From e56a65f6327eb17ab6472134204871dbef335f6f Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 20 Aug 2014 04:40:49 -0400 Subject: [PATCH] Big cleanup of discourse docker environment * try to avoid sudo * streamline image build * remove constant 'duplicate source' warnings * update samples to be consistent with each other * add TODO lines to alert the user to important items to configure --- image/base/Dockerfile | 16 ++++---- image/base/rsyslog | 4 +- image/discourse/Dockerfile | 8 ++-- samples/data.yml | 35 ++++++++++-------- samples/standalone.yml | 17 ++++----- samples/web_only.yml | 65 +++++++++++++++++++++++---------- templates/postgres.template.yml | 29 +++++---------- templates/redis.template.yml | 4 +- templates/web.template.yml | 31 +++++----------- 9 files changed, 107 insertions(+), 102 deletions(-) diff --git a/image/base/Dockerfile b/image/base/Dockerfile index ac1c1a7..ea0d4be 100644 --- a/image/base/Dockerfile +++ b/image/base/Dockerfile @@ -9,20 +9,19 @@ FROM ubuntu:14.04 MAINTAINER Sam Saffron "https://twitter.com/samsaffron" RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections &&\ - apt-get -y install fping &&\ - sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy || true" &&\ - apt-get -y update &&\ + echo "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main restricted universe" > /etc/apt/sources.list &&\ + echo "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-updates main restricted universe" >> /etc/apt/sources.list &&\ + echo "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-security main restricted universe" >> /etc/apt/sources.list &&\ + apt-get update && apt-get -y install fping &&\ + sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true" &&\ apt-get -y install software-properties-common &&\ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe" &&\ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-updates main universe" &&\ - apt-get -y update &&\ apt-mark hold initscripts &&\ apt-get -y upgrade &&\ add-apt-repository -y ppa:rwky/redis &&\ add-apt-repository -y ppa:nginx/stable &&\ apt-get install -y curl && curl http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - &&\ echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" | \ - tee /etc/apt/sources.list.d/postgres.list &&\ + tee /etc/apt/sources.list.d/postgres.list &&\ apt-get -y update &&\ apt-get -y install build-essential git curl wget \ libxslt-dev libcurl4-openssl-dev \ @@ -33,6 +32,7 @@ RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections &&\ postgresql-contrib-9.3 libpq-dev libreadline-dev \ nginx language-pack-en sudo cron \ psmisc rsyslog vim &&\ + sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf &&\ dpkg-divert --local --rename --add /sbin/initctl &&\ sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl" &&\ apt-get -y install redis-server haproxy openssh-server &&\ @@ -72,5 +72,3 @@ ADD runit-2 /etc/runit/2 ADD cron /etc/service/cron/run ADD rsyslog /etc/service/rsyslog/run - -RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf diff --git a/image/base/rsyslog b/image/base/rsyslog index c0a083b..10b09f2 100755 --- a/image/base/rsyslog +++ b/image/base/rsyslog @@ -1,4 +1,6 @@ #!/bin/bash exec 2>&1 cd / -exec rsyslogd -f +chgrp syslog /var/log +chmod g+w /var/log +exec rsyslogd -n diff --git a/image/discourse/Dockerfile b/image/discourse/Dockerfile index ba5043b..60811bf 100644 --- a/image/discourse/Dockerfile +++ b/image/discourse/Dockerfile @@ -8,14 +8,12 @@ RUN useradd discourse -s /bin/bash -m -U &&\ mkdir /var/www && cd /var/www &&\ git clone https://github.com/discourse/discourse.git &&\ cd discourse &&\ - git remote set-branches --add origin tests-passed &&\ - cd .. &&\ - chown -R discourse:discourse /var/www/discourse &&\ + git remote set-branches --add origin tests-passed &&\ + chown -R discourse:discourse /var/www/discourse &&\ cd /var/www/discourse &&\ sudo -u discourse RAILS4=1 bundle install --deployment \ --without test --without development &&\ - cd /var/www/discourse/vendor/bundle &&\ - find . -name tmp -type d | xargs rm -rf + find /var/www/discourse/vendor/bundle -name tmp -type d -exec rm -rf {} + # For a smaller but less flexible image: diff --git a/samples/data.yml b/samples/data.yml index 183a358..cef5c78 100644 --- a/samples/data.yml +++ b/samples/data.yml @@ -1,5 +1,7 @@ -# A container for all things Data, be sure to set a secret password for discourse account, SOME_SECRET is just an example +# A container for all things Data, be sure to set a secret password for +# discourse account, SOME_SECRET is just an example # + templates: - "templates/postgres.template.yml" - "templates/redis.template.yml" @@ -10,25 +12,16 @@ expose: - "6379:6379" - "2221:22" +params: + db_default_text_search_config: "pg_catalog.english" + ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres + ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB + #db_shared_buffers: "256MB" + env: # ensure locale exists in container, you may need to install it LANG: en_US.UTF-8 -params: - db_default_text_search_config: "pb_catelog.english" - ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres - ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB - # db_shared_buffers: "256MB" - -# amend SOME_SECRET to a password for the discourse user -hooks: - after_postgres: - - exec: - stdin: | - alter user discourse with password 'SOME_SECRET'; - cmd: sudo -u postgres psql discourse - raise_on_fail: false -# be sure to set the host location somewhere sane volumes: - volume: host: /var/discourse/shared/data @@ -36,3 +29,13 @@ volumes: - volume: host: /var/discourse/shared/data/log/var-log guest: /var/log + +# TODO: SOME_SECRET to a password for the discourse user +hooks: + after_postgres: + - exec: + stdin: | + alter user discourse with password 'SOME_SECRET'; + cmd: su - postgres -c 'psql discourse' + + raise_on_fail: false diff --git a/samples/standalone.yml b/samples/standalone.yml index 09bd75e..8b461cc 100644 --- a/samples/standalone.yml +++ b/samples/standalone.yml @@ -2,7 +2,7 @@ ## After making changes to this file, you MUST rebuild for any changes ## to take effect in your live Discourse instance: ## -## ./var/docker/launcher rebuild app +## /var/docker/launcher rebuild app ## ## this is the all-in-one, standalone Discourse Docker container template @@ -18,9 +18,9 @@ expose: - "2222:22" # fwd host port 2222 to container port 22 (ssh) params: - db_default_text_search_config: "pb_catelog.english" - ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres - ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB + db_default_text_search_config: "pg_catalog.english" + ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres + ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB #db_shared_buffers: "256MB" # ## Which Git revision should this container use? (default: tests-passed) @@ -28,18 +28,18 @@ params: env: LANG: en_US.UTF-8 - ## How many concurrent web requests are supported? + ## TODO: How many concurrent web requests are supported? ## With 2GB we recommend 3-4 workers, with 1GB only 2 #UNICORN_WORKERS: 3 ## - ## List of comma delimited emails that will be made admin and developer + ## TODO: List of comma delimited emails that will be made admin and developer ## on initial signup example 'user1@example.com, user2@example.com' DISCOURSE_DEVELOPER_EMAILS: 'me@example.com' ## - ## The domain name this Discourse instance will respond to + ## TODO: The domain name this Discourse instance will respond to DISCOURSE_HOSTNAME: 'discourse.example.com' ## - ## The mailserver this Discourse instance will use + ## TODO: The mailserver this Discourse instance will use DISCOURSE_SMTP_ADDRESS: smtp.example.com # (mandatory) #DISCOURSE_SMTP_PORT: 587 # (optional) #DISCOURSE_SMTP_USER_NAME: user@example.com # (optional) @@ -53,7 +53,6 @@ volumes: - volume: host: /var/discourse/shared/standalone guest: /shared -volumes: - volume: host: /var/discourse/shared/standalone/log/var-log guest: /var/log diff --git a/samples/web_only.yml b/samples/web_only.yml index de287e5..5263adb 100644 --- a/samples/web_only.yml +++ b/samples/web_only.yml @@ -1,5 +1,5 @@ # IMPORTANT: SET A SECRET PASSWORD in Postgres for the Discourse User -# SOME_SECRET in this template +# TODO: change SOME_SECRET in this template templates: - "templates/sshd.template.yml" @@ -9,45 +9,70 @@ expose: - "80:80" - "2222:22" -# tests-passed is default params: -# version: tests-passed + ## Which Git revision should this container use? (default: tests-passed) + #version: tests-passed -# developer emails allow you to fast track account creation on the site env: - # add emails here LANG: en_US.UTF-8 + ## TODO: How many concurrent web requests are supported? + ## With 2GB we recommend 3-4 workers, with 1GB only 2 + #UNICORN_WORKERS: 3 - DISCOURSE_DEVELOPER_EMAILS: '' + ## TODO: configure connectivity to the databases DISCOURSE_DB_SOCKET: '' + #DISCOURSE_DB_USER: discourse DISCOURSE_DB_PASSWORD: SOME_SECRET - DISCOURSE_DB_HOST: YOUR_IP_ADDRESS - DISCOURSE_HOSTNAME: 'www.example.com' - DISCOURSE_REDIS_HOST: YOUR_IP_ADDRESS - # don't forget to set mail - # DISCOURSE_SMTP_ADDRESS: smtp.mandrillapp.com - # DISCOURSE_SMTP_PORT: 587 - # DISCOURSE_SMTP_USER_NAME: user@example.com - # DISCOURSE_SMTP_PASSWORD: p@ssword + DISCOURSE_DB_HOST: DB_IP_ADDRESS + DISCOURSE_REDIS_HOST: REDIS_IP_ADDRESS + ## + ## TODO: List of comma delimited emails that will be made admin and developer + ## on initial signup example 'user1@example.com, user2@example.com' + DISCOURSE_DEVELOPER_EMAILS: 'me@example.com' + ## + ## TODO: The domain name this Discourse instance will respond to + DISCOURSE_HOSTNAME: 'discourse.example.com' + ## + ## TODO: The mailserver this Discourse instance will use + DISCOURSE_SMTP_ADDRESS: smtp.example.com # (mandatory) + #DISCOURSE_SMTP_PORT: 587 # (optional) + #DISCOURSE_SMTP_USER_NAME: user@example.com # (optional) + #DISCOURSE_SMTP_PASSWORD: pa$$word # (optional) + ## + ## The CDN address for this Discourse instance (configured to pull) + #DISCOURSE_CDN_URL: //discourse-cdn.example.com volumes: - volume: host: /var/discourse/shared/web-only guest: /shared -volumes: - volume: host: /var/discourse/shared/web-only/log/var-log guest: /var/log -# you may use the docker manager to upgrade and monitor your docker image -# UI will be visible at http://yoursite.com/admin/docker +## The docker manager plugin allows you to one-click upgrade Discouse +## http://discourse.example.com/admin/docker hooks: -# you may import your key using launchpad if needed -#after_sshd: -# - exec: ssh-import-id some-user after_code: - exec: cd: $home/plugins cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git + +## Remember, this is YAML syntax - you can only have one block with a name +run: + - exec: echo "Beginning of custom commands" + + ## If you want to configure password login for root, uncomment and change: + #- exec: apt-get -y install whois # for mkpasswd + ## Use only one of the following lines: + #- exec: /usr/sbin/usermod -p 'PASSWORD_HASH' root + #- exec: /usr/sbin/usermod -p "$(mkpasswd -m sha-256 'RAW_PASSWORD')" root + + ## If you want to authorized additional users, uncomment and change: + #- exec: ssh-import-id username + #- exec: ssh-import-id anotherusername + + - exec: echo "End of custom commands" + - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' diff --git a/templates/postgres.template.yml b/templates/postgres.template.yml index d5b9612..0976803 100644 --- a/templates/postgres.template.yml +++ b/templates/postgres.template.yml @@ -13,6 +13,7 @@ hooks: run: # temporary + - exec: apt-get update - exec: apt-get install -y socat - exec: mkdir -p /shared/postgres_run - exec: chown postgres:postgres /shared/postgres_run @@ -28,7 +29,7 @@ run: contents: | #!/bin/sh exec 2>&1 - exec sudo -u postgres /usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main + exec su - postgres -c '/usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main' - file: path: /root/upgrade_postgres chmod: "+x" @@ -165,27 +166,17 @@ run: - exec: background: true - cmd: "sudo -u postgres /usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main" + cmd: su - postgres -c '/usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main' # give db a few secs to start up - exec: "sleep 5" - - exec: sudo -u postgres createdb discourse || exit 0 - - exec: - stdin: | - create user discourse; - cmd: sudo -u postgres psql discourse - raise_on_fail: false - - - exec: - stdin: | - grant all privileges on database discourse to discourse; - cmd: sudo -u postgres psql discourse - raise_on_fail: false - - - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "alter schema public owner to discourse;"' - - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "create extension if not exists hstore;"' - - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "create extension if not exists pg_trgm;"' + - exec: su postgres -c 'createdb discourse' || true + - exec: su postgres -c 'psql discourse -c "create user discourse;"' || true + - exec: su postgres -c 'psql discourse -c "grant all privileges on database discourse to discourse;"' || true + - exec: su postgres -c 'psql discourse -c "alter schema public owner to discourse;"' + - exec: su postgres -c 'psql discourse -c "create extension if not exists hstore;"' + - exec: su postgres -c 'psql discourse -c "create extension if not exists pg_trgm;"' - file: path: /var/lib/postgresql/take-database-backup @@ -203,7 +194,7 @@ run: contents: | # m h dom mon dow command #MAILTO=? - 0 */4 * * * /var/lib/postgresql/take-database-backup + #0 */4 * * * /var/lib/postgresql/take-database-backup - exec: hook: postgres diff --git a/templates/redis.template.yml b/templates/redis.template.yml index 3a17264..8cea623 100644 --- a/templates/redis.template.yml +++ b/templates/redis.template.yml @@ -5,7 +5,7 @@ run: contents: | #!/bin/sh exec 2>&1 - exec sudo -u redis /usr/bin/redis-server /etc/redis/redis.conf + exec su - redis -s /bin/bash -c '/usr/bin/redis-server /etc/redis/redis.conf' - replace: filename: "/etc/redis/redis.conf" @@ -39,7 +39,7 @@ hooks: before_code: - exec: background: true - cmd: "sudo -u redis /usr/bin/redis-server /etc/redis/redis.conf" + cmd: su - redis -s /bin/bash -c '/usr/bin/redis-server /etc/redis/redis.conf' after_code: - replace: filename: /etc/service/unicorn/run diff --git a/templates/web.template.yml b/templates/web.template.yml index 7579b50..6263a10 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -42,7 +42,7 @@ run: # postgres cd $home chown -R discourse:www-data /shared/log/rails - exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb + LD_PRELOAD=/usr/lib/libjemalloc.so.1 exec su discourse -c 'bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb' - file: path: /etc/service/nginx/run @@ -65,24 +65,13 @@ run: - git checkout $version - mkdir -p tmp/pids - mkdir -p tmp/sockets - - mkdir -p /shared/log/rails - - mkdir -p /shared/uploads - - mkdir -p /shared/backups - touch tmp/.gitkeep - - touch /shared/log/rails/production.log - - touch /shared/log/rails/production_errors.log - - touch /shared/log/rails/unicorn.stdout.log - - touch /shared/log/rails/unicorn.stderr.log - - ln -s /shared/log/rails/production.log $home/log/production.log - - ln -s /shared/log/rails/production_errors.log $home/log/production_errors.log - - ln -s /shared/log/rails/unicorn.stdout.log $home/log/unicorn.stdout.log - - ln -s /shared/log/rails/unicorn.stderr.log $home/log/unicorn.stderr.log - - ln -s /shared/uploads $home/public/uploads - - ln -s /shared/backups $home/public/backups - - chown -R discourse:www-data /shared/log/rails - - chown -R discourse:www-data /shared/uploads - - chown -R discourse:www-data /shared/backups - - chown -R discourse:www-data $home/log + - mkdir -p /shared/log/rails + - bash -c "touch /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log" + - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log" + - bash -c "mkdir -p /shared/{uploads,backups}" + - bash -c "ln -s /shared/{uploads,backups} $home/public" + - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups - exec: cmd: @@ -123,9 +112,9 @@ run: # ensure we are on latest bundler - gem update bundler - chown -R discourse $home - - sudo -E -u discourse bundle install --deployment --verbose --without test --without development - - sudo -E -u discourse bundle exec rake db:migrate - - sudo -E -u discourse bundle exec rake assets:precompile + - su discourse -c 'bundle install --deployment --verbose --without test --without development' + - su discourse -c 'bundle exec rake db:migrate' + - su discourse -c 'bundle exec rake assets:precompile' - file: path: /usr/local/bin/discourse -- 2.25.1