charm-k8s-wordpress

Merge ~barryprice/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master into ~wordpress-charmers/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master

  1. Git
  2. lp:~barryprice/charm-k8s-wordpress/+git/wordpress-k8s-image-builder
  3. master
  4. Merge into master
Proposed by Barry Price
Status: Merged
Approved by: Tom Haddon
Approved revision: 52526f26aaf04716643beb1990c91dac9826da07
Merged at revision: d926292f1df9ee1c686a69370a4c1bcede7421b6
Proposed branch: ~barryprice/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master
Merge into: ~wordpress-charmers/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master
Diff against target: 179 lines (+110/-20)
4 files modified
Dockerfile (+18/-20)
files/docker-entrypoint.sh (+14/-0)
files/wp-config.php (+25/-0)
files/wp-info.php (+53/-0)
Reviewer Review Type Date Requested Status
Tom Haddon Approve
Canonical IS Reviewers Pending
Review via email: mp+377920@code.launchpad.net

Commit message

First pass at handling site config via env variables

To post a comment you must log in.
Revision history for this message
Barry Price (barryprice) wrote :

Passing run:

https://jenkins.canonical.com/is/job/wordpress-k8s-image-builder/21/console

Still need to confirm the image actually runs as expected...

Revision history for this message
Barry Price (barryprice) wrote :

And another, post-fix:

https://jenkins.canonical.com/is/job/wordpress-k8s-image-builder/22/console

Revision history for this message
Barry Price (barryprice) wrote :

Confirmed working with a local (juju/microk8s) deploy.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Benjamin Allot (ballot) wrote :

A general comment on the dockerfile.

All metadata related steps, LABEL, ENTRYPOINT, CMD, need to be carefully placed in the Dockerfile to maximize cache usage.

I would move ENTRYPOINT and CMD right under the ARG part, even if it's minor.

As for the RUN however, the rule of thumb is to avoid their number as much as possible.
Doing one big RUN with a seccession of "&&" or say, 2, one for the install of package, one for the configuration items would be preferred IMO.

Also, I would the curl of the latest wordpress tarball at the top of the chain, so if we have a conenctivity issue and this fails, we fail early.

Last, but not least, ubuntu docker image already have a cleaning automated after all apt commands

$ docker run --rm -ti ubuntu:bionic cat /etc/apt/apt.conf.d/docker-clean
DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };
APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };
Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";

Revision history for this message
Barry Price (barryprice) wrote :

Build is still working, at least:

https://jenkins.canonical.com/is/job/wordpress-k8s-image-builder/24/console

Revision history for this message
Barry Price (barryprice) wrote :

Deploy confirmed working too. Ready for re-review, I think.

Revision history for this message
Tom Haddon (mthaddon) wrote :

Two comments inline

Revision history for this message
Tom Haddon (mthaddon) wrote :

Based on discussions on IRC I'm approving this. I'd missed the fact we were still doing an autoremove, and it seems there's no functional difference to adding --no-install-recommends, so that must be being set in the docker images's apt preferences already.

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision d926292f1df9ee1c686a69370a4c1bcede7421b6

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/Dockerfile b/Dockerfile
2index d9d9d67..ae922d5 100644
3--- a/Dockerfile
4+++ b/Dockerfile
5@@ -8,21 +8,16 @@ ARG BUILD_DATE
6
7 LABEL org.label-schema.build-date=$BUILD_DATE
8
9+ENV APACHE_CONFDIR=/etc/apache2
10+ENV APACHE_ENVVARS=/etc/apache2/envvars
11+
12 # Avoid interactive prompts
13 RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
14
15-# Update all packages, remove cruft
16+# Update all packages, remove cruft, install required packages, configure apache
17 RUN apt-get update && apt-get -y dist-upgrade \
18 && apt-get --purge autoremove -y \
19- && apt-get clean \
20- && rm -rf /var/lib/apt/lists/*
21-
22-# install and configure apache2 (--no-install-recommends as we don't need ssl-cert)
23-ENV APACHE_CONFDIR=/etc/apache2
24-ENV APACHE_ENVVARS=/etc/apache2/envvars
25-RUN apt-get update \
26- && apt-get install -y --no-install-recommends apache2 \
27- && rm -rf /var/lib/apt/lists/* \
28+ && apt-get install -y apache2 php libapache2-mod-php php-mysql php-gd curl ssl-cert pwgen \
29 && sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS" \
30 && . "$APACHE_ENVVARS" \
31 && for dir in "$APACHE_LOCK_DIR" "$APACHE_RUN_DIR" "$APACHE_LOG_DIR"; do rm -rvf "$dir"; mkdir -p "$dir"; chown "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; chmod 777 "$dir"; done \
32@@ -31,17 +26,10 @@ RUN apt-get update \
33 && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" \
34 && chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR"
35
36-# Configure PHP
37+# Configure PHP and apache2 - mod_php requires us to use mpm_prefork
38 COPY ./files/docker-php.conf $APACHE_CONFDIR/conf-available/docker-php.conf
39-RUN a2enconf docker-php
40-
41-# Install PHP
42-RUN apt-get update && apt-get install -y curl php libapache2-mod-php php-mysql php-gd \
43- && apt-get clean \
44- && rm -rf /var/lib/apt/lists/*
45-
46-# mod_php requires us to use mpm_prefork
47-RUN a2dismod mpm_event \
48+RUN a2enconf docker-php \
49+ && a2dismod mpm_event \
50 && a2enmod mpm_prefork
51
52 # Install the main Wordpress code, this will be our only site so /var/www/html is fine
53@@ -56,6 +44,16 @@ RUN curl -o wordpress.tar.gz -fSL "https://wordpress.org/latest.tar.gz" \
54 COPY --chown=www-data:www-data ./files/plugins/ /var/www/html/wp-content/plugins/
55 COPY --chown=www-data:www-data ./files/themes/ /var/www/html/wp-content/themes/
56
57+# wp-info.php contains template variables which our ENTRYPOINT script will populate
58+COPY ./files/wp-info.php /var/www/html/
59+COPY ./files/wp-config.php /var/www/html/
60+
61+# entrypoint script will configure Wordpress based on env variables
62+COPY ./files/docker-entrypoint.sh /usr/local/bin/
63+
64+RUN chmod 0755 /usr/local/bin/docker-entrypoint.sh
65 # Port 80 only, TLS will terminate elsewhere
66 EXPOSE 80
67+
68+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
69 CMD apachectl -D FOREGROUND
70diff --git a/files/docker-entrypoint.sh b/files/docker-entrypoint.sh
71new file mode 100644
72index 0000000..5f67d9d
73--- /dev/null
74+++ b/files/docker-entrypoint.sh
75@@ -0,0 +1,14 @@
76+#!/bin/bash
77+set -eu
78+
79+sed -i -e "s/%%%WORDPRESS_DB_HOST%%%/$WORDPRESS_DB_HOST/" /var/www/html/wp-info.php
80+sed -i -e "s/%%%WORDPRESS_DB_NAME%%%/$WORDPRESS_DB_NAME/" /var/www/html/wp-info.php
81+sed -i -e "s/%%%WORDPRESS_DB_USER%%%/$WORDPRESS_DB_USER/" /var/www/html/wp-info.php
82+sed -i -e "s/%%%WORDPRESS_DB_PASSWORD%%%/$WORDPRESS_DB_PASSWORD/" /var/www/html/wp-info.php
83+
84+for key in AUTH_KEY SECURE_AUTH_KEY LOGGED_IN_KEY NONCE_KEY AUTH_SALT SECURE_AUTH_SALT LOGGED_IN_SALT NONCE_SALT;
85+do
86+ sed -i -e "s/%%%${key}%%%/$(pwgen 64 1)/" /var/www/html/wp-info.php
87+done
88+
89+exec "$@"
90diff --git a/files/wp-config.php b/files/wp-config.php
91new file mode 100644
92index 0000000..7bcbc13
93--- /dev/null
94+++ b/files/wp-config.php
95@@ -0,0 +1,25 @@
96+<?php
97+#
98+# " "
99+# mmm m m mmm m m
100+# # # # # # #
101+# # # # # # #
102+# # "mm"# # "mm"#
103+# # #
104+# "" ""
105+# This file is managed by Juju. Do not make local changes.
106+#
107+
108+/* That's all, stop editing! Happy blogging. */
109+
110+/** Absolute path to the WordPress directory. */
111+if ( !defined('ABSPATH') )
112+ define('ABSPATH', dirname(__FILE__) . '/');
113+
114+/** Pull in the config information */
115+require_once(ABSPATH . 'wp-info.php');
116+
117+/** Sets up WordPress vars and included files. */
118+require_once(ABSPATH . 'wp-settings.php');
119+
120+remove_filter('template_redirect', 'redirect_canonical');
121diff --git a/files/wp-info.php b/files/wp-info.php
122new file mode 100644
123index 0000000..5a891a2
124--- /dev/null
125+++ b/files/wp-info.php
126@@ -0,0 +1,53 @@
127+<?php
128+#
129+# " "
130+# mmm m m mmm m m
131+# # # # # # #
132+# # # # # # #
133+# # "mm"# # "mm"#
134+# # #
135+# "" ""
136+# This file is managed by Juju. Do not make local changes.
137+#
138+
139+// We have to cheat a little because frontend service can terminate SSL
140+// If it does it should set X-Edge-Https header to "on" to tell us original
141+// request came on https
142+
143+if (!empty($_SERVER['HTTP_X_EDGE_HTTPS']) && 'off' != $_SERVER['HTTP_X_EDGE_HTTPS']) {
144+ $_SERVER['HTTPS'] = 'on';
145+}
146+
147+if (!empty($_SERVER['HTTPS']) && 'off' != $_SERVER['HTTPS']) {
148+ define('WP_PLUGIN_URL', 'https://' . $_SERVER['HTTP_HOST'] . '/wp-content/plugins');
149+ define('WP_CONTENT_URL', 'https://' . $_SERVER['HTTP_HOST'] . '/wp-content');
150+ define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
151+ define('WP_URL', 'https://' . $_SERVER['HTTP_HOST']);
152+ define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
153+}
154+else {
155+ define('WP_PLUGIN_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/wp-content/plugins');
156+ define('WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/wp-content');
157+ define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
158+ define('WP_URL', 'http://' . $_SERVER['HTTP_HOST']);
159+ define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
160+}
161+
162+define('DB_NAME', '%%%WORDPRESS_DB_NAME%%%');
163+define('DB_USER', '%%%WORDPRESS_DB_USER%%%');
164+define('DB_HOST', '%%%WORDPRESS_DB_HOST%%%');
165+
166+define('DB_PASSWORD', '%%%WORDPRESS_DB_PASSWORD%%%');
167+
168+define('WP_CACHE', true);
169+
170+define('AUTH_KEY', '%%%AUTH_KEY%%%');
171+define('SECURE_AUTH_KEY', '%%%SECURE_AUTH_KEY%%%');
172+define('LOGGED_IN_KEY', '%%%LOGGED_IN_KEY%%%');
173+define('NONCE_KEY', '%%%NONCE_KEY%%%');
174+define('AUTH_SALT', '%%%AUTH_SALT%%%');
175+define('SECURE_AUTH_SALT', '%%%SECURE_AUTH_SALT%%%');
176+define('LOGGED_IN_SALT', '%%%LOGGED_IN_SALT%%%');
177+define('NONCE_SALT', '%%%NONCE_SALT%%%');
178+
179+$table_prefix = 'wp_';

Subscribers

People subscribed via source and target branches