forked from RotherOSS/otobo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
otobo.web.dockerfile
169 lines (150 loc) · 7.34 KB
/
otobo.web.dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# This is the build file for the OTOBO web docker image.
# See also bin/docker/build_docker_images.sh
# See also https://doc.otobo.org/manual/installation/stable/en/content/installation-docker.html
# Use the latest maintainance release of the Perl 5.32.x series.
# As of 2021-01-23 this is Perl 5.32.1. See https://perldoc.perl.org/perl5321delta.
# This image is based on Debian 10 (Buster). The user is root.
# The Perl module installer 'cpanm' is already installed.
FROM perl:5.32-buster
# Some initial setup that needs to be done by root.
USER root
# install some required and optional Debian packages
# For ODBC see https://blog.devart.com/installing-and-configuring-odbc-driver-on-linux.html
# For ODBC for SQLIte, for testing ODBC, see http://www.ch-werner.de/sqliteodbc/html/index.html
# Create /opt/otobo_install already here, in order to reduce the number of build layers.
# hadolint ignore=DL3008
RUN apt-get update\
&& apt-get -y --no-install-recommends install\
"ack"\
"cron"\
"default-mysql-client"\
"ldap-utils"\
"less"\
"nano"\
"odbcinst1debian2" "libodbc1" "odbcinst" "unixodbc-dev" "unixodbc"\
"postgresql-client"\
"redis-tools"\
"sqlite3" "libsqliteodbc"\
"rsync"\
"telnet"\
"tree"\
"screen"\
"vim"\
&& rm -rf /var/lib/apt/lists/*\
&& install -d /opt/otobo_install
# We want an UTF-8 console
ENV LC_ALL C.UTF-8
ENV LANG C.UTF-8
# required modules are installed in /opt/otobo_install/local
# additional local modules might be installed in /opt/otobo/local
ENV PERL5LIB "/opt/otobo_install/local/lib/perl5:/opt/otobo/local/lib/perl5"
ENV PATH "/opt/otobo_install/local/bin:/opt/otobo/local/bin:${PATH}"
# Install packages from CPAN into the local lib /opt/otobo_install/local.
#
# The modules Net::DNS and Gazelle take a long time to build and test.
# Install them early in a separate RUN in order to make rebuilds faster.
# TODO: go back to install via the cpanfile
#
# Found no easy way to install with --force in the cpanfile. Therefore install
# the modules with ignorable test failures with the option --force.
# TODO: go back to install via the cpanfile
#
# Note that the modules in /opt/otobo/Kernel/cpan-lib are not considered by cpanm.
# This hopefully reduces potential conflicts.
#
# carton install will create cpanfile.snapshot. Currently this file is only used for documentation.
#
# Clean up the .cpanm dir after the installation tasks as that dir is no longer needed
# and the unpacked Perl distributions sometimes have weird user and group IDs.
WORKDIR /opt/otobo_install
RUN cpanm --local-lib local Net::DNS
RUN cpanm --local-lib local Gazelle
RUN cpanm --local-lib local --force XMLRPC::Transport::HTTP Net::Server Linux::Inotify2
RUN cpanm --local-lib local Carton
COPY cpanfile.docker cpanfile
RUN PERL_CPANM_OPT="--local-lib /opt/otobo_install/local" carton install
RUN rm -rf "$HOME/.cpanm"
# create the otobo user
# --user-group create group 'otobo' and add the user to the created group
# --home-dir /opt/otobo set $HOME of the user
# --create-home create /opt/otobo
# --shell /bin/bash set the login shell, not used here because otobo is system user
# --comment 'OTOBO user' complete name of the user
ENV OTOBO_USER otobo
ENV OTOBO_GROUP otobo
ENV OTOBO_HOME /opt/otobo
RUN useradd --user-group --home-dir $OTOBO_HOME --create-home --shell /bin/bash --comment 'OTOBO user' $OTOBO_USER
# copy the OTOBO installation to /opt/otobo_install/otobo_next and use it as the working dir
# skip the files set up in .dockerignore
COPY --chown=$OTOBO_USER:$OTOBO_GROUP . /opt/otobo_install/otobo_next
WORKDIR /opt/otobo_install/otobo_next
# uncomment these steps when strange behavior must be investigated
#RUN echo "'$OTOBO_HOME'"
#RUN whoami
#RUN pwd
#RUN uname -a
#RUN ls -A
#RUN tree Kernel
#RUN false
# Make sure that /opt/otobo exists and is writable by $OTOBO_USER.
# set up entrypoint.sh and docker_firsttime
# Finally set permissions. Explicitly pass --runs-under-docker as
# $ENV{OTOBO_RUNS_UNDER_DOCKER} is not yet set.
RUN install --group $OTOBO_GROUP --owner $OTOBO_USER -d $OTOBO_HOME \
&& install --owner $OTOBO_USER --group $OTOBO_GROUP -D bin/docker/entrypoint.sh /opt/otobo_install/entrypoint.sh \
&& install --owner $OTOBO_USER --group $OTOBO_GROUP /dev/null docker_firsttime \
&& perl bin/otobo.SetPermissions.pl --runs-under-docker
# perform build steps that can be done as the user otobo.
USER $OTOBO_USER
# More setup that can be done by the user otobo
# Under Docker the Elasticsearch Daemon is running on the host 'elastic' instead of '127.0.0.1'.
# The webservice configuration is in a YAML file and it is not obvious how
# to change settings for webservices.
# So we take the easy was out and do the change directly in the XML file,
# before installer.pl has run.
# Doing this already in the initial database insert allows installer.pl
# to pick up the changed host and to check whether Elasticsearch is available.
RUN perl -p -i.orig -e "s{Host: http://localhost:9200}{Host: http://elastic:9200}" scripts/database/otobo-initial_insert.xml
# Create dirs.
# Enable bash completion.
# Add a .vimrc.
# make Docker image identifyable via the files git-(repo|branch|commit).txt
# Create ARCHIVE with hashes of the files in the workdir
# Config.pm.docker.dist will be copied to Config.pm in entrypoint.sh when it does not already exist.
ARG GIT_REPO=unspecified
ARG GIT_BRANCH=unspecified
ARG GIT_COMMIT=unspecified
RUN install -d var/stats var/packages var/article var/tmp \
&& (echo ". ~/.bash_completion" >> .bash_aliases ) \
&& install -m u=rw,g=r,o=r scripts/vim/.vimrc .vimrc \
&& (echo $GIT_REPO > git-repo.txt) \
&& (echo $GIT_BRANCH > git-branch.txt) \
&& (echo $GIT_COMMIT > git-commit.txt) \
&& bin/otobo.CheckSum.pl -a create
# Up to now we have prepared /opt/otobo_install/otobo_next.
# Merging /opt/otobo_install/otobo_next and /opt/otobo is left to /opt/otobo_install/entrypoint.sh.
# Note that for supporting the command 'cron' we need to start as root.
# For all other commands entrypoint.sh switches to the user otobo.
WORKDIR $OTOBO_HOME
# Tell the web application and bin/otobo.SetPermissions.pl that it runs in a container.
ENV OTOBO_RUNS_UNDER_DOCKER 1
# the entrypoint is not in the volume
ENTRYPOINT ["/opt/otobo_install/entrypoint.sh"]
# Add some additional meta info to the image.
# This done at the end of the Dockerfile as changed labels and changed args invalidate the layer cache.
# The labels are compliant with https://github.com/opencontainers/image-spec/blob/master/annotations.md .
# For the standard build args passed by hub.docker.com see https://docs.docker.com/docker-hub/builds/advanced/.
LABEL maintainer='Team OTOBO <[email protected]>'
LABEL org.opencontainers.image.authors='Team OTOBO <[email protected]>'
LABEL org.opencontainers.image.description='OTOBO is the new open source ticket system with strong functionality AND a great look'
LABEL org.opencontainers.image.documentation='https://otobo.org'
LABEL org.opencontainers.image.licenses='GNU General Public License v3.0 or later'
LABEL org.opencontainers.image.title='OTOBO'
LABEL org.opencontainers.image.url=https://github.com/RotherOSS/otobo
LABEL org.opencontainers.image.vendor='Rother OSS GmbH'
ARG BUILD_DATE=unspecified
LABEL org.opencontainers.image.created=$BUILD_DATE
LABEL org.opencontainers.image.revision=$GIT_COMMIT
LABEL org.opencontainers.image.source=$GIT_REPO
ARG DOCKER_TAG=unspecified
LABEL org.opencontainers.image.version=$DOCKER_TAG