From e15049635715dbbcc54d9046fd281f8ee7b1bdea Mon Sep 17 00:00:00 2001 From: Josef Skladanka Date: Apr 03 2020 09:03:54 +0000 Subject: Multistage Dockerfile, random fixex Creates a multistage Dockerfile in order to make "clean" deployment image possible. Also changes CLIEN_SECRETS envvar handling to a more sane approach. Signed-off-by: Frantisek Zatloukal --- diff --git a/Dockerfile b/Dockerfile index 1230284..6ca2ee7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,14 @@ -FROM fedora:32 +FROM fedora:32 AS builder +USER root + +RUN dnf -y install rpm-build pyp2rpm make git redhat-lsb-core + +COPY . /opt/app-root/src/oraculum/ + +RUN cd /opt/app-root/src/oraculum/ && make clean && make dockerdeps + + +FROM fedora:32 AS deployment LABEL \ name="Oraculum" \ vendor="Fedora QE" \ @@ -9,13 +19,14 @@ LABEL \ USER root -RUN dnf -y install findutils rpm-build pyp2rpm make git redhat-lsb-core \ - python3-pip python3-mod_wsgi python3-pycurl python3-setuptools python3-psycopg2 +RUN dnf -y install findutils python3-pip python3-setuptools python3-psycopg2 python3-mod_wsgi -COPY . /opt/app-root/src/oraculum/ +# install dependencies extracted from setup.py and specfile +COPY --from=builder /opt/app-root/src/oraculum/build/Dockerbuild/install_requires.list /opt/app-root/src/oraculum/ +RUN cat /opt/app-root/src/oraculum/install_requires.list | xargs -d '\n' dnf -y install && dnf clean all -RUN cd /opt/app-root/src/oraculum/ && make archive -RUN cd /opt/app-root/src/oraculum/ && make dockerdeps | xargs -d '\n' dnf -y install +# copy sources to the container +COPY --from=builder /opt/app-root/src/oraculum/build/Dockerbuild/src/ /opt/app-root/src/oraculum/ # install using --no-deps option to ensure nothing comes from PyPi RUN pip3 install --no-deps /opt/app-root/src/oraculum/ @@ -38,17 +49,13 @@ RUN install -p -m 0644 /opt/app-root/src/oraculum/alembic.ini /usr/share/oraculu RUN cp -a /opt/app-root/src/oraculum/alembic /usr/share/oraculum/alembic RUN chmod -R 0755 /usr/share/oraculum/alembic -# clean up -RUN rm -rf /opt/app-root/src/oraculum \ - && dnf -y autoremove findutils rpm-build \ - && dnf clean all - # EXPOSE 5005/tcp EXPOSE 5005 #RUN echo "SECRET_KEY = '`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1`'" >> /etc/oraculum/settings.py #RUN echo "SQLALCHEMY_DATABASE_URI = 'sqlite:////var/tmp/oraculum.sqlite'" >> /etc/oraculum/settings.py -RUN echo "OIDC_CLIENT_SECRETS = '/etc/oraculum/client_secrets.json'" >> /etc/oraculum/settings.py +#RUN install -p -m 0644 /opt/app-root/src/oraculum/conf/client_secrets.json.example /etc/oraculum/client_secrets.json +#RUN echo "OIDC_CLIENT_SECRETS = '/etc/oraculum/client_secrets.json'" >> /etc/oraculum/settings.py CMD [ "runserver" ] ENTRYPOINT [ "/usr/bin/container_start" ] diff --git a/Makefile b/Makefile index 266b620..376e837 100644 --- a/Makefile +++ b/Makefile @@ -50,12 +50,18 @@ update-makefile: curl --fail https://pagure.io/fedora-qa/qa-make/raw/master/f/Makefile -o Makefile.new if ! cmp Makefile Makefile.new ; then mv Makefile.new Makefile ; fi +# Parses out dependencies from setup.py and specfile into build/Dockerbuild/install_requires.lis +# Moves the product of make archive to a known location for the use within Dockerfile .PHONY: dockerdeps dockerdeps: + @mkdir -p build/Dockerbuild + @make archive @pyp2rpm -d build/$(VERSION)-$(RELEASE) build/$(VERSION)-$(RELEASE)/$(SRC)-$(VERSION).tar.gz > parsed.spec - rpm --query --requires --specfile parsed.spec - rpm --query --requires --specfile $(SPECFILE) - @rm parsed.spec + @rpm --query --requires --specfile parsed.spec > build/Dockerbuild/install_requires.list + @rpm --query --requires --specfile $(SPECFILE) >> build/Dockerbuild/install_requires.list + @tar xzf build/$(VERSION)-$(RELEASE)/$(SRC)-$(VERSION).tar.gz --directory=build/Dockerbuild/ + @mv build/Dockerbuild/$(SRC)-$(VERSION) build/Dockerbuild/src + @rm parsed.spec build/$(VERSION)-$(RELEASE)/$(SRC)-$(VERSION).tar.gz .PHONY: test .ONESHELL: test diff --git a/container_start.sh b/container_start.sh index a9b243b..6fbc692 100644 --- a/container_start.sh +++ b/container_start.sh @@ -1,7 +1,5 @@ #!/usr/bin/bash if [[ $1 == runserver ]]; then - echo $CLIENT_SECRETS > /etc/oraculum/client_secrets.json - # Prepare database oraculum init_db oraculum upgrade_db diff --git a/oraculum/config.py b/oraculum/config.py index 2544eab..2d61d1d 100644 --- a/oraculum/config.py +++ b/oraculum/config.py @@ -19,6 +19,7 @@ import os import sys +import tempfile class Config(object): DEBUG = True @@ -50,6 +51,7 @@ class ProductionConfig(Config): PRODUCTION = True DEBUG = False FORCE_CACHED_DATA = True + OIDC_CLIENT_SECRETS = '/etc/oraculum/client_secrets.json' class DevelopmentConfig(Config): @@ -75,7 +77,13 @@ def openshift_config(config_object, openshift_production): os.environ["POSTGRESQL_DATABASE"] ) config_object["SECRET_KEY"] = os.environ["SECRET_KEY"] - config_object["CLIENT_SECRETS"] = os.environ["CLIENT_SECRETS"] + + # Creates a temporary file containing the CLIENT_SECRETS data + # and sets OIDC_CLIENT_SECRETS to the files path + temp = tempfile.NamedTemporaryFile(mode="w+", delete=False) + temp.write(os.environ["CLIENT_SECRETS"]) + temp.close() + config_object["OIDC_CLIENT_SECRETS"] = temp.name except(KeyError): print("OpenShift mode enabled but required values couldn't be fetched. " "Check, if you have these variables defined in you env: " diff --git a/setup.py b/setup.py index c7483dc..98fd4d1 100644 --- a/setup.py +++ b/setup.py @@ -41,7 +41,6 @@ setup(name='oraculum', 'Flask-Sqlalchemy', 'icalendar', 'lxml', - 'mod_wsgi', 'pygments', 'python-bugzilla', 'python-dateutil',