Add production Alpine and Debian Stretch Docker images

[kaiyou]

This PR is currently for reference mostly, as it will conflict with #213 anyway. It implements a production Alpine-based image with the following concepts in mind:

• the image is built from source (see Add config for running with Docker Compose and on Docker Swarm #213 (comment) for the discussion)
• the image only contains PeerTube and will run a single process, no caching webserver or frontend
• configuration is committed to support/docker/config to avoid duplicating a common configuration file
• as few layers as possible while maintaining readability

[djmaze]

So this is /usr/src/data? You need to adjust the VOLUME directive in the Dockerfile accordingly. (Yes, I made a similar mistake in my PR ;))

[kaiyou]

This is relative to /app, so it is actually /data/avatars.

[djmaze]

Ah, sorry for the noise.

[djmaze]

I like this. Maybe we should go with this PR for now and try to get automated builds working (probably via Travis?). We can add sample Compose / Swarm configs later.

[Dryusdan]

You haven't any problem with npm build ?

There are too many layer but it's cool :D

[kaiyou]

@Dryusdan npm build uses scripty, which fails with the default Alpine shell, hence the bash -c call. Also, I am open to suggestions as to limiting the number of layers without impacting readability.

[Dryusdan]

@kaiyou yeah ! You unlock me o/

Actually I make this image (github mirror repo) : https://github.com/Dryusdan/docker-peertube/blob/master/Dockerfile.alpine

[Dryusdan]

So you can inspired if you would :)

[djmaze]

I have to say I really don't get the obsession of people wanting to minimize the amount of layers at all costs. With today's docker graph drivers, I believe the overhead is minimal.

I'd rather optimize for better layer caching, which allows faster updates in production. (See my PR.)

[Dryusdan]

If you build your image on the same host, minimal layer is usefull...
In CI build docker in docker, the multiple layer takes longer to build than little layer because cache doesn't exist for this method

[djmaze]

@Dryusdan

If you build your image on the same host, minimal layer is usefull...

I suppose you mean "minimal number of layers". So why should it be better when building on the same host? A multi-layer approach will probably be much faster since you can skip building many of the base layers if only the application code was changed.

In CI build docker in docker, the multiple layer takes longer to build than little layer because cache doesn't exist for this method

Right, with Travis there is no Docker caching currently, although there is an improvement with --cache-from.

But does it really matter if a CI build takes 5 or 7 minutes? This is not something you impatiently wait for, do you?

[Dryusdan]

Use cache is can create some problem with version of paquet, because cache "create" outdated packet (ouch, bad english). The base image first.
Then, in production use image not build image not create or build by trust-worthy machine is not very secure

Fr translation : Le cache Docker est un soucis plus qu'un avantage en production, il utilise des images pas forcément à jour, et des paquets pareil. Cela pose un soucis de sécurité.
De plus, faire confiance à une machine tierce pour le build d'une image destiné à la production n'est pas forcément une bonne chose, surtout quand l'application tourne sur du Docker qui a les droits root.

[Chocobozzz]

I like this. Maybe we should go with this PR for now and try to get automated builds working (probably via Travis?). We can add sample Compose / Swarm configs later.

Maybe @kaiyou @Dryusdan @djmaze you could merge your different work in one repository, and make only one PR? For example this alpine image with @djmaze docker compose or whatever.

[kaiyou]

I'll try and merge both tonight. I'll update if I cannot deliver in time.

[Dryusdan]

My work is really different and I don't think it's that well accepted. ^^

[kaiyou]

I have just merged @djmaze commits into the directory structure of this PR. I have not tested yet, so it probably doesn't event build.

[kaiyou]

I just tested, it seems both images build successfully. Now some live testing :)

[kaiyou]

Quick update: the Debian image (stretch based) works fine and has been running in production for two days now. The Alpine image still segfaults and I need time or help to fix it (I have been stracing inside the containers for hours now, no success).

I suggest we merge but only configure builds for the Debian image at this point.

[Chocobozzz]

@kaiyou Please put your files inside a /support/docker/production directory and I'll merge. Thanks for your work! :)

[djmaze]

Apart from some minor typos, this LGTM! 👍

[djmaze]

• Small typo

[djmaze]

• Small typo

[djmaze]

• Configuring?

[kaiyou]

@Chocobozzz I did, thank you @djmaze for the review, I fixed the typos, merged the latest develop, added redis settings accordingly.

[Chocobozzz]

Thanks @kaiyou for your awesome work!

[1000i100]

I've just test.
This case :

# docker-compose up app
ERROR: No such service: app

This other case :

 # docker-compose up
Starting peertube_db_1 ... done
Starting peertube_peertube_1 ... done
Attaching to peertube_db_1, peertube_peertube_1
db_1        | 2018-03-11 13:19:57.272 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
db_1        | 2018-03-11 13:19:57.272 UTC [1] LOG:  listening on IPv6 address "::", port 5432
db_1        | 2018-03-11 13:19:57.338 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db_1        | 2018-03-11 13:19:57.387 UTC [22] LOG:  database system was shut down at 2018-03-11 13:18:36 UTC
db_1        | 2018-03-11 13:19:57.401 UTC [1] LOG:  database system is ready to accept connections
peertube_1  | npm ERR! path /app/package.json
peertube_1  | npm ERR! code EACCES
peertube_1  | npm ERR! errno -13
peertube_1  | npm ERR! syscall open
peertube_1  | npm ERR! Error: EACCES: permission denied, open '/app/package.json'
peertube_1  | npm ERR!  { Error: EACCES: permission denied, open '/app/package.json'
peertube_1  | npm ERR!   stack: 'Error: EACCES: permission denied, open \'/app/package.json\'',
peertube_1  | npm ERR!   errno: -13,
peertube_1  | npm ERR!   code: 'EACCES',
peertube_1  | npm ERR!   syscall: 'open',
peertube_1  | npm ERR!   path: '/app/package.json' }
peertube_1  | npm ERR!
peertube_1  | npm ERR! Please try running this command again as root/Administrator.
peertube_1  |
peertube_1  | npm ERR! A complete log of this run can be found in:
peertube_1  | npm ERR!     /data/.npm/_logs/2018-03-11T13_19_58_817Z-debug.log
peertube_peertube_1 exited with code 243

PS : for succefull docker build, i've changed Dockerfile.stretch in Dockerfile and the COPY line in :

COPY src ./

I've git cloned in src peertube for package.json and other yarn.lock dependency index availability in building process.

[kaiyou]

As-tu essayé de build depuis la racine du projet ?

docker build -t peertube:stretch -f support/docker/production/Dockerfile.stretch .

[1000i100]

nop, i will try that now.

[kaiyou]

In english for the community to be able to read: the docker image seriously lacks documentation. I'll try to remedy that.

[1000i100]

AS: I've just edited my messages to translate them in english.

docker build -t peertube:stretch -f support/docker/production/Dockerfile.stretch .

works, but it dosent change docker-compose behavior.

[kaiyou]

I have just updated the compose file in PR #332. Maybe its best we follow up there and make sure the resulting compose example is working properly