manala · nervo · Jan 28, 2020
diff --git a/elao.app/.manala.yaml b/elao.app/.manala.yaml
@@ -109,6 +109,8 @@ system:
     docker:
         # @schema {"items": {"type": "object"}}
         containers: []
+        # @schema {"items": {"type": "object"}}
+        applications: []
 
 ###############
 # Integration #

diff --git a/elao.app/.manala/Dockerfile.tmpl b/elao.app/.manala/Dockerfile.tmpl
@@ -34,7 +34,8 @@ RUN \
     && mkdir -p /srv \
     && chmod 777 /srv \
     # User
-    && adduser --disabled-password --gecos "" docker \
+    && addgroup --system docker \
+    && adduser --disabled-password --ingroup docker --gecos docker docker \
     # Bash
     && sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' \
         /home/docker/.bashrc \
@@ -59,10 +60,6 @@ RUN \
         ansible python3 python3-apt
     {{- end }}
 
-COPY docker/bin/entrypoint.sh /usr/local/bin/entrypoint.sh
-
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-
 ##########
 # System #
 ##########
@@ -73,20 +70,25 @@ COPY ansible/templates                       /tmp/ansible/templates/
 COPY ansible/ansible.cfg ansible/system.yaml /tmp/ansible/
 
 RUN \
+    # Ansible
     cd /tmp/ansible \
     && ansible-galaxy collection install \
       --requirements-file roles/system/requirements.yaml \
       --force \
     && ansible-playbook system.yaml \
       --inventory-file inventories \
       --limit integration \
-    && rm -Rf /tmp/ansible
-
-RUN \
+    && rm -Rf /tmp/ansible \
+    # Cleanup docker
+    && rm -Rf /var/lib/docker \
     # NodeJs
-    mkdir -p /usr/etc \
+    && mkdir -p /usr/etc \
     && echo "cache=\${XDG_CACHE_HOME}/npm" > /usr/etc/npmrc
 
+COPY docker/bin/entrypoint.sh /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
 WORKDIR /srv/app
 
 USER docker

diff --git a/elao.app/.manala/Jenkinsfile.tmpl b/elao.app/.manala/Jenkinsfile.tmpl
@@ -289,7 +289,7 @@ podTemplate(
         }
 
         try {
-            appImage.inside("--network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
+            appImage.inside("--privileged --network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
                 {{- include "node" (dict "node" $integration) | trim | nindent 16 }}
             }
         } finally {

diff --git a/elao.app/.manala/ansible/inventories/system.yaml.tmpl b/elao.app/.manala/ansible/inventories/system.yaml.tmpl
@@ -8,10 +8,19 @@ system:
         ###############
 
         development:
+
             # Ansible
             ansible_connection: local
+
             # Accounts
             manala_accounts_enabled: true
+            manala_accounts_groups:
+              - group: docker
+                system: true
+            manala_accounts_users:
+              - user: vagrant
+                group: vagrant
+                groups: ['docker']
             # Motd
             manala_motd_enabled: true
             # Timezone
@@ -73,7 +82,38 @@ system:
             # Elasticsearch
             manala_elasticsearch_enabled: {{ not (empty .elasticsearch.version) | ternary "true" "false" }}
             # Docker
-            manala_docker_enabled: true
+            manala_docker_containers:
+              - name: mailhog
+                image: mailhog/mailhog:v1.0.1
+                state: started
+                restart_policy: unless-stopped
+                ports:
+                  - 25:1025
+                  - 8025:8025
+              - name: phpmyadmin
+                image: phpmyadmin/phpmyadmin
+                state: {{ or (not (empty .mysql.version)) (not (empty .mariadb.version)) | ternary "started" "absent" }}
+                restart_policy: unless-stopped
+                env:
+                  PMA_USER: root
+                  # Default docker host ip
+                  PMA_HOST: 172.17.0.1
+                  UPLOAD_LIMIT: 64M
+                ports:
+                  - 1979:80
+              - name: phpredisadmin
+                image: erikdubbelboer/phpredisadmin
+                state: {{ not (empty .redis.version) | ternary "started" "absent" }}
+                restart_policy: unless-stopped
+                env:
+                  # Default docker host ip
+                  REDIS_1_HOST: 172.17.0.1
+                ports:
+                  - 1981:80
+            {{- if .docker.containers }}
+              # App
+              {{- .docker.containers | toYaml | nindent 10 }}
+            {{- end }}
             # Gomplate
             manala_gomplate_enabled: true
 
@@ -82,8 +122,10 @@ system:
         ###############
 
         integration:
+
             # Ansible
             ansible_connection: local
+
             # Apt
             manala_apt_enabled: true
             manala_apt_packages:
@@ -120,15 +162,6 @@ system:
         # All #
         #######
 
-        # Accounts
-        manala_accounts_groups:
-          - group: docker
-            system: true
-        manala_accounts_users:
-          - user: vagrant
-            group: vagrant
-            groups: ['docker']
-
         # Motd
         manala_motd_scripts_exclusive: true
         manala_motd_scripts:
@@ -423,37 +456,11 @@ system:
         {{- end }}
 
         # Docker
-        manala_docker_containers:
-          - name: mailhog
-            image: mailhog/mailhog:v1.0.1
-            state: started
-            restart_policy: unless-stopped
-            ports:
-              - 25:1025
-              - 8025:8025
-          - name: phpmyadmin
-            image: phpmyadmin/phpmyadmin
-            state: {{ or (not (empty .mysql.version)) (not (empty .mariadb.version)) | ternary "started" "absent" }}
-            restart_policy: unless-stopped
-            env:
-              PMA_USER: root
-              # Default docker host ip
-              PMA_HOST: 172.17.0.1
-              UPLOAD_LIMIT: 64M
-            ports:
-              - 1979:80
-          - name: phpredisadmin
-            image: erikdubbelboer/phpredisadmin
-            state: {{ not (empty .redis.version) | ternary "started" "absent" }}
-            restart_policy: unless-stopped
-            env:
-              # Default docker host ip
-              REDIS_1_HOST: 172.17.0.1
-            ports:
-              - 1981:80
-        {{- if .docker.containers }}
+        manala_docker_enabled: true
+        {{- if .docker.applications }}
+        manala_docker_applications:
           # App
-          {{- .docker.containers | toYaml | nindent 10 }}
+          {{- .docker.applications | toYaml | nindent 10 }}
         {{- end }}
 
 {{- end }}
diff --git a/elao.app/.manala/ansible/templates/docker/audiowaveform.j2 b/elao.app/.manala/ansible/templates/docker/audiowaveform.j2
@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+docker run \
+  --rm \
+  --user 1000 \
+  --volume /srv:/srv \
+  elao/audiowaveform:{{ item.version|mandatory }} \
+  "$@"
diff --git a/elao.app/.manala/docker/bin/entrypoint.sh b/elao.app/.manala/docker/bin/entrypoint.sh
@@ -2,6 +2,9 @@
 
 set -e
 
+# Docker
+sudo /etc/init.d/docker start
+
 # Cache (Composer and Yarn both follows XDG Base Directory Specification. For
 # the others, related environment variables must be expanded at runtime)
 if [ -n "${XDG_CACHE_HOME}" ]; then

diff --git a/elao.app/.manala/docker/make.mk.tmpl b/elao.app/.manala/docker/make.mk.tmpl
@@ -25,6 +25,7 @@ define docker_run
 		--rm \
 		--tty \
 		--interactive \
+		--privileged \
 		--hostname {{ .Vars.system.hostname }} \
 		--mount 'type=bind,consistency=delegated,source=$(realpath $(_ROOT_DIR)),target=/srv/app' \
 		--workdir /srv/app/$(_DIR) \

diff --git a/elao.app/.manala/jenkins/Jenkinsfile.tmpl b/elao.app/.manala/jenkins/Jenkinsfile.tmpl
@@ -289,7 +289,7 @@ podTemplate(
         }
 
         try {
-            appImage.inside("--network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
+            appImage.inside("--privileged --network container:${hostContainerId} --env XDG_CACHE_HOME=${appCacheHome}/app") {
                 {{- include "node" (dict "node" $integration) | trim | nindent 16 }}
             }
         } finally {