container-openvoxserver/openvoxserver/Containerfile at ada75b38f3425911a71a35ea7b320e45aa05dfdd · OpenVoxProject/container-openvoxserver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
ARG UBUNTU_VERSION=26.04
FROM ubuntu:${UBUNTU_VERSION} AS builder

ARG BUILD_PKGS="ruby3.2-dev gcc make cmake pkg-config libssl-dev libc6-dev libssh2-1-dev"
ARG R10K_VERSION=5.0.0
ARG RUGGED_VERSION=1.9.0

RUN apt-get update && \
    apt-get install -y --no-install-recommends $BUILD_PKGS && \
    gem install --no-doc r10k -v $R10K_VERSION && \
    gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh

FROM ubuntu:${UBUNTU_VERSION} AS final

ARG vcs_ref
ARG build_type
ARG build_date
ARG PACKAGES="git netbase openssh-client libssh2-1 dumb-init ruby3.2"
ARG UBUNTU_VERSION=24.04
ARG OPENVOX_RELEASE=8
ARG OPENVOXSERVER_VERSION=8.8.0-1+ubuntu${UBUNTU_VERSION}
ARG OPENVOXDB_VERSION=8.9.0-1+ubuntu${UBUNTU_VERSION}
ARG OPENVOX_USER_UID=999
ARG OPENVOX_USER_GID=999
ARG OPENVOX_RELEASE_PACKAGE=openvox${OPENVOX_RELEASE}-release-ubuntu${UBUNTU_VERSION}.deb

LABEL org.label-schema.maintainer="Voxpupuli Team <voxpupuli@groups.io>" \
      org.label-schema.vendor="OpenVoxProject" \
      org.label-schema.url="https://github.com/OpenVoxProject/container-openvoxserver" \
      org.label-schema.vcs-url="https://github.com/OpenVoxProject/container-openvoxserver" \
      org.label-schema.schema-version="1.0" \
      org.label-schema.dockerfile="/Containerfile" \
      org.label-schema.name="OpenVox Server ($build_type)" \
      org.label-schema.version="$OPENVOXSERVER_VERSION" \
      org.label-schema.vcs-ref="$vcs_ref" \
      org.label-schema.build-date="$build_date"

ENV AUTOSIGN=true \
    CA_ALLOW_SUBJECT_ALT_NAMES=false \
    CA_ENABLED=true \
    CA_TTL=157680000 \
    CA_HOSTNAME=puppet \
    CA_PORT=8140 \
    CERTNAME="" \
    CSR_ATTRIBUTES='{}' \
    DEBIAN_FRONTEND=noninteractive \
    DNS_ALT_NAMES="" \
    ENVIRONMENTPATH=/etc/puppetlabs/code/environments \
    HIERACONFIG='$confdir/hiera.yaml' \
    INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \
    INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \
    INTERMEDIATE_CA=false \
    INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \
    LOGDIR=/var/log/puppetlabs/puppetserver \
    OPENVOX_REPORTS="puppetdb" \
    OPENVOX_STORECONFIGS_BACKEND="puppetdb" \
    OPENVOX_STORECONFIGS=true \
    OPENVOXDB_SERVER_URLS=https://openvoxdb:8081 \
    OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \
    OPENVOXSERVER_ENVIRONMENT_TIMEOUT=unlimited \
    OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED=false \
    OPENVOXSERVER_GRAPHITE_HOST=exporter \
    OPENVOXSERVER_GRAPHITE_PORT=9109 \
    OPENVOXSERVER_HOSTNAME="" \
    OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \
    OPENVOXSERVER_MAX_ACTIVE_INSTANCES=1 \
    OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE=0 \
    OPENVOXSERVER_PORT=8140 \
    PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \
    SSLDIR=/etc/puppetlabs/puppet/ssl \
    USE_OPENVOXDB=true

COPY container-entrypoint.sh \
     docker-entrypoint.sh \
     healthcheck.sh \
     Containerfile \
     /

COPY container-entrypoint.d /container-entrypoint.d
COPY --from=builder /var/lib/gems/ /var/lib/gems/
COPY --from=builder /usr/local/bin/r10k /usr/local/bin/

ADD https://apt.voxpupuli.org/openvox${OPENVOX_RELEASE}-release-ubuntu${UBUNTU_VERSION}.deb /
RUN apt-get update && \
    apt-get install -y ca-certificates /${OPENVOX_RELEASE_PACKAGE} && \
    rm /${OPENVOX_RELEASE_PACKAGE}

RUN groupadd -g ${OPENVOX_USER_GID} puppet && \
    useradd -m -u ${OPENVOX_USER_UID} -g puppet puppet && \
    chmod +x /container-entrypoint.sh /docker-entrypoint.sh /healthcheck.sh /container-entrypoint.d/*.sh && \
    apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y \
        $PACKAGES \
        openvoxdb-termini=${OPENVOXDB_VERSION} \
        openvox-server=${OPENVOXSERVER_VERSION} \
        && \
    apt-get autoremove -y && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    cp -pr /etc/puppetlabs/puppet /var/tmp && \
    cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \
    rm -rf /var/tmp/puppet/ssl

# needs to be copied after package installation
COPY puppetserver /etc/default/puppetserver

COPY logback.xml \
     request-logging.xml \
     /etc/puppetlabs/puppetserver/

COPY conf.d/puppetserver.conf \
     conf.d/product.conf \
     /etc/puppetlabs/puppetserver/conf.d/

COPY puppetdb.conf /var/tmp/puppet/

# k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK
HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"]

# NOTE: this is just documentation on defaults
EXPOSE 8140

ENTRYPOINT ["dumb-init", "/container-entrypoint.sh"]
CMD ["foreground"]