Open froger opened 2 years ago
To give some contexts on how the work is going to be proposed, I plan to split the work on the following PR:
My strategies are :
My references for docker implementations:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. @carolromero & @andreslucena feel free to chime in.
Is somebody working on this?
Hi @oxcar!
At the moment there isn't anyone working actively on this one as far as I know. This would be an awesome contribution to the project, for sure. A good starting point would be where @froger arrived: https://github.com/octree-gva/decidim-in-docker
@froger after our meeting the past week, I understand that you guys have been working on this issue. Do you have any update?
Hello @andreslucena , we have make some good progresses. Let me describe here our adventure.
Decidim in docker needs to takes some decisions about job processes supervisions, caching, async jobs etc to have working defaults. decidim_generators is quiet generics, so we need to:
So what we do is: use decidim-generators inside a docker image the, add some working defaults, wrap all this together and expose a minimal image (but still big, because deps are big).
The hosters we use (jelastic/digital ocean) will empty volumes on mounting, and we often have issues on empty /public
directory. Still somehow an issue, but this isn't a blocking issue.
After some security reviews from Geneva, we really tried hard to have "not" the default user running the container. This was a bit tricky, but we did it.
bundle exec rails s
is not really a reliable solution to run rails in docker, as it won't restart if it fails. We started to use systemd as sidekiq wiki suggest, but we found the configurations over-complicated. So we've switched to supervisord and it looks better.
This help us to be able to run multiple processes in the same image: puma and sidekiq will be the default.
# run sidekiq and rails
docker run <dockerhub>/decidim -v ./logs:/home/decidim/app/logs -e RUN_SIDEKIQ=1 -e RUN_PUMA=1
# run just rails
docker run <dockerhub>/decidim -v ./logs:/home/decidim/app/logs -e RUN_SIDEKIQ=1 -e RUN_PUMA=0
Decidim without at least postgres and redis offers a very poor experience. We are setting up some docker-compose to have a getting started experience similar to Ory/hydra. Things like:
# Let's run a decidim!
git clone <github-repo>/decidim/docker
docker-compose -f quickstart.yml -f ehterpad.yml up -d
# Visit localhost:3000 to see an empty organisations
Docker image should be performance-ok by default, we won't serve assets, and provides a Nginx configuration by default. (Open Source Politics have published working Nginx config somewhere). So the quickstart.yml
docker-compose includes some Nginx instance by default. (aside: this also help us to demonstrate working with private networks to don't expose dbs and processes).
Async tasks with sidekiq and caching will use redis instance (tried to run decidim without cache, that's not a nice user experience). At the docker image's entrypoint we requires a running postgres host and redis host through a wait-for-it scripts.
My cute excuse: Docker for decidim will improve the getting started for all future decidim users. We need to get it done well and we need to take times because I'm sensing this is an important job to be done.
Truely:
All of this to say sorry didn't propose a working PR for the docker installation.
That's all :) Our timeline is now December with develop branch sync, but as we have something working for 0.24 I will publish a PR ASAP.
See you at the fest!
To follow status, here a PR in draft: https://github.com/decidim/docker/pull/98
Is your feature request related to a problem? Please describe.
An official docker support and documentation is needed to run easily a Decidim Instance. In the current state, my concerns about docker are:
Describe the solution you'd like
Remove decidim/docker repository that uses the generator
Additional context See Metadecidim proposal
Acceptance criteria
docker scan
Then I see no security issues or warning