@@ -13,8 +13,6 @@ steps: | |||
/certbot/scripts/certbot.py ] | |||
- [ files/crontab_nobody, | |||
/root/crontab_nobody ] | |||
- [ ../files/cookiecutter.json, | |||
/certbot/data/metadata.json ] | |||
- run: | |||
- crontab -u nobody /root/crontab_nobody | |||
- rm -v /root/crontab_nobody | |||
@@ -1,5 +1,17 @@ | |||
exec.prebuild: | |||
- focker volume remove --force gateway-cookiecutter | |||
exec.postbuild: | |||
- python3 getmetadata.py | |||
- | | |||
focker jail oneshot -m `pwd`/files:/cookiecutter/input/meta \ | |||
`pwd`/nginx-http/files:/cookiecutter/input/nginx-http \ | |||
`pwd`/nginx-https/files:/cookiecutter/input/nginx-https \ | |||
gateway-cookiecutter:/cookiecutter/output \ | |||
-- \ | |||
gateway-cookiecutter \ | |||
/cookiecutter/scripts/run.sh | |||
volumes: | |||
@@ -9,13 +21,17 @@ volumes: | |||
zfs: | |||
quota: 1G | |||
certbot-webroot: | |||
chown: 65534:65534 | |||
chown: 65534:80 | |||
chmod: 0750 | |||
zfs: | |||
quota: 1G | |||
gateway-cookiecutter: | |||
zfs: | |||
quota: 1G | |||
images: | |||
gateway-cookiecutter: ./gateway-cookiecutter | |||
nginx-http: ./nginx-http | |||
nginx-https: ./nginx-https | |||
certbot: ./certbot | |||
@@ -26,7 +42,12 @@ jails: | |||
image: nginx-http | |||
mounts: | |||
certbot-webroot: /certbot/webroot | |||
gateway-cookiecutter: /cookiecutter | |||
ip4.addr: 127.0.12.1 | |||
exec.start: | | |||
cp -v /cookiecutter/nginx-http/nginx.conf \ | |||
/usr/local/etc/nginx/nginx.conf && \ | |||
/bin/sh /etc/rc | |||
certbot: | |||
image: certbot | |||
@@ -34,7 +55,10 @@ jails: | |||
mounts: | |||
certbot-data: /usr/local/etc/letsencrypt | |||
certbot-webroot: /certbot/webroot | |||
gateway-cookiecutter: /cookiecutter | |||
exec.start: | | |||
cp -v /cookiecutter/meta/cookiecutter.json \ | |||
/certbot/data/metadata.json && \ | |||
if [ ! -f /certbot/data/.ready ]; then | |||
rm -vf /usr/local/etc/letsencrypt/.ready && \ | |||
/usr/local/bin/python3 /certbot/scripts/certbot.py && \ | |||
@@ -51,7 +75,10 @@ jails: | |||
- nginx-http | |||
mounts: | |||
certbot-data: /usr/local/etc/letsencrypt | |||
gateway-cookiecutter: /cookiecutter | |||
exec.start: | | |||
( until [ -f /usr/local/etc/letsencrypt/.ready ]; do sleep 1; done && \ | |||
/bin/sh /etc/rc) & | |||
cp -v /cookiecutter/nginx-https/nginx.conf \ | |||
/usr/local/etc/nginx/nginx.conf && \ | |||
(( until [ -f /usr/local/etc/letsencrypt/.ready ]; do sleep 1; done && \ | |||
/bin/sh /etc/rc) &) | |||
ip4.addr: 127.0.14.1 |
@@ -0,0 +1,18 @@ | |||
base: freebsd-latest | |||
steps: | |||
- run: | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install py37-cookiecutter | |||
- mkdir -p /cookiecutter/input/meta | |||
- mkdir -p /cookiecutter/input/nginx-http | |||
- mkdir -p /cookiecutter/input/nginx-https | |||
- mkdir -p /cookiecutter/templates/nginx-http/\{\{cookiecutter.directory_name\}\} | |||
- mkdir -p /cookiecutter/templates/nginx-https/\{\{cookiecutter.directory_name\}\} | |||
- mkdir -p /cookiecutter/output/nginx-http | |||
- mkdir -p /cookiecutter/output/nginx-https | |||
- mkdir -p /cookiecutter/scripts | |||
- copy: | |||
- [ files/run.sh, | |||
/cookiecutter/scripts/run.sh ] | |||
- run: | |||
- chmod a+x /cookiecutter/scripts/run.sh |
@@ -0,0 +1,17 @@ | |||
#!/bin/sh | |||
cp -v /cookiecutter/input/nginx-http/nginx.conf \ | |||
/cookiecutter/templates/nginx-http/\{\{cookiecutter.directory_name\}\}/nginx.conf | |||
cp -v /cookiecutter/input/meta/cookiecutter.json \ | |||
/cookiecutter/templates/nginx-http/cookiecutter.json | |||
cp -v /cookiecutter/input/nginx-https/nginx.conf \ | |||
/cookiecutter/templates/nginx-https/\{\{cookiecutter.directory_name\}\}/nginx.conf | |||
cp -v /cookiecutter/input/meta/cookiecutter.json \ | |||
/cookiecutter/templates/nginx-https/cookiecutter.json | |||
cd /cookiecutter/output | |||
cookiecutter --no-input /cookiecutter/templates/nginx-http directory_name=nginx-http | |||
cd /cookiecutter/output | |||
cookiecutter --no-input /cookiecutter/templates/nginx-https directory_name=nginx-https |
@@ -2,31 +2,9 @@ base: freebsd-latest | |||
steps: | |||
- run: | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter | |||
- copy: | |||
- [ ../files/cookiecutter.json, | |||
/root/cookiecutter.json ] | |||
- [ files/nginx.conf, | |||
/root/nginx.conf ] | |||
- [ ../files/crontab_root, | |||
/root/crontab_root ] | |||
- run: | |||
- mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\} | |||
- mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf | |||
- mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json | |||
- run: | |||
- cookiecutter --no-input /root/nginx_template | |||
- mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove | |||
- rm -rvf /root/nginx_template | |||
- rm -rvf ./nginx_conf | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install nginx | |||
- mkdir -p /certbot/webroot | |||
- run: | |||
- sysrc nginx_enable=YES | |||
- crontab -u root /root/crontab_root | |||
- rm -v /root/crontab_root | |||
- run: | |||
- sysrc sshd_enable=NO | |||
- sysrc sendmail_enable=NONE | |||
- sysrc clear_tmp_enable=YES | |||
@@ -14,7 +14,7 @@ http { | |||
server_name {{ ' '.join(cookiecutter.domains[i]) }}; | |||
location /.well-known/ { | |||
root /srv/certbot-webroot; | |||
root /certbot/webroot; | |||
} | |||
location / { | |||
@@ -1,33 +1,19 @@ | |||
base: freebsd-latest | |||
steps: | |||
- run: | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter | |||
- copy: | |||
- [ ../files/cookiecutter.json, | |||
/root/cookiecutter.json ] | |||
- [ files/nginx.conf, | |||
/root/nginx.conf ] | |||
- [ ../files/crontab_root, | |||
- [ files/crontab_root, | |||
/root/crontab_root ] | |||
- run: | |||
- mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\} | |||
- mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf | |||
- mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json | |||
- run: | |||
- cookiecutter --no-input /root/nginx_template | |||
- mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove | |||
- rm -rvf /root/nginx_template | |||
- rm -rvf ./nginx_conf | |||
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install nginx | |||
- mkdir -p /usr/local/etc/letsencrypt | |||
- mkdir -p /certbot/webroot | |||
- run: | |||
- sysrc nginx_enable=YES | |||
- crontab -u root /root/crontab_root | |||
- rm -v /root/crontab_root | |||
- run: | |||
- rm -vf /root/crontab_root | |||
- sysrc nginx_enable=YES | |||
- sysrc sshd_enable=NO | |||
- sysrc sendmail_enable=NONE | |||
- sysrc clear_tmp_enable=YES | |||
@@ -29,22 +29,32 @@ from .misc import focker_lock, \ | |||
import pdb | |||
def exec_prebuild(spec, path): | |||
def exec_hook(spec, path, hook_name='exec.prebuild'): | |||
if isinstance(spec, str): | |||
spec = [ spec ] | |||
if not isinstance(spec, list): | |||
raise ValueError('exec.prebuild should be a string or a list of strings') | |||
raise ValueError('%s should be a string or a list of strings' % hook_name) | |||
spec = ' && '.join(spec) | |||
print('Running exec.build command:', spec) | |||
print('Running %s command:' % hook_name, spec) | |||
spec = [ '/bin/sh', '-c', spec ] | |||
oldwd = os.getcwd() | |||
os.chdir(path) | |||
focker_unlock() | |||
res = subprocess.run(spec) | |||
focker_lock() | |||
if res.returncode != 0: | |||
raise RuntimeError('exec.prebuild failed') | |||
raise RuntimeError('%s failed' % hook_name) | |||
os.chdir(oldwd) | |||
def exec_prebuild(spec, path): | |||
return exec_hook(spec, path, 'exec.prebuild') | |||
def exec_postbuild(spec, path): | |||
return exec_hook(spec, path, 'exec.postbuild') | |||
def build_volumes(spec): | |||
poolname = zfs_poolname() | |||
for tag, params in spec.items(): | |||
@@ -120,8 +130,7 @@ def build_jails(spec): | |||
zfs_untag([ jailname ], focker_type='jail') | |||
zfs_tag(name, [ jailname ]) | |||
path = zfs_mountpoint(name) | |||
generated_names[jailname] = \ | |||
jail_create(path, | |||
generated_names[jailname] = jail_create(path, | |||
jailspec.get('exec.start', '/bin/sh /etc/rc'), | |||
jailspec.get('env', {}), | |||
[ [from_, on] \ | |||
@@ -152,6 +161,8 @@ def command_compose_build(args): | |||
build_images(spec['images'], path, args) | |||
if 'jails' in spec: | |||
build_jails(spec['jails']) | |||
if 'exec.postbuild' in spec: | |||
exec_postbuild(spec['exec.postbuild'], path) | |||
def command_compose_run(args): | |||
@@ -21,7 +21,8 @@ from .volume import command_volume_create, \ | |||
command_volume_prune, \ | |||
command_volume_list, \ | |||
command_volume_tag, \ | |||
command_volume_untag | |||
command_volume_untag, \ | |||
command_volume_remove | |||
import sys | |||
from .zfs import zfs_init | |||
from .jail import command_jail_create, \ | |||
@@ -186,6 +187,11 @@ def create_parser(): | |||
parser.set_defaults(func=command_volume_untag) | |||
parser.add_argument('tags', type=str, nargs='+') | |||
parser = ListForwarder([subparsers.add_parser(cmd) for cmd in ['remove', 'rm', 'r']]) | |||
parser.set_defaults(func=command_volume_remove) | |||
parser.add_argument('references', type=str, nargs='+') | |||
parser.add_argument('--force', '-f', action='store_true') | |||
# compose | |||
subparsers = ListForwarder([ subparsers_top.add_parser(cmd).add_subparsers(dest='L2_command') \ | |||
for cmd in ['compose', 'comp', 'c'] ]) | |||
@@ -44,3 +44,14 @@ def command_volume_tag(args): | |||
def command_volume_untag(args): | |||
zfs_untag(args.tags, focker_type='volume') | |||
def command_volume_remove(args): | |||
for ref in args.references: | |||
try: | |||
name, _ = zfs_find(ref, focker_type='volume') | |||
print('Removing:', name) | |||
zfs_run(['zfs', 'destroy', '-r', '-f', name]) | |||
except: | |||
if not args.force: | |||
raise |