You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2019/03/11 22:58:03 UTC
[couchdb-docker] 01/01: Bump for v2.3.1
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a commit to branch 2.3.1
in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git
commit 348277fd6626813e3597ec179a3c10820e1115ec
Author: Joan Touzet <jo...@atypical.net>
AuthorDate: Mon Mar 11 18:57:42 2019 -0400
Bump for v2.3.1
---
.travis.yml | 1 +
2.3.1/10-docker-default.ini | 11 ++++
2.3.1/Dockerfile | 129 ++++++++++++++++++++++++++++++++++++++++++++
2.3.1/docker-entrypoint.sh | 95 ++++++++++++++++++++++++++++++++
2.3.1/vm.args | 28 ++++++++++
5 files changed, 264 insertions(+)
diff --git a/.travis.yml b/.travis.yml
index 790f6e3..3aa5f3d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,6 +13,7 @@ services:
env:
- RELEASES="1.7.2 1.7.2-couchperuser"
- RELEASES=2.3.0
+ - RELEASES=2.3.1
- RELEASES=dev
- RELEASES=dev-cluster
diff --git a/2.3.1/10-docker-default.ini b/2.3.1/10-docker-default.ini
new file mode 100644
index 0000000..c1bac9e
--- /dev/null
+++ b/2.3.1/10-docker-default.ini
@@ -0,0 +1,11 @@
+; CouchDB Configuration Settings
+
+; Custom settings should be made in this file. They will override settings
+; in default.ini, but unlike changes made to default.ini, this file won't be
+; overwritten on server upgrade.
+
+[chttpd]
+bind_address = any
+
+[httpd]
+bind_address = any
diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile
new file mode 100644
index 0000000..5c9c238
--- /dev/null
+++ b/2.3.1/Dockerfile
@@ -0,0 +1,129 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+FROM debian:stretch-slim
+
+LABEL maintainer="CouchDB Developers dev@couchdb.apache.org"
+
+# Add CouchDB user account to make sure the IDs are assigned consistently
+RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb
+
+# be sure GPG and apt-transport-https are available and functional
+RUN set -ex; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends \
+ apt-transport-https \
+ ca-certificates \
+ dirmngr \
+ gnupg \
+ ; \
+ rm -rf /var/lib/apt/lists/*
+
+# grab gosu for easy step-down from root and tini for signal handling and zombie reaping
+# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
+ENV GOSU_VERSION 1.11
+ENV TINI_VERSION 0.18.0
+RUN set -ex; \
+ \
+ apt-get update; \
+ apt-get install -y --no-install-recommends wget; \
+ rm -rf /var/lib/apt/lists/*; \
+ \
+ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+ \
+# install gosu
+ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \
+ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+ done; \
+ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+ chmod +x /usr/local/bin/gosu; \
+ gosu nobody true; \
+ \
+# install tini
+ wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \
+ wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
+ done; \
+ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \
+ rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \
+ chmod +x /usr/local/bin/tini; \
+ apt-get purge -y --auto-remove wget; \
+ tini --version
+
+# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages
+ENV GPG_COUCH_KEY \
+# gpg: key D401AB61: public key "Bintray (by JFrog) <bi...@bintray.com> imported
+ 8756C4F765C9AC3CB6B85D62379CE192D401AB61
+RUN set -xe; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \
+ done; \
+ gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \
+ command -v gpgconf && gpgconf --kill all || :; \
+ rm -rf "$GNUPGHOME"; \
+ apt-key list
+
+ENV COUCHDB_VERSION 2.3.1
+
+RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list
+
+# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian
+RUN set -xe; \
+ apt-get update; \
+ \
+ echo "couchdb couchdb/mode select none" | debconf-set-selections; \
+# we DO want recommends this time
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \
+ couchdb="$COUCHDB_VERSION"~stretch \
+ ; \
+# Undo symlinks to /var/log and /var/lib
+ rmdir /var/lib/couchdb /var/log/couchdb; \
+ rm /opt/couchdb/data /opt/couchdb/var/log; \
+ mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \
+ chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \
+ chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \
+# Remove file that sets logging to a file
+ rm /opt/couchdb/etc/default.d/10-filelog.ini; \
+ rm -rf /var/lib/apt/lists/*
+
+# Add configuration
+COPY 10-docker-default.ini /opt/couchdb/etc/default.d/
+COPY vm.args /opt/couchdb/etc/
+COPY docker-entrypoint.sh /usr/local/bin
+RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
+ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
+
+# Setup directories and permissions
+RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args
+VOLUME /opt/couchdb/data
+
+# 5984: Main CouchDB endpoint
+# 4369: Erlang portmap daemon (epmd)
+# 9100: CouchDB cluster communication port
+EXPOSE 5984 4369 9100
+CMD ["/opt/couchdb/bin/couchdb"]
diff --git a/2.3.1/docker-entrypoint.sh b/2.3.1/docker-entrypoint.sh
new file mode 100755
index 0000000..7fdb04b
--- /dev/null
+++ b/2.3.1/docker-entrypoint.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+set -e
+
+# first arg is `-something` or `+something`
+if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+# first arg is the bare word `couchdb`
+if [ "$1" = 'couchdb' ]; then
+ shift
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
+ # Check that we own everything in /opt/couchdb and fix if necessary. We also
+ # add the `-f` flag in all the following invocations because there may be
+ # cases where some of these ownership and permissions issues are non-fatal
+ # (e.g. a config file owned by root with o+r is actually fine), and we don't
+ # to be too aggressive about crashing here ...
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
+
+ # Ensure that data files have the correct permissions. We were previously
+ # preventing any access to these files outside of couchdb:couchdb, but it
+ # turns out that CouchDB itself does not set such restrictive permissions
+ # when it creates the files. The approach taken here ensures that the
+ # contents of the datadir have the same permissions as they had when they
+ # were initially created. This should minimize any startup delay.
+ find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+
+ # Do the same thing for configuration files and directories. Technically
+ # CouchDB only needs read access to the configuration files as all online
+ # changes will be applied to the "docker.ini" file below, but we set 644
+ # for the sake of consistency.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+
+ if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
+ echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
+ fi
+
+ # Ensure that CouchDB will write custom settings in this file
+ touch /opt/couchdb/etc/local.d/docker.ini
+
+ if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
+ # Create admin only if not already present
+ if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then
+ printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$COUCHDB_SECRET" ]; then
+ # Set secret only if not already present
+ if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then
+ printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+
+ # if we don't find an [admins] section followed by a non-comment, display a warning
+ if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then
+ # The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOWARN'
+ ****************************************************
+ WARNING: CouchDB is running in Admin Party mode.
+ This will allow anyone with access to the
+ CouchDB port to access your database. In
+ Docker's default configuration, this is
+ effectively any other container on the same
+ system.
+ Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
+ to set it in "docker run".
+ ****************************************************
+ EOWARN
+ fi
+
+
+ exec gosu couchdb "$@"
+fi
+
+exec "$@"
diff --git a/2.3.1/vm.args b/2.3.1/vm.args
new file mode 100644
index 0000000..0425756
--- /dev/null
+++ b/2.3.1/vm.args
@@ -0,0 +1,28 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+# Ensure that the Erlang VM listens on a known port
+-kernel inet_dist_listen_min 9100
+-kernel inet_dist_listen_max 9100
+
+# Tell kernel and SASL not to log anything
+-kernel error_logger silent
+-sasl sasl_error_logger false
+
+# Use kernel poll functionality if supported by emulator
++K true
+
+# Start a pool of asynchronous IO threads
++A 16
+
+# Comment this line out to enable the interactive Erlang shell on startup
++Bd -noinput