-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reduce number of layers in Containerfile
Reduce number of layers in Containerfile by combining RUN, LABEL and ENV statements. This will speed up the building process and reduce the image size. Resolves: #87 Signed-off-by: Antonio Torres <[email protected]>
- Loading branch information
1 parent
7a04c31
commit 458972d
Showing
2 changed files
with
60 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,11 +6,17 @@ | |
|
|
||
| FROM quay.io/centos/centos:stream9 | ||
|
|
||
| ENV TZ=Europe/Madrid | ||
| LABEL org.opencontainers.image.source=https://github.com/freeipa/ipa-tuura | ||
| LABEL org.opencontainers.image.source=https://github.com/freeipa/ipa-tuura \ | ||
| org.opencontainers.image.description="CentOS based ipa-tuura bridge service image" | ||
|
|
||
| # Podmanfile for deploying ipa-tuura in production mode, using Apache HTTPS server | ||
| LABEL org.opencontainers.image.description="CentOS based ipa-tuura bridge service image" | ||
| ENV TZ=Europe/Madrid \ | ||
| DJANGO_SUPERUSER_PASSWORD=Secret123 \ | ||
| DJANGO_SUPERUSER_USERNAME=scim \ | ||
| [email protected] | ||
|
|
||
| # Copy the source code | ||
| RUN mkdir /www | ||
| COPY . /www/ipa-tuura | ||
|
|
||
| # Install system dependencies | ||
| RUN dnf -y update && dnf -y install \ | ||
|
|
@@ -50,53 +56,40 @@ RUN dnf -y update && dnf -y install \ | |
| gssproxy \ | ||
| openssh-clients \ | ||
| sshpass \ | ||
| && dnf clean all | ||
|
|
||
| # Copy the source code | ||
| RUN mkdir /www | ||
| COPY . /www/ipa-tuura | ||
| && dnf clean all \ | ||
| && pip install -r /www/ipa-tuura/src/install/requirements.txt | ||
|
|
||
| # Install project dependencies | ||
| RUN pip install -r /www/ipa-tuura/src/install/requirements.txt | ||
|
|
||
| # Packaging up Django model changes | ||
| # Django setup | ||
| WORKDIR /www/ipa-tuura/src/ipa-tuura/ | ||
| RUN python3 manage.py makemigrations | ||
| RUN python3 manage.py migrate | ||
|
|
||
| # Setup Django superuser | ||
| ENV DJANGO_SUPERUSER_PASSWORD Secret123 | ||
| ENV DJANGO_SUPERUSER_USERNAME scim | ||
| ENV DJANGO_SUPERUSER_EMAIL [email protected] | ||
| RUN python3 manage.py createsuperuser --scim_username scim --noinput | ||
|
|
||
| # Deploy Django with Apache and mod_wsgi | ||
| RUN echo 'LoadModule wsgi_module modules/mod_wsgi.so' >> /etc/httpd/conf/httpd.conf | ||
| RUN sed -i 's/ALLOWED_HOSTS = \[\]/ALLOWED_HOSTS = \['"'*'"'\]/g' /www/ipa-tuura/src/ipa-tuura/root/settings.py | ||
| RUN python3 manage.py makemigrations \ | ||
| && python3 manage.py migrate \ | ||
| && python3 manage.py createsuperuser --scim_username scim --noinput \ | ||
| && echo 'LoadModule wsgi_module modules/mod_wsgi.so' >> /etc/httpd/conf/httpd.conf \ | ||
| && sed -i 's/ALLOWED_HOSTS = \[\]/ALLOWED_HOSTS = \['"'*'"'\]/g' /www/ipa-tuura/src/ipa-tuura/root/settings.py | ||
|
|
||
| # Generate and configure self-signed certificate | ||
| COPY prod/conf/ipa.conf /root | ||
| RUN openssl req -config /root/ipa.conf -newkey rsa -x509 -days 365 -out /etc/pki/tls/certs/apache-selfsigned.crt | ||
| RUN sed -i 's\localhost.crt\apache-selfsigned.crt\g' /etc/httpd/conf.d/ssl.conf | ||
| RUN sed -i 's\localhost.key\apache-selfsigned.key\g' /etc/httpd/conf.d/ssl.conf | ||
| RUN openssl req -config /root/ipa.conf -newkey rsa -x509 -days 365 -out /etc/pki/tls/certs/apache-selfsigned.crt \ | ||
| && sed -i 's\localhost.crt\apache-selfsigned.crt\g' /etc/httpd/conf.d/ssl.conf \ | ||
| && sed -i 's\localhost.key\apache-selfsigned.key\g' /etc/httpd/conf.d/ssl.conf | ||
|
|
||
| # Deploy Apache virtual host | ||
| COPY prod/conf/ipatuura.conf /etc/httpd/conf.d/ipatuura.conf | ||
|
|
||
| # Setup permissions for apache user | ||
| RUN echo 'apache ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/apache | ||
| RUN usermod -a -G sssd,root apache | ||
| RUN chmod -R 770 /etc/sssd | ||
| RUN chmod 740 /www/ipa-tuura/src/ipa-tuura/ | ||
| RUN chown apache:apache /www/ipa-tuura/src/ipa-tuura/ | ||
| RUN chown apache:apache /www/ipa-tuura/src/ipa-tuura/db.sqlite3 | ||
| RUN echo 'apache ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/apache \ | ||
| && usermod -a -G sssd,root apache \ | ||
| && chmod -R 770 /etc/sssd \ | ||
| && chmod 740 /www/ipa-tuura/src/ipa-tuura/ \ | ||
| && chown apache:apache /www/ipa-tuura/src/ipa-tuura/ \ | ||
| && chown apache:apache /www/ipa-tuura/src/ipa-tuura/db.sqlite3 | ||
|
|
||
| # Setup gssproxy | ||
| COPY prod/conf/gssproxy.conf /etc/gssproxy/80-httpd.conf | ||
| COPY prod/conf/httpd_env.conf /etc/systemd/system/httpd.service.d/env.conf | ||
| RUN mkdir /var/lib/ipatuura | ||
| RUN chmod 770 /var/lib/ipatuura | ||
| RUN systemctl enable gssproxy | ||
| RUN mkdir /var/lib/ipatuura \ | ||
| && chmod 770 /var/lib/ipatuura \ | ||
| && systemctl enable gssproxy | ||
|
|
||
| # Enable httpd service | ||
| RUN systemctl enable httpd | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,11 +10,17 @@ | |
|
|
||
| FROM registry.access.redhat.com/ubi9:9.2-755 | ||
|
|
||
| ENV TZ=Europe/Madrid | ||
| LABEL org.opencontainers.image.source=https://github.com/freeipa/ipa-tuura | ||
| LABEL org.opencontainers.image.source=https://github.com/freeipa/ipa-tuura \ | ||
| org.opencontainers.image.description="RHEL based ipa-tuura bridge service image" | ||
|
|
||
| # Podmanfile for deploying ipa-tuura in production mode, using Apache HTTPS server | ||
| LABEL org.opencontainers.image.description="UBI9 RHEL based ipa-tuura bridge service image" | ||
| ENV TZ=Europe/Madrid \ | ||
| DJANGO_SUPERUSER_PASSWORD=Secret123 \ | ||
| DJANGO_SUPERUSER_USERNAME=scim \ | ||
| [email protected] | ||
|
|
||
| # Copy the source code | ||
| RUN mkdir /www | ||
| COPY . /www/ipa-tuura | ||
|
|
||
| # Install system dependencies | ||
| RUN dnf -y update && dnf -y install \ | ||
|
|
@@ -54,53 +60,40 @@ RUN dnf -y update && dnf -y install \ | |
| gssproxy \ | ||
| openssh-clients \ | ||
| sshpass \ | ||
| && dnf clean all | ||
|
|
||
| # Copy the source code | ||
| RUN mkdir /www | ||
| COPY . /www/ipa-tuura | ||
| && dnf clean all \ | ||
| && pip install -r /www/ipa-tuura/src/install/requirements.txt | ||
|
|
||
| # Install project dependencies | ||
| RUN pip install -r /www/ipa-tuura/src/install/requirements.txt | ||
|
|
||
| # Packaging up Django model changes | ||
| # Django setup | ||
| WORKDIR /www/ipa-tuura/src/ipa-tuura/ | ||
| RUN python3 manage.py makemigrations | ||
| RUN python3 manage.py migrate | ||
|
|
||
| # Setup Django superuser | ||
| ENV DJANGO_SUPERUSER_PASSWORD Secret123 | ||
| ENV DJANGO_SUPERUSER_USERNAME scim | ||
| ENV DJANGO_SUPERUSER_EMAIL [email protected] | ||
| RUN python3 manage.py createsuperuser --scim_username scim --noinput | ||
|
|
||
| # Deploy Django with Apache and mod_wsgi | ||
| RUN echo 'LoadModule wsgi_module modules/mod_wsgi.so' >> /etc/httpd/conf/httpd.conf | ||
| RUN sed -i 's/ALLOWED_HOSTS = \[\]/ALLOWED_HOSTS = \['"'*'"'\]/g' /www/ipa-tuura/src/ipa-tuura/root/settings.py | ||
| RUN python3 manage.py makemigrations \ | ||
| && python3 manage.py migrate \ | ||
| && python3 manage.py createsuperuser --scim_username scim --noinput \ | ||
| && echo 'LoadModule wsgi_module modules/mod_wsgi.so' >> /etc/httpd/conf/httpd.conf \ | ||
| && sed -i 's/ALLOWED_HOSTS = \[\]/ALLOWED_HOSTS = \['"'*'"'\]/g' /www/ipa-tuura/src/ipa-tuura/root/settings.py | ||
|
|
||
| # Generate and configure self-signed certificate | ||
| COPY prod/conf/ipa.conf /root | ||
| RUN openssl req -config /root/ipa.conf -newkey rsa -x509 -days 365 -out /etc/pki/tls/certs/apache-selfsigned.crt | ||
| RUN sed -i 's\localhost.crt\apache-selfsigned.crt\g' /etc/httpd/conf.d/ssl.conf | ||
| RUN sed -i 's\localhost.key\apache-selfsigned.key\g' /etc/httpd/conf.d/ssl.conf | ||
| RUN openssl req -config /root/ipa.conf -newkey rsa -x509 -days 365 -out /etc/pki/tls/certs/apache-selfsigned.crt \ | ||
| && sed -i 's\localhost.crt\apache-selfsigned.crt\g' /etc/httpd/conf.d/ssl.conf \ | ||
| && sed -i 's\localhost.key\apache-selfsigned.key\g' /etc/httpd/conf.d/ssl.conf | ||
|
|
||
| # Deploy Apache virtual host | ||
| COPY prod/conf/ipatuura.conf /etc/httpd/conf.d/ipatuura.conf | ||
|
|
||
| # Setup permissions for apache user | ||
| RUN echo 'apache ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/apache | ||
| RUN usermod -a -G sssd,root apache | ||
| RUN chmod -R 770 /etc/sssd | ||
| RUN chmod 740 /www/ipa-tuura/src/ipa-tuura/ | ||
| RUN chown apache:apache /www/ipa-tuura/src/ipa-tuura/ | ||
| RUN chown apache:apache /www/ipa-tuura/src/ipa-tuura/db.sqlite3 | ||
| RUN echo 'apache ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/apache \ | ||
| && usermod -a -G sssd,root apache \ | ||
| && chmod -R 770 /etc/sssd \ | ||
| && chmod 740 /www/ipa-tuura/src/ipa-tuura/ \ | ||
| && chown apache:apache /www/ipa-tuura/src/ipa-tuura/ \ | ||
| && chown apache:apache /www/ipa-tuura/src/ipa-tuura/db.sqlite3 | ||
|
|
||
| # Setup gssproxy | ||
| COPY prod/conf/gssproxy.conf /etc/gssproxy/80-httpd.conf | ||
| COPY prod/conf/httpd_env.conf /etc/systemd/system/httpd.service.d/env.conf | ||
| RUN mkdir /var/lib/ipatuura | ||
| RUN chmod 770 /var/lib/ipatuura | ||
| RUN systemctl enable gssproxy | ||
| RUN mkdir /var/lib/ipatuura \ | ||
| && chmod 770 /var/lib/ipatuura \ | ||
| && systemctl enable gssproxy | ||
|
|
||
| # Enable httpd service | ||
| RUN systemctl enable httpd | ||
|
|
||