Commit 1892493e authored by Quentin Duchemin's avatar Quentin Duchemin
Browse files

[Picablog] General improvements for image maintainability

- Add a custom Dockerfile based on the official one with a HEALTCHECK, psql client and static env variables
- Add a custom entrypoint to automatically run the migrations at first launch only and run migration when updating
- Clean separation of networks
- Adding a tag to fix the version of image
- Configure non-secret environment with Docker Compose
- Update database to PG v12
parent a5059c50
# Version 0.4.0
[Official changelog](https://github.com/Plume-org/Plume/releases/tag/0.4.0-alpha-4), and for our custom image :
* Add a custom Dockerfile based on the official one with a HEALTCHECK, psql client and static env variables
* Add a custom entrypoint to automatically run the migrations at first launch only and run migration when updating
* Clean separation of networks
* Adding a tag to fix the version of image
* Configure non-secret environment with Docker Compose
* Update database to PG v12
FROM plumeorg/plume:latest
ENV PLUME_VERSION=v0.4.0
FROM plumeorg/plume:${PLUME_VERSION}
ENV MIGRATION_DIRECTORY=migrations/postgres
ENV USE_HTTPS=1
ENV ROCKET_ADDRESS=0.0.0.0
ENV ROCKET_PORT=7878
ENV RUST_BACKTRACE=FULL
ENV FIRSTLAUNCH_PATH=/firstlaunch/yeah
RUN apt-get update && \
apt-get install -y postgresql-client && \
rm -rf /var/lib/apt/lists/*
COPY ./entrypoin.sh /entrypoint.sh
HEALTHCHECK --interval=20s --timeout=3s CMD curl --fail http://localhost:7878 || exit 1
ENTRYPOINT ["/entrypoint.sh"]
When launching for the first time, we first need to execute the initial database migration and create an admin user. This is done using the following command:
## Picablog
`source secrets/plume-first_launch.secrets && ./before_first_launch.sh`
Ce dossier contient les fichiers nécessaires pour lancer une instance de Plume sur les serveurs de Picasoft.
Nous nous basons sur l'image officielle car le [Dockerfile](https://github.com/Plume-org/Plume/blob/master/Dockerfile) est bien écrit et léger.
The service can then be started with `docker-compose up -d`.
En plus, nous ajoutons :
* Un système d'initialisation directement dans l'image (plutôt que d'avoir [à lancer des commandes manuellement](https://docs.joinplu.me/installation/with/docker))
* La détection de la mise à jour de l'image pour lancer les migrations
* Un entrypoint permettant d'attendre que le serveur de base de données soit prêt
* Des variables d'environnement qui ne devraient pas changer directement dans le Dockerfile
* Un HEALTHCHECK
### Mise à jour
Mettre à jour `PLUME_VERSION` dans le [Dockerfile](./Dockerfile) et d'ajuster le tag de l'image construite dans le [docker-compose.yml](./docker-compose.yml)
### Configuration et lancement
Copier le fichier `plume.secrets.example` dans `plume.secrets` et `plume_db.secrets.example` dans `plume_db.secrets` et remplacez les valeurs par des mots de passe de production.
**Attention** : `DATABASE_URL` doit refléter les valeurs `POSTGRES_*`.
Lancer :
```bash
docker-compose up -d
```
#!/bin/sh
docker-compose up -d plumedb
docker-compose run --rm plume plm migration run
docker-compose run --rm plume plm search init
docker-compose run --rm plume plm instance new -d '$URL' -n '$NAME' -l 'CC-BY-SA'
docker-compose run --rm plume plm users new -n '$ADMIN_USER' -N '$ADMIN_NAME' -b '' -e '$ADMIN_EMAIL' -p '$ADMIN_PASS' --admin
version: "3"
volumes:
plumedb-data:
plume-data:
plume-searchidx:
db:
name: "plume_db"
data:
name: "plume_data"
searchidx:
name: "plume_index"
first-launch:
name: "plume_first_launch"
networks:
docker_default:
external: true
plume:
name: "plume"
services:
plumedb:
image: postgres:10.5
container_name: plumedb
env_file: plume.env
restart: always
volumes:
- "plumedb-data:/var/lib/postgresql/data"
networks:
- docker_default
plume:
image: registry.picasoft.net/pica-plume
image: registry.picasoft.net/pica-plume:0.4.0
container_name: plume
env_file: plume.env
restart: always
env_file:
- secrets/plume_db.secrets
- secrets/plume.secrets
environment:
BASE_URL: "blog.picasoft.net"
URL: "blog.picasoft.net"
NAME: "Picablog"
ADMIN_EMAIL: picasoft@assos.utc.fr
volumes:
- "plume-data:/app/static/media"
- "./plume.env:/app/.env"
- "plume-searchidx:/app/search_index"
- "data:/app/static/media"
- "searchidx:/app/search_index"
- "first-launch:/firstlaunch"
labels:
- "traefik.frontend.rule=Host:blog.picasoft.net"
- "traefik.enable=true"
- "traefik.port=7878"
links:
- plumedb:plumedb
traefik.frontend.rule: "Host:blog.picasoft.net"
traefik.enable: true
traefik.port: 7878
networks:
- plume
- docker_default
restart: unless-stopped
plumedb:
image: postgres:12
container_name: plumedb
env_file: plume_db.secrets
volumes:
- "db:/var/lib/postgresql/data"
networks:
- plume
restart: unless-stopped
#!/bin/sh
# Checks if Plume has already been launched one
# Otherwise, initialize the instance and create
# a file at FIRSTLAUNCH_PATH to indicate that the
# instance has already been initialized
# FIRSTLAUNCH_PATH is configured via environment
#
# Also manage running migrations when updating
if [ -z "${POSTGRES_PASSWORD}" ]; then
echo >&2 'Error : missing required ${POSTGRES_PASSWORD} environment variable, exiting.'
exit 1
fi
if [ -z "${POSTGRES_USER}" ]; then
echo >&2 'Error : missing required ${POSTGRES_USER} environment variable, exiting.'
exit 1
fi
if [ -z "${POSTGRES_DB}" ]; then
echo >&2 'Error : missing required ${POSTGRES_DB} environment variable, exiting.'
exit 1
fi
# Wait for database to be ready
while ! PGPASSWORD="${DB_PASSWORD}" psql -h"${DB_HOST}" -U"${DB_USER}" -d"${DB_NAME}" -c "SELECT 1" &>/dev/null; do
echo "Database server not ready yet, re-trying in 5 seconds..."
sleep 5
done
# If first launch, initialize and create marker file
if [ ! -f ${FIRSTLAUNCH_PATH} ]; then
echo "First launch detected."
echo "Initialize search index..."
plume plm search init
echo "Initialize instance..."
plume plm instance new -d '$URL' -n '$NAME' -l 'CC-BY-SA'
echo "Create admin user..."
plume plm users new -n '$ADMIN_USER' -N '$ADMIN_NAME' -b '' -e '$ADMIN_EMAIL' -p '$ADMIN_PASS' --admin
echo "Done."
touch ${FIRSTLAUNCH_PATH}
fi
# Check if we updated since last launch
if [ ${PLUME_VERSION} != $(cat ${FIRSTLAUNCH_PATH}) ]; then
# If so, we need to run migrations
echo "Instance updated since last launch, running migrations..."
plume plm migration run
fi
# Now write the version if the file
echo "${PLUME_VERSION}" > ${FIRSTLAUNCH_PATH}
echo "Launching Plume..."
BASE_URL=blog.test.picasoft.net
# generate one with openssl rand -base64 32
ROCKET_SECRET_KEY=kkZNhngivtkphj2QXuQLZ3eIPf372+RsTyvHA0AR7tI=
# Mail settings
#MAIL_SERVER=smtp.example.org
#MAIL_USER=example
#MAIL_PASSWORD=123456
#MAIL_HELO_NAME=example.org
# DATABASE SETUP
POSTGRES_PASSWORD=passw0rd
POSTGRES_USER=plume
POSTGRES_DB=plume
# you can safely leave those defaults
DATABASE_URL=postgres://plume:passw0rd@plumedb:5432/plume
MIGRATION_DIRECTORY=migrations/postgres
USE_HTTPS=1
ROCKET_ADDRESS=0.0.0.0
ROCKET_PORT=7878
RUST_BACKTRACE=FULL
URL=blog.test.picasoft.net
NAME=PicaTestBlog
ADMIN_USER=picasoft
ADMIN_NAME=Picasoft
ADMIN_PASS=pica2020pica
ADMIN_EMAIL=pica@picasoft.net
ADMIN_USER=picasoft
ADMIN_NAME=Picasoft
ADMIN_PASS=pica2020pica
MAIL_SERVER=smtp.example.org
#MAIL_USER=example
#MAIL_PASSWORD=123456
#MAIL_HELO_NAME=example.org
# Generate one with openssl rand -base64 32
ROCKET_SECRET_KEY=izhduozygdyuzd
DATABASE_URL=postgres://plume:passw0rd@plumedb:5432/plume
POSTGRES_PASSWORD=passw0rd
POSTGRES_USER=plume
POSTGRES_DB=plume
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment