51 lines
2.8 KiB
Plaintext
51 lines
2.8 KiB
Plaintext
# (from) July 7 2022
|
|
# This repo will be actively worked on from now.
|
|
# This file will be a ToDo/bits'n'bobs list of things to take care of
|
|
|
|
ckan/ckan-docker-base: For the base images Dockerfiles (prod and dev) and related scripts
|
|
ckan/ckan-docker: For the project-oriented image template (prod and dev). Patching only done in Dev ### This repo!
|
|
|
|
All the other images should live in separate repos
|
|
|
|
1. Solr - use ckan-solr (https://github.com/ckan/ckan-solr)
|
|
2. PostgreSQL - use current method (base image: postgres:12-alpine from DockerHub, enhanced in a Dockerfile)
|
|
### This may change to be more like Solr though
|
|
3. Redis - use current method (DockerHub image: redis:${REDIS_VERSION} specified as a compose service in the compose file)
|
|
latest image to used is redis:6
|
|
4. nginx - use a late(ish) nginx image from DockerHub, enhanced in a Dockerfile)
|
|
5. DataPusher - built from the actual datapusher repo (https://github.com/ckan/datapusher)
|
|
6. CKAN - built from the ckan/ckan-base:2.9.5 base image (which is built from the ckan/ckan-docker-base repo). Include a .dev option
|
|
7. CKAN Worker - add new (ckan worker) container in the compose setup...maybe have it commented out initially
|
|
|
|
Versions 2.9 and 2.10 (when it's out) only. Plan the repo layout for having multiple versions - OKFN could used as an example
|
|
|
|
NB: Had to update the prerun.py script as it was failing on check_solr_connection
|
|
|
|
|
|
### ToDo (remaining things to think about and/or 'to fix') ###
|
|
|
|
1. DataPusher - needed to use a custom requirements.txt as the official didn't work (see https://github.com/ckan/datapusher/pull/251)
|
|
2. Use Multi-Stage images defined in Dockerfile - get the CKAN images down to bare-bones...for security reasons really
|
|
General Dockerfile flow of stages:
|
|
- base: all prod dependencies, no code yet
|
|
- dev, from base: all dev dependencies, no code yet (in dev, source code is bind-mounted anyway)
|
|
- source, from base: add code
|
|
- test/audit, from source: then COPY --from=dev for dev dependencies, then run tests. Optionally, audit and lint code (if you don't do it on git push already).
|
|
- prod, from source: no change from source stage, but listed last so in case a stage isn't targeted, the builder will default to this stage
|
|
Also check out https://github.com/ckan/ckan/pull/4635 for Francesco's test stuff
|
|
3. CKAN Worker (maybe)
|
|
4. Implement SSL for the nginx container or include a howto in the docs
|
|
|
|
|
|
### Container Canary notes
|
|
|
|
A list of what tests to run on the Docker containers to verify they have been built correctly
|
|
|
|
- Check the user name and the uid/gid
|
|
- Check the ports the container is listening on
|
|
- Check an httpget on the URL
|
|
- any command can be executed in the running container and can be configured t run every x minutes
|
|
- check processes running as non root
|
|
-
|
|
|