forked from Uninett/nav
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
134 lines (118 loc) · 5.92 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# NAV development container. This is NOT SUITABLE for production use of NAV.
# For more production-oriented containerization, have a look at the separate
# project https://github.com/Uninett/nav-container
#
# This container aims at providing all the build- and runtime dependencies of
# NAV itself in a single container, and allowing for running them all directly
# off the code in your source code checkout. It is intended to be used as part
# of the docker-compose.yml file, where the PostgreSQL and Graphite services
# are defined in separate containers.
#
# Run the container with your checked out NAV source code directory mounted on
# the '/source' volume to build and run all the necessary components inside
# the container. Changes to you SASS source files will be automatically
# detected and compiled, and any changes to files in the python directory will
# be immediately live in the web interface.
#
# The NAV web interface is exposed through the Django development server on
# port 80.
#
# REQUIREMENT: For the users inside the container to be able to access the
# source code mounted at /source, the directory and its files on the host must
# be world-readable!
#
#
FROM --platform=linux/amd64 debian:bullseye
#### Prepare the OS base setup ###
ENV DEBIAN_FRONTEND noninteractive
RUN echo 'deb-src http://deb.debian.org/debian bullseye main' >> /etc/apt/sources.list.d/srcpkg.list && \
echo 'deb-src http://security.debian.org/debian-security bullseye-security main' >> /etc/apt/sources.list.d/srcpkg.list
RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked \
--mount=target=/var/cache/apt,type=cache,sharing=locked \
apt-get update && \
apt-get -y --no-install-recommends install \
locales \
python3-dbg python3-venv gdb \
sudo python3-dev python3-pip python3-virtualenv build-essential supervisor \
debian-keyring debian-archive-keyring ca-certificates curl gpg
## Use deb.nodesource.com to fetch more modern versions of Node/NPM than Debian can provide
RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg && \
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main' > /etc/apt/sources.list.d/nodesource.list && \
apt-get update && \
apt-get install -y nodejs
ARG TIMEZONE=Europe/Oslo
ARG LOCALE=en_US.UTF-8
ARG ENCODING=UTF-8
RUN echo "${LOCALE} ${ENCODING}" > /etc/locale.gen && locale-gen ${LOCALE} && update-locale LANG=${LOCALE} LC_ALL=${LOCALE}
ENV LANG ${LOCALE}
ENV LC_ALL ${LOCALE}
RUN echo "${TIMEZONE}" > /etc/timezone && cp /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
#### Install various build and runtime requirements as Debian packages ####
RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked \
--mount=target=/var/cache/apt,type=cache,sharing=locked \
apt-get update \
&& apt-get -y --no-install-recommends install \
git-core \
libsnmp40 \
cron \
sudo \
inotify-tools \
postgresql-client \
vim \
less \
nbtscan \
# Python package build deps: \
libpq-dev \
libjpeg-dev \
libz-dev \
libldap2-dev \
libsasl2-dev \
# Useful tools for network debugging and SNMP querying: \
dnsutils \
iproute2 \
iputils-ping \
snmp
# Make an unprivileged nav user that corresponds to the user building this image.
# Allow this user to run sudo commands and make a virtualenv for them to install NAV in
ARG UID
ARG GID
RUN groupadd --gid "$GID" nav ; adduser --home=/source --shell=/bin/bash --uid=$UID --gid=$GID nav
RUN echo "nav ALL =(ALL: ALL) NOPASSWD: ALL" > /etc/sudoers.d/nav
# Ensure the virtualenv's bin directory is on everyone's PATH variable
RUN sed -e 's,^Defaults.*secure_path.*,Defaults secure_path="/opt/venvs/nav/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",' -i /etc/sudoers
RUN sed -e 's,^ENV_SUPATH.*,ENV_SUPATH PATH=/opt/venvs/nav/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",' -i /etc/login.defs
RUN sed -e 's,^ENV_PATH.*,ENV_PATH PATH=/opt/venvs/nav/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games",' -i /etc/login.defs
RUN --mount=type=cache,target=/source/.cache \
mkdir -p /opt/venvs/nav && chown nav /opt/venvs/nav && \
mkdir -p /etc/nav && chown nav /etc/nav && \
chown -R nav /source/.cache
USER nav
ENV PATH=/opt/venvs/nav/bin:$PATH
RUN python3.9 -m venv /opt/venvs/nav
RUN --mount=type=cache,target=/source/.cache \
pip install --upgrade setuptools wheel pip-tools build
#################################################################################
### COPYing the requirements file to pip-install Python requirements may bust ###
### Docker's cache at this point, so everything expensive you want to keep in ###
### the cache should go before this. ###
#################################################################################
COPY tools/docker/supervisord.conf /etc/supervisor/conf.d/nav.conf
# Make an initial install of all NAV requirements into the virtualenv, to make
# builds inside the container go faster
COPY requirements/ /requirements
COPY requirements.txt /
COPY constraints.txt /
COPY tests/requirements.txt /test-requirements.txt
COPY doc/requirements.txt /doc-requirements.txt
RUN --mount=type=cache,target=/source/.cache \
cd /opt/venvs/nav && \
pip-compile --resolver=backtracking --output-file ./requirements.txt.lock -c /constraints.txt /requirements.txt /test-requirements.txt /doc-requirements.txt ; \
pip install -r ./requirements.txt.lock
ARG CUSTOM_PIP=ipython
RUN --mount=type=cache,target=/source/.cache \
pip install ${CUSTOM_PIP}
COPY tools/docker/full-nav-restore.sh /usr/local/sbin/full-nav-restore.sh
VOLUME ["/source"]
ENV DJANGO_SETTINGS_MODULE nav.django.settings
EXPOSE 8080
CMD ["/source/tools/docker/run.sh"]