diff options
| author | Yehonal <yehonal.azeroth@gmail.com> | 2022-11-07 13:20:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-07 13:20:48 +0100 |
| commit | e4016823d7ee5e77aa6cb162a3eed584d7b35a87 (patch) | |
| tree | e7f6d18ac7a28b6c097b999efed93bf7e052a505 /docker-compose.yml | |
| parent | 6177ce4688fc34af7cebb0d47a15be1553fbffc1 (diff) | |
feat(CORE): docker permissions and rework (#13454)
- fix docker permissions with mounted volumes on new docker versions (https://github.com/docker/desktop-linux/issues/31)
- fix ac-tools image
- cleanup unused env
- add `cap_add: SYS_NICE` to allow setting process high priority
- fix ccache in docker
- allow to switch between root user (default) to acore user in any container
- fix cache of the downloaded client data
- split docker github actions in 2 parts
- versioning mysql images
- performance improvements
Diffstat (limited to 'docker-compose.yml')
| -rw-r--r-- | docker-compose.yml | 353 |
1 files changed, 235 insertions, 118 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index 6217ed7be7..416d424a5e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,36 +20,17 @@ x-ac-shared-conf: &ac-shared-conf working_dir: /azerothcore environment: AC_DISABLE_INTERACTIVE: "1" - depends_on: - ac-database: - condition: service_healthy -services: -#============================ -# -# Abstract services to extend -# -#============================ - - abstract-bind: - image: local/azerothcore/abstract-bind - volumes: - - .:/azerothcore - # expose some dist folder outside allowing the host to use them - - ${DOCKER_VOL_CONF:-./conf}:/azerothcore/conf - - ${DOCKER_VOL_BIN:-ac-bin}:/azerothcore/env/dist/bin - - ${DOCKER_VOL_ETC:-./env/docker/etc}:/azerothcore/env/dist/etc - # [osxfs optimization]: https://stackoverflow.com/a/63437557/1964544 - - ${DOCKER_VOL_LOGS:-./env/docker/logs}:/azerothcore/env/dist/logs:delegated - - ${DOCKER_VOL_DATA:-./env/docker/data}:/azerothcore/env/dist/data:delegated - profiles: [abstract-service] # do not run this +x-ac-service-conf: &ac-service-conf + <<: *ac-shared-conf + # List can't be merged. See: https://forums.docker.com/t/how-to-merge-a-list-of-volumes-from-an-extension-field-into-the-service-definition/77454 + # volumes: + # - ${DOCKER_VOL_ETC:-./env/docker/etc}:/azerothcore/env/dist/etc + # # [osxfs optimization]: https://stackoverflow.com/a/63437557/1964544 + # - ${DOCKER_VOL_LOGS:-./env/docker/logs}:/azerothcore/env/dist/logs:delegated - abstract-no-bind: - image: local/azerothcore/abstract-no-bind - volumes: - - ac-proj:/azerothcore - profiles: [abstract-service] # do not run this +services: #======================= # # DATABASE @@ -77,6 +58,118 @@ services: timeout: 10s retries: 40 +#====================== +# +# Dev services +# +#====================== + + # + # Used for the build process to avoid the host binding of the /azerothcore + # and speedup the compilation by avoiding the host-container filesystem conversion issue + # on non-ext filesystems. Reference https://stackoverflow.com/a/63437557/1964544 + # + ac-dev-build: + <<: [ *ac-shared-conf ] # merge with + image: acore/ac-wotlk-dev-server:${DOCKER_IMAGE_TAG:-master} + user: ${DOCKER_USER:-root} + cap_add: + - SYS_NICE # CAP_SYS_NICE + build: + context: . + target: dev + dockerfile: ./apps/docker/Dockerfile + args: + USER_ID: ${DOCKER_USER_ID:-1000} + GROUP_ID: ${DOCKER_GROUP_ID:-1000} + DOCKER_USER: ${DOCKER_USER:-acore} + <<: *cache-from + security_opt: + - seccomp:unconfined + env_file: + ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} + volumes: + # expose some dist folder outside allowing the host to use them + - ${DOCKER_VOL_CONF:-./conf}:/azerothcore/conf + - ${DOCKER_VOL_BIN:-ac-bin-dev}:/azerothcore/env/dist/bin + - ${DOCKER_VOL_ETC:-./env/docker/etc}:/azerothcore/env/dist/etc + - ac-build-dev:/azerothcore/var/build + - ac-ccache-dev:/azerothcore/var/ccache + profiles: [dev-build] + + # + # Dev server with the ./azerothcore folder binded from the host + # Please use Linux, WSL2 or any ext-compatible filesystem + # to avoid performance issues + # + ac-dev-server: + <<: [ *ac-shared-conf ] # merge with + tty: true + image: acore/ac-wotlk-dev-server:${DOCKER_IMAGE_TAG:-master} + user: ${DOCKER_USER:-root} + cap_add: + - SYS_NICE # CAP_SYS_NICE + build: + context: . + target: dev + dockerfile: ./apps/docker/Dockerfile + args: + USER_ID: ${DOCKER_USER_ID:-1000} + GROUP_ID: ${DOCKER_GROUP_ID:-1000} + DOCKER_USER: ${DOCKER_USER:-acore} + <<: *cache-from + security_opt: + - seccomp:unconfined + env_file: + ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} + ports: + - ${DOCKER_AUTH_EXTERNAL_PORT:-3724}:3724 + - ${DOCKER_WORLD_EXTERNAL_PORT:-8085}:8085 + - ${DOCKER_SOAP_EXTERNAL_PORT:-7878}:7878 + volumes: + - ${DOCKER_VOL_ROOT:-.}:/azerothcore:cached + # expose some dist folder outside allowing the host to use them + - ${DOCKER_VOL_CONF:-./conf}:/azerothcore/conf + - ${DOCKER_VOL_BIN:-ac-bin-dev}:/azerothcore/env/dist/bin + - ${DOCKER_VOL_ETC:-./env/docker/etc}:/azerothcore/env/dist/etc + # [osxfs optimization]: https://stackoverflow.com/a/63437557/1964544 + - ${DOCKER_VOL_LOGS:-./env/docker/logs}:/azerothcore/env/dist/logs:delegated + - ac-build-dev:/azerothcore/var/build + - ac-ccache-dev:/azerothcore/var/ccache + # client data + - ${DOCKER_VOL_DATA_CAMERAS:-./env/docker/data/Cameras}:/azerothcore/env/dist/data/Cameras + - ${DOCKER_VOL_DATA_DBC:-./env/docker/data/dbc}:/azerothcore/env/dist/data/dbc + - ${DOCKER_VOL_DATA_MAPS:-./env/docker/data/maps}:/azerothcore/env/dist/data/maps + - ${DOCKER_VOL_DATA_VMAPS:-./env/docker/data/vmaps}:/azerothcore/env/dist/data/vmaps + - ${DOCKER_VOL_DATA_MMAPS:-./env/docker/data/mmaps}:/azerothcore/env/dist/data/mmaps + # remount again for the extractors + - ${DOCKER_VOL_DATA_CAMERAS:-./env/docker/data/Cameras}:/azerothcore/env/dist/bin/Cameras + - ${DOCKER_VOL_DATA_DBC:-./env/docker/data/dbc}:/azerothcore/env/dist/bin/dbc + - ${DOCKER_VOL_DATA_MAPS:-./env/docker/data/maps}:/azerothcore/env/dist/bin/maps + - ${DOCKER_VOL_DATA_VMAPS:-./env/docker/data/vmaps}:/azerothcore/env/dist/bin/vmaps + - ${DOCKER_VOL_DATA_MMAPS:-./env/docker/data/mmaps}:/azerothcore/env/dist/bin/mmaps + # this is not the directory of the extracted data! It's the client folder used by the extractors + - ${DOCKER_AC_CLIENT_FOLDER:-./var/client}:/azerothcore/env/dist/bin/Data + profiles: [dev] + depends_on: + ac-database: + condition: service_healthy + + ac-db-import: + <<: *ac-shared-conf + image: acore/ac-wotlk-worldserver-local:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally + command: ./env/dist/bin/dbimport + volumes: + # read-only binaries compiled by ac-dev-server + - ${DOCKER_VOL_BIN:-ac-bin-dev}:/azerothcore/env/dist/bin:ro + - ${DOCKER_VOL_ETC:-./env/docker/etc}:/azerothcore/env/dist/etc + # [osxfs optimization]: https://stackoverflow.com/a/63437557/1964544 + - ${DOCKER_VOL_LOGS:-./env/docker/logs}:/azerothcore/env/dist/logs:delegated + profiles: [local, app, db-import-local] + depends_on: + ac-database: + condition: service_healthy + #======================= # # APP Services @@ -84,16 +177,17 @@ services: #======================= ac-worldserver: - <<: *ac-shared-conf - extends: ${DOCKER_EXTENDS_BIND:-abstract-bind} + <<: *ac-service-conf # merge with ac-service-conf stdin_open: true tty: true + cap_add: + - SYS_NICE # CAP_SYS_NICE command: ./acore.sh run-worldserver image: acore/ac-wotlk-worldserver-local:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally restart: unless-stopped env_file: ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} - user: ${DOCKER_USER:-acore} + user: ${DOCKER_USER:-root} privileged: true build: context: . @@ -107,18 +201,34 @@ services: ports: - ${DOCKER_WORLD_EXTERNAL_PORT:-8085}:8085 - ${DOCKER_SOAP_EXTERNAL_PORT:-7878}:7878 + volumes: + # read-only binaries compiled by ac-dev-server + - ${DOCKER_VOL_BIN:-ac-bin-dev}:/azerothcore/env/dist/bin:ro + - ${DOCKER_VOL_ETC:-./env/docker/etc}:/azerothcore/env/dist/etc + # [osxfs optimization]: https://stackoverflow.com/a/63437557/1964544 + - ${DOCKER_VOL_LOGS:-./env/docker/logs}:/azerothcore/env/dist/logs:delegated + # client data + - ${DOCKER_VOL_DATA_CAMERAS:-./env/docker/data/Cameras}:/azerothcore/env/dist/data/Cameras + - ${DOCKER_VOL_DATA_DBC:-./env/docker/data/dbc}:/azerothcore/env/dist/data/dbc + - ${DOCKER_VOL_DATA_MAPS:-./env/docker/data/maps}:/azerothcore/env/dist/data/maps + - ${DOCKER_VOL_DATA_VMAPS:-./env/docker/data/vmaps}:/azerothcore/env/dist/data/vmaps + - ${DOCKER_VOL_DATA_MMAPS:-./env/docker/data/mmaps}:/azerothcore/env/dist/data/mmaps profiles: [local, app, worldserver] + depends_on: + ac-database: + condition: service_healthy + ac-db-import: + condition: service_completed_successfully ac-authserver: - <<: *ac-shared-conf - extends: ${DOCKER_EXTENDS_BIND:-abstract-bind} + <<: *ac-service-conf # merge with ac-service-conf tty: true command: ./acore.sh run-authserver image: acore/ac-wotlk-authserver-local:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally restart: unless-stopped env_file: ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} - user: ${DOCKER_USER:-acore} + user: ${DOCKER_USER:-root} build: context: . target: authserver-local @@ -128,89 +238,66 @@ services: GROUP_ID: ${DOCKER_GROUP_ID:-1000} DOCKER_USER: ${DOCKER_USER:-acore} <<: *cache-from + volumes: + # read-only binaries compiled by ac-dev-server + - ${DOCKER_VOL_BIN:-ac-bin-dev}:/azerothcore/env/dist/bin:ro + - ${DOCKER_VOL_ETC:-./env/docker/etc}:/azerothcore/env/dist/etc + # [osxfs optimization]: https://stackoverflow.com/a/63437557/1964544 + - ${DOCKER_VOL_LOGS:-./env/docker/logs}:/azerothcore/env/dist/logs:delegated ports: - ${DOCKER_AUTH_EXTERNAL_PORT:-3724}:3724 profiles: [local, app, authserver] + depends_on: + ac-database: + condition: service_healthy + ac-db-import: + condition: service_completed_successfully #====================== # -# Dev services +# Production services +# +# The following services are used to test the production images +# Do not use them unless you know what you're doing! +# We do not offer support for them +# +# For a production-ready docker-compose, please check the official repo: https://github.com/azerothcore/acore-docker # #====================== - ac-build: - <<: *ac-shared-conf - extends: ${DOCKER_EXTENDS_BIND:-abstract-bind} - image: acore/ac-wotlk-dev-server:${DOCKER_IMAGE_TAG:-master} - build: - context: . - target: ${DOCKER_AC_BUILD_TARGET:-dev} - dockerfile: ./apps/docker/Dockerfile - args: - USER_ID: ${DOCKER_USER_ID:-1000} - GROUP_ID: ${DOCKER_GROUP_ID:-1000} - DOCKER_USER: ${DOCKER_USER:-acore} - <<: *cache-from - env_file: - ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} - working_dir: /azerothcore/ - volumes: - - ${DOCKER_VOL_BUILD:-ac-build}:/azerothcore/var/build - # with this conf you can use an external path for it (useful for CI) - - ${DOCKER_VOL_CCACHE:-ac-ccache}:/azerothcore/var/ccache - # use internal copied files instead of volumes - - /azerothcore/src - - /azerothcore/data - - /azerothcore/modules - profiles: [local, build] - ac-dev-server: - <<: *ac-shared-conf - extends: ${DOCKER_EXTENDS_BIND:-abstract-bind} - tty: true - image: acore/ac-wotlk-dev-server:${DOCKER_IMAGE_TAG:-master} - build: - context: . - target: dev - dockerfile: ./apps/docker/Dockerfile - args: - USER_ID: ${DOCKER_USER_ID:-1000} - GROUP_ID: ${DOCKER_GROUP_ID:-1000} - DOCKER_USER: ${DOCKER_USER:-acore} - <<: *cache-from - security_opt: - - seccomp:unconfined - env_file: - ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} - user: ${DOCKER_USER:-acore} - environment: - DBLIST: AUTH,CHARACTERS,WORLD + ac-database-prod: + <<: *networks + image: mysql:8.0 + restart: unless-stopped + cap_add: + - SYS_NICE # CAP_SYS_NICE ports: - - ${DOCKER_AUTH_EXTERNAL_PORT:-3724}:3724 - - ${DOCKER_WORLD_EXTERNAL_PORT:-8085}:8085 - - ${DOCKER_SOAP_EXTERNAL_PORT:-7878}:7878 + - ${DOCKER_DB_EXTERNAL_PORT:-3306}:3306 + environment: + - MYSQL_ROOT_PASSWORD=${DOCKER_DB_ROOT_PASSWORD:-password} volumes: - - ac-build-dev:/azerothcore/var/build - - ac-ccache-dev:/azerothcore/var/ccache - # this is not the directory of the extracted data! It's the client folder used by the extractors - - ${DOCKER_CLIENT_DATA_FOLDER:-./var/client}:/azerothcore/env/dist/bin/Data - profiles: [dev] - -#====================== -# -# Production services -# -#====================== + - type: volume + source: ac-database-prod + target: /var/lib/mysql + healthcheck: + test: "/usr/bin/mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --execute \"SHOW DATABASES;\"" + interval: 5s + timeout: 10s + retries: 40 + profiles: [prod] ac-worldserver-prod: - <<: *ac-shared-conf + <<: *ac-service-conf # merge with ac-service-conf stdin_open: true tty: true + cap_add: + - SYS_NICE # CAP_SYS_NICE command: ./acore.sh run-worldserver image: acore/ac-wotlk-worldserver:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally restart: unless-stopped env_file: ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} - user: ${DOCKER_USER:-acore} + user: ${DOCKER_USER:-root} privileged: true build: context: . @@ -226,21 +313,25 @@ services: - ${DOCKER_SOAP_EXTERNAL_PORT:-7878}:7878 volumes: - ${DOCKER_VOL_LOGS:-./env/docker/logs}:/azerothcore/env/dist/logs:delegated - volumes_from: - - ac-client-data-server:ro - depends_on: - - ac-client-data-server + - ${DOCKER_VOL_CLIENT_DATA_PROD:-ac-client-data-prod}:/azerothcore/env/dist/data:ro profiles: [prod, prod-app, prod-worldserver] + depends_on: + ac-database-prod: + condition: service_healthy + ac-db-import-prod: + condition: service_completed_successfully + ac-client-data-init: + condition: service_started ac-authserver-prod: - <<: *ac-shared-conf + <<: *ac-service-conf # merge with ac-service-conf tty: true command: ./acore.sh run-authserver image: acore/ac-wotlk-authserver:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally restart: unless-stopped env_file: ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} - user: ${DOCKER_USER:-acore} + user: ${DOCKER_USER:-root} build: context: . target: authserver @@ -255,10 +346,16 @@ services: ports: - ${DOCKER_AUTH_EXTERNAL_PORT:-3724}:3724 profiles: [prod, prod-app, prod-authserver] + depends_on: + ac-database-prod: + condition: service_healthy + ac-db-import-prod: + condition: service_completed_successfully + - ac-client-data-server: + ac-client-data-init: image: acore/ac-wotlk-client-data:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally - user: ${DOCKER_USER:-acore} + user: ${DOCKER_USER:-root} build: context: . target: client-data @@ -269,12 +366,12 @@ services: DOCKER_USER: ${DOCKER_USER:-acore} <<: *cache-from volumes: - - /azerothcore/env/dist/data + - ${DOCKER_VOL_CLIENT_DATA_PROD:-ac-client-data-prod}:/azerothcore/env/dist/data:ro profiles: [prod, prod-app, clientdata] ac-tools: image: acore/ac-wotlk-tools:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally - user: ${DOCKER_USER:-acore} + user: ${DOCKER_USER:-root} build: context: . target: tools @@ -286,34 +383,54 @@ services: <<: *cache-from working_dir: /azerothcore/env/client/ volumes: - - ${DOCKER_CLIENT_DATA_FOLDER:-./var/client}:/azerothcore/env/client/Data - - ${DOCKER_VOL_TOOLS_DBC:-./var/extractors/dbc}:/azerothcore/env/client/dbc - - ${DOCKER_VOL_TOOLS_MAPS:-./var/extractors/maps}:/azerothcore/env/client/maps - - ${DOCKER_VOL_TOOLS_VMAPS:-./var/extractors/vmaps}:/azerothcore/env/client/vmaps - - ${DOCKER_VOL_TOOLS_MMAPS:-./var/extractors/mmaps}:/azerothcore/env/client/mmaps + # this is not the directory of the extracted data! It's the client folder used by the extractors + - ${DOCKER_AC_CLIENT_FOLDER:-./var/client}:/azerothcore/env/dist/bin/Data profiles: [prod, tools] - ac-db-import: + ac-db-import-prod: <<: *ac-shared-conf image: acore/ac-wotlk-worldserver:${DOCKER_IMAGE_TAG:-master} # name of the generated image after built locally command: ./env/dist/bin/dbimport - profiles: [db-import] + profiles: [prod, prod-app, db-import-prod] + + # + # Only for internal tests + # + ac-build-prod: + <<: *ac-shared-conf + build: + context: . + target: build + dockerfile: ./apps/docker/Dockerfile + args: + USER_ID: ${DOCKER_USER_ID:-1000} + GROUP_ID: ${DOCKER_GROUP_ID:-1000} + DOCKER_USER: ${DOCKER_USER:-acore} + <<: *cache-from + env_file: + ${DOCKER_AC_ENV_FILE:-conf/dist/env.ac} + working_dir: /azerothcore/ + profiles: [prod-build] volumes: ac-database: - ac-bin: + ac-database-prod: + ac-bin-dev: ac-build-dev: - ac-build: ac-ccache-dev: - ac-ccache: ac-proj: + ac-client-data-prod: # not used, but you can use them by setting # the DOCKER_VOL_* env variabiles + ac-root: ac-conf: ac-etc: ac-logs: - ac-client-data: - ac-client-data-prod: + ac-client-data-cameras: + ac-client-data-dbc: + ac-client-data-maps: + ac-client-data-vmaps: + ac-client-data-mmaps: networks: ac-network: |