From 9f888d5663eea9d39ec0a1ed839be159d1656931 Mon Sep 17 00:00:00 2001 From: Peter Schiffer Date: Mon, 21 Aug 2017 21:30:57 +0200 Subject: [PATCH] Divided pdns admin into two images --- pdns-admin-static/Dockerfile | 12 +++++++ pdns-admin-static/pdns-nginx.conf | 31 ++++++++++++++++++ pdns-admin-uwsgi/Dockerfile | 45 ++++++++++++++++++++++++++ pdns-admin-uwsgi/config.py.tpl | 14 ++++++++ pdns-admin-uwsgi/docker-cmd.sh | 53 +++++++++++++++++++++++++++++++ pdns-admin-uwsgi/pdns-admin.ini | 20 ++++++++++++ 6 files changed, 175 insertions(+) create mode 100644 pdns-admin-static/Dockerfile create mode 100644 pdns-admin-static/pdns-nginx.conf create mode 100644 pdns-admin-uwsgi/Dockerfile create mode 100644 pdns-admin-uwsgi/config.py.tpl create mode 100755 pdns-admin-uwsgi/docker-cmd.sh create mode 100644 pdns-admin-uwsgi/pdns-admin.ini diff --git a/pdns-admin-static/Dockerfile b/pdns-admin-static/Dockerfile new file mode 100644 index 0000000..376d03d --- /dev/null +++ b/pdns-admin-static/Dockerfile @@ -0,0 +1,12 @@ +FROM nginx:1.12-alpine +MAINTAINER "Peter Schiffer" + +RUN apk add --no-cache curl + +RUN mkdir -p /opt/powerdns-admin \ + && curl -sSLk https://git.omicroninteractive.com/0x97/powerdns-admin/repository/archive.tar.gz?ref=master \ + | tar -xzC /opt/powerdns-admin --strip 1 \ + && find /opt/powerdns-admin -path /opt/powerdns-admin/app/static -prune -o -type f -exec rm -f {} + \ + && chown -R root: /opt/powerdns-admin + +COPY pdns-nginx.conf /etc/nginx/conf.d/default.conf diff --git a/pdns-admin-static/pdns-nginx.conf b/pdns-admin-static/pdns-nginx.conf new file mode 100644 index 0000000..3221b85 --- /dev/null +++ b/pdns-admin-static/pdns-nginx.conf @@ -0,0 +1,31 @@ +server { + listen 80; + server_name localhost; + + location /static/ { + alias /opt/powerdns-admin/app/static/; + } + + location / { + try_files $uri @pdns_admin; + } + + location @pdns_admin { + include uwsgi_params; + uwsgi_pass pdns-admin-uwsgi:9494; + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + location ~ /\.ht { + deny all; + } +} diff --git a/pdns-admin-uwsgi/Dockerfile b/pdns-admin-uwsgi/Dockerfile new file mode 100644 index 0000000..5bc2b43 --- /dev/null +++ b/pdns-admin-uwsgi/Dockerfile @@ -0,0 +1,45 @@ +FROM fedora:26 +MAINTAINER "Peter Schiffer" + +RUN dnf -y --setopt=tsflags=nodocs install \ + python-pip \ + python2-mysql \ + python-ldap \ + mariadb \ + uwsgi \ + uwsgi-plugin-python \ + && dnf clean all + +RUN mkdir -p /opt/powerdns-admin \ + && curl -sSLk https://git.omicroninteractive.com/0x97/powerdns-admin/repository/archive.tar.gz?ref=master \ + | tar -xzC /opt/powerdns-admin --strip 1 \ + && sed -i '/MySQL-python/d' /opt/powerdns-admin/requirements.txt \ + && sed -i '/python-ldap/d' /opt/powerdns-admin/requirements.txt \ + && rm -rf /opt/powerdns-admin/app/static \ + && chown -R root: /opt/powerdns-admin \ + && chown -R uwsgi: /opt/powerdns-admin/upload + +WORKDIR /opt/powerdns-admin + +RUN pip3 install envtpl \ + && pip install -r requirements.txt \ + && rm -rf ~/.cache/* + +ENV PDNS_ADMIN_LOGIN_TITLE="'PDNS'" \ + PDNS_ADMIN_TIMEOUT=10 \ + PDNS_ADMIN_LOG_LEVEL="'INFO'" \ + PDNS_ADMIN_BASIC_ENABLED=True \ + PDNS_ADMIN_SIGNUP_ENABLED=True \ + PDNS_ADMIN_RECORDS_ALLOW_EDIT="['SOA', 'NS', 'A', 'AAAA', 'CNAME', 'MX', 'TXT', 'SRV']" + +EXPOSE 9494 + +VOLUME [ "/opt/powerdns-admin/upload" ] + +COPY pdns-admin.ini /etc/uwsgi.d/ +RUN chown uwsgi: /etc/uwsgi.d/pdns-admin.ini + +COPY config.py.tpl / +COPY docker-cmd.sh / + +CMD [ "/docker-cmd.sh" ] diff --git a/pdns-admin-uwsgi/config.py.tpl b/pdns-admin-uwsgi/config.py.tpl new file mode 100644 index 0000000..2e7ed30 --- /dev/null +++ b/pdns-admin-uwsgi/config.py.tpl @@ -0,0 +1,14 @@ +import os +basedir = os.path.abspath(os.path.dirname(__file__)) + +{% for key, value in environment('PDNS_ADMIN_') %}{{ key }} = {{ value }} +{% endfor %} + +WTF_CSRF_ENABLED = True +BIND_ADDRESS = '0.0.0.0' +PORT = 9393 +LOG_FILE = '' +UPLOAD_DIR = '/opt/powerdns-admin/upload' +SQLALCHEMY_DATABASE_URI = 'mysql://' + SQLA_DB_USER + ':' + SQLA_DB_PASSWORD + '@' + SQLA_DB_HOST + ':' + SQLA_DB_PORT + '/' + SQLA_DB_NAME +SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository') +SQLALCHEMY_TRACK_MODIFICATIONS = True diff --git a/pdns-admin-uwsgi/docker-cmd.sh b/pdns-admin-uwsgi/docker-cmd.sh new file mode 100755 index 0000000..f65a268 --- /dev/null +++ b/pdns-admin-uwsgi/docker-cmd.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +set -euo pipefail + +# Configure mysql env vars +: "${PDNS_ADMIN_SQLA_DB_HOST:='mysql'}" +: "${PDNS_ADMIN_SQLA_DB_PORT:='3306'}" +: "${PDNS_ADMIN_SQLA_DB_USER:='${MYSQL_ENV_MYSQL_USER:-root}'}" +if [ "${PDNS_ADMIN_SQLA_DB_USER}" = "'root'" ]; then + : "${PDNS_ADMIN_SQLA_DB_PASSWORD:='$MYSQL_ENV_MYSQL_ROOT_PASSWORD'}" +fi +: "${PDNS_ADMIN_SQLA_DB_PASSWORD:='${MYSQL_ENV_MYSQL_PASSWORD:-powerdnsadmin}'}" +: "${PDNS_ADMIN_SQLA_DB_NAME:='${MYSQL_ENV_MYSQL_DATABASE:-powerdnsadmin}'}" + +export PDNS_ADMIN_SQLA_DB_HOST PDNS_ADMIN_SQLA_DB_PORT PDNS_ADMIN_SQLA_DB_USER PDNS_ADMIN_SQLA_DB_PASSWORD PDNS_ADMIN_SQLA_DB_NAME + +# Configure pdns server env vars +: "${PDNS_ADMIN_PDNS_STATS_URL:='http://pdns:${PDNS_ENV_PDNS_webserver_port:-8081}/'}" +: "${PDNS_ADMIN_PDNS_API_KEY:='${PDNS_ENV_PDNS_api_key:-}'}" +: "${PDNS_ADMIN_PDNS_VERSION:='${PDNS_ENV_VERSION:-}'}" + +export PDNS_ADMIN_PDNS_STATS_URL PDNS_ADMIN_PDNS_API_KEY PDNS_ADMIN_PDNS_VERSION + +# Generate secret key +[ -f /root/secret-key ] || tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 32 > /root/secret-key || true +PDNS_ADMIN_SECRET_KEY="'$(cat /root/secret-key)'" + +export PDNS_ADMIN_SECRET_KEY + +envtpl < /config.py.tpl > /opt/powerdns-admin/config.py + +# Initialize DB if needed +MYSQL_COMMAND="mysql -h ${PDNS_ADMIN_SQLA_DB_HOST//\'/} -P ${PDNS_ADMIN_SQLA_DB_PORT//\'/} -u ${PDNS_ADMIN_SQLA_DB_USER//\'/} -p${PDNS_ADMIN_SQLA_DB_PASSWORD//\'/}" + +until $MYSQL_COMMAND -e ';' ; do + >&2 echo 'MySQL is unavailable - sleeping' + sleep 1 +done + +$MYSQL_COMMAND -e "CREATE DATABASE IF NOT EXISTS ${PDNS_ADMIN_SQLA_DB_NAME//\'/}" + +MYSQL_CHECK_IF_HAS_TABLE="SELECT COUNT(DISTINCT table_name) FROM information_schema.columns WHERE table_schema = '${PDNS_ADMIN_SQLA_DB_NAME//\'/}';" +MYSQL_NUM_TABLE=$($MYSQL_COMMAND --batch --skip-column-names -e "$MYSQL_CHECK_IF_HAS_TABLE") +if [ "$MYSQL_NUM_TABLE" -eq 0 ]; then + python2 /opt/powerdns-admin/create_db.py +fi + +# python2 /opt/powerdns-admin/db_upgrade.py + +mkdir -p /run/uwsgi +chown uwsgi: /run/uwsgi + +exec /usr/sbin/uwsgi --ini /etc/uwsgi.ini diff --git a/pdns-admin-uwsgi/pdns-admin.ini b/pdns-admin-uwsgi/pdns-admin.ini new file mode 100644 index 0000000..ca57053 --- /dev/null +++ b/pdns-admin-uwsgi/pdns-admin.ini @@ -0,0 +1,20 @@ +[uwsgi] +plugins = python + +uid=uwsgi +gid=uwsgi + +chdir = /opt/powerdns-admin +pythonpath = /opt/powerdns-admin + +mount = /=run.py +manage-script-name = true +callable = app + +vacuum = true +harakiri = 20 +post-buffering = 8192 +socket = 0.0.0.0:9494 +pidfile = /run/uwsgi/%n.pid + +enable-threads = true