IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
Browse Source

Add focker volume remove, add lock release for pre-/post-build hooks, add better gateway example that doesn't require rebuilding of images every time.

master
parent
commit
3316ec0273
11 changed files with 109 additions and 57 deletions
  1. +0
    -2
      example/gateway/certbot/Fockerfile
  2. +30
    -3
      example/gateway/focker-compose.yml
  3. +18
    -0
      example/gateway/gateway-cookiecutter/Fockerfile
  4. +17
    -0
      example/gateway/gateway-cookiecutter/files/run.sh
  5. +1
    -23
      example/gateway/nginx-http/Fockerfile
  6. +1
    -1
      example/gateway/nginx-http/files/nginx.conf
  7. +7
    -21
      example/gateway/nginx-https/Fockerfile
  8. +0
    -0
      example/gateway/nginx-https/files/crontab_root
  9. +17
    -6
      focker/compose.py
  10. +7
    -1
      focker/focker.py
  11. +11
    -0
      focker/volume.py

+ 0
- 2
example/gateway/certbot/Fockerfile View File

@@ -13,8 +13,6 @@ steps:
/certbot/scripts/certbot.py ]
- [ files/crontab_nobody,
/root/crontab_nobody ]
- [ ../files/cookiecutter.json,
/certbot/data/metadata.json ]
- run:
- crontab -u nobody /root/crontab_nobody
- rm -v /root/crontab_nobody


+ 30
- 3
example/gateway/focker-compose.yml View File

@@ -1,5 +1,17 @@
exec.prebuild:
- focker volume remove --force gateway-cookiecutter
exec.postbuild:
- python3 getmetadata.py
- |
focker jail oneshot -m `pwd`/files:/cookiecutter/input/meta \
`pwd`/nginx-http/files:/cookiecutter/input/nginx-http \
`pwd`/nginx-https/files:/cookiecutter/input/nginx-https \
gateway-cookiecutter:/cookiecutter/output \
-- \
gateway-cookiecutter \
/cookiecutter/scripts/run.sh
volumes:
@@ -9,13 +21,17 @@ volumes:
zfs:
quota: 1G
certbot-webroot:
chown: 65534:65534
chown: 65534:80
chmod: 0750
zfs:
quota: 1G
gateway-cookiecutter:
zfs:
quota: 1G
images:
gateway-cookiecutter: ./gateway-cookiecutter
nginx-http: ./nginx-http
nginx-https: ./nginx-https
certbot: ./certbot
@@ -26,7 +42,12 @@ jails:
image: nginx-http
mounts:
certbot-webroot: /certbot/webroot
gateway-cookiecutter: /cookiecutter
ip4.addr: 127.0.12.1
exec.start: |
cp -v /cookiecutter/nginx-http/nginx.conf \
/usr/local/etc/nginx/nginx.conf && \
/bin/sh /etc/rc
certbot:
image: certbot
@@ -34,7 +55,10 @@ jails:
mounts:
certbot-data: /usr/local/etc/letsencrypt
certbot-webroot: /certbot/webroot
gateway-cookiecutter: /cookiecutter
exec.start: |
cp -v /cookiecutter/meta/cookiecutter.json \
/certbot/data/metadata.json && \
if [ ! -f /certbot/data/.ready ]; then
rm -vf /usr/local/etc/letsencrypt/.ready && \
/usr/local/bin/python3 /certbot/scripts/certbot.py && \
@@ -51,7 +75,10 @@ jails:
- nginx-http
mounts:
certbot-data: /usr/local/etc/letsencrypt
gateway-cookiecutter: /cookiecutter
exec.start: |
( until [ -f /usr/local/etc/letsencrypt/.ready ]; do sleep 1; done && \
/bin/sh /etc/rc) &
cp -v /cookiecutter/nginx-https/nginx.conf \
/usr/local/etc/nginx/nginx.conf && \
(( until [ -f /usr/local/etc/letsencrypt/.ready ]; do sleep 1; done && \
/bin/sh /etc/rc) &)
ip4.addr: 127.0.14.1

+ 18
- 0
example/gateway/gateway-cookiecutter/Fockerfile View File

@@ -0,0 +1,18 @@
base: freebsd-latest

steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install py37-cookiecutter
- mkdir -p /cookiecutter/input/meta
- mkdir -p /cookiecutter/input/nginx-http
- mkdir -p /cookiecutter/input/nginx-https
- mkdir -p /cookiecutter/templates/nginx-http/\{\{cookiecutter.directory_name\}\}
- mkdir -p /cookiecutter/templates/nginx-https/\{\{cookiecutter.directory_name\}\}
- mkdir -p /cookiecutter/output/nginx-http
- mkdir -p /cookiecutter/output/nginx-https
- mkdir -p /cookiecutter/scripts
- copy:
- [ files/run.sh,
/cookiecutter/scripts/run.sh ]
- run:
- chmod a+x /cookiecutter/scripts/run.sh

+ 17
- 0
example/gateway/gateway-cookiecutter/files/run.sh View File

@@ -0,0 +1,17 @@
#!/bin/sh

cp -v /cookiecutter/input/nginx-http/nginx.conf \
/cookiecutter/templates/nginx-http/\{\{cookiecutter.directory_name\}\}/nginx.conf
cp -v /cookiecutter/input/meta/cookiecutter.json \
/cookiecutter/templates/nginx-http/cookiecutter.json

cp -v /cookiecutter/input/nginx-https/nginx.conf \
/cookiecutter/templates/nginx-https/\{\{cookiecutter.directory_name\}\}/nginx.conf
cp -v /cookiecutter/input/meta/cookiecutter.json \
/cookiecutter/templates/nginx-https/cookiecutter.json

cd /cookiecutter/output
cookiecutter --no-input /cookiecutter/templates/nginx-http directory_name=nginx-http

cd /cookiecutter/output
cookiecutter --no-input /cookiecutter/templates/nginx-https directory_name=nginx-https

+ 1
- 23
example/gateway/nginx-http/Fockerfile View File

@@ -2,31 +2,9 @@ base: freebsd-latest
steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter
- copy:
- [ ../files/cookiecutter.json,
/root/cookiecutter.json ]
- [ files/nginx.conf,
/root/nginx.conf ]
- [ ../files/crontab_root,
/root/crontab_root ]
- run:
- mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\}
- mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf
- mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json
- run:
- cookiecutter --no-input /root/nginx_template
- mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install nginx
- mkdir -p /certbot/webroot
- run:
- sysrc nginx_enable=YES
- crontab -u root /root/crontab_root
- rm -v /root/crontab_root
- run:
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES


+ 1
- 1
example/gateway/nginx-http/files/nginx.conf View File

@@ -14,7 +14,7 @@ http {
server_name {{ ' '.join(cookiecutter.domains[i]) }};

location /.well-known/ {
root /srv/certbot-webroot;
root /certbot/webroot;
}

location / {


+ 7
- 21
example/gateway/nginx-https/Fockerfile View File

@@ -1,33 +1,19 @@
base: freebsd-latest
steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter
- copy:
- [ ../files/cookiecutter.json,
/root/cookiecutter.json ]
- [ files/nginx.conf,
/root/nginx.conf ]
- [ ../files/crontab_root,
- [ files/crontab_root,
/root/crontab_root ]
- run:
- mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\}
- mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf
- mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json
- run:
- cookiecutter --no-input /root/nginx_template
- mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install nginx
- mkdir -p /usr/local/etc/letsencrypt
- mkdir -p /certbot/webroot
- run:
- sysrc nginx_enable=YES
- crontab -u root /root/crontab_root
- rm -v /root/crontab_root
- run:
- rm -vf /root/crontab_root
- sysrc nginx_enable=YES
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES


example/gateway/files/crontab_root → example/gateway/nginx-https/files/crontab_root View File


+ 17
- 6
focker/compose.py View File

@@ -29,22 +29,32 @@ from .misc import focker_lock, \
import pdb
def exec_prebuild(spec, path):
def exec_hook(spec, path, hook_name='exec.prebuild'):
if isinstance(spec, str):
spec = [ spec ]
if not isinstance(spec, list):
raise ValueError('exec.prebuild should be a string or a list of strings')
raise ValueError('%s should be a string or a list of strings' % hook_name)
spec = ' && '.join(spec)
print('Running exec.build command:', spec)
print('Running %s command:' % hook_name, spec)
spec = [ '/bin/sh', '-c', spec ]
oldwd = os.getcwd()
os.chdir(path)
focker_unlock()
res = subprocess.run(spec)
focker_lock()
if res.returncode != 0:
raise RuntimeError('exec.prebuild failed')
raise RuntimeError('%s failed' % hook_name)
os.chdir(oldwd)
def exec_prebuild(spec, path):
return exec_hook(spec, path, 'exec.prebuild')
def exec_postbuild(spec, path):
return exec_hook(spec, path, 'exec.postbuild')
def build_volumes(spec):
poolname = zfs_poolname()
for tag, params in spec.items():
@@ -120,8 +130,7 @@ def build_jails(spec):
zfs_untag([ jailname ], focker_type='jail')
zfs_tag(name, [ jailname ])
path = zfs_mountpoint(name)
generated_names[jailname] = \
jail_create(path,
generated_names[jailname] = jail_create(path,
jailspec.get('exec.start', '/bin/sh /etc/rc'),
jailspec.get('env', {}),
[ [from_, on] \
@@ -152,6 +161,8 @@ def command_compose_build(args):
build_images(spec['images'], path, args)
if 'jails' in spec:
build_jails(spec['jails'])
if 'exec.postbuild' in spec:
exec_postbuild(spec['exec.postbuild'], path)
def command_compose_run(args):


+ 7
- 1
focker/focker.py View File

@@ -21,7 +21,8 @@ from .volume import command_volume_create, \
command_volume_prune, \
command_volume_list, \
command_volume_tag, \
command_volume_untag
command_volume_untag, \
command_volume_remove
import sys
from .zfs import zfs_init
from .jail import command_jail_create, \
@@ -186,6 +187,11 @@ def create_parser():
parser.set_defaults(func=command_volume_untag)
parser.add_argument('tags', type=str, nargs='+')
parser = ListForwarder([subparsers.add_parser(cmd) for cmd in ['remove', 'rm', 'r']])
parser.set_defaults(func=command_volume_remove)
parser.add_argument('references', type=str, nargs='+')
parser.add_argument('--force', '-f', action='store_true')
# compose
subparsers = ListForwarder([ subparsers_top.add_parser(cmd).add_subparsers(dest='L2_command') \
for cmd in ['compose', 'comp', 'c'] ])


+ 11
- 0
focker/volume.py View File

@@ -44,3 +44,14 @@ def command_volume_tag(args):
def command_volume_untag(args):
zfs_untag(args.tags, focker_type='volume')
def command_volume_remove(args):
for ref in args.references:
try:
name, _ = zfs_find(ref, focker_type='volume')
print('Removing:', name)
zfs_run(['zfs', 'destroy', '-r', '-f', name])
except:
if not args.force:
raise

Loading…
Cancel
Save