diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bea76fe883..dfdfb9d0b7 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,8 +42,8 @@ jobs: - image: grafana dockerfile: docker/grafana.Dockerfile target: - - image: cron - dockerfile: docker/cron.Dockerfile + - image: util + dockerfile: docker/util.Dockerfile target: outputs: @@ -231,7 +231,7 @@ jobs: --volume /var/run/docker.sock:/var/run/docker.sock \\ --volume /opt/Internet.nl:/opt/Internet.nl \\ --network none \\ - ${{ env.DOCKER_REGISTRY }}/cron:${{ needs.build-docker.outputs.internetnl_version }} \\ + ${{ env.DOCKER_REGISTRY }}/util:${{ needs.build-docker.outputs.internetnl_version }} \\ /deploy.sh EOF diff --git a/docker/cron-docker/periodic/15min/restart_nassl_worker b/docker/cron-docker/periodic/15min/restart_nassl_worker new file mode 100755 index 0000000000..1293befa5c --- /dev/null +++ b/docker/cron-docker/periodic/15min/restart_nassl_worker @@ -0,0 +1,4 @@ +#!/bin/sh +set -e +# find nassl worker and restart the container(s) +docker ps --filter label=com.docker.compose.service=worker-nassl --quiet | xargs --no-run-if-empty docker restart diff --git a/docker/cron-docker/periodic/hourly/restart_worker b/docker/cron-docker/periodic/hourly/restart_worker new file mode 100755 index 0000000000..580e1b50e2 --- /dev/null +++ b/docker/cron-docker/periodic/hourly/restart_worker @@ -0,0 +1,4 @@ +#!/bin/sh +set -e +# find worker and restart the container(s) +docker ps --filter label=com.docker.compose.service=worker --quiet | xargs --no-run-if-empty docker restart diff --git a/docker/cron-docker/periodic/weekly/docker_image_prune b/docker/cron-docker/periodic/weekly/docker_image_prune new file mode 100755 index 0000000000..98e75ec1d2 --- /dev/null +++ b/docker/cron-docker/periodic/weekly/docker_image_prune @@ -0,0 +1,4 @@ +#!/bin/sh +set -e +# remove unused images, --all to remove images not used by containers, --force to skip confirm prompt +docker image prune --all --force diff --git a/docker/cron/periodic/15min/tests.py b/docker/cron/periodic/15min/tests.py index 0a242ba1f1..972eb2fae9 100755 --- a/docker/cron/periodic/15min/tests.py +++ b/docker/cron/periodic/15min/tests.py @@ -4,7 +4,7 @@ # for iterative development # docker run -ti -e INTERNETNL_DOMAINNAME=internet.nl -v $PWD/docker/cron/periodic/15min/tests.py:/tests.py \ -# ghcr.io/internetstandards/cron:latest /tests.py --debug +# ghcr.io/internetstandards/util:latest /tests.py --debug import sys import os diff --git a/docker/defaults.env b/docker/defaults.env index 204d570513..537c915acf 100644 --- a/docker/defaults.env +++ b/docker/defaults.env @@ -15,7 +15,6 @@ DOCKER_IMAGE_REDIS=redis:7.0-alpine DOCKER_IMAGE_RABBITMQ=rabbitmq:3.12-management-alpine DOCKER_IMAGE_POSTGRES=postgres:15.5-alpine DOCKER_IMAGE_ROUTINATOR=nlnetlabs/routinator:v0.12.1 -DOCKER_IMAGE_CRON_DOCKER=alpinelinux/docker-cli:v0.1.1 DOCKER_IMAGE_PROMETHEUS=prom/prometheus:v2.44.0 DOCKER_IMAGE_PROMETHEUS_ALERTMANAGER=prom/alertmanager:v0.27.0 DOCKER_IMAGE_POSTGRESQL_EXPORTER=prometheuscommunity/postgres-exporter:v0.12.0 diff --git a/docker/cron/deploy.sh b/docker/deploy.sh similarity index 100% rename from docker/cron/deploy.sh rename to docker/deploy.sh diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 012f9c1a00..9c6f137cfe 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -669,10 +669,11 @@ services: retries: 10 cron: - image: ${DOCKER_IMAGE_CRON:-${DOCKER_REGISTRY:-ghcr.io/internetstandards}/cron:${RELEASE}} + image: ${DOCKER_IMAGE_UTIL:-${DOCKER_REGISTRY:-ghcr.io/internetstandards}/util:${RELEASE}} build: context: .. - dockerfile: docker/cron.Dockerfile + dockerfile: docker/util.Dockerfile + command: crond -f -d7 environment: - HOSTERS_HOF_URL - DB_HOST=$IPV4_IP_POSTGRES_INTERNAL @@ -726,21 +727,14 @@ services: # cron daemon with access to Docker socket but no networking cron-docker: - image: ${DOCKER_IMAGE_CRON_DOCKER} - command: crond -f -d7 - configs: - # restart worker to prevent memory issues - - source: restart_worker_cron - target: /etc/periodic/hourly/restart_worker - mode: 0755 - # restart nassl worker to prevent memory issues - - source: restart_nassl_worker_cron - target: /etc/periodic/15min/restart_nassl_worker - mode: 0755 - # remove unused old docker images to reduce disk space usage - - source: docker_image_prune - target: /etc/periodic/weekly/docker-image-prune - mode: 0755 + image: ${DOCKER_IMAGE_UTIL:-${DOCKER_REGISTRY:-ghcr.io/internetstandards}/util:${RELEASE}} + build: + context: .. + dockerfile: docker/util.Dockerfile + command: crond -f -d7 -c /etc/crontabs-docker + environment: + - AUTO_UPDATE_TO + restart: unless-stopped logging: driver: $LOGGING_DRIVER @@ -1124,27 +1118,6 @@ configs: headers: subject: $ALERTMANAGER_SUBJECT - restart_worker_cron: - content: | - #!/bin/sh - set -e - # find worker and restart the container(s) - docker restart $(docker ps --filter label=com.docker.compose.service=worker --quiet) - - restart_nassl_worker_cron: - content: | - #!/bin/sh - set -e - # find nassl worker and restart the container(s) - docker restart $(docker ps --filter label=com.docker.compose.service=worker-nassl --quiet) - - docker_image_prune: - content: | - #!/bin/sh - set -e - # remove unused images, --all to remove images not used by containers, --force to skip confirm prompt - docker image prune --all --force - networks: # disable default network default: diff --git a/docker/cron.Dockerfile b/docker/util.Dockerfile similarity index 55% rename from docker/cron.Dockerfile rename to docker/util.Dockerfile index c013b99f15..17d1a0a1c2 100644 --- a/docker/cron.Dockerfile +++ b/docker/util.Dockerfile @@ -2,18 +2,25 @@ FROM alpine:3.20 RUN apk add --no-cache curl postgresql15 python3 py3-prometheus-client py3-requests jq docker-cli docker-cli-compose pigz +# install cron tasks COPY docker/cron/periodic /etc/periodic/ -COPY docker/cron/deploy.sh /deploy.sh +# create separate periodic config for cron-docker service +RUN cp -r /etc/crontabs /etc/crontabs-docker +RUN sed -i 's/periodic/periodic-docker/' /etc/crontabs-docker/root + +# install cron tasks for cron-docker +COPY docker/cron-docker/periodic /etc/periodic-docker/ + +# install deploy script +COPY docker/deploy.sh /deploy.sh RUN mkdir -p /dist/docker COPY docker/defaults.env /dist/docker/defaults.env COPY docker/host-dist.env /dist/docker/host-dist.env COPY docker/docker-compose.yml /dist/docker/docker-compose.yml COPY docker/user_manage.sh /dist/docker/user_manage.sh +RUN chmod a-w /dist/docker/* ARG RELEASE ENV RELEASE=$RELEASE - -# run crond in foreground and log output of crons -CMD crond -f -l2 diff --git a/documentation/images/dockerfiles.py b/documentation/images/dockerfiles.py index 3f85c21c3e..7cd4f8fd59 100644 --- a/documentation/images/dockerfiles.py +++ b/documentation/images/dockerfiles.py @@ -27,11 +27,11 @@ } with Diagram(NAME, show=False, direction="LR", outformat=["png"], graph_attr=graph_attr): - with Cluster("cron.Dockerfile"): + with Cluster("util.Dockerfile"): [ DockerHub("alpine"), File("cron/periodic/*"), - ] >> Image("ghcr.io/internetstandards/cron") + ] >> Image("ghcr.io/internetstandards/util") with Cluster("grafana.Dockerfile"): [ @@ -122,4 +122,3 @@ build_app >> image_linttest build_linttest_deps >> Edge(label="dev dependencies") >> image_linttest tools_dependencies >> image_linttest -