Refactored container Dockerfiles, updated exclusions, and updated bicep template dependencies

2022-10-31 22:33:50 -07:00 · 2022-10-31 22:33:50 -07:00 · 8a23e57ba8
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@
 .github/workflows
 NOTES.md
 TODO.md
+logs
--- a/deploy/appService.bicep
+++ b/deploy/appService.bicep
@ -22,9 +22,6 @@ param managedIdentityId string
@description('Managed Identity ClientId')
 param managedIdentityClientId string

-@description('Storage Account Name')
-param storageAccountName string
-
@description('Log Analytics Worskpace ID')
 param workspaceId string

@ -45,10 +42,6 @@ var dockerCompose = loadTextContent('../docker-compose.prod.yml')
 var dockerComposeReplace = replace(dockerCompose, 'azureipam.azurecr.io', acrUri)
 var dockerComposeEncode = base64(dockerComposeReplace)

-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = {
-  name: storageAccountName
-}
-
 resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
  name: appServicePlanName
  location: location
@ -129,15 +122,6 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = {
          value: 'true'
        }
      ]
-      azureStorageAccounts: {
-        nginx: {
-          type: 'AzureBlob'
-          accountName: storageAccountName
-          shareName: 'nginx'
-          mountPath: '/nginx'
-          accessKey: listkeys(storageAccount.id, storageAccount.apiVersion).keys[0].value
-        }
-      }
    }
  }
 }
--- a/deploy/deploy.ps1
+++ b/deploy/deploy.ps1
@ -198,7 +198,13 @@ $ErrorActionPreference = "Stop"
 $Env:SuppressAzurePowerShellBreakingChangeWarnings = $true

 # Set Log File Location
-$logFile = "./deploy_$(get-date -format `"yyyyMMddhhmmsstt`").log"
+$logPath = [Io.Path]::Combine('..', 'logs')
+New-Item -ItemType Directory -Force -Path $logpath | Out-Null
+
+$errorLog = Join-Path -Path $logPath -ChildPath "error_$(get-date -format `"yyyyMMddhhmmsstt`").log"
+$transcriptLog = Join-Path -Path $logPath -ChildPath "deploy_$(get-date -format `"yyyyMMddhhmmsstt`").log"              
+
+Start-Transcript -Path $transcriptLog | Out-Null

 Function Test-Location {
  Param(
@ -690,10 +696,6 @@ Function Update-UIApplication {
 Write-Host
 Write-Host "NOTE: IPAM Deployment Type: $($PSCmdlet.ParameterSetName)" -ForegroundColor Magenta

-$logPath = [Io.Path]::Combine('..', 'logs')                  
-New-Item -ItemType Directory -Force -Path $logpath | Out-Null
-Start-Transcript -Path $logPath
-
 try {
  if($PrivateAcr) {
    # Verify Minimum Azure CLI Version
@ -804,18 +806,9 @@ try {
    Write-Host "INFO: Building and pushing container images to Azure Container Registry" -ForegroundColor Green
    Write-Verbose -Message "Building and pushing container images to Azure Container Registry"

-    $enginePath = [Io.Path]::Combine('..', 'engine')
-    $engineDockerFile = Join-Path -Path $enginePath -ChildPath 'Dockerfile.rhel'
-    $functionDockerFile = Join-Path -Path $enginePath -ChildPath 'Dockerfile.func'
-
-    $uiPath = [Io.Path]::Combine('..', 'ui')
-    $uiDockerFile = Join-Path -Path $uiPath -ChildPath 'Dockerfile.rhel'
-
-    $lbPath = [Io.Path]::Combine('..', 'lb')
-    $lbDockerFile = Join-Path -Path $lbPath -ChildPath 'Dockerfile'
-
    $containerMap = @{
      Debian = @{
+        Extension = "deb"
        Port = 80
        Images = @{
          UI     = 'node:16-slim'
@ -824,6 +817,7 @@ try {
        }
      }
      RHEL = @{
+        Extension = "rhel"
        Port = 8080
        Images = @{
          UI     = 'registry.access.redhat.com/ubi8/nodejs-16'
@ -832,7 +826,17 @@ try {
        }
      }
    }
-  
+
+    $enginePath = [Io.Path]::Combine('..', 'engine')
+    $engineDockerFile = Join-Path -Path $enginePath -ChildPath "Dockerfile.$($containerMap[$ContainerType].Extension)"
+    $functionDockerFile = Join-Path -Path $enginePath -ChildPath 'Dockerfile.func'
+
+    $uiPath = [Io.Path]::Combine('..', 'ui')
+    $uiDockerFile = Join-Path -Path $uiPath -ChildPath "Dockerfile.$($containerMap[$ContainerType].Extension)"
+
+    $lbPath = [Io.Path]::Combine('..', 'lb')
+    $lbDockerFile = Join-Path -Path $lbPath -ChildPath "Dockerfile"
+
    if($AsFunction) {
      # WRITE-HOST "INFO: Building Function container ($ContainerType)..." -ForegroundColor Green
      # Write-Verbose -Message "INFO: Building Function container ($ContainerType)..."
@ -942,14 +946,14 @@ try {
    Write-Host $updateAddr -ForegroundColor White
    Write-Host "##############################################" -ForegroundColor Yellow
  }
-
-  Write-Host
 }
 catch {
-  $_ | Out-File -FilePath $logFile -Append
-  Write-Host "ERROR: Unable to deploy Azure IPAM solution due to an exception, see $logFile for detailed information!" -ForegroundColor red
-  Stop-Transcript
+  $_ | Out-File -FilePath $errorLog -Append
+  Write-Host "ERROR: Unable to deploy Azure IPAM solution due to an exception, see $transcriptLog and $errorLog for detailed information!" -ForegroundColor red
+  Write-Host
+  Stop-Transcript | Out-Null
  exit
 }

-Stop-Transcript
+Write-Host
+Stop-Transcript | Out-Null
--- a/deploy/main.bicep
+++ b/deploy/main.bicep
@ -104,7 +104,7 @@ module cosmos 'cosmos.bicep' = {
  }
 }

-// Storage Account for Nginx Config/ Function Metadata
+// Storage Account for Nginx Config/Function Metadata
 module storageAccount 'storageAccount.bicep' = if (deployAsFunc) {
  scope: resourceGroup
  name: 'storageAccountModule'
@ -142,7 +142,6 @@ module appService 'appService.bicep' = if (!deployAsFunc) {
    cosmosDbUri: cosmos.outputs.cosmosDocumentEndpoint
    managedIdentityId: managedIdentity.outputs.id
    managedIdentityClientId: managedIdentity.outputs.clientId
-    storageAccountName: storageAccount.outputs.name
    workspaceId: logAnalyticsWorkspace.outputs.workspaceId
    privateAcr: privateAcr
    privateAcrUri: privateAcr ? containerRegistry.outputs.acrUri : ''
@ -162,7 +161,7 @@ module functionApp 'functionApp.bicep' = if (deployAsFunc) {
    cosmosDbUri: cosmos.outputs.cosmosDocumentEndpoint
    managedIdentityId: managedIdentity.outputs.id
    managedIdentityClientId: managedIdentity.outputs.clientId
-    storageAccountName: storageAccount.outputs.name
+    storageAccountName: resourceNames.storageAccountName
    workspaceId: logAnalyticsWorkspace.outputs.workspaceId
    privateAcr: privateAcr
    privateAcrUri: privateAcr ? containerRegistry.outputs.acrUri : ''
--- a/engine/.dockerignore
+++ b/engine/.dockerignore
@ -1 +1,5 @@
 local.settings.json
+Dockerfile.*
+.devcontainer
+*.example
+.gitignore
--- a/engine/Dockerfile.deb
+++ b/engine/Dockerfile.deb
@ -0,0 +1,29 @@
+ARG BASE_IMAGE=python:3.9-slim
+FROM $BASE_IMAGE
+
+ARG PORT=80
+
+# Set Environment Variable
+ENV PORT=${PORT}
+
+# Set the Working Directory
+WORKDIR /ipam
+
+# Copy Requirements File
+ADD ./requirements.txt .
+
+# Install Dependencies
+RUN pip install --no-cache-dir --upgrade -r ./requirements.txt --progress-bar off
+
+# Copy Application Scripts & Sources
+ADD ./app ./app
+ADD ./init.sh .
+
+# Set Script Execute Permissions
+RUN chmod +x init.sh
+
+# Expose Port
+EXPOSE $PORT
+
+# Execute Startup Script
+ENTRYPOINT ./init.sh ${PORT}
--- a/engine/Dockerfile.prod
+++ b/engine/Dockerfile.prod
@ -1,13 +0,0 @@
-FROM python:3.9-slim
-
-WORKDIR /code
-
-COPY ./requirements.txt /code/requirements.txt
-
-RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt --progress-bar off
-
-COPY ./app /code/app
-
-EXPOSE 80
-
-CMD uvicorn "app.main:app" --reload --host "0.0.0.0" --port 80
--- a/engine/Dockerfile.rhel
+++ b/engine/Dockerfile.rhel
@ -1,26 +1,33 @@
-ARG BASE_IMAGE=python:3.9-slim
+ARG BASE_IMAGE=registry.access.redhat.com/ubi8/python-39
 FROM $BASE_IMAGE

-ARG PORT=80
+ARG PORT=8080

 # Set Environment Variable
 ENV PORT=${PORT}

+# Set the Working Directory
+WORKDIR /ipam
+
+# Switch to Root User
+USER root
+
 # Copy Requirements File
-ADD ./requirements.txt $HOME
+ADD ./requirements.txt /ipam

 # Install Dependencies
 RUN pip install --no-cache-dir --upgrade -r ./requirements.txt --progress-bar off

 # Copy Application Scripts & Sources
-ADD ./init.sh $HOME
-ADD ./app $HOME/app
-
-# Switch to Root User
-USER root
+ADD ./app ./app
+ADD ./init.sh .

 # Set Script Execute Permissions
 RUN chmod +x init.sh
+RUN chown -R 1001:0 /ipam
+
+# Switch to Standard User
+USER 1001

 # Expose Port
 EXPOSE $PORT
--- a/lb/Dockerfile
+++ b/lb/Dockerfile
@ -5,7 +5,7 @@ FROM $BASE_IMAGE
 RUN ln -sf /dev/stdout /var/log/nginx/access.log
 RUN ln -sf /dev/stderr /var/log/nginx/error.log

-COPY default.dev.conf /etc/nginx/nginx.conf
+COPY nginx.conf /etc/nginx/nginx.conf

 # Run script uses standard ways to run the application
 CMD nginx -g "daemon off;"
--- a/lb/nginx.conf
+++ b/lb/nginx.conf
@ -4,13 +4,13 @@ http {
    # include /etc/nginx/conf.d/*.conf;

    upstream ui {
-        server ipam-ui-dev;
-        server ipam-ui-dev:8080 backup;
+        server ipam-ui;
+        server ipam-ui:8080 backup;
    }

    upstream engine {
-        server ipam-engine-dev;
-        server ipam-engine-dev:8080 backup;
+        server ipam-engine;
+        server ipam-engine:8080 backup;
    }

    server {
--- a/ui/.dockerignore
+++ b/ui/.dockerignore
@ -1,5 +1,6 @@
 node_modules
 build
 .dockerignore
-Dockerfile
-Dockerfile.prod
+Dockerfile.*
+*.example
+.gitignore
--- a/ui/Dockerfile.deb
+++ b/ui/Dockerfile.deb
@ -0,0 +1,29 @@
+ARG BASE_IMAGE=node:16-slim
+FROM $BASE_IMAGE
+
+ARG PORT=80
+
+# Set Environment Variable
+ENV PORT=${PORT}
+
+# Set the Working Directory
+WORKDIR /ipam
+
+# Add Application Sources
+ADD . .
+
+# Install Dependencies
+RUN npm install
+
+# Build Application
+RUN npm run build
+
+# Set Script Execute Permissions
+RUN chmod +x init.sh
+RUN rm -rf src
+
+# Expose Port
+EXPOSE $PORT
+
+# Execute Startup Script
+ENTRYPOINT ./init.sh ${PORT}
--- a/ui/Dockerfile.prod
+++ b/ui/Dockerfile.prod
@ -1,26 +0,0 @@
-FROM node:16-slim
-
-# Set Working Directory
-WORKDIR /app
-
-# Add `/app/node_modules/.bin` to $PATH
-ENV PATH /app/node_modules/.bin:$PATH
-
-# Copy Node Package Files
-COPY package.json ./
-COPY package-lock.json ./
-
-# Install Dependencies
-RUN npm install
-
-# Copy Application Code
-COPY . ./
-
-# Build Application
-RUN npm run build
-
-# Expose Port
-EXPOSE 80
-
-# Inject ENV Variables & Start Server
-CMD npx --yes react-inject-env set && npx --yes http-server -a 0.0.0.0 -P http://localhost? -p 80 build
--- a/ui/Dockerfile.rhel
+++ b/ui/Dockerfile.rhel
@ -1,13 +1,19 @@
-ARG BASE_IMAGE=node:16-slim
+ARG BASE_IMAGE=registry.access.redhat.com/ubi8/nodejs-16
 FROM $BASE_IMAGE

-ARG PORT=80
+ARG PORT=8080

 # Set Environment Variable
 ENV PORT=${PORT}

+# Set the Working Directory
+WORKDIR /ipam
+
+# Switch to Root User
+USER root
+
 # Add Application Sources
-ADD . $HOME
+ADD . .

 # Install Dependencies
 RUN npm install
@ -15,11 +21,13 @@ RUN npm install
 # Build Application
 RUN npm run build

-# Switch to Root User
-USER root
-
 # Set Script Execute Permissions
 RUN chmod +x init.sh
+RUN rm -rf src
+RUN chown -R 1001:0 /ipam
+
+# Switch to Standard User
+USER 1001

 # Expose Port
 EXPOSE $PORT
--- a/ui/default.nginx.conf
+++ b/ui/default.nginx.conf
@ -1,24 +0,0 @@
-# This is a default site configuration which will simply return 404, preventing
-# chance access to any other virtualhost.
-
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    # Backend
-    location /api {
-        proxy_pass http://ipam-engine;
-    }
-
-    # Frontend
-    location / {
-        root      /usr/share/nginx/html;
-        index     index.html index.htm;
-        try_files $uri /index.html;
-    }
-
-    # You may need this to prevent return 404 recursion.
-    location = /404.html {
-        internal;
-    }
-}