[Elao - App] Docker applications

Author: nervo

MIGRATION.md

@@ -0,0 +1,121 @@
+- vagrant destroy && rm -Rf .vagrant
+
+- Récupération des parametres Vagrantfile vers le .manala.yaml
+  - app.name -> system.hostname + ".vm"
+  - app.box_version 3.* -> system.version 8
+    app.box_version 4.* -> system.version 9
+  - app.box_memory -> system.memory *si* différent de 1024 ou 2048
+- Suppression du fichier Vagrantfile
+
+- Nettoyage du/des Makefile
+  - Suppression des `.PHONY: build test`
+  - Suppression des `## Colors`
+  - Suppression des `## Help`
+  - `-include .manala/make/Makefile` -> `-include .manala/Makefile`
+  - Suppression des "HOSTNAME", "APP_HOSTNAME" et "_check_*"
+  - Déplacement de target setup vers define setup
+    ```
+    if [ -d  "./var/cache" ]; then rm -rf ./var/cache; fi;          define setup
+  	if [ -d "./var/log" ]; then rm -rf ./var/log; fi;           ->  	$(VAGRANT_MAKE) install build
+  	vagrant up --no-provision                                       endef
+  	vagrant provision
+  	vagrant ssh -- "cd /srv/app && make install && make build"
+    ```
+  - Suppression de la partie "Environment"
+  - Remplacement des `make -C` par des `$(MAKE) --directory `
+  - Custom -> App
+  -
+    ```
+    ##########     #########
+    # Build #   -> # Build #
+    ##########     #########
+    ```
+
+- Un petit tour dans le readme, notament:
+  - Requirements
+    ```
+    * Make
+    * Vagrant 2.2.10+
+    * Landrush 1.3.2+
+    * VirtualBox 6.1.12+
+    * Docker Desktop 2.2.0+
+    ```
+    - Usage: vagrant -> make
+
+- Remplacement des credentials db dans .env/.env.test`
+  ```
+  DATABASE_URL=mysql://app@127.0.0.1:3306/* -> DATABASE_URL=mysql://root@127.0.0.1:3306/*
+  ```
+  ou dans config/paramaters.yml[.dist]
+  ```
+  database_user:     app -> database_user:     root
+  ```
+
+- Nettoyage du fichier .gitignore à la racine
+  ```
+  # Vagrant
+  .vagrant/
+
+  # Ansible
+  ansible/*.retry
+  ansible/group_vars/*_local.yml
+  /ansible/roles/
+  build/
+  .manala.local.yaml
+  ```
+
+- .manala.yaml
+  - suppression de l'entrée system.symfony
+  - Modification de l'entrée system.ssh.config
+  ```
+  ssh:                                     ssh:
+    config: |                                  client:
+      Host previ-*.elao.prod.elao.run  ->          config:
+          User         app                           - Host *.elao.run:
+          ForwardAgent yes                             - User: app
+                                                       - ForwardAgent: true
+  ```
+
+  - suppression dans les tâches d'integration
+  ```
+  env:
+      DATABASE_URL: mysql://root@127.0.0.1:3306/app
+  ```
+  ou
+  ```
+  env:
+      APP_DATABASE_HOST: 127.0.0.1
+      APP_DATABASE_NAME: api
+      APP_DATABASE_USER: root
+  ```
+
+- Bascule de `ansible/group_vars/app.yml` vers `.manala.yaml`
+  - timezone si différente de "Etc/UTC"
+  - Files
+    avant:
+    ```
+    files_attributes:
+      - path:  "{{ app.dir }}{{ app.dir_release }}/var/log"
+        src:   "{{ app.log_dir }}"
+        state: link_directory
+      - path:  "{{ app.dir }}{{ app.dir_release }}/var/cache"
+        src:   "{{ app.cache_dir }}"
+        state: link_directory
+    ```
+    après:
+    ```
+    files:
+      - path: /srv/app/var/log
+        src: /srv/log
+        state: link_directory
+        force: true
+      - path: /srv/app/var/cache
+        src: /srv/cache
+        state: link_directory
+        force: true
+    ```
+  - Penser à rajouter l'extention php `mysql` si necessaire
+  - apt -> supprimer package "pv" au besoin, il est maintenant intégré de base dans la vm
+  - cron -> ne plus préciser le user, il est posé par défaut à vagrant dans system.yaml
+
+- Suppression du repertoire ansible

TODO.md

@@ -0,0 +1,18 @@
+- deprecation des templates packer
+- déprécation du role zsh (il ne fait rien d'autre que d'installer) au profit d'un simple apt zsh
+  OU déplacement de la gestion des env DANS le role zsh
+- deprecation du role make ???
+- deprecation du role npm ?
+- état des lieux pour ntp, envisager deprecation
+- templates j2 dans les roles
+- deprecation role/package opcache-dashboard
+- deprecation du role/package phpmyadmin
+- deprecation du role/package phpredisadmin
+- `manala.update: true` en dev, ou pas ???
+- deprecation de role/package phantomjs
+- penser coté jenkins à supprimer le check sur .manala/jenkins/Jenkinsfile ET à repercuter cogé config sur kubernetes
+- zut, et quid du app_local.yml ???
+- pour le local, ca pourrait se limiter aux variables d'env
+  cf. https://blackfire.io/docs/configuration/agent#configuring-the-agent-via-environment-variables
+  et pour le xdebug
+- motd dynamique

elao.app/.manala.yaml

@@ -109,6 +109,8 @@ system:
     docker:
         # @schema {"items": {"type": "object"}}
         containers: []
+        # @schema {"items": {"type": "object"}}
+        applications: []
 
 ###############
 # Integration #

elao.app/.manala/Dockerfile.tmpl

@@ -34,7 +34,8 @@ RUN \
     && mkdir -p /srv \
     && chmod 777 /srv \
     # User
-    && adduser --disabled-password --gecos "" docker \
+    && addgroup --system docker \
+    && adduser --disabled-password --ingroup docker --gecos docker docker \
     # Bash
     && sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' \
         /home/docker/.bashrc \
@@ -59,10 +60,6 @@ RUN \
         ansible python3 python3-apt
     {{- end }}
 
-COPY docker/bin/entrypoint.sh /usr/local/bin/entrypoint.sh
-
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-
 ##########
 # System #
 ##########
@@ -73,20 +70,25 @@ COPY ansible/templates                       /tmp/ansible/templates/
 COPY ansible/ansible.cfg ansible/system.yaml /tmp/ansible/
 
 RUN \
+    # Ansible
     cd /tmp/ansible \
     && ansible-galaxy collection install \
       --requirements-file roles/system/requirements.yaml \
       --force \
     && ansible-playbook system.yaml \
       --inventory-file inventories \
       --limit integration \
-    && rm -Rf /tmp/ansible
-
-RUN \
+    && rm -Rf /tmp/ansible \
+    # Cleanup docker
+    && rm -Rf /var/lib/docker \
     # NodeJs
-    mkdir -p /usr/etc \
+    && mkdir -p /usr/etc \
     && echo "cache=\${XDG_CACHE_HOME}/npm" > /usr/etc/npmrc
 
+COPY docker/bin/entrypoint.sh /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
 WORKDIR /srv/app
 
 USER docker

elao.app/.manala/Jenkinsfile.tmpl

@@ -289,7 +289,7 @@ podTemplate(
         }
 
         try {
-            appImage.inside("--network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
+            appImage.inside("--privileged --network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
                 {{- include "node" (dict "node" $integration) | trim | nindent 16 }}
             }
         } finally {

elao.app/.manala/ansible/inventories/system.yaml.tmpl

@@ -8,10 +8,19 @@ system:
         ###############
 
         development:
+
             # Ansible
             ansible_connection: local
+
             # Accounts
             manala_accounts_enabled: true
+            manala_accounts_groups:
+              - group: docker
+                system: true
+            manala_accounts_users:
+              - user: vagrant
+                group: vagrant
+                groups: ['docker']
             # Motd
             manala_motd_enabled: true
             # Timezone
@@ -73,7 +82,38 @@ system:
             # Elasticsearch
             manala_elasticsearch_enabled: {{ not (empty .elasticsearch.version) | ternary "true" "false" }}
             # Docker
-            manala_docker_enabled: true
+            manala_docker_containers:
+              - name: mailhog
+                image: mailhog/mailhog:v1.0.1
+                state: started
+                restart_policy: unless-stopped
+                ports:
+                  - 25:1025
+                  - 8025:8025
+              - name: phpmyadmin
+                image: phpmyadmin/phpmyadmin
+                state: {{ or (not (empty .mysql.version)) (not (empty .mariadb.version)) | ternary "started" "absent" }}
+                restart_policy: unless-stopped
+                env:
+                  PMA_USER: root
+                  # Default docker host ip
+                  PMA_HOST: 172.17.0.1
+                  UPLOAD_LIMIT: 64M
+                ports:
+                  - 1979:80
+              - name: phpredisadmin
+                image: erikdubbelboer/phpredisadmin
+                state: {{ not (empty .redis.version) | ternary "started" "absent" }}
+                restart_policy: unless-stopped
+                env:
+                  # Default docker host ip
+                  REDIS_1_HOST: 172.17.0.1
+                ports:
+                  - 1981:80
+            {{- if .docker.containers }}
+              # App
+              {{- .docker.containers | toYaml | nindent 10 }}
+            {{- end }}
             # Gomplate
             manala_gomplate_enabled: true
 
@@ -82,8 +122,10 @@ system:
         ###############
 
         integration:
+
             # Ansible
             ansible_connection: local
+
             # Apt
             manala_apt_enabled: true
             manala_apt_packages:
@@ -120,15 +162,6 @@ system:
         # All #
         #######
 
-        # Accounts
-        manala_accounts_groups:
-          - group: docker
-            system: true
-        manala_accounts_users:
-          - user: vagrant
-            group: vagrant
-            groups: ['docker']
-
         # Motd
         manala_motd_scripts_exclusive: true
         manala_motd_scripts:
@@ -423,37 +456,11 @@ system:
         {{- end }}
 
         # Docker
-        manala_docker_containers:
-          - name: mailhog
-            image: mailhog/mailhog:v1.0.1
-            state: started
-            restart_policy: unless-stopped
-            ports:
-              - 25:1025
-              - 8025:8025
-          - name: phpmyadmin
-            image: phpmyadmin/phpmyadmin
-            state: {{ or (not (empty .mysql.version)) (not (empty .mariadb.version)) | ternary "started" "absent" }}
-            restart_policy: unless-stopped
-            env:
-              PMA_USER: root
-              # Default docker host ip
-              PMA_HOST: 172.17.0.1
-              UPLOAD_LIMIT: 64M
-            ports:
-              - 1979:80
-          - name: phpredisadmin
-            image: erikdubbelboer/phpredisadmin
-            state: {{ not (empty .redis.version) | ternary "started" "absent" }}
-            restart_policy: unless-stopped
-            env:
-              # Default docker host ip
-              REDIS_1_HOST: 172.17.0.1
-            ports:
-              - 1981:80
-        {{- if .docker.containers }}
+        manala_docker_enabled: true
+        {{- if .docker.applications }}
+        manala_docker_applications:
           # App
-          {{- .docker.containers | toYaml | nindent 10 }}
+          {{- .docker.applications | toYaml | nindent 10 }}
         {{- end }}
 
 {{- end }}

elao.app/.manala/ansible/templates/docker/audiowaveform.j2

@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+docker run \
+  --rm \
+  --user 1000 \
+  --volume /srv:/srv \
+  elao/audiowaveform:{{ item.version|mandatory }} \
+  "$@"

elao.app/.manala/docker/bin/entrypoint.sh

@@ -2,6 +2,9 @@
 
 set -e
 
+# Docker
+sudo /etc/init.d/docker start
+
 # Cache (Composer and Yarn both follows XDG Base Directory Specification. For
 # the others, related environment variables must be expanded at runtime)
 if [ -n "${XDG_CACHE_HOME}" ]; then

elao.app/.manala/docker/make.mk.tmpl

@@ -25,6 +25,7 @@ define docker_run
 		--rm \
 		--tty \
 		--interactive \
+		--privileged \
 		--hostname {{ .Vars.system.hostname }} \
 		--mount 'type=bind,consistency=delegated,source=$(realpath $(_ROOT_DIR)),target=/srv/app' \
 		--workdir /srv/app/$(_DIR) \

elao.app/.manala/jenkins/Jenkinsfile.tmpl

@@ -289,7 +289,7 @@ podTemplate(
         }
 
         try {
-            appImage.inside("--network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
+            appImage.inside("--privileged --network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
                 {{- include "node" (dict "node" $integration) | trim | nindent 16 }}
             }
         } finally {