docker: use nonroot image provided by OpenKM

jakubgs · jakubgs · commit 704162ebbcec · 2023-12-04T19:09:56.000+01:00
Since the original image misuses `VOLUME` directive and makes it impossible t actually change permissions for `/opt/tomcat`: openkm/document-management-system#364 https://support.openkm.com/tickets.php?id=13006 Signed-off-by: Jakub Sokołowski <jakub@status.im>
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -17,10 +17,10 @@ openkm_docker_registry_url: 'https://docker.openkm.com/'
 # App
 openkm_app_cont_name: '{{ openkm_service_name }}-app'
 openkm_app_cont_vol: '{{ openkm_service_path }}/app'
-openkm_app_cont_tag: '8.1.5'
+openkm_app_cont_tag: '8.1.5-nonroot'
 openkm_app_cont_image: 'docker.openkm.com/private/professional:{{ openkm_app_cont_tag }}'
 openkm_app_cont_port: 8080
-openkm_app_cont_uid: 33
+openkm_app_cont_uid: 1000
 # Xvfb
 openkm_xvfb_cont_name: '{{ openkm_service_name }}-xvfb'
 openkm_xvfb_cont_vol: '{{ openkm_service_path }}/xvfb'
diff --git a/tasks/docker.yml b/tasks/docker.yml
@@ -1,12 +1,4 @@
 ---
-- name: Create app Dockerfile
-  template:
-    src:   'Dockerfile.j2'
-    dest:  '{{ openkm_app_cont_vol }}/docker/Dockerfile'
-    owner: 'dockremap'
-    group: 'docker'
-    mode:   0640
-
 - name: Create compose file
   template:
     src: 'docker-compose.yml.j2'
diff --git a/templates/Dockerfile.j2 b/templates/Dockerfile.j2
diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2
@@ -3,8 +3,8 @@ version: '3.7'
 services:
   app:
     container_name: '{{ openkm_app_cont_name }}'
-    build: '{{ openkm_app_cont_vol }}/docker'
-    user: 'www-data'
+    image: '{{ openkm_app_cont_image }}'
+    user: 'openkm'
     network_mode: 'host'
     restart: 'always'
     stop_signal: SIGINT
@@ -26,7 +26,7 @@ services:
   xvfb:
     container_name: '{{ openkm_xvfb_cont_name }}'
     image: '{{ openkm_xvfb_cont_image }}'
-    user: 'www-data'
+    user: 'openkm'
     restart: 'always'
     entrypoint: '/usr/bin/Xvfb'
     command: ':1'
