From 00dc23f21ba52fa1d2089858d999fd4e73adc323 Mon Sep 17 00:00:00 2001 From: Steffen Schwebel Date: Thu, 27 May 2021 16:39:51 +0200 Subject: [PATCH 1/2] added new Dockerfile, to support more than one process running in docker, using s6 overlay --- docker/Dockerfile.BackgroundJob | 110 ++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 docker/Dockerfile.BackgroundJob diff --git a/docker/Dockerfile.BackgroundJob b/docker/Dockerfile.BackgroundJob new file mode 100644 index 0000000..7497975 --- /dev/null +++ b/docker/Dockerfile.BackgroundJob @@ -0,0 +1,110 @@ +FROM alpine:3.13 AS builder +LABEL maintainer="k@ndk.name" + +ARG BUILD_DEPENDENCIES="build-base \ + libffi-dev \ + libxml2-dev \ + mariadb-connector-c-dev \ + openldap-dev \ + python3-dev \ + xmlsec-dev \ + yarn \ + cargo" + + +ENV LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US.UTF-8 \ + FLASK_APP=/build/powerdnsadmin/__init__.py + +# Get dependencies +# py3-pip should not belong to BUILD_DEPENDENCIES. Otherwise, when we remove +# them with "apk del" at the end of build stage, the python requests module +# will be removed as well - (Tested with alpine:3.12 and python 3.8.5). +RUN apk add --no-cache ${BUILD_DEPENDENCIES} && \ + apk add --no-cache py3-pip + +WORKDIR /build + +# We copy just the requirements.txt first to leverage Docker cache +COPY ./requirements.txt /build/requirements.txt + +# Get application dependencies +RUN pip install --upgrade pip && \ + pip install -r requirements.txt + +# Add sources +COPY . /build + +# Prepare assets +RUN yarn install --pure-lockfile --production && \ + yarn cache clean && \ + sed -i -r -e "s|'cssmin',\s?'cssrewrite'|'cssmin'|g" /build/powerdnsadmin/assets.py && \ + flask assets build + +RUN mv /build/powerdnsadmin/static /tmp/static && \ + mkdir /build/powerdnsadmin/static && \ + cp -r /tmp/static/generated /build/powerdnsadmin/static && \ + cp -r /tmp/static/assets /build/powerdnsadmin/static && \ + cp -r /tmp/static/img /build/powerdnsadmin/static && \ + find /tmp/static/node_modules -name 'fonts' -exec cp -r {} /build/powerdnsadmin/static \; && \ + find /tmp/static/node_modules/icheck/skins/square -name '*.png' -exec cp {} /build/powerdnsadmin/static/generated \; + +RUN { \ + echo "from flask_assets import Environment"; \ + echo "assets = Environment()"; \ + echo "assets.register('js_login', 'generated/login.js')"; \ + echo "assets.register('js_validation', 'generated/validation.js')"; \ + echo "assets.register('css_login', 'generated/login.css')"; \ + echo "assets.register('js_main', 'generated/main.js')"; \ + echo "assets.register('css_main', 'generated/main.css')"; \ + } > /build/powerdnsadmin/assets.py + +# Move application +RUN mkdir -p /app && \ + cp -r /build/migrations/ /build/powerdnsadmin/ /build/run.py /app && \ + mkdir -p /app/configs && \ + cp -r /build/configs/docker_config.py /app/configs +# Also copy update scripts +RUN cp /build/update_accounts.py /build/update_zones.py /app/ + +# Cleanup +RUN pip install pip-autoremove && \ + pip-autoremove cssmin -y && \ + pip-autoremove jsmin -y && \ + pip-autoremove pytest -y -L packaging && \ + pip uninstall -y pip-autoremove && \ + apk del ${BUILD_DEPENDENCIES} + +# Build image +FROM alpine:3.13 +ARG S6_VERSION=v2.2.0.3 + +ENV FLASK_APP=/app/powerdnsadmin/__init__.py \ + USER=pda + +RUN apk add --no-cache mariadb-connector-c postgresql-client py3-gunicorn py3-psycopg2 xmlsec tzdata libcap && \ + addgroup -S ${USER} && \ + adduser -S -D -G ${USER} ${USER} && \ + mkdir /data && \ + chown ${USER}:${USER} /data && \ + setcap cap_net_bind_service=+ep $(readlink -f /usr/bin/python3) && \ + apk del libcap + +COPY --from=builder /usr/bin/flask /usr/bin/ +COPY --from=builder /usr/lib/python3.8/site-packages /usr/lib/python3.8/site-packages/ +COPY --from=builder --chown=root:${USER} /app /app/ +COPY ./docker/entrypoint.sh /usr/bin/ + +WORKDIR /app +RUN chown ${USER}:${USER} ./configs /app && \ + cat ./powerdnsadmin/default_config.py ./configs/docker_config.py > ./powerdnsadmin/docker_config.py +# Add s6 overlay, so we can manage multiple processes +ADD https://github.com/just-containers/s6-overlay/releases/download/$S6_VERSION/s6-overlay-amd64-installer /tmp/ +RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer / +RUN mkdir /etc/services.d/gunicorn && echo $'#!/usr/bin/execlineb -P\nwith-contenv\n' > /etc/services.d/gunicorn/run && echo "s6-setuidgid $USER" >> /etc/services.d/gunicorn/run && echo $'\n/usr/bin/entrypoint.sh gunicorn powerdnsadmin:create_app()' >> /etc/services.d/gunicorn/run && chmod +x /etc/services.d/gunicorn/run + +EXPOSE 80/tcp +#USER ${USER} +HEALTHCHECK CMD ["wget","--output-document=-","--quiet","--tries=1","http://127.0.0.1/"] +ENTRYPOINT ["/init"] From 700fa0d9cef57f3b0f56088432415f4af6ba2d07 Mon Sep 17 00:00:00 2001 From: Steffen Schwebel Date: Thu, 27 May 2021 21:32:00 +0200 Subject: [PATCH 2/2] add new dockerfile with s6 overlay and multiple proccesses to have background jobs updating accounts and zones --- docker/Dockerfile.BackgroundJob | 21 ++++++++++++++++++--- update_accounts.py | 6 ++++-- update_zones.py | 5 ++--- 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/docker/Dockerfile.BackgroundJob b/docker/Dockerfile.BackgroundJob index 7497975..c8b6186 100644 --- a/docker/Dockerfile.BackgroundJob +++ b/docker/Dockerfile.BackgroundJob @@ -83,7 +83,7 @@ ARG S6_VERSION=v2.2.0.3 ENV FLASK_APP=/app/powerdnsadmin/__init__.py \ USER=pda -RUN apk add --no-cache mariadb-connector-c postgresql-client py3-gunicorn py3-psycopg2 xmlsec tzdata libcap && \ +RUN apk add --no-cache mariadb-connector-c postgresql-client py3-gunicorn py3-psycopg2 xmlsec tzdata libcap apk-cron && \ addgroup -S ${USER} && \ adduser -S -D -G ${USER} ${USER} && \ mkdir /data && \ @@ -99,12 +99,27 @@ COPY ./docker/entrypoint.sh /usr/bin/ WORKDIR /app RUN chown ${USER}:${USER} ./configs /app && \ cat ./powerdnsadmin/default_config.py ./configs/docker_config.py > ./powerdnsadmin/docker_config.py + # Add s6 overlay, so we can manage multiple processes ADD https://github.com/just-containers/s6-overlay/releases/download/$S6_VERSION/s6-overlay-amd64-installer /tmp/ RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer / -RUN mkdir /etc/services.d/gunicorn && echo $'#!/usr/bin/execlineb -P\nwith-contenv\n' > /etc/services.d/gunicorn/run && echo "s6-setuidgid $USER" >> /etc/services.d/gunicorn/run && echo $'\n/usr/bin/entrypoint.sh gunicorn powerdnsadmin:create_app()' >> /etc/services.d/gunicorn/run && chmod +x /etc/services.d/gunicorn/run + +# Create service script for gunicorn +RUN mkdir /etc/services.d/gunicorn && \ + echo $'#!/usr/bin/execlineb -P\nwith-contenv\n' > /etc/services.d/gunicorn/run && \ + echo "s6-setuidgid $USER" >> /etc/services.d/gunicorn/run && \ + echo $'\n/usr/bin/entrypoint.sh gunicorn powerdnsadmin:create_app()' >> /etc/services.d/gunicorn/run && \ + chmod +x /etc/services.d/gunicorn/run + +# Create service script for cron +RUN mkdir /etc/services.d/cron && \ + echo $'#!/usr/bin/execlineb -P\ncrond -f\n' > /etc/services.d/cron/run && \ + chmod +x /etc/services.d/cron/run + +# Add crontab entries +RUN echo "*/5 * * * * python3 /app/update_zones.py" >> /etc/crontabs/$USER && \ + echo "*/5 * * * * python3 /app/update_accounts.py" >> /etc/crontabs/$USER EXPOSE 80/tcp -#USER ${USER} HEALTHCHECK CMD ["wget","--output-document=-","--quiet","--tries=1","http://127.0.0.1/"] ENTRYPOINT ["/init"] diff --git a/update_accounts.py b/update_accounts.py index 0578ce0..4c5f04e 100644 --- a/update_accounts.py +++ b/update_accounts.py @@ -25,7 +25,9 @@ with app.app_context(): ### Check if bg_domain_updates is set to true if not status: - app.logger.error('Please turn on "bg_domain_updates" setting to run this job.') - sys.exit(1) + app.logger.debug('"bg_domain_updates" is disabled, exiting') + sys.exit(0) + ### Start the update process + app.logger.info('Update accounts from nameserver API') Account().update() diff --git a/update_zones.py b/update_zones.py index 5da542f..79fc19a 100644 --- a/update_zones.py +++ b/update_zones.py @@ -16,7 +16,6 @@ import logging from powerdnsadmin import create_app from powerdnsadmin.models.domain import Domain from powerdnsadmin.models.setting import Setting - app = create_app() app.logger.setLevel(logging.INFO) @@ -25,8 +24,8 @@ with app.app_context(): ### Check if bg_domain_updates is set to true if not status: - app.logger.error('Please turn on "bg_domain_updates" setting to run this job.') - sys.exit(1) + app.logger.debug('"bg_domain_updates" is disabled, exiting') + sys.exit(0) ### Start the update process app.logger.info('Update domains from nameserver API')