Merge pull request #5 from orangesys/refacetor-dockerfile

Refacetor dockerfile

Dockerfile

@@ -1,27 +1,43 @@
-FROM alpine:3.9
-LABEL maintainer "gavin zhou <[email protected]>"
+ARG BASE_IMAGE=alpine:3.9
+FROM ${BASE_IMAGE}
 
 ENV GRAFANA_VERSION=6.3.2
+RUN mkdir /tmp/grafana \
+ && wget -P /tmp/ http:https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-${GRAFANA_VERSION}.linux-amd64.tar.gz \
+ && tar xfz /tmp/grafana-${GRAFANA_VERSION}.linux-amd64.tar.gz --strip-components=1 -C /tmp/grafana
+
+
+ARG BASE_IMAGE=alpine:3.9
+FROM ${BASE_IMAGE}
+LABEL maintainer "gavin zhou <[email protected]>"
+
+ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
+ GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \
+ GF_PATHS_DATA="/var/lib/grafana" \
+ GF_PATHS_HOME="/usr/share/grafana" \
+ GF_PATHS_LOGS="/var/log/grafana" \
+ GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \
+ GF_PATHS_PROVISIONING="/etc/grafana/provisioning"
+
+WORKDIR $GF_PATHS_HOME 
 
 RUN set -ex \
- && addgroup -S grafana \
- && adduser -S -G grafana grafana \
- && apk add --no-cache libc6-compat ca-certificates su-exec \
- && mkdir /tmp/setup \
- && wget -P /tmp/setup http:https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-${GRAFANA_VERSION}.linux-amd64.tar.gz \
- && tar -xzf /tmp/setup/grafana-$GRAFANA_VERSION.linux-amd64.tar.gz -C /tmp/setup --strip-components=1 \
- && install -m 755 /tmp/setup/bin/grafana-server /usr/local/bin/ \
- && install -m 755 /tmp/setup/bin/grafana-cli /usr/local/bin/ \
- && mkdir -p /grafana/datasources /grafana/dashboards /grafana/data /grafana/logs /grafana/plugins /var/lib/grafana /grafana/conf \
- && cp -r /tmp/setup/public /grafana/public \
- && chown -R grafana:grafana /grafana \
- && ln -s /grafana/plugins /var/lib/grafana/plugins \
- && grafana-cli plugins update-all \
- && rm -rf /tmp/setup
-
-VOLUME /grafana/data
-
-COPY ./config.docker/defaults.ini /grafana/conf/
+ && addgroup -S grafana \
+ && adduser -S -G grafana grafana \
+ && apk add --no-cache libc6-compat ca-certificates su-exec bash
+
+COPY --from=0 /tmp/grafana "$GF_PATHS_HOME"
+RUN mkdir -p "$GF_PATHS_HOME/.aws" \
+ && mkdir -p "$GF_PATHS_PROVISIONING/datasources" \
+ "$GF_PATHS_PROVISIONING/dashboards" \
+ "$GF_PATHS_PROVISIONING/notifiers" \
+ "$GF_PATHS_LOGS" \
+ "$GF_PATHS_PLUGINS" \
+ "$GF_PATHS_DATA" \
+ && chown -R grafana:grafana "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" \
+ && chmod -R 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING"
+
+COPY ./config.docker/defaults.ini "$GF_PATHS_CONFIG"
 COPY ./run.sh /run.sh
 
 EXPOSE 3000

config.docker/defaults.ini

@@ -13,15 +13,15 @@ instance_name = ${HOSTNAME}
 [paths]
 # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
 #
-data = /grafana/data
+;data = /grafana/data
 #
 # Directory where grafana can store logs
 #
-logs = /grafana/logs
+;logs = /grafana/logs
 #
 # Directory where grafana will automatically scan and look for plugins
 #
-plugins = /grafana/plugins
+;plugins = /grafana/plugins
 
 #################################### Server ####################################
 [server]
@@ -191,44 +191,44 @@ org_role = Viewer
 
 #################################### Github Auth ##########################
 [auth.github]
-enabled = false
-allow_sign_up = false
-client_id = some_id
-client_secret = some_secret
-scopes = user:email
-auth_url = https://github.com/login/oauth/authorize
-token_url = https://github.com/login/oauth/access_token
-api_url = https://api.github.com/user
-team_ids =
-allowed_organizations =
+; enabled = false
+; allow_sign_up = false
+; client_id = some_id
+; client_secret = some_secret
+; scopes = user:email
+; auth_url = https://github.com/login/oauth/authorize
+; token_url = https://github.com/login/oauth/access_token
+; api_url = https://api.github.com/user
+; team_ids =
+; allowed_organizations =
 
 #################################### Google Auth ##########################
 [auth.google]
-enabled = false
-allow_sign_up = false
-client_id = some_client_id
-client_secret = some_client_secret
-scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-auth_url = https://accounts.google.com/o/oauth2/auth
-token_url = https://accounts.google.com/o/oauth2/token
-api_url = https://www.googleapis.com/oauth2/v1/userinfo
-allowed_domains =
+; enabled = false
+; allow_sign_up = false
+; client_id = some_client_id
+; client_secret = some_client_secret
+; scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
+; auth_url = https://accounts.google.com/o/oauth2/auth
+; token_url = https://accounts.google.com/o/oauth2/token
+; api_url = https://www.googleapis.com/oauth2/v1/userinfo
+; allowed_domains =
 
 #################################### Basic Auth ##########################
 [auth.basic]
-enabled = true
+; enabled = true
 
 #################################### Auth Proxy ##########################
 [auth.proxy]
-enabled = false
-header_name = X-WEBAUTH-USER
-header_property = username
-auto_sign_up = true
+; enabled = false
+; header_name = X-WEBAUTH-USER
+; header_property = username
+; auto_sign_up = true
 
 #################################### Auth LDAP ##########################
 [auth.ldap]
-enabled = false
-config_file = /grafana/conf/ldap.toml
+; enabled = false
+; config_file = /grafana/conf/ldap.toml
 
 #################################### SMTP / Emailing ##########################
 [smtp]
@@ -308,8 +308,8 @@ exchange = grafana_events
 
 #################################### Dashboard JSON files ##########################
 [dashboards.json]
-enabled = false
-path = /grafana/dashboards
+; enabled = false
+; path = /grafana/dashboards
 
 #################################### Usage Quotas ##########################
 [quota]

run.sh

@@ -1,16 +1,89 @@
-#!/bin/sh
-set -e
-
-if [ -n "$GF_INSTALL_PLUGINS" ]; then
- printf '%s' "$GF_INSTALL_PLUGINS" |
- tr ',' '\n' |
- while read -r plugin; do
- grafana-cli plugins install ${plugin}
- done
+#!/bin/bash -e
+
+PERMISSIONS_OK=0
+
+if [ ! -r "$GF_PATHS_CONFIG" ]; then
+ echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable."
+ PERMISSIONS_OK=1
 fi
 
-if [ "$(stat -c "%U:%G" /grafana/data)" != grafana:grafana ]; then
- chown grafana:grafana /grafana/data
+if [ ! -w "$GF_PATHS_DATA" ]; then
+ echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable."
+ PERMISSIONS_OK=1
+fi
+
+if [ ! -r "$GF_PATHS_HOME" ]; then
+ echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable."
+ PERMISSIONS_OK=1
+fi
+
+if [ $PERMISSIONS_OK -eq 1 ]; then
+ echo "You may have issues with file permissions, more information here: http:https://docs.grafana.org/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later"
+fi
+
+if [ ! -d "$GF_PATHS_PLUGINS" ]; then
+ mkdir "$GF_PATHS_PLUGINS"
+fi
+
+if [ ! -z ${GF_AWS_PROFILES+x} ]; then
+ > "$GF_PATHS_HOME/.aws/credentials"
+
+ for profile in ${GF_AWS_PROFILES}; do
+ access_key_varname="GF_AWS_${profile}_ACCESS_KEY_ID"
+ secret_key_varname="GF_AWS_${profile}_SECRET_ACCESS_KEY"
+ region_varname="GF_AWS_${profile}_REGION"
+
+ if [ ! -z "${!access_key_varname}" -a ! -z "${!secret_key_varname}" ]; then
+ echo "[${profile}]" >> "$GF_PATHS_HOME/.aws/credentials"
+ echo "aws_access_key_id = ${!access_key_varname}" >> "$GF_PATHS_HOME/.aws/credentials"
+ echo "aws_secret_access_key = ${!secret_key_varname}" >> "$GF_PATHS_HOME/.aws/credentials"
+ if [ ! -z "${!region_varname}" ]; then
+ echo "region = ${!region_varname}" >> "$GF_PATHS_HOME/.aws/credentials"
+ fi
+ fi
+ done
+
+ chmod 600 "$GF_PATHS_HOME/.aws/credentials"
+fi
+
+# Convert all environment variables with names ending in __FILE into the content of
+# the file that they point at and use the name without the trailing __FILE.
+# This can be used to carry in Docker secrets.
+for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do
+ VAR_NAME_FILE="$VAR_NAME"__FILE
+ if [ "${!VAR_NAME}" ]; then
+ echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)"
+ exit 1
+ fi
+ echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}"
+ export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")"
+ unset "$VAR_NAME_FILE"
+done
+
+export HOME="$GF_PATHS_HOME"
+
+if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then
+ OLDIFS=$IFS
+ IFS=','
+ for plugin in ${GF_INSTALL_PLUGINS}; do
+ IFS=$OLDIFS
+ if [[ $plugin =~ .*\;.* ]]; then
+ pluginUrl=$(echo "$plugin" | cut -d';' -f 1)
+ pluginWithoutUrl=$(echo "$plugin" | cut -d';' -f 2)
+ grafana-cli --pluginUrl "${pluginUrl}" --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${pluginWithoutUrl}
+ else
+ grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin}
+ fi
+ done
 fi
 
-exec su-exec grafana grafana-server --homepath=/grafana
+exec su-exec grafana grafana-server \
+ --homepath="$GF_PATHS_HOME" \
+ --config="$GF_PATHS_CONFIG" \
+ --packaging=docker \
+ "$@" \
+ cfg:default.log.mode="console" \
+ cfg:default.paths.data="$GF_PATHS_DATA" \
+ cfg:default.paths.logs="$GF_PATHS_LOGS" \
+ cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \
+ cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING"