#95 Add dockerfiles
Opened 9 months ago by nerdsville. Modified 9 months ago
nerdsville/elections feature/add_prod_dockerfile  into  develop

Add production docker-compose
Josh Santos • 9 months ago  
Rename development docker-compose
Josh Santos • 9 months ago  
Let group stand alone
Josh Santos • 9 months ago  
Add dev dockerfile and docker-compose
Josh Santos • 9 months ago  
Add command to createdb
Josh Santos • 9 months ago  
Add initial entrypoint
Josh Santos • 9 months ago  
Add prod dockerfile
Josh Santos • 9 months ago  
Update prod dependency list
Josh Santos • 9 months ago  
file added
+57
@@ -0,0 +1,57 @@ 

+ FROM fedora:latest

+ 

+ ENV ENV production

+ ENV DATADIR /opt/elections/data

+ ENV SERVERNAME fedora-elections

+ 

+ RUN dnf -y update && \

+     dnf -y install gettext\

+         httpd \

+         libxslt \

+         mod_wsgi \

+         python \

+         python-arrow \

+         python-chardet \

+         python-fasjson-client \

+         python-fedora \

+         python-fedora-flask \

+         python-fedora-messaging \

+         python-flask \

+         python-flask-oidc \

+         python-flask-sqlalchemy \

+         python-flask-wtf \

+         python-jinja2 \

+         python-kitchen \

+         python-lxml \

+         python-openid \

+         python-setuptools \

+         python-simplejson \

+         python-six \

+         python-sqlalchemy \

+         python-urllib3 \

+         python-wtforms && \

+     mkdir /etc/fedora-elections && \

+     mkdir -p /opt/elections/data/fedora_elections && \

+     pip install fedora_elections_messages

+ 

+ COPY files/fedora-elections.conf /etc/httpd/conf.d/fedora-elections.conf.sample

+ 

+ # Replace env vars in apache config

+ RUN cat /etc/httpd/conf.d/fedora-elections.conf.sample | \

+     envsubst > /etc/httpd/conf.d/fedora-elections.conf

+ 

+ COPY files/fedora-elections.wsgi ${DATADIR}/fedora_elections

+ COPY files/fedora-elections.cfg /etc/fedora-elections

+ COPY fedora_elections/static ${DATADIR}/static

+ 

+ WORKDIR /opt/elections

+ 

+ COPY docker-entrypoint.sh /usr/local/bin/

+ COPY . .

+ 

+ RUN pip install .

+ 

+ EXPOSE 80

+ 

+ ENTRYPOINT [ "docker-entrypoint.sh" ]

+ CMD [ "httpd", "-D", "FOREGROUND" ]

file modified
+6 -5
@@ -73,25 +73,26 @@ 

  

  * `httpd`

  * `libxslt`

+ * `mod-wsgi`

  * `python`

- * `python-backports-ssl_match_hostname`

- * `python-bunch`

+ * `python-arrow`

  * `python-chardet`

+ * `python-fasjson-client`

  * `python-fedora`

  * `python-fedora-flask`

+ * `python-fedora-messaging`

  * `python-flask`

+ * `python-flask-oidc`

  * `python-flask-sqlalchemy`

  * `python-flask-wtf`

  * `python-jinja2`

  * `python-kitchen`

  * `python-lxml`

  * `python-openid`

- * `python-ordereddict`

- * `python-ordereddict`

  * `python-setuptools`

  * `python-simplejson`

  * `python-six`

- * `python-sqlalchemy0.7`

+ * `python-sqlalchemy`

  * `python-urllib3`

  * `python-wtforms`

  

file added
+38
@@ -0,0 +1,38 @@ 

+ FROM fedora:latest

+ 

+ ARG USERNAME=dev

+ ARG GROUP=dev

+ ARG USER_UID=1000

+ ARG USER_GID=1000

+ 

+ RUN groupadd -g ${USER_GID} ${GROUP} && \

+     useradd -u ${USER_UID} -g ${GROUP} ${USERNAME}

+ 

+ ENV ENV development

+ ENV BASE_DIR /opt/dev

+ ENV APP_DIR ${BASE_DIR}/elections

+ 

+ RUN dnf -y update && \

+     dnf -y install python \

+         python-devel \

+         git \

+         krb5-devel \

+         open-sans-fonts \

+         gcc \

+         python-devel \

+         python3.6 \

+         python3.7 \

+         python3.8 \

+         tox

+ 

+ COPY docker-entrypoint.sh /usr/local/bin

+ 

+ USER dev

+ WORKDIR ${APP_DIR}

+ 

+ COPY . .

+ RUN pip install --user -r requirements.txt

+ 

+ ENTRYPOINT ["docker-entrypoint.sh"]

+ 

+ CMD [ "python", "runserver.py", "--host", "0.0.0.0" ]

@@ -0,0 +1,9 @@ 

+ version: '3'

+ services:

+   app:

+     build: .

+     dockerfile: dev.Dockerfile

+     ports:

+       - 5005:5005

+     volumes:

+       - .:/opt/dev/elections

file added
+6
@@ -0,0 +1,6 @@ 

+ version: '3'

+ services:

+   app:

+     build: .

+     ports:

+       - 5005:5005

file added
+20
@@ -0,0 +1,20 @@ 

+ #!/usr/bin/env bash

+ 

+ python createdb.py

+ 

+ if [ ! "$ENV" = "development" ]; then

+ 	exec "$@"

+ fi

+ 

+ if [ ! -f client_secrets.json ]; then

+ 	oidc-register https://iddev.fedorainfracloud.org/ http://localhost:5005

+ fi

+ 

+ if [ ! -f config ]; then

+ 	cat > config <<-EOL

+ 	OIDC_ID_TOKEN_COOKIE_SECURE = False

+ 	OIDC_REQUIRE_VERIFIED_EMAIL = False 

+ 	EOL

+ fi

+ 

+ exec "$@"

file modified
+1 -1
@@ -63,7 +63,7 @@ 

  logging.config.dictConfig(APP.config.get("LOGGING") or {"version": 1})

  LOG = APP.logger

  

- APP.wsgi_app = fedora_elections.proxy.ReverseProxied(APP.wsgi_app)

+ APP.wsgi_app = proxy.ReverseProxied(APP.wsgi_app)

  

  if APP.config.get('FASJSON'):

      ACCOUNTS = Client(

file modified
+24 -23
@@ -2,26 +2,27 @@ 

  #

  # Adjust as needed, including replacing @DATADIR@ by what it should be

  

- #Alias /fedora-elections/images @DATADIR@/fedora_elections/images

- #Alias /fedora-elections/static @DATADIR@/fedora_elections/static

- #

- #WSGIDaemonProcess fedora-elections user=apache group=apache maximum-requests=1000 display-name=fedora-elections  processes=2 threads=1

- #WSGISocketPrefix run/wsgi

- #WSGIRestrictStdout On

- #WSGIRestrictSignal Off

- #WSGIPythonOptimize 1

- #

- #WSGIScriptAlias /voting @DATADIR@/fedora_elections/fedora-elections.wsgi

- #

- #<Location />

- #    WSGIProcessGroup fedora-elections

- #    <IfModule mod_authz_core.c>

- #        # Apache 2.4

- #        Require all granted

- #    </IfModule>

- #    <IfModule !mod_authz_core.c>

- #         # Apache 2.2

- #        Order deny,allow

- #        Allow from all

- #    </IfModule>

- #</Location>

+ ServerName $SERVERNAME

+ Alias /fedora-elections/static/images $DATADIR/fedora_elections/images

+ Alias /fedora-elections/static $DATADIR/fedora_elections/static

+ 

+ WSGIDaemonProcess fedora-elections user=apache group=apache maximum-requests=1000 display-name=fedora-elections  processes=2 threads=1

+ WSGISocketPrefix run/wsgi

+ WSGIRestrictStdout On

+ WSGIRestrictSignal Off

+ WSGIPythonOptimize 1

+ 

+ WSGIScriptAlias /voting $DATADIR/fedora_elections/fedora-elections.wsgi

+ 

+ <Location />

+     WSGIProcessGroup fedora-elections

+     <IfModule mod_authz_core.c>

+         # Apache 2.4

+         Require all granted

+     </IfModule>

+     <IfModule !mod_authz_core.c>

+          # Apache 2.2

+         Order deny,allow

+         Allow from all

+     </IfModule>

+ </Location>

file modified
+1 -1
@@ -16,4 +16,4 @@ 

  ## as a python module (for example if you run it from a git clone).

  #sys.path.insert(0, '/path/to/fedora_elections/')

  

- from fedora_elections import app as application

+ from fedora_elections import APP as application

While starting on the work to bring in a Jenkinsfile for https://pagure.io/elections/issue/93, I noticed there isn't a production ready Dockerfile. This could be helpful if down the line this app gets deployed as a container.

As such, I have started to bring in a proof of concept of a production Dockerfile, development dev.Dockerfile, and docker-compose.development.yaml in this PR.

Feel free to decline if this is not needed.

Caveats:

  • envsubst is probably suboptimal, other suggestions would be great
  • Production image is not currently rootless

Questions:

  • Is createdb.py idempotent?

1 new commit added

  • Add initial entrypoint
9 months ago

1 new commit added

  • Add command to createdb
9 months ago

To avoid spamming with PR's, I put all the work related to docker here. We can slice, dice, adjust, and remove anything as is seen fit.

CC: @pingou @bcotton

1 new commit added

  • Add dev dockerfile and docker-compose
9 months ago

1 new commit added

  • Let group stand alone
9 months ago

2 new commits added

  • Add production docker-compose
  • Rename development docker-compose
9 months ago

Should we add the dockerfile to the develop and production branches separately? IOW, instead of having both files in the repo, the develop branch has the dev dockerfile and the production branch has the prod dockerfile? This seems like it fits the historical use of this repo better (although I'm not entirely sure I love that) and would in theory mean we're not editing the same file twice when we need to tweak it (assuming we can cleanly merge the changes)

@bcotton I am not sure I quite understand, but having the dev dockerfile on the develop branch only, wouldn't that make releases a bit more difficult (as now we need to exclude files on release to master). Normally of projects I've worked on, the prod dockerfile, and development dockerfile are in the same repository (and in some cases are the same file entirely).

This PR just serves to provide a starting point for "dockerizing" the app, and we can modify it, remove stuff, change stuff, etc prior to merging.

Hope this helps

elections currently uses s2i to be deployed. Is there a way we could leverage this in the test environment?
For example, in prod election doesn't use apache but nginx.