Add jinja-init Dockerfile

This creates a jinja-init image based on
https://github.com/ObjectifLibre/jinja-init

We can use this image as an "init container" in k8s to template out
config files using configmaps and secrets.

It also adds a gitea-init Dockerfile, which will require the
jinja-init image to be published first.

Change-Id: I88e14c4f0d868f99aa0a0316e6b9e24c2a8fea68

.zuul.yaml

@@ -97,6 +97,26 @@
       name: credentials
       secret: system-config-dockerhub
 
+- job:
+    name: system-config-build-image-jinja-init
+    description: Build a jinja-init image
+    parent: system-config-build-image
+    vars:
+      images:
+        - context: docker/jinja-init
+          target: jinja-init
+          repository: opendevorg/jinja-init
+    files:
+      - docker/jinja-init/.*
+
+- job:
+    name: system-config-upload-image-jinja-init
+    description: Build and upload a jinja-init image
+    parent: system-config-build-image-jinja-init
+    secrets:
+      name: credentials
+      secret: system-config-dockerhub
+
 # Role integration jobs.  These test the top-level generic roles/*
 # under Zuul.  The range of platforms should be the same as those for
 # openstack-zuul-jobs.
@@ -394,6 +414,8 @@
         - system-config-run-nodepool
         - system-config-run-docker
         - system-config-build-image-gitea
+        - system-config-build-image-jinja-init
     post:
       jobs:
         - system-config-upload-image-gitea
+        - system-config-upload-image-jinja-init

docker/gitea-init/Dockerfile

@@ -0,0 +1,19 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM jeblair/jinja-init
+
+COPY entrypoint.sh /
+
+ENTRYPOINT ["/entrypoint.sh"]

docker/gitea-init/entrypoint.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Create directories needed by gitea
+mkdir -p /data/git
+chown 1000:1000 /data/git
+
+mkdir -p /data/gitea
+chown 1000:1000 /data/gitea
+
+# This one is used by openssh and can remain root-owned
+mkdir -p /data/ssh
+
+# Template the config file (which can also be root-owned)
+export JINJA_SRC_FILE=/config_src/app.ini.j2
+export JINJA_DEST_FILE=/conf/app.ini
+python /run.py

docker/gitea/Dockerfile

@@ -57,17 +57,16 @@ RUN apt-get update && apt-get -y install \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
-RUN addgroup \
+RUN addgroup --system --gid 1000 git \
-    --system --gid 1000 \
+  && adduser \
-    git && \
-  adduser \
     --system --no-create-home --disabled-login \
     --home /data/git \
     --shell /bin/bash \
     --uid 1000 \
     --gid 1000 \
-    git && \
+    git \
-  echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
+  && echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd \
+  && mkdir /custom
 
 # Copy the /etc config files and entrypoint script
 COPY --from=build-env /go/src/code.gitea.io/gitea/docker /
@@ -76,6 +75,11 @@ COPY --from=build-env /go/src/code.gitea.io/gitea/docker /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
 
+# Copy our custom templates
+COPY custom/ /custom/
+
+ENV GITEA_CUSTOM /custom
+
 ###################################
 # The gitea image
 FROM base as gitea
@@ -86,10 +90,9 @@ RUN apt-get update && apt-get -y install pandoc \
 
 EXPOSE 3000
 ENV USER git
-ENV GITEA_CUSTOM /data/gitea
 VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
-CMD ["/app/gitea/gitea"]
+CMD ["/app/gitea/gitea", "web"]
 USER 1000:1000
 
 ###################################

docker/jinja-init/Dockerfile

@@ -0,0 +1,34 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+FROM python:slim as build
+
+RUN apt-get update && apt-get -y install \
+    git \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  && mkdir -p /src/jinja-init
+
+RUN git clone https://github.com/ObjectifLibre/jinja-init /src/jinja-init
+WORKDIR /src/jinja-init
+
+RUN git checkout 8c13a44124a5a363519df787b1cd0abd1198b8df
+
+FROM python:slim as jinja-init
+
+RUN pip install jinja2
+
+COPY --from=build /src/jinja-init/run.py /
+
+ENTRYPOINT ["python", "/run.py"]