charm-k8s-wordpress

Merge ~barryprice/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master into ~wordpress-charmers/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master

  1. Git
  2. lp:~barryprice/charm-k8s-wordpress/+git/wordpress-k8s-image-builder
  3. master
  4. Merge into master
Proposed by Barry Price
Status: Merged
Approved by: Tom Haddon
Approved revision: 52526f26aaf04716643beb1990c91dac9826da07
Merged at revision: d926292f1df9ee1c686a69370a4c1bcede7421b6
Proposed branch: ~barryprice/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master
Merge into: ~wordpress-charmers/charm-k8s-wordpress/+git/wordpress-k8s-image-builder:master
Diff against target: 179 lines (+110/-20)
4 files modified
Dockerfile (+18/-20)
files/docker-entrypoint.sh (+14/-0)
files/wp-config.php (+25/-0)
files/wp-info.php (+53/-0)
Reviewer Review Type Date Requested Status
Tom Haddon Approve
Canonical IS Reviewers Pending
Review via email: mp+377920@code.launchpad.net

Commit message

First pass at handling site config via env variables

To post a comment you must log in.
Revision history for this message
Barry Price (barryprice) wrote :

Passing run:

https://jenkins.canonical.com/is/job/wordpress-k8s-image-builder/21/console

Still need to confirm the image actually runs as expected...

Revision history for this message
Barry Price (barryprice) wrote :

And another, post-fix:

https://jenkins.canonical.com/is/job/wordpress-k8s-image-builder/22/console

Revision history for this message
Barry Price (barryprice) wrote :

Confirmed working with a local (juju/microk8s) deploy.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Benjamin Allot (ballot) wrote :

A general comment on the dockerfile.

All metadata related steps, LABEL, ENTRYPOINT, CMD, need to be carefully placed in the Dockerfile to maximize cache usage.

I would move ENTRYPOINT and CMD right under the ARG part, even if it's minor.

As for the RUN however, the rule of thumb is to avoid their number as much as possible.
Doing one big RUN with a seccession of "&&" or say, 2, one for the install of package, one for the configuration items would be preferred IMO.

Also, I would the curl of the latest wordpress tarball at the top of the chain, so if we have a conenctivity issue and this fails, we fail early.

Last, but not least, ubuntu docker image already have a cleaning automated after all apt commands

$ docker run --rm -ti ubuntu:bionic cat /etc/apt/apt.conf.d/docker-clean
DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };
APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };
Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";

Revision history for this message
Barry Price (barryprice) wrote :

Build is still working, at least:

https://jenkins.canonical.com/is/job/wordpress-k8s-image-builder/24/console

Revision history for this message
Barry Price (barryprice) wrote :

Deploy confirmed working too. Ready for re-review, I think.

Revision history for this message
Tom Haddon (mthaddon) wrote :

Two comments inline

Revision history for this message
Tom Haddon (mthaddon) wrote :

Based on discussions on IRC I'm approving this. I'd missed the fact we were still doing an autoremove, and it seems there's no functional difference to adding --no-install-recommends, so that must be being set in the docker images's apt preferences already.

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision d926292f1df9ee1c686a69370a4c1bcede7421b6

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/Dockerfile b/Dockerfile
index d9d9d67..ae922d5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,21 +8,16 @@ ARG BUILD_DATE
88
9LABEL org.label-schema.build-date=$BUILD_DATE9LABEL org.label-schema.build-date=$BUILD_DATE
1010
11ENV APACHE_CONFDIR=/etc/apache2
12ENV APACHE_ENVVARS=/etc/apache2/envvars
13
11# Avoid interactive prompts14# Avoid interactive prompts
12RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections15RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
1316
14# Update all packages, remove cruft17# Update all packages, remove cruft, install required packages, configure apache
15RUN apt-get update && apt-get -y dist-upgrade \18RUN apt-get update && apt-get -y dist-upgrade \
16 && apt-get --purge autoremove -y \19 && apt-get --purge autoremove -y \
17 && apt-get clean \20 && apt-get install -y apache2 php libapache2-mod-php php-mysql php-gd curl ssl-cert pwgen \
18 && rm -rf /var/lib/apt/lists/*
19
20# install and configure apache2 (--no-install-recommends as we don't need ssl-cert)
21ENV APACHE_CONFDIR=/etc/apache2
22ENV APACHE_ENVVARS=/etc/apache2/envvars
23RUN apt-get update \
24 && apt-get install -y --no-install-recommends apache2 \
25 && rm -rf /var/lib/apt/lists/* \
26 && sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS" \21 && sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS" \
27 && . "$APACHE_ENVVARS" \22 && . "$APACHE_ENVVARS" \
28 && for dir in "$APACHE_LOCK_DIR" "$APACHE_RUN_DIR" "$APACHE_LOG_DIR"; do rm -rvf "$dir"; mkdir -p "$dir"; chown "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; chmod 777 "$dir"; done \23 && for dir in "$APACHE_LOCK_DIR" "$APACHE_RUN_DIR" "$APACHE_LOG_DIR"; do rm -rvf "$dir"; mkdir -p "$dir"; chown "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; chmod 777 "$dir"; done \
@@ -31,17 +26,10 @@ RUN apt-get update \
31 && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" \26 && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" \
32 && chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR"27 && chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR"
3328
34# Configure PHP29# Configure PHP and apache2 - mod_php requires us to use mpm_prefork
35COPY ./files/docker-php.conf $APACHE_CONFDIR/conf-available/docker-php.conf30COPY ./files/docker-php.conf $APACHE_CONFDIR/conf-available/docker-php.conf
36RUN a2enconf docker-php31RUN a2enconf docker-php \
3732 && a2dismod mpm_event \
38# Install PHP
39RUN apt-get update && apt-get install -y curl php libapache2-mod-php php-mysql php-gd \
40 && apt-get clean \
41 && rm -rf /var/lib/apt/lists/*
42
43# mod_php requires us to use mpm_prefork
44RUN a2dismod mpm_event \
45 && a2enmod mpm_prefork33 && a2enmod mpm_prefork
4634
47# Install the main Wordpress code, this will be our only site so /var/www/html is fine35# Install the main Wordpress code, this will be our only site so /var/www/html is fine
@@ -56,6 +44,16 @@ RUN curl -o wordpress.tar.gz -fSL "https://wordpress.org/latest.tar.gz" \
56COPY --chown=www-data:www-data ./files/plugins/ /var/www/html/wp-content/plugins/44COPY --chown=www-data:www-data ./files/plugins/ /var/www/html/wp-content/plugins/
57COPY --chown=www-data:www-data ./files/themes/ /var/www/html/wp-content/themes/45COPY --chown=www-data:www-data ./files/themes/ /var/www/html/wp-content/themes/
5846
47# wp-info.php contains template variables which our ENTRYPOINT script will populate
48COPY ./files/wp-info.php /var/www/html/
49COPY ./files/wp-config.php /var/www/html/
50
51# entrypoint script will configure Wordpress based on env variables
52COPY ./files/docker-entrypoint.sh /usr/local/bin/
53
54RUN chmod 0755 /usr/local/bin/docker-entrypoint.sh
59# Port 80 only, TLS will terminate elsewhere55# Port 80 only, TLS will terminate elsewhere
60EXPOSE 8056EXPOSE 80
57
58ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
61CMD apachectl -D FOREGROUND59CMD apachectl -D FOREGROUND
diff --git a/files/docker-entrypoint.sh b/files/docker-entrypoint.sh
62new file mode 10064460new file mode 100644
index 0000000..5f67d9d
--- /dev/null
+++ b/files/docker-entrypoint.sh
@@ -0,0 +1,14 @@
1#!/bin/bash
2set -eu
3
4sed -i -e "s/%%%WORDPRESS_DB_HOST%%%/$WORDPRESS_DB_HOST/" /var/www/html/wp-info.php
5sed -i -e "s/%%%WORDPRESS_DB_NAME%%%/$WORDPRESS_DB_NAME/" /var/www/html/wp-info.php
6sed -i -e "s/%%%WORDPRESS_DB_USER%%%/$WORDPRESS_DB_USER/" /var/www/html/wp-info.php
7sed -i -e "s/%%%WORDPRESS_DB_PASSWORD%%%/$WORDPRESS_DB_PASSWORD/" /var/www/html/wp-info.php
8
9for key in AUTH_KEY SECURE_AUTH_KEY LOGGED_IN_KEY NONCE_KEY AUTH_SALT SECURE_AUTH_SALT LOGGED_IN_SALT NONCE_SALT;
10do
11 sed -i -e "s/%%%${key}%%%/$(pwgen 64 1)/" /var/www/html/wp-info.php
12done
13
14exec "$@"
diff --git a/files/wp-config.php b/files/wp-config.php
0new file mode 10064415new file mode 100644
index 0000000..7bcbc13
--- /dev/null
+++ b/files/wp-config.php
@@ -0,0 +1,25 @@
1<?php
2#
3# " "
4# mmm m m mmm m m
5# # # # # # #
6# # # # # # #
7# # "mm"# # "mm"#
8# # #
9# "" ""
10# This file is managed by Juju. Do not make local changes.
11#
12
13/* That's all, stop editing! Happy blogging. */
14
15/** Absolute path to the WordPress directory. */
16if ( !defined('ABSPATH') )
17 define('ABSPATH', dirname(__FILE__) . '/');
18
19/** Pull in the config information */
20require_once(ABSPATH . 'wp-info.php');
21
22/** Sets up WordPress vars and included files. */
23require_once(ABSPATH . 'wp-settings.php');
24
25remove_filter('template_redirect', 'redirect_canonical');
diff --git a/files/wp-info.php b/files/wp-info.php
0new file mode 10064426new file mode 100644
index 0000000..5a891a2
--- /dev/null
+++ b/files/wp-info.php
@@ -0,0 +1,53 @@
1<?php
2#
3# " "
4# mmm m m mmm m m
5# # # # # # #
6# # # # # # #
7# # "mm"# # "mm"#
8# # #
9# "" ""
10# This file is managed by Juju. Do not make local changes.
11#
12
13// We have to cheat a little because frontend service can terminate SSL
14// If it does it should set X-Edge-Https header to "on" to tell us original
15// request came on https
16
17if (!empty($_SERVER['HTTP_X_EDGE_HTTPS']) && 'off' != $_SERVER['HTTP_X_EDGE_HTTPS']) {
18 $_SERVER['HTTPS'] = 'on';
19}
20
21if (!empty($_SERVER['HTTPS']) && 'off' != $_SERVER['HTTPS']) {
22 define('WP_PLUGIN_URL', 'https://' . $_SERVER['HTTP_HOST'] . '/wp-content/plugins');
23 define('WP_CONTENT_URL', 'https://' . $_SERVER['HTTP_HOST'] . '/wp-content');
24 define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
25 define('WP_URL', 'https://' . $_SERVER['HTTP_HOST']);
26 define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
27}
28else {
29 define('WP_PLUGIN_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/wp-content/plugins');
30 define('WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/wp-content');
31 define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
32 define('WP_URL', 'http://' . $_SERVER['HTTP_HOST']);
33 define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
34}
35
36define('DB_NAME', '%%%WORDPRESS_DB_NAME%%%');
37define('DB_USER', '%%%WORDPRESS_DB_USER%%%');
38define('DB_HOST', '%%%WORDPRESS_DB_HOST%%%');
39
40define('DB_PASSWORD', '%%%WORDPRESS_DB_PASSWORD%%%');
41
42define('WP_CACHE', true);
43
44define('AUTH_KEY', '%%%AUTH_KEY%%%');
45define('SECURE_AUTH_KEY', '%%%SECURE_AUTH_KEY%%%');
46define('LOGGED_IN_KEY', '%%%LOGGED_IN_KEY%%%');
47define('NONCE_KEY', '%%%NONCE_KEY%%%');
48define('AUTH_SALT', '%%%AUTH_SALT%%%');
49define('SECURE_AUTH_SALT', '%%%SECURE_AUTH_SALT%%%');
50define('LOGGED_IN_SALT', '%%%LOGGED_IN_SALT%%%');
51define('NONCE_SALT', '%%%NONCE_SALT%%%');
52
53$table_prefix = 'wp_';

Subscribers

People subscribed via source and target branches