From 47e4c6eb79ba14db46ecaa273fe6309f9d4aa604 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Wed, 19 Feb 2025 11:30:43 +0100 Subject: [PATCH] Fix complement build --- docker/Dockerfile | 1 + docker/Dockerfile-workers | 86 ++++++++++++++++++++---------------- docker/complement/Dockerfile | 11 ++--- 3 files changed, 54 insertions(+), 44 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index d8d699e99d..e63a6a0cf0 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -194,6 +194,7 @@ COPY ./docker/conf /conf EXPOSE 8008/tcp 8009/tcp 8448/tcp +SHELL ["/busybox/sh", "-c"] ENTRYPOINT ["/start.py"] HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \ diff --git a/docker/Dockerfile-workers b/docker/Dockerfile-workers index 2ceb6ab67c..5ab0dfddc8 100644 --- a/docker/Dockerfile-workers +++ b/docker/Dockerfile-workers @@ -2,18 +2,29 @@ ARG SYNAPSE_VERSION=latest ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION +ARG DEBIAN_VERSION=bookworm +ARG DEBIAN_VERSION_NUMERIC=12 +ARG PYTHON_VERSION=3.12 # first of all, we create a base image with an nginx which we can copy into the # target image. For repeated rebuilds, this is much faster than apt installing # each time. -FROM docker.io/library/debian:bookworm-slim AS deps_base - RUN \ - --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - apt-get update -qq && \ - DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends \ - redis-server nginx-light +FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS deps_base + +# This silences a warning as uv isn't able to do hardlinks between its cache +# (mounted as --mount=type=cache) and the target directory. +ENV UV_LINK_MODE=copy + +RUN \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + apt-get update -qq && \ + DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends \ + redis-server nginx-light + +RUN --mount=type=cache,target=/root/.cache/uv \ + uv pip install --prefix="/install" supervisor~=4.2 # Similarly, a base to copy the redis server from. # @@ -26,42 +37,39 @@ FROM docker.io/library/redis:7-bookworm AS redis_base # now build the final image, based on the the regular Synapse docker image FROM $FROM - # Install supervisord with pip instead of apt, to avoid installing a second - # copy of python. - RUN --mount=type=cache,target=/root/.cache/pip \ - pip install supervisor~=4.2 - RUN mkdir -p /etc/supervisor/conf.d +# Copy over redis, nginx and supervisor +COPY --from=redis_base /usr/local/bin/redis-server /usr/local/bin - # Copy over redis and nginx - COPY --from=redis_base /usr/local/bin/redis-server /usr/local/bin +COPY --from=deps_base /install /usr/local +COPY --from=deps_base /usr/sbin/nginx /usr/sbin +COPY --from=deps_base /usr/share/nginx /usr/share/nginx +COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx +COPY --from=deps_base /etc/nginx /etc/nginx +RUN rm /etc/nginx/sites-enabled/default +RUN mkdir -p /var/log/nginx /var/lib/nginx /etc/supervisor/conf.d +RUN echo "nogroup:x:65534:" >> /etc/group +RUN adduser -S -u 33 -h /var/www -s /usr/sbin/nologin -H www-data +RUN chown www-data /var/lib/nginx - COPY --from=deps_base /usr/sbin/nginx /usr/sbin - COPY --from=deps_base /usr/share/nginx /usr/share/nginx - COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx - COPY --from=deps_base /etc/nginx /etc/nginx - RUN rm /etc/nginx/sites-enabled/default - RUN mkdir /var/log/nginx /var/lib/nginx - RUN chown www-data /var/lib/nginx +# have nginx log to stderr/out +RUN ln -sf /dev/stdout /var/log/nginx/access.log +RUN ln -sf /dev/stderr /var/log/nginx/error.log - # have nginx log to stderr/out - RUN ln -sf /dev/stdout /var/log/nginx/access.log - RUN ln -sf /dev/stderr /var/log/nginx/error.log +# Copy Synapse worker, nginx and supervisord configuration template files +COPY ./docker/conf-workers/* /conf/ - # Copy Synapse worker, nginx and supervisord configuration template files - COPY ./docker/conf-workers/* /conf/ +# Copy a script to prefix log lines with the supervisor program name +COPY ./docker/prefix-log /usr/local/bin/ - # Copy a script to prefix log lines with the supervisor program name - COPY ./docker/prefix-log /usr/local/bin/ +# Expose nginx listener port +EXPOSE 8080/tcp - # Expose nginx listener port - EXPOSE 8080/tcp +# A script to read environment variables and create the necessary +# files to run the desired worker configuration. Will start supervisord. +COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py +ENTRYPOINT ["/configure_workers_and_start.py"] - # A script to read environment variables and create the necessary - # files to run the desired worker configuration. Will start supervisord. - COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py - ENTRYPOINT ["/configure_workers_and_start.py"] - - # Replace the healthcheck with one which checks *all* the workers. The script - # is generated by configure_workers_and_start.py. - HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \ - CMD /bin/sh /healthcheck.sh +# Replace the healthcheck with one which checks *all* the workers. The script +# is generated by configure_workers_and_start.py. +HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \ + CMD /bin/sh /healthcheck.sh diff --git a/docker/complement/Dockerfile b/docker/complement/Dockerfile index ce82c400eb..f68f135417 100644 --- a/docker/complement/Dockerfile +++ b/docker/complement/Dockerfile @@ -15,13 +15,14 @@ FROM $FROM # since for repeated rebuilds, this is much faster than apt installing # postgres each time. -# This trick only works because (a) the Synapse image happens to have all the -# shared libraries that postgres wants, (b) we use a postgres image based on -# the same debian version as Synapse's docker image (so the versions of the -# shared libraries match). +# This trick only works because we use a postgres image based on the same debian +# version as Synapse's docker image (so the versions of the shared libraries +# match). RUN adduser --system --uid 999 postgres --home /var/lib/postgresql -COPY --from=docker.io/library/postgres:13-bookworm /usr/lib/postgresql /usr/lib/postgresql +COPY --from=docker.io/library/postgres:13-bookworm /usr/lib /usr/lib COPY --from=docker.io/library/postgres:13-bookworm /usr/share/postgresql /usr/share/postgresql +# initdb expects /bin/sh to be available +RUN ln -s /busybox/sh /bin/sh RUN mkdir /var/run/postgresql && chown postgres /var/run/postgresql ENV PATH="${PATH}:/usr/lib/postgresql/13/bin" ENV PGDATA=/var/lib/postgresql/data