(MAINT) PuppetDB alpine image from source

This reduces the final image size from 434MB down to 115MB.

There's no more Ruby or puppet-agent in the container, and it's based
on Alpine rather than Ubuntu.

Since this builds from local source instead of released packages,
developers can now go further in their testing of PuppetDB changes by
simply changing their local clone and running "cd docker && make build".
parent 6a161f35
*
!project.clj
!src
!resources
!documentation
!docker/puppetdb
......@@ -28,7 +28,7 @@ else
endif
build: prep
@docker build --pull --build-arg vcs_ref=$(vcs_ref) --build-arg build_date=$(build_date) --build-arg version=$(version) --file puppetdb/$(dockerfile) --tag puppet/puppetdb:$(version) puppetdb
@docker build --pull --build-arg vcs_ref=$(vcs_ref) --build-arg build_date=$(build_date) --build-arg version=$(version) --file puppetdb/$(dockerfile) --tag puppet/puppetdb:$(version) ..
ifeq ($(IS_LATEST),true)
@docker tag puppet/puppetdb:$(version) puppet/puppetdb:latest
endif
......
......@@ -42,7 +42,7 @@ function Build-Container(
'--tag', "$Namespace/puppetdb:latest"
)
docker build $docker_args puppetdb
docker build $docker_args ..
Pop-Location
}
......
FROM ubuntu:16.04
FROM clojure:lein-alpine AS builder
RUN apk add --no-cache make
# Install only dependencies
WORKDIR /app
COPY project.clj /app/
COPY resources/puppetlabs/puppetdb/bootstrap.cfg \
/app/resources/puppetlabs/puppetdb/bootstrap.cfg
RUN lein with-profile uberjar deps
# Build uberjar -- see .dockerignore
COPY . /app
RUN lein with-profile uberjar uberjar
FROM openjdk:8-jre-alpine
RUN apk add --no-cache tini curl openssl
COPY --from=builder /app/target/puppetdb.jar /
ARG vcs_ref
ARG build_date
ARG version="5.1.5"
ENV PUPPETDB_VERSION="$version"
ENV DUMB_INIT_VERSION="1.2.1"
ENV UBUNTU_CODENAME="xenial"
ENV PUPPETDB_DATABASE_CONNECTION="//postgres:5432/puppetdb"
ENV PUPPETDB_USER=puppetdb
ENV PUPPETDB_PASSWORD=puppetdb
ENV PUPPETDB_NODE_TTL=7d
ENV PUPPETDB_NODE_PURGE_TTL=14d
ENV PUPPETDB_REPORT_TTL=14d
ENV PUPPETDB_JAVA_ARGS="-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m"
# used by entrypoint to determine if puppetserver should be contacted for config
# set to false when container tests are run
ENV USE_PUPPETSERVER=true
ENV PATH="/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin:$PATH"
LABEL org.label-schema.maintainer="Puppet Release Team <release@puppet.com>" \
org.label-schema.vendor="Puppet" \
......@@ -28,36 +43,38 @@ LABEL org.label-schema.maintainer="Puppet Release Team <release@puppet.com>" \
org.label-schema.schema-version="1.0" \
org.label-schema.dockerfile="/Dockerfile"
RUN apt-get update && \
apt-get install --no-install-recommends -y wget netcat lsb-release ca-certificates && \
wget https://apt.puppetlabs.com/puppet5-release-"$UBUNTU_CODENAME".deb && \
wget https://github.com/Yelp/dumb-init/releases/download/v"$DUMB_INIT_VERSION"/dumb-init_"$DUMB_INIT_VERSION"_amd64.deb && \
dpkg -i puppet5-release-"$UBUNTU_CODENAME".deb && \
dpkg -i dumb-init_"$DUMB_INIT_VERSION"_amd64.deb && \
rm puppet5-release-"$UBUNTU_CODENAME".deb dumb-init_"$DUMB_INIT_VERSION"_amd64.deb && \
apt-get update && \
apt-get install --no-install-recommends -y puppet-agent puppetdb="$PUPPETDB_VERSION"-1"$UBUNTU_CODENAME" && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Values from /etc/default/puppetdb
ENV JAVA_BIN="/usr/bin/java"
ENV USER="puppetdb"
ENV GROUP="puppetdb"
ENV INSTALL_DIR="/opt/puppetlabs/server/apps/puppetdb"
ENV CONFIG="/etc/puppetlabs/puppetdb/conf.d"
ENV BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetdb/bootstrap.cfg"
ENV SERVICE_STOP_RETRIES=60
COPY docker/puppetdb/logging /etc/puppetlabs/puppetdb/logging/
COPY docker/puppetdb/conf.d /etc/puppetlabs/puppetdb/conf.d/
COPY resources/puppetlabs/puppetdb/bootstrap.cfg /etc/puppetlabs/puppetdb/
COPY resources/ext/config/logback.xml /etc/puppetlabs/puppetdb/
COPY resources/ext/config/request-logging.xml /etc/puppetlabs/puppetdb/
RUN mkdir -p /opt/puppetlabs/server/data/puppetdb
COPY puppetdb /etc/default/
COPY logging /etc/puppetlabs/puppetdb/logging
RUN addgroup $GROUP && adduser -S $USER -G $GROUP
RUN rm -fr /etc/puppetlabs/puppetdb/conf.d
COPY conf.d /etc/puppetlabs/puppetdb/conf.d
ADD https://raw.githubusercontent.com/puppetlabs/pupperware/b651119f16a1c18d5e9174c283a4e535d35a128a/shared/ssl.sh /ssl.sh
RUN chmod +x /ssl.sh
COPY docker/puppetdb/ssl-setup.sh /
RUN chmod +x /ssl-setup.sh
# Persist the agent SSL certificate.
VOLUME /etc/puppetlabs/puppet/ssl/
# /etc/puppetlabs/puppetdb/ssl is automatically populated from here and
# doesn't need a separate volume.
COPY docker-entrypoint.sh /
COPY docker/puppetdb/docker-entrypoint.sh /
RUN chmod +x /docker-entrypoint.sh
EXPOSE 8080 8081
ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"]
CMD ["foreground"]
ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
CMD ["services"]
# The start-period is just a wild guess how long it takes PuppetDB to come
# up in the worst case. The other timing parameters are set so that it
......@@ -70,4 +87,4 @@ HEALTHCHECK --interval=10s --timeout=10s --retries=6 \
| grep -q '"state":"running"' \
|| exit 1
COPY Dockerfile /
COPY docker/puppetdb/Dockerfile /
#!/bin/bash
#!/bin/sh
master_running() {
status=$(curl --silent --fail --insecure "https://${PUPPETSERVER_HOSTNAME}:8140/status/v1/simple")
......@@ -6,8 +6,6 @@ master_running() {
}
PUPPETSERVER_HOSTNAME="${PUPPETSERVER_HOSTNAME:-puppet}"
/opt/puppetlabs/bin/puppet config set certname "$HOSTNAME"
/opt/puppetlabs/bin/puppet config set server "$PUPPETSERVER_HOSTNAME"
if [ ! -f "/etc/puppetlabs/puppet/ssl/certs/${HOSTNAME}.pem" ] && [ "$USE_PUPPETSERVER" = true ]; then
# if this is our first run, run puppet agent to get certs in place
......@@ -15,10 +13,12 @@ if [ ! -f "/etc/puppetlabs/puppet/ssl/certs/${HOSTNAME}.pem" ] && [ "$USE_PUPPET
sleep 1
done
set -e
/opt/puppetlabs/bin/puppet agent --verbose --onetime --no-daemonize --waitforcert 120
/ssl.sh
fi
if [ ! -d "/etc/puppetlabs/puppetdb/ssl" ] && [ "$USE_PUPPETSERVER" = true ]; then
/opt/puppetlabs/server/bin/puppetdb ssl-setup -f
/ssl-setup.sh -f
fi
exec /opt/puppetlabs/server/bin/puppetdb "$@"
exec java $PUPPETDB_JAVA_ARGS -cp /puppetdb.jar \
clojure.main -m puppetlabs.puppetdb.core "$@" \
-c /etc/puppetlabs/puppetdb/conf.d/
###########################################
# Init settings for puppetdb
###########################################
# Location of your Java binary (version 7 or higher)
JAVA_BIN="/usr/bin/java"
# Modify this if you'd like to change the memory allocation, enable JMX, etc
JAVA_ARGS="$PUPPETDB_JAVA_ARGS"
# These normally shouldn't need to be edited if using OS packages
USER="puppetdb"
GROUP="puppetdb"
INSTALL_DIR="/opt/puppetlabs/server/apps/puppetdb"
CONFIG="/etc/puppetlabs/puppetdb/conf.d"
BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetdb/bootstrap.cfg"
SERVICE_STOP_RETRIES=60
# START_TIMEOUT can be set here to alter the default startup timeout in
# seconds. This is used in System-V style init scripts only, and will have no
# effect in systemd.
# START_TIMEOUT=300
This diff is collapsed.
#!/bin/bash
#
# MAINTAINERS:
# This file was copied and modified to run in the
# Docker container here: docker/puppetdb/ssl-setup.sh
#
# If you change this .erb file, consider changing the
# .sh version of this file as well.
ssl_command="puppetdb ssl-setup"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment