Dockerfile: update image

- building different version of kresd is not properly supported
  (uses current directory with checked-out code instead of git master)
- based on debian:stable instead of alpine for easier dependency
  resolution
- moved both Dockerfile and config to more appropriate locations

diff --git a/Dockerfile b/Dockerfile
new file mode 100644 (file)
index 0000000..d2162da
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,75 @@
+# Intermediate container for Knot DNS build (not persistent)
+FROM debian:stable AS knot-dns-build
+ARG KNOT_DNS_VERSION=v2.7.2
+
+# Build dependencies
+ENV KNOT_DNS_BUILD_DEPS git-core build-essential libtool autoconf pkg-config \
+       libgnutls28-dev libprotobuf-dev libprotobuf-c-dev libfstrm-dev
+ENV KNOT_RESOLVER_BUILD_DEPS build-essential pkg-config bsdmainutils liblmdb-dev \
+       libluajit-5.1-dev libuv1-dev libprotobuf-dev libprotobuf-c-dev \
+       libfstrm-dev luajit lua-sec lua-socket
+ENV BUILDENV_DEPS ${KNOT_DNS_BUILD_DEPS} ${KNOT_RESOLVER_BUILD_DEPS}
+RUN apt-get update -qq && \
+       apt-get -y -qqq install ${BUILDENV_DEPS}
+
+# Install Knot DNS from sources
+RUN git clone -b $KNOT_DNS_VERSION --depth=1 https://gitlab.labs.nic.cz/knot/knot-dns.git /tmp/knot-dns && \
+       cd /tmp/knot-dns && \
+       autoreconf -if && \
+       ./configure --disable-static --disable-fastparser --disable-documentation \
+               --disable-daemon --disable-utilities --with-lmdb=no && \
+       make -j4 install && \
+       ldconfig
+
+# Copy libknot, libdnssec, libzscanner to runtime
+RUN mkdir -p /tmp/root/usr/local/include /tmp/root/usr/local/lib /tmp/root/usr/local/lib/pkgconfig && \
+       cp -rt /tmp/root/usr/local/include /usr/local/include/libknot /usr/local/include/libdnssec /usr/local/include/libzscanner && \
+       cp -rt /tmp/root/usr/local/lib /usr/local/lib/libknot* /usr/local/lib/libdnssec* /usr/local/lib/libzscanner* && \
+       cp -rt /tmp/root/usr/local/lib/pkgconfig /usr/local/lib/pkgconfig/libknot.pc /usr/local/lib/pkgconfig/libdnssec.pc /usr/local/lib/pkgconfig/libzscanner.pc
+
+
+# Intermediate container with runtime dependencies
+FROM debian:stable-slim AS runtime
+
+# Install runtime dependencies
+ENV KNOT_DNS_RUNTIME_DEPS libgnutls30
+ENV KNOT_RESOLVER_RUNTIME_DEPS liblmdb0 luajit libluajit-5.1-2 libuv1 lua-sec lua-socket
+ENV KNOT_RESOLVER_RUNTIME_DEPS_HTTP libjs-bootstrap libjs-d3 libjs-jquery lua-http lua-mmdb
+ENV KNOT_RESOLVER_RUNTIME_DEPS_EXTRA libfstrm0 lua-cqueues
+ENV RUNTIME_DEPS ${KNOT_DNS_RUNTIME_DEPS} ${KNOT_RESOLVER_RUNTIME_DEPS} ${KNOT_RESOLVER_RUNTIME_DEPS_HTTP} ${KNOT_RESOLVER_RUNTIME_DEPS_EXTRA}
+RUN apt-get update -qq && \
+       apt-get install -y -qqq ${RUNTIME_DEPS} && \
+       apt-get clean && \
+       rm -rf /var/lib/apt/lists/*
+
+
+# Intermediate container for Knot Resolver build
+FROM knot-dns-build AS build
+
+# Get Knot Resolver code from current directory
+COPY . /tmp/knot-resolver
+
+# Build Knot Resolver
+ARG CFLAGS="-O2 -fstack-protector -g"
+ENV LDFLAGS -Wl,--as-needed
+ENV BUILD_IGNORE libedit-dev
+RUN cd /tmp/knot-resolver && \
+       make "-j$(nproc)" && \
+       make install DESTDIR=/tmp/root && \
+       mkdir -p /tmp/root/etc/knot-resolver && \
+       cp ./etc/config.docker /tmp/root/etc/knot-resolver/kresd.conf && \
+       cp ./distro/common/root.keys /tmp/root/etc/knot-resolver/
+
+
+# Final container
+FROM runtime
+MAINTAINER Knot Resolver team <knot-resolver-users@lists.nic.cz>
+
+# Export DNS over UDP & TCP, DNS-over-TLS, web interface
+EXPOSE 53/UDP 53/TCP 853/TCP 8053/TCP
+
+CMD ["/usr/local/sbin/kresd", "-c", "/etc/knot-resolver/kresd.conf"]
+
+# Fetch Knot Resolver + Knot DNS libraries from build image
+COPY --from=build /tmp/root/ /
+RUN ldconfig

diff --git a/NEWS b/NEWS
index 5a8dc6b2c0a94af6ad48a4a1fdaba593dc9f684a..360cc99b9b9385a2758538cea4e0d03ccb6f5c3b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,10 @@ Bugfixes
 - http module: only run prometheus in parent process if using --forks=N,
   as the submodule collects metrics from all sub-processes as well.
 
+Improvements
+------------
+- Dockerfile: rework, basing on Debian instead of Alpine
+
 
 Knot Resolver 3.1.0 (2018-11-02)
 ================================

diff --git a/scripts/config.docker b/etc/config.docker
similarity index 93%
rename from scripts/config.docker
rename to etc/config.docker
index 58d8d13b606828bcafaa11e6d6f16fda822badd0..0eb33b22876ab0f1a6c2e2ab61386e091d61a605 100644 (file)
--- a/scripts/config.docker
+++ b/etc/config.docker
@@ -5,7 +5,7 @@ net.listen('0.0.0.0')
 net.listen('0.0.0.0', 853, {tls=true})
 
 -- Auto-maintain root TA
-trust_anchors.file = '/data/root.keys'
+trust_anchors.file = '/etc/knot-resolver/root.keys'
 
 -- Load Useful modules
 modules = {
@@ -38,4 +38,3 @@ function print_help()
           .. 'verbose(true)\n')
 end
 print_help()
-event.after(11000, print_help)

diff --git a/scripts/Dockerfile b/scripts/Dockerfile
deleted file mode 100644 (file)
index f0399f0..0000000
--- a/scripts/Dockerfile
+++ /dev/null
@@ -1,33 +0,0 @@
-FROM alpine:edge
-MAINTAINER Knot Resolver team <knot-resolver-users@lists.nic.cz>
-
-# Environment
-ENV BUILD_PKGS build-base automake autoconf libtool pkgconfig git luajit-dev libuv-dev gnutls-dev jansson-dev userspace-rcu-dev curl vim bsd-compat-headers
-ENV RUN_PKGS luajit libuv gnutls jansson bash libstdc++ lua5.1-cqueues lua5.1-http lua5.1-sec lua5.1-socket
-ENV BUILD_IGNORE gmp nettle jansson gnutls lua libuv cmocka
-ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig
-ENV CFLAGS -O2 -ftree-vectorize -fstack-protector -g
-ENV LDFLAGS -Wl,--as-needed
-
-# export DNS over UDP & TCP, DNS-over-TLS, web interface
-EXPOSE 53/UDP 53/TCP 853/TCP 8053/TCP
-
-# Select entrypoint
-WORKDIR /data
-COPY "config.docker" "/data"
-CMD ["/usr/local/sbin/kresd", "-c", "/data/config.docker"]
-
-# Install dependencies and sources
-RUN \
-apk add -t lua5.1-compat5.3 lua5.1-compat53 && \
-apk --update add ${RUN_PKGS} && \
-apk add --virtual build-dep ${BUILD_PKGS} && \
-git clone --depth 1 --recurse-submodules=modules/policy/lua-aho-corasick \
-https://gitlab.labs.nic.cz/knot/knot-resolver.git /tmp/build && \
-cd /tmp/build && \
-./scripts/bootstrap-depends.sh /usr/local && \
-make -j4 install && \
-# Trim down the image
-cd / && \
-apk del --purge build-dep && \
-rm -rf /var/cache/apk/* /tmp/build