From 30fbebb8850591dd51310382b36d0d297a311934 Mon Sep 17 00:00:00 2001 From: Florian Rey Date: Tue, 12 Dec 2023 12:07:55 +0100 Subject: [PATCH] [Elao - App - Docker] Switch to systemd --- elao.app.docker/.manala.yaml | 2 +- elao.app.docker/.manala/Makefile.tmpl | 2 +- .../ansible/collections/requirements.yaml | 2 +- .../roles/certificates/tasks/main.yaml | 6 +++--- .../.manala/docker/Dockerfile.tmpl | 19 +++++++++++-------- .../.manala/docker/compose/init.systemd.yaml | 5 ++++- elao.app.docker/README.md | 8 +++++--- elao.app.docker/test/.manala.yaml | 2 +- elao.app.docker/test/goss.yaml | 18 +++++++++--------- 9 files changed, 36 insertions(+), 28 deletions(-) diff --git a/elao.app.docker/.manala.yaml b/elao.app.docker/.manala.yaml index 5900fea5..7a2a2c7e 100644 --- a/elao.app.docker/.manala.yaml +++ b/elao.app.docker/.manala.yaml @@ -60,7 +60,7 @@ system: network: hosts: {} goss: - # @schema {"enum": [null, "0.3.21"]} + # @schema {"enum": [null, "0.4.4"]} version: ~ nginx: # @schema { diff --git a/elao.app.docker/.manala/Makefile.tmpl b/elao.app.docker/.manala/Makefile.tmpl index e37bd7ef..5a0a48ed 100644 --- a/elao.app.docker/.manala/Makefile.tmpl +++ b/elao.app.docker/.manala/Makefile.tmpl @@ -31,7 +31,7 @@ MANALA_DOCKER_COMPOSE_ENV += \ MANALA_HOST_OS=$(MANALA_OS) \ MANALA_HOST_DIR=$(abspath $(MANALA_DIR)) MANALA_DOCKER_COMPOSE_FILE += \ - $(MANALA_DIR)/.manala/docker/compose/init.sysv.yaml \ + $(MANALA_DIR)/.manala/docker/compose/init.systemd.yaml \ $(if $(SYMFONY_IDE), $(MANALA_DIR)/.manala/docker/compose/symfony.yaml) MANALA_DOCKER_COMPOSE_PROFILE ?= development diff --git a/elao.app.docker/.manala/ansible/collections/requirements.yaml b/elao.app.docker/.manala/ansible/collections/requirements.yaml index bd2d5c6a..c795439d 100644 --- a/elao.app.docker/.manala/ansible/collections/requirements.yaml +++ b/elao.app.docker/.manala/ansible/collections/requirements.yaml @@ -2,10 +2,10 @@ collections: - ansible.posix + - community.crypto - community.docker - community.general - community.mongodb - community.mysql - gluster.gluster - manala.roles - - community.crypto diff --git a/elao.app.docker/.manala/ansible/roles/certificates/tasks/main.yaml b/elao.app.docker/.manala/ansible/roles/certificates/tasks/main.yaml index 819dcdbd..ee970e5f 100644 --- a/elao.app.docker/.manala/ansible/roles/certificates/tasks/main.yaml +++ b/elao.app.docker/.manala/ansible/roles/certificates/tasks/main.yaml @@ -74,7 +74,7 @@ - ["{{ certificates_ssl_pem }}", certs] - ["{{ certificates_ssl_key }}", private] notify: - - nginx restart + - Restart nginx when: (certificates_ssl_key is file) and (certificates_ssl_pem is file) @@ -86,7 +86,7 @@ type: RSA size: 4096 notify: - - nginx restart + - Restart nginx - name: certificates > Generate self signed ssl certificate signing request community.crypto.openssl_csr: path: /etc/ssl/certs/ssl.csr @@ -102,6 +102,6 @@ privatekey_path: /etc/ssl/private/ssl.key provider: selfsigned notify: - - nginx restart + - Restart nginx when: (certificates_ssl_key is not file) or (certificates_ssl_pem is not file) diff --git a/elao.app.docker/.manala/docker/Dockerfile.tmpl b/elao.app.docker/.manala/docker/Dockerfile.tmpl index e00c4b29..bddcc77e 100644 --- a/elao.app.docker/.manala/docker/Dockerfile.tmpl +++ b/elao.app.docker/.manala/docker/Dockerfile.tmpl @@ -52,7 +52,7 @@ RUN \ fi \ {{- end }} # Apt keyrings (debian < bookworm) - && mkdir --verbose --parents /etc/apt/keyrings \ + && install --verbose --mode 0755 --directory /etc/apt/keyrings \ # User && addgroup --gid ${MANALA_GROUP_ID} app \ && adduser --home /home/app --shell /bin/bash --uid ${MANALA_USER_ID} --gecos app --ingroup app --disabled-password app \ @@ -130,7 +130,8 @@ RUN \ umountfs \ umountroot \ # Block systemd replacement - && printf "Package: systemd-sysv\n\ + && printf "\ +Package: systemd-sysv\n\ Pin: release *\n\ Pin-Priority: -1\n\ " > /etc/apt/preferences \ @@ -170,21 +171,22 @@ RUN \ && systemctl set-default multi-user.target \ && sed -i 's/#\(ForwardToConsole=\).*$/\1yes/' \ /etc/systemd/journald.conf \ - && printf "Defaults env_keep += \"container\"\n" \ + && echo "Defaults env_keep += \"container\"" \ > /etc/sudoers.d/systemd \ && rm -rf \ /etc/systemd/system/*.wants/* \ + /lib/systemd/system/basic.target.wants/* \ /lib/systemd/system/multi-user.target.wants/* \ /lib/systemd/system/local-fs.target.wants/* \ /lib/systemd/system/sockets.target.wants/*udev* \ /lib/systemd/system/sockets.target.wants/*initctl* \ /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev* \ + /lib/systemd/system/systemd-ask-password-console.* \ + /lib/systemd/system/systemd-tmpfiles-clean.* \ /lib/systemd/system/systemd-update-utmp* \ # Clean && rm -rf /var/lib/apt/lists/* -VOLUME /sys/fs/cgroup - STOPSIGNAL SIGRTMIN+3 CMD ["/lib/systemd/systemd"] @@ -201,7 +203,7 @@ FROM init-${MANALA_INIT} AS provision-none # Ansible FROM init-${MANALA_INIT} AS provision-ansible -ARG ANSIBLE_VERSION="8.5.0" +ARG ANSIBLE_VERSION="8.7.0" ARG MANALA_PROVISION_LIMIT ARG SYMFONY_IDE @@ -229,8 +231,9 @@ RUN \ && pip3 --no-cache-dir --disable-pip-version-check install \ ansible==${ANSIBLE_VERSION} \ {{- end }} - && mkdir --verbose --parents /etc/ansible \ - && printf "[defaults]\n\ + && install --verbose --mode 0755 --directory /etc/ansible \ + && printf "\ +[defaults]\n\ force_color = True\n\ display_skipped_hosts = False\n\ retry_files_enabled = False\n\ diff --git a/elao.app.docker/.manala/docker/compose/init.systemd.yaml b/elao.app.docker/.manala/docker/compose/init.systemd.yaml index 9d79cd5c..48309b6c 100644 --- a/elao.app.docker/.manala/docker/compose/init.systemd.yaml +++ b/elao.app.docker/.manala/docker/compose/init.systemd.yaml @@ -8,7 +8,10 @@ services: build: args: MANALA_INIT: systemd + cgroup: host tty: true - privileged: true + tmpfs: + - /run + - /run/lock volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw diff --git a/elao.app.docker/README.md b/elao.app.docker/README.md index 5a9cc570..e7c0645d 100644 --- a/elao.app.docker/README.md +++ b/elao.app.docker/README.md @@ -10,15 +10,17 @@ tableOfContent: 3 MacOS -* Docker Desktop 4.3.2+ +* Docker Desktop 4.25.2+ (`brew install docker`) -* Mutagen Compose 0.13.0+ +* Mutagen Compose 0.18.0+ (`brew install mutagen-io/mutagen/mutagen-compose`) Linux -* Docker 20.10.14+ +* Docker Engine 24.0.6+ (see [documentation](https://docs.docker.com/engine/install/)) +* Compose 2.23.0+ +(see [documentation](https://docs.docker.com/compose/install/)) ## Overview diff --git a/elao.app.docker/test/.manala.yaml b/elao.app.docker/test/.manala.yaml index 452ced1b..0e926b10 100644 --- a/elao.app.docker/test/.manala.yaml +++ b/elao.app.docker/test/.manala.yaml @@ -26,7 +26,7 @@ system: hosts: 1.2.3.4: foo.bar goss: - version: 0.3.21 + version: 0.4.4 nginx: configs: - template: nginx/gzip.j2 diff --git a/elao.app.docker/test/goss.yaml b/elao.app.docker/test/goss.yaml index 966906f1..5582ed78 100644 --- a/elao.app.docker/test/goss.yaml +++ b/elao.app.docker/test/goss.yaml @@ -41,7 +41,7 @@ command: ansible --version: exit-status: 0 stdout: - - ansible [core 2.15.5] + - ansible [core 2.15.8] # Locales locale: exit-status: 0 @@ -110,35 +110,35 @@ file: # System /etc/os-release: exists: true - contains: + contents: - VERSION_ID="{{ .Vars.system.version }}" # Timezone /etc/timezone: exists: true - contains: + contents: - {{ .Vars.system.timezone }} # Files /srv/foo: exists: true - contains: + contents: - bar # Php /etc/php/{{ .Vars.system.php.version }}/fpm/pool.d/app.conf: exists: true - contains: + contents: {{- range $key, $value := .Vars.system.php.env }} - env[{{ $key }}] = "{{ $value }}" {{- end }} # Cron /etc/cron.d/app: exists: true - contains: + contents: - HOME="/srv/app" - "* * * * * app php bin/console app:foo:bar --no-interaction -vv >> /srv/" # Supervisor /etc/supervisor/conf.d/app.conf: exists: true - contains: + contents: - "[program:foo]" - autorestart=true - autostart=false @@ -153,8 +153,8 @@ file: # Ssh /etc/ssh/ssh_config: exists: true - contains: - - # Ssh config + contents: + - "# Ssh config" http: # MailHog