Merge branch 'feature/dockerfile-initializer' into '2.x'

Dockerfile initializer in Drupalizer See merge request !34

Merge branch 'feature/dockerfile-initializer' into '2.x'
Dockerfile initializer in Drupalizer See merge request !34
79f1e301 · Philippe Mouchel · 9c1cb39d · 1e8b730b · 79f1e301 · 79f1e301
Commit 79f1e301 authored Dec 02, 2016 by Philippe Mouchel
16 changed files
--- a/Dockerfile
+++ b/Dockerfile
+# docker Drupal
+# VERSION       0.3
+FROM    savoirfairelinux/lampd
+MAINTAINER Ernesto Rodriguez Ortiz <ernesto.rodriguezortiz@savoirfairelinuc.com>
+
+ENV initpath ./fabfile/docker
+
+COPY ${initpath} /opt/init
+RUN /opt/init/bootstrap
+
+ENTRYPOINT ["/opt/init/init"]
+CMD ["/sbin/my_init"]
--- a/__init__.py
+++ b/__init__.py
@@ -21,10 +21,10 @@ def init():
    execute(docker.container_start)

    execute(drush.make, 'install')
-    execute(drush.site_install, host='root@{}'.format(env.container_ip))
+    execute(drush.site_install)
    execute(drush.aliases)

-    execute(behat.init, host='root@{}'.format(env.container_ip))
+    execute(behat.init)


 @task

--- a/behat.py
+++ b/behat.py
@@ -24,7 +24,6 @@ def init(rewrite=True):
            h.fab_run(role, 'cp example.behat.yml behat.yml')
            h.fab_run(role, 'sed -i "s@%DRUPAL_ROOT@{}@g" behat.yml'.format(site_root))
            h.fab_run(role, 'sed -i "s@%URL@http://{}@g" behat.yml'.format(host))
-            h.fab_run(role, 'echo "127.0.0.1  {}" >> /etc/hosts'.format(host))

        print green('Behat is now properly configured. The configuration file is {}/tests/behat/behat.yml'.format(workspace))
    else:

--- a/docker.py
+++ b/docker.py
 from __future__ import unicode_literals

+import os
+
 from fabric.api import task, roles, env, local, run, lcd, execute
 from fabric.colors import red, green
 from fabric.contrib.console import confirm
@@ -54,6 +56,9 @@ def docker_tryrun(imgname, containername=None, opts='', mounts=None, cmd='', res
    else:
        containername_opt = ''

+    opts += ' -e USER_ID={}'.format(os.getuid())
+    opts += ' -e GROUP_ID={}'.format(os.getgid())
+
    local('docker run %s %s %s %s' % (opts, containername_opt, imgname, cmd))
    return True

@@ -114,7 +119,7 @@ def connect():
    """
    with lcd(env.workspace):
        if docker_isrunning('{}_container'.format(env.project_name)):
-            local('docker exec -it {}_container bash'.format(env.project_name))
+            local('ssh drupalizer@{} -i {} -o StrictHostKeyChecking=no'.format(env.container_ip, h.fab_ssh_key()))
        else:
            print(red('Docker container {}_container is not running, it should be running to be able to connect.'))

@@ -129,8 +134,8 @@ def image_create():
        if '{}/drupal'.format(env.project_name) in docker_images():
            print(red('Docker image {}/drupal was found, you has already build this image'.format(env.project_name)))
        else:
-            h.copy_public_ssh_keys('local')
-            local('docker build -t {}/drupal .'.format(env.project_name))
+            dockerfile = h.fab_path('Dockerfile')
+            local('docker build -t {}/drupal -f {} .'.format(env.project_name, dockerfile))
            print(green('Docker image {}/drupal was build successful'.format(env.project_name)))



--- a/docker/bootstrap
+++ b/docker/bootstrap
+#!/bin/bash
+
+set -e
+
+INIT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/bootstrap.d"
+
+if [[ -d $INIT_DIR && -r $INIT_DIR && -x $INIT_DIR ]]; then
+    for i in $(LC_ALL=C command ls "$INIT_DIR"); do
+        i=$INIT_DIR/$i
+        [[ -f $i && -r $i ]] && . "$i"
+    done
+fi
--- a/docker/bootstrap.d/00-users
+++ b/docker/bootstrap.d/00-users
+##
+# Create system users
+#
+
+# Main user for Drupalizer tasks
+useradd --home-dir /opt/init drupalizer --shell /bin/bash
+passwd -d drupalizer
+
+chown drupalizer:drupalizer /opt/init
--- a/docker/bootstrap.d/01-filesystem
+++ b/docker/bootstrap.d/01-filesystem
+##
+# Create required filesystem structure
+#
+
+# Shared filesystem mount point
+mkdir -p /opt/sfl/
+
+# Apache document root
+mkdir -p /opt/sfl/src/drupal
+
+# Ensure the correct owner
+chown -R drupalizer:drupalizer /opt/sfl
--- a/docker/bootstrap.d/02-sudo
+++ b/docker/bootstrap.d/02-sudo
+##
+# Configure SUDO rights
+#
+
+# Full access for `drupalizer` user without password
+echo 'drupalizer ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
--- a/docker/bootstrap.d/33-ssh
+++ b/docker/bootstrap.d/33-ssh
+##
+# Configure SSH access
+#
+
+# Use the same authorized_keys file for all users
+echo 'AuthorizedKeysFile /etc/ssh/authorized_keys' >> /etc/ssh/sshd_config
+
+# Add the default known key to allow access for all users
+echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDcJHyU5S4xRP4QyJuBOiS38mrEuwfgOoWoNFQM0gWhJCb2phByO4Xg68f4v0w3FWm2SQQKv3bG5aevTI2ST5n0o/GbcCpdT1udV9uQIxr1+cbXUrecaNPD3WyIxt1Rldtwm7+s0AlwHHk0zKvulyupzPfQGB4Ix0zUfIzt+U45ww==' > /etc/ssh/authorized_keys
+
+service ssh restart
--- a/docker/bootstrap.d/66-apache
+++ b/docker/bootstrap.d/66-apache
+##
+# Configure Apache webserver
+#
+
+# Configure default VirtualHost for Drupal
+cat > /etc/apache2/sites-available/000-default.conf <<EOF
+ServerName localhost
+
+<VirtualHost *:80>
+    DocumentRoot /opt/sfl/src/drupal
+
+    <Directory /opt/sfl/src/drupal/>
+        AllowOverride All
+        Options FollowSymLinks
+        Require all granted
+    </Directory>
+</VirtualHost>
+EOF
+
+# Make Apache run as the main `drupalizer` user
+cat >> /etc/apache2/envvars << EOF
+
+export APACHE_RUN_USER=drupalizer
+export APACHE_RUN_GROUP=drupalizer
+EOF
+
+# Enable modules required by Drupal
+a2enmod rewrite vhost_alias
+
+service apache2 restart
--- a/docker/bootstrap.d/99-profile-chdir
+++ b/docker/bootstrap.d/99-profile-chdir
+##
+# Configure .profile login script
+#
+
+# Change CWD instantly after login into Apache document root for convenience
+echo 'cd /opt/sfl/src/drupal' > /opt/init/.profile
--- a/docker/init
+++ b/docker/init
+#!/bin/bash
+
+if [[ ! -z "$USER_ID" ]]
+then
+    which usermod 2>&1 >/dev/null && usermod -u $USER_ID drupalizer
+    service apache2 reload
+fi
+
+if [[ ! -z "$GROUP_ID" ]]
+then
+    which groupmod 2>&1 >/dev/null && groupmod -g $GROUP_ID drupalizer
+    service apache2 reload
+fi
+
+exec /bin/sh -c "$*"
--- a/docker/ssh/id_rsa
+++ b/docker/ssh/id_rsa
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDcJHyU5S4xRP4QyJuBOiS38mrEuwfgOoWoNFQM0gWhJCb2phBy
+O4Xg68f4v0w3FWm2SQQKv3bG5aevTI2ST5n0o/GbcCpdT1udV9uQIxr1+cbXUrec
+aNPD3WyIxt1Rldtwm7+s0AlwHHk0zKvulyupzPfQGB4Ix0zUfIzt+U45wwIDAQAB
+AoGBAIFL/NAG+2Z8uyxoZs0ztTVE8Giz4SBVvwLYGTWedSf779aWGrq9Mxiz4zO6
+R61iqkAiCnm1krGnWSGguNXiYu0xt3sZww1Oug8hLwCKO87Mz0E8VFbYF/e8Y4VU
+87/j4binSBzmTDwPNbKYHkDKTSpAEj8MEysXMwoRYfsupYxhAkEA+5ofK/xV92i0
+6b9A/RL+y1d/yuTIzQYSKucqgZe/l/e3uXH0QXcCefXoQYrvxMDMHA5aeViJ54Zi
+IWwnY0c+DQJBAN/9lrONTMq+pb3aHBAOBi5r1+R4mE7LwNUA2PycqaTrKt7yT+KM
+xdPFE3fWDITNvtLNAAvhx7J7mq7mfCWZMw8CQEhwjmsGouWx4uyt4RM8Rdnb3nJX
+Pq0xA0gQ+H8JZuNlMiOVeKLklfTxZSaBzxjR/bJSO6BWapYbbeN7lTeTSn0CQQC+
+ORWH7OMfd6M4RYf5ln9nYwzZKhVnLaDZBDxC5CUqOtGQv0ZahuTmwQKUjgLZsgVx
+7skwThGTIWevS2x5Xc6/AkEA4iTZC8WOP/MN16bOuFsqHjmhmaONSomQ/pvYgwED
+flGK2B3jpsP0UiFBJCCsKEkx+07NBzxY/tMLTkivpLUutA==
+-----END RSA PRIVATE KEY-----
--- a/docker/ssh/id_rsa.pub
+++ b/docker/ssh/id_rsa.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDcJHyU5S4xRP4QyJuBOiS38mrEuwfgOoWoNFQM0gWhJCb2phByO4Xg68f4v0w3FWm2SQQKv3bG5aevTI2ST5n0o/GbcCpdT1udV9uQIxr1+cbXUrecaNPD3WyIxt1Rldtwm7+s0AlwHHk0zKvulyupzPfQGB4Ix0zUfIzt+U45ww==
--- a/drush.py
+++ b/drush.py
@@ -19,6 +19,8 @@
 from __future__ import unicode_literals
 from datetime import datetime

+import os
+
 from fabric.api import task, roles, env, local
 from fabric.colors import red, green
 from fabric.contrib.console import confirm
@@ -63,6 +65,12 @@ def make(action='install'):
        local('mkdir {}'.format(env.site_root))

    with h.fab_cd('local', env.site_root):
+        if os.path.isdir('{}/sites/default/'.format(env.site_root)):
+            local('chmod u+w sites/default')
+
+        if os.path.isfile('{}/sites/default/settings.php'.format(env.site_root)):
+            local('chmod u+w sites/default/settings.php')
+
        local('drush make {} {} -y'.format(drush_opts, env.makefile))


@@ -124,16 +132,13 @@ def site_install():
    h.init_db('docker')

    with h.fab_cd(role, site_root):
-        h.fab_run(role, 'chown {}:{} ./sites'.format(env.apache_user, env.apache_user))
-        h.fab_run(role, 'chmod ug+w ./sites/default'.format(env.docker_site_root))
-
        if env.site_default_language:
            locale = '--locale="{}"'.format(env.site_default_language)
        else:
            locale = ''

-        h.fab_run(role, 'sudo -u {} drush site-install {} {} --db-url=mysql://{}:{}@{}/{} --site-name="{}" '
-                        '--account-name={} --account-pass={} --sites-subdir={} -y'.format(apache, profile, locale,
+        h.fab_run(role, 'drush site-install {} {} --db-url=mysql://{}:{}@{}/{} --site-name="{}" '
+                        '--account-name={} --account-pass={} --sites-subdir={} -y'.format(profile, locale,
                                                                                          db_user, db_pass,
                                                                                          db_host, db_name, site_name,
                                                                                          site_admin_name,

--- a/helpers.py
+++ b/helpers.py
@@ -18,12 +18,14 @@

 from __future__ import unicode_literals

+import os
 import socket

 from getpass import getuser

 from fabric.api import lcd, cd, roles, local, run
 from fabric.colors import green
+from fabric.context_managers import settings
 from fabric.contrib.console import confirm
 from fabric.contrib.files import exists

@@ -43,7 +45,7 @@ host_name = local("hostname", capture=True)

 # Set the env dict with the roles and the hosts
 env.roledefs['local'] = ["{}@{}".format(user_name, host_name)]
-env.roledefs['docker'] = ["root@{}".format(env.container_ip)]
+env.roledefs['docker'] = ["drupalizer@{}".format(env.container_ip)]

 env.builddir = path.join(env.workspace, 'build')

@@ -68,7 +70,8 @@ def fab_run(role="local", cmd=""):
    if role == "local":
        return local(cmd)
    else:
-        return run(cmd)
+        with settings(key_filename=fab_ssh_key()):
+            return run(cmd)


 def fab_cd(role, directory):
@@ -200,3 +203,24 @@ def init_db(role='docker'):
                  '\'{}\'@\'localhost\' IDENTIFIED BY \'{}\'; GRANT ALL PRIVILEGES ON {}.* TO \'{}\'@\'{}\' '
                  'IDENTIFIED BY \'{}\'; FLUSH PRIVILEGES;"'.format(env.site_db_name, env.site_db_name, env.site_db_user, env.site_db_pass,
                                                                    env.site_db_name, env.site_db_user, docker_iface_ip, env.site_db_user))
+
+def fab_path(filename):
+    """
+    Returns the full path a file relative to the location of fabfile.
+
+    :param filename Name of the file to compose path from.
+    """
+    path = os.path.dirname(os.path.abspath(__file__))
+    return os.path.abspath('{0}/{1}'.format(path, filename))
+
+def fab_ssh_key():
+    """
+    Returns the full path to default RSA key for SSH connections.
+
+    This helper checks and (if necessary) fixes filesystem permissions on the
+    RSA key file to make sure that SSH does not ignore keys accessible by other
+    users.
+    """
+    path = fab_path('docker/ssh/id_rsa')
+    local('chmod 600 {}'.format(path))
+    return path