From 213f03ed2bdaf4016afaff3515be6c28bc67604a Mon Sep 17 00:00:00 2001
From: Andrea Ceccanti <andrea.ceccanti@gmail.com>
Date: Tue, 2 Feb 2021 10:52:52 +0100
Subject: [PATCH] Refactored openresty-voms packaging
---
.gitlab-ci.yml | 13 +++---
docker/ngx-voms-openshift/.env | 3 --
docker/ngx-voms-packaging/Dockerfile | 36 ----------------
docker/ngx-voms-packaging/assets/setup.sh | 8 ----
.../.env | 3 +-
.../Dockerfile | 17 +++++++-
docker/openresty-voms/assets/nginx.conf | 42 +++++++++++++++++++
7 files changed, 65 insertions(+), 57 deletions(-)
delete mode 100644 docker/ngx-voms-openshift/.env
delete mode 100644 docker/ngx-voms-packaging/Dockerfile
delete mode 100644 docker/ngx-voms-packaging/assets/setup.sh
rename docker/{ngx-voms-packaging => openresty-voms}/.env (52%)
rename docker/{ngx-voms-openshift => openresty-voms}/Dockerfile (55%)
create mode 100644 docker/openresty-voms/assets/nginx.conf
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bc3a895..697bba0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -30,13 +30,13 @@ docker-build-rpm:
- apk add git bash
- git clone https://baltig.infn.it/mw-devel/helper-scripts.git helper-scripts
- cp helper-scripts/scripts/* /usr/local/bin
- - cp rpmbuild/RPMS/x86_64/* ${CI_PROJECT_DIR}/docker/ngx-voms-openshift/
- - cp rpmbuild/RPMS/noarch/* ${CI_PROJECT_DIR}/docker/ngx-voms-openshift/
- - rm ${CI_PROJECT_DIR}/docker/ngx-voms-openshift/*-debuginfo*.rpm
+ - cp rpmbuild/RPMS/x86_64/* ${CI_PROJECT_DIR}/docker/openresty-voms/
+ - cp rpmbuild/RPMS/noarch/* ${CI_PROJECT_DIR}/docker/openresty-voms/
+ - rm ${CI_PROJECT_DIR}/docker/openresty-voms/*-debuginfo*.rpm
- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
- export DOCKER_REGISTRY_HOST=${CI_REGISTRY}
- export DOCKER_REGISTRY_NAMESPACE=${CI_PROJECT_PATH}
- - cd docker/ngx-voms-openshift && build-docker-image.sh && push-docker-image.sh
+ - cd docker/openresty-voms && build-docker-image.sh && push-docker-image.sh
push-to-dockerhub:
stage: docker-push
@@ -54,8 +54,7 @@ push-to-dockerhub:
- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
- export DOCKER_REGISTRY_HOST=${CI_REGISTRY}
- export DOCKER_REGISTRY_NAMESPACE=${CI_PROJECT_PATH}
- - cd docker && cd ngx-voms-packaging && pull-docker-image.sh && cd .. && unset DOCKER_REGISTRY_HOST
- - docker login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD}
- - cd ngx-voms-packaging && push-docker-image.sh
+ - cd docker/openresty-voms && pull-docker-image.sh && unset DOCKER_REGISTRY_HOST
+ - docker login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD} && push-docker-image.sh
only:
- master
diff --git a/docker/ngx-voms-openshift/.env b/docker/ngx-voms-openshift/.env
deleted file mode 100644
index 42dd763..0000000
--- a/docker/ngx-voms-openshift/.env
+++ /dev/null
@@ -1,3 +0,0 @@
-DOCKER_IMAGE=storm2/ngx-voms-openshift
-DOCKER_VERBOSE=y
-DOCKER_GIT_TAG_ENABLED=y
diff --git a/docker/ngx-voms-packaging/Dockerfile b/docker/ngx-voms-packaging/Dockerfile
deleted file mode 100644
index 180d27d..0000000
--- a/docker/ngx-voms-packaging/Dockerfile
+++ /dev/null
@@ -1,36 +0,0 @@
-FROM storm2/base:latest
-
-RUN sudo yum -y install voms zlib pcre readline gettext && \
- sudo yum clean all && rm -rf /var/cache/yum
-
-ADD assets/setup.sh /docker/
-
-RUN sh /docker/setup.sh
-
-RUN mkdir /cores
-
-USER root
-
-ADD openresty-voms-1.15.8.1-7.el7.x86_64.rpm openresty-voms-1.15.8.1-7.el7.x86_64.rpm
-ADD openresty-voms-debuginfo-1.15.8.1-7.el7.x86_64.rpm openresty-voms-debuginfo-1.15.8.1-7.el7.x86_64.rpm
-
-ADD openresty-voms-doc-1.15.8.1-7.el7.noarch.rpm openresty-voms-doc-1.15.8.1-7.el7.noarch.rpm
-ADD openresty-voms-opm-1.15.8.1-7.el7.noarch.rpm openresty-voms-opm-1.15.8.1-7.el7.noarch.rpm
-ADD openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm
-
-RUN sudo yum -y localinstall openresty-voms-1.15.8.1-7.el7.x86_64.rpm \
- openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm \
- openresty-voms-doc-1.15.8.1-7.el7.noarch.rpm \
- openresty-voms-opm-1.15.8.1-7.el7.noarch.rpm \
- openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm
-
-RUN chown -R ${STORM_USER}:${STORM_USER} /usr/local/openresty-voms/ /usr/lib/systemd/system/openresty-voms.service /usr/bin/openresty-voms
-
-ENV TINI_VERSION v0.18.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
-RUN chmod +x /tini
-ENTRYPOINT ["/tini", "--"]
-
-CMD ["sudo", "/usr/bin/openresty-voms", "-g", "daemon off;"]
-
-USER ${STORM_USER}
diff --git a/docker/ngx-voms-packaging/assets/setup.sh b/docker/ngx-voms-packaging/assets/setup.sh
deleted file mode 100644
index 41c7aac..0000000
--- a/docker/ngx-voms-packaging/assets/setup.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-set -ex
-
-mkdir -p /etc/nginx/conf.d
-
-chown -R ${STORM_USER}:${STORM_USER} /etc/nginx
-
-
diff --git a/docker/ngx-voms-packaging/.env b/docker/openresty-voms/.env
similarity index 52%
rename from docker/ngx-voms-packaging/.env
rename to docker/openresty-voms/.env
index 7368612..835f784 100644
--- a/docker/ngx-voms-packaging/.env
+++ b/docker/openresty-voms/.env
@@ -1,4 +1,3 @@
-DOCKER_IMAGE=storm2/ngx-voms-centos7
+DOCKER_IMAGE=storm2/openresty-voms
DOCKER_VERBOSE=y
DOCKER_GIT_TAG_ENABLED=y
-
diff --git a/docker/ngx-voms-openshift/Dockerfile b/docker/openresty-voms/Dockerfile
similarity index 55%
rename from docker/ngx-voms-openshift/Dockerfile
rename to docker/openresty-voms/Dockerfile
index dcb18d2..b267f24 100644
--- a/docker/ngx-voms-openshift/Dockerfile
+++ b/docker/openresty-voms/Dockerfile
@@ -1,11 +1,20 @@
FROM centos:7
+# Allow customization of nginx user ID and name
+ARG NGINX_USER=nginx
+ARG NGINX_USER_UID=1001
+
+ENV NGINX_USER $NGINX_USER
+ENV NGINX_USER_UID $NGINX_USER_UID
+
RUN echo "include_only=.garr.it,.cern.ch" >> /etc/yum/pluginconf.d/fastestmirror.conf && \
yum clean all && \
yum install -y hostname epel-release && \
yum -y update && \
yum -y install which wget tar sudo file && \
echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
+ adduser --uid ${NGINX_USER_UID} ${NGINX_USER} && \
+ usermod -a -G root ${NGINX_USER} && \
yum clean all && \
rm -rf /var/cache/yum
@@ -15,7 +24,13 @@ RUN \
ADD *.rpm /pkgs/
-RUN yum -y localinstall /pkgs/*.rpm
+RUN yum -y localinstall /pkgs/*.rpm && \
+ chmod -R g+rwx /usr/local/openresty-voms/nginx && \
+ mkdir -p /etc/nginx/conf.d
+
+ADD assets/nginx.conf /usr/local/openresty-voms/nginx/conf/nginx.conf
+
+CMD ["/usr/bin/openresty-voms", "-g", "daemon off;"]
ENV TINI_VERSION v0.18.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
diff --git a/docker/openresty-voms/assets/nginx.conf b/docker/openresty-voms/assets/nginx.conf
new file mode 100644
index 0000000..0db096e
--- /dev/null
+++ b/docker/openresty-voms/assets/nginx.conf
@@ -0,0 +1,42 @@
+user nobody;
+worker_processes 1;
+
+env OPENSSL_ALLOW_PROXY_CERTS=1;
+env X509_VOMS_DIR=/vomsdir;
+
+error_log logs/error.log notice;
+
+pid logs/nginx.pid;
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ log_format tls '$time_iso8601 [$request_id] $remote_addr - $remote_user "$request" <$upstream_response_time> '
+ '$ssl_protocol/$ssl_cipher '
+ '"$ssl_client_s_dn" '
+ '[$voms_fqans] '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ log_format plain '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log logs/access.log tls;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ include /etc/nginx/conf.d/*.conf;
+
+}
--
GitLab