diff --git a/apache/lib/common b/apache/lib/common index b857d17..d884cb9 100644 --- a/apache/lib/common +++ b/apache/lib/common @@ -18,6 +18,7 @@ get_domain () { apache_proxy_dir () { DOMAIN=$(get_domain) || return 1 + relation-set domain "$DOMAIN" proxy=yes apache_vhost_create || return 1 info "Added $DOMAIN as a proxy to $TARGET." } @@ -26,6 +27,7 @@ export -f apache_proxy_dir apache_publish_dir () { DOMAIN=$(get_domain) || return 1 + relation-set domain "$DOMAIN" DOCKER_SITE_PATH="/var/www/${DOMAIN}" LOCATION=$(relation-get location 2>/dev/null) || LOCATION="$DATASTORE/$BASE_SERVICE_NAME$DOCKER_SITE_PATH" diff --git a/peertube/README.org b/peertube/README.org new file mode 100644 index 0000000..b1d653a --- /dev/null +++ b/peertube/README.org @@ -0,0 +1,94 @@ +#+PROPERTY: Effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d +#+PROPERTY: Max_effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d +#+PROPERTY: header-args:python :var filename=(buffer-file-name) +#+PROPERTY: header-args:sh :var filename=(buffer-file-name) +#+TODO: TODO WIP BLOCKED | DONE CANCELED +#+LATEX_HEADER: \usepackage[margin=0.5in]{geometry} +#+LaTeX_CLASS: article +#+OPTIONS: H:8 ^:nil prop:("Effort" "Max_effort") tags:not-in-toc +#+COLUMNS: %50ITEM %Effort(Min Effort) %Max_effort(Max Effort) + +#+begin_LaTeX + \hypersetup{ + linkcolor=blue, + pdfborder={0 0 0 0} + } +#+end_LaTeX + +#+TITLE: Peertube charm management + +#+LATEX: \pagebreak + +Keep information related to the usage and the development of the charm. + +#+LATEX: \pagebreak + +#+LATEX: \pagebreak + +* Todos + +** TODO Logrotatability + +Peertube uses ``winston`` nodejs logging mecanism, and has what I +understand, hard-written transports to file: + +Content of =server/helpers/logger.ts= +#+BEGIN_SRC ts +... +const logger = winston.createLogger({ + level: CONFIG.LOG.LEVEL, + format: winston.format.combine( + labelFormatter, + winston.format.splat() + ), + transports: [ + new winston.transports.File({ + filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube.log'), + handleExceptions: true, + maxsize: 1024 * 1024 * 12, + maxFiles: 5, + format: winston.format.combine( + winston.format.timestamp(), + jsonLoggerFormat + ) + }), + new winston.transports.Console({ + handleExceptions: true, + format: winston.format.combine( + timestampFormatter, + winston.format.colorize(), + consoleLoggerFormat + ) + }) + ], + exitOnError: true +}) + +#+END_SRC + +This will ensure some part of the rotation. Which is bad. + +We don't want peertube to manage the logs. So depending on what we +want to do in the future with the managing of logs, I'll need to patch +peertube to probably use only stdout, and/or send it to rsyslog. + +For now, situation of log rotation with all charm is using logrotate, +but I know this might not be the perfect solution as I'd like to stick +to =logs are streams=, and avoid having to find mecanism of reloading +application after rotation. + +A good solution would be to use the stdout/stderr of the application, +and have a generic solution using ``docker logs`` json output. +** TODO changing root password + +This will probably require also a patch, as the password is set for +user 'root' automatically and is to be read in the logs (duh !). + +We can't initialise the application (and ask for postgres table, and +root user to be created, then quit). So we can't do that in the +=hooks/init= script in a reasonable manner. + +There is a special ``npm run reset-password`` with odd arguments that +can reset root password, only if database already populated. + +I need a patch to simply set password from base server configuration. \ No newline at end of file diff --git a/peertube/build/.env b/peertube/build/.env new file mode 100644 index 0000000..f27def3 --- /dev/null +++ b/peertube/build/.env @@ -0,0 +1,20 @@ +PEERTUBE_DB_USERNAME=postgres_user +PEERTUBE_DB_PASSWORD=postgres_password +PEERTUBE_WEBSERVER_HOSTNAME=domain.tld +PEERTUBE_WEBSERVER_PORT=443 +PEERTUBE_WEBSERVER_HTTPS=true +# If you need more than one IP as trust_proxy +# pass them as a comma separated array: +PEERTUBE_TRUST_PROXY=["127.0.0.1"] +#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"] +PEERTUBE_SMTP_USERNAME= +PEERTUBE_SMTP_PASSWORD= +PEERTUBE_SMTP_HOSTNAME=postfix +PEERTUBE_SMTP_PORT=25 +PEERTUBE_SMTP_FROM=noreply@domain.tld +PEERTUBE_SMTP_TLS=true +PEERTUBE_SMTP_DISABLE_STARTTLS=false +PEERTUBE_ADMIN_EMAIL=admin@domain.tld +# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ +#PEERTUBE_SIGNUP_ENABLED=true +#PEERTUBE_TRANSCODING_ENABLED=true diff --git a/peertube/build/Dockerfile b/peertube/build/Dockerfile new file mode 100644 index 0000000..9fb23d9 --- /dev/null +++ b/peertube/build/Dockerfile @@ -0,0 +1,100 @@ +FROM alpine:3.7 AS common + +RUN apk add gnupg ffmpeg + +# Add peertube user +RUN addgroup -S peertube && \ + adduser -S -G peertube -h /var/lib/peertube peertube + + +FROM common AS builder + +## +## Download target release +## + +ENV PEERTUBE_RELEASE=v1.1.0 + + +RUN apk add wget +COPY ./*.patch /tmp +RUN mkdir -p /opt/apps/peertube && \ + cd /opt/apps/peertube && \ + wget https://github.com/Chocobozzz/PeerTube/releases/download/${PEERTUBE_RELEASE}/peertube-${PEERTUBE_RELEASE}.tar.xz && \ + tar -xJf peertube-${PEERTUBE_RELEASE}.tar.xz && \ + rm peertube-${PEERTUBE_RELEASE}.tar.xz && \ + mv peertube-${PEERTUBE_RELEASE}/* . && \ + rmdir peertube-${PEERTUBE_RELEASE} && \ + cat /tmp/*.patch | patch -p1 && \ + mkdir -p /etc/peertube /var/lib/peertube && \ + ln -sf /var/lib/peertube /opt/apps/peertube/storage + +RUN apk add yarn ## Build command +RUN apk add git build-base python bash ## Build deps + +RUN chown -R peertube:peertube /opt/apps/peertube + +USER peertube + +RUN cd /opt/apps/peertube && \ + yarn install --production --pure-lockfile && \ + yarn cache clean + +## XXXvlab: without this in current docker version, it'll +## permeate in next image to be built. +USER root + +# RUN apk add nodejs yarn +# +## Source build (very long) +# +# ## To download source +# RUN apk add git +# RUN git clone https://github.com/chocobozzz/PeerTube /tmp/peertube --depth 1 + +# ## for installation of dependencies +# RUN apk add build-base python +# RUN cd /tmp/peertube && \ +# yarn install --pure-lockfile + +# ## for scripts run by ``npm run build`` +# RUN apk add bash +# RUN cd /tmp/peertube && \ +# npm run build + +# RUN cd /tmp/peertube && \ +# rm -r ./node_modules ./client/node_modules && \ +# yarn install --pure-lockfile --production && \ +# yarn cache clean + + +FROM common + +# Install PeerTube +COPY --from=builder /opt/apps/peertube /opt/apps/peertube + + +# RUN mkdir -p /var/lib/peertube /etc/peertube && \ +# chown -R peertube:peertube /var/lib/peertube /etc/peertube + +# ENV PEERTUBE_APP_DIR=/opt/apps/peertube +# ENV PEERTUBE_DATA_DIR=/var/lib/peertube + +## This is important to set config dir of peertube +ENV NODE_CONFIG_DIR=/etc/peertube +ENV NODE_ENV=prod + +VOLUME /var/lib/peertube +VOLUME /etc/peertube + +EXPOSE 9000 + +RUN apk add nodejs-npm + +## runtime deps +RUN apk add openssl + +USER peertube +WORKDIR /opt/apps/peertube + +CMD ["npm", "start"] diff --git a/peertube/build/dbname.patch b/peertube/build/dbname.patch new file mode 100644 index 0000000..7090daa --- /dev/null +++ b/peertube/build/dbname.patch @@ -0,0 +1,26 @@ +diff --git a/dist/server/initializers/checker-before-init.js b/dist/server/initializers/checker-before-init.js +index 7ff18d0..c75dff2 100644 +--- a/dist/server/initializers/checker-before-init.js ++++ b/dist/server/initializers/checker-before-init.js +@@ -15,7 +15,7 @@ function checkMissedConfig() { + const required = ['listen.port', 'listen.hostname', + 'webserver.https', 'webserver.hostname', 'webserver.port', + 'trust_proxy', +- 'database.hostname', 'database.port', 'database.suffix', 'database.username', 'database.password', 'database.pool.max', ++ 'database.hostname', 'database.port', 'database.dbname', 'database.username', 'database.password', 'database.pool.max', + 'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address', + 'storage.avatars', 'storage.videos', 'storage.logs', 'storage.previews', 'storage.thumbnails', 'storage.torrents', 'storage.cache', + 'log.level', +diff --git a/dist/server/initializers/constants.js b/dist/server/initializers/constants.js +index d5a3350..7efaabd 100644 +--- a/dist/server/initializers/constants.js ++++ b/dist/server/initializers/constants.js +@@ -143,7 +143,7 @@ const CONFIG = { + HOSTNAME: config.get('listen.hostname') + }, + DATABASE: { +- DBNAME: 'peertube' + config.get('database.suffix'), ++ DBNAME: config.get('database.dbname'), + HOSTNAME: config.get('database.hostname'), + PORT: config.get('database.port'), + USERNAME: config.get('database.username'), diff --git a/peertube/build/docker-compose.yml b/peertube/build/docker-compose.yml new file mode 100644 index 0000000..1b0a28f --- /dev/null +++ b/peertube/build/docker-compose.yml @@ -0,0 +1,73 @@ +version: "3.3" + +services: + + reverse-proxy: + image: traefik + command: --docker # Tells Træfik to listen to docker + ports: + - "80:80" # The HTTP port + - "443:443" # The HTTPS port + volumes: + - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events + - ./docker-volume/traefik/acme.json:/etc/acme.json + - ./docker-volume/traefik/traefik.toml:/traefik.toml + restart: "always" + # If you want to use the Traefik dashboard, you should expose it on a + # subdomain with HTTPS and authentification: + # https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f + # https://github.com/containous/traefik/issues/880#issuecomment-310301168 + + peertube: + # If you don't want to use the official image and build one from sources + # build: + # context: . + # dockerfile: ./support/docker/production/Dockerfile.stretch + image: chocobozzz/peertube:production-stretch + env_file: + - .env + # Traefik labels are suggested as an example for people using Traefik, + # remove them if you are using another reverse proxy. + labels: + traefik.enable: "true" + traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" + traefik.port: "9000" + # If you don't want to use a reverse proxy (not suitable for production!) + # ports: + # - "80:9000" + volumes: + - ./docker-volume/data:/data + - ./docker-volume/config:/config + depends_on: + - postgres + - redis + - postfix + restart: "always" + + postgres: + image: postgres:10-alpine + environment: + POSTGRES_USER: ${PEERTUBE_DB_USERNAME} + POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD} + POSTGRES_DB: peertube + volumes: + - ./docker-volume/db:/var/lib/postgresql/data + restart: "always" + labels: + traefik.enable: "false" + + redis: + image: redis:4-alpine + volumes: + - ./docker-volume/redis:/data + restart: "always" + labels: + traefik.enable: "false" + + postfix: + image: mwader/postfix-relay + environment: + - POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME} + labels: + traefik.enable: "false" + restart: "always" diff --git a/peertube/hooks/init b/peertube/hooks/init new file mode 100755 index 0000000..b883f62 --- /dev/null +++ b/peertube/hooks/init @@ -0,0 +1,87 @@ +#!/bin/bash + +## Init is run on host +## For now it is run every time the script is launched, but +## it should be launched only once after build. + +## Accessible variables are: +## - SERVICE_NAME Name of current service +## - DOCKER_BASE_IMAGE Base image from which this service might be built if any +## - SERVICE_DATASTORE Location on host of the DATASTORE of this service +## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service + +set -e + +peertube_uid=$(docker_get_uid "$SERVICE_NAME" "peertube") + +PEERTUBE_APP_DIR=/opt/apps/peertube +PEERTUBE_DATA_DIR=/var/lib/peertube +PEERTUBE_LOG_DIR=/var/log/peertube +PEERTUBE_CACHE_DIR=/var/cache/peertube +PEERTUBE_CONFIG_DIR=/etc/peertube + +HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR +HOST_DATA_DIR=$SERVICE_DATASTORE/$PEERTUBE_DATA_DIR + + +mkdir -p "$HOST_CONFIG_DIR" + +## Always copy default and custom env configuration file, in cases where new keys were added +ln -sf "$PEERTUBE_APP_DIR"/config/default.yaml "$HOST_CONFIG_DIR" + + +cat < "$HOST_CONFIG_DIR/local.yaml" + +listen: + hostname: '0.0.0.0' + port: 9000 + +storage: + + avatars: '$PEERTUBE_DATA_DIR/avatars/' + videos: '$PEERTUBE_DATA_DIR/videos/' + redundancy: '$PEERTUBE_DATA_DIR/redundancy/' + previews: '$PEERTUBE_DATA_DIR/previews/' + thumbnails: '$PEERTUBE_DATA_DIR/thumbnails/' + torrents: '$PEERTUBE_DATA_DIR/torrents/' + captions: '$PEERTUBE_DATA_DIR/captions/' + + logs: '/var/log/peertube/' + + cache: '/var/cache/peertube/' + tmp: '/var/tmp/peertube/' + +EOF + + +VALID_SECTION=( + instance services import transcoding + user signup admin cache redundancy + trending search log +) +for section in "${VALID_SECTION[@]}"; do + if val=$(options-get "$section" 2>/dev/null); then + yaml_key_val_str "$section" "$val" + fi +done >> "$HOST_CONFIG_DIR/local.yaml" + +if ! [ -e "$HOST_DATA_DIR/config.json" ]; then + touch "$HOST_DATA_DIR/config.json" +fi + +ln -sf "$PEERTUBE_DATA_DIR"/config.json "$HOST_CONFIG_DIR/local-prod.json" + + +dirs=(/var/tmp/peertube /var/cache/peertube + "$PEERTUBE_CACHE_DIR" "$PEERTUBE_LOG_DIR" "$PEERTUBE_DATA_DIR") +host_dirs=() +for dir in "${dirs[@]}"; do + host_dirs+=("$SERVICE_DATASTORE$dir") +done + +mkdir -p "${host_dirs[@]}" +find "${host_dirs[@]}" \! -user "$peertube_uid" \ + -exec chown -v "$peertube_uid" {} + || true + + +true \ No newline at end of file diff --git a/peertube/hooks/postgres_database-relation-joined b/peertube/hooks/postgres_database-relation-joined new file mode 100755 index 0000000..ccf6dda --- /dev/null +++ b/peertube/hooks/postgres_database-relation-joined @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +PEERTUBE_CONFIG_DIR=/etc/peertube + +HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR + +PASSWORD="$(relation-get password)" +USER="$(relation-get user)" +DBNAME="$(relation-get dbname)" + +cat <> "$HOST_CONFIG_DIR/local.yaml" + +database: + hostname: '$TARGET_SERVICE_NAME' + ## We had to patch peertube to have a direct dbname (doh!) + dbname: '$DBNAME' + port: 5432 + username: '$USER' + password: '$PASSWORD' + +EOF + +info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." diff --git a/peertube/hooks/redis_database-relation-joined b/peertube/hooks/redis_database-relation-joined new file mode 100755 index 0000000..af61e2b --- /dev/null +++ b/peertube/hooks/redis_database-relation-joined @@ -0,0 +1,24 @@ +#!/bin/bash + +set -e + +PEERTUBE_CONFIG_DIR=/etc/peertube + +HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR + +password=$(relation-get password) || { + err "Can't get password for '$SERVICE_NAME' from '$TARGET_SERVICE_NAME'." + exit 1 +} + +cat <> "$HOST_CONFIG_DIR/local.yaml" + +## XXXvlab: to be added by redis relation +redis: + hostname: '$TARGET_SERVICE_NAME' + port: 6379 + auth: $password + +EOF + +info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." \ No newline at end of file diff --git a/peertube/hooks/web_proxy-relation-joined b/peertube/hooks/web_proxy-relation-joined new file mode 100755 index 0000000..2072bcb --- /dev/null +++ b/peertube/hooks/web_proxy-relation-joined @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e + +PEERTUBE_CONFIG_DIR=/etc/peertube + +HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR + +domain=$(relation-get domain) || { + err "Can't get domain value." + exit 1 +} +cat <> "$HOST_CONFIG_DIR/local.yaml" + +webserver: + https: true + hostname: '$domain' + port: 443 + +EOF + +info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." diff --git a/peertube/metadata.yml b/peertube/metadata.yml new file mode 100644 index 0000000..fff61ba --- /dev/null +++ b/peertube/metadata.yml @@ -0,0 +1,135 @@ +description: "PeerTube Server" +maintainer: "Valentin Lab " +## XXXvlab: docker uses the 'build' directory or the 'image:' option here. +#docker-image: chocobozzz/peertube:production-stretch ## YYY: to save in our docker-registry +data-resources: + - /var/lib/peertube + - /var/log/peertube + - /var/cache/peertube +config-resources: + - /etc/peertube + +## XXXvlab: options here are the one provided to the server as +## defaults BUT that can be changed from within the web +## interface. +default-options: + # If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag + # In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. + # Please, do not disable transcoding since many uploaded videos will not work + transcoding: + enabled: true + threads: 1 + resolutions: # Only created if the original video has a higher resolution, uses more storage! + 240p: true + 360p: true + 480p: true + 720p: true + 1080p: true + + import: + # Add ability for your users to import remote videos (from YouTube, torrent...) + videos: + http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html + enabled: true + torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) + enabled: true + + signup: + enabled: true + + +uses: + postgres-database: + constraint: required + auto: summon + solves: + database: "main storage" + default-options: + extensions: + - pg_trgm + - unaccent + redis-database: + constraint: required + auto: summon + solves: + database: "short time storage" + # log-rotate: + # constraint: recommended + # auto: pair + # solves: + # disk-leak: "/var/log/peertube" + web-proxy: + constraint: required + auto: pair + solves: + proxy: "Public access" + default-options: + apache-custom-rules: + - | + ## From https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7 + + Protocols h2 http/1.1 + + # HSTS (mod_headers is required) (63072000 seconds = 2 years) (only activate it knowingly) + #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + + Header always set X-Content-Type-Options nosniff + Header always set X-Robots-Tag none + Header always set X-XSS-Protection "1; mode=block" + + # Hard limit, PeerTube does not support videos > 4GB + LimitRequestBody 4294967294 + + # Set caching on assets for 1 year + + Header append Cache-Control "public, max-age=31536000, immutable" + + AliasMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ /var/www/peertube/peertube-latest/client/dist/$1 + + # Set caching on image files for 1 year + + Header append Cache-Control "public, max-age=31536000, immutable" + + AliasMatch ^/static/(thumbnails|avatars)/(.*)$ /var/www/peertube/storage/$1/$2 + + # Bypass PeerTube webseed route for better performances + Alias /static/webseed /var/www/peertube/storage/videos + + # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client + SetOutputFilter RATE_LIMIT + SetEnv rate-limit 800 + + SetEnvIf Request_Method "GET" GETMETH=1 + + Header set Access-Control-Allow-Origin "*" env=GETMETH + Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH + Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH + Header set toto "foo" env=GETMETH + SetEnvIf GETMETH "1" dontlog + + SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1 + + Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH + Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH + Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH + Header set Access-Control-Max-Age "1000" env=OPTIONSMETH + Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH + Header set Content-Length "0" env=OPTIONSMETH + + + + Header unset X-Frame-Options + + + ProxyPreserveHost On + ProxyRequests On + ProxyTimeout 600 + + # Websocket tracker + RewriteEngine On + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L] + + # + # ProxyPass http://127.0.0.1:9000/ + # \ No newline at end of file diff --git a/redis/build/Dockerfile b/redis/build/Dockerfile new file mode 100644 index 0000000..d959dad --- /dev/null +++ b/redis/build/Dockerfile @@ -0,0 +1,18 @@ +## is a simple copy of postgres:10-alpine +FROM docker.0k.io/alpine:3.7 as common + +RUN apk add redis + +RUN mkdir -p /var/lib/redis +RUN chown -R redis:redis /var/lib/redis + +RUN echo -e "include /etc/redis-local.conf\n" >> /etc/redis.conf + +VOLUME ["/var/lib/redis"] + +# Expose the ports for redis +EXPOSE 6379 + +USER redis + +ENTRYPOINT ["redis-server", "/etc/redis.conf"] diff --git a/redis/hooks/init b/redis/hooks/init new file mode 100755 index 0000000..b206c1b --- /dev/null +++ b/redis/hooks/init @@ -0,0 +1,59 @@ +#!/bin/bash + +## Init is run on host +## For now it is run every time the script is launched, but +## it should be launched only once after build. + +## Accessible variables are: +## - SERVICE_NAME Name of current service +## - DOCKER_BASE_IMAGE Base image from which this service might be built if any +## - SERVICE_DATASTORE Location on host of the DATASTORE of this service +## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service + +set -e + +uid=$(docker_get_uid "$SERVICE_NAME" "redis") + +CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf + +PASSWORD=$(options-get password 2>/dev/null) || { + if [ -e "$CONFIG" ]; then + PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g') + fi + if [ -z "$ADMIN_PASSWORD" ]; then + info "Generating odoo admin password" + PASSWORD=$(gen_password 64) + fi +} + + + +mkdir -p "$(dirname "$CONFIG")" +cat < "$CONFIG" +daemonize no +loglevel notice +logfile "" +bind 0.0.0.0 +requirepass $PASSWORD + +EOF +chown -v "$uid" "$CONFIG" + + +dirs=(/var/log/redis /var/lib/redis) +host_dirs=() +for dir in "${dirs[@]}"; do + host_dirs+=("$SERVICE_DATASTORE$dir") +done + +mkdir -p "${host_dirs[@]}" +find "${host_dirs[@]}" \! -user "$uid" \ + -exec chown -v "$uid" {} + || true + + +config_hash=$(cat "$CONFIG" | md5_compat) || exit 1 +init-config-add " +$MASTER_BASE_SERVICE_NAME: + labels: + - compose.config_hash=$config_hash +" diff --git a/redis/hooks/redis_database-relation-joined b/redis/hooks/redis_database-relation-joined new file mode 100755 index 0000000..d8b1ac4 --- /dev/null +++ b/redis/hooks/redis_database-relation-joined @@ -0,0 +1,12 @@ +#!/bin/bash + + +CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf + +set -e + +PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g') + +relation-set password "$PASSWORD" + +true \ No newline at end of file diff --git a/redis/metadata.yml b/redis/metadata.yml new file mode 100644 index 0000000..8e5f51f --- /dev/null +++ b/redis/metadata.yml @@ -0,0 +1,9 @@ +summary: "Redis server" +maintainer: "Valentin Lab " +data-resources: + - /var/lib/redis + - /var/log/redis +config-resources: + - /etc/redis-local.conf +provides: + redis-database: