ac8b6a6791
Deliver the full Docker stack for Bloc 5 DevOps (Cr 7.c.3 and 7.c.4):
- docker/apache/ Custom httpd:2.4-alpine with hardened main config,
MPM event tuning and 3 vhosts (healthz, kiosk static,
admin reverse FCGI to wakdo-app:9000). Kiosk vhost
explicitly denies .php to enforce Bloc 1 isolation.
- docker/php-fpm/ Custom php:8.3-fpm-alpine3.20 with pdo_mysql, opcache,
intl, exif, zip and tini for signal handling.
Dynamic pool 3-10 workers listening on TCP 9000.
- docker/cron/ Custom alpine:3.20 with dcron, mariadb-client, gzip.
Nightly mysqldump at 03h00 with 14-day rotation and
512-byte sanity check. Purge and stats jobs templated.
- docker-compose.yml 4 services orchestrated on 2 networks (internal
bridge + external reverse-proxy). 2 named volumes
for DB and uploads, bind-mount for backups.
Traefik labels for 2 routers with HTTPS redirect.
Makefile adds `make backup` (manual dump) and `make backup-ls`.
.gitignore adds /var/ for backup bind-mount path.
docs/journal/2026-04-24--infra-docker.md documents 5 decisions with
alternatives, maps 16 RNCP criteria to artefacts and prepares 6 jury Q&A.
Validated: `docker compose config --quiet` passes. Smoke test deferred
to next session (requires server .env).
52 lines
2 KiB
Docker
52 lines
2 KiB
Docker
# Wakdo - image cron
|
|
#
|
|
# Base : alpine:3.20 (image minimale ~7 Mo, suffisante pour crond + mariadb-client).
|
|
# Role : planifier les taches recurrentes du projet (backup BDD, purge sessions,
|
|
# agregations statistiques) pendant la fenetre de maintenance 01h30-09h30.
|
|
# Critere RNCP : Cr 7.b.3 (planificateur de tache, cron tab).
|
|
|
|
FROM alpine:3.20
|
|
|
|
# Installation du minimum :
|
|
# - dcron : implementation cron simple et standard en Alpine
|
|
# - mariadb-client : binaire mariadb + mysqldump pour backups et requetes
|
|
# - gzip : compression des dumps SQL
|
|
# - tzdata : support des timezones (necessaire pour CRON_TIMEZONE)
|
|
# - bash : les scripts backup utilisent des features bash (pipefail)
|
|
# - coreutils : date, du, find avec options GNU (plus lisible que busybox)
|
|
RUN set -eux; \
|
|
apk add --no-cache \
|
|
dcron \
|
|
mariadb-client \
|
|
gzip \
|
|
tzdata \
|
|
bash \
|
|
coreutils; \
|
|
rm -rf /var/cache/apk/* /tmp/*
|
|
|
|
# Dossiers projet :
|
|
# /scripts : scripts metier (backup, purge, agregations) montes en COPY
|
|
# /backups : destination des dumps, bind-mount vers ./var/backups sur l'hote
|
|
RUN mkdir -p /scripts /backups
|
|
|
|
# Scripts executables
|
|
COPY scripts/ /scripts/
|
|
RUN chmod +x /scripts/*.sh
|
|
|
|
# Crontab du projet : defini dans le fichier crontab, copie dans le repertoire
|
|
# standard Alpine pour crond.
|
|
COPY crontab /etc/crontabs/root
|
|
|
|
# Pas de USER non-root ici : crond exige UID 0 pour lancer les jobs en tant
|
|
# qu'utilisateurs different. Les scripts s'executent donc en root dans le
|
|
# conteneur, mais le conteneur lui-meme est isole reseau (wakdo_internal only),
|
|
# et aucun port hote n'est expose.
|
|
|
|
# Healthcheck : verifier que crond est en vie et que son pidfile existe.
|
|
HEALTHCHECK --interval=60s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD pgrep crond >/dev/null || exit 1
|
|
|
|
# Entrypoint : lance crond en foreground, logs vers stderr du conteneur.
|
|
# -f : foreground
|
|
# -d 8 : debug level 8 -> logs vers stderr (sinon syslog, qui n'existe pas ici)
|
|
CMD ["crond", "-f", "-d", "8"]
|