diff --git a/Dockerfile b/Dockerfile index ee6ba871..24a6d09e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,125 +1,67 @@ -# Este Dockerfile está armado pensando en una compilación lanzada desde -# el mismo repositorio de trabajo. Cuando tengamos CI/CD algunas cosas -# como el tarball van a tener que cambiar porque ya vamos a haber hecho -# un clone/pull limpio. -FROM alpine:3.13.6 AS build +FROM registry.nulo.in/sutty/rails:3.13.6-2.7.5 AS build MAINTAINER "f " -ARG RAILS_MASTER_KEY ARG BRANCH - -# Un entorno base ENV BRANCH=$BRANCH -ENV SECRET_KEY_BASE solo_es_necesaria_para_correr_rake -ENV RAILS_ENV production -ENV RAILS_MASTER_KEY=$RAILS_MASTER_KEY -RUN apk add --no-cache libxslt libxml2 tzdata ruby ruby-json ruby-bigdecimal ruby-rake -RUN apk add --no-cache postgresql-libs git yarn brotli libssh2 python3 +RUN apk add --no-cache libxslt libxml2 tzdata postgresql-libs git yarn brotli libssh2 python3 findutils -RUN test "2.7.4" = `ruby -e 'puts RUBY_VERSION'` +USER rails +WORKDIR /srv/gems -# https://github.com/rubygems/rubygems/issues/2918 -# https://gitlab.alpinelinux.org/alpine/aports/issues/10808 -RUN apk add --no-cache patch -COPY ./rubygems-platform-musl.patch /tmp/ -RUN cd /usr/lib/ruby/2.7.0 && patch -Np 0 -i /tmp/rubygems-platform-musl.patch +COPY --chown=rails:www-data ./Gemfile . +COPY --chown=rails:www-data ./Gemfile.lock . -# Agregar el usuario -RUN addgroup -g 82 -S www-data -RUN adduser -s /bin/sh -G www-data -h /home/app -D app -RUN install -dm750 -o app -g www-data /home/app/sutty -RUN gem install --no-document bundler:2.1.4 - -# Empezamos con la usuaria app -USER app -# Vamos a trabajar dentro de este directorio -WORKDIR /home/app/sutty - -# Copiamos solo el Gemfile para poder instalar las gemas necesarias -COPY --chown=app:www-data ./Gemfile . -COPY --chown=app:www-data ./Gemfile.lock . RUN bundle config set no-cache true RUN bundle config set specific_platform true RUN bundle install --path=./vendor --without='test development' -# Vaciar la caché -RUN rm vendor/ruby/2.7.0/cache/*.gem -# Copiar el repositorio git -COPY --chown=app:www-data ./.git/ ./.git/ -# Hacer un clon limpio del repositorio en lugar de copiar todos los -# archivos +COPY --chown=rails:www-data ./.git/ ./.git/ + RUN cd .. && git clone sutty checkout RUN cd ../checkout && git checkout $BRANCH -WORKDIR /home/app/checkout -# Traer las gemas: -RUN rm -rf ./vendor -RUN mv ../sutty/vendor ./vendor -RUN mv ../sutty/.bundle ./.bundle +WORKDIR /srv/checkout -# Instalar secretos -COPY --chown=app:root ./config/credentials.yml.enc ./config/ +RUN rm -rf ./vendor ./node_modules ./tmp/cache ./.git ./test ./doc +RUN mv ../gems/vendor ./vendor +RUN mv ../gems/.bundle ./.bundle +RUN find /srv/checkout/vendor/ruby/2.7.0 -maxdepth 3 -type d -name test -o -name spec -o -name rubocop | xargs -r rm -rf -RUN rm -rf ./node_modules ./tmp/cache ./.git ./test ./doc -# Eliminar archivos innecesarios -USER root -RUN apk add --no-cache findutils -RUN find /home/app/checkout/vendor/ruby/2.7.0 -maxdepth 3 -type d -name test -o -name spec -o -name rubocop | xargs -r rm -rf - -# Contenedor final -FROM registry.nulo.in/sutty/monit:3.13.6 +FROM registry.nulo.in/sutty/rails:3.13.6-2.7.5 ENV RAILS_ENV production # Pandoc -RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories +RUN echo 'https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories # Instalar las dependencias, separamos la librería de base de datos para # poder reutilizar este primer paso desde otros contenedores -RUN apk add --no-cache libxslt libxml2 tzdata ruby ruby-json ruby-bigdecimal ruby-rake ruby-irb ruby-io-console ruby-etc -RUN apk add --no-cache postgresql-libs libssh2 file rsync git jpegoptim vips -RUN apk add --no-cache ffmpeg imagemagick pandoc tectonic oxipng jemalloc -RUN apk add --no-cache git-lfs openssh-client patch - -# Chequear que la versión de ruby sea la correcta -RUN test "2.7.4" = `ruby -e 'puts RUBY_VERSION'` - -# https://github.com/rubygems/rubygems/issues/2918 -# https://gitlab.alpinelinux.org/alpine/aports/issues/10808 -COPY ./rubygems-platform-musl.patch /tmp/ -RUN apk add --no-cache patch && cd /usr/lib/ruby/2.7.0 && patch -Np 0 -i /tmp/rubygems-platform-musl.patch && apk del patch - +# # Necesitamos yarn para que Jekyll pueda generar los sitios # XXX: Eliminarlo cuando extraigamos la generación de sitios del proceso # principal -RUN apk add --no-cache yarn -# Instalar foreman para poder correr los servicios -RUN gem install --no-document --no-user-install bundler:2.1.4 foreman +RUN apk add --no-cache libxslt libxml2 postgresql-libs libssh2 file \ + rsync git jpegoptim vips ffmpeg imagemagick pandoc tectonic \ + oxipng git-lfs openssh-client patch yarn daemonize ruby-webrick -# Agregar el grupo del servidor web y la usuaria -RUN addgroup -g 82 -S www-data -RUN adduser -s /bin/sh -G www-data -h /srv/http -D app +RUN gem install --no-document --no-user-install foreman + +USER rails + +RUN rm -rf /srv +COPY --from=build --chown=rails:www-data /srv/checkout /srv -# Convertirse en app para instalar -USER app -COPY --from=build --chown=app:www-data /home/app/checkout /srv/http -COPY --chown=app:www-data ./.git/ ./.git/ RUN rm -rf /srv/http/_sites /srv/http/_deploy RUN ln -s data/_storage /srv/http/_storage RUN ln -s data/_sites /srv/http/_sites RUN ln -s data/_deploy /srv/http/_deploy RUN ln -s data/_private /srv/http/_private -# Volver a root para cerrar la compilación USER root -# Instalar la configuración de monit -RUN install -m 640 -o root -g root /srv/http/monit.conf /etc/monit.d/sutty.conf -RUN apk add --no-cache daemonize ruby-webrick -RUN install -m 755 /srv/http/entrypoint.sh /usr/local/bin/sutty +RUN install -m 640 -o root -g root /srv/monit.conf /etc/monit.d/sutty.conf +RUN install -m 755 /srv/entrypoint.sh /usr/local/bin/sutty -# Mantener estos directorios! -VOLUME "/srv/http/data" +VOLUME "/srv/data" -# El puerto de puma EXPOSE 3000 EXPOSE 9394 diff --git a/entrypoint.sh b/entrypoint.sh index 3ae103bb..c6bfdb3b 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,10 +1,38 @@ #!/bin/sh set -e +s_pid=/srv/tmp/puma.pid +p_pid=/tmp/prometheus.pid + case $1 in - sutty) - su app -c "cd /srv/http && foreman start migrate" - daemonize -c /srv/http -u app /usr/bin/foreman start sutty + start) + su rails -c "cd /srv && foreman run migrate" + daemonize -c /srv -u rails /usr/bin/foreman start sutty + ;; + + stop) + cat $s_pid | xargs -r kill + ;; + + reload) + cat $s_pid | xargs -r kill -USR2 + ;; + + prometheus) + case $2 in + start) + rm -f $p_pid + daemonize -c /srv -p $p_pid -l $p_pid -u rails /usr/bin/foreman start prometheus + ;; + stop) + cat $p_pid | xargs -r kill + rm -f $p_pid + ;; + esac + ;; + + blazer) + test -z "$2" || b="_$2" + su rails -c "cd /srv && foreman run blazer$b" ;; - prometheus) daemonize -c /srv/http -p /tmp/prometheus.pid -l /tmp/prometheus.pid -u app /usr/bin/foreman start prometheus ;; esac diff --git a/monit.conf b/monit.conf index f574c56d..96c08d8a 100644 --- a/monit.conf +++ b/monit.conf @@ -1,31 +1,27 @@ -check process sutty with pidfile /srv/http/tmp/puma.pid - start program = "/usr/local/bin/sutty sutty" - stop program = "/bin/sh -c 'cat /srv/http/tmp/puma.pid | xargs kill'" +check process sutty with pidfile /srv/tmp/puma.pid + start program = "/usr/local/bin/sutty start" + stop program = "/usr/local/bin/sutty stop" check process prometheus with pidfile /tmp/prometheus.pid - start program = "/usr/local/bin/sutty prometheus" - stop program = "/bin/sh -c 'cat /tmp/prometheus.pid | xargs kill'" + start program = "/usr/local/bin/sutty prometheus start" + stop program = "/usr/local/bin/sutty prometheus start" check program blazer_5m - with path "/bin/sh -c 'cd /srv/http && foreman start blazer_5m'" - as uid "app" and gid "www-data" + with path "/usr/local/bin/sutty blazer 5m" every 5 cycles if status != 0 then alert check program blazer_1h - with path "/bin/sh -c 'cd /srv/http && foreman start blazer_1h'" - as uid "app" and gid "www-data" + with path "/usr/local/bin/sutty blazer 1h" every 60 cycles if status != 0 then alert check program blazer_1d - with path "/bin/sh -c 'cd /srv/http && foreman start blazer_1d'" - as uid "app" and gid "www-data" + with path "/usr/local/bin/sutty blazer 1d" every 1440 cycles if status != 0 then alert check program blazer - with path "/bin/sh -c 'cd /srv/http && foreman start blazer'" - as uid "app" and gid "www-data" + with path "/usr/local/bin/sutty blazer" every 61 cycles if status != 0 then alert