Update docker build & documentation (#3429)

* Update Dockerfile & Documentation

- Reverts the pre-build stage with GEM_HOME as it broke things. I've
found a solution which is quite as much compact, but it takes a longer
time to build. Closes Issue #3331
- Improve the docker documentation. Closses Issue #3336
- Remove examples/podman-compose as it is described in the docker
documentation.
- fix rake build_container to comply with the tags in the new GitHub CI.

CHANGELOG.md

@@ -10,12 +10,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ### Changed
 - docker image: updated github CI to explicitly build tag versions (@robertcheramy)
+- docker image: update rake build_container to match the tags of GitHub CI (@robertcheramy)
 
 ### Fixed
 - powerconnect: Remove undesirable inserted blank lines during pagination. Fixes #3413 (@clifcox)
-- docker image: remove ubuntu user introduced in noble (@robertcheramy)
-- docker image: correct rights under /home/oxidized (@robertcheramy)
-
+- docker image: remove ubuntu user introduced in noble. Fixes #3336 (@robertcheramy)
+- docker image: correct rights under /home/oxidized. Fixes #3336 (@robertcheramy)
+- docker image: revert the use of GEM_HOME. Fixes #3331 (@robertcheramy)
+- docker image: improve the documentation. Fixes #3336 (@robertcheramy)
+- docker image: remove examples/podman-compose as this is better documented in docs/Docker.md (@robertcheramy)
 
 ## [0.32.1 – 2025-02-20]
 This minor release fixes a javascript issue in oxidized-web, which is included

Dockerfile

@@ -1,44 +1,3 @@
-###################
-# Stage 1: Prebuild to save space in the final image.
-
-FROM docker.io/phusion/baseimage:noble-1.0.0 AS prebuilder
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-# install necessary packages for building gems
-RUN apt-get -yq update && apt-get install -yq --no-install-recommends \
-    build-essential \
-    git \
-    ruby-dev \
-    && rm -rf /var/lib/apt/lists/*
-
-# create bundle directory
-RUN mkdir -p /usr/local/bundle
-ENV GEM_HOME=/usr/local/bundle
-
-###################
-# Install the x25519 gem
-RUN gem install x25519 --no-document
-
-
-###################
-# build oxidized
-COPY . /tmp/oxidized/
-WORKDIR /tmp/oxidized
-
-# docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed
-RUN git fetch --unshallow || true
-
-# Remove any older gems of oxidized if they exist
-RUN rm pkg/* || true
-
-# Build oxidized
-RUN rake build
-
-
-###################
-# Stage2: build an oxidized container from phusion/baseimage-docker and install
-# gems from stage1
 FROM docker.io/phusion/baseimage:noble-1.0.0
 
 ENV DEBIAN_FRONTEND=noninteractive
@@ -70,9 +29,9 @@ COPY extra/auto-reload-config.runit /etc/service/auto-reload-config/run
 COPY extra/update-ca-certificates.runit /etc/service/update-ca-certificates/run
 
 # set up dependencies for the build process
-RUN apt-get -yq update \
-    && apt-get -yq upgrade \
-    && apt-get -yq --no-install-recommends install ruby \
+RUN apt-get -qy update \
+    && apt-get -qy upgrade \
+    && apt-get -qy --no-install-recommends install ruby \
     # Build process of oxidized from git (beloww)
     git \
     # Allow git send-email from docker image
@@ -97,13 +56,6 @@ RUN apt-get -yq update \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-# copy the compiled gem from the builder stage
-COPY --from=prebuilder /usr/local/bundle /usr/local/bundle
-
-# Set environment variables for bundler
-ENV GEM_HOME="/usr/local/bundle"
-ENV PATH="$GEM_HOME/bin:$PATH"
-
 # gems not available in ubuntu noble
 RUN gem install --no-document \
     # dependencies for hooks
@@ -113,11 +65,25 @@ RUN gem install --no-document \
     # Net scp is needed in Version >= 4.1.0, which is not available in ubuntu
     net-scp
 
-# install oxidized from prebuilder
-# The Dockerfile ist version-independent, so use oxidized-*.gem to cach the gem
-RUN mkdir -p /tmp/oxidized
-COPY --from=prebuilder /tmp/oxidized/pkg/oxidized-*.gem /tmp/oxidized/
-RUN gem install /tmp/oxidized/oxidized-*.gem
+# Prepare the build of oxidized, copy our workig directory in the container
+COPY . /tmp/oxidized/
+WORKDIR /tmp/oxidized
+
+# Install gems which needs a build environment
+RUN apt-get -qy update && \
+    apt-get -qy install --no-install-recommends \
+                        build-essential git ruby-dev && \
+    ##### X25519 (a.k.a. Curve25519) Elliptic Curve Diffie-Hellman
+    gem install x25519 && \
+    ##### build & install oxidized from the working repository
+    # docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed
+    git fetch --unshallow || true && \
+    rake install && \
+    # remove the packages we do not need.
+    apt-get -qy remove build-essential git ruby-dev && \
+    apt-get -qy autoremove && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # install oxidized-web
 RUN gem install oxidized-web --no-document

README.md

@@ -37,8 +37,7 @@ Check out the [Oxidized TREX 2014 presentation](http://youtu.be/kBQ_CTUuqeU?t=3h
     * [CentOS, Oracle Linux, Red Hat Linux](#centos-oracle-linux-red-hat-linux)
     * [FreeBSD](#freebsd)
     * [Build from Git](#build-from-git)
-    * [Docker](#running-with-docker)
-    * [Podman-Compose](#running-with-podman-compose)
+    * [Docker & Podman](docs/Docker.md)
     * [Installing Ruby 2.3 using RVM](#installing-ruby-23-using-rvm)
 3. [Initial Configuration](#configuration)
 4. [Configuration](docs/Configuration.md)
@@ -155,99 +154,8 @@ gem install bundler
 rake install
 ```
 
-### Running with Docker
-
-Currently, Docker Hub automatically builds the master branch for linux/amd64
-and linux/arm64 platforms as
-[oxidized/oxidized](https://hub.docker.com/r/oxidized/oxidized/). Each official
-release also gets its own tag.
-You can make use of this container or build your own.
-
-To build your own, clone git repo:
-
-```shell
-git clone https://github.com/ytti/oxidized
-```
-
-Then, build the container locally (requires docker 17.05.0-ce or higher):
-
-```shell
-docker build -q -t oxidized/oxidized:latest oxidized/
-```
-
-Once you've built the container (or chosen to make use of the automatically built container in Docker Hub, which will be downloaded for you by docker on the first `run` command had you not built it), proceed as follows:
-
-Create a configuration directory in the host system:
-
-```shell
-mkdir /etc/oxidized
-```
-
-Run the container for the first time to initialize the config:
-
-_Note: this step in only required for creating the Oxidized configuration file and can be skipped if you already have one._
-
-```shell
-docker run --rm -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp --user oxidized -t oxidized/oxidized:latest oxidized
-```
-
-If the RESTful API and Web Interface are enabled, on the docker host running the container
-edit `/etc/oxidized/config` and modify `rest: 127.0.0.1:8888` to `rest: 0.0.0.0:8888`. This will bind port 8888 to all interfaces, and expose the port so that it could be accessed externally. [(Issue #445)](https://github.com/ytti/oxidized/issues/445)
-
-Alternatively, you can use docker-compose to launch the oxidized container:
-
-```yaml
-# docker-compose.yml
-# docker-compose file example for oxidized that will start along with docker daemon
----
-version: "3"
-services:
-  oxidized:
-    restart: always
-    image: oxidized/oxidized:latest
-    ports:
-      - 8888:8888/tcp
-    environment:
-      CONFIG_RELOAD_INTERVAL: 600
-    volumes:
-       - config:/home/oxidized/.config/oxidized/
-volumes:
-  config:
-```
-
-Create the `/etc/oxidized/router.db` (see [CSV Source](docs/Sources.md#source-csv) for further info):
-
-```shell
-vim /etc/oxidized/router.db
-```
-
-Run container again to start oxidized with your configuration:
-
-```shell
-docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest
-oxidized[1]: Oxidized starting, running as pid 1
-oxidized[1]: Loaded 1 nodes
-Puma 2.13.4 starting...
-* Min threads: 0, max threads: 16
-* Environment: development
-* Listening on tcp://0.0.0.0:8888
-```
-
-If you want to have the config automatically reloaded (e.g. when using a http source that changes):
-
-```shell
-docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest
-```
-
-If you need to use an internal CA (e.g. to connect to an private github instance):
-
-```shell
-docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -v /path/to/MY-CA.crt:/usr/local/share/ca-certificates/MY-CA.crt -p 8888:8888/tcp -e UPDATE_CA_CERTIFICATES=true -t oxidized/oxidized:latest
-```
-
-### Running with podman-compose
-Under [examples/podman-compose](examples/podman-compose), you will find a complete
-example of how to integrate the container into a docker-compose.yml file.
+### Running with Docker od Podman
+See [docs/Docker.md](docs/Docker.md)
 
 ### Installing Ruby 2.3 using RVM
 

Rakefile

@@ -95,15 +95,19 @@ end
 
 desc 'Build the container image with docker or podman'
 task :build_container do
+  branch_name = %x(git rev-parse --abbrev-ref HEAD).chop
+  sha_hash = %x(git rev-parse --short HEAD).chop
+  image_tag = "#{branch_name}-#{sha_hash}"
+
   # Prefer podman if available as it runs rootless
   if command_available?('podman')
-    sh 'podman build -t oxidized:`git describe --tags` -t oxidized:latest .'
+    sh "podman build -t oxidized:#{image_tag} -t oxidized:latest ."
   elsif command_available?('docker')
     if docker_needs_root?
       puts 'docker needs root to build the image. Using sudo...'
-      sh 'sudo docker build -t oxidized:`git describe --tags` -t oxidized:latest .'
+      sh "sudo docker build -t oxidized:#{image_tag} -t oxidized:latest ."
     else
-      sh 'docker build -t oxidized:`git describe --tags` -t oxidized:latest .'
+      sh "docker build -t oxidized:#{image_tag} -t oxidized:latest ."
     end
   else
     puts 'You need Podman or Docker to build the container image.'