From 1296089607e190f4d8172bfaaad4a51acf689c37 Mon Sep 17 00:00:00 2001 From: Ross Date: Mon, 29 Jun 2026 11:57:58 +0100 Subject: [PATCH] refactor: remove Loki, Promtail, and Grafana services from Docker Compose files --- docker/docker-compose.dev.yml | 42 +--------------- docker/docker-compose.prod.yml | 92 +++++++++++++++++----------------- rad/Dockerfile.prod | 37 +++++++------- 3 files changed, 65 insertions(+), 106 deletions(-) diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml index c9d62a12..f614ea75 100644 --- a/docker/docker-compose.dev.yml +++ b/docker/docker-compose.dev.yml @@ -49,45 +49,5 @@ services: - ../../static:/usr/src/app/static:ro - /home/ross/rts:/usr/src/app/rts:ro - loki: - image: grafana/loki:2.8.2 - command: -config.file=/etc/loki/local-config.yaml - ports: - - "3100:3100" - volumes: - - ./loki-config/local-config.yaml:/etc/loki/local-config.yaml:ro - - ./loki-data:/loki - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "wget -qO- http://localhost:3100/ready || exit 1"] - interval: 5s - timeout: 3s - retries: 6 - - promtail: - image: grafana/promtail:2.8.2 - volumes: - - ../logs:/var/log/rad:ro - - ./promtail-config.yml:/etc/promtail/promtail-config.yml:ro - command: -config.file=/etc/promtail/promtail-config.yml - depends_on: - - loki - restart: unless-stopped - - grafana: - image: grafana/grafana:10.2.0 - ports: - - "3000:3000" - environment: - - GF_SECURITY_ADMIN_PASSWORD=admin - volumes: - - grafana-data:/var/lib/grafana - depends_on: - loki: - condition: service_healthy - restart: unless-stopped - -volumes: - grafana-data: - loki-data: +# No additional volumes required for local dev diff --git a/docker/docker-compose.prod.yml b/docker/docker-compose.prod.yml index 4b303123..93e01a4e 100644 --- a/docker/docker-compose.prod.yml +++ b/docker/docker-compose.prod.yml @@ -86,58 +86,58 @@ services: timeout: 10s retries: 3 - # Optional local observability stack (can be enabled on servers that - # should run Loki/Grafana). These services use configs found under - # the repository `docker/` directory so the same config works in dev. - loki: - image: grafana/loki:2.8.2 - command: -config.file=/etc/loki/local-config.yaml - ports: - - "3100:3100" - volumes: - - ./loki-config/local-config.yaml:/etc/loki/local-config.yaml:ro - - ../docker/loki-data:/loki - # WAL directory: map a host folder so Loki (running as UID 10001) - # can create the write-ahead log. Host folder created under - # `docker/loki-wal` and owned by UID 10001. - - ../docker/loki-wal:/wal - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "wget -qO- http://localhost:3100/ready || exit 1"] - interval: 10s - timeout: 5s - retries: 6 - - promtail: - image: grafana/promtail:2.8.2 - volumes: - # In prod you may want to point this at the host system log directory. - - ../logs:/var/log/rad:ro - - ./promtail-config.yml:/etc/promtail/promtail-config.yml:ro - command: -config.file=/etc/promtail/promtail-config.yml - depends_on: - - loki - restart: unless-stopped - - grafana: - image: grafana/grafana:10.2.0 - ports: - - "3000:3000" - environment: - - GF_SECURITY_ADMIN_PASSWORD=admin - volumes: - - grafana-data:/var/lib/grafana - depends_on: - loki: - condition: service_healthy - restart: unless-stopped +# # Optional local observability stack (can be enabled on servers that +# # should run Loki/Grafana). These services use configs found under +# # the repository `docker/` directory so the same config works in dev. +# loki: +# image: grafana/loki:2.8.2 +# command: -config.file=/etc/loki/local-config.yaml +# ports: +# - "3100:3100" +# volumes: +# - ./loki-config/local-config.yaml:/etc/loki/local-config.yaml:ro +# - ../docker/loki-data:/loki +# # WAL directory: map a host folder so Loki (running as UID 10001) +# # can create the write-ahead log. Host folder created under +# # `docker/loki-wal` and owned by UID 10001. +# - ../docker/loki-wal:/wal +# restart: unless-stopped +# healthcheck: +# test: ["CMD-SHELL", "wget -qO- http://localhost:3100/ready || exit 1"] +# interval: 10s +# timeout: 5s +# retries: 6 +# +# promtail: +# image: grafana/promtail:2.8.2 +# volumes: +# # In prod you may want to point this at the host system log directory. +# - ../logs:/var/log/rad:ro +# - ./promtail-config.yml:/etc/promtail/promtail-config.yml:ro +# command: -config.file=/etc/promtail/promtail-config.yml +# depends_on: +# - loki +# restart: unless-stopped +# +# grafana: +# image: grafana/grafana:10.2.0 +# ports: +# - "3000:3000" +# environment: +# - GF_SECURITY_ADMIN_PASSWORD=admin +# volumes: +# - grafana-data:/var/lib/grafana +# depends_on: +# loki: +# condition: service_healthy +# restart: unless-stopped volumes: postgres_data: redis_data: static_volume: media_volume: - grafana-data: + #grafana-data: networks: default: diff --git a/rad/Dockerfile.prod b/rad/Dockerfile.prod index f65b66f8..730d8c34 100644 --- a/rad/Dockerfile.prod +++ b/rad/Dockerfile.prod @@ -38,28 +38,31 @@ RUN mkdir -p /wheels \ && /tmp/venvbuild/bin/pip wheel --wheel-dir=/wheels -r requirements.txt \ && rm -rf /tmp/venvbuild -# Create the final uv-managed venv and install from the cached wheels where -# possible. Using `--no-index --find-links=/wheels` makes pip prefer the -# prebuilt wheels, avoiding recompilation. -RUN uv venv /opt/venv \ - && export VIRTUAL_ENV=/opt/venv \ - && export PATH="/opt/venv/bin:$PATH" \ +# Create non-root user before creating the venv so we can install as that +# user and avoid expensive recursive `chown -R` operations on large paths. +RUN useradd -m appuser + +# Create the final uv-managed venv inside the app user's home and install +# from the cached wheels where possible. Running the venv creation and +# installation as `appuser` ensures ownership is correct without a later +# recursive chown. +USER appuser +RUN uv venv /home/appuser/.venv \ + && export VIRTUAL_ENV=/home/appuser/.venv \ + && export PATH="/home/appuser/.venv/bin:$PATH" \ && uv pip install --upgrade pip setuptools wheel \ && uv pip install --no-index --find-links=/wheels -r requirements.txt # Ensure the runtime environment uses the uv-managed venv by default. -# This persists the venv into image ENV so `python` and `gunicorn` point -# to the venv-installed binaries at container start. -ENV VIRTUAL_ENV=/opt/venv -ENV PATH="/opt/venv/bin:$PATH" +ENV VIRTUAL_ENV=/home/appuser/.venv +ENV PATH="/home/appuser/.venv/bin:$PATH" -# Create non-root user before copying files so we can use Docker's -# `--chown` flag during COPY and avoid an expensive recursive `chown -R`. -RUN useradd -m appuser +# Switch back to root to copy project files and prepare the log directory. +USER root # Create directory for application logs and ensure ownership is correct. -# Do this as root before switching to `appuser` so the directory exists -# and can be mounted by the dev compose override. +# Do this as root before switching to `appuser` so the directory exists and +# can be mounted by the dev compose override. RUN mkdir -p /var/log/rad \ && chown -R appuser:appuser /var/log/rad @@ -67,10 +70,6 @@ RUN mkdir -p /var/log/rad \ # a separate `chown -R` step). This keeps layer reuse efficient. COPY --chown=appuser:appuser . /usr/src/app -# Ensure the venv is usable by the non-root user; chown only the venv path -# (much smaller than the whole project tree) to avoid a long recursive chown. -RUN chown -R appuser:appuser /opt/venv - # Make the entrypoint executable (some files in the repo may not have the # executable bit set). Do this as root before switching to the app user. RUN [ -f /usr/src/app/entrypoint.sh ] && chmod +x /usr/src/app/entrypoint.sh || true