From 28f11439769f3402b8feff2830dfef8c700cbd9c Mon Sep 17 00:00:00 2001 From: Eduard Marbach Date: Wed, 4 Nov 2020 17:36:00 +0100 Subject: [PATCH 1/4] fix: dev build contains all optional req - requires base image to be full fledged python -> results in bigger image size for dev. --- .github/workflows/main.yml | 76 ++++++++++++++++++++++--------------- docker-files/Dockerfile | 25 ++++-------- docker-files/dev.Dockerfile | 37 ++++++++++++++++++ 3 files changed, 91 insertions(+), 47 deletions(-) create mode 100644 docker-files/dev.Dockerfile diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 95ee7fb1..6eebfb0c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,5 +1,8 @@ name: CI +env: + DEFAULT_DOCKER_IMAGE: nicolargo/glances + on: pull_request: branches: [ develop ] @@ -15,33 +18,45 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Prepare - id: prepare + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set envs env: - DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }} + DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE || env.DEFAULT_DOCKER_IMAGE }} DOCKER_PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64,linux/386 run: | + DOCKERFILE=./docker-files/dev.Dockerfile + PUSH_IMAGE=false VERSION=latest - + + if [[ $GITHUB_REF == refs/heads/master ]]; then + PUSH_IMAGE=true + fi + if [[ $GITHUB_REF == refs/tags/* ]]; then VERSION=${GITHUB_REF#refs/tags/v} + PUSH_IMAGE=true + DOCKERFILE=./docker-files/Dockerfile fi + if [[ $GITHUB_REF == refs/heads/develop ]]; then VERSION=dev + PUSH_IMAGE=true fi - TAGS="--tag ${DOCKER_IMAGE}:${VERSION}" - if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - TAGS="$TAGS --tag ${DOCKER_IMAGE}:latest" - fi - - echo ::set-output name=docker_image::${DOCKER_IMAGE} - echo ::set-output name=version::${VERSION} - echo ::set-output name=buildx_args::--platform ${DOCKER_PLATFORMS} \ - --build-arg VERSION=${VERSION} \ - --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ - --build-arg VCS_REF=${GITHUB_SHA::8} \ - ${TAGS} --file ./docker-files/Dockerfile ./docker-files/ + echo "DOCKERFILE=${DOCKERFILE}" >> $GITHUB_ENV + echo "VERSION=${VERSION}" >> $GITHUB_ENV + echo "PUSH_IMAGE=${PUSH_IMAGE}" >> $GITHUB_ENV + echo "TAGS=${DOCKER_IMAGE}:${VERSION}" >> $GITHUB_ENV + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV + echo "VCS_REF=${GITHUB_SHA::8}" >> $GITHUB_ENV + echo "PLATFORMS=${DOCKER_PLATFORMS}" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -54,23 +69,24 @@ jobs: with: version: latest - - name: Docker Buildx (build) - run: | - docker buildx build --output "type=image,push=false" ${{ steps.prepare.outputs.buildx_args }} - - name: Login to DockerHub - if: success() && github.event_name != 'pull_request' uses: docker/login-action@v1 + if: ${{env.PUSH_IMAGE == true}} with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Docker Buildx (push) - if: success() && github.event_name != 'pull_request' - run: | - docker buildx build --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }} - - - name: Inspect image - if: always() && github.event_name != 'pull_request' - run: | - docker buildx imagetools inspect ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + push: ${{env.PUSH_IMAGE == true}} + tags: ${{env.TAGS}} + build-args: | + VERSION=${{env.VERSION}} + BUILD_DATE=${{env.BUILD_DATE}} + VCS_REF=${{env.VCS_REF}} + context: . + file: ${{env.DOCKERFILE}} + platforms: ${{env.PLATFORMS}} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache,mode=max diff --git a/docker-files/Dockerfile b/docker-files/Dockerfile index b5eaeb2d..2a169c92 100644 --- a/docker-files/Dockerfile +++ b/docker-files/Dockerfile @@ -13,25 +13,16 @@ ENV DEBIAN_FRONTEND noninteractive RUN \ apt-get update && \ apt-get install -y \ - curl \ - gcc \ - lm-sensors \ - wireless-tools \ - iputils-ping && \ + curl \ + gcc \ + lm-sensors \ + wireless-tools \ + iputils-ping && \ rm -rf /var/lib/apt/lists/* -ARG VERSION -## Install glances -## If version is dev will use git checkout -RUN if [ "$VERSION" = "dev" ] ; then \ - echo Installing dev branch of glances from git; \ - apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* ; \ - pip3 install psutil bottle ; \ - git clone -b develop https://github.com/nicolargo/glances.git ; \ - else \ - echo Installing glances from pip; \ - pip3 install glances[all]; \ - fi +# Force rebuild otherwise it could be cached without rerun +ARG VCS_REF +RUN pip install glances[all] # Define working directory. WORKDIR /glances diff --git a/docker-files/dev.Dockerfile b/docker-files/dev.Dockerfile new file mode 100644 index 00000000..21bdc2a0 --- /dev/null +++ b/docker-files/dev.Dockerfile @@ -0,0 +1,37 @@ +# +# Glances Dockerfile (based on Ubuntu) +# +# https://github.com/nicolargo/glances +# + +ARG ARCH= +FROM ${ARCH}python:3-buster + +# Install package +# Must used calibre package to be able to run external module +ENV DEBIAN_FRONTEND noninteractive +RUN \ + apt-get update && \ + apt-get install -y \ + curl \ + gcc \ + git \ + lm-sensors \ + wireless-tools \ + iputils-ping && \ + rm -rf /var/lib/apt/lists/* + +RUN pip install psutil bottle + +COPY . /glances + +# Define working directory +WORKDIR /glances + +RUN CASS_DRIVER_NO_CYTHON=1 pip install -r optional-requirements.txt + +# EXPOSE PORT (XMLRPC / WebUI) +EXPOSE 61209 61208 + +# Define default command. +CMD python3 -m glances -C /glances/conf/glances.conf $GLANCES_OPT From 3cca1d7982093d9652d15c40eac693c9ee7fa19c Mon Sep 17 00:00:00 2001 From: Wm Salt Hale Date: Wed, 23 Dec 2020 13:18:58 -0800 Subject: [PATCH 2/4] Add instructions about password protecting Docker --- docs/docker.rst | 69 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/docs/docker.rst b/docs/docker.rst index 958c49a3..036ebbc9 100644 --- a/docs/docker.rst +++ b/docs/docker.rst @@ -73,3 +73,72 @@ You can also include Glances container in you own `docker-compose.yml`. Here's a labels: - "traefik.port=61208" - "traefik.frontend.rule=Host:glances.docker.localhost" + +How to protect your Dockerized server (or Web server) with a login/password ? +------------------------------------------------------------------ + +Below are two methods for setting up a login/password to protect Glances running inside a Docker container. + +Option 1 +^^^^^^^^ + +You can enter the running container by entering this command (replacing ``glances_docker`` with the name of your container): + +.. code-block:: console + + docker exec -it glances_docker sh + +and generate the password file (the default login is ``glances``, add the ``--username`` flag if you would like to change it): + +.. code-block:: console + + glances -s --password + +which will prompt you to answer the following questions: + +.. code-block:: console + Define the Glances server password (glances username): + Password (confirm): + Do you want to save the password? [Yes/No]: Yes + +after which you will need to kill the process by entering ``CTRL+C`` (potentially twice), before leaving the container: + +.. code-block:: console + ^C^C + exit + +You will then need to copy the password file to your host machine: + +.. code-block:: console + docker cp glances_docker:/root/.config/glances/glances.pwd ./secrets/glances_password + +and make it visible to your container by adding it to ``docker-compose.yml`` as a ``secret``: + +.. code-block:: yaml + services: + glances: + image: nicolargo/glances:latest + secrets: + - source: glances_password + target: /root/.config/glances/glances.pwd + mode: '0440' + + secrets: + glances_password: + file: ./secrets/glances_password + +Option 2 +^^^^^^^^ + +You can add a ``[passwords]`` block to the Glances configuration file as mentioned elsewhere in the documentation: + +.. code-block:: ini + + [passwords] + # Define the passwords list + # Syntax: host=password + # Where: host is the hostname + # password is the clear password + # Additionally (and optionally) a default password could be defined + localhost=mylocalhostpassword + default=mydefaultpassword From 238b8d16b7be122056e1ba5094b27e9b78672e42 Mon Sep 17 00:00:00 2001 From: Wm Salt Hale Date: Wed, 23 Dec 2020 14:18:08 -0800 Subject: [PATCH 3/4] removed mode from secrets block, expanded docker-compose entry Docker Compose's version of Secrets does not yet support ``uid`, ``guid``, or ``mode``. --- docs/docker.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/docker.rst b/docs/docker.rst index 036ebbc9..c91cbf28 100644 --- a/docs/docker.rst +++ b/docs/docker.rst @@ -115,13 +115,20 @@ You will then need to copy the password file to your host machine: and make it visible to your container by adding it to ``docker-compose.yml`` as a ``secret``: .. code-block:: yaml + version: '3' + services: glances: image: nicolargo/glances:latest + restart: always + environment: + - GLANCES_OPT="-w --password" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + pid: host secrets: - source: glances_password target: /root/.config/glances/glances.pwd - mode: '0440' secrets: glances_password: From b45095591c2e33094f2e0987b5295eca207a807c Mon Sep 17 00:00:00 2001 From: Wm Salt Hale Date: Fri, 25 Dec 2020 12:43:20 -0800 Subject: [PATCH 4/4] fixed code-block formatting --- docs/docker.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/docker.rst b/docs/docker.rst index c91cbf28..1d7e1428 100644 --- a/docs/docker.rst +++ b/docs/docker.rst @@ -97,6 +97,7 @@ and generate the password file (the default login is ``glances``, add the ``--us which will prompt you to answer the following questions: .. code-block:: console + Define the Glances server password (glances username): Password (confirm): Do you want to save the password? [Yes/No]: Yes @@ -104,17 +105,20 @@ which will prompt you to answer the following questions: after which you will need to kill the process by entering ``CTRL+C`` (potentially twice), before leaving the container: .. code-block:: console + ^C^C exit You will then need to copy the password file to your host machine: .. code-block:: console + docker cp glances_docker:/root/.config/glances/glances.pwd ./secrets/glances_password and make it visible to your container by adding it to ``docker-compose.yml`` as a ``secret``: .. code-block:: yaml + version: '3' services: