Provide correct path to compose files

In release-engineering#421, I modified the
context and paths to both go up a directory. That was an error. I should
have just modified one.

This provides the context to be the root directory so all paths are
relative to that.

Signed-off-by: arewm <arewm@users.noreply.github.com>

.gitignore

@@ -129,5 +129,5 @@ dmypy.json
 .vscode/
 
 # docker-compose volumes and files
-/iib_data/
-/ca-bundle.crt
+ca-bundle.crt
+compose-files/docker/

Makefile

@@ -1,6 +1,7 @@
 # Set the default composer while allowing user to overwrite via the
 # environment variable IIB_COMPOSE_ENGINE.
 IIB_COMPOSE_ENGINE ?= docker-compose
+IIB_COMPOSE_RUNNER = ${IIB_COMPOSE_ENGINE} -f ${PWD}/compose-files/${IIB_COMPOSE_ENGINE}.yml
 
 # Declare non-file targets to avoid potential conflict with files
 # of the same name.
@@ -35,16 +36,16 @@ all:
 
 up: ca-bundle.crt iib-data
 	@echo "Starting the local development instance..."
-	${IIB_COMPOSE_ENGINE} up -d
+	${IIB_COMPOSE_RUNNER} up -d
 
 down:
 	@echo "Destroying the local development instance..."
-	${IIB_COMPOSE_ENGINE} down $(COMPOSER_DOWN_OPTS)
+	${IIB_COMPOSE_RUNNER} down $(COMPOSER_DOWN_OPTS)
 	@rm -rf iib_data
 
 build:
 	@echo "Building the container images for the local development instance..."
-	${IIB_COMPOSE_ENGINE} build
+	${IIB_COMPOSE_RUNNER} build
 
 test:
 	@tox

docker-compose.yml → compose-files/docker-compose.yml

@@ -63,7 +63,7 @@ services:
 
   iib-api:
     build:
-      context: .
+      context: ..
       dockerfile: ./docker/Dockerfile-api
     command:
       - /bin/sh
@@ -96,7 +96,7 @@ services:
 
   iib-worker:
     build:
-      context: .
+      context: ..
       dockerfile: ./docker/Dockerfile-workers
     # Override the default command so that Celery auto-reloads on code changes.
     # This also adds the self-signed CA that was used to sign the Docker registry's certificate
@@ -135,7 +135,7 @@ services:
   # This is an external message broker used to publish messages about state changes
   message-broker:
     build:
-      context: .
+      context: ..
       dockerfile: ./docker/message_broker/Dockerfile
     volumes:
       - message-broker-volume:/opt/activemq/data:z

compose-files/podman-compose.yml

@@ -0,0 +1,155 @@
+---
+version: '3'
+services:
+  # This "service" generates the certificate for the registry. Then,
+  # it exits with status code 0.
+  minica:
+    image: registry.access.redhat.com/ubi8/go-toolset:latest
+    command:
+      - /bin/sh
+      - -c
+      - >-
+        go get github.com/jsha/minica &&
+        cd /opt/app-root/certs &&
+        /opt/app-root/src/bin/minica --domains registry
+    environment:
+      GOPATH: /opt/app-root/src
+    volumes:
+      - registry-certs-volume:/opt/app-root/certs:z
+
+  registry:
+    image: registry:2
+    ports:
+      - 8443:8443
+    environment:
+      REGISTRY_HTTP_ADDR: 0.0.0.0:8443
+      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry/cert.pem
+      REGISTRY_HTTP_TLS_KEY: /certs/registry/key.pem
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+    volumes:
+      - ./iib_data/registry:/var/lib/registry
+      - registry-certs-volume:/certs:z
+      - ./docker/registry/auth:/auth
+    # depends_on: # yamllint disable-line comments-indentation
+    #   - minica  # yamllint disable-line comments-indentation
+
+  db:
+    image: postgres:9.6
+    environment:
+      POSTGRES_USER: iib
+      POSTGRES_PASSWORD: iib
+      POSTGRES_DB: iib
+      POSTGRES_INITDB_ARGS: "--auth='ident' --auth='trust'"
+
+  memcached:
+    image: memcached
+    ports:
+      - 11211:11211
+
+  rabbitmq:
+    image: rabbitmq:3.7-management
+    environment:
+      RABBITMQ_DEFAULT_USER: iib
+      RABBITMQ_DEFAULT_PASS: iib
+      # Avoid port conflict with ActiveMQ broker when using podman-compose.
+      # Even though the port is not exposed, podman-compose's use of a pod
+      # requires the ports to be unique across all containers within the pod.
+      RABBITMQ_NODE_PORT: 5673
+    ports:
+      # The RabbitMQ management console
+      - 8081:15672
+
+  iib-api:
+    build:
+      context: ..
+      dockerfile: ./docker/Dockerfile-api
+    command:
+      - /bin/sh
+      - -c
+      - >-
+        mkdir -p /etc/iib &&
+        cp /broker-certs/client.crt /etc/iib/messaging.crt &&
+        cp /broker-certs/client.key /etc/iib/messaging.key &&
+        cp /broker-certs/ca.crt /etc/iib/messaging-ca.crt &&
+        pip3 uninstall -y iib &&
+        python3 setup.py develop --no-deps &&
+        iib wait-for-db &&
+        iib db upgrade &&
+        flask run --reload --host 0.0.0.0 --port 8080
+    environment:
+      FLASK_ENV: development
+      FLASK_APP: iib/web/wsgi.py
+      IIB_DEV: 'true'
+    volumes:
+      - ./:/src
+      - ./docker/message_broker/certs:/broker-certs
+      - request-logs-volume:/var/log/iib/requests:z
+      - request-related-bundles-volume:/var/lib/requests/related_bundles:z
+      - request-recursive-related-bundles-volume:/var/lib/requests/recursive_related_bundles:z
+    ports:
+      - 8080:8080
+    depends_on:
+      - db
+      - message-broker
+
+  iib-worker:
+    build:
+      context: ..
+      dockerfile: ./docker/Dockerfile-workers
+    # Override the default command so that Celery auto-reloads on code changes.
+    # This also adds the self-signed CA that was used to sign the Docker registry's certificate
+    # to the trusted CA bundle. This will make podman trust the local Docker registry's certificate.
+    # cp host-ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt &&
+    command:
+      - /bin/bash
+      - -c
+      - >-
+        cat /registry-certs/minica.pem >> /etc/pki/tls/certs/ca-bundle.crt &&
+        podman login --authfile ~/.docker/config.json.template -u iib \
+          -p iibpassword registry:8443 &&
+        pip3 install watchdog[watchmedo] &&
+        watchmedo auto-restart -d ./iib/workers -p '*.py' --recursive \
+          -- celery -A iib.workers.tasks worker --loglevel=info
+    environment:
+      IIB_DEV: 'true'
+      REGISTRY_AUTH_FILE: '/root/.docker/config.json'
+      REQUESTS_CA_BUNDLE: /etc/pki/tls/certs/ca-bundle.crt
+    # Make this privileged to be able to build container images
+    privileged: true
+    volumes:
+      - ./:/src
+      - worker_container_storage:/var/lib/containers:z
+      # - ./docker/registry/certs:/registry-certs
+      - registry-certs-volume:/registry-certs
+      - ./ca-bundle.crt:/host-ca-bundle.crt
+      - request-logs-volume:/var/log/iib/requests:z
+      - request-related-bundles-volume:/var/lib/requests/related_bundles:z
+      - request-recursive-related-bundles-volume:/var/lib/requests/recursive_related_bundles:z
+    depends_on:
+      - rabbitmq
+      - registry
+      - minica
+      - memcached
+
+  # This is an external message broker used to publish messages about state changes
+  message-broker:
+    build:
+      context: ..
+      dockerfile: ./docker/message_broker/Dockerfile
+    volumes:
+      - message-broker-volume:/opt/activemq/data:z
+      - ./docker/message_broker/certs:/broker-certs
+    ports:
+      - 5671:5671   # amqp+ssl
+      - 5672:5672   # amqp
+      - 8161:8161   # web console
+
+volumes:
+  registry-certs-volume:
+  message-broker-volume:
+  request-logs-volume:
+  request-related-bundles-volume:
+  request-recursive-related-bundles-volume:
+  worker_container_storage: