[Koha-devel] Minimal docker images for Koha
Kyle Hall
kyle.m.hall at gmail.com
Tue Feb 18 12:43:04 CET 2020
This is fantastic Julian! The only thing I can contribute that hasn't
already been said by you or David is to suggest taking a look at MiniDeb as
a base image ( https://github.com/bitnami/minideb ). I would also suggest
using quay.io to build and host your Docker images, as it has built in
security scanning. I prefer minimal install images not for size reduction (
though it is nice ), but for the smaller attack surface they provide. Fewer
things installed means fewer exploits available!
Kyle
---
http://www.kylehall.info
ByWater Solutions ( http://bywatersolutions.com )
Meadville Public Library ( http://www.meadvillelibrary.org )
Crawford County Federated Library System ( http://www.ccfls.org )
On Mon, Feb 17, 2020 at 12:59 PM Julian Maurice <julian.maurice at biblibre.com>
wrote:
> Hi all,
>
> I've been playing with docker lately, and I tried to build a minimal
> docker image for Koha. Here are the results.
>
> My goals were:
> * Install only required "things" to get Koha up and running, and nothing
> else (no testing or dev tools),
> * No external dependencies except CPAN
> * Follow Docker best practices as much as possible
>
> The resulting images are here:
> https://hub.docker.com/repository/docker/julianmaurice/koha
>
> and the Dockerfiles are here:
> https://github.com/jajm/koha-docker
>
> A few things worth mentioning:
>
> * I tried to build the smallest image possible by using alpine or perl
> slim images at first but it was not that great, because the perl version
> shipped with those images is missing some libs, which cause
> MARC::Charset to build a database of several hundreds MBs (which is only
> 5MBs with a standard perl version). So I chose a more standard image
> (debian:buster) as base.
>
> * Koha doesn't work well when running with a perl version different than
> the system perl installed in /usr/bin/perl. For example, the
> updatedatabase doesn't work when called from the web installer. This is
> because Perl scripts are called directly as executable files, and
> shebangs contain '/usr/bin/perl'. Same problem from
> misc/translator/translate which calls tmpl_process3.pl.
>
> * I tried to make the Koha installation as self-contained as possible.
> Almost everything is installed as a non-root user in /home/koha,
> including Perl dependencies.
>
> * It doesn't need a reverse proxy such as apache or nginx. The necessary
> URL rewriting is handled in PSGI file. The container expose two ports,
> one for intranet, the other one for OPAC.
>
> * Each Perl dependency is installed in its latest version, so expect
> things to break. I can only confirm that the webinstaller, basic
> cataloguing and search/indexation work. I did not test anything else.
>
> * There are docker-compose.yml files in the github repository to get
> Koha running quickly with mariadb, memcached and elasticsearch.
>
> * Zebra is not installed
>
> * Images weigh ~1.15GB uncompressed (koha sources included)
>
> If you made it this far, thanks for reading :)
> And if you want to use these docker images, you should start by reading
> https://github.com/jajm/koha-docker/blob/master/README.md
>
> --
> Julian Maurice
> BibLibre
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20200218/ca5aa83e/attachment.html>
More information about the Koha-devel
mailing list