From ca553c8a419126a2bd91a8fa370e7e33d452dcc3 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 3 Jul 2024 13:42:22 +0200 Subject: [PATCH 1/4] refs #7442 jenkins agent & reprepro fixes --- jenkins-agent/Dockerfile | 3 +++ phpldapadmin/Dockerfile | 6 +++--- reprepro/Dockerfile | 22 +++++++++++++++++++--- reprepro/entrypoint.sh | 4 ++++ 4 files changed, 29 insertions(+), 6 deletions(-) create mode 100755 reprepro/entrypoint.sh diff --git a/jenkins-agent/Dockerfile b/jenkins-agent/Dockerfile index 91236d5..f08aea2 100644 --- a/jenkins-agent/Dockerfile +++ b/jenkins-agent/Dockerfile @@ -31,6 +31,9 @@ RUN apt-get install -y apt-transport-https ca-certificates curl gnupg \ && apt-get update \ && apt-get install -y kubectl +# Docker +COPY --from=docker:26.1.3-cli /usr/local/bin/docker /usr/local/bin/ + # Docker compose RUN curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \ -o /usr/local/bin/docker-compose \ diff --git a/phpldapadmin/Dockerfile b/phpldapadmin/Dockerfile index d04e37b..f36baba 100644 --- a/phpldapadmin/Dockerfile +++ b/phpldapadmin/Dockerfile @@ -11,9 +11,9 @@ RUN echo "deb http://ftp.es.debian.org/debian stretch-backports main" \ php-xml \ && rm -rf /var/lib/apt/lists/* \ && . /etc/apache2/envvars \ - && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ - && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ - && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" + && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" COPY apache.conf /etc/apache2/sites-available/phpldapadmin.conf diff --git a/reprepro/Dockerfile b/reprepro/Dockerfile index 9d39a9c..7642085 100644 --- a/reprepro/Dockerfile +++ b/reprepro/Dockerfile @@ -1,7 +1,23 @@ -FROM php:7.4.1-apache +FROM debian:bookworm-slim +ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update \ - && apt-get install -y --no-install-recommends reprepro \ - && rm -rf /var/lib/apt/lists/* + && apt-get install -y --no-install-recommends \ + apache2 \ + reprepro \ + openssh-server \ + && rm -rf /var/lib/apt/lists/* \ + && . /etc/apache2/envvars \ + && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" COPY apache.conf /etc/apache2/conf-enabled/reprepro.conf + +WORKDIR /reprepro +COPY entrypoint.sh ./ + +EXPOSE 80 + +ENTRYPOINT [ "/reprepro/entrypoint.sh" ] +CMD ["apachectl", "-D", "FOREGROUND"] diff --git a/reprepro/entrypoint.sh b/reprepro/entrypoint.sh new file mode 100755 index 0000000..54c7a76 --- /dev/null +++ b/reprepro/entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +service ssh start +exec $@ \ No newline at end of file From 1c43cfdcc154d4b77077bd88f1c4bd96ce699d17 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 9 Jul 2024 11:30:13 +0200 Subject: [PATCH 2/4] refs #7442 Reprepro, debuild fixes & refactor, push script, README improved --- README.md | 48 +++-------- debuild/Dockerfile | 10 +-- mrbs/kube-compose.yml | 162 ----------------------------------- portainer/docker-compose.yml | 44 ---------- push.conf | 2 + push.sh | 42 +++++++++ reprepro/Dockerfile | 20 +++-- reprepro/README.md | 7 ++ reprepro/apache-conf.conf | 8 ++ reprepro/apache-site.conf | 3 + reprepro/apache.conf | 13 --- 11 files changed, 93 insertions(+), 266 deletions(-) delete mode 100644 mrbs/kube-compose.yml delete mode 100644 portainer/docker-compose.yml create mode 100644 push.conf create mode 100755 push.sh create mode 100644 reprepro/README.md create mode 100644 reprepro/apache-conf.conf create mode 100644 reprepro/apache-site.conf delete mode 100644 reprepro/apache.conf diff --git a/README.md b/README.md index f781a9a..667d1d7 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,25 @@ -# Docker +# Verdnatura Docker images Dockerfile and compose files used as basis for service deployment. -## Prepare environment +To build, tag and push an image you can use the provided *push.sh* script. -``` -registry=[registryUrl] -image=[imageName] -tag=[versionTag] -``` +## Registry authentication -## Build image - -Build the image with *latest* tag. -``` -docker build -t $registry/$image $image -``` - -Tag the image with version. -``` -docker tag $registry/$image $registry/$image:$tag -``` - -Test image locally -``` -docker run --name test $registry/$image:$tag -``` - -## Push image - -Login into docker registry (If it's the first time or you are not saving credentials). +Login into docker registry, if you don't logout, credentials will remain saved +in your home directory. ``` docker login $registry ``` -Push the *latest* image and version tag. -``` -docker push $registry/$image -docker push $registry/$image:$tag -``` - -Logout from docker registry (If you don't logout, credentials will remain saved -in your home directory). +Logout from docker registry. ``` docker logout $registry ``` + +## Test image + +Run image locally. +``` +docker run --name test $registry/$image:$tag +``` diff --git a/debuild/Dockerfile b/debuild/Dockerfile index 50ab619..0cd0b8c 100644 --- a/debuild/Dockerfile +++ b/debuild/Dockerfile @@ -7,7 +7,6 @@ RUN apt-get update \ build-essential \ debhelper \ devscripts \ - reprepro \ sudo RUN apt-get update \ @@ -22,10 +21,9 @@ RUN apt-get update \ && npm install -g npm RUN groupadd -g 1000 jenkins \ - && useradd -d /var/jenkins_home -u 1000 -g 1000 -m -s /bin/bash jenkins \ + && useradd -d /home/jenkins -u 1000 -g 1000 -m -s /bin/bash jenkins \ && echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins \ - && mkdir /reprepro + && mkdir -p /home/jenkins/agent/workspace \ + && chown -R jenkins:jenkins /home/jenkins/agent -VOLUME ["/reprepro"] - -COPY vn-includedeb /usr/bin/ +USER jenkins diff --git a/mrbs/kube-compose.yml b/mrbs/kube-compose.yml deleted file mode 100644 index 48ca509..0000000 --- a/mrbs/kube-compose.yml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: mrbs - labels: - app: mrbs -spec: - ingressClassName: nginx - rules: - - host: mrbs.verdnatura.es - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: mrbs - port: - number: 80 ---- -apiVersion: v1 -kind: Service -metadata: - name: mrbs - labels: - app: mrbs -spec: - ports: - - port: 80 - targetPort: 80 - selector: - app: mrbs ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mrbs - labels: - app: mrbs -spec: - replicas: 1 - selector: - matchLabels: - app: mrbs - strategy: - type: Recreate - template: - metadata: - labels: - app: mrbs - spec: - containers: - - image: registry.verdnatura.es/mrbs:1.11.2-vn1 - name: main - ports: - - containerPort: 80 - resources: - limits: - memory: 1Gi - volumeMounts: - - name: secret - mountPath: /var/www/html/web/config.inc.php - subPath: config.inc.php - restartPolicy: Always - imagePullSecrets: - - name: regcred - volumes: - - name: secret - secret: - secretName: mrbs.config - defaultMode: 420 ---- -apiVersion: v1 -kind: Service -metadata: - name: mrbs-db - labels: - app: mrbs-db -spec: - type: NodePort - ports: - - port: 3306 - targetPort: 3306 - selector: - io.kompose.service: mrbs-db ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mrbs.db - labels: - app: mrbs -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: mrbs-db - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: mrbs-db - spec: - containers: - - image: mariadb:10.11.4 - name: mrbs-db - args: - - --transaction-isolation=READ-COMMITTED - - --binlog-format=ROW - - --ignore-db-dir=lost+found - env: - - name: MYSQL_DATABASE - value: mrbs - - name: MYSQL_USER - value: mrbs - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: mrbs.env - key: MYSQL_PASSWORD - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mrbs.env - key: MYSQL_ROOT_PASSWORD - ports: - - containerPort: 3306 - resources: - limits: - memory: 500Mi - volumeMounts: - - mountPath: /var/lib/mysql - name: db - - mountPath: /etc/localtime - name: localtime - readOnly: true - restartPolicy: Always - volumes: - - name: db - persistentVolumeClaim: - claimName: mrbs.db - - name: localtime - hostPath: - path: /etc/localtime - type: File - readOnly: true ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mrbs.db - labels: - app: mrdb -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: csi-rbd-ssd-sc - volumeMode: Filesystem diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml deleted file mode 100644 index 0aa52be..0000000 --- a/portainer/docker-compose.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: '3.2' -services: - agent: - image: portainer/agent:2.17.1 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /var/lib/docker/volumes:/var/lib/docker/volumes - - /var/lib/rexray/volumes:/var/lib/rexray/volumes - networks: - - agent - deploy: - mode: global - placement: - constraints: [node.platform.os == linux] - resources: - limits: - memory: 500M - main: - image: portainer/portainer-ce:2.17.1 - command: -H tcp://tasks.agent:9001 --tlsskipverify - ports: - - "80:9000" - - "8000:8000" - volumes: - - data:/data - networks: - - agent - deploy: - mode: replicated - replicas: 1 - placement: - constraints: [node.role == manager] - resources: - limits: - memory: 2G -networks: - agent: - driver: overlay - attachable: true -volumes: - data: - driver: rexray - driver_opts: - size: 4 \ No newline at end of file diff --git a/push.conf b/push.conf new file mode 100644 index 0000000..307f46f --- /dev/null +++ b/push.conf @@ -0,0 +1,2 @@ +registry="registry.verdnatura.es/verdnatura" +revisionPrefix="vn" diff --git a/push.sh b/push.sh new file mode 100755 index 0000000..95ba774 --- /dev/null +++ b/push.sh @@ -0,0 +1,42 @@ +#!/bin/bash +set -e + +MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$MY_DIR/push.conf" + +# Prepare the environment + +image=$1 +version=$2 +revision=$3 + +if [[ -z "$image" || -z "$version" ]]; then + echo "Usage: $0 []" + exit 1 +fi + +tag="$version" +if [ ! -z "$revision" ]; then + tag="$tag-$revisionPrefix$revision" +fi + +fullImage="$registry/$image" +latestImage="$fullImage:latest" +taggedImage="$fullImage:$tag" + +echo "Image: $taggedImage" +read -p "Continue? (Default: no) [y|n]: " ANSWER +if [ "$ANSWER" != "y" ]; then + echo "Aborting push." + exit 3 +fi + +# Build and tag the image + +docker build -t "$latestImage" "$image" +docker tag "$latestImage" "$taggedImage" + +# Push the built image + +docker push "$latestImage" +docker push "$taggedImage" diff --git a/reprepro/Dockerfile b/reprepro/Dockerfile index 7642085..b0b71f8 100644 --- a/reprepro/Dockerfile +++ b/reprepro/Dockerfile @@ -12,12 +12,20 @@ RUN apt-get update \ && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" -COPY apache.conf /etc/apache2/conf-enabled/reprepro.conf - -WORKDIR /reprepro -COPY entrypoint.sh ./ - +WORKDIR /var/lib/reprepro EXPOSE 80 -ENTRYPOINT [ "/reprepro/entrypoint.sh" ] +RUN groupadd -g 600 reprepro \ + && useradd -d /var/lib/reprepro -u 600 -g 600 -m -s /bin/bash reprepro + +COPY apache-conf.conf /etc/apache2/conf-available/reprepro.conf +COPY apache-site.conf /etc/apache2/sites-available/reprepro.conf + +RUN a2enconf reprepro \ + && a2ensite reprepro \ + && a2dissite 000-default + +COPY entrypoint.sh / + +ENTRYPOINT [ "/entrypoint.sh" ] CMD ["apachectl", "-D", "FOREGROUND"] diff --git a/reprepro/README.md b/reprepro/README.md new file mode 100644 index 0000000..e3e0af4 --- /dev/null +++ b/reprepro/README.md @@ -0,0 +1,7 @@ +# Reprepro docker image + +APT server using Reprepro and Apache HTTP server. + +## Links + +* https://github.com/bbinet/docker-reprepro \ No newline at end of file diff --git a/reprepro/apache-conf.conf b/reprepro/apache-conf.conf new file mode 100644 index 0000000..3029531 --- /dev/null +++ b/reprepro/apache-conf.conf @@ -0,0 +1,8 @@ + + Options Indexes + Options +FollowSymLinks + AllowOverride None + Order Allow,Deny + Allow From All + Require all granted + \ No newline at end of file diff --git a/reprepro/apache-site.conf b/reprepro/apache-site.conf new file mode 100644 index 0000000..5ec4de5 --- /dev/null +++ b/reprepro/apache-site.conf @@ -0,0 +1,3 @@ + + DocumentRoot /var/lib/reprepro/repo/ + \ No newline at end of file diff --git a/reprepro/apache.conf b/reprepro/apache.conf deleted file mode 100644 index ed6c658..0000000 --- a/reprepro/apache.conf +++ /dev/null @@ -1,13 +0,0 @@ - - Options Indexes - Options +FollowSymLinks - AllowOverride None - Order Allow,Deny - Allow From All - Require all granted - - - Order Deny,Allow - Deny From All - Require all denied - \ No newline at end of file From 94eb3d25efdb499de29e6c8e341d9187190c0878 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 10 Jul 2024 12:45:02 +0200 Subject: [PATCH 3/4] refs #7442 Debuild clean --- debuild/Dockerfile | 6 +++--- debuild/vn-includedeb | 35 ----------------------------------- 2 files changed, 3 insertions(+), 38 deletions(-) delete mode 100755 debuild/vn-includedeb diff --git a/debuild/Dockerfile b/debuild/Dockerfile index 0cd0b8c..b323eaf 100644 --- a/debuild/Dockerfile +++ b/debuild/Dockerfile @@ -6,8 +6,7 @@ RUN apt-get update \ && apt-get install -y \ build-essential \ debhelper \ - devscripts \ - sudo + devscripts RUN apt-get update \ && apt-get install -y --no-install-recommends \ @@ -20,9 +19,10 @@ RUN apt-get update \ nodejs \ && npm install -g npm +RUN rm -rf /var/lib/apt/lists/* + RUN groupadd -g 1000 jenkins \ && useradd -d /home/jenkins -u 1000 -g 1000 -m -s /bin/bash jenkins \ - && echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins \ && mkdir -p /home/jenkins/agent/workspace \ && chown -R jenkins:jenkins /home/jenkins/agent diff --git a/debuild/vn-includedeb b/debuild/vn-includedeb deleted file mode 100755 index 4cb09bf..0000000 --- a/debuild/vn-includedeb +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -set -e - -srcDir=. - -if [ ! -f "$srcDir/debian/changelog" ]; then - echo "Invalid source directory." - exit 1 -fi - -codename=$1 -buildDir="$srcDir/.." - -if [ -z "$codename" ]; then - codename="stable" -fi - -cut -d" " -f1 "$srcDir/debian/files" | -while read debFile; do - if [[ ! "$debFile" =~ .*\.deb$ ]]; then - continue - fi - - echo "Adding $debFile" - cp "$buildDir/$debFile" /tmp - sudo -u www-data reprepro -b /reprepro --gnupghome /reprepro/.gnupg \ - includedeb $codename "/tmp/$debFile" -done - -echo "Cleaning." -(cd "$srcDir" && debian/rules clean) -rm -f $buildDir/*.deb -rm -f $buildDir/*.changes -rm -f $buildDir/*.build -rm -f $buildDir/*.buildinfo From 03af1e775e9d9e5e2ae68583c3f1ac777eb21224 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 15 Jul 2024 07:50:11 +0200 Subject: [PATCH 4/4] refs #7442 Cache script --- image-cache.sh | 18 ++++++++++++++++++ push.sh => image-push.sh | 4 ++-- image.conf | 3 +++ push.conf | 2 -- semaphore/Dockerfile | 27 +++++++++++++-------------- 5 files changed, 36 insertions(+), 18 deletions(-) create mode 100755 image-cache.sh rename push.sh => image-push.sh (91%) create mode 100644 image.conf delete mode 100644 push.conf diff --git a/image-cache.sh b/image-cache.sh new file mode 100755 index 0000000..08e4a92 --- /dev/null +++ b/image-cache.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -e + +MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$MY_DIR/image.conf" + +image=$1 + +if [[ -z "$image" ]]; then + echo "Usage: $0 " + exit 1 +fi + +taggedImage="$registry/$image" + +docker image pull "$image" +docker image tag "$image" "$taggedImage" +docker image push "$taggedImage" diff --git a/push.sh b/image-push.sh similarity index 91% rename from push.sh rename to image-push.sh index 95ba774..7d14dec 100755 --- a/push.sh +++ b/image-push.sh @@ -2,7 +2,7 @@ set -e MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -source "$MY_DIR/push.conf" +source "$MY_DIR/image.conf" # Prepare the environment @@ -20,7 +20,7 @@ if [ ! -z "$revision" ]; then tag="$tag-$revisionPrefix$revision" fi -fullImage="$registry/$image" +fullImage="$registry/$repository/$image" latestImage="$fullImage:latest" taggedImage="$fullImage:$tag" diff --git a/image.conf b/image.conf new file mode 100644 index 0000000..f62e824 --- /dev/null +++ b/image.conf @@ -0,0 +1,3 @@ +registry="registry.verdnatura.es" +repository="verdnatura" +revisionPrefix="vn" diff --git a/push.conf b/push.conf deleted file mode 100644 index 307f46f..0000000 --- a/push.conf +++ /dev/null @@ -1,2 +0,0 @@ -registry="registry.verdnatura.es/verdnatura" -revisionPrefix="vn" diff --git a/semaphore/Dockerfile b/semaphore/Dockerfile index 7614b7b..eae047f 100644 --- a/semaphore/Dockerfile +++ b/semaphore/Dockerfile @@ -10,22 +10,21 @@ RUN pip install --upgrade pip \ pip install --upgrade pywinrm[credssp] #RUN apt-get update \ - # && apt-get upgrade -y \ - # && apt-get install -y --no-install-recommends \ - # gcc \ - # libffi-devel \ - # python3 \ - # epel-release \ - # python3-pip \ - # wget - +# && apt-get upgrade -y \ +# && apt-get install -y --no-install-recommends \ +# gcc \ +# libffi-devel \ +# python3 \ +# epel-release \ +# python3-pip \ +# wget #RUN pip3 install --upgrade pip \ - # pip3 install --upgrade virtualenv \ - # pip3 install pywinrm[kerberos] \ - # pip3 install pywinrm \ - # pip3 install jmspath \ - # pip3 install request prueba +# pip3 install --upgrade virtualenv \ +# pip3 install pywinrm[kerberos] \ +# pip3 install pywinrm \ +# pip3 install jmspath \ +# pip3 install request prueba RUN ls /usr/local/bin/