diff --git a/docker/Dockerfile b/docker/Dockerfile index 476b266a4..35102e4d6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,46 +1,49 @@ # Build a docker image from latest YaCy sources -# Base image : latest stable Debian -FROM debian:latest - -# Install needed packages -RUN apt-get update && apt-get install -yq \ - default-jdk \ - default-jre-headless \ - ant \ - git +# Base image : latest stable official jdk image from Docker (Debian based) +FROM java:latest + +# Install needed packages not in base image +RUN apt-get update && apt-get install -yq curl + +# trace java version +RUN java -version # set current working dir WORKDIR /opt -# clone main YaCy git repository (we need to clone git repository to generate correct version when building from source) -RUN git clone https://github.com/yacy/yacy_search_server.git +# All in one step to reduce image size growth : +# - install ant and git packages +# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source) +# - Compile with ant +# - remove unnecessary and size consuming .git directory +# - remove ant and git packages +RUN apt-get update && \ + apt-get install -yq ant git && \ + git clone https://github.com/yacy/yacy_search_server.git && \ + ant compile -f /opt/yacy_search_server/build.xml && \ + rm -rf /opt/yacy_search_server/.git && \ + apt-get purge -yq --auto-remove ant git && \ + apt-get clean -# trace content of source directory -RUN ls -la /opt/yacy_search_server - -# set current working dir -WORKDIR /opt/yacy_search_server - -# Compile with ant -RUN ant compile # Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) RUN sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init -# make some cleaning to reduce image size -RUN rm -rf .git \ - && apt-get purge -yq --auto-remove \ - default-jdk \ - ant \ - git \ - && apt-get clean +# Create user and group yacy : this user will be used to run YaCy main process +RUN adduser --system --group --no-create-home --disabled-password yacy + +# Set ownership of yacy install directory to yacy user/group +RUN chown yacy:yacy -R /opt/yacy_search_server # Expose port 8090 EXPOSE 8090 -# Set data volume : can be used to persist yacy data and configuration +# Set data volume : yacy data and configuration will persist aven after container stop or destruction VOLUME ["/opt/yacy_search_server/DATA"] -# Start yacy ind debug mode (-d) to display console logs and to wait for yacy process +# Next commands run as yacy as non-root user for improved security +USER yacy + +# Start yacy in debug mode (-d) to display console logs and to wait for yacy process CMD sh /opt/yacy_search_server/startYACY.sh -d diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine new file mode 100755 index 000000000..497dd70ed --- /dev/null +++ b/docker/Dockerfile.alpine @@ -0,0 +1,81 @@ +# Build a docker image from latest YaCy sources on Alpine Linux + +# Base image : latest stable official jdk image from Docker based on Alpine Linux +FROM java:alpine + +# trace java version +RUN java -version + +# Install needed packages not in base image +RUN apk update && \ + apk add --no-cache curl + +# set current working dir +WORKDIR /tmp + +# --- Begin of apache ant install : from binary distribution because ant is not in alpine packages + +# set ant version once in a environment variable +ENV ANT_VERSION 1.9.7 + +# All in one step to reduce image size growth : +# - add gnupg package +# - get ant binary file from a mirror and PGP file signature from main repository +# - import gpg keys from main repository and verify binary file signature +# - extract binary, make /opt directory, move extracted ant to /opt/ant +# - remove archive and gnupg package +RUN apk update && \ + apk add --no-cache gnupg && \ + curl -fSL http://www.eu.apache.org/dist//ant/binaries/apache-ant-${ANT_VERSION}-bin.tar.gz -o apache-ant-${ANT_VERSION}-bin.tar.gz && \ + curl -fSL https://www.apache.org/dist/ant/binaries/apache-ant-${ANT_VERSION}-bin.tar.gz.asc -o apache-ant-${ANT_VERSION}-bin.tar.gz.asc && \ + curl -fSL https://www.apache.org/dist/ant/KEYS | gpg --import && \ + gpg --verify apache-ant-${ANT_VERSION}-bin.tar.gz.asc && \ + tar xzf apache-ant-${ANT_VERSION}-bin.tar.gz && \ + mkdir /opt && \ + mv apache-ant-${ANT_VERSION} /opt/ant && \ + rm -f apache-ant-${ANT_VERSION}-bin.tar.gz && \ + apk del gnupg + +# set ant required environment variables +ENV ANT_HOME /opt/ant +ENV PATH ${PATH}:/opt/ant/bin + +# --- End of apache ant install + +# set current working dir +WORKDIR /opt + +# All in one step to reduce image size growth : +# - add git package +# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source) +# - compile with apache ant +# - remove unnecessary and size consuming .git directory +# - delete git package and ant binary install +RUN apk update && \ + apk add --no-cache git && \ + git clone https://github.com/yacy/yacy_search_server.git && \ + ant compile -f /opt/yacy_search_server/build.xml && \ + rm -rf /opt/yacy_search_server/.git && \ + rm -rf /opt/ant && \ + apk del git + +# Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) +RUN sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init + +# Create user and group yacy : this user will be used to run YaCy main process +RUN addgroup yacy && adduser -S -G yacy -H -D yacy + +# Set ownership of yacy install directory to yacy user/group +RUN chown yacy:yacy -R /opt/yacy_search_server + +# Expose port 8090 +EXPOSE 8090 + +# Set data volume : yacy data and configuration will persist aven after container stop or destruction +VOLUME ["/opt/yacy_search_server/DATA"] + +# Next commands run as yacy as non-root user for improved security +USER yacy + +# Start yacy in debug mode (-d) to display console logs and to wait for yacy process +CMD sh /opt/yacy_search_server/startYACY.sh -d diff --git a/docker/Readme.md b/docker/Readme.md index a49057d91..7471d05ae 100755 --- a/docker/Readme.md +++ b/docker/Readme.md @@ -2,6 +2,11 @@ [![Deploy to Docker Cloud](https://files.cloud.docker.com/images/deploy-to-dockercloud.svg)](https://cloud.docker.com/stack/deploy/?repo=https://github.com/luccioman/yacy_search_server/tree/docker/docker) +## Supported tags and respective Dockerfiles + +* latest (Dockerfile) +* lastet-alpine (Dockerfile.alpine) + ## Getting built image from Docker Hub docker pull luccioman/yacy @@ -15,6 +20,16 @@ Using yacy_search_server/docker/Dockerfile : cd yacy_search_server/docker docker build . +## Image variants + +`luccioman/yacy:latest` + +This image is based on latest stable official Debian [java](https://hub.docker.com/_/java/) image provided by Docker. Embed Yacy compiled from latest git repository sources. + +`luccioman/yacy:latest-alpine` + +This image is based on latest stable official Alpine Linux [java](https://hub.docker.com/_/java/) image provided by Docker. Embed Yacy compiled from latest git repository sources. + ## Default admin account login : admin @@ -36,17 +51,32 @@ You can retrieve the container IP address with `docker inspect`. #### Easier to handle - docker run --name yacy -p 8090:8090 luccioman/yacy + docker run --name yacy -p 8090:8090 --log-opt max-size=100m --log-opt max-file=2 luccioman/yacy + +##### Options detail + +* --name : allow easier management of your container (without it, docker automatically generate a new name at each startup). +* -p : map host port and container port, allowing web interface access through the usual http://localhost:8090. +* --log-opt max-size : limit maximum docker log file size for this container +* --log-opt max-file : limit number of docker rotated log files for this container + +Note : if you do not specify the log related options, when running a YaCy container 24hour a day with default log level, your Docker container log file will grow up to some giga bytes in a few days! + +#### Handle persistent data volume + +As configured in the Dockerfile, by default yacy data (in /opt/yacy_search_server/DATA) will persist after container stop or deletion, in a volume with an automatically generated id. + +But you may map a host directory to hold yacy data in container : + + docker run -v [/your_host/data/directory]:/opt/yacy_search_server/DATA luccioman/yacy ---name option allow easier management of your container (without it, docker automatically generate a new name at each startup). +Or just use a volume label to help identify it later --p option map host port and container port, allowing web interface access through the usual http://localhost:8090. + docker run -v yacy_volume:/opt/yacy_search_server/DATA luccioman/yacy -#### With persistent data volume +Note that you can list all docker volumes with : - docker run -v [your_host/data/directory]:/opt/yacy_search_server/DATA luccioman/yacy - -This allow your container to reuse a data directory form the host. + docker volume ls #### As background process @@ -65,3 +95,41 @@ This allow your container to reuse a data directory form the host. ### Shutdown * Use "Shutdown" button in administration web interface +* OR run : + + docker exec [your_container_name] /opt/yacy_search_server/stopYACY.sh + +### Upgrade + +You can upgrade your YaCy container the Docker way with the following commands sequence. + +Get latest Docker image : + + docker pull luccioman/yacy:latest +OR + docker pull luccioman/yacy:latest-alpine + +Create new container based on pulled image, using volume data from old container : + + docker create --name [tmp-container_name] -p 8090:8090 --volumes-from=[container_name] luccioman/yacy:latest + +Stop old container : + + docker exec [container_name] /opt/yacy_search_server/stopYACY.sh + + +Start new container : + + docker start [tmp-container_name] + +Check everything works fine, then you can delete old container : + + docker rm [container_name] + +Rename new container to reuse same container name : + + docker rename [tmp-container_name] [container_name] + +## License + +View [license](https://github.com/yacy/yacy_search_server/blob/master/COPYRIGHT) information for the software contained in this image. \ No newline at end of file diff --git a/readme.mediawiki b/readme.mediawiki index 7848a276f..6e223ed89 100644 --- a/readme.mediawiki +++ b/readme.mediawiki @@ -99,6 +99,13 @@ http://:8090/ConfigAccounts_p.html and set an administration account. +== CAN I RUN YACY IN A VIRTUAL MACHINE OR A CONTAINER == +YaCy runs fine in virtual machines managed by software such as VirtualBox or VMware. + +Container technology may be more flexible and lightweight and also works fine with YaCy. + +More details for YaCy with Docker [[docker/Readme.md|here]]. + == PORT 8090 IS BAD, PEOPLE ARE NOT ALLOWED TO ACCESS THAT PORT == You can forward port 80 to 8090 with iptables: