diff options
author | Clark Laughlin <clark.laughlin@linaro.org> | 2015-11-20 16:13:52 -0500 |
---|---|---|
committer | Clark Laughlin <clark.laughlin@linaro.org> | 2015-11-20 16:13:52 -0500 |
commit | dce3b0308d037b68e5d1ca20bc1c7d99df565cbd (patch) | |
tree | 58a83933c187a2881f9a8507180979657dfa7371 | |
parent | 739191037d232d4833f28754cda41af73a773712 (diff) |
lots of changes!
-rw-r--r-- | .gitignore | 5 | ||||
-rwxr-xr-x | build-local-images | 34 | ||||
-rw-r--r-- | config | 12 | ||||
-rwxr-xr-x | containers.d/00-reverse-proxy | 15 | ||||
-rwxr-xr-x | containers.d/10-database | 7 | ||||
-rwxr-xr-x | containers.d/20-portus | 74 | ||||
-rwxr-xr-x | containers.d/20-registry | 30 | ||||
-rwxr-xr-x | containers.d/30-portus | 18 | ||||
-rwxr-xr-x | containers.d/30-registry | 29 | ||||
-rwxr-xr-x | containers.d/40-crono | 20 | ||||
-rw-r--r-- | logs/.gitignore | 0 | ||||
-rwxr-xr-x | portus-adduser | 18 | ||||
-rw-r--r-- | portus-config.yml | 3 | ||||
-rw-r--r-- | portus.dockerfile | 5 | ||||
-rw-r--r-- | registry-config.yml | 30 | ||||
-rw-r--r-- | registry.dockerfile | 5 | ||||
-rwxr-xr-x | start-registry | 40 | ||||
-rwxr-xr-x | teardown | 9 |
18 files changed, 279 insertions, 75 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..54ddbf3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +certs/ +aws-auth-data +portus-secret-data +logs/*.log +portus/ diff --git a/build-local-images b/build-local-images new file mode 100755 index 0000000..7831561 --- /dev/null +++ b/build-local-images @@ -0,0 +1,34 @@ +#!/bin/bash + +BASE=${PWD} +PORTUS_SOURCE=${BASE}/portus + +# clone SUSE/Portus +if [ -d ${PORTUS_SOURCE} ]; then + rm -rf ${PORTUS_SOURCE} +fi +git clone https://github.com/suse/Portus ${PORTUS_SOURCE} + +# build suse/portus +check_portus_image=$(docker images | grep suse/portus) +if [ ! -z "${check_portus_image}" ] ; then + docker rmi suse/portus +fi +pushd ${PORTUS_SOURCE} +docker build --tag=suse/portus . +popd + +# build local/portus +check_portus_image=$(docker images | grep local/portus) +if [ ! -z "${check_portus_image}" ] ; then + docker rmi local/portus +fi +docker build --tag=local/portus -f ${BASE}/portus.dockerfile ${BASE} + +# build local/registry +check_registry_image=$(docker images | grep local/registry) +if [ ! -z "${check_registry_image}" ] ; then + docker rmi local/registry +fi +docker build --tag=local/registry -f ${BASE}/registry.dockerfile ${BASE} + @@ -0,0 +1,12 @@ +BASE=${PWD} +CERTS_DIR=${BASE}/certs +DATABASE_DATA=/srv/portus-data +REGISTRY_STORAGE=/srv/registry-data + +AWS_AUTH_DATA=${BASE}/aws-auth-data +PORTUS_SECRET_DATA=${BASE}/portus-secret-data +PORTUS_IMAGE=local/portus +REGISTRY_IMAGE=local/registry +DOCKER_REGISTRY_VIRTUAL_HOST=docker-registry.linaro.org +DOCKER_PORTUS_VIRTUAL_HOST=docker-auth.linaro.org + diff --git a/containers.d/00-reverse-proxy b/containers.d/00-reverse-proxy index 04c867c..7027828 100755 --- a/containers.d/00-reverse-proxy +++ b/containers.d/00-reverse-proxy @@ -1,13 +1,16 @@ #!/bin/bash +DOCKER_IMAGE=jwilder/nginx-proxy + # start the reverse proxy docker run -d --name reverse-proxy \ - -p 80:80 \ - -p 443:443 \ - --restart=always \ - -v ${BASE}/nginx-reverse-proxy.conf:/etc/nginx/conf.d/custom.conf:ro \ - -v /var/run/docker.sock:/tmp/docker.sock \ - jwilder/nginx-proxy + -p 80:80 \ + -p 443:443 \ + --restart=always \ + -v ${BASE}/nginx-reverse-proxy.conf:/etc/nginx/conf.d/custom.conf:ro \ + -v ${CERTS_DIR}:/etc/nginx/certs \ + -v /var/run/docker.sock:/tmp/docker.sock \ + ${DOCKER_IMAGE} # # to add portals represented by CNAMEs, you must define diff --git a/containers.d/10-database b/containers.d/10-database index 1317f0f..562dc83 100755 --- a/containers.d/10-database +++ b/containers.d/10-database @@ -1,8 +1,11 @@ #!/bin/bash +DOCKER_IMAGE=library/mariadb + echo "start database" docker run -d \ --name=portus-database \ - --restart=always \ + --restart=unless-stopped \ + -v ${DATABASE_DATA}:/var/lib/mysql \ -e "MYSQL_ROOT_PASSWORD=portus" \ - library/mariadb + ${DOCKER_IMAGE} diff --git a/containers.d/20-portus b/containers.d/20-portus new file mode 100755 index 0000000..04636e1 --- /dev/null +++ b/containers.d/20-portus @@ -0,0 +1,74 @@ +#!/bin/bash + +DOCKER_IMAGE=local/portus + +run_portus_container() { + name=${1} + run_command=${2} + remove_on_exit=${3} + detached=${4} + restart=${5} + + echo "start Portus: '${run_command}'" + docker run \ + -d=${detached} \ + --name=${name} \ + --restart=${restart} \ + --rm=${remove_on_exit} \ + -p 3000:3000 \ + -e VIRTUAL_HOST=${DOCKER_PORTUS_VIRTUAL_HOST} \ + -e RAILS_ENV=production \ + -e PORTUS_KEY_PATH=/ssl/linaro.org.key \ + -e PORTUS_SECRET_KEY_BASE=${PORTUS_SECRET_KEY} \ + -e PORTUS_MACHINE_FQDN=${DOCKER_PORTUS_VIRTUAL_HOST} \ + -e PORTUS_PASSWORD=${PORTUS_PASSWORD} \ + -e PORTUS_PRODUCTION_HOST=${PORTUS_DB_HOST} \ + -e PORTUS_PRODUCTION_USERNAME=${PORTUS_DB_USER} \ + -e PORTUS_PRODUCTION_PASSWORD=${PORTUS_DB_PASSWORD} \ + -e PORTUS_PRODUCTION_DATABASE=${PORTUS_DB_DATABASE} \ + --link=portus-database:db \ + -v ${BASE}/portus-config.yml:/portus/config/config-local.yml \ + -v ${BASE}/logs:/portus/log \ + -v ${CERTS_DIR}:/ssl:ro \ + ${DOCKER_IMAGE} \ + ${run_command} +} + +setup_database() { + set +e + + TIMEOUT=90 + COUNT=0 + RETRY=1 + + while [ $RETRY -ne 0 ]; do + if [ "$COUNT" -ge "$TIMEOUT" ]; then + printf " [FAIL]\n" + echo "Timeout reached, exiting with error" + exit 1 + fi + echo "Waiting for mariadb to be ready..." + sleep 10 + COUNT=$((COUNT+5)) + + printf "Configuring database..." + run_portus_container temp "rake db:create" true false no + run_portus_container temp "rake db:migrate" true false no + run_portus_container temp "rake db:seed" true false no + + RETRY=$? + if [ $RETRY -ne 0 ]; then + printf " failed, will retry\n" + fi + done + printf " [SUCCESS]\n" + set -e +} + +if [ "$(ls -A ${DATABASE_DATA})" ]; then + echo "skipping database setup" +else + setup_database +fi + +run_portus_container portus "puma -b tcp://0.0.0.0:3000 -w 3" false true unless-stopped diff --git a/containers.d/20-registry b/containers.d/20-registry deleted file mode 100755 index abd6d3b..0000000 --- a/containers.d/20-registry +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -echo "start registry" -docker run -d \ - --name=docker-registry-v2 \ - --restart=always \ - -e VIRTUAL_HOST=${DOCKER_REGISTRY_VIRTUAL_HOST} \ - -e VIRTUAL_PROTO=https \ - -p 5000:5000 \ - -v ${CERTS_DIR}:/ssl:ro \ - -e REGISTRY_NOTIFICATIONS_ENDPOINTS_NAME=portus \ - -e REGISTRY_NOTIFICATIONS_ENDPOINTS_URL=https://portus:3000/v2/webhooks/events \ - -e REGISTRY_NOTIFICATIONS_ENDPOINTS_TIMEOUT=500ms \ - -e REGISTRY_NOTIFICATIONS_ENDPOINTS_THRESHOLD=5 \ - -e REGISTRY_NOTIFICATIONS_ENDPOINTS_BACKOFF=1s \ - -e REGISTRY_HTTP_TLS_CERTIFICATE=/ssl/linaro.org.crt \ - -e REGISTRY_HTTP_TLS_KEY=/ssl/linaro.org.key \ - -e REGISTRY_AUTH=token \ - -e REGISTRY_AUTH_TOKEN_REALM=https://docker-auth.linaro.org:5001/auth \ - -e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \ - -e REGISTRY_AUTH_TOKEN_ISSUER="Linaro Registry Auth Service" \ - -e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/linaro.org.crt \ - -e REGISTRY_STORAGE_S3_ACCESSKEY=${S3_ACCESSKEY} \ - -e REGISTRY_STORAGE_S3_SECRETKEY=${S3_SECRETKEY} \ - -e REGISTRY_STORAGE_S3_REGION=us-east-1 \ - -e REGISTRY_STORAGE_S3_BUCKET=docker.linaro.org \ - -e REGISTRY_STORAGE_S3_ROOTDIRECTORY=/images \ - --link=portus:portus \ - registry:2.1.1 - diff --git a/containers.d/30-portus b/containers.d/30-portus deleted file mode 100755 index d428c24..0000000 --- a/containers.d/30-portus +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -echo "start Portus" -docker run -d \ - --name=portus \ - --restart=always \ - -e VIRTUAL_HOST=${DOCKER_PORTUS_VIRTUAL_HOST} \ - -e RAILS_ENV=production \ - -e PORTUS_KEY_PATH=/ssl/linaro.org.key \ - -e PORTUS_SECRET_KEY_BASE=${PORTUS_SECRET_KEY} \ - -e PORTUS_MACHINE_FQDN=${DOCKER_PORTUS_VIRTUAL_HOST} \ - -e PORTUS_PASSWORD=L1nar0 \ - --link=portus-database:db \ - clarktlaugh/portus \ - -v .:/portus \ - -v ${CERTS_DIR}:/ssl:ro \ - puma -b tcp://0.0.0.0:3000 -w 3 - diff --git a/containers.d/30-registry b/containers.d/30-registry new file mode 100755 index 0000000..2fe69e3 --- /dev/null +++ b/containers.d/30-registry @@ -0,0 +1,29 @@ +#/bin/bash + +DOCKER_IMAGE=local/registry + +echo "start registry" +docker run -d \ + --name=docker-registry-v2 \ + --restart=unless-stopped \ + -e VIRTUAL_HOST=${DOCKER_REGISTRY_VIRTUAL_HOST} \ + -e VIRTUAL_PORT=5000 \ + -e VIRTUAL_PROTO=https \ + -p 5000:5000 \ + -p 5001:5001 \ + -v ${BASE}/registry-config.yml:/etc/docker/registry/config.yml \ + -v ${CERTS_DIR}:/ssl:ro \ + -v ${REGISTRY_STORAGE}:/var/lib/registry \ + -e REGISTRY_HTTP_TLS_CERTIFICATE=/ssl/linaro.org.crt \ + -e REGISTRY_HTTP_TLS_KEY=/ssl/linaro.org.key \ + -e REGISTRY_AUTH=token \ + -e REGISTRY_LOG_LEVEL=debug \ + -e REGISTRY_AUTH_TOKEN_REALM=https://docker-auth.linaro.org/v2/token \ + -e REGISTRY_AUTH_TOKEN_SERVICE=docker-registry.linaro.org \ + -e REGISTRY_AUTH_TOKEN_ISSUER=docker-auth.linaro.org \ + -e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/linaro.org.crt \ + --link=portus:portus \ + ${DOCKER_IMAGE} + +# -e REGISTRY_STORAGE_S3_ACCESSKEY=${AWS_ACCESS_KEY_ID} \ +# -e REGISTRY_STORAGE_S3_SECRETKEY=${AWS_SECRET_ACCESS_KEY} \ diff --git a/containers.d/40-crono b/containers.d/40-crono index dc2c0b8..bb774e6 100755 --- a/containers.d/40-crono +++ b/containers.d/40-crono @@ -1,11 +1,23 @@ #!/bin/bash +DOCKER_IMAGE=local/portus + echo "start Crono" docker run -d \ --name=portus-crono \ - --restart=always \ - --link=portus:web \ - -v .:/portus \ - clarktlaugh/portus \ + --restart=unless-stopped \ + -e RAILS_ENV=production \ + -e PORTUS_KEY_PATH=/ssl/linaro.org.key \ + -e PORTUS_SECRET_KEY_BASE=${PORTUS_SECRET_KEY} \ + -e PORTUS_MACHINE_FQDN=${DOCKER_PORTUS_VIRTUAL_HOST} \ + -e PORTUS_PASSWORD=${PORTUS_PASSWORD} \ + -e PORTUS_PRODUCTION_HOST=${PORTUS_DB_HOST} \ + -e PORTUS_PRODUCTION_USERNAME=${PORTUS_DB_USER} \ + -e PORTUS_PRODUCTION_PASSWORD=${PORTUS_DB_PASSWORD} \ + -e PORTUS_PRODUCTION_DATABASE=${PORTUS_DB_DATABASE} \ + --link=portus-database:db \ + -v ${BASE}/logs:/portus/log \ + -v ${CERTS_DIR}:/ssl:ro \ + ${DOCKER_IMAGE} \ /usr/bin/supervisord diff --git a/logs/.gitignore b/logs/.gitignore new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/logs/.gitignore diff --git a/portus-adduser b/portus-adduser new file mode 100755 index 0000000..7a79aef --- /dev/null +++ b/portus-adduser @@ -0,0 +1,18 @@ +#!/bin/bash + +default_password=$(date +%s | sha256sum | base64 | head -c 16) + +username=${1} +email=${2} +isadmin=${3:-false} +password=${4:-${default_password}} + +echo "New User Information" +echo "-------------------------------------------------------" +echo "Username: ${username}" +echo "Password: ${password}" +echo "Is admin? ${isadmin}" +echo "" + +docker exec portus rake "portus:create_user[${username}, ${email}, ${password}, ${isadmin}]" + diff --git a/portus-config.yml b/portus-config.yml new file mode 100644 index 0000000..0a63c1f --- /dev/null +++ b/portus-config.yml @@ -0,0 +1,3 @@ +signup: + enabled: false + verify: true diff --git a/portus.dockerfile b/portus.dockerfile new file mode 100644 index 0000000..e43d3ac --- /dev/null +++ b/portus.dockerfile @@ -0,0 +1,5 @@ +FROM suse/portus + +#COPY certs/gd_bundle-g2-g1.crt /usr/local/share/ca-certificates +RUN update-ca-certificates + diff --git a/registry-config.yml b/registry-config.yml new file mode 100644 index 0000000..c23f033 --- /dev/null +++ b/registry-config.yml @@ -0,0 +1,30 @@ +version: 0.1 +loglevel: debug +storage: + filesystem: + rootdirectory: /var/lib/registry +# s3: +# region: us-east-1 +# bucket: docker.linaro.org +# rootdirectory: /images +# secure: false +# redirect: false + delete: + enabled: true +http: + addr: 0.0.0.0:5000 + debug: + addr: 0.0.0.0:5001 +auth: + token: + realm: https://docker-auth.linaro.org/v2/token + service: docker-registry.linaro.org + issuer: docker-auth.linaro.org +notifications: + endpoints: + - name: portus + url: https://docker-auth.linaro.org/v2/webhooks/events + timeout: 500ms + threshold: 5 + backoff: 1s + diff --git a/registry.dockerfile b/registry.dockerfile new file mode 100644 index 0000000..5cb1d55 --- /dev/null +++ b/registry.dockerfile @@ -0,0 +1,5 @@ +FROM registry:2.2.0 + +#COPY certs/gd_bundle-g2-g1.crt /usr/local/share/ca-certificates +RUN update-ca-certificates + diff --git a/start-registry b/start-registry index 76c8bd9..27ac9fd 100755 --- a/start-registry +++ b/start-registry @@ -1,12 +1,6 @@ #!/bin/bash -BASE=${PWD} -CERTS_DIR=${BASE}/certs -S3_AUTH_DATA=${BASE}/s3-auth-data -PORTUS_SECRET_DATA=${BASE}/portus-secret-data - -DOCKER_REGISTRY_VIRTUAL_HOST=docker-registry.linaro.org -DOCKER_PORTUS_VIRTUAL_HOST=docker-auth.linaro.org +. ./config run_container_scripts() { @@ -20,6 +14,7 @@ run_container_scripts() done } + if [ ! -d ${CERTS_DIR} ]; then echo "${CERTS_DIR}: not found!" echo "" @@ -30,24 +25,39 @@ if [ ! -d ${CERTS_DIR} ]; then exit 1 fi - -if [ ! -f ${S3_AUTH_DATA} ]; then - echo "${S3_AUTH_DATA}: not found!" +if [ ! -f ${AWS_AUTH_DATA} ]; then + echo "${AWS_AUTH_DATA}: not found!" echo "" - echo "Create file: ${S3_AUTH_DATA} and add the following:" - echo " S3-SECRETKEY=foo" - echo " S3-ACCESSKEY=foo" + echo "Create file: ${AWS_AUTH_DATA} and add the following:" + echo " AWS_ACCESS_KEY_ID=foo" + echo " AWS_SECRET_ACCESS_KEY=bar" + echo " AWS_DEFAULT_REGION=us-east-1" exit 1 fi -source ${S3_AUTH_DATA} +source ${AWS_AUTH_DATA} if [ ! -f ${PORTUS_SECRET_DATA} ]; then echo "${PORTUS_SECRET_DATA}: not found!" echo "" echo "Create file: ${PORTUS_SECRET_DATA} and add the following:" echo " PORTUS_SECRET_KEY=foo" + echo " PORTUS_PASSWORD=bar" exit 1 fi source ${PORTUS_SECRET_DATA} -run_container_scripts ${BASE}/containers.d +for image in ${PORTUS_IMAGE} ${REGISTRY_IMAGE} ; do + check_image=$(docker images | grep ${image}) + if [ -z "${check_image}" ] ; then + echo "Image ${image} not found! Run build-local-images!" + exit 1 + fi +done + +single_script=${1} +if [ ! -z "${single_script}" ] ; then + . ${single_script} +else + run_container_scripts ${BASE}/containers.d +fi + diff --git a/teardown b/teardown new file mode 100755 index 0000000..19aa57f --- /dev/null +++ b/teardown @@ -0,0 +1,9 @@ +#!/bin/bash + +containers="reverse-proxy portus docker-registry-v2 portus-database portus-crono" + +for cname in $containers +do + docker kill $cname + docker rm -v $cname +done |