From: Tomas Krizek Date: Tue, 6 Nov 2018 14:32:57 +0000 (+0100) Subject: Dockerfile: update image X-Git-Tag: v3.2.0~34^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acd7ffec89e0b2fde7c599bdad3c51bae8d5b9ba;p=thirdparty%2Fknot-resolver.git Dockerfile: update image - building different version of kresd is not properly supported (uses current directory with checked-out code instead of git master) - based on debian:stable instead of alpine for easier dependency resolution - moved both Dockerfile and config to more appropriate locations --- diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..d2162dafd --- /dev/null +++ b/Dockerfile @@ -0,0 +1,75 @@ +# Intermediate container for Knot DNS build (not persistent) +FROM debian:stable AS knot-dns-build +ARG KNOT_DNS_VERSION=v2.7.2 + +# Build dependencies +ENV KNOT_DNS_BUILD_DEPS git-core build-essential libtool autoconf pkg-config \ + libgnutls28-dev libprotobuf-dev libprotobuf-c-dev libfstrm-dev +ENV KNOT_RESOLVER_BUILD_DEPS build-essential pkg-config bsdmainutils liblmdb-dev \ + libluajit-5.1-dev libuv1-dev libprotobuf-dev libprotobuf-c-dev \ + libfstrm-dev luajit lua-sec lua-socket +ENV BUILDENV_DEPS ${KNOT_DNS_BUILD_DEPS} ${KNOT_RESOLVER_BUILD_DEPS} +RUN apt-get update -qq && \ + apt-get -y -qqq install ${BUILDENV_DEPS} + +# Install Knot DNS from sources +RUN git clone -b $KNOT_DNS_VERSION --depth=1 https://gitlab.labs.nic.cz/knot/knot-dns.git /tmp/knot-dns && \ + cd /tmp/knot-dns && \ + autoreconf -if && \ + ./configure --disable-static --disable-fastparser --disable-documentation \ + --disable-daemon --disable-utilities --with-lmdb=no && \ + make -j4 install && \ + ldconfig + +# Copy libknot, libdnssec, libzscanner to runtime +RUN mkdir -p /tmp/root/usr/local/include /tmp/root/usr/local/lib /tmp/root/usr/local/lib/pkgconfig && \ + cp -rt /tmp/root/usr/local/include /usr/local/include/libknot /usr/local/include/libdnssec /usr/local/include/libzscanner && \ + cp -rt /tmp/root/usr/local/lib /usr/local/lib/libknot* /usr/local/lib/libdnssec* /usr/local/lib/libzscanner* && \ + cp -rt /tmp/root/usr/local/lib/pkgconfig /usr/local/lib/pkgconfig/libknot.pc /usr/local/lib/pkgconfig/libdnssec.pc /usr/local/lib/pkgconfig/libzscanner.pc + + +# Intermediate container with runtime dependencies +FROM debian:stable-slim AS runtime + +# Install runtime dependencies +ENV KNOT_DNS_RUNTIME_DEPS libgnutls30 +ENV KNOT_RESOLVER_RUNTIME_DEPS liblmdb0 luajit libluajit-5.1-2 libuv1 lua-sec lua-socket +ENV KNOT_RESOLVER_RUNTIME_DEPS_HTTP libjs-bootstrap libjs-d3 libjs-jquery lua-http lua-mmdb +ENV KNOT_RESOLVER_RUNTIME_DEPS_EXTRA libfstrm0 lua-cqueues +ENV RUNTIME_DEPS ${KNOT_DNS_RUNTIME_DEPS} ${KNOT_RESOLVER_RUNTIME_DEPS} ${KNOT_RESOLVER_RUNTIME_DEPS_HTTP} ${KNOT_RESOLVER_RUNTIME_DEPS_EXTRA} +RUN apt-get update -qq && \ + apt-get install -y -qqq ${RUNTIME_DEPS} && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + + +# Intermediate container for Knot Resolver build +FROM knot-dns-build AS build + +# Get Knot Resolver code from current directory +COPY . /tmp/knot-resolver + +# Build Knot Resolver +ARG CFLAGS="-O2 -fstack-protector -g" +ENV LDFLAGS -Wl,--as-needed +ENV BUILD_IGNORE libedit-dev +RUN cd /tmp/knot-resolver && \ + make "-j$(nproc)" && \ + make install DESTDIR=/tmp/root && \ + mkdir -p /tmp/root/etc/knot-resolver && \ + cp ./etc/config.docker /tmp/root/etc/knot-resolver/kresd.conf && \ + cp ./distro/common/root.keys /tmp/root/etc/knot-resolver/ + + +# Final container +FROM runtime +MAINTAINER Knot Resolver team + +# Export DNS over UDP & TCP, DNS-over-TLS, web interface +EXPOSE 53/UDP 53/TCP 853/TCP 8053/TCP + +CMD ["/usr/local/sbin/kresd", "-c", "/etc/knot-resolver/kresd.conf"] + +# Fetch Knot Resolver + Knot DNS libraries from build image +COPY --from=build /tmp/root/ / +RUN ldconfig diff --git a/NEWS b/NEWS index 5a8dc6b2c..360cc99b9 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,10 @@ Bugfixes - http module: only run prometheus in parent process if using --forks=N, as the submodule collects metrics from all sub-processes as well. +Improvements +------------ +- Dockerfile: rework, basing on Debian instead of Alpine + Knot Resolver 3.1.0 (2018-11-02) ================================ diff --git a/scripts/config.docker b/etc/config.docker similarity index 93% rename from scripts/config.docker rename to etc/config.docker index 58d8d13b6..0eb33b228 100644 --- a/scripts/config.docker +++ b/etc/config.docker @@ -5,7 +5,7 @@ net.listen('0.0.0.0') net.listen('0.0.0.0', 853, {tls=true}) -- Auto-maintain root TA -trust_anchors.file = '/data/root.keys' +trust_anchors.file = '/etc/knot-resolver/root.keys' -- Load Useful modules modules = { @@ -38,4 +38,3 @@ function print_help() .. 'verbose(true)\n') end print_help() -event.after(11000, print_help) diff --git a/scripts/Dockerfile b/scripts/Dockerfile deleted file mode 100644 index f0399f085..000000000 --- a/scripts/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -FROM alpine:edge -MAINTAINER Knot Resolver team - -# Environment -ENV BUILD_PKGS build-base automake autoconf libtool pkgconfig git luajit-dev libuv-dev gnutls-dev jansson-dev userspace-rcu-dev curl vim bsd-compat-headers -ENV RUN_PKGS luajit libuv gnutls jansson bash libstdc++ lua5.1-cqueues lua5.1-http lua5.1-sec lua5.1-socket -ENV BUILD_IGNORE gmp nettle jansson gnutls lua libuv cmocka -ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig -ENV CFLAGS -O2 -ftree-vectorize -fstack-protector -g -ENV LDFLAGS -Wl,--as-needed - -# export DNS over UDP & TCP, DNS-over-TLS, web interface -EXPOSE 53/UDP 53/TCP 853/TCP 8053/TCP - -# Select entrypoint -WORKDIR /data -COPY "config.docker" "/data" -CMD ["/usr/local/sbin/kresd", "-c", "/data/config.docker"] - -# Install dependencies and sources -RUN \ -apk add -t lua5.1-compat5.3 lua5.1-compat53 && \ -apk --update add ${RUN_PKGS} && \ -apk add --virtual build-dep ${BUILD_PKGS} && \ -git clone --depth 1 --recurse-submodules=modules/policy/lua-aho-corasick \ -https://gitlab.labs.nic.cz/knot/knot-resolver.git /tmp/build && \ -cd /tmp/build && \ -./scripts/bootstrap-depends.sh /usr/local && \ -make -j4 install && \ -# Trim down the image -cd / && \ -apk del --purge build-dep && \ -rm -rf /var/cache/apk/* /tmp/build