sporo poprawek w dokerfajlach; poważne zmiany w setup.sh; cron dokerfail dodany

2015-01-06 02:44:10 +01:00 · 2015-01-06 02:44:10 +01:00 · 7d7c278e75
parent 05a359bfe9
commit 7d7c278e75
5 changed files with 217 additions and 122 deletions
--- a/images/cron/Dockerfile
+++ b/images/cron/Dockerfile
@ -0,0 +1,38 @@
+#
+# crond Dockerfile
+#
+
+# Pull base image.
+FROM debian:jessie
+
+# Install Nginx.
+RUN DEBIAN_FRONTEND=noninteractive  \
+  apt-get update && \
+  apt-get install -y --no-install-recommends cron
+
+# we need to make sure that /etc/cron.* cronjobs are not run as root
+# it's not required for the operation (after all, all the cronjobs are to be
+# doing is either some http requests, or some stuff against a database)
+#
+# first, remove the unnecessary cron.daily scripts
+# 
+# then, change the user to nobody for cron.(hourly|daily|weekly|monthly),
+# conveniently configured in /etc/crontab
+#
+# finally, make sure that this sed script runs every few minutes on all /etc/cron.d files
+RUN rm -rf /etc/cron.*/* \
+ && sed -i -r -e 's/^(([/0-9*,-]+\s+){5}|@(reboot|yearly|annually|monthly|weekly|daily|midnight|hourly)\s+)root\s+(.*)/\1\tnobody\t\4/' /etc/crontab \
+ && echo "*/15 * * * *  root  sed -i -r -e 's/^(([/0-9*,-]+\s+){5}|@(reboot|yearly|annually|monthly|weekly|daily|midnight|hourly)\s+)root\s+(.*)/\1\tnobody\t\4/' /etc/cron.d/*" >> /etc/crontab
+
+# cron volumes
+VOLUME ["/etc/cron.d", "/etc/cron.daily", "/etc/cron.hourly", "/etc/cron.monthly", "/etc/cron.weekly"]
+
+# well
+WORKDIR /etc
+
+# ports
+EXPOSE 80 443
+
+# command and entrypoint
+CMD []
+ENTRYPOINT ["/usr/sbin/cron", "-f"]
--- a/images/nginx/Dockerfile
+++ b/images/nginx/Dockerfile
@ -8,7 +8,7 @@
 FROM debian:jessie

 # Install Nginx.
-RUN \
+RUN DEBIAN_FRONTEND=noninteractive \
  apt-get update && \
  apt-get install -y nginx && \
  echo "\ndaemon off;" >> /etc/nginx/nginx.conf && \
--- a/images/postgres/Dockerfile
+++ b/images/postgres/Dockerfile
@ -18,10 +18,10 @@ RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main" > /etc/
 #  them by prefixing each apt-get statement with DEBIAN_FRONTEND=noninteractive
 RUN export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get upgrade && apt-get install -y python-software-properties software-properties-common postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3

-# Well...
-#RUN echo "listen_addresses='*'" >> /etc/postgresql/9.3/main/postgresql.conf
+# clear the data dir
+RUN rm -rf /var/lib/postgresql/9.3/

-# prep script
+# prep script -- will be run each time the container is started
 ADD start.sh /var/lib/start

 # Expose the PostgreSQL port
--- a/images/postgres/start.sh
+++ b/images/postgres/start.sh
@ -14,18 +14,24 @@ cd /var/lib/postgresql
 chown -R postgres:postgres ./
 chmod -R 0700 ./

-# initdb as postgres
-su -c '/usr/lib/postgresql/9.3/bin/initdb /var/lib/postgresql/9.3/main' postgres
+# do we need to init the db?
+if [ ! -e /var/lib/postgresql/9.3/main ]; then

-# config
-# TODO: this needs to be much mroe specific for production!
-echo "host any  any  `hostname -I | sed 's/ //g'`/16  trust" >> /etc/postgresql/9.3/main/pg_hba.conf
+  # initdb as postgres
+  su -c '/usr/lib/postgresql/9.3/bin/initdb /var/lib/postgresql/9.3/main' postgres

-# create the needed databases
-/etc/init.d/postgresql start
-#su -c 'psql --command "CREATE USER some_user;"' postgres
-#su -c "psql --command \"CREATE DATABASE some_db WITH OWNER some_user TEMPLATE template0 ENCODING 'UTF8';\"" postgres
-/etc/init.d/postgresql stop
+  # config
+  # TODO: this needs to be much mroe specific for production!
+  echo "host    all    any  `hostname -I | sed 's/ //g'`/16   trust" >> /var/lib/postgresql/9.3/main/pg_hba.conf
+  echo "listen_addresses='*'" >> /var/lib/postgresql/9.3/main/postgresql.conf
+
+  # create the needed databases
+  /etc/init.d/postgresql start
+  #su -c 'psql --command "CREATE USER some_user;"' postgres
+  #su -c "psql --command \"CREATE DATABASE some_db WITH OWNER some_user TEMPLATE template0 ENCODING 'UTF8';\"" postgres
+  /etc/init.d/postgresql stop
+
+fi

 # run postgres as user postgres
-su -c '/usr/lib/postgresql/9.3/bin/postgres -D /etc/postgresql/9.3/main/' postgres
+su -c '/usr/lib/postgresql/9.3/bin/postgres -D /var/lib/postgresql/9.3/main' postgres
--- a/setup.sh
+++ b/setup.sh
@ -5,77 +5,99 @@

 # konfiguracja
 static_data_dir="/opt/hangar18"
+
+# jeśli mamy 2 argumenty, pierwszy to switch, drugi to katalog
+# jeśli tylko jeden -- albo jedno, albo drugie, trzeba rozpoznać po '--' na początku
 if [[ "$1" != "" ]]; then
  static_data_dir="$1"
 fi

-# katalog obecny
-startdir=`pwd`
-
 # prefix obrazów, kontenerów, ...
 prefix="plug"

-# budujemy nowy dom...
-cd images/
-for img in *; do
-  # informujemy
-  echo -ne "\n\n - buduję: $prefix/$img\n"
-  # budujemy
-  docker build -t "$prefix/$img" $img || exit 1
-done
+#
+# budujemy
+#

-# wracamy
-cd "$startdir"
+# czy budujemy?
+if [[ "$1" == "" || "$1" == "--build" ]]; then
+
+  # katalog obecny
+  startdir=`pwd`
+
+  # budujemy nowy dom...
+  cd images/
+  for img in *; do
+    # informujemy
+    echo -ne "\n\n - buduję: $prefix/$img\n"
+    # budujemy
+    docker build -t "$prefix/$img" $img || exit 1
+  done
+
+  # wracamy
+  cd "$startdir"
+  
+fi


 #
 # katalog konfiguracji, danych, i tak dalej
 #

-# potrzebujemy sudo
-echo "By jechać dalej, potrzebujemy sudo. To ja poproszę..."
-sudo echo -ne " ...mamy sudo, jedziemy dalej.\n\n\n" || exit 2
+if [[ "$1" == "" || "$1" == "--populate-static-data" ]]; then

-# tworzymy
-sudo mkdir -p "$static_data_dir"
-# run
-sudo mkdir "$static_data_dir/run"
-sudo mkdir "$static_data_dir/run/php-fpm"
-sudo mkdir "$static_data_dir/run/openldap"
-# logi
-sudo mkdir "$static_data_dir/logs/"
-sudo mkdir "$static_data_dir/logs/postgres"
-sudo mkdir "$static_data_dir/logs/php-fpm"
-sudo mkdir "$static_data_dir/logs/openldap"
-sudo mkdir "$static_data_dir/logs/nginx-public"
-sudo mkdir "$static_data_dir/logs/nginx-internal"
-# dane
-sudo mkdir "$static_data_dir/data"
-sudo mkdir "$static_data_dir/data/postgres"
-sudo mkdir "$static_data_dir/data/php-fpm"
-sudo mkdir "$static_data_dir/data/php-fpm/frontend"
-sudo mkdir "$static_data_dir/data/php-fpm/rest"
-sudo mkdir "$static_data_dir/data/php-fpm/pgadmin"
-sudo mkdir "$static_data_dir/data/php-fpm/ldapadmin"
-sudo rsync -av static_data/data/ "$static_data_dir/data/"
+  # potrzebujemy sudo
+  echo "By jechać dalej, potrzebujemy sudo. To ja poproszę..."
+  sudo echo -ne " ...mamy sudo, jedziemy dalej.\n\n\n" || exit 2

-# configs if needed
-if [ ! -e "$static_data_dir/configs" ]; then
-  sudo cp -a static_data/configs "$static_data_dir/configs"
+  # tworzymy
+  sudo mkdir -p "$static_data_dir"
+  # run
+  sudo mkdir "$static_data_dir/run"
+  sudo mkdir "$static_data_dir/run/php-fpm"
+  sudo mkdir "$static_data_dir/run/openldap"
+  # logi
+  sudo mkdir "$static_data_dir/logs/"
+  sudo mkdir "$static_data_dir/logs/postgres"
+  sudo mkdir "$static_data_dir/logs/php-fpm"
+  sudo mkdir "$static_data_dir/logs/openldap"
+  sudo mkdir "$static_data_dir/logs/nginx-public"
+  sudo mkdir "$static_data_dir/logs/nginx-internal"
+  # dane
+  sudo mkdir "$static_data_dir/data"
+  sudo mkdir "$static_data_dir/data/postgres"
+  sudo mkdir "$static_data_dir/data/php-fpm"
+  sudo mkdir "$static_data_dir/data/php-fpm/frontend"
+  sudo mkdir "$static_data_dir/data/php-fpm/rest"
+  sudo mkdir "$static_data_dir/data/php-fpm/pgadmin"
+  sudo mkdir "$static_data_dir/data/php-fpm/ldapadmin"
+  sudo mkdir "$static_data_dir/cron"
+  sudo mkdir "$static_data_dir/cron/d"
+  sudo mkdir "$static_data_dir/cron/daily"
+  sudo mkdir "$static_data_dir/cron/weekly"
+  sudo mkdir "$static_data_dir/cron/hourly"
+  sudo mkdir "$static_data_dir/cron/monthly"
+  sudo rsync -av static_data/data/ "$static_data_dir/data/"
+
+  # configs if needed
+  if [ ! -e "$static_data_dir/configs" ]; then
+    sudo cp -a static_data/configs "$static_data_dir/configs"
+  fi
+
+  # uprawnienia
+  sudo chown -R root:root "$static_data_dir"
+  
 fi

-# uprawnienia
-sudo chown -R root:root "$static_data_dir"
-

 #
 # obrazy
 #

-# postgres
 img_postgres="$prefix/postgres"
 img_nginx="$prefix/nginx"
 img_phpfpm="$prefix/php-fpm"
+img_cron="$prefix/cron"

 #
 # kontenery
@ -91,83 +113,112 @@ cnt_phpfpm_frontend="$prefix-php-fpm.frontend"
 cnt_phpfpm_rest="$prefix-php-fpm.rest"
 cnt_phpfpm_pgadmin="$prefix-php-fpm.pgadmin"
 cnt_phpfpm_ldapadmin="$prefix-php-fpm.ldapadmin"
+# cron
+cnt_cron="$prefix-cron"


 #
 # czyścimy
 #
-docker kill $cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_phpfpm_rest $cnt_phpfpm_pgadmin $cnt_phpfpm_ldapadmin
-docker rm -v $cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_phpfpm_rest $cnt_phpfpm_pgadmin $cnt_phpfpm_ldapadmin
+
+if [[ "$1" == "" || "$1" == "--kill" ]]; then
+
+  docker kill $cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_phpfpm_rest $cnt_phpfpm_pgadmin $cnt_phpfpm_ldapadmin
+  docker rm -v $cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_phpfpm_rest $cnt_phpfpm_pgadmin $cnt_phpfpm_ldapadmin
+
+fi

 #
 # odpalamy kolejno dockery
 #

-set -x
+if [[ "$1" == "" || "$1" == "--run" ]]; then

-# postgres wpierw, inne się doń łączą
-docker run -d \
- -v "$static_data_dir/data/postgres":/var/lib/postgresql/ \
- --name $cnt_postgres \
- $img_postgres
+  set -x

-# czas na nginxy
-# - publiczny
-docker run -d \
- -v "$static_data_dir/configs/nginx-public/":/etc/nginx/sites-enabled:ro \
- -v "$static_data_dir/logs/nginx-public/":/var/log/nginx/ \
- -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm/ \
- -v "$static_data_dir/data/php-fpm/":/opt/php/ \
- --name $cnt_nginx_public \
- $img_nginx
+  # postgres wpierw, inne się doń łączą
+  docker run -d \
+  -v "$static_data_dir/data/postgres":/var/lib/postgresql/ \
+  --name $cnt_postgres \
+  $img_postgres

-# - wewnętrzny
-docker run -d \
- -v "$static_data_dir/configs/nginx-internal/":/etc/nginx/sites-enabled:ro \
- -v "$static_data_dir/logs/nginx-internal/":/var/log/nginx/ \
- -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm/ \
- -v "$static_data_dir/data/php-fpm/":/opt/php/ \
- --name $cnt_nginx_internal \
- $img_nginx
+  # czas na nginxy
+  # - publiczny
+  docker run -d \
+  -v "$static_data_dir/configs/nginx-public/":/etc/nginx/sites-enabled:ro \
+  -v "$static_data_dir/logs/nginx-public/":/var/log/nginx/ \
+  -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm/ \
+  -v "$static_data_dir/data/php-fpm/":/opt/php/ \
+  --name $cnt_nginx_public \
+  $img_nginx

-# a teraz php-fpmy!
-# - frontend
-docker run -d \
- -v "$static_data_dir/data/php-fpm/frontend/":/opt/php/frontend/ \
- -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
- -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
- --link $cnt_nginx_internal:rest \
- -e "APP_NAME=frontend" \
- --name $cnt_phpfpm_frontend \
- $img_phpfpm
+  # - wewnętrzny
+  docker run -d \
+  -v "$static_data_dir/configs/nginx-internal/":/etc/nginx/sites-enabled:ro \
+  -v "$static_data_dir/logs/nginx-internal/":/var/log/nginx/ \
+  -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm/ \
+  -v "$static_data_dir/data/php-fpm/":/opt/php/ \
+  --name $cnt_nginx_internal \
+  $img_nginx

-# - rest
-docker run -d \
-v "$static_data_dir/data/php-fpm/rest/":/opt/php/rest/ \
- -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
- -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
- --link $cnt_postgres:$cnt_postgres \
- -e "APP_NAME=rest" \
- --name $cnt_phpfpm_rest \
- $img_phpfpm
+  # a teraz php-fpmy!
+  # - frontend
+  docker run -d \
+  -v "$static_data_dir/data/php-fpm/frontend/":/opt/php/frontend/ \
+  -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
+  -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
+  --link $cnt_nginx_internal:rest \
+  -e "APP_NAME=frontend" \
+  --name $cnt_phpfpm_frontend \
+  $img_phpfpm

-# - pgadmin
-docker run -d \
- -v "$static_data_dir/data/php-fpm/pgadmin/":/opt/php/pgadmin/ \
- -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
- -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
- --link $cnt_postgres:$cnt_postgres \
- -e "APP_NAME=pgadmin" \
- --name $cnt_phpfpm_pgadmin \
- $img_phpfpm
+  # - rest
+  docker run -d \
+  -v "$static_data_dir/data/php-fpm/rest/":/opt/php/rest/ \
+  -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
+  -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
+  --link $cnt_postgres:$cnt_postgres \
+  -e "APP_NAME=rest" \
+  --name $cnt_phpfpm_rest \
+  $img_phpfpm

-# - ldapadmin
-#docker run -d \
-# -v "$static_data_dir/data/php-fpm/ldapadmin/":/opt/php/ldapadmin/ \
-# -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
-# -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
-# -e "APP_NAME=ldapadmin" \
-# --name $cnt_phpfpm_ldapadmin \
-# $img_phpfpm
+  # - pgadmin
+  docker run -d \
+  -v "$static_data_dir/data/php-fpm/pgadmin/":/opt/php/pgadmin/ \
+  -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
+  -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
+  --link $cnt_postgres:$cnt_postgres \
+  -e "APP_NAME=pgadmin" \
+  --name $cnt_phpfpm_pgadmin \
+  $img_phpfpm

-set +x
+  # - ldapadmin
+  #docker run -d \
+  # -v "$static_data_dir/data/php-fpm/ldapadmin/":/opt/php/ldapadmin/ \
+  # -v "$static_data_dir/logs/php-fpm/":/var/log/php-fpm \
+  # -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm \
+  # -e "APP_NAME=ldapadmin" \
+  # --name $cnt_phpfpm_ldapadmin \
+  # $img_phpfpm
+  
+  # - cron
+  # czy powinien mieć dostęp do db i ldapa?
+  docker run -d \
+  -v "$static_data_dir/data/cron/d/":/etc/cron.d/ \
+  -v "$static_data_dir/data/cron/daily/":/etc/cron.daily/ \
+  -v "$static_data_dir/data/cron/weekly/":/etc/cron.weekly/ \
+  -v "$static_data_dir/data/cron/hourly/":/etc/cron.hourly/ \
+  -v "$static_data_dir/data/cron/monthly/":/etc/cron.monthly/ \
+  --name $cnt_cron \
+  $img_cron
+
+  set +x
+
+fi
+
+# food for thought
+# https://medium.com/coding-and-deploying-in-the-cloud/simple-logging-to-logentries-from-a-docker-container-d3609073db30
+# http://phusion.github.io/baseimage-docker/
+# https://blog.logentries.com/2014/03/how-to-run-rsyslog-in-a-docker-container-for-logging/
+# https://github.com/octohost/remote_syslog
+# http://www.projectatomic.io/blog/2014/09/running-syslog-within-a-docker-container/