From 7df08e930a1d0f1942a385603f07434e7c710837 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 6 Nov 2017 16:14:53 -0500 Subject: [PATCH 01/28] Incorporate more feedback from official Docker image maintainers --- 1.6.1/Dockerfile | 50 +++++++++------- 1.7.0/Dockerfile | 114 +++++++++++++++++++++++++++++++++++++ 1.7.0/docker-entrypoint.sh | 62 ++++++++++++++++++++ 2.1.0/Dockerfile | 52 ++++++++++------- 4 files changed, 238 insertions(+), 40 deletions(-) create mode 100644 1.7.0/Dockerfile create mode 100755 1.7.0/docker-entrypoint.sh diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 32f9cee..6113501 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -28,27 +28,37 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4-0d \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ diff --git a/1.7.0/Dockerfile b/1.7.0/Dockerfile new file mode 100644 index 0000000..134d654 --- /dev/null +++ b/1.7.0/Dockerfile @@ -0,0 +1,114 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:jessie + +MAINTAINER CouchDB Developers dev@couchdb.apache.org + +# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian + +RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + erlang-nox \ + libicu52 \ + libmozjs185-1.0 \ + libnspr4 \ + libnspr4-0d \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.10 +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true \ +&& apt-get purge -y --auto-remove wget + +# grab tini for signal handling +ENV TINI_VERSION v0.16.1 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc +RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ +&& chmod +x /usr/local/bin/tini + +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B +RUN set -xe \ + && for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done + +ENV COUCHDB_VERSION 1.7.0 + +# download dependencies, compile and install couchdb, +# set correct permissions, expose couchdb to the outside and disable logging to disk +RUN buildDeps=' \ + gcc \ + g++ \ + erlang-dev \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + libnspr4-dev \ + make \ + ' \ + && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ + && curl -fSL https://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ + && mkdir -p /usr/src/couchdb \ + && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ + && cd /usr/src/couchdb \ + && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ + && make && make install \ + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ + && chown -R couchdb:couchdb \ + /usr/local/lib/couchdb /usr/local/etc/couchdb \ + /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ + && chmod -R g+rw \ + /usr/local/lib/couchdb /usr/local/etc/couchdb \ + /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ + && mkdir -p /var/lib/couchdb \ + && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ + && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini + +COPY ./docker-entrypoint.sh / +RUN chmod +x /docker-entrypoint.sh + +# Define mountable directories. +VOLUME ["/usr/local/var/lib/couchdb"] + +EXPOSE 5984 +WORKDIR /var/lib/couchdb + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["couchdb"] diff --git a/1.7.0/docker-entrypoint.sh b/1.7.0/docker-entrypoint.sh new file mode 100755 index 0000000..c1c9f56 --- /dev/null +++ b/1.7.0/docker-entrypoint.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +if [ "$1" = 'couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod -R 0770 \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod 664 /usr/local/etc/couchdb/*.ini + chmod 775 /usr/local/etc/couchdb/*.d + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini + fi + + printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile index 59a3d31..4cfeaa3 100644 --- a/2.1.0/Dockerfile +++ b/2.1.0/Dockerfile @@ -28,27 +28,39 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ From aa4ee2d3cbdb17b41e0adff9e23241be47b23441 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 6 Nov 2017 16:37:42 -0500 Subject: [PATCH 02/28] Bump to 1.7.0, 2.1.1 --- .travis.yml | 12 +- 1.6.1/Dockerfile | 124 ------------------ 1.6.1/docker-entrypoint.sh | 62 --------- .../Dockerfile | 2 +- .../docker-entrypoint.sh | 0 {2.1.0 => 2.1.1}/Dockerfile | 2 +- {2.1.0 => 2.1.1}/docker-entrypoint.sh | 0 {2.1.0 => 2.1.1}/local.ini | 0 {2.1.0 => 2.1.1}/vm.args | 0 README.md | 24 ++-- 10 files changed, 20 insertions(+), 206 deletions(-) delete mode 100644 1.6.1/Dockerfile delete mode 100755 1.6.1/docker-entrypoint.sh rename {1.6.1-couchperuser => 1.7.0-couchperuser}/Dockerfile (98%) rename {1.6.1-couchperuser => 1.7.0-couchperuser}/docker-entrypoint.sh (100%) rename {2.1.0 => 2.1.1}/Dockerfile (99%) rename {2.1.0 => 2.1.1}/docker-entrypoint.sh (100%) rename {2.1.0 => 2.1.1}/local.ini (100%) rename {2.1.0 => 2.1.1}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index a1a3f2e..2eba791 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,11 +4,11 @@ services: - docker before_install: - - docker build -t couchdb:1.6.1 1.6.1 - - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.1.0 2.1.0 + - docker build -t couchdb:1.7.0 1.7.0 + - docker build -t couchdb:1.7.0-couchperuser 1.7.0-couchperuser + - docker build -t couchdb:2.1.1 2.1.1 script: - - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.1.0 && sleep 5 && curl http://localhost:5986 + - docker run -d -p 5984:5984 couchdb:1.7.0 && sleep 5 && curl http://localhost:5984 + - docker run -d -p 5985:5984 couchdb:1.7.0-couchperuser && sleep 5 && curl http://localhost:5985 + - docker run -d -p 5986:5984 couchdb:2.1.1 && sleep 5 && curl http://localhost:5986 diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile deleted file mode 100644 index 6113501..0000000 --- a/1.6.1/Dockerfile +++ /dev/null @@ -1,124 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian - -RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - libicu52 \ - libmozjs185-1.0 \ - libnspr4 \ - libnspr4-0d \ - && rm -rf /var/lib/apt/lists/* - -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 1.6.1 - -# download dependencies, compile and install couchdb, -# set correct permissions, expose couchdb to the outside and disable logging to disk -RUN buildDeps=' \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - libnspr4-dev \ - make \ - ' \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && curl -fSL http://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ - && cd /usr/src/couchdb \ - && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install \ - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ - && chown -R couchdb:couchdb \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && chmod -R g+rw \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && mkdir -p /var/lib/couchdb \ - && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ - && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini - -COPY ./docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -# Define mountable directories. -VOLUME ["/usr/local/var/lib/couchdb"] - -EXPOSE 5984 -WORKDIR /var/lib/couchdb - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["couchdb"] diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh deleted file mode 100755 index c1c9f56..0000000 --- a/1.6.1/docker-entrypoint.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini - fi - - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN - fi - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/1.6.1-couchperuser/Dockerfile b/1.7.0-couchperuser/Dockerfile similarity index 98% rename from 1.6.1-couchperuser/Dockerfile rename to 1.7.0-couchperuser/Dockerfile index 9436a38..d3c4df1 100644 --- a/1.6.1-couchperuser/Dockerfile +++ b/1.7.0-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.6.1 +FROM couchdb:1.7.0 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.6.1-couchperuser/docker-entrypoint.sh b/1.7.0-couchperuser/docker-entrypoint.sh similarity index 100% rename from 1.6.1-couchperuser/docker-entrypoint.sh rename to 1.7.0-couchperuser/docker-entrypoint.sh diff --git a/2.1.0/Dockerfile b/2.1.1/Dockerfile similarity index 99% rename from 2.1.0/Dockerfile rename to 2.1.1/Dockerfile index 4cfeaa3..be31eb2 100644 --- a/2.1.0/Dockerfile +++ b/2.1.1/Dockerfile @@ -80,7 +80,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 2.1.0 +ENV COUCHDB_VERSION 2.1.1 # Download dev dependencies RUN buildDeps=' \ diff --git a/2.1.0/docker-entrypoint.sh b/2.1.1/docker-entrypoint.sh similarity index 100% rename from 2.1.0/docker-entrypoint.sh rename to 2.1.1/docker-entrypoint.sh diff --git a/2.1.0/local.ini b/2.1.1/local.ini similarity index 100% rename from 2.1.0/local.ini rename to 2.1.1/local.ini diff --git a/2.1.0/vm.args b/2.1.1/vm.args similarity index 100% rename from 2.1.0/vm.args rename to 2.1.1/vm.args diff --git a/README.md b/README.md index 473eb25..3c6cb1a 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -- Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` -- Version (stable): `CouchDB 2.1.0`, `Erlang 17.3` +- Version (stable): `CouchDB 1.7.0`, `Erlang 17.3` +- Version (stable): `CouchDB 2.1.1`, `Erlang 17.3` ## Available tags -- `1.6.1`: CouchDB 1.6.1 -- `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `latest`, `2.1.0`: CouchDB 2.1.0 single node (capable of running in a cluster) +- `1.7.0`: CouchDB 1.7.0 +- `1.7.0-couchperuser`: CouchDB 1.7.0 with couchperuser plugin +- `latest`, `2.1.1`: CouchDB 2.1.1 single node (capable of running in a cluster) ## Features @@ -20,7 +20,7 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch * runs everything as user `couchdb` (security ftw!) * docker volume for data -## Run (latest/2.1.0) +## Run (latest/2.1.1) Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). This is a build of the CouchDB 2.1 release. A data volume @@ -45,15 +45,15 @@ Once running, you can visit the new admin interface at `http://dockerhost:5984/_ Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. -## Run (1.6.1) +## Run (1.7.0) -Available as an official image on Docker Hub as [apache/couchdb:1.6.1](https://hub.docker.com/r/apache/couchdb/) +Available as an official image on Docker Hub as [apache/couchdb:1.7.0](https://hub.docker.com/r/apache/couchdb/) ```bash -[sudo] docker pull apache/couchdb:1.6.1 +[sudo] docker pull apache/couchdb:1.7.0 # expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1 +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0 curl http://localhost:5984 ``` @@ -62,7 +62,7 @@ curl http://localhost:5984 ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.6.1 +[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.0 ``` If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` @@ -79,7 +79,7 @@ This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). ``` -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1-couchperuser +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0-couchperuser ``` ### In a developer cluster From 1a7c4254c158a194ff195da6ebfed910d24a95b7 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 7 Nov 2017 01:25:02 -0500 Subject: [PATCH 03/28] Incorporate more feedback from @yosifkit --- 1.7.0/Dockerfile | 51 ++++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/1.7.0/Dockerfile b/1.7.0/Dockerfile index 134d654..c87322a 100644 --- a/1.7.0/Dockerfile +++ b/1.7.0/Dockerfile @@ -28,27 +28,37 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4-0d \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ @@ -102,7 +112,6 @@ RUN buildDeps=' \ && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh # Define mountable directories. VOLUME ["/usr/local/var/lib/couchdb"] From 029760550b8af66f49bf439ddbabfbd040e9727c Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sat, 11 Nov 2017 17:17:09 +0100 Subject: [PATCH 04/28] 1.7.1 release --- .travis.yml | 8 ++++---- .../Dockerfile | 2 +- .../docker-entrypoint.sh | 0 {1.7.0 => 1.7.1}/Dockerfile | 2 +- {1.7.0 => 1.7.1}/docker-entrypoint.sh | 0 README.md | 18 +++++++++--------- 6 files changed, 15 insertions(+), 15 deletions(-) rename {1.7.0-couchperuser => 1.7.1-couchperuser}/Dockerfile (98%) rename {1.7.0-couchperuser => 1.7.1-couchperuser}/docker-entrypoint.sh (100%) rename {1.7.0 => 1.7.1}/Dockerfile (99%) rename {1.7.0 => 1.7.1}/docker-entrypoint.sh (100%) diff --git a/.travis.yml b/.travis.yml index 2eba791..8ac681d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,11 +4,11 @@ services: - docker before_install: - - docker build -t couchdb:1.7.0 1.7.0 - - docker build -t couchdb:1.7.0-couchperuser 1.7.0-couchperuser + - docker build -t couchdb:1.7.1 1.7.1 + - docker build -t couchdb:1.7.1-couchperuser 1.7.1-couchperuser - docker build -t couchdb:2.1.1 2.1.1 script: - - docker run -d -p 5984:5984 couchdb:1.7.0 && sleep 5 && curl http://localhost:5984 - - docker run -d -p 5985:5984 couchdb:1.7.0-couchperuser && sleep 5 && curl http://localhost:5985 + - docker run -d -p 5984:5984 couchdb:1.7.1 && sleep 5 && curl http://localhost:5984 + - docker run -d -p 5985:5984 couchdb:1.7.1-couchperuser && sleep 5 && curl http://localhost:5985 - docker run -d -p 5986:5984 couchdb:2.1.1 && sleep 5 && curl http://localhost:5986 diff --git a/1.7.0-couchperuser/Dockerfile b/1.7.1-couchperuser/Dockerfile similarity index 98% rename from 1.7.0-couchperuser/Dockerfile rename to 1.7.1-couchperuser/Dockerfile index d3c4df1..1ed7a4c 100644 --- a/1.7.0-couchperuser/Dockerfile +++ b/1.7.1-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.7.0 +FROM couchdb:1.7.1 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.7.0-couchperuser/docker-entrypoint.sh b/1.7.1-couchperuser/docker-entrypoint.sh similarity index 100% rename from 1.7.0-couchperuser/docker-entrypoint.sh rename to 1.7.1-couchperuser/docker-entrypoint.sh diff --git a/1.7.0/Dockerfile b/1.7.1/Dockerfile similarity index 99% rename from 1.7.0/Dockerfile rename to 1.7.1/Dockerfile index c87322a..25cbceb 100644 --- a/1.7.0/Dockerfile +++ b/1.7.1/Dockerfile @@ -76,7 +76,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 1.7.0 +ENV COUCHDB_VERSION 1.7.1 # download dependencies, compile and install couchdb, # set correct permissions, expose couchdb to the outside and disable logging to disk diff --git a/1.7.0/docker-entrypoint.sh b/1.7.1/docker-entrypoint.sh similarity index 100% rename from 1.7.0/docker-entrypoint.sh rename to 1.7.1/docker-entrypoint.sh diff --git a/README.md b/README.md index 3c6cb1a..8de242c 100644 --- a/README.md +++ b/README.md @@ -4,13 +4,13 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -- Version (stable): `CouchDB 1.7.0`, `Erlang 17.3` +- Version (stable): `CouchDB 1.7.1`, `Erlang 17.3` - Version (stable): `CouchDB 2.1.1`, `Erlang 17.3` ## Available tags -- `1.7.0`: CouchDB 1.7.0 -- `1.7.0-couchperuser`: CouchDB 1.7.0 with couchperuser plugin +- `1.7.1`: CouchDB 1.7.1 +- `1.7.1-couchperuser`: CouchDB 1.7.1 with couchperuser plugin - `latest`, `2.1.1`: CouchDB 2.1.1 single node (capable of running in a cluster) ## Features @@ -45,15 +45,15 @@ Once running, you can visit the new admin interface at `http://dockerhost:5984/_ Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. -## Run (1.7.0) +## Run (1.7.1) -Available as an official image on Docker Hub as [apache/couchdb:1.7.0](https://hub.docker.com/r/apache/couchdb/) +Available as an official image on Docker Hub as [apache/couchdb:1.7.1](https://hub.docker.com/r/apache/couchdb/) ```bash -[sudo] docker pull apache/couchdb:1.7.0 +[sudo] docker pull apache/couchdb:1.7.1 # expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0 +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1 curl http://localhost:5984 ``` @@ -62,7 +62,7 @@ curl http://localhost:5984 ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.0 +[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.1 ``` If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` @@ -79,7 +79,7 @@ This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). ``` -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0-couchperuser +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1-couchperuser ``` ### In a developer cluster From 98ad12019570cdc3d91408909c14d501e9d482e6 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Sat, 13 Jan 2018 21:23:14 -0500 Subject: [PATCH 05/28] Remove haproxy from production image HAProxy is included in the "dev-cluster" image to proxy requests to the three nodes deployed via that image. The production image runs a single CouchDB instance in each image and does not need or want a proxy server in the image. Closes #56 --- 2.1.1/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/2.1.1/Dockerfile b/2.1.1/Dockerfile index be31eb2..9f5f92f 100644 --- a/2.1.1/Dockerfile +++ b/2.1.1/Dockerfile @@ -22,7 +22,6 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ curl \ erlang-nox \ erlang-reltool \ - haproxy \ libicu52 \ libmozjs185-1.0 \ openssl \ From c1066ad76bd4a86998c803c7338e88daecb82d8f Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Wed, 24 Jan 2018 13:30:22 -0600 Subject: [PATCH 06/28] Use default.d for image-provided config in 2.x (#50) This change moves the configuration overrides that are built into the image into `etc/default.d` instead of `etc/local.d`, which allows systems like Kubernetes to come in and own `default.d` as a config volume mount point while still allowing for online overrides to take highest precedence. --- 2.1.1/{local.ini => 10-docker-default.ini} | 0 2.1.1/Dockerfile | 4 ++-- 2.1.1/docker-entrypoint.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename 2.1.1/{local.ini => 10-docker-default.ini} (100%) diff --git a/2.1.1/local.ini b/2.1.1/10-docker-default.ini similarity index 100% rename from 2.1.1/local.ini rename to 2.1.1/10-docker-default.ini diff --git a/2.1.1/Dockerfile b/2.1.1/Dockerfile index 9f5f92f..f6b8060 100644 --- a/2.1.1/Dockerfile +++ b/2.1.1/Dockerfile @@ -111,13 +111,13 @@ RUN buildDeps=' \ && chown -R couchdb:couchdb /opt/couchdb # Add configuration -COPY local.ini /opt/couchdb/etc/local.d/ +COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ COPY vm.args /opt/couchdb/etc/ COPY ./docker-entrypoint.sh / # Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/local.d/ /opt/couchdb/etc/vm.args +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args WORKDIR /opt/couchdb EXPOSE 5984 4369 9100 diff --git a/2.1.1/docker-entrypoint.sh b/2.1.1/docker-entrypoint.sh index dda823d..e03cd1a 100755 --- a/2.1.1/docker-entrypoint.sh +++ b/2.1.1/docker-entrypoint.sh @@ -31,7 +31,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chmod -R 0770 /opt/couchdb/data chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/local.d/*.ini + chmod 664 /opt/couchdb/etc/default.d/*.ini chmod 775 /opt/couchdb/etc/*.d if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then @@ -51,7 +51,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** From 1f85f08f840e0b7482c61ef2e0ed3fe30c1cf1b0 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 31 Jan 2018 11:14:23 -0800 Subject: [PATCH 07/28] Use 5984:5984 as couchdb uid:gid, closes #53 --- 1.7.1/Dockerfile | 2 +- 2.1.1/Dockerfile | 2 +- dev/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/1.7.1/Dockerfile b/1.7.1/Dockerfile index 25cbceb..da36f22 100644 --- a/1.7.1/Dockerfile +++ b/1.7.1/Dockerfile @@ -16,7 +16,7 @@ MAINTAINER CouchDB Developers dev@couchdb.apache.org # Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian -RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ diff --git a/2.1.1/Dockerfile b/2.1.1/Dockerfile index f6b8060..1ffb317 100644 --- a/2.1.1/Dockerfile +++ b/2.1.1/Dockerfile @@ -15,7 +15,7 @@ FROM debian:jessie MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ diff --git a/dev/Dockerfile b/dev/Dockerfile index 5dcf2a7..8b4a733 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -16,7 +16,7 @@ MAINTAINER CouchDB Developers dev@couchdb.apache.org ENV COUCHDB_VERSION master -RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb # download dependencies RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ From fd69b2576be3409fca4fef29e8d16204cc5a9e39 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 31 Jan 2018 14:38:57 -0500 Subject: [PATCH 08/28] Improve README for configuration changes, closes #47 --- README.md | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 8de242c..aa066c1 100644 --- a/README.md +++ b/README.md @@ -23,27 +23,48 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch ## Run (latest/2.1.1) Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). -This is a build of the CouchDB 2.1 release. A data volume -is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. +This is a build of the CouchDB 2.1 release. -Please note that CouchDB no longer autocreates system tables for you, so you will -have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually (the admin interface has a "Setup" menu that does this for you). -The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! +By default, CouchDB's HTTP interface is exposed on port `5984`. Once running, you can visit the new admin interface at `http://:5984/_utils/` + +CouchDB uses `/opt/couchdb/data` to store its data, and is exposed as a volume. + +Here is an example launch line for a single-node CouchDB with an admin username and password of `admin` and `password`, exposed to the world on port `5984`: ```bash -# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data apache/couchdb +$ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d --env COUCHDB_USER=admin --env COUCHDB_PASSWORD=password apache/couchdb:2.1.1 18:54:48.780 [info] Application lager started on node nonode@nohost 18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost 18:54:48.780 [info] Application couch_mrview started on node nonode@nohost 18:54:48.780 [info] Application couch_plugins started on node nonode@nohost -[...] ``` -Note that you can also use the NODENAME environment variable to set the name of the CouchDB node inside the container. -Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` +### Detailed configuration (latest/2.x) + +CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to bind map this to an external directory, to persist the configuration across restarts. + +CouchDB also uses `/opt/couchdb/etc/vm.args` to store Erlang runtime-specific changes. Changing these values is less common. If you need to change the epmd port, for instance, you will want to bind mount this file as well. (Note: files cannot be bind-mounted on Windows hosts.) + +In addition, a few environment variables are provided to set very common parameters: + +* `COUCHDB_USER` and `COUCHDB_PASSWORD` will create an ini-file based local admin user with the given username and password in the file `/opt/couchdb/etc/local.d/docker.ini`. +* `COUCHDB_SECRET` will set the CouchDB shared cluster secret value, in the file `/opt/couchdb/etc/local.d/docker.ini`. +* `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. + +If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. + +### Important notes (latest/2.x) + +Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. + +You must create `_global_changes`, `_metadata`, `_replicator` and `_users` after the cluster has been fully configured. (The Fauxton UI has a "Setup" wizard that does this for you.) + +The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! + +[...] +``` -Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. +Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. ## Run (1.7.1) From c3ddd601338fc579c576ea40e8668d88f4306412 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Sat, 13 Jan 2018 22:28:45 -0500 Subject: [PATCH 09/28] Rename dev to dev-cluster This paves the way for a simpler dev image Dockerfile. --- {dev => dev-cluster}/Dockerfile | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {dev => dev-cluster}/Dockerfile (100%) diff --git a/dev/Dockerfile b/dev-cluster/Dockerfile similarity index 100% rename from dev/Dockerfile rename to dev-cluster/Dockerfile From b2734247ac8df0c0f1d51f3ba5464db60fef8e13 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Mon, 15 Jan 2018 20:41:08 -0500 Subject: [PATCH 10/28] Introduce developer-friendly Dockerfile This dev image configuration is modeled after the 2.1.1 Dockerfile with a few modifications useful for day-to-day development: * The Dockerfile builds from git rather than the official source releases. The build is configurable using the following build_args: clone_url (default: https://gitbox.apache.org/repos/asf/couchdb.git) checkout_branch (default: master) configure_options (default: ) The configure_options are passed directly to ./configure and can be used to e.g. --disable-docs or --disable-fauxton: docker build --build-arg checkout_branch=my-cool-feature dev/ * We take advantage of multi-stage builds [1] to create a series of layers that optimize build time without inflating the final image size. In normal development the layers that install runtime and build dependencies will be cached, and the build will start by updating and configuring the existing git clone. This work includes the changes proposed in #50 and #57. --- dev/Dockerfile | 136 +++++++++++++++++++++++++++++++++++++++ dev/docker-entrypoint.sh | 74 +++++++++++++++++++++ dev/local.ini | 11 ++++ dev/vm.args | 28 ++++++++ 4 files changed, 249 insertions(+) create mode 100644 dev/Dockerfile create mode 100755 dev/docker-entrypoint.sh create mode 100644 dev/local.ini create mode 100644 dev/vm.args diff --git a/dev/Dockerfile b/dev/Dockerfile new file mode 100644 index 0000000..336ab80 --- /dev/null +++ b/dev/Dockerfile @@ -0,0 +1,136 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Base layer containing dependencies needed at runtime. This layer will be +# cached after the initial build. +FROM debian:jessie AS runtime + +LABEL maintainer="CouchDB Developers " + +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + libicu52 \ + libmozjs185-1.0 \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# Dependencies only needed during build time. This layer will also be cached +# unless for each clone_url. +FROM runtime AS build_dependencies + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + apt-transport-https \ + gcc \ + g++ \ + curl \ + erlang-nox \ + erlang-reltool \ + erlang-dev \ + git \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + make \ + python \ + python-sphinx \ + python-sphinx-rtd-theme \ + texinfo \ + texlive-base \ + texlive-fonts-extra \ + texlive-fonts-recommended \ + texlive-latex-extra + +# Node is special +RUN set -ex; \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ + echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + apt-get update -y && apt-get install -y nodejs; \ + npm install -g grunt-cli + + +# Clone CouchDB source code including all dependencies +ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git +RUN git clone $clone_url /usr/src/couchdb +WORKDIR /usr/src/couchdb +RUN ./configure + +# This layer performs the actual build of a relocatable, self-contained +# release of CouchDB. It pulls down the latest changes from the remote +# origin (because the layer above will be cached) and switches to the +# branch specified in the build_arg (defaults to master) +FROM build_dependencies AS build + +ARG checkout_branch=master +ARG configure_options + +WORKDIR /usr/src/couchdb/ +RUN git fetch origin \ + && git checkout $checkout_branch \ + && ./configure $configure_options \ + && make release + +# This results in a single layer image (or at least skips the build stuff?) +FROM runtime +COPY --from=build /usr/src/couchdb/rel/couchdb /opt/ + +# Add configuration +COPY local.ini /opt/couchdb/etc/default.d/ +COPY vm.args /opt/couchdb/etc/ +COPY docker-entrypoint.sh / + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args + +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh new file mode 100755 index 0000000..dda823d --- /dev/null +++ b/dev/docker-entrypoint.sh @@ -0,0 +1,74 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb /opt/couchdb + + chmod -R 0770 /opt/couchdb/data + + chmod 664 /opt/couchdb/etc/*.ini + chmod 664 /opt/couchdb/etc/local.d/*.ini + chmod 775 /opt/couchdb/etc/*.d + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini + chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret + printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/dev/local.ini b/dev/local.ini new file mode 100644 index 0000000..c1bac9e --- /dev/null +++ b/dev/local.ini @@ -0,0 +1,11 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any + +[httpd] +bind_address = any diff --git a/dev/vm.args b/dev/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/dev/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 42de4b02ff99684c75fcbe006d636ddaa2e80f9b Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Wed, 17 Jan 2018 13:21:06 -0500 Subject: [PATCH 11/28] Install newer RTD theme from pip See #58 --- dev/Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dev/Dockerfile b/dev/Dockerfile index 336ab80..ba3e259 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -78,14 +78,17 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libmozjs185-dev \ make \ python \ - python-sphinx \ - python-sphinx-rtd-theme \ + python-pip \ texinfo \ texlive-base \ texlive-fonts-extra \ texlive-fonts-recommended \ texlive-latex-extra +RUN pip install \ + sphinx \ + sphinx_rtd_theme + # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ From 7efafe23c03af436cdfcc43b71d91441ef01615e Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 9 Apr 2018 11:50:43 -0400 Subject: [PATCH 12/28] Add new targets to .travis.yml CI/CD --- .travis.yml | 15 ++-- dev-cluster/Dockerfile | 155 ++++++++++++++++++++++++++--------------- 2 files changed, 107 insertions(+), 63 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8ac681d..7db5791 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,12 +3,13 @@ sudo: required services: - docker -before_install: - - docker build -t couchdb:1.7.1 1.7.1 - - docker build -t couchdb:1.7.1-couchperuser 1.7.1-couchperuser - - docker build -t couchdb:2.1.1 2.1.1 +env: + - RELEASE=1.7.1 + - RELEASE=1.7.1-couchperuser + - RELEASE=2.1.1 + - RELEASE=dev + - RELEASE=dev-cluster script: - - docker run -d -p 5984:5984 couchdb:1.7.1 && sleep 5 && curl http://localhost:5984 - - docker run -d -p 5985:5984 couchdb:1.7.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.1.1 && sleep 5 && curl http://localhost:5986 + - docker build -t couchdb:$RELEASE $RELEASE + - docker run -d -p 5984:5984 couchdb:$RELEASE && sleep 10 && curl http://localhost:5984 diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 8b4a733..0166050 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -10,74 +10,117 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:jessie +# Base layer containing dependencies needed at runtime. This layer will be +# cached after the initial build. +FROM debian:jessie AS runtime -MAINTAINER CouchDB Developers dev@couchdb.apache.org +LABEL maintainer="CouchDB Developers " -ENV COUCHDB_VERSION master +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + libicu52 \ + libmozjs185-1.0 \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# Dependencies only needed during build time. This layer will also be cached +# unless for each clone_url. +FROM runtime AS build_dependencies -# download dependencies -RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ +RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - build-essential \ - ca-certificates \ + gcc \ + g++ \ curl \ - default-jdk \ - erlang-dev \ erlang-nox \ + erlang-reltool \ + erlang-dev \ git \ - haproxy \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - libwxgtk3.0 \ - openssl \ - pkg-config \ - python \ - python-sphinx \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ - && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq && apt-get install -y nodejs \ - && npm install -g grunt-cli \ - && cd /usr/src && git clone https://gitbox.apache.org/repos/asf/couchdb.git \ - && cd couchdb && git checkout $COUCHDB_VERSION \ - && cd /usr/src/couchdb && ./configure && make \ - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - default-jdk \ - git \ - libcurl4-openssl-dev \ - libicu-dev \ - libwxgtk3.0 \ make \ - nodejs \ - perl \ - pkg-config \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ - && apt-get autoremove -y \ - && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git - -# permissions -RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb - -USER couchdb -EXPOSE 5984 15984 25984 35984 15986 25986 35986 + python \ + python-pip + +RUN pip install \ + sphinx \ + sphinx_rtd_theme + +# Node is special +RUN set -ex; \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ + echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + apt-get update -y && apt-get install -y nodejs; \ + npm install -g grunt-cli + + +# Clone CouchDB source code including all dependencies +ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git +RUN git clone $clone_url /usr/src/couchdb +WORKDIR /usr/src/couchdb +RUN ./configure + +# This layer performs the actual build of a relocatable, self-contained +# release of CouchDB. It pulls down the latest changes from the remote +# origin (because the layer above will be cached) and switches to the +# branch specified in the build_arg (defaults to master) +FROM build_dependencies AS build + +ARG checkout_branch=master +ARG configure_options + +WORKDIR /usr/src/couchdb +RUN git fetch origin \ + && git checkout $checkout_branch \ + && ./configure $configure_options \ + && make couch + +# we skip any finalisation of this image since this is purely for testing + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /usr/src/couchdb + WORKDIR /usr/src/couchdb +EXPOSE 5984 4369 9100 -ENTRYPOINT ["/usr/src/couchdb/dev/run"] +ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] CMD ["--with-haproxy"] From 45b9dd1cc3ae1449f47cde77481b7f49173a1d9d Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 11 Apr 2018 03:37:43 -0400 Subject: [PATCH 13/28] Further fixes for dev and dev-cluster targets --- dev-cluster/Dockerfile | 107 +++++++++++++++++++-------------------- dev/Dockerfile | 91 +++++++++++++++++---------------- dev/docker-entrypoint.sh | 13 +++-- 3 files changed, 106 insertions(+), 105 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 0166050..c89c104 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -12,63 +12,69 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:jessie AS runtime +FROM debian:stretch -LABEL maintainer="CouchDB Developers " +MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ - libicu52 \ + curl \ + dirmngr \ + gnupg \ + haproxy \ + libicu57 \ libmozjs185-1.0 \ openssl \ - && rm -rf /var/lib/apt/lists/* + python && \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# Dependencies only needed during build time. This layer will also be cached -# unless for each clone_url. -FROM runtime AS build_dependencies + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + apt-get purge -y --auto-remove wget RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - gcc \ - g++ \ - curl \ + build-essential \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -76,9 +82,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - make \ - python \ - python-pip + python-setuptools \ + python-pip \ + python-wheel RUN pip install \ sphinx \ @@ -87,8 +93,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -99,28 +105,21 @@ RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure -# This layer performs the actual build of a relocatable, self-contained -# release of CouchDB. It pulls down the latest changes from the remote -# origin (because the layer above will be cached) and switches to the -# branch specified in the build_arg (defaults to master) -FROM build_dependencies AS build - ARG checkout_branch=master ARG configure_options -WORKDIR /usr/src/couchdb +WORKDIR /usr/src/couchdb/ RUN git fetch origin \ && git checkout $checkout_branch \ && ./configure $configure_options \ - && make couch - -# we skip any finalisation of this image since this is purely for testing + && make all # Setup directories and permissions RUN chown -R couchdb:couchdb /usr/src/couchdb -WORKDIR /usr/src/couchdb -EXPOSE 5984 4369 9100 +WORKDIR /opt/couchdb +EXPOSE 5984 15984 25984 35984 +VOLUME ["/usr/src/couchdb/dev/lib"] ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] CMD ["--with-haproxy"] diff --git a/dev/Dockerfile b/dev/Dockerfile index ba3e259..1b43ba7 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,63 +12,71 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:jessie AS runtime +FROM debian:stretch as runtime -LABEL maintainer="CouchDB Developers " +MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ - libicu52 \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ libmozjs185-1.0 \ openssl \ - && rm -rf /var/lib/apt/lists/* + python && \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + apt-get purge -y --auto-remove wget # Dependencies only needed during build time. This layer will also be cached -# unless for each clone_url. FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - gcc \ - g++ \ - curl \ + build-essential \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -76,14 +84,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - make \ - python \ + python-setuptools \ python-pip \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra + python-wheel RUN pip install \ sphinx \ @@ -92,8 +95,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -121,7 +124,7 @@ RUN git fetch origin \ # This results in a single layer image (or at least skips the build stuff?) FROM runtime -COPY --from=build /usr/src/couchdb/rel/couchdb /opt/ +COPY --from=build /usr/src/couchdb/rel/couchdb /opt/couchdb # Add configuration COPY local.ini /opt/couchdb/etc/default.d/ diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index dda823d..718779e 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -26,13 +26,12 @@ fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb + chown -fR couchdb:couchdb /opt/couchdb || true - chmod -R 0770 /opt/couchdb/data + chmod -fR 0770 /opt/couchdb/data || true - chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/local.d/*.ini - chmod 775 /opt/couchdb/etc/*.d + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + chmod -f 775 /opt/couchdb/etc/*.d || true if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args @@ -41,13 +40,13 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi if [ "$COUCHDB_SECRET" ]; then # Set secret printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi # if we don't find an [admins] section followed by a non-comment, display a warning From dffb6e98332507af16a654d5ff14311a82f2188f Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 11 Apr 2018 13:44:55 -0400 Subject: [PATCH 14/28] Update dev section --- README.md | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index aa066c1..ef684ec 100644 --- a/README.md +++ b/README.md @@ -61,9 +61,6 @@ You must create `_global_changes`, `_metadata`, `_replicator` and `_users` after The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! -[...] -``` - Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. ## Run (1.7.1) @@ -94,7 +91,7 @@ If you need (or want) to run couchdb in `net=host` mode, you can customize the p - `COUCHDB_HTTP_BIND_ADDRESS` (default: `0.0.0.0`) - `COUCHDB_HTTP_PORT` (default: `5984`) -### with couchperuser plugin +### 1.7.1 with couchperuser plugin This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). @@ -103,19 +100,26 @@ This build includes the `couchperuser` plugin. [sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1-couchperuser ``` -### In a developer cluster +## Development images + +This repository provides definitions to run the very latest (`master` branch) +CouchDB code: -This build demonstrates the CouchDB clustering features by creating a local -cluster of a default three nodes inside the container, with a proxy in front. -This is great for testing clustering in your local environment. +* `dev` runs a single node off of the `master` branch, similar to the other + officially released images. +* `dev-cluster` demonstrates the CouchDB clustering features by creating a + local cluster of a default three nodes inside the container, with a proxy in + front. This is great for testing clustering in your local environment. You will need to build Docker images from the `dev` directory in this repository; [Apache Software Foundation policy][4] prevents us from publishing non-release builds for wide distribution. +When launching the `dev-cluster` container, here is what you will see: + ```bash # expose the cluster to the world -[sudo] docker run -it -p 5984:5984 +$ docker run -it -p 5984:5984 [ * ] Setup environment ... ok [ * ] Ensure CouchDB is built ... ok @@ -132,24 +136,24 @@ Admin username: root Password: 37l7YDQJ Time to hack! ... ``` -**Note:** By default the cluster will be exposed on port `5984`, because it uses haproxy -(passes `--with-haproxy` to `dev/run`) internally. +**Note:** By default the cluster will be exposed on port `5984`, because it uses haproxy (passes `--with-haproxy` to `dev/run`) internally. -...but you can pass arguments to the binary +You can pass arguments to the binary: ```bash docker run -it --admin=foo:bar ``` + **Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose the cluster on `5984`, pass `--with-haproxy` explicitly. -Examples: +More examples: ```bash # display the available options of the couchdb startup script docker run --rm --help -# Enable admin party 🎉 and expose the cluster on port 5984 +# Enable admin party and expose the cluster on port 5984 docker run -it -p 5984:5984 --with-admin-party-please --with-haproxy # Start two nodes (without proxy) exposed on port 15984 and 25984 @@ -178,7 +182,7 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` -For the `2.1` image, configuration is stored at `/opt/couchdb/etc/`. +For the `2` image, configuration is stored at `/opt/couchdb/etc/`. ## Feedback, Issues, Contributing From aa7931f88fbbbb435a8f8e24998e3b5e08ea87ea Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 02:08:18 -0400 Subject: [PATCH 15/28] Update Node for dev image --- dev/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/Dockerfile b/dev/Dockerfile index 1b43ba7..4b5b2af 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -95,8 +95,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli From a1f4d9d579a7986d27a791c7b7ede50b13157751 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 02:24:13 -0400 Subject: [PATCH 16/28] update docs deps and dev-cluster node to 8.x --- dev-cluster/Dockerfile | 8 ++++---- dev/Dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index c89c104..14df4b1 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -84,17 +84,17 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libmozjs185-dev \ python-setuptools \ python-pip \ + python-sphinx \ python-wheel -RUN pip install \ - sphinx \ +RUN pip install --upgrade \ sphinx_rtd_theme # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli diff --git a/dev/Dockerfile b/dev/Dockerfile index 4b5b2af..24db534 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -86,10 +86,10 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libmozjs185-dev \ python-setuptools \ python-pip \ + python-sphinx \ python-wheel -RUN pip install \ - sphinx \ +RUN pip install --upgrade \ sphinx_rtd_theme # Node is special From 40389583b40ad08b008890aa20af5093c755d1d9 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Mon, 21 May 2018 08:31:36 -0400 Subject: [PATCH 17/28] Persist custom config settings across restarts This patch ensures that configuration properties set using the _config endpoint survive container restarts. Previously these settings would be erased by the code in the entrypoint that writes down the admin user and cookie auth secret. The patch also takes care to ensure that the admin user and secret are not accidentally left on the disk in plaintext -- i.e., it ensures that the entrypoint writes these settings into the last entry in the config chain. Finally, the patch ensures that local.d is always used to store custom configuration. Backing local.d by a persistent volume should allow for the config properties to survive a Pod being rescheduled onto another node by Kubernetes. --- dev/docker-entrypoint.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 718779e..de42028 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -37,18 +37,25 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args fi + # Ensure that CouchDB will write custom settings in this file + touch /opt/couchdb/etc/local.d/docker.ini + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi fi if [ "$COUCHDB_SECRET" ]; then - # Set secret - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # if we don't find an [admins] section followed by a non-comment, display a warning if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) From 59c4c8ddfa10a1d9cd828cd7814e62f3368fe197 Mon Sep 17 00:00:00 2001 From: Le Mouellic Maxime Date: Thu, 17 May 2018 18:27:13 +0200 Subject: [PATCH 18/28] Fix configuration save On restart configuration saved in local.d/ was lost Closes #78 --- 1.7.1/docker-entrypoint.sh | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/1.7.1/docker-entrypoint.sh b/1.7.1/docker-entrypoint.sh index c1c9f56..db5a60e 100755 --- a/1.7.1/docker-entrypoint.sh +++ b/1.7.1/docker-entrypoint.sh @@ -36,7 +36,31 @@ if [ "$1" = 'couchdb' ]; then chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini fi - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + if [ -f /usr/local/etc/couchdb/local.d/bind_address.ini ]; then + if ! grep -Fq "port =" /usr/local/etc/couchdb/local.d/bind_address.ini; then + vport=$(printf "[httpd]\\\nport = %s" ${COUCHDB_HTTP_PORT:=5984}) + if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then + sed -i -e "s/\\[httpd\\]/$vport/g" /usr/local/etc/couchdb/local.d/bind_address.ini + else + printf "$vport" >> /usr/local/etc/couchdb/local.d/bind_address.ini + fi + + fi + + if ! grep -Fq "bind_address =" /usr/local/etc/couchdb/local.d/bind_address.ini; then + vaddress=$(printf "[httpd]\\\nbind_address = %s" ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0}) + if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then + sed -i -e "s/\\[httpd\\]/$vaddress/g" /usr/local/etc/couchdb/local.d/bind_address.ini + else + printf "$vaddress" >> /usr/local/etc/couchdb/local.d/bind_address.ini + fi + + fi + + else + printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + fi + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini # if we don't find an [admins] section followed by a non-comment, display a warning From 9057152522f919c79acde1a61ad25c31d0ad2f25 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 13:21:32 -0700 Subject: [PATCH 19/28] Backport fix for #81 and #82 to 2.1.x image --- 2.1.1/docker-entrypoint.sh | 30 ++++++++++++++++++------------ dev/docker-entrypoint.sh | 2 +- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/2.1.1/docker-entrypoint.sh b/2.1.1/docker-entrypoint.sh index e03cd1a..c60c957 100755 --- a/2.1.1/docker-entrypoint.sh +++ b/2.1.1/docker-entrypoint.sh @@ -26,32 +26,38 @@ fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb + chown -fR couchdb:couchdb /opt/couchdb || true - chmod -R 0770 /opt/couchdb/data + chmod -fR 0770 /opt/couchdb/data || true - chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/default.d/*.ini - chmod 775 /opt/couchdb/etc/*.d + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + chmod -f 775 /opt/couchdb/etc/*.d || true if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args fi + # Ensure that CouchDB will write custom settings in this file + touch /opt/couchdb/etc/local.d/docker.ini + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi fi if [ "$COUCHDB_SECRET" ]; then - # Set secret - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index de42028..c60c957 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -57,7 +57,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** From ca9b039d036d1482fd1e5ce67176f05cf959beed Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 14:51:42 -0700 Subject: [PATCH 20/28] Upgrade 1.7.1, 2.1.1 -> 1.7.2, 2.1.2 --- .travis.yml | 12 +++++------- .../Dockerfile | 2 +- .../docker-entrypoint.sh | 0 {1.7.1 => 1.7.2}/Dockerfile | 2 +- {1.7.1 => 1.7.2}/docker-entrypoint.sh | 0 {2.1.1 => 2.1.2}/10-docker-default.ini | 0 {2.1.1 => 2.1.2}/Dockerfile | 2 +- {2.1.1 => 2.1.2}/docker-entrypoint.sh | 0 {2.1.1 => 2.1.2}/vm.args | 0 9 files changed, 8 insertions(+), 10 deletions(-) rename {1.7.1-couchperuser => 1.7.2-couchperuser}/Dockerfile (98%) rename {1.7.1-couchperuser => 1.7.2-couchperuser}/docker-entrypoint.sh (100%) rename {1.7.1 => 1.7.2}/Dockerfile (99%) rename {1.7.1 => 1.7.2}/docker-entrypoint.sh (100%) rename {2.1.1 => 2.1.2}/10-docker-default.ini (100%) rename {2.1.1 => 2.1.2}/Dockerfile (99%) rename {2.1.1 => 2.1.2}/docker-entrypoint.sh (100%) rename {2.1.1 => 2.1.2}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 7db5791..5811b4c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,12 +4,10 @@ services: - docker env: - - RELEASE=1.7.1 - - RELEASE=1.7.1-couchperuser - - RELEASE=2.1.1 - - RELEASE=dev - - RELEASE=dev-cluster + - RELEASES="1.7.2 1.7.2-couchperuser" + - RELEASES=2.1.2 + - RELEASES=dev + - RELEASES=dev-cluster script: - - docker build -t couchdb:$RELEASE $RELEASE - - docker run -d -p 5984:5984 couchdb:$RELEASE && sleep 10 && curl http://localhost:5984 + - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -p 5984:5984 couchdb:$rel && sleep 10 && curl http://localhost:5984 && docker kill $rel; done diff --git a/1.7.1-couchperuser/Dockerfile b/1.7.2-couchperuser/Dockerfile similarity index 98% rename from 1.7.1-couchperuser/Dockerfile rename to 1.7.2-couchperuser/Dockerfile index 1ed7a4c..510a458 100644 --- a/1.7.1-couchperuser/Dockerfile +++ b/1.7.2-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.7.1 +FROM couchdb:1.7.2 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.7.1-couchperuser/docker-entrypoint.sh b/1.7.2-couchperuser/docker-entrypoint.sh similarity index 100% rename from 1.7.1-couchperuser/docker-entrypoint.sh rename to 1.7.2-couchperuser/docker-entrypoint.sh diff --git a/1.7.1/Dockerfile b/1.7.2/Dockerfile similarity index 99% rename from 1.7.1/Dockerfile rename to 1.7.2/Dockerfile index da36f22..95b49be 100644 --- a/1.7.1/Dockerfile +++ b/1.7.2/Dockerfile @@ -76,7 +76,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 1.7.1 +ENV COUCHDB_VERSION 1.7.2 # download dependencies, compile and install couchdb, # set correct permissions, expose couchdb to the outside and disable logging to disk diff --git a/1.7.1/docker-entrypoint.sh b/1.7.2/docker-entrypoint.sh similarity index 100% rename from 1.7.1/docker-entrypoint.sh rename to 1.7.2/docker-entrypoint.sh diff --git a/2.1.1/10-docker-default.ini b/2.1.2/10-docker-default.ini similarity index 100% rename from 2.1.1/10-docker-default.ini rename to 2.1.2/10-docker-default.ini diff --git a/2.1.1/Dockerfile b/2.1.2/Dockerfile similarity index 99% rename from 2.1.1/Dockerfile rename to 2.1.2/Dockerfile index 1ffb317..9520b6c 100644 --- a/2.1.1/Dockerfile +++ b/2.1.2/Dockerfile @@ -79,7 +79,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 2.1.1 +ENV COUCHDB_VERSION 2.1.2 # Download dev dependencies RUN buildDeps=' \ diff --git a/2.1.1/docker-entrypoint.sh b/2.1.2/docker-entrypoint.sh similarity index 100% rename from 2.1.1/docker-entrypoint.sh rename to 2.1.2/docker-entrypoint.sh diff --git a/2.1.1/vm.args b/2.1.2/vm.args similarity index 100% rename from 2.1.1/vm.args rename to 2.1.2/vm.args From 0b03521edeea030bd07244264f60980bebd45b48 Mon Sep 17 00:00:00 2001 From: Thomas Prevet Date: Thu, 12 Jul 2018 16:11:35 +0200 Subject: [PATCH 21/28] add end of line before inserting [admin] and [secret] in case of docker.ini already exists --- 2.1.2/docker-entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2.1.2/docker-entrypoint.sh b/2.1.2/docker-entrypoint.sh index c60c957..4ba69b4 100755 --- a/2.1.2/docker-entrypoint.sh +++ b/2.1.2/docker-entrypoint.sh @@ -43,14 +43,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi From 0d8752ef22787adc737d050affadf1bb549b5023 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 23 Jul 2018 23:15:36 -0700 Subject: [PATCH 22/28] Use debian stretch, closes #91 --- 2.1.2/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/2.1.2/Dockerfile b/2.1.2/Dockerfile index 9520b6c..ed9cc38 100644 --- a/2.1.2/Dockerfile +++ b/2.1.2/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:jessie +FROM debian:stretch MAINTAINER CouchDB Developers dev@couchdb.apache.org @@ -22,9 +22,11 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ curl \ erlang-nox \ erlang-reltool \ - libicu52 \ + libicu57 \ libmozjs185-1.0 \ openssl \ + gpg \ + dirmngr \ && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling From dabb7d2d530d34558b9160c143fbf2d92a57e943 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 25 Jul 2018 20:05:26 -0700 Subject: [PATCH 23/28] Prep 2.2.0 docker iamge --- .travis.yml | 2 +- 2.1.2/Dockerfile | 129 -------------------- {2.1.2 => 2.2.0}/10-docker-default.ini | 0 2.2.0/Dockerfile | 156 +++++++++++++++++++++++++ {2.1.2 => 2.2.0}/docker-entrypoint.sh | 0 {2.1.2 => 2.2.0}/vm.args | 0 dev/Dockerfile | 107 +++++++++-------- dev/docker-entrypoint.sh | 4 +- 8 files changed, 218 insertions(+), 180 deletions(-) delete mode 100644 2.1.2/Dockerfile rename {2.1.2 => 2.2.0}/10-docker-default.ini (100%) create mode 100644 2.2.0/Dockerfile rename {2.1.2 => 2.2.0}/docker-entrypoint.sh (100%) rename {2.1.2 => 2.2.0}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 5811b4c..fb7596c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ services: env: - RELEASES="1.7.2 1.7.2-couchperuser" - - RELEASES=2.1.2 + - RELEASES=2.2.0 - RELEASES=dev - RELEASES=dev-cluster diff --git a/2.1.2/Dockerfile b/2.1.2/Dockerfile deleted file mode 100644 index ed9cc38..0000000 --- a/2.1.2/Dockerfile +++ /dev/null @@ -1,129 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:stretch - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Add CouchDB user account -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - erlang-reltool \ - libicu57 \ - libmozjs185-1.0 \ - openssl \ - gpg \ - dirmngr \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ - 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ - 2EC788AE3F239FA13E82D215CDE711289384AE37 -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 2.1.2 - -# Download dev dependencies -RUN buildDeps=' \ - apt-transport-https \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - make \ - ' \ - && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ - # Acquire CouchDB source code - && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ - && cd couchdb \ - # Build the release and install into /opt - && ./configure --disable-docs \ - && make release \ - && mv /usr/src/couchdb/rel/couchdb /opt/ \ - # Cleanup build detritus - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ - && mkdir /opt/couchdb/data \ - && chown -R couchdb:couchdb /opt/couchdb - -# Add configuration -COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY vm.args /opt/couchdb/etc/ - -COPY ./docker-entrypoint.sh / - -# Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args - -WORKDIR /opt/couchdb -EXPOSE 5984 4369 9100 -VOLUME ["/opt/couchdb/data"] - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.1.2/10-docker-default.ini b/2.2.0/10-docker-default.ini similarity index 100% rename from 2.1.2/10-docker-default.ini rename to 2.2.0/10-docker-default.ini diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile new file mode 100644 index 0000000..5d1d17f --- /dev/null +++ b/2.2.0/Dockerfile @@ -0,0 +1,156 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:stretch + +MAINTAINER CouchDB Developers dev@couchdb.apache.org + +# Add CouchDB user account +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ + libssl1.1 \ + openssl \ + python \ + && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ + | tee /etc/apt/sources.list.d/couchdb.list \ + && cat /etc/apt/sources.list.d/couchdb.list \ + && for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + done \ + && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ + 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ + 2EC788AE3F239FA13E82D215CDE711289384AE37 +RUN set -xe \ + && for key in $GPG_KEYS; do \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys "$key" && break || : ; \ + done; \ + done + +ENV COUCHDB_VERSION 2.2.0 + +# Download dev dependencies +RUN buildDeps=' \ + apt-transport-https \ + build-essential \ + couch-libmozjs185-dev \ + erlang-dev \ + erlang-nox \ + erlang-reltool \ + libcurl4-openssl-dev \ + libicu-dev \ + make \ + libssl-dev \ + ' \ + && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ + # Acquire CouchDB source code + && cd /usr/src && mkdir couchdb \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ + && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ + && cd couchdb \ + # Build the release and install into /opt + && ./configure \ + && make release \ + && mv /usr/src/couchdb/rel/couchdb /opt/ \ + # Cleanup build detritus + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ + && mkdir /opt/couchdb/data \ + && chown -R couchdb:couchdb /opt/couchdb + +# Add configuration +COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY vm.args /opt/couchdb/etc/ +COPY docker-entrypoint.sh / + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args + +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.1.2/docker-entrypoint.sh b/2.2.0/docker-entrypoint.sh similarity index 100% rename from 2.1.2/docker-entrypoint.sh rename to 2.2.0/docker-entrypoint.sh diff --git a/2.1.2/vm.args b/2.2.0/vm.args similarity index 100% rename from 2.1.2/vm.args rename to 2.2.0/vm.args diff --git a/dev/Dockerfile b/dev/Dockerfile index 24db534..cac8133 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -17,59 +17,71 @@ FROM debian:stretch as runtime MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - dirmngr \ - gnupg \ - libicu57 \ - libmozjs185-1.0 \ - openssl \ - python && \ - rm -rf /var/lib/apt/lists/* +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ + libssl1.1 \ + openssl \ + python \ + && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ + | tee /etc/apt/sources.list.d/couchdb.list \ + && cat /etc/apt/sources.list.d/couchdb.list \ + && for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + done \ + && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ + && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - apt-get purge -y --auto-remove wget + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # Dependencies only needed during build time. This layer will also be cached FROM runtime AS build_dependencies @@ -77,13 +89,13 @@ FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ build-essential \ + couch-libmozjs185-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ git \ libcurl4-openssl-dev \ libicu-dev \ - libmozjs185-dev \ python-setuptools \ python-pip \ python-sphinx \ @@ -100,9 +112,8 @@ RUN set -ex; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli - # Clone CouchDB source code including all dependencies -ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git +ARG clone_url=https://github.com/apache/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index c60c957..4ba69b4 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -43,14 +43,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi From f429c1ccf22fe8cf7717383462fbf2f56e6d0301 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 8 Aug 2018 08:14:19 -0700 Subject: [PATCH 24/28] Feedback from @tianon + deprecate 1.x images --- 2.2.0/Dockerfile | 4 ++-- README.md | 61 +++++++----------------------------------------- dev/Dockerfile | 4 ++-- 3 files changed, 12 insertions(+), 57 deletions(-) diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile index 5d1d17f..6d52272 100644 --- a/2.2.0/Dockerfile +++ b/2.2.0/Dockerfile @@ -34,9 +34,9 @@ RUN apt-get update -y && apt-get install -y \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ - && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ && rm -rf /var/lib/apt/lists/* diff --git a/README.md b/README.md index ef684ec..c2497d5 100644 --- a/README.md +++ b/README.md @@ -2,28 +2,22 @@ Put the couch in a docker container and ship it anywhere. -If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - -- Version (stable): `CouchDB 1.7.1`, `Erlang 17.3` -- Version (stable): `CouchDB 2.1.1`, `Erlang 17.3` +- Version (stable): `CouchDB 2.2.0`, `Erlang 19.2.1` ## Available tags -- `1.7.1`: CouchDB 1.7.1 -- `1.7.1-couchperuser`: CouchDB 1.7.1 with couchperuser plugin -- `latest`, `2.1.1`: CouchDB 2.1.1 single node (capable of running in a cluster) +- `latest`, `2.2.0`: CouchDB 2.2.0 single node (capable of running in a cluster) ## Features -* built on top of the solid and small `debian:jessie` base image +* built on top of the solid and small `debian:stretch` base image * exposes CouchDB on port `5984` of the container * runs everything as user `couchdb` (security ftw!) * docker volume for data -## Run (latest/2.1.1) +## Run Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). -This is a build of the CouchDB 2.1 release. By default, CouchDB's HTTP interface is exposed on port `5984`. Once running, you can visit the new admin interface at `http://:5984/_utils/` @@ -38,8 +32,7 @@ $ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local 18:54:48.780 [info] Application couch_mrview started on node nonode@nohost 18:54:48.780 [info] Application couch_plugins started on node nonode@nohost ``` - -### Detailed configuration (latest/2.x) +### Detailed configuration CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to bind map this to an external directory, to persist the configuration across restarts. @@ -53,7 +46,7 @@ In addition, a few environment variables are provided to set very common paramet If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. -### Important notes (latest/2.x) +### Important notes Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. @@ -63,43 +56,6 @@ The node will also start in [admin party mode](http://guide.couchdb.org/draft/se Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. -## Run (1.7.1) - -Available as an official image on Docker Hub as [apache/couchdb:1.7.1](https://hub.docker.com/r/apache/couchdb/) - -```bash -[sudo] docker pull apache/couchdb:1.7.1 - -# expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1 - -curl http://localhost:5984 -``` - -...or with mounted volume for the data - -```bash -# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.1 -``` - -If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` -or extend the image and `COPY` your `config.ini` (see [Build you own](#build-your-own)). - -If you need (or want) to run couchdb in `net=host` mode, you can customize the port and bind address using environment variables: - - - `COUCHDB_HTTP_BIND_ADDRESS` (default: `0.0.0.0`) - - `COUCHDB_HTTP_PORT` (default: `5984`) - -### 1.7.1 with couchperuser plugin - -This build includes the `couchperuser` plugin. -`couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). - -``` -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1-couchperuser -``` - ## Development images This repository provides definitions to run the very latest (`master` branch) @@ -172,7 +128,7 @@ Example Dockerfile: ``` FROM apache/couchdb:latest -COPY local.ini /usr/local/etc/couchdb/local.d/ +COPY 99-local.ini /opt/couchdb/etc/local.d ``` and then build and run @@ -182,8 +138,6 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` -For the `2` image, configuration is stored at `/opt/couchdb/etc/`. - ## Feedback, Issues, Contributing General feedback is welcome at our [user][1] or [developer][2] mailing lists. @@ -196,6 +150,7 @@ use GitHub Issues, do not report anything on Docker's website. - [@klaemo](https://github.com/klaemo) - [@joeybaker](https://github.com/joeybaker) +- [@tianon](https://github.com/tianon) [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ [2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ diff --git a/dev/Dockerfile b/dev/Dockerfile index cac8133..de2d57f 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -36,9 +36,9 @@ RUN apt-get update -y && apt-get install -y \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ - && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ && rm -rf /var/lib/apt/lists/* From ca8c02bba82b832ab493db5a69bf8ad158a3f0e0 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 29 Aug 2018 16:37:03 -0400 Subject: [PATCH 25/28] Do not remove apt-transport-https --- 2.2.0/Dockerfile | 1 - dev/Dockerfile | 1 - 2 files changed, 2 deletions(-) diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile index 6d52272..c5ae1d6 100644 --- a/2.2.0/Dockerfile +++ b/2.2.0/Dockerfile @@ -111,7 +111,6 @@ ENV COUCHDB_VERSION 2.2.0 # Download dev dependencies RUN buildDeps=' \ - apt-transport-https \ build-essential \ couch-libmozjs185-dev \ erlang-dev \ diff --git a/dev/Dockerfile b/dev/Dockerfile index de2d57f..c5cb382 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -87,7 +87,6 @@ RUN set -ex; \ FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ - apt-transport-https \ build-essential \ couch-libmozjs185-dev \ erlang-nox \ From 87dc8d2eab8ca5483c8d1155d7bdc1dd7aabe337 Mon Sep 17 00:00:00 2001 From: Martin Barth Date: Tue, 18 Sep 2018 17:24:36 +0200 Subject: [PATCH 26/28] Added information about cluster configuration. This Fixes #106 (#108) Added information about cluster configuration. Closes #106 --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index c2497d5..ae9f947 100644 --- a/README.md +++ b/README.md @@ -43,9 +43,12 @@ In addition, a few environment variables are provided to set very common paramet * `COUCHDB_USER` and `COUCHDB_PASSWORD` will create an ini-file based local admin user with the given username and password in the file `/opt/couchdb/etc/local.d/docker.ini`. * `COUCHDB_SECRET` will set the CouchDB shared cluster secret value, in the file `/opt/couchdb/etc/local.d/docker.ini`. * `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. +* Erlang Environment Variables like `ELR_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). + ### Important notes Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. From 96378db5548a3a530d078d782576b3e2d1e290f7 Mon Sep 17 00:00:00 2001 From: Alfredo Matas Date: Thu, 20 Sep 2018 17:30:34 +0200 Subject: [PATCH 27/28] Set NODENAME and ERLANG_COOKIE if they are not set --- 2.2.0/docker-entrypoint.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/2.2.0/docker-entrypoint.sh b/2.2.0/docker-entrypoint.sh index 4ba69b4..340f914 100755 --- a/2.2.0/docker-entrypoint.sh +++ b/2.2.0/docker-entrypoint.sh @@ -33,6 +33,15 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; chmod -f 775 /opt/couchdb/etc/*.d || true + if [ -n "$ERLANG_COOKIE" ]; then + echo $ERLANG_COOKIE > /opt/couchdb/.erlang.cookie + chmod 600 /opt/couchdb/.erlang.cookie + fi + + if [ -z "$NODENAME" ]; then + NODENAME=$(hostname -f) + fi + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args fi From f581380970bcd0d22d50e68957b0a5d5896a2d3c Mon Sep 17 00:00:00 2001 From: Alfredo Matas Date: Thu, 20 Sep 2018 18:40:11 +0200 Subject: [PATCH 28/28] Fix identation and create file before set the permissions --- 2.2.0/docker-entrypoint.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/2.2.0/docker-entrypoint.sh b/2.2.0/docker-entrypoint.sh index 340f914..c2f456d 100755 --- a/2.2.0/docker-entrypoint.sh +++ b/2.2.0/docker-entrypoint.sh @@ -25,22 +25,22 @@ if [ "$1" = 'couchdb' ]; then fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + if [ -n "$ERLANG_COOKIE" ]; then + echo $ERLANG_COOKIE > /opt/couchdb/.erlang.cookie + chmod 600 /opt/couchdb/.erlang.cookie + fi + # we need to set the permissions here because docker mounts volumes as root chown -fR couchdb:couchdb /opt/couchdb || true chmod -fR 0770 /opt/couchdb/data || true - find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; chmod -f 775 /opt/couchdb/etc/*.d || true - if [ -n "$ERLANG_COOKIE" ]; then - echo $ERLANG_COOKIE > /opt/couchdb/.erlang.cookie - chmod 600 /opt/couchdb/.erlang.cookie - fi - - if [ -z "$NODENAME" ]; then + if [ -z "$NODENAME" ]; then NODENAME=$(hostname -f) - fi + fi if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args