feat: docker support

torrust · Dec 16, 2022 · 46e1a37 · 46e1a37
1 parent f8700aa
commit 46e1a37
Show file tree

Hide file tree

Showing 14 changed files with 581 additions and 0 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,16 @@
+.git
+.git-blame-ignore
+.github
+.gitignore
+.vscode
+bin/
+config.toml
+config.toml.local
+cSpell.json
+data.db
+docker/
+NOTICE
+README.md
+rustfmt.toml
+storage/
+target/
diff --git a/.env.local b/.env.local
@@ -0,0 +1 @@
+TORRUST_TRACKER_USER_UID=1000
diff --git a/.github/workflows/publish_docker_image.yml b/.github/workflows/publish_docker_image.yml
@@ -0,0 +1,73 @@
+name: Publish docker image
+
+on:
+  push:
+    branches:
+      - 'develop'
+      # todo: only during development of issue 11
+      - 'docker'
+      - 'docker-reorganized-pr'
+    tags:
+      - "v*"
+
+env:
+  # Azure file share volume mount requires the Linux container run as root
+  # https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files#limitations
+  TORRUST_TRACKER_RUN_AS_USER: root
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          components: llvm-tools-preview
+      - uses: Swatinem/rust-cache@v1
+      - name: Run Tests
+        run: cargo test
+
+  dockerhub:
+    needs: test
+    runs-on: ubuntu-latest
+    environment: dockerhub-torrust
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            # For example: torrust/tracker
+            "${{ secrets.DOCKER_HUB_USERNAME }}/${{secrets.DOCKER_HUB_REPOSITORY_NAME }}"
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./Dockerfile
+          build-args: |
+            RUN_AS_USER=${{ env.TORRUST_TRACKER_RUN_AS_USER }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/test_docker.yml b/.github/workflows/test_docker.yml
@@ -0,0 +1,26 @@
+name: Test docker build
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build docker image
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build docker-compose images
+        run: docker compose build
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+.env
 /target
 **/*.rs.bk
 /database.json.bz2

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,80 @@
+FROM clux/muslrust:stable AS chef
+WORKDIR /app
+RUN cargo install cargo-chef
+
+
+FROM chef AS planner
+WORKDIR /app
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+
+FROM chef as development
+WORKDIR /app
+ARG UID=1000
+ARG RUN_AS_USER=appuser
+ARG TRACKER_UDP_PORT=6969
+ARG TRACKER_HTTP_PORT=7070
+ARG TRACKER_API_PORT=1212
+# Add the app user for development
+ENV USER=appuser
+ENV UID=$UID
+RUN adduser --uid "${UID}" "${USER}"
+# Build dependencies
+COPY --from=planner /app/recipe.json recipe.json
+RUN cargo chef cook --recipe-path recipe.json
+# Build the application
+COPY . .
+RUN cargo build --bin torrust-tracker
+USER $RUN_AS_USER:$RUN_AS_USER
+EXPOSE $TRACKER_UDP_PORT/udp
+EXPOSE $TRACKER_HTTP_PORT/tcp
+EXPOSE $TRACKER_API_PORT/tcp  
+CMD ["cargo", "run"]
+
+
+FROM chef AS builder
+WORKDIR /app
+ARG UID=1000
+# Add the app user for production
+ENV USER=appuser
+ENV UID=$UID
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid "${UID}" \
+  "${USER}"  
+# Build dependencies
+COPY --from=planner /app/recipe.json recipe.json
+RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json
+# Build the application
+COPY . .
+RUN cargo build --release --target x86_64-unknown-linux-musl --bin torrust-tracker
+# Strip the binary
+# More info: https://github.com/LukeMathWalker/cargo-chef/issues/149
+RUN strip /app/target/x86_64-unknown-linux-musl/release/torrust-tracker
+
+
+FROM alpine:latest
+WORKDIR /app
+ARG RUN_AS_USER=appuser
+ARG TRACKER_UDP_PORT=6969
+ARG TRACKER_HTTP_PORT=7070
+ARG TRACKER_API_PORT=1212
+RUN apk --no-cache add ca-certificates
+ENV TZ=Etc/UTC
+ENV RUN_AS_USER=$RUN_AS_USER
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder --chown=$RUN_AS_USER \
+  /app/target/x86_64-unknown-linux-musl/release/torrust-tracker \
+  /app/torrust-tracker
+RUN chown -R $RUN_AS_USER:$RUN_AS_USER /app
+USER $RUN_AS_USER:$RUN_AS_USER
+EXPOSE $TRACKER_UDP_PORT/udp
+EXPOSE $TRACKER_HTTP_PORT/tcp
+EXPOSE $TRACKER_API_PORT/tcp
+ENTRYPOINT ["/app/torrust-tracker"]
diff --git a/bin/install.sh b/bin/install.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Generate the default settings file if it does not exist
+if ! [ -f "./config.toml" ]; then
+    cp ./config.toml.local ./config.toml
+fi
+
+# Generate the sqlite database if it does not exist
+if ! [ -f "./storage/database/data.db" ]; then
+    # todo: it should get the path from config.toml and only do it when we use sqlite
+    touch ./storage/database/data.db
+    echo ";" | sqlite3 ./storage/database/data.db
+fi
diff --git a/cSpell.json b/cSpell.json
@@ -9,31 +9,38 @@
         "Bitflu",
         "bools",
         "bufs",
+        "Buildx",
         "byteorder",
         "canonicalize",
         "canonicalized",
         "chrono",
         "clippy",
         "completei",
+        "dockerhub",
         "downloadedi",
         "filesd",
         "Freebox",
         "hasher",
         "hexlify",
+        "hlocalhost",
         "Hydranode",
         "incompletei",
+        "infoschema",
         "intervali",
         "leecher",
         "leechers",
         "libtorrent",
         "Lphant",
         "mockall",
+        "myacicontext",
         "nanos",
         "nextest",
         "nocapture",
         "oneshot",
         "ostr",
         "Pando",
+        "proot",
+        "Quickstart",
         "Rasterbar",
         "repr",
         "reqwest",
@@ -50,9 +57,11 @@
         "thiserror",
         "Torrentstorm",
         "torrust",
+        "torrustracker",
         "typenum",
         "Unamed",
         "untuple",
+        "uroot",
         "Vagaa",
         "Xtorrent",
         "Xunlei"

diff --git a/compose.yaml b/compose.yaml
@@ -0,0 +1,48 @@
+name: torrust
+services:
+
+  tracker:
+    build:
+      context: .
+      target: development
+    user: ${TORRUST_TRACKER_USER_UID:-1000}:${TORRUST_TRACKER_USER_UID:-1000}
+    tty: true
+    networks:
+      - server_side
+    ports:
+      - 6969:6969/udp
+      - 7070:7070
+      - 1212:1212
+    volumes:
+      - ./:/app
+      - ~/.cargo:/home/appuser/.cargo
+    depends_on:
+      - mysql
+
+  mysql:
+    image: mysql:8.0
+    command: '--default-authentication-plugin=mysql_native_password'
+    restart: always
+    healthcheck:
+      test: ['CMD-SHELL', 'mysqladmin ping -h 127.0.0.1 --password="$$(cat /run/secrets/db-password)" --silent']
+      interval: 3s
+      retries: 5
+      start_period: 30s    
+    environment:
+      - MYSQL_ROOT_HOST=%
+      - MYSQL_ROOT_PASSWORD=root_secret_password
+      - MYSQL_DATABASE=torrust_tracker
+      - MYSQL_USER=db_user
+      - MYSQL_PASSWORD=db_user_secret_password
+    networks:
+      - server_side
+    ports:
+      - 3306:3306
+    volumes:
+      - mysql_data:/var/lib/mysql
+
+networks:
+  server_side: {}
+
+volumes:
+  mysql_data: {}
diff --git a/config.toml.local b/config.toml.local
@@ -0,0 +1,34 @@
+log_level = "info"
+mode = "public"
+db_driver = "Sqlite3"
+db_path = "./storage/database/data.db"
+announce_interval = 120
+min_announce_interval = 120
+max_peer_timeout = 900
+on_reverse_proxy = false
+external_ip = "0.0.0.0"
+tracker_usage_statistics = true
+persistent_torrent_completed_stat = false
+inactive_peer_cleanup_interval = 600
+remove_peerless_torrents = true
+
+[[udp_trackers]]
+enabled = false
+bind_address = "0.0.0.0:6969"
+
+[[http_trackers]]
+enabled = false
+bind_address = "0.0.0.0:7070"
+ssl_enabled = false
+ssl_cert_path = ""
+ssl_key_path = ""
+
+[http_api]
+enabled = true
+bind_address = "127.0.0.1:1212"
+ssl_enabled = false
+ssl_cert_path = ""
+ssl_key_path = ""
+
+[http_api.access_tokens]
+admin = "MyAccessToken"