb902408e320ea1fa2fd74e12fdab60fa3

RUN git clone "${EOLE_CONFIGURATION_FORMULA_URL}" "${EOLE_FORMULA_DIR}/eole-configuration-formula" \
    && cd "${EOLE_FORMULA_DIR}/eole-configuration-formula" \
    && git checkout -b deployed "${EOLE_CONFIGURATION_FORMULA_REF}"


####
#### Target layer
####
FROM ubuntu:bionic

MAINTAINER Pôle EOLE <eole@ac-dijon.fr>

# Packages required for working service
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && apt-get install -y \
    gnupg \
    jq \
    locales \
    openssl \
    python3 \
    python3-aiohttp \
    python3-autobahn \
    python3-dev \
    python3-jwt \
    python3-psycopg2 \
    python3-requests \
    python3-yaml \
99
    python-psycopg2 \
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
    sqitch \
    tzdata

# For debug only
RUN apt-get update -y && apt-get install -y \
    curl \
    iproute2 \
    iputils-ping \
    vim

# Force french locale
RUN locale-gen fr_FR.UTF-8
ENV LANG fr_FR.UTF-8
ENV LC_ALL fr_FR.UTF-8

# Force timezone
RUN ln -fs /usr/share/zoneinfo/Europe/Paris /etc/localtime
RUN dpkg-reconfigure --frontend noninteractive tzdata

# Sqitch
RUN sqitch config --user user.name 'Equipe EOLE'\
    && sqitch config --user user.email 'eole@ac-dijon.fr'

# Install tools from build layer
COPY --from=build /tmp/containerpilot /usr/local/bin
COPY --from=build /tmp/consul-template /usr/local/bin

# consul-template wrapper to generate /etc/zephir-services.conf
COPY --from=build /tmp/orchestrate/update-service-conf /usr/local/bin/
RUN chmod +x /usr/local/bin/*

# Service template for consul-template
ENV services_conf_filename=zephir-services.conf
ARG services_conf=/etc/zephir-services.conf
ENV services_conf=$services_conf
COPY --from=build /tmp/orchestrate/${services_conf_filename}.ctmpl ${services_conf}.ctmpl

# Install libraries required by service
COPY --from=build /tmp/python-zephir/zephir /usr/lib/python3/dist-packages/zephir
COPY --from=build /tmp/messages-api/messages /srv/messages

# Manage container with ContainerPilot
CMD ["/usr/local/bin/containerpilot", "-config", "/etc/containerpilot.json5"]
COPY containerpilot.json5 /etc/containerpilot.json5


##
## Service specific
##

COPY --from=build /etc/apt/sources.list.d/saltstack.list /etc/apt/sources.list.d/saltstack.list
COPY --from=build /etc/apt/trusted.gpg.d/saltstack.gpg /etc/apt/trusted.gpg.d/saltstack.gpg

RUN apt-get update -y && apt-get install -y \
    netcat \
    python3-crypto \
    salt-api \
    salt-master \
    screen

# Library for SaltMaster manager
COPY src/python/zephir/saltmaster /usr/lib/python3/dist-packages/zephir/saltmaster

# Configuration
COPY master.d/*.conf /etc/salt/master.d/

RUN mkdir /srv/salt
RUN mkdir /srv/pillar
RUN mkdir /keys

# Install salt files
COPY --from=build /srv/formulas/eole-configuration-formula/eole/ /srv/salt/eole/
RUN mkdir /srv/salt/_modules
COPY environment/* /srv/salt/_modules/
COPY pillars/* /srv/pillar

# Controller
RUN mkdir -p /srv/bin
COPY scripts/* /srv/bin/
COPY migrations /migrations
RUN chmod +x /srv/bin/*

# Create the password
ENV SALT_PASSWORD=eole
RUN /srv/bin/create-user.sh