diff --git a/.travis.yml b/.travis.yml index a1a3f2e..fb7596c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,12 +3,11 @@ sudo: required services: - docker -before_install: - - docker build -t couchdb:1.6.1 1.6.1 - - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.1.0 2.1.0 +env: + - RELEASES="1.7.2 1.7.2-couchperuser" + - RELEASES=2.2.0 + - RELEASES=dev + - RELEASES=dev-cluster script: - - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.1.0 && sleep 5 && curl http://localhost:5986 + - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -p 5984:5984 couchdb:$rel && sleep 10 && curl http://localhost:5984 && docker kill $rel; done diff --git a/1.6.1-couchperuser/Dockerfile b/1.7.2-couchperuser/Dockerfile similarity index 98% rename from 1.6.1-couchperuser/Dockerfile rename to 1.7.2-couchperuser/Dockerfile index 9436a38..510a458 100644 --- a/1.6.1-couchperuser/Dockerfile +++ b/1.7.2-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.6.1 +FROM couchdb:1.7.2 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.6.1-couchperuser/docker-entrypoint.sh b/1.7.2-couchperuser/docker-entrypoint.sh similarity index 100% rename from 1.6.1-couchperuser/docker-entrypoint.sh rename to 1.7.2-couchperuser/docker-entrypoint.sh diff --git a/1.6.1/Dockerfile b/1.7.2/Dockerfile similarity index 65% rename from 1.6.1/Dockerfile rename to 1.7.2/Dockerfile index 32f9cee..95b49be 100644 --- a/1.6.1/Dockerfile +++ b/1.7.2/Dockerfile @@ -16,7 +16,7 @@ MAINTAINER CouchDB Developers dev@couchdb.apache.org # Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian -RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -28,27 +28,37 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4-0d \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ @@ -66,7 +76,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 1.6.1 +ENV COUCHDB_VERSION 1.7.2 # download dependencies, compile and install couchdb, # set correct permissions, expose couchdb to the outside and disable logging to disk @@ -81,7 +91,7 @@ RUN buildDeps=' \ make \ ' \ && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && curl -fSL http://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ && mkdir -p /usr/src/couchdb \ @@ -102,7 +112,6 @@ RUN buildDeps=' \ && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh # Define mountable directories. VOLUME ["/usr/local/var/lib/couchdb"] diff --git a/1.6.1/docker-entrypoint.sh b/1.7.2/docker-entrypoint.sh similarity index 66% rename from 1.6.1/docker-entrypoint.sh rename to 1.7.2/docker-entrypoint.sh index c1c9f56..db5a60e 100755 --- a/1.6.1/docker-entrypoint.sh +++ b/1.7.2/docker-entrypoint.sh @@ -36,7 +36,31 @@ if [ "$1" = 'couchdb' ]; then chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini fi - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + if [ -f /usr/local/etc/couchdb/local.d/bind_address.ini ]; then + if ! grep -Fq "port =" /usr/local/etc/couchdb/local.d/bind_address.ini; then + vport=$(printf "[httpd]\\\nport = %s" ${COUCHDB_HTTP_PORT:=5984}) + if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then + sed -i -e "s/\\[httpd\\]/$vport/g" /usr/local/etc/couchdb/local.d/bind_address.ini + else + printf "$vport" >> /usr/local/etc/couchdb/local.d/bind_address.ini + fi + + fi + + if ! grep -Fq "bind_address =" /usr/local/etc/couchdb/local.d/bind_address.ini; then + vaddress=$(printf "[httpd]\\\nbind_address = %s" ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0}) + if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then + sed -i -e "s/\\[httpd\\]/$vaddress/g" /usr/local/etc/couchdb/local.d/bind_address.ini + else + printf "$vaddress" >> /usr/local/etc/couchdb/local.d/bind_address.ini + fi + + fi + + else + printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + fi + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini # if we don't find an [admins] section followed by a non-comment, display a warning diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile deleted file mode 100644 index 59a3d31..0000000 --- a/2.1.0/Dockerfile +++ /dev/null @@ -1,116 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - erlang-reltool \ - haproxy \ - libicu52 \ - libmozjs185-1.0 \ - openssl \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ - 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ - 2EC788AE3F239FA13E82D215CDE711289384AE37 -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 2.1.0 - -# Download dev dependencies -RUN buildDeps=' \ - apt-transport-https \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - make \ - ' \ - && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ - # Acquire CouchDB source code - && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ - && cd couchdb \ - # Build the release and install into /opt - && ./configure --disable-docs \ - && make release \ - && mv /usr/src/couchdb/rel/couchdb /opt/ \ - # Cleanup build detritus - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ - && mkdir /opt/couchdb/data \ - && chown -R couchdb:couchdb /opt/couchdb - -# Add configuration -COPY local.ini /opt/couchdb/etc/local.d/ -COPY vm.args /opt/couchdb/etc/ - -COPY ./docker-entrypoint.sh / - -# Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/local.d/ /opt/couchdb/etc/vm.args - -WORKDIR /opt/couchdb -EXPOSE 5984 4369 9100 -VOLUME ["/opt/couchdb/data"] - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.1.0/local.ini b/2.2.0/10-docker-default.ini similarity index 100% rename from 2.1.0/local.ini rename to 2.2.0/10-docker-default.ini diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile new file mode 100644 index 0000000..c5ae1d6 --- /dev/null +++ b/2.2.0/Dockerfile @@ -0,0 +1,155 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:stretch + +MAINTAINER CouchDB Developers dev@couchdb.apache.org + +# Add CouchDB user account +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ + libssl1.1 \ + openssl \ + python \ + && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ + | tee /etc/apt/sources.list.d/couchdb.list \ + && cat /etc/apt/sources.list.d/couchdb.list \ + && for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ + done \ + && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ + && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ + 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ + 2EC788AE3F239FA13E82D215CDE711289384AE37 +RUN set -xe \ + && for key in $GPG_KEYS; do \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys "$key" && break || : ; \ + done; \ + done + +ENV COUCHDB_VERSION 2.2.0 + +# Download dev dependencies +RUN buildDeps=' \ + build-essential \ + couch-libmozjs185-dev \ + erlang-dev \ + erlang-nox \ + erlang-reltool \ + libcurl4-openssl-dev \ + libicu-dev \ + make \ + libssl-dev \ + ' \ + && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ + # Acquire CouchDB source code + && cd /usr/src && mkdir couchdb \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ + && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ + && cd couchdb \ + # Build the release and install into /opt + && ./configure \ + && make release \ + && mv /usr/src/couchdb/rel/couchdb /opt/ \ + # Cleanup build detritus + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ + && mkdir /opt/couchdb/data \ + && chown -R couchdb:couchdb /opt/couchdb + +# Add configuration +COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY vm.args /opt/couchdb/etc/ +COPY docker-entrypoint.sh / + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args + +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.2.0/docker-entrypoint.sh b/2.2.0/docker-entrypoint.sh new file mode 100755 index 0000000..c2f456d --- /dev/null +++ b/2.2.0/docker-entrypoint.sh @@ -0,0 +1,89 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + if [ -n "$ERLANG_COOKIE" ]; then + echo $ERLANG_COOKIE > /opt/couchdb/.erlang.cookie + chmod 600 /opt/couchdb/.erlang.cookie + fi + + # we need to set the permissions here because docker mounts volumes as root + chown -fR couchdb:couchdb /opt/couchdb || true + + chmod -fR 0770 /opt/couchdb/data || true + + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + chmod -f 775 /opt/couchdb/etc/*.d || true + + if [ -z "$NODENAME" ]; then + NODENAME=$(hostname -f) + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + # Ensure that CouchDB will write custom settings in this file + touch /opt/couchdb/etc/local.d/docker.ini + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/2.1.0/vm.args b/2.2.0/vm.args similarity index 100% rename from 2.1.0/vm.args rename to 2.2.0/vm.args diff --git a/README.md b/README.md index 473eb25..ae9f947 100644 --- a/README.md +++ b/README.md @@ -2,99 +2,83 @@ Put the couch in a docker container and ship it anywhere. -If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - -- Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` -- Version (stable): `CouchDB 2.1.0`, `Erlang 17.3` +- Version (stable): `CouchDB 2.2.0`, `Erlang 19.2.1` ## Available tags -- `1.6.1`: CouchDB 1.6.1 -- `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `latest`, `2.1.0`: CouchDB 2.1.0 single node (capable of running in a cluster) +- `latest`, `2.2.0`: CouchDB 2.2.0 single node (capable of running in a cluster) ## Features -* built on top of the solid and small `debian:jessie` base image +* built on top of the solid and small `debian:stretch` base image * exposes CouchDB on port `5984` of the container * runs everything as user `couchdb` (security ftw!) * docker volume for data -## Run (latest/2.1.0) +## Run Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). -This is a build of the CouchDB 2.1 release. A data volume -is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. -Please note that CouchDB no longer autocreates system tables for you, so you will -have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually (the admin interface has a "Setup" menu that does this for you). -The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! +By default, CouchDB's HTTP interface is exposed on port `5984`. Once running, you can visit the new admin interface at `http://:5984/_utils/` + +CouchDB uses `/opt/couchdb/data` to store its data, and is exposed as a volume. + +Here is an example launch line for a single-node CouchDB with an admin username and password of `admin` and `password`, exposed to the world on port `5984`: ```bash -# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data apache/couchdb +$ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d --env COUCHDB_USER=admin --env COUCHDB_PASSWORD=password apache/couchdb:2.1.1 18:54:48.780 [info] Application lager started on node nonode@nohost 18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost 18:54:48.780 [info] Application couch_mrview started on node nonode@nohost 18:54:48.780 [info] Application couch_plugins started on node nonode@nohost -[...] ``` +### Detailed configuration -Note that you can also use the NODENAME environment variable to set the name of the CouchDB node inside the container. -Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` +CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to bind map this to an external directory, to persist the configuration across restarts. -Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. +CouchDB also uses `/opt/couchdb/etc/vm.args` to store Erlang runtime-specific changes. Changing these values is less common. If you need to change the epmd port, for instance, you will want to bind mount this file as well. (Note: files cannot be bind-mounted on Windows hosts.) -## Run (1.6.1) +In addition, a few environment variables are provided to set very common parameters: -Available as an official image on Docker Hub as [apache/couchdb:1.6.1](https://hub.docker.com/r/apache/couchdb/) +* `COUCHDB_USER` and `COUCHDB_PASSWORD` will create an ini-file based local admin user with the given username and password in the file `/opt/couchdb/etc/local.d/docker.ini`. +* `COUCHDB_SECRET` will set the CouchDB shared cluster secret value, in the file `/opt/couchdb/etc/local.d/docker.ini`. +* `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. +* Erlang Environment Variables like `ELR_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) -```bash -[sudo] docker pull apache/couchdb:1.6.1 +If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. -# expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1 +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). -curl http://localhost:5984 -``` - -...or with mounted volume for the data +### Important notes -```bash -# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.6.1 -``` +Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. -If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` -or extend the image and `COPY` your `config.ini` (see [Build you own](#build-your-own)). +You must create `_global_changes`, `_metadata`, `_replicator` and `_users` after the cluster has been fully configured. (The Fauxton UI has a "Setup" wizard that does this for you.) -If you need (or want) to run couchdb in `net=host` mode, you can customize the port and bind address using environment variables: - - - `COUCHDB_HTTP_BIND_ADDRESS` (default: `0.0.0.0`) - - `COUCHDB_HTTP_PORT` (default: `5984`) - -### with couchperuser plugin +The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! -This build includes the `couchperuser` plugin. -`couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). +Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. -``` -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1-couchperuser -``` +## Development images -### In a developer cluster +This repository provides definitions to run the very latest (`master` branch) +CouchDB code: -This build demonstrates the CouchDB clustering features by creating a local -cluster of a default three nodes inside the container, with a proxy in front. -This is great for testing clustering in your local environment. +* `dev` runs a single node off of the `master` branch, similar to the other + officially released images. +* `dev-cluster` demonstrates the CouchDB clustering features by creating a + local cluster of a default three nodes inside the container, with a proxy in + front. This is great for testing clustering in your local environment. You will need to build Docker images from the `dev` directory in this repository; [Apache Software Foundation policy][4] prevents us from publishing non-release builds for wide distribution. +When launching the `dev-cluster` container, here is what you will see: + ```bash # expose the cluster to the world -[sudo] docker run -it -p 5984:5984 +$ docker run -it -p 5984:5984 [ * ] Setup environment ... ok [ * ] Ensure CouchDB is built ... ok @@ -111,24 +95,24 @@ Admin username: root Password: 37l7YDQJ Time to hack! ... ``` -**Note:** By default the cluster will be exposed on port `5984`, because it uses haproxy -(passes `--with-haproxy` to `dev/run`) internally. +**Note:** By default the cluster will be exposed on port `5984`, because it uses haproxy (passes `--with-haproxy` to `dev/run`) internally. -...but you can pass arguments to the binary +You can pass arguments to the binary: ```bash docker run -it --admin=foo:bar ``` + **Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose the cluster on `5984`, pass `--with-haproxy` explicitly. -Examples: +More examples: ```bash # display the available options of the couchdb startup script docker run --rm --help -# Enable admin party 🎉 and expose the cluster on port 5984 +# Enable admin party and expose the cluster on port 5984 docker run -it -p 5984:5984 --with-admin-party-please --with-haproxy # Start two nodes (without proxy) exposed on port 15984 and 25984 @@ -147,7 +131,7 @@ Example Dockerfile: ``` FROM apache/couchdb:latest -COPY local.ini /usr/local/etc/couchdb/local.d/ +COPY 99-local.ini /opt/couchdb/etc/local.d ``` and then build and run @@ -157,8 +141,6 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` -For the `2.1` image, configuration is stored at `/opt/couchdb/etc/`. - ## Feedback, Issues, Contributing General feedback is welcome at our [user][1] or [developer][2] mailing lists. @@ -171,6 +153,7 @@ use GitHub Issues, do not report anything on Docker's website. - [@klaemo](https://github.com/klaemo) - [@joeybaker](https://github.com/joeybaker) +- [@tianon](https://github.com/tianon) [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ [2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile new file mode 100644 index 0000000..14df4b1 --- /dev/null +++ b/dev-cluster/Dockerfile @@ -0,0 +1,125 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Base layer containing dependencies needed at runtime. This layer will be +# cached after the initial build. +FROM debian:stretch + +MAINTAINER CouchDB Developers dev@couchdb.apache.org + +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + dirmngr \ + gnupg \ + haproxy \ + libicu57 \ + libmozjs185-1.0 \ + openssl \ + python && \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + apt-get purge -y --auto-remove wget + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + apt-transport-https \ + build-essential \ + erlang-nox \ + erlang-reltool \ + erlang-dev \ + git \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + python-setuptools \ + python-pip \ + python-sphinx \ + python-wheel + +RUN pip install --upgrade \ + sphinx_rtd_theme + +# Node is special +RUN set -ex; \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ + echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + apt-get update -y && apt-get install -y nodejs; \ + npm install -g grunt-cli + + +# Clone CouchDB source code including all dependencies +ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git +RUN git clone $clone_url /usr/src/couchdb +WORKDIR /usr/src/couchdb +RUN ./configure + +ARG checkout_branch=master +ARG configure_options + +WORKDIR /usr/src/couchdb/ +RUN git fetch origin \ + && git checkout $checkout_branch \ + && ./configure $configure_options \ + && make all + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /usr/src/couchdb + +WORKDIR /opt/couchdb +EXPOSE 5984 15984 25984 35984 +VOLUME ["/usr/src/couchdb/dev/lib"] + +ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] +CMD ["--with-haproxy"] diff --git a/dev/Dockerfile b/dev/Dockerfile index 5dcf2a7..c5cb382 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -10,74 +10,143 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:jessie +# Base layer containing dependencies needed at runtime. This layer will be +# cached after the initial build. +FROM debian:stretch as runtime MAINTAINER CouchDB Developers dev@couchdb.apache.org -ENV COUCHDB_VERSION master +# Add CouchDB user account +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb -RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb +RUN apt-get update -y && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ + libssl1.1 \ + openssl \ + python \ + && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ + | tee /etc/apt/sources.list.d/couchdb.list \ + && cat /etc/apt/sources.list.d/couchdb.list \ + && for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ + done \ + && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ + && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ + && rm -rf /var/lib/apt/lists/* -# download dependencies -RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ - apt-transport-https \ +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# Dependencies only needed during build time. This layer will also be cached +FROM runtime AS build_dependencies + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ - ca-certificates \ - curl \ - default-jdk \ - erlang-dev \ + couch-libmozjs185-dev \ erlang-nox \ + erlang-reltool \ + erlang-dev \ git \ - haproxy \ libcurl4-openssl-dev \ libicu-dev \ - libmozjs185-dev \ - libwxgtk3.0 \ - openssl \ - pkg-config \ - python \ + python-setuptools \ + python-pip \ python-sphinx \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ - && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq && apt-get install -y nodejs \ - && npm install -g grunt-cli \ - && cd /usr/src && git clone https://gitbox.apache.org/repos/asf/couchdb.git \ - && cd couchdb && git checkout $COUCHDB_VERSION \ - && cd /usr/src/couchdb && ./configure && make \ - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - default-jdk \ - git \ - libcurl4-openssl-dev \ - libicu-dev \ - libwxgtk3.0 \ - make \ - nodejs \ - perl \ - pkg-config \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ - && apt-get autoremove -y \ - && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git - -# permissions -RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb - -USER couchdb -EXPOSE 5984 15984 25984 35984 15986 25986 35986 + python-wheel + +RUN pip install --upgrade \ + sphinx_rtd_theme + +# Node is special +RUN set -ex; \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ + echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + apt-get update -y && apt-get install -y nodejs; \ + npm install -g grunt-cli + +# Clone CouchDB source code including all dependencies +ARG clone_url=https://github.com/apache/couchdb.git +RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb +RUN ./configure + +# This layer performs the actual build of a relocatable, self-contained +# release of CouchDB. It pulls down the latest changes from the remote +# origin (because the layer above will be cached) and switches to the +# branch specified in the build_arg (defaults to master) +FROM build_dependencies AS build + +ARG checkout_branch=master +ARG configure_options + +WORKDIR /usr/src/couchdb/ +RUN git fetch origin \ + && git checkout $checkout_branch \ + && ./configure $configure_options \ + && make release + +# This results in a single layer image (or at least skips the build stuff?) +FROM runtime +COPY --from=build /usr/src/couchdb/rel/couchdb /opt/couchdb + +# Add configuration +COPY local.ini /opt/couchdb/etc/default.d/ +COPY vm.args /opt/couchdb/etc/ +COPY docker-entrypoint.sh / + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args + +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] -ENTRYPOINT ["/usr/src/couchdb/dev/run"] -CMD ["--with-haproxy"] +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.1.0/docker-entrypoint.sh b/dev/docker-entrypoint.sh similarity index 66% rename from 2.1.0/docker-entrypoint.sh rename to dev/docker-entrypoint.sh index dda823d..4ba69b4 100755 --- a/2.1.0/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -26,32 +26,38 @@ fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb + chown -fR couchdb:couchdb /opt/couchdb || true - chmod -R 0770 /opt/couchdb/data + chmod -fR 0770 /opt/couchdb/data || true - chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/local.d/*.ini - chmod 775 /opt/couchdb/etc/*.d + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + chmod -f 775 /opt/couchdb/etc/*.d || true if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args fi + # Ensure that CouchDB will write custom settings in this file + touch /opt/couchdb/etc/local.d/docker.ini + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi fi if [ "$COUCHDB_SECRET" ]; then - # Set secret - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** diff --git a/dev/local.ini b/dev/local.ini new file mode 100644 index 0000000..c1bac9e --- /dev/null +++ b/dev/local.ini @@ -0,0 +1,11 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any + +[httpd] +bind_address = any diff --git a/dev/vm.args b/dev/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/dev/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput