Compare commits

...

9 Commits

  1. 8
      apache/hooks/pre_deploy
  2. 21
      apache/lib/common
  3. 5
      bitwarden/metadata.yml
  4. 26
      mattermost/hooks/init
  5. 26
      mattermost/hooks/postgres_database-relation-joined
  6. 16
      mattermost/metadata.yml
  7. 35
      postgres/hooks/init
  8. 6
      postgres/hooks/postgres_database-relation-joined
  9. 50
      postgres/lib/common
  10. 2
      postgres/metadata.yml
  11. 2
      precise/base-0k/hooks/install.d/00-base.sh
  12. 9
      precise/host/hooks/install.d/70-0k.sh

8
apache/hooks/pre_deploy

@ -0,0 +1,8 @@
#!/bin/bash
## Should be executable N time in a row with same result.
set -e
. lib/common
apache_config_hash || exit 1

21
apache/lib/common

@ -1,5 +1,6 @@
# -*- mode: shell-script -*- # -*- mode: shell-script -*-
config_hash=
apache_proxy_dir () { apache_proxy_dir () {
DOMAIN=$(relation-get domain) || { DOMAIN=$(relation-get domain) || {
@ -150,6 +151,7 @@ ssl_fallback_prepare() {
if [ "$content" ]; then if [ "$content" ]; then
location="$(eval echo "\$__vhost_cfg_SSL_${label^^}_LOCATION")" location="$(eval echo "\$__vhost_cfg_SSL_${label^^}_LOCATION")"
echo "$content" | file_put "$dst$location" echo "$content" | file_put "$dst$location"
config_hash=$(printf "%s\0" "$config_hash" "$label" "$content" | md5_compat)
volumes="$volumes volumes="$volumes
- $dst$location:$location:ro" - $dst$location:$location:ro"
fi fi
@ -314,6 +316,7 @@ apache_core_rules_add() {
local conf="$1" dst="/etc/apache2/conf-enabled/$BASE_SERVICE_NAME.conf" local conf="$1" dst="/etc/apache2/conf-enabled/$BASE_SERVICE_NAME.conf"
debug "Adding core rule." debug "Adding core rule."
echo "$conf" | file_put "$CONFIGSTORE/$BASE_SERVICE_NAME$dst" echo "$conf" | file_put "$CONFIGSTORE/$BASE_SERVICE_NAME$dst"
config_hash=$(printf "%s\0" "$config_hash" "$conf" | md5_compat)
config-add " config-add "
$MASTER_BASE_SERVICE_NAME: $MASTER_BASE_SERVICE_NAME:
volumes: volumes:
@ -474,6 +477,8 @@ __vhost_full_vhost_statement() {
$(__vhost_head_statement "$protocol" | prefix " ") $(__vhost_head_statement "$protocol" | prefix " ")
$(__vhost_custom_rules | prefix " ")
$(__vhost_content_statement "$protocol" | prefix " ") $(__vhost_content_statement "$protocol" | prefix " ")
## Forbid any cache, this is only usefull on dev server. ## Forbid any cache, this is only usefull on dev server.
@ -482,7 +487,6 @@ $(__vhost_content_statement "$protocol" | prefix " ")
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS" #Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept" #Header set Access-Control-Allow-Headers "origin, content-type, accept"
$([ "$protocol" == "https" ] && __vhost_ssl_statement | prefix " ") $([ "$protocol" == "https" ] && __vhost_ssl_statement | prefix " ")
$(__vhost_custom_rules | prefix " ")
</VirtualHost> </VirtualHost>
EOF EOF
@ -509,3 +513,18 @@ $(__vhost_creds_statement | prefix " ")
EOF EOF
} }
apache_config_hash() {
debug "Adding config hash to enable recreating upon config change."
config_hash=$({
printf "%s\0" "$config_hash"
find "$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" \
-name \*.conf -exec md5sum {} \;
} | md5_compat) || exit 1
init-config-add "
$MASTER_BASE_SERVICE_NAME:
labels:
- compose.config_hash=$config_hash
"
}

5
bitwarden/metadata.yml

@ -0,0 +1,5 @@
description: Bitwarden Server
#docker-image: mprasil/bitwarden:latest
docker-image: docker.0k.io/bitwarden
data-resources:
- /data

26
mattermost/hooks/init

@ -0,0 +1,26 @@
#!/bin/bash
## Init is run on host
## For now it is run every time the script is launched, but
## it should be launched only once after build.
## Accessible variables are:
## - SERVICE_NAME Name of current service
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
# Please note that postgres detect on its own if its datadir needs to be populated
##
## checking permission of base directory
##
dirs=("$SERVICE_CONFIGSTORE/mattermost/"{config,plugins} "$SERVICE_DATASTORE/mattermost/"{data,logs})
for dir in "${dirs[@]}"; do
mkdir -p "$dir"
find "$dir" \! -uid 2000 -exec chown -v 2000 {} \;
find "$dir" \! -gid 2000 -exec chgrp -v 2000 {} \;
done

26
mattermost/hooks/postgres_database-relation-joined

@ -0,0 +1,26 @@
#!/bin/bash
set -e
PASSWORD="$(relation-get password)"
USER="$(relation-get user)"
DBNAME="$(relation-get dbname)"
control=$(echo -en "$USER\0$DBNAME\0$PASSWORD" | md5_compat)
config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
DB_HOST: $MASTER_TARGET_SERVICE_NAME
MM_DBNAME: $DBNAME
MM_PASSWORD: $PASSWORD
MM_USERNAME: $USER
"
[ "$control" == "$(relation-get control 2>/dev/null)" ] && exit 0
relation-set control "$control"
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access."

16
mattermost/metadata.yml

@ -0,0 +1,16 @@
# description: "Mattermost"
# maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
## We fix image here to be sure of what we install
docker-image: docker.0k.io/mattermost-team
# docker-image: docker.0k.io/mattermost-enterprise
config-resources:
- /mattermost/config
- /mattermost/plugins
data-resources:
- /mattermost/data
- /mattermost/logs
host-resources:
- /etc/localtime:ro
docker-compose:
restart: unless-stopped

35
postgres/hooks/init

@ -11,43 +11,34 @@
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service ## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
# Please note that postgres detect on its own if its datadir needs to be populated # Please note that postgres detect on its own if its datadir needs to be populated
[ -e ~/.pgpass ] && exit 0
. lib/common . lib/common
set -e
POSTGRES_ROOT_PASSWORD="$(gen_password)"
ensure_db_docker_running
errlvl=$?
if [[ "$errlvl" == 18 ]]; then
err "Db connection seems not setup. Setting up."
_set_up_connection || exit 1
ensure_db_docker_running || {
die "Setup connection didn't work as expected."
}
fi
## ##
## Setting up access from host
## checking permission of base directory
## ##
ddb < <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'")
sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \
"$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf"
docker restart "$container_id"
## XXXvlab: this won't help support multiple project running on the
## same host
cat <<EOF > ~/.pgpass
*:*:*:postgres:$POSTGRES_ROOT_PASSWORD
EOF
mkdir -p "$SERVICE_DATASTORE/var/lib/postgresql/data"
find "$SERVICE_DATASTORE/var/lib/postgresql/data" \! -perm 700 -exec chmod -v 700 {} \;
chmod 600 ~/.pgpass
## ##
## pgm ## pgm
## ##
echo 'prefix_pg_local_command=" " ## otherwise, will default to sudo -u postgres ' > /root/.pgm.rc
echo 'prefix_pg_local_command=" " ## otherwise, will default to sudo -u postgres ' > ~/.pgm.rc
info "New root password for postgres. " info "New root password for postgres. "

6
postgres/hooks/postgres_database-relation-joined

@ -17,12 +17,14 @@ DBNAME=$(relation-get dbname)
set -e set -e
USER=$(relation-get user) USER=$(relation-get user)
PASSWORD="$(gen_password)"
PASSWORD="$(relation-get password 2>/dev/null)" || PASSWORD="$(gen_password)"
POSTGIS=$(relation-get postgis 2>/dev/null) || true POSTGIS=$(relation-get postgis 2>/dev/null) || true
UNACCENT=$(relation-get unaccent 2>/dev/null) || true UNACCENT=$(relation-get unaccent 2>/dev/null) || true
ensure_db_docker_running
if ! ensure_db_docker_running; then
die "Can't ensure valid link to postgres"
fi
db_has_database "$DBNAME" || UNACCENT="$UNACCENT" POSTGIS="$POSTGIS" db_create "$DBNAME" db_has_database "$DBNAME" || UNACCENT="$UNACCENT" POSTGIS="$POSTGIS" db_create "$DBNAME"
if ! db_has_user "$USER"; then if ! db_has_user "$USER"; then

50
postgres/lib/common

@ -37,6 +37,44 @@ _set_db_params() {
export db_docker_opts="--network $docker_network -e PGHOST=$docker_ip -e PGUSER=postgres" export db_docker_opts="--network $docker_network -e PGHOST=$docker_ip -e PGUSER=postgres"
export db_cmd_opts= export db_cmd_opts=
PGHOST="$docker_ip"
PGUSER="postgres"
export PGHOST PGUSER
}
## Must setup a direct connection
_set_up_connection() {
if [ -e "$DB_PASSFILE" ]; then
POSTGRES_ROOT_PASSWORD=$(cat "$DB_PASSFILE" | cut -f 5 -d :)
else
POSTGRES_ROOT_PASSWORD="$(gen_password)"
fi
##
## Setting up access from host
##
debug docker exec -i "$container_id" psql -U postgres -qAt
docker exec -i "$container_id" psql -U postgres -qAt \
< <(echo "ALTER USER postgres WITH ENCRYPTED password '$POSTGRES_ROOT_PASSWORD'") || {
die "direct PSQL injection failed."
}
sed -ri 's%^host all all 0\.0\.0\.0/0 trust$%host all all 0.0.0.0/0 md5%g' \
"$SERVICE_DATASTORE/var/lib/postgresql/data/pg_hba.conf" || return 1
docker restart "$container_id" || return 1
## XXXvlab: this won't help support multiple project running on the
## same host
cat <<EOF > "$DB_PASSFILE"
*:*:*:postgres:$POSTGRES_ROOT_PASSWORD
EOF
chmod 600 "$DB_PASSFILE" || return 1
} }
ddb () { dcmd psql -qAt "$@"; } ddb () { dcmd psql -qAt "$@"; }
@ -104,6 +142,11 @@ db_change_password() {
db_grant_rights () { db_grant_rights () {
local dbname="$1" user="$2" local dbname="$1" user="$2"
PGM chown "$user" "$dbname"
}
PGM() {
local src="$1" dst="$2"
require psql || apt-get install -y postgresql-client </dev/null require psql || apt-get install -y postgresql-client </dev/null
require pgm || { require pgm || {
( (
@ -115,6 +158,9 @@ db_grant_rights () {
# git checkout master # git checkout master
) )
} }
debug PGHOST="$DOCKER_IP" PGUSER=postgres pgm chown "$user" "$dbname"
PGHOST="$DOCKER_IP" PGUSER=postgres prefix_pg_local_command=" " pgm chown "$user" "$dbname"
ensure_db_docker_running </dev/null || return 1
debug pgm "$@"
pgm "$@"
} }

2
postgres/metadata.yml

@ -1,5 +1,5 @@
summary: "Postgres server" summary: "Postgres server"
maintainer: "Valentin Lab <valentin.lab@kalysto.org>" maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
docker-image: docker.0k.io/postgis
docker-image: docker.0k.io/postgres:11-alpine
data-resources: data-resources:
- /var/lib/postgresql/data - /var/lib/postgresql/data

2
precise/base-0k/hooks/install.d/00-base.sh

@ -5,7 +5,7 @@ set +eux
apt-get update apt-get update
apt-get -y --force-yes install bash-completion wget bzip2 git-core \ apt-get -y --force-yes install bash-completion wget bzip2 git-core \
less tmux mosh \ less tmux mosh \
sudo git vim </dev/null
sudo git vim file </dev/null
apt-get -y --force-yes python-software-properties </dev/null || apt-get -y --force-yes python-software-properties </dev/null ||
apt-get -y --force-yes software-properties-common </dev/null apt-get -y --force-yes software-properties-common </dev/null

9
precise/host/hooks/install.d/70-0k.sh

@ -51,6 +51,7 @@ mkdir -p /opt/apps
## ##
( (
apt-get install -y kal-shlib-charm kal-shlib-cache kal-shlib-cmdline </dev/null
if [ -d "/opt/apps/0k-charm" ]; then if [ -d "/opt/apps/0k-charm" ]; then
cd /opt/apps/0k-charm && cd /opt/apps/0k-charm &&
git checkout master && git checkout master &&
@ -64,7 +65,6 @@ mkdir -p /opt/apps
) )
apt-get install -y kal-shlib-charm </dev/null
## ##
## Install 0k-charms ## Install 0k-charms
@ -262,6 +262,13 @@ EOF
fi fi
fi fi
##
## Installation of compose
##
apt-get install kal-shlib-common kal-shlib-pretty kal-shlib-charm kal-shlib-array -y --force-yes </dev/null
if [ -d "/opt/apps/0k-compose" ]; then if [ -d "/opt/apps/0k-compose" ]; then
cd "/opt/apps/0k-compose" && cd "/opt/apps/0k-compose" &&
git pull -r git pull -r

Loading…
Cancel
Save