From 825dfb19dcd9b49b4b53c2af56d0e0945be8ae69 Mon Sep 17 00:00:00 2001 From: benschermel Date: Fri, 15 Apr 2022 23:10:31 -0400 Subject: [PATCH] modify dockerfile to build within image --- pkg/docker/Dockerfile | 152 +++++++++++++++++++++++++----------------- pkg/docker/README.md | 6 +- 2 files changed, 93 insertions(+), 65 deletions(-) diff --git a/pkg/docker/Dockerfile b/pkg/docker/Dockerfile index 8528aabb5..f0bbe2cca 100644 --- a/pkg/docker/Dockerfile +++ b/pkg/docker/Dockerfile @@ -1,91 +1,117 @@ -FROM ubuntu:18.04 -# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added +FROM ubuntu:20.04 +SHELL ["/bin/bash","-c"] RUN groupadd -r keydb && useradd -r -g keydb keydb - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.11 +# use gosu for easy step-down from root: https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.14 RUN set -eux; \ -# save list of currently installed packages for later so we can clean up savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ - apt-get install -y --no-install-recommends \ - ca-certificates \ - dirmngr \ - gnupg \ - wget \ - ; \ - \ + apt-get install -y --no-install-recommends ca-certificates dirmngr gnupg wget; \ + rm -rf /var/lib/apt/lists/*; \ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ gpgconf --kill all; \ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ -# clean up fetch dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ chmod +x /usr/local/bin/gosu; \ -# verify that the binary works gosu --version; \ gosu nobody true - -# Load pre-generated equivalent binaries to image (reduces deployment build times) -RUN \ - mkdir -p /etc/keydb -ADD ./app/keydb-* /usr/local/bin/ -ADD ./app/docker-entrypoint.sh /usr/local/bin/ -ADD ./app/*.conf /etc/keydb/ -# Set up config and binaries -RUN \ - cd /usr/local/bin && \ - sed -i 's/^\(bind .*\)$/# \1/' /etc/keydb/keydb.conf && \ - sed -i 's/^\(daemonize .*\)$/# \1/' /etc/keydb/keydb.conf && \ - sed -i 's/^\(dir .*\)$/# \1\ndir \/data/' /etc/keydb/keydb.conf && \ - sed -i 's/^\(logfile .*\)$/# \1/' /etc/keydb/keydb.conf && \ - sed -i 's/protected-mode yes/protected-mode no/g' /etc/keydb/keydb.conf && \ - ln -s keydb-cli redis-cli && \ - cd /etc/keydb && \ - ln -s keydb.conf redis.conf - -# Ensure deps installed for binaries +# build KeyDB +ARG BRANCH RUN set -eux; \ \ savedAptMark="$(apt-mark showmanual)"; \ - apt-get install -y --no-install-recommends \ - libcurl4 \ - libc6 \ - libssl1.1 \ - libuuid1 \ - libstdc++6 \ - libgcc1 \ - zlib1g \ - libbz2-1.0 \ - liblz4-1 \ - libsnappy1v5 \ - libzstd1 \ + apt-get update; \ + DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends \ + dpkg-dev \ + pkg-config \ + ca-certificates \ + build-essential \ + nasm \ + autotools-dev \ + autoconf \ + libjemalloc-dev \ + tcl \ + tcl-dev \ + uuid-dev \ + libcurl4-openssl-dev \ + libbz2-dev \ + libzstd-dev \ + liblz4-dev \ + libsnappy-dev \ + libssl-dev \ + git; \ + cd /tmp && git clone --branch $BRANCH https://github.com/Snapchat/KeyDB.git --recursive; \ + cd /tmp/KeyDB; \ + # disable protected mode as it relates to docker + grep -E '^ *createBoolConfig[(]"protected-mode",.*, *1 *,.*[)],$' ./src/config.cpp; \ + sed -ri 's!^( *createBoolConfig[(]"protected-mode",.*, *)1( *,.*[)],)$!\10\2!' ./src/config.cpp; \ + grep -E '^ *createBoolConfig[(]"protected-mode",.*, *0 *,.*[)],$' ./src/config.cpp; \ + make -j$(nproc) BUILD_TLS=yes; \ + cd src; \ + strip keydb-cli keydb-benchmark keydb-check-rdb keydb-check-aof keydb-diagnostic-tool keydb-sentinel keydb-server; \ + mv keydb-server keydb-cli keydb-benchmark keydb-check-rdb keydb-check-aof keydb-diagnostic-tool keydb-sentinel /usr/local/bin/; \ + # clean up unused dependencies + echo $savedAptMark; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sed 's:.*/::' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ ; \ - rm -rf /var/lib/apt/lists/* - -# create working directories + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ +# create working directories and organize files RUN \ - mkdir /data && chown keydb:keydb /data && \ - mkdir /flash && chown keydb:keydb /flash - + mkdir /data && chown keydb:keydb /data; \ + mkdir /flash && chown keydb:keydb /flash; \ + mkdir -p /etc/keydb; \ + cp /tmp/keydb-internal/keydb.conf /etc/keydb/; \ + sed -i 's/^\(daemonize .*\)$/# \1/' /etc/keydb/keydb.conf; \ + sed -i 's/^\(dir .*\)$/# \1\ndir \/data/' /etc/keydb/keydb.conf; \ + sed -i 's/^\(logfile .*\)$/# \1/' /etc/keydb/keydb.conf; \ + sed -i 's/protected-mode yes/protected-mode no/g' /etc/keydb/keydb.conf; \ + sed -i 's/^\(bind .*\)$/# \1/' /etc/keydb/keydb.conf; \ + ln -s keydb-cli redis-cli; \ + cd /etc/keydb; \ + ln -s keydb.conf redis.conf; \ + rm -rf /tmp/* +# generate entrypoint script +RUN set -eux; \ + echo '#!/bin/sh' > /usr/local/bin/docker-entrypoint.sh; \ + echo 'set -e' >> /usr/local/bin/docker-entrypoint.sh; \ + echo "# first arg is '-f' or '--some-option'" >> /usr/local/bin/docker-entrypoint.sh; \ + echo "# or first arg is `something.conf`" >> /usr/local/bin/docker-entrypoint.sh; \ + echo 'if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then' >> /usr/local/bin/docker-entrypoint.sh; \ + echo ' set -- keydb-server "$@"' >> /usr/local/bin/docker-entrypoint.sh; \ + echo 'fi' >> /usr/local/bin/docker-entrypoint.sh; \ + echo "# allow the container to be started with `--user`" >> /usr/local/bin/docker-entrypoint.sh; \ + echo 'if [ "$1" = "keydb-server" -a "$(id -u)" = "0" ]; then' >> /usr/local/bin/docker-entrypoint.sh; \ + echo " find . \! -user keydb -exec chown keydb '{}' +" >> /usr/local/bin/docker-entrypoint.sh; \ + echo ' exec gosu keydb "$0" "$@"' >> /usr/local/bin/docker-entrypoint.sh; \ + echo 'fi' >> /usr/local/bin/docker-entrypoint.sh; \ + echo 'exec "$@"' >> /usr/local/bin/docker-entrypoint.sh; \ + chmod +x /usr/local/bin/docker-entrypoint.sh +# set remaining image properties VOLUME /data WORKDIR /data ENV KEYDB_PRO_DIRECTORY=/usr/local/bin/ - -#COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] - -# Expose container port and start KeyDB by default on running container EXPOSE 6379 -CMD ["keydb-server", "/etc/keydb/keydb.conf"] +CMD ["keydb-server","/etc/keydb/keydb.conf"] + + + + + diff --git a/pkg/docker/README.md b/pkg/docker/README.md index 0401ba0b0..819f23b9c 100644 --- a/pkg/docker/README.md +++ b/pkg/docker/README.md @@ -1,5 +1,7 @@ -In order to create a docker image, generate the keydb binaries, copy them to the app directory, copy keydb.conf and sentinel.conf to the app directory as well, then run the following command: +This Dockerfile will clone the KeyDB repo, build, and generate a Docker image you can use + +To build, use experimental mode to enable use of build args. Tag the build and specify branch name. The command below will generate your docker image: ``` -$ sudo docker build . -t +DOCKER_CLI_EXPERIMENTAL=enabled docker build --build-arg BRANCH= -t ```