diff --git a/misc/contrib/docker/Makefile b/misc/contrib/docker/Makefile new file mode 100644 index 00000000..a6547bc7 --- /dev/null +++ b/misc/contrib/docker/Makefile @@ -0,0 +1,36 @@ +MAINTAINER=nkeyapps +TAG=nsupdate.info +VER=$(shell git describe) +UWSGI_UID=700 +UWSGI_GID=700 +BASE_DIR='../../..' +DOCKER_DIR='misc/contrib/docker' + +all: prod + +prod: + cd $(BASE_DIR); docker build --build-arg BUILD=prod --build-arg uwsgi_uid=$(UWSGI_UID) --build-arg uwsgi_gid=$(UWSGI_GID) --build-arg DOCKER_DIR=$(DOCKER_DIR) -t $(MAINTAINER)/$(TAG):$(VER) --rm -f $(DOCKER_DIR)/build/Dockerfile . + docker tag $(MAINTAINER)/$(TAG):$(VER) $(MAINTAINER)/$(TAG):prod + +release: require_tag prod release_latest + docker push $(MAINTAINER)/$(TAG):$(VER) + +release_latest: + docker tag $(MAINTAINER)/$(TAG):$(VER) $(MAINTAINER)/$(TAG):latest + docker push $(MAINTAINER)/$(TAG):latest + +require_tag: + @if ! git describe --exact-match; then\ + echo " *** Don't forget to create a tag by creating an official GitHub release.";\ + exit 1;\ + fi + +dev: + cd $(BASE_DIR); docker build --build-arg BUILD=dev --build-arg uwsgi_uid=$(UWSGI_UID) --build-arg uwsgi_gid=$(UWSGI_GID) --build-arg DOCKER_DIR=$(DOCKER_DIR) -t $(MAINTAINER)/$(TAG):$(VER)-dev --rm -f $(DOCKER_DIR)/build/Dockerfile . + docker tag $(MAINTAINER)/$(TAG):$(VER)-dev $(MAINTAINER)/$(TAG):dev + +test: dev clean + docker run -P --name $(TAG)-test-dev -d $(MAINTAINER)/$(TAG):dev + +clean: + -docker rm -f -v $(TAG)-test-dev diff --git a/misc/contrib/docker/build/Dockerfile b/misc/contrib/docker/build/Dockerfile new file mode 100644 index 00000000..7495877e --- /dev/null +++ b/misc/contrib/docker/build/Dockerfile @@ -0,0 +1,94 @@ +FROM debian:stable-slim +LABEL maintainer="it@nkey.com.br" + +ARG BUILD=prod +ARG DOCKER_DIR=./misc/contrib/docker +ARG uwsgi_uid=700 +ARG uwsgi_gid=700 + +ENV BUILD=$BUILD +ENV DOCKER_CONTAINER=1 +ENV UWSGI_INI /nsupdate/uwsgi.ini +ENV DJANGO_SETTINGS_MODULE=local_settings +ENV DJANGO_SUPERUSER=django +ENV DJANGO_SUPERPASS=S3cr3t +ENV DJANGO_EMAIL=django@nsupdate.localdomain +ENV SERVICE_CONTACT=hostmaster@nsupdate.localdomain +ENV SECRET_KEY=S3cr3t +ENV BASEDOMAIN=nsupdate.localdomain +ENV REGISTRATION_OPEN=False + +RUN mkdir /static +RUN mkdir /upload +RUN mkdir /var/run/uwsgi + +# Install runtime tools +RUN DEBIAN_FRONTEND=noninteractive apt-get update \ + && apt-get install -y --no-install-recommends \ + python3 \ + python3-setuptools \ + python3-pip + +# Install confd +RUN apt-get install -y --no-install-recommends wget \ + && mkdir -p /usr/local/bin \ + && wget -O /usr/local/bin/confd https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 \ + && chmod +x /usr/local/bin/confd \ + && mkdir -p /etc/confd/{conf.d,templates} \ + && apt-get autoremove -y wget + +# Use local version of nsupdate from sources +COPY ./*.py /nsupdate/ +COPY ./*.rst /nsupdate/ +COPY ./*.in /nsupdate/ +COPY ./*.cfg /nsupdate/ +COPY ./*.txt /nsupdate/ +COPY ./requirements.d/ /nsupdate/requirements.d/ +COPY ./.git/ /nsupdate/.git/ +COPY ./src/ /nsupdate/src/ +WORKDIR /nsupdate + +# Build and install +RUN DEBIAN_FRONTEND=noninteractive apt-get update \ + && apt-get install -y --no-install-recommends \ + git \ + python3-dev \ + build-essential \ + libpcre3-dev \ + && pip3 install wheel \ + && python3 setup.py bdist_wheel \ + && pip3 install psycopg2-binary uwsgi \ + && pip3 install -r requirements.d/$BUILD.txt \ + && pip3 install -e . \ + && cp /usr/lib/x86_64-linux-gnu/libpython* /tmp \ + && apt-get autoremove -y \ + git \ + python3-dev \ + build-essential \ + libpcre3-dev \ + && cp /tmp/libpython* /usr/lib/x86_64-linux-gnu/ \ + && rm -rf build \ + && rm -rf .git && rm -rf /root/.cache \ + && rm -rf /tmp/* /var/tmp/* \ + && rm -rf /var/lib/apt/lists/* + +# Copy helper files +COPY $DOCKER_DIR/build/django/create-superuser.py /nsupdate/src/nsupdate/management/commands/create-superuser.py +COPY $DOCKER_DIR/build/uwsgi.ini /nsupdate/uwsgi.ini +COPY $DOCKER_DIR/build/confd/ /etc/confd/ +COPY $DOCKER_DIR/build/setup.sh / +COPY $DOCKER_DIR/build/docker-entrypoint.sh /var/local/ + +# Set the permissions according to env options +RUN chmod a+x /var/local/docker-entrypoint.sh +RUN bash /setup.sh "${uwsgi_uid}" "${uwsgi_gid}" + +VOLUME /nsupdate +VOLUME /static +VOLUME /upload +VOLUME /var/run/uwsgi + +EXPOSE 3031 +EXPOSE 8080 + +ENTRYPOINT ["/var/local/docker-entrypoint.sh"] diff --git a/misc/contrib/docker/build/confd/conf.d/local_settings.toml b/misc/contrib/docker/build/confd/conf.d/local_settings.toml new file mode 100644 index 00000000..791cc6c6 --- /dev/null +++ b/misc/contrib/docker/build/confd/conf.d/local_settings.toml @@ -0,0 +1,3 @@ +[template] +src = "local_settings.tmpl" +dest = "/nsupdate/local_settings.py" diff --git a/misc/contrib/docker/build/confd/templates/local_settings.tmpl b/misc/contrib/docker/build/confd/templates/local_settings.tmpl new file mode 100644 index 00000000..a64e0fd1 --- /dev/null +++ b/misc/contrib/docker/build/confd/templates/local_settings.tmpl @@ -0,0 +1,27 @@ +from nsupdate.settings.{{getenv "BUILD"}} import * + +STATIC_ROOT='/static' +MEDIA_ROOT='/upload' + +SECRET_KEY = '{{ getenv "SECRET_KEY" }}' +BASEDOMAIN = '{{ getenv "BASEDOMAIN" }}' +WWW_HOST='{{ getenv "BASEDOMAIN" }}' + +REGISTRATION_OPEN = False + +SERVICE_CONTACT = '{{ getenv "SERVICE_CONTACT" }}' + +ALLOWED_HOSTS=['localhost', '127.0.0.1', '[::1]', '{{ getenv "BASEDOMAIN" }}'] + +{{ if getenv "DB_NAME"}} +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': '{{getenv "DB_NAME"}}', # database name + 'USER': '{{getenv "DB_USER"}}', + 'PASSWORD': '{{getenv "DB_PASS"}}', + 'HOST': '{{getenv "DB_HOST"}}', # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP. + 'PORT': '{{getenv "DB_PORT"}}' # Set to empty string for default. + } +} +{{end}} diff --git a/misc/contrib/docker/build/django/create-superuser.py b/misc/contrib/docker/build/django/create-superuser.py new file mode 100644 index 00000000..b4c69051 --- /dev/null +++ b/misc/contrib/docker/build/django/create-superuser.py @@ -0,0 +1,52 @@ +# Title: create-superuser.py +# Link: https://gist.github.com/c00kiemon5ter/7806c1eac8c6a3e82f061ec32a55c702 +# License: None (Public Domain) + +from django.contrib.auth.management.commands import createsuperuser +from django.core.management import CommandError + + +class Command(createsuperuser.Command): + help = 'Create a superuser with a password non-interactively' + + def add_arguments(self, parser): + super(Command, self).add_arguments(parser) + parser.add_argument( + '--preserve', dest='preserve', default=False, action='store_true', + help='Exit normally if the user already exists.', + ) + parser.add_argument( + '--password', dest='password', default=None, + help='Specifies the password for the superuser.', + ) + + def handle(self, *args, **options): + options.setdefault('interactive', False) + database = options.get('database') + password = options.get('password') + username = options.get('username') + email = options.get('email') + + if not password or not username or not email: + raise CommandError( + "--username, --password, and --email are required options") + + if username and options.get('preserve'): + exists = self.UserModel._default_manager.db_manager( + database).filter(username=username).exists() + if exists: + self.stdout.write( + "User exists, exiting normally due to --preserve") + return + + user_data = { + 'username': username, + 'password': password, + 'email': email, + } + + self.UserModel._default_manager.db_manager( + database).create_superuser(**user_data) + + if options.get('verbosity', 0) >= 1: + self.stdout.write("Superuser created successfully.") diff --git a/misc/contrib/docker/build/docker-entrypoint.sh b/misc/contrib/docker/build/docker-entrypoint.sh new file mode 100644 index 00000000..7fca4303 --- /dev/null +++ b/misc/contrib/docker/build/docker-entrypoint.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +/usr/local/bin/confd -onetime -backend env + +python3 manage.py collectstatic +python3 manage.py migrate +python3 manage.py create-superuser --preserve --username $DJANGO_SUPERUSER --password $DJANGO_SUPERPASS --email $DJANGO_EMAIL + +# Fix Permissions prior to running uwsgi server +chown -R www-data:www-data /static +chown -R www-data:www-data /nsupdate + +uwsgi --uid=www-data --gid=www-data --ini uwsgi.ini diff --git a/misc/contrib/docker/build/setup.sh b/misc/contrib/docker/build/setup.sh new file mode 100755 index 00000000..7f2bbea1 --- /dev/null +++ b/misc/contrib/docker/build/setup.sh @@ -0,0 +1,38 @@ +#!/usr/bin/bash + +# Quit on error. +set -e +# Treat undefined variables as errors. +set -u + + +function main { + local uwsgi_uid="${1:-}" + local uwsgi_gid="${2:-}" + + # Change the uid + if [[ -n "${uwsgi_uid:-}" ]]; then + usermod -u "${uwsgi_uid}" www-data + fi + # Change the gid + if [[ -n "${uwsgi_gid:-}" ]]; then + groupmod -g "${uwsgi_gid}" www-data + fi + + # Setup permissions on the run directory where the sockets will be + # created, so we are sure the app will have the rights to create them. + + # Set owner. + chown www-data:www-data /var/run/uwsgi + # Set permissions. + chmod u=rwX,g=rwX,o=--- /var/run/uwsgi + + # Set app folder permissions + chown -R www-data:www-data /nsupdate + chown -R www-data:www-data /static + chown -R www-data:www-data /upload + +} + + +main "$@" diff --git a/misc/contrib/docker/build/uwsgi.ini b/misc/contrib/docker/build/uwsgi.ini new file mode 100644 index 00000000..e7485581 --- /dev/null +++ b/misc/contrib/docker/build/uwsgi.ini @@ -0,0 +1,8 @@ +[uwsgi] +socket = /var/run/uwsgi/uwsgi.sock +socket = :3031 +http-socket = :8080 +workers = 3 +master = true +wsgi-file=/nsupdate/src/nsupdate/wsgi.py +env = LANG=en_US.UTF-8