Improve docker setup

Add gvaweb and gvaldap containers to docker-compose.yml. Unify most of Dockerfile with gvaweb and gvaldap. Add empty directories for mounting asset and media files into bind mounted docker volumes. Run application as separate system user.
2020-03-03 13:10:09 +01:00 · 2020-03-03 13:10:09 +01:00 · 0bf37d1bea
commit 0bf37d1bea
parent 54c1fbfed0
7 changed files with 76 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -50,3 +50,8 @@ coverage-report/
 .idea/

 .env
+
+/docker/django_media
+/docker/django_static
+!/docker/django_media/.empty
+!/docker/django_static/.empty
--- a/47
+++ b/47
@ -1,37 +1,56 @@
-FROM debian:buster
+ARG DEBIAN_RELEASE=buster
+FROM debian:$DEBIAN_RELEASE
 LABEL maintainer="Jan Dittberner <jan@dittberner.info>"

+ENV LC_ALL=C.UTF-8
+ENV LANG=C.UTF-8
+
 RUN apt-get update \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
    build-essential \
    dumb-init \
    gettext \
    git \
-    libpq-dev \
-    postgresql-client \
    python3-dev \
    python3-pip \
    python3-setuptools \
+    python3-virtualenv \
    python3-wheel \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*.*

-VOLUME /srv/gnuviechadmin/media /srv/gnuviechadmin/static
-WORKDIR /srv/gnuviechadmin
+RUN python3 -m pip install --prefix=/usr/local pipenv

-ENV LC_ALL=C.UTF-8
-ENV LANG=C.UTF-8
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    libpq-dev \
+    postgresql-client \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*.*

-RUN python3 -m pip install -U --prefix=/usr/local pip && \
-    /usr/local/bin/pip3 install --prefix=/usr/local pipenv
+ARG GVAGID=2000
+ARG GVAUID=2000

-COPY Pipfile Pipfile.lock /srv/gnuviechadmin/
+ARG GVAAPP=gva

-RUN pipenv install --system --deploy --ignore-pipfile --dev
+VOLUME /srv/$GVAAPP/media /srv/$GVAAPP/static

-COPY gnuviechadmin.sh /srv/
+WORKDIR /srv/$GVAAPP
+
+COPY Pipfile Pipfile.lock /srv/$GVAAPP/
+
+RUN addgroup --gid $GVAGID $GVAAPP ; \
+    adduser --home /home/$GVAAPP --shell /bin/bash --uid $GVAUID --gid $GVAGID --disabled-password --gecos "User for gnuviechadmin component $GVAAPP" $GVAAPP
+
+USER $GVAAPP
+RUN python3 -m virtualenv --python=python3 /home/$GVAAPP/$GVAAPP-venv ; \
+    /home/$GVAAPP/$GVAAPP-venv/bin/python3 -m pip install -U pip ; \
+    VIRTUAL_ENV=/home/$GVAAPP/$GVAAPP-venv pipenv install --deploy --ignore-pipfile --dev
+
+VOLUME /srv/$GVAAPP

 EXPOSE 8000
-VOLUME /srv/gnuviechadmin

-ENTRYPOINT ["dumb-init", "/srv/gnuviechadmin.sh"]
+COPY gva.sh /srv/
+
+ENTRYPOINT ["dumb-init", "/srv/gva.sh"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -18,8 +18,12 @@ services:
    volumes:
      - "redis_data:/var/lib/redis"
  gva:
+    image: gnuviech/gva:buster
    build:
      context: .
+      args:
+        GVAGID: 1000
+        GVAUID: 1000
    ports:
      - "8000:8000"
    depends_on:
@ -32,9 +36,35 @@ services:
      GVA_DOMAIN_NAME: localhost
      GVA_SITE_NAME: localhost
    volumes:
-      - "django_media:/srv/gnuviechadmin/media"
-      - "django_static:/srv/gnuviechadmin/static"
-      - "./gnuviechadmin:/srv/gnuviechadmin"
+      - "./docker/django_media:/srv/gva/media"
+      - "./docker/django_static:/srv/gva/static"
+      - ".:/srv/gva"
+  web:
+    image: gnuviech/gvaweb:buster
+    build:
+      context: ../gvaweb
+      args:
+        GVAGID: 1000
+        GVAUID: 1000
+    depends_on:
+      - mq
+      - redis
+    env_file: ../gvaweb/.env
+    volumes:
+      - "../gvaweb:/srv/gvaweb"
+  ldap:
+    image: gnuviech/gvaldap:buster
+    build:
+      context: ../gvaldap
+      args:
+        GVAGID: 1000
+        GVAUID: 1000
+    depends_on:
+      - mq
+      - redis
+    env_file: ../gvaldap/.env
+    volumes:
+      - "../gvaldap:/srv/gvaldap"
 volumes:
  django_media:
  django_static:
--- a/docker/django_media/.empty
+++ b/docker/django_media/.empty
--- a/docker/django_static/.empty
+++ b/docker/django_static/.empty
--- a/gnuviechadmin/gnuviechadmin/settings.py
+++ b/gnuviechadmin/gnuviechadmin/settings.py
@ -355,7 +355,7 @@ GVA_ENVIRONMENT = get_env_variable("GVA_ENVIRONMENT", default="prod")

 # ######### STATIC FILE CONFIGURATION
 # See: https://docs.djangoproject.com/en/dev/ref/settings/#static-root
-STATIC_ROOT = "/srv/gnuviechadmin/static/"
+STATIC_ROOT = "/srv/gva/static/"


 def show_debug_toolbar(request):
--- a/gnuviechadmin.sh
+++ b/gnuviechadmin.sh
@ -15,6 +15,8 @@ done

 echo " db is ready"

+. /home/gva/gva-venv/bin/activate
+cd /srv/gva/gnuviechadmin
 python3 manage.py compilemessages
 python3 manage.py collectstatic --noinput
 python3 manage.py migrate --noinput