From 0bb0a93bcc3c73c9f44baa0679c7bfdecd5ffd92 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 16 Jun 2014 14:18:47 +0200 Subject: [PATCH 001/227] 1.6.0 --- Dockerfile | 4 ++-- README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0565df5..6965c7f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,8 @@ MAINTAINER Clemens Stolle klaemo@fastmail.fm # Get the source RUN cd /opt && \ - wget http://apache.openmirror.de/couchdb/source/1.5.1/apache-couchdb-1.5.1.tar.gz && \ - tar xzf /opt/apache-couchdb-1.5.1.tar.gz + wget http://apache.openmirror.de/couchdb/source/1.6.0/apache-couchdb-1.6.0.tar.gz && \ + tar xzf /opt/apache-couchdb-1.6.0.tar.gz # build couchdb RUN cd /opt/apache-couchdb-* && ./configure && make && make install diff --git a/README.md b/README.md index fc35952..ae3a769 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -Version: `CouchDB 1.5.1` +Version: `CouchDB 1.6.0` ## Run From f4ca8d9f41dab64c24fc2a2ea365dde034f89bcf Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 18 Jun 2014 15:27:35 +0200 Subject: [PATCH 002/227] don't run cleanup - might fix permission issues according to #4 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6965c7f..0f90203 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,9 +14,9 @@ RUN cd /opt/apache-couchdb-* && ./configure && make && make install RUN (mkdir /tmp/mon && cd /tmp/mon && curl -L# https://github.com/visionmedia/mon/archive/1.2.3.tar.gz | tar zx --strip 1 && make install) # cleanup -RUN apt-get remove -y build-essential wget curl && \ - apt-get autoremove -y && apt-get clean -y && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /opt/apache-couchdb-* +# RUN apt-get remove -y build-essential wget curl && \ +# apt-get autoremove -y && apt-get clean -y && \ +# rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /opt/apache-couchdb-* ADD ./opt /opt From 80b3bb41371ac8dfbd2cfdb852799a49ab861f5a Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 26 Aug 2014 22:16:33 +0200 Subject: [PATCH 003/227] simpler, newer, better --- Dockerfile | 73 ++++++++++++++++++++++++++++++++++---------- README.md | 10 ++++-- docker-entrypoint.sh | 23 ++++++++++++++ opt/couchdb-config | 25 --------------- opt/start_couch | 18 ----------- 5 files changed, 87 insertions(+), 62 deletions(-) create mode 100755 docker-entrypoint.sh delete mode 100755 opt/couchdb-config delete mode 100755 opt/start_couch diff --git a/Dockerfile b/Dockerfile index 0f90203..eb274b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,31 +1,72 @@ -FROM klaemo/couchdb-base +FROM debian:wheezy MAINTAINER Clemens Stolle klaemo@fastmail.fm -# Get the source -RUN cd /opt && \ - wget http://apache.openmirror.de/couchdb/source/1.6.0/apache-couchdb-1.6.0.tar.gz && \ - tar xzf /opt/apache-couchdb-1.6.0.tar.gz +# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian + +ENV COUCHDB_VERSION 1.6.0 + +RUN useradd -d /var/lib/couchdb couchdb + +# download dependencies +RUN apt-get update -y && apt-get install -y lsb-release wget \ + && echo "deb http://binaries.erlang-solutions.com/debian `lsb_release -cs` contrib" \ + | tee /etc/apt/sources.list.d/erlang-solutions.list \ + && wget -O - http://binaries.erlang-solutions.com/debian/erlang_solutions.asc \ + | apt-key add - \ + && echo "deb http://packages.cloudant.com/debian `lsb_release -cs` main" \ + | tee /etc/apt/sources.list.d/cloudant.list \ + && wget http://packages.cloudant.com/KEYS -O - | apt-key add - \ + && apt-get update -y \ + && apt-get install -y erlang-nox erlang-dev build-essential \ + libmozjs185-cloudant libmozjs185-cloudant-dev \ + libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev curl libicu-dev \ + --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* + +# download and verify the source +RUN curl -L http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -L http://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && curl -L http://www.apache.org/dist/couchdb/KEYS -o KEYS \ + && gpg --import KEYS \ + && gpg --verify couchdb.tar.gz.asc \ + && mkdir -p /usr/src/couchdb \ + && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 # build couchdb -RUN cd /opt/apache-couchdb-* && ./configure && make && make install +RUN cd /usr/src/couchdb \ + && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ + && make && make install -# install github.com/visionmedia/mon v1.2.3 -RUN (mkdir /tmp/mon && cd /tmp/mon && curl -L# https://github.com/visionmedia/mon/archive/1.2.3.tar.gz | tar zx --strip 1 && make install) +RUN curl -o /usr/local/bin/gosu -SkL 'https://github.com/tianon/gosu/releases/download/1.1/gosu' \ + && chmod +x /usr/local/bin/gosu -# cleanup -# RUN apt-get remove -y build-essential wget curl && \ -# apt-get autoremove -y && apt-get clean -y && \ -# rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /opt/apache-couchdb-* +# cleanup (libicu48 gets autoremoved, but we actually need it) +RUN apt-get purge -y erlang-dev build-essential libmozjs185-cloudant-dev libnspr4-dev libcurl4-openssl-dev libicu-dev lsb-release wget \ + && apt-get autoremove -y \ + && apt-get update && apt-get install -y libicu48 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + && rm -r /usr/src/couchdb \ + && rm couchdb.tar.gz* KEYS -ADD ./opt /opt +# permissions +RUN chown -R couchdb:couchdb \ + /usr/local/lib/couchdb /usr/local/etc/couchdb \ + /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ + && chmod -R g+rw \ + /usr/local/lib/couchdb /usr/local/etc/couchdb \ + /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb -# Configuration +# Expose to the outside RUN sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini -RUN /opt/couchdb-config + +ADD ./docker-entrypoint.sh /entrypoint.sh # Define mountable directories. VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb", "/usr/local/etc/couchdb"] -ENTRYPOINT ["/opt/start_couch"] EXPOSE 5984 +WORKDIR /var/lib/couchdb + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["couchdb"] diff --git a/README.md b/README.md index ae3a769..bbc2875 100644 --- a/README.md +++ b/README.md @@ -23,9 +23,12 @@ curl http://localhost:5984 ## Features -* exposes couchdb on port `5984` of the container +* built on top of the solid and small `debian:wheezy` base image +* exposes CouchDB on port `5984` of the container * runs everything as user `couchdb` (security ftw!) -* keeps couchdb running with `mon` (reliability ftw!) + +The previous version of this image used to come with a process manager to keep +CouchDB running. As of Docker 1.2 you can use the `--restart` flag to accomplish this. ## Build your own @@ -35,6 +38,7 @@ You might want to provide your own version of the following files: * `local.ini` for CouchDB Example Dockerfile: + ``` FROM klaemo/couchdb @@ -44,6 +48,6 @@ ADD local.ini /usr/local/etc/couchdb/ and then build and run ``` -[sudo] docker build -rm -t you/awesome-couchdb . +[sudo] docker build -t you/awesome-couchdb . [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 0000000..2245ab4 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +if [ "$1" = 'couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod -R 0770 \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod 664 /usr/local/etc/couchdb/*.ini + chmod 775 /usr/local/etc/couchdb/*.d + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/opt/couchdb-config b/opt/couchdb-config deleted file mode 100755 index c48b6f7..0000000 --- a/opt/couchdb-config +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -adduser --system --disabled-password \ - --home /usr/local/var/lib/couchdb --no-create-home \ - --shell=/bin/bash --group --gecos "" couchdb - -chown -R couchdb:couchdb /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - -chmod 0770 /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - -chmod 664 /usr/local/etc/couchdb/*.ini -chmod 775 /usr/local/etc/couchdb/*.d - -rm /etc/logrotate.d/couchdb /etc/init.d/couchdb 2&>1 - -ln -s /usr/local/etc/logrotate.d/couchdb /etc/logrotate.d/couchdb -ln -s /usr/local/etc/init.d/couchdb /etc/init.d/couchdb - -update-rc.d couchdb defaults diff --git a/opt/start_couch b/opt/start_couch deleted file mode 100755 index 13e71fa..0000000 --- a/opt/start_couch +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env bash - -# we need to set the permissions here because docker mounts volumes as root - -chown -R couchdb:couchdb /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - -chmod -R 0770 /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - -chmod 664 /usr/local/etc/couchdb/*.ini -chmod 775 /usr/local/etc/couchdb/*.d - -exec sudo -i -u couchdb mon couchdb \ No newline at end of file From fbb62872e694587dd2336e693646e17e61e84e19 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 26 Aug 2014 23:41:43 +0200 Subject: [PATCH 004/227] squeeze out some more bytes --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index eb274b9..34233b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,7 +42,7 @@ RUN curl -o /usr/local/bin/gosu -SkL 'https://github.com/tianon/gosu/releases/do%20%20%20&&%20chmod%20+x%20/usr/local/bin/gosu%20%20#%20cleanup%20(libicu48%20gets%20autoremoved,%20but%20we%20actually%20need%20it)-RUN%20apt-get%20purge%20-y%20erlang-dev%20build-essential%20libmozjs185-cloudant-dev%20libnspr4-dev%20libcurl4-openssl-dev%20libicu-dev%20lsb-release%20wget%20\+RUN%20apt-get%20purge%20-y%20erlang-dev%20binutils%20cpp%20cpp-4.7%20build-essential%20libmozjs185-cloudant-dev%20libnspr4-dev%20libcurl4-openssl-dev%20libicu-dev%20lsb-release%20wget%20\%20%20%20&&%20apt-get%20autoremove%20-y%20\%20%20%20&&%20apt-get%20update%20&&%20apt-get%20install%20-y%20libicu48%20--no-install-recommends%20\%20%20%20&&%20rm%20-rf%20/var/lib/apt/lists/*%20\From%2024f0a4df3a6a40795efad8d4caf206065e870cbc%20Mon%20Sep%2017%2000:00:00%202001From:%20klaemo%20%3Cclemens.stolle@gmail.com%3EDate:%20Thu,%2028%20Aug%202014%2022:33:34%20+0200Subject:%20[PATCH%20005/227]%20readme%20tweaks---%20README.md%20|%205%20+++--%201%20file%20changed,%203%20insertions(+),%202%20deletions(-)diff%20--git%20a/README.md%20b/README.mdindex%20bbc2875..0bf9e99%20100644---%20a/README.md+++%20b/README.md@@%20-13,10%20+13,10%20@@%20Version:%20%60CouchDB%201.6.0%60%20Available%20in%20the%20docker%20index%20as%20[klaemo/couchdb](https://index.docker.io/u/klaemo/couchdb/)%20%20%60%60%60bash-[sudo]%20docker%20pull%20klaemo/couchdb+[sudo]%20docker%20pull%20klaemo/couchdb:latest%20%20#%20expose%20it%20to%20the%20world%20on%20port%205984-[sudo]%20docker%20run%20-d%20-p%205984:5984%20-name%20couchdb%20klaemo/couchdb+[sudo]%20docker%20run%20-d%20-p%205984:5984%20--name%20couchdb%20klaemo/couchdb%20%20curl%20http://localhost:5984%20%60%60%60@@%20-26,6%20+26,7%20@@%20curl%20http://localhost:5984%20*%20built%20on%20top%20of%20the%20solid%20and%20small%20%60debian:wheezy%60%20base%20image%20*%20exposes%20CouchDB%20on%20port%20%605984%60%20of%20the%20container%20*%20runs%20everything%20as%20user%20%60couchdb%60%20(security%20ftw!)+*%20docker%20volumes%20for%20data,%20logs%20and%20config%20%20The%20previous%20version%20of%20this%20image%20used%20to%20come%20with%20a%20process%20manager%20to%20keep%20CouchDB%20running.%20As%20of%20Docker%201.2%20you%20can%20use%20the%20%60--restart%60%20flag%20to%20accomplish%20this.From%201e5490fd6da4fbe4b8669591dbf3b55670704353%20Mon%20Sep%2017%2000:00:00%202001From:%20klaemo%20%3Cclemens.stolle@gmail.com%3EDate:%20Thu,%2028%20Aug%202014%2022:40:16%20+0200Subject:%20[PATCH%20006/227]%20please%20be%20quiet,%20curl!---%20Dockerfile%20|%206%20+++---%201%20file%20changed,%203%20insertions(+),%203%20deletions(-)diff%20--git%20a/Dockerfile%20b/Dockerfileindex%2034233b6..5a3ecd9%20100644---%20a/Dockerfile+++%20b/Dockerfile@@%20-25,9%20+25,9%20@@%20RUN%20apt-get%20update%20-y%20&&%20apt-get%20install%20-y%20lsb-release%20wget%20\%20%20%20&&%20rm%20-rf%20/var/lib/apt/lists/*%20%20#%20download%20and%20verify%20the%20source-RUN%20curl%20-L%20http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz%20-o%20couchdb.tar.gz%20\-%20%20&&%20curl%20-L%20http://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc%20-o%20couchdb.tar.gz.asc%20\-%20%20&&%20curl%20-L%20http://www.apache.org/dist/couchdb/KEYS%20-o%20KEYS%20\+RUN%20curl%20-sSL%20http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz%20-o%20couchdb.tar.gz%20\+%20%20&&%20curl%20-sSL%20http://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc%20-o%20couchdb.tar.gz.asc%20\+%20%20&&%20curl%20-sSL%20http://www.apache.org/dist/couchdb/KEYS%20-o%20KEYS%20\%20%20%20&&%20gpg%20--import%20KEYS%20\%20%20%20&&%20gpg%20--verify%20couchdb.tar.gz.asc%20\%20%20%20&&%20mkdir%20-p%20/usr/src/couchdb%20\From%207daf8bc59ef446fc8fd4479b6c26a34445258a11%20Mon%20Sep%2017%2000:00:00%202001From:%20Clemens%20Stolle%20%3Cklaemo@fastmail.fm%3EDate:%20Fri,%2012%20Sep%202014%2018:04:17%20+0800Subject:%20[PATCH%20007/227]%20CouchDB%201.6.1---%20Dockerfile%20|%202%20+-%201%20file%20changed,%201%20insertion(+),%201%20deletion(-)diff%20--git%20a/Dockerfile%20b/Dockerfileindex%205a3ecd9..c2ffc81%20100644---%20a/Dockerfile+++%20b/Dockerfile@@%20-4,7%20+4,7%20@@%20MAINTAINER%20Clemens%20Stolle%20klaemo@fastmail.fm%20%20#%20Install%20instructions%20from%20https://cwiki.apache.org/confluence/display/COUCHDB/Debian%20-ENV%20COUCHDB_VERSION%201.6.0+ENV%20COUCHDB_VERSION%201.6.1%20%20RUN%20useradd%20-d%20/var/lib/couchdb%20couchdb%20From%20482245c534d57e788053c1ad1c8b03a89b373670%20Mon%20Sep%2017%2000:00:00%202001From:%20Jon%20Richter%20%3Calmereyda@gmail.com%3EDate:%20Thu,%2016%20Oct%202014%2017:45:19%20+0200Subject:%20[PATCH%20008/227]%20Update%20README.mdThe%20Dockerfile%20already%20reads%20%601.6.1%60,%20so%20it%20should%20here,%20too.---%20README.md%20|%202%20+-%201%20file%20changed,%201%20insertion(+),%201%20deletion(-)diff%20--git%20a/README.md%20b/README.mdindex%200bf9e99..65f6267%20100644---%20a/README.md+++%20b/README.md@@%20-6,7%20+6,7%20@@%20Put%20the%20couch%20in%20a%20docker%20container%20and%20ship%20it%20anywhere.%20%20If%20you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -Version: `CouchDB 1.6.0` +Version: `CouchDB 1.6.1` ## Run From 9e81e1d8de09622bdf0e20686497058360c52e35 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 18 Nov 2014 11:59:40 +0100 Subject: [PATCH 009/227] 440MB -> 245MB image size \o/ --- Dockerfile | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index c2ffc81..3a5961a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,32 +22,24 @@ RUN apt-get update -y && apt-get install -y lsb-release wget \ libmozjs185-cloudant libmozjs185-cloudant-dev \ libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev curl libicu-dev \ --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* - -# download and verify the source -RUN curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && rm -rf /var/lib/apt/lists/* \ + && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -sSL http://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && curl -sSL http://www.apache.org/dist/couchdb/KEYS -o KEYS \ - && gpg --import KEYS \ - && gpg --verify couchdb.tar.gz.asc \ + && gpg --import KEYS && gpg --verify couchdb.tar.gz.asc \ && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 - -# build couchdb -RUN cd /usr/src/couchdb \ + && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ + && cd /usr/src/couchdb \ && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install - -RUN curl -o /usr/local/bin/gosu -SkL 'https://github.com/tianon/gosu/releases/download/1.1/gosu' \ - && chmod +x /usr/local/bin/gosu - -# cleanup (libicu48 gets autoremoved, but we actually need it) -RUN apt-get purge -y erlang-dev binutils cpp cpp-4.7 build-essential libmozjs185-cloudant-dev libnspr4-dev libcurl4-openssl-dev libicu-dev lsb-release wget \ + && make && make install \ + && curl -o /usr/local/bin/gosu -SkL 'https://github.com/tianon/gosu/releases/download/1.1/gosu' \ + && chmod +x /usr/local/bin/gosu \ + && apt-get purge -y erlang-dev binutils cpp cpp-4.7 build-essential libmozjs185-cloudant-dev libnspr4-dev libcurl4-openssl-dev libicu-dev lsb-release wget \ && apt-get autoremove -y \ && apt-get update && apt-get install -y libicu48 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && rm -r /usr/src/couchdb \ - && rm couchdb.tar.gz* KEYS + && rm /couchdb.tar.gz* /KEYS # permissions RUN chown -R couchdb:couchdb \ From a8aabc4c5fa843dc8ff01658bec0cbf7cf1a2e08 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 18 Nov 2014 12:00:01 +0100 Subject: [PATCH 010/227] explicitly create couchdb group --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3a5961a..d245153 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ MAINTAINER Clemens Stolle klaemo@fastmail.fm ENV COUCHDB_VERSION 1.6.1 -RUN useradd -d /var/lib/couchdb couchdb +RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb # download dependencies RUN apt-get update -y && apt-get install -y lsb-release wget \ From 1816f097c0965558a5f4424e0f5ad57e94c53761 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 18 Nov 2014 12:00:41 +0100 Subject: [PATCH 011/227] don't expose config volume anymore - config should be baked into personal images --- Dockerfile | 2 +- README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index d245153..ef0484d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,7 @@ RUN sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/cou ADD ./docker-entrypoint.sh /entrypoint.sh # Define mountable directories. -VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb", "/usr/local/etc/couchdb"] +VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb"] EXPOSE 5984 WORKDIR /var/lib/couchdb diff --git a/README.md b/README.md index 65f6267..4aada5a 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ curl http://localhost:5984 * built on top of the solid and small `debian:wheezy` base image * exposes CouchDB on port `5984` of the container * runs everything as user `couchdb` (security ftw!) -* docker volumes for data, logs and config +* docker volumes for data and logs The previous version of this image used to come with a process manager to keep CouchDB running. As of Docker 1.2 you can use the `--restart` flag to accomplish this. @@ -43,7 +43,7 @@ Example Dockerfile: ``` FROM klaemo/couchdb -ADD local.ini /usr/local/etc/couchdb/ +COPY local.ini /usr/local/etc/couchdb/ ``` and then build and run From aa05c912b88c64dc82e7a0faf534a274734cef05 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 18 Nov 2014 14:09:50 +0100 Subject: [PATCH 012/227] wheezy's packages are new enough...turns out! --- Dockerfile | 32 ++++++++++---------------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index ef0484d..242f56c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,23 +6,13 @@ MAINTAINER Clemens Stolle klaemo@fastmail.fm ENV COUCHDB_VERSION 1.6.1 -RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb +RUN groupadd -r couchdb && useradd -d /usr/local/var/lib/couchdb -g couchdb couchdb -# download dependencies -RUN apt-get update -y && apt-get install -y lsb-release wget \ - && echo "deb http://binaries.erlang-solutions.com/debian `lsb_release -cs` contrib" \ - | tee /etc/apt/sources.list.d/erlang-solutions.list \ - && wget -O - http://binaries.erlang-solutions.com/debian/erlang_solutions.asc \ - | apt-key add - \ - && echo "deb http://packages.cloudant.com/debian `lsb_release -cs` main" \ - | tee /etc/apt/sources.list.d/cloudant.list \ - && wget http://packages.cloudant.com/KEYS -O - | apt-key add - \ - && apt-get update -y \ - && apt-get install -y erlang-nox erlang-dev build-essential \ - libmozjs185-cloudant libmozjs185-cloudant-dev \ - libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev curl libicu-dev \ - --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ +# download dependencies, compile and install couchdb +RUN apt-get update -y \ + && apt-get install -y --no-install-recommends erlang-nox erlang-dev build-essential \ + libmozjs185-dev libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ + curl \ && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -sSL http://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && curl -sSL http://www.apache.org/dist/couchdb/KEYS -o KEYS \ @@ -34,12 +24,10 @@ RUN apt-get update -y && apt-get install -y lsb-release wget \ && make && make install \ && curl -o /usr/local/bin/gosu -SkL 'https://github.com/tianon/gosu/releases/download/1.1/gosu' \ && chmod +x /usr/local/bin/gosu \ - && apt-get purge -y erlang-dev binutils cpp cpp-4.7 build-essential libmozjs185-cloudant-dev libnspr4-dev libcurl4-openssl-dev libicu-dev lsb-release wget \ + && apt-get purge -y erlang-dev binutils cpp cpp-4.7 build-essential libmozjs185-dev libnspr4-dev libcurl4-openssl-dev libicu-dev \ && apt-get autoremove -y \ && apt-get update && apt-get install -y libicu48 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && rm -r /usr/src/couchdb \ - && rm /couchdb.tar.gz* /KEYS + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS # permissions RUN chown -R couchdb:couchdb \ @@ -52,13 +40,13 @@ RUN chown -R couchdb:couchdb \ # Expose to the outside RUN sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini -ADD ./docker-entrypoint.sh /entrypoint.sh +COPY ./docker-entrypoint.sh /entrypoint.sh # Define mountable directories. VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb"] EXPOSE 5984 -WORKDIR /var/lib/couchdb +WORKDIR /usr/local/var/lib/couchdb ENTRYPOINT ["/entrypoint.sh"] CMD ["couchdb"] From d6556fa16827718745447ba388344236b542c890 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 20 Nov 2014 20:14:08 +0100 Subject: [PATCH 013/227] use gosu 1.2 --- Dockerfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 242f56c..49b119e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,13 +22,19 @@ RUN apt-get update -y \ && cd /usr/src/couchdb \ && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ && make && make install \ - && curl -o /usr/local/bin/gosu -SkL 'https://github.com/tianon/gosu/releases/download/1.1/gosu' \ - && chmod +x /usr/local/bin/gosu \ && apt-get purge -y erlang-dev binutils cpp cpp-4.7 build-essential libmozjs185-dev libnspr4-dev libcurl4-openssl-dev libicu-dev \ && apt-get autoremove -y \ && apt-get update && apt-get install -y libicu48 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS +# grab gosu for easy step-down from root +RUN gpg --keyserver pgp.mit.edu --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 +RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture)" \ + && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture).asc" \ + && gpg --verify /usr/local/bin/gosu.asc \ + && rm /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu + # permissions RUN chown -R couchdb:couchdb \ /usr/local/lib/couchdb /usr/local/etc/couchdb \ From 88ca486d8df0499b15a5c6fa9e4bb916e8f21ec7 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 20 Nov 2014 20:14:35 +0100 Subject: [PATCH 014/227] install certs to be able to use https --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 49b119e..5e3f881 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,12 +10,12 @@ RUN groupadd -r couchdb && useradd -d /usr/local/var/lib/couchdb -g couchdb couc # download dependencies, compile and install couchdb RUN apt-get update -y \ - && apt-get install -y --no-install-recommends erlang-nox erlang-dev build-essential \ - libmozjs185-dev libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ - curl \ + && apt-get install -y --no-install-recommends \ + erlang-nox erlang-dev build-essential ca-certificates curl \ + libmozjs185-dev libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -sSL http://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && curl -sSL http://www.apache.org/dist/couchdb/KEYS -o KEYS \ + && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ && gpg --import KEYS && gpg --verify couchdb.tar.gz.asc \ && mkdir -p /usr/src/couchdb \ && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ From 71337374e5e30f0f981ff055302f61543291cbf6 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 20 Nov 2014 20:14:54 +0100 Subject: [PATCH 015/227] set writable HOME for couchdb user --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5e3f881..bb979cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ MAINTAINER Clemens Stolle klaemo@fastmail.fm ENV COUCHDB_VERSION 1.6.1 -RUN groupadd -r couchdb && useradd -d /usr/local/var/lib/couchdb -g couchdb couchdb +RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb # download dependencies, compile and install couchdb RUN apt-get update -y \ From 26566673a33f6576ab19dd6fc84473471f2c4f96 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 20 Nov 2014 20:15:18 +0100 Subject: [PATCH 016/227] remove perl --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bb979cc..db1a8c0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update -y \ && cd /usr/src/couchdb \ && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ && make && make install \ - && apt-get purge -y erlang-dev binutils cpp cpp-4.7 build-essential libmozjs185-dev libnspr4-dev libcurl4-openssl-dev libicu-dev \ + && apt-get purge -y erlang-dev perl binutils cpp make build-essential libmozjs185-dev libnspr4-dev libcurl4-openssl-dev libicu-dev \ && apt-get autoremove -y \ && apt-get update && apt-get install -y libicu48 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS From 5621da798cb86534e20a089f47b06db3bf670c2d Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 20 Nov 2014 21:07:11 +0100 Subject: [PATCH 017/227] actually create workdir --- Dockerfile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index db1a8c0..3a68424 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,8 +28,8 @@ RUN apt-get update -y \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS # grab gosu for easy step-down from root -RUN gpg --keyserver pgp.mit.edu --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 -RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture)" \ +RUN gpg --keyserver pgp.mit.edu --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture)" \ && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture).asc" \ && gpg --verify /usr/local/bin/gosu.asc \ && rm /usr/local/bin/gosu.asc \ @@ -37,11 +37,12 @@ RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/dow%20%20#%20permissions%20RUN%20chown%20-R%20couchdb:couchdb%20\-%20%20/usr/local/lib/couchdb%20/usr/local/etc/couchdb%20\-%20%20/usr/local/var/lib/couchdb%20/usr/local/var/log/couchdb%20/usr/local/var/run/couchdb%20\+%20%20%20%20/usr/local/lib/couchdb%20/usr/local/etc/couchdb%20\+%20%20%20%20/usr/local/var/lib/couchdb%20/usr/local/var/log/couchdb%20/usr/local/var/run/couchdb%20\%20%20%20&&%20chmod%20-R%20g+rw%20\-%20%20/usr/local/lib/couchdb%20/usr/local/etc/couchdb%20\-%20%20/usr/local/var/lib/couchdb%20/usr/local/var/log/couchdb%20/usr/local/var/run/couchdb%20+%20%20%20%20/usr/local/lib/couchdb%20/usr/local/etc/couchdb%20\+%20%20%20%20/usr/local/var/lib/couchdb%20/usr/local/var/log/couchdb%20/usr/local/var/run/couchdb%20\+%20%20&&%20mkdir%20-p%20/var/lib/couchdb%20%20#%20Expose%20to%20the%20outside%20RUN%20sed%20-e's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini @@ -52,7 +53,7 @@ COPY ./docker-entrypoint.sh /entrypoint.sh VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb"] EXPOSE 5984 -WORKDIR /usr/local/var/lib/couchdb +WORKDIR /var/lib/couchdb ENTRYPOINT ["/entrypoint.sh"] CMD ["couchdb"] From 33a1efc0db4449247b0b92b67c73768e67107277 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 20 Nov 2014 21:07:47 +0100 Subject: [PATCH 018/227] apparently we need to manually set HOME with gosu - https://github.com/tianon/gosu/issues/3 --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 2245ab4..a048e2d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -17,7 +17,7 @@ if [ "$1" = 'couchdb' ]; then chmod 664 /usr/local/etc/couchdb/*.ini chmod 775 /usr/local/etc/couchdb/*.d - exec gosu couchdb "$@" + HOME=/var/lib/couchdb exec gosu couchdb "$@" fi exec "$@" From e6203c522969b6752aa796407bad4cb57eddd75b Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 24 Nov 2014 16:54:55 +0100 Subject: [PATCH 019/227] don't purge libmozjs185-dev fixes #10 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3a68424..30a83b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update -y \ && cd /usr/src/couchdb \ && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ && make && make install \ - && apt-get purge -y erlang-dev perl binutils cpp make build-essential libmozjs185-dev libnspr4-dev libcurl4-openssl-dev libicu-dev \ + && apt-get purge -y erlang-dev perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ && apt-get autoremove -y \ && apt-get update && apt-get install -y libicu48 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS From 5cdc4a920188ed99f6b7bc3f39ff81a84cbfd214 Mon Sep 17 00:00:00 2001 From: Joey Baker Date: Mon, 24 Nov 2014 12:27:09 -0800 Subject: [PATCH 020/227] Add missing spidermonkey dep Fixes #10 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 30a83b8..a1232a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb RUN apt-get update -y \ && apt-get install -y --no-install-recommends \ erlang-nox erlang-dev build-essential ca-certificates curl \ - libmozjs185-dev libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ + libmozjs185-dev libmozjs185-1.0 libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ From 9cc60bb2f88716f7cf58c7f3c6d5f1501fdf9ba0 Mon Sep 17 00:00:00 2001 From: Joey Baker Date: Mon, 1 Dec 2014 15:18:49 -0800 Subject: [PATCH 021/227] Keep erlang around Turns out, couchdb needs erlang for more than just compiling. You want to keep this sucker around. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a1232a0..51f0b01 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update -y \ && cd /usr/src/couchdb \ && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ && make && make install \ - && apt-get purge -y erlang-dev perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ + && apt-get purge -y perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ && apt-get autoremove -y \ && apt-get update && apt-get install -y libicu48 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS From 09a9051b3bbeab2879cefb6f400a1ce67865db07 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 26 Jan 2015 19:31:54 +0100 Subject: [PATCH 022/227] re-structure repo for better docker hub compat --- Dockerfile => 1.6.1/Dockerfile | 0 .../docker-entrypoint.sh | 0 2.0-dev/Dockerfile | 46 +++++++++++++++++++ 3 files changed, 46 insertions(+) rename Dockerfile => 1.6.1/Dockerfile (100%) rename docker-entrypoint.sh => 1.6.1/docker-entrypoint.sh (100%) create mode 100644 2.0-dev/Dockerfile diff --git a/Dockerfile b/1.6.1/Dockerfile similarity index 100% rename from Dockerfile rename to 1.6.1/Dockerfile diff --git a/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh similarity index 100% rename from docker-entrypoint.sh rename to 1.6.1/docker-entrypoint.sh diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile new file mode 100644 index 0000000..37829f0 --- /dev/null +++ b/2.0-dev/Dockerfile @@ -0,0 +1,46 @@ +FROM debian:wheezy + +MAINTAINER Clemens Stolle klaemo@fastmail.fm + +ENV COUCHDB_VERSION developer-preview-2.0 + +RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb + +# download dependencies +RUN echo 'deb http://http.debian.net/debian wheezy-backports main' > /etc/apt/sources.list.d/backports.list \ + && apt-get update -y \ + && apt-get install -y --no-install-recommends build-essential libmozjs185-dev \ + libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ + openssl curl ca-certificates git pkg-config \ + apt-transport-https python \ + && apt-get install -y -t wheezy-backports erlang-base-hipe erlang-dev \ + erlang-manpages erlang-dialyzer erlang-eunit erlang-nox + +RUN git clone https://github.com/rebar/rebar /usr/src/rebar \ + && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) + + RUN cd /usr/src \ + && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd couchdb \ + && git checkout developer-preview-2.0 + +RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ + && echo 'deb https://deb.nodesource.com/node wheezy main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node wheezy main' >> /etc/apt/sources.list.d/nodesource.list \ + && apt-get update -y && apt-get install -y nodejs + +RUN cd /usr/src/couchdb \ + && npm install -g grunt-cli \ + && ./configure && make + +# permissions +RUN chown -R couchdb:couchdb /usr/src/couchdb +USER couchdb + +# Expose to the outside +RUN sed -i'' 's/bind_address = 127.0.0.1/bind_address = 0.0.0.0/' /usr/src/couchdb/rel/overlay/etc/default.ini + +EXPOSE 15984 25984 35984 +WORKDIR /usr/src/couchdb + +ENTRYPOINT ["/usr/src/couchdb/dev/run"] From 19ef5174b4b6cb9db4188f9b5464780627b643f1 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 26 Jan 2015 19:32:29 +0100 Subject: [PATCH 023/227] readme: unify stable and dev readme --- README.md | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4aada5a..3b27d84 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,10 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -Version: `CouchDB 1.6.1` +- Version (stable): `CouchDB 1.6.1` +- Version (dev): `CouchDB 2.0 developer preview` -## Run +## Run (stable) Available in the docker index as [klaemo/couchdb](https://index.docker.io/u/klaemo/couchdb/) @@ -31,6 +32,25 @@ curl http://localhost:5984 The previous version of this image used to come with a process manager to keep CouchDB running. As of Docker 1.2 you can use the `--restart` flag to accomplish this. +## Run (dev) + +Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/) + +```bash +# expose the cluster to the world +[sudo] docker run -d -p 15984:15984 -p 25984:25984 -p 35984:35984 --name couchdb klaemo/couchdb:2.0-dev + +curl http://localhost:15984 +curl http://localhost:25984 +curl http://localhost:35984 +``` + +...or you can pass arguments to the binary + +```bash +docker run klaemo/couchdb:2.0-dev --admin=foo:bar +``` + ## Build your own You can use `klaemo/couchdb` as the base image for your own couchdb instance. @@ -52,3 +72,11 @@ and then build and run [sudo] docker build -t you/awesome-couchdb . [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` + +## Contributing + +Please use Github issues for any questions, bugs, feature requests. :) + +## Contributors + +- [@joeybaker](https://github.com/joeybaker) From 9af297141c495ce9ad5b293263c4a2144caf088e Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 26 Jan 2015 21:55:35 +0100 Subject: [PATCH 024/227] dev: update npm --- 2.0-dev/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 37829f0..c944b92 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -30,6 +30,7 @@ RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && apt-get update -y && apt-get install -y nodejs RUN cd /usr/src/couchdb \ + && npm install -g npm \ && npm install -g grunt-cli \ && ./configure && make From 7242568b1fc0fa8c90895d8114f59cbd123ee9c3 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 27 Jan 2015 11:54:53 +0100 Subject: [PATCH 025/227] document 2.0-dev oddity (see #16) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3b27d84..539354c 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docke ```bash # expose the cluster to the world -[sudo] docker run -d -p 15984:15984 -p 25984:25984 -p 35984:35984 --name couchdb klaemo/couchdb:2.0-dev +[sudo] docker run -i -t -p 15984:15984 -p 25984:25984 -p 35984:35984 --name couchdb klaemo/couchdb:2.0-dev curl http://localhost:15984 curl http://localhost:25984 @@ -48,7 +48,7 @@ curl http://localhost:35984 ...or you can pass arguments to the binary ```bash -docker run klaemo/couchdb:2.0-dev --admin=foo:bar +docker run -i -t klaemo/couchdb:2.0-dev --admin=foo:bar ``` ## Build your own From 9e039c63fd62e6398bd2e07ec67f870cec255be6 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 27 Jan 2015 12:21:37 +0100 Subject: [PATCH 026/227] stable: change gpg key server for gosu --- 1.6.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 51f0b01..2cfde1b 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -28,7 +28,7 @@ RUN apt-get update -y \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS # grab gosu for easy step-down from root -RUN gpg --keyserver pgp.mit.edu --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ +RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture)" \ && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture).asc" \ && gpg --verify /usr/local/bin/gosu.asc \ From 7d9e17443cb8f6427c38ce2b86b199ddc9f2b5b9 Mon Sep 17 00:00:00 2001 From: cristian Date: Wed, 28 Jan 2015 22:43:51 +0100 Subject: [PATCH 027/227] dev: wait for an additional 1s in dev/run command - workaround for #16 --- 2.0-dev/Dockerfile | 4 + 2.0-dev/run.py | 298 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 2.0-dev/run.py diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index c944b92..fe2e260 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -35,7 +35,11 @@ RUN cd /usr/src/couchdb \ && ./configure && make # permissions +RUN rm -rf /usr/src/couchdb/dev/run +COPY ./run.py /usr/src/couchdb/dev/run +RUN chmod +x /usr/src/couchdb/dev/run RUN chown -R couchdb:couchdb /usr/src/couchdb + USER couchdb # Expose to the outside diff --git a/2.0-dev/run.py b/2.0-dev/run.py new file mode 100644 index 0000000..fa485b4 --- /dev/null +++ b/2.0-dev/run.py @@ -0,0 +1,298 @@ +#!/usr/bin/env python +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +import atexit +import contextlib as ctx +import glob +import httplib +import optparse as op +import os +import re +import select +import subprocess as sp +import sys +import time +import traceback +import urllib +import uuid + +from pbkdf2 import pbkdf2_hex + +# clipped down from e.g. '0x594fc30efe7746318d7d79684a15cfd0L' +COMMON_SALT = hex(uuid.uuid4().int)[2:-1] + +USAGE = "%prog [options] [command to run...]" +DEV_PATH = os.path.dirname(os.path.abspath(__file__)) +COUCHDB = os.path.dirname(DEV_PATH) + +DEFAULT_N = 3 +PROCESSES = [] + + +def init_log_dir(): + logdir = os.path.join(DEV_PATH, "logs") + if not os.path.exists(logdir): + os.makedirs(logdir) + + +def init_beams(): + # Including this for people that forget to run + # make dev. + for fname in glob.glob(os.path.join(DEV_PATH, "*.erl")): + cmd = [ + "erlc", + "-o", DEV_PATH + os.sep, + fname + ] + sp.check_call(cmd) + + +def hack_default_ini(opts, node, args, contents): + # Replace log file + logfile = os.path.join(DEV_PATH, "logs", "%s.log" % node) + repl = "file = %s" % logfile + contents = re.sub("(?m)^file.*$", repl, contents) + + # Replace couchjs command + couchjs = os.path.join(COUCHDB, "src", "couch", "priv", "couchjs") + mainjs = os.path.join(COUCHDB, "share", "server", "main.js") + coffeejs = os.path.join(COUCHDB, "share", "server", "main-coffee.js") + + repl = "javascript = %s %s" % (couchjs, mainjs) + contents = re.sub("(?m)^javascript.*$", repl, contents) + + repl = "coffeescript = %s %s" % (couchjs, coffeejs) + contents = re.sub("(?m)^coffeescript.*$", repl, contents) + + return contents + + +def hashify(pwd, salt=COMMON_SALT): + """ + Implements password hasshing according to: + - https://issues.apache.org/jira/browse/COUCHDB-1060 + - https://issues.apache.org/jira/secure/attachment/12492631/0001-Integrate-PBKDF2.patch + + This test uses 'candeira:candeira' + + >>> hashify(candeira) + -pbkdf2-99eb34d97cdaa581e6ba7b5386e112c265c5c670,d1d2d4d8909c82c81b6c8184429a0739,10 + """ + iterations = 10 + keylen = 20 + derived_key = pbkdf2_hex(pwd, salt, iterations, keylen) + return "-pbkdf2-%s,%s,%s" % (derived_key, salt, iterations) + +def hack_local_ini(opts, node, args, contents): + # make sure all three nodes have the same secret + secret_line = "secret = %s\n" % COMMON_SALT + previous_line = "; require_valid_user = false\n" + contents = contents.replace(previous_line, previous_line + secret_line) + # if --admin user:password on invocation, make sure all three nodes + # have the same hashed password + if opts.admin is None: + return contents + usr, pwd = opts.admin.split(":", 1) + return contents + "\n%s = %s" % (usr, hashify(pwd)) + + +def write_config(opts, node, args): + etc_src = os.path.join(COUCHDB, "rel", "overlay", "etc") + etc_tgt = os.path.join(DEV_PATH, "lib", node, "etc") + if not os.path.exists(etc_tgt): + os.makedirs(etc_tgt) + + etc_files = glob.glob(os.path.join(etc_src, "*")) + for fname in etc_files: + base = os.path.basename(fname) + tgt = os.path.join(etc_tgt, base) + with open(fname) as handle: + contents = handle.read() + for key in args: + contents = re.sub("{{%s}}" % key, args[key], contents) + if base == "default.ini": + contents = hack_default_ini(opts, node, args, contents) + elif base == "local.ini": + contents = hack_local_ini(opts, node, args, contents) + with open(tgt, "w") as handle: + handle.write(contents) + + +def write_configs(opts): + datadir = os.path.join(DEV_PATH, "data") + if not os.path.exists(datadir): + os.makedirs(datadir) + for i in range(1, N+1): + node = "node%d" % i + args = { + "prefix": COUCHDB, + "package_author_name": "The Apache Software Foundation", + "data_dir": os.path.join(DEV_PATH, "lib", node, "data"), + "view_index_dir": os.path.join(DEV_PATH, "lib", node, "data"), + "node_name": "-name %s@127.0.0.1" % node, + "cluster_port": str((10000 * i) + 5984), + "backend_port" : str((10000 * i) + 5986) + } + if not os.path.exists(args["data_dir"]): + os.makedirs(args["data_dir"]) + write_config(opts, node, args) + + +def all_nodes_alive(n): + for i in range(1, n+1): + url = "http://127.0.0.1:{0}/".format(local_port(i)) + while True: + try: + with ctx.closing(urllib.urlopen(url)) as resp: + pass + except IOError: + time.sleep(0.25) + continue + break + return True + + +def local_port(n): + return 10000 * n + 5986 + + +def node_port(n): + return 10000 * n + 5984 + + +def boot_node(node): + apps = os.path.join(COUCHDB, "src") + env = os.environ.copy() + env["ERL_LIBS"] = os.pathsep.join([apps]) + cmd = [ + "erl", + "-args_file", os.path.join(DEV_PATH, "lib", node, "etc", "vm.args"), + "-config", os.path.join(COUCHDB, "rel", "files", "sys"), + "-couch_ini", + os.path.join(DEV_PATH, "lib", node, "etc", "default.ini"), + os.path.join(DEV_PATH, "lib", node, "etc", "local.ini"), + "-reltool_config", os.path.join(COUCHDB, "rel", "reltool.config"), + "-parent_pid", str(os.getpid()), + "-pa", DEV_PATH, + "-pa", os.path.join(COUCHDB, "src", "*"), + "-s", "boot_node" + ] + logfname = os.path.join(DEV_PATH, "logs", "%s.log" % node) + log = open(logfname, "w") + return sp.Popen( + cmd, + stdin=sp.PIPE, + stdout=log, + stderr=sp.STDOUT, + env=env) + + +def connect_nodes(host, port): + global N + for i in range(1, N+1): + body = "{}" + conn = httplib.HTTPConnection(host, port) + conn.request("PUT", "/nodes/node%d@127.0.0.1" % i, body) + resp = conn.getresponse() + if resp.status not in (200, 201, 202, 409): + print resp.reason + exit(1) + + +def kill_processes(): + global PROCESSES + for p in PROCESSES: + if p.returncode is None: + p.kill() + + +def boot_nodes(): + global N, PROCESSES + for i in range(1, N+1): + p = boot_node("node%d" % i) + PROCESSES.append(p) + + for i in range(30): + if all_nodes_alive(N): + print "Cluster is up, go to http://127.0.0.1:15984/_utils" + break + time.sleep(1) + time.sleep(1) + + +def reboot_nodes(): + kill_processes() + boot_nodes() + + +def run_command(cmd): + p = sp.Popen(cmd, shell=True, stdout=sp.PIPE, stderr=sys.stderr) + while True: + line = p.stdout.readline() + if not line: + break + try: + eval(line) + except: + traceback.print_exc() + exit(1) + p.wait() + exit(p.returncode) + + +def wait_for_procs(): + global PROCESSES + while True: + for p in PROCESSES: + if p.returncode is not None: + exit(1) + time.sleep(2) + + +def options(): + return [ + op.make_option("-a", "--admin", metavar="USER:PASS", default=None, + help="Add an admin account to the development cluster"), + op.make_option("-n", "--nodes", metavar="N", default=DEFAULT_N, + type="int", help="Number of development nodes to be spun up") + ] + + +def main(): + parser = op.OptionParser(usage=USAGE, option_list=options()) + opts, args = parser.parse_args() + + global N + N = opts.nodes + + init_log_dir() + init_beams() + write_configs(opts) + + atexit.register(kill_processes) + + boot_nodes() + connect_nodes("127.0.0.1", 15986) + + if len(args): + run_command(" ".join(args)) + else: + wait_for_procs() + + +if __name__ == "__main__": + try: + main() + except KeyboardInterrupt: + pass From c251ba795c0ad823d34ea3dd0b6014ef9a89512c Mon Sep 17 00:00:00 2001 From: cristian Date: Wed, 28 Jan 2015 22:45:32 +0100 Subject: [PATCH 028/227] dev: set erlang version to 17.0 Closes #20 Fixes #18 --- 2.0-dev/Dockerfile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index fe2e260..bec37c5 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -7,14 +7,19 @@ ENV COUCHDB_VERSION developer-preview-2.0 RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb # download dependencies -RUN echo 'deb http://http.debian.net/debian wheezy-backports main' > /etc/apt/sources.list.d/backports.list \ - && apt-get update -y \ +RUN apt-get update -y \ && apt-get install -y --no-install-recommends build-essential libmozjs185-dev \ libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ openssl curl ca-certificates git pkg-config \ - apt-transport-https python \ - && apt-get install -y -t wheezy-backports erlang-base-hipe erlang-dev \ - erlang-manpages erlang-dialyzer erlang-eunit erlang-nox + apt-transport-https python wget + +RUN wget http://packages.erlang-solutions.com/site/esl/esl-erlang/FLAVOUR_3_general/esl-erlang_17.0-1~debian~wheezy_amd64.deb +RUN apt-get install -y --no-install-recommends libwxgtk2.8 default-jdk +RUN apt-get install -y --no-install-recommends procps +RUN wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb +RUN dpkg -i libssl0.9.8_0.9.8o-4squeeze14_amd64.deb + +RUN dpkg -i esl-erlang_17.0-1~debian~wheezy_amd64.deb RUN git clone https://github.com/rebar/rebar /usr/src/rebar \ && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) From 7a9f5f2765813022f33187ebcfd4f10d23438e0e Mon Sep 17 00:00:00 2001 From: klaemo Date: Sun, 1 Feb 2015 13:53:54 +0100 Subject: [PATCH 029/227] stable: use erlang 17.4 from erlang-solutions Fixes #12 Closes #17 --- 1.6.1/Dockerfile | 6 ++++-- README.md | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 2cfde1b..80b4409 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -11,8 +11,10 @@ RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb # download dependencies, compile and install couchdb RUN apt-get update -y \ && apt-get install -y --no-install-recommends \ - erlang-nox erlang-dev build-essential ca-certificates curl \ + build-essential ca-certificates curl \ libmozjs185-dev libmozjs185-1.0 libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ + && curl -ssL https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb -o esl.deb && dpkg -i esl.deb && apt-get update \ + && apt-get install -y --no-install-recommends erlang-nox=1:17.4 erlang-dev=1:17.4 \ && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ @@ -25,7 +27,7 @@ RUN apt-get update -y \ && apt-get purge -y perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ && apt-get autoremove -y \ && apt-get update && apt-get install -y libicu48 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS /esl.deb # grab gosu for easy step-down from root RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ diff --git a/README.md b/README.md index 539354c..396b72f 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -- Version (stable): `CouchDB 1.6.1` -- Version (dev): `CouchDB 2.0 developer preview` +- Version (stable): `CouchDB 1.6.1`, `Erlang 17.4` +- Version (dev): `CouchDB 2.0 developer preview`, `Erlang 17.0` ## Run (stable) From 60854266caf3156b2f6d77f9367177de2327953e Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 27 May 2015 23:23:06 +0100 Subject: [PATCH 030/227] Update Erlang dependencies to version 17.5.3 As of 27/05/2015, when you try building a Docker image with CouchDB 1.6.1, you get the following error: > The following packages have unmet dependencies: > erlang-dev : Depends: erlang-base (= 1:17.4) but 1:17.5.3 is to be installed or > erlang-base-hipe (= 1:17.4) > E: Unable to correct problems, you have held broken packages. This patch fixes the issue and allows you to complete the build process. closes #25 --- 1.6.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 80b4409..b7c5ea3 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -14,7 +14,7 @@ RUN apt-get update -y \ build-essential ca-certificates curl \ libmozjs185-dev libmozjs185-1.0 libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ && curl -ssL https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb -o esl.deb && dpkg -i esl.deb && apt-get update \ - && apt-get install -y --no-install-recommends erlang-nox=1:17.4 erlang-dev=1:17.4 \ + && apt-get install -y --no-install-recommends erlang-nox=1:17.5.3 erlang-dev=1:17.5.3 \ && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ From 70e4810d2ba7f95c6c85666f6f62fc9a6976c2c3 Mon Sep 17 00:00:00 2001 From: Niclas Mietz Date: Fri, 12 Jun 2015 06:42:09 +0200 Subject: [PATCH 031/227] Add instruction to run CouchDB with a mounted volume closes #26 --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 396b72f..fe20aab 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,17 @@ Available in the docker index as [klaemo/couchdb](https://index.docker.io/u/klae curl http://localhost:5984 ``` +## Run (stable with mounted Volume) + +```bash +[sudo] docker pull klaemo/couchdb:latest + +# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory +[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb klaemo/couchdb + +curl http://localhost:5984 +``` + ## Features * built on top of the solid and small `debian:wheezy` base image From c9837eace1fdcb2f32578670c2489b095580511e Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 19 Jun 2015 12:40:14 +0200 Subject: [PATCH 032/227] update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fe20aab..2aecafd 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -- Version (stable): `CouchDB 1.6.1`, `Erlang 17.4` +- Version (stable): `CouchDB 1.6.1`, `Erlang 17.5.3` - Version (dev): `CouchDB 2.0 developer preview`, `Erlang 17.0` ## Run (stable) From c7f8b662135f209e3445a9de3054908bf0a393c1 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 19 Jun 2015 12:46:00 +0200 Subject: [PATCH 033/227] stable: explicitly make entrypoint executable see #19 for discussion --- 1.6.1/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index b7c5ea3..7cb0015 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -50,6 +50,7 @@ RUN chown -R couchdb:couchdb \ RUN sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh # Define mountable directories. VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb"] From 06f57664fea3f156a9ed773a913428f45a6ba5ea Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sat, 20 Jun 2015 15:45:23 +0200 Subject: [PATCH 034/227] add apache license headers and license file closes #27 --- 1.6.1/Dockerfile | 12 +++ 1.6.1/docker-entrypoint.sh | 12 +++ 2.0-dev/Dockerfile | 12 +++ LICENSE | 202 +++++++++++++++++++++++++++++++++++++ 4 files changed, 238 insertions(+) create mode 100644 LICENSE diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 7cb0015..63a98d4 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -1,3 +1,15 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + FROM debian:wheezy MAINTAINER Clemens Stolle klaemo@fastmail.fm diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh index a048e2d..01828ff 100755 --- a/1.6.1/docker-entrypoint.sh +++ b/1.6.1/docker-entrypoint.sh @@ -1,4 +1,16 @@ #!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + set -e if [ "$1" = 'couchdb' ]; then diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index bec37c5..e9e4707 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -1,3 +1,15 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + FROM debian:wheezy MAINTAINER Clemens Stolle klaemo@fastmail.fm diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f6cd2bc --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From f2b6f96139b6c066ad9133f57ac581826a8ba9bd Mon Sep 17 00:00:00 2001 From: Jean-Charles Sisk Date: Wed, 1 Jul 2015 12:00:07 -0400 Subject: [PATCH 035/227] fix curl flag typo -ssL -> -sSL closes #28 --- 1.6.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 63a98d4..0036f2a 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -25,7 +25,7 @@ RUN apt-get update -y \ && apt-get install -y --no-install-recommends \ build-essential ca-certificates curl \ libmozjs185-dev libmozjs185-1.0 libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ - && curl -ssL https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb -o esl.deb && dpkg -i esl.deb && apt-get update \ + && curl -sSL https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb -o esl.deb && dpkg -i esl.deb && apt-get update \ && apt-get install -y --no-install-recommends erlang-nox=1:17.5.3 erlang-dev=1:17.5.3 \ && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ From 4eed15b1bd5ca5886c836366a3e095d9bda73b23 Mon Sep 17 00:00:00 2001 From: vrince Date: Tue, 18 Aug 2015 15:17:02 -0400 Subject: [PATCH 036/227] Fix erlang solution download path - disable docs closes #29 --- 2.0-dev/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index e9e4707..f4c338a 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -25,13 +25,13 @@ RUN apt-get update -y \ openssl curl ca-certificates git pkg-config \ apt-transport-https python wget -RUN wget http://packages.erlang-solutions.com/site/esl/esl-erlang/FLAVOUR_3_general/esl-erlang_17.0-1~debian~wheezy_amd64.deb +RUN wget http://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_18.0-1~debian~wheezy_amd64.deb RUN apt-get install -y --no-install-recommends libwxgtk2.8 default-jdk RUN apt-get install -y --no-install-recommends procps RUN wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb RUN dpkg -i libssl0.9.8_0.9.8o-4squeeze14_amd64.deb -RUN dpkg -i esl-erlang_17.0-1~debian~wheezy_amd64.deb +RUN dpkg -i esl-erlang_18.0-1~debian~wheezy_amd64.deb RUN git clone https://github.com/rebar/rebar /usr/src/rebar \ && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) @@ -49,7 +49,7 @@ RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - RUN cd /usr/src/couchdb \ && npm install -g npm \ && npm install -g grunt-cli \ - && ./configure && make + && ./configure --disable-docs && make # permissions RUN rm -rf /usr/src/couchdb/dev/run From 44e5dd9d4db31a8a63fd2b89ee6a9661894050ed Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 21 Aug 2015 15:36:42 +0200 Subject: [PATCH 037/227] update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2aecafd..8d094ef 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - Version (stable): `CouchDB 1.6.1`, `Erlang 17.5.3` -- Version (dev): `CouchDB 2.0 developer preview`, `Erlang 17.0` +- Version (dev): `CouchDB 2.0 developer preview`, `Erlang 18.0` ## Run (stable) From c4525b13475d3fd7ad6e153c7a08352fe31b9ef2 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 21 Aug 2015 16:54:45 +0200 Subject: [PATCH 038/227] 2.0: fix build, user master --- 2.0-dev/Dockerfile | 21 ++-- 2.0-dev/run.py | 298 --------------------------------------------- README.md | 22 +++- 3 files changed, 25 insertions(+), 316 deletions(-) delete mode 100644 2.0-dev/run.py diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index f4c338a..5f3e661 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -36,26 +36,21 @@ RUN dpkg -i esl-erlang_18.0-1~debian~wheezy_amd64.deb RUN git clone https://github.com/rebar/rebar /usr/src/rebar \ && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) - RUN cd /usr/src \ - && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ - && cd couchdb \ - && git checkout developer-preview-2.0 +RUN cd /usr/src \ + && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd couchdb \ + && git checkout master RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node wheezy main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node wheezy main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y && apt-get install -y nodejs + && apt-get update -y && apt-get install -y nodejs \ + && npm install -g npm && npm install -g grunt-cli -RUN cd /usr/src/couchdb \ - && npm install -g npm \ - && npm install -g grunt-cli \ - && ./configure --disable-docs && make +RUN cd /usr/src/couchdb && ./configure --disable-docs && make # permissions -RUN rm -rf /usr/src/couchdb/dev/run -COPY ./run.py /usr/src/couchdb/dev/run -RUN chmod +x /usr/src/couchdb/dev/run -RUN chown -R couchdb:couchdb /usr/src/couchdb +RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb USER couchdb diff --git a/2.0-dev/run.py b/2.0-dev/run.py deleted file mode 100644 index fa485b4..0000000 --- a/2.0-dev/run.py +++ /dev/null @@ -1,298 +0,0 @@ -#!/usr/bin/env python -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -import atexit -import contextlib as ctx -import glob -import httplib -import optparse as op -import os -import re -import select -import subprocess as sp -import sys -import time -import traceback -import urllib -import uuid - -from pbkdf2 import pbkdf2_hex - -# clipped down from e.g. '0x594fc30efe7746318d7d79684a15cfd0L' -COMMON_SALT = hex(uuid.uuid4().int)[2:-1] - -USAGE = "%prog [options] [command to run...]" -DEV_PATH = os.path.dirname(os.path.abspath(__file__)) -COUCHDB = os.path.dirname(DEV_PATH) - -DEFAULT_N = 3 -PROCESSES = [] - - -def init_log_dir(): - logdir = os.path.join(DEV_PATH, "logs") - if not os.path.exists(logdir): - os.makedirs(logdir) - - -def init_beams(): - # Including this for people that forget to run - # make dev. - for fname in glob.glob(os.path.join(DEV_PATH, "*.erl")): - cmd = [ - "erlc", - "-o", DEV_PATH + os.sep, - fname - ] - sp.check_call(cmd) - - -def hack_default_ini(opts, node, args, contents): - # Replace log file - logfile = os.path.join(DEV_PATH, "logs", "%s.log" % node) - repl = "file = %s" % logfile - contents = re.sub("(?m)^file.*$", repl, contents) - - # Replace couchjs command - couchjs = os.path.join(COUCHDB, "src", "couch", "priv", "couchjs") - mainjs = os.path.join(COUCHDB, "share", "server", "main.js") - coffeejs = os.path.join(COUCHDB, "share", "server", "main-coffee.js") - - repl = "javascript = %s %s" % (couchjs, mainjs) - contents = re.sub("(?m)^javascript.*$", repl, contents) - - repl = "coffeescript = %s %s" % (couchjs, coffeejs) - contents = re.sub("(?m)^coffeescript.*$", repl, contents) - - return contents - - -def hashify(pwd, salt=COMMON_SALT): - """ - Implements password hasshing according to: - - https://issues.apache.org/jira/browse/COUCHDB-1060 - - https://issues.apache.org/jira/secure/attachment/12492631/0001-Integrate-PBKDF2.patch - - This test uses 'candeira:candeira' - - >>> hashify(candeira) - -pbkdf2-99eb34d97cdaa581e6ba7b5386e112c265c5c670,d1d2d4d8909c82c81b6c8184429a0739,10 - """ - iterations = 10 - keylen = 20 - derived_key = pbkdf2_hex(pwd, salt, iterations, keylen) - return "-pbkdf2-%s,%s,%s" % (derived_key, salt, iterations) - -def hack_local_ini(opts, node, args, contents): - # make sure all three nodes have the same secret - secret_line = "secret = %s\n" % COMMON_SALT - previous_line = "; require_valid_user = false\n" - contents = contents.replace(previous_line, previous_line + secret_line) - # if --admin user:password on invocation, make sure all three nodes - # have the same hashed password - if opts.admin is None: - return contents - usr, pwd = opts.admin.split(":", 1) - return contents + "\n%s = %s" % (usr, hashify(pwd)) - - -def write_config(opts, node, args): - etc_src = os.path.join(COUCHDB, "rel", "overlay", "etc") - etc_tgt = os.path.join(DEV_PATH, "lib", node, "etc") - if not os.path.exists(etc_tgt): - os.makedirs(etc_tgt) - - etc_files = glob.glob(os.path.join(etc_src, "*")) - for fname in etc_files: - base = os.path.basename(fname) - tgt = os.path.join(etc_tgt, base) - with open(fname) as handle: - contents = handle.read() - for key in args: - contents = re.sub("{{%s}}" % key, args[key], contents) - if base == "default.ini": - contents = hack_default_ini(opts, node, args, contents) - elif base == "local.ini": - contents = hack_local_ini(opts, node, args, contents) - with open(tgt, "w") as handle: - handle.write(contents) - - -def write_configs(opts): - datadir = os.path.join(DEV_PATH, "data") - if not os.path.exists(datadir): - os.makedirs(datadir) - for i in range(1, N+1): - node = "node%d" % i - args = { - "prefix": COUCHDB, - "package_author_name": "The Apache Software Foundation", - "data_dir": os.path.join(DEV_PATH, "lib", node, "data"), - "view_index_dir": os.path.join(DEV_PATH, "lib", node, "data"), - "node_name": "-name %s@127.0.0.1" % node, - "cluster_port": str((10000 * i) + 5984), - "backend_port" : str((10000 * i) + 5986) - } - if not os.path.exists(args["data_dir"]): - os.makedirs(args["data_dir"]) - write_config(opts, node, args) - - -def all_nodes_alive(n): - for i in range(1, n+1): - url = "http://127.0.0.1:{0}/".format(local_port(i)) - while True: - try: - with ctx.closing(urllib.urlopen(url)) as resp: - pass - except IOError: - time.sleep(0.25) - continue - break - return True - - -def local_port(n): - return 10000 * n + 5986 - - -def node_port(n): - return 10000 * n + 5984 - - -def boot_node(node): - apps = os.path.join(COUCHDB, "src") - env = os.environ.copy() - env["ERL_LIBS"] = os.pathsep.join([apps]) - cmd = [ - "erl", - "-args_file", os.path.join(DEV_PATH, "lib", node, "etc", "vm.args"), - "-config", os.path.join(COUCHDB, "rel", "files", "sys"), - "-couch_ini", - os.path.join(DEV_PATH, "lib", node, "etc", "default.ini"), - os.path.join(DEV_PATH, "lib", node, "etc", "local.ini"), - "-reltool_config", os.path.join(COUCHDB, "rel", "reltool.config"), - "-parent_pid", str(os.getpid()), - "-pa", DEV_PATH, - "-pa", os.path.join(COUCHDB, "src", "*"), - "-s", "boot_node" - ] - logfname = os.path.join(DEV_PATH, "logs", "%s.log" % node) - log = open(logfname, "w") - return sp.Popen( - cmd, - stdin=sp.PIPE, - stdout=log, - stderr=sp.STDOUT, - env=env) - - -def connect_nodes(host, port): - global N - for i in range(1, N+1): - body = "{}" - conn = httplib.HTTPConnection(host, port) - conn.request("PUT", "/nodes/node%d@127.0.0.1" % i, body) - resp = conn.getresponse() - if resp.status not in (200, 201, 202, 409): - print resp.reason - exit(1) - - -def kill_processes(): - global PROCESSES - for p in PROCESSES: - if p.returncode is None: - p.kill() - - -def boot_nodes(): - global N, PROCESSES - for i in range(1, N+1): - p = boot_node("node%d" % i) - PROCESSES.append(p) - - for i in range(30): - if all_nodes_alive(N): - print "Cluster is up, go to http://127.0.0.1:15984/_utils" - break - time.sleep(1) - time.sleep(1) - - -def reboot_nodes(): - kill_processes() - boot_nodes() - - -def run_command(cmd): - p = sp.Popen(cmd, shell=True, stdout=sp.PIPE, stderr=sys.stderr) - while True: - line = p.stdout.readline() - if not line: - break - try: - eval(line) - except: - traceback.print_exc() - exit(1) - p.wait() - exit(p.returncode) - - -def wait_for_procs(): - global PROCESSES - while True: - for p in PROCESSES: - if p.returncode is not None: - exit(1) - time.sleep(2) - - -def options(): - return [ - op.make_option("-a", "--admin", metavar="USER:PASS", default=None, - help="Add an admin account to the development cluster"), - op.make_option("-n", "--nodes", metavar="N", default=DEFAULT_N, - type="int", help="Number of development nodes to be spun up") - ] - - -def main(): - parser = op.OptionParser(usage=USAGE, option_list=options()) - opts, args = parser.parse_args() - - global N - N = opts.nodes - - init_log_dir() - init_beams() - write_configs(opts) - - atexit.register(kill_processes) - - boot_nodes() - connect_nodes("127.0.0.1", 15986) - - if len(args): - run_command(" ".join(args)) - else: - wait_for_procs() - - -if __name__ == "__main__": - try: - main() - except KeyboardInterrupt: - pass diff --git a/README.md b/README.md index 8d094ef..e6d1147 100644 --- a/README.md +++ b/README.md @@ -49,11 +49,23 @@ Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docke ```bash # expose the cluster to the world -[sudo] docker run -i -t -p 15984:15984 -p 25984:25984 -p 35984:35984 --name couchdb klaemo/couchdb:2.0-dev - -curl http://localhost:15984 -curl http://localhost:25984 -curl http://localhost:35984 +[sudo] docker run -p 15984:15984 -p 25984:25984 -p 35984:35984 klaemo/couchdb:2.0-dev + +[ * ] Setup environment ... ok +[ * ] Ensure CouchDB is built ... ok +[ * ] Prepare configuration files ... ok +[ * ] Start node node1 ... ok +[ * ] Start node node2 ... ok +[ * ] Start node node3 ... ok +[ * ] Check node at http://127.0.0.1:15984/ ... failed: [Errno socket error] [Errno 111] Connection refused +[ * ] Check node at http://127.0.0.1:25984/ ... ok +[ * ] Check node at http://127.0.0.1:35984/ ... ok +[ * ] Check node at http://127.0.0.1:15984/ ... ok +[ * ] Running cluster setup ... ok +[ * ] Developers cluster is set up at http://127.0.0.1:15984. +Admin username: root +Password: 37l7YDQJ +Time to hack! ... ``` ...or you can pass arguments to the binary From 3c95943c0861d523c5712cea74127017b6d20be1 Mon Sep 17 00:00:00 2001 From: vrince Date: Fri, 21 Aug 2015 11:34:21 -0400 Subject: [PATCH 039/227] Update to debian:jessie to fix doc build closes #31 --- 2.0-dev/Dockerfile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 5f3e661..8aa81ff 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:wheezy +FROM debian:jessie MAINTAINER Clemens Stolle klaemo@fastmail.fm @@ -23,15 +23,16 @@ RUN apt-get update -y \ && apt-get install -y --no-install-recommends build-essential libmozjs185-dev \ libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ openssl curl ca-certificates git pkg-config \ - apt-transport-https python wget + apt-transport-https python wget \ + python-sphinx texlive-base texinfo texlive-latex-extra texlive-fonts-recommended texlive-fonts-extra #needed to build the doc -RUN wget http://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_18.0-1~debian~wheezy_amd64.deb -RUN apt-get install -y --no-install-recommends libwxgtk2.8 default-jdk +RUN wget http://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_18.0-1~debian~jessie_amd64.deb +RUN apt-get install -y --no-install-recommends libwxgtk3.0 default-jdk RUN apt-get install -y --no-install-recommends procps RUN wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb RUN dpkg -i libssl0.9.8_0.9.8o-4squeeze14_amd64.deb -RUN dpkg -i esl-erlang_18.0-1~debian~wheezy_amd64.deb +RUN dpkg -i esl-erlang_18.0-1~debian~jessie_amd64.deb RUN git clone https://github.com/rebar/rebar /usr/src/rebar \ && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) @@ -42,12 +43,12 @@ RUN cd /usr/src \ && git checkout master RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node wheezy main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node wheezy main' >> /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb https://deb.nodesource.com/node jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node jessie main' >> /etc/apt/sources.list.d/nodesource.list \ && apt-get update -y && apt-get install -y nodejs \ && npm install -g npm && npm install -g grunt-cli -RUN cd /usr/src/couchdb && ./configure --disable-docs && make +RUN cd /usr/src/couchdb && ./configure && make # permissions RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb From 2699a91965230a8b1d77f2c960faf282ba179319 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 21 Aug 2015 20:13:18 +0200 Subject: [PATCH 040/227] 2.0: use debian's openssl --- 2.0-dev/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 8aa81ff..88b4746 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -29,8 +29,6 @@ RUN apt-get update -y \ RUN wget http://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_18.0-1~debian~jessie_amd64.deb RUN apt-get install -y --no-install-recommends libwxgtk3.0 default-jdk RUN apt-get install -y --no-install-recommends procps -RUN wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb -RUN dpkg -i libssl0.9.8_0.9.8o-4squeeze14_amd64.deb RUN dpkg -i esl-erlang_18.0-1~debian~jessie_amd64.deb From e5e33bb6cac5302927bb83d1c23d845ff6adc094 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 21 Aug 2015 20:31:00 +0200 Subject: [PATCH 041/227] 2.0: use haproxy fixes #30 --- 2.0-dev/Dockerfile | 4 +++- README.md | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 88b4746..52992dd 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -46,6 +46,8 @@ RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && apt-get update -y && apt-get install -y nodejs \ && npm install -g npm && npm install -g grunt-cli +RUN apt-get -y install haproxy + RUN cd /usr/src/couchdb && ./configure && make # permissions @@ -56,7 +58,7 @@ USER couchdb # Expose to the outside RUN sed -i'' 's/bind_address = 127.0.0.1/bind_address = 0.0.0.0/' /usr/src/couchdb/rel/overlay/etc/default.ini -EXPOSE 15984 25984 35984 +EXPOSE 5984 WORKDIR /usr/src/couchdb ENTRYPOINT ["/usr/src/couchdb/dev/run"] diff --git a/README.md b/README.md index e6d1147..959ae4a 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docke ```bash # expose the cluster to the world -[sudo] docker run -p 15984:15984 -p 25984:25984 -p 35984:35984 klaemo/couchdb:2.0-dev +[sudo] docker run -p 5984:5984 klaemo/couchdb:2.0-dev [ * ] Setup environment ... ok [ * ] Ensure CouchDB is built ... ok @@ -74,6 +74,8 @@ Time to hack! ... docker run -i -t klaemo/couchdb:2.0-dev --admin=foo:bar ``` +**Note:** The cluster will be exposed on port `5984`, because it internally uses haproxy. + ## Build your own You can use `klaemo/couchdb` as the base image for your own couchdb instance. From 6374bd653b0bcabbc69e1a1988c19b16e1ce5e62 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 14 Sep 2015 12:36:42 +0200 Subject: [PATCH 042/227] 1.6: expose config dir as a volume again fixes #34 --- 1.6.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 0036f2a..e556d76 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -65,7 +65,7 @@ COPY ./docker-entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh # Define mountable directories. -VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb"] +VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb", "/usr/local/etc/couchdb"] EXPOSE 5984 WORKDIR /var/lib/couchdb From 88f96a6111b7f137a17aac354c25868525a5c08a Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 2 Nov 2015 12:59:23 +0100 Subject: [PATCH 043/227] 1.6: use debian jessie and its erlang - I'm tired of tracking erlang-solutions' updates that break the build :( fixes klaemo/docker-couchdb#35 --- 1.6.1/Dockerfile | 7 +++---- README.md | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index e556d76..6a4c6aa 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:wheezy +FROM debian:8.2 MAINTAINER Clemens Stolle klaemo@fastmail.fm @@ -25,8 +25,7 @@ RUN apt-get update -y \ && apt-get install -y --no-install-recommends \ build-essential ca-certificates curl \ libmozjs185-dev libmozjs185-1.0 libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ - && curl -sSL https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb -o esl.deb && dpkg -i esl.deb && apt-get update \ - && apt-get install -y --no-install-recommends erlang-nox=1:17.5.3 erlang-dev=1:17.5.3 \ + erlang-nox erlang-dev \ && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ @@ -38,7 +37,7 @@ RUN apt-get update -y \ && make && make install \ && apt-get purge -y perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ && apt-get autoremove -y \ - && apt-get update && apt-get install -y libicu48 --no-install-recommends \ + && apt-get update && apt-get install -y libicu52 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS /esl.deb # grab gosu for easy step-down from root diff --git a/README.md b/README.md index 959ae4a..252c172 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -- Version (stable): `CouchDB 1.6.1`, `Erlang 17.5.3` +- Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` - Version (dev): `CouchDB 2.0 developer preview`, `Erlang 18.0` ## Run (stable) From 3154b94cfc3721c759798d9ea74803b027c950bd Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 2 Nov 2015 17:48:26 +0100 Subject: [PATCH 044/227] readme: add note about docker hub comments --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 252c172..fbdf165 100644 --- a/README.md +++ b/README.md @@ -98,9 +98,10 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` -## Contributing +## Feedback, Issues, Contributing -Please use Github issues for any questions, bugs, feature requests. :) +**Please use Github issues for any questions, bugs, feature requests. :)** +I don't get notified about comments on Docker Hub, so I might respond really late...or not at all. ## Contributors From b368315ab5f399cde5d3967366abc05f971a0a41 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 2 Nov 2015 17:55:29 +0100 Subject: [PATCH 045/227] readme: tweaks --- README.md | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index fbdf165..7fcd2be 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,13 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` - Version (dev): `CouchDB 2.0 developer preview`, `Erlang 18.0` +## Features + +* built on top of the solid and small `debian:jessie` base image +* exposes CouchDB on port `5984` of the container +* runs everything as user `couchdb` (security ftw!) +* docker volumes for data, logs and config + ## Run (stable) Available in the docker index as [klaemo/couchdb](https://index.docker.io/u/klaemo/couchdb/) @@ -33,16 +40,6 @@ curl http://localhost:5984 curl http://localhost:5984 ``` -## Features - -* built on top of the solid and small `debian:wheezy` base image -* exposes CouchDB on port `5984` of the container -* runs everything as user `couchdb` (security ftw!) -* docker volumes for data and logs - -The previous version of this image used to come with a process manager to keep -CouchDB running. As of Docker 1.2 you can use the `--restart` flag to accomplish this. - ## Run (dev) Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/) @@ -81,12 +78,12 @@ docker run -i -t klaemo/couchdb:2.0-dev --admin=foo:bar You can use `klaemo/couchdb` as the base image for your own couchdb instance. You might want to provide your own version of the following files: -* `local.ini` for CouchDB +* `local.ini` for your CouchDB custom couchdb config Example Dockerfile: ``` -FROM klaemo/couchdb +FROM klaemo/couchdb:latest COPY local.ini /usr/local/etc/couchdb/ ``` From ba22dcae8756858f6c9cd340b4bde9a38430ad10 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 2 Nov 2015 17:55:29 +0100 Subject: [PATCH 046/227] readme: tweaks --- README.md | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index fbdf165..a7dc176 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,16 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` - Version (dev): `CouchDB 2.0 developer preview`, `Erlang 18.0` +## Features + +* built on top of the solid and small `debian:jessie` base image +* exposes CouchDB on port `5984` of the container +* runs everything as user `couchdb` (security ftw!) +* docker volumes for data, logs and config + ## Run (stable) -Available in the docker index as [klaemo/couchdb](https://index.docker.io/u/klaemo/couchdb/) +Available as a trusted build on Docker Hub as [klaemo/couchdb](https://hub.docker.com/r/klaemo/couchdb/) ```bash [sudo] docker pull klaemo/couchdb:latest @@ -33,16 +40,6 @@ curl http://localhost:5984 curl http://localhost:5984 ``` -## Features - -* built on top of the solid and small `debian:wheezy` base image -* exposes CouchDB on port `5984` of the container -* runs everything as user `couchdb` (security ftw!) -* docker volumes for data and logs - -The previous version of this image used to come with a process manager to keep -CouchDB running. As of Docker 1.2 you can use the `--restart` flag to accomplish this. - ## Run (dev) Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/) @@ -81,12 +78,12 @@ docker run -i -t klaemo/couchdb:2.0-dev --admin=foo:bar You can use `klaemo/couchdb` as the base image for your own couchdb instance. You might want to provide your own version of the following files: -* `local.ini` for CouchDB +* `local.ini` for your custom CouchDB config Example Dockerfile: ``` -FROM klaemo/couchdb +FROM klaemo/couchdb:latest COPY local.ini /usr/local/etc/couchdb/ ``` From ce8eea06681de670edddde3e1b20e74c4be43afa Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 17 Dec 2015 15:24:04 +0100 Subject: [PATCH 047/227] 1.6: improve Dockerfile according to best practices --- 1.6.1/Dockerfile | 53 +++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 6a4c6aa..1914bdb 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -10,9 +10,9 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:8.2 +FROM debian:jessie -MAINTAINER Clemens Stolle klaemo@fastmail.fm +MAINTAINER Clemens Stolle klaemo@apache.org # Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian @@ -21,24 +21,32 @@ ENV COUCHDB_VERSION 1.6.1 RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb # download dependencies, compile and install couchdb -RUN apt-get update -y \ - && apt-get install -y --no-install-recommends \ - build-essential ca-certificates curl \ - libmozjs185-dev libmozjs185-1.0 libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ - erlang-nox erlang-dev \ - && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ - && gpg --import KEYS && gpg --verify couchdb.tar.gz.asc \ - && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ - && cd /usr/src/couchdb \ - && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install \ - && apt-get purge -y perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ - && apt-get autoremove -y \ - && apt-get update && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS /esl.deb +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ + curl \ + erlang-dev \ + erlang-nox \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-1.0 \ + libmozjs185-dev \ + libnspr4 \ + libnspr4-0d \ + libnspr4-dev \ + && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ + && gpg --import KEYS && gpg --verify couchdb.tar.gz.asc \ + && mkdir -p /usr/src/couchdb \ + && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ + && cd /usr/src/couchdb \ + && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ + && make && make install \ + && apt-get purge -y perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ + && apt-get autoremove -y \ + && apt-get update && apt-get install -y libicu52 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS # grab gosu for easy step-down from root RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ @@ -60,8 +68,7 @@ RUN chown -R couchdb:couchdb \ # Expose to the outside RUN sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini -COPY ./docker-entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh +COPY ./docker-entrypoint.sh / # Define mountable directories. VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb", "/usr/local/etc/couchdb"] @@ -69,5 +76,5 @@ VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb", "/usr/local/ EXPOSE 5984 WORKDIR /var/lib/couchdb -ENTRYPOINT ["/entrypoint.sh"] +ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["couchdb"] From 9d4172a9f39a4d4b461c1f1a71eabce3f2baafb4 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 17 Dec 2015 22:44:28 +0100 Subject: [PATCH 048/227] 2.0: refactor and reduce image size closes klaemo/docker-couchdb#32 --- 2.0-dev/Dockerfile | 96 ++++++++++++++++++++++++++++++---------------- README.md | 2 +- 2 files changed, 65 insertions(+), 33 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 52992dd..14b6afc 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -12,43 +12,74 @@ FROM debian:jessie -MAINTAINER Clemens Stolle klaemo@fastmail.fm +MAINTAINER Clemens Stolle klaemo@apache.org -ENV COUCHDB_VERSION developer-preview-2.0 +ENV COUCHDB_VERSION master RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb # download dependencies -RUN apt-get update -y \ - && apt-get install -y --no-install-recommends build-essential libmozjs185-dev \ - libnspr4 libnspr4-0d libnspr4-dev libcurl4-openssl-dev libicu-dev \ - openssl curl ca-certificates git pkg-config \ - apt-transport-https python wget \ - python-sphinx texlive-base texinfo texlive-latex-extra texlive-fonts-recommended texlive-fonts-extra #needed to build the doc - -RUN wget http://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_18.0-1~debian~jessie_amd64.deb -RUN apt-get install -y --no-install-recommends libwxgtk3.0 default-jdk -RUN apt-get install -y --no-install-recommends procps - -RUN dpkg -i esl-erlang_18.0-1~debian~jessie_amd64.deb - -RUN git clone https://github.com/rebar/rebar /usr/src/rebar \ - && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) - -RUN cd /usr/src \ - && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ - && cd couchdb \ - && git checkout master - -RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y && apt-get install -y nodejs \ - && npm install -g npm && npm install -g grunt-cli - -RUN apt-get -y install haproxy - -RUN cd /usr/src/couchdb && ./configure && make +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + apt-transport-https \ + build-essential \ + ca-certificates \ + curl \ + default-jdk \ + erlang-base-hipe \ + erlang-dev \ + erlang-eunit \ + erlang-nox \ + git \ + haproxy \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + libnspr4 \ + libnspr4-0d \ + libnspr4-dev \ + libwxgtk3.0 \ + openssl \ + pkg-config \ + procps \ + python \ + python-sphinx \ + texinfo \ + texlive-base \ + texlive-fonts-extra \ + texlive-fonts-recommended \ + texlive-latex-extra \ + wget \ + && git clone https://github.com/rebar/rebar /usr/src/rebar \ + && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) \ + && cd /usr/src && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd couchdb && git checkout $COUCHDB_VERSION \ + && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ + && echo 'deb https://deb.nodesource.com/node jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node jessie main' >> /etc/apt/sources.list.d/nodesource.list \ + && apt-get update -y && apt-get install -y nodejs \ + && npm -g install npm@latest && npm install -g grunt-cli \ + && cd /usr/src/couchdb && ./configure && make \ + && apt-get purge -y \ + binutils \ + build-essential \ + cpp \ + default-jdk \ + git \ + libcurl4-openssl-dev \ + libnspr4-dev \ + libwxgtk3.0 \ + make \ + nodejs \ + perl \ + pkg-config \ + texinfo \ + texlive-base \ + texlive-fonts-extra \ + texlive-fonts-recommended \ + texlive-latex-extra \ + wget \ + && apt-get autoremove -y && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb/src/fauxton/node_modules # permissions RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb @@ -62,3 +93,4 @@ EXPOSE 5984 WORKDIR /usr/src/couchdb ENTRYPOINT ["/usr/src/couchdb/dev/run"] +CMD ["--with-haproxy"] diff --git a/README.md b/README.md index a7dc176..6b60254 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` -- Version (dev): `CouchDB 2.0 developer preview`, `Erlang 18.0` +- Version (dev): `CouchDB 2.0 master`, `Erlang 17.3` ## Features From a61b1f3589dd92f09ff0facdb2bd19941d728a7e Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 18 Dec 2015 14:35:18 +0100 Subject: [PATCH 049/227] 2.0: further reduce image size by splitting off docs version --- 2.0-dev-docs/Dockerfile | 96 +++++++++++++++++++++++++++++++++++++++++ 2.0-dev/Dockerfile | 36 +++++----------- README.md | 6 +++ 3 files changed, 112 insertions(+), 26 deletions(-) create mode 100644 2.0-dev-docs/Dockerfile diff --git a/2.0-dev-docs/Dockerfile b/2.0-dev-docs/Dockerfile new file mode 100644 index 0000000..d0a3ffb --- /dev/null +++ b/2.0-dev-docs/Dockerfile @@ -0,0 +1,96 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:jessie + +MAINTAINER Clemens Stolle klaemo@apache.org + +ENV COUCHDB_VERSION master + +RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb + +# download dependencies +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + apt-transport-https \ + build-essential \ + ca-certificates \ + curl \ + default-jdk \ + erlang-base-hipe \ + erlang-dev \ + erlang-eunit \ + erlang-nox \ + git \ + haproxy \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + libnspr4 \ + libnspr4-0d \ + libnspr4-dev \ + libwxgtk3.0 \ + openssl \ + pkg-config \ + procps \ + python \ + python-sphinx \ + texinfo \ + texlive-base \ + texlive-fonts-extra \ + texlive-fonts-recommended \ + texlive-latex-extra \ + wget \ + && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ + && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ + && apt-get update -y && apt-get install -y nodejs \ + && npm install -g grunt-cli \ + && cd /usr/src && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd couchdb && git checkout $COUCHDB_VERSION \ + && cd /usr/src/couchdb && ./configure && make \ + && apt-get purge -y \ + binutils \ + build-essential \ + cpp \ + default-jdk \ + git \ + libcurl4-openssl-dev \ + libicu-dev \ + libnspr4-dev \ + libwxgtk3.0 \ + make \ + nodejs \ + perl \ + pkg-config \ + texinfo \ + texlive-base \ + texlive-fonts-extra \ + texlive-fonts-recommended \ + texlive-latex-extra \ + wget \ + && apt-get autoremove -y \ + && apt-get install -y libicu52 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git + +# permissions +RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb + +USER couchdb + +# Expose to the outside +RUN sed -i'' 's/bind_address = 127.0.0.1/bind_address = 0.0.0.0/' /usr/src/couchdb/rel/overlay/etc/default.ini + +EXPOSE 5984 +WORKDIR /usr/src/couchdb + +ENTRYPOINT ["/usr/src/couchdb/dev/run"] +CMD ["--with-haproxy"] diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 14b6afc..0b4e26a 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -24,7 +24,6 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ ca-certificates \ curl \ - default-jdk \ erlang-base-hipe \ erlang-dev \ erlang-eunit \ @@ -37,49 +36,34 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4 \ libnspr4-0d \ libnspr4-dev \ - libwxgtk3.0 \ openssl \ - pkg-config \ procps \ python \ - python-sphinx \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ wget \ - && git clone https://github.com/rebar/rebar /usr/src/rebar \ - && (cd /usr/src/rebar ; make && mv rebar /usr/local/bin/) \ - && cd /usr/src && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ - && cd couchdb && git checkout $COUCHDB_VERSION \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node jessie main' >> /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ && apt-get update -y && apt-get install -y nodejs \ - && npm -g install npm@latest && npm install -g grunt-cli \ - && cd /usr/src/couchdb && ./configure && make \ + && npm install -g grunt-cli \ + && cd /usr/src && git clone --depth 1 https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd couchdb && git checkout $COUCHDB_VERSION \ + && cd /usr/src/couchdb && ./configure --disable-docs && make \ && apt-get purge -y \ binutils \ build-essential \ cpp \ - default-jdk \ + erlang-dev \ git \ libcurl4-openssl-dev \ + libicu-dev \ libnspr4-dev \ - libwxgtk3.0 \ make \ nodejs \ perl \ - pkg-config \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ wget \ && apt-get autoremove -y && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb/src/fauxton/node_modules + && apt-get install -y libicu52 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git # permissions RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb diff --git a/README.md b/README.md index 6b60254..55f51b3 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,12 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` - Version (dev): `CouchDB 2.0 master`, `Erlang 17.3` +## Available tags + +- `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 +- `2.0-dev`: CouchDB 2.0 master (development version) +- `2.0-dev-docs`: CouchDB 2.0 master (development version) with documentation + ## Features * built on top of the solid and small `debian:jessie` base image From 5c627e9bd71832d3e9462d71d94f681c71864489 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 18 Dec 2015 14:39:56 +0100 Subject: [PATCH 050/227] 1.6: further improve Dockerfile syntax --- 1.6.1/Dockerfile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 1914bdb..8f80a24 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -43,9 +43,17 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ && cd /usr/src/couchdb \ && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ && make && make install \ - && apt-get purge -y perl binutils cpp make build-essential libnspr4-dev libcurl4-openssl-dev libicu-dev \ + && apt-get purge -y \ + binutils \ + build-essential \ + cpp \ + libcurl4-openssl-dev \ + libicu-dev \ + libnspr4-dev \ + make \ + perl \ && apt-get autoremove -y \ - && apt-get update && apt-get install -y libicu52 --no-install-recommends \ + && apt-get install -y libicu52 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS # grab gosu for easy step-down from root From 0e56324a43ad4db0e767ce3a96ab4a3479126789 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 18 Dec 2015 17:16:08 +0100 Subject: [PATCH 051/227] don't use -hipe variant of erlang --- 2.0-dev-docs/Dockerfile | 2 +- 2.0-dev/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/2.0-dev-docs/Dockerfile b/2.0-dev-docs/Dockerfile index d0a3ffb..f0b559b 100644 --- a/2.0-dev-docs/Dockerfile +++ b/2.0-dev-docs/Dockerfile @@ -25,7 +25,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ default-jdk \ - erlang-base-hipe \ + erlang-base \ erlang-dev \ erlang-eunit \ erlang-nox \ diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 0b4e26a..dbbbbd5 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ ca-certificates \ curl \ - erlang-base-hipe \ + erlang-base \ erlang-dev \ erlang-eunit \ erlang-nox \ From 45142d482cb17f21204d395f2b0d8c752f9f339f Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 18 Dec 2015 17:16:27 +0100 Subject: [PATCH 052/227] silence apt-get update --- 2.0-dev-docs/Dockerfile | 4 ++-- 2.0-dev/Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/2.0-dev-docs/Dockerfile b/2.0-dev-docs/Dockerfile index f0b559b..4f7a79b 100644 --- a/2.0-dev-docs/Dockerfile +++ b/2.0-dev-docs/Dockerfile @@ -19,7 +19,7 @@ ENV COUCHDB_VERSION master RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb # download dependencies -RUN apt-get update -y && apt-get install -y --no-install-recommends \ +RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ apt-transport-https \ build-essential \ ca-certificates \ @@ -52,7 +52,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y && apt-get install -y nodejs \ + && apt-get update -y -qq && apt-get install -y nodejs \ && npm install -g grunt-cli \ && cd /usr/src && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ && cd couchdb && git checkout $COUCHDB_VERSION \ diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index dbbbbd5..e4c7d75 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -19,7 +19,7 @@ ENV COUCHDB_VERSION master RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb # download dependencies -RUN apt-get update -y && apt-get install -y --no-install-recommends \ +RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ apt-transport-https \ build-essential \ ca-certificates \ @@ -43,7 +43,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y && apt-get install -y nodejs \ + && apt-get update -y -qq && apt-get install -y nodejs \ && npm install -g grunt-cli \ && cd /usr/src && git clone --depth 1 https://git-wip-us.apache.org/repos/asf/couchdb.git \ && cd couchdb && git checkout $COUCHDB_VERSION \ From 80055eced050e5adeee99b63ebe4218e10a5bff4 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 18 Dec 2015 17:19:57 +0100 Subject: [PATCH 053/227] don't need to bind to 0.0.0.0 anymore --- 2.0-dev-docs/Dockerfile | 4 ---- 2.0-dev/Dockerfile | 4 ---- 2 files changed, 8 deletions(-) diff --git a/2.0-dev-docs/Dockerfile b/2.0-dev-docs/Dockerfile index 4f7a79b..cfc1cdd 100644 --- a/2.0-dev-docs/Dockerfile +++ b/2.0-dev-docs/Dockerfile @@ -85,10 +85,6 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb USER couchdb - -# Expose to the outside -RUN sed -i'' 's/bind_address = 127.0.0.1/bind_address = 0.0.0.0/' /usr/src/couchdb/rel/overlay/etc/default.ini - EXPOSE 5984 WORKDIR /usr/src/couchdb diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index e4c7d75..3281fec 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -69,10 +69,6 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb USER couchdb - -# Expose to the outside -RUN sed -i'' 's/bind_address = 127.0.0.1/bind_address = 0.0.0.0/' /usr/src/couchdb/rel/overlay/etc/default.ini - EXPOSE 5984 WORKDIR /usr/src/couchdb From 1a1cba683f97a23796b260516b70bf62328cb6c3 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 18 Dec 2015 18:06:33 +0100 Subject: [PATCH 054/227] remove superfluous deps --- 2.0-dev-docs/Dockerfile | 9 --------- 2.0-dev/Dockerfile | 10 ---------- 2 files changed, 19 deletions(-) diff --git a/2.0-dev-docs/Dockerfile b/2.0-dev-docs/Dockerfile index cfc1cdd..b873f57 100644 --- a/2.0-dev-docs/Dockerfile +++ b/2.0-dev-docs/Dockerfile @@ -25,22 +25,16 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ default-jdk \ - erlang-base \ erlang-dev \ - erlang-eunit \ erlang-nox \ git \ haproxy \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - libnspr4 \ - libnspr4-0d \ - libnspr4-dev \ libwxgtk3.0 \ openssl \ pkg-config \ - procps \ python \ python-sphinx \ texinfo \ @@ -48,7 +42,6 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ texlive-fonts-extra \ texlive-fonts-recommended \ texlive-latex-extra \ - wget \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ @@ -65,7 +58,6 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ git \ libcurl4-openssl-dev \ libicu-dev \ - libnspr4-dev \ libwxgtk3.0 \ make \ nodejs \ @@ -76,7 +68,6 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ texlive-fonts-extra \ texlive-fonts-recommended \ texlive-latex-extra \ - wget \ && apt-get autoremove -y \ && apt-get install -y libicu52 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 3281fec..c771483 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -24,22 +24,15 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ build-essential \ ca-certificates \ curl \ - erlang-base \ erlang-dev \ - erlang-eunit \ erlang-nox \ git \ haproxy \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - libnspr4 \ - libnspr4-0d \ - libnspr4-dev \ openssl \ - procps \ python \ - wget \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ @@ -54,13 +47,10 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ cpp \ erlang-dev \ git \ - libcurl4-openssl-dev \ libicu-dev \ - libnspr4-dev \ make \ nodejs \ perl \ - wget \ && apt-get autoremove -y && apt-get clean \ && apt-get install -y libicu52 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git From 2b046fbec0012d7cae99283dcaed7fe2283f89f4 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 18 Dec 2015 18:06:45 +0100 Subject: [PATCH 055/227] expose all the ports --- 2.0-dev-docs/Dockerfile | 2 +- 2.0-dev/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/2.0-dev-docs/Dockerfile b/2.0-dev-docs/Dockerfile index b873f57..ab834b4 100644 --- a/2.0-dev-docs/Dockerfile +++ b/2.0-dev-docs/Dockerfile @@ -76,7 +76,7 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb USER couchdb -EXPOSE 5984 +EXPOSE 5984 15984 25984 35984 15986 25986 35986 WORKDIR /usr/src/couchdb ENTRYPOINT ["/usr/src/couchdb/dev/run"] diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index c771483..bb51d5e 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -59,7 +59,7 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb USER couchdb -EXPOSE 5984 +EXPOSE 5984 15984 25984 35984 15986 25986 35986 WORKDIR /usr/src/couchdb ENTRYPOINT ["/usr/src/couchdb/dev/run"] From 34d52bd4994f193841087732a0a4df300ddc9b9b Mon Sep 17 00:00:00 2001 From: klaemo Date: Sat, 19 Dec 2015 17:14:39 +0100 Subject: [PATCH 056/227] 2.0: tweak readme concerning haproxy and flags --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 55f51b3..4690baa 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docke ```bash # expose the cluster to the world -[sudo] docker run -p 5984:5984 klaemo/couchdb:2.0-dev +[sudo] docker run -it -p 5984:5984 klaemo/couchdb:2.0-dev [ * ] Setup environment ... ok [ * ] Ensure CouchDB is built ... ok @@ -70,14 +70,16 @@ Admin username: root Password: 37l7YDQJ Time to hack! ... ``` +**Note:** By default the cluster will be exposed on port `5984`, because it uses haproxy +(passes `--with-haproxy` to `dev/run`) internally. -...or you can pass arguments to the binary +...but you can pass arguments to the binary ```bash -docker run -i -t klaemo/couchdb:2.0-dev --admin=foo:bar +docker run -it klaemo/couchdb:2.0-dev --admin=foo:bar ``` - -**Note:** The cluster will be exposed on port `5984`, because it internally uses haproxy. +**Note:** This will overwrite the default `--with-haproxy` flag. So, you have to specify it +explicitly if you wish to use haproxy. ## Build your own From 9270c889466b83ebd58e2f60476483a7d1a3cb32 Mon Sep 17 00:00:00 2001 From: klaemo Date: Sat, 19 Dec 2015 17:28:21 +0100 Subject: [PATCH 057/227] 2.0: more readme tweaks --- README.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4690baa..373d6c5 100644 --- a/README.md +++ b/README.md @@ -78,8 +78,21 @@ Time to hack! ... ```bash docker run -it klaemo/couchdb:2.0-dev --admin=foo:bar ``` -**Note:** This will overwrite the default `--with-haproxy` flag. So, you have to specify it -explicitly if you wish to use haproxy. +**Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on +port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose +the cluster on `5984`, pass `--with-haproxy` explicitly. + +Examples: +```bash +# display the available options of the couchdb startup script +docker run --rm klaemo/couchdb:2.0-dev --help + +# Enable admin party 🎉 and expose the cluster on port 5984 +docker run -it -p 5984:5984 klaemo/couchdb:2.0-dev --with-admin-party-please --with-haproxy + +# Start two nodes (without proxy) exposed on port 15984 and 25984 +docker run -it -p 15984:15984 -p 25984:25984 klaemo/couchdb:2.0-dev -n 2 +``` ## Build your own From 34a7ca27f2e30f8fc549198922a218f89834de8f Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 25 Jan 2016 14:24:23 +0100 Subject: [PATCH 058/227] 1.6: merge RUN instructions --- 1.6.1/Dockerfile | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 8f80a24..9b2b900 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -56,25 +56,22 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ && apt-get install -y libicu52 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS -# grab gosu for easy step-down from root +# grab gosu for easy step-down from root, set correct permissions, expose couchdb to the outside +# and disable logging to disk RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture)" \ && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture).asc" \ && gpg --verify /usr/local/bin/gosu.asc \ && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu - -# permissions -RUN chown -R couchdb:couchdb \ + && chmod +x /usr/local/bin/gosu \ + && chown -R couchdb:couchdb \ /usr/local/lib/couchdb /usr/local/etc/couchdb \ /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ && chmod -R g+rw \ /usr/local/lib/couchdb /usr/local/etc/couchdb \ /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && mkdir -p /var/lib/couchdb - -# Expose to the outside -RUN sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini + && mkdir -p /var/lib/couchdb \ + && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh / From 1ca92900210c8523c0a5d9ff0e10817846f05a99 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 25 Jan 2016 14:24:47 +0100 Subject: [PATCH 059/227] 1.6: only log to stdout --- 1.6.1/Dockerfile | 5 +++-- README.md | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 9b2b900..91bc6ab 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -71,12 +71,13 @@ RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4 /usr/local/lib/couchdb /usr/local/etc/couchdb \ /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ && mkdir -p /var/lib/couchdb \ - && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini + && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ + && sed -e 's/\/usr\/local\/var\/log\/couchdb\/couch.log$/\/dev\/null/' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh / # Define mountable directories. -VOLUME ["/usr/local/var/log/couchdb", "/usr/local/var/lib/couchdb", "/usr/local/etc/couchdb"] +VOLUME ["/usr/local/var/lib/couchdb"] EXPOSE 5984 WORKDIR /var/lib/couchdb diff --git a/README.md b/README.md index 373d6c5..ac741ec 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch * built on top of the solid and small `debian:jessie` base image * exposes CouchDB on port `5984` of the container * runs everything as user `couchdb` (security ftw!) -* docker volumes for data, logs and config +* docker volume for data ## Run (stable) From bbdd8a932e338cbe25ee6cf2c4569d1dbfa93699 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 25 Jan 2016 14:25:24 +0100 Subject: [PATCH 060/227] 1.6: update gosu to latest version --- 1.6.1/Dockerfile | 4 ++-- 1.6.1/docker-entrypoint.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 91bc6ab..66a00b4 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -59,8 +59,8 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ # grab gosu for easy step-down from root, set correct permissions, expose couchdb to the outside # and disable logging to disk RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture)" \ - && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.2/gosu-$(dpkg%20--print-architecture).asc" \ + && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ + && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ && gpg --verify /usr/local/bin/gosu.asc \ && rm /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh index 01828ff..ba4dac3 100755 --- a/1.6.1/docker-entrypoint.sh +++ b/1.6.1/docker-entrypoint.sh @@ -29,7 +29,7 @@ if [ "$1" = 'couchdb' ]; then chmod 664 /usr/local/etc/couchdb/*.ini chmod 775 /usr/local/etc/couchdb/*.d - HOME=/var/lib/couchdb exec gosu couchdb "$@" + exec gosu couchdb "$@" fi exec "$@" From 38ea04c6127b82b711d9c39b780b3618dfc2aae4 Mon Sep 17 00:00:00 2001 From: klaemo Date: Mon, 25 Jan 2016 20:48:21 +0100 Subject: [PATCH 061/227] update readme --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ac741ec..4ad1764 100644 --- a/README.md +++ b/README.md @@ -35,17 +35,16 @@ Available as a trusted build on Docker Hub as [klaemo/couchdb](https://hub.docke curl http://localhost:5984 ``` -## Run (stable with mounted Volume) +...or with mounted volume for the data ```bash -[sudo] docker pull klaemo/couchdb:latest - # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory [sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb klaemo/couchdb - -curl http://localhost:5984 ``` +If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` +or extend the image and `COPY` your `config.ini` (see [Build you own](#build-your-own)). + ## Run (dev) Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/) From 8a7e8c7e2eae3577708bc95f4b1b11a5f1e56702 Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 26 Jan 2016 15:18:10 +0100 Subject: [PATCH 062/227] add image with couchperuser plugin --- 1.6.1-couchperuser/Dockerfile | 23 ++++++++++++++++ 1.6.1-couchperuser/docker-entrypoint.sh | 35 +++++++++++++++++++++++++ README.md | 9 +++++++ 3 files changed, 67 insertions(+) create mode 100644 1.6.1-couchperuser/Dockerfile create mode 100755 1.6.1-couchperuser/docker-entrypoint.sh diff --git a/1.6.1-couchperuser/Dockerfile b/1.6.1-couchperuser/Dockerfile new file mode 100644 index 0000000..e509f39 --- /dev/null +++ b/1.6.1-couchperuser/Dockerfile @@ -0,0 +1,23 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM klaemo/couchdb:1.6.1 + +MAINTAINER Clemens Stolle klaemo@apache.org + +RUN apt-get update && apt-get install -y rebar build-essential \ + && mkdir -p /usr/local/lib/couchdb/plugins/couchperuser \ + && cd /usr/local/lib/couchdb/plugins/couchperuser \ + && curl -L https://github.com/etrepum/couchperuser/archive/1.1.0.tar.gz | tar -xz --strip-components=1 \ + && make \ + && apt-get purge -y rebar build-essential \ + && apt-get autoremove -y diff --git a/1.6.1-couchperuser/docker-entrypoint.sh b/1.6.1-couchperuser/docker-entrypoint.sh new file mode 100755 index 0000000..ba4dac3 --- /dev/null +++ b/1.6.1-couchperuser/docker-entrypoint.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +if [ "$1" = 'couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod -R 0770 \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod 664 /usr/local/etc/couchdb/*.ini + chmod 775 /usr/local/etc/couchdb/*.d + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/README.md b/README.md index 4ad1764..df5fae1 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,15 @@ curl http://localhost:5984 If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` or extend the image and `COPY` your `config.ini` (see [Build you own](#build-your-own)). +### with couchperuser plugin + +This build includes the `couchperuser` plugin. +`couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). + +``` +[sudo] docker run -d -p 5984:5984 --name couchdb klaemo/couchdb:1.6.1-couchperuser +``` + ## Run (dev) Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/) From 67281c476d64f7031ef686341f568e8dd2f3669e Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 26 Jan 2016 15:23:26 +0100 Subject: [PATCH 063/227] update available tags --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index df5fae1..98cfd9e 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch ## Available tags - `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 +- `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin - `2.0-dev`: CouchDB 2.0 master (development version) - `2.0-dev-docs`: CouchDB 2.0 master (development version) with documentation From a58886d54c50c633f1c1debf7b149db66b051d68 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Tue, 26 Jan 2016 10:56:41 -0800 Subject: [PATCH 064/227] reorganize Dockerfile closes klaemo/docker-couchdb#44 --- 1.6.1/Dockerfile | 81 ++++++++++++++++++++++++++++-------------------- 1 file changed, 47 insertions(+), 34 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 66a00b4..3706c67 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -16,54 +16,67 @@ MAINTAINER Clemens Stolle klaemo@apache.org # Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian -ENV COUCHDB_VERSION 1.6.1 - RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb -# download dependencies, compile and install couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ - build-essential \ ca-certificates \ curl \ - erlang-dev \ erlang-nox \ - libcurl4-openssl-dev \ - libicu-dev \ + libicu52 \ libmozjs185-1.0 \ - libmozjs185-dev \ libnspr4 \ libnspr4-0d \ - libnspr4-dev \ - && curl -sSL http://apache.openmirror.de/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -sSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && curl -sSL https://www.apache.org/dist/couchdb/KEYS -o KEYS \ - && gpg --import KEYS && gpg --verify couchdb.tar.gz.asc \ - && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ - && cd /usr/src/couchdb \ - && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install \ - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - libcurl4-openssl-dev \ - libicu-dev \ - libnspr4-dev \ - make \ - perl \ - && apt-get autoremove -y \ - && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* /KEYS + && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root, set correct permissions, expose couchdb to the outside # and disable logging to disk RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ - && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ + && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ + && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ && gpg --verify /usr/local/bin/gosu.asc \ && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ + && chmod +x /usr/local/bin/gosu + +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B +RUN set -xe \ + && for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done + +ENV COUCHDB_VERSION 1.6.1 + +# download dependencies, compile and install couchdb +RUN buildDeps=' \ + gcc \ + g++ \ + erlang-dev \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + libnspr4-dev \ + make \ + ' \ + && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ + && curl -fSL http://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --verify couchdb.tar.gz.asc \ + && mkdir -p /usr/src/couchdb \ + && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ + && cd /usr/src/couchdb \ + && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ + && make && make install \ + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ && chown -R couchdb:couchdb \ /usr/local/lib/couchdb /usr/local/etc/couchdb \ /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ @@ -72,7 +85,7 @@ RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4 /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ && mkdir -p /var/lib/couchdb \ && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ - && sed -e 's/\/usr\/local\/var\/log\/couchdb\/couch.log$/\/dev\/null/' -i /usr/local/etc/couchdb/default.ini + && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh / From 2f7514b7eef504aba3f02bec1917766935bba34b Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 27 Jan 2016 13:25:46 +0100 Subject: [PATCH 065/227] 1.6.1-couchperuser: we only need make --- 1.6.1-couchperuser/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/1.6.1-couchperuser/Dockerfile b/1.6.1-couchperuser/Dockerfile index e509f39..ed2c5fe 100644 --- a/1.6.1-couchperuser/Dockerfile +++ b/1.6.1-couchperuser/Dockerfile @@ -14,10 +14,9 @@ FROM klaemo/couchdb:1.6.1 MAINTAINER Clemens Stolle klaemo@apache.org -RUN apt-get update && apt-get install -y rebar build-essential \ +RUN apt-get update && apt-get install -y rebar make \ && mkdir -p /usr/local/lib/couchdb/plugins/couchperuser \ && cd /usr/local/lib/couchdb/plugins/couchperuser \ && curl -L https://github.com/etrepum/couchperuser/archive/1.1.0.tar.gz | tar -xz --strip-components=1 \ && make \ - && apt-get purge -y rebar build-essential \ - && apt-get autoremove -y + && apt-get purge -y --auto-remove rebar make From ab6b0b5f71ad1d84cdf378e3248685421195caff Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 27 Jan 2016 14:06:46 +0100 Subject: [PATCH 066/227] 1.6.1: use tini for signal handling closes klaemo/docker-couchdb#45 --- 1.6.1/Dockerfile | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 3706c67..5d4b63d 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -28,14 +28,19 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4-0d \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root, set correct permissions, expose couchdb to the outside -# and disable logging to disk -RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ +# grab gosu for easy step-down from root and tini for signal handling +RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ && gpg --verify /usr/local/bin/gosu.asc \ && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu + && chmod +x /usr/local/bin/gosu \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ + && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ + && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ + && gpg --verify /usr/local/bin/tini.asc \ + && rm /usr/local/bin/tini.asc \ + && chmod +x /usr/local/bin/tini # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ @@ -55,7 +60,8 @@ RUN set -xe \ ENV COUCHDB_VERSION 1.6.1 -# download dependencies, compile and install couchdb +# download dependencies, compile and install couchdb, +# set correct permissions, expose couchdb to the outside and disable logging to disk RUN buildDeps=' \ gcc \ g++ \ @@ -95,5 +101,5 @@ VOLUME ["/usr/local/var/lib/couchdb"] EXPOSE 5984 WORKDIR /var/lib/couchdb -ENTRYPOINT ["/docker-entrypoint.sh"] +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] CMD ["couchdb"] From b06aac8a202023228b7572e654675dfbf79540f5 Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 3 Feb 2016 00:37:01 +0100 Subject: [PATCH 067/227] couchperuser: verify checksum --- 1.6.1-couchperuser/Dockerfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/1.6.1-couchperuser/Dockerfile b/1.6.1-couchperuser/Dockerfile index ed2c5fe..27dfbbd 100644 --- a/1.6.1-couchperuser/Dockerfile +++ b/1.6.1-couchperuser/Dockerfile @@ -14,9 +14,14 @@ FROM klaemo/couchdb:1.6.1 MAINTAINER Clemens Stolle klaemo@apache.org +ENV COUCHPERUSER_SHA 5d28db3272eea9619d4391b33aae6030f0319ecc54aa2a2f2b6c6a8d448f03f2 RUN apt-get update && apt-get install -y rebar make \ && mkdir -p /usr/local/lib/couchdb/plugins/couchperuser \ - && cd /usr/local/lib/couchdb/plugins/couchperuser \ - && curl -L https://github.com/etrepum/couchperuser/archive/1.1.0.tar.gz | tar -xz --strip-components=1 \ + && cd /usr/local/lib/couchdb/plugins \ + && curl -L -o couchperuser.tar.gz https://github.com/etrepum/couchperuser/archive/1.1.0.tar.gz \ + && echo "$COUCHPERUSER_SHA *couchperuser.tar.gz" | sha256sum -c - \ + && tar -xzf couchperuser.tar.gz -C couchperuser --strip-components=1 \ + && rm couchperuser.tar.gz \ + && cd couchperuser \ && make \ && apt-get purge -y --auto-remove rebar make From fe82d8781f99cefb4b5efbaa319b30fd4f80a73f Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 3 Feb 2016 00:43:26 +0100 Subject: [PATCH 068/227] couchperuser: FROM official image --- 1.6.1-couchperuser/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.6.1-couchperuser/Dockerfile b/1.6.1-couchperuser/Dockerfile index 27dfbbd..3055750 100644 --- a/1.6.1-couchperuser/Dockerfile +++ b/1.6.1-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM klaemo/couchdb:1.6.1 +FROM couchdb:1.6.1 MAINTAINER Clemens Stolle klaemo@apache.org From 5f2878ce475a76835d796d0093a10644ea6be8a5 Mon Sep 17 00:00:00 2001 From: klaemo Date: Fri, 6 May 2016 17:22:48 +0200 Subject: [PATCH 069/227] 1.6: explicitly make entrypoint executable should fix #19 --- 1.6.1/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 5d4b63d..7b5f557 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -94,6 +94,7 @@ RUN buildDeps=' \ && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh / +RUN chmod +x /docker-entrypoint.sh # Define mountable directories. VOLUME ["/usr/local/var/lib/couchdb"] From 2a3d644e868b7977e82acca14e5d4e3e7b3092a5 Mon Sep 17 00:00:00 2001 From: Clemens Stolle Date: Fri, 6 May 2016 17:38:10 +0200 Subject: [PATCH 070/227] 1.6: allow configuration of admin user via env vars (#46) --- 1.6.1/docker-entrypoint.sh | 62 ++++++++++++++++++++++++++++---------- 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh index ba4dac3..763d285 100755 --- a/1.6.1/docker-entrypoint.sh +++ b/1.6.1/docker-entrypoint.sh @@ -14,22 +14,52 @@ set -e if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - exec gosu couchdb "$@" + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin + printf "[admins]\n$COUCHDB_USER = $COUCHDB_PASSWORD\n" > /usr/local/etc/couchdb/local.d/docker.ini + fi + + # Start CouchDB + couchdb -b > /dev/null 2>&1 + while ! curl -s 127.0.0.1:5984 > /dev/null; do sleep 1; done + + if [ "$(curl -s 127.0.0.1:5984/_config/admins)" == "{}" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + # Stop CouchDB + couchdb -d > /dev/null 2>&1 + + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod -R 0770 \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod 664 /usr/local/etc/couchdb/*.ini + chmod 775 /usr/local/etc/couchdb/*.d + + exec gosu couchdb "$@" fi exec "$@" From 29ed69965ed616a9d0df9a6ffa081773d86c78bc Mon Sep 17 00:00:00 2001 From: Clemens Stolle Date: Mon, 9 May 2016 19:54:09 +0200 Subject: [PATCH 071/227] improve admin-party detection (#53) --- 1.6.1/docker-entrypoint.sh | 42 ++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 24 deletions(-) diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh index 763d285..180d075 100755 --- a/1.6.1/docker-entrypoint.sh +++ b/1.6.1/docker-entrypoint.sh @@ -14,17 +14,30 @@ set -e if [ "$1" = 'couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod -R 0770 \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod 664 /usr/local/etc/couchdb/*.ini + chmod 775 /usr/local/etc/couchdb/*.d if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin printf "[admins]\n$COUCHDB_USER = $COUCHDB_PASSWORD\n" > /usr/local/etc/couchdb/local.d/docker.ini + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini fi - # Start CouchDB - couchdb -b > /dev/null 2>&1 - while ! curl -s 127.0.0.1:5984 > /dev/null; do sleep 1; done - - if [ "$(curl -s 127.0.0.1:5984/_config/admins)" == "{}" ]; then + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** @@ -40,25 +53,6 @@ if [ "$1" = 'couchdb' ]; then EOWARN fi - # Stop CouchDB - couchdb -d > /dev/null 2>&1 - - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - exec gosu couchdb "$@" fi From 8db81f57c6b64753b51c23143af70363582198ff Mon Sep 17 00:00:00 2001 From: klaemo Date: Tue, 24 May 2016 23:33:05 +0200 Subject: [PATCH 072/227] add Travis CI --- .travis.yml | 12 ++++++++++++ README.md | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..9ce7214 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,12 @@ +sudo: required + +services: + - docker + +before_install: + - docker build -t couchdb:1.6.1 1.6.1 + - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser + +script: + - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 + - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 diff --git a/README.md b/README.md index 98cfd9e..a27e258 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -YADC +YADC [![Build Status](https://travis-ci.org/klaemo/docker-couchdb.svg?branch=master)](https://travis-ci.org/klaemo/docker-couchdb) === Yet Another Dockerized CouchDB. From efff00e2d3deee38a016b99ee03a956d5cbc6c72 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Thu, 28 Apr 2016 22:09:17 -0400 Subject: [PATCH 073/227] Add Dockerfile for CouchDB 2.0 production Unlike the 2.0-dev build, which results in a fully-connected 3 node cluster inside the container, this Dockerfile builds a minimal Erlang release using reltool, installs that release into /opt/couchdb, and runs just the one single Erlang VM. Orchestrating a cluster of these is out of scope. closes #52 closes #56 --- 2.0-prod/Dockerfile | 84 +++++++++++++++++++++++++++++++++++++++++ 2.0-prod/couchdb.config | 21 +++++++++++ 2.0-prod/local.ini | 8 ++++ 2.0-prod/vm.args | 28 ++++++++++++++ 4 files changed, 141 insertions(+) create mode 100644 2.0-prod/Dockerfile create mode 100644 2.0-prod/couchdb.config create mode 100644 2.0-prod/local.ini create mode 100644 2.0-prod/vm.args diff --git a/2.0-prod/Dockerfile b/2.0-prod/Dockerfile new file mode 100644 index 0000000..fb998c7 --- /dev/null +++ b/2.0-prod/Dockerfile @@ -0,0 +1,84 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:jessie + +MAINTAINER Clemens Stolle klaemo@apache.org + +ENV COUCHDB_VERSION master + + +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb + +# Download dependencies +RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ + apt-transport-https \ + build-essential \ + ca-certificates \ + curl \ + erlang-dev \ + erlang-nox \ + erlang-reltool \ + git \ + haproxy \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + openssl \ + python \ + && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ + && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ + && apt-get update -y -qq && apt-get install -y nodejs \ + && npm install -g grunt-cli \ +# Acquire and configure CouchDB source code + && cd /usr/src \ + && git clone --depth 1 https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd couchdb \ + && git checkout $COUCHDB_VERSION \ + && ./configure \ + --disable-docs \ + --databasedir /var/lib/couchdb \ + --viewindexdir /var/lib/couchdb \ +# Build the release and install into /opt + && make build \ + && mv /usr/src/couchdb/rel/couchdb /opt/ \ + && mkdir -p /var/lib/couchdb \ + && chown -R couchdb:couchdb /opt/couchdb /var/lib/couchdb \ +# Cleanup build detritus + && apt-get purge -y \ + binutils \ + build-essential \ + cpp \ + erlang-dev \ + git \ + libicu-dev \ + make \ + nodejs \ + perl \ + && apt-get autoremove -y && apt-get clean \ + && apt-get install -y libicu52 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb + +# Now override some of the configuration +COPY local.ini /opt/couchdb/etc/ +COPY vm.args /opt/couchdb/etc/ +RUN chown couchdb:couchdb /opt/couchdb/etc/* + +VOLUME ["/var/lib/couchdb"] +USER couchdb +EXPOSE 5984 +EXPOSE 4369 +EXPOSE 9100 +WORKDIR /opt/couchdb + +ENTRYPOINT ["/opt/couchdb/bin/couchdb"] diff --git a/2.0-prod/couchdb.config b/2.0-prod/couchdb.config new file mode 100644 index 0000000..7c0fa6b --- /dev/null +++ b/2.0-prod/couchdb.config @@ -0,0 +1,21 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. +% +{package_author_name, "The Apache Software Foundation"}. +{prefix, "."}. +{data_dir, "/var/lib/couchdb"}. +{view_index_dir, "/var/lib/couchdb"}. +{log_file, ""}. +{fauxton_root, "./share/www"}. +{user, "couchdb"}. +{cluster_port, 5984}. +{backend_port, 5986}. diff --git a/2.0-prod/local.ini b/2.0-prod/local.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/2.0-prod/local.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/2.0-prod/vm.args b/2.0-prod/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/2.0-prod/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From a9cb1dd50907b07b7c0f6da80e485ceaf5b8971f Mon Sep 17 00:00:00 2001 From: Chris Foster Date: Fri, 17 Jun 2016 12:11:35 -0700 Subject: [PATCH 074/227] Improve CouchDB 2.0 production image - properly use /opt/couchdb/data for the volume - remove an unneeded couchdb.config file - EXPOSE ports all on one line - rename it to 2.0-single, since it's not actually production closes #56 --- 2.0-prod/couchdb.config | 21 -------------- {2.0-prod => 2.0-single}/Dockerfile | 43 +++++++++++++++-------------- {2.0-prod => 2.0-single}/local.ini | 0 {2.0-prod => 2.0-single}/vm.args | 0 README.md | 34 +++++++++++++++++++++-- 5 files changed, 53 insertions(+), 45 deletions(-) delete mode 100644 2.0-prod/couchdb.config rename {2.0-prod => 2.0-single}/Dockerfile (73%) rename {2.0-prod => 2.0-single}/local.ini (100%) rename {2.0-prod => 2.0-single}/vm.args (100%) diff --git a/2.0-prod/couchdb.config b/2.0-prod/couchdb.config deleted file mode 100644 index 7c0fa6b..0000000 --- a/2.0-prod/couchdb.config +++ /dev/null @@ -1,21 +0,0 @@ -% Licensed under the Apache License, Version 2.0 (the "License"); you may not -% use this file except in compliance with the License. You may obtain a copy of -% the License at -% -% http://www.apache.org/licenses/LICENSE-2.0 -% -% Unless required by applicable law or agreed to in writing, software -% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -% License for the specific language governing permissions and limitations under -% the License. -% -{package_author_name, "The Apache Software Foundation"}. -{prefix, "."}. -{data_dir, "/var/lib/couchdb"}. -{view_index_dir, "/var/lib/couchdb"}. -{log_file, ""}. -{fauxton_root, "./share/www"}. -{user, "couchdb"}. -{cluster_port, 5984}. -{backend_port, 5986}. diff --git a/2.0-prod/Dockerfile b/2.0-single/Dockerfile similarity index 73% rename from 2.0-prod/Dockerfile rename to 2.0-single/Dockerfile index fb998c7..9aabbb1 100644 --- a/2.0-prod/Dockerfile +++ b/2.0-single/Dockerfile @@ -14,13 +14,13 @@ FROM debian:jessie MAINTAINER Clemens Stolle klaemo@apache.org -ENV COUCHDB_VERSION master - - -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb +# Pin to an arbitrary commit for a deterministic build +# Once CouchDB has an actual 2.0 tag, we can use that +ENV COUCHDB_VERSION 1b38ccd # Download dependencies -RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ +RUN apt-get update -y -qq \ + && apt-get install -y --no-install-recommends \ apt-transport-https \ build-essential \ ca-certificates \ @@ -38,23 +38,19 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq && apt-get install -y nodejs \ + && apt-get update -y -qq \ + && apt-get install -y nodejs \ && npm install -g grunt-cli \ -# Acquire and configure CouchDB source code + # Acquire CouchDB source code && cd /usr/src \ && git clone --depth 1 https://git-wip-us.apache.org/repos/asf/couchdb.git \ && cd couchdb \ && git checkout $COUCHDB_VERSION \ - && ./configure \ - --disable-docs \ - --databasedir /var/lib/couchdb \ - --viewindexdir /var/lib/couchdb \ -# Build the release and install into /opt + # Build the release and install into /opt + && ./configure --disable-docs \ && make build \ && mv /usr/src/couchdb/rel/couchdb /opt/ \ - && mkdir -p /var/lib/couchdb \ - && chown -R couchdb:couchdb /opt/couchdb /var/lib/couchdb \ -# Cleanup build detritus + # Cleanup build detritus && apt-get purge -y \ binutils \ build-essential \ @@ -69,16 +65,21 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ && apt-get install -y libicu52 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb -# Now override some of the configuration +# Add configuration COPY local.ini /opt/couchdb/etc/ COPY vm.args /opt/couchdb/etc/ -RUN chown couchdb:couchdb /opt/couchdb/etc/* -VOLUME ["/var/lib/couchdb"] +# Add CouchDB user account +RUN groupadd -r couchdb \ + && useradd -d /opt/couchdb -g couchdb couchdb + +# Setup directory permissions +RUN mkdir -p /opt/couchdb/data \ + && chown -R couchdb:couchdb /opt/couchdb/ + USER couchdb -EXPOSE 5984 -EXPOSE 4369 -EXPOSE 9100 WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] ENTRYPOINT ["/opt/couchdb/bin/couchdb"] diff --git a/2.0-prod/local.ini b/2.0-single/local.ini similarity index 100% rename from 2.0-prod/local.ini rename to 2.0-single/local.ini diff --git a/2.0-prod/vm.args b/2.0-single/vm.args similarity index 100% rename from 2.0-prod/vm.args rename to 2.0-single/vm.args diff --git a/README.md b/README.md index a27e258..e798786 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,9 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `2.0-dev`: CouchDB 2.0 master (development version) -- `2.0-dev-docs`: CouchDB 2.0 master (development version) with documentation +- `2.0-dev`: CouchDB 2.0 master (development version) with preconfigured dev cluster +- `2.0-dev-docs`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation +- `2.0-single`: CouchDB 2.0 master (development version) ## Features @@ -57,7 +58,32 @@ This build includes the `couchperuser` plugin. ## Run (dev) -Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/) +Available on the docker registry as [klaemo/couchdb:2.0-single](https://index.docker.io/u/klaemo/couchdb/). +This is a developer preview of the upcoming CouchDB 2.0 release. A data volume +is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. + +Please note that CouchDB no longer autocreates system tables for you, so you will +have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually. +The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! + +```bash +# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory +[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data klaemo/couchdb:2.0-single +18:54:48.780 [info] Application lager started on node nonode@nohost +18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost +18:54:48.780 [info] Application couch_mrview started on node nonode@nohost +18:54:48.780 [info] Application couch_plugins started on node nonode@nohost +[...] +``` + +Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` + +### In a developer cluster + +Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/). +This build demonstrates the CouchDB clustering features by creating a local +cluster of a default three nodes inside the container, with a proxy in front. +This is great for testing clustering in your local environment. ```bash # expose the cluster to the world @@ -125,6 +151,8 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` +For the `2.0-single` image, configuration is stored at `/opt/couchdb/etc/`. + ## Feedback, Issues, Contributing **Please use Github issues for any questions, bugs, feature requests. :)** From 196e933ea6a7c0ed57f20b0ce8789681dd710c31 Mon Sep 17 00:00:00 2001 From: Chris Foster Date: Wed, 29 Jun 2016 10:58:53 -0700 Subject: [PATCH 075/227] Fix couchdb2-single image (#59) --- 2.0-single/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2.0-single/Dockerfile b/2.0-single/Dockerfile index 9aabbb1..0e56ca3 100644 --- a/2.0-single/Dockerfile +++ b/2.0-single/Dockerfile @@ -16,7 +16,7 @@ MAINTAINER Clemens Stolle klaemo@apache.org # Pin to an arbitrary commit for a deterministic build # Once CouchDB has an actual 2.0 tag, we can use that -ENV COUCHDB_VERSION 1b38ccd +ENV COUCHDB_VERSION 1b38ccd0294ad17d719655612b14b00160168dfd # Download dependencies RUN apt-get update -y -qq \ @@ -43,7 +43,7 @@ RUN apt-get update -y -qq \ && npm install -g grunt-cli \ # Acquire CouchDB source code && cd /usr/src \ - && git clone --depth 1 https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && git clone --single-branch https://git-wip-us.apache.org/repos/asf/couchdb.git \ && cd couchdb \ && git checkout $COUCHDB_VERSION \ # Build the release and install into /opt From 557f3c87c82fc87f360a09200ee567766cfb819e Mon Sep 17 00:00:00 2001 From: Alexander Harding Date: Wed, 20 Jul 2016 09:36:55 -0500 Subject: [PATCH 076/227] 1.6: allow admin user/password special chars (#60) (#61) Using the % symbol is reserved in the printf format string --- 1.6.1/docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh index 180d075..d18a33a 100755 --- a/1.6.1/docker-entrypoint.sh +++ b/1.6.1/docker-entrypoint.sh @@ -32,7 +32,7 @@ if [ "$1" = 'couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin - printf "[admins]\n$COUCHDB_USER = $COUCHDB_PASSWORD\n" > /usr/local/etc/couchdb/local.d/docker.ini + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini fi From a1b01ad5d6297888b2b2b8a1d56990fa7d668252 Mon Sep 17 00:00:00 2001 From: Clemens Stolle Date: Thu, 21 Jul 2016 22:37:14 +0200 Subject: [PATCH 077/227] add initial 2.0-rc2 image (#64) --- .travis.yml | 2 ++ 2.0-rc2/Dockerfile | 86 ++++++++++++++++++++++++++++++++++++++++++++++ 2.0-rc2/local.ini | 8 +++++ 2.0-rc2/vm.args | 28 +++++++++++++++ 4 files changed, 124 insertions(+) create mode 100644 2.0-rc2/Dockerfile create mode 100644 2.0-rc2/local.ini create mode 100644 2.0-rc2/vm.args diff --git a/.travis.yml b/.travis.yml index 9ce7214..5916c7b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,9 @@ services: before_install: - docker build -t couchdb:1.6.1 1.6.1 - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser + - docker build -t couchdb:2.0-rc2 2.0-rc2 script: - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 + - docker run -d -p 5986:5984 couchdb:2.0-rc2 && sleep 5 && curl http://localhost:5986 diff --git a/2.0-rc2/Dockerfile b/2.0-rc2/Dockerfile new file mode 100644 index 0000000..b1adccb --- /dev/null +++ b/2.0-rc2/Dockerfile @@ -0,0 +1,86 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:jessie + +MAINTAINER Clemens Stolle klaemo@apache.org + +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + erlang-nox \ + erlang-reltool \ + libicu52 \ + libmozjs185-1.0 \ + haproxy \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# Pin to an arbitrary commit for a deterministic build +# Once CouchDB has an actual 2.0 tag, we can use that +ENV COUCHDB_VERSION 2.0.0-RC2 + +# Download dev dependencies +RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ + apt-transport-https \ + build-essential \ + erlang-dev \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ + && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ + && apt-get update -y -qq \ + && apt-get install -y nodejs \ + && npm install -g grunt-cli \ + # Acquire CouchDB source code + && cd /usr/src && mkdir couchdb \ + && curl -fSL https://couchdb-ci.s3-eu-west-1.amazonaws.com/release-candidate/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ + && cd couchdb \ + # Build the release and install into /opt + && ./configure --disable-docs \ + && make release \ + && mv /usr/src/couchdb/rel/couchdb /opt/ \ + # Cleanup build detritus + && apt-get purge -y \ + binutils \ + build-essential \ + cpp \ + erlang-dev \ + git \ + libicu-dev \ + make \ + nodejs \ + perl \ + && apt-get autoremove -y && apt-get clean \ + && apt-get install -y libicu52 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb* + +# Add configuration +COPY local.ini /opt/couchdb/etc/ +COPY vm.args /opt/couchdb/etc/ + +# Setup directory permissions +RUN mkdir -p /opt/couchdb/data \ + && chown -R couchdb:couchdb /opt/couchdb/ + +USER couchdb +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["/opt/couchdb/bin/couchdb"] diff --git a/2.0-rc2/local.ini b/2.0-rc2/local.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/2.0-rc2/local.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/2.0-rc2/vm.args b/2.0-rc2/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/2.0-rc2/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 8c9f74856fe148d92a17a522ba7d80e7615cf93e Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 21 Jul 2016 22:39:10 +0200 Subject: [PATCH 078/227] 2.0-dev: pin to RC2 --- 2.0-dev/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index bb51d5e..1d22720 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -14,7 +14,7 @@ FROM debian:jessie MAINTAINER Clemens Stolle klaemo@apache.org -ENV COUCHDB_VERSION master +ENV COUCHDB_VERSION 2.0.0-RC2 RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb From 287d340a6cfec2ce7e83b5b0bca716a45d37ac6e Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 21 Jul 2016 22:43:16 +0200 Subject: [PATCH 079/227] update readme --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e798786..662160b 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,8 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `2.0-dev`: CouchDB 2.0 master (development version) with preconfigured dev cluster +- `2.0-dev`: CouchDB 2.0 RC2 (development version) with preconfigured dev cluster +- `2.0-rc2`: CouchDB 2.0 RC2 (development version) single node - `2.0-dev-docs`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation - `2.0-single`: CouchDB 2.0 master (development version) @@ -81,8 +82,8 @@ Once running, you can visit the new admin interface at `http://dockerhost:5984/_ ### In a developer cluster Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/). -This build demonstrates the CouchDB clustering features by creating a local -cluster of a default three nodes inside the container, with a proxy in front. +This build demonstrates the CouchDB clustering features by creating a local +cluster of a default three nodes inside the container, with a proxy in front. This is great for testing clustering in your local environment. ```bash From 14746157b39f073bd2f319b775fb6bfa4a10d179 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 4 Aug 2016 15:13:39 +0200 Subject: [PATCH 080/227] 2.0.0-RC3 --- {2.0-rc2 => 2.0-rc3}/Dockerfile | 4 +--- {2.0-rc2 => 2.0-rc3}/local.ini | 0 {2.0-rc2 => 2.0-rc3}/vm.args | 0 3 files changed, 1 insertion(+), 3 deletions(-) rename {2.0-rc2 => 2.0-rc3}/Dockerfile (95%) rename {2.0-rc2 => 2.0-rc3}/local.ini (100%) rename {2.0-rc2 => 2.0-rc3}/vm.args (100%) diff --git a/2.0-rc2/Dockerfile b/2.0-rc3/Dockerfile similarity index 95% rename from 2.0-rc2/Dockerfile rename to 2.0-rc3/Dockerfile index b1adccb..972833d 100644 --- a/2.0-rc2/Dockerfile +++ b/2.0-rc3/Dockerfile @@ -28,9 +28,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl \ && rm -rf /var/lib/apt/lists/* -# Pin to an arbitrary commit for a deterministic build -# Once CouchDB has an actual 2.0 tag, we can use that -ENV COUCHDB_VERSION 2.0.0-RC2 +ENV COUCHDB_VERSION 2.0.0-RC3 # Download dev dependencies RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ diff --git a/2.0-rc2/local.ini b/2.0-rc3/local.ini similarity index 100% rename from 2.0-rc2/local.ini rename to 2.0-rc3/local.ini diff --git a/2.0-rc2/vm.args b/2.0-rc3/vm.args similarity index 100% rename from 2.0-rc2/vm.args rename to 2.0-rc3/vm.args From f3997dba6675f256392d9f3fd480da4565629c21 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 4 Aug 2016 15:20:42 +0200 Subject: [PATCH 081/227] fix travis build --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5916c7b..1b53882 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,9 +6,9 @@ services: before_install: - docker build -t couchdb:1.6.1 1.6.1 - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.0-rc2 2.0-rc2 + - docker build -t couchdb:2.0-rc3 2.0-rc3 script: - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.0-rc2 && sleep 5 && curl http://localhost:5986 + - docker run -d -p 5986:5984 couchdb:2.0-rc3 && sleep 5 && curl http://localhost:5986 From 5382c3bffef47e5b54a0b9e7d2b3c9952ca21ded Mon Sep 17 00:00:00 2001 From: Clemens Stolle Date: Wed, 17 Aug 2016 22:05:18 +0200 Subject: [PATCH 082/227] 2.0: bump to RC4 (#69) --- .travis.yml | 4 ++-- 2.0-dev/Dockerfile | 2 +- {2.0-rc3 => 2.0-rc4}/Dockerfile | 27 ++++++++++++++++++++++----- 2.0-rc4/docker-entrypoint.sh | 28 ++++++++++++++++++++++++++++ {2.0-rc3 => 2.0-rc4}/local.ini | 0 {2.0-rc3 => 2.0-rc4}/vm.args | 0 6 files changed, 53 insertions(+), 8 deletions(-) rename {2.0-rc3 => 2.0-rc4}/Dockerfile (66%) create mode 100755 2.0-rc4/docker-entrypoint.sh rename {2.0-rc3 => 2.0-rc4}/local.ini (100%) rename {2.0-rc3 => 2.0-rc4}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 1b53882..a322e09 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,9 +6,9 @@ services: before_install: - docker build -t couchdb:1.6.1 1.6.1 - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.0-rc3 2.0-rc3 + - docker build -t couchdb:2.0-rc4 2.0-rc4 script: - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.0-rc3 && sleep 5 && curl http://localhost:5986 + - docker run -d -p 5986:5984 couchdb:2.0-rc4 && sleep 5 && curl http://localhost:5986 diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 1d22720..3b12bb2 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -14,7 +14,7 @@ FROM debian:jessie MAINTAINER Clemens Stolle klaemo@apache.org -ENV COUCHDB_VERSION 2.0.0-RC2 +ENV COUCHDB_VERSION 2.0.0-RC4 RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb diff --git a/2.0-rc3/Dockerfile b/2.0-rc4/Dockerfile similarity index 66% rename from 2.0-rc3/Dockerfile rename to 2.0-rc4/Dockerfile index 972833d..6065bc8 100644 --- a/2.0-rc3/Dockerfile +++ b/2.0-rc4/Dockerfile @@ -28,7 +28,21 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl \ && rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 2.0.0-RC3 +# grab gosu for easy step-down from root and tini for signal handling +RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ + && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ + && gpg --verify /usr/local/bin/gosu.asc \ + && rm /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ + && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ + && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ + && gpg --verify /usr/local/bin/tini.asc \ + && rm /usr/local/bin/tini.asc \ + && chmod +x /usr/local/bin/tini + +ENV COUCHDB_VERSION 2.0.0-RC4 # Download dev dependencies RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ @@ -72,13 +86,16 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ COPY local.ini /opt/couchdb/etc/ COPY vm.args /opt/couchdb/etc/ -# Setup directory permissions -RUN mkdir -p /opt/couchdb/data \ +COPY ./docker-entrypoint.sh / + +# Setup directories and permissions +RUN chmod +x /docker-entrypoint.sh \ + && mkdir /opt/couchdb/data /opt/couchdb/etc/local.d /opt/couchdb/etc/default.d \ && chown -R couchdb:couchdb /opt/couchdb/ -USER couchdb WORKDIR /opt/couchdb EXPOSE 5984 4369 9100 VOLUME ["/opt/couchdb/data"] -ENTRYPOINT ["/opt/couchdb/bin/couchdb"] +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.0-rc4/docker-entrypoint.sh b/2.0-rc4/docker-entrypoint.sh new file mode 100755 index 0000000..d36ed8c --- /dev/null +++ b/2.0-rc4/docker-entrypoint.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb /opt/couchdb + + chmod -R 0770 /opt/couchdb/data + + chmod 664 /opt/couchdb/etc/*.ini + chmod 775 /opt/couchdb/etc/*.d + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/2.0-rc3/local.ini b/2.0-rc4/local.ini similarity index 100% rename from 2.0-rc3/local.ini rename to 2.0-rc4/local.ini diff --git a/2.0-rc3/vm.args b/2.0-rc4/vm.args similarity index 100% rename from 2.0-rc3/vm.args rename to 2.0-rc4/vm.args From eb026897fb82f079ce3862ebcfb35bec131525db Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 17 Aug 2016 22:20:36 +0200 Subject: [PATCH 083/227] update readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 662160b..825d1ee 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,8 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `2.0-dev`: CouchDB 2.0 RC2 (development version) with preconfigured dev cluster -- `2.0-rc2`: CouchDB 2.0 RC2 (development version) single node +- `2.0-dev`: CouchDB 2.0 RC4 (development version) with preconfigured dev cluster +- `2.0-rc4`: CouchDB 2.0 RC4 (development version) single node - `2.0-dev-docs`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation - `2.0-single`: CouchDB 2.0 master (development version) From d26935b744226108c59508cab794b7b3254189f7 Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 17 Aug 2016 22:27:39 +0200 Subject: [PATCH 084/227] 2.0: attempt to fix 2.0-dev --- 2.0-dev/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 3b12bb2..7653807 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -38,8 +38,8 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ && apt-get update -y -qq && apt-get install -y nodejs \ && npm install -g grunt-cli \ - && cd /usr/src && git clone --depth 1 https://git-wip-us.apache.org/repos/asf/couchdb.git \ - && cd couchdb && git checkout $COUCHDB_VERSION \ + && cd /usr/src && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd couchdb && git checkout tags/$COUCHDB_VERSION \ && cd /usr/src/couchdb && ./configure --disable-docs && make \ && apt-get purge -y \ binutils \ From 12e1f846004677c5d8d30640cba57d1fe6450d19 Mon Sep 17 00:00:00 2001 From: Clemens Stolle Date: Thu, 15 Sep 2016 21:33:17 +0200 Subject: [PATCH 085/227] =?UTF-8?q?add=202.0.0-rc1-vote=20=F0=9F=8E=89=20(?= =?UTF-8?q?#74)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .travis.yml | 4 ++-- {2.0-rc4 => 2.0.0-rc1-vote}/Dockerfile | 4 ++-- {2.0-rc4 => 2.0.0-rc1-vote}/docker-entrypoint.sh | 0 {2.0-rc4 => 2.0.0-rc1-vote}/local.ini | 0 {2.0-rc4 => 2.0.0-rc1-vote}/vm.args | 0 5 files changed, 4 insertions(+), 4 deletions(-) rename {2.0-rc4 => 2.0.0-rc1-vote}/Dockerfile (95%) rename {2.0-rc4 => 2.0.0-rc1-vote}/docker-entrypoint.sh (100%) rename {2.0-rc4 => 2.0.0-rc1-vote}/local.ini (100%) rename {2.0-rc4 => 2.0.0-rc1-vote}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index a322e09..ea3b05b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,9 +6,9 @@ services: before_install: - docker build -t couchdb:1.6.1 1.6.1 - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.0-rc4 2.0-rc4 + - docker build -t couchdb:2.0.0-rc1-vote 2.0.0-rc1-vote script: - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.0-rc4 && sleep 5 && curl http://localhost:5986 + - docker run -d -p 5986:5984 couchdb:2.0.0-rc1-vote && sleep 5 && curl http://localhost:5986 diff --git a/2.0-rc4/Dockerfile b/2.0.0-rc1-vote/Dockerfile similarity index 95% rename from 2.0-rc4/Dockerfile rename to 2.0.0-rc1-vote/Dockerfile index 6065bc8..07d9522 100644 --- a/2.0-rc4/Dockerfile +++ b/2.0.0-rc1-vote/Dockerfile @@ -42,7 +42,7 @@ RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364 && rm /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini -ENV COUCHDB_VERSION 2.0.0-RC4 +ENV COUCHDB_VERSION 2.0.0 # Download dev dependencies RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ @@ -60,7 +60,7 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ && npm install -g grunt-cli \ # Acquire CouchDB source code && cd /usr/src && mkdir couchdb \ - && curl -fSL https://couchdb-ci.s3-eu-west-1.amazonaws.com/release-candidate/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://dist.apache.org/repos/dist/dev/couchdb/source/2.0.0/rc.1/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ && cd couchdb \ # Build the release and install into /opt diff --git a/2.0-rc4/docker-entrypoint.sh b/2.0.0-rc1-vote/docker-entrypoint.sh similarity index 100% rename from 2.0-rc4/docker-entrypoint.sh rename to 2.0.0-rc1-vote/docker-entrypoint.sh diff --git a/2.0-rc4/local.ini b/2.0.0-rc1-vote/local.ini similarity index 100% rename from 2.0-rc4/local.ini rename to 2.0.0-rc1-vote/local.ini diff --git a/2.0-rc4/vm.args b/2.0.0-rc1-vote/vm.args similarity index 100% rename from 2.0-rc4/vm.args rename to 2.0.0-rc1-vote/vm.args From f1637918eae2d6554a21e36a55d217365325f3b0 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 15 Sep 2016 22:18:37 +0200 Subject: [PATCH 086/227] 2.0-dev: update to latest RC --- 2.0-dev/Dockerfile | 59 ++++++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 7653807..5f586e3 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -14,33 +14,54 @@ FROM debian:jessie MAINTAINER Clemens Stolle klaemo@apache.org -ENV COUCHDB_VERSION 2.0.0-RC4 +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb -RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + erlang-nox \ + erlang-reltool \ + libicu52 \ + libmozjs185-1.0 \ + haproxy \ + python \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ + && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ + && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ + && gpg --verify /usr/local/bin/tini.asc \ + && rm /usr/local/bin/tini.asc \ + && chmod +x /usr/local/bin/tini + +ENV COUCHDB_VERSION 2.0.0 -# download dependencies +# Download dev dependencies RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ apt-transport-https \ build-essential \ - ca-certificates \ - curl \ erlang-dev \ - erlang-nox \ - git \ - haproxy \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - openssl \ - python \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq && apt-get install -y nodejs \ + && apt-get update -y -qq \ + && apt-get install -y nodejs \ && npm install -g grunt-cli \ - && cd /usr/src && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ - && cd couchdb && git checkout tags/$COUCHDB_VERSION \ - && cd /usr/src/couchdb && ./configure --disable-docs && make \ + # Acquire CouchDB source code + && cd /usr/src && mkdir couchdb \ + && curl -fSL https://dist.apache.org/repos/dist/dev/couchdb/source/2.0.0/rc.1/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ + && cd couchdb \ + # Build the release and install + && ./configure --disable-docs \ + && make release \ + # Cleanup build detritus && apt-get purge -y \ binutils \ build-essential \ @@ -53,14 +74,12 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ perl \ && apt-get autoremove -y && apt-get clean \ && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git + && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules -# permissions +# Setup directories and permissions RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb -USER couchdb -EXPOSE 5984 15984 25984 35984 15986 25986 35986 WORKDIR /usr/src/couchdb +EXPOSE 5984 4369 9100 15984 25984 35984 15986 25986 35986 -ENTRYPOINT ["/usr/src/couchdb/dev/run"] -CMD ["--with-haproxy"] +CMD ["tini", "--", "/usr/src/couchdb/dev/run", "--with-haproxy"] From 6ec6a7805b271b23bfafba5c2be7ddef921b047a Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 15 Sep 2016 22:18:59 +0200 Subject: [PATCH 087/227] remove 2.0-single --- 2.0-single/Dockerfile | 85 ------------------------------------------- 2.0-single/local.ini | 8 ---- 2.0-single/vm.args | 28 -------------- 3 files changed, 121 deletions(-) delete mode 100644 2.0-single/Dockerfile delete mode 100644 2.0-single/local.ini delete mode 100644 2.0-single/vm.args diff --git a/2.0-single/Dockerfile b/2.0-single/Dockerfile deleted file mode 100644 index 0e56ca3..0000000 --- a/2.0-single/Dockerfile +++ /dev/null @@ -1,85 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER Clemens Stolle klaemo@apache.org - -# Pin to an arbitrary commit for a deterministic build -# Once CouchDB has an actual 2.0 tag, we can use that -ENV COUCHDB_VERSION 1b38ccd0294ad17d719655612b14b00160168dfd - -# Download dependencies -RUN apt-get update -y -qq \ - && apt-get install -y --no-install-recommends \ - apt-transport-https \ - build-essential \ - ca-certificates \ - curl \ - erlang-dev \ - erlang-nox \ - erlang-reltool \ - git \ - haproxy \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - openssl \ - python \ - && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq \ - && apt-get install -y nodejs \ - && npm install -g grunt-cli \ - # Acquire CouchDB source code - && cd /usr/src \ - && git clone --single-branch https://git-wip-us.apache.org/repos/asf/couchdb.git \ - && cd couchdb \ - && git checkout $COUCHDB_VERSION \ - # Build the release and install into /opt - && ./configure --disable-docs \ - && make build \ - && mv /usr/src/couchdb/rel/couchdb /opt/ \ - # Cleanup build detritus - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - erlang-dev \ - git \ - libicu-dev \ - make \ - nodejs \ - perl \ - && apt-get autoremove -y && apt-get clean \ - && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb - -# Add configuration -COPY local.ini /opt/couchdb/etc/ -COPY vm.args /opt/couchdb/etc/ - -# Add CouchDB user account -RUN groupadd -r couchdb \ - && useradd -d /opt/couchdb -g couchdb couchdb - -# Setup directory permissions -RUN mkdir -p /opt/couchdb/data \ - && chown -R couchdb:couchdb /opt/couchdb/ - -USER couchdb -WORKDIR /opt/couchdb -EXPOSE 5984 4369 9100 -VOLUME ["/opt/couchdb/data"] - -ENTRYPOINT ["/opt/couchdb/bin/couchdb"] diff --git a/2.0-single/local.ini b/2.0-single/local.ini deleted file mode 100644 index 1aa633c..0000000 --- a/2.0-single/local.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/2.0-single/vm.args b/2.0-single/vm.args deleted file mode 100644 index 0425756..0000000 --- a/2.0-single/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput From f9340c37c6ce55b9e948fa66308654723690964a Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 15 Sep 2016 22:19:35 +0200 Subject: [PATCH 088/227] 2.0.0-rc1-vote: remove unused haproxy --- 2.0.0-rc1-vote/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/2.0.0-rc1-vote/Dockerfile b/2.0.0-rc1-vote/Dockerfile index 07d9522..dc180d5 100644 --- a/2.0.0-rc1-vote/Dockerfile +++ b/2.0.0-rc1-vote/Dockerfile @@ -24,7 +24,6 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ erlang-reltool \ libicu52 \ libmozjs185-1.0 \ - haproxy \ openssl \ && rm -rf /var/lib/apt/lists/* From d76577d1dbf15fd53229e13e41c5e657785e1c21 Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 15 Sep 2016 22:19:48 +0200 Subject: [PATCH 089/227] update readme --- README.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 825d1ee..9658b80 100644 --- a/README.md +++ b/README.md @@ -13,10 +13,9 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `2.0-dev`: CouchDB 2.0 RC4 (development version) with preconfigured dev cluster -- `2.0-rc4`: CouchDB 2.0 RC4 (development version) single node +- `2.0-dev`: CouchDB 2.0 RC.1 (release vote) with preconfigured dev cluster +- `latest`, 2.0.0-rc1-vote`: CouchDB 2.0 RC.1 (release vote) single node - `2.0-dev-docs`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation -- `2.0-single`: CouchDB 2.0 master (development version) ## Features @@ -27,13 +26,13 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch ## Run (stable) -Available as a trusted build on Docker Hub as [klaemo/couchdb](https://hub.docker.com/r/klaemo/couchdb/) +Available as an official image on Docker Hub as [couchdb](https://hub.docker.com/_/couchdb/) ```bash [sudo] docker pull klaemo/couchdb:latest # expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb klaemo/couchdb +[sudo] docker run -d -p 5984:5984 --name couchdb couchdb curl http://localhost:5984 ``` @@ -42,7 +41,7 @@ curl http://localhost:5984 ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb klaemo/couchdb +[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb couchdb ``` If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` @@ -54,12 +53,12 @@ This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). ``` -[sudo] docker run -d -p 5984:5984 --name couchdb klaemo/couchdb:1.6.1-couchperuser +[sudo] docker run -d -p 5984:5984 --name couchdb couchdb:1.6.1-couchperuser ``` ## Run (dev) -Available on the docker registry as [klaemo/couchdb:2.0-single](https://index.docker.io/u/klaemo/couchdb/). +Available on the docker registry as [klaemo/couchdb:latest](https://index.docker.io/u/klaemo/couchdb/). This is a developer preview of the upcoming CouchDB 2.0 release. A data volume is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. From 10ed47c299b72f5df78a3c8aabf89154c4c32aaa Mon Sep 17 00:00:00 2001 From: klaemo Date: Thu, 15 Sep 2016 22:21:35 +0200 Subject: [PATCH 090/227] fix up readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9658b80..09a8302 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,14 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` -- Version (dev): `CouchDB 2.0 master`, `Erlang 17.3` +- Version (dev): `CouchDB 2.0.0-rc1-vote`, `Erlang 17.3` ## Available tags - `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin - `2.0-dev`: CouchDB 2.0 RC.1 (release vote) with preconfigured dev cluster -- `latest`, 2.0.0-rc1-vote`: CouchDB 2.0 RC.1 (release vote) single node +- `latest`, `2.0.0-rc1-vote`: CouchDB 2.0 RC.1 (release vote) single node - `2.0-dev-docs`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation ## Features From 36b0c6d7012bdfd6f9107307e47ab95841b1c0be Mon Sep 17 00:00:00 2001 From: Daniel Holth Date: Tue, 20 Sep 2016 11:36:04 -0400 Subject: [PATCH 091/227] add 2.0.0 based on 2.0.0-rc1-vote (#75) --- 2.0.0/Dockerfile | 100 +++++++++++++++++++++++++++++++++++++ 2.0.0/docker-entrypoint.sh | 28 +++++++++++ 2.0.0/local.ini | 8 +++ 2.0.0/vm.args | 28 +++++++++++ 4 files changed, 164 insertions(+) create mode 100644 2.0.0/Dockerfile create mode 100755 2.0.0/docker-entrypoint.sh create mode 100644 2.0.0/local.ini create mode 100644 2.0.0/vm.args diff --git a/2.0.0/Dockerfile b/2.0.0/Dockerfile new file mode 100644 index 0000000..324ca5b --- /dev/null +++ b/2.0.0/Dockerfile @@ -0,0 +1,100 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:jessie + +MAINTAINER Clemens Stolle klaemo@apache.org + +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + erlang-nox \ + erlang-reltool \ + libicu52 \ + libmozjs185-1.0 \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ + && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ + && gpg --verify /usr/local/bin/gosu.asc \ + && rm /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ + && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ + && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ + && gpg --verify /usr/local/bin/tini.asc \ + && rm /usr/local/bin/tini.asc \ + && chmod +x /usr/local/bin/tini + +ENV COUCHDB_VERSION 2.0.0 + +# Download dev dependencies +RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ + apt-transport-https \ + build-essential \ + erlang-dev \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ + && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ + && apt-get update -y -qq \ + && apt-get install -y nodejs \ + && npm install -g grunt-cli \ + # Acquire CouchDB source code + && cd /usr/src && mkdir couchdb \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/2.0.0/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ + && cd couchdb \ + # Build the release and install into /opt + && ./configure --disable-docs \ + && make release \ + && mv /usr/src/couchdb/rel/couchdb /opt/ \ + # Cleanup build detritus + && apt-get purge -y \ + binutils \ + build-essential \ + cpp \ + erlang-dev \ + git \ + libicu-dev \ + make \ + nodejs \ + perl \ + && apt-get autoremove -y && apt-get clean \ + && apt-get install -y libicu52 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb* + +# Add configuration +COPY local.ini /opt/couchdb/etc/ +COPY vm.args /opt/couchdb/etc/ + +COPY ./docker-entrypoint.sh / + +# Setup directories and permissions +RUN chmod +x /docker-entrypoint.sh \ + && mkdir /opt/couchdb/data /opt/couchdb/etc/local.d /opt/couchdb/etc/default.d \ + && chown -R couchdb:couchdb /opt/couchdb/ + +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.0.0/docker-entrypoint.sh b/2.0.0/docker-entrypoint.sh new file mode 100755 index 0000000..d36ed8c --- /dev/null +++ b/2.0.0/docker-entrypoint.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb /opt/couchdb + + chmod -R 0770 /opt/couchdb/data + + chmod 664 /opt/couchdb/etc/*.ini + chmod 775 /opt/couchdb/etc/*.d + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/2.0.0/local.ini b/2.0.0/local.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/2.0.0/local.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/2.0.0/vm.args b/2.0.0/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/2.0.0/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 6ceb87f19e67b61191c036527272d83f096b5632 Mon Sep 17 00:00:00 2001 From: Clemens Stolle Date: Tue, 20 Sep 2016 17:38:38 +0200 Subject: [PATCH 092/227] update readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 09a8302..a24708a 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,14 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` -- Version (dev): `CouchDB 2.0.0-rc1-vote`, `Erlang 17.3` +- Version (stable): `CouchDB 2.0.0`, `Erlang 17.3` ## Available tags - `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin - `2.0-dev`: CouchDB 2.0 RC.1 (release vote) with preconfigured dev cluster -- `latest`, `2.0.0-rc1-vote`: CouchDB 2.0 RC.1 (release vote) single node +- `latest`, `2.0.0`: CouchDB 2.0 single node - `2.0-dev-docs`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation ## Features From 291a0235c0dc4815171c78ecabe72799470fffe8 Mon Sep 17 00:00:00 2001 From: Robert Kowalski Date: Sat, 8 Oct 2016 17:23:42 +0200 Subject: [PATCH 093/227] readd haproxy (#79) this readds haproxy as a dependency. this way you can pass `--with-haproxy` as a flag again and expose couchdb on 5984 closes #78 --- 2.0-dev/Dockerfile | 1 + 2.0.0-rc1-vote/Dockerfile | 1 + 2.0.0/Dockerfile | 1 + 3 files changed, 3 insertions(+) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 5f586e3..2c3b957 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -20,6 +20,7 @@ RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ + haproxy \ erlang-nox \ erlang-reltool \ libicu52 \ diff --git a/2.0.0-rc1-vote/Dockerfile b/2.0.0-rc1-vote/Dockerfile index dc180d5..94136fc 100644 --- a/2.0.0-rc1-vote/Dockerfile +++ b/2.0.0-rc1-vote/Dockerfile @@ -20,6 +20,7 @@ RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ + haproxy \ erlang-nox \ erlang-reltool \ libicu52 \ diff --git a/2.0.0/Dockerfile b/2.0.0/Dockerfile index 324ca5b..3f76b8b 100644 --- a/2.0.0/Dockerfile +++ b/2.0.0/Dockerfile @@ -20,6 +20,7 @@ RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ + haproxy \ erlang-nox \ erlang-reltool \ libicu52 \ From 1666c2ecfbdd3ebac9bbb3857a63495c3ca4cc36 Mon Sep 17 00:00:00 2001 From: briansneddon Date: Sat, 8 Oct 2016 10:25:18 -0500 Subject: [PATCH 094/227] Added environment-based admin user/pass (#81) Added COUCHDB_USER and COUCHDB_PASS from the 1.6.1 version and adjusted the file locations to reflect the new 2.0.0 locations --- 2.0.0/docker-entrypoint.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/2.0.0/docker-entrypoint.sh b/2.0.0/docker-entrypoint.sh index d36ed8c..62b14fa 100755 --- a/2.0.0/docker-entrypoint.sh +++ b/2.0.0/docker-entrypoint.sh @@ -22,6 +22,30 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chmod 664 /opt/couchdb/etc/*.ini chmod 775 /opt/couchdb/etc/*.d + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini + chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/docker.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + exec gosu couchdb "$@" fi From eef004e22f3626673fc877f8ff8ad9409dc7ceee Mon Sep 17 00:00:00 2001 From: jrop Date: Tue, 25 Oct 2016 02:49:18 -0600 Subject: [PATCH 095/227] Remove "latest" tag from 1.6.1. (#89) Fixes #80 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a24708a..dd2e7f9 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch ## Available tags -- `1`, `1.6`, `1.6.1`, `latest`: CouchDB 1.6.1 +- `1`, `1.6`, `1.6.1`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin - `2.0-dev`: CouchDB 2.0 RC.1 (release vote) with preconfigured dev cluster - `latest`, `2.0.0`: CouchDB 2.0 single node From 09f767d5cd25735b677441a426e1828f67d2a4c9 Mon Sep 17 00:00:00 2001 From: jrop Date: Tue, 25 Oct 2016 02:50:01 -0600 Subject: [PATCH 096/227] Clarify which sections in README are for 1.6 and 2.0 (latest) (#90) Fixes #88 --- README.md | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index dd2e7f9..08c5f5c 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,29 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch * runs everything as user `couchdb` (security ftw!) * docker volume for data -## Run (stable) +## Run (2.0.0/latest) + +Available on the docker registry as [klaemo/couchdb:latest](https://index.docker.io/u/klaemo/couchdb/). +This is a developer preview of the upcoming CouchDB 2.0 release. A data volume +is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. + +Please note that CouchDB no longer autocreates system tables for you, so you will +have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually. +The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! + +```bash +# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory +[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data klaemo/couchdb:2.0-single +18:54:48.780 [info] Application lager started on node nonode@nohost +18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost +18:54:48.780 [info] Application couch_mrview started on node nonode@nohost +18:54:48.780 [info] Application couch_plugins started on node nonode@nohost +[...] +``` + +Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` + +## Run (1.6.1) Available as an official image on Docker Hub as [couchdb](https://hub.docker.com/_/couchdb/) @@ -56,28 +78,6 @@ This build includes the `couchperuser` plugin. [sudo] docker run -d -p 5984:5984 --name couchdb couchdb:1.6.1-couchperuser ``` -## Run (dev) - -Available on the docker registry as [klaemo/couchdb:latest](https://index.docker.io/u/klaemo/couchdb/). -This is a developer preview of the upcoming CouchDB 2.0 release. A data volume -is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. - -Please note that CouchDB no longer autocreates system tables for you, so you will -have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually. -The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! - -```bash -# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data klaemo/couchdb:2.0-single -18:54:48.780 [info] Application lager started on node nonode@nohost -18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost -18:54:48.780 [info] Application couch_mrview started on node nonode@nohost -18:54:48.780 [info] Application couch_plugins started on node nonode@nohost -[...] -``` - -Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` - ### In a developer cluster Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/). From 62030f9593cef16f2dfe0a83263ff9d3a07d635a Mon Sep 17 00:00:00 2001 From: Clemens Stolle Date: Thu, 3 Nov 2016 17:11:25 +0100 Subject: [PATCH 097/227] fix reference to -single image --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 08c5f5c..1c7af6f 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ The node will also start in [admin party mode](http://guide.couchdb.org/draft/se ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data klaemo/couchdb:2.0-single +[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data klaemo/couchdb 18:54:48.780 [info] Application lager started on node nonode@nohost 18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost 18:54:48.780 [info] Application couch_mrview started on node nonode@nohost From 42732662fc9c9d84d9c833e56391780902ea3ae3 Mon Sep 17 00:00:00 2001 From: Tom Vincent Date: Thu, 3 Nov 2016 16:49:14 +0000 Subject: [PATCH 098/227] Relax CouchDB v2 entry point ini (#91) `admins` could be set in any ini file, so allow it. --- 2.0.0/docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2.0.0/docker-entrypoint.sh b/2.0.0/docker-entrypoint.sh index 62b14fa..9441a03 100755 --- a/2.0.0/docker-entrypoint.sh +++ b/2.0.0/docker-entrypoint.sh @@ -29,7 +29,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/docker.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** From e65ab0998a4303edd2d2a5b241d37cad32f49add Mon Sep 17 00:00:00 2001 From: klaemo Date: Sun, 13 Nov 2016 10:20:43 +0100 Subject: [PATCH 099/227] remove old images --- 2.0.0-rc1-vote/Dockerfile | 101 ---------------------------- 2.0.0-rc1-vote/docker-entrypoint.sh | 28 -------- 2.0.0-rc1-vote/local.ini | 8 --- 2.0.0-rc1-vote/vm.args | 28 -------- README.md | 2 +- 5 files changed, 1 insertion(+), 166 deletions(-) delete mode 100644 2.0.0-rc1-vote/Dockerfile delete mode 100755 2.0.0-rc1-vote/docker-entrypoint.sh delete mode 100644 2.0.0-rc1-vote/local.ini delete mode 100644 2.0.0-rc1-vote/vm.args diff --git a/2.0.0-rc1-vote/Dockerfile b/2.0.0-rc1-vote/Dockerfile deleted file mode 100644 index 94136fc..0000000 --- a/2.0.0-rc1-vote/Dockerfile +++ /dev/null @@ -1,101 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER Clemens Stolle klaemo@apache.org - -# Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - haproxy \ - erlang-nox \ - erlang-reltool \ - libicu52 \ - libmozjs185-1.0 \ - openssl \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ - && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ - && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ - && gpg --verify /usr/local/bin/tini.asc \ - && rm /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini - -ENV COUCHDB_VERSION 2.0.0 - -# Download dev dependencies -RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ - apt-transport-https \ - build-essential \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq \ - && apt-get install -y nodejs \ - && npm install -g grunt-cli \ - # Acquire CouchDB source code - && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/dev/couchdb/source/2.0.0/rc.1/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ - && cd couchdb \ - # Build the release and install into /opt - && ./configure --disable-docs \ - && make release \ - && mv /usr/src/couchdb/rel/couchdb /opt/ \ - # Cleanup build detritus - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - erlang-dev \ - git \ - libicu-dev \ - make \ - nodejs \ - perl \ - && apt-get autoremove -y && apt-get clean \ - && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb* - -# Add configuration -COPY local.ini /opt/couchdb/etc/ -COPY vm.args /opt/couchdb/etc/ - -COPY ./docker-entrypoint.sh / - -# Setup directories and permissions -RUN chmod +x /docker-entrypoint.sh \ - && mkdir /opt/couchdb/data /opt/couchdb/etc/local.d /opt/couchdb/etc/default.d \ - && chown -R couchdb:couchdb /opt/couchdb/ - -WORKDIR /opt/couchdb -EXPOSE 5984 4369 9100 -VOLUME ["/opt/couchdb/data"] - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.0.0-rc1-vote/docker-entrypoint.sh b/2.0.0-rc1-vote/docker-entrypoint.sh deleted file mode 100755 index d36ed8c..0000000 --- a/2.0.0-rc1-vote/docker-entrypoint.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb - - chmod -R 0770 /opt/couchdb/data - - chmod 664 /opt/couchdb/etc/*.ini - chmod 775 /opt/couchdb/etc/*.d - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/2.0.0-rc1-vote/local.ini b/2.0.0-rc1-vote/local.ini deleted file mode 100644 index 1aa633c..0000000 --- a/2.0.0-rc1-vote/local.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/2.0.0-rc1-vote/vm.args b/2.0.0-rc1-vote/vm.args deleted file mode 100644 index 0425756..0000000 --- a/2.0.0-rc1-vote/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/README.md b/README.md index 1c7af6f..d0fc0d6 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ Once running, you can visit the new admin interface at `http://dockerhost:5984/_ Available as an official image on Docker Hub as [couchdb](https://hub.docker.com/_/couchdb/) ```bash -[sudo] docker pull klaemo/couchdb:latest +[sudo] docker pull couchdb:latest # expose it to the world on port 5984 [sudo] docker run -d -p 5984:5984 --name couchdb couchdb From f253c6513d9c056a6c4cc3faf85092d505f1edb6 Mon Sep 17 00:00:00 2001 From: klaemo Date: Sun, 13 Nov 2016 12:04:26 +0100 Subject: [PATCH 100/227] fix 2.0-dev --- 2.0-dev/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile index 2c3b957..60f0c68 100644 --- a/2.0-dev/Dockerfile +++ b/2.0-dev/Dockerfile @@ -83,4 +83,5 @@ RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couch WORKDIR /usr/src/couchdb EXPOSE 5984 4369 9100 15984 25984 35984 15986 25986 35986 -CMD ["tini", "--", "/usr/src/couchdb/dev/run", "--with-haproxy"] +ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] +CMD ["--with-haproxy"] From 2635562ce1323fafb38d860680afd25efe1bc2eb Mon Sep 17 00:00:00 2001 From: Romain Brucker Date: Tue, 4 Oct 2016 15:08:31 -0500 Subject: [PATCH 101/227] Adding the option to set a nodename using an environment variable. closes #82 --- 2.0.0/docker-entrypoint.sh | 4 ++++ README.md | 1 + 2 files changed, 5 insertions(+) diff --git a/2.0.0/docker-entrypoint.sh b/2.0.0/docker-entrypoint.sh index 9441a03..33da092 100755 --- a/2.0.0/docker-entrypoint.sh +++ b/2.0.0/docker-entrypoint.sh @@ -22,6 +22,10 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chmod 664 /opt/couchdb/etc/*.ini chmod 775 /opt/couchdb/etc/*.d + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini diff --git a/README.md b/README.md index d0fc0d6..adbd17a 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ The node will also start in [admin party mode](http://guide.couchdb.org/draft/se [...] ``` +Note that you can also use the NODENAME environment variable to set the name of the CouchDB node inside the container. Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` ## Run (1.6.1) From b1bd23d8ffd6f10bd84ab6f145a10ad2d8d00a9c Mon Sep 17 00:00:00 2001 From: klaemo Date: Sun, 13 Nov 2016 12:13:10 +0100 Subject: [PATCH 102/227] point travis to correct images --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index ea3b05b..ad06a7c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,9 +6,9 @@ services: before_install: - docker build -t couchdb:1.6.1 1.6.1 - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.0.0-rc1-vote 2.0.0-rc1-vote + - docker build -t couchdb:2.0.0 2.0.0 script: - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.0.0-rc1-vote && sleep 5 && curl http://localhost:5986 + - docker run -d -p 5986:5984 couchdb:2.0.0 && sleep 5 && curl http://localhost:5986 From 0efab517f0276df584ccbfcdab62f4b8c1651032 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hoelt Date: Sun, 13 Nov 2016 13:28:06 +0200 Subject: [PATCH 103/227] Add COUCHDB_HTTP_PORT/BIND_ADDRESS to 1.6.1 (#92) --- 1.6.1/docker-entrypoint.sh | 3 +++ README.md | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh index d18a33a..c1c9f56 100755 --- a/1.6.1/docker-entrypoint.sh +++ b/1.6.1/docker-entrypoint.sh @@ -36,6 +36,9 @@ if [ "$1" = 'couchdb' ]; then chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini fi + printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini + # if we don't find an [admins] section followed by a non-comment, display a warning if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then # The - option suppresses leading tabs but *not* spaces. :) diff --git a/README.md b/README.md index adbd17a..b1ee837 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,11 @@ curl http://localhost:5984 If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` or extend the image and `COPY` your `config.ini` (see [Build you own](#build-your-own)). +If you need (or want) to run couchdb in `net=host` mode, you can customize the port and bind address using environment variables: + + - `COUCHDB_HTTP_BIND_ADDRESS` (default: `0.0.0.0`) + - `COUCHDB_HTTP_PORT` (default: `5984`) + ### with couchperuser plugin This build includes the `couchperuser` plugin. From cb252b2a9cade1a850f640b92321304d207b5891 Mon Sep 17 00:00:00 2001 From: Victor Heng Date: Fri, 27 Jan 2017 13:28:56 -0800 Subject: [PATCH 104/227] Dockerfile puts local.ini in /opt/couchdb/etc/, not local.d. (#99) --- 2.0.0/Dockerfile | 4 ++-- 2.0.0/docker-entrypoint.sh | 1 + README.md | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/2.0.0/Dockerfile b/2.0.0/Dockerfile index 3f76b8b..c74f90f 100644 --- a/2.0.0/Dockerfile +++ b/2.0.0/Dockerfile @@ -83,14 +83,14 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb* # Add configuration -COPY local.ini /opt/couchdb/etc/ +COPY local.ini /opt/couchdb/etc/local.d/ COPY vm.args /opt/couchdb/etc/ COPY ./docker-entrypoint.sh / # Setup directories and permissions RUN chmod +x /docker-entrypoint.sh \ - && mkdir /opt/couchdb/data /opt/couchdb/etc/local.d /opt/couchdb/etc/default.d \ + && mkdir /opt/couchdb/data /opt/couchdb/etc/default.d \ && chown -R couchdb:couchdb /opt/couchdb/ WORKDIR /opt/couchdb diff --git a/2.0.0/docker-entrypoint.sh b/2.0.0/docker-entrypoint.sh index 33da092..2ff1715 100755 --- a/2.0.0/docker-entrypoint.sh +++ b/2.0.0/docker-entrypoint.sh @@ -20,6 +20,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chmod -R 0770 /opt/couchdb/data chmod 664 /opt/couchdb/etc/*.ini + chmod 664 /opt/couchdb/etc/local.d/*.ini chmod 775 /opt/couchdb/etc/*.d if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then diff --git a/README.md b/README.md index b1ee837..e2d0e13 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,7 @@ Example Dockerfile: ``` FROM klaemo/couchdb:latest -COPY local.ini /usr/local/etc/couchdb/ +COPY local.ini /usr/local/etc/couchdb/local.d/ ``` and then build and run From 7c5c23ae186f19ad5070a22c662c488c7790cf13 Mon Sep 17 00:00:00 2001 From: Duncan Kolba Date: Fri, 3 Feb 2017 17:12:41 +0100 Subject: [PATCH 105/227] Update README.md with info about the creation of system tables in 2.0 (#103) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e2d0e13..1def3c3 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ This is a developer preview of the upcoming CouchDB 2.0 release. A data volume is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. Please note that CouchDB no longer autocreates system tables for you, so you will -have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually. +have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually (the admin interface has a "Setup" menu that does this for you). The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! ```bash From a8f7cd53a249fc667ce0750de0c4f0cfe54e17cb Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 8 Feb 2017 18:51:01 +0100 Subject: [PATCH 106/227] 1.6.1: update tini --- 1.6.1/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 7b5f557..1870795 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -36,8 +36,8 @@ RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364 && rm /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ - && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ + && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini" \ + && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini.asc" \ && gpg --verify /usr/local/bin/tini.asc \ && rm /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini From c648704c95274990892b30356db755ecd1539a36 Mon Sep 17 00:00:00 2001 From: klaemo Date: Wed, 8 Feb 2017 18:51:30 +0100 Subject: [PATCH 107/227] 2.0.0: update tini and add gpg verification --- 2.0.0/Dockerfile | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/2.0.0/Dockerfile b/2.0.0/Dockerfile index c74f90f..73d5083 100644 --- a/2.0.0/Dockerfile +++ b/2.0.0/Dockerfile @@ -20,9 +20,9 @@ RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ - haproxy \ erlang-nox \ erlang-reltool \ + haproxy \ libicu52 \ libmozjs185-1.0 \ openssl \ @@ -36,22 +36,42 @@ RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364 && rm /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ - && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ + && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini" \ + && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini.asc" \ && gpg --verify /usr/local/bin/tini.asc \ && rm /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B +RUN set -xe \ + && for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done + ENV COUCHDB_VERSION 2.0.0 # Download dev dependencies -RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ +RUN buildDeps=' \ apt-transport-https \ - build-essential \ + gcc \ + g++ \ erlang-dev \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ + make \ + ' \ + && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ @@ -60,7 +80,9 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ && npm install -g grunt-cli \ # Acquire CouchDB source code && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/2.0.0/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --verify couchdb.tar.gz.asc \ && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ && cd couchdb \ # Build the release and install into /opt @@ -68,18 +90,7 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ && make release \ && mv /usr/src/couchdb/rel/couchdb /opt/ \ # Cleanup build detritus - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - erlang-dev \ - git \ - libicu-dev \ - make \ - nodejs \ - perl \ - && apt-get autoremove -y && apt-get clean \ - && apt-get install -y libicu52 --no-install-recommends \ + && apt-get purge -y --auto-remove $buildDeps \ && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb* # Add configuration From 2711df908c0e93453a35ac7d5c3be9fef8b31c9f Mon Sep 17 00:00:00 2001 From: garren smith Date: Wed, 26 Apr 2017 09:42:00 +0200 Subject: [PATCH 108/227] update 2.0-dev-docs to use new repo (#12) --- 2.0-dev-docs/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/2.0-dev-docs/Dockerfile b/2.0-dev-docs/Dockerfile index ab834b4..61b0ffb 100644 --- a/2.0-dev-docs/Dockerfile +++ b/2.0-dev-docs/Dockerfile @@ -43,11 +43,11 @@ RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ texlive-fonts-recommended \ texlive-latex-extra \ && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ && apt-get update -y -qq && apt-get install -y nodejs \ && npm install -g grunt-cli \ - && cd /usr/src && git clone https://git-wip-us.apache.org/repos/asf/couchdb.git \ + && cd /usr/src && git clone https://gitbox.apache.org/repos/asf/couchdb.git \ && cd couchdb && git checkout $COUCHDB_VERSION \ && cd /usr/src/couchdb && ./configure && make \ && apt-get purge -y \ From f1cec35a1886a4019ccf88799312f463e24ff55c Mon Sep 17 00:00:00 2001 From: garren smith Date: Wed, 26 Apr 2017 14:50:05 +0200 Subject: [PATCH 109/227] (#11) Fix docker image naming `1`, `1.6`, `1.6.1`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin - `latest`, `2.0.0`: CouchDB 2.0 single node - `dev`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation --- 2.0-dev/Dockerfile | 87 -------------------------------- README.md | 17 +++---- {2.0-dev-docs => dev}/Dockerfile | 0 3 files changed, 8 insertions(+), 96 deletions(-) delete mode 100644 2.0-dev/Dockerfile rename {2.0-dev-docs => dev}/Dockerfile (100%) diff --git a/2.0-dev/Dockerfile b/2.0-dev/Dockerfile deleted file mode 100644 index 60f0c68..0000000 --- a/2.0-dev/Dockerfile +++ /dev/null @@ -1,87 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER Clemens Stolle klaemo@apache.org - -# Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - haproxy \ - erlang-nox \ - erlang-reltool \ - libicu52 \ - libmozjs185-1.0 \ - haproxy \ - python \ - openssl \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini" \ - && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.9.0/tini.asc" \ - && gpg --verify /usr/local/bin/tini.asc \ - && rm /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini - -ENV COUCHDB_VERSION 2.0.0 - -# Download dev dependencies -RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ - apt-transport-https \ - build-essential \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq \ - && apt-get install -y nodejs \ - && npm install -g grunt-cli \ - # Acquire CouchDB source code - && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/dev/couchdb/source/2.0.0/rc.1/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ - && cd couchdb \ - # Build the release and install - && ./configure --disable-docs \ - && make release \ - # Cleanup build detritus - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - erlang-dev \ - git \ - libicu-dev \ - make \ - nodejs \ - perl \ - && apt-get autoremove -y && apt-get clean \ - && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules - -# Setup directories and permissions -RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb - -WORKDIR /usr/src/couchdb -EXPOSE 5984 4369 9100 15984 25984 35984 15986 25986 35986 - -ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] -CMD ["--with-haproxy"] diff --git a/README.md b/README.md index 1def3c3..46a746f 100644 --- a/README.md +++ b/README.md @@ -13,9 +13,8 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - `1`, `1.6`, `1.6.1`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `2.0-dev`: CouchDB 2.0 RC.1 (release vote) with preconfigured dev cluster - `latest`, `2.0.0`: CouchDB 2.0 single node -- `2.0-dev-docs`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation +- `dev`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation ## Features @@ -27,7 +26,7 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch ## Run (2.0.0/latest) Available on the docker registry as [klaemo/couchdb:latest](https://index.docker.io/u/klaemo/couchdb/). -This is a developer preview of the upcoming CouchDB 2.0 release. A data volume +This is a build of the CouchDB 2.0 release. A data volume is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. Please note that CouchDB no longer autocreates system tables for you, so you will @@ -86,14 +85,14 @@ This build includes the `couchperuser` plugin. ### In a developer cluster -Available on the docker registry as [klaemo/couchdb:2.0-dev](https://index.docker.io/u/klaemo/couchdb/). +Available on the docker registry as [klaemo/couchdb:dev](https://index.docker.io/u/klaemo/couchdb/). This build demonstrates the CouchDB clustering features by creating a local cluster of a default three nodes inside the container, with a proxy in front. This is great for testing clustering in your local environment. ```bash # expose the cluster to the world -[sudo] docker run -it -p 5984:5984 klaemo/couchdb:2.0-dev +[sudo] docker run -it -p 5984:5984 klaemo/couchdb:dev [ * ] Setup environment ... ok [ * ] Ensure CouchDB is built ... ok @@ -117,7 +116,7 @@ Time to hack! ... ...but you can pass arguments to the binary ```bash -docker run -it klaemo/couchdb:2.0-dev --admin=foo:bar +docker run -it klaemo/couchdb:dev --admin=foo:bar ``` **Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose @@ -126,13 +125,13 @@ the cluster on `5984`, pass `--with-haproxy` explicitly. Examples: ```bash # display the available options of the couchdb startup script -docker run --rm klaemo/couchdb:2.0-dev --help +docker run --rm klaemo/couchdb:dev --help # Enable admin party 🎉 and expose the cluster on port 5984 -docker run -it -p 5984:5984 klaemo/couchdb:2.0-dev --with-admin-party-please --with-haproxy +docker run -it -p 5984:5984 klaemo/couchdb:dev --with-admin-party-please --with-haproxy # Start two nodes (without proxy) exposed on port 15984 and 25984 -docker run -it -p 15984:15984 -p 25984:25984 klaemo/couchdb:2.0-dev -n 2 +docker run -it -p 15984:15984 -p 25984:25984 klaemo/couchdb:dev -n 2 ``` ## Build your own diff --git a/2.0-dev-docs/Dockerfile b/dev/Dockerfile similarity index 100% rename from 2.0-dev-docs/Dockerfile rename to dev/Dockerfile From 23b3066888b501797a839cd415783145d475a7b8 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 18 May 2017 08:56:30 -0400 Subject: [PATCH 110/227] Add/update contribution guidelines, issue/PR templates for GH Issues (#15) --- .github/ISSUE_TEMPLATE.md | 32 +++++++++++++++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 41 ++++++++++++++++++++++++++++++++ README.md | 15 ++++++++---- 3 files changed, 83 insertions(+), 5 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..be4f816 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,32 @@ + + +## Expected Behavior + + + +## Current Behavior + + + +## Possible Solution + + + +## Steps to Reproduce (for bugs) + + +1. +2. +3. +4. + +## Context + + + +## Your Environment + +* Version used: +* Browser Name and version: +* Operating System and version (desktop or mobile): +* Link to your project: diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ede3821 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,41 @@ + + +## Overview + + + +## Testing recommendations + + + +## GitHub issue number + + + +## Related Pull Requests + + + +## Checklist + +- [ ] Code is written and works correctly; +- [ ] Changes are covered by tests; +- [ ] Documentation reflects the changes; diff --git a/README.md b/README.md index 46a746f..b95fb57 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ -YADC [![Build Status](https://travis-ci.org/klaemo/docker-couchdb.svg?branch=master)](https://travis-ci.org/klaemo/docker-couchdb) -=== +# Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) -Yet Another Dockerized CouchDB. Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) @@ -160,9 +158,16 @@ For the `2.0-single` image, configuration is stored at `/opt/couchdb/etc/`. ## Feedback, Issues, Contributing -**Please use Github issues for any questions, bugs, feature requests. :)** -I don't get notified about comments on Docker Hub, so I might respond really late...or not at all. +General feedback is welcome at our [user][1] or [developer][2] mailing lists. + +Apache CouchDB has a [CONTRIBUTING][3] file with details on how to get started +with issue reporting or contributing to the upkeep of this project. In short, +use GitHub Issues, do not report anything on Docker's website. ## Contributors - [@joeybaker](https://github.com/joeybaker) + +[1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ +[2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ +[3]: https://github.com/apache/couchdb/blob/master/CONTRIBUTING.md From 7ef8dbe27961ab42130e86b25fa21d8990de799a Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 22 Aug 2017 15:03:56 -0400 Subject: [PATCH 111/227] Remove link to dev image with explanation --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b95fb57..8f3631e 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch - `1`, `1.6`, `1.6.1`: CouchDB 1.6.1 - `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin - `latest`, `2.0.0`: CouchDB 2.0 single node -- `dev`: CouchDB 2.0 master (development version) with preconfigured dev cluster and documentation ## Features @@ -83,14 +82,17 @@ This build includes the `couchperuser` plugin. ### In a developer cluster -Available on the docker registry as [klaemo/couchdb:dev](https://index.docker.io/u/klaemo/couchdb/). This build demonstrates the CouchDB clustering features by creating a local cluster of a default three nodes inside the container, with a proxy in front. This is great for testing clustering in your local environment. +You will need to build Docker images from the `dev` directory in this +repository; [Apache Software Foundation policy][4] prevents us from publishing +non-release builds for wide distribution. + ```bash # expose the cluster to the world -[sudo] docker run -it -p 5984:5984 klaemo/couchdb:dev +[sudo] docker run -it -p 5984:5984 [ * ] Setup environment ... ok [ * ] Ensure CouchDB is built ... ok @@ -114,7 +116,7 @@ Time to hack! ... ...but you can pass arguments to the binary ```bash -docker run -it klaemo/couchdb:dev --admin=foo:bar +docker run -it --admin=foo:bar ``` **Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose @@ -123,13 +125,13 @@ the cluster on `5984`, pass `--with-haproxy` explicitly. Examples: ```bash # display the available options of the couchdb startup script -docker run --rm klaemo/couchdb:dev --help +docker run --rm --help # Enable admin party 🎉 and expose the cluster on port 5984 -docker run -it -p 5984:5984 klaemo/couchdb:dev --with-admin-party-please --with-haproxy +docker run -it -p 5984:5984 --with-admin-party-please --with-haproxy # Start two nodes (without proxy) exposed on port 15984 and 25984 -docker run -it -p 15984:15984 -p 25984:25984 klaemo/couchdb:dev -n 2 +docker run -it -p 15984:15984 -p 25984:25984 -n 2 ``` ## Build your own @@ -171,3 +173,4 @@ use GitHub Issues, do not report anything on Docker's website. [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ [2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ [3]: https://github.com/apache/couchdb/blob/master/CONTRIBUTING.md +[4]: http://www.apache.org/dev/release-distribution.html#unreleased From d88c656f9e6446f6854bf4b38b0af010c3257acc Mon Sep 17 00:00:00 2001 From: Raphael Randschau Date: Thu, 24 Aug 2017 18:06:48 +0200 Subject: [PATCH 112/227] Add couchdb 2.1.0 docker image (#24) * Add couchdb 2.1.0 * Add new port to Dockerfile * Remove node from Dockerfile --- 2.1.0/Dockerfile | 108 +++++++++++++++++++++++++++++++++++++ 2.1.0/docker-entrypoint.sh | 57 ++++++++++++++++++++ 2.1.0/local.ini | 8 +++ 2.1.0/vm.args | 28 ++++++++++ 4 files changed, 201 insertions(+) create mode 100644 2.1.0/Dockerfile create mode 100755 2.1.0/docker-entrypoint.sh create mode 100644 2.1.0/local.ini create mode 100644 2.1.0/vm.args diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile new file mode 100644 index 0000000..d11034c --- /dev/null +++ b/2.1.0/Dockerfile @@ -0,0 +1,108 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:jessie + +MAINTAINER Clemens Stolle klaemo@apache.org + +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + erlang-nox \ + erlang-reltool \ + haproxy \ + libicu52 \ + libmozjs185-1.0 \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ + && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ + && gpg --verify /usr/local/bin/gosu.asc \ + && rm /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ + && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini" \ + && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini.asc" \ + && gpg --verify /usr/local/bin/tini.asc \ + && rm /usr/local/bin/tini.asc \ + && chmod +x /usr/local/bin/tini + +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ + 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ + 2EC788AE3F239FA13E82D215CDE711289384AE37 +RUN set -xe \ + && for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done + +ENV COUCHDB_VERSION 2.1.0 + +# Download dev dependencies +RUN buildDeps=' \ + apt-transport-https \ + gcc \ + g++ \ + erlang-dev \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + make \ + ' \ + && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ + # Acquire CouchDB source code + && cd /usr/src && mkdir couchdb \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --verify couchdb.tar.gz.asc \ + && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ + && cd couchdb \ + # Build the release and install into /opt + && ./configure --disable-docs \ + && make release \ + && mv /usr/src/couchdb/rel/couchdb /opt/ \ + # Cleanup build detritus + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* + +# Add configuration +COPY local.ini /opt/couchdb/etc/local.d/ +COPY vm.args /opt/couchdb/etc/ + +COPY ./docker-entrypoint.sh / + +# Setup directories and permissions +RUN chmod +x /docker-entrypoint.sh \ + && mkdir /opt/couchdb/data \ + && chown -R couchdb:couchdb /opt/couchdb/ + +WORKDIR /opt/couchdb +EXPOSE 5984 5986 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.1.0/docker-entrypoint.sh b/2.1.0/docker-entrypoint.sh new file mode 100755 index 0000000..2ff1715 --- /dev/null +++ b/2.1.0/docker-entrypoint.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb /opt/couchdb + + chmod -R 0770 /opt/couchdb/data + + chmod 664 /opt/couchdb/etc/*.ini + chmod 664 /opt/couchdb/etc/local.d/*.ini + chmod 775 /opt/couchdb/etc/*.d + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini + chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/2.1.0/local.ini b/2.1.0/local.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/2.1.0/local.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/2.1.0/vm.args b/2.1.0/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/2.1.0/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From efcf2337873eea488ab1c413a71e8129a3b0a942 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 19 Sep 2017 04:26:05 -0400 Subject: [PATCH 113/227] Allow Erlang distribution over 9100-9200 (2.1.0 only) (#26) --- 2.1.0/Dockerfile | 2 +- 2.1.0/vm.args | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile index d11034c..43c7762 100644 --- a/2.1.0/Dockerfile +++ b/2.1.0/Dockerfile @@ -101,7 +101,7 @@ RUN chmod +x /docker-entrypoint.sh \ && chown -R couchdb:couchdb /opt/couchdb/ WORKDIR /opt/couchdb -EXPOSE 5984 5986 4369 9100 +EXPOSE 5984 5986 4369 9100-9200 VOLUME ["/opt/couchdb/data"] ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] diff --git a/2.1.0/vm.args b/2.1.0/vm.args index 0425756..3816b82 100644 --- a/2.1.0/vm.args +++ b/2.1.0/vm.args @@ -12,7 +12,7 @@ # Ensure that the Erlang VM listens on a known port -kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 +-kernel inet_dist_listen_max 9200 # Tell kernel and SASL not to log anything -kernel error_logger silent From 0d4587ddeb5a477b3a8646b8cd0b19dc5b9be62d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Burgd=C3=B6rfer?= Date: Tue, 19 Sep 2017 18:17:22 +0200 Subject: [PATCH 114/227] Make secret configurable via environment (#25) Fixes #9 issues raised for running a cluster with the 2.1.0 image --- 2.1.0/docker-entrypoint.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/2.1.0/docker-entrypoint.sh b/2.1.0/docker-entrypoint.sh index 2ff1715..707baba 100755 --- a/2.1.0/docker-entrypoint.sh +++ b/2.1.0/docker-entrypoint.sh @@ -33,6 +33,12 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini fi + if [ "$COUCHDB_SECRET" ]; then + # Set secret + printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + fi + # if we don't find an [admins] section followed by a non-comment, display a warning if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) From 751e57e89a0170eb5624efcb33dfd7d7047d71b3 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 19 Sep 2017 23:26:56 -0700 Subject: [PATCH 115/227] Remove deprecated 2.0.0 image --- 2.0.0/Dockerfile | 112 ------------------------------------- 2.0.0/docker-entrypoint.sh | 57 ------------------- 2.0.0/local.ini | 8 --- 2.0.0/vm.args | 28 ---------- 4 files changed, 205 deletions(-) delete mode 100644 2.0.0/Dockerfile delete mode 100755 2.0.0/docker-entrypoint.sh delete mode 100644 2.0.0/local.ini delete mode 100644 2.0.0/vm.args diff --git a/2.0.0/Dockerfile b/2.0.0/Dockerfile deleted file mode 100644 index 73d5083..0000000 --- a/2.0.0/Dockerfile +++ /dev/null @@ -1,112 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER Clemens Stolle klaemo@apache.org - -# Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - erlang-reltool \ - haproxy \ - libicu52 \ - libmozjs185-1.0 \ - openssl \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ - && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini" \ - && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini.asc" \ - && gpg --verify /usr/local/bin/tini.asc \ - && rm /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 2.0.0 - -# Download dev dependencies -RUN buildDeps=' \ - apt-transport-https \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - make \ - ' \ - && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ - && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_4.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_4.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq \ - && apt-get install -y nodejs \ - && npm install -g grunt-cli \ - # Acquire CouchDB source code - && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --verify couchdb.tar.gz.asc \ - && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ - && cd couchdb \ - # Build the release and install into /opt - && ./configure --disable-docs \ - && make release \ - && mv /usr/src/couchdb/rel/couchdb /opt/ \ - # Cleanup build detritus - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules /usr/src/couchdb* - -# Add configuration -COPY local.ini /opt/couchdb/etc/local.d/ -COPY vm.args /opt/couchdb/etc/ - -COPY ./docker-entrypoint.sh / - -# Setup directories and permissions -RUN chmod +x /docker-entrypoint.sh \ - && mkdir /opt/couchdb/data /opt/couchdb/etc/default.d \ - && chown -R couchdb:couchdb /opt/couchdb/ - -WORKDIR /opt/couchdb -EXPOSE 5984 4369 9100 -VOLUME ["/opt/couchdb/data"] - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.0.0/docker-entrypoint.sh b/2.0.0/docker-entrypoint.sh deleted file mode 100755 index 2ff1715..0000000 --- a/2.0.0/docker-entrypoint.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb - - chmod -R 0770 /opt/couchdb/data - - chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/local.d/*.ini - chmod 775 /opt/couchdb/etc/*.d - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN - fi - - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/2.0.0/local.ini b/2.0.0/local.ini deleted file mode 100644 index 1aa633c..0000000 --- a/2.0.0/local.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/2.0.0/vm.args b/2.0.0/vm.args deleted file mode 100644 index 0425756..0000000 --- a/2.0.0/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput From 7da42e2725d8ff9b69b78951281f308d8f3fc8f9 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 19 Sep 2017 23:52:14 -0700 Subject: [PATCH 116/227] Update readme for 2.1.0, new Docker Hub location --- .travis.yml | 4 ++-- README.md | 36 ++++++++++++++++++------------------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.travis.yml b/.travis.yml index ad06a7c..a1a3f2e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,9 +6,9 @@ services: before_install: - docker build -t couchdb:1.6.1 1.6.1 - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.0.0 2.0.0 + - docker build -t couchdb:2.1.0 2.1.0 script: - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.0.0 && sleep 5 && curl http://localhost:5986 + - docker run -d -p 5986:5984 couchdb:2.1.0 && sleep 5 && curl http://localhost:5986 diff --git a/README.md b/README.md index 8f3631e..2608a30 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,13 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` -- Version (stable): `CouchDB 2.0.0`, `Erlang 17.3` +- Version (stable): `CouchDB 2.1.0`, `Erlang 17.3` ## Available tags -- `1`, `1.6`, `1.6.1`: CouchDB 1.6.1 -- `1-couchperuser`, `1.6-couchperuser`, `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `latest`, `2.0.0`: CouchDB 2.0 single node +- `1.6.1`: CouchDB 1.6.1 +- `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin +- `latest`, `2.1.0`: CouchDB 2.1.0 single node (capable of running in a cluster) ## Features @@ -20,10 +20,10 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch * runs everything as user `couchdb` (security ftw!) * docker volume for data -## Run (2.0.0/latest) +## Run (latest/2.1.0) -Available on the docker registry as [klaemo/couchdb:latest](https://index.docker.io/u/klaemo/couchdb/). -This is a build of the CouchDB 2.0 release. A data volume +Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). +This is a build of the CouchDB 2.1 release. A data volume is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. Please note that CouchDB no longer autocreates system tables for you, so you will @@ -32,7 +32,7 @@ The node will also start in [admin party mode](http://guide.couchdb.org/draft/se ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data klaemo/couchdb +[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data apache/couchdb 18:54:48.780 [info] Application lager started on node nonode@nohost 18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost 18:54:48.780 [info] Application couch_mrview started on node nonode@nohost @@ -45,13 +45,13 @@ Once running, you can visit the new admin interface at `http://dockerhost:5984/_ ## Run (1.6.1) -Available as an official image on Docker Hub as [couchdb](https://hub.docker.com/_/couchdb/) +Available as an official image on Docker Hub as [apache/couchdb:1.6.1](https://hub.docker.com/r/apache/couchdb/) ```bash -[sudo] docker pull couchdb:latest +[sudo] docker pull apache/couchdb:1.6.1 # expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb couchdb +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1 curl http://localhost:5984 ``` @@ -60,7 +60,7 @@ curl http://localhost:5984 ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb couchdb +[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.6.1 ``` If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` @@ -77,7 +77,7 @@ This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). ``` -[sudo] docker run -d -p 5984:5984 --name couchdb couchdb:1.6.1-couchperuser +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1-couchperuser ``` ### In a developer cluster @@ -100,10 +100,9 @@ non-release builds for wide distribution. [ * ] Start node node1 ... ok [ * ] Start node node2 ... ok [ * ] Start node node3 ... ok -[ * ] Check node at http://127.0.0.1:15984/ ... failed: [Errno socket error] [Errno 111] Connection refused +[ * ] Check node at http://127.0.0.1:15984/ ... ok [ * ] Check node at http://127.0.0.1:25984/ ... ok [ * ] Check node at http://127.0.0.1:35984/ ... ok -[ * ] Check node at http://127.0.0.1:15984/ ... ok [ * ] Running cluster setup ... ok [ * ] Developers cluster is set up at http://127.0.0.1:15984. Admin username: root @@ -136,7 +135,7 @@ docker run -it -p 15984:15984 -p 25984:25984 -n 2 ## Build your own -You can use `klaemo/couchdb` as the base image for your own couchdb instance. +You can use `apache/couchdb` as the base image for your own couchdb instance. You might want to provide your own version of the following files: * `local.ini` for your custom CouchDB config @@ -144,7 +143,7 @@ You might want to provide your own version of the following files: Example Dockerfile: ``` -FROM klaemo/couchdb:latest +FROM apache/couchdb:latest COPY local.ini /usr/local/etc/couchdb/local.d/ ``` @@ -156,7 +155,7 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` -For the `2.0-single` image, configuration is stored at `/opt/couchdb/etc/`. +For the `2.1` image, configuration is stored at `/opt/couchdb/etc/`. ## Feedback, Issues, Contributing @@ -168,6 +167,7 @@ use GitHub Issues, do not report anything on Docker's website. ## Contributors +- [@klaemo](https://github.com/klaemo) - [@joeybaker](https://github.com/joeybaker) [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ From 715bb8cde382285069f35ecdb35cca2b425cb56e Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Sun, 24 Sep 2017 04:05:54 -0400 Subject: [PATCH 117/227] Update with feedback from @yosifkit (#28) Includes the following feedback from @yosifkit : * Permission/ownership changes occur as often as possible in the layer in which the files are created to aid some Docker graph drivers * Allow for simplified invocation. Any of the following work to specify additional CLI arguments: * `docker run couchdb:2.1.0 /opt/couchdb/bin/couchdb +A 16` * `docker run couchdb:2.1.0 couchdb +A 16` * `docker run couchdb:2.1.0 +A 16` * `docker run couchdb:2.1.0 -couch_ini /path/to/my/couch.ini ....` * `gpg --verify` replaced with `gpg --batch --verify` everywhere. --- 1.6.1-couchperuser/Dockerfile | 2 +- 1.6.1/Dockerfile | 38 +++++++++++++++++------------ 2.1.0/Dockerfile | 46 ++++++++++++++++++++--------------- 2.1.0/docker-entrypoint.sh | 11 +++++++++ dev/Dockerfile | 2 +- 5 files changed, 63 insertions(+), 36 deletions(-) diff --git a/1.6.1-couchperuser/Dockerfile b/1.6.1-couchperuser/Dockerfile index 3055750..9436a38 100644 --- a/1.6.1-couchperuser/Dockerfile +++ b/1.6.1-couchperuser/Dockerfile @@ -12,7 +12,7 @@ FROM couchdb:1.6.1 -MAINTAINER Clemens Stolle klaemo@apache.org +MAINTAINER CouchDB Developers dev@couchdb.apache.org ENV COUCHPERUSER_SHA 5d28db3272eea9619d4391b33aae6030f0319ecc54aa2a2f2b6c6a8d448f03f2 RUN apt-get update && apt-get install -y rebar make \ diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 1870795..32f9cee 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -12,7 +12,7 @@ FROM debian:jessie -MAINTAINER Clemens Stolle klaemo@apache.org +MAINTAINER CouchDB Developers dev@couchdb.apache.org # Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian @@ -28,19 +28,27 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4-0d \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ - && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini" \ - && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini.asc" \ - && gpg --verify /usr/local/bin/tini.asc \ - && rm /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.10 +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true \ +&& apt-get purge -y --auto-remove wget + +# grab tini for signal handling +ENV TINI_VERSION v0.16.1 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc +RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ +&& chmod +x /usr/local/bin/tini # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ @@ -75,7 +83,7 @@ RUN buildDeps=' \ && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ && curl -fSL http://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --verify couchdb.tar.gz.asc \ + && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ && mkdir -p /usr/src/couchdb \ && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ && cd /usr/src/couchdb \ diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile index 43c7762..b532827 100644 --- a/2.1.0/Dockerfile +++ b/2.1.0/Dockerfile @@ -12,7 +12,7 @@ FROM debian:jessie -MAINTAINER Clemens Stolle klaemo@apache.org +MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb @@ -28,19 +28,27 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture)" \ - && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$(dpkg%20--print-architecture).asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini" \ - && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v0.14.0/tini.asc" \ - && gpg --verify /usr/local/bin/tini.asc \ - && rm /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.10 +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true \ +&& apt-get purge -y --auto-remove wget + +# grab tini for signal handling +ENV TINI_VERSION v0.16.1 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc +RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ +&& chmod +x /usr/local/bin/tini # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ @@ -78,7 +86,7 @@ RUN buildDeps=' \ && cd /usr/src && mkdir couchdb \ && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --verify couchdb.tar.gz.asc \ + && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ && cd couchdb \ # Build the release and install into /opt @@ -87,7 +95,9 @@ RUN buildDeps=' \ && mv /usr/src/couchdb/rel/couchdb /opt/ \ # Cleanup build detritus && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ + && mkdir /opt/couchdb/data \ + && chown -R couchdb:couchdb /opt/couchdb # Add configuration COPY local.ini /opt/couchdb/etc/local.d/ @@ -96,9 +106,7 @@ COPY vm.args /opt/couchdb/etc/ COPY ./docker-entrypoint.sh / # Setup directories and permissions -RUN chmod +x /docker-entrypoint.sh \ - && mkdir /opt/couchdb/data \ - && chown -R couchdb:couchdb /opt/couchdb/ +RUN chown -R couchdb:couchdb /opt/couchdb/etc/local.d/ /opt/couchdb/etc/vm.args WORKDIR /opt/couchdb EXPOSE 5984 5986 4369 9100-9200 diff --git a/2.1.0/docker-entrypoint.sh b/2.1.0/docker-entrypoint.sh index 707baba..dda823d 100755 --- a/2.1.0/docker-entrypoint.sh +++ b/2.1.0/docker-entrypoint.sh @@ -13,6 +13,17 @@ set -e +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then # we need to set the permissions here because docker mounts volumes as root chown -R couchdb:couchdb /opt/couchdb diff --git a/dev/Dockerfile b/dev/Dockerfile index 61b0ffb..5dcf2a7 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,7 +12,7 @@ FROM debian:jessie -MAINTAINER Clemens Stolle klaemo@apache.org +MAINTAINER CouchDB Developers dev@couchdb.apache.org ENV COUCHDB_VERSION master From d7389cebb5c57104067fa5501a6fe6f5a06df42e Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Sun, 24 Sep 2017 01:16:42 -0700 Subject: [PATCH 118/227] Bind node-local port to all container interfaces --- 2.1.0/local.ini | 3 +++ 1 file changed, 3 insertions(+) diff --git a/2.1.0/local.ini b/2.1.0/local.ini index 1aa633c..c1bac9e 100644 --- a/2.1.0/local.ini +++ b/2.1.0/local.ini @@ -6,3 +6,6 @@ [chttpd] bind_address = any + +[httpd] +bind_address = any From c726be05240913f7f8226965428ade4475547ce3 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 25 Sep 2017 11:11:00 -0700 Subject: [PATCH 119/227] Revert some changes for clustering Port 5986 does not need to be exposed, can be accessed in other ways as described in the README. Port range for inet_dist_listen must be one port per erlang node. Since Docker runs a single VM per container, a single value here is sufficient. --- 2.1.0/Dockerfile | 2 +- 2.1.0/vm.args | 2 +- README.md | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile index b532827..59a3d31 100644 --- a/2.1.0/Dockerfile +++ b/2.1.0/Dockerfile @@ -109,7 +109,7 @@ COPY ./docker-entrypoint.sh / RUN chown -R couchdb:couchdb /opt/couchdb/etc/local.d/ /opt/couchdb/etc/vm.args WORKDIR /opt/couchdb -EXPOSE 5984 5986 4369 9100-9200 +EXPOSE 5984 4369 9100 VOLUME ["/opt/couchdb/data"] ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] diff --git a/2.1.0/vm.args b/2.1.0/vm.args index 3816b82..0425756 100644 --- a/2.1.0/vm.args +++ b/2.1.0/vm.args @@ -12,7 +12,7 @@ # Ensure that the Erlang VM listens on a known port -kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9200 +-kernel inet_dist_listen_max 9100 # Tell kernel and SASL not to log anything -kernel error_logger silent diff --git a/README.md b/README.md index 2608a30..473eb25 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ The node will also start in [admin party mode](http://guide.couchdb.org/draft/se Note that you can also use the NODENAME environment variable to set the name of the CouchDB node inside the container. Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` +Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. + ## Run (1.6.1) Available as an official image on Docker Hub as [apache/couchdb:1.6.1](https://hub.docker.com/r/apache/couchdb/) From 7df08e930a1d0f1942a385603f07434e7c710837 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 6 Nov 2017 16:14:53 -0500 Subject: [PATCH 120/227] Incorporate more feedback from official Docker image maintainers --- 1.6.1/Dockerfile | 50 +++++++++------- 1.7.0/Dockerfile | 114 +++++++++++++++++++++++++++++++++++++ 1.7.0/docker-entrypoint.sh | 62 ++++++++++++++++++++ 2.1.0/Dockerfile | 52 ++++++++++------- 4 files changed, 238 insertions(+), 40 deletions(-) create mode 100644 1.7.0/Dockerfile create mode 100755 1.7.0/docker-entrypoint.sh diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile index 32f9cee..6113501 100644 --- a/1.6.1/Dockerfile +++ b/1.6.1/Dockerfile @@ -28,27 +28,37 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4-0d \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ diff --git a/1.7.0/Dockerfile b/1.7.0/Dockerfile new file mode 100644 index 0000000..134d654 --- /dev/null +++ b/1.7.0/Dockerfile @@ -0,0 +1,114 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:jessie + +MAINTAINER CouchDB Developers dev@couchdb.apache.org + +# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian + +RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + erlang-nox \ + libicu52 \ + libmozjs185-1.0 \ + libnspr4 \ + libnspr4-0d \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.10 +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true \ +&& apt-get purge -y --auto-remove wget + +# grab tini for signal handling +ENV TINI_VERSION v0.16.1 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc +RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ +&& chmod +x /usr/local/bin/tini + +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B +RUN set -xe \ + && for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done + +ENV COUCHDB_VERSION 1.7.0 + +# download dependencies, compile and install couchdb, +# set correct permissions, expose couchdb to the outside and disable logging to disk +RUN buildDeps=' \ + gcc \ + g++ \ + erlang-dev \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + libnspr4-dev \ + make \ + ' \ + && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ + && curl -fSL https://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ + && mkdir -p /usr/src/couchdb \ + && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ + && cd /usr/src/couchdb \ + && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ + && make && make install \ + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ + && chown -R couchdb:couchdb \ + /usr/local/lib/couchdb /usr/local/etc/couchdb \ + /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ + && chmod -R g+rw \ + /usr/local/lib/couchdb /usr/local/etc/couchdb \ + /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ + && mkdir -p /var/lib/couchdb \ + && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ + && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini + +COPY ./docker-entrypoint.sh / +RUN chmod +x /docker-entrypoint.sh + +# Define mountable directories. +VOLUME ["/usr/local/var/lib/couchdb"] + +EXPOSE 5984 +WORKDIR /var/lib/couchdb + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["couchdb"] diff --git a/1.7.0/docker-entrypoint.sh b/1.7.0/docker-entrypoint.sh new file mode 100755 index 0000000..c1c9f56 --- /dev/null +++ b/1.7.0/docker-entrypoint.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +if [ "$1" = 'couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod -R 0770 \ + /usr/local/var/lib/couchdb \ + /usr/local/var/log/couchdb \ + /usr/local/var/run/couchdb \ + /usr/local/etc/couchdb + + chmod 664 /usr/local/etc/couchdb/*.ini + chmod 775 /usr/local/etc/couchdb/*.d + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini + fi + + printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile index 59a3d31..4cfeaa3 100644 --- a/2.1.0/Dockerfile +++ b/2.1.0/Dockerfile @@ -28,27 +28,39 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ From aa4ee2d3cbdb17b41e0adff9e23241be47b23441 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 6 Nov 2017 16:37:42 -0500 Subject: [PATCH 121/227] Bump to 1.7.0, 2.1.1 --- .travis.yml | 12 +- 1.6.1/Dockerfile | 124 ------------------ 1.6.1/docker-entrypoint.sh | 62 --------- .../Dockerfile | 2 +- .../docker-entrypoint.sh | 0 {2.1.0 => 2.1.1}/Dockerfile | 2 +- {2.1.0 => 2.1.1}/docker-entrypoint.sh | 0 {2.1.0 => 2.1.1}/local.ini | 0 {2.1.0 => 2.1.1}/vm.args | 0 README.md | 24 ++-- 10 files changed, 20 insertions(+), 206 deletions(-) delete mode 100644 1.6.1/Dockerfile delete mode 100755 1.6.1/docker-entrypoint.sh rename {1.6.1-couchperuser => 1.7.0-couchperuser}/Dockerfile (98%) rename {1.6.1-couchperuser => 1.7.0-couchperuser}/docker-entrypoint.sh (100%) rename {2.1.0 => 2.1.1}/Dockerfile (99%) rename {2.1.0 => 2.1.1}/docker-entrypoint.sh (100%) rename {2.1.0 => 2.1.1}/local.ini (100%) rename {2.1.0 => 2.1.1}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index a1a3f2e..2eba791 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,11 +4,11 @@ services: - docker before_install: - - docker build -t couchdb:1.6.1 1.6.1 - - docker build -t couchdb:1.6.1-couchperuser 1.6.1-couchperuser - - docker build -t couchdb:2.1.0 2.1.0 + - docker build -t couchdb:1.7.0 1.7.0 + - docker build -t couchdb:1.7.0-couchperuser 1.7.0-couchperuser + - docker build -t couchdb:2.1.1 2.1.1 script: - - docker run -d -p 5984:5984 couchdb:1.6.1 && sleep 5 && curl http://localhost:5984 - - docker run -d -p 5985:5984 couchdb:1.6.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.1.0 && sleep 5 && curl http://localhost:5986 + - docker run -d -p 5984:5984 couchdb:1.7.0 && sleep 5 && curl http://localhost:5984 + - docker run -d -p 5985:5984 couchdb:1.7.0-couchperuser && sleep 5 && curl http://localhost:5985 + - docker run -d -p 5986:5984 couchdb:2.1.1 && sleep 5 && curl http://localhost:5986 diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile deleted file mode 100644 index 6113501..0000000 --- a/1.6.1/Dockerfile +++ /dev/null @@ -1,124 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian - -RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - libicu52 \ - libmozjs185-1.0 \ - libnspr4 \ - libnspr4-0d \ - && rm -rf /var/lib/apt/lists/* - -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 1.6.1 - -# download dependencies, compile and install couchdb, -# set correct permissions, expose couchdb to the outside and disable logging to disk -RUN buildDeps=' \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - libnspr4-dev \ - make \ - ' \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && curl -fSL http://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ - && cd /usr/src/couchdb \ - && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install \ - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ - && chown -R couchdb:couchdb \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && chmod -R g+rw \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && mkdir -p /var/lib/couchdb \ - && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ - && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini - -COPY ./docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh - -# Define mountable directories. -VOLUME ["/usr/local/var/lib/couchdb"] - -EXPOSE 5984 -WORKDIR /var/lib/couchdb - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["couchdb"] diff --git a/1.6.1/docker-entrypoint.sh b/1.6.1/docker-entrypoint.sh deleted file mode 100755 index c1c9f56..0000000 --- a/1.6.1/docker-entrypoint.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini - fi - - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN - fi - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/1.6.1-couchperuser/Dockerfile b/1.7.0-couchperuser/Dockerfile similarity index 98% rename from 1.6.1-couchperuser/Dockerfile rename to 1.7.0-couchperuser/Dockerfile index 9436a38..d3c4df1 100644 --- a/1.6.1-couchperuser/Dockerfile +++ b/1.7.0-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.6.1 +FROM couchdb:1.7.0 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.6.1-couchperuser/docker-entrypoint.sh b/1.7.0-couchperuser/docker-entrypoint.sh similarity index 100% rename from 1.6.1-couchperuser/docker-entrypoint.sh rename to 1.7.0-couchperuser/docker-entrypoint.sh diff --git a/2.1.0/Dockerfile b/2.1.1/Dockerfile similarity index 99% rename from 2.1.0/Dockerfile rename to 2.1.1/Dockerfile index 4cfeaa3..be31eb2 100644 --- a/2.1.0/Dockerfile +++ b/2.1.1/Dockerfile @@ -80,7 +80,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 2.1.0 +ENV COUCHDB_VERSION 2.1.1 # Download dev dependencies RUN buildDeps=' \ diff --git a/2.1.0/docker-entrypoint.sh b/2.1.1/docker-entrypoint.sh similarity index 100% rename from 2.1.0/docker-entrypoint.sh rename to 2.1.1/docker-entrypoint.sh diff --git a/2.1.0/local.ini b/2.1.1/local.ini similarity index 100% rename from 2.1.0/local.ini rename to 2.1.1/local.ini diff --git a/2.1.0/vm.args b/2.1.1/vm.args similarity index 100% rename from 2.1.0/vm.args rename to 2.1.1/vm.args diff --git a/README.md b/README.md index 473eb25..3c6cb1a 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -- Version (stable): `CouchDB 1.6.1`, `Erlang 17.3` -- Version (stable): `CouchDB 2.1.0`, `Erlang 17.3` +- Version (stable): `CouchDB 1.7.0`, `Erlang 17.3` +- Version (stable): `CouchDB 2.1.1`, `Erlang 17.3` ## Available tags -- `1.6.1`: CouchDB 1.6.1 -- `1.6.1-couchperuser`: CouchDB 1.6.1 with couchperuser plugin -- `latest`, `2.1.0`: CouchDB 2.1.0 single node (capable of running in a cluster) +- `1.7.0`: CouchDB 1.7.0 +- `1.7.0-couchperuser`: CouchDB 1.7.0 with couchperuser plugin +- `latest`, `2.1.1`: CouchDB 2.1.1 single node (capable of running in a cluster) ## Features @@ -20,7 +20,7 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch * runs everything as user `couchdb` (security ftw!) * docker volume for data -## Run (latest/2.1.0) +## Run (latest/2.1.1) Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). This is a build of the CouchDB 2.1 release. A data volume @@ -45,15 +45,15 @@ Once running, you can visit the new admin interface at `http://dockerhost:5984/_ Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. -## Run (1.6.1) +## Run (1.7.0) -Available as an official image on Docker Hub as [apache/couchdb:1.6.1](https://hub.docker.com/r/apache/couchdb/) +Available as an official image on Docker Hub as [apache/couchdb:1.7.0](https://hub.docker.com/r/apache/couchdb/) ```bash -[sudo] docker pull apache/couchdb:1.6.1 +[sudo] docker pull apache/couchdb:1.7.0 # expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1 +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0 curl http://localhost:5984 ``` @@ -62,7 +62,7 @@ curl http://localhost:5984 ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.6.1 +[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.0 ``` If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` @@ -79,7 +79,7 @@ This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). ``` -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.6.1-couchperuser +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0-couchperuser ``` ### In a developer cluster From 1a7c4254c158a194ff195da6ebfed910d24a95b7 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 7 Nov 2017 01:25:02 -0500 Subject: [PATCH 122/227] Incorporate more feedback from @yosifkit --- 1.7.0/Dockerfile | 51 ++++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/1.7.0/Dockerfile b/1.7.0/Dockerfile index 134d654..c87322a 100644 --- a/1.7.0/Dockerfile +++ b/1.7.0/Dockerfile @@ -28,27 +28,37 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libnspr4-0d \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 -RUN set -x \ - && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg%20--print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ -&& apt-get purge -y --auto-remove wget - -# grab tini for signal handling -ENV TINI_VERSION v0.16.1 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc -RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ -&& chmod +x /usr/local/bin/tini +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # https://www.apache.org/dist/couchdb/KEYS ENV GPG_KEYS \ @@ -102,7 +112,6 @@ RUN buildDeps=' \ && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini COPY ./docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh # Define mountable directories. VOLUME ["/usr/local/var/lib/couchdb"] From 029760550b8af66f49bf439ddbabfbd040e9727c Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sat, 11 Nov 2017 17:17:09 +0100 Subject: [PATCH 123/227] 1.7.1 release --- .travis.yml | 8 ++++---- .../Dockerfile | 2 +- .../docker-entrypoint.sh | 0 {1.7.0 => 1.7.1}/Dockerfile | 2 +- {1.7.0 => 1.7.1}/docker-entrypoint.sh | 0 README.md | 18 +++++++++--------- 6 files changed, 15 insertions(+), 15 deletions(-) rename {1.7.0-couchperuser => 1.7.1-couchperuser}/Dockerfile (98%) rename {1.7.0-couchperuser => 1.7.1-couchperuser}/docker-entrypoint.sh (100%) rename {1.7.0 => 1.7.1}/Dockerfile (99%) rename {1.7.0 => 1.7.1}/docker-entrypoint.sh (100%) diff --git a/.travis.yml b/.travis.yml index 2eba791..8ac681d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,11 +4,11 @@ services: - docker before_install: - - docker build -t couchdb:1.7.0 1.7.0 - - docker build -t couchdb:1.7.0-couchperuser 1.7.0-couchperuser + - docker build -t couchdb:1.7.1 1.7.1 + - docker build -t couchdb:1.7.1-couchperuser 1.7.1-couchperuser - docker build -t couchdb:2.1.1 2.1.1 script: - - docker run -d -p 5984:5984 couchdb:1.7.0 && sleep 5 && curl http://localhost:5984 - - docker run -d -p 5985:5984 couchdb:1.7.0-couchperuser && sleep 5 && curl http://localhost:5985 + - docker run -d -p 5984:5984 couchdb:1.7.1 && sleep 5 && curl http://localhost:5984 + - docker run -d -p 5985:5984 couchdb:1.7.1-couchperuser && sleep 5 && curl http://localhost:5985 - docker run -d -p 5986:5984 couchdb:2.1.1 && sleep 5 && curl http://localhost:5986 diff --git a/1.7.0-couchperuser/Dockerfile b/1.7.1-couchperuser/Dockerfile similarity index 98% rename from 1.7.0-couchperuser/Dockerfile rename to 1.7.1-couchperuser/Dockerfile index d3c4df1..1ed7a4c 100644 --- a/1.7.0-couchperuser/Dockerfile +++ b/1.7.1-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.7.0 +FROM couchdb:1.7.1 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.7.0-couchperuser/docker-entrypoint.sh b/1.7.1-couchperuser/docker-entrypoint.sh similarity index 100% rename from 1.7.0-couchperuser/docker-entrypoint.sh rename to 1.7.1-couchperuser/docker-entrypoint.sh diff --git a/1.7.0/Dockerfile b/1.7.1/Dockerfile similarity index 99% rename from 1.7.0/Dockerfile rename to 1.7.1/Dockerfile index c87322a..25cbceb 100644 --- a/1.7.0/Dockerfile +++ b/1.7.1/Dockerfile @@ -76,7 +76,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 1.7.0 +ENV COUCHDB_VERSION 1.7.1 # download dependencies, compile and install couchdb, # set correct permissions, expose couchdb to the outside and disable logging to disk diff --git a/1.7.0/docker-entrypoint.sh b/1.7.1/docker-entrypoint.sh similarity index 100% rename from 1.7.0/docker-entrypoint.sh rename to 1.7.1/docker-entrypoint.sh diff --git a/README.md b/README.md index 3c6cb1a..8de242c 100644 --- a/README.md +++ b/README.md @@ -4,13 +4,13 @@ Put the couch in a docker container and ship it anywhere. If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) -- Version (stable): `CouchDB 1.7.0`, `Erlang 17.3` +- Version (stable): `CouchDB 1.7.1`, `Erlang 17.3` - Version (stable): `CouchDB 2.1.1`, `Erlang 17.3` ## Available tags -- `1.7.0`: CouchDB 1.7.0 -- `1.7.0-couchperuser`: CouchDB 1.7.0 with couchperuser plugin +- `1.7.1`: CouchDB 1.7.1 +- `1.7.1-couchperuser`: CouchDB 1.7.1 with couchperuser plugin - `latest`, `2.1.1`: CouchDB 2.1.1 single node (capable of running in a cluster) ## Features @@ -45,15 +45,15 @@ Once running, you can visit the new admin interface at `http://dockerhost:5984/_ Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. -## Run (1.7.0) +## Run (1.7.1) -Available as an official image on Docker Hub as [apache/couchdb:1.7.0](https://hub.docker.com/r/apache/couchdb/) +Available as an official image on Docker Hub as [apache/couchdb:1.7.1](https://hub.docker.com/r/apache/couchdb/) ```bash -[sudo] docker pull apache/couchdb:1.7.0 +[sudo] docker pull apache/couchdb:1.7.1 # expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0 +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1 curl http://localhost:5984 ``` @@ -62,7 +62,7 @@ curl http://localhost:5984 ```bash # expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.0 +[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.1 ``` If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` @@ -79,7 +79,7 @@ This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). ``` -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.0-couchperuser +[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1-couchperuser ``` ### In a developer cluster From 98ad12019570cdc3d91408909c14d501e9d482e6 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Sat, 13 Jan 2018 21:23:14 -0500 Subject: [PATCH 124/227] Remove haproxy from production image HAProxy is included in the "dev-cluster" image to proxy requests to the three nodes deployed via that image. The production image runs a single CouchDB instance in each image and does not need or want a proxy server in the image. Closes #56 --- 2.1.1/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/2.1.1/Dockerfile b/2.1.1/Dockerfile index be31eb2..9f5f92f 100644 --- a/2.1.1/Dockerfile +++ b/2.1.1/Dockerfile @@ -22,7 +22,6 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ curl \ erlang-nox \ erlang-reltool \ - haproxy \ libicu52 \ libmozjs185-1.0 \ openssl \ From c1066ad76bd4a86998c803c7338e88daecb82d8f Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Wed, 24 Jan 2018 13:30:22 -0600 Subject: [PATCH 125/227] Use default.d for image-provided config in 2.x (#50) This change moves the configuration overrides that are built into the image into `etc/default.d` instead of `etc/local.d`, which allows systems like Kubernetes to come in and own `default.d` as a config volume mount point while still allowing for online overrides to take highest precedence. --- 2.1.1/{local.ini => 10-docker-default.ini} | 0 2.1.1/Dockerfile | 4 ++-- 2.1.1/docker-entrypoint.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename 2.1.1/{local.ini => 10-docker-default.ini} (100%) diff --git a/2.1.1/local.ini b/2.1.1/10-docker-default.ini similarity index 100% rename from 2.1.1/local.ini rename to 2.1.1/10-docker-default.ini diff --git a/2.1.1/Dockerfile b/2.1.1/Dockerfile index 9f5f92f..f6b8060 100644 --- a/2.1.1/Dockerfile +++ b/2.1.1/Dockerfile @@ -111,13 +111,13 @@ RUN buildDeps=' \ && chown -R couchdb:couchdb /opt/couchdb # Add configuration -COPY local.ini /opt/couchdb/etc/local.d/ +COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ COPY vm.args /opt/couchdb/etc/ COPY ./docker-entrypoint.sh / # Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/local.d/ /opt/couchdb/etc/vm.args +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args WORKDIR /opt/couchdb EXPOSE 5984 4369 9100 diff --git a/2.1.1/docker-entrypoint.sh b/2.1.1/docker-entrypoint.sh index dda823d..e03cd1a 100755 --- a/2.1.1/docker-entrypoint.sh +++ b/2.1.1/docker-entrypoint.sh @@ -31,7 +31,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chmod -R 0770 /opt/couchdb/data chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/local.d/*.ini + chmod 664 /opt/couchdb/etc/default.d/*.ini chmod 775 /opt/couchdb/etc/*.d if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then @@ -51,7 +51,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** From 1f85f08f840e0b7482c61ef2e0ed3fe30c1cf1b0 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 31 Jan 2018 11:14:23 -0800 Subject: [PATCH 126/227] Use 5984:5984 as couchdb uid:gid, closes #53 --- 1.7.1/Dockerfile | 2 +- 2.1.1/Dockerfile | 2 +- dev/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/1.7.1/Dockerfile b/1.7.1/Dockerfile index 25cbceb..da36f22 100644 --- a/1.7.1/Dockerfile +++ b/1.7.1/Dockerfile @@ -16,7 +16,7 @@ MAINTAINER CouchDB Developers dev@couchdb.apache.org # Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian -RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ diff --git a/2.1.1/Dockerfile b/2.1.1/Dockerfile index f6b8060..1ffb317 100644 --- a/2.1.1/Dockerfile +++ b/2.1.1/Dockerfile @@ -15,7 +15,7 @@ FROM debian:jessie MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ diff --git a/dev/Dockerfile b/dev/Dockerfile index 5dcf2a7..8b4a733 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -16,7 +16,7 @@ MAINTAINER CouchDB Developers dev@couchdb.apache.org ENV COUCHDB_VERSION master -RUN groupadd -r couchdb && useradd -d /usr/src/couchdb -g couchdb couchdb +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb # download dependencies RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ From fd69b2576be3409fca4fef29e8d16204cc5a9e39 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 31 Jan 2018 14:38:57 -0500 Subject: [PATCH 127/227] Improve README for configuration changes, closes #47 --- README.md | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 8de242c..aa066c1 100644 --- a/README.md +++ b/README.md @@ -23,27 +23,48 @@ If you're looking for a CouchDB with SSL support you can check out [klaemo/couch ## Run (latest/2.1.1) Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). -This is a build of the CouchDB 2.1 release. A data volume -is exposed on `/opt/couchdb/data`, and the node's port is exposed on `5984`. +This is a build of the CouchDB 2.1 release. -Please note that CouchDB no longer autocreates system tables for you, so you will -have to create `_global_changes`, `_metadata`, `_replicator` and `_users` manually (the admin interface has a "Setup" menu that does this for you). -The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! +By default, CouchDB's HTTP interface is exposed on port `5984`. Once running, you can visit the new admin interface at `http://:5984/_utils/` + +CouchDB uses `/opt/couchdb/data` to store its data, and is exposed as a volume. + +Here is an example launch line for a single-node CouchDB with an admin username and password of `admin` and `password`, exposed to the world on port `5984`: ```bash -# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -p 5984:5984 -v $(pwd):/opt/couchdb/data apache/couchdb +$ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d --env COUCHDB_USER=admin --env COUCHDB_PASSWORD=password apache/couchdb:2.1.1 18:54:48.780 [info] Application lager started on node nonode@nohost 18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost 18:54:48.780 [info] Application couch_mrview started on node nonode@nohost 18:54:48.780 [info] Application couch_plugins started on node nonode@nohost -[...] ``` -Note that you can also use the NODENAME environment variable to set the name of the CouchDB node inside the container. -Once running, you can visit the new admin interface at `http://dockerhost:5984/_utils/` +### Detailed configuration (latest/2.x) + +CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to bind map this to an external directory, to persist the configuration across restarts. + +CouchDB also uses `/opt/couchdb/etc/vm.args` to store Erlang runtime-specific changes. Changing these values is less common. If you need to change the epmd port, for instance, you will want to bind mount this file as well. (Note: files cannot be bind-mounted on Windows hosts.) + +In addition, a few environment variables are provided to set very common parameters: + +* `COUCHDB_USER` and `COUCHDB_PASSWORD` will create an ini-file based local admin user with the given username and password in the file `/opt/couchdb/etc/local.d/docker.ini`. +* `COUCHDB_SECRET` will set the CouchDB shared cluster secret value, in the file `/opt/couchdb/etc/local.d/docker.ini`. +* `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. + +If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. + +### Important notes (latest/2.x) + +Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. + +You must create `_global_changes`, `_metadata`, `_replicator` and `_users` after the cluster has been fully configured. (The Fauxton UI has a "Setup" wizard that does this for you.) + +The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! + +[...] +``` -Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. +Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. ## Run (1.7.1) From c3ddd601338fc579c576ea40e8668d88f4306412 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Sat, 13 Jan 2018 22:28:45 -0500 Subject: [PATCH 128/227] Rename dev to dev-cluster This paves the way for a simpler dev image Dockerfile. --- {dev => dev-cluster}/Dockerfile | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {dev => dev-cluster}/Dockerfile (100%) diff --git a/dev/Dockerfile b/dev-cluster/Dockerfile similarity index 100% rename from dev/Dockerfile rename to dev-cluster/Dockerfile From b2734247ac8df0c0f1d51f3ba5464db60fef8e13 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Mon, 15 Jan 2018 20:41:08 -0500 Subject: [PATCH 129/227] Introduce developer-friendly Dockerfile This dev image configuration is modeled after the 2.1.1 Dockerfile with a few modifications useful for day-to-day development: * The Dockerfile builds from git rather than the official source releases. The build is configurable using the following build_args: clone_url (default: https://gitbox.apache.org/repos/asf/couchdb.git) checkout_branch (default: master) configure_options (default: ) The configure_options are passed directly to ./configure and can be used to e.g. --disable-docs or --disable-fauxton: docker build --build-arg checkout_branch=my-cool-feature dev/ * We take advantage of multi-stage builds [1] to create a series of layers that optimize build time without inflating the final image size. In normal development the layers that install runtime and build dependencies will be cached, and the build will start by updating and configuring the existing git clone. This work includes the changes proposed in #50 and #57. --- dev/Dockerfile | 136 +++++++++++++++++++++++++++++++++++++++ dev/docker-entrypoint.sh | 74 +++++++++++++++++++++ dev/local.ini | 11 ++++ dev/vm.args | 28 ++++++++ 4 files changed, 249 insertions(+) create mode 100644 dev/Dockerfile create mode 100755 dev/docker-entrypoint.sh create mode 100644 dev/local.ini create mode 100644 dev/vm.args diff --git a/dev/Dockerfile b/dev/Dockerfile new file mode 100644 index 0000000..336ab80 --- /dev/null +++ b/dev/Dockerfile @@ -0,0 +1,136 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Base layer containing dependencies needed at runtime. This layer will be +# cached after the initial build. +FROM debian:jessie AS runtime + +LABEL maintainer="CouchDB Developers " + +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + libicu52 \ + libmozjs185-1.0 \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# Dependencies only needed during build time. This layer will also be cached +# unless for each clone_url. +FROM runtime AS build_dependencies + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + apt-transport-https \ + gcc \ + g++ \ + curl \ + erlang-nox \ + erlang-reltool \ + erlang-dev \ + git \ + libcurl4-openssl-dev \ + libicu-dev \ + libmozjs185-dev \ + make \ + python \ + python-sphinx \ + python-sphinx-rtd-theme \ + texinfo \ + texlive-base \ + texlive-fonts-extra \ + texlive-fonts-recommended \ + texlive-latex-extra + +# Node is special +RUN set -ex; \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ + echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + apt-get update -y && apt-get install -y nodejs; \ + npm install -g grunt-cli + + +# Clone CouchDB source code including all dependencies +ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git +RUN git clone $clone_url /usr/src/couchdb +WORKDIR /usr/src/couchdb +RUN ./configure + +# This layer performs the actual build of a relocatable, self-contained +# release of CouchDB. It pulls down the latest changes from the remote +# origin (because the layer above will be cached) and switches to the +# branch specified in the build_arg (defaults to master) +FROM build_dependencies AS build + +ARG checkout_branch=master +ARG configure_options + +WORKDIR /usr/src/couchdb/ +RUN git fetch origin \ + && git checkout $checkout_branch \ + && ./configure $configure_options \ + && make release + +# This results in a single layer image (or at least skips the build stuff?) +FROM runtime +COPY --from=build /usr/src/couchdb/rel/couchdb /opt/ + +# Add configuration +COPY local.ini /opt/couchdb/etc/default.d/ +COPY vm.args /opt/couchdb/etc/ +COPY docker-entrypoint.sh / + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args + +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh new file mode 100755 index 0000000..dda823d --- /dev/null +++ b/dev/docker-entrypoint.sh @@ -0,0 +1,74 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # we need to set the permissions here because docker mounts volumes as root + chown -R couchdb:couchdb /opt/couchdb + + chmod -R 0770 /opt/couchdb/data + + chmod 664 /opt/couchdb/etc/*.ini + chmod 664 /opt/couchdb/etc/local.d/*.ini + chmod 775 /opt/couchdb/etc/*.d + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini + chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret + printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/dev/local.ini b/dev/local.ini new file mode 100644 index 0000000..c1bac9e --- /dev/null +++ b/dev/local.ini @@ -0,0 +1,11 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any + +[httpd] +bind_address = any diff --git a/dev/vm.args b/dev/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/dev/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 42de4b02ff99684c75fcbe006d636ddaa2e80f9b Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Wed, 17 Jan 2018 13:21:06 -0500 Subject: [PATCH 130/227] Install newer RTD theme from pip See #58 --- dev/Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dev/Dockerfile b/dev/Dockerfile index 336ab80..ba3e259 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -78,14 +78,17 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libmozjs185-dev \ make \ python \ - python-sphinx \ - python-sphinx-rtd-theme \ + python-pip \ texinfo \ texlive-base \ texlive-fonts-extra \ texlive-fonts-recommended \ texlive-latex-extra +RUN pip install \ + sphinx \ + sphinx_rtd_theme + # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ From 7efafe23c03af436cdfcc43b71d91441ef01615e Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 9 Apr 2018 11:50:43 -0400 Subject: [PATCH 131/227] Add new targets to .travis.yml CI/CD --- .travis.yml | 15 ++-- dev-cluster/Dockerfile | 155 ++++++++++++++++++++++++++--------------- 2 files changed, 107 insertions(+), 63 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8ac681d..7db5791 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,12 +3,13 @@ sudo: required services: - docker -before_install: - - docker build -t couchdb:1.7.1 1.7.1 - - docker build -t couchdb:1.7.1-couchperuser 1.7.1-couchperuser - - docker build -t couchdb:2.1.1 2.1.1 +env: + - RELEASE=1.7.1 + - RELEASE=1.7.1-couchperuser + - RELEASE=2.1.1 + - RELEASE=dev + - RELEASE=dev-cluster script: - - docker run -d -p 5984:5984 couchdb:1.7.1 && sleep 5 && curl http://localhost:5984 - - docker run -d -p 5985:5984 couchdb:1.7.1-couchperuser && sleep 5 && curl http://localhost:5985 - - docker run -d -p 5986:5984 couchdb:2.1.1 && sleep 5 && curl http://localhost:5986 + - docker build -t couchdb:$RELEASE $RELEASE + - docker run -d -p 5984:5984 couchdb:$RELEASE && sleep 10 && curl http://localhost:5984 diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 8b4a733..0166050 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -10,74 +10,117 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:jessie +# Base layer containing dependencies needed at runtime. This layer will be +# cached after the initial build. +FROM debian:jessie AS runtime -MAINTAINER CouchDB Developers dev@couchdb.apache.org +LABEL maintainer="CouchDB Developers " -ENV COUCHDB_VERSION master +# Add CouchDB user account +RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + ca-certificates \ + libicu52 \ + libmozjs185-1.0 \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# Dependencies only needed during build time. This layer will also be cached +# unless for each clone_url. +FROM runtime AS build_dependencies -# download dependencies -RUN apt-get update -y -qq && apt-get install -y --no-install-recommends \ +RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - build-essential \ - ca-certificates \ + gcc \ + g++ \ curl \ - default-jdk \ - erlang-dev \ erlang-nox \ + erlang-reltool \ + erlang-dev \ git \ - haproxy \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - libwxgtk3.0 \ - openssl \ - pkg-config \ - python \ - python-sphinx \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ - && curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list \ - && echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list \ - && apt-get update -y -qq && apt-get install -y nodejs \ - && npm install -g grunt-cli \ - && cd /usr/src && git clone https://gitbox.apache.org/repos/asf/couchdb.git \ - && cd couchdb && git checkout $COUCHDB_VERSION \ - && cd /usr/src/couchdb && ./configure && make \ - && apt-get purge -y \ - binutils \ - build-essential \ - cpp \ - default-jdk \ - git \ - libcurl4-openssl-dev \ - libicu-dev \ - libwxgtk3.0 \ make \ - nodejs \ - perl \ - pkg-config \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra \ - && apt-get autoremove -y \ - && apt-get install -y libicu52 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* /usr/lib/node_modules src/fauxton/node_modules src/**/.git .git - -# permissions -RUN chmod +x /usr/src/couchdb/dev/run && chown -R couchdb:couchdb /usr/src/couchdb - -USER couchdb -EXPOSE 5984 15984 25984 35984 15986 25986 35986 + python \ + python-pip + +RUN pip install \ + sphinx \ + sphinx_rtd_theme + +# Node is special +RUN set -ex; \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ + echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + apt-get update -y && apt-get install -y nodejs; \ + npm install -g grunt-cli + + +# Clone CouchDB source code including all dependencies +ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git +RUN git clone $clone_url /usr/src/couchdb +WORKDIR /usr/src/couchdb +RUN ./configure + +# This layer performs the actual build of a relocatable, self-contained +# release of CouchDB. It pulls down the latest changes from the remote +# origin (because the layer above will be cached) and switches to the +# branch specified in the build_arg (defaults to master) +FROM build_dependencies AS build + +ARG checkout_branch=master +ARG configure_options + +WORKDIR /usr/src/couchdb +RUN git fetch origin \ + && git checkout $checkout_branch \ + && ./configure $configure_options \ + && make couch + +# we skip any finalisation of this image since this is purely for testing + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /usr/src/couchdb + WORKDIR /usr/src/couchdb +EXPOSE 5984 4369 9100 -ENTRYPOINT ["/usr/src/couchdb/dev/run"] +ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] CMD ["--with-haproxy"] From 45b9dd1cc3ae1449f47cde77481b7f49173a1d9d Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 11 Apr 2018 03:37:43 -0400 Subject: [PATCH 132/227] Further fixes for dev and dev-cluster targets --- dev-cluster/Dockerfile | 107 +++++++++++++++++++-------------------- dev/Dockerfile | 91 +++++++++++++++++---------------- dev/docker-entrypoint.sh | 13 +++-- 3 files changed, 106 insertions(+), 105 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 0166050..c89c104 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -12,63 +12,69 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:jessie AS runtime +FROM debian:stretch -LABEL maintainer="CouchDB Developers " +MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ - libicu52 \ + curl \ + dirmngr \ + gnupg \ + haproxy \ + libicu57 \ libmozjs185-1.0 \ openssl \ - && rm -rf /var/lib/apt/lists/* + python && \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# Dependencies only needed during build time. This layer will also be cached -# unless for each clone_url. -FROM runtime AS build_dependencies + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + apt-get purge -y --auto-remove wget RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - gcc \ - g++ \ - curl \ + build-essential \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -76,9 +82,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - make \ - python \ - python-pip + python-setuptools \ + python-pip \ + python-wheel RUN pip install \ sphinx \ @@ -87,8 +93,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -99,28 +105,21 @@ RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure -# This layer performs the actual build of a relocatable, self-contained -# release of CouchDB. It pulls down the latest changes from the remote -# origin (because the layer above will be cached) and switches to the -# branch specified in the build_arg (defaults to master) -FROM build_dependencies AS build - ARG checkout_branch=master ARG configure_options -WORKDIR /usr/src/couchdb +WORKDIR /usr/src/couchdb/ RUN git fetch origin \ && git checkout $checkout_branch \ && ./configure $configure_options \ - && make couch - -# we skip any finalisation of this image since this is purely for testing + && make all # Setup directories and permissions RUN chown -R couchdb:couchdb /usr/src/couchdb -WORKDIR /usr/src/couchdb -EXPOSE 5984 4369 9100 +WORKDIR /opt/couchdb +EXPOSE 5984 15984 25984 35984 +VOLUME ["/usr/src/couchdb/dev/lib"] ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] CMD ["--with-haproxy"] diff --git a/dev/Dockerfile b/dev/Dockerfile index ba3e259..1b43ba7 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,63 +12,71 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:jessie AS runtime +FROM debian:stretch as runtime -LABEL maintainer="CouchDB Developers " +MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ - libicu52 \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ libmozjs185-1.0 \ openssl \ - && rm -rf /var/lib/apt/lists/* + python && \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + apt-get purge -y --auto-remove wget # Dependencies only needed during build time. This layer will also be cached -# unless for each clone_url. FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - gcc \ - g++ \ - curl \ + build-essential \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -76,14 +84,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - make \ - python \ + python-setuptools \ python-pip \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra + python-wheel RUN pip install \ sphinx \ @@ -92,8 +95,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -121,7 +124,7 @@ RUN git fetch origin \ # This results in a single layer image (or at least skips the build stuff?) FROM runtime -COPY --from=build /usr/src/couchdb/rel/couchdb /opt/ +COPY --from=build /usr/src/couchdb/rel/couchdb /opt/couchdb # Add configuration COPY local.ini /opt/couchdb/etc/default.d/ diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index dda823d..718779e 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -26,13 +26,12 @@ fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb + chown -fR couchdb:couchdb /opt/couchdb || true - chmod -R 0770 /opt/couchdb/data + chmod -fR 0770 /opt/couchdb/data || true - chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/local.d/*.ini - chmod 775 /opt/couchdb/etc/*.d + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + chmod -f 775 /opt/couchdb/etc/*.d || true if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args @@ -41,13 +40,13 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi if [ "$COUCHDB_SECRET" ]; then # Set secret printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi # if we don't find an [admins] section followed by a non-comment, display a warning From dffb6e98332507af16a654d5ff14311a82f2188f Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 11 Apr 2018 13:44:55 -0400 Subject: [PATCH 133/227] Update dev section --- README.md | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index aa066c1..ef684ec 100644 --- a/README.md +++ b/README.md @@ -61,9 +61,6 @@ You must create `_global_changes`, `_metadata`, `_replicator` and `_users` after The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! -[...] -``` - Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. ## Run (1.7.1) @@ -94,7 +91,7 @@ If you need (or want) to run couchdb in `net=host` mode, you can customize the p - `COUCHDB_HTTP_BIND_ADDRESS` (default: `0.0.0.0`) - `COUCHDB_HTTP_PORT` (default: `5984`) -### with couchperuser plugin +### 1.7.1 with couchperuser plugin This build includes the `couchperuser` plugin. `couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). @@ -103,19 +100,26 @@ This build includes the `couchperuser` plugin. [sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1-couchperuser ``` -### In a developer cluster +## Development images + +This repository provides definitions to run the very latest (`master` branch) +CouchDB code: -This build demonstrates the CouchDB clustering features by creating a local -cluster of a default three nodes inside the container, with a proxy in front. -This is great for testing clustering in your local environment. +* `dev` runs a single node off of the `master` branch, similar to the other + officially released images. +* `dev-cluster` demonstrates the CouchDB clustering features by creating a + local cluster of a default three nodes inside the container, with a proxy in + front. This is great for testing clustering in your local environment. You will need to build Docker images from the `dev` directory in this repository; [Apache Software Foundation policy][4] prevents us from publishing non-release builds for wide distribution. +When launching the `dev-cluster` container, here is what you will see: + ```bash # expose the cluster to the world -[sudo] docker run -it -p 5984:5984 +$ docker run -it -p 5984:5984 [ * ] Setup environment ... ok [ * ] Ensure CouchDB is built ... ok @@ -132,24 +136,24 @@ Admin username: root Password: 37l7YDQJ Time to hack! ... ``` -**Note:** By default the cluster will be exposed on port `5984`, because it uses haproxy -(passes `--with-haproxy` to `dev/run`) internally. +**Note:** By default the cluster will be exposed on port `5984`, because it uses haproxy (passes `--with-haproxy` to `dev/run`) internally. -...but you can pass arguments to the binary +You can pass arguments to the binary: ```bash docker run -it --admin=foo:bar ``` + **Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose the cluster on `5984`, pass `--with-haproxy` explicitly. -Examples: +More examples: ```bash # display the available options of the couchdb startup script docker run --rm --help -# Enable admin party 🎉 and expose the cluster on port 5984 +# Enable admin party and expose the cluster on port 5984 docker run -it -p 5984:5984 --with-admin-party-please --with-haproxy # Start two nodes (without proxy) exposed on port 15984 and 25984 @@ -178,7 +182,7 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` -For the `2.1` image, configuration is stored at `/opt/couchdb/etc/`. +For the `2` image, configuration is stored at `/opt/couchdb/etc/`. ## Feedback, Issues, Contributing From aa7931f88fbbbb435a8f8e24998e3b5e08ea87ea Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 02:08:18 -0400 Subject: [PATCH 134/227] Update Node for dev image --- dev/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/Dockerfile b/dev/Dockerfile index 1b43ba7..4b5b2af 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -95,8 +95,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli From a1f4d9d579a7986d27a791c7b7ede50b13157751 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 02:24:13 -0400 Subject: [PATCH 135/227] update docs deps and dev-cluster node to 8.x --- dev-cluster/Dockerfile | 8 ++++---- dev/Dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index c89c104..14df4b1 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -84,17 +84,17 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libmozjs185-dev \ python-setuptools \ python-pip \ + python-sphinx \ python-wheel -RUN pip install \ - sphinx \ +RUN pip install --upgrade \ sphinx_rtd_theme # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli diff --git a/dev/Dockerfile b/dev/Dockerfile index 4b5b2af..24db534 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -86,10 +86,10 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libmozjs185-dev \ python-setuptools \ python-pip \ + python-sphinx \ python-wheel -RUN pip install \ - sphinx \ +RUN pip install --upgrade \ sphinx_rtd_theme # Node is special From 40389583b40ad08b008890aa20af5093c755d1d9 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Mon, 21 May 2018 08:31:36 -0400 Subject: [PATCH 136/227] Persist custom config settings across restarts This patch ensures that configuration properties set using the _config endpoint survive container restarts. Previously these settings would be erased by the code in the entrypoint that writes down the admin user and cookie auth secret. The patch also takes care to ensure that the admin user and secret are not accidentally left on the disk in plaintext -- i.e., it ensures that the entrypoint writes these settings into the last entry in the config chain. Finally, the patch ensures that local.d is always used to store custom configuration. Backing local.d by a persistent volume should allow for the config properties to survive a Pod being rescheduled onto another node by Kubernetes. --- dev/docker-entrypoint.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 718779e..de42028 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -37,18 +37,25 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args fi + # Ensure that CouchDB will write custom settings in this file + touch /opt/couchdb/etc/local.d/docker.ini + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi fi if [ "$COUCHDB_SECRET" ]; then - # Set secret - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # if we don't find an [admins] section followed by a non-comment, display a warning if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) From 59c4c8ddfa10a1d9cd828cd7814e62f3368fe197 Mon Sep 17 00:00:00 2001 From: Le Mouellic Maxime Date: Thu, 17 May 2018 18:27:13 +0200 Subject: [PATCH 137/227] Fix configuration save On restart configuration saved in local.d/ was lost Closes #78 --- 1.7.1/docker-entrypoint.sh | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/1.7.1/docker-entrypoint.sh b/1.7.1/docker-entrypoint.sh index c1c9f56..db5a60e 100755 --- a/1.7.1/docker-entrypoint.sh +++ b/1.7.1/docker-entrypoint.sh @@ -36,7 +36,31 @@ if [ "$1" = 'couchdb' ]; then chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini fi - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + if [ -f /usr/local/etc/couchdb/local.d/bind_address.ini ]; then + if ! grep -Fq "port =" /usr/local/etc/couchdb/local.d/bind_address.ini; then + vport=$(printf "[httpd]\\\nport = %s" ${COUCHDB_HTTP_PORT:=5984}) + if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then + sed -i -e "s/\\[httpd\\]/$vport/g" /usr/local/etc/couchdb/local.d/bind_address.ini + else + printf "$vport" >> /usr/local/etc/couchdb/local.d/bind_address.ini + fi + + fi + + if ! grep -Fq "bind_address =" /usr/local/etc/couchdb/local.d/bind_address.ini; then + vaddress=$(printf "[httpd]\\\nbind_address = %s" ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0}) + if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then + sed -i -e "s/\\[httpd\\]/$vaddress/g" /usr/local/etc/couchdb/local.d/bind_address.ini + else + printf "$vaddress" >> /usr/local/etc/couchdb/local.d/bind_address.ini + fi + + fi + + else + printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini + fi + chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini # if we don't find an [admins] section followed by a non-comment, display a warning From 9057152522f919c79acde1a61ad25c31d0ad2f25 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 13:21:32 -0700 Subject: [PATCH 138/227] Backport fix for #81 and #82 to 2.1.x image --- 2.1.1/docker-entrypoint.sh | 30 ++++++++++++++++++------------ dev/docker-entrypoint.sh | 2 +- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/2.1.1/docker-entrypoint.sh b/2.1.1/docker-entrypoint.sh index e03cd1a..c60c957 100755 --- a/2.1.1/docker-entrypoint.sh +++ b/2.1.1/docker-entrypoint.sh @@ -26,32 +26,38 @@ fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb + chown -fR couchdb:couchdb /opt/couchdb || true - chmod -R 0770 /opt/couchdb/data + chmod -fR 0770 /opt/couchdb/data || true - chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/default.d/*.ini - chmod 775 /opt/couchdb/etc/*.d + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + chmod -f 775 /opt/couchdb/etc/*.d || true if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args fi + # Ensure that CouchDB will write custom settings in this file + touch /opt/couchdb/etc/local.d/docker.ini + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi fi if [ "$COUCHDB_SECRET" ]; then - # Set secret - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index de42028..c60c957 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -57,7 +57,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** From ca9b039d036d1482fd1e5ce67176f05cf959beed Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 10 Jul 2018 14:51:42 -0700 Subject: [PATCH 139/227] Upgrade 1.7.1, 2.1.1 -> 1.7.2, 2.1.2 --- .travis.yml | 12 +++++------- .../Dockerfile | 2 +- .../docker-entrypoint.sh | 0 {1.7.1 => 1.7.2}/Dockerfile | 2 +- {1.7.1 => 1.7.2}/docker-entrypoint.sh | 0 {2.1.1 => 2.1.2}/10-docker-default.ini | 0 {2.1.1 => 2.1.2}/Dockerfile | 2 +- {2.1.1 => 2.1.2}/docker-entrypoint.sh | 0 {2.1.1 => 2.1.2}/vm.args | 0 9 files changed, 8 insertions(+), 10 deletions(-) rename {1.7.1-couchperuser => 1.7.2-couchperuser}/Dockerfile (98%) rename {1.7.1-couchperuser => 1.7.2-couchperuser}/docker-entrypoint.sh (100%) rename {1.7.1 => 1.7.2}/Dockerfile (99%) rename {1.7.1 => 1.7.2}/docker-entrypoint.sh (100%) rename {2.1.1 => 2.1.2}/10-docker-default.ini (100%) rename {2.1.1 => 2.1.2}/Dockerfile (99%) rename {2.1.1 => 2.1.2}/docker-entrypoint.sh (100%) rename {2.1.1 => 2.1.2}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 7db5791..5811b4c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,12 +4,10 @@ services: - docker env: - - RELEASE=1.7.1 - - RELEASE=1.7.1-couchperuser - - RELEASE=2.1.1 - - RELEASE=dev - - RELEASE=dev-cluster + - RELEASES="1.7.2 1.7.2-couchperuser" + - RELEASES=2.1.2 + - RELEASES=dev + - RELEASES=dev-cluster script: - - docker build -t couchdb:$RELEASE $RELEASE - - docker run -d -p 5984:5984 couchdb:$RELEASE && sleep 10 && curl http://localhost:5984 + - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -p 5984:5984 couchdb:$rel && sleep 10 && curl http://localhost:5984 && docker kill $rel; done diff --git a/1.7.1-couchperuser/Dockerfile b/1.7.2-couchperuser/Dockerfile similarity index 98% rename from 1.7.1-couchperuser/Dockerfile rename to 1.7.2-couchperuser/Dockerfile index 1ed7a4c..510a458 100644 --- a/1.7.1-couchperuser/Dockerfile +++ b/1.7.2-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.7.1 +FROM couchdb:1.7.2 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.7.1-couchperuser/docker-entrypoint.sh b/1.7.2-couchperuser/docker-entrypoint.sh similarity index 100% rename from 1.7.1-couchperuser/docker-entrypoint.sh rename to 1.7.2-couchperuser/docker-entrypoint.sh diff --git a/1.7.1/Dockerfile b/1.7.2/Dockerfile similarity index 99% rename from 1.7.1/Dockerfile rename to 1.7.2/Dockerfile index da36f22..95b49be 100644 --- a/1.7.1/Dockerfile +++ b/1.7.2/Dockerfile @@ -76,7 +76,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 1.7.1 +ENV COUCHDB_VERSION 1.7.2 # download dependencies, compile and install couchdb, # set correct permissions, expose couchdb to the outside and disable logging to disk diff --git a/1.7.1/docker-entrypoint.sh b/1.7.2/docker-entrypoint.sh similarity index 100% rename from 1.7.1/docker-entrypoint.sh rename to 1.7.2/docker-entrypoint.sh diff --git a/2.1.1/10-docker-default.ini b/2.1.2/10-docker-default.ini similarity index 100% rename from 2.1.1/10-docker-default.ini rename to 2.1.2/10-docker-default.ini diff --git a/2.1.1/Dockerfile b/2.1.2/Dockerfile similarity index 99% rename from 2.1.1/Dockerfile rename to 2.1.2/Dockerfile index 1ffb317..9520b6c 100644 --- a/2.1.1/Dockerfile +++ b/2.1.2/Dockerfile @@ -79,7 +79,7 @@ RUN set -xe \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done -ENV COUCHDB_VERSION 2.1.1 +ENV COUCHDB_VERSION 2.1.2 # Download dev dependencies RUN buildDeps=' \ diff --git a/2.1.1/docker-entrypoint.sh b/2.1.2/docker-entrypoint.sh similarity index 100% rename from 2.1.1/docker-entrypoint.sh rename to 2.1.2/docker-entrypoint.sh diff --git a/2.1.1/vm.args b/2.1.2/vm.args similarity index 100% rename from 2.1.1/vm.args rename to 2.1.2/vm.args From 0b03521edeea030bd07244264f60980bebd45b48 Mon Sep 17 00:00:00 2001 From: Thomas Prevet Date: Thu, 12 Jul 2018 16:11:35 +0200 Subject: [PATCH 140/227] add end of line before inserting [admin] and [secret] in case of docker.ini already exists --- 2.1.2/docker-entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2.1.2/docker-entrypoint.sh b/2.1.2/docker-entrypoint.sh index c60c957..4ba69b4 100755 --- a/2.1.2/docker-entrypoint.sh +++ b/2.1.2/docker-entrypoint.sh @@ -43,14 +43,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi From 0d8752ef22787adc737d050affadf1bb549b5023 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 23 Jul 2018 23:15:36 -0700 Subject: [PATCH 141/227] Use debian stretch, closes #91 --- 2.1.2/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/2.1.2/Dockerfile b/2.1.2/Dockerfile index 9520b6c..ed9cc38 100644 --- a/2.1.2/Dockerfile +++ b/2.1.2/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:jessie +FROM debian:stretch MAINTAINER CouchDB Developers dev@couchdb.apache.org @@ -22,9 +22,11 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ curl \ erlang-nox \ erlang-reltool \ - libicu52 \ + libicu57 \ libmozjs185-1.0 \ openssl \ + gpg \ + dirmngr \ && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling From dabb7d2d530d34558b9160c143fbf2d92a57e943 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 25 Jul 2018 20:05:26 -0700 Subject: [PATCH 142/227] Prep 2.2.0 docker iamge --- .travis.yml | 2 +- 2.1.2/Dockerfile | 129 -------------------- {2.1.2 => 2.2.0}/10-docker-default.ini | 0 2.2.0/Dockerfile | 156 +++++++++++++++++++++++++ {2.1.2 => 2.2.0}/docker-entrypoint.sh | 0 {2.1.2 => 2.2.0}/vm.args | 0 dev/Dockerfile | 107 +++++++++-------- dev/docker-entrypoint.sh | 4 +- 8 files changed, 218 insertions(+), 180 deletions(-) delete mode 100644 2.1.2/Dockerfile rename {2.1.2 => 2.2.0}/10-docker-default.ini (100%) create mode 100644 2.2.0/Dockerfile rename {2.1.2 => 2.2.0}/docker-entrypoint.sh (100%) rename {2.1.2 => 2.2.0}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 5811b4c..fb7596c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ services: env: - RELEASES="1.7.2 1.7.2-couchperuser" - - RELEASES=2.1.2 + - RELEASES=2.2.0 - RELEASES=dev - RELEASES=dev-cluster diff --git a/2.1.2/Dockerfile b/2.1.2/Dockerfile deleted file mode 100644 index ed9cc38..0000000 --- a/2.1.2/Dockerfile +++ /dev/null @@ -1,129 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:stretch - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Add CouchDB user account -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - erlang-reltool \ - libicu57 \ - libmozjs185-1.0 \ - openssl \ - gpg \ - dirmngr \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ - 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ - 2EC788AE3F239FA13E82D215CDE711289384AE37 -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 2.1.2 - -# Download dev dependencies -RUN buildDeps=' \ - apt-transport-https \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - make \ - ' \ - && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ - # Acquire CouchDB source code - && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ - && cd couchdb \ - # Build the release and install into /opt - && ./configure --disable-docs \ - && make release \ - && mv /usr/src/couchdb/rel/couchdb /opt/ \ - # Cleanup build detritus - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ - && mkdir /opt/couchdb/data \ - && chown -R couchdb:couchdb /opt/couchdb - -# Add configuration -COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY vm.args /opt/couchdb/etc/ - -COPY ./docker-entrypoint.sh / - -# Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args - -WORKDIR /opt/couchdb -EXPOSE 5984 4369 9100 -VOLUME ["/opt/couchdb/data"] - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.1.2/10-docker-default.ini b/2.2.0/10-docker-default.ini similarity index 100% rename from 2.1.2/10-docker-default.ini rename to 2.2.0/10-docker-default.ini diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile new file mode 100644 index 0000000..5d1d17f --- /dev/null +++ b/2.2.0/Dockerfile @@ -0,0 +1,156 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:stretch + +MAINTAINER CouchDB Developers dev@couchdb.apache.org + +# Add CouchDB user account +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ + libssl1.1 \ + openssl \ + python \ + && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ + | tee /etc/apt/sources.list.d/couchdb.list \ + && cat /etc/apt/sources.list.d/couchdb.list \ + && for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + done \ + && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ + && rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.10 +ENV TINI_VERSION 0.16.1 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget + +# https://www.apache.org/dist/couchdb/KEYS +ENV GPG_KEYS \ + 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ + 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ + 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ + 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ + 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ + 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ + C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ + D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ + E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ + 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ + 2EC788AE3F239FA13E82D215CDE711289384AE37 +RUN set -xe \ + && for key in $GPG_KEYS; do \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys "$key" && break || : ; \ + done; \ + done + +ENV COUCHDB_VERSION 2.2.0 + +# Download dev dependencies +RUN buildDeps=' \ + apt-transport-https \ + build-essential \ + couch-libmozjs185-dev \ + erlang-dev \ + erlang-nox \ + erlang-reltool \ + libcurl4-openssl-dev \ + libicu-dev \ + make \ + libssl-dev \ + ' \ + && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ + # Acquire CouchDB source code + && cd /usr/src && mkdir couchdb \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ + && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ + && cd couchdb \ + # Build the release and install into /opt + && ./configure \ + && make release \ + && mv /usr/src/couchdb/rel/couchdb /opt/ \ + # Cleanup build detritus + && apt-get purge -y --auto-remove $buildDeps \ + && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ + && mkdir /opt/couchdb/data \ + && chown -R couchdb:couchdb /opt/couchdb + +# Add configuration +COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY vm.args /opt/couchdb/etc/ +COPY docker-entrypoint.sh / + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args + +WORKDIR /opt/couchdb +EXPOSE 5984 4369 9100 +VOLUME ["/opt/couchdb/data"] + +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.1.2/docker-entrypoint.sh b/2.2.0/docker-entrypoint.sh similarity index 100% rename from 2.1.2/docker-entrypoint.sh rename to 2.2.0/docker-entrypoint.sh diff --git a/2.1.2/vm.args b/2.2.0/vm.args similarity index 100% rename from 2.1.2/vm.args rename to 2.2.0/vm.args diff --git a/dev/Dockerfile b/dev/Dockerfile index 24db534..cac8133 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -17,59 +17,71 @@ FROM debian:stretch as runtime MAINTAINER CouchDB Developers dev@couchdb.apache.org # Add CouchDB user account -RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - dirmngr \ - gnupg \ - libicu57 \ - libmozjs185-1.0 \ - openssl \ - python && \ - rm -rf /var/lib/apt/lists/* +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +RUN apt-get update -y && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ + libssl1.1 \ + openssl \ + python \ + && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ + | tee /etc/apt/sources.list.d/couchdb.list \ + && cat /etc/apt/sources.list.d/couchdb.list \ + && for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + done \ + && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ + && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - apt-get purge -y --auto-remove wget + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + \ + apt-get purge -y --auto-remove wget # Dependencies only needed during build time. This layer will also be cached FROM runtime AS build_dependencies @@ -77,13 +89,13 @@ FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ build-essential \ + couch-libmozjs185-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ git \ libcurl4-openssl-dev \ libicu-dev \ - libmozjs185-dev \ python-setuptools \ python-pip \ python-sphinx \ @@ -100,9 +112,8 @@ RUN set -ex; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli - # Clone CouchDB source code including all dependencies -ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git +ARG clone_url=https://github.com/apache/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index c60c957..4ba69b4 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -43,14 +43,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi From f429c1ccf22fe8cf7717383462fbf2f56e6d0301 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 8 Aug 2018 08:14:19 -0700 Subject: [PATCH 143/227] Feedback from @tianon + deprecate 1.x images --- 2.2.0/Dockerfile | 4 ++-- README.md | 61 +++++++----------------------------------------- dev/Dockerfile | 4 ++-- 3 files changed, 12 insertions(+), 57 deletions(-) diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile index 5d1d17f..6d52272 100644 --- a/2.2.0/Dockerfile +++ b/2.2.0/Dockerfile @@ -34,9 +34,9 @@ RUN apt-get update -y && apt-get install -y \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ - && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ && rm -rf /var/lib/apt/lists/* diff --git a/README.md b/README.md index ef684ec..c2497d5 100644 --- a/README.md +++ b/README.md @@ -2,28 +2,22 @@ Put the couch in a docker container and ship it anywhere. -If you're looking for a CouchDB with SSL support you can check out [klaemo/couchdb-ssl](https://index.docker.io/u/klaemo/couchdb-ssl/) - -- Version (stable): `CouchDB 1.7.1`, `Erlang 17.3` -- Version (stable): `CouchDB 2.1.1`, `Erlang 17.3` +- Version (stable): `CouchDB 2.2.0`, `Erlang 19.2.1` ## Available tags -- `1.7.1`: CouchDB 1.7.1 -- `1.7.1-couchperuser`: CouchDB 1.7.1 with couchperuser plugin -- `latest`, `2.1.1`: CouchDB 2.1.1 single node (capable of running in a cluster) +- `latest`, `2.2.0`: CouchDB 2.2.0 single node (capable of running in a cluster) ## Features -* built on top of the solid and small `debian:jessie` base image +* built on top of the solid and small `debian:stretch` base image * exposes CouchDB on port `5984` of the container * runs everything as user `couchdb` (security ftw!) * docker volume for data -## Run (latest/2.1.1) +## Run Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). -This is a build of the CouchDB 2.1 release. By default, CouchDB's HTTP interface is exposed on port `5984`. Once running, you can visit the new admin interface at `http://:5984/_utils/` @@ -38,8 +32,7 @@ $ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local 18:54:48.780 [info] Application couch_mrview started on node nonode@nohost 18:54:48.780 [info] Application couch_plugins started on node nonode@nohost ``` - -### Detailed configuration (latest/2.x) +### Detailed configuration CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to bind map this to an external directory, to persist the configuration across restarts. @@ -53,7 +46,7 @@ In addition, a few environment variables are provided to set very common paramet If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. -### Important notes (latest/2.x) +### Important notes Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. @@ -63,43 +56,6 @@ The node will also start in [admin party mode](http://guide.couchdb.org/draft/se Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. -## Run (1.7.1) - -Available as an official image on Docker Hub as [apache/couchdb:1.7.1](https://hub.docker.com/r/apache/couchdb/) - -```bash -[sudo] docker pull apache/couchdb:1.7.1 - -# expose it to the world on port 5984 -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1 - -curl http://localhost:5984 -``` - -...or with mounted volume for the data - -```bash -# expose it to the world on port 5984 and use your current directory as the CouchDB Database directory -[sudo] docker run -d -p 5984:5984 -v $(pwd):/usr/local/var/lib/couchdb --name couchdb apache/couchdb:1.7.1 -``` - -If you want to provide your own config, you can either mount a directory at `/usr/local/etc/couchdb` -or extend the image and `COPY` your `config.ini` (see [Build you own](#build-your-own)). - -If you need (or want) to run couchdb in `net=host` mode, you can customize the port and bind address using environment variables: - - - `COUCHDB_HTTP_BIND_ADDRESS` (default: `0.0.0.0`) - - `COUCHDB_HTTP_PORT` (default: `5984`) - -### 1.7.1 with couchperuser plugin - -This build includes the `couchperuser` plugin. -`couchperuser` is a CouchDB plugin daemon that creates per-user databases [github.com/etrepum/couchperuser](https://github.com/etrepum/couchperuser). - -``` -[sudo] docker run -d -p 5984:5984 --name couchdb apache/couchdb:1.7.1-couchperuser -``` - ## Development images This repository provides definitions to run the very latest (`master` branch) @@ -172,7 +128,7 @@ Example Dockerfile: ``` FROM apache/couchdb:latest -COPY local.ini /usr/local/etc/couchdb/local.d/ +COPY 99-local.ini /opt/couchdb/etc/local.d ``` and then build and run @@ -182,8 +138,6 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` -For the `2` image, configuration is stored at `/opt/couchdb/etc/`. - ## Feedback, Issues, Contributing General feedback is welcome at our [user][1] or [developer][2] mailing lists. @@ -196,6 +150,7 @@ use GitHub Issues, do not report anything on Docker's website. - [@klaemo](https://github.com/klaemo) - [@joeybaker](https://github.com/joeybaker) +- [@tianon](https://github.com/tianon) [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ [2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ diff --git a/dev/Dockerfile b/dev/Dockerfile index cac8133..de2d57f 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -36,9 +36,9 @@ RUN apt-get update -y && apt-get install -y \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 379CE192D401AB61 && break || : ; \ + gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ - && gpg -a --export 379CE192D401AB61 | apt-key add - \ + && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ && rm -rf /var/lib/apt/lists/* From ca8c02bba82b832ab493db5a69bf8ad158a3f0e0 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 29 Aug 2018 16:37:03 -0400 Subject: [PATCH 144/227] Do not remove apt-transport-https --- 2.2.0/Dockerfile | 1 - dev/Dockerfile | 1 - 2 files changed, 2 deletions(-) diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile index 6d52272..c5ae1d6 100644 --- a/2.2.0/Dockerfile +++ b/2.2.0/Dockerfile @@ -111,7 +111,6 @@ ENV COUCHDB_VERSION 2.2.0 # Download dev dependencies RUN buildDeps=' \ - apt-transport-https \ build-essential \ couch-libmozjs185-dev \ erlang-dev \ diff --git a/dev/Dockerfile b/dev/Dockerfile index de2d57f..c5cb382 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -87,7 +87,6 @@ RUN set -ex; \ FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ - apt-transport-https \ build-essential \ couch-libmozjs185-dev \ erlang-nox \ From 87dc8d2eab8ca5483c8d1155d7bdc1dd7aabe337 Mon Sep 17 00:00:00 2001 From: Martin Barth Date: Tue, 18 Sep 2018 17:24:36 +0200 Subject: [PATCH 145/227] Added information about cluster configuration. This Fixes #106 (#108) Added information about cluster configuration. Closes #106 --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index c2497d5..ae9f947 100644 --- a/README.md +++ b/README.md @@ -43,9 +43,12 @@ In addition, a few environment variables are provided to set very common paramet * `COUCHDB_USER` and `COUCHDB_PASSWORD` will create an ini-file based local admin user with the given username and password in the file `/opt/couchdb/etc/local.d/docker.ini`. * `COUCHDB_SECRET` will set the CouchDB shared cluster secret value, in the file `/opt/couchdb/etc/local.d/docker.ini`. * `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. +* Erlang Environment Variables like `ELR_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). + ### Important notes Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. From 262dc3542da411464ad857a0cad5171bd48fe1fa Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Sat, 20 Oct 2018 13:21:04 -0400 Subject: [PATCH 146/227] Conditionally set ownership and permissions in entrypoint (#110) * Chown files in /opt/couchdb only when necessary Recursive modification of ownership and permissions in the entry point has been implicated in slow container startup times. This change checks the ownership first and only modifies it if necessary. It is modelled after similar changes recently applied to a number of other projects e.g. docker-library/redis#166. * Chmod data files only if necessary Previously we had been doing a blanket recursive chmod to 770 on everything in the datadir. This had a few problems: - The files themselves need not have the executable bit set - CouchDB itself creates directories and files with 755/644 - Executing lots of chmod operations caused startup delays This patch makes the execution of chmod conditional, and works to set the permissions to what they would normally be when CouchDB creates the the files and directories. * Chmod config files only if necessary This patch also drops the target permissions from 775/664 to 755/644, as the latter permissions are the ones set by the CouchDB installation itself. --- 2.2.0/docker-entrypoint.sh | 25 ++++++++++++++++++++----- dev/docker-entrypoint.sh | 25 ++++++++++++++++++++----- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/2.2.0/docker-entrypoint.sh b/2.2.0/docker-entrypoint.sh index 4ba69b4..7fdb04b 100755 --- a/2.2.0/docker-entrypoint.sh +++ b/2.2.0/docker-entrypoint.sh @@ -25,13 +25,28 @@ if [ "$1" = 'couchdb' ]; then fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -fR couchdb:couchdb /opt/couchdb || true + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - chmod -fR 0770 /opt/couchdb/data || true + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; - chmod -f 775 /opt/couchdb/etc/*.d || true + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 4ba69b4..7fdb04b 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -25,13 +25,28 @@ if [ "$1" = 'couchdb' ]; then fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -fR couchdb:couchdb /opt/couchdb || true + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - chmod -fR 0770 /opt/couchdb/data || true + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; - chmod -f 775 /opt/couchdb/etc/*.d || true + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args From 15be354733150ddc6358a851997047118bbfb29b Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 3 Dec 2018 19:04:50 -0500 Subject: [PATCH 147/227] Fix dev builds: gpg --batch, python3/pip3 (#119) --- .travis.yml | 5 +++++ dev-cluster/Dockerfile | 22 ++++++++++++---------- dev/Dockerfile | 24 +++++++++++++----------- 3 files changed, 30 insertions(+), 21 deletions(-) diff --git a/.travis.yml b/.travis.yml index fb7596c..e7d5e04 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,10 @@ sudo: required +# Avoid double build on PRs (See https://github.com/travis-ci/travis-ci/issues/1147) +branches: + only: + - master + services: - docker diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 14df4b1..d2fd296 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -27,8 +27,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ haproxy \ libicu57 \ libmozjs185-1.0 \ - openssl \ - python && \ + openssl && \ rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling @@ -49,7 +48,7 @@ RUN set -ex; \ keyserver.ubuntu.com \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu) ; do \ - gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + gpg --batch --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ done; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ @@ -64,7 +63,7 @@ RUN set -ex; \ keyserver.ubuntu.com \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu) ; do \ - gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + gpg --batch --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done; \ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ @@ -82,13 +81,16 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - python-setuptools \ - python-pip \ - python-sphinx \ - python-wheel + python3 \ + libpython3-dev \ + python3-pip \ + python3-sphinx -RUN pip install --upgrade \ - sphinx_rtd_theme +RUN pip3 install --upgrade \ + sphinx_rtd_theme \ + nose \ + requests \ + hypothesis # Node is special RUN set -ex; \ diff --git a/dev/Dockerfile b/dev/Dockerfile index c5cb382..a92dfc0 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -28,7 +28,6 @@ RUN apt-get update -y && apt-get install -y \ libicu57 \ libssl1.1 \ openssl \ - python \ && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ | tee /etc/apt/sources.list.d/couchdb.list \ && cat /etc/apt/sources.list.d/couchdb.list \ @@ -36,7 +35,7 @@ RUN apt-get update -y && apt-get install -y \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ + gpg --batch --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ @@ -59,7 +58,7 @@ RUN set -ex; \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ done; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ @@ -74,7 +73,7 @@ RUN set -ex; \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done; \ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ @@ -95,13 +94,16 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ git \ libcurl4-openssl-dev \ libicu-dev \ - python-setuptools \ - python-pip \ - python-sphinx \ - python-wheel - -RUN pip install --upgrade \ - sphinx_rtd_theme + python3 \ + libpython3-dev \ + python3-pip \ + python3-sphinx + +RUN pip3 install --upgrade \ + sphinx_rtd_theme \ + nose \ + requests \ + hypothesis # Node is special RUN set -ex; \ From 6359c41ec740c5f35317d971388e071d3a441566 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 3 Dec 2018 20:26:02 -0500 Subject: [PATCH 148/227] Switch main Dockerfile to use binary Debian packages (#118) --- .travis.yml | 2 + 2.2.0/Dockerfile | 143 ++++++++++++++++++----------------------------- README.md | 42 +++++++++----- 3 files changed, 84 insertions(+), 103 deletions(-) diff --git a/.travis.yml b/.travis.yml index e7d5e04..8b88a67 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,7 @@ sudo: required +language: minimal + # Avoid double build on PRs (See https://github.com/travis-ci/travis-ci/issues/1147) branches: only: diff --git a/2.2.0/Dockerfile b/2.2.0/Dockerfile index c5ae1d6..5fa2bce 100644 --- a/2.2.0/Dockerfile +++ b/2.2.0/Dockerfile @@ -10,40 +10,34 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:stretch +FROM debian:stretch-slim MAINTAINER CouchDB Developers dev@couchdb.apache.org -# Add CouchDB user account +# Add CouchDB user account to make sure the IDs are assigned consistently RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb -RUN apt-get update -y && apt-get install -y \ - apt-transport-https \ - ca-certificates \ - curl \ - dirmngr \ - gnupg \ - libicu57 \ - libssl1.1 \ - openssl \ - python \ - && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ - | tee /etc/apt/sources.list.d/couchdb.list \ - && cat /etc/apt/sources.list.d/couchdb.list \ - && for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ - done \ - && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ - && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ - && rm -rf /var/lib/apt/lists/* +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + if ! command -v gpg > /dev/null; then \ + apt-get install -y --no-install-recommends \ + dirmngr \ + gnupg \ + ; \ + fi ; \ + rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 +ENV GOSU_VERSION 1.11 +ENV TINI_VERSION 0.18.0 RUN set -ex; \ \ apt-get update; \ @@ -60,7 +54,7 @@ RUN set -ex; \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ done; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ @@ -75,81 +69,54 @@ RUN set -ex; \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done; \ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget + tini --version -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B \ - 29E4F38113DF707D722A6EF91FE9AF73118F1A7C \ - 2EC788AE3F239FA13E82D215CDE711289384AE37 -RUN set -xe \ - && for key in $GPG_KEYS; do \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --keyserver $server --recv-keys "$key" && break || : ; \ - done; \ - done +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +RUN set -xe; \ + wget -O - https://couchdb.apache.org/repo/bintray-pubkey.asc | apt-key add -; \ + apt-get purge -y --auto-remove wget ENV COUCHDB_VERSION 2.2.0 -# Download dev dependencies -RUN buildDeps=' \ - build-essential \ - couch-libmozjs185-dev \ - erlang-dev \ - erlang-nox \ - erlang-reltool \ - libcurl4-openssl-dev \ - libicu-dev \ - make \ - libssl-dev \ - ' \ - && apt-get update -y -qq && apt-get install -y --no-install-recommends $buildDeps \ - # Acquire CouchDB source code - && cd /usr/src && mkdir couchdb \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://dist.apache.org/repos/dist/release/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && tar -xzf couchdb.tar.gz -C couchdb --strip-components=1 \ - && cd couchdb \ - # Build the release and install into /opt - && ./configure \ - && make release \ - && mv /usr/src/couchdb/rel/couchdb /opt/ \ - # Cleanup build detritus - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb* \ - && mkdir /opt/couchdb/data \ - && chown -R couchdb:couchdb /opt/couchdb +RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -xe; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~stretch \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ + rm -rf /var/lib/apt/lists/* # Add configuration COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ COPY vm.args /opt/couchdb/etc/ -COPY docker-entrypoint.sh / +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] # Setup directories and permissions RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args +VOLUME /opt/couchdb/data /opt/couchdb/etc/local.d -WORKDIR /opt/couchdb +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port EXPOSE 5984 4369 9100 -VOLUME ["/opt/couchdb/data"] - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] CMD ["/opt/couchdb/bin/couchdb"] diff --git a/README.md b/README.md index ae9f947..05a7721 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,6 @@ # Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) -Put the couch in a docker container and ship it anywhere. - -- Version (stable): `CouchDB 2.2.0`, `Erlang 19.2.1` +- Version (stable): `CouchDB 2.2.0`, `Erlang 19.3.5` ## Available tags @@ -10,10 +8,10 @@ Put the couch in a docker container and ship it anywhere. ## Features -* built on top of the solid and small `debian:stretch` base image +* built on top of the solid and small `debian:stretch-slim` base image * exposes CouchDB on port `5984` of the container * runs everything as user `couchdb` (security ftw!) -* docker volume for data +* docker volumes for data and config ## Run @@ -23,18 +21,32 @@ By default, CouchDB's HTTP interface is exposed on port `5984`. Once running, yo CouchDB uses `/opt/couchdb/data` to store its data, and is exposed as a volume. +CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration files, and is exposed as a volume. + Here is an example launch line for a single-node CouchDB with an admin username and password of `admin` and `password`, exposed to the world on port `5984`: ```bash -$ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d --env COUCHDB_USER=admin --env COUCHDB_PASSWORD=password apache/couchdb:2.1.1 -18:54:48.780 [info] Application lager started on node nonode@nohost -18:54:48.780 [info] Application couch_log_lager started on node nonode@nohost -18:54:48.780 [info] Application couch_mrview started on node nonode@nohost -18:54:48.780 [info] Application couch_plugins started on node nonode@nohost +$ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d --env COUCHDB_USER=admin --env COUCHDB_PASSWORD=password apache/couchdb:2.2.0 +[info] 2018-12-03T23:13:27.817076Z nonode@nohost <0.9.0> -------- Application couch_log started on node nonode@nohost +[info] 2018-12-03T23:13:27.826886Z nonode@nohost <0.9.0> -------- Application folsom started on node nonode@nohost +[info] 2018-12-03T23:13:27.902074Z nonode@nohost <0.9.0> -------- Application couch_stats started on node nonode@nohost +[info] 2018-12-03T23:13:27.902263Z nonode@nohost <0.9.0> -------- Application khash started on node nonode@nohost +[info] 2018-12-03T23:13:27.915398Z nonode@nohost <0.9.0> -------- Application couch_event started on node nonode@nohost +[info] 2018-12-03T23:13:27.915545Z nonode@nohost <0.9.0> -------- Application hyper started on node nonode@nohost +[info] 2018-12-03T23:13:27.926134Z nonode@nohost <0.9.0> -------- Application ibrowse started on node nonode@nohost +[info] 2018-12-03T23:13:27.937730Z nonode@nohost <0.9.0> -------- Application ioq started on node nonode@nohost +[info] 2018-12-03T23:13:27.937887Z nonode@nohost <0.9.0> -------- Application mochiweb started on node nonode@nohost +[info] 2018-12-03T23:13:27.953558Z nonode@nohost <0.198.0> -------- Apache CouchDB 2.2.0 is starting. + +[info] 2018-12-03T23:13:27.953626Z nonode@nohost <0.199.0> -------- Starting couch_sup +[notice] 2018-12-03T23:13:28.038617Z nonode@nohost <0.86.0> -------- config: [features] pluggable-storage-engines set to true for reason nil +[notice] 2018-12-03T23:13:28.054010Z nonode@nohost <0.86.0> -------- config: [admins] admin set to -pbkdf2-6cc5b71480085c5b31429d1374cff8de7ec1df3a,7d366ab9d34caf8903f4f11cdaf5e65c,10 for reason nil +[notice] 2018-12-03T23:13:28.098765Z nonode@nohost <0.86.0> -------- config: [couchdb] uuid set to bf7d73c802f7dbf9bb0cfd668dd94504 for reason nil +[info] 2018-12-03T23:13:28.348952Z nonode@nohost <0.198.0> -------- Apache CouchDB has started. Time to relax. ``` ### Detailed configuration -CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to bind map this to an external directory, to persist the configuration across restarts. +CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to use a volume or bind mount for this path to persist the configuration across restarts. CouchDB also uses `/opt/couchdb/etc/vm.args` to store Erlang runtime-specific changes. Changing these values is less common. If you need to change the epmd port, for instance, you will want to bind mount this file as well. (Note: files cannot be bind-mounted on Windows hosts.) @@ -43,9 +55,9 @@ In addition, a few environment variables are provided to set very common paramet * `COUCHDB_USER` and `COUCHDB_PASSWORD` will create an ini-file based local admin user with the given username and password in the file `/opt/couchdb/etc/local.d/docker.ini`. * `COUCHDB_SECRET` will set the CouchDB shared cluster secret value, in the file `/opt/couchdb/etc/local.d/docker.ini`. * `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. -* Erlang Environment Variables like `ELR_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) +* Erlang Environment Variables like `ERL_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) -If other configuration settings are desired, externally mount `/opt/couchdb/etc` and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. +If other configuration settings are desired, externally mount the entire `/opt/couchdb/etc` path and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. *Note that this will prevent you from getting important updates to the `default.ini` file when upgrading your CouchDB version. You have been warned.* For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). @@ -57,7 +69,7 @@ You must create `_global_changes`, `_metadata`, `_replicator` and `_users` after The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! -Note also that port 5986 is not exposed, as this can present *significant* security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed with the 3.x release series. +Note also that port 5986 is not exposed, as this can present **significant** security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed in CouchDB 3.0. ## Development images @@ -149,7 +161,7 @@ Apache CouchDB has a [CONTRIBUTING][3] file with details on how to get started with issue reporting or contributing to the upkeep of this project. In short, use GitHub Issues, do not report anything on Docker's website. -## Contributors +## Non-Apache CouchDB Development Team Contributors - [@klaemo](https://github.com/klaemo) - [@joeybaker](https://github.com/joeybaker) From 1aadebed0286806108959c956f46de2f2f191ff0 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 6 Dec 2018 03:25:23 -0500 Subject: [PATCH 149/227] CouchDB 2.3.0 + admin README notes (#120) --- .travis.yml | 2 +- {2.2.0 => 2.3.0}/10-docker-default.ini | 0 {2.2.0 => 2.3.0}/Dockerfile | 2 +- {2.2.0 => 2.3.0}/docker-entrypoint.sh | 0 {2.2.0 => 2.3.0}/vm.args | 0 README.md | 18 ++++++++++++++++++ 6 files changed, 20 insertions(+), 2 deletions(-) rename {2.2.0 => 2.3.0}/10-docker-default.ini (100%) rename {2.2.0 => 2.3.0}/Dockerfile (99%) rename {2.2.0 => 2.3.0}/docker-entrypoint.sh (100%) rename {2.2.0 => 2.3.0}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 8b88a67..790f6e3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,7 +12,7 @@ services: env: - RELEASES="1.7.2 1.7.2-couchperuser" - - RELEASES=2.2.0 + - RELEASES=2.3.0 - RELEASES=dev - RELEASES=dev-cluster diff --git a/2.2.0/10-docker-default.ini b/2.3.0/10-docker-default.ini similarity index 100% rename from 2.2.0/10-docker-default.ini rename to 2.3.0/10-docker-default.ini diff --git a/2.2.0/Dockerfile b/2.3.0/Dockerfile similarity index 99% rename from 2.2.0/Dockerfile rename to 2.3.0/Dockerfile index 5fa2bce..cde875e 100644 --- a/2.2.0/Dockerfile +++ b/2.3.0/Dockerfile @@ -81,7 +81,7 @@ RUN set -xe; \ wget -O - https://couchdb.apache.org/repo/bintray-pubkey.asc | apt-key add -; \ apt-get purge -y --auto-remove wget -ENV COUCHDB_VERSION 2.2.0 +ENV COUCHDB_VERSION 2.3.0 RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list diff --git a/2.2.0/docker-entrypoint.sh b/2.3.0/docker-entrypoint.sh similarity index 100% rename from 2.2.0/docker-entrypoint.sh rename to 2.3.0/docker-entrypoint.sh diff --git a/2.2.0/vm.args b/2.3.0/vm.args similarity index 100% rename from 2.2.0/vm.args rename to 2.3.0/vm.args diff --git a/README.md b/README.md index 05a7721..74c2444 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,24 @@ and then build and run [sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb ``` +## Admin uploading for CouchDB release managers + +Taking a hypothetical example of CouchDB 2.9.7, here's all of the tags you'd want: + +```bash +docker build -t apache/couchdb:2.9.7 2.9.7 +docker tag apache/couchdb:2.9.7 apache/couchdb:latest +docker tag apache/couchdb:2.9.7 apache/couchdb:2.9 +docker tag apache/couchdb:2.9.7 apache/couchdb:2 +docker login +docker push apache/couchdb:2.9.7 +docker push apache/couchdb:2.9 +docker push apache/couchdb:2 +docker push apache/couchdb:latest +``` + +Obviously don't create/push the `latest` or `2` tags if this is a maintenance branch superceded by a newer one. + ## Feedback, Issues, Contributing General feedback is welcome at our [user][1] or [developer][2] mailing lists. From ce1679b4c1312203df2af8936c367c7027d2e888 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 6 Dec 2018 18:12:53 -0500 Subject: [PATCH 150/227] Feedback from Docker official images (#121) --- 2.3.0/Dockerfile | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/2.3.0/Dockerfile b/2.3.0/Dockerfile index cde875e..fcf175b 100644 --- a/2.3.0/Dockerfile +++ b/2.3.0/Dockerfile @@ -26,12 +26,6 @@ RUN set -ex; \ dirmngr \ gnupg \ ; \ - if ! command -v gpg > /dev/null; then \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - ; \ - fi ; \ rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling and zombie reaping @@ -74,12 +68,25 @@ RUN set -ex; \ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ chmod +x /usr/local/bin/tini; \ + apt-get purge -y --auto-remove wget; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: key D401AB61: public key "Bintray (by JFrog) imported + 8756C4F765C9AC3CB6B85D62379CE192D401AB61 RUN set -xe; \ - wget -O - https://couchdb.apache.org/repo/bintray-pubkey.asc | apt-key add -; \ - apt-get purge -y --auto-remove wget + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ + done; \ + gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list ENV COUCHDB_VERSION 2.3.0 @@ -113,7 +120,7 @@ ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] # Setup directories and permissions RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args -VOLUME /opt/couchdb/data /opt/couchdb/etc/local.d +VOLUME /opt/couchdb/data # 5984: Main CouchDB endpoint # 4369: Erlang portmap daemon (epmd) From 3965c3e8ee5aeecefb64c37c507ddd814f20d9a8 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Sat, 29 Dec 2018 17:11:30 -0500 Subject: [PATCH 151/227] Documentation updates for 2.3.0 (#123) --- .github/ISSUE_TEMPLATE.md | 6 ++ README.md | 214 ++++++++++++++++++++++++++------------ 2 files changed, 151 insertions(+), 69 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index be4f816..7c59d47 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,3 +1,9 @@ + + ## Expected Behavior diff --git a/README.md b/README.md index 74c2444..05eaad9 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,78 @@ # Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) -- Version (stable): `CouchDB 2.2.0`, `Erlang 19.3.5` +- Version (stable): `CouchDB 2.3.0`, `Erlang 19.3.5` ## Available tags -- `latest`, `2.2.0`: CouchDB 2.2.0 single node (capable of running in a cluster) +- `latest`, `2.3.0`: CouchDB 2.3.0 single node (capable of running in a cluster) -## Features +# How to use this image -* built on top of the solid and small `debian:stretch-slim` base image -* exposes CouchDB on port `5984` of the container -* runs everything as user `couchdb` (security ftw!) -* docker volumes for data and config +The most up-to-date instructions on using this image are always available at https://github.com/apache/couchdb-docker/blob/master/README.md . -## Run +## Start a CouchDB instance -Available on the docker registry as [apache/couchdb:latest](https://hub.docker.com/r/apache/couchdb/). +Starting a CouchDB instantce is simple: -By default, CouchDB's HTTP interface is exposed on port `5984`. Once running, you can visit the new admin interface at `http://:5984/_utils/` +```console +$ docker run -d --name my-couchdb %%IMAGE%%:tag +``` -CouchDB uses `/opt/couchdb/data` to store its data, and is exposed as a volume. +where `my-couchdb` is the name you want to assign to your container, and `tag` is the tag specifying the CouchDB version you want. See the list above for relevant tags. -CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration files, and is exposed as a volume. +## Connect to CouchDB from an application in another Docker container -Here is an example launch line for a single-node CouchDB with an admin username and password of `admin` and `password`, exposed to the world on port `5984`: +This image exposes the standard CouchDB port `5984`, so standard container linking will make it automatically available to the linked containers. Start your application container like this in order to link it to the Cassandra container: -```bash -$ docker run -p 5984:5984 --volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d --env COUCHDB_USER=admin --env COUCHDB_PASSWORD=password apache/couchdb:2.2.0 -[info] 2018-12-03T23:13:27.817076Z nonode@nohost <0.9.0> -------- Application couch_log started on node nonode@nohost -[info] 2018-12-03T23:13:27.826886Z nonode@nohost <0.9.0> -------- Application folsom started on node nonode@nohost -[info] 2018-12-03T23:13:27.902074Z nonode@nohost <0.9.0> -------- Application couch_stats started on node nonode@nohost -[info] 2018-12-03T23:13:27.902263Z nonode@nohost <0.9.0> -------- Application khash started on node nonode@nohost -[info] 2018-12-03T23:13:27.915398Z nonode@nohost <0.9.0> -------- Application couch_event started on node nonode@nohost -[info] 2018-12-03T23:13:27.915545Z nonode@nohost <0.9.0> -------- Application hyper started on node nonode@nohost -[info] 2018-12-03T23:13:27.926134Z nonode@nohost <0.9.0> -------- Application ibrowse started on node nonode@nohost -[info] 2018-12-03T23:13:27.937730Z nonode@nohost <0.9.0> -------- Application ioq started on node nonode@nohost -[info] 2018-12-03T23:13:27.937887Z nonode@nohost <0.9.0> -------- Application mochiweb started on node nonode@nohost -[info] 2018-12-03T23:13:27.953558Z nonode@nohost <0.198.0> -------- Apache CouchDB 2.2.0 is starting. - -[info] 2018-12-03T23:13:27.953626Z nonode@nohost <0.199.0> -------- Starting couch_sup -[notice] 2018-12-03T23:13:28.038617Z nonode@nohost <0.86.0> -------- config: [features] pluggable-storage-engines set to true for reason nil -[notice] 2018-12-03T23:13:28.054010Z nonode@nohost <0.86.0> -------- config: [admins] admin set to -pbkdf2-6cc5b71480085c5b31429d1374cff8de7ec1df3a,7d366ab9d34caf8903f4f11cdaf5e65c,10 for reason nil -[notice] 2018-12-03T23:13:28.098765Z nonode@nohost <0.86.0> -------- config: [couchdb] uuid set to bf7d73c802f7dbf9bb0cfd668dd94504 for reason nil -[info] 2018-12-03T23:13:28.348952Z nonode@nohost <0.198.0> -------- Apache CouchDB has started. Time to relax. -``` -### Detailed configuration - -CouchDB uses `/opt/couchdb/etc/local.d` to store its configuration. It is highly recommended to use a volume or bind mount for this path to persist the configuration across restarts. +```console +$ docker run --name my-couchdb-app --link my-%%REPO%%:%%REPO%% -d app-that-uses-couchdb +``` + +## Exposing CouchDB to the outside world + +If you want to expose the port to the outside world, run + +```console +$ docker run -p 5984:5984 -d %%IMAGE%% +``` + +*WARNING*: Do not do this until you have established an admin user and setup permissions correctly on any databases you have created. + +If you intend to network this CouchDB instance with others in a cluster, you will need to map additional ports; see the [official CouchDB documentation](http://docs.couchdb.org/en/stable/setup/cluster.html) for details. + +## Make a cluster + +Start your multiple CouchDB instances, then follow the Setup Wizard in the [official CouchDB documentation](http://docs.couchdb.org/en/stable/setup/cluster.html) to complete the process. + +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). + +There is also a [Kubernetes helm chart](https://github.com/helm/charts/tree/master/incubator/couchdb) available. + +## Container shell access, `remsh`, and viewing logs + +The `docker exec` command allows you to run commands inside a Docker container. The following command line will give you a bash shell inside your `%%REPO%%` container: + +```console +$ docker exec -it my-%%REPO%% bash +``` + +If you need direct access to the Erlang runtime: + +```console +$ docker exec -it my-%%REPO%% /opt/couchdb/bin/remsh +``` + +The CouchDB log is available through Docker's container log: + +```console +$ docker logs my-%%REPO%% +``` + +## Configuring CouchDB + +The best way to provide configuration to the `%%REPO%%` image is to provide a custom `ini` file to CouchDB, preferably stored in the `/opt/couchdb/etc/local.d/` directory. There are many ways to provide this file to the container (via short `Dockerfile` with `FROM` + `COPY`, via [Docker Configs](https://docs.docker.com/engine/swarm/configs/), via runtime bind-mount, etc), the details of which are left as an exercise for the reader. + +Keep in mind that run-time reconfiguration of CouchDB will overwrite the [last file in the configuration chain](http://docs.couchdb.org/en/stable/config/intro.html#configuration-files), and that this Docker container creates the `/opt/couchdb/etc/local.d/docker.ini` file at startup. CouchDB also uses `/opt/couchdb/etc/vm.args` to store Erlang runtime-specific changes. Changing these values is less common. If you need to change the epmd port, for instance, you will want to bind mount this file as well. (Note: files cannot be bind-mounted on Windows hosts.) @@ -57,21 +83,95 @@ In addition, a few environment variables are provided to set very common paramet * `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. * Erlang Environment Variables like `ERL_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) -If other configuration settings are desired, externally mount the entire `/opt/couchdb/etc` path and provide `.ini` configuration files under the `/opt/couchdb/etc/local.d` directory. *Note that this will prevent you from getting important updates to the `default.ini` file when upgrading your CouchDB version. You have been warned.* -For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). +# Caveats + +## Where to Store Data + +Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the `%%REPO%%` images to familiarize themselves with the options available, including: + +- Let Docker manage the storage of your database data [by writing the database files to disk on the host system using its own internal volume management](https://docs.docker.com/engine/tutorials/dockervolumes/#adding-a-data-volume). This is the default and is easy and fairly transparent to the user. The downside is that the files may be hard to locate for tools and applications that run directly on the host system, i.e. outside containers. +- Create a data directory on the host system (outside the container) and [mount this to a directory visible from inside the container](https://docs.docker.com/engine/tutorials/dockervolumes/#mount-a-host-directory-as-a-data-volume). This places the database files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The downside is that the user needs to make sure that the directory exists, and that e.g. directory permissions and other security mechanisms on the host system are set up correctly. + +The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above: + +1. Create a data directory on a suitable volume on your host system, e.g. `/home/couchdb/data`. +2. Start your `%%REPO%%` container like this: + +```bash +$ docker run --name some-%%REPO% -v /home/couchdb/data:/opt/couchdb/data -d %%IMAGE%%:tag +``` + +The `-v /home/couchdb/data:/opt/couchdb/data` part of the command mounts the `/home/couchdb/data` directory from the underlying host system as `/opt/couchdb/data` inside the container, where CouchDB by default will write its data files. + +## No system databases until the installation is finalized + +Please note that CouchDB no longer autocreates system databases for you, as it is not known at startup time if this is a single-node or clustered CouchDB installation. In a cluster, the databases must only be created once all nodes have been joined together. + +If you use the [Cluster Setup Wizard](http://docs.couchdb.org/en/stable/setup/cluster.html#the-cluster-setup-wizard) or the [Cluster Setup API](http://docs.couchdb.org/en/stable/setup/cluster.html#the-cluster-setup-api), these databases will be created for you when you complete the process. -### Important notes +If you choose not to use the Cluster Setup wizard or API, you will have to create `_global_changes`, `_replicator` and `_users` manually. -Please note that CouchDB no longer autocreates system databases for you. This is intentional; multi-node CouchDB deployments must be joined into a cluster before creating these databases. +## Admin party mode -You must create `_global_changes`, `_metadata`, `_replicator` and `_users` after the cluster has been fully configured. (The Fauxton UI has a "Setup" wizard that does this for you.) +The node will also start in [admin party mode](https://docs.couchdb.org/en/stable/intro/security.html#the-admin-party). Be sure to create an admin user! The [Cluster Setup Wizard](http://docs.couchdb.org/en/stable/setup/cluster.html#the-cluster-setup-wizard) or the [Cluster Setup API](http://docs.couchdb.org/en/stable/setup/cluster.html#the-cluster-setup-api) will do this for you. -The node will also start in [admin party mode](http://guide.couchdb.org/draft/security.html#party)! +You can also use the two environment variables `COUCHDB_USER` and `COUCHDB_PASSWORD` to set up an admin user: -Note also that port 5986 is not exposed, as this can present **significant** security risks. We recommend either connecting to the node directly to access this port, via `docker exec -it /bin/bash` and accessing port 5986, or use of `--expose 5986` when launching the container, but **ONLY** if you do not expose this port publicly. Port 5986 is scheduled to be removed in CouchDB 3.0. +```console +$ docker run -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -d %%IMAGE%% +``` + +Note that if you are setting up a clustered CouchDB, you will want to pre-hash this password and use the identical hashed text across all nodes to ensure sessions work correctly when a load balancer is placed in front of the cluster. Hashing can be accomplished by running the container with the `/opt/couchdb/etc/local.d` directory mounted as a volume, allowing CouchDB to hash the password you set, then copying out the hashed version and using this value in the future. + +## Using a persistent CouchDB configuration file + +The CouchDB configuration is specified in `.ini` files in `/opt/couchdb/etc`. Take a look at the [CouchDB configuration documentation](http://docs.couchdb.org/en/stable/config/index.html) to learn more about CouchDB's configuration structure. + +If you want to use a customized CouchDB configuration, you can create your configuration file in a directory on the host machine and then mount that directory as `/opt/couchdb/etc/local.d` inside the `%%REPO%%` container. + +```console +$ docker run --name my-couchdb -v /home/couchdb/etc:/opt/couchdb/etc/local.d -d %%IMAGE%% +``` + +The `-v /home/couchdb/etc:/opt/couchdb/etc/local.d` part of the command mounts the `/home/couchdb/etc` directory from the underlying host system as `/opt/couchdb/etc/local.d` inside the container, where CouchDB by default will write its dynamic configuration files. + +You can also use `couchdb` as the base image for your own couchdb instance and provide your own version of the `local.ini` config file: + +Example Dockerfile: + +```dockerfile +FROM %%IMAGE%% + +COPY local.ini /opt/couchdb/etc/ +``` + +and then build and run + +```console +$ docker build -t you/awesome-couchdb . +$ docker run -d -p 5984:5984 you/awesome-couchdb +``` + +Remember that, with this approach, any newly written changes will still appear in the `/opt/couchdb/etc/local.d` directory, so it is still recommended to map this to a host path for persistence. + +## Logging -## Development images +By default containers run from this image only log to `stdout`. You can enable logging to file in the [configuration](http://docs.couchdb.org/en/2.1.0/config/logging.html). + +For example in `local.ini`: + +```ini +[log] +writer = file +file = /opt/couchdb/log/couch.log +``` + +It is recommended to then mount this path to a directory on the host, as CouchDB logging can be quite voluminous. + +----- + +# Development images This repository provides definitions to run the very latest (`master` branch) CouchDB code: @@ -115,9 +215,7 @@ You can pass arguments to the binary: docker run -it --admin=foo:bar ``` -**Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on -port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose -the cluster on `5984`, pass `--with-haproxy` explicitly. +**Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose the cluster on `5984`, pass `--with-haproxy` explicitly. More examples: ```bash @@ -131,29 +229,7 @@ docker run -it -p 5984:5984 --with-admin-party-please --with-haprox docker run -it -p 15984:15984 -p 25984:25984 -n 2 ``` -## Build your own - -You can use `apache/couchdb` as the base image for your own couchdb instance. -You might want to provide your own version of the following files: - -* `local.ini` for your custom CouchDB config - -Example Dockerfile: - -``` -FROM apache/couchdb:latest - -COPY 99-local.ini /opt/couchdb/etc/local.d -``` - -and then build and run - -``` -[sudo] docker build -t you/awesome-couchdb . -[sudo] docker run -d -p 5984:5984 -v ~/couchdb:/usr/local/var/lib/couchdb you/awesome-couchdb -``` - -## Admin uploading for CouchDB release managers +# Image uploading for CouchDB release managers Taking a hypothetical example of CouchDB 2.9.7, here's all of the tags you'd want: From 702df2a38243609829b5a3c995fe0eda7ded93a5 Mon Sep 17 00:00:00 2001 From: John Fitzpatrick Date: Tue, 8 Jan 2019 15:06:35 +1100 Subject: [PATCH 152/227] Update Dockerfile (#127) According to the Dockerfile reference, MAINTAINER has been deprecated in favour of using the LABEL instruction. This patch updates the file to use that instruction instead. Fixes #126. --- 2.3.0/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2.3.0/Dockerfile b/2.3.0/Dockerfile index fcf175b..ad1d3d3 100644 --- a/2.3.0/Dockerfile +++ b/2.3.0/Dockerfile @@ -12,7 +12,7 @@ FROM debian:stretch-slim -MAINTAINER CouchDB Developers dev@couchdb.apache.org +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" # Add CouchDB user account to make sure the IDs are assigned consistently RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb From c215380beab63ab562a297d3d4013e2ca34458ce Mon Sep 17 00:00:00 2001 From: John Fitzpatrick Date: Wed, 16 Jan 2019 04:42:15 +1100 Subject: [PATCH 153/227] Update README.md (#129) Fixes #128. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 05eaad9..bdd0682 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ The most up-to-date instructions on using this image are always available at htt ## Start a CouchDB instance -Starting a CouchDB instantce is simple: +Starting a CouchDB instance is simple: ```console $ docker run -d --name my-couchdb %%IMAGE%%:tag @@ -22,7 +22,7 @@ where `my-couchdb` is the name you want to assign to your container, and `tag` i ## Connect to CouchDB from an application in another Docker container -This image exposes the standard CouchDB port `5984`, so standard container linking will make it automatically available to the linked containers. Start your application container like this in order to link it to the Cassandra container: +This image exposes the standard CouchDB port `5984`, so standard container linking will make it automatically available to the linked containers. Start your application container like this in order to link it to the CouchDB container: ```console $ docker run --name my-couchdb-app --link my-%%REPO%%:%%REPO%% -d app-that-uses-couchdb @@ -99,7 +99,7 @@ The Docker documentation is a good starting point for understanding the differen 2. Start your `%%REPO%%` container like this: ```bash -$ docker run --name some-%%REPO% -v /home/couchdb/data:/opt/couchdb/data -d %%IMAGE%%:tag +$ docker run --name some-%%REPO%% -v /home/couchdb/data:/opt/couchdb/data -d %%IMAGE%%:tag ``` The `-v /home/couchdb/data:/opt/couchdb/data` part of the command mounts the `/home/couchdb/data` directory from the underlying host system as `/opt/couchdb/data` inside the container, where CouchDB by default will write its data files. From 3bcc626d30623789b4750d076f059bcd010c2a04 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 11 Mar 2019 19:55:42 -0400 Subject: [PATCH 154/227] Bump for v2.3.1 (#140) --- .travis.yml | 1 + 2.3.1/10-docker-default.ini | 11 +++ 2.3.1/Dockerfile | 132 ++++++++++++++++++++++++++++++++++++ 2.3.1/docker-entrypoint.sh | 95 ++++++++++++++++++++++++++ 2.3.1/vm.args | 28 ++++++++ dev/Dockerfile | 2 + 6 files changed, 269 insertions(+) create mode 100644 2.3.1/10-docker-default.ini create mode 100644 2.3.1/Dockerfile create mode 100755 2.3.1/docker-entrypoint.sh create mode 100644 2.3.1/vm.args diff --git a/.travis.yml b/.travis.yml index 790f6e3..3aa5f3d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,6 +13,7 @@ services: env: - RELEASES="1.7.2 1.7.2-couchperuser" - RELEASES=2.3.0 + - RELEASES=2.3.1 - RELEASES=dev - RELEASES=dev-cluster diff --git a/2.3.1/10-docker-default.ini b/2.3.1/10-docker-default.ini new file mode 100644 index 0000000..c1bac9e --- /dev/null +++ b/2.3.1/10-docker-default.ini @@ -0,0 +1,11 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any + +[httpd] +bind_address = any diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile new file mode 100644 index 0000000..da02869 --- /dev/null +++ b/2.3.1/Dockerfile @@ -0,0 +1,132 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:stretch-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.11 +ENV TINI_VERSION 0.18.0 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + apt-get purge -y --auto-remove wget; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: key D401AB61: public key "Bintray (by JFrog) imported + 8756C4F765C9AC3CB6B85D62379CE192D401AB61 +RUN set -xe; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ + done; \ + gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV COUCHDB_VERSION 2.3.1 + +RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -xe; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~stretch \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ + rm -rf /var/lib/apt/lists/* + +# Add configuration +COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY vm.args /opt/couchdb/etc/ +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +# Setup directories and permissions +RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.3.1/docker-entrypoint.sh b/2.3.1/docker-entrypoint.sh new file mode 100755 index 0000000..7fdb04b --- /dev/null +++ b/2.3.1/docker-entrypoint.sh @@ -0,0 +1,95 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + # Ensure that CouchDB will write custom settings in this file + touch /opt/couchdb/etc/local.d/docker.ini + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + + exec gosu couchdb "$@" +fi + +exec "$@" diff --git a/2.3.1/vm.args b/2.3.1/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/2.3.1/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/dev/Dockerfile b/dev/Dockerfile index a92dfc0..d888ead 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -54,6 +54,7 @@ RUN set -ex; \ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ @@ -69,6 +70,7 @@ RUN set -ex; \ wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ From ce931b02d03720683eb38a794114b763cd8fe061 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 30 Apr 2019 13:49:19 -0700 Subject: [PATCH 155/227] Speed up startup time, fixes #131 --- 2.3.0/Dockerfile | 2 +- 2.3.1/Dockerfile | 2 +- dev/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/2.3.0/Dockerfile b/2.3.0/Dockerfile index ad1d3d3..710f3c9 100644 --- a/2.3.0/Dockerfile +++ b/2.3.0/Dockerfile @@ -119,7 +119,7 @@ RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards c ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] # Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args +RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + VOLUME /opt/couchdb/data # 5984: Main CouchDB endpoint diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index da02869..a266ed8 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -122,7 +122,7 @@ RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards c ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] # Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args +RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + VOLUME /opt/couchdb/data # 5984: Main CouchDB endpoint diff --git a/dev/Dockerfile b/dev/Dockerfile index d888ead..f3ab329 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -146,7 +146,7 @@ COPY vm.args /opt/couchdb/etc/ COPY docker-entrypoint.sh / # Setup directories and permissions -RUN chown -R couchdb:couchdb /opt/couchdb/etc/default.d/ /opt/couchdb/etc/vm.args +RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + WORKDIR /opt/couchdb EXPOSE 5984 4369 9100 From 03dd5a4c0d1c0474baddef133a358a1b360b0943 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 30 Apr 2019 14:50:48 -0700 Subject: [PATCH 156/227] Fix broken 1.7.2 build process --- .travis.yml | 1 - 1.7.2-couchperuser/Dockerfile | 2 +- 1.7.2/Dockerfile | 4 ++-- README.md | 5 +++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3aa5f3d..cebe9ef 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,6 @@ services: - docker env: - - RELEASES="1.7.2 1.7.2-couchperuser" - RELEASES=2.3.0 - RELEASES=2.3.1 - RELEASES=dev diff --git a/1.7.2-couchperuser/Dockerfile b/1.7.2-couchperuser/Dockerfile index 510a458..76eaab4 100644 --- a/1.7.2-couchperuser/Dockerfile +++ b/1.7.2-couchperuser/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM couchdb:1.7.2 +FROM apache/couchdb:1.7.2 MAINTAINER CouchDB Developers dev@couchdb.apache.org diff --git a/1.7.2/Dockerfile b/1.7.2/Dockerfile index 95b49be..5e6054c 100644 --- a/1.7.2/Dockerfile +++ b/1.7.2/Dockerfile @@ -91,8 +91,8 @@ RUN buildDeps=' \ make \ ' \ && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && curl -fSL https://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ + && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ + && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ && mkdir -p /usr/src/couchdb \ && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ diff --git a/README.md b/README.md index bdd0682..42f0a93 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ # Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) -- Version (stable): `CouchDB 2.3.0`, `Erlang 19.3.5` +- Version (stable): `CouchDB 2.3.1`, `Erlang 19.3.5` ## Available tags -- `latest`, `2.3.0`: CouchDB 2.3.0 single node (capable of running in a cluster) +- `latest`, `2.3.1`: CouchDB 2.3.1 single node (capable of running in a cluster) +- `2.3.0`: CouchDB 2.3.0 single node (capable of running in a cluster) # How to use this image From d6cd3831e8fcfaaa4a3e2bd27650f00c147447f5 Mon Sep 17 00:00:00 2001 From: Will Holley Date: Wed, 14 Aug 2019 20:42:52 +0100 Subject: [PATCH 157/227] add setuptools to dev images --- dev-cluster/Dockerfile | 5 +++-- dev/Dockerfile | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index d2fd296..609c70b 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ curl \ dirmngr \ gnupg \ - haproxy \ + haproxy \ libicu57 \ libmozjs185-1.0 \ openssl && \ @@ -84,7 +84,8 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ python3 \ libpython3-dev \ python3-pip \ - python3-sphinx + python3-sphinx \ + python3-setuptools RUN pip3 install --upgrade \ sphinx_rtd_theme \ diff --git a/dev/Dockerfile b/dev/Dockerfile index f3ab329..4a48d64 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -99,7 +99,8 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ python3 \ libpython3-dev \ python3-pip \ - python3-sphinx + python3-sphinx \ + python3-setuptools RUN pip3 install --upgrade \ sphinx_rtd_theme \ From 601191830ece69f731b7b256c02f9f804da1e6ec Mon Sep 17 00:00:00 2001 From: Will Holley Date: Mon, 2 Sep 2019 09:14:17 +0100 Subject: [PATCH 158/227] allow running as arbitrary uid (#151) * Adds guards around entrypoints commands that require root * Broaden permissions within the container filesystem to allow access by non-couchdb users. * Added an example to the documentation which specifies `--user`. Fixes #147 --- 2.3.1/Dockerfile | 156 +++++++++++++++++++------------------ 2.3.1/docker-entrypoint.sh | 63 ++++++++------- README.md | 9 +++ 3 files changed, 128 insertions(+), 100 deletions(-) diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index a266ed8..f8ad0c9 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -19,77 +19,77 @@ RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb co # be sure GPG and apt-transport-https are available and functional RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.11 ENV TINI_VERSION 0.18.0 RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ - tini --version + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + apt-get purge -y --auto-remove wget; \ + tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ # gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 + 8756C4F765C9AC3CB6B85D62379CE192D401AB61 RUN set -xe; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ + done; \ + gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list ENV COUCHDB_VERSION 2.3.1 @@ -97,32 +97,40 @@ RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/so # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian RUN set -xe; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~stretch \ - ; \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~stretch \ + ; \ # Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ # Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ - rm -rf /var/lib/apt/lists/* + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; # Add configuration -COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY vm.args /opt/couchdb/etc/ +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + COPY docker-entrypoint.sh /usr/local/bin RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -# Setup directories and permissions -RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + VOLUME /opt/couchdb/data # 5984: Main CouchDB endpoint diff --git a/2.3.1/docker-entrypoint.sh b/2.3.1/docker-entrypoint.sh index 7fdb04b..be9e099 100755 --- a/2.3.1/docker-entrypoint.sh +++ b/2.3.1/docker-entrypoint.sh @@ -25,36 +25,44 @@ if [ "$1" = 'couchdb' ]; then fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args fi - # Ensure that CouchDB will write custom settings in this file - touch /opt/couchdb/etc/local.d/docker.ini - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then @@ -69,7 +77,9 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi fi - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi # if we don't find an [admins] section followed by a non-comment, display a warning if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then @@ -88,8 +98,9 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then EOWARN fi - - exec gosu couchdb "$@" + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi fi exec "$@" diff --git a/README.md b/README.md index 42f0a93..7f7d73a 100644 --- a/README.md +++ b/README.md @@ -170,6 +170,15 @@ file = /opt/couchdb/log/couch.log It is recommended to then mount this path to a directory on the host, as CouchDB logging can be quite voluminous. +## Running under a custom UID + +By default, CouchDB will run as the `couchdb` user with UID 5984. Running under a different UID is supported, so long as any volume mounts have appropriate read/write permissions. For example, assuming user `myuser` has write access to `/home/couchdb/data`, the following command will run CouchDB as that user: + +``` +docker run --name my-couchdb --user myuser -v /home/couchdb/data:/opt/couchdb/data %%IMAGE%%:tag +``` + + ----- # Development images From 00e1ee833e47f4867d2c105de999a53c71b90ce0 Mon Sep 17 00:00:00 2001 From: Doug Cowie Date: Mon, 14 Oct 2019 09:54:47 +0100 Subject: [PATCH 159/227] Dockerfile based on the RedHat UBI Installs CouchDB 2.3.1 via the official rpm. To build: ``` $ cd 2.3.1 $ docker build . -f ubi7/Dockerfile ``` Move the ubi-based Dockerfile into its own top level folder, similar to the couchperuser variant. This makes integration with existing build scripts/processes simpler though means a bit of duplication of config files between the different base images. Update UBI based image to use runit instead of gosu to launch CouchDB. Also, includes changes necessary for Red Hat Certification: - licenses folder - Specific labels - couchdb user moved to root group - runit can be launched by any userid --- .travis.yml | 1 + 2.3.1-ubi7/Dockerfile | 122 +++++++++++++ 2.3.1-ubi7/bintray-apache-couchdb-rpm.repo | 6 + 2.3.1-ubi7/imeyer_runit.repo | 10 + 2.3.1-ubi7/licenses/LICENSE | 202 +++++++++++++++++++++ 2.3.1-ubi7/resources/10-docker-default.ini | 11 ++ 2.3.1-ubi7/resources/docker-entrypoint.sh | 120 ++++++++++++ 2.3.1-ubi7/resources/run | 4 + 2.3.1-ubi7/resources/vm.args | 28 +++ 9 files changed, 504 insertions(+) create mode 100644 2.3.1-ubi7/Dockerfile create mode 100644 2.3.1-ubi7/bintray-apache-couchdb-rpm.repo create mode 100644 2.3.1-ubi7/imeyer_runit.repo create mode 100644 2.3.1-ubi7/licenses/LICENSE create mode 100644 2.3.1-ubi7/resources/10-docker-default.ini create mode 100755 2.3.1-ubi7/resources/docker-entrypoint.sh create mode 100644 2.3.1-ubi7/resources/run create mode 100644 2.3.1-ubi7/resources/vm.args diff --git a/.travis.yml b/.travis.yml index cebe9ef..680928b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,6 +13,7 @@ services: env: - RELEASES=2.3.0 - RELEASES=2.3.1 + - RELEASES=2.3.1-ubi7 - RELEASES=dev - RELEASES=dev-cluster diff --git a/2.3.1-ubi7/Dockerfile b/2.3.1-ubi7/Dockerfile new file mode 100644 index 0000000..0813f7b --- /dev/null +++ b/2.3.1-ubi7/Dockerfile @@ -0,0 +1,122 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM registry.access.redhat.com/ubi7/ubi + +ARG RELEASE +ARG BUILD_DATE + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ + name="Apache CouchDB" \ + version="2.3.1" \ + summary="Apache CouchDB based on Red Hat UBI" \ + description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + release=${RELEASE} \ + usage="https://github.com/apache/couchdb-docker" \ + build-date=${BUILD_DATE} \ + io.k8s.display-name="Apache CouchDB" \ + io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + io.openshift.tags="database couchdb apache rhel7" \ + io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ + io.openshift.min-memory="1Gi" \ + io.openshift.min-cpu="1" + +COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo +COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo + +ENV COUCHDB_VERSION 2.3.1 + +# Add CouchDB user account to make sure the IDs are assigned consistently +# CouchDB user added to root group for OpenShift support +RUN set -ex; \ + useradd -u 5984 -d /opt/couchdb -g root couchdb; \ +# be sure GPG and apt-transport-https are available and functional + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum install -y \ + ca-certificates \ + gnupg \ + pygpgme; \ +# install wget + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum history new; \ + yum install -y wget; \ +# Enable EPEL repositories (needed for python-progressbar dependency) + wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm; \ +# Remove wget + yum -y history undo 1; \ + yum install -y epel-release-latest-7.noarch.rpm; \ + rm epel-release-latest-7.noarch.rpm; \ +# Install runit + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum install --enablerepo=imeyer_runit -y runit; \ +# Clean up + yum clean all; \ + rm -rf /var/cache/yum + +# https://docs.couchdb.org/en/stable/install/unix.html +# ENV GPG_COUCH_KEY \ +# # gpg: key D401AB61: public key "Bintray (by JFrog) imported +# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 +# RUN set -xe; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ +# for server in $(shuf -e pgpkeys.mit.edu \ +# ha.pool.sks-keyservers.net \ +# hkp://p80.pool.sks-keyservers.net:80 \ +# pgp.mit.edu) ; do \ +# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ +# done; \ +# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ +# command -v gpgconf && gpgconf --kill all || :; \ +# rm -rf "$GNUPGHOME"; \ +# apt-key list + +# Install CouchDB +RUN set -xe; \ + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum install --enablerepo=bintray-apache-couchdb-rpm -y couchdb; \ + yum clean all; \ + rm -rf /var/cache/yum; \ +# remove defaults that force writing logs to file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. + find /opt/couchdb/etc -type d ! -perm 0775 -exec chmod -f 0775 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0664 -exec chmod -f 0664 '{}' +; \ +# Setup directories and permissions for data. + chmod 777 /opt/couchdb/data + +# Add the License +COPY licenses /licenses + +# Add configuration +COPY --chown=couchdb:0 resources/10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:0 resources/vm.args /opt/couchdb/etc/ +COPY resources/docker-entrypoint.sh /usr/local/bin +COPY resources/run /etc/service/couchdb/ + +# set permissions on runit scripts +RUN chmod -R 777 /etc/service/couchdb; \ + chmod 777 /usr/local/bin/docker-entrypoint.sh; \ +# symlink to root folder + ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.3.1-ubi7/bintray-apache-couchdb-rpm.repo b/2.3.1-ubi7/bintray-apache-couchdb-rpm.repo new file mode 100644 index 0000000..18bb9c2 --- /dev/null +++ b/2.3.1-ubi7/bintray-apache-couchdb-rpm.repo @@ -0,0 +1,6 @@ +[bintray-apache-couchdb-rpm] +name=bintray--apache-couchdb-rpm +baseurl=http://apache.bintray.com/couchdb-rpm/el7/x86_64 +gpgcheck=0 +repo_gpgcheck=0 +enabled=1 diff --git a/2.3.1-ubi7/imeyer_runit.repo b/2.3.1-ubi7/imeyer_runit.repo new file mode 100644 index 0000000..ab4aa4c --- /dev/null +++ b/2.3.1-ubi7/imeyer_runit.repo @@ -0,0 +1,10 @@ +[imeyer_runit] +name=imeyer_runit +baseurl=https://packagecloud.io/imeyer/runit/el/7/x86_64 +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/imeyer/runit/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 diff --git a/2.3.1-ubi7/licenses/LICENSE b/2.3.1-ubi7/licenses/LICENSE new file mode 100644 index 0000000..f6cd2bc --- /dev/null +++ b/2.3.1-ubi7/licenses/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/2.3.1-ubi7/resources/10-docker-default.ini b/2.3.1-ubi7/resources/10-docker-default.ini new file mode 100644 index 0000000..c1bac9e --- /dev/null +++ b/2.3.1-ubi7/resources/10-docker-default.ini @@ -0,0 +1,11 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any + +[httpd] +bind_address = any diff --git a/2.3.1-ubi7/resources/docker-entrypoint.sh b/2.3.1-ubi7/resources/docker-entrypoint.sh new file mode 100755 index 0000000..abb1233 --- /dev/null +++ b/2.3.1-ubi7/resources/docker-entrypoint.sh @@ -0,0 +1,120 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0775 -exec chmod -f 0775 '{}' + + find /opt/couchdb/data -type f ! -perm 0664 -exec chmod -f 0664 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files, except "docker.ini" + # (created above) as that is where all online changes will be writted. + # But we set 664 for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0775 -exec chmod -f 0775 '{}' + + find /opt/couchdb/etc -type f ! -perm 0664 -exec chmod -f 0664 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:0 /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' + **************************************************** + WARNING: CouchDB is running in Admin Party mode. + This will allow anyone with access to the + CouchDB port to access your database. In + Docker's default configuration, this is + effectively any other container on the same + system. + Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it in "docker run". + **************************************************** + EOWARN + fi + + if [ "$(id -u)" = '0' ]; then + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst -u couchdb env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + else + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + fi + + exec /sbin/runsvdir-start +fi + +exec "$@" diff --git a/2.3.1-ubi7/resources/run b/2.3.1-ubi7/resources/run new file mode 100644 index 0000000..69b4962 --- /dev/null +++ b/2.3.1-ubi7/resources/run @@ -0,0 +1,4 @@ +#!/bin/sh +export HOME=/opt/couchdb +exec 2>&1 +exec chpst -u couchdb /opt/couchdb/bin/couchdb diff --git a/2.3.1-ubi7/resources/vm.args b/2.3.1-ubi7/resources/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/2.3.1-ubi7/resources/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 22e2399b01b83e7df07928d20b45542a48e4a13f Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Sat, 7 Dec 2019 01:05:50 +0000 Subject: [PATCH 160/227] Add scripts to simplify creation of multiarch images (#157) --- README.md | 13 ++- build.sh | 322 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 334 insertions(+), 1 deletion(-) create mode 100755 build.sh diff --git a/README.md b/README.md index 7f7d73a..cf953d8 100644 --- a/README.md +++ b/README.md @@ -239,6 +239,13 @@ docker run -it -p 5984:5984 --with-admin-party-please --with-haprox docker run -it -p 15984:15984 -p 25984:25984 -n 2 ``` +# Image building for CouchDB release managers + +Check out the `build.sh` script in the apache/couchdb-docker GitHub repository, +which can build images for any version, even in a cross-platform way. + +Also, read the next section to ensure you push all of the tags necessary. + # Image uploading for CouchDB release managers Taking a hypothetical example of CouchDB 2.9.7, here's all of the tags you'd want: @@ -255,7 +262,11 @@ docker push apache/couchdb:2 docker push apache/couchdb:latest ``` -Obviously don't create/push the `latest` or `2` tags if this is a maintenance branch superceded by a newer one. +Obviously don't create/push the `latest` or `2` tags if this is a maintenance +branch superceded by a newer one. + +The `build.sh` utility can help you do this quickly, see its usage help for +more details. ## Feedback, Issues, Contributing diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..70bea97 --- /dev/null +++ b/build.sh @@ -0,0 +1,322 @@ +#!/usr/bin/env bash + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# This shell script makes it easier to build multi-platform +# architecture Docker containers on an x86_64 host. +# +# For more reading: +# https://github.com/multiarch/qemu-user-static +# https://lobradov.github.io/Building-docker-multiarch-images/ +# https://github.com/jessfraz/irssi/blob/master/.travis.yml +# https://engineering.docker.com/2019/04/multi-arch-images/ +# https://github.com/docker/buildx + +set -e + +PROMPT="Are you sure (y/n)? " +QEMU="YES" +PLATFORMS="amd64 arm64v8 ppc64le" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" + +prompt() { + if [ -z "${PROMPT}" ] + then + return + fi + if [ "$1" ] + then + echo "$1" + fi + read -p "${PROMPT}" + if [[ $REPLY =~ ^[Yy]$ ]] + then + return + else + exit 0 + fi +} + +update_qemu() { + # necessary locally after every reboot, not sure why....update related maybe? + # basically harmless to run everytime, except for elevated privs necessary. + # disable with -n flag + docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true + docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + docker rmi multiarch/qemu-user-static +} + +clean() { + echo $# + if [ $# -eq 0 ] + then + regex="*" + ADD_PROMPT="This will remove *ALL* local apache/couchdb Docker images!" + elif [ $# -eq 1 ] + then + regex=$1 + ADD_PROMPT="This will remove *ALL* apache/couchdb images matching regex '${1}' !" + else + usage + fi + prompt "${ADD_PROMPT}" + + docker images --filter=reference="apache/couchdb:${regex}" | tr -s ' ' | cut -d ' ' -f 2 | while read tag + do + if [ ${tag} ] && [ ${tag} = "TAG" ] + then + continue + fi + docker rmi apache/couchdb:$tag + done +} + +# Builds a specific version +build() { + VERSION=$1 + ARCH=${2:-amd64} + FROMIMG="$(awk '$1 == toupper("FROM") { print $2 }' $VERSION/Dockerfile)" + CURRARCH=$(docker run --rm -t ${FROMIMG} uname -m) + + if [ ${CURRARCH} != ${ARCH} ] + then + docker rmi ${FROMIMG} + docker pull "${ARCH}/${FROMIMG}" + docker tag "${ARCH}/${FROMIMG}" "${FROMIMG}" + fi + docker build -t apache/couchdb:${ARCH}-${VERSION} ${VERSION} + echo "CouchDB ${VERSION} for ${ARCH} built as apache/couchdb:${ARCH}-${VERSION}." +} + +# Builds all platforms for a specific version, local only +# We can't do this with docker buildx, see https://github.com/docker/buildx/issues/166#issuecomment-562729523 +build-all() { + VERSION=$1 + for ARCH in ${PLATFORMS}; do + echo "Starting ${ARCH} at $(date)..." + build $1 ${ARCH} + echo "" + done +} + +# Push locally built versions using above technique +push() { + if [ $2 ] + then + tag_as=$2 + else + tag_as=$1 + fi + docker manifest create apache/couchdb:$tag_as \ + apache/couchdb:amd64-$1 \ + apache/couchdb:arm64v8-$1 \ + apache/couchdb:ppc64le-$1 + + docker manifest annotate apache/couchdb:$tag_as \ + apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 + + docker manifest annotate apache/couchdb:$tag_as \ + apache/couchdb:ppc64le-$1 --os linux --arch ppc64le + + docker manifest push --purge apache/couchdb:$tag_as + + docker manifest inspect apache/couchdb:$tag_as +} + +# Builds all platforms for a specific version and pushes to the registry +buildx() { + if [ $2 ] + then + tag_as=$2 + else + tag_as=$1 + fi + docker buildx rm apache-couchdb >/dev/null 2>&1 || true + docker buildx create --name apache-couchdb + docker buildx use apache-couchdb + docker buildx inspect --bootstrap + + echo "Starting buildx build at $(date)..." + docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:$tag_as --push $1 + echo "" +} + +usage() { + cat << EOF +$0 <-f> <-n> [OPTIONS] + +Options: + -f Skip confirmation prompt. + -n Do not install QEMU and binfmt_misc + (build commands only) + +General commands: + clean Removes ALL local apache/couchdb images (!!) + clean Removes ALL local images with matching tags. + +\`docker build\` commands: + version #.#.# [all] Builds all platforms for supplied version + Each platform is tagged -. + + version #.#.# Builds only the specified version and arch. + + push #.#.# [as ] Pushes locally-built versions as a multi-arch + manifest. If \`as \` is specified, + pushes the manifest using that tag instead. + +Example workflow: + $0 clean *2.9.7* + $0 version 2.9.7 all + + $0 push 2.9.7 + $0 push 2.9.7 as 2.9 + $0 push 2.9.7 as 2 + $0 push 2.9.7 as latest + +\`docker buildx\` commands: + buildx #.#.# Builds *and pushes* all platforms for supplied + version, using docker buildx. Built images must + be retrieved with \`docker pull\` for local use. + + buildx #.#.# as + Builds and pushes all platforms for supplied + version, using docker buildx, tagging the + manifest with the supplied . + +Example workflow: + $0 clean *2.9.7* + $0 buildx 2.9.7 + $0 buildx 2.9.7 as 2.9 + $0 buildx 2.9.7 as 2 + $0 buildx 2.9.7 as latest + docker manifest inspect apache/couchdb:2.9.7 + docker pull <--platform linux/other-arch> apache/couchdb:2.9.7 (for testing) + + +NOTE: Requires Docker 19.03+ with experimental features enabled. + Add { "experimental" : "true" } to /etc/docker/daemon.json, then + add { "experimental": "enabled" } to ~/.docker/config.json, then + restart the Docker daemon. + +EOF +exit 0 +} + +# ####################### + +# handle -f/-n anywhere they appear on the CLI +POSITIONAL=() +while [[ $# -gt 0 ]] +do + # otherwise, we WILL match a regex against top-level directories! + set -f + key="$1" + case $key in + -f|--force) + unset PROMPT + shift + ;; + -n|--no-qemu) + unset QEMU + shift + ;; + *) + POSITIONAL+=("$1") + shift + ;; + esac + set +f +done +# re-set all other arguments into argc +set -- "${POSITIONAL[@]}" # restore positional parameters + +case "$1" in + clean) + # removes local images for a given version (and optionally platform) + shift + set -f + clean $* + set +f + ;; + version) + # builds a specific version using docker build + # validate/reinstall QEMU + if [ ${QEMU} ] + then + update_qemu + fi + shift + if [ $# -lt 1 -o $# -gt 3 ] + then + usage + fi + # version #.#.# all + if [ "$2" = "all" ] + then + # build all the platforms and test them locally + build-all $1 + else + # build a specific platform locally + build $1 $2 + fi + ;; + push) + # pushes already built local versions as manifest + shift + if [ $# -ne 1 -a $# -ne 3 ] + then + usage + fi + if [ $# -eq 1 ] + then + push $1 + elif [ $2 = "as" ] + then + push $1 $3 + else + usage + fi + ;; + buildx) + # builds and pushes using docker buildx + if [ ${QEMU} ] + then + update_qemu + fi + shift + if [ $# -ne 1 -a $# -ne 3 ] + then + usage + fi + if [ $# -eq 1 ] + then + buildx $1 + elif [ $2 = "as" ] + then + buildx $1 $3 + else + usage + fi + ;; + usage) + usage + ;; + *) + usage + ;; +esac From 8bed55760e744ef1e4821fc8c9304f25676cf237 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Fri, 31 Jan 2020 22:01:46 +0000 Subject: [PATCH 161/227] dev: debian-buster, node 10, SM60 (#165) --- .travis.yml | 2 +- dev-cluster/Dockerfile | 16 ++++++++-------- dev/Dockerfile | 16 ++++++++-------- dev/docker-entrypoint.sh | 22 +++++++++++----------- 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.travis.yml b/.travis.yml index 680928b..7eb7028 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,4 +18,4 @@ env: - RELEASES=dev-cluster script: - - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -p 5984:5984 couchdb:$rel && sleep 10 && curl http://localhost:5984 && docker kill $rel; done + - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -p 5984:5984 couchdb:$rel && sleep 10 && curl http://admin:password@localhost:5984/ && docker kill $rel; done diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 609c70b..70e3bfb 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -12,7 +12,7 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:stretch +FROM debian:buster MAINTAINER CouchDB Developers dev@couchdb.apache.org @@ -25,8 +25,8 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ dirmngr \ gnupg \ haproxy \ - libicu57 \ - libmozjs185-1.0 \ + libicu63 \ + libmozjs-60-0 \ openssl && \ rm -rf /var/lib/apt/lists/* @@ -80,7 +80,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ git \ libcurl4-openssl-dev \ libicu-dev \ - libmozjs185-dev \ + libmozjs-60-dev \ python3 \ libpython3-dev \ python3-pip \ @@ -96,8 +96,8 @@ RUN pip3 install --upgrade \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_10.x buster main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_10.x buster main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -106,10 +106,10 @@ RUN set -ex; \ ARG clone_url=https://gitbox.apache.org/repos/asf/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb -RUN ./configure +RUN ./configure -c --spidermonkey-version 60 ARG checkout_branch=master -ARG configure_options +ARG configure_options="-c --spidermonkey-version 60" WORKDIR /usr/src/couchdb/ RUN git fetch origin \ diff --git a/dev/Dockerfile b/dev/Dockerfile index 4a48d64..4f4cdce 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,7 +12,7 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:stretch as runtime +FROM debian:buster as runtime MAINTAINER CouchDB Developers dev@couchdb.apache.org @@ -25,7 +25,7 @@ RUN apt-get update -y && apt-get install -y \ curl \ dirmngr \ gnupg \ - libicu57 \ + libicu63 \ libssl1.1 \ openssl \ && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ @@ -38,7 +38,7 @@ RUN apt-get update -y && apt-get install -y \ gpg --batch --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ - && apt-get update -y && apt-get install -y --no-install-recommends couch-libmozjs185-1.0 \ + && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling @@ -89,7 +89,7 @@ FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ - couch-libmozjs185-dev \ + libmozjs-60-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -111,8 +111,8 @@ RUN pip3 install --upgrade \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_8.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_8.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_10.x buster main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_10.x buster main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -120,7 +120,7 @@ RUN set -ex; \ ARG clone_url=https://github.com/apache/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb -RUN ./configure +RUN ./configure -c --spidermonkey-version 60 # This layer performs the actual build of a relocatable, self-contained # release of CouchDB. It pulls down the latest changes from the remote @@ -129,7 +129,7 @@ RUN ./configure FROM build_dependencies AS build ARG checkout_branch=master -ARG configure_options +ARG configure_options="-c --spidermonkey-version 60" WORKDIR /usr/src/couchdb/ RUN git fetch origin \ diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 7fdb04b..04fc4fa 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -75,17 +75,17 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 fi From 540bed95188954269862904f42b32296e94042cd Mon Sep 17 00:00:00 2001 From: Will Holley Date: Fri, 31 Jan 2020 22:24:10 +0000 Subject: [PATCH 162/227] Use UBI 8 (#158) Updates the UBI Dockerfile to use UBI 8 / minimal. At the same time, remove the version suffix from the UBI image folder. --- .travis.yml | 2 +- {2.3.1-ubi7 => 2.3.1-ubi}/Dockerfile | 37 ++++++++----------- .../bintray-apache-couchdb-rpm.repo | 2 +- {2.3.1-ubi7 => 2.3.1-ubi}/imeyer_runit.repo | 0 {2.3.1-ubi7 => 2.3.1-ubi}/licenses/LICENSE | 0 .../resources/10-docker-default.ini | 0 .../resources/docker-entrypoint.sh | 0 {2.3.1-ubi7 => 2.3.1-ubi}/resources/run | 0 {2.3.1-ubi7 => 2.3.1-ubi}/resources/vm.args | 0 9 files changed, 17 insertions(+), 24 deletions(-) rename {2.3.1-ubi7 => 2.3.1-ubi}/Dockerfile (80%) rename {2.3.1-ubi7 => 2.3.1-ubi}/bintray-apache-couchdb-rpm.repo (63%) rename {2.3.1-ubi7 => 2.3.1-ubi}/imeyer_runit.repo (100%) rename {2.3.1-ubi7 => 2.3.1-ubi}/licenses/LICENSE (100%) rename {2.3.1-ubi7 => 2.3.1-ubi}/resources/10-docker-default.ini (100%) rename {2.3.1-ubi7 => 2.3.1-ubi}/resources/docker-entrypoint.sh (100%) rename {2.3.1-ubi7 => 2.3.1-ubi}/resources/run (100%) rename {2.3.1-ubi7 => 2.3.1-ubi}/resources/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 7eb7028..18aa8c5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ services: env: - RELEASES=2.3.0 - RELEASES=2.3.1 - - RELEASES=2.3.1-ubi7 + - RELEASES=2.3.1-ubi - RELEASES=dev - RELEASES=dev-cluster diff --git a/2.3.1-ubi7/Dockerfile b/2.3.1-ubi/Dockerfile similarity index 80% rename from 2.3.1-ubi7/Dockerfile rename to 2.3.1-ubi/Dockerfile index 0813f7b..86d73cc 100644 --- a/2.3.1-ubi7/Dockerfile +++ b/2.3.1-ubi/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM registry.access.redhat.com/ubi7/ubi +FROM registry.access.redhat.com/ubi8/ubi-minimal ARG RELEASE ARG BUILD_DATE @@ -25,7 +25,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ build-date=${BUILD_DATE} \ io.k8s.display-name="Apache CouchDB" \ io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ - io.openshift.tags="database couchdb apache rhel7" \ + io.openshift.tags="database couchdb apache rhel8" \ io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ io.openshift.min-memory="1Gi" \ io.openshift.min-cpu="1" @@ -38,28 +38,21 @@ ENV COUCHDB_VERSION 2.3.1 # Add CouchDB user account to make sure the IDs are assigned consistently # CouchDB user added to root group for OpenShift support RUN set -ex; \ - useradd -u 5984 -d /opt/couchdb -g root couchdb; \ # be sure GPG and apt-transport-https are available and functional - yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - yum install -y \ + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install -y \ ca-certificates \ gnupg \ - pygpgme; \ -# install wget - yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - yum history new; \ - yum install -y wget; \ -# Enable EPEL repositories (needed for python-progressbar dependency) - wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm; \ -# Remove wget - yum -y history undo 1; \ - yum install -y epel-release-latest-7.noarch.rpm; \ - rm epel-release-latest-7.noarch.rpm; \ + findutils \ + shadow-utils; \ +# Add CouchDB User and Group (group required by rpm) + useradd -u 5984 -d /opt/couchdb -g root couchdb; \ + groupadd -g 5984 couchdb; \ # Install runit - yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - yum install --enablerepo=imeyer_runit -y runit; \ + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=imeyer_runit -y runit; \ # Clean up - yum clean all; \ + microdnf clean all; \ rm -rf /var/cache/yum # https://docs.couchdb.org/en/stable/install/unix.html @@ -82,9 +75,9 @@ RUN set -ex; \ # Install CouchDB RUN set -xe; \ - yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - yum install --enablerepo=bintray-apache-couchdb-rpm -y couchdb; \ - yum clean all; \ + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb; \ + microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file rm /opt/couchdb/etc/default.d/10-filelog.ini; \ diff --git a/2.3.1-ubi7/bintray-apache-couchdb-rpm.repo b/2.3.1-ubi/bintray-apache-couchdb-rpm.repo similarity index 63% rename from 2.3.1-ubi7/bintray-apache-couchdb-rpm.repo rename to 2.3.1-ubi/bintray-apache-couchdb-rpm.repo index 18bb9c2..e131b6a 100644 --- a/2.3.1-ubi7/bintray-apache-couchdb-rpm.repo +++ b/2.3.1-ubi/bintray-apache-couchdb-rpm.repo @@ -1,6 +1,6 @@ [bintray-apache-couchdb-rpm] name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el7/x86_64 +baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 gpgcheck=0 repo_gpgcheck=0 enabled=1 diff --git a/2.3.1-ubi7/imeyer_runit.repo b/2.3.1-ubi/imeyer_runit.repo similarity index 100% rename from 2.3.1-ubi7/imeyer_runit.repo rename to 2.3.1-ubi/imeyer_runit.repo diff --git a/2.3.1-ubi7/licenses/LICENSE b/2.3.1-ubi/licenses/LICENSE similarity index 100% rename from 2.3.1-ubi7/licenses/LICENSE rename to 2.3.1-ubi/licenses/LICENSE diff --git a/2.3.1-ubi7/resources/10-docker-default.ini b/2.3.1-ubi/resources/10-docker-default.ini similarity index 100% rename from 2.3.1-ubi7/resources/10-docker-default.ini rename to 2.3.1-ubi/resources/10-docker-default.ini diff --git a/2.3.1-ubi7/resources/docker-entrypoint.sh b/2.3.1-ubi/resources/docker-entrypoint.sh similarity index 100% rename from 2.3.1-ubi7/resources/docker-entrypoint.sh rename to 2.3.1-ubi/resources/docker-entrypoint.sh diff --git a/2.3.1-ubi7/resources/run b/2.3.1-ubi/resources/run similarity index 100% rename from 2.3.1-ubi7/resources/run rename to 2.3.1-ubi/resources/run diff --git a/2.3.1-ubi7/resources/vm.args b/2.3.1-ubi/resources/vm.args similarity index 100% rename from 2.3.1-ubi7/resources/vm.args rename to 2.3.1-ubi/resources/vm.args From b5c64277e56326f89ecdb0cb281eec2097afcf39 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 18 Feb 2020 11:04:45 -0500 Subject: [PATCH 163/227] separately parametrize SM version (#171) --- dev/Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dev/Dockerfile b/dev/Dockerfile index 4f4cdce..30af98b 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -120,7 +120,7 @@ RUN set -ex; \ ARG clone_url=https://github.com/apache/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb -RUN ./configure -c --spidermonkey-version 60 +RUN ./configure # This layer performs the actual build of a relocatable, self-contained # release of CouchDB. It pulls down the latest changes from the remote @@ -129,12 +129,13 @@ RUN ./configure -c --spidermonkey-version 60 FROM build_dependencies AS build ARG checkout_branch=master -ARG configure_options="-c --spidermonkey-version 60" +ARG configure_options +ARG spidermonkey_version=60 WORKDIR /usr/src/couchdb/ RUN git fetch origin \ && git checkout $checkout_branch \ - && ./configure $configure_options \ + && ./configure $configure_options --spidermonkey-version $spidermonkey_version\ && make release # This results in a single layer image (or at least skips the build stuff?) From f56c425bb7d64918a57936376e0070e7742768cd Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 25 Feb 2020 22:09:42 +0000 Subject: [PATCH 164/227] 3.0.0: move to buster, no admin party (#166) --- .travis.yml | 2 +- 2.3.0/Dockerfile | 129 ----------------------- 2.3.0/docker-entrypoint.sh | 95 ----------------- {2.3.0 => 3.0.0}/10-docker-default.ini | 3 - 3.0.0/Dockerfile | 140 +++++++++++++++++++++++++ 3.0.0/docker-entrypoint.sh | 106 +++++++++++++++++++ {2.3.0 => 3.0.0}/vm.args | 0 README.md | 23 ++-- dev/Dockerfile | 2 +- 9 files changed, 258 insertions(+), 242 deletions(-) delete mode 100644 2.3.0/Dockerfile delete mode 100755 2.3.0/docker-entrypoint.sh rename {2.3.0 => 3.0.0}/10-docker-default.ini (89%) create mode 100644 3.0.0/Dockerfile create mode 100755 3.0.0/docker-entrypoint.sh rename {2.3.0 => 3.0.0}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 18aa8c5..a3957d6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,9 +11,9 @@ services: - docker env: - - RELEASES=2.3.0 - RELEASES=2.3.1 - RELEASES=2.3.1-ubi + - RELEASES=3.0.0 - RELEASES=dev - RELEASES=dev-cluster diff --git a/2.3.0/Dockerfile b/2.3.0/Dockerfile deleted file mode 100644 index 710f3c9..0000000 --- a/2.3.0/Dockerfile +++ /dev/null @@ -1,129 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:stretch-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV COUCHDB_VERSION 2.3.0 - -RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~stretch \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ - rm -rf /var/lib/apt/lists/* - -# Add configuration -COPY 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY vm.args /opt/couchdb/etc/ -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -# Setup directories and permissions -RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/2.3.0/docker-entrypoint.sh b/2.3.0/docker-entrypoint.sh deleted file mode 100755 index 7fdb04b..0000000 --- a/2.3.0/docker-entrypoint.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - # Ensure that CouchDB will write custom settings in this file - touch /opt/couchdb/etc/local.d/docker.ini - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN - fi - - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/2.3.0/10-docker-default.ini b/3.0.0/10-docker-default.ini similarity index 89% rename from 2.3.0/10-docker-default.ini rename to 3.0.0/10-docker-default.ini index c1bac9e..1aa633c 100644 --- a/2.3.0/10-docker-default.ini +++ b/3.0.0/10-docker-default.ini @@ -6,6 +6,3 @@ [chttpd] bind_address = any - -[httpd] -bind_address = any diff --git a/3.0.0/Dockerfile b/3.0.0/Dockerfile new file mode 100644 index 0000000..74d1c46 --- /dev/null +++ b/3.0.0/Dockerfile @@ -0,0 +1,140 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:buster-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.11 +ENV TINI_VERSION 0.18.0 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + apt-get purge -y --auto-remove wget; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: key D401AB61: public key "Bintray (by JFrog) imported + 8756C4F765C9AC3CB6B85D62379CE192D401AB61 +RUN set -xe; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ + done; \ + gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV COUCHDB_VERSION 3.0.0 + +RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -xe; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~buster \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.0.0/docker-entrypoint.sh b/3.0.0/docker-entrypoint.sh new file mode 100755 index 0000000..d7353f2 --- /dev/null +++ b/3.0.0/docker-entrypoint.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/2.3.0/vm.args b/3.0.0/vm.args similarity index 100% rename from 2.3.0/vm.args rename to 3.0.0/vm.args diff --git a/README.md b/README.md index cf953d8..9b0d9e7 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) -- Version (stable): `CouchDB 2.3.1`, `Erlang 19.3.5` +- Version (stable): `CouchDB 3.0.0`, `Erlang 20.3.8.25` ## Available tags -- `latest`, `2.3.1`: CouchDB 2.3.1 single node (capable of running in a cluster) -- `2.3.0`: CouchDB 2.3.0 single node (capable of running in a cluster) +- `latest`, `3.0.0`: CouchDB 3.0.0 single node (capable of running in a cluster) +- `2.3.1`: CouchDB 2.3.1 single node (capable of running in a cluster) # How to use this image @@ -16,11 +16,13 @@ The most up-to-date instructions on using this image are always available at htt Starting a CouchDB instance is simple: ```console -$ docker run -d --name my-couchdb %%IMAGE%%:tag +$ docker run -d --name my-couchdb -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password %%IMAGE%%:tag ``` where `my-couchdb` is the name you want to assign to your container, and `tag` is the tag specifying the CouchDB version you want. See the list above for relevant tags. +**As of CouchDB 3.0, an admin user and password is required for CouchDB startup.** Specify these on the command line as shown, or overlay your own ini file with a pre-defined admin user (see below). + ## Connect to CouchDB from an application in another Docker container This image exposes the standard CouchDB port `5984`, so standard container linking will make it automatically available to the linked containers. Start your application container like this in order to link it to the CouchDB container: @@ -37,8 +39,6 @@ If you want to expose the port to the outside world, run $ docker run -p 5984:5984 -d %%IMAGE%% ``` -*WARNING*: Do not do this until you have established an admin user and setup permissions correctly on any databases you have created. - If you intend to network this CouchDB instance with others in a cluster, you will need to map additional ports; see the [official CouchDB documentation](http://docs.couchdb.org/en/stable/setup/cluster.html) for details. ## Make a cluster @@ -113,11 +113,11 @@ If you use the [Cluster Setup Wizard](http://docs.couchdb.org/en/stable/setup/cl If you choose not to use the Cluster Setup wizard or API, you will have to create `_global_changes`, `_replicator` and `_users` manually. -## Admin party mode +## Administrator user -The node will also start in [admin party mode](https://docs.couchdb.org/en/stable/intro/security.html#the-admin-party). Be sure to create an admin user! The [Cluster Setup Wizard](http://docs.couchdb.org/en/stable/setup/cluster.html#the-cluster-setup-wizard) or the [Cluster Setup API](http://docs.couchdb.org/en/stable/setup/cluster.html#the-cluster-setup-api) will do this for you. +**CouchDB 3.0+ requires an admin user to start!** -You can also use the two environment variables `COUCHDB_USER` and `COUCHDB_PASSWORD` to set up an admin user: +You can use the two environment variables `COUCHDB_USER` and `COUCHDB_PASSWORD` to set up an admin user: ```console $ docker run -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -d %%IMAGE%% @@ -227,14 +227,11 @@ docker run -it --admin=foo:bar **Note:** This will overwrite the default `--with-haproxy` flag. The cluster **won't** be exposed on port `5984` anymore. The individual nodes listen on `15984`, `25984`, ...`x5984`. If you wish to expose the cluster on `5984`, pass `--with-haproxy` explicitly. -More examples: +More examples for the `dev` image only: ```bash # display the available options of the couchdb startup script docker run --rm --help -# Enable admin party and expose the cluster on port 5984 -docker run -it -p 5984:5984 --with-admin-party-please --with-haproxy - # Start two nodes (without proxy) exposed on port 15984 and 25984 docker run -it -p 15984:15984 -p 25984:25984 -n 2 ``` diff --git a/dev/Dockerfile b/dev/Dockerfile index 30af98b..a32bb34 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -28,7 +28,7 @@ RUN apt-get update -y && apt-get install -y \ libicu63 \ libssl1.1 \ openssl \ - && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \ + && echo "deb https://apache.bintray.com/couchdb-deb buster main" \ | tee /etc/apt/sources.list.d/couchdb.list \ && cat /etc/apt/sources.list.d/couchdb.list \ && for server in $(shuf -e pgpkeys.mit.edu \ From 01e1c16bb405c1174393c76a7ebc3792b0c5e2c9 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 5 May 2020 06:04:01 -0400 Subject: [PATCH 165/227] 3.0.0 -> 3.0.1, 3.1.0 (#174) --- .travis.yml | 3 +- {3.0.0 => 3.0.1}/10-docker-default.ini | 0 {3.0.0 => 3.0.1}/Dockerfile | 2 +- {3.0.0 => 3.0.1}/docker-entrypoint.sh | 0 {3.0.0 => 3.0.1}/vm.args | 0 3.1.0/10-docker-default.ini | 8 ++ 3.1.0/Dockerfile | 140 +++++++++++++++++++++++++ 3.1.0/docker-entrypoint.sh | 106 +++++++++++++++++++ 3.1.0/vm.args | 28 +++++ 9 files changed, 285 insertions(+), 2 deletions(-) rename {3.0.0 => 3.0.1}/10-docker-default.ini (100%) rename {3.0.0 => 3.0.1}/Dockerfile (99%) rename {3.0.0 => 3.0.1}/docker-entrypoint.sh (100%) rename {3.0.0 => 3.0.1}/vm.args (100%) create mode 100644 3.1.0/10-docker-default.ini create mode 100644 3.1.0/Dockerfile create mode 100755 3.1.0/docker-entrypoint.sh create mode 100644 3.1.0/vm.args diff --git a/.travis.yml b/.travis.yml index a3957d6..ffcde3a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,8 @@ services: env: - RELEASES=2.3.1 - RELEASES=2.3.1-ubi - - RELEASES=3.0.0 + - RELEASES=3.0.1 + - RELEASES=3.1.0 - RELEASES=dev - RELEASES=dev-cluster diff --git a/3.0.0/10-docker-default.ini b/3.0.1/10-docker-default.ini similarity index 100% rename from 3.0.0/10-docker-default.ini rename to 3.0.1/10-docker-default.ini diff --git a/3.0.0/Dockerfile b/3.0.1/Dockerfile similarity index 99% rename from 3.0.0/Dockerfile rename to 3.0.1/Dockerfile index 74d1c46..84f78a4 100644 --- a/3.0.0/Dockerfile +++ b/3.0.1/Dockerfile @@ -91,7 +91,7 @@ RUN set -xe; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV COUCHDB_VERSION 3.0.0 +ENV COUCHDB_VERSION 3.0.1 RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list diff --git a/3.0.0/docker-entrypoint.sh b/3.0.1/docker-entrypoint.sh similarity index 100% rename from 3.0.0/docker-entrypoint.sh rename to 3.0.1/docker-entrypoint.sh diff --git a/3.0.0/vm.args b/3.0.1/vm.args similarity index 100% rename from 3.0.0/vm.args rename to 3.0.1/vm.args diff --git a/3.1.0/10-docker-default.ini b/3.1.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.1.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.1.0/Dockerfile b/3.1.0/Dockerfile new file mode 100644 index 0000000..6a3fac0 --- /dev/null +++ b/3.1.0/Dockerfile @@ -0,0 +1,140 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:buster-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +ENV GOSU_VERSION 1.11 +ENV TINI_VERSION 0.18.0 +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# install gosu + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# install tini + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + apt-get purge -y --auto-remove wget; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: key D401AB61: public key "Bintray (by JFrog) imported + 8756C4F765C9AC3CB6B85D62379CE192D401AB61 +RUN set -xe; \ + export GNUPGHOME="$(mktemp -d)"; \ + echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ + for server in $(shuf -e pgpkeys.mit.edu \ + ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu) ; do \ + gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ + done; \ + gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list + +ENV COUCHDB_VERSION 3.1.0 + +RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -xe; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~buster \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.1.0/docker-entrypoint.sh b/3.1.0/docker-entrypoint.sh new file mode 100755 index 0000000..d7353f2 --- /dev/null +++ b/3.1.0/docker-entrypoint.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.1.0/vm.args b/3.1.0/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.1.0/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From ca70370c26a00c91f2f5f9f6e3e4d80295f27022 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 7 May 2020 14:43:01 -0400 Subject: [PATCH 166/227] Freshen tag info (#177) --- README.md | 13 +++++++++---- md | 4 ++++ 2 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 md diff --git a/README.md b/README.md index 9b0d9e7..0449e2b 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,16 @@ # Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) -- Version (stable): `CouchDB 3.0.0`, `Erlang 20.3.8.25` - ## Available tags -- `latest`, `3.0.0`: CouchDB 3.0.0 single node (capable of running in a cluster) -- `2.3.1`: CouchDB 2.3.1 single node (capable of running in a cluster) +There may be more tags available, but these tags should always exist: + +- `latest`: Always the latest version +- `3`: The very latest CouchDB 3.x single node release (capable of running in a cluster) +- `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) + +As of this writing, the latest numbered tags available are: +- `3.1.0` +- `2.3.1` # How to use this image diff --git a/md b/md new file mode 100644 index 0000000..dacb248 --- /dev/null +++ b/md @@ -0,0 +1,4 @@ +[?25l[?2004h[?25h[?1049h[?1h=[?2004h[?12h[?12l[?25l"README" [New File]~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?25l-- VISUAL --[?25h[?25l[?25h[?25lType :qa! and press to abandon all changes and exit Vim[?25h[?25l[?25h +[?2004l[?1l>[?1049l[?2004l[?2004h[?1049h[?1h=[?2004h[?12h[?12l[?25l~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?2004l[?1l>[?1049lVim: Caught deadly signal TERM +Vim: Finished. + \ No newline at end of file From d42ab83b250bb0bc363cb3d3e1d53a4bfdab07bf Mon Sep 17 00:00:00 2001 From: Will Holley Date: Mon, 11 May 2020 10:17:54 +0100 Subject: [PATCH 167/227] 2.3.1-ubi: specify rpm version Specify the RPM version to ensure we don't inadvertently install 3.x --- 2.3.1-ubi/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2.3.1-ubi/Dockerfile b/2.3.1-ubi/Dockerfile index 86d73cc..442bd45 100644 --- a/2.3.1-ubi/Dockerfile +++ b/2.3.1-ubi/Dockerfile @@ -76,7 +76,7 @@ RUN set -ex; \ # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb; \ + microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-2.3.1; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file From b6843be46196b339899954589f9cde300eb5ec49 Mon Sep 17 00:00:00 2001 From: Will Holley Date: Mon, 11 May 2020 10:19:07 +0100 Subject: [PATCH 168/227] 3.1.0-ubi: add UBI 8 container definition Adds a Dockerfile and supporting files to run CouchDB 3.1.0 on UBI 8. This is largely a clone of the 2.3.1-UBI assets, updated where required, to support CouchDB 3.x. Specifically, the default entrypoint now requires an admin username and password to be supplied. Since it installs the community-maintained rpm, the container uses SpiderMonkey 60 as the JavaScript runtime for CouchDB. --- .travis.yml | 1 + 3.1.0-ubi/Dockerfile | 115 ++++++++++++ 3.1.0-ubi/bintray-apache-couchdb-rpm.repo | 6 + 3.1.0-ubi/imeyer_runit.repo | 10 ++ 3.1.0-ubi/licenses/LICENSE | 202 ++++++++++++++++++++++ 3.1.0-ubi/resources/10-docker-default.ini | 8 + 3.1.0-ubi/resources/docker-entrypoint.sh | 119 +++++++++++++ 3.1.0-ubi/resources/run | 4 + 3.1.0-ubi/resources/vm.args | 28 +++ 9 files changed, 493 insertions(+) create mode 100644 3.1.0-ubi/Dockerfile create mode 100644 3.1.0-ubi/bintray-apache-couchdb-rpm.repo create mode 100644 3.1.0-ubi/imeyer_runit.repo create mode 100644 3.1.0-ubi/licenses/LICENSE create mode 100644 3.1.0-ubi/resources/10-docker-default.ini create mode 100755 3.1.0-ubi/resources/docker-entrypoint.sh create mode 100644 3.1.0-ubi/resources/run create mode 100644 3.1.0-ubi/resources/vm.args diff --git a/.travis.yml b/.travis.yml index ffcde3a..da26661 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,6 +15,7 @@ env: - RELEASES=2.3.1-ubi - RELEASES=3.0.1 - RELEASES=3.1.0 + - RELEASES=3.1.0-ubi - RELEASES=dev - RELEASES=dev-cluster diff --git a/3.1.0-ubi/Dockerfile b/3.1.0-ubi/Dockerfile new file mode 100644 index 0000000..9738c08 --- /dev/null +++ b/3.1.0-ubi/Dockerfile @@ -0,0 +1,115 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM registry.access.redhat.com/ubi8/ubi-minimal + +ARG RELEASE +ARG BUILD_DATE + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ + name="Apache CouchDB" \ + version="3.1.0" \ + summary="Apache CouchDB based on Red Hat UBI" \ + description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + release=${RELEASE} \ + usage="https://github.com/apache/couchdb-docker" \ + build-date=${BUILD_DATE} \ + io.k8s.display-name="Apache CouchDB" \ + io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + io.openshift.tags="database couchdb apache rhel8" \ + io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ + io.openshift.min-memory="1Gi" \ + io.openshift.min-cpu="1" + +COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo +COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo + +ENV COUCHDB_VERSION 3.1.0 + +# Add CouchDB user account to make sure the IDs are assigned consistently +# CouchDB user added to root group for OpenShift support +RUN set -ex; \ +# be sure GPG and apt-transport-https are available and functional + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install -y \ + ca-certificates \ + gnupg \ + findutils \ + shadow-utils; \ +# Add CouchDB User and Group (group required by rpm) + useradd -u 5984 -d /opt/couchdb -g root couchdb; \ + groupadd -g 5984 couchdb; \ +# Install runit + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=imeyer_runit -y runit; \ +# Clean up + microdnf clean all; \ + rm -rf /var/cache/yum + +# https://docs.couchdb.org/en/stable/install/unix.html +# ENV GPG_COUCH_KEY \ +# # gpg: key D401AB61: public key "Bintray (by JFrog) imported +# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 +# RUN set -xe; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ +# for server in $(shuf -e pgpkeys.mit.edu \ +# ha.pool.sks-keyservers.net \ +# hkp://p80.pool.sks-keyservers.net:80 \ +# pgp.mit.edu) ; do \ +# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ +# done; \ +# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ +# command -v gpgconf && gpgconf --kill all || :; \ +# rm -rf "$GNUPGHOME"; \ +# apt-key list + +# Install CouchDB +RUN set -xe; \ + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.0; \ + microdnf clean all; \ + rm -rf /var/cache/yum; \ +# remove defaults that force writing logs to file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# Setup directories and permissions for data. + chmod 777 /opt/couchdb/data + +# Add the License +COPY licenses /licenses + +# Add configuration +COPY --chown=couchdb:0 resources/10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:0 resources/vm.args /opt/couchdb/etc/ +COPY resources/docker-entrypoint.sh /usr/local/bin +COPY resources/run /etc/service/couchdb/ + +# set permissions on runit scripts +RUN chmod -R 777 /etc/service/couchdb; \ + chmod 777 /usr/local/bin/docker-entrypoint.sh; \ +# symlink to root folder + ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.1.0-ubi/bintray-apache-couchdb-rpm.repo b/3.1.0-ubi/bintray-apache-couchdb-rpm.repo new file mode 100644 index 0000000..e131b6a --- /dev/null +++ b/3.1.0-ubi/bintray-apache-couchdb-rpm.repo @@ -0,0 +1,6 @@ +[bintray-apache-couchdb-rpm] +name=bintray--apache-couchdb-rpm +baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 +gpgcheck=0 +repo_gpgcheck=0 +enabled=1 diff --git a/3.1.0-ubi/imeyer_runit.repo b/3.1.0-ubi/imeyer_runit.repo new file mode 100644 index 0000000..ab4aa4c --- /dev/null +++ b/3.1.0-ubi/imeyer_runit.repo @@ -0,0 +1,10 @@ +[imeyer_runit] +name=imeyer_runit +baseurl=https://packagecloud.io/imeyer/runit/el/7/x86_64 +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/imeyer/runit/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 diff --git a/3.1.0-ubi/licenses/LICENSE b/3.1.0-ubi/licenses/LICENSE new file mode 100644 index 0000000..f6cd2bc --- /dev/null +++ b/3.1.0-ubi/licenses/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/3.1.0-ubi/resources/10-docker-default.ini b/3.1.0-ubi/resources/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.1.0-ubi/resources/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.1.0-ubi/resources/docker-entrypoint.sh b/3.1.0-ubi/resources/docker-entrypoint.sh new file mode 100755 index 0000000..9479dc2 --- /dev/null +++ b/3.1.0-ubi/resources/docker-entrypoint.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:0 /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst -u couchdb env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + else + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + fi + + exec /sbin/runsvdir-start +fi + +exec "$@" diff --git a/3.1.0-ubi/resources/run b/3.1.0-ubi/resources/run new file mode 100644 index 0000000..69b4962 --- /dev/null +++ b/3.1.0-ubi/resources/run @@ -0,0 +1,4 @@ +#!/bin/sh +export HOME=/opt/couchdb +exec 2>&1 +exec chpst -u couchdb /opt/couchdb/bin/couchdb diff --git a/3.1.0-ubi/resources/vm.args b/3.1.0-ubi/resources/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.1.0-ubi/resources/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From ca041cc7c47b02ac19aaad66877a7536734d80eb Mon Sep 17 00:00:00 2001 From: brOOper Date: Wed, 3 Jun 2020 00:55:01 +0200 Subject: [PATCH 169/227] Check /opt/couchdb/etc/*.ini files (#180) Look for admin users and secret in /opt/couchdb/etc/*.ini Fixes #172 --- dev/docker-entrypoint.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 04fc4fa..c7b1948 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -57,14 +57,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/*.ini; then printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/*.ini; then printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi @@ -72,7 +72,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/*.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' ************************************************************* From 7547204656a6656052a726c0ae60d53911d05770 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 11 Jun 2020 07:03:54 +0000 Subject: [PATCH 170/227] Only check local.ini to fix #172 (#181) --- 2.3.1/docker-entrypoint.sh | 6 +++--- 3.0.1/docker-entrypoint.sh | 6 +++--- 3.1.0/docker-entrypoint.sh | 6 +++--- dev/docker-entrypoint.sh | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/2.3.1/docker-entrypoint.sh b/2.3.1/docker-entrypoint.sh index be9e099..6e0e2c1 100755 --- a/2.3.1/docker-entrypoint.sh +++ b/2.3.1/docker-entrypoint.sh @@ -65,14 +65,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi @@ -82,7 +82,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' **************************************************** diff --git a/3.0.1/docker-entrypoint.sh b/3.0.1/docker-entrypoint.sh index d7353f2..acf3675 100755 --- a/3.0.1/docker-entrypoint.sh +++ b/3.0.1/docker-entrypoint.sh @@ -65,14 +65,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi @@ -82,7 +82,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' ************************************************************* diff --git a/3.1.0/docker-entrypoint.sh b/3.1.0/docker-entrypoint.sh index d7353f2..acf3675 100755 --- a/3.1.0/docker-entrypoint.sh +++ b/3.1.0/docker-entrypoint.sh @@ -65,14 +65,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi @@ -82,7 +82,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' ************************************************************* diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index c7b1948..7390bd4 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -57,14 +57,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/*.ini; then + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini fi fi if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/*.ini; then + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi @@ -72,7 +72,7 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/*.ini; then + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOWARN' ************************************************************* From efe8a830f9a44a5c6baacf382c6269703bdc7bbd Mon Sep 17 00:00:00 2001 From: Steven Tang Date: Mon, 6 Jul 2020 13:32:06 +0000 Subject: [PATCH 171/227] Add information about exposed cluster related ports (#185) --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0449e2b..5a6aecb 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,9 @@ If you intend to network this CouchDB instance with others in a cluster, you wil Start your multiple CouchDB instances, then follow the Setup Wizard in the [official CouchDB documentation](http://docs.couchdb.org/en/stable/setup/cluster.html) to complete the process. -For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. +By default, this image exposes the `epmd` port `4369` and the Erlang cluster communication port `9100` (i.e. `inet_dist_listen_min` and `inet_dist_listen_max` are both 9100). +Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). There is also a [Kubernetes helm chart](https://github.com/helm/charts/tree/master/incubator/couchdb) available. From 816d92c1b70f882bdac29845c72e1f53e7407391 Mon Sep 17 00:00:00 2001 From: Will Holley Date: Thu, 9 Jul 2020 20:08:39 +0100 Subject: [PATCH 172/227] Combined CouchDB / Clouseau dockerfile (#187) This adds a Dockerfile which contains both CouchDB and Clouseau in a single container. This is useful because in most containerized environments, EPMD runs in the CouchDB container; restarting the CouchDB container can therefore lead to Clouseau becoming orphaned because EPMD is also killed. The container is based on the Red Hat UBI and uses runit to supervise both CouchDB and Clouseau. UBI is used mostly for familiarity (this is how we build a combined container at IBM), but it serves as a reference for anybody looking to port to other base images. The dockerfile entrypoint is modified to configure CouchDB and Clouseau in an Erlang cluster. It's equally possible to run the container in e.g. Kubernetes or Docker Compose without the dockerfile entrypoint; the user would then need to write out the configuration files via their configuration management system and call `/sbin/runsvdir-start` directly. Both CouchDB and Clouseau will, by default, run under the UID 5984 (CouchDB) and GID 0. If the container is started as a non-root user, that ambient UID/GID is used instead. Refs #8 --- 3.1.0-ubi-clouseau/Dockerfile | 149 +++++++++++++ .../bintray-apache-couchdb-rpm.repo | 6 + 3.1.0-ubi-clouseau/imeyer_runit.repo | 10 + 3.1.0-ubi-clouseau/licenses/LICENSE | 202 ++++++++++++++++++ .../resources/10-docker-default.ini | 8 + .../resources/clouseau/clouseau.ini | 6 + .../resources/clouseau/clouseau.sh | 13 ++ .../resources/clouseau/log4j.properties | 5 + .../resources/docker-entrypoint.sh | 185 ++++++++++++++++ 3.1.0-ubi-clouseau/resources/pre_stop | 30 +++ 3.1.0-ubi-clouseau/resources/run | 1 + 3.1.0-ubi-clouseau/resources/run_clouseau | 1 + 3.1.0-ubi-clouseau/resources/vm.args | 28 +++ 13 files changed, 644 insertions(+) create mode 100644 3.1.0-ubi-clouseau/Dockerfile create mode 100644 3.1.0-ubi-clouseau/bintray-apache-couchdb-rpm.repo create mode 100644 3.1.0-ubi-clouseau/imeyer_runit.repo create mode 100644 3.1.0-ubi-clouseau/licenses/LICENSE create mode 100644 3.1.0-ubi-clouseau/resources/10-docker-default.ini create mode 100644 3.1.0-ubi-clouseau/resources/clouseau/clouseau.ini create mode 100644 3.1.0-ubi-clouseau/resources/clouseau/clouseau.sh create mode 100644 3.1.0-ubi-clouseau/resources/clouseau/log4j.properties create mode 100755 3.1.0-ubi-clouseau/resources/docker-entrypoint.sh create mode 100644 3.1.0-ubi-clouseau/resources/pre_stop create mode 100644 3.1.0-ubi-clouseau/resources/run create mode 100644 3.1.0-ubi-clouseau/resources/run_clouseau create mode 100644 3.1.0-ubi-clouseau/resources/vm.args diff --git a/3.1.0-ubi-clouseau/Dockerfile b/3.1.0-ubi-clouseau/Dockerfile new file mode 100644 index 0000000..01617cd --- /dev/null +++ b/3.1.0-ubi-clouseau/Dockerfile @@ -0,0 +1,149 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +ARG CLOUSEAU_VERSION=2.17.0 + +FROM registry.access.redhat.com/ubi8/ubi-minimal as builder + +ARG CLOUSEAU_VERSION + +WORKDIR /usr/src + +# Fetch and extract clouseau +RUN set -xe; \ + microdnf update -y && rm -rf /var/cache/yum && \ + microdnf install -y unzip wget && \ + wget https://github.com/cloudant-labs/clouseau/releases/download/${CLOUSEAU_VERSION}/clouseau-${CLOUSEAU_VERSION}-dist.zip && \ + unzip clouseau-2.17.0-dist.zip && \ + microdnf clean all; \ + rm -rf /var/cache/yum + +FROM registry.access.redhat.com/ubi8/ubi-minimal + +ARG RELEASE +ARG BUILD_DATE +ARG CLOUSEAU_VERSION + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ + name="Apache CouchDB" \ + version="3.1.0" \ + summary="Apache CouchDB based on Red Hat UBI" \ + description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + release=${RELEASE} \ + usage="https://github.com/apache/couchdb-docker" \ + build-date=${BUILD_DATE} \ + io.k8s.display-name="Apache CouchDB" \ + io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + io.openshift.tags="database couchdb apache rhel8" \ + io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ + io.openshift.min-memory="1Gi" \ + io.openshift.min-cpu="1" + +COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo +COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo + +ENV COUCHDB_VERSION 3.1.0 \ + CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ + JAVA_MAJOR_VERSION=8 \ + JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ + CLASSPATH=${APP_ROOT}/lib/* + +# Add CouchDB user account to make sure the IDs are assigned consistently +# CouchDB user added to root group for OpenShift support +RUN set -ex; \ +# be sure GPG and apt-transport-https are available and functional + microdnf update -y && rm -rf /var/cache/yum; \ + microdnf install -y \ + java-1.8.0-openjdk-headless \ + ca-certificates \ + gnupg \ + findutils \ + shadow-utils; \ +# Add CouchDB User and Group (group required by rpm) + useradd -u 5984 -d /opt/couchdb -g root couchdb; \ + groupadd -g 5984 couchdb; \ +# Install runit + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=imeyer_runit -y runit; \ +# Clean up + microdnf clean all; \ + rm -rf /var/cache/yum + +# https://docs.couchdb.org/en/stable/install/unix.html +# ENV GPG_COUCH_KEY \ +# # gpg: key D401AB61: public key "Bintray (by JFrog) imported +# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 +# RUN set -xe; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ +# for server in $(shuf -e pgpkeys.mit.edu \ +# ha.pool.sks-keyservers.net \ +# hkp://p80.pool.sks-keyservers.net:80 \ +# pgp.mit.edu) ; do \ +# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ +# done; \ +# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ +# command -v gpgconf && gpgconf --kill all || :; \ +# rm -rf "$GNUPGHOME"; \ +# apt-key list + +# Install CouchDB +RUN set -xe; \ + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.0; \ + microdnf clean all; \ + rm -rf /var/cache/yum; \ +# remove defaults that force writing logs to file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# Setup directories and permissions for data. + chmod 777 /opt/couchdb/data + +# Copy Clouseau jar and set directory permissions +COPY resources/clouseau/clouseau.ini resources/clouseau/log4j.properties /opt/couchdb-search/etc/ +COPY --from=builder /usr/src/clouseau-${CLOUSEAU_VERSION}/*.jar /opt/couchdb-search/lib/ + +RUN install -d -m 0755 -o couchdb -g 0 -p /opt/couchdb-search/etc /opt/couchdb-search/lib /opt/couchdb/data/search_indexes && \ + find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ + find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; + +# Add the License +COPY licenses /licenses + +# Add configuration +COPY --chown=couchdb:0 resources/10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:0 resources/vm.args /opt/couchdb/etc/ +COPY --chown=couchdb:0 resources/docker-entrypoint.sh /usr/local/bin +COPY --chown=couchdb:0 resources/run /etc/service/couchdb/ +COPY --chown=couchdb:0 resources/run_clouseau /etc/service/couchdb-search/run + +# set permissions on runit scripts +RUN chmod -R 777 /etc/service/couchdb; \ + chmod -R 777 /etc/service/couchdb-search; \ + chmod 777 /usr/local/bin/docker-entrypoint.sh; \ +# symlink to root folder + ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.1.0-ubi-clouseau/bintray-apache-couchdb-rpm.repo b/3.1.0-ubi-clouseau/bintray-apache-couchdb-rpm.repo new file mode 100644 index 0000000..e131b6a --- /dev/null +++ b/3.1.0-ubi-clouseau/bintray-apache-couchdb-rpm.repo @@ -0,0 +1,6 @@ +[bintray-apache-couchdb-rpm] +name=bintray--apache-couchdb-rpm +baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 +gpgcheck=0 +repo_gpgcheck=0 +enabled=1 diff --git a/3.1.0-ubi-clouseau/imeyer_runit.repo b/3.1.0-ubi-clouseau/imeyer_runit.repo new file mode 100644 index 0000000..ab4aa4c --- /dev/null +++ b/3.1.0-ubi-clouseau/imeyer_runit.repo @@ -0,0 +1,10 @@ +[imeyer_runit] +name=imeyer_runit +baseurl=https://packagecloud.io/imeyer/runit/el/7/x86_64 +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/imeyer/runit/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 diff --git a/3.1.0-ubi-clouseau/licenses/LICENSE b/3.1.0-ubi-clouseau/licenses/LICENSE new file mode 100644 index 0000000..f6cd2bc --- /dev/null +++ b/3.1.0-ubi-clouseau/licenses/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/3.1.0-ubi-clouseau/resources/10-docker-default.ini b/3.1.0-ubi-clouseau/resources/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.1.0-ubi-clouseau/resources/clouseau/clouseau.ini b/3.1.0-ubi-clouseau/resources/clouseau/clouseau.ini new file mode 100644 index 0000000..81084e1 --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/clouseau/clouseau.ini @@ -0,0 +1,6 @@ +[clouseau] +name=clouseau@127.0.0.1 + +dir=/opt/couchdb/data/search_indexes + +max_indexes_open=500 diff --git a/3.1.0-ubi-clouseau/resources/clouseau/clouseau.sh b/3.1.0-ubi-clouseau/resources/clouseau/clouseau.sh new file mode 100644 index 0000000..4f8b300 --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/clouseau/clouseau.sh @@ -0,0 +1,13 @@ +# chmod 0600 /opt/couchdb-search/etc/jmxremote.password + +exec -c "java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini" diff --git a/3.1.0-ubi-clouseau/resources/clouseau/log4j.properties b/3.1.0-ubi-clouseau/resources/clouseau/log4j.properties new file mode 100644 index 0000000..e7a0f7c --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/clouseau/log4j.properties @@ -0,0 +1,5 @@ +log4j.rootLogger=info, CONSOLE + +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %c [%p] %m%n diff --git a/3.1.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.1.0-ubi-clouseau/resources/docker-entrypoint.sh new file mode 100755 index 0000000..094a8f9 --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/docker-entrypoint.sh @@ -0,0 +1,185 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # also for clouseau + find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + # if erlang cookie passed in, set in clouseau.ini + kCOOKIE_REGEX='setcookie ([^ ]+)' + cookie='monster' + if [[ $ERL_FLAGS =~ $kCOOKIE_REGEX ]]; then + cookie="${BASH_REMATCH[1]}" + else + ERL_FLAGS="$ERL_FLAGS -setcookie $cookie" + fi + + if ! grep "cookie" /opt/couchdb-search/etc/clouseau.ini; then + echo "cookie=$cookie" >> /opt/couchdb-search/etc/clouseau.ini + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + # a node name is required for clouseau/distributed erlang. + # set if not specified via ERL_FLAGS or vm.args + kNAME_REGEX='\-name ([^ ]+)' + if ! [[ $ERL_FLAGS =~ $kNAME_REGEX ]]; then + echo "No name found in ERL_FLAGS $ERL_FLAGS" + nodename=${NODENAME:=127.0.0.1} + if ! grep -e '-name' /opt/couchdb/etc/vm.args; then + echo "No -name found in vm.args. Using couchdb@$nodename" + echo "-name couchdb@$nodename" >> /opt/couchdb/etc/vm.args + fi + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:0 /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + # Run as CouchDB user + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst -u couchdb env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + + cat > /etc/service/couchdb-search/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb-search + exec 2>&1 + exec chpst -u couchdb java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini + EOF + else + # Write out runit scripts to start as the ambient uid + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + + cat > /etc/service/couchdb-search/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb-search + exec 2>&1 + exec chpst java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini + EOF + fi + + exec /sbin/runsvdir-start +fi + +exec "$@" diff --git a/3.1.0-ubi-clouseau/resources/pre_stop b/3.1.0-ubi-clouseau/resources/pre_stop new file mode 100644 index 0000000..2fbd60a --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/pre_stop @@ -0,0 +1,30 @@ +#!/bin/bash + +if [ -z "$1" ]; then + terminationPeriod=300 +else + terminationPeriod=$1 +fi + +timeToSleep=5 +numIterations=$(awk -v var1=$terminationPeriod -v var2=$timeToSleep 'BEGIN { print ( var1 / var2 ) }') + +# Mark each runsv service as down, which will send each process a TERM +for file in /conf/service/*/supervise/control; do + echo "d" > $file; +done + +# Allow the processes time to terminate gracefully +i="0" +while [ $i -lt $numIterations ]; do + numServices=$(find /conf/service/* -maxdepth 0 -type d | wc -l) + numDownServices=$(grep -r "^down$" /conf/service/*/supervise/stat | wc -l) + if [ $numServices -ne $numDownServices ]; then + sleep $timeToSleep + i=$[$i+1] + else + exit 0 + fi +done + +exit 1 diff --git a/3.1.0-ubi-clouseau/resources/run b/3.1.0-ubi-clouseau/resources/run new file mode 100644 index 0000000..7d1d6b8 --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/run @@ -0,0 +1 @@ +# populated in dockerfile entrypoint so that ERL_FLAGS are propagated diff --git a/3.1.0-ubi-clouseau/resources/run_clouseau b/3.1.0-ubi-clouseau/resources/run_clouseau new file mode 100644 index 0000000..9c18b33 --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/run_clouseau @@ -0,0 +1 @@ +# populated in dockerfile entrypoint diff --git a/3.1.0-ubi-clouseau/resources/vm.args b/3.1.0-ubi-clouseau/resources/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.1.0-ubi-clouseau/resources/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 7f93d7ea550f787a66d4f87c3c190881bf4dc587 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 1 Sep 2020 11:31:53 -0400 Subject: [PATCH 173/227] Add script that keeps old couchdbdev docker images alive (#189) --- pull-all-couchdbdev-docker | 99 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100755 pull-all-couchdbdev-docker diff --git a/pull-all-couchdbdev-docker b/pull-all-couchdbdev-docker new file mode 100755 index 0000000..cfbb8af --- /dev/null +++ b/pull-all-couchdbdev-docker @@ -0,0 +1,99 @@ +#!/bin/bash + +DOCKER_ORG="couchdbdev" + +# These are the images that are currently being used, so don't `docker rmi` them on cleanup. +KEEP_IMAGES=( +debian-buster-erlang-all +ppc64ledebian-buster-erlang-20.3.8.25-1 +arm64v8debian-buster-erlang-20.3.8.25-1 +centos-8-erlang-20.3.8.25-1 +centos-7-erlang-20.3.8.25-1 +centos-6-erlang-20.3.8.25-1 +ubuntu-focal-erlang-20.3.8.25-1 +ubuntu-bionic-erlang-20.3.8.25-1 +ubuntu-xenial-erlang-20.3.8.25-1 +debian-buster-erlang-20.3.8.25-1 +debian-stretch-erlang-20.3.8.25-1 +ppc64le-debian-buster-erlang-20.3.8.25-1 +arm64v8-debian-buster-erlang-20.3.8.25-1 +debian-stretch-erlang-19.3.6 +centos-7-erlang-19.3.6 +centos-6-erlang-19.3.6 +) + +# Base images are used for building old libmozjs, primarily. +BASE_IMAGES=( +aarch64-debian-stretch-base +arm64v8-debian-buster-base +centos-6-base +centos-7-base +centos-8-base +debian-buster-base +debian-jessie-base +debian-stretch-base +ppc64le-debian-buster-base +ubuntu-bionic-base +ubuntu-trusty-base +ubuntu-xenial-base +) +# These images layer in the rest of the CouchDB build chain, and 1 or more Erlang versions. +IMAGES=( +aarch64-debian-stretch-erlang-20.3.8.20 +#arm64v8-debian-buster-erlang-20.3.8.22-1 +#arm64v8-debian-buster-erlang-20.3.8.24-1 +arm64v8-debian-buster-erlang-20.3.8.25-1 +arm64v8-debian-stretch-erlang-20.3.8.22-1 +centos-6-erlang-19.3.6 +#centos-6-erlang-20.3.8.22-1 +#centos-6-erlang-20.3.8.24-1 +centos-6-erlang-20.3.8.25-1 +centos-7-erlang-19.3.6 +#centos-7-erlang-20.3.8.22-1 +#centos-7-erlang-20.3.8.24-1 +centos-7-erlang-20.3.8.25-1 +#centos-8-erlang-20.3.8.22-1 +#centos-8-erlang-20.3.8.24-1 +centos-8-erlang-20.3.8.25-1 +#debian-buster-erlang-20.3.8.22-1 +#debian-buster-erlang-20.3.8.24-1 +debian-buster-erlang-20.3.8.25-1 +debian-buster-erlang-all +debian-jessie-erlang-17.5.3 +debian-jessie-erlang-19.3.6 +debian-stretch-erlang-19.3.6 +#debian-stretch-erlang-20.3.8.22-1 +#debian-stretch-erlang-20.3.8.24-1 +debian-stretch-erlang-20.3.8.25-1 +#ppc64le-debian-buster-erlang-20.3.8.24-1 +ppc64le-debian-buster-erlang-20.3.8.25-1 +#ppc64le-debian-stretch-erlang-20.3.8.20 +#ppc64le-debian-stretch-erlang-20.3.8.22-1 +ppc64le-debian-stretch-erlang-20.3.8.24-1 +s390x-debian-buster-erlang-20.3.8.25-1 +ubuntu-12.04-erlang-18.3 +ubuntu-bionic-erlang-19.3.6 +#ubuntu-bionic-erlang-20.3.8.22-1 +#ubuntu-bionic-erlang-20.3.8.24-1 +ubuntu-bionic-erlang-20.3.8.25-1 +ubuntu-focal-erlang-20.3.8.25-1 +ubuntu-trusty-erlang-19.3.6 +ubuntu-trusty-erlang-default +ubuntu-xenial-erlang-19.3.6 +#ubuntu-xenial-erlang-20.3.8.22-1 +#ubuntu-xenial-erlang-20.3.8.24-1 +ubuntu-xenial-erlang-20.3.8.25-1 +) + +for image in ${IMAGES[*]} ${BASE_IMAGES[*]} +do + echo docker pull couchdbdev/${image} + docker pull couchdbdev/${image} + # We don't want to delete the current working set of images. + if ! printf '%s\n' "${KEEP_IMAGES[@]}" | grep -q -P "^${image}$"; then + echo docker rmi couchdbdev/$image + docker rmi couchdbdev/$image + fi +done + +docker system prune -f From 47d2a972604e1d33969a244e46b68f45c0382390 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 17 Sep 2020 18:10:29 -0400 Subject: [PATCH 174/227] 3.1.0 -> 3.1.1 (#190) --- .travis.yml | 4 ++-- {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/Dockerfile | 6 +++--- .../bintray-apache-couchdb-rpm.repo | 0 .../imeyer_runit.repo | 0 {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/licenses/LICENSE | 0 .../resources/10-docker-default.ini | 0 .../resources/clouseau/clouseau.ini | 0 .../resources/clouseau/clouseau.sh | 0 .../resources/clouseau/log4j.properties | 0 .../resources/docker-entrypoint.sh | 0 .../resources/pre_stop | 0 {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/run | 0 .../resources/run_clouseau | 0 .../resources/vm.args | 0 {3.1.0-ubi => 3.1.1-ubi}/Dockerfile | 6 +++--- {3.1.0-ubi => 3.1.1-ubi}/bintray-apache-couchdb-rpm.repo | 0 {3.1.0-ubi => 3.1.1-ubi}/imeyer_runit.repo | 0 {3.1.0-ubi => 3.1.1-ubi}/licenses/LICENSE | 0 {3.1.0-ubi => 3.1.1-ubi}/resources/10-docker-default.ini | 0 {3.1.0-ubi => 3.1.1-ubi}/resources/docker-entrypoint.sh | 0 {3.1.0-ubi => 3.1.1-ubi}/resources/run | 0 {3.1.0-ubi => 3.1.1-ubi}/resources/vm.args | 0 {3.1.0 => 3.1.1}/10-docker-default.ini | 0 {3.1.0 => 3.1.1}/Dockerfile | 2 +- {3.1.0 => 3.1.1}/docker-entrypoint.sh | 0 {3.1.0 => 3.1.1}/vm.args | 0 README.md | 2 +- 27 files changed, 10 insertions(+), 10 deletions(-) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/Dockerfile (98%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/bintray-apache-couchdb-rpm.repo (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/imeyer_runit.repo (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/licenses/LICENSE (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/10-docker-default.ini (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/clouseau/clouseau.ini (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/clouseau/clouseau.sh (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/clouseau/log4j.properties (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/docker-entrypoint.sh (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/pre_stop (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/run (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/run_clouseau (100%) rename {3.1.0-ubi-clouseau => 3.1.1-ubi-clouseau}/resources/vm.args (100%) rename {3.1.0-ubi => 3.1.1-ubi}/Dockerfile (98%) rename {3.1.0-ubi => 3.1.1-ubi}/bintray-apache-couchdb-rpm.repo (100%) rename {3.1.0-ubi => 3.1.1-ubi}/imeyer_runit.repo (100%) rename {3.1.0-ubi => 3.1.1-ubi}/licenses/LICENSE (100%) rename {3.1.0-ubi => 3.1.1-ubi}/resources/10-docker-default.ini (100%) rename {3.1.0-ubi => 3.1.1-ubi}/resources/docker-entrypoint.sh (100%) rename {3.1.0-ubi => 3.1.1-ubi}/resources/run (100%) rename {3.1.0-ubi => 3.1.1-ubi}/resources/vm.args (100%) rename {3.1.0 => 3.1.1}/10-docker-default.ini (100%) rename {3.1.0 => 3.1.1}/Dockerfile (99%) rename {3.1.0 => 3.1.1}/docker-entrypoint.sh (100%) rename {3.1.0 => 3.1.1}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index da26661..ba445ff 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,8 +14,8 @@ env: - RELEASES=2.3.1 - RELEASES=2.3.1-ubi - RELEASES=3.0.1 - - RELEASES=3.1.0 - - RELEASES=3.1.0-ubi + - RELEASES=3.1.1 + - RELEASES=3.1.1-ubi - RELEASES=dev - RELEASES=dev-cluster diff --git a/3.1.0-ubi-clouseau/Dockerfile b/3.1.1-ubi-clouseau/Dockerfile similarity index 98% rename from 3.1.0-ubi-clouseau/Dockerfile rename to 3.1.1-ubi-clouseau/Dockerfile index 01617cd..7d918a9 100644 --- a/3.1.0-ubi-clouseau/Dockerfile +++ b/3.1.1-ubi-clouseau/Dockerfile @@ -35,7 +35,7 @@ ARG CLOUSEAU_VERSION LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.0" \ + version="3.1.1" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -51,7 +51,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo -ENV COUCHDB_VERSION 3.1.0 \ +ENV COUCHDB_VERSION 3.1.1 \ CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ JAVA_MAJOR_VERSION=8 \ JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ @@ -99,7 +99,7 @@ RUN set -ex; \ # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.0; \ + microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/3.1.0-ubi-clouseau/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo similarity index 100% rename from 3.1.0-ubi-clouseau/bintray-apache-couchdb-rpm.repo rename to 3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo diff --git a/3.1.0-ubi-clouseau/imeyer_runit.repo b/3.1.1-ubi-clouseau/imeyer_runit.repo similarity index 100% rename from 3.1.0-ubi-clouseau/imeyer_runit.repo rename to 3.1.1-ubi-clouseau/imeyer_runit.repo diff --git a/3.1.0-ubi-clouseau/licenses/LICENSE b/3.1.1-ubi-clouseau/licenses/LICENSE similarity index 100% rename from 3.1.0-ubi-clouseau/licenses/LICENSE rename to 3.1.1-ubi-clouseau/licenses/LICENSE diff --git a/3.1.0-ubi-clouseau/resources/10-docker-default.ini b/3.1.1-ubi-clouseau/resources/10-docker-default.ini similarity index 100% rename from 3.1.0-ubi-clouseau/resources/10-docker-default.ini rename to 3.1.1-ubi-clouseau/resources/10-docker-default.ini diff --git a/3.1.0-ubi-clouseau/resources/clouseau/clouseau.ini b/3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini similarity index 100% rename from 3.1.0-ubi-clouseau/resources/clouseau/clouseau.ini rename to 3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini diff --git a/3.1.0-ubi-clouseau/resources/clouseau/clouseau.sh b/3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh similarity index 100% rename from 3.1.0-ubi-clouseau/resources/clouseau/clouseau.sh rename to 3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh diff --git a/3.1.0-ubi-clouseau/resources/clouseau/log4j.properties b/3.1.1-ubi-clouseau/resources/clouseau/log4j.properties similarity index 100% rename from 3.1.0-ubi-clouseau/resources/clouseau/log4j.properties rename to 3.1.1-ubi-clouseau/resources/clouseau/log4j.properties diff --git a/3.1.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.1.1-ubi-clouseau/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.0-ubi-clouseau/resources/docker-entrypoint.sh rename to 3.1.1-ubi-clouseau/resources/docker-entrypoint.sh diff --git a/3.1.0-ubi-clouseau/resources/pre_stop b/3.1.1-ubi-clouseau/resources/pre_stop similarity index 100% rename from 3.1.0-ubi-clouseau/resources/pre_stop rename to 3.1.1-ubi-clouseau/resources/pre_stop diff --git a/3.1.0-ubi-clouseau/resources/run b/3.1.1-ubi-clouseau/resources/run similarity index 100% rename from 3.1.0-ubi-clouseau/resources/run rename to 3.1.1-ubi-clouseau/resources/run diff --git a/3.1.0-ubi-clouseau/resources/run_clouseau b/3.1.1-ubi-clouseau/resources/run_clouseau similarity index 100% rename from 3.1.0-ubi-clouseau/resources/run_clouseau rename to 3.1.1-ubi-clouseau/resources/run_clouseau diff --git a/3.1.0-ubi-clouseau/resources/vm.args b/3.1.1-ubi-clouseau/resources/vm.args similarity index 100% rename from 3.1.0-ubi-clouseau/resources/vm.args rename to 3.1.1-ubi-clouseau/resources/vm.args diff --git a/3.1.0-ubi/Dockerfile b/3.1.1-ubi/Dockerfile similarity index 98% rename from 3.1.0-ubi/Dockerfile rename to 3.1.1-ubi/Dockerfile index 9738c08..6e6146c 100644 --- a/3.1.0-ubi/Dockerfile +++ b/3.1.1-ubi/Dockerfile @@ -17,7 +17,7 @@ ARG BUILD_DATE LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.0" \ + version="3.1.1" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -33,7 +33,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo -ENV COUCHDB_VERSION 3.1.0 +ENV COUCHDB_VERSION 3.1.1 # Add CouchDB user account to make sure the IDs are assigned consistently # CouchDB user added to root group for OpenShift support @@ -76,7 +76,7 @@ RUN set -ex; \ # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.0; \ + microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/3.1.0-ubi/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi/bintray-apache-couchdb-rpm.repo similarity index 100% rename from 3.1.0-ubi/bintray-apache-couchdb-rpm.repo rename to 3.1.1-ubi/bintray-apache-couchdb-rpm.repo diff --git a/3.1.0-ubi/imeyer_runit.repo b/3.1.1-ubi/imeyer_runit.repo similarity index 100% rename from 3.1.0-ubi/imeyer_runit.repo rename to 3.1.1-ubi/imeyer_runit.repo diff --git a/3.1.0-ubi/licenses/LICENSE b/3.1.1-ubi/licenses/LICENSE similarity index 100% rename from 3.1.0-ubi/licenses/LICENSE rename to 3.1.1-ubi/licenses/LICENSE diff --git a/3.1.0-ubi/resources/10-docker-default.ini b/3.1.1-ubi/resources/10-docker-default.ini similarity index 100% rename from 3.1.0-ubi/resources/10-docker-default.ini rename to 3.1.1-ubi/resources/10-docker-default.ini diff --git a/3.1.0-ubi/resources/docker-entrypoint.sh b/3.1.1-ubi/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.0-ubi/resources/docker-entrypoint.sh rename to 3.1.1-ubi/resources/docker-entrypoint.sh diff --git a/3.1.0-ubi/resources/run b/3.1.1-ubi/resources/run similarity index 100% rename from 3.1.0-ubi/resources/run rename to 3.1.1-ubi/resources/run diff --git a/3.1.0-ubi/resources/vm.args b/3.1.1-ubi/resources/vm.args similarity index 100% rename from 3.1.0-ubi/resources/vm.args rename to 3.1.1-ubi/resources/vm.args diff --git a/3.1.0/10-docker-default.ini b/3.1.1/10-docker-default.ini similarity index 100% rename from 3.1.0/10-docker-default.ini rename to 3.1.1/10-docker-default.ini diff --git a/3.1.0/Dockerfile b/3.1.1/Dockerfile similarity index 99% rename from 3.1.0/Dockerfile rename to 3.1.1/Dockerfile index 6a3fac0..8e5ec26 100644 --- a/3.1.0/Dockerfile +++ b/3.1.1/Dockerfile @@ -91,7 +91,7 @@ RUN set -xe; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV COUCHDB_VERSION 3.1.0 +ENV COUCHDB_VERSION 3.1.1 RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list diff --git a/3.1.0/docker-entrypoint.sh b/3.1.1/docker-entrypoint.sh similarity index 100% rename from 3.1.0/docker-entrypoint.sh rename to 3.1.1/docker-entrypoint.sh diff --git a/3.1.0/vm.args b/3.1.1/vm.args similarity index 100% rename from 3.1.0/vm.args rename to 3.1.1/vm.args diff --git a/README.md b/README.md index 5a6aecb..048d141 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: -- `3.1.0` +- `3.1.1` - `2.3.1` # How to use this image From 3f083adb73b7cc8913a805606346f60c8100555e Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 29 Oct 2020 14:17:23 -0400 Subject: [PATCH 175/227] Move pull-all-couchdbdev-docker to couchdb-ci --- pull-all-couchdbdev-docker | 99 -------------------------------------- 1 file changed, 99 deletions(-) delete mode 100755 pull-all-couchdbdev-docker diff --git a/pull-all-couchdbdev-docker b/pull-all-couchdbdev-docker deleted file mode 100755 index cfbb8af..0000000 --- a/pull-all-couchdbdev-docker +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash - -DOCKER_ORG="couchdbdev" - -# These are the images that are currently being used, so don't `docker rmi` them on cleanup. -KEEP_IMAGES=( -debian-buster-erlang-all -ppc64ledebian-buster-erlang-20.3.8.25-1 -arm64v8debian-buster-erlang-20.3.8.25-1 -centos-8-erlang-20.3.8.25-1 -centos-7-erlang-20.3.8.25-1 -centos-6-erlang-20.3.8.25-1 -ubuntu-focal-erlang-20.3.8.25-1 -ubuntu-bionic-erlang-20.3.8.25-1 -ubuntu-xenial-erlang-20.3.8.25-1 -debian-buster-erlang-20.3.8.25-1 -debian-stretch-erlang-20.3.8.25-1 -ppc64le-debian-buster-erlang-20.3.8.25-1 -arm64v8-debian-buster-erlang-20.3.8.25-1 -debian-stretch-erlang-19.3.6 -centos-7-erlang-19.3.6 -centos-6-erlang-19.3.6 -) - -# Base images are used for building old libmozjs, primarily. -BASE_IMAGES=( -aarch64-debian-stretch-base -arm64v8-debian-buster-base -centos-6-base -centos-7-base -centos-8-base -debian-buster-base -debian-jessie-base -debian-stretch-base -ppc64le-debian-buster-base -ubuntu-bionic-base -ubuntu-trusty-base -ubuntu-xenial-base -) -# These images layer in the rest of the CouchDB build chain, and 1 or more Erlang versions. -IMAGES=( -aarch64-debian-stretch-erlang-20.3.8.20 -#arm64v8-debian-buster-erlang-20.3.8.22-1 -#arm64v8-debian-buster-erlang-20.3.8.24-1 -arm64v8-debian-buster-erlang-20.3.8.25-1 -arm64v8-debian-stretch-erlang-20.3.8.22-1 -centos-6-erlang-19.3.6 -#centos-6-erlang-20.3.8.22-1 -#centos-6-erlang-20.3.8.24-1 -centos-6-erlang-20.3.8.25-1 -centos-7-erlang-19.3.6 -#centos-7-erlang-20.3.8.22-1 -#centos-7-erlang-20.3.8.24-1 -centos-7-erlang-20.3.8.25-1 -#centos-8-erlang-20.3.8.22-1 -#centos-8-erlang-20.3.8.24-1 -centos-8-erlang-20.3.8.25-1 -#debian-buster-erlang-20.3.8.22-1 -#debian-buster-erlang-20.3.8.24-1 -debian-buster-erlang-20.3.8.25-1 -debian-buster-erlang-all -debian-jessie-erlang-17.5.3 -debian-jessie-erlang-19.3.6 -debian-stretch-erlang-19.3.6 -#debian-stretch-erlang-20.3.8.22-1 -#debian-stretch-erlang-20.3.8.24-1 -debian-stretch-erlang-20.3.8.25-1 -#ppc64le-debian-buster-erlang-20.3.8.24-1 -ppc64le-debian-buster-erlang-20.3.8.25-1 -#ppc64le-debian-stretch-erlang-20.3.8.20 -#ppc64le-debian-stretch-erlang-20.3.8.22-1 -ppc64le-debian-stretch-erlang-20.3.8.24-1 -s390x-debian-buster-erlang-20.3.8.25-1 -ubuntu-12.04-erlang-18.3 -ubuntu-bionic-erlang-19.3.6 -#ubuntu-bionic-erlang-20.3.8.22-1 -#ubuntu-bionic-erlang-20.3.8.24-1 -ubuntu-bionic-erlang-20.3.8.25-1 -ubuntu-focal-erlang-20.3.8.25-1 -ubuntu-trusty-erlang-19.3.6 -ubuntu-trusty-erlang-default -ubuntu-xenial-erlang-19.3.6 -#ubuntu-xenial-erlang-20.3.8.22-1 -#ubuntu-xenial-erlang-20.3.8.24-1 -ubuntu-xenial-erlang-20.3.8.25-1 -) - -for image in ${IMAGES[*]} ${BASE_IMAGES[*]} -do - echo docker pull couchdbdev/${image} - docker pull couchdbdev/${image} - # We don't want to delete the current working set of images. - if ! printf '%s\n' "${KEEP_IMAGES[@]}" | grep -q -P "^${image}$"; then - echo docker rmi couchdbdev/$image - docker rmi couchdbdev/$image - fi -done - -docker system prune -f From 03af73d79440c44c386848b6ceac1434cf5af357 Mon Sep 17 00:00:00 2001 From: Amit Phulera Date: Mon, 11 Jan 2021 22:44:30 +0530 Subject: [PATCH 176/227] Update dev to use `main` branch rather than master (#195) --- dev-cluster/Dockerfile | 2 +- dev/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 70e3bfb..62883f2 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -108,7 +108,7 @@ RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure -c --spidermonkey-version 60 -ARG checkout_branch=master +ARG checkout_branch=main ARG configure_options="-c --spidermonkey-version 60" WORKDIR /usr/src/couchdb/ diff --git a/dev/Dockerfile b/dev/Dockerfile index a32bb34..782d233 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -125,10 +125,10 @@ RUN ./configure # This layer performs the actual build of a relocatable, self-contained # release of CouchDB. It pulls down the latest changes from the remote # origin (because the layer above will be cached) and switches to the -# branch specified in the build_arg (defaults to master) +# branch specified in the build_arg (defaults to main) FROM build_dependencies AS build -ARG checkout_branch=master +ARG checkout_branch=main ARG configure_options ARG spidermonkey_version=60 From b674b6c651acedcdce18e30108dbe994a55d8da0 Mon Sep 17 00:00:00 2001 From: Glynn Bird Date: Tue, 16 Mar 2021 20:50:07 +0000 Subject: [PATCH 177/227] protect main branch with .asf.yaml config (#193) --- .asf.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .asf.yaml diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 0000000..be0b311 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,18 @@ +github: + description: "Semi-official Apache CouchDB Docker images" + homepage: https://github.com/apache/couchdb-docker + labels: + - apache + - couchdb + - erlang + - network-client + - http + - cplusplus + - big-data + - cloud + - database + - network-server + - javascript + protected_branches: + main + From e3ca492e13f65ffd72593ac3d7c43c737787e2b2 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 16 Mar 2021 18:29:54 -0400 Subject: [PATCH 178/227] Drop ppc64le until suitable CI replacement identified (#199) --- build.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/build.sh b/build.sh index 70bea97..b0291dc 100755 --- a/build.sh +++ b/build.sh @@ -31,8 +31,8 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8 ppc64le" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" +PLATFORMS="amd64 arm64v8" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8" prompt() { if [ -z "${PROMPT}" ] @@ -124,15 +124,11 @@ push() { fi docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ - apache/couchdb:arm64v8-$1 \ - apache/couchdb:ppc64le-$1 + apache/couchdb:arm64v8-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:ppc64le-$1 --os linux --arch ppc64le - docker manifest push --purge apache/couchdb:$tag_as docker manifest inspect apache/couchdb:$tag_as From 44dc5167b74c5db49cbbeab808494cf37ac615c9 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 23 Mar 2021 11:27:27 -0400 Subject: [PATCH 179/227] Multiple build system improvements (#200) --- .gitignore | 2 + .travis.yml | 1 - 1.7.2-couchperuser/Dockerfile | 27 ----- 1.7.2-couchperuser/docker-entrypoint.sh | 35 ------ 1.7.2/Dockerfile | 123 --------------------- 1.7.2/docker-entrypoint.sh | 86 --------------- 2.3.1/Dockerfile | 49 ++------- 3.0.1/10-docker-default.ini | 8 -- 3.0.1/Dockerfile | 140 ------------------------ 3.0.1/docker-entrypoint.sh | 106 ------------------ 3.0.1/vm.args | 28 ----- 3.1.1/Dockerfile | 42 +------ build.sh | 38 +++++-- dev-cluster/Dockerfile | 44 +------- dev/Dockerfile | 39 +------ md | 4 - 16 files changed, 53 insertions(+), 719 deletions(-) create mode 100644 .gitignore delete mode 100644 1.7.2-couchperuser/Dockerfile delete mode 100755 1.7.2-couchperuser/docker-entrypoint.sh delete mode 100644 1.7.2/Dockerfile delete mode 100755 1.7.2/docker-entrypoint.sh delete mode 100644 3.0.1/10-docker-default.ini delete mode 100644 3.0.1/Dockerfile delete mode 100755 3.0.1/docker-entrypoint.sh delete mode 100644 3.0.1/vm.args delete mode 100644 md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b72f9be --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +*.swp diff --git a/.travis.yml b/.travis.yml index ba445ff..9c0a4d4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,6 @@ services: env: - RELEASES=2.3.1 - RELEASES=2.3.1-ubi - - RELEASES=3.0.1 - RELEASES=3.1.1 - RELEASES=3.1.1-ubi - RELEASES=dev diff --git a/1.7.2-couchperuser/Dockerfile b/1.7.2-couchperuser/Dockerfile deleted file mode 100644 index 76eaab4..0000000 --- a/1.7.2-couchperuser/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM apache/couchdb:1.7.2 - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -ENV COUCHPERUSER_SHA 5d28db3272eea9619d4391b33aae6030f0319ecc54aa2a2f2b6c6a8d448f03f2 -RUN apt-get update && apt-get install -y rebar make \ - && mkdir -p /usr/local/lib/couchdb/plugins/couchperuser \ - && cd /usr/local/lib/couchdb/plugins \ - && curl -L -o couchperuser.tar.gz https://github.com/etrepum/couchperuser/archive/1.1.0.tar.gz \ - && echo "$COUCHPERUSER_SHA *couchperuser.tar.gz" | sha256sum -c - \ - && tar -xzf couchperuser.tar.gz -C couchperuser --strip-components=1 \ - && rm couchperuser.tar.gz \ - && cd couchperuser \ - && make \ - && apt-get purge -y --auto-remove rebar make diff --git a/1.7.2-couchperuser/docker-entrypoint.sh b/1.7.2-couchperuser/docker-entrypoint.sh deleted file mode 100755 index ba4dac3..0000000 --- a/1.7.2-couchperuser/docker-entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/1.7.2/Dockerfile b/1.7.2/Dockerfile deleted file mode 100644 index 5e6054c..0000000 --- a/1.7.2/Dockerfile +++ /dev/null @@ -1,123 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian - -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - libicu52 \ - libmozjs185-1.0 \ - libnspr4 \ - libnspr4-0d \ - && rm -rf /var/lib/apt/lists/* - -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 1.7.2 - -# download dependencies, compile and install couchdb, -# set correct permissions, expose couchdb to the outside and disable logging to disk -RUN buildDeps=' \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - libnspr4-dev \ - make \ - ' \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ - && cd /usr/src/couchdb \ - && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install \ - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ - && chown -R couchdb:couchdb \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && chmod -R g+rw \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && mkdir -p /var/lib/couchdb \ - && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ - && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini - -COPY ./docker-entrypoint.sh / - -# Define mountable directories. -VOLUME ["/usr/local/var/lib/couchdb"] - -EXPOSE 5984 -WORKDIR /var/lib/couchdb - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["couchdb"] diff --git a/1.7.2/docker-entrypoint.sh b/1.7.2/docker-entrypoint.sh deleted file mode 100755 index db5a60e..0000000 --- a/1.7.2/docker-entrypoint.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini - fi - - if [ -f /usr/local/etc/couchdb/local.d/bind_address.ini ]; then - if ! grep -Fq "port =" /usr/local/etc/couchdb/local.d/bind_address.ini; then - vport=$(printf "[httpd]\\\nport = %s" ${COUCHDB_HTTP_PORT:=5984}) - if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then - sed -i -e "s/\\[httpd\\]/$vport/g" /usr/local/etc/couchdb/local.d/bind_address.ini - else - printf "$vport" >> /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - fi - - if ! grep -Fq "bind_address =" /usr/local/etc/couchdb/local.d/bind_address.ini; then - vaddress=$(printf "[httpd]\\\nbind_address = %s" ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0}) - if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then - sed -i -e "s/\\[httpd\\]/$vaddress/g" /usr/local/etc/couchdb/local.d/bind_address.ini - else - printf "$vaddress" >> /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - fi - - else - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN - fi - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index f8ad0c9..9d5706c 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -30,47 +30,11 @@ RUN set -ex; \ # grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages @@ -83,6 +47,7 @@ RUN set -xe; \ for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ + hkps://hkps.pool.sks-keyservers.net \ pgp.mit.edu) ; do \ gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ done; \ @@ -91,9 +56,9 @@ RUN set -xe; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV COUCHDB_VERSION 2.3.1 +ENV COUCHDB_VERSION 2.3.1-1 -RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list +RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian RUN set -xe; \ @@ -102,7 +67,7 @@ RUN set -xe; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~stretch \ + couchdb="$COUCHDB_VERSION"~buster \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ diff --git a/3.0.1/10-docker-default.ini b/3.0.1/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.0.1/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.0.1/Dockerfile b/3.0.1/Dockerfile deleted file mode 100644 index 84f78a4..0000000 --- a/3.0.1/Dockerfile +++ /dev/null @@ -1,140 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:buster-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV COUCHDB_VERSION 3.0.1 - -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~buster \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.0.1/docker-entrypoint.sh b/3.0.1/docker-entrypoint.sh deleted file mode 100755 index acf3675..0000000 --- a/3.0.1/docker-entrypoint.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.0.1/vm.args b/3.0.1/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.0.1/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.1.1/Dockerfile b/3.1.1/Dockerfile index 8e5ec26..06280ee 100644 --- a/3.1.1/Dockerfile +++ b/3.1.1/Dockerfile @@ -30,49 +30,14 @@ RUN set -ex; \ # grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ tini --version + # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ # gpg: key D401AB61: public key "Bintray (by JFrog) imported @@ -83,6 +48,7 @@ RUN set -xe; \ for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ + hkps://hkps.pool.sks-keyservers.net \ pgp.mit.edu) ; do \ gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ done; \ diff --git a/build.sh b/build.sh index b0291dc..09a3020 100755 --- a/build.sh +++ b/build.sh @@ -21,6 +21,8 @@ # architecture Docker containers on an x86_64 host. # # For more reading: +# https://github.com/moby/buildkit/issues/1943 +# https://github.com/tonistiigi/binfmt # https://github.com/multiarch/qemu-user-static # https://lobradov.github.io/Building-docker-multiarch-images/ # https://github.com/jessfraz/irssi/blob/master/.travis.yml @@ -56,9 +58,26 @@ update_qemu() { # necessary locally after every reboot, not sure why....update related maybe? # basically harmless to run everytime, except for elevated privs necessary. # disable with -n flag - docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - docker rmi multiarch/qemu-user-static + # NOTE multiarch/qemu-user-static broken as of Jan 2021 + # docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true + # docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + # docker rmi multiarch/qemu-user-static + # use tonistiigi/binfmt instead. + # this requires bash 4.*, sorry jan! + echo "Uninstalling all qemu emulators..." + readarray -t platforms < <(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))') + for plat in "${platforms[@]}"; do + plat="${plat//\"}" + docker run --privileged tonistiigi/binfmt --uninstall $plat >/dev/null 2>&1 + done + + echo "Reinstalling all qemu emulators with latest version..." + docker run --privileged --rm tonistiigi/binfmt --install all + + echo "Proving all emulators work..." + docker run --rm arm32v7/alpine uname -a + docker run --rm arm64v8/alpine uname -a + docker run --rm tonistiigi/debian:riscv uname -a } clean() { @@ -143,7 +162,10 @@ buildx() { tag_as=$1 fi docker buildx rm apache-couchdb >/dev/null 2>&1 || true - docker buildx create --name apache-couchdb + + + echo "Creating the buildx environment..." + docker buildx create --name apache-couchdb --driver docker-container --use docker buildx use apache-couchdb docker buildx inspect --bootstrap @@ -290,15 +312,15 @@ case "$1" in ;; buildx) # builds and pushes using docker buildx - if [ ${QEMU} ] - then - update_qemu - fi shift if [ $# -ne 1 -a $# -ne 3 ] then usage fi + if [ ${QEMU} ] + then + update_qemu + fi if [ $# -eq 1 ] then buildx $1 diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 62883f2..f599fec 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -32,44 +32,12 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - apt-get purge -y --auto-remove wget +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ diff --git a/dev/Dockerfile b/dev/Dockerfile index 782d233..b493e97 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -34,6 +34,7 @@ RUN apt-get update -y && apt-get install -y \ && for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ + hkps://hkps.pool.sks-keyservers.net \ pgp.mit.edu) ; do \ gpg --batch --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ @@ -47,42 +48,10 @@ ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget + gosu nobody true; \ + tini --version # Dependencies only needed during build time. This layer will also be cached FROM runtime AS build_dependencies diff --git a/md b/md deleted file mode 100644 index dacb248..0000000 --- a/md +++ /dev/null @@ -1,4 +0,0 @@ -[?25l[?2004h[?25h[?1049h[?1h=[?2004h[?12h[?12l[?25l"README" [New File]~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?25l-- VISUAL --[?25h[?25l[?25h[?25lType :qa! and press to abandon all changes and exit Vim[?25h[?25l[?25h -[?2004l[?1l>[?1049l[?2004l[?2004h[?1049h[?1h=[?2004h[?12h[?12l[?25l~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?2004l[?1l>[?1049lVim: Caught deadly signal TERM -Vim: Finished. - \ No newline at end of file From a727920c8db0050c48a06809f3cd4a9ec18c81ed Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 5 Jul 2021 23:03:51 +0000 Subject: [PATCH 180/227] Update with jfrog artifactory repo (#202) --- .travis.yml | 7 ++-- 2.3.1-ubi/Dockerfile | 22 ++----------- 2.3.1-ubi/bintray-apache-couchdb-rpm.repo | 6 ---- 2.3.1-ubi/couchdb.repo | 7 ++++ 2.3.1/Dockerfile | 30 +++++++++-------- 3.1.1-ubi-clouseau/Dockerfile | 24 ++------------ .../bintray-apache-couchdb-rpm.repo | 6 ---- 3.1.1-ubi-clouseau/couchdb.repo | 7 ++++ 3.1.1-ubi/Dockerfile | 26 +++------------ 3.1.1-ubi/bintray-apache-couchdb-rpm.repo | 6 ---- 3.1.1-ubi/couchdb.repo | 7 ++++ 3.1.1/Dockerfile | 31 +++++++++--------- build.sh | 16 ++++++++-- dev/Dockerfile | 32 +++++++++---------- 14 files changed, 95 insertions(+), 132 deletions(-) delete mode 100644 2.3.1-ubi/bintray-apache-couchdb-rpm.repo create mode 100644 2.3.1-ubi/couchdb.repo delete mode 100644 3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo create mode 100644 3.1.1-ubi-clouseau/couchdb.repo delete mode 100644 3.1.1-ubi/bintray-apache-couchdb-rpm.repo create mode 100644 3.1.1-ubi/couchdb.repo diff --git a/.travis.yml b/.travis.yml index 9c0a4d4..4bf6261 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ language: minimal # Avoid double build on PRs (See https://github.com/travis-ci/travis-ci/issues/1147) branches: only: - - master + - main services: - docker @@ -15,8 +15,9 @@ env: - RELEASES=2.3.1-ubi - RELEASES=3.1.1 - RELEASES=3.1.1-ubi - - RELEASES=dev - - RELEASES=dev-cluster +# Needs updating for fdb +# - RELEASES=dev +# - RELEASES=dev-cluster script: - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -p 5984:5984 couchdb:$rel && sleep 10 && curl http://admin:password@localhost:5984/ && docker kill $rel; done diff --git a/2.3.1-ubi/Dockerfile b/2.3.1-ubi/Dockerfile index 442bd45..7daba2a 100644 --- a/2.3.1-ubi/Dockerfile +++ b/2.3.1-ubi/Dockerfile @@ -31,7 +31,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo ENV COUCHDB_VERSION 2.3.1 @@ -55,28 +55,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-2.3.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/2.3.1-ubi/bintray-apache-couchdb-rpm.repo b/2.3.1-ubi/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/2.3.1-ubi/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/2.3.1-ubi/couchdb.repo b/2.3.1-ubi/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/2.3.1-ubi/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index 9d5706c..75d0c24 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -39,29 +39,31 @@ RUN set -eux; \ # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - hkps://hkps.pool.sks-keyservers.net \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + curl https://couchdb.apache.org/repo/keys.asc | \ + gpg --dearmor | \ + tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ + gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ - apt-key list + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* ENV COUCHDB_VERSION 2.3.1-1 -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ +RUN set -eux; \ apt-get update; \ \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ diff --git a/3.1.1-ubi-clouseau/Dockerfile b/3.1.1-ubi-clouseau/Dockerfile index 7d918a9..fe304af 100644 --- a/3.1.1-ubi-clouseau/Dockerfile +++ b/3.1.1-ubi-clouseau/Dockerfile @@ -49,9 +49,9 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION 3.1.1 \ +ENV COUCHDB_VERSION=3.1.1 \ CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ JAVA_MAJOR_VERSION=8 \ JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ @@ -78,28 +78,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/3.1.1-ubi-clouseau/couchdb.repo b/3.1.1-ubi-clouseau/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.1.1-ubi-clouseau/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.1.1-ubi/Dockerfile b/3.1.1-ubi/Dockerfile index 6e6146c..055cd0c 100644 --- a/3.1.1-ubi/Dockerfile +++ b/3.1.1-ubi/Dockerfile @@ -31,7 +31,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo ENV COUCHDB_VERSION 3.1.1 @@ -55,28 +55,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file @@ -85,8 +67,8 @@ RUN set -xe; \ find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ # Setup directories and permissions for config. Technically these could be 555 and 444 respectively # but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ + find /opt/couchdb/etc -type d ! -perm 0775 -exec chmod -f 0775 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0664 -exec chmod -f 0664 '{}' +; \ # Setup directories and permissions for data. chmod 777 /opt/couchdb/data diff --git a/3.1.1-ubi/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/3.1.1-ubi/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/3.1.1-ubi/couchdb.repo b/3.1.1-ubi/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.1.1-ubi/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.1.1/Dockerfile b/3.1.1/Dockerfile index 06280ee..4677c45 100644 --- a/3.1.1/Dockerfile +++ b/3.1.1/Dockerfile @@ -37,32 +37,33 @@ RUN set -eux; \ gosu nobody true; \ tini --version - # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - hkps://hkps.pool.sks-keyservers.net \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + curl https://couchdb.apache.org/repo/keys.asc | \ + gpg --dearmor | \ + tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ + gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ - apt-key list + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* ENV COUCHDB_VERSION 3.1.1 -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ +RUN set -eux; \ apt-get update; \ \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ diff --git a/build.sh b/build.sh index 09a3020..44a4f58 100755 --- a/build.sh +++ b/build.sh @@ -109,11 +109,21 @@ clean() { build() { VERSION=$1 ARCH=${2:-amd64} - FROMIMG="$(awk '$1 == toupper("FROM") { print $2 }' $VERSION/Dockerfile)" - CURRARCH=$(docker run --rm -t ${FROMIMG} uname -m) + FROMIMG="$(awk '$1 == toupper("FROM") { print $2; exit; }' $VERSION/Dockerfile)" + echo ${FROMIMG} + CURRARCH="$(docker run --rm -t ${FROMIMG} uname -m | sed -e 's/[[:space:]]*$//')" + if [ "${CURRARCH}" == "x86_64" ] + then + CURRARCH="amd64" + fi - if [ ${CURRARCH} != ${ARCH} ] + if [ "${CURRARCH}" != "${ARCH}" ] then + if [[ "${FROMIMG}" == *"redhat.com"* ]] + then + echo "Script does not handle multiarch for ubi images. Please fix me!" + exit 1 + fi docker rmi ${FROMIMG} docker pull "${ARCH}/${FROMIMG}" docker tag "${ARCH}/${FROMIMG}" "${FROMIMG}" diff --git a/dev/Dockerfile b/dev/Dockerfile index b493e97..104de9d 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -28,17 +28,6 @@ RUN apt-get update -y && apt-get install -y \ libicu63 \ libssl1.1 \ openssl \ - && echo "deb https://apache.bintray.com/couchdb-deb buster main" \ - | tee /etc/apt/sources.list.d/couchdb.list \ - && cat /etc/apt/sources.list.d/couchdb.list \ - && for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - hkps://hkps.pool.sks-keyservers.net \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ - done \ - && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ && rm -rf /var/lib/apt/lists/* @@ -46,7 +35,7 @@ RUN apt-get update -y && apt-get install -y \ # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 -RUN set -ex; \ +RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ @@ -56,12 +45,14 @@ RUN set -ex; \ # Dependencies only needed during build time. This layer will also be cached FROM runtime AS build_dependencies -RUN apt-get update -y && apt-get install -y --no-install-recommends \ +RUN set -eux; \ + apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ libmozjs-60-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ + erlang-dialyzer \ git \ libcurl4-openssl-dev \ libicu-dev \ @@ -69,16 +60,25 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libpython3-dev \ python3-pip \ python3-sphinx \ - python3-setuptools + python3-setuptools \ + wget -RUN pip3 install --upgrade \ +RUN set -eux; \ + pip3 install --upgrade \ sphinx_rtd_theme \ nose \ requests \ hypothesis +RUN set -eux; \ + wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-clients_6.3.9-1_amd64.deb; \ + wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-server_6.3.9-1_amd64.deb; \ + dpkg -i ./foundationdb*deb; \ + pkill -f fdb || true; pkill -f foundation || true; \ + rm -rf ./foundationdb*deb + # Node is special -RUN set -ex; \ +RUN set -eux; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ echo 'deb https://deb.nodesource.com/node_10.x buster main' > /etc/apt/sources.list.d/nodesource.list; \ echo 'deb-src https://deb.nodesource.com/node_10.x buster main' >> /etc/apt/sources.list.d/nodesource.list; \ From 4993111e388d203d2200a3dd88449517db548c05 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 7 Jul 2021 22:18:55 +0000 Subject: [PATCH 181/227] Incorporate downstream Dockerfile feedback (#203) --- 2.3.1/Dockerfile | 8 +++----- 3.1.1/Dockerfile | 8 +++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index 75d0c24..f083992 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -45,11 +45,9 @@ RUN set -eux; \ apt-get update; \ apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - curl https://couchdb.apache.org/repo/keys.asc | \ - gpg --dearmor | \ - tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ - gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ apt-key list; \ diff --git a/3.1.1/Dockerfile b/3.1.1/Dockerfile index 4677c45..75b4b29 100644 --- a/3.1.1/Dockerfile +++ b/3.1.1/Dockerfile @@ -45,11 +45,9 @@ RUN set -eux; \ apt-get update; \ apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - curl https://couchdb.apache.org/repo/keys.asc | \ - gpg --dearmor | \ - tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ - gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ apt-key list; \ From ee358e62d72bdd72fd69d67ba7fbc80580502270 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Fri, 1 Oct 2021 05:45:33 +0000 Subject: [PATCH 182/227] v3.1.2 release (#207) --- .travis.yml | 4 ++-- {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/Dockerfile | 4 ++-- {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/couchdb.repo | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/imeyer_runit.repo | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/licenses/LICENSE | 0 .../resources/10-docker-default.ini | 0 .../resources/clouseau/clouseau.ini | 0 .../resources/clouseau/clouseau.sh | 0 .../resources/clouseau/log4j.properties | 0 .../resources/docker-entrypoint.sh | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/pre_stop | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/run | 0 .../resources/run_clouseau | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/vm.args | 0 {3.1.1-ubi => 3.1.2-ubi}/Dockerfile | 4 ++-- {3.1.1-ubi => 3.1.2-ubi}/couchdb.repo | 0 {3.1.1-ubi => 3.1.2-ubi}/imeyer_runit.repo | 0 {3.1.1-ubi => 3.1.2-ubi}/licenses/LICENSE | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/10-docker-default.ini | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/docker-entrypoint.sh | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/run | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/vm.args | 0 {3.1.1 => 3.1.2}/10-docker-default.ini | 0 {3.1.1 => 3.1.2}/Dockerfile | 2 +- {3.1.1 => 3.1.2}/docker-entrypoint.sh | 0 {3.1.1 => 3.1.2}/vm.args | 0 26 files changed, 7 insertions(+), 7 deletions(-) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/Dockerfile (99%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/couchdb.repo (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/imeyer_runit.repo (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/licenses/LICENSE (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/10-docker-default.ini (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/clouseau/clouseau.ini (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/clouseau/clouseau.sh (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/clouseau/log4j.properties (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/docker-entrypoint.sh (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/pre_stop (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/run (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/run_clouseau (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/vm.args (100%) rename {3.1.1-ubi => 3.1.2-ubi}/Dockerfile (98%) rename {3.1.1-ubi => 3.1.2-ubi}/couchdb.repo (100%) rename {3.1.1-ubi => 3.1.2-ubi}/imeyer_runit.repo (100%) rename {3.1.1-ubi => 3.1.2-ubi}/licenses/LICENSE (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/10-docker-default.ini (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/docker-entrypoint.sh (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/run (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/vm.args (100%) rename {3.1.1 => 3.1.2}/10-docker-default.ini (100%) rename {3.1.1 => 3.1.2}/Dockerfile (99%) rename {3.1.1 => 3.1.2}/docker-entrypoint.sh (100%) rename {3.1.1 => 3.1.2}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 4bf6261..5b7db66 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,8 +13,8 @@ services: env: - RELEASES=2.3.1 - RELEASES=2.3.1-ubi - - RELEASES=3.1.1 - - RELEASES=3.1.1-ubi + - RELEASES=3.1.2 + - RELEASES=3.1.2-ubi # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.1.1-ubi-clouseau/Dockerfile b/3.1.2-ubi-clouseau/Dockerfile similarity index 99% rename from 3.1.1-ubi-clouseau/Dockerfile rename to 3.1.2-ubi-clouseau/Dockerfile index fe304af..7853bad 100644 --- a/3.1.1-ubi-clouseau/Dockerfile +++ b/3.1.2-ubi-clouseau/Dockerfile @@ -35,7 +35,7 @@ ARG CLOUSEAU_VERSION LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.1" \ + version="3.1.2" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -51,7 +51,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION=3.1.1 \ +ENV COUCHDB_VERSION=3.1.2 \ CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ JAVA_MAJOR_VERSION=8 \ JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ diff --git a/3.1.1-ubi-clouseau/couchdb.repo b/3.1.2-ubi-clouseau/couchdb.repo similarity index 100% rename from 3.1.1-ubi-clouseau/couchdb.repo rename to 3.1.2-ubi-clouseau/couchdb.repo diff --git a/3.1.1-ubi-clouseau/imeyer_runit.repo b/3.1.2-ubi-clouseau/imeyer_runit.repo similarity index 100% rename from 3.1.1-ubi-clouseau/imeyer_runit.repo rename to 3.1.2-ubi-clouseau/imeyer_runit.repo diff --git a/3.1.1-ubi-clouseau/licenses/LICENSE b/3.1.2-ubi-clouseau/licenses/LICENSE similarity index 100% rename from 3.1.1-ubi-clouseau/licenses/LICENSE rename to 3.1.2-ubi-clouseau/licenses/LICENSE diff --git a/3.1.1-ubi-clouseau/resources/10-docker-default.ini b/3.1.2-ubi-clouseau/resources/10-docker-default.ini similarity index 100% rename from 3.1.1-ubi-clouseau/resources/10-docker-default.ini rename to 3.1.2-ubi-clouseau/resources/10-docker-default.ini diff --git a/3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini b/3.1.2-ubi-clouseau/resources/clouseau/clouseau.ini similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini rename to 3.1.2-ubi-clouseau/resources/clouseau/clouseau.ini diff --git a/3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh b/3.1.2-ubi-clouseau/resources/clouseau/clouseau.sh similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh rename to 3.1.2-ubi-clouseau/resources/clouseau/clouseau.sh diff --git a/3.1.1-ubi-clouseau/resources/clouseau/log4j.properties b/3.1.2-ubi-clouseau/resources/clouseau/log4j.properties similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/log4j.properties rename to 3.1.2-ubi-clouseau/resources/clouseau/log4j.properties diff --git a/3.1.1-ubi-clouseau/resources/docker-entrypoint.sh b/3.1.2-ubi-clouseau/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.1-ubi-clouseau/resources/docker-entrypoint.sh rename to 3.1.2-ubi-clouseau/resources/docker-entrypoint.sh diff --git a/3.1.1-ubi-clouseau/resources/pre_stop b/3.1.2-ubi-clouseau/resources/pre_stop similarity index 100% rename from 3.1.1-ubi-clouseau/resources/pre_stop rename to 3.1.2-ubi-clouseau/resources/pre_stop diff --git a/3.1.1-ubi-clouseau/resources/run b/3.1.2-ubi-clouseau/resources/run similarity index 100% rename from 3.1.1-ubi-clouseau/resources/run rename to 3.1.2-ubi-clouseau/resources/run diff --git a/3.1.1-ubi-clouseau/resources/run_clouseau b/3.1.2-ubi-clouseau/resources/run_clouseau similarity index 100% rename from 3.1.1-ubi-clouseau/resources/run_clouseau rename to 3.1.2-ubi-clouseau/resources/run_clouseau diff --git a/3.1.1-ubi-clouseau/resources/vm.args b/3.1.2-ubi-clouseau/resources/vm.args similarity index 100% rename from 3.1.1-ubi-clouseau/resources/vm.args rename to 3.1.2-ubi-clouseau/resources/vm.args diff --git a/3.1.1-ubi/Dockerfile b/3.1.2-ubi/Dockerfile similarity index 98% rename from 3.1.1-ubi/Dockerfile rename to 3.1.2-ubi/Dockerfile index 055cd0c..592fe42 100644 --- a/3.1.1-ubi/Dockerfile +++ b/3.1.2-ubi/Dockerfile @@ -17,7 +17,7 @@ ARG BUILD_DATE LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.1" \ + version="3.1.2" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -33,7 +33,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION 3.1.1 +ENV COUCHDB_VERSION 3.1.2 # Add CouchDB user account to make sure the IDs are assigned consistently # CouchDB user added to root group for OpenShift support diff --git a/3.1.1-ubi/couchdb.repo b/3.1.2-ubi/couchdb.repo similarity index 100% rename from 3.1.1-ubi/couchdb.repo rename to 3.1.2-ubi/couchdb.repo diff --git a/3.1.1-ubi/imeyer_runit.repo b/3.1.2-ubi/imeyer_runit.repo similarity index 100% rename from 3.1.1-ubi/imeyer_runit.repo rename to 3.1.2-ubi/imeyer_runit.repo diff --git a/3.1.1-ubi/licenses/LICENSE b/3.1.2-ubi/licenses/LICENSE similarity index 100% rename from 3.1.1-ubi/licenses/LICENSE rename to 3.1.2-ubi/licenses/LICENSE diff --git a/3.1.1-ubi/resources/10-docker-default.ini b/3.1.2-ubi/resources/10-docker-default.ini similarity index 100% rename from 3.1.1-ubi/resources/10-docker-default.ini rename to 3.1.2-ubi/resources/10-docker-default.ini diff --git a/3.1.1-ubi/resources/docker-entrypoint.sh b/3.1.2-ubi/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.1-ubi/resources/docker-entrypoint.sh rename to 3.1.2-ubi/resources/docker-entrypoint.sh diff --git a/3.1.1-ubi/resources/run b/3.1.2-ubi/resources/run similarity index 100% rename from 3.1.1-ubi/resources/run rename to 3.1.2-ubi/resources/run diff --git a/3.1.1-ubi/resources/vm.args b/3.1.2-ubi/resources/vm.args similarity index 100% rename from 3.1.1-ubi/resources/vm.args rename to 3.1.2-ubi/resources/vm.args diff --git a/3.1.1/10-docker-default.ini b/3.1.2/10-docker-default.ini similarity index 100% rename from 3.1.1/10-docker-default.ini rename to 3.1.2/10-docker-default.ini diff --git a/3.1.1/Dockerfile b/3.1.2/Dockerfile similarity index 99% rename from 3.1.1/Dockerfile rename to 3.1.2/Dockerfile index 75b4b29..0260c6e 100644 --- a/3.1.1/Dockerfile +++ b/3.1.2/Dockerfile @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.1.1 +ENV COUCHDB_VERSION 3.1.2 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ diff --git a/3.1.1/docker-entrypoint.sh b/3.1.2/docker-entrypoint.sh similarity index 100% rename from 3.1.1/docker-entrypoint.sh rename to 3.1.2/docker-entrypoint.sh diff --git a/3.1.1/vm.args b/3.1.2/vm.args similarity index 100% rename from 3.1.1/vm.args rename to 3.1.2/vm.args From c2dc5a84add2d673bce151e0aa8174d09d227d22 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Fri, 8 Oct 2021 23:07:37 +0000 Subject: [PATCH 183/227] Version 3.2.0 (#208) --- .travis.yml | 1 + 3.2.0/10-docker-default.ini | 8 +++ 3.2.0/Dockerfile | 105 +++++++++++++++++++++++++++++++++++ 3.2.0/docker-entrypoint.sh | 106 ++++++++++++++++++++++++++++++++++++ 3.2.0/vm.args | 28 ++++++++++ README.md | 3 +- 6 files changed, 250 insertions(+), 1 deletion(-) create mode 100644 3.2.0/10-docker-default.ini create mode 100644 3.2.0/Dockerfile create mode 100755 3.2.0/docker-entrypoint.sh create mode 100644 3.2.0/vm.args diff --git a/.travis.yml b/.travis.yml index 5b7db66..3199eca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,6 +15,7 @@ env: - RELEASES=2.3.1-ubi - RELEASES=3.1.2 - RELEASES=3.1.2-ubi + - RELEASES=3.2.0 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.2.0/10-docker-default.ini b/3.2.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.0/Dockerfile b/3.2.0/Dockerfile new file mode 100644 index 0000000..159be0f --- /dev/null +++ b/3.2.0/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:buster-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.0 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~buster \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0/docker-entrypoint.sh b/3.2.0/docker-entrypoint.sh new file mode 100755 index 0000000..acf3675 --- /dev/null +++ b/3.2.0/docker-entrypoint.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.2.0/vm.args b/3.2.0/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.0/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 048d141..2606633 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,8 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: -- `3.1.1` +- `3.2.0` +- `3.1.2` - `2.3.1` # How to use this image From a0e807f609cde6628c2cffb85416b0de747b65cc Mon Sep 17 00:00:00 2001 From: Dr Doug Cowie Date: Tue, 19 Oct 2021 18:56:07 +0100 Subject: [PATCH 184/227] Updated UBI + Clouseau for CouchDB 3.2.0 (#209) Adds a new entry for CouchDB 3.2.0 built on UBI, with Clouseau. This is a direct copy of 3.1.2-ubi-clouseau with CouchDB version bumped to 3.2.0 --- 3.2.0-ubi-clouseau/Dockerfile | 131 ++++++++++++ 3.2.0-ubi-clouseau/couchdb.repo | 7 + 3.2.0-ubi-clouseau/imeyer_runit.repo | 10 + 3.2.0-ubi-clouseau/licenses/LICENSE | 202 ++++++++++++++++++ .../resources/10-docker-default.ini | 8 + .../resources/clouseau/clouseau.ini | 6 + .../resources/clouseau/clouseau.sh | 13 ++ .../resources/clouseau/log4j.properties | 5 + .../resources/docker-entrypoint.sh | 185 ++++++++++++++++ 3.2.0-ubi-clouseau/resources/pre_stop | 30 +++ 3.2.0-ubi-clouseau/resources/run | 1 + 3.2.0-ubi-clouseau/resources/run_clouseau | 1 + 3.2.0-ubi-clouseau/resources/vm.args | 28 +++ 13 files changed, 627 insertions(+) create mode 100644 3.2.0-ubi-clouseau/Dockerfile create mode 100644 3.2.0-ubi-clouseau/couchdb.repo create mode 100644 3.2.0-ubi-clouseau/imeyer_runit.repo create mode 100644 3.2.0-ubi-clouseau/licenses/LICENSE create mode 100644 3.2.0-ubi-clouseau/resources/10-docker-default.ini create mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini create mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh create mode 100644 3.2.0-ubi-clouseau/resources/clouseau/log4j.properties create mode 100755 3.2.0-ubi-clouseau/resources/docker-entrypoint.sh create mode 100644 3.2.0-ubi-clouseau/resources/pre_stop create mode 100644 3.2.0-ubi-clouseau/resources/run create mode 100644 3.2.0-ubi-clouseau/resources/run_clouseau create mode 100644 3.2.0-ubi-clouseau/resources/vm.args diff --git a/3.2.0-ubi-clouseau/Dockerfile b/3.2.0-ubi-clouseau/Dockerfile new file mode 100644 index 0000000..16abfe6 --- /dev/null +++ b/3.2.0-ubi-clouseau/Dockerfile @@ -0,0 +1,131 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +ARG CLOUSEAU_VERSION=2.17.0 + +FROM registry.access.redhat.com/ubi8/ubi-minimal as builder + +ARG CLOUSEAU_VERSION + +WORKDIR /usr/src + +# Fetch and extract clouseau +RUN set -xe; \ + microdnf update -y && rm -rf /var/cache/yum && \ + microdnf install -y unzip wget && \ + wget https://github.com/cloudant-labs/clouseau/releases/download/${CLOUSEAU_VERSION}/clouseau-${CLOUSEAU_VERSION}-dist.zip && \ + unzip clouseau-2.17.0-dist.zip && \ + microdnf clean all; \ + rm -rf /var/cache/yum + +FROM registry.access.redhat.com/ubi8/ubi-minimal + +ARG RELEASE +ARG BUILD_DATE +ARG CLOUSEAU_VERSION + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ + name="Apache CouchDB" \ + version="3.2.0" \ + summary="Apache CouchDB based on Red Hat UBI" \ + description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + release=${RELEASE} \ + usage="https://github.com/apache/couchdb-docker" \ + build-date=${BUILD_DATE} \ + io.k8s.display-name="Apache CouchDB" \ + io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + io.openshift.tags="database couchdb apache rhel8" \ + io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ + io.openshift.min-memory="1Gi" \ + io.openshift.min-cpu="1" + +COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo + +ENV COUCHDB_VERSION=3.2.0 \ + CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ + JAVA_MAJOR_VERSION=8 \ + JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ + CLASSPATH=${APP_ROOT}/lib/* + +# Add CouchDB user account to make sure the IDs are assigned consistently +# CouchDB user added to root group for OpenShift support +RUN set -ex; \ +# be sure GPG and apt-transport-https are available and functional + microdnf update -y && rm -rf /var/cache/yum; \ + microdnf install -y \ + java-1.8.0-openjdk-headless \ + ca-certificates \ + gnupg \ + findutils \ + shadow-utils; \ +# Add CouchDB User and Group (group required by rpm) + useradd -u 5984 -d /opt/couchdb -g root couchdb; \ + groupadd -g 5984 couchdb; \ +# Install runit + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=imeyer_runit -y runit; \ +# Clean up + microdnf clean all; \ + rm -rf /var/cache/yum + +# Install CouchDB +RUN set -xe; \ + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ + microdnf clean all; \ + rm -rf /var/cache/yum; \ +# remove defaults that force writing logs to file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# Setup directories and permissions for data. + chmod 777 /opt/couchdb/data + +# Copy Clouseau jar and set directory permissions +COPY resources/clouseau/clouseau.ini resources/clouseau/log4j.properties /opt/couchdb-search/etc/ +COPY --from=builder /usr/src/clouseau-${CLOUSEAU_VERSION}/*.jar /opt/couchdb-search/lib/ + +RUN install -d -m 0755 -o couchdb -g 0 -p /opt/couchdb-search/etc /opt/couchdb-search/lib /opt/couchdb/data/search_indexes && \ + find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ + find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; + +# Add the License +COPY licenses /licenses + +# Add configuration +COPY --chown=couchdb:0 resources/10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:0 resources/vm.args /opt/couchdb/etc/ +COPY --chown=couchdb:0 resources/docker-entrypoint.sh /usr/local/bin +COPY --chown=couchdb:0 resources/run /etc/service/couchdb/ +COPY --chown=couchdb:0 resources/run_clouseau /etc/service/couchdb-search/run + +# set permissions on runit scripts +RUN chmod -R 777 /etc/service/couchdb; \ + chmod -R 777 /etc/service/couchdb-search; \ + chmod 777 /usr/local/bin/docker-entrypoint.sh; \ +# symlink to root folder + ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0-ubi-clouseau/couchdb.repo b/3.2.0-ubi-clouseau/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.2.0-ubi-clouseau/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.2.0-ubi-clouseau/imeyer_runit.repo b/3.2.0-ubi-clouseau/imeyer_runit.repo new file mode 100644 index 0000000..ab4aa4c --- /dev/null +++ b/3.2.0-ubi-clouseau/imeyer_runit.repo @@ -0,0 +1,10 @@ +[imeyer_runit] +name=imeyer_runit +baseurl=https://packagecloud.io/imeyer/runit/el/7/x86_64 +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/imeyer/runit/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 diff --git a/3.2.0-ubi-clouseau/licenses/LICENSE b/3.2.0-ubi-clouseau/licenses/LICENSE new file mode 100644 index 0000000..f6cd2bc --- /dev/null +++ b/3.2.0-ubi-clouseau/licenses/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/3.2.0-ubi-clouseau/resources/10-docker-default.ini b/3.2.0-ubi-clouseau/resources/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini new file mode 100644 index 0000000..81084e1 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini @@ -0,0 +1,6 @@ +[clouseau] +name=clouseau@127.0.0.1 + +dir=/opt/couchdb/data/search_indexes + +max_indexes_open=500 diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh new file mode 100644 index 0000000..4f8b300 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh @@ -0,0 +1,13 @@ +# chmod 0600 /opt/couchdb-search/etc/jmxremote.password + +exec -c "java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini" diff --git a/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties b/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties new file mode 100644 index 0000000..e7a0f7c --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties @@ -0,0 +1,5 @@ +log4j.rootLogger=info, CONSOLE + +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %c [%p] %m%n diff --git a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh new file mode 100755 index 0000000..094a8f9 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh @@ -0,0 +1,185 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # also for clouseau + find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + # if erlang cookie passed in, set in clouseau.ini + kCOOKIE_REGEX='setcookie ([^ ]+)' + cookie='monster' + if [[ $ERL_FLAGS =~ $kCOOKIE_REGEX ]]; then + cookie="${BASH_REMATCH[1]}" + else + ERL_FLAGS="$ERL_FLAGS -setcookie $cookie" + fi + + if ! grep "cookie" /opt/couchdb-search/etc/clouseau.ini; then + echo "cookie=$cookie" >> /opt/couchdb-search/etc/clouseau.ini + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + # a node name is required for clouseau/distributed erlang. + # set if not specified via ERL_FLAGS or vm.args + kNAME_REGEX='\-name ([^ ]+)' + if ! [[ $ERL_FLAGS =~ $kNAME_REGEX ]]; then + echo "No name found in ERL_FLAGS $ERL_FLAGS" + nodename=${NODENAME:=127.0.0.1} + if ! grep -e '-name' /opt/couchdb/etc/vm.args; then + echo "No -name found in vm.args. Using couchdb@$nodename" + echo "-name couchdb@$nodename" >> /opt/couchdb/etc/vm.args + fi + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:0 /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + # Run as CouchDB user + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst -u couchdb env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + + cat > /etc/service/couchdb-search/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb-search + exec 2>&1 + exec chpst -u couchdb java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini + EOF + else + # Write out runit scripts to start as the ambient uid + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + + cat > /etc/service/couchdb-search/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb-search + exec 2>&1 + exec chpst java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini + EOF + fi + + exec /sbin/runsvdir-start +fi + +exec "$@" diff --git a/3.2.0-ubi-clouseau/resources/pre_stop b/3.2.0-ubi-clouseau/resources/pre_stop new file mode 100644 index 0000000..2fbd60a --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/pre_stop @@ -0,0 +1,30 @@ +#!/bin/bash + +if [ -z "$1" ]; then + terminationPeriod=300 +else + terminationPeriod=$1 +fi + +timeToSleep=5 +numIterations=$(awk -v var1=$terminationPeriod -v var2=$timeToSleep 'BEGIN { print ( var1 / var2 ) }') + +# Mark each runsv service as down, which will send each process a TERM +for file in /conf/service/*/supervise/control; do + echo "d" > $file; +done + +# Allow the processes time to terminate gracefully +i="0" +while [ $i -lt $numIterations ]; do + numServices=$(find /conf/service/* -maxdepth 0 -type d | wc -l) + numDownServices=$(grep -r "^down$" /conf/service/*/supervise/stat | wc -l) + if [ $numServices -ne $numDownServices ]; then + sleep $timeToSleep + i=$[$i+1] + else + exit 0 + fi +done + +exit 1 diff --git a/3.2.0-ubi-clouseau/resources/run b/3.2.0-ubi-clouseau/resources/run new file mode 100644 index 0000000..7d1d6b8 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/run @@ -0,0 +1 @@ +# populated in dockerfile entrypoint so that ERL_FLAGS are propagated diff --git a/3.2.0-ubi-clouseau/resources/run_clouseau b/3.2.0-ubi-clouseau/resources/run_clouseau new file mode 100644 index 0000000..9c18b33 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/run_clouseau @@ -0,0 +1 @@ +# populated in dockerfile entrypoint diff --git a/3.2.0-ubi-clouseau/resources/vm.args b/3.2.0-ubi-clouseau/resources/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 5e0a54ced383627836c4fcc3d6a4e65e72e7890c Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Sat, 13 Nov 2021 23:54:49 -0500 Subject: [PATCH 185/227] Version 3.2.1 Docker images pushed as 3.2.1, 3.2, 3 and latest ``` ./build.sh push 3.2.1 Created manifest list docker.io/apache/couchdb:3.2.1 sha256:baa32c5386eb440b17df45abad6ec76322890cc8272a76f78fbd48e3a70f5618 { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2617, "digest": "sha256:932d61826a5ce5502ebdcfc69f36480286af026bd5c3a136682562bc733ab18c", "platform": { "architecture": "amd64", "os": "linux" } }, { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2617, "digest": "sha256:41973db85158829fa9a7a56ce7660e7a10c74f813cf720e95e32169b60c46251", "platform": { "architecture": "arm64", "os": "linux", "variant": "v8" } } ] } ``` --- .travis.yml | 1 + 3.2.1/10-docker-default.ini | 8 +++ 3.2.1/Dockerfile | 105 +++++++++++++++++++++++++++++++++++ 3.2.1/docker-entrypoint.sh | 106 ++++++++++++++++++++++++++++++++++++ 3.2.1/vm.args | 28 ++++++++++ README.md | 1 + 6 files changed, 249 insertions(+) create mode 100644 3.2.1/10-docker-default.ini create mode 100644 3.2.1/Dockerfile create mode 100755 3.2.1/docker-entrypoint.sh create mode 100644 3.2.1/vm.args diff --git a/.travis.yml b/.travis.yml index 3199eca..0dacda0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,6 +16,7 @@ env: - RELEASES=3.1.2 - RELEASES=3.1.2-ubi - RELEASES=3.2.0 + - RELEASES=3.2.1 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.2.1/10-docker-default.ini b/3.2.1/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.1/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.1/Dockerfile b/3.2.1/Dockerfile new file mode 100644 index 0000000..61b43b7 --- /dev/null +++ b/3.2.1/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:buster-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~buster \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh new file mode 100755 index 0000000..acf3675 --- /dev/null +++ b/3.2.1/docker-entrypoint.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.2.1/vm.args b/3.2.1/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.1/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 2606633..66110e0 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.2.1` - `3.2.0` - `3.1.2` - `2.3.1` From c2c672efb39b6269c8e020bfd6c90c92af586bba Mon Sep 17 00:00:00 2001 From: Tobias Gesellchen Date: Thu, 3 Feb 2022 23:49:42 +0100 Subject: [PATCH 186/227] fix(entrypoint): move secret from [couch_httpd_auth] to [chttpd_auth] section for CouchDB 3.2.x --- 3.2.0-ubi-clouseau/resources/docker-entrypoint.sh | 4 ++-- 3.2.0/docker-entrypoint.sh | 4 ++-- 3.2.1/docker-entrypoint.sh | 4 ++-- dev/docker-entrypoint.sh | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh index 094a8f9..0592c68 100755 --- a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh +++ b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh @@ -101,8 +101,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi diff --git a/3.2.0/docker-entrypoint.sh b/3.2.0/docker-entrypoint.sh index acf3675..4b8b4f4 100755 --- a/3.2.0/docker-entrypoint.sh +++ b/3.2.0/docker-entrypoint.sh @@ -72,8 +72,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh index acf3675..4b8b4f4 100755 --- a/3.2.1/docker-entrypoint.sh +++ b/3.2.1/docker-entrypoint.sh @@ -72,8 +72,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 7390bd4..4c1f9bf 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -64,8 +64,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi From efa6e93389c0d1b7980894f9059fb3a5775864b1 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Tue, 8 Feb 2022 18:50:23 -0500 Subject: [PATCH 187/227] Listen for COUCHDB_ERLANG_COOKIE and write it down --- 3.2.1/docker-entrypoint.sh | 15 +++++++++++++++ README.md | 9 ++++++++- dev/docker-entrypoint.sh | 15 +++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh index 4b8b4f4..8d6456d 100755 --- a/3.2.1/docker-entrypoint.sh +++ b/3.2.1/docker-entrypoint.sh @@ -77,6 +77,21 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi fi + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + if [ "$(id -u)" = '0' ]; then chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi diff --git a/README.md b/README.md index 66110e0..db30db5 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,14 @@ If you intend to network this CouchDB instance with others in a cluster, you wil Start your multiple CouchDB instances, then follow the Setup Wizard in the [official CouchDB documentation](http://docs.couchdb.org/en/stable/setup/cluster.html) to complete the process. -For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the +Erlang distribution cookie. The current version of this image allows the Erlang +cookie to be set directly using the `COUCHDB_ERLANG_COOKIE` environment +variable. The contents of that environment variable will be written to +`/opt/couchdb/.erlang.cookie` with the proper permissions. Previously one would +need to provide the `-setcookie` flag in the environment variable `ERL_FLAGS`, +e.g. `ERL_FLAGS=-setcookie "brumbrum"`. + By default, this image exposes the `epmd` port `4369` and the Erlang cluster communication port `9100` (i.e. `inet_dist_listen_min` and `inet_dist_listen_max` are both 9100). Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 4c1f9bf..95691c2 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -69,6 +69,21 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi fi + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true # if we don't find an [admins] section followed by a non-comment, display a warning From beb5062a64fc293d6cb7f9df39b4f04336d6a695 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Fri, 25 Feb 2022 15:53:16 -0500 Subject: [PATCH 188/227] Revert "Drop ppc64le until suitable CI replacement identified (#199)" This reverts commit e3ca492, since ppc64le machines are back in the CI matrix. --- build.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/build.sh b/build.sh index 44a4f58..e3f7cf2 100755 --- a/build.sh +++ b/build.sh @@ -33,8 +33,8 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8" +PLATFORMS="amd64 arm64v8 ppc64le" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" prompt() { if [ -z "${PROMPT}" ] @@ -153,11 +153,15 @@ push() { fi docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ - apache/couchdb:arm64v8-$1 + apache/couchdb:arm64v8-$1 \ + apache/couchdb:ppc64le-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 + docker manifest annotate apache/couchdb:$tag_as \ + apache/couchdb:ppc64le-$1 --os linux --arch ppc64le + docker manifest push --purge apache/couchdb:$tag_as docker manifest inspect apache/couchdb:$tag_as From 4dc3a6b1f2bd8d46489cad5828912f0a64bf0b36 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Fri, 25 Feb 2022 16:47:28 -0500 Subject: [PATCH 189/227] Update Debian / Erlang / SpiderMonkey versions Debian: 10 -> 11 Erlang: 20 -> 23 SpiderMonkey: 60 -> 78 (implicit in Debian upgrade) --- 3.2.1/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/3.2.1/Dockerfile b/3.2.1/Dockerfile index 61b43b7..27e9d9c 100644 --- a/3.2.1/Dockerfile +++ b/3.2.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.2.1 +ENV COUCHDB_VERSION 3.2.1-1 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ @@ -67,7 +67,7 @@ RUN set -eux; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~buster \ + couchdb="$COUCHDB_VERSION"~bullseye \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ From ac414ba37361d8be8ca5b0424d4f9f4faf830a3a Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Mon, 18 Apr 2022 17:30:48 +0200 Subject: [PATCH 190/227] feat: 3.2.2 --- .travis.yml | 1 + 3.2.2/10-docker-default.ini | 8 +++ 3.2.2/Dockerfile | 105 +++++++++++++++++++++++++++++++ 3.2.2/docker-entrypoint.sh | 121 ++++++++++++++++++++++++++++++++++++ 3.2.2/vm.args | 28 +++++++++ README.md | 1 + 6 files changed, 264 insertions(+) create mode 100644 3.2.2/10-docker-default.ini create mode 100644 3.2.2/Dockerfile create mode 100755 3.2.2/docker-entrypoint.sh create mode 100644 3.2.2/vm.args diff --git a/.travis.yml b/.travis.yml index 0dacda0..1956522 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,6 +17,7 @@ env: - RELEASES=3.1.2-ubi - RELEASES=3.2.0 - RELEASES=3.2.1 + - RELEASES=3.2.2 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.2.2/10-docker-default.ini b/3.2.2/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.2/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile new file mode 100644 index 0000000..27e9d9c --- /dev/null +++ b/3.2.2/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.1-1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh new file mode 100755 index 0000000..8d6456d --- /dev/null +++ b/3.2.2/docker-entrypoint.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.2.2/vm.args b/3.2.2/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.2/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index db30db5..b84f80a 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.2.2` - `3.2.1` - `3.2.0` - `3.1.2` From 9af532fbd94692c0de3ff277418cc46ff4d90bad Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 20 Apr 2022 08:31:00 +0200 Subject: [PATCH 191/227] fix: bump version --- 3.2.2/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile index 27e9d9c..7276407 100644 --- a/3.2.2/Dockerfile +++ b/3.2.2/Dockerfile @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.2.1-1 +ENV COUCHDB_VERSION 3.2.2 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ From d925a07137f156bbe2f512c181ad63f1da93a312 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 24 May 2022 01:22:09 -0400 Subject: [PATCH 192/227] Bump 3.2.2 version to fix CVE-2022-1292 --- 3.2.2/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile index 7276407..62177b5 100644 --- a/3.2.2/Dockerfile +++ b/3.2.2/Dockerfile @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.2.2 +ENV COUCHDB_VERSION 3.2.2-1 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ From 7bb0dcc588ab375712e94135de89b553ab607ab8 Mon Sep 17 00:00:00 2001 From: Robert Newson Date: Thu, 21 Jul 2022 11:16:37 +0100 Subject: [PATCH 193/227] remove unnecessary bash 4 requirement --- build.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/build.sh b/build.sh index e3f7cf2..e0ca3af 100755 --- a/build.sh +++ b/build.sh @@ -63,10 +63,8 @@ update_qemu() { # docker run --rm --privileged multiarch/qemu-user-static --reset -p yes # docker rmi multiarch/qemu-user-static # use tonistiigi/binfmt instead. - # this requires bash 4.*, sorry jan! echo "Uninstalling all qemu emulators..." - readarray -t platforms < <(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))') - for plat in "${platforms[@]}"; do + for plat in $(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))'); do plat="${plat//\"}" docker run --privileged tonistiigi/binfmt --uninstall $plat >/dev/null 2>&1 done From 678607699a9223d258e1e8c5420e8fbd11738be3 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Tue, 3 Jan 2023 11:35:09 +0100 Subject: [PATCH 194/227] release 3.3.0 --- .travis.yml | 1 + README.md | 1 + 2 files changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 1956522..c9b101e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,6 +18,7 @@ env: - RELEASES=3.2.0 - RELEASES=3.2.1 - RELEASES=3.2.2 + - RELEASES=3.3.0 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/README.md b/README.md index b84f80a..4822114 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.3.0` - `3.2.2` - `3.2.1` - `3.2.0` From ddf05bfbd733fad5b854f79f377c69d035c00327 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Tue, 3 Jan 2023 14:34:28 +0100 Subject: [PATCH 195/227] fix missing files --- 3.3.0/10-docker-default.ini | 8 +++ 3.3.0/Dockerfile | 105 +++++++++++++++++++++++++++++++ 3.3.0/docker-entrypoint.sh | 121 ++++++++++++++++++++++++++++++++++++ 3.3.0/vm.args | 28 +++++++++ 4 files changed, 262 insertions(+) create mode 100644 3.3.0/10-docker-default.ini create mode 100644 3.3.0/Dockerfile create mode 100755 3.3.0/docker-entrypoint.sh create mode 100644 3.3.0/vm.args diff --git a/3.3.0/10-docker-default.ini b/3.3.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.0/Dockerfile b/3.3.0/Dockerfile new file mode 100644 index 0000000..ffb943b --- /dev/null +++ b/3.3.0/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.0 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.0/docker-entrypoint.sh b/3.3.0/docker-entrypoint.sh new file mode 100755 index 0000000..8d6456d --- /dev/null +++ b/3.3.0/docker-entrypoint.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.3.0/vm.args b/3.3.0/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.3.0/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 41b7e8df5ad77c628cc6edb8419d4ade96ccba55 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 10 Jan 2023 22:41:32 -0500 Subject: [PATCH 196/227] release 3.3.1 --- .travis.yml | 2 + 3.3.1/10-docker-default.ini | 8 +++ 3.3.1/Dockerfile | 105 +++++++++++++++++++++++++++++++ 3.3.1/docker-entrypoint.sh | 121 ++++++++++++++++++++++++++++++++++++ 3.3.1/vm.args | 35 +++++++++++ README.md | 1 + 6 files changed, 272 insertions(+) create mode 100644 3.3.1/10-docker-default.ini create mode 100644 3.3.1/Dockerfile create mode 100755 3.3.1/docker-entrypoint.sh create mode 100644 3.3.1/vm.args diff --git a/.travis.yml b/.travis.yml index c9b101e..ba13811 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,6 +19,8 @@ env: - RELEASES=3.2.1 - RELEASES=3.2.2 - RELEASES=3.3.0 + - RELEASES=3.3.1 + # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.3.1/10-docker-default.ini b/3.3.1/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.1/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.1/Dockerfile b/3.3.1/Dockerfile new file mode 100644 index 0000000..ead4e5c --- /dev/null +++ b/3.3.1/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh new file mode 100755 index 0000000..8d6456d --- /dev/null +++ b/3.3.1/docker-entrypoint.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.3.1/vm.args b/3.3.1/vm.args new file mode 100644 index 0000000..d606217 --- /dev/null +++ b/3.3.1/vm.args @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 4822114..0459fef 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.3.1` - `3.3.0` - `3.2.2` - `3.2.1` From 9453eee94963f813dceab78fd25a33a4d6ee0fa8 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 24 Jan 2023 17:43:27 -0500 Subject: [PATCH 197/227] Remove Travis --- .travis.yml | 29 ----------------------------- README.md | 2 +- 2 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ba13811..0000000 --- a/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ -sudo: required - -language: minimal - -# Avoid double build on PRs (See https://github.com/travis-ci/travis-ci/issues/1147) -branches: - only: - - main - -services: - - docker - -env: - - RELEASES=2.3.1 - - RELEASES=2.3.1-ubi - - RELEASES=3.1.2 - - RELEASES=3.1.2-ubi - - RELEASES=3.2.0 - - RELEASES=3.2.1 - - RELEASES=3.2.2 - - RELEASES=3.3.0 - - RELEASES=3.3.1 - -# Needs updating for fdb -# - RELEASES=dev -# - RELEASES=dev-cluster - -script: - - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -p 5984:5984 couchdb:$rel && sleep 10 && curl http://admin:password@localhost:5984/ && docker kill $rel; done diff --git a/README.md b/README.md index 0459fef..6f20dfc 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) +# Semi-official Apache CouchDB Docker images ## Available tags From bf802ba20229b0eeee79034d3a9606a3b5ce4b8d Mon Sep 17 00:00:00 2001 From: Robert Newson Date: Fri, 17 Mar 2023 11:07:31 +0000 Subject: [PATCH 198/227] replace gosu with setpriv in supported images --- 3.2.2/Dockerfile | 5 ++--- 3.2.2/docker-entrypoint.sh | 2 +- 3.3.1/Dockerfile | 5 ++--- 3.3.1/docker-entrypoint.sh | 2 +- dev-cluster/Dockerfile | 5 ++--- dev/Dockerfile | 6 ++---- dev/docker-entrypoint.sh | 2 +- 7 files changed, 11 insertions(+), 16 deletions(-) diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile index 62177b5..587d152 100644 --- a/3.2.2/Dockerfile +++ b/3.2.2/Dockerfile @@ -28,13 +28,12 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh index 8d6456d..e691a66 100755 --- a/3.2.2/docker-entrypoint.sh +++ b/3.2.2/docker-entrypoint.sh @@ -114,7 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/3.3.1/Dockerfile b/3.3.1/Dockerfile index ead4e5c..90369c9 100644 --- a/3.3.1/Dockerfile +++ b/3.3.1/Dockerfile @@ -28,13 +28,12 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh index 8d6456d..e691a66 100755 --- a/3.3.1/docker-entrypoint.sh +++ b/3.3.1/docker-entrypoint.sh @@ -114,7 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index f599fec..71ca4b0 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -30,13 +30,12 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl && \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling +# grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version RUN apt-get update -y && apt-get install -y --no-install-recommends \ diff --git a/dev/Dockerfile b/dev/Dockerfile index 104de9d..1b7675c 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -31,15 +31,13 @@ RUN apt-get update -y && apt-get install -y \ && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling +# grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version # Dependencies only needed during build time. This layer will also be cached diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 95691c2..0db874a 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -104,7 +104,7 @@ EOWARN fi - exec gosu couchdb "$@" + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi exec "$@" From 5132ed9b0508388997a56907be6624f7b6fca86f Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 17 Mar 2023 12:34:25 +0100 Subject: [PATCH 199/227] doc: add debugging info --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6f20dfc..70072d7 100644 --- a/README.md +++ b/README.md @@ -284,6 +284,12 @@ branch superceded by a newer one. The `build.sh` utility can help you do this quickly, see its usage help for more details. +To see full build logs, export `PROGRESS_NO_TRUNC=1` and use `--progress +plain` as an option to `docker build`. + +To rebuild all Dockerfile steps without caching (so you can inspect the +build log e.g.), use the `--no-cache` option of `docker build`. + ## Feedback, Issues, Contributing General feedback is welcome at our [user][1] or [developer][2] mailing lists. From ff67658960990eaaa1fe75007ac92c5444bc05f2 Mon Sep 17 00:00:00 2001 From: Will Holley Date: Fri, 24 Mar 2023 13:52:55 +0000 Subject: [PATCH 200/227] fix: set $HOME when stepping down from root Ticket: https://github.com/apache/couchdb-docker/issues/236 Why: In https://github.com/apache/couchdb-docker/pull/234 we moved from using `gosu` to `setpriv` to step down from the root user to the couchdb user. There is a behavioural difference between and `gosu` and `setpriv` in that `gosu` will [set the $HOME environment variable](https://github.com/tianon/gosu/blob/master/setup-user.go#L45) to that of the target user. Without this behaviour, `couchdb` includes the root user home directory (`/root`) in various search paths and crashes because it doesn't have read permissions. How: Explicitly set `$HOME` to the `couchdb` user home directory before we execute as the `couchdb` user, replicating the `gosu` behaviour. --- 3.2.2/docker-entrypoint.sh | 1 + 3.3.1/docker-entrypoint.sh | 1 + dev/docker-entrypoint.sh | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh index e691a66..a8544c7 100755 --- a/3.2.2/docker-entrypoint.sh +++ b/3.2.2/docker-entrypoint.sh @@ -114,6 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh index e691a66..a8544c7 100755 --- a/3.3.1/docker-entrypoint.sh +++ b/3.3.1/docker-entrypoint.sh @@ -114,6 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 0db874a..7239912 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -103,7 +103,7 @@ EOWARN exit 1 fi - + export HOME=$(echo ~couchdb) exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi From a29d12f0dd4d73f1dcefb07212af4b9ba3185d9e Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 28 Mar 2023 14:31:19 -0400 Subject: [PATCH 201/227] Update release instructions for 3.3.x release series * Use `build.sh buildx` otherwise we risk pushing only the architecture image for the host where build and push is run. * Update readme file with buildx instructions example * master -> main references --- README.md | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 70072d7..4bfb33e 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ As of this writing, the latest numbered tags available are: # How to use this image -The most up-to-date instructions on using this image are always available at https://github.com/apache/couchdb-docker/blob/master/README.md . +The most up-to-date instructions on using this image are always available at https://github.com/apache/couchdb-docker/blob/main/README.md . ## Start a CouchDB instance @@ -202,10 +202,10 @@ docker run --name my-couchdb --user myuser -v /home/couchdb/data:/opt/couchdb/da # Development images -This repository provides definitions to run the very latest (`master` branch) +This repository provides definitions to run the very latest (`main` branch) CouchDB code: -* `dev` runs a single node off of the `master` branch, similar to the other +* `dev` runs a single node off of the `main` branch, similar to the other officially released images. * `dev-cluster` demonstrates the CouchDB clustering features by creating a local cluster of a default three nodes inside the container, with a proxy in @@ -264,26 +264,21 @@ Also, read the next section to ensure you push all of the tags necessary. # Image uploading for CouchDB release managers -Taking a hypothetical example of CouchDB 2.9.7, here's all of the tags you'd want: +Taking a hypothetical example of CouchDB 3.3.1 with 3.3.1 as the latest release: ```bash -docker build -t apache/couchdb:2.9.7 2.9.7 -docker tag apache/couchdb:2.9.7 apache/couchdb:latest -docker tag apache/couchdb:2.9.7 apache/couchdb:2.9 -docker tag apache/couchdb:2.9.7 apache/couchdb:2 -docker login -docker push apache/couchdb:2.9.7 -docker push apache/couchdb:2.9 -docker push apache/couchdb:2 -docker push apache/couchdb:latest +./build.sh buildx 3.3.1 +./build.sh buildx 3.3.1 as 3.3 +./build.sh buildx 3.3.1 as 3 +./build.sh buildx 3.3.1 as latest + +./build.sh buildx 3.2.2 +./build.sh buildx 3.2.2 as 3.2 ``` Obviously don't create/push the `latest` or `2` tags if this is a maintenance branch superceded by a newer one. -The `build.sh` utility can help you do this quickly, see its usage help for -more details. - To see full build logs, export `PROGRESS_NO_TRUNC=1` and use `--progress plain` as an option to `docker build`. @@ -306,5 +301,5 @@ use GitHub Issues, do not report anything on Docker's website. [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ [2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ -[3]: https://github.com/apache/couchdb/blob/master/CONTRIBUTING.md +[3]: https://github.com/apache/couchdb/blob/main/CONTRIBUTING.md [4]: http://www.apache.org/dev/release-distribution.html#unreleased From 72a0aebfa3248b3df64a70049f0fb1f90c042a49 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 25 Apr 2023 03:47:18 -0400 Subject: [PATCH 202/227] 3.3.2 and 3.2.3 releases --- 3.2.3/10-docker-default.ini | 8 +++ 3.2.3/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.2.3/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.2.3/vm.args | 35 +++++++++++ 3.3.2/10-docker-default.ini | 8 +++ 3.3.2/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.3.2/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.3.2/vm.args | 35 +++++++++++ 8 files changed, 538 insertions(+) create mode 100644 3.2.3/10-docker-default.ini create mode 100644 3.2.3/Dockerfile create mode 100755 3.2.3/docker-entrypoint.sh create mode 100644 3.2.3/vm.args create mode 100644 3.3.2/10-docker-default.ini create mode 100644 3.3.2/Dockerfile create mode 100755 3.3.2/docker-entrypoint.sh create mode 100644 3.3.2/vm.args diff --git a/3.2.3/10-docker-default.ini b/3.2.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.3/Dockerfile b/3.2.3/Dockerfile new file mode 100644 index 0000000..d1d4d4f --- /dev/null +++ b/3.2.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.3/docker-entrypoint.sh b/3.2.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.2.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.2.3/vm.args b/3.2.3/vm.args new file mode 100644 index 0000000..d606217 --- /dev/null +++ b/3.2.3/vm.args @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/3.3.2/10-docker-default.ini b/3.3.2/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.2/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.2/Dockerfile b/3.3.2/Dockerfile new file mode 100644 index 0000000..56393e8 --- /dev/null +++ b/3.3.2/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.2 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.2/docker-entrypoint.sh b/3.3.2/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.3.2/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.3.2/vm.args b/3.3.2/vm.args new file mode 100644 index 0000000..d606217 --- /dev/null +++ b/3.3.2/vm.args @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From b616800e739db18c19e6a8b4131528157f945bcd Mon Sep 17 00:00:00 2001 From: Kun-Lu Date: Thu, 18 May 2023 17:01:28 -0400 Subject: [PATCH 203/227] Add s390x support to docker image Signed-off-by: Kun-Lu --- build.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/build.sh b/build.sh index e0ca3af..0c1df9a 100755 --- a/build.sh +++ b/build.sh @@ -33,8 +33,8 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8 ppc64le" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" +PLATFORMS="amd64 arm64v8 ppc64le s390x" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" prompt() { if [ -z "${PROMPT}" ] @@ -75,6 +75,7 @@ update_qemu() { echo "Proving all emulators work..." docker run --rm arm32v7/alpine uname -a docker run --rm arm64v8/alpine uname -a + docker run --rm s390x/alpine uname -a docker run --rm tonistiigi/debian:riscv uname -a } @@ -152,13 +153,17 @@ push() { docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ apache/couchdb:arm64v8-$1 \ - apache/couchdb:ppc64le-$1 + apache/couchdb:ppc64le-$1 \ + apache/couchdb:s390x-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:ppc64le-$1 --os linux --arch ppc64le + + docker manifest annotate apache/couchdb:$tag_as \ + apache/couchdb:s390x-$1 --os linux --arch s390x docker manifest push --purge apache/couchdb:$tag_as From ac3e8dcb665fc61cc5d0955f63c959e5175e5812 Mon Sep 17 00:00:00 2001 From: Gabor Pali Date: Thu, 29 Jun 2023 17:40:12 +0200 Subject: [PATCH 204/227] Unbreak build This change fixes the build and includes the following improvements: - Move to Debian Bookworm because that is the release that includes OTP 25 out-of-the-box, which is required by `main`. - Use a "slim" base image. - Update SpiderMonkey to 78 and make it possible to build the image natively on `arm64` (such as Apple M1). - Avoid explicit `pip3 install` because that is not endorsed by Debian packaging. The Python package versions available in Bookworm shall suffice. - Remove installation of extra FoundationDB packages -- they seem to be gone, which breaks the build for every platform. - Bump Node.js to 18, the latest recommend version. This is also included in Bookworm. Base the installation of NPM and Grunt on Debian packages. - Chase changes in the `configure` script. --- dev/Dockerfile | 43 +++++++++++-------------------------------- 1 file changed, 11 insertions(+), 32 deletions(-) diff --git a/dev/Dockerfile b/dev/Dockerfile index 1b7675c..44e90f1 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,7 +12,7 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:buster as runtime +FROM debian:bookworm-slim as runtime MAINTAINER CouchDB Developers dev@couchdb.apache.org @@ -25,15 +25,14 @@ RUN apt-get update -y && apt-get install -y \ curl \ dirmngr \ gnupg \ - libicu63 \ - libssl1.1 \ + libicu72 \ + libssl3 \ openssl \ - && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ + && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-78-0 \ && rm -rf /var/lib/apt/lists/* # grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV TINI_VERSION 0.16.1 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends tini; \ @@ -46,7 +45,7 @@ FROM runtime AS build_dependencies RUN set -eux; \ apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ - libmozjs-60-dev \ + libmozjs-78-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -57,37 +56,18 @@ RUN set -eux; \ python3 \ libpython3-dev \ python3-pip \ - python3-sphinx \ - python3-setuptools \ - wget + python3.11-venv \ + nodejs \ + npm \ + grunt -RUN set -eux; \ - pip3 install --upgrade \ - sphinx_rtd_theme \ - nose \ - requests \ - hypothesis - -RUN set -eux; \ - wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-clients_6.3.9-1_amd64.deb; \ - wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-server_6.3.9-1_amd64.deb; \ - dpkg -i ./foundationdb*deb; \ - pkill -f fdb || true; pkill -f foundation || true; \ - rm -rf ./foundationdb*deb - -# Node is special -RUN set -eux; \ - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_10.x buster main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_10.x buster main' >> /etc/apt/sources.list.d/nodesource.list; \ - apt-get update -y && apt-get install -y nodejs; \ - npm install -g grunt-cli +ARG spidermonkey_version=78 # Clone CouchDB source code including all dependencies ARG clone_url=https://github.com/apache/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb -RUN ./configure +RUN ./configure --spidermonkey-version $spidermonkey_version # This layer performs the actual build of a relocatable, self-contained # release of CouchDB. It pulls down the latest changes from the remote @@ -97,7 +77,6 @@ FROM build_dependencies AS build ARG checkout_branch=main ARG configure_options -ARG spidermonkey_version=60 WORKDIR /usr/src/couchdb/ RUN git fetch origin \ From 58910ed097489dc588b2a87592406f8faa1bdadf Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 5 Dec 2023 12:46:09 -0500 Subject: [PATCH 205/227] Release 3.3.3 --- 3.3.3/10-docker-default.ini | 8 +++ 3.3.3/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.3.3/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.3.3/vm.args | 47 ++++++++++++++ 4 files changed, 281 insertions(+) create mode 100644 3.3.3/10-docker-default.ini create mode 100644 3.3.3/Dockerfile create mode 100755 3.3.3/docker-entrypoint.sh create mode 100644 3.3.3/vm.args diff --git a/3.3.3/10-docker-default.ini b/3.3.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.3/Dockerfile b/3.3.3/Dockerfile new file mode 100644 index 0000000..16bdf32 --- /dev/null +++ b/3.3.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.3/docker-entrypoint.sh b/3.3.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.3.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.3.3/vm.args b/3.3.3/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.3.3/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From a2135f7306bac8891e86d319f672c4fd9d6faa87 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sat, 11 May 2024 15:25:08 +0200 Subject: [PATCH 206/227] feat: wip Dockerfile for just Nouveau --- 3.4.0-nouveau/Dockerfile | 80 ++++++++++++++++++++++++++++++++++++++ 3.4.0-nouveau/nouveau.yaml | 27 +++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 3.4.0-nouveau/Dockerfile create mode 100644 3.4.0-nouveau/nouveau.yaml diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile new file mode 100644 index 0000000..d3bc29a --- /dev/null +++ b/3.4.0-nouveau/Dockerfile @@ -0,0 +1,80 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +#RUN set -eux; \ +# apt-get update; \ +# apt-get install -y curl; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ +# gpg --batch --import keys.asc; \ +# gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ +# command -v gpgconf && gpgconf --kill all || :; \ +# rm -rf "$GNUPGHOME"; \ +# apt-key list; \ +# apt purge -y --autoremove curl; \ +# rm -rf /var/lib/apt/lists/* + +# until the .deb is available on jFrog, get it from here and place it next to the Dockerfile +# https://clients.neighbourhood.ie/couchdb/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb +COPY --chown=nouveau:nouveau couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb + +#RUN . /etc/os-release; \ +# echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ +# tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb; + + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 +CMD ["tini", "/opt/nouveau/bin/nouveau", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.0-nouveau/nouveau.yaml b/3.4.0-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.0-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr From d5b081701406e1acd508d5de0927c49e04c40097 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Mon, 9 Sep 2024 17:09:01 +0200 Subject: [PATCH 207/227] update to bookworm to match CouchDB --- 3.4.0-nouveau/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile index d3bc29a..32311a5 100644 --- a/3.4.0-nouveau/Dockerfile +++ b/3.4.0-nouveau/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" From 7b313d4d90a3f911d708a60e6410e690c84e9c7f Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sun, 22 Sep 2024 11:07:29 +0200 Subject: [PATCH 208/227] fix: update dockerfile to release packages --- 3.4.0-nouveau/Dockerfile | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile index 32311a5..f1c700b 100644 --- a/3.4.0-nouveau/Dockerfile +++ b/3.4.0-nouveau/Dockerfile @@ -40,26 +40,22 @@ RUN set -eux; \ ENV GPG_COUCH_KEY \ # gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) 390EF70BB1EA12B2773962950EE62FB37A00258D -#RUN set -eux; \ -# apt-get update; \ -# apt-get install -y curl; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ -# gpg --batch --import keys.asc; \ -# gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list; \ -# apt purge -y --autoremove curl; \ -# rm -rf /var/lib/apt/lists/* - -# until the .deb is available on jFrog, get it from here and place it next to the Dockerfile -# https://clients.neighbourhood.ie/couchdb/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb -COPY --chown=nouveau:nouveau couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* -#RUN . /etc/os-release; \ -# echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ -# tee /etc/apt/sources.list.d/couchdb.list >/dev/null +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian RUN set -eux; \ @@ -67,7 +63,7 @@ RUN set -eux; \ \ echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb; + couchdb="$COUCHDB_VERSION"~wookworm; COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml From aef9d337171ae8aebe3b8ef9f3968b8a78000976 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:27:12 +0200 Subject: [PATCH 209/227] make nouveau launch correctly --- 3.4.0-nouveau/Dockerfile | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile index f1c700b..0486a44 100644 --- a/3.4.0-nouveau/Dockerfile +++ b/3.4.0-nouveau/Dockerfile @@ -28,6 +28,13 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; + # grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ @@ -37,9 +44,10 @@ RUN set -eux; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ # gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + RUN set -eux; \ apt-get update; \ apt-get install -y curl; \ @@ -54,7 +62,7 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couch-dev-deb/ bookworm main" | \ tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian @@ -62,10 +70,10 @@ RUN set -eux; \ apt-get update; \ \ echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~wookworm; - + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.1~bookworm; +RUN chown -R nouveau:nouveau /opt/nouveau COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml VOLUME /opt/nouveau/data @@ -73,4 +81,6 @@ VOLUME /opt/nouveau/data # 5987: Nouveau App # 5988: Nouveau Admin EXPOSE 5987 5988 -CMD ["tini", "/opt/nouveau/bin/nouveau", "server", "/opt/nouveau/etc/nouveau.yaml"] + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] From aea8274c755f8f51b50bb05744fd2ae50f297e8f Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:27:50 +0200 Subject: [PATCH 210/227] we did not release 3.4.0, so nouveau appears first in 3.4.1 --- {3.4.0-nouveau => 3.4.1-nouveau}/Dockerfile | 0 {3.4.0-nouveau => 3.4.1-nouveau}/nouveau.yaml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {3.4.0-nouveau => 3.4.1-nouveau}/Dockerfile (100%) rename {3.4.0-nouveau => 3.4.1-nouveau}/nouveau.yaml (100%) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile similarity index 100% rename from 3.4.0-nouveau/Dockerfile rename to 3.4.1-nouveau/Dockerfile diff --git a/3.4.0-nouveau/nouveau.yaml b/3.4.1-nouveau/nouveau.yaml similarity index 100% rename from 3.4.0-nouveau/nouveau.yaml rename to 3.4.1-nouveau/nouveau.yaml From 939a5f59997201da3f6c601cde177d180383a49d Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:29:34 +0200 Subject: [PATCH 211/227] add 3.4.1 docker definition --- 3.4.1/10-docker-default.ini | 8 +++ 3.4.1/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.4.1/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.4.1/vm.args | 47 ++++++++++++++ 4 files changed, 281 insertions(+) create mode 100644 3.4.1/10-docker-default.ini create mode 100644 3.4.1/Dockerfile create mode 100755 3.4.1/docker-entrypoint.sh create mode 100644 3.4.1/vm.args diff --git a/3.4.1/10-docker-default.ini b/3.4.1/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.1/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.1/Dockerfile b/3.4.1/Dockerfile new file mode 100644 index 0000000..7a1c063 --- /dev/null +++ b/3.4.1/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.1/docker-entrypoint.sh b/3.4.1/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.1/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.1/vm.args b/3.4.1/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.1/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 2d907fa29fc40b0ffeb6c6ed8ff716e328af8cb9 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:31:49 +0200 Subject: [PATCH 212/227] point to release repo --- 3.4.1-nouveau/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.4.1-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile index 0486a44..b07d77a 100644 --- a/3.4.1-nouveau/Dockerfile +++ b/3.4.1-nouveau/Dockerfile @@ -62,7 +62,7 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couch-dev-deb/ bookworm main" | \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian From 3526bff051ed044a4a61da5f5d1e4e522e3f9bd3 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 10:06:20 +0200 Subject: [PATCH 213/227] fix: update from bullseye to bookworm --- 3.4.1/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3.4.1/Dockerfile b/3.4.1/Dockerfile index 7a1c063..2314c8d 100644 --- a/3.4.1/Dockerfile +++ b/3.4.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -66,7 +66,7 @@ RUN set -eux; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ + couchdb="$COUCHDB_VERSION"~bookworm \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ From cd3336b4ee1238427a78949651dc68b95a02dec4 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 10:09:18 +0200 Subject: [PATCH 214/227] doc: update readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 4bfb33e..b1ea30e 100644 --- a/README.md +++ b/README.md @@ -9,8 +9,12 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.4.1` +- `3.3.3` +- `3.3.2` - `3.3.1` - `3.3.0` +- `3.2.3` - `3.2.2` - `3.2.1` - `3.2.0` From af3a869863414b54f50e0ae720f7a15eaf552a98 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 10:32:22 +0200 Subject: [PATCH 215/227] fix: temporarily disable ppc64le because of https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf --- build.sh | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/build.sh b/build.sh index 0c1df9a..a494d8e 100755 --- a/build.sh +++ b/build.sh @@ -33,8 +33,12 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8 ppc64le s390x" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" +PLATFORMS="amd64 arm64v8 s390x" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/s390x" +# Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf +# See also lines 163, 170, 171 +# PLATFORMS="amd64 arm64v8 ppc64le s390x" +# BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" prompt() { if [ -z "${PROMPT}" ] @@ -153,14 +157,18 @@ push() { docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ apache/couchdb:arm64v8-$1 \ - apache/couchdb:ppc64le-$1 \ +# Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf +# See also line 38 +# apache/couchdb:ppc64le-$1 \ apache/couchdb:s390x-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:ppc64le-$1 --os linux --arch ppc64le + # Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf + # See also line 38 + # docker manifest annotate apache/couchdb:$tag_as \ + # apache/couchdb:ppc64le-$1 --os linux --arch ppc64le docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:s390x-$1 --os linux --arch s390x From ad64a8a405759d40ee9e82f40a1a32387a2a4be5 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 12:06:45 +0200 Subject: [PATCH 216/227] feat: add -nouveau branch to buildx subcommand only --- build.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/build.sh b/build.sh index a494d8e..bd2908e 100755 --- a/build.sh +++ b/build.sh @@ -188,7 +188,6 @@ buildx() { fi docker buildx rm apache-couchdb >/dev/null 2>&1 || true - echo "Creating the buildx environment..." docker buildx create --name apache-couchdb --driver docker-container --use docker buildx use apache-couchdb @@ -197,6 +196,18 @@ buildx() { echo "Starting buildx build at $(date)..." docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:$tag_as --push $1 echo "" + + # build nouveau + docker buildx rm apache-couchdb-nouveau >/dev/null 2>&1 || true + + echo "Creating the buildx nouveau environment..." + docker buildx create --name apache-couchdb-nouveau --driver docker-container --use + docker buildx use apache-couchdb-nouveau + docker buildx inspect --bootstrap + + echo "Starting buildx nouveau build at $(date)..." + docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb-nouveau:$tag_as --push $1-nouveau + echo "" } usage() { From 820386cb4da9a1f94a0a0cb155ccf57ca8dd6d74 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 27 Sep 2024 15:34:05 -0400 Subject: [PATCH 217/227] To simplfy things go with the $vsn-nouveau scheme This avoid creating a separate apache repo and separate official image as well. --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index bd2908e..0b14039 100755 --- a/build.sh +++ b/build.sh @@ -206,7 +206,7 @@ buildx() { docker buildx inspect --bootstrap echo "Starting buildx nouveau build at $(date)..." - docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb-nouveau:$tag_as --push $1-nouveau + docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:${tag_as}-nouveau --push $1-nouveau echo "" } From 6fd92e0669859e6041b3b2bf7ca94758d66782b8 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 27 Sep 2024 16:45:07 -0400 Subject: [PATCH 218/227] Cleanup minor patch versions This our standard cleanup to leave only the highest patch versions after a whlie (remove 3.2.0, 3.2.1, 3.2.2 and leave 3.2.3 if 3.2.3 is the highest 3.2.x release). We were kindly reminded to do this by the official docker image maintainers. --- 3.2.0-ubi-clouseau/Dockerfile | 131 ------------ 3.2.0-ubi-clouseau/couchdb.repo | 7 - 3.2.0-ubi-clouseau/imeyer_runit.repo | 10 - 3.2.0-ubi-clouseau/licenses/LICENSE | 202 ------------------ .../resources/10-docker-default.ini | 8 - .../resources/clouseau/clouseau.ini | 6 - .../resources/clouseau/clouseau.sh | 13 -- .../resources/clouseau/log4j.properties | 5 - .../resources/docker-entrypoint.sh | 185 ---------------- 3.2.0-ubi-clouseau/resources/pre_stop | 30 --- 3.2.0-ubi-clouseau/resources/run | 1 - 3.2.0-ubi-clouseau/resources/run_clouseau | 1 - 3.2.0-ubi-clouseau/resources/vm.args | 28 --- 3.2.0/10-docker-default.ini | 8 - 3.2.0/Dockerfile | 105 --------- 3.2.0/docker-entrypoint.sh | 106 --------- 3.2.0/vm.args | 28 --- 3.2.1/10-docker-default.ini | 8 - 3.2.1/Dockerfile | 105 --------- 3.2.1/docker-entrypoint.sh | 121 ----------- 3.2.1/vm.args | 28 --- 3.2.2/10-docker-default.ini | 8 - 3.2.2/Dockerfile | 104 --------- 3.2.2/docker-entrypoint.sh | 122 ----------- 3.2.2/vm.args | 28 --- 3.3.0/10-docker-default.ini | 8 - 3.3.0/Dockerfile | 105 --------- 3.3.0/docker-entrypoint.sh | 121 ----------- 3.3.0/vm.args | 28 --- 3.3.1/10-docker-default.ini | 8 - 3.3.1/Dockerfile | 104 --------- 3.3.1/docker-entrypoint.sh | 122 ----------- 3.3.1/vm.args | 35 --- 3.3.2/10-docker-default.ini | 8 - 3.3.2/Dockerfile | 104 --------- 3.3.2/docker-entrypoint.sh | 122 ----------- 3.3.2/vm.args | 35 --- 37 files changed, 2198 deletions(-) delete mode 100644 3.2.0-ubi-clouseau/Dockerfile delete mode 100644 3.2.0-ubi-clouseau/couchdb.repo delete mode 100644 3.2.0-ubi-clouseau/imeyer_runit.repo delete mode 100644 3.2.0-ubi-clouseau/licenses/LICENSE delete mode 100644 3.2.0-ubi-clouseau/resources/10-docker-default.ini delete mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini delete mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh delete mode 100644 3.2.0-ubi-clouseau/resources/clouseau/log4j.properties delete mode 100755 3.2.0-ubi-clouseau/resources/docker-entrypoint.sh delete mode 100644 3.2.0-ubi-clouseau/resources/pre_stop delete mode 100644 3.2.0-ubi-clouseau/resources/run delete mode 100644 3.2.0-ubi-clouseau/resources/run_clouseau delete mode 100644 3.2.0-ubi-clouseau/resources/vm.args delete mode 100644 3.2.0/10-docker-default.ini delete mode 100644 3.2.0/Dockerfile delete mode 100755 3.2.0/docker-entrypoint.sh delete mode 100644 3.2.0/vm.args delete mode 100644 3.2.1/10-docker-default.ini delete mode 100644 3.2.1/Dockerfile delete mode 100755 3.2.1/docker-entrypoint.sh delete mode 100644 3.2.1/vm.args delete mode 100644 3.2.2/10-docker-default.ini delete mode 100644 3.2.2/Dockerfile delete mode 100755 3.2.2/docker-entrypoint.sh delete mode 100644 3.2.2/vm.args delete mode 100644 3.3.0/10-docker-default.ini delete mode 100644 3.3.0/Dockerfile delete mode 100755 3.3.0/docker-entrypoint.sh delete mode 100644 3.3.0/vm.args delete mode 100644 3.3.1/10-docker-default.ini delete mode 100644 3.3.1/Dockerfile delete mode 100755 3.3.1/docker-entrypoint.sh delete mode 100644 3.3.1/vm.args delete mode 100644 3.3.2/10-docker-default.ini delete mode 100644 3.3.2/Dockerfile delete mode 100755 3.3.2/docker-entrypoint.sh delete mode 100644 3.3.2/vm.args diff --git a/3.2.0-ubi-clouseau/Dockerfile b/3.2.0-ubi-clouseau/Dockerfile deleted file mode 100644 index 16abfe6..0000000 --- a/3.2.0-ubi-clouseau/Dockerfile +++ /dev/null @@ -1,131 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -ARG CLOUSEAU_VERSION=2.17.0 - -FROM registry.access.redhat.com/ubi8/ubi-minimal as builder - -ARG CLOUSEAU_VERSION - -WORKDIR /usr/src - -# Fetch and extract clouseau -RUN set -xe; \ - microdnf update -y && rm -rf /var/cache/yum && \ - microdnf install -y unzip wget && \ - wget https://github.com/cloudant-labs/clouseau/releases/download/${CLOUSEAU_VERSION}/clouseau-${CLOUSEAU_VERSION}-dist.zip && \ - unzip clouseau-2.17.0-dist.zip && \ - microdnf clean all; \ - rm -rf /var/cache/yum - -FROM registry.access.redhat.com/ubi8/ubi-minimal - -ARG RELEASE -ARG BUILD_DATE -ARG CLOUSEAU_VERSION - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ - name="Apache CouchDB" \ - version="3.2.0" \ - summary="Apache CouchDB based on Red Hat UBI" \ - description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ - release=${RELEASE} \ - usage="https://github.com/apache/couchdb-docker" \ - build-date=${BUILD_DATE} \ - io.k8s.display-name="Apache CouchDB" \ - io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ - io.openshift.tags="database couchdb apache rhel8" \ - io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ - io.openshift.min-memory="1Gi" \ - io.openshift.min-cpu="1" - -COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY couchdb.repo /etc/yum.repos.d/couchdb.repo - -ENV COUCHDB_VERSION=3.2.0 \ - CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ - JAVA_MAJOR_VERSION=8 \ - JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ - CLASSPATH=${APP_ROOT}/lib/* - -# Add CouchDB user account to make sure the IDs are assigned consistently -# CouchDB user added to root group for OpenShift support -RUN set -ex; \ -# be sure GPG and apt-transport-https are available and functional - microdnf update -y && rm -rf /var/cache/yum; \ - microdnf install -y \ - java-1.8.0-openjdk-headless \ - ca-certificates \ - gnupg \ - findutils \ - shadow-utils; \ -# Add CouchDB User and Group (group required by rpm) - useradd -u 5984 -d /opt/couchdb -g root couchdb; \ - groupadd -g 5984 couchdb; \ -# Install runit - microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=imeyer_runit -y runit; \ -# Clean up - microdnf clean all; \ - rm -rf /var/cache/yum - -# Install CouchDB -RUN set -xe; \ - microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ - microdnf clean all; \ - rm -rf /var/cache/yum; \ -# remove defaults that force writing logs to file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# Setup directories and permissions for data. - chmod 777 /opt/couchdb/data - -# Copy Clouseau jar and set directory permissions -COPY resources/clouseau/clouseau.ini resources/clouseau/log4j.properties /opt/couchdb-search/etc/ -COPY --from=builder /usr/src/clouseau-${CLOUSEAU_VERSION}/*.jar /opt/couchdb-search/lib/ - -RUN install -d -m 0755 -o couchdb -g 0 -p /opt/couchdb-search/etc /opt/couchdb-search/lib /opt/couchdb/data/search_indexes && \ - find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ - find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; - -# Add the License -COPY licenses /licenses - -# Add configuration -COPY --chown=couchdb:0 resources/10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:0 resources/vm.args /opt/couchdb/etc/ -COPY --chown=couchdb:0 resources/docker-entrypoint.sh /usr/local/bin -COPY --chown=couchdb:0 resources/run /etc/service/couchdb/ -COPY --chown=couchdb:0 resources/run_clouseau /etc/service/couchdb-search/run - -# set permissions on runit scripts -RUN chmod -R 777 /etc/service/couchdb; \ - chmod -R 777 /etc/service/couchdb-search; \ - chmod 777 /usr/local/bin/docker-entrypoint.sh; \ -# symlink to root folder - ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh - -ENTRYPOINT ["/docker-entrypoint.sh"] -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0-ubi-clouseau/couchdb.repo b/3.2.0-ubi-clouseau/couchdb.repo deleted file mode 100644 index b4f33d7..0000000 --- a/3.2.0-ubi-clouseau/couchdb.repo +++ /dev/null @@ -1,7 +0,0 @@ -[couchdb] -name=couchdb -baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ -gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc -gpgcheck=1 -repo_gpgcheck=1 -enabled=1 diff --git a/3.2.0-ubi-clouseau/imeyer_runit.repo b/3.2.0-ubi-clouseau/imeyer_runit.repo deleted file mode 100644 index ab4aa4c..0000000 --- a/3.2.0-ubi-clouseau/imeyer_runit.repo +++ /dev/null @@ -1,10 +0,0 @@ -[imeyer_runit] -name=imeyer_runit -baseurl=https://packagecloud.io/imeyer/runit/el/7/x86_64 -repo_gpgcheck=1 -gpgcheck=0 -enabled=1 -gpgkey=https://packagecloud.io/imeyer/runit/gpgkey -sslverify=1 -sslcacert=/etc/pki/tls/certs/ca-bundle.crt -metadata_expire=300 diff --git a/3.2.0-ubi-clouseau/licenses/LICENSE b/3.2.0-ubi-clouseau/licenses/LICENSE deleted file mode 100644 index f6cd2bc..0000000 --- a/3.2.0-ubi-clouseau/licenses/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/3.2.0-ubi-clouseau/resources/10-docker-default.ini b/3.2.0-ubi-clouseau/resources/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.0-ubi-clouseau/resources/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini deleted file mode 100644 index 81084e1..0000000 --- a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini +++ /dev/null @@ -1,6 +0,0 @@ -[clouseau] -name=clouseau@127.0.0.1 - -dir=/opt/couchdb/data/search_indexes - -max_indexes_open=500 diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh deleted file mode 100644 index 4f8b300..0000000 --- a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh +++ /dev/null @@ -1,13 +0,0 @@ -# chmod 0600 /opt/couchdb-search/etc/jmxremote.password - -exec -c "java -server \ - -Xmx2G \ - -Dsun.net.inetaddr.ttl=30 \ - -Dsun.net.inetaddr.negative.ttl=30 \ - -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ - -XX:OnOutOfMemoryError="kill -9 %p" \ - -XX:+UseConcMarkSweepGC \ - -XX:+CMSParallelRemarkEnabled \ - -classpath '/opt/couchdb-search/lib/*' \ - com.cloudant.clouseau.Main \ - /opt/couchdb-search/etc/clouseau.ini" diff --git a/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties b/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties deleted file mode 100644 index e7a0f7c..0000000 --- a/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties +++ /dev/null @@ -1,5 +0,0 @@ -log4j.rootLogger=info, CONSOLE - -log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender -log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout -log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %c [%p] %m%n diff --git a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh deleted file mode 100755 index 0592c68..0000000 --- a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh +++ /dev/null @@ -1,185 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # also for clouseau - find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + - find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - # if erlang cookie passed in, set in clouseau.ini - kCOOKIE_REGEX='setcookie ([^ ]+)' - cookie='monster' - if [[ $ERL_FLAGS =~ $kCOOKIE_REGEX ]]; then - cookie="${BASH_REMATCH[1]}" - else - ERL_FLAGS="$ERL_FLAGS -setcookie $cookie" - fi - - if ! grep "cookie" /opt/couchdb-search/etc/clouseau.ini; then - echo "cookie=$cookie" >> /opt/couchdb-search/etc/clouseau.ini - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - # a node name is required for clouseau/distributed erlang. - # set if not specified via ERL_FLAGS or vm.args - kNAME_REGEX='\-name ([^ ]+)' - if ! [[ $ERL_FLAGS =~ $kNAME_REGEX ]]; then - echo "No name found in ERL_FLAGS $ERL_FLAGS" - nodename=${NODENAME:=127.0.0.1} - if ! grep -e '-name' /opt/couchdb/etc/vm.args; then - echo "No -name found in vm.args. Using couchdb@$nodename" - echo "-name couchdb@$nodename" >> /opt/couchdb/etc/vm.args - fi - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:0 /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - # Run as CouchDB user - cat > /etc/service/couchdb/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb - exec 2>&1 - exec chpst -u couchdb env ERL_FLAGS="$ERL_FLAGS" $@ - EOF - - cat > /etc/service/couchdb-search/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb-search - exec 2>&1 - exec chpst -u couchdb java -server \ - -Xmx2G \ - -Dsun.net.inetaddr.ttl=30 \ - -Dsun.net.inetaddr.negative.ttl=30 \ - -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ - -XX:OnOutOfMemoryError="kill -9 %p" \ - -XX:+UseConcMarkSweepGC \ - -XX:+CMSParallelRemarkEnabled \ - -classpath '/opt/couchdb-search/lib/*' \ - com.cloudant.clouseau.Main \ - /opt/couchdb-search/etc/clouseau.ini - EOF - else - # Write out runit scripts to start as the ambient uid - cat > /etc/service/couchdb/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb - exec 2>&1 - exec chpst env ERL_FLAGS="$ERL_FLAGS" $@ - EOF - - cat > /etc/service/couchdb-search/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb-search - exec 2>&1 - exec chpst java -server \ - -Xmx2G \ - -Dsun.net.inetaddr.ttl=30 \ - -Dsun.net.inetaddr.negative.ttl=30 \ - -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ - -XX:OnOutOfMemoryError="kill -9 %p" \ - -XX:+UseConcMarkSweepGC \ - -XX:+CMSParallelRemarkEnabled \ - -classpath '/opt/couchdb-search/lib/*' \ - com.cloudant.clouseau.Main \ - /opt/couchdb-search/etc/clouseau.ini - EOF - fi - - exec /sbin/runsvdir-start -fi - -exec "$@" diff --git a/3.2.0-ubi-clouseau/resources/pre_stop b/3.2.0-ubi-clouseau/resources/pre_stop deleted file mode 100644 index 2fbd60a..0000000 --- a/3.2.0-ubi-clouseau/resources/pre_stop +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -if [ -z "$1" ]; then - terminationPeriod=300 -else - terminationPeriod=$1 -fi - -timeToSleep=5 -numIterations=$(awk -v var1=$terminationPeriod -v var2=$timeToSleep 'BEGIN { print ( var1 / var2 ) }') - -# Mark each runsv service as down, which will send each process a TERM -for file in /conf/service/*/supervise/control; do - echo "d" > $file; -done - -# Allow the processes time to terminate gracefully -i="0" -while [ $i -lt $numIterations ]; do - numServices=$(find /conf/service/* -maxdepth 0 -type d | wc -l) - numDownServices=$(grep -r "^down$" /conf/service/*/supervise/stat | wc -l) - if [ $numServices -ne $numDownServices ]; then - sleep $timeToSleep - i=$[$i+1] - else - exit 0 - fi -done - -exit 1 diff --git a/3.2.0-ubi-clouseau/resources/run b/3.2.0-ubi-clouseau/resources/run deleted file mode 100644 index 7d1d6b8..0000000 --- a/3.2.0-ubi-clouseau/resources/run +++ /dev/null @@ -1 +0,0 @@ -# populated in dockerfile entrypoint so that ERL_FLAGS are propagated diff --git a/3.2.0-ubi-clouseau/resources/run_clouseau b/3.2.0-ubi-clouseau/resources/run_clouseau deleted file mode 100644 index 9c18b33..0000000 --- a/3.2.0-ubi-clouseau/resources/run_clouseau +++ /dev/null @@ -1 +0,0 @@ -# populated in dockerfile entrypoint diff --git a/3.2.0-ubi-clouseau/resources/vm.args b/3.2.0-ubi-clouseau/resources/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.0-ubi-clouseau/resources/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.2.0/10-docker-default.ini b/3.2.0/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.0/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.0/Dockerfile b/3.2.0/Dockerfile deleted file mode 100644 index 159be0f..0000000 --- a/3.2.0/Dockerfile +++ /dev/null @@ -1,105 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:buster-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ - rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.2.0 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~buster \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0/docker-entrypoint.sh b/3.2.0/docker-entrypoint.sh deleted file mode 100755 index 4b8b4f4..0000000 --- a/3.2.0/docker-entrypoint.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.2.0/vm.args b/3.2.0/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.0/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.2.1/10-docker-default.ini b/3.2.1/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.1/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.1/Dockerfile b/3.2.1/Dockerfile deleted file mode 100644 index 27e9d9c..0000000 --- a/3.2.1/Dockerfile +++ /dev/null @@ -1,105 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ - rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.2.1-1 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh deleted file mode 100755 index 8d6456d..0000000 --- a/3.2.1/docker-entrypoint.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.2.1/vm.args b/3.2.1/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.1/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.2.2/10-docker-default.ini b/3.2.2/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.2/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile deleted file mode 100644 index 587d152..0000000 --- a/3.2.2/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends tini; \ - rm -rf /var/lib/apt/lists/*; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.2.2-1 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh deleted file mode 100755 index a8544c7..0000000 --- a/3.2.2/docker-entrypoint.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - export HOME=$(echo ~couchdb) - exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" - fi -fi - -exec "$@" diff --git a/3.2.2/vm.args b/3.2.2/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.2/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.3.0/10-docker-default.ini b/3.3.0/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.3.0/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.3.0/Dockerfile b/3.3.0/Dockerfile deleted file mode 100644 index ffb943b..0000000 --- a/3.3.0/Dockerfile +++ /dev/null @@ -1,105 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ - rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.3.0 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.0/docker-entrypoint.sh b/3.3.0/docker-entrypoint.sh deleted file mode 100755 index 8d6456d..0000000 --- a/3.3.0/docker-entrypoint.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.3.0/vm.args b/3.3.0/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.3.0/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.3.1/10-docker-default.ini b/3.3.1/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.3.1/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.3.1/Dockerfile b/3.3.1/Dockerfile deleted file mode 100644 index 90369c9..0000000 --- a/3.3.1/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends tini; \ - rm -rf /var/lib/apt/lists/*; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.3.1 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh deleted file mode 100755 index a8544c7..0000000 --- a/3.3.1/docker-entrypoint.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - export HOME=$(echo ~couchdb) - exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" - fi -fi - -exec "$@" diff --git a/3.3.1/vm.args b/3.3.1/vm.args deleted file mode 100644 index d606217..0000000 --- a/3.3.1/vm.args +++ /dev/null @@ -1,35 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# This will toggle to true in Erlang 25+. However since we don't use global -# any longer, and have our own auto-connection module, we can keep the -# existing global behavior to avoid surprises. See -# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more -# information about possible increased coordination and messages being sent on -# disconnections when this setting is enabled. -# --kernel prevent_overlapping_partitions false - -# Increase the pool of dirty IO schedulers from 10 to 16 -# Dirty IO schedulers are used for file IO. -+SDio 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.3.2/10-docker-default.ini b/3.3.2/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.3.2/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.3.2/Dockerfile b/3.3.2/Dockerfile deleted file mode 100644 index 56393e8..0000000 --- a/3.3.2/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends tini; \ - rm -rf /var/lib/apt/lists/*; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.3.2 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.2/docker-entrypoint.sh b/3.3.2/docker-entrypoint.sh deleted file mode 100755 index a8544c7..0000000 --- a/3.3.2/docker-entrypoint.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - export HOME=$(echo ~couchdb) - exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" - fi -fi - -exec "$@" diff --git a/3.3.2/vm.args b/3.3.2/vm.args deleted file mode 100644 index d606217..0000000 --- a/3.3.2/vm.args +++ /dev/null @@ -1,35 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# This will toggle to true in Erlang 25+. However since we don't use global -# any longer, and have our own auto-connection module, we can keep the -# existing global behavior to avoid surprises. See -# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more -# information about possible increased coordination and messages being sent on -# disconnections when this setting is enabled. -# --kernel prevent_overlapping_partitions false - -# Increase the pool of dirty IO schedulers from 10 to 16 -# Dirty IO schedulers are used for file IO. -+SDio 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput From 9c8ab9e38be7b99c6452765c27a04a9c999207b5 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sat, 28 Sep 2024 12:00:44 +0200 Subject: [PATCH 219/227] feat: use bookworm for 3.3.3 and update to 3.3.3-1 variant --- 3.3.3/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3.3.3/Dockerfile b/3.3.3/Dockerfile index 16bdf32..6d86dfb 100644 --- a/3.3.3/Dockerfile +++ b/3.3.3/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -66,7 +66,7 @@ RUN set -eux; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ + couchdb="$COUCHDB_VERSION-1"~bookworm \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ From 5ff2c69df1cf1d0c8fa39e5dce4d37f18d8caefd Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 4 Oct 2024 13:54:15 +0200 Subject: [PATCH 220/227] fix: do not create an extra layer just for the chown --- 3.4.1-nouveau/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/3.4.1-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile index b07d77a..648dc51 100644 --- a/3.4.1-nouveau/Dockerfile +++ b/3.4.1-nouveau/Dockerfile @@ -71,9 +71,10 @@ RUN set -eux; \ \ echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ - couchdb-nouveau=3.4.1~bookworm; + couchdb-nouveau=3.4.1~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau -RUN chown -R nouveau:nouveau /opt/nouveau COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml VOLUME /opt/nouveau/data From e748fc4a483c1a651758df4900258701570d2533 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 4 Oct 2024 18:48:36 -0400 Subject: [PATCH 221/227] One more place we forgot to cleanup the apt repo --- 3.4.1-nouveau/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/3.4.1-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile index 648dc51..ffcb96b 100644 --- a/3.4.1-nouveau/Dockerfile +++ b/3.4.1-nouveau/Dockerfile @@ -33,7 +33,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ openjdk-17-jre-headless \ - ; + ; \ + rm -rf /var/lib/apt/lists/* # grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 From c44f447edc42377636a1e65a81dcaf3b457d6c83 Mon Sep 17 00:00:00 2001 From: Gaurav Mishra Date: Tue, 8 Oct 2024 17:23:39 +0530 Subject: [PATCH 222/227] docs(nouveau): add additional nouveau ini config Signed-off-by: Gaurav Mishra --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index b1ea30e..a9161de 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,17 @@ In addition, a few environment variables are provided to set very common paramet * `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. * Erlang Environment Variables like `ERL_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) +## Configure CouchDB Nouveau + +Using the `couchdb:3.4-nouveau` image with `couchdb:3.4` container, there are additional configurations required to set the communication between the containers. CouchDB by default communicates with Nouveau at `http://localhost:5987`, which would now be running in a different container. To enable the communication, the CouchDB container should know the location of Nouveau location and enable the configuration. This can be done by puting following configuration file at `/opt/couchdb/etc/local.d/nouveau.ini` in the CouchDB container. + +```ini +[nouveau] +enable = true +url = http://couchdb-nouveau:5987 +``` + +**Note:** Replace the location in the URL. # Caveats From 50ced4111eaaa75672378ffb8b09d019eff7de75 Mon Sep 17 00:00:00 2001 From: Gaurav Mishra Date: Tue, 8 Oct 2024 17:37:12 +0530 Subject: [PATCH 223/227] docs(nouveau): add compose example with nouveau Signed-off-by: Gaurav Mishra --- nouveau-compose/README.md | 55 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 nouveau-compose/README.md diff --git a/nouveau-compose/README.md b/nouveau-compose/README.md new file mode 100644 index 0000000..bfe27f4 --- /dev/null +++ b/nouveau-compose/README.md @@ -0,0 +1,55 @@ +standard `docker-compose.yml`. + +```shell +mkdir -p ./config/couchdb +``` + +**./config/couchdb/nouveau.ini** +```ini +[nouveau] +enable = true +url = http://couchdb-nouveau:5987 +``` + +**docker-compose.yml** +*This yaml expose 5984 to the host network, if you already using the 5984 change it on the yaml +```yaml +services: + couchdb: + image: couchdb:3.4.1 + restart: unless-stopped + ports: + - 5984:5984 + environment: + - ERL_FLAGS=-setcookie monster + - COUCHDB_CREATE_DATABASE=yes + depends_on: + - couchdb-nouveau + volumes: + - couchdb:/opt/couchdb/data + - ./config/couchdb/nouveau.ini:/opt/couchdb/etc/local.d/nouveau.ini + healthcheck: + test: ["CMD-SHELL", "curl --fail -s http://couchdb:5984/_up"] + interval: 30s + timeout: 5s + retries: 5 + + couchdb-nouveau: + image: couchdb:3.4.1-nouveau +# ports: +# - "5987:5987" +# - "5988:5988" + +networks: + default: + name: couchdb-net +``` + +```shell +docker-compose up +``` + +Check it http://127.0.0.1:5984 + +The _trick_ is the `./config/couchdb/nouveau.ini` defines the `couchdb-nouveau` to be running on docker network service named `couchdb-nouveau`. So the port (5987) mapped to the nouveau container. + From 734c61f2a9421637ff58be225665477be52dd4b7 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Tue, 22 Oct 2024 11:31:15 +0200 Subject: [PATCH 224/227] feat: add 3.4.2 and 3.4.2-nouveau --- 3.4.2-nouveau/Dockerfile | 88 ++++++++++++++++++++++++++ 3.4.2-nouveau/nouveau.yaml | 27 ++++++++ 3.4.2/10-docker-default.ini | 8 +++ 3.4.2/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.4.2/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.4.2/vm.args | 47 ++++++++++++++ README.md | 1 + 7 files changed, 397 insertions(+) create mode 100644 3.4.2-nouveau/Dockerfile create mode 100644 3.4.2-nouveau/nouveau.yaml create mode 100644 3.4.2/10-docker-default.ini create mode 100644 3.4.2/Dockerfile create mode 100755 3.4.2/docker-entrypoint.sh create mode 100644 3.4.2/vm.args diff --git a/3.4.2-nouveau/Dockerfile b/3.4.2-nouveau/Dockerfile new file mode 100644 index 0000000..36b4b98 --- /dev/null +++ b/3.4.2-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.2~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.2-nouveau/nouveau.yaml b/3.4.2-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.2-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.4.2/10-docker-default.ini b/3.4.2/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.2/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.2/Dockerfile b/3.4.2/Dockerfile new file mode 100644 index 0000000..95688b0 --- /dev/null +++ b/3.4.2/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.2 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.2/docker-entrypoint.sh b/3.4.2/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.2/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.2/vm.args b/3.4.2/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.2/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index a9161de..7af8459 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.4.2` - `3.4.1` - `3.3.3` - `3.3.2` From 8a7dfc18fe8a9ba55a1c544ee3416f945dbb94ad Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Mon, 17 Mar 2025 17:23:16 -0400 Subject: [PATCH 225/227] Add 3.4.3 and 3.4.3-nouveau --- 3.4.3-nouveau/Dockerfile | 88 ++++++++++++++++++++++++++ 3.4.3-nouveau/nouveau.yaml | 27 ++++++++ 3.4.3/10-docker-default.ini | 8 +++ 3.4.3/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.4.3/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.4.3/vm.args | 47 ++++++++++++++ README.md | 1 + 7 files changed, 397 insertions(+) create mode 100644 3.4.3-nouveau/Dockerfile create mode 100644 3.4.3-nouveau/nouveau.yaml create mode 100644 3.4.3/10-docker-default.ini create mode 100644 3.4.3/Dockerfile create mode 100755 3.4.3/docker-entrypoint.sh create mode 100644 3.4.3/vm.args diff --git a/3.4.3-nouveau/Dockerfile b/3.4.3-nouveau/Dockerfile new file mode 100644 index 0000000..343940b --- /dev/null +++ b/3.4.3-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.3~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.3-nouveau/nouveau.yaml b/3.4.3-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.3-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.4.3/10-docker-default.ini b/3.4.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.3/Dockerfile b/3.4.3/Dockerfile new file mode 100644 index 0000000..e60b209 --- /dev/null +++ b/3.4.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.3/docker-entrypoint.sh b/3.4.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.3/vm.args b/3.4.3/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.3/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 7af8459..4f40ba8 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.4.3` - `3.4.2` - `3.4.1` - `3.3.3` From d9ab5e527fc912b0a308f88b5fcc6bafcb3ee7fd Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 21 Mar 2025 19:15:15 -0400 Subject: [PATCH 226/227] Clean up unused bits from build.sh We only use buildx Remove auto buildx setup. That breaks users' buildx contexts and leaves it modified. Docker nowadays setups setup buildx fairly well and there is no need to do all the experimental stuff. --- build.sh | 217 ------------------------------------------------------- 1 file changed, 217 deletions(-) diff --git a/build.sh b/build.sh index 0b14039..ab8f775 100755 --- a/build.sh +++ b/build.sh @@ -31,72 +31,20 @@ set -e -PROMPT="Are you sure (y/n)? " -QEMU="YES" -PLATFORMS="amd64 arm64v8 s390x" BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/s390x" # Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf -# See also lines 163, 170, 171 -# PLATFORMS="amd64 arm64v8 ppc64le s390x" -# BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" - -prompt() { - if [ -z "${PROMPT}" ] - then - return - fi - if [ "$1" ] - then - echo "$1" - fi - read -p "${PROMPT}" - if [[ $REPLY =~ ^[Yy]$ ]] - then - return - else - exit 0 - fi -} - -update_qemu() { - # necessary locally after every reboot, not sure why....update related maybe? - # basically harmless to run everytime, except for elevated privs necessary. - # disable with -n flag - # NOTE multiarch/qemu-user-static broken as of Jan 2021 - # docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true - # docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - # docker rmi multiarch/qemu-user-static - # use tonistiigi/binfmt instead. - echo "Uninstalling all qemu emulators..." - for plat in $(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))'); do - plat="${plat//\"}" - docker run --privileged tonistiigi/binfmt --uninstall $plat >/dev/null 2>&1 - done - - echo "Reinstalling all qemu emulators with latest version..." - docker run --privileged --rm tonistiigi/binfmt --install all - - echo "Proving all emulators work..." - docker run --rm arm32v7/alpine uname -a - docker run --rm arm64v8/alpine uname -a - docker run --rm s390x/alpine uname -a - docker run --rm tonistiigi/debian:riscv uname -a -} clean() { echo $# if [ $# -eq 0 ] then regex="*" - ADD_PROMPT="This will remove *ALL* local apache/couchdb Docker images!" elif [ $# -eq 1 ] then regex=$1 - ADD_PROMPT="This will remove *ALL* apache/couchdb images matching regex '${1}' !" else usage fi - prompt "${ADD_PROMPT}" docker images --filter=reference="apache/couchdb:${regex}" | tr -s ' ' | cut -d ' ' -f 2 | while read tag do @@ -108,76 +56,6 @@ clean() { done } -# Builds a specific version -build() { - VERSION=$1 - ARCH=${2:-amd64} - FROMIMG="$(awk '$1 == toupper("FROM") { print $2; exit; }' $VERSION/Dockerfile)" - echo ${FROMIMG} - CURRARCH="$(docker run --rm -t ${FROMIMG} uname -m | sed -e 's/[[:space:]]*$//')" - if [ "${CURRARCH}" == "x86_64" ] - then - CURRARCH="amd64" - fi - - if [ "${CURRARCH}" != "${ARCH}" ] - then - if [[ "${FROMIMG}" == *"redhat.com"* ]] - then - echo "Script does not handle multiarch for ubi images. Please fix me!" - exit 1 - fi - docker rmi ${FROMIMG} - docker pull "${ARCH}/${FROMIMG}" - docker tag "${ARCH}/${FROMIMG}" "${FROMIMG}" - fi - docker build -t apache/couchdb:${ARCH}-${VERSION} ${VERSION} - echo "CouchDB ${VERSION} for ${ARCH} built as apache/couchdb:${ARCH}-${VERSION}." -} - -# Builds all platforms for a specific version, local only -# We can't do this with docker buildx, see https://github.com/docker/buildx/issues/166#issuecomment-562729523 -build-all() { - VERSION=$1 - for ARCH in ${PLATFORMS}; do - echo "Starting ${ARCH} at $(date)..." - build $1 ${ARCH} - echo "" - done -} - -# Push locally built versions using above technique -push() { - if [ $2 ] - then - tag_as=$2 - else - tag_as=$1 - fi - docker manifest create apache/couchdb:$tag_as \ - apache/couchdb:amd64-$1 \ - apache/couchdb:arm64v8-$1 \ -# Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf -# See also line 38 -# apache/couchdb:ppc64le-$1 \ - apache/couchdb:s390x-$1 - - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 - - # Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf - # See also line 38 - # docker manifest annotate apache/couchdb:$tag_as \ - # apache/couchdb:ppc64le-$1 --os linux --arch ppc64le - - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:s390x-$1 --os linux --arch s390x - - docker manifest push --purge apache/couchdb:$tag_as - - docker manifest inspect apache/couchdb:$tag_as -} - # Builds all platforms for a specific version and pushes to the registry buildx() { if [ $2 ] @@ -186,25 +64,11 @@ buildx() { else tag_as=$1 fi - docker buildx rm apache-couchdb >/dev/null 2>&1 || true - - echo "Creating the buildx environment..." - docker buildx create --name apache-couchdb --driver docker-container --use - docker buildx use apache-couchdb - docker buildx inspect --bootstrap echo "Starting buildx build at $(date)..." docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:$tag_as --push $1 echo "" - # build nouveau - docker buildx rm apache-couchdb-nouveau >/dev/null 2>&1 || true - - echo "Creating the buildx nouveau environment..." - docker buildx create --name apache-couchdb-nouveau --driver docker-container --use - docker buildx use apache-couchdb-nouveau - docker buildx inspect --bootstrap - echo "Starting buildx nouveau build at $(date)..." docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:${tag_as}-nouveau --push $1-nouveau echo "" @@ -214,34 +78,10 @@ usage() { cat << EOF $0 <-f> <-n> [OPTIONS] -Options: - -f Skip confirmation prompt. - -n Do not install QEMU and binfmt_misc - (build commands only) - General commands: clean Removes ALL local apache/couchdb images (!!) clean Removes ALL local images with matching tags. -\`docker build\` commands: - version #.#.# [all] Builds all platforms for supplied version - Each platform is tagged -. - - version #.#.# Builds only the specified version and arch. - - push #.#.# [as ] Pushes locally-built versions as a multi-arch - manifest. If \`as \` is specified, - pushes the manifest using that tag instead. - -Example workflow: - $0 clean *2.9.7* - $0 version 2.9.7 all - - $0 push 2.9.7 - $0 push 2.9.7 as 2.9 - $0 push 2.9.7 as 2 - $0 push 2.9.7 as latest - \`docker buildx\` commands: buildx #.#.# Builds *and pushes* all platforms for supplied version, using docker buildx. Built images must @@ -261,12 +101,6 @@ Example workflow: docker manifest inspect apache/couchdb:2.9.7 docker pull <--platform linux/other-arch> apache/couchdb:2.9.7 (for testing) - -NOTE: Requires Docker 19.03+ with experimental features enabled. - Add { "experimental" : "true" } to /etc/docker/daemon.json, then - add { "experimental": "enabled" } to ~/.docker/config.json, then - restart the Docker daemon. - EOF exit 0 } @@ -281,14 +115,6 @@ do set -f key="$1" case $key in - -f|--force) - unset PROMPT - shift - ;; - -n|--no-qemu) - unset QEMU - shift - ;; *) POSITIONAL+=("$1") shift @@ -307,45 +133,6 @@ case "$1" in clean $* set +f ;; - version) - # builds a specific version using docker build - # validate/reinstall QEMU - if [ ${QEMU} ] - then - update_qemu - fi - shift - if [ $# -lt 1 -o $# -gt 3 ] - then - usage - fi - # version #.#.# all - if [ "$2" = "all" ] - then - # build all the platforms and test them locally - build-all $1 - else - # build a specific platform locally - build $1 $2 - fi - ;; - push) - # pushes already built local versions as manifest - shift - if [ $# -ne 1 -a $# -ne 3 ] - then - usage - fi - if [ $# -eq 1 ] - then - push $1 - elif [ $2 = "as" ] - then - push $1 $3 - else - usage - fi - ;; buildx) # builds and pushes using docker buildx shift @@ -353,10 +140,6 @@ case "$1" in then usage fi - if [ ${QEMU} ] - then - update_qemu - fi if [ $# -eq 1 ] then buildx $1 From 2660034027fec97097f88afcc6f8a4416c364b24 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Mon, 5 May 2025 21:57:41 -0400 Subject: [PATCH 227/227] New release 3.5.0 --- 3.5.0-nouveau/Dockerfile | 88 ++++++++++++++++++++++++++ 3.5.0-nouveau/nouveau.yaml | 27 ++++++++ 3.5.0/10-docker-default.ini | 8 +++ 3.5.0/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.5.0/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.5.0/vm.args | 47 ++++++++++++++ README.md | 1 + 7 files changed, 397 insertions(+) create mode 100644 3.5.0-nouveau/Dockerfile create mode 100644 3.5.0-nouveau/nouveau.yaml create mode 100644 3.5.0/10-docker-default.ini create mode 100644 3.5.0/Dockerfile create mode 100755 3.5.0/docker-entrypoint.sh create mode 100644 3.5.0/vm.args diff --git a/3.5.0-nouveau/Dockerfile b/3.5.0-nouveau/Dockerfile new file mode 100644 index 0000000..1215edb --- /dev/null +++ b/3.5.0-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.5.0~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.5.0-nouveau/nouveau.yaml b/3.5.0-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.5.0-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.5.0/10-docker-default.ini b/3.5.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.5.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.5.0/Dockerfile b/3.5.0/Dockerfile new file mode 100644 index 0000000..efdcb69 --- /dev/null +++ b/3.5.0/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.5.0 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.5.0/docker-entrypoint.sh b/3.5.0/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.5.0/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.5.0/vm.args b/3.5.0/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.5.0/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 4f40ba8..452368c 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.5.0` - `3.4.3` - `3.4.2` - `3.4.1`