opendev/system-config
Code Issues Proposed changes
system-config/docker/gerrit/base/Dockerfile
Clark Boylan 25de34e908 Bind mount Gerrit's review_site/data dir 
The replication, manage-plugins, and delete-project plugins all seem to
want to write content out to /var/gerrit/data within the Gerrit
container. At /home/gerrit2/review_site/data we've got an old carried
over dir from previous installations but this does not appear to be bind
mounted.

Best I can tell the replication plugin may use this disk location to
keep track of tasks that are queued,running,etc and this may work around
the issues with autoreloading gerrit replication configs. However, we
don't get those benefits when we delete the container (as with
docker-compose down/up-d) as the content is ephemeral within the
container. Address this by bind mounting the location along with the
other bind mounts.

Note I have excluded this from backups as I think we don't need backups
of things like replication queues. That said depending on what the other
plugins use this for we may need to refine our backup rules in the
future.

Change-Id: If3a91aeb1bd86c8514179b8ecfde17e98c29af6a
2023-02-27 13:14:34 -08:00

81 lines
2.7 KiB
Docker
Raw Blame History

# Copyright (c) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Fri 02 Dec 2022 07:17:22 AEDT - trigger rebuild
FROM docker.io/opendevorg/python-builder:3.9-bullseye as builder
COPY . /tmp/src
RUN assemble
FROM docker.io/opendevorg/python-base:3.9-bullseye as gerrit-base
RUN echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/95disable-recommends
RUN apt-get update \
&& apt-get install -y dumb-init git openssh-client openjdk-11-jre-headless unzip \
# This next set of installs helps align us with the old openjdk image \
# but they may not all be necessary \
&& apt-get install -y xz-utils bzip2 wget curl gnupg \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /output/ /output
RUN /output/install-from-bindep
# 3000 is what the existing opendev gerrit2 uid is
RUN addgroup gerrit --gid 3000 --system \
&& adduser \
--system \
--uid 3000 \
--home /var/gerrit \
--shell /bin/bash \
--ingroup gerrit \
gerrit
# Startup scripts
COPY wait-for-it.sh /wait-for-it.sh
RUN chmod +x /wait-for-it.sh
COPY run-gerrit.sh /run-gerrit.sh
RUN chmod +x /run-gerrit.sh
USER gerrit
RUN mkdir /var/gerrit/bin \
&& mkdir /var/gerrit/hooks \
&& mkdir /var/gerrit/static
# Download mariadb java client.
# Modern gerrit stopped downloading missing libs during init which means we
# need to do the downland and install ourselves.
# Note the perms on this are 0600 hence the need for the chown otherwise
# they are root owned and Gerrit can't use the jdbc driver.
ADD --chown=gerrit:gerrit https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.2/mariadb-java-client-2.7.2.jar /var/gerrit/lib/mariadb-java-client.jar
# Allow incoming traffic
# OpenDev Gerrit listens on 8081 not default of 8080
EXPOSE 29418 8081
VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit /var/gerrit/tmp /var/gerrit/data
RUN ln -s /var/log/gerrit /var/gerrit/logs
# container.javaOptions
# Also include container.heapLimit - but with -Xmx prefixing it
ENV JAVA_OPTIONS ""
# Ulimits should be set on command line or in docker-compose.yaml
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD "/run-gerrit.sh"
View Git Blame Copy Permalink