Commit 941ce9ed authored by Profpatsch's avatar Profpatsch

containers: createStandaloneDockerImage & use in rabbitmq

First try at factoring out common setup code for constructing minimal standalone
docker images.
parent 7b2ae38c
......@@ -22,6 +22,7 @@ let
postgresTemplate = ./helpers/postgres-template.nix;
prependPrefix = ./helpers/prepend-prefix.nix;
debugDockerImage = ./helpers/debug-docker-image.nix;
createStandaloneDockerImage = ./helpers/create-standalone-docker-image.nix;
};
})];
};
......
{ pkgs }:
# Thin, leaky wrapper arount `buildDockerImage`
# that sets up a minimal sane environment for running
# programs without depending on an OS base image (like Alpine).
# All attributes that are named the same as `dockerTools.buildImage`
# attrs work the same.
{ name
, tag
, contents
, config
, description
# like runAsRoot, but the base setup is already done
, rootSetupScript
}:
let
# this might bite, but is probably a sane default
user = config.User or (builtins.replaceStrings [":"] ["-"] name);
uidGidStr = toString 999;
# We split up a base image, because the contents
# are changed less often, which leads docker to
# reuse that whole layer when the config or the
# rootSetupScript changes.
baseImage = pkgs.dockerTools.buildImage {
name = "${name}-base";
inherit tag;
inherit contents;
};
image = pkgs.dockerTools.buildImage {
inherit name tag config;
fromImage = baseImage;
# TODO: read-only container option
# TODO: make most setup work completely declarative
runAsRoot = ''
${pkgs.stdenv.shell}
${pkgs.dockerTools.shadowSetup}
## some needed system structure
# sane default file permissions
umask 022
# TODO: tmp should probably be a tmpfs volume of some kind
mkdir /tmp
# the user our program is run as
echo "${user}::${uidGidStr}:${uidGidStr}::::" > /etc/passwd
# also gets a group
echo "${user}:x:${uidGidStr}:${user}" > /etc/group
# make localhost resolvable
echo "127.0.0.1 localhost" > /etc/hosts
echo "hosts: files" > /etc/nsswitch.conf
''
+ rootSetupScript;
};
in image.overrideAttrs (_: {
meta = { inherit description; };
})
......@@ -20,11 +20,6 @@ in {
dockerConfig =
let
uidGid = 999;
uidGidStr = toString uidGid;
dockerCmd = "/bin/rabbitmq-server";
port = 5672;
description = "TODO";
dockerImage =
let
......@@ -43,9 +38,12 @@ in {
};
};
baseImage = pkgs.dockerTools.buildImage {
name = "sangha-rabbitmq-base";
userName = "rabbitmq";
image = pkgs.helpers.createStandaloneDockerImage {
name = "sangha-rabbitmq";
tag = "unstable";
description = "TODO";
contents = [
rabbitmq_server-minimal
......@@ -54,52 +52,30 @@ in {
pkgs.coreutils
pkgs.gnused
];
};
image = pkgs.dockerTools.buildImage {
name = "sangha-rabbitmq";
tag = "unstable";
fromImage = baseImage;
config = {
User = "rabbitmq";
User = userName;
Cmd = [ "rabbitmq-server" ];
Env = [
# logs to stdout
"RABBITMQ_LOGS=-"
"RABBITMQ_SASL_LOGS=-"
# "RABBITMQ_LOG_BASE=/var/log/rabbitmq"
"HOME=/var/lib/rabbitmq"
];
ExposedPorts."${toString port}/tcp" = {};
ExposedPorts."${toString 5672}/tcp" = {};
};
runAsRoot = ''
${pkgs.stdenv.shell}
${pkgs.dockerTools.shadowSetup}
# some needed system structure
umask 022
mkdir /tmp
mkdir -p /var/lib
echo "rabbitmq::${uidGidStr}:${uidGidStr}::::" > /etc/passwd
echo "127.0.0.1 localhost" > /etc/hosts
echo "hosts: files" > /etc/nsswitch.conf
rootSetupScript = ''
# rabbit setup
mkdir -p /var/lib/rabbitmq/mnesia
# /var/log/rabbitmq
chown --recursive ${uidGidStr}:${uidGidStr} /var/lib/rabbitmq
# chown --recursive ${uidGidStr}:${uidGidStr} /var/log/rabbitmq
chown --recursive ${userName}:${userName} /var/lib/rabbitmq
# add a symlink to the .erlang.cookie in /root so we can "docker exec rabbitmqctl ..." without gosu
mkdir /root
ln -sf /var/lib/rabbitmq/.erlang.cookie /root/
# add a symlink to the .erlang.cookie in /root
# so we can "docker exec rabbitmqctl ..." without gosu
# mkdir /root
# ln -sf /var/lib/rabbitmq/.erlang.cookie /root/
'';
};
# in image.overrideAttrs (_: {
# meta = { inherit description; };
# });
in image;
in {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment