From be3a8f826ed7f07a110a7bff5c966512c0480efa Mon Sep 17 00:00:00 2001 From: ngosang Date: Sat, 29 Oct 2022 02:27:22 +0200 Subject: [PATCH] Replace Ansible with Shell script * Remove Ansible and all Python packages * Reduce image size by 452 MB (689 MB => 237 MB uncompressed) --- Dockerfile | 24 +-- root/entrypoint.sh | 60 ++++-- root/etc/ansible/entrypoint.yml | 171 ------------------ root/etc/ansible/hosts | 2 - root/etc/ansible/templates/parameters.yml.j2 | 63 ------- root/etc/wallabag/parameters.template.yml | 63 +++++++ .../config => etc/wallabag}/parameters.yml | 0 7 files changed, 125 insertions(+), 258 deletions(-) delete mode 100644 root/etc/ansible/entrypoint.yml delete mode 100644 root/etc/ansible/hosts delete mode 100644 root/etc/ansible/templates/parameters.yml.j2 create mode 100644 root/etc/wallabag/parameters.template.yml rename root/{var/www/wallabag/app/config => etc/wallabag}/parameters.yml (100%) diff --git a/Dockerfile b/Dockerfile index 863d517..4fcdbfd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,19 @@ +FROM golang:alpine3.16 as builder + +# envsubst from gettext can not replace env vars with default values +# this package is not available for ARM32 and we have to build it from source code +RUN go install -v github.com/a8m/envsubst/cmd/envsubst@v1.3.0 + FROM alpine:3.16 -LABEL maintainer "Marvin Steadfast " +COPY --from=builder /go/bin/envsubst /usr/bin/envsubst ARG WALLABAG_VERSION=2.5.2 RUN set -ex \ - && apk update \ - && apk upgrade --available \ - && apk add \ - ansible \ + && apk add --no-cache \ curl \ libwebp \ - mariadb-client \ nginx \ pcre \ php8 \ @@ -40,9 +42,8 @@ RUN set -ex \ php8-xmlreader \ php8-tidy \ php8-intl \ - py3-mysqlclient \ - py3-psycopg2 \ - py-simplejson \ + mariadb-client \ + postgresql14-client \ rabbitmq-c \ s6 \ tar \ @@ -59,13 +60,14 @@ RUN set -ex \ COPY root / RUN set -ex \ - && mv /var/www/wallabag/app /tmp/app \ && curl -L -o /tmp/wallabag.tar.gz https://github.com/wallabag/wallabag/archive/$WALLABAG_VERSION.tar.gz \ && tar xvf /tmp/wallabag.tar.gz -C /tmp \ + && mkdir /var/www/wallabag \ && mv /tmp/wallabag-*/* /var/www/wallabag/ \ && rm -rf /tmp/wallabag* \ - && mv /tmp/app/config/parameters.yml /var/www/wallabag/app/config/parameters.yml \ + && mv /etc/wallabag/* /var/www/wallabag/app/config/ \ && cd /var/www/wallabag \ + && mkdir data/assets \ && SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist --no-progress \ && rm -rf /root/.composer/* /var/www/wallabag/var/cache/* /var/www/wallabag/var/logs/* /var/www/wallabag/var/sessions/* \ && chown -R nobody:nobody /var/www/wallabag diff --git a/root/entrypoint.sh b/root/entrypoint.sh index ccac86e..4b9e17b 100755 --- a/root/entrypoint.sh +++ b/root/entrypoint.sh @@ -1,27 +1,65 @@ #!/bin/sh +COMMAND_ARG1="$1" +COMMAND_ARG2="$2" + +cd /var/www/wallabag || exit + provisioner () { - echo "Starting provisioner..." - if ! out=`ansible-playbook -i /etc/ansible/hosts /etc/ansible/entrypoint.yml -c local "$@"`;then - echo $out; + SYMFONY__ENV__DATABASE_DRIVER=${SYMFONY__ENV__DATABASE_DRIVER:-pdo_sqlite} + POPULATE_DATABASE=${POPULATE_DATABASE:-True} + + envsubst < app/config/parameters.template.yml > app/config/parameters.yml + + if [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_sqlite" ]; then + if [ ! -f "/var/www/wallabag/data/db/wallabag.sqlite" ]; then + su -c "php bin/console wallabag:install --env=prod -n" -s /bin/sh nobody + fi + fi + + if [ "$POPULATE_DATABASE" = "True" ] && [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_mysql" ]; then + timeout 60s /bin/sh -c "until echo 'Waiting for MariaDB ...' && mysql -h ${SYMFONY__ENV__DATABASE_HOST} --port ${SYMFONY__ENV__DATABASE_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} -e 'show databases;' > /dev/null 2>&1 ; do sleep 1 ; done" + mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \ + -e "CREATE DATABASE ${SYMFONY__ENV__DATABASE_NAME} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" + if [ "$SYMFONY__ENV__DATABASE_USER" != "root" ]; then + mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \ + -e "CREATE USER '${SYMFONY__ENV__DATABASE_USER}'@'%' IDENTIFIED BY '${SYMFONY__ENV__DATABASE_PASSWORD}';" + mysql -h "${SYMFONY__ENV__DATABASE_HOST}" --port "${SYMFONY__ENV__DATABASE_PORT}" -uroot -p"${MYSQL_ROOT_PASSWORD}" \ + -e "GRANT ALL PRIVILEGES ON ${SYMFONY__ENV__DATABASE_NAME}.* TO '${SYMFONY__ENV__DATABASE_USER}'@'%';" + fi + su -c "php bin/console wallabag:install --env=prod -n" -s /bin/sh nobody + fi + + if [ "$POPULATE_DATABASE" = "True" ] && [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_pgsql" ]; then + export PGPASSWORD="${POSTGRES_PASSWORD}" + timeout 60s /bin/sh -c "until echo 'Waiting for Postgres ...' && pg_isready -h ${SYMFONY__ENV__DATABASE_HOST} -p ${SYMFONY__ENV__DATABASE_PORT} -U ${POSTGRES_USER} > /dev/null 2>&1 ; do sleep 1 ; done" + psql -q -h "${SYMFONY__ENV__DATABASE_HOST}" -p "${SYMFONY__ENV__DATABASE_PORT}" -U "${POSTGRES_USER}" \ + -c "CREATE DATABASE ${SYMFONY__ENV__DATABASE_NAME};" + if [ "$SYMFONY__ENV__DATABASE_USER" != "postgres" ]; then + psql -q -h "${SYMFONY__ENV__DATABASE_HOST}" -p "${SYMFONY__ENV__DATABASE_PORT}" -U "${POSTGRES_USER}" \ + -c "CREATE ROLE ${SYMFONY__ENV__DATABASE_USER} with PASSWORD '${SYMFONY__ENV__DATABASE_PASSWORD}' LOGIN;" + fi + su -c "php bin/console wallabag:install --env=prod -n" -s /bin/sh nobody fi - echo "Provisioner finished." + + rm -f -r /var/www/wallabag/var/cache + su -c "SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist" -s /bin/sh nobody } -if [ "$1" = "wallabag" ];then +if [ "$COMMAND_ARG1" = "wallabag" ]; then + echo "Starting Wallabag..." provisioner + echo "Wallabag is ready!" exec s6-svscan /etc/s6/ fi -if [ "$1" = "import" ];then - provisioner --skip-tags=firstrun - cd /var/www/wallabag/ - exec su -c "bin/console wallabag:import:redis-worker --env=prod $2 -vv" -s /bin/sh nobody +if [ "$COMMAND_ARG1" = "import" ]; then + provisioner + exec su -c "bin/console wallabag:import:redis-worker --env=prod $COMMAND_ARG2 -vv" -s /bin/sh nobody fi -if [ "$1" = "migrate" ];then +if [ "$COMMAND_ARG1" = "migrate" ]; then provisioner - cd /var/www/wallabag/ exec su -c "bin/console doctrine:migrations:migrate --env=prod --no-interaction" -s /bin/sh nobody fi diff --git a/root/etc/ansible/entrypoint.yml b/root/etc/ansible/entrypoint.yml deleted file mode 100644 index b31cb5c..0000000 --- a/root/etc/ansible/entrypoint.yml +++ /dev/null @@ -1,171 +0,0 @@ ---- -- hosts: localhost - remote_user: root - - vars: - - database_driver: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_DRIVER')|default('pdo_sqlite', true) }}" - database_host: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_HOST')|default('127.0.0.1', true) }}" - database_name: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_NAME')|default('symfony', true) }}" - database_password: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_PASSWORD')|default('~', true) }}" - database_port: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_PORT')|default('~', true) }}" - database_root_password_mariadb: "{{ lookup('env', 'MYSQL_ROOT_PASSWORD') }}" - database_root_user_postgres: "{{ lookup('env', 'POSTGRES_USER') }}" - database_root_password_postgres: "{{ lookup('env', 'POSTGRES_PASSWORD') }}" - database_user: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_USER')|default('root', true) }}" - database_charset: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_CHARSET')|default('utf8', true) }}" - database_table_prefix: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_TABLE_PREFIX')|default('wallabag_', true) }}" - populate_database: "{{ lookup('env', 'POPULATE_DATABASE')|default(True, true) }}" - locale: "{{ lookup('env', 'SYMFONY__ENV__LOCALE')|default('en', true) }}" - secret: "{{ lookup('env', 'SYMFONY__ENV__SECRET')|default('ovmpmAWXRCabNlMgzlzFXDYmCFfzGv', true) }}" - mailer_transport: "{{ lookup('env', 'SYMFONY__ENV__MAILER_TRANSPORT')|default('smtp', true) }}" - mailer_host: "{{ lookup('env', 'SYMFONY__ENV__MAILER_HOST')|default('127.0.0.1', true) }}" - mailer_user: "{{ lookup('env', 'SYMFONY__ENV__MAILER_USER')|default('~', true) }}" - mailer_password: "{{ lookup('env', 'SYMFONY__ENV__MAILER_PASSWORD')|default('~', true) }}" - mailer_port: "{{ lookup('env', 'SYMFONY__ENV__MAILER_PORT')|default('25', true) }}" - mailer_encryption: "{{ lookup('env', 'SYMFONY__ENV__MAILER_ENCRYPTION')|default('~', true) }}" - mailer_auth_mode: "{{ lookup('env', 'SYMFONY__ENV__MAILER_AUTH_MODE')|default('~', true) }}" - from_email: "{{ lookup('env', 'SYMFONY__ENV__FROM_EMAIL')|default('wallabag@example.com', true) }}" - twofactor_auth: "{{ lookup('env', 'SYMFONY__ENV__TWOFACTOR_AUTH')|default('true', true) }}" - twofactor_sender: "{{ lookup('env', 'SYMFONY__ENV__TWOFACTOR_SENDER')|default('no-reply@wallabag.org', true) }}" - registration: "{{ lookup('env', 'SYMFONY__ENV__FOSUSER_REGISTRATION')|default('true', true) }}" - registration_mail_confirmation: "{{ lookup('env', 'SYMFONY__ENV__FOSUSER_CONFIRMATION')|default('true', true) }}" - domain_name: "{{ lookup('env', 'SYMFONY__ENV__DOMAIN_NAME')|default('https://your-wallabag-url-instance.com', true) }}" - redis_scheme: "{{ lookup('env', 'SYMFONY__ENV__REDIS_SCHEME')|default('tcp', true) }}" - redis_host: "{{ lookup('env', 'SYMFONY__ENV__REDIS_HOST')|default('redis', true) }}" - redis_port: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PORT')|default('6379', true) }}" - redis_path: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PATH')|default('~', true) }}" - redis_password: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PASSWORD')|default('~', true) }}" - sentry_dsn: "{{ lookup('env', 'SYMFONY__ENV__SENTRY_DSN')|default('~', true) }}" - server_name: "{{ lookup('env', 'SYMFONY__ENV__SERVER_NAME')|default('Your wallabag instance', true) }}" - - tasks: - - - name: needed dirs - file: - path={{ item }} - state=directory - with_items: - - /var/www/wallabag/app - - /var/www/wallabag/app/config - - /var/www/wallabag/data - - /var/www/wallabag/data/assets - - /var/www/wallabag/data/db - notify: chown dir - tags: - - firstrun - - - name: write parameters.yml - template: - src=templates/parameters.yml.j2 - dest=/var/www/wallabag/app/config/parameters.yml - - - stat: - path=/var/www/wallabag/data/db/wallabag.sqlite - register: wallabag_sqlite_db - when: database_driver == 'pdo_sqlite' - - - name: notify install for sqlite - debug: - msg='notify installation script if sqlite db does not exist' - changed_when: true - notify: run install - when: (database_driver == 'pdo_sqlite') and - (wallabag_sqlite_db.stat.exists == False) - - - name: wait for db container - wait_for: - host="{{ database_host }}" - port="{{ database_port }}" - when: (database_driver == 'pdo_mysql') or - (database_driver == 'pdo_pgsql') - - - name: add mariadb db - mysql_db: - name="{{ database_name }}" - state=present - login_host="{{ database_host }}" - login_port={{ database_port }} - login_user=root - login_password="{{ database_root_password_mariadb }}" - encoding="utf8mb4" - notify: run install - when: (database_driver == 'pdo_mysql') and - (populate_database == True) - tags: - - firstrun - - - name: add mariadb user - mysql_user: - name="{{ database_user }}" - host=% - password="{{ database_password }}" - priv={{ database_name }}.*:ALL - login_host="{{ database_host }}" - login_port={{ database_port }} - login_user=root - login_password="{{ database_root_password_mariadb }}" - state=present - when: (database_driver == 'pdo_mysql') and - (database_user != 'root') and - (populate_database == True) - tags: - - firstrun - - - name: postgresql db - postgresql_db: - name="{{ database_name }}" - state=present - login_host="{{ database_host }}" - port={{ database_port }} - login_user="{{ database_root_user_postgres }}" - login_password="{{ database_root_password_postgres }}" - notify: run install - when: (database_driver == 'pdo_pgsql') and - (populate_database == True) - tags: - - firstrun - - - name: add postgresql user - postgresql_user: - name="{{ database_user }}" - password="{{ database_password }}" - encrypted=true - db={{ database_name }} - priv=ALL - login_host="{{ database_host }}" - port={{ database_port }} - login_user="{{ database_root_user_postgres }}" - login_password="{{ database_root_password_postgres }}" - state=present - when: (database_driver == 'pdo_pgsql') and - (database_user != 'postgres') and - (populate_database == True) - tags: - - firstrun - - - name: remove cache - file: - path=/var/www/wallabag/var/cache - state=absent - - - name: run composer - shell: SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist - args: - chdir: /var/www/wallabag - notify: chown dir - - handlers: - - - name: run install - shell: php bin/console wallabag:install --env=prod -n - args: - chdir: /var/www/wallabag - notify: chown dir - - - name: chown dir - file: - path=/var/www/wallabag - recurse=yes - owner=nobody - group=nobody diff --git a/root/etc/ansible/hosts b/root/etc/ansible/hosts deleted file mode 100644 index f930906..0000000 --- a/root/etc/ansible/hosts +++ /dev/null @@ -1,2 +0,0 @@ -[localhost] -localhost diff --git a/root/etc/ansible/templates/parameters.yml.j2 b/root/etc/ansible/templates/parameters.yml.j2 deleted file mode 100644 index 5efa74c..0000000 --- a/root/etc/ansible/templates/parameters.yml.j2 +++ /dev/null @@ -1,63 +0,0 @@ -parameters: - database_driver: {{ database_driver }} - database_host: {{ database_host }} - database_port: {{ database_port }} - database_name: {{ database_name }} - database_user: {{ database_user }} - database_password: {{ database_password }} - database_path: "%kernel.root_dir%/../data/db/wallabag.sqlite" - database_table_prefix: {{ database_table_prefix }} - database_socket: null - database_charset: {{ database_charset }} - - domain_name: {{ domain_name }} - - mailer_transport: {{ mailer_transport }} - mailer_user: {{ mailer_user }} - mailer_password: {{ mailer_password }} - mailer_host: {{ mailer_host }} - mailer_port: {{ mailer_port }} - mailer_encryption: {{ mailer_encryption }} - mailer_auth_mode: {{ mailer_auth_mode }} - - locale: {{ locale }} - - # A secret key that's used to generate certain security-related tokens - secret: {{ secret }} - - # two factor stuff - twofactor_auth: {{ twofactor_auth }} - twofactor_sender: {{ twofactor_sender }} - - # fosuser stuff - fosuser_registration: {{ registration }} - fosuser_confirmation: {{ registration_mail_confirmation }} - - # how long the access token should live in seconds for the API - fos_oauth_server_access_token_lifetime: 3600 - # how long the refresh token should life in seconds for the API - fos_oauth_server_refresh_token_lifetime: 1209600 - - from_email: {{ from_email }} - - rss_limit: 50 - - # RabbitMQ processing - rabbitmq_host: localhost - rabbitmq_port: 5672 - rabbitmq_user: guest - rabbitmq_password: guest - rabbitmq_prefetch_count: 10 - - # Redis processing - redis_scheme: {{ redis_scheme }} - redis_host: {{ redis_host }} - redis_port: {{ redis_port }} - redis_path: {{ redis_path }} - redis_password: {{ redis_password }} - - # sentry logging - sentry_dsn: {{ sentry_dsn }} - - # User-friendly name of your instance for 2FA issuer - server_name: {{ server_name }} diff --git a/root/etc/wallabag/parameters.template.yml b/root/etc/wallabag/parameters.template.yml new file mode 100644 index 0000000..06f19e9 --- /dev/null +++ b/root/etc/wallabag/parameters.template.yml @@ -0,0 +1,63 @@ +parameters: + database_driver: ${SYMFONY__ENV__DATABASE_DRIVER:-pdo_sqlite} + database_host: ${SYMFONY__ENV__DATABASE_HOST:-127.0.0.1} + database_port: ${SYMFONY__ENV__DATABASE_PORT:-~} + database_name: ${SYMFONY__ENV__DATABASE_NAME:-symfony} + database_user: ${SYMFONY__ENV__DATABASE_USER:-root} + database_password: ${SYMFONY__ENV__DATABASE_PASSWORD:-~} + database_path: "%kernel.root_dir%/../data/db/wallabag.sqlite" + database_table_prefix: ${SYMFONY__ENV__DATABASE_TABLE_PREFIX:-wallabag_} + database_socket: null + database_charset: ${SYMFONY__ENV__DATABASE_CHARSET:-utf8} + + domain_name: ${SYMFONY__ENV__DOMAIN_NAME:-https://your-wallabag-url-instance.com} + + mailer_transport: ${SYMFONY__ENV__MAILER_TRANSPORT:-smtp} + mailer_user: ${SYMFONY__ENV__MAILER_USER:-~} + mailer_password: ${SYMFONY__ENV__MAILER_PASSWORD:-~} + mailer_host: ${SYMFONY__ENV__MAILER_HOST:-127.0.0.1} + mailer_port: ${SYMFONY__ENV__MAILER_PORT:-25} + mailer_encryption: ${SYMFONY__ENV__MAILER_ENCRYPTION:-~} + mailer_auth_mode: ${SYMFONY__ENV__MAILER_AUTH_MODE:-~} + + locale: ${SYMFONY__ENV__LOCALE:-en} + + # A secret key that's used to generate certain security-related tokens + secret: ${SYMFONY__ENV__SECRET:-ovmpmAWXRCabNlMgzlzFXDYmCFfzGv} + + # two factor stuff + twofactor_auth: ${SYMFONY__ENV__TWOFACTOR_AUTH:-true} + twofactor_sender: ${SYMFONY__ENV__TWOFACTOR_SENDER:-no-reply@wallabag.org} + + # fosuser stuff + fosuser_registration: ${SYMFONY__ENV__FOSUSER_REGISTRATION:-true} + fosuser_confirmation: ${SYMFONY__ENV__FOSUSER_CONFIRMATION:-true} + + # how long the access token should live in seconds for the API + fos_oauth_server_access_token_lifetime: 3600 + # how long the refresh token should life in seconds for the API + fos_oauth_server_refresh_token_lifetime: 1209600 + + from_email: ${SYMFONY__ENV__FROM_EMAIL:-wallabag@example.com} + + rss_limit: 50 + + # RabbitMQ processing + rabbitmq_host: localhost + rabbitmq_port: 5672 + rabbitmq_user: guest + rabbitmq_password: guest + rabbitmq_prefetch_count: 10 + + # Redis processing + redis_scheme: ${SYMFONY__ENV__REDIS_SCHEME:-tcp} + redis_host: ${SYMFONY__ENV__REDIS_HOST:-redis} + redis_port: ${SYMFONY__ENV__REDIS_PORT:-6379} + redis_path: ${SYMFONY__ENV__REDIS_PATH:-~} + redis_password: ${SYMFONY__ENV__REDIS_PASSWORD:-~} + + # Sentry + sentry_dsn: ${SYMFONY__ENV__SENTRY_DSN:-~} + + # User-friendly name of your instance for 2FA issuer + server_name: ${SYMFONY__ENV__SERVER_NAME:-"Your wallabag instance"} diff --git a/root/var/www/wallabag/app/config/parameters.yml b/root/etc/wallabag/parameters.yml similarity index 100% rename from root/var/www/wallabag/app/config/parameters.yml rename to root/etc/wallabag/parameters.yml