Introduce LXC-composer

apk/vmmgr

@@ -1 +1 @@
-Subproject commit d9334fd12be8feb11106564d1a3b2e7526c89f43
+Subproject commit 972ca0b6967edd56af96a7de159950ac9fcbc4a6

apps/ckan/install.sh

@@ -0,0 +1,79 @@
+#!/bin/sh
+set -ev
+
+cd $(realpath $(dirname "${0}"))/install
+
+# Create Postgres instance
+mkdir -p /srv/ckan/postgres_data
+chown -R 105432:105432 /srv/ckan/postgres_data
+chmod 700 /srv/ckan/postgres_data
+lxc-execute -n ckan_postgres -- initdb -D /var/lib/postgresql
+
+# Configure Postgres
+cp postgres_data/postgresql.conf /srv/ckan/postgres_data/postgresql.conf
+cp postgres_data/pg_hba.conf /srv/ckan/postgres_data/pg_hba.conf
+
+# Create database
+export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+lxc-start ckan_postgres #TODO: wait?
+envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql
+
+# Configure Redis
+mkdir -p /srv/ckan/redis_conf /srv/ckan/redis_data
+cp redis_conf/redis.conf /srv/ckan/redis_conf/redis.conf
+chown -R 106379:106379 /srv/ckan/redis_data
+lxc-start ckan_redis
+
+# Configure Solr
+mkdir -p /srv/ckan/solr_data
+lxc-execute ckan_solr -- cat /opt/solr/server/solr/solr.xml >/srv/ckan/solr_data/solr.xml
+chown -R 108983:108983 /srv/ckan/solr_data
+lxc-start ckan_solr # TODO: wait?
+
+# Configure CKAN Solr core
+lxc-attach -u 8983 -g 8983 ckan_solr -- solr create -p 8983 -c ckan # TODO: wait to ensure creation?
+lxc-stop ckan_solr
+cp solr_data/ckan/conf/schema.xml /srv/ckan/solr_data/ckan/conf/schema.xml
+cp solr_data/ckan/conf/solrconfig.xml /srv/ckan/solr_data/ckan/conf/solrconfig.xml
+chown 108983:108983 /srv/ckan/solr_data/ckan/conf/schema.xml # TODO: je to potreba?
+lxc-start ckan_solr # TODO: wait?
+
+# Configure CKAN DataPusher
+mkdir -p /srv/ckan/datapusher_conf /srv/ckan/datapusher_data
+cp datapusher_conf/datapusher.wsgi /srv/ckan/datapusher_conf/datapusher.wsgi
+cp datapusher_conf/datapusher_settings.py /srv/ckan/datapusher_conf/datapusher_settings.py
+chown -R 108080:108080 /srv/ckan/datapusher_data
+
+# Configure CKAN
+mkdir -p /srv/ckan/ckan_conf /srv/ckan/ckan_data
+export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid)
+envsubst <ckan_conf/ckan.ini >/srv/ckan/ckan_conf/ckan.ini
+cp ckan_conf/who.ini /srv/ckan/ckan_conf/who.ini
+chown -R 108080:108080 /srv/ckan/ckan_data
+
+# Populate database
+lxc-execute ckan_ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini
+lxc-execute ckan_ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
+lxc-execute ckan_ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql
+
+# Create admin account
+export CKAN_ADMIN_USER="admin"
+export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid)
+export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid)
+export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
+export CKAN_ADMIN_HASH=$(lxc-execute ckan_ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
+export CKAN_ADMIN_EMAIL="admin@example.com"
+envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql ckan
+
+# Install config update script
+cp update-conf.sh /srv/ckan/update-conf.sh
+
+# Stop services required for setup
+lxc-stop ckan_solr
+lxc-stop ckan_postgres
+lxc-stop ckan_redis
+
+# Register application
+vmmgr register-app ckan ckan "${CKAN_ADMIN_USER}" "${CKAN_ADMIN_PWD}"

apps/ckan/install/adminpwd.sql

@@ -1 +1 @@
-INSERT INTO public.user (id, name, apikey, created, about, password, fullname, email, reset_key, sysadmin, activity_streams_email_notifications, state) VALUES ('${CKAN_ADMIN_UUID}', '${CKAN_ADMIN_USER}', '${CKAN_ADMIN_APIKEY}', NOW(), NULL, '${CKAN_ADMIN_HASH}', NULL, '${CKAN_ADMIN_EMAIL}', NULL, TRUE, FALSE, 'active');
+INSERT INTO public.user (id, name, apikey, created, about, password, fullname, email, reset_key, sysadmin, activity_streams_email_notifications, state) VALUES ('${CKAN_ADMIN_UUID}', '${CKAN_ADMIN_USER}', '${CKAN_ADMIN_APIKEY}', NOW(), NULL, '${CKAN_ADMIN_HASH}', NULL, '${CKAN_ADMIN_EMAIL}', NULL, TRUE, FALSE, 'active');

apps/ckan/install/createdb.sql

@@ -1,16 +1,16 @@
-CREATE ROLE ckan NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_PWD}';
-CREATE ROLE ckan_datastore NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_DS_PWD}';
-
-CREATE DATABASE ckan;
-REVOKE ALL ON DATABASE ckan FROM public;
-ALTER DATABASE ckan OWNER TO ckan;
-
-CREATE DATABASE ckan_datastore;
-REVOKE ALL ON DATABASE ckan_datastore FROM public;
-GRANT CONNECT, CREATE, TEMPORARY ON DATABASE ckan_datastore TO ckan;
-ALTER DATABASE ckan_datastore OWNER TO ckan_datastore;
-
-\c ckan
-CREATE EXTENSION postgis;
-GRANT ALL ON geometry_columns TO ckan;
-GRANT ALL ON spatial_ref_sys TO ckan;
+CREATE ROLE ckan NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_PWD}';
+CREATE ROLE ckan_datastore NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_DS_PWD}';
+
+CREATE DATABASE ckan;
+REVOKE ALL ON DATABASE ckan FROM public;
+ALTER DATABASE ckan OWNER TO ckan;
+
+CREATE DATABASE ckan_datastore;
+REVOKE ALL ON DATABASE ckan_datastore FROM public;
+GRANT CONNECT, CREATE, TEMPORARY ON DATABASE ckan_datastore TO ckan;
+ALTER DATABASE ckan_datastore OWNER TO ckan_datastore;
+
+\c ckan
+CREATE EXTENSION postgis;
+GRANT ALL ON geometry_columns TO ckan;
+GRANT ALL ON spatial_ref_sys TO ckan;

apps/ckan/install/postgres_data/postgresql.conf

@@ -177,7 +177,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 
 # - Settings -
 
-#wal_level = replica			# minimal, replica, or logical
+wal_level = minimal			# minimal, replica, or logical
 					# (change requires restart)
 #fsync = on				# flush data to disk for crash safety
 						# (turning this off can cause
@@ -232,12 +232,12 @@ dynamic_shared_memory_type = posix	# the default is the first option
 
 # Set these on the master and on any standby that will send replication data.
 
-#max_wal_senders = 10		# max number of walsender processes
+max_wal_senders = 0		# max number of walsender processes
 				# (change requires restart)
 #wal_keep_segments = 0		# in logfile segments, 16MB each; 0 disables
 #wal_sender_timeout = 60s	# in milliseconds; 0 disables
 
-#max_replication_slots = 10	# max number of replication slots
+max_replication_slots = 0	# max number of replication slots
 				# (change requires restart)
 #track_commit_timestamp = off	# collect timestamp of transaction commit
 				# (change requires restart)
@@ -278,9 +278,9 @@ dynamic_shared_memory_type = posix	# the default is the first option
 
 # These settings are ignored on a publisher.
 
-#max_logical_replication_workers = 4	# taken from max_worker_processes
+max_logical_replication_workers = 0	# taken from max_worker_processes
 					# (change requires restart)
-#max_sync_workers_per_subscription = 2	# taken from max_logical_replication_workers
+max_sync_workers_per_subscription = 0	# taken from max_logical_replication_workers
 
 
 #------------------------------------------------------------------------------

apps/ckan/install/redis_conf/redis.conf

@@ -191,7 +191,7 @@ databases 16
 #
 # However it is possible to force the pre-4.0 behavior and always show a
 # ASCII art logo in startup logs by setting the following option to yes.
-always-show-logo yes
+always-show-logo no
 
 ################################ SNAPSHOTTING  ################################
 #

apps/ckan/install/solr_data/solr.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!--
+   This is an example of a simple "solr.xml" file for configuring one or 
+   more Solr Cores, as well as allowing Cores to be added, removed, and 
+   reloaded via HTTP requests.
+
+   More information about options available in this configuration file, 
+   and Solr Core administration can be found online:
+   http://wiki.apache.org/solr/CoreAdmin
+-->
+
+<solr>
+
+  <solrcloud>
+
+    <str name="host">${host:}</str>
+    <int name="hostPort">${jetty.port:8983}</int>
+    <str name="hostContext">${hostContext:solr}</str>
+
+    <bool name="genericCoreNodeNames">${genericCoreNodeNames:true}</bool>
+
+    <int name="zkClientTimeout">${zkClientTimeout:30000}</int>
+    <int name="distribUpdateSoTimeout">${distribUpdateSoTimeout:600000}</int>
+    <int name="distribUpdateConnTimeout">${distribUpdateConnTimeout:60000}</int>
+    <str name="zkCredentialsProvider">${zkCredentialsProvider:org.apache.solr.common.cloud.DefaultZkCredentialsProvider}</str>
+    <str name="zkACLProvider">${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider}</str>
+
+  </solrcloud>
+
+  <shardHandlerFactory name="shardHandlerFactory"
+    class="HttpShardHandlerFactory">
+    <int name="socketTimeout">${socketTimeout:600000}</int>
+    <int name="connTimeout">${connTimeout:60000}</int>
+  </shardHandlerFactory>
+
+</solr>

apps/ckan/install/update-conf.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+HOST="${DOMAIN}"
+[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}"
+sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/ckan_conf/ckan.ini
+
+sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/ckan_conf/ckan.ini
+sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/ckan_conf/ckan.ini
+
+sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" /srv/ckan/datapusher_conf/datapusher_settings.py

apps/ckan/meta

@@ -0,0 +1,52 @@
+{
+    'version': '1234',
+    'meta': {
+        'title': 'CKAN',
+        'desc-cs': 'Datový sklad',
+        'desc-en': 'Data store',
+        'license': 'GPL'
+    },
+    'containers': {
+        'ckan': {
+            'image': 'ckan_123',
+            'depends': [
+                'ckan_datapusher',
+                'ckan_redis',
+                'ckan_solr',
+                'ckan_postgres'
+            ],
+            'mounts': {
+                '/srv/ckan/ckan_conf': '/etc/ckan',
+                '/srv/ckan/ckan_data': '/srv/ckan/storage'
+            }
+        },
+        'ckan_datapusher': {
+            'image': 'ckan-datapusher_123',
+            'mounts': {
+                '/etc/ssl/services.pem': '/etc/ssl/services.pem',
+                '/srv/ckan/datapusher_conf': '/etc/ckan-datapusher',
+                '/srv/ckan/datapusher_data': '/srv/ckan-datapusher/data'
+            }
+        },
+        'ckan_redis': {
+            'image': 'redis_123',
+            'mounts': {
+                '/srv/ckan/redis_conf/redis.conf': '/etc/redis.conf'
+                '/srv/ckan/redis_data': '/var/lib/redis'
+            }
+        },
+        'ckan_solr': {
+            'image': 'solr_123',
+            'mounts': {
+                '/srv/ckan/solr_data': '/var/lib/solr'
+            }
+        },
+        'ckan_postgres': {
+            'image': 'postgis_123',
+            'mounts': {
+                '/srv/ckan/postgres_data': '/var/lib/postgresql'
+            }
+        }
+    },
+    'proxy': 'ckan'
+}

build/usr/bin/lxc-build

@@ -1,6 +1,7 @@
 #!/usr/bin/python3
 # -*- coding: utf-8 -*-
 
+import sys
 from lxcbuild.lxcimage import LXCImage
 
 if __name__ == '__main__':

build/usr/lib/python3.6/lxcbuild/lxcbuilder.py

@@ -4,58 +4,25 @@ import os
 import shutil
 import subprocess
 import sys
+from vmmgr import lxcmgr
 
 LXC_ROOT = '/var/lib/lxc'
-CONFIG_TEMPLATE = '''# Image name
-lxc.uts.name = {name}
-
-# Network
-lxc.net.0.type = veth
-lxc.net.0.link = lxcbr0
-lxc.net.0.flags = up
-
-# Volumes
-lxc.rootfs.path = {rootfs}
-
-# Mounts
-lxc.mount.entry = shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
-lxc.mount.entry = /etc/hosts etc/hosts none bind,create=file 0 0
-lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,create=file 0 0
-{mounts}
-
-# Init
-lxc.init.uid = {uid}
-lxc.init.gid = {gid}
-lxc.init.cwd = {cwd}
-
-# Environment
-lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-{env}
-
-# Halt
-lxc.signal.halt = {halt}
-
-# Log
-lxc.console.size = 1MB
-lxc.console.logfile = /var/log/lxc/{name}.log
-
-# Other
-lxc.arch = x86_64
-lxc.cap.drop = sys_admin
-lxc.hook.pre-start = /usr/bin/vmmgr prepare-container
-lxc.hook.start-host = /usr/bin/vmmgr register-container
-lxc.hook.post-stop = /usr/bin/vmmgr unregister-container
-lxc.include = /usr/share/lxc/config/common.conf
-'''
 
 class LXCBuilder:
     def __init__(self, image):
         self.image = image
         self.script = []
         self.script_eof = None
-        self.already_built = False
 
     def build(self):
+        try:
+            self.image.conf['build'] = True
+            self.process_file()
+        except FileExistsError as e:
+            print(e)
+        del self.image.conf['build']
+
+    def process_file(self):
         with open(self.image.lxcfile, 'r') as f:
             for line in f:
                 line = line.strip()
@@ -73,18 +40,14 @@ class LXCBuilder:
             self.script = []
             self.script_eof = args
         elif 'IMAGE' == directive:
-            self.set_name(*args.split())
-        elif 'META' == directive:
-            self.add_meta(*args.split(None, 1))
+            self.set_name(args)
         elif 'LAYER' == directive:
-            self.add_layer(*args.split())
+            self.add_layer(args)
         elif 'FIXLAYER' == directive:
             self.fix_layer(args.split())
         elif 'COPY' == directive:
             srcdst = args.split()
             self.copy_files(srcdst[0], srcdst[1] if len(srcdst) == 2 else '')
-        elif 'MOUNT' == directive:
-            self.add_mount(args.split())
         elif 'ENV' == directive:
             self.add_env(*args.split(None, 1))
         elif 'USER' == directive:
@@ -95,102 +58,65 @@ class LXCBuilder:
             self.set_cwd(args)
         elif 'HALT' == directive:
             self.set_halt(args)
+        elif 'READY' == directive:
+            self.set_ready(args)
 
     def get_layer_path(self, layer):
         return os.path.join(LXC_ROOT, 'storage', layer)
 
-    def rebuild_config(self):
-        if not self.image.upper_layer:
-            return
-        upper_layer = self.get_layer_path(self.image.upper_layer)
-        if not self.image.layers:
-            rootfs = upper_layer
-        else:
-            # Multiple lower overlayfs layers are ordered from right to left (lower2:lower1:rootfs:upper)
-            layers = [self.get_layer_path(layer) for layer in self.image.layers]
-            rootfs = 'overlay:{}:{}'.format(':'.join(layers[::-1]), upper_layer)
-        mounts = '\n'.join(['lxc.mount.entry = {} {} none bind,create={} 0 0'.format(m[1], m[2], m[0].lower()) for m in self.image.mounts])
-        env = '\n'.join(['lxc.environment = {}={}'.format(e[0], e[1]) for e in self.image.env])
-        cwd = self.image.cwd if self.image.cwd else '/'
-        halt = self.image.halt if self.image.halt else 'SIGINT'
-        with open(os.path.join(LXC_ROOT, self.image.upper_layer, 'config'), 'w') as f:
-            f.write(CONFIG_TEMPLATE.format(name=self.image.upper_layer, rootfs=rootfs, mounts=mounts, env=env, uid=self.image.uid, gid=self.image.gid, cwd=cwd, halt=halt))
-
     def run_script(self, script):
-        if self.already_built:
-            return
-        sh = os.path.join(self.get_layer_path(self.image.upper_layer), 'run.sh')
+        lxcmgr.register_container(self.image.name, self.image.conf)
+        sh = os.path.join(self.get_layer_path(self.image.name), 'run.sh')
         with open(sh, 'w') as f:
             f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script)))
         os.chmod(sh, 0o700)
-        subprocess.run(['lxc-execute', '-n', self.image.upper_layer, '--', '/bin/sh', '-lc', '/run.sh'], check=True)
+        os.chown(sh, 100000, 100000)
+        subprocess.run(['lxc-execute', self.image.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True)
         os.unlink(sh)
+        lxcmgr.unregister_container(self.image.name)
 
-    def set_name(self, name, version):
+    def set_name(self, name):
         self.image.name = name
-        self.image.version = version
-        self.image.upper_layer = '{}_{}'.format(self.image.name, self.image.version)
-        layer_path = self.get_layer_path(self.image.upper_layer)
-        if os.path.exists(layer_path):
-            self.already_built = True
-            print('Layer {} already exists, skipping build tasks'.format(self.image.upper_layer))
-        else:
-            os.makedirs(layer_path, 0o755, True)
-            os.makedirs(os.path.join(LXC_ROOT, self.image.upper_layer), 0o755, True)
-            self.rebuild_config()
+        self.image.conf['layers'] = [self.image.name]
+        image_path = self.get_layer_path(self.image.name)
+        os.makedirs(image_path, 0o755, True)
+        os.chown(image_path, 100000, 100000)
 
-    def add_meta(self, key, value):
-        self.image.meta[key] = value
-
-    def add_layer(self, name, version):
-        self.image.layers.append('{}_{}'.format(name, version))
-        self.rebuild_config()
+    def add_layer(self, name):
+        self.image.conf['layers'].insert(0, name)
 
     def fix_layer(self, cmd):
-        if self.already_built:
-            return
-        layers = [self.get_layer_path(layer) for layer in self.image.layers]
-        layers.append(self.get_layer_path(self.image.upper_layer))
-        subprocess.run([cmd]+layers, check=True)
+        layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']]
+        subprocess.run([cmd] + layers, check=True)
 
     def copy_files(self, src, dst):
-        if self.already_built:
-            return
-        dst = os.path.join(self.get_layer_path(self.image.upper_layer), dst)
+        dst = os.path.join(self.get_layer_path(self.image.name), dst)
         if src.startswith('http://') or src.startswith('https://'):
             unpack_http_archive(src, dst)
         else:
-            src = os.path.join(self.image.build_dir, src)
-            copy_tree(src, dst)
-
-    def add_mount(self, args):
-        self.image.mounts.append(args)
-        if not self.already_built:
-            self.rebuild_config()
+            copy_tree(os.path.join(self.build_dir, src), dst)
+        shift_uid(dst)
 
     def add_env(self, args):
-        self.image.env.append(args)
-        if not self.already_built:
-            self.rebuild_config()
+        if 'env' not in self.image.conf:
+            self.image.conf['env'] = []
+        self.image.conf['env'].append(args)
 
     def set_user(self, uid, gid):
-        self.image.uid = uid
-        self.image.gid = gid
-        if not self.already_built:
-            self.rebuild_config()
+        self.image.conf['uid'] = uid
+        self.image.conf['gid'] = gid
 
     def set_cmd(self, cmd):
-        self.image.cmd = cmd
+        self.image.conf['cmd'] = cmd
 
     def set_cwd(self, cwd):
-        self.image.cwd = cwd
-        if not self.already_built:
-            self.rebuild_config()
+        self.image.conf['cwd'] = cwd
 
     def set_halt(self, halt):
-        self.image.halt = halt
-        if not self.already_built:
-            self.rebuild_config()
+        self.image.conf['halt'] = halt
+
+    def set_ready(self, cmd):
+        self.image.conf['ready'] = cmd
 
 def unpack_http_archive(src, dst):
         xf = 'xzf'
@@ -211,3 +137,26 @@ def copy_tree(src, dst):
         for name in os.listdir(src):
             copy_tree(os.path.join(src, name), os.path.join(dst, name))
     shutil.copystat(src, dst)
+
+def shift_uid(dir):
+    shift_uid_entry(dir, os.stat(dir, follow_symlinks=True))
+    shift_uid_recursively(dir)
+
+def shift_uid_recursively(dir):
+    for entry in os.scandir(dir):
+        shift_uid_entry(entry.path, entry.stat(follow_symlinks=False))
+        if entry.is_dir():
+            shift_uid_recursively(entry.path)
+
+def shift_uid_entry(path, stat):
+    uid = stat.st_uid
+    gid = stat.st_gid
+    do_chown = False
+    if uid < 100000:
+        uid = uid + 100000
+        do_chown = True
+    if gid < 100000:
+        gid = gid + 100000
+        do_chown = True
+    if do_chown:
+        os.lchown(path, uid, gid)

build/usr/lib/python3.6/lxcbuild/lxcimage.py

@@ -8,17 +8,7 @@ from .lxcpacker import LXCPacker
 class LXCImage:
     def __init__(self, build_path):
         self.name = None
-        self.version = None
-        self.meta = {}
-        self.layers = []
-        self.upper_layer = None
-        self.mounts = []
-        self.env = []
-        self.uid = 0
-        self.gid = 0
-        self.cmd = None
-        self.cwd = None
-        self.halt = None
+        self.conf = {}
 
         if os.path.isfile(build_path):
             self.lxcfile = os.path.realpath(build_path)

build/usr/lib/python3.6/lxcbuild/lxcpacker.py

@@ -23,7 +23,7 @@ class LXCPacker:
 
     def pack(self):
         # Prepare package file names
-        self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.upper_layer))
+        self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.name))
         self.xz_path = '{}.xz'.format(self.tar_path)
         if os.path.exists(self.xz_path):
             print('Package {} already exists, skipping packaging tasks'.format(self.xz_path))
@@ -35,36 +35,30 @@ class LXCPacker:
 
     def create_archive(self):
         # Create archive
-        print('Archiving', self.image.upper_layer)
-        subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.upper_layer)], cwd='/')
+        print('Archiving', self.image.name)
+        subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.name)], cwd='/')
         # Add install/upgrade/uninstall scripts
+        # TODO: skripty balit jen s aplikacemi, ne s imagi
         scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh')
         scripts = [s for s in scripts if os.path.exists(os.path.join(self.image.build_dir, s))]
-        subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.upper_layer), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir)
+        subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.name), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir)
         # Compress the tarball with xz (LZMA2)
         print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576))
         subprocess.run(['xz', '-9', self.tar_path])
         print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576))
 
     def register_package(self):
-        # Prepare metadata
-        meta = self.image.meta.copy()
-        meta['lxc'] = {}
-        for key in ('layers', 'mounts', 'env', 'cmd', 'cwd', 'uid', 'gid', 'halt'):
-            value = getattr(self.image, key)
-            if value:
-                meta['lxc'][key] = value
-
         # Register package
         print('Registering package')
-        packages = {}
         packages_file = os.path.join(PKG_ROOT, 'packages')
         if os.path.exists(packages_file):
             with open(packages_file, 'r') as f:
                 packages = json.load(f)
-        packages[self.image.name] = meta
-        packages[self.image.name]['size'] = os.path.getsize(self.xz_path)
-        packages[self.image.name]['sha512'] = hash_file(self.xz_path)
+        else:
+            packages = {'apps': {}, 'images': {}}
+        packages['images'][self.image.name] = self.image.conf.copy()
+        packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path)
+        packages['images'][self.image.name]['sha512'] = hash_file(self.xz_path)
         with open(packages_file, 'w') as f:
             json.dump(packages, f, sort_keys=True, indent=4)
 

lxc-apps/ckan-datapusher/install.sh

@@ -1,17 +0,0 @@
-#!/bin/sh
-set -ev
-
-cd $(realpath $(dirname "${0}"))/install
-
-# Configure CKAN DataPusher
-mkdir -p /srv/ckan-datapusher/conf /srv/ckan-datapusher/data
-cp srv/ckan-datapusher/conf/datapusher.wsgi /srv/ckan-datapusher/conf/datapusher.wsgi
-cp srv/ckan-datapusher/conf/datapusher_settings.py /srv/ckan-datapusher/conf/datapusher_settings.py
-chown -R 8004:8004 /srv/ckan-datapusher/data
-
-# Install service
-cp etc/init.d/ckan-datapusher /etc/init.d/ckan-datapusher
-rc-update -u
-
-# Install config update script
-cp srv/ckan-datapusher/update-conf.sh /srv/ckan-datapusher/update-conf.sh

lxc-apps/ckan-datapusher/install/etc/init.d/ckan-datapusher

@@ -1,11 +0,0 @@
-#!/sbin/openrc-run
-
-description="CKAN DataPusher container"
-
-start() {
-	lxc-start ckan-datapusher
-}
-
-stop() {
-	lxc-stop ckan-datapusher
-}

lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/update-conf.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" /srv/ckan-datapusher/conf/datapusher_settings.py

lxc-apps/ckan-datapusher/lxcfile

@@ -1,12 +1,7 @@
-IMAGE ckan-datapusher 0.0.13-190620
-META title CKAN DataPusher
-META desc-cs Služba datového skladu pro extrakci dat
-META desc-en Data store data extraction service
-META type app
-META license GPL
+IMAGE ckan-datapusher_0.0.13-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
 
 RUN EOF
     # Install runtime dependencies
@@ -26,8 +21,8 @@ RUN EOF
     pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt
 
     # Create OS user
-    addgroup -S -g 8004 ckandp
-    adduser -S -u 8004 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp
+    addgroup -S -g 8080 ckandp
+    adduser -S -u 8080 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp
     chown -R ckandp:ckandp /srv/ckan-datapusher
 
     # Cleanup
@@ -38,8 +33,4 @@ EOF
 
 COPY lxc
 
-MOUNT FILE /etc/ssl/services.pem etc/ssl/services.pem
-MOUNT DIR /srv/ckan-datapusher/conf etc/ckan-datapusher
-MOUNT DIR /srv/ckan-datapusher/data srv/ckan-datapusher/data
-
 CMD execlineb -P /run

lxc-apps/ckan-datapusher/uninstall.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-set -ev
-
-# Remove service
-rm -f /etc/init.d/ckan-datapusher
-rc-update -u

lxc-apps/ckan/install.sh

@@ -1,66 +0,0 @@
-#!/bin/sh
-set -ev
-
-cd $(realpath $(dirname "${0}"))/install
-
-# Check prerequisites
-[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
-[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1
-[ ! -e /run/openrc/started/solr ] && service solr start && STOP_SOLR=1
-
-# Create database
-export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
-export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
-envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
-
-# Configure CKAN Solr core
-lxc-attach -u 8983 -g 8983 solr -- solr create -p 8983 -c ckan
-cp srv/solr/data/ckan/conf/schema.xml /srv/solr/data/ckan/conf/schema.xml
-cp srv/solr/data/ckan/conf/solrconfig.xml /srv/solr/data/ckan/conf/solrconfig.xml
-chown 8983:8983 /srv/solr/data/ckan/conf/schema.xml
-service solr restart
-
-# Configure CKAN
-mkdir -p /srv/ckan/conf /srv/ckan/data
-export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
-export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid)
-envsubst <srv/ckan/conf/ckan.ini >/srv/ckan/conf/ckan.ini
-cp srv/ckan/conf/who.ini /srv/ckan/conf/who.ini
-chown -R 8003:8003 /srv/ckan/data
-
-# Set "production values" (increases performance) only if the DEBUG environment variable is not set
-if [ ${DEBUG:-0} -eq 0 ]; then
-    sed -i 's/debug = true/debug = false/' /srv/ckan/conf/ckan.ini
-fi
-
-# Populate database
-lxc-execute ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini
-lxc-execute ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
-lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 postgres -- psql
-
-# Create admin account
-export CKAN_ADMIN_USER="admin"
-export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid)
-export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid)
-export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
-export CKAN_ADMIN_HASH=$(lxc-execute ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
-export CKAN_ADMIN_EMAIL="admin@example.com"
-envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql ckan
-
-# Install cron job
-cp etc/periodic/hourly/ckan /etc/periodic/hourly/ckan
-
-# Install service
-cp etc/init.d/ckan /etc/init.d/ckan
-rc-update -u
-
-# Install config update script
-cp srv/ckan/update-conf.sh /srv/ckan/update-conf.sh
-
-# Stop services required for setup
-[ ! -z ${STOP_POSTGRES} ] && service postgres stop
-[ ! -z ${STOP_REDIS} ] && service redis stop
-[ ! -z ${STOP_SOLR} ] && service solr stop
-
-# Register application
-vmmgr register-app ckan ckan "${CKAN_ADMIN_USER}" "${CKAN_ADMIN_PWD}"

lxc-apps/ckan/install/etc/init.d/ckan

@@ -1,23 +0,0 @@
-#!/sbin/openrc-run
-
-description="CKAN container"
-
-depend() {
-	need ckan-datapusher postgres redis solr
-}
-
-start() {
-	lxc-start ckan
-}
-
-start_post() {
-	vmmgr register-proxy ckan
-}
-
-stop_pre() {
-	vmmgr unregister-proxy ckan
-}
-
-stop() {
-	lxc-stop ckan
-}

lxc-apps/ckan/install/etc/periodic/hourly/ckan

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-if [ -e /run/openrc/started/ckan ]; then
-    lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null
-    lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null
-fi

lxc-apps/ckan/install/srv/ckan/update-conf.sh

@@ -1,8 +0,0 @@
-#!/bin/sh
-
-HOST="${DOMAIN}"
-[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}"
-sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/conf/ckan.ini
-
-sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/conf/ckan.ini
-sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/conf/ckan.ini

lxc-apps/ckan/lxc/etc/crontabs/ckan

@@ -0,0 +1,2 @@
+0 * * * * paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null
+0 * * * * paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null

lxc-apps/ckan/lxc/etc/services.d/.s6-svscan/finish

@@ -0,0 +1,4 @@
+#!/bin/execlineb -P
+
+foreground { s6-svwait -d -t 3000 ckan }
+foreground { s6-svwait -d -t 3000 cron }

lxc-apps/ckan/lxc/etc/services.d/ckan/run

@@ -0,0 +1,5 @@
+#!/bin/execlineb -P
+
+fdmove -c 2 1
+s6-setuidgid ckan
+paster serve /etc/ckan/ckan.ini

lxc-apps/ckan/lxc/etc/services.d/cron/run

@@ -0,0 +1,4 @@
+#!/bin/execlineb -P
+
+fdmove -c 2 1
+crond -f -d 8

lxc-apps/ckan/lxcfile

@@ -1,13 +1,7 @@
-IMAGE ckan 2.8.2-190620
-META title CKAN
-META desc-cs Datový sklad
-META desc-en Data store
-META type app
-META license GPL
-META depends ckan-datapusher postgres redis solr
+IMAGE ckan_2.8.2-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
 
 RUN EOF
     # Install runtime dependencies
@@ -40,8 +34,8 @@ RUN EOF
     pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt
 
     # Create OS user
-    addgroup -S -g 8003 ckan
-    adduser -S -u 8003 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan
+    addgroup -S -g 8080 ckan
+    adduser -S -u 8080 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan
     chown -R ckan:ckan /srv/ckan
 
     # Cleanup
@@ -50,8 +44,6 @@ RUN EOF
     rm -rf /root/.cache
 EOF
 
-MOUNT DIR /srv/ckan/conf etc/ckan
-MOUNT DIR /srv/ckan/data srv/ckan/storage
+COPY lxc
 
-USER 8003 8003
-CMD paster serve /etc/ckan/ckan.ini
+CMD s6-svscan /etc/services.d

lxc-apps/crisiscleanup/lxcfile

@@ -1,14 +1,8 @@
-IMAGE crisiscleanup 2.2.0-190620
-META title Crisis Cleanup
-META desc-cs Mapování následků katastrof
-META desc-en Disaster relief mapping
-META type app
-META license GPL
-META depends postgres
+IMAGE crisiscleanup_2.2.0-190620
 
-LAYER alpine3.8 3.8.4-190620
-LAYER alpine3.8-ruby2.4 2.4.5-190620
-LAYER alpine3.8-nodejs8 8.14.0-190620
+LAYER alpine3.8_3.8.4-190620
+LAYER alpine3.8-ruby2.4_2.4.5-190620
+LAYER alpine3.8-nodejs8_8.14.0-190620
 
 FIXLAYER /usr/bin/fix-apk
 

lxc-apps/cts/lxcfile

@@ -1,13 +1,7 @@
-IMAGE cts 0.8.0-190620
-META title CTS
-META desc-cs Sledovací systém komodit
-META desc-en Commodity tracking system
-META type app
-META license GPL
-META depends postgres
+IMAGE cts_0.8.0-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
 
 RUN EOF
     # Install runtime dependencies

lxc-apps/ecogis/lxcfile

@@ -1,13 +1,7 @@
-IMAGE ecogis 0.0.1-190620
-META title EcoGIS
-META desc-cs EcoGIS
-META desc-en EcoGIS
-META type app
-META license GPL
-META depends postgres
+IMAGE ecogis_0.0.1-190620
 
-LAYER alpine3.8 3.8.4-190620
-LAYER alpine3.8-php5.6 5.6.40-190620
+LAYER alpine3.8_3.8.4-190620
+LAYER alpine3.8-php5.6_5.6.40-190620
 
 RUN EOF
     # Install runtime dependencies

lxc-apps/frontlinesms/lxcfile

@@ -1,12 +1,7 @@
-IMAGE frontlinesms 2.6.5-190620
-META title FrontlineSMS
-META desc-cs Hromadné odesílání zpráv
-META desc-en Bulk SMS messaging
-META type app
-META license GPL
+IMAGE frontlinesms_2.6.5-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
 
 RUN EOF
     # Install runtime dependencies

lxc-apps/gnuhealth/lxcfile

@@ -1,14 +1,8 @@
-IMAGE gnuhealth 3.4.1-190620
-META title GNU Health
-META desc-cs Administrace lékařských záznamů
-META desc-en Medical records administration
-META type app
-META license GPL
-META depends postgres
+IMAGE gnuhealth_3.4.1-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python3.6 3.6.8-190620
-LAYER alpine3.9-nodejs10 10.14.2-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python3.6_3.6.8-190620
+LAYER alpine3.9-nodejs10_10.14.2-190620
 
 FIXLAYER /usr/bin/fix-apk
 

lxc-apps/kanboard/lxcfile

@@ -1,13 +1,7 @@
-IMAGE kanboard 1.2.9-190620
-META title KanBoard
-META desc-cs Kanban řízení projektů
-META desc-en Kanban project management
-META type app
-META license GPL
-META depends postgres
+IMAGE kanboard_1.2.9-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-php7.2 7.2.19-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-php7.2_7.2.19-190620
 
 RUN EOF
     # Install runtime dependencies

lxc-apps/mifosx/lxcfile

@@ -1,14 +1,8 @@
-IMAGE mifosx 18.03.01-190620
-META title Mifos X
-META desc-cs Mikrofinancování rozvojových projektů
-META desc-en Development projects microfinancing
-META type app
-META license GPL
-META depends mariadb
+IMAGE mifosx_18.03.01-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
-LAYER alpine3.9-tomcat8.5 8.5.41-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
+LAYER alpine3.9-tomcat8.5_8.5.41-190620
 
 RUN EOF
     # Install full-featured wget to work around sourceforge bugs

lxc-apps/motech/lxcfile

@@ -1,14 +1,8 @@
-IMAGE motech 1.3.0-190620
-META title Motech
-META desc-cs Automatizace komunikace
-META desc-en Communication automation
-META type app
-META license GPL
-META depends activemq postgres
+IMAGE motech_1.3.0-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
-LAYER alpine3.9-tomcat7 7.0.94-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
+LAYER alpine3.9-tomcat7_7.0.94-190620
 
 RUN EOF
     # Download Motech

lxc-apps/odoo/lxcfile

@@ -1,14 +1,8 @@
-IMAGE odoo 12.0.0-190620
-META title Odoo
-META desc-cs Sada aplikací pro správu organizace
-META desc-en Company management application suite
-META type app
-META license GPL
-META depends postgres
+IMAGE odoo_12.0.0-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python3.6 3.6.8-190620
-LAYER alpine3.9-nodejs10 10.14.2-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python3.6_3.6.8-190620
+LAYER alpine3.9-nodejs10_10.14.2-190620
 
 FIXLAYER /usr/bin/fix-apk
 

lxc-apps/opendatakit-build/lxcfile

@@ -1,14 +1,8 @@
-IMAGE opendatakit-build 0.3.5-190620
-META title OpenDataKit Build
-META desc-cs Sběr formulářových dat - návrh formulářů
-META desc-en Form data collection - Form designer
-META type app
-META license GPL
-META depends postgres
+IMAGE opendatakit-build_0.3.5-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-ruby2.4 2.4.5-190620
-LAYER alpine3.9-nodejs10 10.14.2-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-ruby2.4_2.4.5-190620
+LAYER alpine3.9-nodejs10_10.14.2-190620
 
 FIXLAYER /usr/bin/fix-apk
 

lxc-apps/opendatakit/lxcfile

@@ -1,14 +1,8 @@
-IMAGE opendatakit 2.0.3-190620
-META title OpenDataKit
-META desc-cs Sběr formulářových dat
-META desc-en Form data collection
-META type app
-META license GPL
-META depends postgres
+IMAGE opendatakit_2.0.3-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
-LAYER alpine3.9-tomcat8.5 8.5.41-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
+LAYER alpine3.9-tomcat8.5_8.5.41-190620
 
 RUN EOF
     # Download OpenDataKit

lxc-apps/openmapkit/lxcfile

@@ -1,14 +1,9 @@
-IMAGE openmapkit 0.12.0-190620
-META title OpenMapKit
-META desc-cs Sběr mapových dat
-META desc-en Map data collection
-META type app
-META license GPL
+IMAGE openmapkit_0.12.0-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
-LAYER alpine3.9-nodejs10 10.14.2-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
+LAYER alpine3.9-nodejs10_10.14.2-190620
 
 FIXLAYER /usr/bin/fix-apk
 

lxc-apps/pandora/lxcfile

@@ -1,13 +1,7 @@
-IMAGE pandora 0.0.1-190620
-META title Pan.do/ra
-META desc-cs Archiv medií
-META desc-en Media archive
-META type app
-META license GPL
-META depends postgres rabbitmq
+IMAGE pandora_0.0.1-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python3.6 3.6.8-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python3.6_3.6.8-190620
 
 RUN EOF
     # Install runtime dependencies

lxc-apps/sahana-demo/lxcfile

@@ -1,14 +1,8 @@
-IMAGE sahana-demo 0.0.1-190620
-META title Sahana Eden - Demo
-META desc-cs Řízení humanítární činnosti - Demo instance
-META desc-en Management of humanitarian activities - Demo instance
-META type app
-META license GPL
-META depends postgres
+IMAGE sahana-demo_0.0.1-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
-LAYER sahana-shared 0.0.1-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
+LAYER sahana-shared_0.0.1-190620
 
 MOUNT DIR /srv/sahana-demo/conf srv/web2py/applications/eden/models
 MOUNT DIR /srv/sahana-demo/data/default srv/web2py/applications/eden/modules/templates/default

lxc-apps/sahana-shared/lxcfile

@@ -1,12 +1,7 @@
-IMAGE sahana-shared 0.0.1-190620
-META title Sahana Eden - Shared layer
-META desc-cs Řízení humanítární činnosti - sdílená vrstva
-META desc-en Management of humanitarian activities - shared layer
-META type layer
-META license GPL
+IMAGE sahana-shared_0.0.1-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
 
 RUN EOF
     # Install runtime dependencies

lxc-apps/sahana/lxcfile

@@ -1,14 +1,8 @@
-IMAGE sahana 0.0.1-190620
-META title Sahana Eden
-META desc-cs Řízení humanítární činnosti
-META desc-en Management of humanitarian activities
-META type app
-META license GPL
-META depends postgres
+IMAGE sahana_0.0.1-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
-LAYER sahana-shared 0.0.1-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
+LAYER sahana-shared_0.0.1-190620
 
 MOUNT DIR /srv/sahana/conf srv/web2py/applications/eden/models
 MOUNT DIR /srv/sahana/data/Spotter srv/web2py/applications/eden/modules/templates/Spotter

lxc-apps/sambro/lxcfile

@@ -1,14 +1,8 @@
-IMAGE sambro 0.0.1-190620
-META title Sahana Eden - SAMBRO
-META desc-cs Řízení humanítární činnosti - Centrum hlášení a výstrah
-META desc-en Management of humanitarian activities - Reporting and alerting center
-META type app
-META license GPL
-META depends postgres
+IMAGE sambro_0.0.1-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-python2.7 2.7.16-190620
-LAYER sahana-shared 0.0.1-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-python2.7_2.7.16-190620
+LAYER sahana-shared_0.0.1-190620
 
 MOUNT DIR /srv/sambro/conf srv/web2py/applications/eden/models
 MOUNT DIR /srv/sambro/data/SAMBRO srv/web2py/applications/eden/modules/templates/SAMBRO

lxc-apps/seeddms/lxcfile

@@ -1,14 +1,8 @@
-IMAGE seeddms 5.1.9-190620
-META title SeedDMS
-META desc-cs Archiv dokumentace
-META desc-en Document management system
-META type app
-META license GPL
-META depends postgres
+IMAGE seeddms_5.1.9-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-php7.2 7.2.19-190620
-LAYER alpine3.9-python3.6 3.6.8-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-php7.2_7.2.19-190620
+LAYER alpine3.9-python3.6_3.6.8-190620
 
 FIXLAYER /usr/bin/fix-apk
 

lxc-apps/sigmah/lxcfile

@@ -1,14 +1,8 @@
-IMAGE sigmah 2.0.2-190620
-META title Sigmah
-META desc-cs Finanční řízení sbírek
-META desc-en Donation management
-META type app
-META license GPL
-META depends postgres
+IMAGE sigmah_2.0.2-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
-LAYER alpine3.9-tomcat8.5 8.5.41-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
+LAYER alpine3.9-tomcat8.5_8.5.41-190620
 
 RUN EOF
     # Download Sigmah

lxc-apps/ushahidi/lxcfile

@@ -1,13 +1,7 @@
-IMAGE ushahidi 3.12.3-190620
-META title Sigmah
-META desc-cs Skupinová reakce na události
-META desc-en Group reaction to events
-META type app
-META license GPL
-META depends mariadb
+IMAGE ushahidi_3.12.3-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-php7.2 7.2.19-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-php7.2_7.2.19-190620
 
 RUN EOF
     # Install runtime dependencies

lxc-services/activemq/lxcfile

@@ -1,12 +1,7 @@
-IMAGE activemq 5.15.9-190620
-META title ActiveMQ
-META desc-cs ActveMQ message broker
-META desc-en ActveMQ message broker
-META type service
-META license GPL
+IMAGE activemq_5.15.9-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
 
 RUN EOF
     # Download and install ActiveMQ

lxc-services/mariadb/lxcfile

@@ -1,11 +1,6 @@
-IMAGE mariadb 10.3.15-190620
-META title MariaDB
-META desc-cs Relační databázový systém kompatibilní s MySQL
-META desc-en MySQL-compatible relational database management system
-META type service
-META license GPL
+IMAGE mariadb_10.3.15-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     # Create OS user (which will be picked up later by apk add)
@@ -25,4 +20,5 @@ MOUNT DIR /srv/mariadb/data var/lib/mysql
 
 USER 3306 3306
 CMD mysqld
+READY test -e /run/mysqld/mysqld.sock
 HALT SIGTERM

lxc-services/postgis/lxcfile

@@ -0,0 +1,13 @@
+IMAGE postgis_11.3.0-190620
+
+LAYER alpine3.9_3.9.4-190620
+LAYER postgres_11.3.0-190620
+
+RUN EOF
+    # Install PostGIS
+    apk --no-cache add postgis@vm
+EOF
+
+USER 5432 5432
+CMD postgres -D /var/lib/postgresql
+READY pg_isready

lxc-services/postgres/install.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-set -ev
-
-cd $(realpath $(dirname "${0}"))/install
-
-# Create Postgres instance
-mkdir -p /srv/postgres/data
-chown -R 5432:5432 /srv/postgres/data
-chmod 700 /srv/postgres/data
-lxc-execute -n postgres -- initdb -D /var/lib/postgresql
-
-# Configure Postgres
-cp srv/postgres/data/postgresql.conf /srv/postgres/data/postgresql.conf
-cp srv/postgres/data/pg_hba.conf /srv/postgres/data/pg_hba.conf
-
-# Enable query logging. Only if the DEBUG environment variable is set
-if [ ${DEBUG:-0} -eq 1 ]; then
-    sed -i 's/^#log_destination/log_destination/' /srv/postgres/data/postgresql.conf
-    sed -i 's/^#log_statement/log_statement/' /srv/postgres/data/postgresql.conf
-fi
-
-# Install service
-cp etc/init.d/postgres /etc/init.d/postgres
-rc-update -u

lxc-services/postgres/install/etc/init.d/postgres

@@ -1,15 +0,0 @@
-#!/sbin/openrc-run
-
-description="Postgres container"
-
-start() {
-	lxc-start postgres
-}
-
-start_post() {
-	timeout -t 60 sh -c 'until lxc-attach postgres -- pg_isready >/dev/null 2>&1; do usleep 50000; done'
-}
-
-stop() {
-	lxc-stop postgres
-}

lxc-services/postgres/lxcfile

@@ -1,26 +1,20 @@
-IMAGE postgres 11.3.0-190620
-META title PostgreSQL
-META desc-cs Relační databázový systém s podporou pro geografické objekty
-META desc-en Relational database management system with support for geographic objects
-META type service
-META license GPL
+IMAGE postgres_11.3.0-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     # Modify OS user (which will be picked up later by apk add)
     sed -i 's/postgres:x:70:70/postgres:x:5432:5432/' /etc/passwd
     sed -i 's/postgres:x:70/postgres:x:5432/' /etc/group
 
-    # Install PostgreSQL + PostGIS
-    apk --no-cache add postgresql postgresql-contrib postgis@vm
+    # Install PostgreSQL
+    apk --no-cache add postgresql postgresql-contrib
 
     # Create socket directory 
     mkdir /run/postgresql
     chown postgres:postgres /run/postgresql
 EOF
 
-MOUNT DIR /srv/postgres/data var/lib/postgresql
-
 USER 5432 5432
-CMD postgres -D /var/lib/postgresql
+CMD postgres -D /etc/postgresql
+READY pg_isready

lxc-services/postgres/uninstall.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-set -ev
-
-# Remove service
-rm -f /etc/init.d/postgres
-rc-update -u

lxc-services/rabbitmq/lxcfile

@@ -1,11 +1,6 @@
-IMAGE rabbitmq 3.7.11-190620
-META title RabbitMQ
-META desc-cs Multiprotokolový message broker
-META desc-en Multi-protocol message broker
-META type service
-META license GPL
+IMAGE rabbitmq_3.7.11-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     # Create OS user (which will be picked up later by apk add)
@@ -21,3 +16,4 @@ MOUNT DIR /srv/rabbitmq/data var/lib/rabbitmq/mnesia
 USER 5672 5672
 ENV HOME /usr/lib/rabbitmq
 CMD rabbitmq-server
+READY grep -q "Server startup complete" /var/log/rabbitmq/rabbit@*.log

lxc-services/redis/install.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-set -ev
-
-cd $(realpath $(dirname "${0}"))/install
-
-# Configure Redis
-mkdir -p /srv/redis/conf /srv/redis/data
-cp srv/redis/conf/redis.conf /srv/redis/conf/redis.conf
-chown -R 6379:6379 /srv/redis/data
-
-# Install service
-cp etc/init.d/redis /etc/init.d/redis
-rc-update -u

lxc-services/redis/install/etc/init.d/redis

@@ -1,11 +0,0 @@
-#!/sbin/openrc-run
-
-description="Redis container"
-
-start() {
-	lxc-start redis
-}
-
-stop() {
-	lxc-stop redis
-}

lxc-services/redis/lxcfile

@@ -1,11 +1,6 @@
-IMAGE redis 4.0.12-190620
-META title Redis
-META desc-cs Pokročilá key-value databáze
-META desc-en Advanced key-value store
-META type service
-META license GPL
+IMAGE redis_4.0.12-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     # Create OS user (which will be picked up later by apk add)
@@ -16,8 +11,5 @@ RUN EOF
     apk --no-cache add redis
 EOF
 
-MOUNT FILE /srv/redis/conf/redis.conf etc/redis.conf
-MOUNT DIR /srv/redis/data var/lib/redis
-
 USER 6379 6379
 CMD redis-server /etc/redis.conf

lxc-services/redis/uninstall.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-set -ev
-
-# Remove service
-rm -f /etc/init.d/redis
-rc-update -u

lxc-services/solr/install.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-set -ev
-
-cd $(realpath $(dirname "${0}"))/install
-
-# Configure Solr
-mkdir -p /srv/solr/data
-cp /var/lib/lxc/solr/solr/opt/solr/server/solr/solr.xml /srv/solr/data/solr.xml
-chown -R 8983:8983 /srv/solr/data
-
-# Install service
-cp etc/init.d/solr /etc/init.d/solr
-rc-update -u

lxc-services/solr/install/etc/init.d/solr

@@ -1,11 +0,0 @@
-#!/sbin/openrc-run
-
-description="Solr container"
-
-start() {
-	lxc-start solr
-}
-
-stop() {
-	lxc-stop solr
-}

lxc-services/solr/uninstall.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-set -ev
-
-# Remove service
-rm -f /etc/init.d/solr
-rc-update -u

lxc-services/solr6/lxc/usr/bin/solr.in.sh

@@ -1,3 +1,3 @@
-SOLR_JAVA_MEM="-Xms32m -Xmx256m"
+SOLR_JAVA_MEM="-Xms32m -Xmx1024m"
 SOLR_HOME=/var/lib/solr
 SOLR_PORT=8983

lxc-services/solr6/lxcfile

@@ -1,12 +1,7 @@
-IMAGE solr 6.5.1-190620
-META title Solr
-META desc-cs Platforma pro fulltextové a fasetové vyhledávání
-META desc-en Fulltext and faceted search platform
-META type service
-META license GPL
+IMAGE solr6_6.5.1-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
 
 RUN EOF
     # Install runtime dependencies
@@ -27,7 +22,5 @@ EOF
 
 COPY lxc
 
-MOUNT DIR /srv/solr/data var/lib/solr
-
 USER 8983 8983
 CMD solr start -f

lxc-shared/alpine3.8-nodejs8/lxcfile

@@ -1,11 +1,6 @@
-IMAGE alpine3.8-nodejs8 8.14.0-190620
-META title Alpine 3.8 Node.js 8
-META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 8
-META desc-en Basic LXC layer with Node.js 8 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.8-nodejs8_8.14.0-190620
 
-LAYER alpine3.8 3.8.4-190620
+LAYER alpine3.8_3.8.4-190620
 
 RUN EOF
     apk --no-cache add nodejs

lxc-shared/alpine3.8-php5.6/lxcfile

@@ -1,13 +1,10 @@
-IMAGE alpine3.8-php5.6 5.6.40-190620
-META title Alpine 3.8 PHP 5.6
-META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 5.6
-META desc-en Basic LXC layer with PHP 5.6 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.8-php5.6_5.6.40-190620
 
-LAYER alpine3.8 3.8.4-190620
+LAYER alpine3.8_3.8.4-190620
 
 RUN EOF
     apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache
     ln -s /usr/bin/php5 /usr/bin/php
 EOF
+
+CMD php -a

lxc-shared/alpine3.8-ruby2.4/lxcfile

@@ -1,11 +1,6 @@
-IMAGE alpine3.8-ruby2.4 2.4.5-190620
-META title Alpine 3.8 Ruby 2.4
-META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4
-META desc-en Basic LXC layer with Ruby 2.4 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.8-ruby2.4_2.4.5-190620
 
-LAYER alpine3.8 3.8.4-190620
+LAYER alpine3.8_3.8.4-190620
 
 RUN EOF
     # Install Ruby runtime dependencies

lxc-shared/alpine3.8/lxcfile

@@ -1,9 +1,4 @@
-IMAGE alpine3.8 3.8.4-190620
-META title Alpine 3.8
-META desc-cs Základní LXC vrstva s Alpine linuxem 3.8
-META desc-en Basic LXC layer with Alpine linux 3.8
-META type layer
-META license GPL
+IMAGE alpine3.8_3.8.4-190620
 
 COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.8/x86_64/versions/library-3.8/x86_64/rootfs.tar.xz
 
@@ -13,4 +8,7 @@ RUN EOF
 
     # Install s6 supervisor
     apk --no-cache add libxml2 libxslt s6
+
+    # Cleanup
+    rm -rf /etc/crontabs/root /etc/periodic
 EOF

lxc-shared/alpine3.9-java8/lxcfile

@@ -1,11 +1,6 @@
-IMAGE alpine3.9-java8 8.212.04-190620
-META title Alpine 3.9 OpenJDK 8
-META desc-cs Základní LXC vrstva s běhovým prostředím pro Javu 8
-META desc-en Basic LXC layer with Java 8 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.9-java8_8.212.04-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     # nss needed due to https://github.com/docker-library/openjdk/issues/289 , https://bugs.alpinelinux.org/issues/10126

lxc-shared/alpine3.9-nodejs10/lxcfile

@@ -1,11 +1,6 @@
-IMAGE alpine3.9-nodejs10 10.14.2-190620
-META title Alpine 3.9 Node.js 10
-META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 10
-META desc-en Basic LXC layer with Node.js 10 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.9-nodejs10_10.14.2-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     apk --no-cache add nodejs

lxc-shared/alpine3.9-php7.2/lxcfile

@@ -1,12 +1,9 @@
-IMAGE alpine3.9-php7.2 7.2.19-190620
-META title Alpine 3.9 PHP 7.2
-META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 7.2
-META desc-en Basic LXC layer with PHP 7.2 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.9-php7.2_7.2.19-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     apk --no-cache add nginx php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session
 EOF
+
+CMD php -a

lxc-shared/alpine3.9-python2.7/lxcfile

@@ -1,12 +1,9 @@
-IMAGE alpine3.9-python2.7 2.7.16-190620
-META title Alpine 3.9 python 2.7
-META desc-cs Základní LXC vrstva s běhovým prostředím pro python 2.7
-META desc-en Basic LXC layer with python 2.7 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.9-python2.7_2.7.16-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     apk --no-cache add python2
 EOF
+
+CMD python

lxc-shared/alpine3.9-python3.6/lxcfile

@@ -1,13 +1,10 @@
-IMAGE alpine3.9-python3.6 3.6.8-190620
-META title Alpine 3.9 python 3.6
-META desc-cs Základní LXC vrstva s běhovým prostředím pro python 3.6
-META desc-en Basic LXC layer with python 3.6 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.9-python3.6_3.6.8-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     apk --no-cache add python3
     ln -s /usr/bin/python3 /usr/bin/python
 EOF
+
+CMD python

lxc-shared/alpine3.9-ruby2.4/lxcfile

@@ -1,11 +1,6 @@
-IMAGE alpine3.9-ruby2.4 2.4.5-190620
-META title Alpine 3.9 Ruby 2.4
-META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4
-META desc-en Basic LXC layer with Ruby 2.4 runtime environment
-META type layer
-META license GPL
+IMAGE alpine3.9-ruby2.4_2.4.5-190620
 
-LAYER alpine3.9 3.9.4-190620
+LAYER alpine3.9_3.9.4-190620
 
 RUN EOF
     # Install Ruby runtime dependencies

lxc-shared/alpine3.9-tomcat7/lxcfile

@@ -1,12 +1,7 @@
-IMAGE alpine3.9-tomcat7 7.0.94-190620
-META title Alpine 3.9 Tomcat 7
-META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 7
-META desc-en Basic LXC layer with Tomcat 7 JSP and servlet container
-META type layer
-META license GPL
+IMAGE alpine3.9-tomcat7_7.0.94-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
 
 RUN EOF
     # Install Tomcat 7
@@ -24,3 +19,5 @@ RUN EOF
 EOF
 
 COPY lxc
+
+RUN catalina.sh run

lxc-shared/alpine3.9-tomcat8.5/lxcfile

@@ -1,12 +1,7 @@
-IMAGE alpine3.9-tomcat8.5 8.5.41-190620
-META title Alpine 3.9 Tomcat 8.5
-META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 8.5
-META desc-en Basic LXC layer with Tomcat 8.5 JSP and servlet container
-META type layer
-META license GPL
+IMAGE alpine3.9-tomcat8.5_8.5.41-190620
 
-LAYER alpine3.9 3.9.4-190620
-LAYER alpine3.9-java8 8.212.04-190620
+LAYER alpine3.9_3.9.4-190620
+LAYER alpine3.9-java8_8.212.04-190620
 
 RUN EOF
     # Install Tomcat 8.5
@@ -29,3 +24,5 @@ RUN EOF
 EOF
 
 COPY lxc
+
+RUN catalina.sh run

lxc-shared/alpine3.9/lxcfile

@@ -1,9 +1,4 @@
-IMAGE alpine3.9 3.9.4-190620
-META title Alpine 3.9
-META desc-cs Základní LXC vrstva s Alpine linuxem 3.9
-META desc-en Basic LXC layer with Alpine linux 3.9
-META type layer
-META license GPL
+IMAGE alpine3.9_3.9.4-190620
 
 COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.9/x86_64/versions/library-3.9/x86_64/rootfs.tar.xz
 COPY lxc
@@ -14,4 +9,7 @@ RUN EOF
 
     # Install s6 supervisor
     apk --no-cache add libxml2 libxslt s6
+
+    # Cleanup
+    rm -rf /etc/crontabs/root /etc/periodic
 EOF