ref(router): shift things around

This follows Docker's "best practices" for structuring projects. This
also simplifies some of the build process by building everything in one
`docker build` rather than compiling nginx, then injecting it into another
chained `docker build`. The image size remains the same. This is the
same as what occurred over in builder a few months ago.

This also removes the log tailing feature to stdout in boot.go by using
symbolic links to /dev/stdout and /dev/stderr as is expected. git.log
is nonexistent and unused.

Author: Matthew Fisher

router/Dockerfile

@@ -1,14 +1,34 @@
 FROM alpine:3.1
 
 # install common packages
-RUN apk add --update-cache curl bash sudo && rm -rf /var/cache/apk/*
+RUN apk add --update-cache \
+	bash \
+	curl \
+	geoip \
+	libssl1.0 \
+	openssl \
+	pcre \
+	sudo \
+	&& rm -rf /var/cache/apk/*
 
-ADD firewall /tmp/firewall
+# install confd
+RUN curl -sSL -o /usr/local/bin/confd https://s3-us-west-2.amazonaws.com/opdemand/confd-git-73f7489 \
+  && chmod +x /usr/local/bin/confd
 
-ADD build.sh /tmp/build.sh
+# add nginx user
+RUN addgroup -S nginx && \
+  adduser -S -G nginx -H -h /opt/nginx -s /sbin/nologin -D nginx
 
-WORKDIR /tmp
+COPY rootfs /
 
-RUN mkdir -p /opt/nginx && DOCKER_BUILD=true /tmp/build.sh
+# forward request and error logs to docker
+RUN ln -sf /dev/stdout /opt/nginx/logs/access.log
+RUN ln -sf /dev/stderr /opt/nginx/logs/error.log
 
-RUN tar -C /opt/nginx -czf /nginx.tgz .
+# compile nginx from source
+RUN build
+
+CMD ["boot"]
+EXPOSE 80 2222
+
+ENV DEIS_RELEASE 1.10.0-dev

router/Makefile

@@ -4,25 +4,22 @@ include ../includes.mk
 repo_path = github.com/deis/deis/router
 
 GO_FILES = $(wildcard *.go)
-GO_PACKAGES = logger tests
+GO_PACKAGES = cmd/boot logger tests
 GO_PACKAGES_REPO_PATH = $(addprefix $(repo_path)/,$(GO_PACKAGES))
 
-SHELL_SCRIPTS = $(shell find "." -name '*.sh') $(wildcard image/bin/*)
+SHELL_SCRIPTS = $(shell find "." -name '*.sh') $(wildcard rootfs/bin/*)
 
 COMPONENT = $(notdir $(repo_path))
 IMAGE = $(IMAGE_PREFIX)$(COMPONENT):$(BUILD_TAG)
 DEV_IMAGE = $(REGISTRY)$(IMAGE)
 BUILD_IMAGE = $(COMPONENT)-build
-BINARY_DEST_DIR = image/bin
+BINARY_DEST_DIR = rootfs/bin
 
 build: check-docker
-	docker build -t $(BUILD_IMAGE) .
-	docker cp `docker run -d $(BUILD_IMAGE) /bin/bash`:/nginx.tgz image/
-	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 godep go build -a -installsuffix -v -ldflags '-s' -o $(BINARY_DEST_DIR)/boot boot.go || exit 1
-	@$(call check-static-binary,image/bin/boot)
-	docker build -t $(IMAGE) image
-	rm image/nginx.tgz
-	rm image/bin/boot
+	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 godep go build -a -installsuffix -v -ldflags '-s' -o $(BINARY_DEST_DIR)/boot cmd/boot/boot.go || exit 1
+	@$(call check-static-binary,rootfs/bin/boot)
+	docker build -t $(IMAGE) .
+	rm rootfs/bin/boot
 
 clean: check-docker check-registry
 	docker rmi $(IMAGE)
@@ -70,7 +67,7 @@ test-style:
 # display output, then check
 	$(GOFMT) $(GO_PACKAGES) $(GO_FILES)
 	@$(GOFMT) $(GO_PACKAGES) $(GO_FILES) | read; if [ $$? == 0 ]; then echo "gofmt check failed."; exit 1; fi
-	$(GOVET) $(repo_path) $(GO_PACKAGES_REPO_PATH)
+	$(GOVET) $(GO_PACKAGES_REPO_PATH)
 	$(GOLINT) ./...
 	shellcheck $(SHELL_SCRIPTS)
 

router/boot.go router/cmd/boot/boot.gorouter/boot.go renamed to router/cmd/boot/boot.go

@@ -11,7 +11,6 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/ActiveState/tail"
 	"github.com/Sirupsen/logrus"
 	"github.com/coreos/go-etcd/etcd"
 
@@ -21,11 +20,8 @@ import (
 var log = logrus.New()
 
 const (
-	timeout        time.Duration = 10 * time.Second
-	ttl            time.Duration = timeout * 2
-	gitLogFile     string        = "/opt/nginx/logs/git.log"
-	nginxAccessLog string        = "/opt/nginx/logs/access.log"
-	nginxErrorLog  string        = "/opt/nginx/logs/error.log"
+	timeout time.Duration = 10 * time.Second
+	ttl     time.Duration = timeout * 2
 )
 
 func main() {
@@ -65,10 +61,6 @@ func main() {
 	setDefaultEtcd(client, etcdPath+"/gzip", "on")
 
 	log.Info("Starting Nginx...")
-	// tail the logs
-	go tailFile(nginxAccessLog)
-	go tailFile(nginxErrorLog)
-	go tailFile(gitLogFile)
 
 	nginxChan := make(chan bool)
 	go launchNginx(nginxChan)
@@ -87,7 +79,6 @@ func main() {
 
 	exitChan := make(chan os.Signal, 2)
 	signal.Notify(exitChan, syscall.SIGTERM, syscall.SIGINT)
-	go cleanOnExit(exitChan)
 	<-exitChan
 }
 
@@ -106,19 +97,13 @@ func launchCron() {
 	}
 }
 
-func cleanOnExit(exitChan chan os.Signal) {
-	for _ = range exitChan {
-		tail.Cleanup()
-	}
-}
-
 // Wait until the compilation of the templates
 func waitForInitialConfd(etcd string, timeout time.Duration) {
 	for {
 		var buffer bytes.Buffer
 		output := bufio.NewWriter(&buffer)
 		log.Debugf("Connecting to etcd server %s", etcd)
-		cmd := exec.Command("confd", "-node", etcd, "--confdir", "/app", "-onetime", "--log-level", "error")
+		cmd := exec.Command("confd", "-node", etcd, "-onetime", "--log-level", "error")
 		cmd.Stdout = output
 		cmd.Stderr = output
 
@@ -135,7 +120,7 @@ func waitForInitialConfd(etcd string, timeout time.Duration) {
 }
 
 func launchConfd(etcd string) {
-	cmd := exec.Command("confd", "-node", etcd, "--confdir", "/app", "--log-level", "error", "--interval", "5")
+	cmd := exec.Command("confd", "-node", etcd, "--log-level", "error", "--interval", "5")
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 
@@ -169,15 +154,6 @@ func launchNginx(nginxChan chan bool) {
 	}
 }
 
-func tailFile(path string) {
-	mkfifo(path)
-	t, _ := tail.TailFile(path, tail.Config{Follow: true})
-
-	for line := range t.Lines {
-		log.Info(line.Text)
-	}
-}
-
 func mkfifo(path string) {
 	os.Remove(path)
 	if err := syscall.Mkfifo(path, syscall.S_IFIFO|0666); err != nil {

router/image/Dockerfile

@@ -1,30 +1,12 @@
 #!/usr/bin/env bash
 
-# fail on any command exiting non-zero
-set -eo pipefail
+set -eof pipefail
 
-if [[ -z $DOCKER_BUILD ]]; then
-  echo
-  echo "Note: this script is intended for use by the Dockerfile and not as a way to build the router locally"
-  echo
-  exit 1
-fi
-
-function get_src {
-  hash="$1"
-  url="$2"
-  f=$(basename "$url")
-
-  curl -sSL "$url" -o "$f"
-  echo "$hash  $f" | sha256sum -c - || exit 10
-  tar xzf "$f"
-  rm "$f"
-}
-
-export VERSION_NGINX=nginx-1.9.3
-export VERSION_NAXSI=0d53a64ed856e694fcb4038748c8cf6d5551a603
-export VERSION_NDK=0.2.19
-export VERSION_SETMISC=0.29
+export NGINX_VERSION=1.9.3
+export NAXSI_VERSION=0d53a64ed856e694fcb4038748c8cf6d5551a603
+export NDK_VERSION=0.2.19
+export VTS_VERSION=22c51e201a550bb94e96239fef541347beb4eeca
+export SETMISC_VERSION=0.29
 
 export BUILD_PATH=/tmp/build
 
@@ -52,23 +34,23 @@ apk add --update-cache \
 
 # download, verify and extract the source files
 get_src 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb \
-        "http://nginx.org/download/$VERSION_NGINX.tar.gz"
+        "http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
 
 get_src 128b56873eedbd3f240dc0f88a8b260d791321db92f14ba2fc5c49fc5307e04d \
-        "https://github.com/nbs-system/naxsi/archive/$VERSION_NAXSI.tar.gz"
+        "https://github.com/nbs-system/naxsi/archive/$NAXSI_VERSION.tar.gz"
 
 get_src 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 \
-        "https://github.com/simpl/ngx_devel_kit/archive/v$VERSION_NDK.tar.gz"
+        "https://github.com/simpl/ngx_devel_kit/archive/v$NDK_VERSION.tar.gz"
 
 get_src 8d280fc083420afb41dbe10df9a8ceec98f1d391bd2caa42ebae67d5bc9295d8 \
-        "https://github.com/openresty/set-misc-nginx-module/archive/v$VERSION_SETMISC.tar.gz"
+        "https://github.com/openresty/set-misc-nginx-module/archive/v$SETMISC_VERSION.tar.gz"
 
 # replace with a release instead a commit once e06a618e5780b4b94b21cab37d61820dcd3bb585 is contained in one.
 get_src 47340cf0c711b10a0231fca9264d73ea791ff8420b823b0295ae3df2d968a205 \
-        "https://github.com/vozlt/nginx-module-vts/archive/22c51e201a550bb94e96239fef541347beb4eeca.tar.gz"
+        "https://github.com/vozlt/nginx-module-vts/archive/$VTS_VERSION.tar.gz"
 
 # build nginx
-cd "$BUILD_PATH/$VERSION_NGINX"
+cd "$BUILD_PATH/nginx-$NGINX_VERSION"
 
 ./configure \
   --prefix="$PREFIX" \
@@ -89,10 +71,22 @@ cd "$BUILD_PATH/$VERSION_NGINX"
   --with-mail \
   --with-mail_ssl_module \
   --with-stream \
-  --add-module="$BUILD_PATH/naxsi-$VERSION_NAXSI/naxsi_src" \
-  --add-module="$BUILD_PATH/ngx_devel_kit-$VERSION_NDK" \
-  --add-module="$BUILD_PATH/set-misc-nginx-module-$VERSION_SETMISC" \
-  --add-module="$BUILD_PATH/nginx-module-vts-22c51e201a550bb94e96239fef541347beb4eeca" \
+  --add-module="$BUILD_PATH/naxsi-$NAXSI_VERSION/naxsi_src" \
+  --add-module="$BUILD_PATH/ngx_devel_kit-$NDK_VERSION" \
+  --add-module="$BUILD_PATH/set-misc-nginx-module-$SETMISC_VERSION" \
+  --add-module="$BUILD_PATH/nginx-module-vts-$VTS_VERSION" \
   && make && make install
 
-mv /tmp/firewall /opt/nginx/firewall
+rm -rf "$BUILD_PATH"
+apk del \
+  build-base \
+  curl \
+  geoip-dev \
+  libcrypto1.0 \
+  libpcre32 \
+  patch \
+  pcre-dev \
+  openssl-dev \
+  zlib \
+  zlib-dev
+rm -rf /var/cache/apk/*

router/build.sh router/rootfs/bin/buildrouter/build.sh renamed to router/rootfs/bin/build

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+hash="$1"
+url="$2"
+f=$(basename "$url")
+
+curl -sSL "$url" -o "$f"
+echo "$hash  $f" | sha256sum -c - || exit 10
+tar xzf "$f"
+rm "$f"