modify dockerfile to build within image
This commit is contained in:
benschermel
parent
0cc2a59f8c
commit
825dfb19dc
@ -1,91 +1,117 @@
|
|||||||
FROM ubuntu:18.04
|
FROM ubuntu:20.04
|
||||||
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
|
SHELL ["/bin/bash","-c"]
|
||||||
RUN groupadd -r keydb && useradd -r -g keydb keydb
|
RUN groupadd -r keydb && useradd -r -g keydb keydb
|
||||||
|
# use gosu for easy step-down from root: https://github.com/tianon/gosu/releases
|
||||||
# grab gosu for easy step-down from root
|
ENV GOSU_VERSION 1.14
|
||||||
# https://github.com/tianon/gosu/releases
|
|
||||||
ENV GOSU_VERSION 1.11
|
|
||||||
RUN set -eux; \
|
RUN set -eux; \
|
||||||
# save list of currently installed packages for later so we can clean up
|
|
||||||
savedAptMark="$(apt-mark showmanual)"; \
|
savedAptMark="$(apt-mark showmanual)"; \
|
||||||
apt-get update; \
|
apt-get update; \
|
||||||
apt-get install -y --no-install-recommends \
|
apt-get install -y --no-install-recommends ca-certificates dirmngr gnupg wget; \
|
||||||
ca-certificates \
|
rm -rf /var/lib/apt/lists/*; \
|
||||||
dirmngr \
|
|
||||||
gnupg \
|
|
||||||
wget \
|
|
||||||
; \
|
|
||||||
\
|
|
||||||
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
|
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
|
||||||
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
|
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
|
||||||
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
|
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
|
||||||
\
|
|
||||||
# verify the signature
|
|
||||||
export GNUPGHOME="$(mktemp -d)"; \
|
export GNUPGHOME="$(mktemp -d)"; \
|
||||||
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
|
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
|
||||||
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
|
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
|
||||||
gpgconf --kill all; \
|
gpgconf --kill all; \
|
||||||
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
|
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
|
||||||
\
|
|
||||||
# clean up fetch dependencies
|
|
||||||
apt-mark auto '.*' > /dev/null; \
|
apt-mark auto '.*' > /dev/null; \
|
||||||
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
|
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
|
||||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
||||||
\
|
|
||||||
chmod +x /usr/local/bin/gosu; \
|
chmod +x /usr/local/bin/gosu; \
|
||||||
# verify that the binary works
|
|
||||||
gosu --version; \
|
gosu --version; \
|
||||||
gosu nobody true
|
gosu nobody true
|
||||||
|
# build KeyDB
|
||||||
# Load pre-generated equivalent binaries to image (reduces deployment build times)
|
ARG BRANCH
|
||||||
RUN \
|
|
||||||
mkdir -p /etc/keydb
|
|
||||||
ADD ./app/keydb-* /usr/local/bin/
|
|
||||||
ADD ./app/docker-entrypoint.sh /usr/local/bin/
|
|
||||||
ADD ./app/*.conf /etc/keydb/
|
|
||||||
# Set up config and binaries
|
|
||||||
RUN \
|
|
||||||
cd /usr/local/bin && \
|
|
||||||
sed -i 's/^\(bind .*\)$/# \1/' /etc/keydb/keydb.conf && \
|
|
||||||
sed -i 's/^\(daemonize .*\)$/# \1/' /etc/keydb/keydb.conf && \
|
|
||||||
sed -i 's/^\(dir .*\)$/# \1\ndir \/data/' /etc/keydb/keydb.conf && \
|
|
||||||
sed -i 's/^\(logfile .*\)$/# \1/' /etc/keydb/keydb.conf && \
|
|
||||||
sed -i 's/protected-mode yes/protected-mode no/g' /etc/keydb/keydb.conf && \
|
|
||||||
ln -s keydb-cli redis-cli && \
|
|
||||||
cd /etc/keydb && \
|
|
||||||
ln -s keydb.conf redis.conf
|
|
||||||
|
|
||||||
# Ensure deps installed for binaries
|
|
||||||
RUN set -eux; \
|
RUN set -eux; \
|
||||||
\
|
\
|
||||||
savedAptMark="$(apt-mark showmanual)"; \
|
savedAptMark="$(apt-mark showmanual)"; \
|
||||||
apt-get install -y --no-install-recommends \
|
apt-get update; \
|
||||||
libcurl4 \
|
DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends \
|
||||||
libc6 \
|
dpkg-dev \
|
||||||
libssl1.1 \
|
pkg-config \
|
||||||
libuuid1 \
|
ca-certificates \
|
||||||
libstdc++6 \
|
build-essential \
|
||||||
libgcc1 \
|
nasm \
|
||||||
zlib1g \
|
autotools-dev \
|
||||||
libbz2-1.0 \
|
autoconf \
|
||||||
liblz4-1 \
|
libjemalloc-dev \
|
||||||
libsnappy1v5 \
|
tcl \
|
||||||
libzstd1 \
|
tcl-dev \
|
||||||
|
uuid-dev \
|
||||||
|
libcurl4-openssl-dev \
|
||||||
|
libbz2-dev \
|
||||||
|
libzstd-dev \
|
||||||
|
liblz4-dev \
|
||||||
|
libsnappy-dev \
|
||||||
|
libssl-dev \
|
||||||
|
git; \
|
||||||
|
cd /tmp && git clone --branch $BRANCH https://github.com/Snapchat/KeyDB.git --recursive; \
|
||||||
|
cd /tmp/KeyDB; \
|
||||||
|
# disable protected mode as it relates to docker
|
||||||
|
grep -E '^ *createBoolConfig[(]"protected-mode",.*, *1 *,.*[)],$' ./src/config.cpp; \
|
||||||
|
sed -ri 's!^( *createBoolConfig[(]"protected-mode",.*, *)1( *,.*[)],)$!\10\2!' ./src/config.cpp; \
|
||||||
|
grep -E '^ *createBoolConfig[(]"protected-mode",.*, *0 *,.*[)],$' ./src/config.cpp; \
|
||||||
|
make -j$(nproc) BUILD_TLS=yes; \
|
||||||
|
cd src; \
|
||||||
|
strip keydb-cli keydb-benchmark keydb-check-rdb keydb-check-aof keydb-diagnostic-tool keydb-sentinel keydb-server; \
|
||||||
|
mv keydb-server keydb-cli keydb-benchmark keydb-check-rdb keydb-check-aof keydb-diagnostic-tool keydb-sentinel /usr/local/bin/; \
|
||||||
|
# clean up unused dependencies
|
||||||
|
echo $savedAptMark; \
|
||||||
|
apt-mark auto '.*' > /dev/null; \
|
||||||
|
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
|
||||||
|
find /usr/local -type f -executable -exec ldd '{}' ';' \
|
||||||
|
| awk '/=>/ { print $(NF-1) }' \
|
||||||
|
| sed 's:.*/::' \
|
||||||
|
| sort -u \
|
||||||
|
| xargs -r dpkg-query --search \
|
||||||
|
| cut -d: -f1 \
|
||||||
|
| sort -u \
|
||||||
|
| xargs -r apt-mark manual \
|
||||||
; \
|
; \
|
||||||
rm -rf /var/lib/apt/lists/*
|
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
||||||
|
rm -rf /var/lib/apt/lists/*; \
|
||||||
# create working directories
|
# create working directories and organize files
|
||||||
RUN \
|
RUN \
|
||||||
mkdir /data && chown keydb:keydb /data && \
|
mkdir /data && chown keydb:keydb /data; \
|
||||||
mkdir /flash && chown keydb:keydb /flash
|
mkdir /flash && chown keydb:keydb /flash; \
|
||||||
|
mkdir -p /etc/keydb; \
|
||||||
|
cp /tmp/keydb-internal/keydb.conf /etc/keydb/; \
|
||||||
|
sed -i 's/^\(daemonize .*\)$/# \1/' /etc/keydb/keydb.conf; \
|
||||||
|
sed -i 's/^\(dir .*\)$/# \1\ndir \/data/' /etc/keydb/keydb.conf; \
|
||||||
|
sed -i 's/^\(logfile .*\)$/# \1/' /etc/keydb/keydb.conf; \
|
||||||
|
sed -i 's/protected-mode yes/protected-mode no/g' /etc/keydb/keydb.conf; \
|
||||||
|
sed -i 's/^\(bind .*\)$/# \1/' /etc/keydb/keydb.conf; \
|
||||||
|
ln -s keydb-cli redis-cli; \
|
||||||
|
cd /etc/keydb; \
|
||||||
|
ln -s keydb.conf redis.conf; \
|
||||||
|
rm -rf /tmp/*
|
||||||
|
# generate entrypoint script
|
||||||
|
RUN set -eux; \
|
||||||
|
echo '#!/bin/sh' > /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo 'set -e' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo "# first arg is '-f' or '--some-option'" >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo "# or first arg is `something.conf`" >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo 'if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo ' set -- keydb-server "$@"' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo 'fi' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo "# allow the container to be started with `--user`" >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo 'if [ "$1" = "keydb-server" -a "$(id -u)" = "0" ]; then' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo " find . \! -user keydb -exec chown keydb '{}' +" >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo ' exec gosu keydb "$0" "$@"' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo 'fi' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
echo 'exec "$@"' >> /usr/local/bin/docker-entrypoint.sh; \
|
||||||
|
chmod +x /usr/local/bin/docker-entrypoint.sh
|
||||||
|
# set remaining image properties
|
||||||
VOLUME /data
|
VOLUME /data
|
||||||
WORKDIR /data
|
WORKDIR /data
|
||||||
ENV KEYDB_PRO_DIRECTORY=/usr/local/bin/
|
ENV KEYDB_PRO_DIRECTORY=/usr/local/bin/
|
||||||
|
|
||||||
#COPY docker-entrypoint.sh /usr/local/bin/
|
|
||||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||||
|
|
||||||
# Expose container port and start KeyDB by default on running container
|
|
||||||
EXPOSE 6379
|
EXPOSE 6379
|
||||||
CMD ["keydb-server", "/etc/keydb/keydb.conf"]
|
CMD ["keydb-server","/etc/keydb/keydb.conf"]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,7 @@
|
|||||||
In order to create a docker image, generate the keydb binaries, copy them to the app directory, copy keydb.conf and sentinel.conf to the app directory as well, then run the following command:
|
This Dockerfile will clone the KeyDB repo, build, and generate a Docker image you can use
|
||||||
|
|
||||||
|
To build, use experimental mode to enable use of build args. Tag the build and specify branch name. The command below will generate your docker image:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ sudo docker build . -t <yourimagename>
|
DOCKER_CLI_EXPERIMENTAL=enabled docker build --build-arg BRANCH=<keydbBranch> -t <yourImageName>
|
||||||
```
|
```
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user