Introduce LXC-composer

This commit is contained in:
Disassembler 2019-09-18 11:29:58 +02:00
parent ec7e843024
commit 9f1f247484
Signed by: Disassembler
GPG Key ID: 524BD33A0EE29499
85 changed files with 473 additions and 777 deletions

@ -1 +1 @@
Subproject commit d9334fd12be8feb11106564d1a3b2e7526c89f43 Subproject commit 972ca0b6967edd56af96a7de159950ac9fcbc4a6

79
apps/ckan/install.sh Normal file
View File

@ -0,0 +1,79 @@
#!/bin/sh
set -ev
cd $(realpath $(dirname "${0}"))/install
# Create Postgres instance
mkdir -p /srv/ckan/postgres_data
chown -R 105432:105432 /srv/ckan/postgres_data
chmod 700 /srv/ckan/postgres_data
lxc-execute -n ckan_postgres -- initdb -D /var/lib/postgresql
# Configure Postgres
cp postgres_data/postgresql.conf /srv/ckan/postgres_data/postgresql.conf
cp postgres_data/pg_hba.conf /srv/ckan/postgres_data/pg_hba.conf
# Create database
export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
lxc-start ckan_postgres #TODO: wait?
envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql
# Configure Redis
mkdir -p /srv/ckan/redis_conf /srv/ckan/redis_data
cp redis_conf/redis.conf /srv/ckan/redis_conf/redis.conf
chown -R 106379:106379 /srv/ckan/redis_data
lxc-start ckan_redis
# Configure Solr
mkdir -p /srv/ckan/solr_data
lxc-execute ckan_solr -- cat /opt/solr/server/solr/solr.xml >/srv/ckan/solr_data/solr.xml
chown -R 108983:108983 /srv/ckan/solr_data
lxc-start ckan_solr # TODO: wait?
# Configure CKAN Solr core
lxc-attach -u 8983 -g 8983 ckan_solr -- solr create -p 8983 -c ckan # TODO: wait to ensure creation?
lxc-stop ckan_solr
cp solr_data/ckan/conf/schema.xml /srv/ckan/solr_data/ckan/conf/schema.xml
cp solr_data/ckan/conf/solrconfig.xml /srv/ckan/solr_data/ckan/conf/solrconfig.xml
chown 108983:108983 /srv/ckan/solr_data/ckan/conf/schema.xml # TODO: je to potreba?
lxc-start ckan_solr # TODO: wait?
# Configure CKAN DataPusher
mkdir -p /srv/ckan/datapusher_conf /srv/ckan/datapusher_data
cp datapusher_conf/datapusher.wsgi /srv/ckan/datapusher_conf/datapusher.wsgi
cp datapusher_conf/datapusher_settings.py /srv/ckan/datapusher_conf/datapusher_settings.py
chown -R 108080:108080 /srv/ckan/datapusher_data
# Configure CKAN
mkdir -p /srv/ckan/ckan_conf /srv/ckan/ckan_data
export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid)
envsubst <ckan_conf/ckan.ini >/srv/ckan/ckan_conf/ckan.ini
cp ckan_conf/who.ini /srv/ckan/ckan_conf/who.ini
chown -R 108080:108080 /srv/ckan/ckan_data
# Populate database
lxc-execute ckan_ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini
lxc-execute ckan_ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
lxc-execute ckan_ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql
# Create admin account
export CKAN_ADMIN_USER="admin"
export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid)
export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid)
export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
export CKAN_ADMIN_HASH=$(lxc-execute ckan_ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
export CKAN_ADMIN_EMAIL="admin@example.com"
envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql ckan
# Install config update script
cp update-conf.sh /srv/ckan/update-conf.sh
# Stop services required for setup
lxc-stop ckan_solr
lxc-stop ckan_postgres
lxc-stop ckan_redis
# Register application
vmmgr register-app ckan ckan "${CKAN_ADMIN_USER}" "${CKAN_ADMIN_PWD}"

View File

@ -1 +1 @@
INSERT INTO public.user (id, name, apikey, created, about, password, fullname, email, reset_key, sysadmin, activity_streams_email_notifications, state) VALUES ('${CKAN_ADMIN_UUID}', '${CKAN_ADMIN_USER}', '${CKAN_ADMIN_APIKEY}', NOW(), NULL, '${CKAN_ADMIN_HASH}', NULL, '${CKAN_ADMIN_EMAIL}', NULL, TRUE, FALSE, 'active'); INSERT INTO public.user (id, name, apikey, created, about, password, fullname, email, reset_key, sysadmin, activity_streams_email_notifications, state) VALUES ('${CKAN_ADMIN_UUID}', '${CKAN_ADMIN_USER}', '${CKAN_ADMIN_APIKEY}', NOW(), NULL, '${CKAN_ADMIN_HASH}', NULL, '${CKAN_ADMIN_EMAIL}', NULL, TRUE, FALSE, 'active');

View File

@ -1,16 +1,16 @@
CREATE ROLE ckan NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_PWD}'; CREATE ROLE ckan NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_PWD}';
CREATE ROLE ckan_datastore NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_DS_PWD}'; CREATE ROLE ckan_datastore NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${CKAN_DS_PWD}';
CREATE DATABASE ckan; CREATE DATABASE ckan;
REVOKE ALL ON DATABASE ckan FROM public; REVOKE ALL ON DATABASE ckan FROM public;
ALTER DATABASE ckan OWNER TO ckan; ALTER DATABASE ckan OWNER TO ckan;
CREATE DATABASE ckan_datastore; CREATE DATABASE ckan_datastore;
REVOKE ALL ON DATABASE ckan_datastore FROM public; REVOKE ALL ON DATABASE ckan_datastore FROM public;
GRANT CONNECT, CREATE, TEMPORARY ON DATABASE ckan_datastore TO ckan; GRANT CONNECT, CREATE, TEMPORARY ON DATABASE ckan_datastore TO ckan;
ALTER DATABASE ckan_datastore OWNER TO ckan_datastore; ALTER DATABASE ckan_datastore OWNER TO ckan_datastore;
\c ckan \c ckan
CREATE EXTENSION postgis; CREATE EXTENSION postgis;
GRANT ALL ON geometry_columns TO ckan; GRANT ALL ON geometry_columns TO ckan;
GRANT ALL ON spatial_ref_sys TO ckan; GRANT ALL ON spatial_ref_sys TO ckan;

View File

@ -177,7 +177,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# - Settings - # - Settings -
#wal_level = replica # minimal, replica, or logical wal_level = minimal # minimal, replica, or logical
# (change requires restart) # (change requires restart)
#fsync = on # flush data to disk for crash safety #fsync = on # flush data to disk for crash safety
# (turning this off can cause # (turning this off can cause
@ -232,12 +232,12 @@ dynamic_shared_memory_type = posix # the default is the first option
# Set these on the master and on any standby that will send replication data. # Set these on the master and on any standby that will send replication data.
#max_wal_senders = 10 # max number of walsender processes max_wal_senders = 0 # max number of walsender processes
# (change requires restart) # (change requires restart)
#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables #wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables #wal_sender_timeout = 60s # in milliseconds; 0 disables
#max_replication_slots = 10 # max number of replication slots max_replication_slots = 0 # max number of replication slots
# (change requires restart) # (change requires restart)
#track_commit_timestamp = off # collect timestamp of transaction commit #track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart) # (change requires restart)
@ -278,9 +278,9 @@ dynamic_shared_memory_type = posix # the default is the first option
# These settings are ignored on a publisher. # These settings are ignored on a publisher.
#max_logical_replication_workers = 4 # taken from max_worker_processes max_logical_replication_workers = 0 # taken from max_worker_processes
# (change requires restart) # (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------

View File

@ -191,7 +191,7 @@ databases 16
# #
# However it is possible to force the pre-4.0 behavior and always show a # However it is possible to force the pre-4.0 behavior and always show a
# ASCII art logo in startup logs by setting the following option to yes. # ASCII art logo in startup logs by setting the following option to yes.
always-show-logo yes always-show-logo no
################################ SNAPSHOTTING ################################ ################################ SNAPSHOTTING ################################
# #

View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!--
This is an example of a simple "solr.xml" file for configuring one or
more Solr Cores, as well as allowing Cores to be added, removed, and
reloaded via HTTP requests.
More information about options available in this configuration file,
and Solr Core administration can be found online:
http://wiki.apache.org/solr/CoreAdmin
-->
<solr>
<solrcloud>
<str name="host">${host:}</str>
<int name="hostPort">${jetty.port:8983}</int>
<str name="hostContext">${hostContext:solr}</str>
<bool name="genericCoreNodeNames">${genericCoreNodeNames:true}</bool>
<int name="zkClientTimeout">${zkClientTimeout:30000}</int>
<int name="distribUpdateSoTimeout">${distribUpdateSoTimeout:600000}</int>
<int name="distribUpdateConnTimeout">${distribUpdateConnTimeout:60000}</int>
<str name="zkCredentialsProvider">${zkCredentialsProvider:org.apache.solr.common.cloud.DefaultZkCredentialsProvider}</str>
<str name="zkACLProvider">${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider}</str>
</solrcloud>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<int name="socketTimeout">${socketTimeout:600000}</int>
<int name="connTimeout">${connTimeout:60000}</int>
</shardHandlerFactory>
</solr>

View File

@ -0,0 +1,10 @@
#!/bin/sh
HOST="${DOMAIN}"
[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}"
sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/ckan_conf/ckan.ini
sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/ckan_conf/ckan.ini
sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/ckan_conf/ckan.ini
sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" /srv/ckan/datapusher_conf/datapusher_settings.py

52
apps/ckan/meta Normal file
View File

@ -0,0 +1,52 @@
{
'version': '1234',
'meta': {
'title': 'CKAN',
'desc-cs': 'Datový sklad',
'desc-en': 'Data store',
'license': 'GPL'
},
'containers': {
'ckan': {
'image': 'ckan_123',
'depends': [
'ckan_datapusher',
'ckan_redis',
'ckan_solr',
'ckan_postgres'
],
'mounts': {
'/srv/ckan/ckan_conf': '/etc/ckan',
'/srv/ckan/ckan_data': '/srv/ckan/storage'
}
},
'ckan_datapusher': {
'image': 'ckan-datapusher_123',
'mounts': {
'/etc/ssl/services.pem': '/etc/ssl/services.pem',
'/srv/ckan/datapusher_conf': '/etc/ckan-datapusher',
'/srv/ckan/datapusher_data': '/srv/ckan-datapusher/data'
}
},
'ckan_redis': {
'image': 'redis_123',
'mounts': {
'/srv/ckan/redis_conf/redis.conf': '/etc/redis.conf'
'/srv/ckan/redis_data': '/var/lib/redis'
}
},
'ckan_solr': {
'image': 'solr_123',
'mounts': {
'/srv/ckan/solr_data': '/var/lib/solr'
}
},
'ckan_postgres': {
'image': 'postgis_123',
'mounts': {
'/srv/ckan/postgres_data': '/var/lib/postgresql'
}
}
},
'proxy': 'ckan'
}

0
lxc-apps/ckan/uninstall.sh → apps/ckan/uninstall.sh Executable file → Normal file
View File

View File

@ -1,6 +1,7 @@
#!/usr/bin/python3 #!/usr/bin/python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import sys
from lxcbuild.lxcimage import LXCImage from lxcbuild.lxcimage import LXCImage
if __name__ == '__main__': if __name__ == '__main__':

View File

@ -4,58 +4,25 @@ import os
import shutil import shutil
import subprocess import subprocess
import sys import sys
from vmmgr import lxcmgr
LXC_ROOT = '/var/lib/lxc' LXC_ROOT = '/var/lib/lxc'
CONFIG_TEMPLATE = '''# Image name
lxc.uts.name = {name}
# Network
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
# Volumes
lxc.rootfs.path = {rootfs}
# Mounts
lxc.mount.entry = shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
lxc.mount.entry = /etc/hosts etc/hosts none bind,create=file 0 0
lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,create=file 0 0
{mounts}
# Init
lxc.init.uid = {uid}
lxc.init.gid = {gid}
lxc.init.cwd = {cwd}
# Environment
lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
{env}
# Halt
lxc.signal.halt = {halt}
# Log
lxc.console.size = 1MB
lxc.console.logfile = /var/log/lxc/{name}.log
# Other
lxc.arch = x86_64
lxc.cap.drop = sys_admin
lxc.hook.pre-start = /usr/bin/vmmgr prepare-container
lxc.hook.start-host = /usr/bin/vmmgr register-container
lxc.hook.post-stop = /usr/bin/vmmgr unregister-container
lxc.include = /usr/share/lxc/config/common.conf
'''
class LXCBuilder: class LXCBuilder:
def __init__(self, image): def __init__(self, image):
self.image = image self.image = image
self.script = [] self.script = []
self.script_eof = None self.script_eof = None
self.already_built = False
def build(self): def build(self):
try:
self.image.conf['build'] = True
self.process_file()
except FileExistsError as e:
print(e)
del self.image.conf['build']
def process_file(self):
with open(self.image.lxcfile, 'r') as f: with open(self.image.lxcfile, 'r') as f:
for line in f: for line in f:
line = line.strip() line = line.strip()
@ -73,18 +40,14 @@ class LXCBuilder:
self.script = [] self.script = []
self.script_eof = args self.script_eof = args
elif 'IMAGE' == directive: elif 'IMAGE' == directive:
self.set_name(*args.split()) self.set_name(args)
elif 'META' == directive:
self.add_meta(*args.split(None, 1))
elif 'LAYER' == directive: elif 'LAYER' == directive:
self.add_layer(*args.split()) self.add_layer(args)
elif 'FIXLAYER' == directive: elif 'FIXLAYER' == directive:
self.fix_layer(args.split()) self.fix_layer(args.split())
elif 'COPY' == directive: elif 'COPY' == directive:
srcdst = args.split() srcdst = args.split()
self.copy_files(srcdst[0], srcdst[1] if len(srcdst) == 2 else '') self.copy_files(srcdst[0], srcdst[1] if len(srcdst) == 2 else '')
elif 'MOUNT' == directive:
self.add_mount(args.split())
elif 'ENV' == directive: elif 'ENV' == directive:
self.add_env(*args.split(None, 1)) self.add_env(*args.split(None, 1))
elif 'USER' == directive: elif 'USER' == directive:
@ -95,102 +58,65 @@ class LXCBuilder:
self.set_cwd(args) self.set_cwd(args)
elif 'HALT' == directive: elif 'HALT' == directive:
self.set_halt(args) self.set_halt(args)
elif 'READY' == directive:
self.set_ready(args)
def get_layer_path(self, layer): def get_layer_path(self, layer):
return os.path.join(LXC_ROOT, 'storage', layer) return os.path.join(LXC_ROOT, 'storage', layer)
def rebuild_config(self):
if not self.image.upper_layer:
return
upper_layer = self.get_layer_path(self.image.upper_layer)
if not self.image.layers:
rootfs = upper_layer
else:
# Multiple lower overlayfs layers are ordered from right to left (lower2:lower1:rootfs:upper)
layers = [self.get_layer_path(layer) for layer in self.image.layers]
rootfs = 'overlay:{}:{}'.format(':'.join(layers[::-1]), upper_layer)
mounts = '\n'.join(['lxc.mount.entry = {} {} none bind,create={} 0 0'.format(m[1], m[2], m[0].lower()) for m in self.image.mounts])
env = '\n'.join(['lxc.environment = {}={}'.format(e[0], e[1]) for e in self.image.env])
cwd = self.image.cwd if self.image.cwd else '/'
halt = self.image.halt if self.image.halt else 'SIGINT'
with open(os.path.join(LXC_ROOT, self.image.upper_layer, 'config'), 'w') as f:
f.write(CONFIG_TEMPLATE.format(name=self.image.upper_layer, rootfs=rootfs, mounts=mounts, env=env, uid=self.image.uid, gid=self.image.gid, cwd=cwd, halt=halt))
def run_script(self, script): def run_script(self, script):
if self.already_built: lxcmgr.register_container(self.image.name, self.image.conf)
return sh = os.path.join(self.get_layer_path(self.image.name), 'run.sh')
sh = os.path.join(self.get_layer_path(self.image.upper_layer), 'run.sh')
with open(sh, 'w') as f: with open(sh, 'w') as f:
f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script)))
os.chmod(sh, 0o700) os.chmod(sh, 0o700)
subprocess.run(['lxc-execute', '-n', self.image.upper_layer, '--', '/bin/sh', '-lc', '/run.sh'], check=True) os.chown(sh, 100000, 100000)
subprocess.run(['lxc-execute', self.image.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True)
os.unlink(sh) os.unlink(sh)
lxcmgr.unregister_container(self.image.name)
def set_name(self, name, version): def set_name(self, name):
self.image.name = name self.image.name = name
self.image.version = version self.image.conf['layers'] = [self.image.name]
self.image.upper_layer = '{}_{}'.format(self.image.name, self.image.version) image_path = self.get_layer_path(self.image.name)
layer_path = self.get_layer_path(self.image.upper_layer) os.makedirs(image_path, 0o755, True)
if os.path.exists(layer_path): os.chown(image_path, 100000, 100000)
self.already_built = True
print('Layer {} already exists, skipping build tasks'.format(self.image.upper_layer))
else:
os.makedirs(layer_path, 0o755, True)
os.makedirs(os.path.join(LXC_ROOT, self.image.upper_layer), 0o755, True)
self.rebuild_config()
def add_meta(self, key, value): def add_layer(self, name):
self.image.meta[key] = value self.image.conf['layers'].insert(0, name)
def add_layer(self, name, version):
self.image.layers.append('{}_{}'.format(name, version))
self.rebuild_config()
def fix_layer(self, cmd): def fix_layer(self, cmd):
if self.already_built: layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']]
return subprocess.run([cmd] + layers, check=True)
layers = [self.get_layer_path(layer) for layer in self.image.layers]
layers.append(self.get_layer_path(self.image.upper_layer))
subprocess.run([cmd]+layers, check=True)
def copy_files(self, src, dst): def copy_files(self, src, dst):
if self.already_built: dst = os.path.join(self.get_layer_path(self.image.name), dst)
return
dst = os.path.join(self.get_layer_path(self.image.upper_layer), dst)
if src.startswith('http://') or src.startswith('https://'): if src.startswith('http://') or src.startswith('https://'):
unpack_http_archive(src, dst) unpack_http_archive(src, dst)
else: else:
src = os.path.join(self.image.build_dir, src) copy_tree(os.path.join(self.build_dir, src), dst)
copy_tree(src, dst) shift_uid(dst)
def add_mount(self, args):
self.image.mounts.append(args)
if not self.already_built:
self.rebuild_config()
def add_env(self, args): def add_env(self, args):
self.image.env.append(args) if 'env' not in self.image.conf:
if not self.already_built: self.image.conf['env'] = []
self.rebuild_config() self.image.conf['env'].append(args)
def set_user(self, uid, gid): def set_user(self, uid, gid):
self.image.uid = uid self.image.conf['uid'] = uid
self.image.gid = gid self.image.conf['gid'] = gid
if not self.already_built:
self.rebuild_config()
def set_cmd(self, cmd): def set_cmd(self, cmd):
self.image.cmd = cmd self.image.conf['cmd'] = cmd
def set_cwd(self, cwd): def set_cwd(self, cwd):
self.image.cwd = cwd self.image.conf['cwd'] = cwd
if not self.already_built:
self.rebuild_config()
def set_halt(self, halt): def set_halt(self, halt):
self.image.halt = halt self.image.conf['halt'] = halt
if not self.already_built:
self.rebuild_config() def set_ready(self, cmd):
self.image.conf['ready'] = cmd
def unpack_http_archive(src, dst): def unpack_http_archive(src, dst):
xf = 'xzf' xf = 'xzf'
@ -211,3 +137,26 @@ def copy_tree(src, dst):
for name in os.listdir(src): for name in os.listdir(src):
copy_tree(os.path.join(src, name), os.path.join(dst, name)) copy_tree(os.path.join(src, name), os.path.join(dst, name))
shutil.copystat(src, dst) shutil.copystat(src, dst)
def shift_uid(dir):
shift_uid_entry(dir, os.stat(dir, follow_symlinks=True))
shift_uid_recursively(dir)
def shift_uid_recursively(dir):
for entry in os.scandir(dir):
shift_uid_entry(entry.path, entry.stat(follow_symlinks=False))
if entry.is_dir():
shift_uid_recursively(entry.path)
def shift_uid_entry(path, stat):
uid = stat.st_uid
gid = stat.st_gid
do_chown = False
if uid < 100000:
uid = uid + 100000
do_chown = True
if gid < 100000:
gid = gid + 100000
do_chown = True
if do_chown:
os.lchown(path, uid, gid)

View File

@ -8,17 +8,7 @@ from .lxcpacker import LXCPacker
class LXCImage: class LXCImage:
def __init__(self, build_path): def __init__(self, build_path):
self.name = None self.name = None
self.version = None self.conf = {}
self.meta = {}
self.layers = []
self.upper_layer = None
self.mounts = []
self.env = []
self.uid = 0
self.gid = 0
self.cmd = None
self.cwd = None
self.halt = None
if os.path.isfile(build_path): if os.path.isfile(build_path):
self.lxcfile = os.path.realpath(build_path) self.lxcfile = os.path.realpath(build_path)

View File

@ -23,7 +23,7 @@ class LXCPacker:
def pack(self): def pack(self):
# Prepare package file names # Prepare package file names
self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.upper_layer)) self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.name))
self.xz_path = '{}.xz'.format(self.tar_path) self.xz_path = '{}.xz'.format(self.tar_path)
if os.path.exists(self.xz_path): if os.path.exists(self.xz_path):
print('Package {} already exists, skipping packaging tasks'.format(self.xz_path)) print('Package {} already exists, skipping packaging tasks'.format(self.xz_path))
@ -35,36 +35,30 @@ class LXCPacker:
def create_archive(self): def create_archive(self):
# Create archive # Create archive
print('Archiving', self.image.upper_layer) print('Archiving', self.image.name)
subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.upper_layer)], cwd='/') subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.name)], cwd='/')
# Add install/upgrade/uninstall scripts # Add install/upgrade/uninstall scripts
# TODO: skripty balit jen s aplikacemi, ne s imagi
scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh')
scripts = [s for s in scripts if os.path.exists(os.path.join(self.image.build_dir, s))] scripts = [s for s in scripts if os.path.exists(os.path.join(self.image.build_dir, s))]
subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.upper_layer), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir) subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.name), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir)
# Compress the tarball with xz (LZMA2) # Compress the tarball with xz (LZMA2)
print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576)) print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576))
subprocess.run(['xz', '-9', self.tar_path]) subprocess.run(['xz', '-9', self.tar_path])
print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576)) print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576))
def register_package(self): def register_package(self):
# Prepare metadata
meta = self.image.meta.copy()
meta['lxc'] = {}
for key in ('layers', 'mounts', 'env', 'cmd', 'cwd', 'uid', 'gid', 'halt'):
value = getattr(self.image, key)
if value:
meta['lxc'][key] = value
# Register package # Register package
print('Registering package') print('Registering package')
packages = {}
packages_file = os.path.join(PKG_ROOT, 'packages') packages_file = os.path.join(PKG_ROOT, 'packages')
if os.path.exists(packages_file): if os.path.exists(packages_file):
with open(packages_file, 'r') as f: with open(packages_file, 'r') as f:
packages = json.load(f) packages = json.load(f)
packages[self.image.name] = meta else:
packages[self.image.name]['size'] = os.path.getsize(self.xz_path) packages = {'apps': {}, 'images': {}}
packages[self.image.name]['sha512'] = hash_file(self.xz_path) packages['images'][self.image.name] = self.image.conf.copy()
packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path)
packages['images'][self.image.name]['sha512'] = hash_file(self.xz_path)
with open(packages_file, 'w') as f: with open(packages_file, 'w') as f:
json.dump(packages, f, sort_keys=True, indent=4) json.dump(packages, f, sort_keys=True, indent=4)

View File

@ -1,17 +0,0 @@
#!/bin/sh
set -ev
cd $(realpath $(dirname "${0}"))/install
# Configure CKAN DataPusher
mkdir -p /srv/ckan-datapusher/conf /srv/ckan-datapusher/data
cp srv/ckan-datapusher/conf/datapusher.wsgi /srv/ckan-datapusher/conf/datapusher.wsgi
cp srv/ckan-datapusher/conf/datapusher_settings.py /srv/ckan-datapusher/conf/datapusher_settings.py
chown -R 8004:8004 /srv/ckan-datapusher/data
# Install service
cp etc/init.d/ckan-datapusher /etc/init.d/ckan-datapusher
rc-update -u
# Install config update script
cp srv/ckan-datapusher/update-conf.sh /srv/ckan-datapusher/update-conf.sh

View File

@ -1,11 +0,0 @@
#!/sbin/openrc-run
description="CKAN DataPusher container"
start() {
lxc-start ckan-datapusher
}
stop() {
lxc-stop ckan-datapusher
}

View File

@ -1,3 +0,0 @@
#!/bin/sh
sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" /srv/ckan-datapusher/conf/datapusher_settings.py

View File

@ -1,12 +1,7 @@
IMAGE ckan-datapusher 0.0.13-190620 IMAGE ckan-datapusher_0.0.13-190620
META title CKAN DataPusher
META desc-cs Služba datového skladu pro extrakci dat
META desc-en Data store data extraction service
META type app
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies
@ -26,8 +21,8 @@ RUN EOF
pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt
# Create OS user # Create OS user
addgroup -S -g 8004 ckandp addgroup -S -g 8080 ckandp
adduser -S -u 8004 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp adduser -S -u 8080 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp
chown -R ckandp:ckandp /srv/ckan-datapusher chown -R ckandp:ckandp /srv/ckan-datapusher
# Cleanup # Cleanup
@ -38,8 +33,4 @@ EOF
COPY lxc COPY lxc
MOUNT FILE /etc/ssl/services.pem etc/ssl/services.pem
MOUNT DIR /srv/ckan-datapusher/conf etc/ckan-datapusher
MOUNT DIR /srv/ckan-datapusher/data srv/ckan-datapusher/data
CMD execlineb -P /run CMD execlineb -P /run

View File

@ -1,6 +0,0 @@
#!/bin/sh
set -ev
# Remove service
rm -f /etc/init.d/ckan-datapusher
rc-update -u

View File

@ -1,66 +0,0 @@
#!/bin/sh
set -ev
cd $(realpath $(dirname "${0}"))/install
# Check prerequisites
[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1
[ ! -e /run/openrc/started/solr ] && service solr start && STOP_SOLR=1
# Create database
export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
# Configure CKAN Solr core
lxc-attach -u 8983 -g 8983 solr -- solr create -p 8983 -c ckan
cp srv/solr/data/ckan/conf/schema.xml /srv/solr/data/ckan/conf/schema.xml
cp srv/solr/data/ckan/conf/solrconfig.xml /srv/solr/data/ckan/conf/solrconfig.xml
chown 8983:8983 /srv/solr/data/ckan/conf/schema.xml
service solr restart
# Configure CKAN
mkdir -p /srv/ckan/conf /srv/ckan/data
export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid)
envsubst <srv/ckan/conf/ckan.ini >/srv/ckan/conf/ckan.ini
cp srv/ckan/conf/who.ini /srv/ckan/conf/who.ini
chown -R 8003:8003 /srv/ckan/data
# Set "production values" (increases performance) only if the DEBUG environment variable is not set
if [ ${DEBUG:-0} -eq 0 ]; then
sed -i 's/debug = true/debug = false/' /srv/ckan/conf/ckan.ini
fi
# Populate database
lxc-execute ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini
lxc-execute ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 postgres -- psql
# Create admin account
export CKAN_ADMIN_USER="admin"
export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid)
export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid)
export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
export CKAN_ADMIN_HASH=$(lxc-execute ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
export CKAN_ADMIN_EMAIL="admin@example.com"
envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql ckan
# Install cron job
cp etc/periodic/hourly/ckan /etc/periodic/hourly/ckan
# Install service
cp etc/init.d/ckan /etc/init.d/ckan
rc-update -u
# Install config update script
cp srv/ckan/update-conf.sh /srv/ckan/update-conf.sh
# Stop services required for setup
[ ! -z ${STOP_POSTGRES} ] && service postgres stop
[ ! -z ${STOP_REDIS} ] && service redis stop
[ ! -z ${STOP_SOLR} ] && service solr stop
# Register application
vmmgr register-app ckan ckan "${CKAN_ADMIN_USER}" "${CKAN_ADMIN_PWD}"

View File

@ -1,23 +0,0 @@
#!/sbin/openrc-run
description="CKAN container"
depend() {
need ckan-datapusher postgres redis solr
}
start() {
lxc-start ckan
}
start_post() {
vmmgr register-proxy ckan
}
stop_pre() {
vmmgr unregister-proxy ckan
}
stop() {
lxc-stop ckan
}

View File

@ -1,6 +0,0 @@
#!/bin/sh
if [ -e /run/openrc/started/ckan ]; then
lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null
lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null
fi

View File

@ -1,8 +0,0 @@
#!/bin/sh
HOST="${DOMAIN}"
[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}"
sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/conf/ckan.ini
sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/conf/ckan.ini
sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/conf/ckan.ini

View File

@ -0,0 +1,2 @@
0 * * * * paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null
0 * * * * paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null

View File

@ -0,0 +1,4 @@
#!/bin/execlineb -P
foreground { s6-svwait -d -t 3000 ckan }
foreground { s6-svwait -d -t 3000 cron }

View File

@ -0,0 +1,5 @@
#!/bin/execlineb -P
fdmove -c 2 1
s6-setuidgid ckan
paster serve /etc/ckan/ckan.ini

View File

@ -0,0 +1,4 @@
#!/bin/execlineb -P
fdmove -c 2 1
crond -f -d 8

View File

@ -1,13 +1,7 @@
IMAGE ckan 2.8.2-190620 IMAGE ckan_2.8.2-190620
META title CKAN
META desc-cs Datový sklad
META desc-en Data store
META type app
META license GPL
META depends ckan-datapusher postgres redis solr
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies
@ -40,8 +34,8 @@ RUN EOF
pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt
# Create OS user # Create OS user
addgroup -S -g 8003 ckan addgroup -S -g 8080 ckan
adduser -S -u 8003 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan adduser -S -u 8080 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan
chown -R ckan:ckan /srv/ckan chown -R ckan:ckan /srv/ckan
# Cleanup # Cleanup
@ -50,8 +44,6 @@ RUN EOF
rm -rf /root/.cache rm -rf /root/.cache
EOF EOF
MOUNT DIR /srv/ckan/conf etc/ckan COPY lxc
MOUNT DIR /srv/ckan/data srv/ckan/storage
USER 8003 8003 CMD s6-svscan /etc/services.d
CMD paster serve /etc/ckan/ckan.ini

View File

@ -1,14 +1,8 @@
IMAGE crisiscleanup 2.2.0-190620 IMAGE crisiscleanup_2.2.0-190620
META title Crisis Cleanup
META desc-cs Mapování následků katastrof
META desc-en Disaster relief mapping
META type app
META license GPL
META depends postgres
LAYER alpine3.8 3.8.4-190620 LAYER alpine3.8_3.8.4-190620
LAYER alpine3.8-ruby2.4 2.4.5-190620 LAYER alpine3.8-ruby2.4_2.4.5-190620
LAYER alpine3.8-nodejs8 8.14.0-190620 LAYER alpine3.8-nodejs8_8.14.0-190620
FIXLAYER /usr/bin/fix-apk FIXLAYER /usr/bin/fix-apk

View File

@ -1,13 +1,7 @@
IMAGE cts 0.8.0-190620 IMAGE cts_0.8.0-190620
META title CTS
META desc-cs Sledovací systém komodit
META desc-en Commodity tracking system
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies

View File

@ -1,13 +1,7 @@
IMAGE ecogis 0.0.1-190620 IMAGE ecogis_0.0.1-190620
META title EcoGIS
META desc-cs EcoGIS
META desc-en EcoGIS
META type app
META license GPL
META depends postgres
LAYER alpine3.8 3.8.4-190620 LAYER alpine3.8_3.8.4-190620
LAYER alpine3.8-php5.6 5.6.40-190620 LAYER alpine3.8-php5.6_5.6.40-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies

View File

@ -1,12 +1,7 @@
IMAGE frontlinesms 2.6.5-190620 IMAGE frontlinesms_2.6.5-190620
META title FrontlineSMS
META desc-cs Hromadné odesílání zpráv
META desc-en Bulk SMS messaging
META type app
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies

View File

@ -1,14 +1,8 @@
IMAGE gnuhealth 3.4.1-190620 IMAGE gnuhealth_3.4.1-190620
META title GNU Health
META desc-cs Administrace lékařských záznamů
META desc-en Medical records administration
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python3.6 3.6.8-190620 LAYER alpine3.9-python3.6_3.6.8-190620
LAYER alpine3.9-nodejs10 10.14.2-190620 LAYER alpine3.9-nodejs10_10.14.2-190620
FIXLAYER /usr/bin/fix-apk FIXLAYER /usr/bin/fix-apk

View File

@ -1,13 +1,7 @@
IMAGE kanboard 1.2.9-190620 IMAGE kanboard_1.2.9-190620
META title KanBoard
META desc-cs Kanban řízení projektů
META desc-en Kanban project management
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-php7.2 7.2.19-190620 LAYER alpine3.9-php7.2_7.2.19-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies

View File

@ -1,14 +1,8 @@
IMAGE mifosx 18.03.01-190620 IMAGE mifosx_18.03.01-190620
META title Mifos X
META desc-cs Mikrofinancování rozvojových projektů
META desc-en Development projects microfinancing
META type app
META license GPL
META depends mariadb
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
LAYER alpine3.9-tomcat8.5 8.5.41-190620 LAYER alpine3.9-tomcat8.5_8.5.41-190620
RUN EOF RUN EOF
# Install full-featured wget to work around sourceforge bugs # Install full-featured wget to work around sourceforge bugs

View File

@ -1,14 +1,8 @@
IMAGE motech 1.3.0-190620 IMAGE motech_1.3.0-190620
META title Motech
META desc-cs Automatizace komunikace
META desc-en Communication automation
META type app
META license GPL
META depends activemq postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
LAYER alpine3.9-tomcat7 7.0.94-190620 LAYER alpine3.9-tomcat7_7.0.94-190620
RUN EOF RUN EOF
# Download Motech # Download Motech

View File

@ -1,14 +1,8 @@
IMAGE odoo 12.0.0-190620 IMAGE odoo_12.0.0-190620
META title Odoo
META desc-cs Sada aplikací pro správu organizace
META desc-en Company management application suite
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python3.6 3.6.8-190620 LAYER alpine3.9-python3.6_3.6.8-190620
LAYER alpine3.9-nodejs10 10.14.2-190620 LAYER alpine3.9-nodejs10_10.14.2-190620
FIXLAYER /usr/bin/fix-apk FIXLAYER /usr/bin/fix-apk

View File

@ -1,14 +1,8 @@
IMAGE opendatakit-build 0.3.5-190620 IMAGE opendatakit-build_0.3.5-190620
META title OpenDataKit Build
META desc-cs Sběr formulářových dat - návrh formulářů
META desc-en Form data collection - Form designer
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-ruby2.4 2.4.5-190620 LAYER alpine3.9-ruby2.4_2.4.5-190620
LAYER alpine3.9-nodejs10 10.14.2-190620 LAYER alpine3.9-nodejs10_10.14.2-190620
FIXLAYER /usr/bin/fix-apk FIXLAYER /usr/bin/fix-apk

View File

@ -1,14 +1,8 @@
IMAGE opendatakit 2.0.3-190620 IMAGE opendatakit_2.0.3-190620
META title OpenDataKit
META desc-cs Sběr formulářových dat
META desc-en Form data collection
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
LAYER alpine3.9-tomcat8.5 8.5.41-190620 LAYER alpine3.9-tomcat8.5_8.5.41-190620
RUN EOF RUN EOF
# Download OpenDataKit # Download OpenDataKit

View File

@ -1,14 +1,9 @@
IMAGE openmapkit 0.12.0-190620 IMAGE openmapkit_0.12.0-190620
META title OpenMapKit
META desc-cs Sběr mapových dat
META desc-en Map data collection
META type app
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
LAYER alpine3.9-nodejs10 10.14.2-190620 LAYER alpine3.9-nodejs10_10.14.2-190620
FIXLAYER /usr/bin/fix-apk FIXLAYER /usr/bin/fix-apk

View File

@ -1,13 +1,7 @@
IMAGE pandora 0.0.1-190620 IMAGE pandora_0.0.1-190620
META title Pan.do/ra
META desc-cs Archiv medií
META desc-en Media archive
META type app
META license GPL
META depends postgres rabbitmq
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python3.6 3.6.8-190620 LAYER alpine3.9-python3.6_3.6.8-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies

View File

@ -1,14 +1,8 @@
IMAGE sahana-demo 0.0.1-190620 IMAGE sahana-demo_0.0.1-190620
META title Sahana Eden - Demo
META desc-cs Řízení humanítární činnosti - Demo instance
META desc-en Management of humanitarian activities - Demo instance
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
LAYER sahana-shared 0.0.1-190620 LAYER sahana-shared_0.0.1-190620
MOUNT DIR /srv/sahana-demo/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sahana-demo/conf srv/web2py/applications/eden/models
MOUNT DIR /srv/sahana-demo/data/default srv/web2py/applications/eden/modules/templates/default MOUNT DIR /srv/sahana-demo/data/default srv/web2py/applications/eden/modules/templates/default

View File

@ -1,12 +1,7 @@
IMAGE sahana-shared 0.0.1-190620 IMAGE sahana-shared_0.0.1-190620
META title Sahana Eden - Shared layer
META desc-cs Řízení humanítární činnosti - sdílená vrstva
META desc-en Management of humanitarian activities - shared layer
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies

View File

@ -1,14 +1,8 @@
IMAGE sahana 0.0.1-190620 IMAGE sahana_0.0.1-190620
META title Sahana Eden
META desc-cs Řízení humanítární činnosti
META desc-en Management of humanitarian activities
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
LAYER sahana-shared 0.0.1-190620 LAYER sahana-shared_0.0.1-190620
MOUNT DIR /srv/sahana/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sahana/conf srv/web2py/applications/eden/models
MOUNT DIR /srv/sahana/data/Spotter srv/web2py/applications/eden/modules/templates/Spotter MOUNT DIR /srv/sahana/data/Spotter srv/web2py/applications/eden/modules/templates/Spotter

View File

@ -1,14 +1,8 @@
IMAGE sambro 0.0.1-190620 IMAGE sambro_0.0.1-190620
META title Sahana Eden - SAMBRO
META desc-cs Řízení humanítární činnosti - Centrum hlášení a výstrah
META desc-en Management of humanitarian activities - Reporting and alerting center
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-python2.7 2.7.16-190620 LAYER alpine3.9-python2.7_2.7.16-190620
LAYER sahana-shared 0.0.1-190620 LAYER sahana-shared_0.0.1-190620
MOUNT DIR /srv/sambro/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sambro/conf srv/web2py/applications/eden/models
MOUNT DIR /srv/sambro/data/SAMBRO srv/web2py/applications/eden/modules/templates/SAMBRO MOUNT DIR /srv/sambro/data/SAMBRO srv/web2py/applications/eden/modules/templates/SAMBRO

View File

@ -1,14 +1,8 @@
IMAGE seeddms 5.1.9-190620 IMAGE seeddms_5.1.9-190620
META title SeedDMS
META desc-cs Archiv dokumentace
META desc-en Document management system
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-php7.2 7.2.19-190620 LAYER alpine3.9-php7.2_7.2.19-190620
LAYER alpine3.9-python3.6 3.6.8-190620 LAYER alpine3.9-python3.6_3.6.8-190620
FIXLAYER /usr/bin/fix-apk FIXLAYER /usr/bin/fix-apk

View File

@ -1,14 +1,8 @@
IMAGE sigmah 2.0.2-190620 IMAGE sigmah_2.0.2-190620
META title Sigmah
META desc-cs Finanční řízení sbírek
META desc-en Donation management
META type app
META license GPL
META depends postgres
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
LAYER alpine3.9-tomcat8.5 8.5.41-190620 LAYER alpine3.9-tomcat8.5_8.5.41-190620
RUN EOF RUN EOF
# Download Sigmah # Download Sigmah

View File

@ -1,13 +1,7 @@
IMAGE ushahidi 3.12.3-190620 IMAGE ushahidi_3.12.3-190620
META title Sigmah
META desc-cs Skupinová reakce na události
META desc-en Group reaction to events
META type app
META license GPL
META depends mariadb
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-php7.2 7.2.19-190620 LAYER alpine3.9-php7.2_7.2.19-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies

View File

@ -1,12 +1,7 @@
IMAGE activemq 5.15.9-190620 IMAGE activemq_5.15.9-190620
META title ActiveMQ
META desc-cs ActveMQ message broker
META desc-en ActveMQ message broker
META type service
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
RUN EOF RUN EOF
# Download and install ActiveMQ # Download and install ActiveMQ

View File

@ -1,11 +1,6 @@
IMAGE mariadb 10.3.15-190620 IMAGE mariadb_10.3.15-190620
META title MariaDB
META desc-cs Relační databázový systém kompatibilní s MySQL
META desc-en MySQL-compatible relational database management system
META type service
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
# Create OS user (which will be picked up later by apk add) # Create OS user (which will be picked up later by apk add)
@ -25,4 +20,5 @@ MOUNT DIR /srv/mariadb/data var/lib/mysql
USER 3306 3306 USER 3306 3306
CMD mysqld CMD mysqld
READY test -e /run/mysqld/mysqld.sock
HALT SIGTERM HALT SIGTERM

View File

@ -0,0 +1,13 @@
IMAGE postgis_11.3.0-190620
LAYER alpine3.9_3.9.4-190620
LAYER postgres_11.3.0-190620
RUN EOF
# Install PostGIS
apk --no-cache add postgis@vm
EOF
USER 5432 5432
CMD postgres -D /var/lib/postgresql
READY pg_isready

View File

@ -1,24 +0,0 @@
#!/bin/sh
set -ev
cd $(realpath $(dirname "${0}"))/install
# Create Postgres instance
mkdir -p /srv/postgres/data
chown -R 5432:5432 /srv/postgres/data
chmod 700 /srv/postgres/data
lxc-execute -n postgres -- initdb -D /var/lib/postgresql
# Configure Postgres
cp srv/postgres/data/postgresql.conf /srv/postgres/data/postgresql.conf
cp srv/postgres/data/pg_hba.conf /srv/postgres/data/pg_hba.conf
# Enable query logging. Only if the DEBUG environment variable is set
if [ ${DEBUG:-0} -eq 1 ]; then
sed -i 's/^#log_destination/log_destination/' /srv/postgres/data/postgresql.conf
sed -i 's/^#log_statement/log_statement/' /srv/postgres/data/postgresql.conf
fi
# Install service
cp etc/init.d/postgres /etc/init.d/postgres
rc-update -u

View File

@ -1,15 +0,0 @@
#!/sbin/openrc-run
description="Postgres container"
start() {
lxc-start postgres
}
start_post() {
timeout -t 60 sh -c 'until lxc-attach postgres -- pg_isready >/dev/null 2>&1; do usleep 50000; done'
}
stop() {
lxc-stop postgres
}

View File

@ -1,26 +1,20 @@
IMAGE postgres 11.3.0-190620 IMAGE postgres_11.3.0-190620
META title PostgreSQL
META desc-cs Relační databázový systém s podporou pro geografické objekty
META desc-en Relational database management system with support for geographic objects
META type service
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
# Modify OS user (which will be picked up later by apk add) # Modify OS user (which will be picked up later by apk add)
sed -i 's/postgres:x:70:70/postgres:x:5432:5432/' /etc/passwd sed -i 's/postgres:x:70:70/postgres:x:5432:5432/' /etc/passwd
sed -i 's/postgres:x:70/postgres:x:5432/' /etc/group sed -i 's/postgres:x:70/postgres:x:5432/' /etc/group
# Install PostgreSQL + PostGIS # Install PostgreSQL
apk --no-cache add postgresql postgresql-contrib postgis@vm apk --no-cache add postgresql postgresql-contrib
# Create socket directory # Create socket directory
mkdir /run/postgresql mkdir /run/postgresql
chown postgres:postgres /run/postgresql chown postgres:postgres /run/postgresql
EOF EOF
MOUNT DIR /srv/postgres/data var/lib/postgresql
USER 5432 5432 USER 5432 5432
CMD postgres -D /var/lib/postgresql CMD postgres -D /etc/postgresql
READY pg_isready

View File

@ -1,6 +0,0 @@
#!/bin/sh
set -ev
# Remove service
rm -f /etc/init.d/postgres
rc-update -u

View File

@ -1,11 +1,6 @@
IMAGE rabbitmq 3.7.11-190620 IMAGE rabbitmq_3.7.11-190620
META title RabbitMQ
META desc-cs Multiprotokolový message broker
META desc-en Multi-protocol message broker
META type service
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
# Create OS user (which will be picked up later by apk add) # Create OS user (which will be picked up later by apk add)
@ -21,3 +16,4 @@ MOUNT DIR /srv/rabbitmq/data var/lib/rabbitmq/mnesia
USER 5672 5672 USER 5672 5672
ENV HOME /usr/lib/rabbitmq ENV HOME /usr/lib/rabbitmq
CMD rabbitmq-server CMD rabbitmq-server
READY grep -q "Server startup complete" /var/log/rabbitmq/rabbit@*.log

View File

@ -1,13 +0,0 @@
#!/bin/sh
set -ev
cd $(realpath $(dirname "${0}"))/install
# Configure Redis
mkdir -p /srv/redis/conf /srv/redis/data
cp srv/redis/conf/redis.conf /srv/redis/conf/redis.conf
chown -R 6379:6379 /srv/redis/data
# Install service
cp etc/init.d/redis /etc/init.d/redis
rc-update -u

View File

@ -1,11 +0,0 @@
#!/sbin/openrc-run
description="Redis container"
start() {
lxc-start redis
}
stop() {
lxc-stop redis
}

View File

@ -1,11 +1,6 @@
IMAGE redis 4.0.12-190620 IMAGE redis_4.0.12-190620
META title Redis
META desc-cs Pokročilá key-value databáze
META desc-en Advanced key-value store
META type service
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
# Create OS user (which will be picked up later by apk add) # Create OS user (which will be picked up later by apk add)
@ -16,8 +11,5 @@ RUN EOF
apk --no-cache add redis apk --no-cache add redis
EOF EOF
MOUNT FILE /srv/redis/conf/redis.conf etc/redis.conf
MOUNT DIR /srv/redis/data var/lib/redis
USER 6379 6379 USER 6379 6379
CMD redis-server /etc/redis.conf CMD redis-server /etc/redis.conf

View File

@ -1,6 +0,0 @@
#!/bin/sh
set -ev
# Remove service
rm -f /etc/init.d/redis
rc-update -u

View File

@ -1,13 +0,0 @@
#!/bin/sh
set -ev
cd $(realpath $(dirname "${0}"))/install
# Configure Solr
mkdir -p /srv/solr/data
cp /var/lib/lxc/solr/solr/opt/solr/server/solr/solr.xml /srv/solr/data/solr.xml
chown -R 8983:8983 /srv/solr/data
# Install service
cp etc/init.d/solr /etc/init.d/solr
rc-update -u

View File

@ -1,11 +0,0 @@
#!/sbin/openrc-run
description="Solr container"
start() {
lxc-start solr
}
stop() {
lxc-stop solr
}

View File

@ -1,6 +0,0 @@
#!/bin/sh
set -ev
# Remove service
rm -f /etc/init.d/solr
rc-update -u

View File

@ -1,3 +1,3 @@
SOLR_JAVA_MEM="-Xms32m -Xmx256m" SOLR_JAVA_MEM="-Xms32m -Xmx1024m"
SOLR_HOME=/var/lib/solr SOLR_HOME=/var/lib/solr
SOLR_PORT=8983 SOLR_PORT=8983

View File

@ -1,12 +1,7 @@
IMAGE solr 6.5.1-190620 IMAGE solr6_6.5.1-190620
META title Solr
META desc-cs Platforma pro fulltextové a fasetové vyhledávání
META desc-en Fulltext and faceted search platform
META type service
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
RUN EOF RUN EOF
# Install runtime dependencies # Install runtime dependencies
@ -27,7 +22,5 @@ EOF
COPY lxc COPY lxc
MOUNT DIR /srv/solr/data var/lib/solr
USER 8983 8983 USER 8983 8983
CMD solr start -f CMD solr start -f

View File

@ -1,11 +1,6 @@
IMAGE alpine3.8-nodejs8 8.14.0-190620 IMAGE alpine3.8-nodejs8_8.14.0-190620
META title Alpine 3.8 Node.js 8
META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 8
META desc-en Basic LXC layer with Node.js 8 runtime environment
META type layer
META license GPL
LAYER alpine3.8 3.8.4-190620 LAYER alpine3.8_3.8.4-190620
RUN EOF RUN EOF
apk --no-cache add nodejs apk --no-cache add nodejs

View File

@ -1,13 +1,10 @@
IMAGE alpine3.8-php5.6 5.6.40-190620 IMAGE alpine3.8-php5.6_5.6.40-190620
META title Alpine 3.8 PHP 5.6
META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 5.6
META desc-en Basic LXC layer with PHP 5.6 runtime environment
META type layer
META license GPL
LAYER alpine3.8 3.8.4-190620 LAYER alpine3.8_3.8.4-190620
RUN EOF RUN EOF
apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache
ln -s /usr/bin/php5 /usr/bin/php ln -s /usr/bin/php5 /usr/bin/php
EOF EOF
CMD php -a

View File

@ -1,11 +1,6 @@
IMAGE alpine3.8-ruby2.4 2.4.5-190620 IMAGE alpine3.8-ruby2.4_2.4.5-190620
META title Alpine 3.8 Ruby 2.4
META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4
META desc-en Basic LXC layer with Ruby 2.4 runtime environment
META type layer
META license GPL
LAYER alpine3.8 3.8.4-190620 LAYER alpine3.8_3.8.4-190620
RUN EOF RUN EOF
# Install Ruby runtime dependencies # Install Ruby runtime dependencies

View File

@ -1,9 +1,4 @@
IMAGE alpine3.8 3.8.4-190620 IMAGE alpine3.8_3.8.4-190620
META title Alpine 3.8
META desc-cs Základní LXC vrstva s Alpine linuxem 3.8
META desc-en Basic LXC layer with Alpine linux 3.8
META type layer
META license GPL
COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.8/x86_64/versions/library-3.8/x86_64/rootfs.tar.xz COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.8/x86_64/versions/library-3.8/x86_64/rootfs.tar.xz
@ -13,4 +8,7 @@ RUN EOF
# Install s6 supervisor # Install s6 supervisor
apk --no-cache add libxml2 libxslt s6 apk --no-cache add libxml2 libxslt s6
# Cleanup
rm -rf /etc/crontabs/root /etc/periodic
EOF EOF

View File

@ -1,11 +1,6 @@
IMAGE alpine3.9-java8 8.212.04-190620 IMAGE alpine3.9-java8_8.212.04-190620
META title Alpine 3.9 OpenJDK 8
META desc-cs Základní LXC vrstva s běhovým prostředím pro Javu 8
META desc-en Basic LXC layer with Java 8 runtime environment
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
# nss needed due to https://github.com/docker-library/openjdk/issues/289 , https://bugs.alpinelinux.org/issues/10126 # nss needed due to https://github.com/docker-library/openjdk/issues/289 , https://bugs.alpinelinux.org/issues/10126

View File

@ -1,11 +1,6 @@
IMAGE alpine3.9-nodejs10 10.14.2-190620 IMAGE alpine3.9-nodejs10_10.14.2-190620
META title Alpine 3.9 Node.js 10
META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 10
META desc-en Basic LXC layer with Node.js 10 runtime environment
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
apk --no-cache add nodejs apk --no-cache add nodejs

View File

@ -1,12 +1,9 @@
IMAGE alpine3.9-php7.2 7.2.19-190620 IMAGE alpine3.9-php7.2_7.2.19-190620
META title Alpine 3.9 PHP 7.2
META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 7.2
META desc-en Basic LXC layer with PHP 7.2 runtime environment
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
apk --no-cache add nginx php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session apk --no-cache add nginx php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session
EOF EOF
CMD php -a

View File

@ -1,12 +1,9 @@
IMAGE alpine3.9-python2.7 2.7.16-190620 IMAGE alpine3.9-python2.7_2.7.16-190620
META title Alpine 3.9 python 2.7
META desc-cs Základní LXC vrstva s běhovým prostředím pro python 2.7
META desc-en Basic LXC layer with python 2.7 runtime environment
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
apk --no-cache add python2 apk --no-cache add python2
EOF EOF
CMD python

View File

@ -1,13 +1,10 @@
IMAGE alpine3.9-python3.6 3.6.8-190620 IMAGE alpine3.9-python3.6_3.6.8-190620
META title Alpine 3.9 python 3.6
META desc-cs Základní LXC vrstva s běhovým prostředím pro python 3.6
META desc-en Basic LXC layer with python 3.6 runtime environment
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
apk --no-cache add python3 apk --no-cache add python3
ln -s /usr/bin/python3 /usr/bin/python ln -s /usr/bin/python3 /usr/bin/python
EOF EOF
CMD python

View File

@ -1,11 +1,6 @@
IMAGE alpine3.9-ruby2.4 2.4.5-190620 IMAGE alpine3.9-ruby2.4_2.4.5-190620
META title Alpine 3.9 Ruby 2.4
META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4
META desc-en Basic LXC layer with Ruby 2.4 runtime environment
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
RUN EOF RUN EOF
# Install Ruby runtime dependencies # Install Ruby runtime dependencies

View File

@ -1,12 +1,7 @@
IMAGE alpine3.9-tomcat7 7.0.94-190620 IMAGE alpine3.9-tomcat7_7.0.94-190620
META title Alpine 3.9 Tomcat 7
META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 7
META desc-en Basic LXC layer with Tomcat 7 JSP and servlet container
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
RUN EOF RUN EOF
# Install Tomcat 7 # Install Tomcat 7
@ -24,3 +19,5 @@ RUN EOF
EOF EOF
COPY lxc COPY lxc
RUN catalina.sh run

View File

@ -1,12 +1,7 @@
IMAGE alpine3.9-tomcat8.5 8.5.41-190620 IMAGE alpine3.9-tomcat8.5_8.5.41-190620
META title Alpine 3.9 Tomcat 8.5
META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 8.5
META desc-en Basic LXC layer with Tomcat 8.5 JSP and servlet container
META type layer
META license GPL
LAYER alpine3.9 3.9.4-190620 LAYER alpine3.9_3.9.4-190620
LAYER alpine3.9-java8 8.212.04-190620 LAYER alpine3.9-java8_8.212.04-190620
RUN EOF RUN EOF
# Install Tomcat 8.5 # Install Tomcat 8.5
@ -29,3 +24,5 @@ RUN EOF
EOF EOF
COPY lxc COPY lxc
RUN catalina.sh run

View File

@ -1,9 +1,4 @@
IMAGE alpine3.9 3.9.4-190620 IMAGE alpine3.9_3.9.4-190620
META title Alpine 3.9
META desc-cs Základní LXC vrstva s Alpine linuxem 3.9
META desc-en Basic LXC layer with Alpine linux 3.9
META type layer
META license GPL
COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.9/x86_64/versions/library-3.9/x86_64/rootfs.tar.xz COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.9/x86_64/versions/library-3.9/x86_64/rootfs.tar.xz
COPY lxc COPY lxc
@ -14,4 +9,7 @@ RUN EOF
# Install s6 supervisor # Install s6 supervisor
apk --no-cache add libxml2 libxslt s6 apk --no-cache add libxml2 libxslt s6
# Cleanup
rm -rf /etc/crontabs/root /etc/periodic
EOF EOF