• R/O
  • SSH

manifest: Commit

A service to replicate and serve requests for site configurations based on site ID, public IP, and the on-site lead contact's OTP.


Commit MetaInfo

Révisiond3bef901d0a703ad8ca619d91a47d1370d93f7db (tree)
l'heure2021-10-13 02:11:10
AuteurS. Seago <sseago-dev@proj...>
CommiterS. Seago

Message de Log

Beautify code blocks

Change Summary

Modification

diff -r b952195fc43c -r d3bef901d0a7 container/Docker Notes.adoc
--- a/container/Docker Notes.adoc Tue Oct 12 10:30:58 2021 -0500
+++ b/container/Docker Notes.adoc Tue Oct 12 12:11:10 2021 -0500
@@ -26,55 +26,27 @@
2626 # Note: when updating the go minor version here, also update the go-channel in snap/snapcraft.yml
2727 FROM golang:1.16.7-buster
2828 LABEL maintainer="Steven Allen <steven@stebalien.com>"
29-
3029 # Install deps
31-RUN apt-get update && apt-get install -y \
32- libssl-dev \
33- ca-certificates \
34- fuse
35-
30+RUN apt-get update && apt-get install -y libssl-dev ca-certificates fuse
3631 ENV SRC_DIR /go-ipfs
37-
3832 # Download packages first so they can be cached.
3933 COPY go.mod go.sum $SRC_DIR/
40-RUN cd $SRC_DIR \
41- && go mod download
42-
34+RUN cd $SRC_DIR && go mod download
4335 COPY . $SRC_DIR
44-
4536 # Preload an in-tree but disabled-by-default plugin by adding it to the IPFS_PLUGINS variable
4637 # e.g. docker build --build-arg IPFS_PLUGINS="foo bar baz"
4738 ARG IPFS_PLUGINS
48-
4939 # Build the thing.
5040 # Also: fix getting HEAD commit hash via git rev-parse.
51-RUN cd $SRC_DIR \
52- && mkdir -p .git/objects \
53- && make build GOTAGS=openssl IPFS_PLUGINS=$IPFS_PLUGINS
54-
41+RUN cd $SRC_DIR && mkdir -p .git/objects && make build GOTAGS=openssl IPFS_PLUGINS=$IPFS_PLUGINS
5542 # Get su-exec, a very minimal tool for dropping privileges,
5643 # and tini, a very minimal init daemon for containers
5744 ENV SUEXEC_VERSION v0.2
5845 ENV TINI_VERSION v0.19.0
59-RUN set -eux; \
60- dpkgArch="$(dpkg --print-architecture)"; \
61- case "${dpkgArch##*-}" in \
62- "amd64" | "armhf" | "arm64") tiniArch="tini-static-$dpkgArch" ;;\
63- *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
64- esac; \
65- cd /tmp \
66- && git clone https://github.com/ncopa/su-exec.git \
67- && cd su-exec \
68- && git checkout -q $SUEXEC_VERSION \
69- && make su-exec-static \
70- && cd /tmp \
71- && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch \
72- && chmod +x tini
73-
46+RUN set -eux; dpkgArch="$(dpkg --print-architecture)"; case "${dpkgArch##*-}" in "amd64" | "armhf" | "arm64") tiniArch="tini-static-$dpkgArch" ;; *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; esac; cd /tmp && git clone https://github.com/ncopa/su-exec.git && cd su-exec && git checkout -q $SUEXEC_VERSION && make su-exec-static && cd /tmp && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch && chmod +x tini
7447 # Now comes the actual target image, which aims to be as small as possible.
7548 FROM busybox:1.31.1-glibc
7649 LABEL maintainer="Steven Allen <steven@stebalien.com>"
77-
7850 # Get the ipfs binary, entrypoint script, and TLS CAs from the build container.
7951 ENV SRC_DIR /go-ipfs
8052 COPY --from=0 $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs
@@ -83,20 +55,15 @@
8355 COPY --from=0 /tmp/tini /sbin/tini
8456 COPY --from=0 /bin/fusermount /usr/local/bin/fusermount
8557 COPY --from=0 /etc/ssl/certs /etc/ssl/certs
86-
8758 # Add suid bit on fusermount so it will run properly
8859 RUN chmod 4755 /usr/local/bin/fusermount
89-
9060 # Fix permissions on start_ipfs (ignore the build machine's permissions)
9161 RUN chmod 0755 /usr/local/bin/start_ipfs
92-
9362 # This shared lib (part of glibc) doesn't seem to be included with busybox.
9463 COPY --from=0 /lib/*-linux-gnu*/libdl.so.2 /lib/
95-
9664 # Copy over SSL libraries.
9765 COPY --from=0 /usr/lib/*-linux-gnu*/libssl.so* /usr/lib/
9866 COPY --from=0 /usr/lib/*-linux-gnu*/libcrypto.so* /usr/lib/
99-
10067 # Swarm TCP; should be exposed to the public
10168 EXPOSE 4001
10269 # Swarm UDP; should be exposed to the public
@@ -107,35 +74,25 @@
10774 EXPOSE 8080
10875 # Swarm Websockets; must be exposed publicly when the node is listening using the websocket transport (/ipX/.../tcp/8081/ws).
10976 EXPOSE 8081
110-
11177 # Create the fs-repo directory and switch to a non-privileged user.
11278 ENV IPFS_PATH /data/ipfs
113-RUN mkdir -p $IPFS_PATH \
114- && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs \
115- && chown ipfs:users $IPFS_PATH
116-
79+RUN mkdir -p $IPFS_PATH && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs && chown ipfs:users $IPFS_PATH
11780 # Create mount points for `ipfs mount` command
118-RUN mkdir /ipfs /ipns \
119- && chown ipfs:users /ipfs /ipns
120-
81+RUN mkdir /ipfs /ipns && chown ipfs:users /ipfs /ipns
12182 # Expose the fs-repo as a volume.
12283 # start_ipfs initializes an fs-repo if none is mounted.
12384 # Important this happens after the USER directive so permissions are correct.
12485 VOLUME $IPFS_PATH
125-
12686 # The default logging level
12787 ENV IPFS_LOGGING ""
128-
12988 # This just makes sure that:
13089 # 1. There's an fs-repo, and initializes one if there isn't.
13190 # 2. The API and Gateway are accessible from outside the container.
13291 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"]
133-
13492 # Heathcheck for the container
13593 # QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn is the CID of empty folder
136-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
137- CMD ipfs dag stat /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn || exit 1
138-
94+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3
95+CMD ipfs dag stat /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn || exit 1
13996 # Execute the daemon subcommand by default
14097 CMD ["daemon", "--migrate=true"]
14198 ---
\ No newline at end of file
Afficher sur ancien navigateur de dépôt.