Allow running the build with docker #564
Conversation
| @@ -0,0 +1,35 @@ | |||
| # Debian builds the docs about 20% faster than alpine. The image is larger | |||
| # and takes longer to build but that is worth it. | |||
| FROM bitnami/minideb:stretch | |||
There was a problem hiding this comment.
Alpine is much nicer to work with but 20% slower is a big deal given how often we run this locally.
| @@ -17,23 +17,7 @@ on any other website without explicit permission. | |||
| [float] | |||
| == Requirements | |||
|
|
|||
| First, you need to make sure that you have the following installed: | |||
There was a problem hiding this comment.
I'm just pointing folks right at docker by default because it ought to be simpler to set up.
| @@ -1027,13 +1005,13 @@ footnote to a particular line of code: | |||
| ================================== | |||
|
|
|||
| [[sense-snippets]] | |||
| === View in Sense | |||
| === View in Console | |||
There was a problem hiding this comment.
These aren't related but they jumped out at me while I was here. I can break this out if folks are more comfortable with that.
There was a problem hiding this comment.
Grep tells me there are two more SENSEs lurking in here if you wanna smack 'em.
$ grep -iFn sense README.asciidoc
1066: // SENSE: path/to/snippet.json
1082:// SENSE:one/two/three/example_1.json <1>
| if ( $running_in_docker ) { | ||
| # We use nginx to serve files instead of the python built in web server | ||
| # when we're running inside docker because the python web server performs | ||
| # badly there. nginx is fine. |
There was a problem hiding this comment.
The python web server is fine some of the time but hangs for many seconds at a time. I suspect it'll do that on some Linux systems as well, but nginx runs just fine here.
| listen 8000; | ||
| location / { | ||
| root $dir; | ||
| add_header 'Access-Control-Allow-Origin' '*'; |
There was a problem hiding this comment.
These are copied from the python runner.
build_docs.sh
Outdated
| # Build the docker image from stdin so we don't try to pack up everything in | ||
| # this directory. It is huge and we don't need any of it in the image because | ||
| # we'll mount it into the image on startup. | ||
| docker image build -t elastic/docs_build - < "$DIR/Dockerfile" |
There was a problem hiding this comment.
Building the docker image right here feels good to me from a development background. It feels "like gradle but for native dependencies". I know the analogy isn't quite right, but it is pretty close in this case.
There was a problem hiding this comment.
I like that we could do things like git bisect and get the docker image specified by the Dockerfile in the repo right now. I'd be quite happy with a caching strategy that makes it so we don't have to build the image locally all the time, but this feels like a simple solution for now.
build_docs.sh
Outdated
|
|
||
| # Seccomp adds a *devestating* performance overhead if you happen | ||
| # to have it installed. | ||
| DOCKER_RUN_ARGS+=('--security-opt' 'seccomp=unconfined') |
There was a problem hiding this comment.
See the commit message for this one. I don't like it, but without it my laptop hates this change. I've spent a few days looking into it and I'm cutting my losses for now.
build_docs.sh
Outdated
| # Running read-only with a proper tmp directory gives us a little | ||
| # performance boost and it is simple enough to do. | ||
| DOCKER_RUN_ARGS+=('--read-only') | ||
| DOCKER_RUN_ARGS+=('--tmpfs' '/tmp') |
There was a problem hiding this comment.
It turns out it isn't that simple to do for nginx, but it isn't too bad and it feels good to know all the places where we write.
build_docs.sh
Outdated
| @@ -0,0 +1,173 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Any advice for writing a bash script that isn't terrible. I'm quite attached to the "iterate all the args and rewrite" method, but beyond that I have no opinions.
There was a problem hiding this comment.
Um... write a Python script instead? Where does the imperative to use Bash come from? If it's deps, then Mac and Linux users have Bash and Python already. Windows users don't have either, so they are going to have to install something either way. Or, you could embrace the chaos and run the script in a container.
build_docs.sh
Outdated
| DOCKER_RUN_ARGS+=('-e' "SSH_AUTH_SOCK=$SSH_AUTH_SOCK") | ||
| fi | ||
| # Mount our known_hosts file into the VM so it won't ask about github | ||
| DOCKER_RUN_ARGS+=('-v' "$(to_absolute_path ~/.ssh/known_hosts):/tmp/.ssh/known_hosts:ro,cached") |
There was a problem hiding this comment.
I know we could use something like ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts to add github's key but this feels, like, slightly better. I feel like this trusts that the user cloned from github and accepted the host. I could copy it in I suppose rather than mount. I've kind of gone mount crazy here but lots of mounts is kind of required for a project like this.
|
One thing I didn't do in this PR is switch to using the asciidoctor gem in the docker image. We're just using |
| @@ -1080,7 +1058,7 @@ The local web browser can be stopped with `Ctrl-C`. | |||
| ==== Custom Sense snippets | |||
|
|
|||
| return 0 unless ( -e $root_cgroup ); | ||
| open(my $root_cgroup_file, $root_cgroup); | ||
| return grep {/docker/} <$root_cgroup_file>; | ||
| } |
There was a problem hiding this comment.
Yeah. I consider myself a "linguist programmer", as opposed to a "mathematical programmer" (yay, false dichotomies!), so postfix conditionals make me so happy. Ruby has them, but it's passing into the mists of time, too. 👋
build_docs.sh
Outdated
| @@ -0,0 +1,173 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Um... write a Python script instead? Where does the imperative to use Bash come from? If it's deps, then Mac and Linux users have Bash and Python already. Windows users don't have either, so they are going to have to install something either way. Or, you could embrace the chaos and run the script in a container.
Now if they python process we clean up!
I say, and then 10 hours later I push 3 more patches. |
README.asciidoc
Outdated
| @@ -54,7 +38,7 @@ this README as follows: | |||
| [source,bash] | |||
| ---------------------------- | |||
| cd docs/ | |||
| ./build_docs.pl --doc README.asciidoc --open | |||
| ./build_docs.sh --doc README.asciidoc --open | |||
|
The other two senses I'm not sure what they are! I'm worried that if I zap
them it'll be a lie! I have to investigate them further.
…On Mon, Feb 4, 2019, 18:18 Toby McLaughlin ***@***.*** wrote:
***@***.**** commented on this pull request.
------------------------------
In README.asciidoc
<#564 (comment)>:
> @@ -1027,13 +1005,13 @@ footnote to a particular line of code:
==================================
[[sense-snippets]]
-=== View in Sense
+=== View in Console
Grep tells me there are two more SENSEs lurking in here if you wanna smack
'em.
$ grep -iFn sense README.asciidoc
1066: // SENSE: path/to/snippet.json
1082:// SENSE:one/two/three/example_1.json <1>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#564 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AANLookOjqx0SfcXUX3wVElwA_m0JskDks5vKL_NgaJpZM4aY4ov>
.
|
|
Good call!
…On Mon, Feb 4, 2019, 18:12 Toby McLaughlin ***@***.*** wrote:
***@***.**** commented on this pull request.
------------------------------
In README.asciidoc
<#564 (comment)>:
> @@ -54,7 +38,7 @@ this README as follows:
[source,bash]
----------------------------
cd docs/
-./build_docs.pl --doc README.asciidoc --open
+./build_docs.sh --doc README.asciidoc --open
----------------------------
There's no .sh any more, right?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#564 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AANLouv1dazdshBwoVw8e10WynSlZXaIks5vKL4_gaJpZM4aY4ov>
.
|
|
@Jarpy could you have another look when you get a chance? |
build_docs
Outdated
| @@ -0,0 +1,258 @@ | |||
| #!/usr/bin/env python2 | |||
There was a problem hiding this comment.
oh no! mac doesn't like this shebang!
|
I talked to @Jarpy last night. The shebang issue is that last one that we could find. Sadly, it looks like the best way to solve this is to make the script compatible with any version of python which is a little funky, but I'll work on it today. It is the one thing in this repo that'll have to deal with "funny" versions. Everything else had docker to control it. |
build_docs
Outdated
| # it needs to die. | ||
| docker_args.append('-i') | ||
|
|
||
| # NOCOMMIT handle "tell me who you are"! |
There was a problem hiding this comment.
Hmmm - this is a blocker! I didn't realize I hadn't got to it yet.
It is already fixed
|
I just tested the |
|
@Jarpy, could you give this another round today? |
|
|
||
|
|
||
| def decode(bytes_or_str): | ||
| """Decode the result of reading from popen's stdout. In python 2 the |
❤️! Thanks for all of your reviewing! It was a long road, but we're getting there! |
|
Things are pretty busy in this repo right now so I'll hold on to the PR until things calm down. |
|
OK! Things are looking calmer so I've merged this. Now you can use docker! I'll see about fixing ssh auth on mac now. |
This adds support for building the docs using docker with the expectation without breaking support for building the docs *without* docker. My goal is to make it simpler for to add dependencies. In the long term this'll allow us to add support for automatically building diagrams and fancy mathematical notation. In the short term this'll make it simpler to run asciidoctor in CI. On macOS docker is a little slower than running outside of docker. At this point the overhead is about 20%. This isn't great, but Asciidoctor will more than make up the difference in the long run. And, in the short run at least, docker isn't reaquired. I'll make sure it is *never* required to build Asciidoc. One fairly questionable choice that this makes is to diable seccomp by default. The story goes like this: on linux, building the docs in docker is somewhere between *faster* than building them outside of docker and macOS's overhead. Unless you turn on seccomp. With seccomp enabled the docs take about twice as long to build in docker. Which is terrible! As much as I want security, this is terrible! I'd really love to turn it on but I can't defend that kind of hit.
This adds support for building the docs using docker with the expectation
without breaking support for building the docs without docker. My goal
is to make it simpler for to add dependencies. In the long term this'll
allow us to add support for automatically building diagrams and fancy
mathematical notation. In the short term this'll make it simpler to run
asciidoctor in CI.
On macOS docker is a little slower than running outside of docker. At
this point the overhead is about 20%. This isn't great, but Asciidoctor
will more than make up the difference in the long run. And, in the short
run at least, docker isn't reaquired. I'll make sure it is never
required to build Asciidoc.
One fairly questionable choice that this makes is to diable seccomp by
default. The story goes like this: on linux, building the docs in docker
is somewhere between faster than building them outside of docker and
macOS's overhead. Unless you turn on seccomp. With seccomp enabled the
docs take about twice as long to build in docker. Which is terrible! As
much as I want security, this is terrible! I'd really love to turn it on
but I can't defend that kind of hit.