-
Notifications
You must be signed in to change notification settings - Fork 343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(docker): add basic docker support #1433
base: master
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for selfoss canceled.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution.
Still the main obstacle is that I do not understand how users that want Docker expect to use the image so I have no way of evaluating whether the PR fits that.
Do people just run docker
commands manually? Or use something like docker-compose? How do they handle updates? What are security considerations? How do people configure software? How do they manage data backups?
.dockerignore
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not really like these huge blacklists with patterns that are not relevant. Maybe just copy what we need. Or better copy the result on npm run dist
, which also prunes the vendor/
directory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've reduced the blacklist. Usually we want to "copy everything relevant" (COPY . .
) without having to bother for new / changed directories, although the opposite is also valid.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIUC, each RUN
creates a new layer which is suboptimal https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#minimize-the-number-of-layers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, but having more separate, atomic layers with fine-grained COPY
is far better than a few non-atomic layers. Each layer actually add a few bytes (technically speaking, a layer is a tar file, and all layers of an image are mounted on top of the previous ones)
Dockerfile
Outdated
RUN COMPOSER_ALLOW_SUPERUSER=1 composer install --optimize-autoloader --no-dev | ||
|
||
# Setup cron | ||
RUN echo '* * * * * curl http://localhost/update' | tee /etc/cron.d/selfoss \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does cron run multiple instances or wait for the old one to finish? If the former, that sounds like a recipe for #967. Either way running every minute is probably too frequent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cron here is the good old Vixie / ISC cron, so it is quite dumb and launches the command even if the old one have not finished. We could use some locking here, let me add it.
Dockerfile
Outdated
RUN chown -R www-data:www-data /var/www/html/data | ||
|
||
# Overload default command to run cron in the background | ||
RUN sed -i 's/^exec /service cron start\n\nexec /' /usr/local/bin/apache2-foreground |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks too messy for my taste. At minimum we should use a service manager like https://gitlab.com/radek-sprta/docker-selfoss does.
Ideally, the whole thing would be fully declarative like #1271 but I still need to figure out how to use s6-rc service manager.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, the more I think about it, the more I think maybe we should NOT try to deal with it from inside of the container. A container is supposed to be simple and run one thing, and put cron AND apache on the same container is more of a hack. At worse, one still have to configure its own cron, at best we can automate further through another container in the future.
What's your opinion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could have another container doing that job. For Kubernetes, you could simply use a CronSet.
A few months later, let me try to answer.
I understand this issue. Maybe I can just say that I'm a Kubernetes contributor (see my profile) and my production clusters manage ~15000 running containers right now, if that helps. Of course I don't want to pretend to be someone here! ;)
It really depend, some use docker-compose, some use raw docker/containerd commands, some use Kubernetes either directly or through Helm, some use home NAS like synology to manage containers for them, but all of them use container image definition. I'm going to update a bit the PR to be more up-to-date and take into account your suggestions! |
Notes:
|
Hello @jtojnar, would you have any time to review this PR? |
Here is a first try of #1350 as a simpler alternative / first step than #1170
Here are some notes:
If you think this could easily be done, feel free to point me to the right direction, but I was not able to properly separate build from serve (due to always needing to build extensions...)edit: https://hub.docker.com/_/composer/ recommends doing what is done in this pr, so everything seems ok, and I now delete development packages.What do you think?
Potential next steps if this gets merged: