Add own-apache-container

Author: rbo

own-apache-container/Dockerfile

@@ -0,0 +1,45 @@
+FROM registry.access.redhat.com/rhel7/rhel:7.6
+# docker run -ti registry.redhat.io/rhel7:7.6 bash
+# https://github.com/sclorg/httpd-container
+
+ENV HTTPD_CONTAINER_SCRIPTS_PATH=/container-scripts/ \
+    HTTPD_APP_ROOT=/app \
+    HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/httpd.d \
+    HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
+    HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d \
+    HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
+    HTTPD_VAR_RUN=/run/httpd
+
+RUN yum install -y yum-utils && \
+    yum-config-manager --enable rhel-server-rhscl-7-rpms && \
+    INSTALL_PKGS="httpd nss_wrapper gettext" && \
+    yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    yum -y clean all --enablerepo='*'
+
+ADD container-scripts/* /container-scripts/
+
+RUN sed -i -e 's/^Listen 80/Listen 0.0.0.0:8080/' ${HTTPD_MAIN_CONF_PATH}/httpd.conf && \
+    chmod 644 ${HTTPD_MAIN_CONF_PATH}/* && \
+    chmod 755 ${HTTPD_MAIN_CONF_PATH} && \
+    chmod 644 ${HTTPD_MAIN_CONF_D_PATH}/* && \
+    chmod 755 ${HTTPD_MAIN_CONF_D_PATH} && \
+    chmod 644 ${HTTPD_MAIN_CONF_MODULES_D_PATH}/* && \
+    chmod 755 ${HTTPD_MAIN_CONF_MODULES_D_PATH} && \
+    chmod 777 ${HTTPD_VAR_RUN} && \
+    chmod 777 /var/log/httpd/ && \
+    sed -i -e "s/^User apache/User default/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf  && \
+    sed -i -e "s/^Group apache/Group root/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf && \
+    chmod +x /container-scripts/entrypoint.sh && \
+    mkdir ${HTTPD_APP_ROOT} && \
+    chmod 775   ${HTTPD_APP_ROOT} 
+
+
+# docker build . -f Dockerfile.anyuid -t httpd && docker run -ti -p 8080:8080 --user 1234 --entrypoint bash httpd
+
+EXPOSE 8080
+
+VOLUME [ "/var/www/html/" ]
+
+# https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact
+ENTRYPOINT ["/container-scripts/entrypoint.sh"]

own-apache-container/README.adoc

@@ -0,0 +1,55 @@
+# Build Images
+
+    oc new-build https://github.com/rbo/openshift-examples.git \
+    --context-dir=own-apache-container --name httpd
+
+    oc new-build https://github.com/rbo/openshift-examples.git \
+    --context-dir=own-apache-container/anyuid --name httpd-anyuid
+
+
+# Deploy Images
+
+    oc new-app httpd
+    oc expose svc/httpd
+
+    oc new-app httpd-anyuid
+    oc expose svc/httpd-anyuid
+    # FAIL, because by default it is not allowed to run POD's with uid 0
+
+    # Create service account
+    oc create sa anyuid
+
+    # Add privileges to service account to run POD's with uid 0
+    oc adm policy add-scc-to-user -z anyuid anyuid 
+
+    oc patch dc/httpd-anyuid --patch '{"spec":{"template":{"spec":{"serviceAccount": "anyuid", "serviceAccountName": "anyuid"}}}}'
+
+# Add persistent volume
+
+```
+cat <<EOF | oc apply -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+    annotations:
+        volume.beta.kubernetes.io/storage-provisioner: kubernetes.io/glusterfs
+    name: httpd
+spec:
+    accessModes:
+    - ReadWriteMany
+    resources:
+        requests:
+            storage: 1Gi
+    storageClassName: glusterfs-ocs
+EOF
+```
+
+    oc get pvc --watch
+
+    oc set volume dc/httpd --add --name=httpd-volume-1 -t pvc --claim-name=httpd --overwrite  --mount-path=/var/www/html/
+
+    oc set volume dc/httpd-anyuid --add --name=httpd-anyuid-volume-1 -t pvc --claim-name=httpd --overwrite  --mount-path=/var/www/html/
+
+# Rollback 
+
+    oc rollback dc/httpd-anyuid

own-apache-container/anyuid/Dockerfile

@@ -0,0 +1,18 @@
+FROM registry.access.redhat.com/rhel7/rhel:7.6
+# docker run -ti registry.redhat.io/rhel7:7.6 bash
+
+RUN yum install -y httpd && \
+    yum clean -y all && \
+    rm -rf   /var/cache/yum/*
+
+RUN sed -i -e 's/^Listen 80/Listen 0.0.0.0:8080/' /etc/httpd/conf/httpd.conf
+
+
+# docker build . -f Dockerfile.anyuid -t httpd && docker run -ti -p 8080:8080 --user 1234 --entrypoint bash httpd
+
+EXPOSE 8080
+
+VOLUME [ "/var/www/html/" ]
+
+# https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact
+ENTRYPOINT ["httpd","-DFOREGROUND"]

own-apache-container/container-scripts/entrypoint.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -eu
+
+# Set current user in nss_wrapper
+passwd_output_dir="${HTTPD_APP_ROOT}/etc"
+mkdir -p ${passwd_output_dir}
+export USER_ID=$(id -u)
+export GROUP_ID=$(id -g)
+envsubst < ${HTTPD_CONTAINER_SCRIPTS_PATH}/passwd.template > ${passwd_output_dir}/passwd
+export LD_PRELOAD=libnss_wrapper.so
+export NSS_WRAPPER_PASSWD=${passwd_output_dir}/passwd
+export NSS_WRAPPER_GROUP=/etc/group
+
+
+exec httpd -D FOREGROUND $@

own-apache-container/container-scripts/passwd.template

@@ -0,0 +1,15 @@
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+games:x:12:100:games:/usr/games:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:99:99:Nobody:/:/sbin/nologin
+default:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/sbin/nologin
+apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin