Image build improvements and updates

includes:

* run as canvasuser
* use nodesource script
* asset building prep
* removing a couple deprecated files
* using updated bundler version

Dockerfile

@@ -5,18 +5,13 @@ MAINTAINER Jay Luker <jay_luker@harvard.edu>
 ENV POSTGRES_VERSION 9.3
 ENV RAILS_ENV development
 
-# enable https repos and add in nodesource repo
-RUN apt-get -y install apt-transport-https
-COPY assets/nodesource.list /etc/apt/sources.list.d/nodesource.list
-ADD https://deb.nodesource.com/gpgkey/nodesource.gpg.key /tmp/nodesource.gpg.key
-RUN apt-key add /tmp/nodesource.gpg.key
-
 # add nodejs and recommended ruby repos
 RUN apt-get update \
-    && apt-get -y install software-properties-common python-software-properties \
+    && apt-get -y install curl software-properties-common \
     && add-apt-repository ppa:brightbox/ppa \
     && add-apt-repository ppa:brightbox/ruby-ng \
     && apt-get update
+RUN curl -sL https://deb.nodesource.com/setup_0.12 | bash
 
 # install deps for building/running canvas
 RUN apt-get install -y \
@@ -31,41 +26,55 @@ RUN apt-get install -y \
     && apt-get clean \
     && rm -Rf /var/cache/apt
 
-RUN gem install bundler --version 1.10.3
+RUN gem install bundler --version 1.11.2
 
 # Set the locale to avoid active_model_serializers bundler install failure
 RUN locale-gen en_US.UTF-8
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
 ENV LC_ALL en_US.UTF-8
 
-# install canvas
-RUN cd /opt \
-    && git clone https://github.com/instructure/canvas-lms.git \
-    && cd /opt/canvas-lms \
-    && bundle install --path vendor/bundle --without="mysql"
+RUN groupadd -r canvasuser -g 433 && \
+    adduser --uid 431 --system --gid 433 --home /opt/canvas --shell /sbin/nologin canvasuser && \
+    adduser canvasuser sudo && \
+    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+RUN cd /opt/canvas \
+    && git clone https://github.com/instructure/canvas-lms.git
+
+COPY assets/database.yml /opt/canvas/canvas-lms/config/database.yml
+COPY assets/redis.yml /opt/canvas/canvas-lms/config/redis.yml
+COPY assets/cache_store.yml /opt/canvas/canvas-lms/config/cache_store.yml
+COPY assets/development-local.rb /opt/canvas/canvas-lms/config/environments/development-local.rb
+COPY assets/outgoing_mail.yml /opt/canvas/canvas-lms/config/outgoing_mail.yml
+COPY assets/supervisord.conf /etc/supervisor/supervisord.conf
+
+COPY assets/dbinit.sh /opt/canvas/dbinit.sh
+COPY assets/pg_hba.conf /etc/postgresql/9.3/main/pg_hba.conf
+RUN sed -i "/^#listen_addresses/i listen_addresses='*'" /etc/postgresql/9.3/main/postgresql.conf
+COPY assets/start.sh /opt/canvas/start.sh
+
+RUN chmod 755 /opt/canvas/*.sh
+RUN chown -R canvasuser: /opt/canvas
+
+WORKDIR /opt/canvas/canvas-lms
+USER canvasuser
+
+RUN bundle install --path vendor/bundle --without="mysql"
 
 # config setup
-RUN cd /opt/canvas-lms \
-    && for config in amazon_s3 delayed_jobs domain file_store outgoing_mail security external_migration \
+RUN for config in amazon_s3 delayed_jobs domain file_store security external_migration \
        ; do cp config/$config.yml.example config/$config.yml \
        ; done
 
-RUN cd /opt/canvas-lms \
-    && npm install --unsafe-perm \
-    && bundle exec rake canvas:compile_assets
+RUN mkdir -p log tmp/pids public/assets public/stylesheets/compiled \
+    && touch Gemmfile.lock
 
-COPY assets/database.yml /opt/canvas-lms/config/database.yml
-COPY assets/redis.yml /opt/canvas-lms/config/redis.yml
-COPY assets/cache_store.yml /opt/canvas-lms/config/cache_store.yml
-COPY assets/development-local.rb /opt/canvas-lms/config/environments/development-local.rb
-COPY assets/outgoing_mail.yml /opt/canvas-lms/config/outgoing_mail.yml
-COPY assets/supervisord.conf /etc/supervisor/supervisord.conf
-COPY assets/dbinit.sh /dbinit.sh
-COPY assets/dbconf.sh /dbconf.sh
-RUN chmod 755 /dbconf.sh /dbinit.sh
+RUN npm install \
+    && bundle exec rake canvas:compile_assets \
+    && sudo npm install -g coffee-script@1.6.2
 
-RUN /dbconf.sh && service postgresql start && /dbinit.sh
+RUN sudo service postgresql start && /opt/canvas/dbinit.sh
 
 # postgres
 EXPOSE 5432
@@ -74,6 +83,5 @@ EXPOSE 6379
 # canvas
 EXPOSE 3000
 
-COPY assets/start.sh /start.sh
-
-CMD ["/start.sh"]
+USER root
+CMD ["/opt/canvas/start.sh"]

assets/cache_store.yml

@@ -3,3 +3,4 @@ test:
 
 development:
   cache_store: redis_store
+

assets/dbinit.sh

@@ -12,11 +12,11 @@ export CANVAS_LMS_ADMIN_PASSWORD="canvas"
 export CANVAS_LMS_ACCOUNT_NAME="Canvas Docker"
 export CANVAS_LMS_STATS_COLLECTION="opt_out"
 
-cd /opt/canvas-lms \
+cd /opt/canvas/canvas-lms \
     && bundle exec rake db:initial_setup
 
-psql -U canvas -d canvas_development -c "INSERT INTO developer_keys (api_key, email, name, redirect_uri, tool_id) VALUES ('test_developer_key', 'canvas@example.edu', 'DCE Course Admin', 'http://localhost:8000', 'canvas-docker');"
+psql -U canvas -d canvas_$RAILS_ENV -c "INSERT INTO developer_keys (api_key, email, name, redirect_uri, tool_id) VALUES ('test_developer_key', 'canvas@example.edu', 'DCE Course Admin', 'http://localhost:8000', 'canvas-docker');"
 
 # 'crypted_token' value is hmac sha1 of 'canvas-docker' using default config/security.yml encryption_key value as secret
-psql -U canvas -d canvas_development -c "INSERT INTO access_tokens (created_at, crypted_token, developer_key_id, purpose, token_hint, updated_at, user_id) VALUES ('2015-07-01 19:33:37.596812', '4bb5b288bb301d3d4a691ebff686fc67ad49daa8', 1, 'canvas-docker', '', '2015-07-01 19:33:37.596812', 1);"
+psql -U canvas -d canvas_$RAILS_ENV -c "INSERT INTO access_tokens (created_at, crypted_token, developer_key_id, purpose, token_hint, updated_at, user_id) VALUES ('2015-07-01 19:33:37.596812', '4bb5b288bb301d3d4a691ebff686fc67ad49daa8', 1, 'canvas-docker', '', '2015-07-01 19:33:37.596812', 1);"
 

assets/dbconf.sh → assets/pg_hba.conf

@@ -1,10 +1,3 @@
-#!/bin/sh
-
-# listen for remote connections
-sed -i "/^#listen_addresses/i listen_addresses='*'" /etc/postgresql/$POSTGRES_VERSION/main/postgresql.conf
-
-cat > /etc/postgresql/$POSTGRES_VERSION/main/pg_hba.conf <<EOS
-# Generated by dbconf.sh
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 
 # "local" is for Unix domain socket connections only
@@ -14,5 +7,4 @@ local   all         all                               trust
 host    all         all         127.0.0.1/32          trust
 
 # all remote connections from ips in docker's default netmask
-host    all         all         172.17.0.0/16         trust
-EOS
+host    all         all         172.17.0.0/16         trust

assets/start.sh

@@ -2,10 +2,10 @@
 
 set -e
 
-sed -i "s/EMAIL_DELIVERY_METHOD/${EMAIL_DELIVERY_METHOD-test}/" /opt/canvas-lms/config/outgoing_mail.yml
-sed -i "s/SMTP_ADDRESS/${SMTP_ADDRESS-localhost}/" /opt/canvas-lms/config/outgoing_mail.yml
-sed -i "s/SMTP_PORT/${SMTP_PORT-25}/" /opt/canvas-lms/config/outgoing_mail.yml
-sed -i "s/SMTP_USER/${SMTP_USER-}/" /opt/canvas-lms/config/outgoing_mail.yml
-sed -i "s/SMTP_PASS/${SMTP_PASS-}/" /opt/canvas-lms/config/outgoing_mail.yml
+sed -i "s/EMAIL_DELIVERY_METHOD/${EMAIL_DELIVERY_METHOD-test}/" /opt/canvas/canvas-lms/config/outgoing_mail.yml
+sed -i "s/SMTP_ADDRESS/${SMTP_ADDRESS-localhost}/" /opt/canvas/canvas-lms/config/outgoing_mail.yml
+sed -i "s/SMTP_PORT/${SMTP_PORT-25}/" /opt/canvas/canvas-lms/config/outgoing_mail.yml
+sed -i "s/SMTP_USER/${SMTP_USER-}/" /opt/canvas/canvas-lms/config/outgoing_mail.yml
+sed -i "s/SMTP_PASS/${SMTP_PASS-}/" /opt/canvas/canvas-lms/config/outgoing_mail.yml
 
 exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

assets/supervisord.conf

@@ -21,12 +21,14 @@ command=/usr/bin/redis-server --daemonize no --save ""
 priority=2
 
 [program:canvas_web]
-directory=/opt/canvas-lms
+user=canvasuser
+directory=/opt/canvas/canvas-lms
 command=bundle exec rails server
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
 
 [program:canvas_worker]
-directory=/opt/canvas-lms
+user=canvasuser
+directory=/opt/canvas/canvas-lms
 command=bundle exec script/delayed_job run