Verified Commit b8159e2d authored by Quentin Duchemin's avatar Quentin Duchemin
Browse files

[MISC] Add build instructions in Compose

parent b0c2d6c5
......@@ -3,9 +3,9 @@ version: "3.7"
services:
db-backup-rotation:
image: registry.picasoft.net/pica-db-backup-rotation:1.4
build: .
container_name: db-backup-rotation
volumes:
- /DATA/BACKUP/:/backup/
- ./config:/config
restart: always
#
restart: unless-stopped
......@@ -14,6 +14,7 @@ networks:
services:
db-backup:
image: registry.picasoft.net/pica-db-backup:1.3
build: .
container_name: db-backup
volumes:
- /DATA/BACKUP/:/backup/
......
## mysql8.picapatch2
Try to improve performance of MySQL
* Increase [key_buffer_size](https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_key_buffer_size) given that the index file is way too big for the default value
* Also increase `read_buffer_size` to a [recommended value](https://dba.stackexchange.com/a/136409) of 256K
* More precise base image tag
## mysql8.picapatch1
* Limit the [mysql binary log](https://dev.mysql.com/doc/refman/8.0/en/binary-log.html) to 30 hours and some other custom configs in [config/binary_log.cnf](config/binary_log.cnf)
* Remove unnecessary tools (mainly, libsqlite3-0 and gpg)
## Image size and vulnerabilities
* `pica-etherpad-db:mysql8.picapatch1`: 548MB, [54 vulnerabilities](https://gitlab.utc.fr/picasoft/projets/dockerfiles/-/jobs/886295)
* Base image: `mysql:8.0.19` (2020-03-31): 547MB, [65 vulnerabilities](https://gitlab.utc.fr/picasoft/projets/dockerfiles/-/jobs/884250)
FROM mysql:8.0.20
COPY config/binary_log.cnf /etc/mysql/conf.d/binary_log.cnf
COPY config/myisam_perf.cnf /etc/mysql/conf.d/myisam_perf.cnf
# By default, COPY uses permissions `-rw-rw-rw-` for the file inside
# the container. But mysql refuses to use config files that are world-
# writable, so we have to change those permissions:
RUN chmod 644 /etc/mysql/conf.d/binary_log.cnf
RUN chmod 644 /etc/mysql/conf.d/myisam_perf.cnf
# Remove unnecessary tools
# This removes the following packages:
# gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client
# gpg-wks-server gpgsm libsqlite3-0 pinentry-curses
# GPG is probably used by mysql to encrypt logs, but this isn't used in
# our case
RUN apt remove -y --autoremove libsqlite3-0
**Doit être fusionné avec le dossier `pica-etherpad` (deux Dockerfiles, un Docker Compose)**.
This image limits the [mysql binary log](https://dev.mysql.com/doc/refman/8.0/en/binary-log.html) to 30 hours (=108000 seconds) via the [binlog_expire_logs_seconds](https://dev.mysql.com/doc/refman/8.0/en/replication-options-binary-log.html#sysvar_binlog_expire_logs_seconds) variable.
# Official documentation: https://dev.mysql.com/doc/refman/8.0/en/replication-options-binary-log.html
#
# The main purpose of this config file is to retain binary logs (enabled
# by default) «just in case», for a short period of time. We dont do
# replication, so anyway we shouldn't need the binary logs.
#
# Some settings also try to improve performance (experimental)
[mysqld]
# Limit the binlog retention to 30 hours
binlog_expire_logs_seconds = 108000
# Cache limits
# Increase binlog_cache_size and binlog_stmt_cache_size
# (default: 32 KiB) to 128 KiB
binlog_cache_size = 131072
binlog_stmt_cache_size = 131072
# Decrease max_binlog_cache_size and max_binlog_stmt_cache_size
# (default: 16 EiB) to 10 MiB.
# (If we have transactions greater than 10 MiB there's a big problem)
max_binlog_cache_size = 10485760
max_binlog_stmt_cache_size = 10485760
# Ignore errors
binlog_error_action = IGNORE_ERROR
[mysqld]
# The default value is 8Mo.
# Given this documentation : https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_key_buffer_size,
# we see that the Key_reads/Key_read_requests ratio should normally be less than 0.01.
# At the moment (04/2020), the ratio is more than 0.05, which indicates that the index is far larger than
# the cache. The index is 300M. Right now with this setting, we will "waste" 700M of RAM,
# which we can afford, and foresee further increase.
key_buffer_size=1G
read_buffer_size=256K
## Lufi
Ce dossier comprend un travail en cours pour créer une instance de Lufi, un service libre de partage de fichier chiffrés.
À mettre à jour.
......@@ -8,6 +8,7 @@ volumes:
services:
lufi:
image: registry.picasoft.net/lufi:0.04.6
build: .
container_name: lufi
init: true
depends_on:
......@@ -24,7 +25,7 @@ services:
- "traefik.backend=lufi"
- "traefik.port=8081"
- "traefik.enable=true"
lufidb:
image: postgres:12
container_name: lufidb
......
......@@ -17,6 +17,7 @@ volumes:
services:
mattermost:
image: registry.picasoft.net/pica-mattermost:5.23.0
build: .
container_name: mattermost-app
links:
- mattermost-db:mattermost-db
......
......@@ -12,6 +12,7 @@ networks:
services:
metrics-bot:
image: registry.picasoft.net/pica-metrics-bot:v1.0.2
build: .
container_name: pica-metrics-services
volumes:
- ./config.json:/config.json
......
......@@ -7,6 +7,7 @@ networks:
services:
mumble-web:
image: registry.picasoft.net/pica-mumble-web:1.3.0
build: .
container_name: mumble-web
environment:
MUMBLE_SERVER: "voice.picasoft.net:64738"
......
......@@ -9,6 +9,7 @@ networks:
services:
cloudcet:
build:
context: ./15.0
dockerfile: ./15.0/Dockerfile
container_name: cloudcet
image: registry.picasoft.net/nextcloud:15.0
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment