diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-07-21 16:44:38 +0200 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2015-07-23 14:27:25 +0200 |
commit | 47e81e75d7545a5d8601210055a7a6349aaaa528 (patch) | |
tree | e5ff0e4f46d10a729c516b8ddb2d83c024fa67fc | |
parent | 8ba1a7a03f849cd83a83476c920c2c0572e675d7 (diff) | |
download | gitlab-ce-docker-pin.tar.gz |
PIN users to UIDs and monkey patch initctldocker-pin
-rw-r--r-- | docker/Dockerfile | 23 | ||||
-rw-r--r-- | docker/assets/gitlab-docker.rb | 16 | ||||
-rwxr-xr-x | docker/assets/initctl | 67 | ||||
-rwxr-xr-x | docker/assets/wrapper | 9 |
4 files changed, 97 insertions, 18 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index 05521af6963..ad26d932d31 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -25,14 +25,16 @@ RUN mkdir -p /opt/gitlab/sv/sshd/supervise \ && ln -s /opt/gitlab/sv/sshd /opt/gitlab/service \ && mkdir -p /var/run/sshd -# Prepare default configuration -RUN ( \ - echo "" && \ - echo "# Docker options" && \ - echo "# Prevent Postgres from trying to allocate 25% of total memory" && \ - echo "postgresql['shared_buffers'] = '1MB'" ) >> /etc/gitlab/gitlab.rb && \ - mkdir -p /assets/ && \ - cp /etc/gitlab/gitlab.rb /assets/gitlab.rb +# Copy assets +COPY assets/ /assets/ +RUN cat /assets/gitlab-docker.rb /etc/gitlab/gitlab.rb > /assets/gitlab.rb && \ + rm /etc/gitlab/gitlab.rb + +# Monkey patch missing initctl +COPY assets/initctl /sbin/initctl + +# Allow to access embedded tools +ENV PATH /opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH # Expose web & ssh EXPOSE 443 80 22 @@ -40,8 +42,5 @@ EXPOSE 443 80 22 # Define data volumes VOLUME ["/etc/gitlab", "/var/opt/gitlab", "/var/log/gitlab"] -# Copy assets -COPY assets/wrapper /usr/local/bin/ - # Wrapper to handle signal, trigger runit and reconfigure GitLab -CMD ["/usr/local/bin/wrapper"] +CMD ["/assets/wrapper"] diff --git a/docker/assets/gitlab-docker.rb b/docker/assets/gitlab-docker.rb new file mode 100644 index 00000000000..b6d487a84c7 --- /dev/null +++ b/docker/assets/gitlab-docker.rb @@ -0,0 +1,16 @@ +# Docker options +## Prevent Postgres from trying to allocate 25% of total memory +postgresql['shared_buffers'] = '1MB' + +## PIN users to UIDs +user['uid'] = 998 +user['gid'] = 998 +postgresql['uid'] = 996 +postgresql['gid'] = 996 +redis['uid'] = 997 +redis['gid'] = 997 +web_server['uid'] = 999 +web_server['gid'] = 999 +gitlab_ci['uid'] = 995 +gitlab_ci['gid'] = 995 + diff --git a/docker/assets/initctl b/docker/assets/initctl new file mode 100755 index 00000000000..944741ee66c --- /dev/null +++ b/docker/assets/initctl @@ -0,0 +1,67 @@ +#!/bin/bash + +# Monkey patch missing initctl in docker environment + +fail() { + echo "$@" 1>&2 + exit 1 +} + +verify_args() { + if [[ "$2" != "gitlab-runsvdir" ]]; then + fail "initctl: Unknown job: $2" + fi + if [[ $# -ne 2 ]]; then + fail "usage: $0 command gitlab-runsvdir" + fi +} + +proxy_gitlab_ctl() { + gitlab-ctl "$COMMAND" +} + +COMMAND="$1" +shift +SERVICE="$1" + +case "$COMMAND" in + start) + verify_args "$COMMAND" "$@" + RUNSVDIR=$(pidof runsvdir) + if [[ -z "$RUNSVDIR" ]]; then + /opt/gitlab/embedded/bin/runsvdir-start & + fi + ;; + + stop|restart) + verify_args "$COMMAND" "$@" + proxy_gitlab_ctl "$COMMAND" "$@" + ;; + + status) + verify_args "$COMMAND" "$@" + if [[ ! -f /etc/init/$SERVICE.conf ]]; then + fail "initctl: Unknown job: $SERVICE" + fi + + RUNSVDIR=$(pidof runsvdir) + if [[ -n "$RUNSVDIR" ]]; then + echo "$SERVICE start/running, process $RUNSVDIR" + else + echo "$SERVICE stop/waiting" + fi + ;; + + reload) + verify_args "$COMMAND" "$@" + proxy_gitlab_ctl "hup" "$@" + ;; + + list) + echo "gitlab-runsvdir" + ;; + + *) + exit 0 + ;; +esac diff --git a/docker/assets/wrapper b/docker/assets/wrapper index 8bc8370fbc9..cd7e50b5719 100755 --- a/docker/assets/wrapper +++ b/docker/assets/wrapper @@ -7,15 +7,12 @@ function sigterm_handler() { trap "sigterm_handler; exit" TERM -function entrypoint() { - /opt/gitlab/embedded/bin/runsvdir-start & - gitlab-ctl reconfigure # will also start everything - gitlab-ctl tail # tail all logs -} +set -xe if [[ ! -e /etc/gitlab/gitlab.rb ]]; then cp /assets/gitlab.rb /etc/gitlab/gitlab.rb chmod 0600 /etc/gitlab/gitlab.rb fi -entrypoint +gitlab-ctl reconfigure # start everything +gitlab-ctl tail # all logs |