V4.x Docker Refactoring and Docs

docker/Dockerfile

@@ -1,7 +1,6 @@
 FROM python:3.11-slim
 ARG AUTH_VERSION=v4.0.0a1
 ARG AUTH_PACKAGE=allianceauth==${AUTH_VERSION}
-ENV VIRTUAL_ENV=/opt/venv
 ENV AUTH_USER=allianceauth
 ENV AUTH_GROUP=allianceauth
 ENV AUTH_USERGROUP=${AUTH_USER}:${AUTH_GROUP}
@@ -12,37 +11,31 @@ ENV AUTH_HOME=/home/allianceauth
 SHELL ["/bin/bash", "-c"]
 RUN groupadd -g 61000 ${AUTH_GROUP}
 RUN useradd -g 61000 -l -M -s /bin/false -u 61000 ${AUTH_USER}
-RUN mkdir -p ${VIRTUAL_ENV} \
-    && chown ${AUTH_USERGROUP} ${VIRTUAL_ENV} \
-    && mkdir -p ${STATIC_BASE} \
+RUN mkdir -p ${STATIC_BASE} \
     && chown ${AUTH_USERGROUP} ${STATIC_BASE} \
     && mkdir -p ${AUTH_HOME} \
     && chown ${AUTH_USERGROUP} ${AUTH_HOME}
 
 # Install build dependencies
 RUN apt-get update && apt-get upgrade -y && apt-get install -y \
-    libmariadb-dev gcc supervisor git htop
-
-# Switch to non-root user
-USER ${AUTH_USER}
-RUN python3 -m venv $VIRTUAL_ENV
-ENV PATH="$VIRTUAL_ENV/bin:$PATH"
-WORKDIR ${AUTH_HOME}
+    libmariadb-dev gcc git
 
 # Install python dependencies
 RUN pip install --upgrade pip
 RUN pip install wheel gunicorn
 RUN pip install ${AUTH_PACKAGE}
 
+# Switch to non-root user
+USER ${AUTH_USER}
+WORKDIR ${AUTH_HOME}
+
 # Initialize auth
 RUN allianceauth start myauth
 COPY /allianceauth/project_template/project_name/settings/local.py ${AUTH_HOME}/myauth/myauth/settings/local.py
 RUN allianceauth update myauth
 RUN mkdir -p ${STATIC_BASE}/myauth/static
-COPY /docker/conf/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
 RUN echo 'alias auth="python $AUTH_HOME/myauth/manage.py"' >> ~/.bashrc && \
-    echo 'alias supervisord="supervisord -c /etc/supervisor/conf.d/supervisord.conf"' >> ~/.bashrc && \
     source ~/.bashrc
 
-EXPOSE 8000
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+ENTRYPOINT ["sh", "-c"]

docker/conf/celery.py

@@ -0,0 +1,33 @@
+import os
+from celery import Celery
+from celery.app import trace
+
+# set the default Django settings module for the 'celery' program.
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'myauth.settings.local')
+
+from django.conf import settings  # noqa
+
+app = Celery('myauth')
+
+# Using a string here means the worker don't have to serialize
+# the configuration object to child processes.
+app.config_from_object('django.conf:settings')
+
+# setup priorities ( 0 Highest, 9 Lowest )
+app.conf.broker_transport_options = {
+    'priority_steps': list(range(10)),  # setup que to have 10 steps
+    'queue_order_strategy': 'priority',  # setup que to use prio sorting
+}
+app.conf.task_default_priority = 5  # anything called with the task.delay() will be given normal priority (5)
+app.conf.worker_prefetch_multiplier = 1  # only prefetch single tasks at a time on the workers so that prio tasks happen
+
+app.conf.ONCE = {
+    'backend': 'allianceauth.services.tasks.DjangoBackend',
+    'settings': {}
+}
+
+# Load task modules from all registered Django app configs.
+app.autodiscover_tasks(lambda: settings.INSTALLED_APPS)
+
+# Remove result from default log message on task success
+trace.LOG_SUCCESS = "Task %(name)s[%(id)s] succeeded in %(runtime)ss"

docker/conf/memory_check.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+max_mem=$1
+cur_mem=$(</sys/fs/cgroup/memory.current)
+health_file="/tmp/health.stat"
+if [ -f "$health_file" ]; then
+    echo "$health_file exists."
+else
+    echo "$health_file does not exist. Creating"
+    echo 0 > "$health_file"
+fi
+health=$(<$health_file)
+echo "Testing Mem: $cur_mem / $max_mem"
+if [[ max_mem -gt cur_mem ]]
+then
+    echo 0 > "$health_file"
+    echo "All Ok"
+    exit 0
+else
+    new_val=$((1+$health))
+    echo "Un-healthy! Check #$new_val"
+    echo $new_val > "$health_file"
+    if (($new_val > 3)); then
+        echo "Starting a restart of this the container..."
+        kill -SIGTERM 1
+    fi
+    exit 1
+fi

docker/conf/nginx.conf

@@ -11,7 +11,7 @@ server {
     }
 
     location / {
-        proxy_pass http://allianceauth:8000;
+        proxy_pass http://allianceauth_gunicorn:8000;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $host;
         proxy_set_header  X-Real-IP   $remote_addr;

docker/conf/supervisord.conf

@@ -1,56 +0,0 @@
-[supervisord]
-nodaemon=true
-user=allianceauth
-
-[program:beat]
-command=/opt/venv/bin/celery -A myauth beat
-directory=/home/allianceauth/myauth
-user=allianceauth
-stdout_logfile=/dev/stdout
-stderr_logfile=/dev/stderr
-stdout_logfile_maxbytes=0
-stderr_logfile_maxbytes=0
-autostart=true
-autorestart=true
-startsecs=10
-priority=998
-stdout_events_enabled=true
-stderr_events_enabled=true
-
-[program:worker]
-command=/opt/venv/bin/celery -A myauth worker -l INFO --max-tasks-per-child=250
-directory=/home/allianceauth/myauth
-user=allianceauth
-stdout_logfile=/dev/stdout
-stderr_logfile=/dev/stderr
-stdout_logfile_maxbytes=0
-stderr_logfile_maxbytes=0
-numprocs=1
-autostart=true
-autorestart=true
-startsecs=10
-stopwaitsecs = 600
-killasgroup=true
-priority=998
-stdout_events_enabled=true
-stderr_events_enabled=true
-
-[program:gunicorn]
-user=allianceauth
-directory=/home/allianceauth/myauth
-command=/opt/venv/bin/gunicorn myauth.wsgi --bind :8000 --workers=3 --timeout 120
-stdout_logfile=/dev/stdout
-stderr_logfile=/dev/stderr
-stdout_logfile_maxbytes=0
-stderr_logfile_maxbytes=0
-stdout_events_enabled=true
-stderr_events_enabled=true
-autostart=true
-autorestart=true
-stopsignal=INT
-
-[group:myauth]
-programs=beat,worker,gunicorn
-priority=999
-
-[supervisorctl]

docker/conf/urls.py

@@ -0,0 +1,11 @@
+from allianceauth import urls
+from django.urls import include, path
+
+urlpatterns = [
+    path('', include(urls)),
+]
+
+handler500 = 'allianceauth.views.Generic500Redirect'
+handler404 = 'allianceauth.views.Generic404Redirect'
+handler403 = 'allianceauth.views.Generic403Redirect'
+handler400 = 'allianceauth.views.Generic400Redirect'

docker/docker-compose.yml

@@ -1,8 +1,45 @@
 version: '3.8'
 
+x-allianceauth-base: &allianceauth-base
+  image: ${AA_DOCKER_TAG?err}
+  # build:
+  #   context: .
+  #   dockerfile: custom.dockerfile
+  #   args:
+  #     AA_DOCKER_TAG: ${AA_DOCKER_TAG?err}
+  restart: always
+  env_file:
+    - ./.env
+  volumes:
+    - ./conf/local.py:/home/allianceauth/myauth/myauth/settings/local.py
+    - ./conf/celery.py:/home/allianceauth/myauth/myauth/celery.py
+    - ./conf/urls.py:/home/allianceauth/myauth/myauth/urls.py
+    - ./conf/memory_check.sh:/memory_check.sh
+    - ./templates:/home/allianceauth/myauth/myauth/templates/
+    - static-volume:/var/www/myauth/static
+  depends_on:
+    - redis
+    - auth_mysql
+  working_dir: /home/allianceauth/myauth/
+  stop_grace_period: 10m
+
+x-allianceauth-health-check: &allianceauth-health-checks
+  healthcheck:
+    test: [
+      "CMD",
+      "/memory_check.sh",
+      "500000000"
+    ]
+    interval: 60s
+    timeout: 10s
+    retries: 3
+    start_period: 5m
+  labels:
+    - "autoheal=true"
+
 services:
   auth_mysql:
-    image: mysql:8.0
+    image: mariadb:10.11
     command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --default-authentication-plugin=mysql_native_password]
     volumes:
       - ./mysql-data:/var/lib/mysql
@@ -23,7 +60,7 @@ services:
       - ./conf/nginx.conf:/etc/nginx/conf.d/default.conf
       - static-volume:/var/www/myauth/static
     depends_on:
-      - allianceauth
+      - allianceauth_gunicorn
 
   redis:
     image: redis:7.0
@@ -32,24 +69,45 @@ services:
     volumes:
       - "redis-data:/data"
 
-  allianceauth:
-    image: ${AA_DOCKER_TAG?err}
-    # build:
-    #   context: .
-    #   dockerfile: custom.dockerfile
-    #   args:
-    #     AA_DOCKER_TAG: ${AA_DOCKER_TAG?err}
-    restart: always
-    env_file:
-      - ./.env
-    volumes:
-      - ./conf/local.py:/home/allianceauth/myauth/myauth/settings/local.py
-      - ./templates:/home/allianceauth/myauth/myauth/templates/
-      - ./conf/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf
-      - static-volume:/var/www/myauth/static
-    depends_on:
-      - redis
-      - auth_mysql
+  allianceauth_gunicorn:
+    ports:
+      - 8000:8000
+    container_name: allianceauth_gunicorn
+    <<: [*allianceauth-base]
+    entrypoint: [
+      "/opt/venv/bin/gunicorn",
+      "myauth.wsgi",
+      "--bind=0.0.0.0:8000",
+      "--workers=3",
+      "--timeout=120",
+      "--max-requests=500",
+      "--max-requests-jitter=50"
+    ]
+
+  allianceauth_beat:
+    container_name: auth_worker_beat
+    <<: [*allianceauth-base]
+    entrypoint: [
+      "/opt/venv/bin/celery",
+      "-A",
+      "myauth",
+      "beat"
+    ]
+
+  allianceauth_worker:
+    <<: [*allianceauth-base, *allianceauth-health-checks]
+    entrypoint: [
+      "/opt/venv/bin/celery",
+      "-A",
+      "myauth",
+      "worker",
+      "--pool=threads",
+      "--concurrency=5",
+      "-n",
+      "worker_%n"
+    ]
+    deploy:
+      replicas: 2
 
   grafana:
     image: grafana/grafana-oss:9.5.2
@@ -58,6 +116,7 @@ services:
       - auth_mysql
     volumes:
       - grafana-data:/var/lib/grafana
+
   proxy:
     image: 'jc21/nginx-proxy-manager:latest'
     restart: always
@@ -74,6 +133,7 @@ services:
     volumes:
       - proxy-data:/data
       - proxy-le:/etc/letsencrypt
+
   proxy-db:
     image: 'jc21/mariadb-aria:latest'
     restart: always