Updating readme
FossilOrigin-Name: 5755f236c8fead9b2285680958e0c9a85020d169f7cc4c9799ca116f6dbb73c4
This commit is contained in:
parent
a0246b7535
commit
107a72ce43
2
Makefile
2
Makefile
|
@ -1,5 +1,5 @@
|
|||
TANGLE=tclsh scripts/tangle.tcl
|
||||
DOCKERFILES=ubi9+epel.dockerfile
|
||||
DOCKERFILES=ubi9+epel.dockerfile ubuntu.dockerfile fossil.dockerfile
|
||||
|
||||
.SUFFIXES: .md .dockerfile
|
||||
|
||||
|
|
|
@ -24,7 +24,12 @@ I like to insure that my containers follow a few simple rules.
|
|||
|
||||
## Docker Files
|
||||
|
||||
* ubi9+epel
|
||||
* [ubi9+epel](ubi9+epel.md)
|
||||
* Redhat's Universal Base Image (UBI) for RHEL9, with epel installed and read for use.
|
||||
* [ubuntu](ubuntu.md)
|
||||
* Yes, I use Ubuntu from time to time.
|
||||
* [fossil](fossil.md)
|
||||
* I use fossil quite a bit. Nice to have an easy way to run it. I would recommend use the Dockerfile provide by fossil. I have this one here to highlight the usage of the scratch docker image.
|
||||
|
||||
## As always, go Guardians!
|
||||
|
||||
|
|
|
@ -0,0 +1,149 @@
|
|||
# Fossil docker image.
|
||||
|
||||
I am copy from the Fossil Dockerfile here, but it is a good expeirment is building a good, secure, docker image. But wait, there is more!
|
||||
|
||||
It is also extermetely small.
|
||||
|
||||
## Fossil SCM
|
||||
|
||||
[Fossil](https://www.fossil-scm.org/home/doc/trunk/www/index.wiki) is a source control manager used but Sqlite, TCL, and others.
|
||||
|
||||
They also have some good [information](https://www.fossil-scm.org/home/doc/trunk/www/containers.md) about how they designed and recommend usage of containers.
|
||||
|
||||
Here I am writing up my own notes about their docker image.
|
||||
|
||||
## Fossil Docker Image
|
||||
|
||||
Several stages are used to build the container.
|
||||
|
||||
### Build the app
|
||||
|
||||
The first part uses alpine to build a static version of the fossil binary. The binary will be copied to the final image.
|
||||
|
||||
We are building for a source, but a static binary. A builder stage is used so the development tools won't be on the final docker image.
|
||||
|
||||
```
|
||||
<<fossil.builder>>=
|
||||
FROM alpine:latest AS builder
|
||||
WORKDIR /tmp
|
||||
RUN set -x \
|
||||
&& apk update \
|
||||
&& apk upgrade --no-cache \
|
||||
&& apk add --no-cache \
|
||||
gcc make \
|
||||
linux-headers musl-dev \
|
||||
openssl-dev openssl-libs-static \
|
||||
zlib-dev zlib-static
|
||||
ARG FSLCFG=""
|
||||
ARG FSLVER="trunk"
|
||||
ARG FSLURL="https://fossil-scm.org/home/tarball/src?r=${FSLVER}"
|
||||
ENV FSLSTB=/tmp/fsl/src.tar.gz
|
||||
ADD $FSLURL $FSLSTB
|
||||
RUN set -x \
|
||||
&& if [ -d $FSLSTB ] ; then mv $FSLSTB/src fsl ; \
|
||||
else tar -C fsl -xzf fsl/src.tar.gz ; fi \
|
||||
&& m=fsl/src/src/main.mk \
|
||||
&& fsl/src/configure --static CFLAGS='-Os -s' $FSLCFG && make -j11
|
||||
@
|
||||
```
|
||||
|
||||
### Setup the OS.
|
||||
|
||||
Here, busybox is used to create the directoires needed `/log` and `/museum`.
|
||||
|
||||
The `root` and `fossil` users are setup by manually created a `passwd` and `group` file.
|
||||
|
||||
```
|
||||
<<fossil.ossetup>>=
|
||||
FROM busybox AS os
|
||||
ARG UID=499
|
||||
RUN set -x \
|
||||
&& mkdir log museum \
|
||||
&& echo "root:x:0:0:Admin:/:/false" > /tmp/passwd \
|
||||
&& echo "root:x:0:root" > /tmp/group \
|
||||
&& echo "fossil:x:${UID}:${UID}:User:/museum:/false" >> /tmp/passwd \
|
||||
&& echo "fossil:x:${UID}:fossil" >> /tmp/group
|
||||
@
|
||||
```
|
||||
|
||||
### Create the thing!
|
||||
|
||||
We now have build the application and setup the needed user info. Fossil runs as a single binary, so there isn't much needed. So, let's create a container using the `scratch` docker image.
|
||||
|
||||
first we'll copy the `group` and `passwd` files as well as the `/log` and `/museum` directories. Copy the user information first and THEN copy the directories and changing ownership when you do. Also make sure we have a `/tmp` directory.
|
||||
|
||||
Once user informaiton and directories are there, copy the binary to `/bin`.
|
||||
|
||||
Why? Scratch is blank. It has no commands. Basically it is an image that needs to be hand-crafted.
|
||||
|
||||
But after things are copied, we setup the entry point and have a working container that only has one binary `/bin/fossil`.
|
||||
|
||||
```
|
||||
<<fossil.run>>=
|
||||
FROM scratch AS run
|
||||
COPY --from=os /tmp/group /tmp/passwd /etc/
|
||||
COPY --from=os --chown=fossil:fossil /log /log/
|
||||
COPY --from=os --chown=fossil:fossil /museum /museum/
|
||||
COPY --from=os --chmod=1777 /tmp /tmp/
|
||||
COPY --from=builder /tmp/fossil /bin/
|
||||
ENV PATH "/bin"
|
||||
EXPOSE 8080/tcp
|
||||
USER fossil
|
||||
ENTRYPOINT [ "fossil", "server", "museum/repo.fossil" ]
|
||||
CMD [ \
|
||||
"--create", \
|
||||
"--jsmode", "bundled", \
|
||||
"--user", "admin" ]
|
||||
@
|
||||
```
|
||||
|
||||
## The final docker file
|
||||
|
||||
```
|
||||
<<fossil.dockerfile>>=
|
||||
<<fossil.builder>>
|
||||
<<fossil.ossetup>>
|
||||
<<fossil.run>>
|
||||
@
|
||||
```
|
||||
|
||||
## Building and taking a look at the final docker container
|
||||
|
||||
```
|
||||
$ docker build -t mek:fossil-trunk -f fossil.dockerfile .
|
||||
```
|
||||
|
||||
While it would be nice to just jump into the container and poke around, we can't. WE DON'T HAVE A SHELL!
|
||||
|
||||
So, let's run a container, and export the filesystem.
|
||||
|
||||
```
|
||||
$ docker run --name fossil -d --rm -it -p 9999:8080 mek:fossil-trunk
|
||||
$ docker export fossil | tar t
|
||||
.dockerenv
|
||||
bin/
|
||||
bin/fossil
|
||||
dev/
|
||||
dev/console
|
||||
dev/pts/
|
||||
dev/shm/
|
||||
etc/
|
||||
etc/group
|
||||
etc/hostname
|
||||
etc/hosts
|
||||
etc/mtab
|
||||
etc/passwd
|
||||
etc/resolv.conf
|
||||
log/
|
||||
museum/
|
||||
museum/repo.cache
|
||||
museum/repo.fossil
|
||||
proc/
|
||||
sys/
|
||||
tmp/
|
||||
tmp/group
|
||||
tmp/passwd
|
||||
|
||||
$ curl -LsSf -o /dev/null -w '%{http_code}\n' http://localhost:9999
|
||||
200
|
||||
```
|
|
@ -21,7 +21,7 @@ An `ARG` for the version, `VER` is there. This can be overridden with `--build-a
|
|||
<<base.image>>=
|
||||
ARG VER=latest
|
||||
FROM docker.io/redhat/ubi9:${VER}
|
||||
@
|
||||
@ % def VER
|
||||
```
|
||||
|
||||
### Setup user specific arguments.
|
||||
|
|
Loading…
Reference in New Issue