[damned-lies/oscp] Generate statics in httpd image

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: commits-list gnome org
Cc:
Subject: [damned-lies/oscp] Generate statics in httpd image
Date: Tue, 24 Mar 2020 10:10:33 +0000 (UTC)
commit 76ba730808bd609c0f802fce70198f266bd9417e
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Tue Mar 24 10:44:56 2020 +0100

    Generate statics in httpd image

 httpd/Dockerfile                                   | 42 +++++++++++++---
 httpd/entrypoint.sh                                | 23 +++++++++
 httpd/{app_data/httpd-cfg => }/l10n.gnome.org.conf |  0
 httpd/local_settings.py                            | 57 ++++++++++++++++++++++
 httpd/ssh_config                                   |  5 ++
 5 files changed, 121 insertions(+), 6 deletions(-)
---
diff --git a/httpd/Dockerfile b/httpd/Dockerfile
index 20fdf6f0..d6805263 100644
--- a/httpd/Dockerfile
+++ b/httpd/Dockerfile
@@ -1,9 +1,39 @@
-FROM centos/httpd-24-centos7
+FROM centos/s2i-base-centos7
 
-USER root
-COPY app_data /opt/app-root/src
-RUN chown -R 1000660000:1000660000 /opt/app-root/src
+RUN INSTALL_PKGS="rh-python36 rh-python36-python-devel rh-python36-python-setuptools rh-python36-python-pip 
nss_wrapper rh-python36-mod_wsgi \
+        httpd24 httpd24-httpd-devel httpd24-mod_ssl httpd24-mod_auth_kerb httpd24-mod_ldap \
+        httpd24-mod_session atlas-devel gcc-gfortran libffi-devel libtool-ltdl enchant \
+        gettext gnome-doc-utils intltool itstool libicu-devel mariadb-devel subversion translate-toolkit 
yelp-tools" && \
+    yum install -y centos-release-scl epel-release && \
+    yum -y --setopt=tsflags=nodocs install --enablerepo=centosplus $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    # Remove centos-logos (httpd dependency) to keep image size smaller.
+    rpm -e --nodeps centos-logos && \
+    yum -y clean all --enablerepo='*'
 
-EXPOSE 8080
+RUN sed -ri ' s!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g; s!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g;' 
/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \
+    sed -ri ' s!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g; s!^(\s*TransferLog)\s+\S+!\1 /proc/self/fd/1!g; 
s!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g;' /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
 
-ENTRYPOINT ["/usr/bin/run-httpd"]
+RUN sed -i 's/Listen\ 80/Listen\ 8080/' /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ 
+    sed -i 's/Listen\ 443/Listen\ 8443/' /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf && \
+    sed -i 's/_default_:443/_default_:8443/' /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
+
+RUN groupadd l10n -g 1000660000 && \
+    useradd l10n -g 1000660000 -u 1000660000 -G apache -r -l -m && \
+    chown l10n:l10n /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key && \
+    chown l10n:l10n /opt/rh/httpd24/root/var/run/httpd && \
+    mkdir -p /l10n && \
+    git clone --depth 1 --branch master --single-branch 
https://gitlab.gnome.org/Infrastructure/damned-lies.git /l10n/damnedlies
+ADD local_settings.py /l10n/damnedlies/damnedlies/local_settings.py
+ADD l10n.gnome.org.conf /opt/rh/httpd24/root/etc/httpd/conf.d/l10n.gnome.org.conf
+RUN chown -R l10n:l10n /l10n /var/log/httpd24
+
+USER l10n
+SHELL ["/usr/bin/scl", "enable", "rh-python36"]
+WORKDIR /l10n/damnedlies
+RUN virtualenv /l10n/venv && \
+    /l10n/venv/bin/pip install -r requirements.txt
+
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["httpd", "-DFOREGROUND"]
diff --git a/httpd/entrypoint.sh b/httpd/entrypoint.sh
new file mode 100755
index 00000000..554592b3
--- /dev/null
+++ b/httpd/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+sed -i "s/\$DB_NAME/${DB_NAME}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$DB_USER/${DB_USER}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$DB_PASSWORD/${DB_PASSWORD}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$DB_HOST/${DB_HOST}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$SECRET_KEY/${SECRET_KEY}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$SENTRY_DSN/${SENTRY_DSN}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$GITLAB_TOKEN/${GITLAB_TOKEN}/" /l10n/damnedlies/damnedlies/local_settings.py
+
+echo 'Populating .ssh for the l10n user'
+mkdir -p /home/l10n/.ssh
+ln -s /home/l10n/.ssh_secret/ssh-privatekey /home/l10n/.ssh/ssh-privatekey
+ln -s /home/l10n/.ssh_secret/.gitconfig /home/l10n/.gitconfig
+wget https://gitlab.gnome.org/Infrastructure/damned-lies/raw/oscp/ssh_config -O /home/l10n/.ssh/config
+
+echo 'Generating static files'
+/l10n/venv/bin/python manage.py collectstatic
+
+echo 'Compiling translations'
+/l10n/venv/bin/python manage.py compile-trans
+
+scl enable rh-python36 httpd24 "$*"
diff --git a/httpd/app_data/httpd-cfg/l10n.gnome.org.conf b/httpd/l10n.gnome.org.conf
similarity index 100%
rename from httpd/app_data/httpd-cfg/l10n.gnome.org.conf
rename to httpd/l10n.gnome.org.conf
diff --git a/httpd/local_settings.py b/httpd/local_settings.py
new file mode 100644
index 00000000..2cc45101
--- /dev/null
+++ b/httpd/local_settings.py
@@ -0,0 +1,57 @@
+import os
+
+DEBUG = False
+STATIC_SERVE = False
+USE_DJANGO_OPENID = False
+
+ADMINS = (
+    ('Claude Paroz', 'claude 2xlibre net'),
+)
+
+MANAGERS = ADMINS
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.mysql',
+        'NAME'  : '$DB_NAME',
+        'USER'  : '$DB_USER',
+        'PASSWORD': '$DB_PASSWORD',
+        'HOST'  : '$DB_HOST',
+        'CONN_MAX_AGE': 300,
+        'OPTIONS': {
+            'charset': 'utf8mb4',
+        }
+    }
+}
+SECRET_KEY = '$SECRET_KEY'
+ALLOWED_HOSTS=['l10n.gnome.org', '8.43.85.13', '8.43.85.14']
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
+EMAIL_HOST = 'smtp-int.gnome.org'
+EMAIL_SUBJECT_PREFIX = '[DL]'
+DEFAULT_FROM_EMAIL = 'noreply gnome org'
+SERVER_EMAIL = 'gnomeweb gnome org'
+
+TIME_ZONE = 'UTC'
+
+MEDIA_ROOT = '/var/www/djamnedlies/data/media'
+# Local directory path for VCS checkout
+SCRATCHDIR = "/var/www/djamnedlies/data/scratchdir"
+POTDIR = os.path.join(SCRATCHDIR, "POT")
+LOCK_DIR = '/var/www/djamnedlies/data/locks'
+
+ADMIN_GROUP = "coordination_team"
+
+UPLOAD_ARCHIVED_DIR = 'upload-backup'
+FILE_UPLOAD_PERMISSIONS = 0o644
+
+#ITSTOOL_PATH = '/usr/local/www/gnomeweb/local/bin/'
+
+# Sentry configuration (needs pip install raven)
+RAVEN_CONFIG = {
+    "dsn": "$SENTRY_DSN"
+}
+
+GITLAB_TOKEN = "$GITLAB_TOKEN"
+VCS_HOME_REGEX = "gitlab\.gnome\.org"
diff --git a/httpd/ssh_config b/httpd/ssh_config
new file mode 100644
index 00000000..9cf39f8d
--- /dev/null
+++ b/httpd/ssh_config
@@ -0,0 +1,5 @@
+Host gitlab.gnome.org
+User git 
+IdentityFile ~/.ssh/ssh-privatekey
+StrictHostKeyChecking no
+UserKnownHostsFile=/dev/null
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]