Docker images reference

Docker container images

See the background information for details on how this structure fits together.

The top-level build/ directory houses all of the container image building machinery. Within this directory, there are 2 sub-folders:

  • packer/ - Packer-specific scripts and config
    • docker/ - houses Packer JSON build config files for each container image
      • packaging-pipeline.json - based on drud/ddev-webserver, with our Python scripts deployed into it.
      • test-worker.json - based on Ubuntu Focal, with Python, Celery, and TUF libraries installed
      • rabbitmq.json - based on upstream RabbitMQ image, with custom credentials injected and exported to persist on the container volume
    • scripts/ - shell scripts to manage simple provisioning steps (eg. apt install)
  • ansible/ - houses the Ansible playbooks and roles for more complex provisioning
    • *.yml - Ansible playbooks run via Packer during container builds, to provision and test the images
    • roles/rugged.workers/ - Ansible role with tasks to provision dependencies, system users/dirs, configure Supervisor and deploy Python/Celery code.

Images and services

  • packaging-pipeline
    • port 80/443: nginx (serving Satis composer repository + Drupal site)
    • also houses and other “packaging pipeline” scripts
  • rabbitmq
  • flower
  • test-worker
    • supervisord managed Celery app staying up and running

Provisioning scripts

  • - configure and install some base Apt setup
  • - clean unnecessary apt packages
  • - install critical PHP packages
  • - install core Python packages
  • - install some utility packages

There are currently some extra scripts we introduced custom to this project, which should get deduplicated shortly against the ones above, coming from Drumkit upstream.

Ansible playbooks and roles

  • build/ansible/*.yml

    • rabbitmq.yml - Playbook to build rabbitmq container with custom user/password baked in.
    • packaging-pipeline.yml - Playbook to build web frontend container, by triggering tuf.workers task packaging-pipeline.yml
    • packaging-pipeline-test.yml - Playbook to test the frontend container, by calling --help to confirm it’s present and runs without error.
    • test-worker.yml - Playbook to provision the test-worker container, by calling tuf.workers task test-worker.yml to provision worker script and arrange / to start Supervisor.
    • test-worker-test.yml - Playbook to test test-worker container, by confirming the container starts Supervisor and the Celery worker itself.
  • build/ansible/roles/rugged.workers

    • files/* - symlinks to the Python scripts
    • tasks/* - tasks to provision the workers and scripts, called by the playbooks above.
    • templates/worker.conf.j2 - Supervisor config template, to manage the worker