4teamwork
diff --git a/‎changes/GH-8183-1.feature‎
Lines changed: 1 addition & 0 deletions b/‎changes/GH-8183-1.feature‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎changes/GH-8183-2.feature‎
Lines changed: 1 addition & 0 deletions b/‎changes/GH-8183-2.feature‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docker-compose.yml‎ ‎compose.yaml‎docker-compose.yml renamed to compose.yaml
Lines changed: 62 additions & 58 deletions b/‎docker-compose.yml‎ ‎compose.yaml‎docker-compose.yml renamed to compose.yaml
Lines changed: 62 additions & 58 deletions
diff --git a/‎docker/core/Dockerfile‎
Lines changed: 17 additions & 32 deletions b/‎docker/core/Dockerfile‎
Lines changed: 17 additions & 32 deletions
@@ -0,0 +1 @@
+Add support for serving blobs through ZEO server. This allows us to use PVCs with access mode RWO in Kubernetes. [buchi]
@@ -0,0 +1 @@
+Add healthcheck script which can be used for readiness probes. [buchi]
@@ -1,49 +1,4 @@
 services:
-  httpd:
-    image: 4teamwork/oghttpd:latest
-    build:
-      context: .
-      dockerfile: ./docker/httpd/Dockerfile
-    ports:
-      - "8088:80"
-    depends_on:
-      - ogui
-      - ogcore
-    environment:
-      - HTTP_PROTOCOL=http
-      - HTTP_PORT=8088
-      - PORTAL_HOST=ianus-frontend
-    profiles:
-      - all
-  msgconvert:
-    image: 4teamwork/msgconvert:latest
-    ports:
-      - 8090:8080
-  sablon:
-    image: 4teamwork/sablon:latest
-    ports:
-      - 8091:8080
-  pdflatex:
-    image: 4teamwork/pdflatex:latest
-    ports:
-      - 8092:8080
-  weasyprint:
-    image: 4teamwork/weasyprint:latest
-    ports:
-      - 8093:8080
-  clamav:
-    image: clamav/clamav:latest
-    ports:
-      - '3310:3310'
-    volumes:
-      - clam_db:/var/lib/clamav
-      - ./clamav/clamd.conf:/etc/clamav/clamd.conf
-    profiles:
-      - clamav
-  ogui:
-    image: 4teamwork/ogui:latest
-    profiles:
-      - all
   ogcore: &ogcore
     build:
       context: .
@@ -52,7 +7,7 @@ services:
         - gldt
     image: 4teamwork/ogcore:latest
     volumes:
-      - ./var/ogcore:/data
+      - ogcore:/data
     ports:
       - "8080:8080"
       - "8160:8160"
@@ -82,7 +37,7 @@ services:
   zeoserver:
     image: 4teamwork/zeoserver:4.3.20
     volumes:
-      - ./var/ogcore:/data
+      - ogcore:/data
     profiles:
       - all
       - ogcore
@@ -117,7 +72,7 @@ services:
       dockerfile: ./docker/solr/Dockerfile
     command: solr-foreground
     volumes:
-      - ./var/solr:/var/solr/data
+      - solr:/var/solr
     environment:
       - SOLR_CORES=development testing functionaltesting testserver
     ports:
@@ -126,15 +81,6 @@ services:
       nofile:
         soft: 65000
         hard: 65000
-  redis:
-    image: redis:6.2-alpine
-    command:
-      - redis-server
-      - --save 60 1
-    ports:
-      - 6379:6379
-    volumes:
-      - ./var/redis:/data
   ldap:
     image: bitnami/openldap:2.6
     ports:
@@ -145,8 +91,62 @@ services:
       - LDAP_ROOT=dc=dev,dc=onegovgever,dc=ch
       - LDAP_ADMIN_DN=cn=admin,dc=dev,dc=onegovgever,dc=ch
     volumes:
+      - ldap:/bitnami/openldap
       - ./docker/ldap.ldif:/ldifs/ldap.ldif
-      - ./var/openldap:/bitnami/openldap
+  redis:
+    image: redis:6.2-alpine
+    command:
+      - redis-server
+      - --save 60 1
+    ports:
+      - 6379:6379
+    volumes:
+      - redis:/data
+  ogui:
+    image: 4teamwork/ogui:latest
+    profiles:
+      - all
+  httpd:
+    image: 4teamwork/oghttpd:latest
+    build:
+      context: .
+      dockerfile: ./docker/httpd/Dockerfile
+    ports:
+      - "8088:80"
+    depends_on:
+      - ogui
+      - ogcore
+    environment:
+      - HTTP_PROTOCOL=http
+      - HTTP_PORT=8088
+      - PORTAL_HOST=ianus-frontend
+    profiles:
+      - all
+  msgconvert:
+    image: 4teamwork/msgconvert:latest
+    ports:
+      - 8090:8080
+  sablon:
+    image: 4teamwork/sablon:latest
+    ports:
+      - 8091:8080
+  pdflatex:
+    image: 4teamwork/pdflatex:latest
+    ports:
+      - 8092:8080
+  weasyprint:
+    image: 4teamwork/weasyprint:latest
+    ports:
+      - 8093:8080
+  clamav:
+    image: clamav/clamav:latest
+    ports:
+      - '3310:3310'
+    volumes:
+      - clam_db:/var/lib/clamav
+      - ./clamav/clamd.conf:/etc/clamav/clamd.conf
+    profiles:
+      - clamav
   mta:
     image: 4teamwork/ogmta:latest
     build:
@@ -289,7 +289,11 @@ services:
       - kub
 
 volumes:
+  ogcore:
   ogds:
+  solr:
+  ldap:
+  redis:
   clam_db:
   kub_db:
   kub_media:
 
@@ -1,37 +1,22 @@
-# pkg builder
-# -----------------------------------------------------------------------------
-FROM alpine:3.20 AS pkg-builder
-
-RUN apk -U add \
-    sudo \
-    alpine-sdk \
-    apkbuild-pypi
-
-RUN mkdir -p /var/cache/distfiles && \
-    adduser -D packager && \
-    addgroup packager abuild && \
-    chgrp abuild /var/cache/distfiles && \
-    chmod g+w /var/cache/distfiles && \
-    echo "packager ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
-
-WORKDIR /work
-USER packager
-
-RUN abuild-keygen -a -i -n
-
-COPY --chown=packager:packager ./docker/core/packages/ ./
-
-RUN cd openssl1.1-compat && \
-    abuild -r
+ARG ALPINE_VERSION=3.22
 
 # ogcore builder
 # -----------------------------------------------------------------------------
-FROM 4teamwork/plone:4.3.20-alpine3.20 AS builder
+FROM 4teamwork/plone:4.3.20-alpine${ALPINE_VERSION} AS builder
 USER root
 
-RUN --mount=from=pkg-builder,source=/home/packager/packages/work,target=/packages \
-    --mount=from=pkg-builder,source=/etc/apk/keys,target=/etc/apk/keys \
-    apk --repository /packages add \
+RUN apk add curl
+
+RUN --mount=type=secret,id=gldt \
+    export GITLAB_DEPLOY_TOKEN=$(cat /run/secrets/gldt) && \
+    if [ $(uname -m) == "x86_64" ]; \
+    then curl -v -O https://__token__:$GITLAB_DEPLOY_TOKEN@git.4teamwork.ch/api/v4/projects/492/packages/generic/openssl1.1-compat-dev/1.1.1w-r1/openssl1.1-compat-dev-1.1.1w-r1.apk; \
+    else curl -v -O https://__token__:$GITLAB_DEPLOY_TOKEN@git.4teamwork.ch/api/v4/projects/493/packages/generic/openssl1.1-compat-dev/1.1.1w-r1/openssl1.1-compat-dev-1.1.1w-r1.apk; \
+    fi && \
+    apk add --allow-untrusted openssl1.1-compat-dev-1.1.1w-r1.apk && \
+    rm openssl1.1-compat-dev-1.1.1w-r1.apk
+
+RUN apk add \
     gcc \
     musl-dev \
     libc-dev \
@@ -41,7 +26,6 @@ RUN --mount=from=pkg-builder,source=/home/packager/packages/work,target=/package
     libxml2-dev \
     libxslt-dev \
     openldap-dev \
-    openssl1.1-compat-dev \
     libffi-dev \
     libpq \
     libpq-dev \
@@ -93,6 +77,7 @@ RUN chown -R plone:plone /app/etc
 COPY ./docker/core/entrypoint.d /app/entrypoint.d
 COPY ./docker/core/docker-entrypoint.sh ./docker/core/inituser /app/
 COPY ./docker/core/zopectl /app/bin/
+COPY ./docker/core/healthcheck.py /app/bin/
 COPY --chown=plone ./docker/core/cron /app/cron
 RUN chmod 644 /app/cron/crontab
 
@@ -125,7 +110,7 @@ RUN python2.7 -m compileall /app/lib/python2.7/site-packages/plone/app/theming/t
 
 # go-crond builder
 # -----------------------------------------------------------------------------
-FROM golang:1.23-alpine3.20 AS go-crond-builder
+FROM golang:1.23-alpine${ALPINE_VERSION} AS go-crond-builder
 
 RUN apk upgrade --no-cache --force
 RUN apk add --update build-base make git
@@ -145,7 +130,7 @@ RUN make build
 
 # ogcore production image
 # -----------------------------------------------------------------------------
-FROM 4teamwork/plone:4.3.20-alpine3.20 AS prod
+FROM 4teamwork/plone:4.3.20-alpine${ALPINE_VERSION} AS prod
 
 USER root
 RUN apk add \
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Add support for serving blobs through ZEO server. This allows us to use PVCs with access mode RWO in Kubernetes. [buchi]`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Add healthcheck script which can be used for readiness probes. [buchi]`