PR#95: Add dockerfiles - elections

		`@@ -0,0 +1,57 @@`
		`+ FROM fedora:latest`
		`+`
		`+ ENV ENV production`
		`+ ENV DATADIR /opt/elections/data`
		`+ ENV SERVERNAME fedora-elections`
		`+`
		`+ RUN dnf -y update && \`
		`+ dnf -y install gettext\`
		`+ httpd \`
		`+ libxslt \`
		`+ mod_wsgi \`
		`+ python \`
		`+ python-arrow \`
		`+ python-chardet \`
		`+ python-fasjson-client \`
		`+ python-fedora \`
		`+ python-fedora-flask \`
		`+ python-fedora-messaging \`
		`+ python-flask \`
		`+ python-flask-oidc \`
		`+ python-flask-sqlalchemy \`
		`+ python-flask-wtf \`
		`+ python-jinja2 \`
		`+ python-kitchen \`
		`+ python-lxml \`
		`+ python-openid \`
		`+ python-setuptools \`
		`+ python-simplejson \`
		`+ python-six \`
		`+ python-sqlalchemy \`
		`+ python-urllib3 \`
		`+ python-wtforms && \`
		`+ mkdir /etc/fedora-elections && \`
		`+ mkdir -p /opt/elections/data/fedora_elections && \`
		`+ pip install fedora_elections_messages`
		`+`
		`+ COPY files/fedora-elections.conf /etc/httpd/conf.d/fedora-elections.conf.sample`
		`+`
		`+ # Replace env vars in apache config`
		`+ RUN cat /etc/httpd/conf.d/fedora-elections.conf.sample \| \`
		`+ envsubst > /etc/httpd/conf.d/fedora-elections.conf`
		`+`
		`+ COPY files/fedora-elections.wsgi ${DATADIR}/fedora_elections`
		`+ COPY files/fedora-elections.cfg /etc/fedora-elections`
		`+ COPY fedora_elections/static ${DATADIR}/static`
		`+`
		`+ WORKDIR /opt/elections`
		`+`
		`+ COPY docker-entrypoint.sh /usr/local/bin/`
		`+ COPY . .`
		`+`
		`+ RUN pip install .`
		`+`
		`+ EXPOSE 80`
		`+`
		`+ ENTRYPOINT [ "docker-entrypoint.sh" ]`
		`+ CMD [ "httpd", "-D", "FOREGROUND" ]`

README.md

file modified

+6 -5

		`@@ -73,25 +73,26 @@`

		* `httpd`
		* `libxslt`
		+ * `mod-wsgi`
		* `python`
		- * `python-backports-ssl_match_hostname`
		- * `python-bunch`
		+ * `python-arrow`
		* `python-chardet`
		+ * `python-fasjson-client`
		* `python-fedora`
		* `python-fedora-flask`
		+ * `python-fedora-messaging`
		* `python-flask`
		+ * `python-flask-oidc`
		* `python-flask-sqlalchemy`
		* `python-flask-wtf`
		* `python-jinja2`
		* `python-kitchen`
		* `python-lxml`
		* `python-openid`
		- * `python-ordereddict`
		- * `python-ordereddict`
		* `python-setuptools`
		* `python-simplejson`
		* `python-six`
		- * `python-sqlalchemy0.7`
		+ * `python-sqlalchemy`
		* `python-urllib3`
		* `python-wtforms`

dev.Dockerfile

file added

+38

		`@@ -0,0 +1,38 @@`
		`+ FROM fedora:latest`
		`+`
		`+ ARG USERNAME=dev`
		`+ ARG GROUP=dev`
		`+ ARG USER_UID=1000`
		`+ ARG USER_GID=1000`
		`+`
		`+ RUN groupadd -g ${USER_GID} ${GROUP} && \`
		`+ useradd -u ${USER_UID} -g ${GROUP} ${USERNAME}`
		`+`
		`+ ENV ENV development`
		`+ ENV BASE_DIR /opt/dev`
		`+ ENV APP_DIR ${BASE_DIR}/elections`
		`+`
		`+ RUN dnf -y update && \`
		`+ dnf -y install python \`
		`+ python-devel \`
		`+ git \`
		`+ krb5-devel \`
		`+ open-sans-fonts \`
		`+ gcc \`
		`+ python-devel \`
		`+ python3.6 \`
		`+ python3.7 \`
		`+ python3.8 \`
		`+ tox`
		`+`
		`+ COPY docker-entrypoint.sh /usr/local/bin`
		`+`
		`+ USER dev`
		`+ WORKDIR ${APP_DIR}`
		`+`
		`+ COPY . .`
		`+ RUN pip install --user -r requirements.txt`
		`+`
		`+ ENTRYPOINT ["docker-entrypoint.sh"]`
		`+`
		`+ CMD [ "python", "runserver.py", "--host", "0.0.0.0" ]`

development.docker-compose.yml

file added

		`@@ -0,0 +1,9 @@`
		`+ version: '3'`
		`+ services:`
		`+ app:`
		`+ build: .`
		`+ dockerfile: dev.Dockerfile`
		`+ ports:`
		`+ - 5005:5005`
		`+ volumes:`
		`+ - .:/opt/dev/elections`

docker-compose.yml

file added

		`@@ -0,0 +1,6 @@`
		`+ version: '3'`
		`+ services:`
		`+ app:`
		`+ build: .`
		`+ ports:`
		`+ - 5005:5005`

docker-entrypoint.sh

file added

+20

		`@@ -0,0 +1,20 @@`
		`+ #!/usr/bin/env bash`
		`+`
		`+ python createdb.py`
		`+`
		`+ if [ ! "$ENV" = "development" ]; then`
		`+ exec "$@"`
		`+ fi`
		`+`
		`+ if [ ! -f client_secrets.json ]; then`
		`+ oidc-register https://iddev.fedorainfracloud.org/ http://localhost:5005`
		`+ fi`
		`+`
		`+ if [ ! -f config ]; then`
		`+ cat > config <<-EOL`
		`+ OIDC_ID_TOKEN_COOKIE_SECURE = False`
		`+ OIDC_REQUIRE_VERIFIED_EMAIL = False`
		`+ EOL`
		`+ fi`
		`+`
		`+ exec "$@"`

fedora_elections/__init__.py

file modified

+1 -1

		`@@ -63,7 +63,7 @@`
		`logging.config.dictConfig(APP.config.get("LOGGING") or {"version": 1})`
		`LOG = APP.logger`

		`- APP.wsgi_app = fedora_elections.proxy.ReverseProxied(APP.wsgi_app)`
		`+ APP.wsgi_app = proxy.ReverseProxied(APP.wsgi_app)`

		`if APP.config.get('FASJSON'):`
		`ACCOUNTS = Client(`

files/fedora-elections.conf

file modified

+24 -23

		`@@ -2,26 +2,27 @@`
		`#`
		`# Adjust as needed, including replacing @DATADIR@ by what it should be`

		`- #Alias /fedora-elections/images @DATADIR@/fedora_elections/images`
		`- #Alias /fedora-elections/static @DATADIR@/fedora_elections/static`
		`- #`
		`- #WSGIDaemonProcess fedora-elections user=apache group=apache maximum-requests=1000 display-name=fedora-elections processes=2 threads=1`
		`- #WSGISocketPrefix run/wsgi`
		`- #WSGIRestrictStdout On`
		`- #WSGIRestrictSignal Off`
		`- #WSGIPythonOptimize 1`
		`- #`
		`- #WSGIScriptAlias /voting @DATADIR@/fedora_elections/fedora-elections.wsgi`
		`- #`
		`- #<Location />`
		`- # WSGIProcessGroup fedora-elections`
		`- # <IfModule mod_authz_core.c>`
		`- # # Apache 2.4`
		`- # Require all granted`
		`- # </IfModule>`
		`- # <IfModule !mod_authz_core.c>`
		`- # # Apache 2.2`
		`- # Order deny,allow`
		`- # Allow from all`
		`- # </IfModule>`
		`- #</Location>`
		`+ ServerName $SERVERNAME`
		`+ Alias /fedora-elections/static/images $DATADIR/fedora_elections/images`
		`+ Alias /fedora-elections/static $DATADIR/fedora_elections/static`
		`+`
		`+ WSGIDaemonProcess fedora-elections user=apache group=apache maximum-requests=1000 display-name=fedora-elections processes=2 threads=1`
		`+ WSGISocketPrefix run/wsgi`
		`+ WSGIRestrictStdout On`
		`+ WSGIRestrictSignal Off`
		`+ WSGIPythonOptimize 1`
		`+`
		`+ WSGIScriptAlias /voting $DATADIR/fedora_elections/fedora-elections.wsgi`
		`+`
		`+ <Location />`
		`+ WSGIProcessGroup fedora-elections`
		`+ <IfModule mod_authz_core.c>`
		`+ # Apache 2.4`
		`+ Require all granted`
		`+ </IfModule>`
		`+ <IfModule !mod_authz_core.c>`
		`+ # Apache 2.2`
		`+ Order deny,allow`
		`+ Allow from all`
		`+ </IfModule>`
		`+ </Location>`

files/fedora-elections.wsgi

file modified

+1 -1

		`@@ -16,4 +16,4 @@`
		`## as a python module (for example if you run it from a git clone).`
		`#sys.path.insert(0, '/path/to/fedora_elections/')`

		`- from fedora_elections import app as application`
		`+ from fedora_elections import APP as application`

nerdsville commented 3 years ago

While starting on the work to bring in a Jenkinsfile for https://pagure.io/elections/issue/93, I noticed there isn't a production ready Dockerfile. This could be helpful if down the line this app gets deployed as a container.

As such, I have started to bring in a proof of concept of a production Dockerfile, development dev.Dockerfile, and docker-compose.development.yaml in this PR.

Feel free to decline if this is not needed.

Caveats:

envsubst is probably suboptimal, other suggestions would be great
Production image is not currently rootless

Questions:

Is createdb.py idempotent?

1 new commit added

Add initial entrypoint

3 years ago

1 new commit added

Add command to createdb

3 years ago

nerdsville commented 3 years ago

To avoid spamming with PR's, I put all the work related to docker here. We can slice, dice, adjust, and remove anything as is seen fit.

CC: @pingou @bcotton

1 new commit added

Add dev dockerfile and docker-compose

3 years ago

1 new commit added

Let group stand alone

3 years ago

2 new commits added

Add production docker-compose
Rename development docker-compose

3 years ago

bcotton commented 3 years ago

Should we add the dockerfile to the develop and production branches separately? IOW, instead of having both files in the repo, the develop branch has the dev dockerfile and the production branch has the prod dockerfile? This seems like it fits the historical use of this repo better (although I'm not entirely sure I love that) and would in theory mean we're not editing the same file twice when we need to tweak it (assuming we can cleanly merge the changes)

nerdsville commented 3 years ago

@bcotton I am not sure I quite understand, but having the dev dockerfile on the develop branch only, wouldn't that make releases a bit more difficult (as now we need to exclude files on release to master). Normally of projects I've worked on, the prod dockerfile, and development dockerfile are in the same repository (and in some cases are the same file entirely).

This PR just serves to provide a starting point for "dockerizing" the app, and we can modify it, remove stuff, change stuff, etc prior to merging.

Hope this helps

pingou commented 3 years ago

elections currently uses s2i to be deployed. Is there a way we could leverage this in the test environment?
For example, in prod election doesn't use apache but nginx.