From 9b2e8c37d10d6d05340e35393016347438426503 Mon Sep 17 00:00:00 2001 From: ngosang Date: Sun, 29 Aug 2021 14:53:20 +0200 Subject: [PATCH] Reduce Docker image size. resolves #269 Size (uncompressed): Previous 573.1 MB / This PR 225.8 MB Container startup time is faster. Ansible and chown where slow Build time is 3 times faster. Less packages and TAR download No changes required by the user. Same env vars, same paths, same core packages ... * Update Alpine 3.14. gnu-libiconv is already fixed in this version * Remove heavy packages: ansible, git, make, bash ... * Download Wallabag TAR. Is faster and git is not required * Replace environment variables with envsubst * Reorder steps to build faster and reduce image size --- Dockerfile | 40 +++-- root/entrypoint.sh | 17 +- root/etc/ansible/entrypoint.yml | 170 ------------------ root/etc/ansible/hosts | 2 - root/etc/ansible/templates/parameters.yml.j2 | 63 ------- .../wallabag/app/config/parameters.template | 62 +++++++ 6 files changed, 95 insertions(+), 259 deletions(-) delete mode 100644 root/etc/ansible/entrypoint.yml delete mode 100644 root/etc/ansible/hosts delete mode 100644 root/etc/ansible/templates/parameters.yml.j2 create mode 100644 root/var/www/wallabag/app/config/parameters.template diff --git a/Dockerfile b/Dockerfile index 994741b..1aa0ac8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,15 @@ -FROM alpine:3.12 +FROM alpine:3.14 LABEL maintainer "Marvin Steadfast " ARG WALLABAG_VERSION=2.4.2 -RUN apk add gnu-libiconv --update-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ --allow-untrusted -ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so php - +# Install dependencies RUN set -ex \ && apk update \ - && apk upgrade --available \ && apk add \ - ansible \ curl \ - git \ libwebp \ - mariadb-client \ nginx \ pcre \ php7 \ @@ -49,24 +43,38 @@ RUN set -ex \ py-simplejson \ rabbitmq-c \ s6 \ - tar \ tzdata \ - make \ - bash \ + # make \ + # bash \ && rm -rf /var/cache/apk/* \ && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Install composer +RUN set -ex \ && curl -s https://getcomposer.org/installer | php \ - && mv composer.phar /usr/local/bin/composer \ - && composer selfupdate --1 \ - && git clone --branch $WALLABAG_VERSION --depth 1 https://github.com/wallabag/wallabag.git /var/www/wallabag + && mv composer.phar /usr/local/bin/composer + +# Install envsubst +RUN set -ex \ + && curl -L -o /usr/local/bin/envsubst https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` \ + && chmod +x /usr/local/bin/envsubst + +# Download Wallabag +RUN set -ex \ + && curl -L -o /tmp/wallabag.tar.gz https://github.com/wallabag/wallabag/archive/$WALLABAG_VERSION.tar.gz \ + && tar xvf /tmp/wallabag.tar.gz -C /tmp \ + && mv /tmp/wallabag-*/ /var/www/wallabag \ + && rm -rf /tmp/wallabag* +# Copy resources COPY root / +# Install Wallabag RUN set -ex \ && cd /var/www/wallabag \ && SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist --no-progress \ - && chown -R nobody:nobody /var/www/wallabag + && rm -rf /root/.composer/* /var/www/wallabag/var/cache/* /var/www/wallabag/var/logs/* /var/www/wallabag/var/sessions/* EXPOSE 80 ENTRYPOINT ["/entrypoint.sh"] diff --git a/root/entrypoint.sh b/root/entrypoint.sh index ccac86e..fd82622 100755 --- a/root/entrypoint.sh +++ b/root/entrypoint.sh @@ -1,11 +1,14 @@ #!/bin/sh provisioner () { - echo "Starting provisioner..." - if ! out=`ansible-playbook -i /etc/ansible/hosts /etc/ansible/entrypoint.yml -c local "$@"`;then - echo $out; - fi - echo "Provisioner finished." + echo "Setting up Wallabag..." + + cd /var/www/wallabag + /usr/local/bin/envsubst < app/config/parameters.template > app/config/parameters.yml + SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist --no-progress --quiet + chown -R nobody:nobody /var/www/wallabag/var + + echo "Ready" } if [ "$1" = "wallabag" ];then @@ -14,14 +17,12 @@ if [ "$1" = "wallabag" ];then fi if [ "$1" = "import" ];then - provisioner --skip-tags=firstrun - cd /var/www/wallabag/ + provisioner exec su -c "bin/console wallabag:import:redis-worker --env=prod $2 -vv" -s /bin/sh nobody fi if [ "$1" = "migrate" ];then provisioner - cd /var/www/wallabag/ exec su -c "bin/console doctrine:migrations:migrate --env=prod --no-interaction" -s /bin/sh nobody fi diff --git a/root/etc/ansible/entrypoint.yml b/root/etc/ansible/entrypoint.yml deleted file mode 100644 index f176fd6..0000000 --- a/root/etc/ansible/entrypoint.yml +++ /dev/null @@ -1,170 +0,0 @@ ---- -- hosts: localhost - remote_user: root - - vars: - - database_driver: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_DRIVER')|default('pdo_sqlite', true) }}" - database_host: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_HOST')|default('127.0.0.1', true) }}" - database_name: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_NAME')|default('symfony', true) }}" - database_password: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_PASSWORD')|default('~', true) }}" - database_port: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_PORT')|default('~', true) }}" - database_root_password_mariadb: "{{ lookup('env', 'MYSQL_ROOT_PASSWORD') }}" - database_root_user_postgres: "{{ lookup('env', 'POSTGRES_USER') }}" - database_root_password_postgres: "{{ lookup('env', 'POSTGRES_PASSWORD') }}" - database_user: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_USER')|default('root', true) }}" - database_charset: "{{ lookup('env', 'SYMFONY__ENV__DATABASE_CHARSET')|default('utf8', true) }}" - populate_database: "{{ lookup('env', 'POPULATE_DATABASE')|default(True, true) }}" - locale: "{{ lookup('env', 'SYMFONY__ENV__LOCALE')|default('en', true) }}" - secret: "{{ lookup('env', 'SYMFONY__ENV__SECRET')|default('ovmpmAWXRCabNlMgzlzFXDYmCFfzGv', true) }}" - mailer_transport: "{{ lookup('env', 'SYMFONY__ENV__MAILER_TRANSPORT')|default('smtp', true) }}" - mailer_host: "{{ lookup('env', 'SYMFONY__ENV__MAILER_HOST')|default('127.0.0.1', true) }}" - mailer_user: "{{ lookup('env', 'SYMFONY__ENV__MAILER_USER')|default('~', true) }}" - mailer_password: "{{ lookup('env', 'SYMFONY__ENV__MAILER_PASSWORD')|default('~', true) }}" - mailer_port: "{{ lookup('env', 'SYMFONY__ENV__MAILER_PORT')|default('25', true) }}" - mailer_encryption: "{{ lookup('env', 'SYMFONY__ENV__MAILER_ENCRYPTION')|default('~', true) }}" - mailer_auth_mode: "{{ lookup('env', 'SYMFONY__ENV__MAILER_AUTH_MODE')|default('~', true) }}" - from_email: "{{ lookup('env', 'SYMFONY__ENV__FROM_EMAIL')|default('wallabag@example.com', true) }}" - twofactor_auth: "{{ lookup('env', 'SYMFONY__ENV__TWOFACTOR_AUTH')|default('true', true) }}" - twofactor_sender: "{{ lookup('env', 'SYMFONY__ENV__TWOFACTOR_SENDER')|default('no-reply@wallabag.org', true) }}" - registration: "{{ lookup('env', 'SYMFONY__ENV__FOSUSER_REGISTRATION')|default('true', true) }}" - registration_mail_confirmation: "{{ lookup('env', 'SYMFONY__ENV__FOSUSER_CONFIRMATION')|default('true', true) }}" - domain_name: "{{ lookup('env', 'SYMFONY__ENV__DOMAIN_NAME')|default('https://your-wallabag-url-instance.com', true) }}" - redis_scheme: "{{ lookup('env', 'SYMFONY__ENV__REDIS_SCHEME')|default('tcp', true) }}" - redis_host: "{{ lookup('env', 'SYMFONY__ENV__REDIS_HOST')|default('redis', true) }}" - redis_port: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PORT')|default('6379', true) }}" - redis_path: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PATH')|default('~', true) }}" - redis_password: "{{ lookup('env', 'SYMFONY__ENV__REDIS_PASSWORD')|default('~', true) }}" - sentry_dsn: "{{ lookup('env', 'SYMFONY__ENV__SENTRY_DSN')|default('~', true) }}" - server_name: "{{ lookup('env', 'SYMFONY__ENV__SERVER_NAME')|default('Your wallabag instance', true) }}" - - tasks: - - - name: needed dirs - file: - path={{ item }} - state=directory - with_items: - - /var/www/wallabag/app - - /var/www/wallabag/app/config - - /var/www/wallabag/data - - /var/www/wallabag/data/assets - - /var/www/wallabag/data/db - notify: chown dir - tags: - - firstrun - - - name: write parameters.yml - template: - src=templates/parameters.yml.j2 - dest=/var/www/wallabag/app/config/parameters.yml - - - stat: - path=/var/www/wallabag/data/db/wallabag.sqlite - register: wallabag_sqlite_db - when: database_driver == 'pdo_sqlite' - - - name: notify install for sqlite - debug: - msg='notify installation script if sqlite db does not exist' - changed_when: true - notify: run install - when: (database_driver == 'pdo_sqlite') and - (wallabag_sqlite_db.stat.exists == False) - - - name: wait for db container - wait_for: - host="{{ database_host }}" - port="{{ database_port }}" - when: (database_driver == 'pdo_mysql') or - (database_driver == 'pdo_pgsql') - - - name: add mariadb db - mysql_db: - name="{{ database_name }}" - state=present - login_host="{{ database_host }}" - login_port={{ database_port }} - login_user=root - login_password="{{ database_root_password_mariadb }}" - encoding="utf8mb4" - notify: run install - when: (database_driver == 'pdo_mysql') and - (populate_database == True) - tags: - - firstrun - - - name: add mariadb user - mysql_user: - name="{{ database_user }}" - host=% - password="{{ database_password }}" - priv={{ database_name }}.*:ALL - login_host="{{ database_host }}" - login_port={{ database_port }} - login_user=root - login_password="{{ database_root_password_mariadb }}" - state=present - when: (database_driver == 'pdo_mysql') and - (database_user != 'root') and - (populate_database == True) - tags: - - firstrun - - - name: postgresql db - postgresql_db: - name="{{ database_name }}" - state=present - login_host="{{ database_host }}" - port={{ database_port }} - login_user="{{ database_root_user_postgres }}" - login_password="{{ database_root_password_postgres }}" - notify: run install - when: (database_driver == 'pdo_pgsql') and - (populate_database == True) - tags: - - firstrun - - - name: add postgresql user - postgresql_user: - name="{{ database_user }}" - password="{{ database_password }}" - encrypted=true - db={{ database_name }} - priv=ALL - login_host="{{ database_host }}" - port={{ database_port }} - login_user="{{ database_root_user_postgres }}" - login_password="{{ database_root_password_postgres }}" - state=present - when: (database_driver == 'pdo_pgsql') and - (database_user != 'postgres') and - (populate_database == True) - tags: - - firstrun - - - name: remove cache - file: - path=/var/www/wallabag/var/cache - state=absent - - - name: run composer - shell: SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist - args: - chdir: /var/www/wallabag - notify: chown dir - - handlers: - - - name: run install - shell: php bin/console wallabag:install --env=prod -n - args: - chdir: /var/www/wallabag - notify: chown dir - - - name: chown dir - file: - path=/var/www/wallabag - recurse=yes - owner=nobody - group=nobody diff --git a/root/etc/ansible/hosts b/root/etc/ansible/hosts deleted file mode 100644 index f930906..0000000 --- a/root/etc/ansible/hosts +++ /dev/null @@ -1,2 +0,0 @@ -[localhost] -localhost diff --git a/root/etc/ansible/templates/parameters.yml.j2 b/root/etc/ansible/templates/parameters.yml.j2 deleted file mode 100644 index f01cc5c..0000000 --- a/root/etc/ansible/templates/parameters.yml.j2 +++ /dev/null @@ -1,63 +0,0 @@ -parameters: - database_driver: {{ database_driver }} - database_host: {{ database_host }} - database_port: {{ database_port }} - database_name: {{ database_name }} - database_user: {{ database_user }} - database_password: {{ database_password }} - database_path: "%kernel.root_dir%/../data/db/wallabag.sqlite" - database_table_prefix: wallabag_ - database_socket: null - database_charset: {{ database_charset }} - - domain_name: {{ domain_name }} - - mailer_transport: {{ mailer_transport }} - mailer_user: {{ mailer_user }} - mailer_password: {{ mailer_password }} - mailer_host: {{ mailer_host }} - mailer_port: {{ mailer_port }} - mailer_encryption: {{ mailer_encryption }} - mailer_auth_mode: {{ mailer_auth_mode }} - - locale: {{ locale }} - - # A secret key that's used to generate certain security-related tokens - secret: {{ secret }} - - # two factor stuff - twofactor_auth: {{ twofactor_auth }} - twofactor_sender: {{ twofactor_sender }} - - # fosuser stuff - fosuser_registration: {{ registration }} - fosuser_confirmation: {{ registration_mail_confirmation }} - - # how long the access token should live in seconds for the API - fos_oauth_server_access_token_lifetime: 3600 - # how long the refresh token should life in seconds for the API - fos_oauth_server_refresh_token_lifetime: 1209600 - - from_email: {{ from_email }} - - rss_limit: 50 - - # RabbitMQ processing - rabbitmq_host: localhost - rabbitmq_port: 5672 - rabbitmq_user: guest - rabbitmq_password: guest - rabbitmq_prefetch_count: 10 - - # Redis processing - redis_scheme: {{ redis_scheme }} - redis_host: {{ redis_host }} - redis_port: {{ redis_port }} - redis_path: {{ redis_path }} - redis_password: {{ redis_password }} - - # sentry logging - sentry_dsn: {{ sentry_dsn }} - - # User-friendly name of your instance for 2FA issuer - server_name: {{ server_name }} diff --git a/root/var/www/wallabag/app/config/parameters.template b/root/var/www/wallabag/app/config/parameters.template new file mode 100644 index 0000000..bfa9706 --- /dev/null +++ b/root/var/www/wallabag/app/config/parameters.template @@ -0,0 +1,62 @@ +parameters: + database_driver: ${SYMFONY__ENV__DATABASE_DRIVER:-pdo_sqlite} + database_driver_class: ${SYMFONY__ENV__DATABASE_DRIVER_CLASS:-~} + database_host: ${SYMFONY__ENV__DATABASE_HOST:-127.0.0.1} + database_port: ${SYMFONY__ENV__DATABASE_PORT:-~} + database_name: ${SYMFONY__ENV__DATABASE_NAME:-symfony} + database_user: ${SYMFONY__ENV__DATABASE_USER:-root} + database_password: ${SYMFONY__ENV__DATABASE_PASSWORD:-~} + database_path: "%kernel.root_dir%/../data/db/wallabag.sqlite" + database_table_prefix: wallabag_ + database_socket: null + database_charset: ${SYMFONY__ENV__DATABASE_CHARSET:-utf8} + + domain_name: ${SYMFONY__ENV__DOMAIN_NAME:-https://your-wallabag-url-instance.com} + server_name: ${SYMFONY__ENV__SERVER_NAME:-"Your wallabag instance"} + + mailer_transport: ${SYMFONY__ENV__MAILER_TRANSPORT:-smtp} + mailer_user: ${SYMFONY__ENV__MAILER_USER:-~} + mailer_password: ${SYMFONY__ENV__MAILER_PASSWORD:-~} + mailer_host: ${SYMFONY__ENV__MAILER_HOST:-127.0.0.1} + mailer_port: ${SYMFONY__ENV__MAILER_PORT:-25} + mailer_encryption: ${SYMFONY__ENV__MAILER_ENCRYPTION:-~} + mailer_auth_mode: ${SYMFONY__ENV__MAILER_AUTH_MODE:-~} + + locale: ${SYMFONY__ENV__LOCALE:-en} + + # A secret key that's used to generate certain security-related tokens + secret: ${SYMFONY__ENV__SECRET:-2fD51g6H7sCCd1d9qQ} + + # two factor stuff + twofactor_auth: ${SYMFONY__ENV__TWOFACTOR_AUTH:-true} + twofactor_sender: ${SYMFONY__ENV__TWOFACTOR_SENDER:-no-reply@wallabag.org} + + # fosuser stuff + fosuser_registration: ${SYMFONY__ENV__FOSUSER_REGISTRATION:-true} + fosuser_confirmation: ${SYMFONY__ENV__FOSUSER_CONFIRMATION:-true} + + fos_oauth_server_access_token_lifetime: 3600 + fos_oauth_server_refresh_token_lifetime: 1209600 + + from_email: ${SYMFONY__ENV__FROM_EMAIL:-wallabag@example.com} + + rss_limit: 50 + + # RabbitMQ processing + rabbitmq_host: localhost + rabbitmq_port: 5672 + rabbitmq_user: guest + rabbitmq_password: guest + rabbitmq_prefetch_count: 10 + + # Redis processing + redis_scheme: ${SYMFONY__ENV__REDIS_SCHEME:-tcp} + redis_host: ${SYMFONY__ENV__REDIS_HOST:-redis} + redis_port: ${SYMFONY__ENV__REDIS_PORT:-6379} + redis_path: ${SYMFONY__ENV__REDIS_PATH:-~} + redis_password: ${SYMFONY__ENV__REDIS_PASSWORD:-~} + + # Sentry + sentry_dsn: ${SYMFONY__ENV__SENTRY_DSN:-~} + + session_handler: ${SESSION_HANDLER:-session.handler.native_file}