From OpenDCIM Wiki
Revision as of 15:26, 11 December 2018 by Scott (Talk | contribs) (Building your Container)

Jump to: navigation, search

This is a work-in-process Page for features that are not yet released

The following set of files works with codebase 18.02 and later for a manual build and containerizing an already configured database. If you use local file authentication, you need to modify the Dockerfile to copy over your .htaccess file, accordingly. If you are unsure what that is, I point back to the header at the top of this page - this is pre-release, work-in-process. Don't distract developers from actually completing work by asking them how to do things that they are trying to automate in the first place.

Building your Container

Dockerfile

FROM ubuntu:18.04

RUN apt-get update

COPY tzscript.sh /
RUN /tzscript.sh
RUN apt-get -y install mariadb-client libapache2-mod-webauthldap apache2 php php-mbstring php-snmp php-gd php-mysql php-zip php-gettext locales graphviz && rm -rf /var/lib/apt/lists/* && localedef -i en_US -c -f UTF-8 -A /usr
/share/locale/locale.alias en_US.UTF-8 && a2enmod rewrite authnz_ldap && rm /var/www/html/index.html
ENV LANG en_US.utf8

COPY dcim/ /var/www/html/
COPY dcim/db.inc.php-dist /var/www/html/db.inc.php
COPY 000-default.conf /etc/apache2/sites-available/
COPY php.ini /etc/php/apache2/

RUN mkdir -p /var/www/html/vendor/mpdf/ttfontdata && mkdir -p /var/www/html/assets && chown -R www-data:www-data /var/www/html && chmod 775 /var/www/html/assets /var/www/html/pictures /var/www/html/drawings /var/www/html/vend
or/mpdf/ttfontdata

CMD apachectl -D FOREGROUND

tzscript.sh

#!/bin/bash

export DEBIAN_FRONTEND=noninteractive

apt-get install -y tzdata
ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
dpkg-reconfigure --frontend noninteractive tzdata

php.ini

We'll have a full php.ini file when we tidy all of this up. Here are the few important bits modified from a standard distribution php.ini file.

;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

; Maximum execution time of each script, in seconds
; http://php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 180

; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpectedly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; http://php.net/max-input-time
max_input_time = 60

; Maximum input variable nesting level
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64

; How many GET/POST/COOKIE input variables may be accepted
; max_input_vars = 1000

; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 1024M

; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 16M

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
;upload_tmp_dir =

; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 16M

; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20

000-default.conf

<VirtualHost *:80>
        #ServerName www.example.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        <Directory "/var/www/html">
           AllowOverride All
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Once you have those files, you can run (substitute MY_REPO with your repository information):

$ docker build . -t MY_REPO/opendcim:latest

$ docker push MY_REPO/opendcim:latest

Deploying to Kubernetes

configmap.yaml

These are your environment variables that will change the behavior of openDCIM. They are dynamically updated, so as soon as you make a change in the configMap, it will change the values in the running containers.

apiVersion: v1
kind: ConfigMap
metadata:
  name: opendcim
  namespace: opendcim
data:
  OPENDCIM_DB_HOST: mysql
  OPENDCIM_DB_NAME: dcim
  OPENDCIM_DB_PASS: dcim
  OPENDCIM_DB_USER: dcim
  OPENDCIM_AUTH_METHOD: "LDAP"
  OPENDCIM_DEBUG: "FALSE"

service.yaml

This defines a service so that it can be exposed through a LoadBalancer or, in this example, an ingress rule.

apiVersion: v1
kind: Service
metadata:
  name: opendcim-svc
  namespace: opendcim
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  selector:
    app: opendcim
</code>

ingress.yaml

Definition of the inbound rule for ingress to the service. Swap out dcim.YOURDOMAIN.COM with the URL you are using. This ingress rule assumes that you are running cert-manager for automatic certificate management. Adjust accordingly.

<code>
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/cluster-issuer: ca-issuer
    kubernetes.io/ingress.class: nginx
    nginx.org/ssl-services: opendcim-service
  name: opendcim-ingress
  namespace: opendcim
spec:
  rules:
  - host: dcim.YOURDOMAIN.COM
    http:
      paths:
      - backend:
          serviceName: opendcim-svc
          servicePort: 80
        path: /
  tls:
  - hosts:
    - dcim.YOURDOMAIN.COM
    secretName: opendcim-tls