Dockerfile 5.56 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
####
#### Temporary layer to prepare installation
####
FROM ubuntu:bionic AS build

# Packages required to build
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && apt-get install -y \
    curl \
    git \
    gnupg

ARG CONTAINERPILOT_VERSION=3.4.3
ARG CONTAINERPILOT_CHECKSUM=e8258ed166bcb3de3e06638936dcc2cae32c7c58

RUN curl -Lso /tmp/containerpilot.tar.gz \
         "https://github.com/joyent/containerpilot/releases/download/${CONTAINERPILOT_VERSION}/containerpilot-${CONTAINERPILOT_VERSION}.tar.gz" \
    && echo "${CONTAINERPILOT_CHECKSUM}  /tmp/containerpilot.tar.gz" | sha1sum -c \
    && tar zxf /tmp/containerpilot.tar.gz -C /tmp

ARG CONSULTEMPLATE_VERSION=0.19.3
ARG CONSULTEMPLATE_CHECKSUM=6467b442d8fd68ca0a1eba35f42edb6f3b9941e10b6d58688edc3506fca0bb19

RUN curl -Lso /tmp/consul-template.tar.gz \
         "https://releases.hashicorp.com/consul-template/${CONSULTEMPLATE_VERSION}/consul-template_${CONSULTEMPLATE_VERSION}_linux_amd64.tgz" \
    && echo "${CONSULTEMPLATE_CHECKSUM}  /tmp/consul-template.tar.gz" | sha256sum -c \
    && tar zxf /tmp/consul-template.tar.gz -C /tmp


# Orcherstration using containerpilot
# Configuration using consul-template
32
ARG CONTAINERPILOT_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/Services/orchestrate-containerpilot.git
33 34 35 36 37 38 39 40
ARG CONTAINERPILOT_REPO_REF=223dafd3d093702c8717292247e65d0c55ffb513

RUN git clone "${CONTAINERPILOT_REPO_URL}" "/tmp/orchestrate" \
    && cd /tmp/orchestrate \
    && git checkout "${CONTAINERPILOT_REPO_REF}"


# API messages description
41
ARG MESSAGES_API_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/messages-api.git
42
ARG MESSAGES_API_REPO_REF=0.0.4-dev
43 44 45 46 47 48 49

RUN git clone "${MESSAGES_API_REPO_URL}" "/tmp/messages-api" \
    && cd /tmp/messages-api \
    && git checkout "${MESSAGES_API_REPO_REF}"


# Common python Zéphir library
50
ARG PYTHON_ZEPHIR_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/python-zephir.git
Matthieu Lamalle's avatar
Matthieu Lamalle committed
51
ARG PYTHON_ZEPHIR_REPO_REF=0.0.2-dev
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

RUN git clone "${PYTHON_ZEPHIR_REPO_URL}" "/tmp/python-zephir" \
    && cd /tmp/python-zephir \
    && git checkout "${PYTHON_ZEPHIR_REPO_REF}"


##
## Service specific
##

# Configure package manager
RUN echo "deb http://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest bionic main" > /etc/apt/sources.list.d/saltstack.list
RUN curl https://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key --keyring /etc/apt/trusted.gpg.d/saltstack.gpg add -

# SaltStack formulas parameters
ENV EOLE_FORMULA_DIR=/srv/formulas

ENV EOLE_CONFIGURATION_FORMULA_URL="https://dev-eole.ac-dijon.fr/git/eole-configuration-formula.git"
Matthieu Lamalle's avatar
Matthieu Lamalle committed
70
ENV EOLE_CONFIGURATION_FORMULA_REF=0a9f42bc90ec10631f9c58289bc990633654ab10
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98

RUN git clone "${EOLE_CONFIGURATION_FORMULA_URL}" "${EOLE_FORMULA_DIR}/eole-configuration-formula" \
    && cd "${EOLE_FORMULA_DIR}/eole-configuration-formula" \
    && git checkout -b deployed "${EOLE_CONFIGURATION_FORMULA_REF}"


####
#### Target layer
####
FROM ubuntu:bionic

MAINTAINER Pôle EOLE <eole@ac-dijon.fr>

# Packages required for working service
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && apt-get install -y \
    gnupg \
    jq \
    locales \
    openssl \
    python3 \
    python3-aiohttp \
    python3-autobahn \
    python3-dev \
    python3-jwt \
    python3-psycopg2 \
    python3-requests \
    python3-yaml \
99
    python-psycopg2 \
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184
    sqitch \
    tzdata

# For debug only
RUN apt-get update -y && apt-get install -y \
    curl \
    iproute2 \
    iputils-ping \
    vim

# Force french locale
RUN locale-gen fr_FR.UTF-8
ENV LANG fr_FR.UTF-8
ENV LC_ALL fr_FR.UTF-8

# Force timezone
RUN ln -fs /usr/share/zoneinfo/Europe/Paris /etc/localtime
RUN dpkg-reconfigure --frontend noninteractive tzdata

# Sqitch
RUN sqitch config --user user.name 'Equipe EOLE'\
    && sqitch config --user user.email 'eole@ac-dijon.fr'

# Install tools from build layer
COPY --from=build /tmp/containerpilot /usr/local/bin
COPY --from=build /tmp/consul-template /usr/local/bin

# consul-template wrapper to generate /etc/zephir-services.conf
COPY --from=build /tmp/orchestrate/update-service-conf /usr/local/bin/
RUN chmod +x /usr/local/bin/*

# Service template for consul-template
ENV services_conf_filename=zephir-services.conf
ARG services_conf=/etc/zephir-services.conf
ENV services_conf=$services_conf
COPY --from=build /tmp/orchestrate/${services_conf_filename}.ctmpl ${services_conf}.ctmpl

# Install libraries required by service
COPY --from=build /tmp/python-zephir/zephir /usr/lib/python3/dist-packages/zephir
COPY --from=build /tmp/messages-api/messages /srv/messages

# Manage container with ContainerPilot
CMD ["/usr/local/bin/containerpilot", "-config", "/etc/containerpilot.json5"]
COPY containerpilot.json5 /etc/containerpilot.json5


##
## Service specific
##

COPY --from=build /etc/apt/sources.list.d/saltstack.list /etc/apt/sources.list.d/saltstack.list
COPY --from=build /etc/apt/trusted.gpg.d/saltstack.gpg /etc/apt/trusted.gpg.d/saltstack.gpg

RUN apt-get update -y && apt-get install -y \
    netcat \
    python3-crypto \
    salt-api \
    salt-master \
    screen

# Library for SaltMaster manager
COPY src/python/zephir/saltmaster /usr/lib/python3/dist-packages/zephir/saltmaster

# Configuration
COPY master.d/*.conf /etc/salt/master.d/

RUN mkdir /srv/salt
RUN mkdir /srv/pillar
RUN mkdir /keys

# Install salt files
COPY --from=build /srv/formulas/eole-configuration-formula/eole/ /srv/salt/eole/
RUN mkdir /srv/salt/_modules
COPY environment/* /srv/salt/_modules/
COPY pillars/* /srv/pillar

# Controller
RUN mkdir -p /srv/bin
COPY scripts/* /srv/bin/
COPY migrations /migrations
RUN chmod +x /srv/bin/*

# Create the password
ENV SALT_PASSWORD=eole
RUN /srv/bin/create-user.sh