refs #7442 Reprepro, debuild fixes & refactor, push script, README improved

README.md

@@ -1,47 +1,25 @@
-# Docker
+# Verdnatura Docker images
 
 Dockerfile and compose files used as basis for service deployment.
 
-## Prepare environment
+To build, tag and push an image you can use the provided *push.sh* script.
 
-```
-registry=[registryUrl]
-image=[imageName]
-tag=[versionTag]
-```
+## Registry authentication
 
-## Build image
-
-Build the image with *latest* tag.
-```
-docker build -t $registry/$image $image
-```
-
-Tag the image with version.
-```
-docker tag $registry/$image $registry/$image:$tag
-```
-
-Test image locally
-```
-docker run --name test $registry/$image:$tag
-```
-
-## Push image
-
-Login into docker registry (If it's the first time or you are not saving credentials).
+Login into docker registry, if you don't logout, credentials will remain saved
+in your home directory.
 ```
 docker login $registry
 ```
 
-Push the *latest* image and version tag.
-```
-docker push $registry/$image
-docker push $registry/$image:$tag
-```
-
-Logout from docker registry (If you don't logout, credentials will remain saved
-in your home directory).
+Logout from docker registry.
 ```
 docker logout $registry
 ```
+
+## Test image
+
+Run image locally.
+```
+docker run --name test $registry/$image:$tag
+```

debuild/Dockerfile

@@ -7,7 +7,6 @@ RUN apt-get update \
         build-essential \
         debhelper \
         devscripts \
-        reprepro \
         sudo
 
 RUN apt-get update \
@@ -22,10 +21,9 @@ RUN apt-get update \
     && npm install -g npm
 
 RUN groupadd -g 1000 jenkins \
-    && useradd -d /var/jenkins_home -u 1000 -g 1000 -m -s /bin/bash jenkins \
+    && useradd -d /home/jenkins -u 1000 -g 1000 -m -s /bin/bash jenkins \
     && echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins \
-    && mkdir /reprepro
+    && mkdir -p /home/jenkins/agent/workspace \
+    && chown -R jenkins:jenkins /home/jenkins/agent
 
-VOLUME ["/reprepro"]
-
-COPY vn-includedeb /usr/bin/
+USER jenkins

mrbs/kube-compose.yml

@@ -1,162 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: mrbs
-  labels:
-    app: mrbs
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: mrbs.verdnatura.es
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: mrbs
-            port:
-              number: 80
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: mrbs
-  labels:
-    app: mrbs
-spec:
-  ports:
-    - port: 80
-      targetPort: 80
-  selector:
-    app: mrbs
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mrbs
-  labels:
-    app: mrbs
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mrbs
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: mrbs
-    spec:
-      containers:
-        - image: registry.verdnatura.es/mrbs:1.11.2-vn1
-          name: main
-          ports:
-            - containerPort: 80
-          resources:
-            limits:
-              memory: 1Gi
-          volumeMounts:
-            - name: secret
-              mountPath: /var/www/html/web/config.inc.php
-              subPath: config.inc.php
-      restartPolicy: Always
-      imagePullSecrets:
-        - name: regcred
-      volumes:
-        - name: secret
-          secret:
-            secretName: mrbs.config
-            defaultMode: 420
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: mrbs-db
-  labels:
-    app: mrbs-db
-spec:
-  type: NodePort
-  ports:
-    - port: 3306
-      targetPort: 3306
-  selector:
-    io.kompose.service: mrbs-db
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mrbs.db
-  labels:
-    app: mrbs
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      io.kompose.service: mrbs-db
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        io.kompose.service: mrbs-db
-    spec:
-      containers:
-        - image: mariadb:10.11.4
-          name: mrbs-db
-          args:
-            - --transaction-isolation=READ-COMMITTED
-            - --binlog-format=ROW
-            - --ignore-db-dir=lost+found
-          env:
-            - name: MYSQL_DATABASE
-              value: mrbs
-            - name: MYSQL_USER
-              value: mrbs
-            - name: MYSQL_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: mrbs.env
-                  key: MYSQL_PASSWORD
-            - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: mrbs.env
-                  key: MYSQL_ROOT_PASSWORD
-          ports:
-            - containerPort: 3306
-          resources:
-            limits:
-              memory: 500Mi
-          volumeMounts:
-            - mountPath: /var/lib/mysql
-              name: db
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-      restartPolicy: Always
-      volumes:
-        - name: db
-          persistentVolumeClaim:
-            claimName: mrbs.db
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-            type: File
-            readOnly: true
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: mrbs.db
-  labels:
-    app: mrdb
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi
-  storageClassName: csi-rbd-ssd-sc
-  volumeMode: Filesystem

portainer/docker-compose.yml

@@ -1,44 +0,0 @@
-version: '3.2'
-services:
-  agent:
-    image: portainer/agent:2.17.1
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /var/lib/docker/volumes:/var/lib/docker/volumes
-      - /var/lib/rexray/volumes:/var/lib/rexray/volumes
-    networks:
-      - agent
-    deploy:
-      mode: global
-      placement:
-        constraints: [node.platform.os == linux]
-      resources:
-        limits:
-          memory: 500M
-  main:
-    image: portainer/portainer-ce:2.17.1
-    command: -H tcp://tasks.agent:9001 --tlsskipverify
-    ports:
-      - "80:9000"
-      - "8000:8000"
-    volumes:
-      - data:/data
-    networks:
-      - agent
-    deploy:
-      mode: replicated
-      replicas: 1
-      placement:
-        constraints: [node.role == manager]
-      resources:
-        limits:
-          memory: 2G
-networks:
-  agent:
-    driver: overlay
-    attachable: true
-volumes:
-  data:
-    driver: rexray
-    driver_opts:
-      size: 4

push.conf

@@ -0,0 +1,2 @@
+registry="registry.verdnatura.es/verdnatura"
+revisionPrefix="vn"

push.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+
+MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$MY_DIR/push.conf"
+
+# Prepare the environment
+
+image=$1
+version=$2
+revision=$3
+
+if [[ -z "$image" || -z "$version" ]]; then
+    echo "Usage: $0 <image> <version> [<revision>]"
+    exit 1
+fi
+
+tag="$version"
+if [ ! -z "$revision" ]; then
+    tag="$tag-$revisionPrefix$revision"
+fi
+
+fullImage="$registry/$image"
+latestImage="$fullImage:latest"
+taggedImage="$fullImage:$tag"
+
+echo "Image: $taggedImage"
+read -p "Continue? (Default: no) [y|n]: " ANSWER
+if [ "$ANSWER" != "y" ]; then
+    echo "Aborting push."
+    exit 3
+fi
+
+# Build and tag the image
+
+docker build -t "$latestImage" "$image"
+docker tag "$latestImage" "$taggedImage"
+
+# Push the built image
+
+docker push "$latestImage"
+docker push "$taggedImage"

reprepro/Dockerfile

@@ -12,12 +12,20 @@ RUN apt-get update \
     && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \
     && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"
 
-COPY apache.conf /etc/apache2/conf-enabled/reprepro.conf
-
-WORKDIR /reprepro
-COPY entrypoint.sh ./
-
+WORKDIR /var/lib/reprepro
 EXPOSE 80
 
-ENTRYPOINT [ "/reprepro/entrypoint.sh" ]
+RUN groupadd -g 600 reprepro \
+    && useradd -d /var/lib/reprepro -u 600 -g 600 -m -s /bin/bash reprepro
+
+COPY apache-conf.conf /etc/apache2/conf-available/reprepro.conf
+COPY apache-site.conf /etc/apache2/sites-available/reprepro.conf
+
+RUN a2enconf reprepro \
+    && a2ensite reprepro \
+    && a2dissite 000-default
+
+COPY entrypoint.sh /
+
+ENTRYPOINT [ "/entrypoint.sh" ]
 CMD ["apachectl", "-D", "FOREGROUND"]

reprepro/README.md

@@ -0,0 +1,7 @@
+# Reprepro docker image
+
+APT server using Reprepro and Apache HTTP server.
+
+## Links
+
+* https://github.com/bbinet/docker-reprepro

reprepro/apache-conf.conf

@@ -0,0 +1,8 @@
+<Directory /var/lib/reprepro/repo>
+	Options Indexes 
+	Options +FollowSymLinks
+	AllowOverride None
+	Order Allow,Deny
+	Allow From All
+	Require all granted
+</Directory>

reprepro/apache-site.conf

@@ -0,0 +1,3 @@
+<VirtualHost *:80>
+	DocumentRoot /var/lib/reprepro/repo/
+</VirtualHost>

reprepro/apache.conf

@@ -1,13 +0,0 @@
-<Directory /var/www/html>
-	Options Indexes 
-	Options +FollowSymLinks
-	AllowOverride None
-	Order Allow,Deny
-	Allow From All
-	Require all granted
-</Directory>
-<Directory /var/www/html/.gnupg>
-	Order Deny,Allow
-	Deny From All
-	Require all denied
-</Directory>