new: [peertube,redis] new charms.

apache/lib/common

@@ -18,6 +18,7 @@ get_domain () {
 
 apache_proxy_dir () {
     DOMAIN=$(get_domain) || return 1
+    relation-set domain "$DOMAIN"
     proxy=yes apache_vhost_create || return 1
     info "Added $DOMAIN as a proxy to $TARGET."
 }
@@ -26,6 +27,7 @@ export -f apache_proxy_dir
 
 apache_publish_dir () {
     DOMAIN=$(get_domain) || return 1
+    relation-set domain "$DOMAIN"
     DOCKER_SITE_PATH="/var/www/${DOMAIN}"
     LOCATION=$(relation-get location 2>/dev/null) ||
         LOCATION="$DATASTORE/$BASE_SERVICE_NAME$DOCKER_SITE_PATH"

peertube/README.org

@@ -0,0 +1,94 @@
+#+PROPERTY: Effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d
+#+PROPERTY: Max_effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d
+#+PROPERTY: header-args:python :var filename=(buffer-file-name)
+#+PROPERTY: header-args:sh :var filename=(buffer-file-name)
+#+TODO: TODO WIP BLOCKED | DONE CANCELED
+#+LATEX_HEADER: \usepackage[margin=0.5in]{geometry}
+#+LaTeX_CLASS: article
+#+OPTIONS: H:8 ^:nil prop:("Effort" "Max_effort") tags:not-in-toc
+#+COLUMNS: %50ITEM %Effort(Min Effort) %Max_effort(Max Effort)
+
+#+begin_LaTeX
+  \hypersetup{
+    linkcolor=blue,
+    pdfborder={0 0 0 0}
+  }
+#+end_LaTeX
+
+#+TITLE: Peertube charm management
+
+#+LATEX: \pagebreak
+
+Keep information related to the usage and the development of the charm.
+
+#+LATEX: \pagebreak
+
+#+LATEX: \pagebreak
+
+* Todos
+
+** TODO Logrotatability
+
+Peertube uses ``winston`` nodejs logging mecanism, and has what I
+understand, hard-written transports to file:
+
+Content of =server/helpers/logger.ts=
+#+BEGIN_SRC ts
+...
+const logger = winston.createLogger({
+  level: CONFIG.LOG.LEVEL,
+  format: winston.format.combine(
+    labelFormatter,
+    winston.format.splat()
+  ),
+  transports: [
+    new winston.transports.File({
+      filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube.log'),
+      handleExceptions: true,
+      maxsize: 1024 * 1024 * 12,
+      maxFiles: 5,
+      format: winston.format.combine(
+        winston.format.timestamp(),
+        jsonLoggerFormat
+      )
+    }),
+    new winston.transports.Console({
+      handleExceptions: true,
+      format: winston.format.combine(
+        timestampFormatter,
+        winston.format.colorize(),
+        consoleLoggerFormat
+      )
+    })
+  ],
+  exitOnError: true
+})
+
+#+END_SRC
+
+This will ensure some part of the rotation. Which is bad.
+
+We don't want peertube to manage the logs. So depending on what we
+want to do in the future with the managing of logs, I'll need to patch
+peertube to probably use only stdout, and/or send it to rsyslog.
+
+For now, situation of log rotation with all charm is using logrotate,
+but I know this might not be the perfect solution as I'd like to stick
+to =logs are streams=, and avoid having to find mecanism of reloading
+application after rotation.
+
+A good solution would be to use the stdout/stderr of the application,
+and have a generic solution using ``docker logs`` json output.
+** TODO changing root password
+
+This will probably require also a patch, as the password is set for
+user 'root' automatically and is to be read in the logs (duh !).
+
+We can't initialise the application (and ask for postgres table, and
+root user to be created, then quit). So we can't do that in the
+=hooks/init= script in a reasonable manner.
+
+There is a special ``npm run reset-password`` with odd arguments that
+can reset root password, only if database already populated.
+
+I need a patch to simply set password from base server configuration.

peertube/build/.env

@@ -0,0 +1,20 @@
+PEERTUBE_DB_USERNAME=postgres_user
+PEERTUBE_DB_PASSWORD=postgres_password
+PEERTUBE_WEBSERVER_HOSTNAME=domain.tld
+PEERTUBE_WEBSERVER_PORT=443
+PEERTUBE_WEBSERVER_HTTPS=true
+# If you need more than one IP as trust_proxy
+# pass them as a comma separated array:
+PEERTUBE_TRUST_PROXY=["127.0.0.1"]
+#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"]
+PEERTUBE_SMTP_USERNAME=
+PEERTUBE_SMTP_PASSWORD=
+PEERTUBE_SMTP_HOSTNAME=postfix
+PEERTUBE_SMTP_PORT=25
+PEERTUBE_SMTP_FROM=noreply@domain.tld
+PEERTUBE_SMTP_TLS=true
+PEERTUBE_SMTP_DISABLE_STARTTLS=false
+PEERTUBE_ADMIN_EMAIL=admin@domain.tld
+# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
+#PEERTUBE_SIGNUP_ENABLED=true
+#PEERTUBE_TRANSCODING_ENABLED=true

peertube/build/Dockerfile

@@ -0,0 +1,100 @@
+FROM alpine:3.7 AS common
+
+RUN apk add gnupg ffmpeg
+
+# Add peertube user
+RUN addgroup -S peertube && \
+    adduser -S -G peertube -h /var/lib/peertube peertube
+
+
+FROM common AS builder
+
+##
+## Download target release
+##
+
+ENV PEERTUBE_RELEASE=v1.1.0
+
+
+RUN apk add wget
+COPY ./*.patch /tmp
+RUN mkdir -p /opt/apps/peertube && \
+    cd /opt/apps/peertube && \
+    wget https://github.com/Chocobozzz/PeerTube/releases/download/${PEERTUBE_RELEASE}/peertube-${PEERTUBE_RELEASE}.tar.xz && \
+    tar -xJf peertube-${PEERTUBE_RELEASE}.tar.xz && \
+    rm peertube-${PEERTUBE_RELEASE}.tar.xz && \
+    mv peertube-${PEERTUBE_RELEASE}/* . && \
+    rmdir peertube-${PEERTUBE_RELEASE} && \
+    cat /tmp/*.patch | patch -p1 && \
+    mkdir -p /etc/peertube /var/lib/peertube && \
+    ln -sf /var/lib/peertube /opt/apps/peertube/storage
+
+RUN apk add yarn                        ## Build command
+RUN apk add git build-base python bash  ## Build deps
+
+RUN chown -R peertube:peertube /opt/apps/peertube
+
+USER peertube
+
+RUN cd /opt/apps/peertube && \
+    yarn install --production --pure-lockfile && \
+    yarn cache clean
+
+## XXXvlab: without this in current docker version, it'll
+## permeate in next image to be built.
+USER root
+
+# RUN apk add nodejs yarn
+#
+## Source build (very long)
+#
+# ## To download source
+# RUN apk add git
+# RUN git clone https://github.com/chocobozzz/PeerTube /tmp/peertube --depth 1
+
+# ## for installation of dependencies
+# RUN apk add build-base python
+# RUN cd /tmp/peertube && \
+#     yarn install --pure-lockfile
+
+# ## for scripts run by ``npm run build``
+# RUN apk add bash
+# RUN cd /tmp/peertube && \
+#     npm run build
+
+# RUN cd /tmp/peertube && \
+#     rm -r ./node_modules ./client/node_modules && \
+#     yarn install --pure-lockfile --production && \
+#     yarn cache clean
+
+
+FROM common
+
+# Install PeerTube
+COPY --from=builder /opt/apps/peertube /opt/apps/peertube
+
+
+# RUN mkdir -p /var/lib/peertube /etc/peertube && \
+#     chown -R peertube:peertube /var/lib/peertube /etc/peertube
+
+# ENV PEERTUBE_APP_DIR=/opt/apps/peertube
+# ENV PEERTUBE_DATA_DIR=/var/lib/peertube
+
+## This is important to set config dir of peertube
+ENV NODE_CONFIG_DIR=/etc/peertube
+ENV NODE_ENV=prod
+
+VOLUME /var/lib/peertube
+VOLUME /etc/peertube
+
+EXPOSE 9000
+
+RUN apk add nodejs-npm
+
+## runtime deps
+RUN apk add openssl
+
+USER peertube
+WORKDIR /opt/apps/peertube
+
+CMD ["npm", "start"]

peertube/build/dbname.patch

@@ -0,0 +1,26 @@
+diff --git a/dist/server/initializers/checker-before-init.js b/dist/server/initializers/checker-before-init.js
+index 7ff18d0..c75dff2 100644
+--- a/dist/server/initializers/checker-before-init.js
++++ b/dist/server/initializers/checker-before-init.js
+@@ -15,7 +15,7 @@ function checkMissedConfig() {
+     const required = ['listen.port', 'listen.hostname',
+         'webserver.https', 'webserver.hostname', 'webserver.port',
+         'trust_proxy',
+-        'database.hostname', 'database.port', 'database.suffix', 'database.username', 'database.password', 'database.pool.max',
++        'database.hostname', 'database.port', 'database.dbname', 'database.username', 'database.password', 'database.pool.max',
+         'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address',
+         'storage.avatars', 'storage.videos', 'storage.logs', 'storage.previews', 'storage.thumbnails', 'storage.torrents', 'storage.cache',
+         'log.level',
+diff --git a/dist/server/initializers/constants.js b/dist/server/initializers/constants.js
+index d5a3350..7efaabd 100644
+--- a/dist/server/initializers/constants.js
++++ b/dist/server/initializers/constants.js
+@@ -143,7 +143,7 @@ const CONFIG = {
+         HOSTNAME: config.get('listen.hostname')
+     },
+     DATABASE: {
+-        DBNAME: 'peertube' + config.get('database.suffix'),
++        DBNAME: config.get('database.dbname'),
+         HOSTNAME: config.get('database.hostname'),
+         PORT: config.get('database.port'),
+         USERNAME: config.get('database.username'),

peertube/build/docker-compose.yml

@@ -0,0 +1,73 @@
+version: "3.3"
+
+services:
+
+  reverse-proxy:
+    image: traefik
+    command: --docker # Tells Træfik to listen to docker
+    ports:
+      - "80:80"     # The HTTP port
+      - "443:443"   # The HTTPS port
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
+      - ./docker-volume/traefik/acme.json:/etc/acme.json
+      - ./docker-volume/traefik/traefik.toml:/traefik.toml
+    restart: "always"
+    # If you want to use the Traefik dashboard, you should expose it on a 
+    # subdomain with HTTPS and authentification:
+    # https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
+    # https://github.com/containous/traefik/issues/880#issuecomment-310301168
+
+  peertube:
+    # If you don't want to use the official image and build one from sources
+    # build:
+    #   context: .
+    #   dockerfile: ./support/docker/production/Dockerfile.stretch
+    image: chocobozzz/peertube:production-stretch
+    env_file:
+      - .env
+    # Traefik labels are suggested as an example for people using Traefik,
+    # remove them if you are using another reverse proxy.
+    labels:
+      traefik.enable: "true"
+      traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
+      traefik.port: "9000"
+    # If you don't want to use a reverse proxy (not suitable for production!)
+    # ports:
+      # - "80:9000"
+    volumes:
+      - ./docker-volume/data:/data
+      - ./docker-volume/config:/config
+    depends_on:
+      - postgres
+      - redis
+      - postfix
+    restart: "always"
+
+  postgres:
+    image: postgres:10-alpine
+    environment:
+      POSTGRES_USER: ${PEERTUBE_DB_USERNAME}
+      POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD}
+      POSTGRES_DB: peertube
+    volumes:
+      - ./docker-volume/db:/var/lib/postgresql/data
+    restart: "always"
+    labels:
+      traefik.enable: "false"
+
+  redis:
+    image: redis:4-alpine
+    volumes:
+      - ./docker-volume/redis:/data
+    restart: "always"
+    labels:
+      traefik.enable: "false"
+
+  postfix:
+    image: mwader/postfix-relay
+    environment:
+      - POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME}
+    labels:
+      traefik.enable: "false"
+    restart: "always"

peertube/hooks/init

@@ -0,0 +1,87 @@
+#!/bin/bash
+
+## Init is run on host
+## For now it is run every time the script is launched, but
+## it should be launched only once after build.
+
+## Accessible variables are:
+## - SERVICE_NAME        Name of current service
+## - DOCKER_BASE_IMAGE   Base image from which this service might be built if any
+## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
+## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
+
+set -e
+
+peertube_uid=$(docker_get_uid "$SERVICE_NAME" "peertube")
+
+PEERTUBE_APP_DIR=/opt/apps/peertube
+PEERTUBE_DATA_DIR=/var/lib/peertube
+PEERTUBE_LOG_DIR=/var/log/peertube
+PEERTUBE_CACHE_DIR=/var/cache/peertube
+PEERTUBE_CONFIG_DIR=/etc/peertube
+
+HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR
+HOST_DATA_DIR=$SERVICE_DATASTORE/$PEERTUBE_DATA_DIR
+
+
+mkdir -p "$HOST_CONFIG_DIR"
+
+## Always copy default and custom env configuration file, in cases where new keys were added
+ln -sf "$PEERTUBE_APP_DIR"/config/default.yaml "$HOST_CONFIG_DIR"
+
+
+cat <<EOF > "$HOST_CONFIG_DIR/local.yaml"
+
+listen:
+  hostname: '0.0.0.0'
+  port: 9000
+
+storage:
+
+  avatars: '$PEERTUBE_DATA_DIR/avatars/'
+  videos: '$PEERTUBE_DATA_DIR/videos/'
+  redundancy: '$PEERTUBE_DATA_DIR/redundancy/'
+  previews: '$PEERTUBE_DATA_DIR/previews/'
+  thumbnails: '$PEERTUBE_DATA_DIR/thumbnails/'
+  torrents: '$PEERTUBE_DATA_DIR/torrents/'
+  captions: '$PEERTUBE_DATA_DIR/captions/'
+
+  logs: '/var/log/peertube/'
+
+  cache: '/var/cache/peertube/'
+  tmp: '/var/tmp/peertube/'
+
+EOF
+
+
+VALID_SECTION=(
+    instance services import transcoding
+    user signup admin cache redundancy
+    trending search log
+)
+for section in "${VALID_SECTION[@]}"; do
+    if val=$(options-get "$section" 2>/dev/null); then
+        yaml_key_val_str "$section" "$val"
+    fi
+done >> "$HOST_CONFIG_DIR/local.yaml"
+
+if ! [ -e "$HOST_DATA_DIR/config.json" ]; then
+    touch "$HOST_DATA_DIR/config.json"
+fi
+
+ln -sf "$PEERTUBE_DATA_DIR"/config.json "$HOST_CONFIG_DIR/local-prod.json"
+
+
+dirs=(/var/tmp/peertube /var/cache/peertube
+      "$PEERTUBE_CACHE_DIR" "$PEERTUBE_LOG_DIR" "$PEERTUBE_DATA_DIR")
+host_dirs=()
+for dir in "${dirs[@]}"; do
+    host_dirs+=("$SERVICE_DATASTORE$dir")
+done
+
+mkdir -p "${host_dirs[@]}"
+find "${host_dirs[@]}" \! -user "$peertube_uid" \
+     -exec chown -v "$peertube_uid" {} + || true
+
+
+true

peertube/hooks/postgres_database-relation-joined

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+PEERTUBE_CONFIG_DIR=/etc/peertube
+
+HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR
+
+PASSWORD="$(relation-get password)"
+USER="$(relation-get user)"
+DBNAME="$(relation-get dbname)"
+
+cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml"
+
+database:
+  hostname: '$TARGET_SERVICE_NAME'
+  ## We had to patch peertube to have a direct dbname (doh!)
+  dbname: '$DBNAME'
+  port: 5432
+  username: '$USER'
+  password: '$PASSWORD'
+
+EOF
+
+info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access."

peertube/hooks/redis_database-relation-joined

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+PEERTUBE_CONFIG_DIR=/etc/peertube
+
+HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR
+
+password=$(relation-get password) || {
+    err "Can't get password for '$SERVICE_NAME' from '$TARGET_SERVICE_NAME'."
+    exit 1
+}
+
+cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml"
+
+## XXXvlab: to be added by redis relation
+redis:
+  hostname: '$TARGET_SERVICE_NAME'
+  port: 6379
+  auth: $password
+
+EOF
+
+info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access."

peertube/hooks/web_proxy-relation-joined

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+PEERTUBE_CONFIG_DIR=/etc/peertube
+
+HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR
+
+domain=$(relation-get domain) || {
+    err "Can't get domain value."
+    exit 1
+}
+cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml"
+
+webserver:
+  https: true
+  hostname: '$domain'
+  port: 443
+
+EOF
+
+info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access."

peertube/metadata.yml

@@ -0,0 +1,135 @@
+description: "PeerTube Server"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+## XXXvlab: docker uses the 'build' directory or the 'image:' option here.
+#docker-image: chocobozzz/peertube:production-stretch  ## YYY: to save in our docker-registry
+data-resources:
+  - /var/lib/peertube
+  - /var/log/peertube
+  - /var/cache/peertube
+config-resources:
+  - /etc/peertube
+
+## XXXvlab: options here are the one provided to the server as
+## defaults BUT that can be changed from within the web
+## interface.
+default-options:
+  # If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
+  # In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
+  # Please, do not disable transcoding since many uploaded videos will not work
+  transcoding:
+    enabled: true
+    threads: 1
+    resolutions: # Only created if the original video has a higher resolution, uses more storage!
+      240p: true
+      360p: true
+      480p: true
+      720p: true
+      1080p: true
+
+  import:
+    # Add ability for your users to import remote videos (from YouTube, torrent...)
+    videos:
+      http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
+        enabled: true
+      torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
+        enabled: true
+
+  signup:
+    enabled: true
+
+
+uses:
+  postgres-database:
+    constraint: required
+    auto: summon
+    solves:
+      database: "main storage"
+    default-options:
+      extensions:
+        - pg_trgm
+        - unaccent
+  redis-database:
+    constraint: required
+    auto: summon
+    solves:
+      database: "short time storage"
+  # log-rotate:
+  #   constraint: recommended
+  #   auto: pair
+  #   solves:
+  #     disk-leak: "/var/log/peertube"
+  web-proxy:
+    constraint: required
+    auto: pair
+    solves:
+      proxy: "Public access"
+    default-options:
+      apache-custom-rules:
+      - |
+        ## From https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7
+
+        Protocols h2 http/1.1
+
+        # HSTS (mod_headers is required) (63072000 seconds = 2 years) (only activate it knowingly)
+        #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+
+        Header always set X-Content-Type-Options nosniff
+        Header always set X-Robots-Tag none
+        Header always set X-XSS-Protection "1; mode=block"
+
+        # Hard limit, PeerTube does not support videos > 4GB
+        LimitRequestBody 4294967294
+
+        # Set caching on assets for 1 year
+        <FilesMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$>
+                Header append Cache-Control "public, max-age=31536000, immutable"
+        </FilesMatch>
+        AliasMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ /var/www/peertube/peertube-latest/client/dist/$1
+
+        # Set caching on image files for 1 year
+        <FilesMatch ^/static/(thumbnails|avatars)/(.*)$>
+                Header append Cache-Control "public, max-age=31536000, immutable"
+        </FilesMatch>
+        AliasMatch ^/static/(thumbnails|avatars)/(.*)$ /var/www/peertube/storage/$1/$2
+
+        # Bypass PeerTube webseed route for better performances
+        Alias /static/webseed /var/www/peertube/storage/videos
+        <Location /static/webseed>
+                # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
+                SetOutputFilter RATE_LIMIT
+                SetEnv rate-limit 800
+
+                SetEnvIf Request_Method "GET" GETMETH=1
+
+                Header set Access-Control-Allow-Origin "*" env=GETMETH
+                Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH
+                Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH
+                Header set toto "foo" env=GETMETH
+                SetEnvIf GETMETH "1" dontlog
+
+                SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1
+
+                Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH
+                Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH
+                Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH
+                Header set Access-Control-Max-Age "1000" env=OPTIONSMETH
+                Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH
+                Header set Content-Length "0" env=OPTIONSMETH
+        </Location>
+
+        <Location /videos/embed>
+                Header unset X-Frame-Options
+        </Location>
+
+        ProxyPreserveHost On
+        ProxyRequests On
+        ProxyTimeout 600
+
+        # Websocket tracker
+        RewriteEngine On
+        RewriteCond %{HTTP:Upgrade} websocket [NC]
+        RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]
+
+        # <Location />
+        #         ProxyPass http://127.0.0.1:9000/
+        # </Location>

redis/build/Dockerfile

@@ -0,0 +1,18 @@
+## is a simple copy of postgres:10-alpine
+FROM docker.0k.io/alpine:3.7 as common
+
+RUN apk add redis
+
+RUN mkdir -p /var/lib/redis
+RUN chown -R redis:redis /var/lib/redis
+
+RUN echo -e "include /etc/redis-local.conf\n" >> /etc/redis.conf
+
+VOLUME ["/var/lib/redis"]
+
+# Expose the ports for redis
+EXPOSE 6379
+
+USER redis
+
+ENTRYPOINT ["redis-server", "/etc/redis.conf"]

redis/hooks/init

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+## Init is run on host
+## For now it is run every time the script is launched, but
+## it should be launched only once after build.
+
+## Accessible variables are:
+## - SERVICE_NAME        Name of current service
+## - DOCKER_BASE_IMAGE   Base image from which this service might be built if any
+## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
+## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
+
+set -e
+
+uid=$(docker_get_uid "$SERVICE_NAME" "redis")
+
+CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf
+
+PASSWORD=$(options-get password 2>/dev/null) || {
+    if [ -e "$CONFIG" ]; then
+        PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g')
+    fi
+    if [ -z "$ADMIN_PASSWORD" ]; then
+        info "Generating odoo admin password"
+        PASSWORD=$(gen_password 64)
+    fi
+}
+
+
+
+mkdir -p "$(dirname "$CONFIG")"
+cat <<EOF > "$CONFIG"
+daemonize no
+loglevel notice
+logfile ""
+bind 0.0.0.0
+requirepass $PASSWORD
+
+EOF
+chown -v "$uid" "$CONFIG"
+
+
+dirs=(/var/log/redis /var/lib/redis)
+host_dirs=()
+for dir in "${dirs[@]}"; do
+    host_dirs+=("$SERVICE_DATASTORE$dir")
+done
+
+mkdir -p "${host_dirs[@]}"
+find "${host_dirs[@]}" \! -user "$uid" \
+     -exec chown -v "$uid" {} + || true
+
+
+config_hash=$(cat "$CONFIG" | md5_compat) || exit 1
+init-config-add "
+$MASTER_BASE_SERVICE_NAME:
+  labels:
+    - compose.config_hash=$config_hash
+"

redis/hooks/redis_database-relation-joined

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+
+CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf
+
+set -e
+
+PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g')
+
+relation-set password "$PASSWORD"
+
+true

redis/metadata.yml

@@ -0,0 +1,9 @@
+summary: "Redis server"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+data-resources:
+  - /var/lib/redis
+  - /var/log/redis
+config-resources:
+  - /etc/redis-local.conf
+provides:
+  redis-database: