Skip to content
This repository has been archived by the owner on Dec 8, 2022. It is now read-only.

Commit

Permalink
chore: add Dockerfile and docker-compose file
Browse files Browse the repository at this point in the history
uses cabal, the IOHK libsodium fork, includes the schema at build-time.
Implements Docker secrets for passing in the credentials, and creates
a cross-container pgpass file in the entrypoing. This can also accept
ENVs. WIP
  • Loading branch information
rhyslbw committed Oct 2, 2020
1 parent 6cfba0b commit 8209dc8
Show file tree
Hide file tree
Showing 7 changed files with 173 additions and 0 deletions.
1 change: 1 addition & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Dockerfile
75 changes: 75 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
ARG UBUNTU_VERSION=20.04
FROM ubuntu:${UBUNTU_VERSION} as haskell-builder
ARG CABAL_VERSION=3.2.0.0
ARG GHC_VERSION=8.6.5
ARG IOHK_LIBSODIUM_GIT_REV=66f017f16633f2060db25e17c170c2afa0f2a8a1
ENV DEBIAN_FRONTEND=nonintercative
RUN mkdir -p /app/src
WORKDIR /app
RUN apt-get update -y && apt-get install -y \
automake=1:1.16.1-4ubuntu6 \
build-essential \
g++=4:9.3.0-1ubuntu2 \
git \
jq \
libffi-dev=3.3-4 \
libghc-postgresql-libpq-dev=0.9.4.2-1build1 \
libgmp-dev=2:6.2.0+dfsg-4 \
libncursesw5=6.2-0ubuntu2 \
libpq-dev=12.4-0ubuntu0.20.04.1 \
libssl-dev=1.1.1f-1ubuntu2 \
libsystemd-dev=245.4-4ubuntu3.2 \
libtinfo-dev=6.2-0ubuntu2 \
libtool=2.4.6-14 \
make \
pkg-config \
tmux \
wget \
zlib1g-dev=1:1.2.11.dfsg-2ubuntu1
RUN wget --secure-protocol=TLSv1_2 \
https://downloads.haskell.org/~cabal/cabal-install-${CABAL_VERSION}/cabal-install-${CABAL_VERSION}-x86_64-unknown-linux.tar.xz &&\
tar -xf cabal-install-${CABAL_VERSION}-x86_64-unknown-linux.tar.xz &&\
rm cabal-install-${CABAL_VERSION}-x86_64-unknown-linux.tar.xz cabal.sig &&\
mv cabal /usr/local/bin/
RUN cabal update
WORKDIR /app/ghc
RUN wget --secure-protocol=TLSv1_2 \
https://downloads.haskell.org/~ghc/${GHC_VERSION}/ghc-${GHC_VERSION}-x86_64-deb9-linux.tar.xz &&\
tar -xf ghc-${GHC_VERSION}-x86_64-deb9-linux.tar.xz &&\
rm ghc-${GHC_VERSION}-x86_64-deb9-linux.tar.xz
WORKDIR /app/ghc/ghc-${GHC_VERSION}
RUN ./configure && \
make install
WORKDIR /app/src
RUN git clone https://github.com/input-output-hk/libsodium.git &&\
cd libsodium &&\
git fetch --all --tags &&\
git checkout ${IOHK_LIBSODIUM_GIT_REV}
WORKDIR /app/src/libsodium
RUN ./autogen.sh && \
./configure && \
make && \
make install ..
ENV LD_LIBRARY_PATH="/usr/local/lib:$LD_LIBRARY_PATH"
ENV PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH"
COPY . /app/src/smash
WORKDIR /app/src/smash
RUN cabal install smash \
--install-method=copy \
--installdir=/usr/local/bin
# Cleanup for runtiume-base copy of /usr/local/lib
RUN rm -rf /usr/local/lib/ghc-${GHC_VERSION} /usr/local/lib/pkgconfig

FROM ubuntu:${UBUNTU_VERSION}
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
postgresql-client-12
COPY --from=haskell-builder /usr/local/lib /usr/local/lib
COPY --from=haskell-builder /usr/local/bin/smash-exe /usr/local/bin/
COPY ./schema /schema
COPY ./scripts/docker-entrypoint.sh /entrypoint.sh
RUN mkdir /ipc
EXPOSE 3100
ENTRYPOINT ["./entrypoint.sh"]
1 change: 1 addition & 0 deletions config/secrets/postgres_db
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
smash
1 change: 1 addition & 0 deletions config/secrets/postgres_password
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
notForProduction!
1 change: 1 addition & 0 deletions config/secrets/postgres_user
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
postgres
78 changes: 78 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
version: "3.5"

services:
postgres:
image: postgres:11.5-alpine
environment:
- POSTGRES_LOGGING=true
- POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
- POSTGRES_USER_FILE=/run/secrets/postgres_user
volumes:
- postgres:/var/lib/postgresql/data
ports:
- 5432:5432
restart: on-failure
secrets:
- postgres_password
- postgres_user
- postgres_db
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"

cardano-node:
image: inputoutput/cardano-node:1.20.0
environment:
- NETWORK=${NETWORK:-mainnet}
volumes:
- node-db:/data/db
- node-ipc:/ipc
restart: on-failure
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"

smash:
build: .
command: [
"run-app-with-db-sync",
"--config", "/configuration/config.yaml",
"--socket-path", "/node-ipc/node.socket"
]
environment:
- POSTGRES_HOST=postgres
- POSTGRES_PORT=5432
depends_on:
- cardano-node
- postgres
volumes:
- node-ipc:/node-ipc
- ./config/${NETWORK:-mainnet}:/configuration

This comment has been minimized.

Copy link
@rhyslbw

rhyslbw Oct 2, 2020

Author Member

@ksaric I've left this as a single mount as a suggestion to use a directory structure such as ./config/mainnet/config.yaml, to avoid the need for single mapping of each file.

restart: on-failure
secrets:
- postgres_password
- postgres_user
- postgres_db
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"

secrets:
postgres_db:
file: ./config/secrets/postgres_db
postgres_password:
file: ./config/secrets/postgres_password
postgres_user:
file: ./config/secrets/postgres_user

volumes:
postgres:
node-db:
node-ipc:
16 changes: 16 additions & 0 deletions scripts/docker-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail

SECRET_DIR=${1:-/run/secrets}
OUT_DIR=${2:-/configuration}
SCHEMA_DIR=${3:-/schema}
SMASHPGPASSFILE=${OUT_DIR}/pgpass

POSTGRES_DB=''${POSTGRES_DB:-$(< ''${SECRET_DIR}/postgres_db)}
POSTGRES_USER=''${POSTGRES_USER:-$(< ''${SECRET_DIR}/postgres_user)}
POSTGRES_PASSWORD=''${POSTGRES_PASSWORD:-$(< ''${SECRET_DIR}/postgres_password)}
echo ${POSTGRES_HOST}:${POSTGRES_PORT}:${POSTGRES_DB}:${POSTGRES_USER}:${POSTGRES_PASSWORD} > $SMASHPGPASSFILE
chmod 0600 $SMASHPGPASSFILE
export SMASHPGPASSFILE

exec smash-exe --schema-dir ${SCHEMA_DIR} $@

0 comments on commit 8209dc8

Please sign in to comment.