Improve docker setup

Add gvaweb and gvaldap containers to docker-compose.yml. Unify most of
Dockerfile with gvaweb and gvaldap. Add empty directories for mounting
asset and media files into bind mounted docker volumes. Run application
as separate system user.

.gitignore

@@ -50,3 +50,8 @@ coverage-report/
 .idea/
 
 .env
+
+/docker/django_media
+/docker/django_static
+!/docker/django_media/.empty
+!/docker/django_static/.empty

Dockerfile

@@ -1,37 +1,56 @@
-FROM debian:buster
+ARG DEBIAN_RELEASE=buster
+FROM debian:$DEBIAN_RELEASE
 LABEL maintainer="Jan Dittberner <jan@dittberner.info>"
 
+ENV LC_ALL=C.UTF-8
+ENV LANG=C.UTF-8
+
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     build-essential \
     dumb-init \
     gettext \
     git \
-    libpq-dev \
-    postgresql-client \
     python3-dev \
     python3-pip \
     python3-setuptools \
+    python3-virtualenv \
     python3-wheel \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*.*
 
-VOLUME /srv/gnuviechadmin/media /srv/gnuviechadmin/static
-WORKDIR /srv/gnuviechadmin
+RUN python3 -m pip install --prefix=/usr/local pipenv
 
-ENV LC_ALL=C.UTF-8
-ENV LANG=C.UTF-8
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    libpq-dev \
+    postgresql-client \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*.*
 
-RUN python3 -m pip install -U --prefix=/usr/local pip && \
-    /usr/local/bin/pip3 install --prefix=/usr/local pipenv
+ARG GVAGID=2000
+ARG GVAUID=2000
 
-COPY Pipfile Pipfile.lock /srv/gnuviechadmin/
+ARG GVAAPP=gva
 
-RUN pipenv install --system --deploy --ignore-pipfile --dev
+VOLUME /srv/$GVAAPP/media /srv/$GVAAPP/static
 
-COPY gnuviechadmin.sh /srv/
+WORKDIR /srv/$GVAAPP
+
+COPY Pipfile Pipfile.lock /srv/$GVAAPP/
+
+RUN addgroup --gid $GVAGID $GVAAPP ; \
+    adduser --home /home/$GVAAPP --shell /bin/bash --uid $GVAUID --gid $GVAGID --disabled-password --gecos "User for gnuviechadmin component $GVAAPP" $GVAAPP
+
+USER $GVAAPP
+RUN python3 -m virtualenv --python=python3 /home/$GVAAPP/$GVAAPP-venv ; \
+    /home/$GVAAPP/$GVAAPP-venv/bin/python3 -m pip install -U pip ; \
+    VIRTUAL_ENV=/home/$GVAAPP/$GVAAPP-venv pipenv install --deploy --ignore-pipfile --dev
+
+VOLUME /srv/$GVAAPP
 
 EXPOSE 8000
-VOLUME /srv/gnuviechadmin
 
-ENTRYPOINT ["dumb-init", "/srv/gnuviechadmin.sh"]
+COPY gva.sh /srv/
+
+ENTRYPOINT ["dumb-init", "/srv/gva.sh"]

docker-compose.yml

@@ -18,8 +18,12 @@ services:
     volumes:
       - "redis_data:/var/lib/redis"
   gva:
+    image: gnuviech/gva:buster
     build:
       context: .
+      args:
+        GVAGID: 1000
+        GVAUID: 1000
     ports:
       - "8000:8000"
     depends_on:
@@ -32,9 +36,35 @@ services:
       GVA_DOMAIN_NAME: localhost
       GVA_SITE_NAME: localhost
     volumes:
-      - "django_media:/srv/gnuviechadmin/media"
-      - "django_static:/srv/gnuviechadmin/static"
-      - "./gnuviechadmin:/srv/gnuviechadmin"
+      - "./docker/django_media:/srv/gva/media"
+      - "./docker/django_static:/srv/gva/static"
+      - ".:/srv/gva"
+  web:
+    image: gnuviech/gvaweb:buster
+    build:
+      context: ../gvaweb
+      args:
+        GVAGID: 1000
+        GVAUID: 1000
+    depends_on:
+      - mq
+      - redis
+    env_file: ../gvaweb/.env
+    volumes:
+      - "../gvaweb:/srv/gvaweb"
+  ldap:
+    image: gnuviech/gvaldap:buster
+    build:
+      context: ../gvaldap
+      args:
+        GVAGID: 1000
+        GVAUID: 1000
+    depends_on:
+      - mq
+      - redis
+    env_file: ../gvaldap/.env
+    volumes:
+      - "../gvaldap:/srv/gvaldap"
 volumes:
   django_media:
   django_static:

gnuviechadmin/gnuviechadmin/settings.py

@@ -355,7 +355,7 @@ GVA_ENVIRONMENT = get_env_variable("GVA_ENVIRONMENT", default="prod")
 
 # ######### STATIC FILE CONFIGURATION
 # See: https://docs.djangoproject.com/en/dev/ref/settings/#static-root
-STATIC_ROOT = "/srv/gnuviechadmin/static/"
+STATIC_ROOT = "/srv/gva/static/"
 
 
 def show_debug_toolbar(request):

gva.sh

@@ -15,6 +15,8 @@ done
 
 echo " db is ready"
 
+. /home/gva/gva-venv/bin/activate
+cd /srv/gva/gnuviechadmin
 python3 manage.py compilemessages
 python3 manage.py collectstatic --noinput
 python3 manage.py migrate --noinput