[Elao - App - Docker] Switch to systemd

elao.app.docker/.manala.yaml

@@ -60,7 +60,7 @@ system:
     network:
         hosts: {}
     goss:
-        # @schema {"enum": [null, "0.3.21"]}
+        # @schema {"enum": [null, "0.4.4"]}
         version: ~
     nginx:
         # @schema {

elao.app.docker/.manala/Makefile.tmpl

@@ -31,7 +31,7 @@ MANALA_DOCKER_COMPOSE_ENV += \
 	MANALA_HOST_OS=$(MANALA_OS) \
 	MANALA_HOST_DIR=$(abspath $(MANALA_DIR))
 MANALA_DOCKER_COMPOSE_FILE += \
-	$(MANALA_DIR)/.manala/docker/compose/init.sysv.yaml \
+	$(MANALA_DIR)/.manala/docker/compose/init.systemd.yaml \
 	$(if $(SYMFONY_IDE), $(MANALA_DIR)/.manala/docker/compose/symfony.yaml)
 MANALA_DOCKER_COMPOSE_PROFILE ?= development
 

elao.app.docker/.manala/ansible/collections/requirements.yaml

@@ -2,10 +2,10 @@
 
 collections:
   - ansible.posix
+  - community.crypto
   - community.docker
   - community.general
   - community.mongodb
   - community.mysql
   - gluster.gluster
   - manala.roles
-  - community.crypto

elao.app.docker/.manala/ansible/roles/certificates/tasks/main.yaml

@@ -74,7 +74,7 @@
         - ["{{ certificates_ssl_pem }}", certs]
         - ["{{ certificates_ssl_key }}", private]
       notify:
-        - nginx restart
+        - Restart nginx
   when: (certificates_ssl_key is file)
     and (certificates_ssl_pem is file)
 
@@ -86,7 +86,7 @@
         type: RSA
         size: 4096
       notify:
-        - nginx restart
+        - Restart nginx
     - name: certificates > Generate self signed ssl certificate signing request
       community.crypto.openssl_csr:
         path: /etc/ssl/certs/ssl.csr
@@ -102,6 +102,6 @@
         privatekey_path: /etc/ssl/private/ssl.key
         provider: selfsigned
       notify:
-        - nginx restart
+        - Restart nginx
   when: (certificates_ssl_key is not file)
      or (certificates_ssl_pem is not file)

elao.app.docker/.manala/docker/Dockerfile.tmpl

@@ -52,7 +52,7 @@ RUN \
     fi \
     {{- end }}
     # Apt keyrings (debian < bookworm)
-    && mkdir --verbose --parents /etc/apt/keyrings \
+    && install --verbose --mode 0755 --directory /etc/apt/keyrings \
     # User
     && addgroup --gid ${MANALA_GROUP_ID} app \
     && adduser --home /home/app --shell /bin/bash --uid ${MANALA_USER_ID} --gecos app --ingroup app --disabled-password app \
@@ -130,7 +130,8 @@ RUN \
         umountfs \
         umountroot \
     # Block systemd replacement
-    && printf "Package: systemd-sysv\n\
+    && printf "\
+Package: systemd-sysv\n\
 Pin: release *\n\
 Pin-Priority: -1\n\
 " > /etc/apt/preferences \
@@ -170,21 +171,22 @@ RUN \
     && systemctl set-default multi-user.target \
     && sed -i 's/#\(ForwardToConsole=\).*$/\1yes/' \
         /etc/systemd/journald.conf \
-    && printf "Defaults env_keep += \"container\"\n" \
+    && echo "Defaults env_keep += \"container\"" \
         > /etc/sudoers.d/systemd \
     && rm -rf \
         /etc/systemd/system/*.wants/* \
+        /lib/systemd/system/basic.target.wants/* \
         /lib/systemd/system/multi-user.target.wants/* \
         /lib/systemd/system/local-fs.target.wants/* \
         /lib/systemd/system/sockets.target.wants/*udev* \
         /lib/systemd/system/sockets.target.wants/*initctl* \
         /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev* \
+        /lib/systemd/system/systemd-ask-password-console.* \
+        /lib/systemd/system/systemd-tmpfiles-clean.* \
         /lib/systemd/system/systemd-update-utmp* \
     # Clean
     && rm -rf /var/lib/apt/lists/*
 
-VOLUME /sys/fs/cgroup
-
 STOPSIGNAL SIGRTMIN+3
 
 CMD ["/lib/systemd/systemd"]
@@ -201,7 +203,7 @@ FROM init-${MANALA_INIT} AS provision-none
 # Ansible
 FROM init-${MANALA_INIT} AS provision-ansible
 
-ARG ANSIBLE_VERSION="8.5.0"
+ARG ANSIBLE_VERSION="8.7.0"
 ARG MANALA_PROVISION_LIMIT
 ARG SYMFONY_IDE
 
@@ -229,8 +231,9 @@ RUN \
     && pip3 --no-cache-dir --disable-pip-version-check install \
         ansible==${ANSIBLE_VERSION} \
 {{- end }}
-    && mkdir --verbose --parents /etc/ansible \
-    && printf "[defaults]\n\
+    && install --verbose --mode 0755 --directory /etc/ansible \
+    && printf "\
+[defaults]\n\
 force_color = True\n\
 display_skipped_hosts = False\n\
 retry_files_enabled = False\n\

elao.app.docker/.manala/docker/compose/init.systemd.yaml

@@ -8,7 +8,10 @@ services:
         build:
             args:
                 MANALA_INIT: systemd
+        cgroup: host
         tty: true
-        privileged: true
+        tmpfs:
+            - /run
+            - /run/lock
         volumes:
             - /sys/fs/cgroup:/sys/fs/cgroup:rw

elao.app.docker/README.md

@@ -10,15 +10,17 @@ tableOfContent: 3
 
 MacOS
 
-* Docker Desktop 4.3.2+
+* Docker Desktop 4.25.2+
 (`brew install docker`)
-* Mutagen Compose 0.13.0+
+* Mutagen Compose 0.18.0+
 (`brew install mutagen-io/mutagen/mutagen-compose`)
 
 Linux
 
-* Docker 20.10.14+
+* Docker Engine 24.0.6+
 (see [documentation](https://docs.docker.com/engine/install/))
+* Compose 2.23.0+
+(see [documentation](https://docs.docker.com/compose/install/))
 
 ## Overview
 

elao.app.docker/test/.manala.yaml

@@ -26,7 +26,7 @@ system:
       hosts:
           1.2.3.4: foo.bar
     goss:
-        version: 0.3.21
+        version: 0.4.4
     nginx:
         configs:
             - template: nginx/gzip.j2

elao.app.docker/test/goss.yaml

@@ -41,7 +41,7 @@ command:
   ansible --version:
     exit-status: 0
     stdout:
-      - ansible [core 2.15.5]
+      - ansible [core 2.15.8]
   # Locales
   locale:
     exit-status: 0
@@ -110,35 +110,35 @@ file:
   # System
   /etc/os-release:
     exists: true
-    contains:
+    contents:
       - VERSION_ID="{{ .Vars.system.version }}"
   # Timezone
   /etc/timezone:
     exists: true
-    contains:
+    contents:
       - {{ .Vars.system.timezone }}
   # Files
   /srv/foo:
     exists: true
-    contains:
+    contents:
       - bar
   # Php
   /etc/php/{{ .Vars.system.php.version }}/fpm/pool.d/app.conf:
     exists: true
-    contains:
+    contents:
       {{- range $key, $value := .Vars.system.php.env }}
       - env[{{ $key }}] = "{{ $value }}"
       {{- end }}
   # Cron
   /etc/cron.d/app:
     exists: true
-    contains:
+    contents:
       - HOME="/srv/app"
       - "* * * * * app php bin/console app:foo:bar --no-interaction -vv >> /srv/"
   # Supervisor
   /etc/supervisor/conf.d/app.conf:
     exists: true
-    contains:
+    contents:
       - "[program:foo]"
       - autorestart=true
       - autostart=false
@@ -153,8 +153,8 @@ file:
   # Ssh
   /etc/ssh/ssh_config:
     exists: true
-    contains:
-      - # Ssh config
+    contents:
+      - "# Ssh config"
 
 http:
   # MailHog