-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[OOE-273] Updated storage-server Docker file to make rootless. (#47)
- Loading branch information
1 parent
961fc17
commit 9c7755a
Showing
6 changed files
with
152 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,38 @@ | ||
# Run me with docker run -v <host-path-to-storage>:/opt/takipi-storage/storage -p <host_port>:$STORAGE_PORT | ||
# Logs are written to <storage>/log folder and both should be persistent outside of the running container | ||
FROM openjdk:8-jre-slim | ||
LABEL maintainer="support@overops.com" | ||
|
||
FROM java:8 | ||
MAINTAINER Chen harel "https://github.com/chook" | ||
ARG APP_VERSION=latest | ||
|
||
ENV VERSION 2.3.0 | ||
ENV TAR_FILENAME takipi-storage-$VERSION.tar.gz | ||
ENV JAR_FILENAME takipi-storage-$VERSION.jar | ||
ENV STORAGE_PORT 8080 | ||
# install curl | ||
RUN apt-get update; apt-get install -y curl | ||
|
||
RUN wget https://s3.amazonaws.com/app-takipi-com/deploy/takipi-storage/$TAR_FILENAME | ||
RUN tar zxvf $TAR_FILENAME -C /tmp && \ | ||
mkdir -p /opt/takipi-storage/lib && \ | ||
cp /tmp/takipi-storage/lib/$JAR_FILENAME /opt/takipi-storage/lib | ||
ADD settings.yml /opt/takipi-storage | ||
# rootless | ||
RUN groupadd --gid 1000 overops | ||
RUN adduser --home /opt/takipi-storage --uid 1000 --gid 1000 overops | ||
USER 1000:1000 | ||
|
||
EXPOSE $STORAGE_PORT | ||
# install into the /opt directory | ||
WORKDIR /opt | ||
|
||
# download and install the storage server | ||
RUN curl -sL https://app-takipi-com.s3.amazonaws.com/deploy/takipi-storage/takipi-storage-${APP_VERSION}.tar.gz | tar -xvzf - | ||
|
||
# use a volume to store data | ||
VOLUME ["/opt/takipi-storage/storage"] | ||
|
||
RUN mkdir /opt/takipi-storage/private | ||
COPY --chown=1000:1000 "./private/settings.yaml" "/opt/takipi-storage/private/settings.yaml" | ||
|
||
# use mount to make settings.yaml available | ||
VOLUME ["/opt/takipi-storage/private"] | ||
|
||
WORKDIR /opt/takipi-storage | ||
CMD java -jar /opt/takipi-storage/lib/$JAR_FILENAME server settings.yml | ||
|
||
# copy the run script | ||
COPY --chown=1000:1000 "./scripts/run.sh" "./run.sh" | ||
RUN chmod +x run.sh | ||
|
||
EXPOSE 8080 8081 | ||
|
||
# run the service, printing logs to stdout | ||
CMD ["./run.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
def imageName = 'docker-local/overops-storage-server' | ||
def dockerHubImage = 'overops/storage-server' | ||
|
||
pipeline { | ||
|
||
environment { | ||
registryCred = 'container-registry-build-guy' | ||
dockerhubCred = 'docker-hub' | ||
gitCred = 'build-guy' | ||
} | ||
|
||
parameters { | ||
string(name: 'VERSION', defaultValue: 'latest', description:'Application version') | ||
string(name: 'TAG', defaultValue: 'latest', description:'Image Tag to be used') | ||
booleanParam(name: 'PUBLISH_TO_DOCKERHUB', defaultValue: false, description:'Flag to publish to docker-hub') | ||
} | ||
|
||
agent any | ||
stages { | ||
stage('Cloning Git') { | ||
steps { | ||
git([url: 'https://github.com/takipi/takipi-storage', branch: 'develop', credentialsId: gitCred]) | ||
} | ||
} | ||
|
||
stage('Build Docker Image') { | ||
steps { | ||
dir('docker') { | ||
script { | ||
if (params.PUBLISH_TO_DOCKERHUB) { | ||
imageName = dockerHubImage | ||
} | ||
|
||
dockerOptions = ('--label=storage-server-pipeline --build-arg APP_VERSION=' + params.VERSION + ' .') | ||
dockerImage = docker.build(imageName, dockerOptions) | ||
} | ||
} | ||
} | ||
} | ||
|
||
stage('Publish Docker Image') { | ||
steps { | ||
script { | ||
if (params.PUBLISH_TO_DOCKERHUB) { | ||
reg = '' | ||
cred = dockerhubCred | ||
} else { | ||
reg = env.LOCAL_DOCKER_REGISTRY_URL | ||
cred = registryCred | ||
} | ||
|
||
docker.withRegistry(reg, cred) { | ||
dockerImage.push() | ||
|
||
if (params.TAG != 'latest') { | ||
dockerImage.push(params.TAG) | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
stage('Cleanup') { | ||
steps { | ||
script { | ||
sh(script:"docker rmi -f \$(docker images -f label=storage-server-pipeline -q)") | ||
} | ||
cleanWs() | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,14 @@ | ||
takipi-storage on docker | ||
======================== | ||
|
||
When running takipi-storage inside docker, make sure to persist the storage folder outside (using volumes). | ||
The Storage Server [Dockerfile](Dockerfile) is based on the [Installing the Storage Server on a Local Server](https://doc.overops.com/docs/installing-the-storage-server-on-a-local-server) guide, with some minor modifications. | ||
|
||
Logs are placed inside the storage folder | ||
For complete instructions on performing a hybrid installation, refer to the [Hybrid Installation on Linux](https://doc.overops.com/docs/linux-hybrid-installation) guide. | ||
|
||
The file `settings.yaml` must be mounted into the `/opt/takipi-storage/private` directory to run this container. An example [settings.yaml](private/settings.yaml) can be found in this repo. | ||
|
||
### Docker Quick Start | ||
|
||
```console | ||
docker run -d -p 8080:8080 -p 8081:8081 --mount type=bind,source="$(pwd)"/storage,target=/opt/takipi-storage/storage --mount type=bind,source="$(pwd)"/private,target=/opt/takipi-storage/private overops/storage-server | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
folderPath: /opt/takipi-storage/storage | ||
maxUsedStoragePercentage: 0.90 | ||
enableCors: true | ||
corsOrigins: "*" | ||
retentionPeriodDays: 92 | ||
cleanupJobEnabled: true | ||
|
||
server: | ||
applicationConnectors: | ||
- type: http | ||
port: 8080 | ||
adminConnectors: | ||
- type: http | ||
port: 8081 | ||
#requestLog: | ||
# appenders: | ||
# - type: file | ||
# currentLogFilename: /opt/takipi-storage/log/access.log | ||
# maxFileSize: 1GB | ||
# archivedLogFilenamePattern: /opt/takipi-storage/log/access.%i.log.gz | ||
# archivedFileCount: 3 | ||
|
||
jobs: | ||
cleanup: 6h | ||
|
||
logging: | ||
level: INFO | ||
loggers: | ||
com.takipi: DEBUG | ||
appenders: | ||
- type: file | ||
currentLogFilename: /opt/takipi-storage/log/takipi-storage.log | ||
maxFileSize: 1GB | ||
archivedLogFilenamePattern: ./storage/log/takipi-storage.%i.log.gz | ||
archivedFileCount: 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/bash | ||
java -jar /opt/takipi-storage/lib/takipi-storage.jar server /opt/takipi-storage/private/settings.yaml &> /opt/takipi-storage/log/takipi-storage.log & | ||
/usr/bin/tail -f /opt/takipi-storage/log/takipi-storage.log |
This file was deleted.
Oops, something went wrong.