diff --git a/README.md b/README.md index f781a9a..ab6a614 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,30 @@ -# Docker +# Verdnatura Docker image repository -Dockerfile and compose files used as basis for service deployment. +Dockerfile and compose files used as basis for Verdnatura service deployment. -## Prepare environment +Some scripts are provided to speed up the most common actions: -``` -registry=[registryUrl] -image=[imageName] -tag=[versionTag] -``` +* *image-build.sh*: Build, tag and push an own image. +* *image-cache.sh*: Cache docker hub image in the local registry. -## Build image +Use *image.conf* for local registry and repository configuration. -Build the image with *latest* tag. -``` -docker build -t $registry/$image $image -``` +## Registry authentication -Tag the image with version. -``` -docker tag $registry/$image $registry/$image:$tag -``` - -Test image locally -``` -docker run --name test $registry/$image:$tag -``` - -## Push image - -Login into docker registry (If it's the first time or you are not saving credentials). +Login into docker registry, if you don't logout, credentials will remain saved +in your home directory. ``` docker login $registry ``` -Push the *latest* image and version tag. -``` -docker push $registry/$image -docker push $registry/$image:$tag -``` - -Logout from docker registry (If you don't logout, credentials will remain saved -in your home directory). +Logout from docker registry. ``` docker logout $registry ``` + +## Test image + +Run image locally. +``` +docker run --name test $registry/$image:$tag +``` diff --git a/debuild/Dockerfile b/debuild/Dockerfile index 50ab619..b323eaf 100644 --- a/debuild/Dockerfile +++ b/debuild/Dockerfile @@ -6,9 +6,7 @@ RUN apt-get update \ && apt-get install -y \ build-essential \ debhelper \ - devscripts \ - reprepro \ - sudo + devscripts RUN apt-get update \ && apt-get install -y --no-install-recommends \ @@ -21,11 +19,11 @@ RUN apt-get update \ nodejs \ && npm install -g npm +RUN rm -rf /var/lib/apt/lists/* + RUN groupadd -g 1000 jenkins \ - && useradd -d /var/jenkins_home -u 1000 -g 1000 -m -s /bin/bash jenkins \ - && echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins \ - && mkdir /reprepro + && useradd -d /home/jenkins -u 1000 -g 1000 -m -s /bin/bash jenkins \ + && mkdir -p /home/jenkins/agent/workspace \ + && chown -R jenkins:jenkins /home/jenkins/agent -VOLUME ["/reprepro"] - -COPY vn-includedeb /usr/bin/ +USER jenkins diff --git a/debuild/vn-includedeb b/debuild/vn-includedeb deleted file mode 100755 index 4cb09bf..0000000 --- a/debuild/vn-includedeb +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -set -e - -srcDir=. - -if [ ! -f "$srcDir/debian/changelog" ]; then - echo "Invalid source directory." - exit 1 -fi - -codename=$1 -buildDir="$srcDir/.." - -if [ -z "$codename" ]; then - codename="stable" -fi - -cut -d" " -f1 "$srcDir/debian/files" | -while read debFile; do - if [[ ! "$debFile" =~ .*\.deb$ ]]; then - continue - fi - - echo "Adding $debFile" - cp "$buildDir/$debFile" /tmp - sudo -u www-data reprepro -b /reprepro --gnupghome /reprepro/.gnupg \ - includedeb $codename "/tmp/$debFile" -done - -echo "Cleaning." -(cd "$srcDir" && debian/rules clean) -rm -f $buildDir/*.deb -rm -f $buildDir/*.changes -rm -f $buildDir/*.build -rm -f $buildDir/*.buildinfo diff --git a/freeradius/Dockerfile b/freeradius/Dockerfile deleted file mode 100644 index faa1a68..0000000 --- a/freeradius/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM freeradius/freeradius-server:3.0.20 - -RUN apt-get update \ - && apt-get install -y patch \ - && rm -rf /var/lib/apt/lists/* - -COPY default.patch inner-tunnel.patch ./ - -RUN echo "Patching site config files to use LDAP module" \ - && patch /etc/raddb/sites-available/default default.patch \ - && patch /etc/raddb/sites-available/inner-tunnel inner-tunnel.patch - -COPY eap /etc/raddb/mods-enabled/ diff --git a/freeradius/default.patch b/freeradius/default.patch deleted file mode 100644 index 027787b..0000000 --- a/freeradius/default.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- default 2019-11-14 17:00:00.000000000 +0000 -+++ default.local 2020-04-16 11:02:21.483549795 +0000 -@@ -419,7 +419,7 @@ - - # - # The ldap module reads passwords from the LDAP database. -- -ldap -+ ldap - - # - # Enforce daily limits on time spent logged in. -@@ -530,9 +530,9 @@ - # authentication server, and knows what to do with authentication. - # LDAP servers do not. - # --# Auth-Type LDAP { --# ldap --# } -+ Auth-Type LDAP { -+ ldap -+ } - - # - # Allow EAP authentication. diff --git a/freeradius/eap b/freeradius/eap deleted file mode 100644 index 60cee49..0000000 --- a/freeradius/eap +++ /dev/null @@ -1,20 +0,0 @@ - -eap { - default_eap_type = ttls - - gtc { - auth_type = PAP - } - tls-config tls-common { - private_key_file = ${certdir}/server.pem - certificate_file = ${certdir}/server.pem - ca_file = ${cadir}/ca.pem - tls_min_version = "1.2" - } - ttls { - tls = tls-common - default_eap_type = gtc - use_tunneled_reply = yes - virtual_server = "inner-tunnel" - } -} diff --git a/freeradius/inner-tunnel.patch b/freeradius/inner-tunnel.patch deleted file mode 100644 index 7b9028e..0000000 --- a/freeradius/inner-tunnel.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- inner-tunnel 2019-11-14 17:00:00.000000000 +0000 -+++ inner-tunnel.local 2020-04-16 10:59:58.519556165 +0000 -@@ -151,7 +151,7 @@ - - # - # The ldap module reads passwords from the LDAP database. -- -ldap -+ ldap - - # - # Enforce daily limits on time spent logged in. -@@ -238,9 +238,9 @@ - # authentication server, and knows what to do with authentication. - # LDAP servers do not. - # --# Auth-Type LDAP { --# ldap --# } -+ Auth-Type LDAP { -+ ldap -+ } - - # - # Allow EAP authentication. diff --git a/httpd/Dockerfile b/httpd/Dockerfile index 3689004..432bf20 100644 --- a/httpd/Dockerfile +++ b/httpd/Dockerfile @@ -1,3 +1,3 @@ -FROM httpd:2.4.58 +FROM httpd:2.4.61 RUN echo "IncludeOptional conf.d/*.conf" >> conf/httpd.conf diff --git a/image-build.sh b/image-build.sh new file mode 100755 index 0000000..7d14dec --- /dev/null +++ b/image-build.sh @@ -0,0 +1,42 @@ +#!/bin/bash +set -e + +MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$MY_DIR/image.conf" + +# Prepare the environment + +image=$1 +version=$2 +revision=$3 + +if [[ -z "$image" || -z "$version" ]]; then + echo "Usage: $0 []" + exit 1 +fi + +tag="$version" +if [ ! -z "$revision" ]; then + tag="$tag-$revisionPrefix$revision" +fi + +fullImage="$registry/$repository/$image" +latestImage="$fullImage:latest" +taggedImage="$fullImage:$tag" + +echo "Image: $taggedImage" +read -p "Continue? (Default: no) [y|n]: " ANSWER +if [ "$ANSWER" != "y" ]; then + echo "Aborting push." + exit 3 +fi + +# Build and tag the image + +docker build -t "$latestImage" "$image" +docker tag "$latestImage" "$taggedImage" + +# Push the built image + +docker push "$latestImage" +docker push "$taggedImage" diff --git a/image-cache.sh b/image-cache.sh new file mode 100755 index 0000000..08e4a92 --- /dev/null +++ b/image-cache.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -e + +MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$MY_DIR/image.conf" + +image=$1 + +if [[ -z "$image" ]]; then + echo "Usage: $0 " + exit 1 +fi + +taggedImage="$registry/$image" + +docker image pull "$image" +docker image tag "$image" "$taggedImage" +docker image push "$taggedImage" diff --git a/image.conf b/image.conf new file mode 100644 index 0000000..f62e824 --- /dev/null +++ b/image.conf @@ -0,0 +1,3 @@ +registry="registry.verdnatura.es" +repository="verdnatura" +revisionPrefix="vn" diff --git a/jenkins-agent/Dockerfile b/jenkins-agent/Dockerfile index 91236d5..85aca1f 100644 --- a/jenkins-agent/Dockerfile +++ b/jenkins-agent/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/inbound-agent:latest-jdk17 +FROM jenkins/inbound-agent:latest-bookworm-jdk17 USER root @@ -31,10 +31,11 @@ RUN apt-get install -y apt-transport-https ca-certificates curl gnupg \ && apt-get update \ && apt-get install -y kubectl +# Docker +COPY --from=docker:26.1.3-cli /usr/local/bin/docker /usr/local/bin/ + # Docker compose -RUN curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \ - -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose +RUN apt-get install docker-compose -y --no-install-recommends # Puppeteer RUN apt-get install -y --no-install-recommends \ diff --git a/mrbs/kube-compose.yml b/mrbs/kube-compose.yml deleted file mode 100644 index 48ca509..0000000 --- a/mrbs/kube-compose.yml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: mrbs - labels: - app: mrbs -spec: - ingressClassName: nginx - rules: - - host: mrbs.verdnatura.es - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: mrbs - port: - number: 80 ---- -apiVersion: v1 -kind: Service -metadata: - name: mrbs - labels: - app: mrbs -spec: - ports: - - port: 80 - targetPort: 80 - selector: - app: mrbs ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mrbs - labels: - app: mrbs -spec: - replicas: 1 - selector: - matchLabels: - app: mrbs - strategy: - type: Recreate - template: - metadata: - labels: - app: mrbs - spec: - containers: - - image: registry.verdnatura.es/mrbs:1.11.2-vn1 - name: main - ports: - - containerPort: 80 - resources: - limits: - memory: 1Gi - volumeMounts: - - name: secret - mountPath: /var/www/html/web/config.inc.php - subPath: config.inc.php - restartPolicy: Always - imagePullSecrets: - - name: regcred - volumes: - - name: secret - secret: - secretName: mrbs.config - defaultMode: 420 ---- -apiVersion: v1 -kind: Service -metadata: - name: mrbs-db - labels: - app: mrbs-db -spec: - type: NodePort - ports: - - port: 3306 - targetPort: 3306 - selector: - io.kompose.service: mrbs-db ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mrbs.db - labels: - app: mrbs -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: mrbs-db - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: mrbs-db - spec: - containers: - - image: mariadb:10.11.4 - name: mrbs-db - args: - - --transaction-isolation=READ-COMMITTED - - --binlog-format=ROW - - --ignore-db-dir=lost+found - env: - - name: MYSQL_DATABASE - value: mrbs - - name: MYSQL_USER - value: mrbs - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: mrbs.env - key: MYSQL_PASSWORD - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mrbs.env - key: MYSQL_ROOT_PASSWORD - ports: - - containerPort: 3306 - resources: - limits: - memory: 500Mi - volumeMounts: - - mountPath: /var/lib/mysql - name: db - - mountPath: /etc/localtime - name: localtime - readOnly: true - restartPolicy: Always - volumes: - - name: db - persistentVolumeClaim: - claimName: mrbs.db - - name: localtime - hostPath: - path: /etc/localtime - type: File - readOnly: true ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mrbs.db - labels: - app: mrdb -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: csi-rbd-ssd-sc - volumeMode: Filesystem diff --git a/mrbs/themes/verdnatura/styling.inc b/mrbs/themes/verdnatura/styling.inc index b039e2b..7d8613a 100644 --- a/mrbs/themes/verdnatura/styling.inc +++ b/mrbs/themes/verdnatura/styling.inc @@ -12,7 +12,7 @@ $header_font_color = "#ffffff"; // font color for text in header $highlight_font_color = "#ff0066"; // used for highlighting text (eg links, errors) $color_key_font_color = $standard_font_color; // used in the colour key table -$banner_back_color = "#1976D2"; // background colour for banner +$banner_back_color = "#8CC63F"; // background colour for banner $banner_border_color = $body_background_color; // border colour for banner $banner_font_color = $header_font_color; // font colour for banner $banner_nav_hover_color = 'darkblue'; // background colour when header links are hovered over diff --git a/node/Dockerfile b/node/Dockerfile new file mode 100644 index 0000000..d520086 --- /dev/null +++ b/node/Dockerfile @@ -0,0 +1,13 @@ +FROM debian:12.6-slim + +ARG DEBIAN_FRONTEND=noninteractive + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + curl \ + ca-certificates \ + gnupg2 \ + && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \ + && apt-get install -y --no-install-recommends nodejs \ + && npm install -g npm \ + && rm -rf /var/lib/apt/lists/* diff --git a/phpldapadmin/Dockerfile b/phpldapadmin/Dockerfile index d04e37b..f36baba 100644 --- a/phpldapadmin/Dockerfile +++ b/phpldapadmin/Dockerfile @@ -11,9 +11,9 @@ RUN echo "deb http://ftp.es.debian.org/debian stretch-backports main" \ php-xml \ && rm -rf /var/lib/apt/lists/* \ && . /etc/apache2/envvars \ - && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ - && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ - && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" + && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" COPY apache.conf /etc/apache2/sites-available/phpldapadmin.conf diff --git a/phpmyadmin/Dockerfile b/phpmyadmin/Dockerfile deleted file mode 100644 index 4c4775d..0000000 --- a/phpmyadmin/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM phpmyadmin/phpmyadmin:5.0.1 - -COPY style.css /etc/phpmyadmin/ -RUN cat /etc/phpmyadmin/style.css >> /usr/src/phpmyadmin/themes/metro/css/theme.css diff --git a/phpmyadmin/style.css b/phpmyadmin/style.css deleted file mode 100644 index 58632e6..0000000 --- a/phpmyadmin/style.css +++ /dev/null @@ -1,10 +0,0 @@ -body { - font-size: 10pt !important; -} -.CodeMirror { - font-size: 13px; -} -body .ui-dialog { - top: 40px !important; - width: 1000px !important; -} diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml deleted file mode 100644 index 0aa52be..0000000 --- a/portainer/docker-compose.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: '3.2' -services: - agent: - image: portainer/agent:2.17.1 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /var/lib/docker/volumes:/var/lib/docker/volumes - - /var/lib/rexray/volumes:/var/lib/rexray/volumes - networks: - - agent - deploy: - mode: global - placement: - constraints: [node.platform.os == linux] - resources: - limits: - memory: 500M - main: - image: portainer/portainer-ce:2.17.1 - command: -H tcp://tasks.agent:9001 --tlsskipverify - ports: - - "80:9000" - - "8000:8000" - volumes: - - data:/data - networks: - - agent - deploy: - mode: replicated - replicas: 1 - placement: - constraints: [node.role == manager] - resources: - limits: - memory: 2G -networks: - agent: - driver: overlay - attachable: true -volumes: - data: - driver: rexray - driver_opts: - size: 4 \ No newline at end of file diff --git a/redmine/Dockerfile b/redmine/Dockerfile index 5c8eb43..4caeb82 100644 --- a/redmine/Dockerfile +++ b/redmine/Dockerfile @@ -1,4 +1,4 @@ -FROM redmine:5.1.2 +FROM redmine:5.1.3-bookworm ENV REDMINE_PATH=/usr/src/redmine \ REDMINE_LOCAL_PATH=/var/local/redmine diff --git a/reprepro/Dockerfile b/reprepro/Dockerfile index 9d39a9c..b0b71f8 100644 --- a/reprepro/Dockerfile +++ b/reprepro/Dockerfile @@ -1,7 +1,31 @@ -FROM php:7.4.1-apache +FROM debian:bookworm-slim +ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update \ - && apt-get install -y --no-install-recommends reprepro \ - && rm -rf /var/lib/apt/lists/* + && apt-get install -y --no-install-recommends \ + apache2 \ + reprepro \ + openssh-server \ + && rm -rf /var/lib/apt/lists/* \ + && . /etc/apache2/envvars \ + && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" -COPY apache.conf /etc/apache2/conf-enabled/reprepro.conf +WORKDIR /var/lib/reprepro +EXPOSE 80 + +RUN groupadd -g 600 reprepro \ + && useradd -d /var/lib/reprepro -u 600 -g 600 -m -s /bin/bash reprepro + +COPY apache-conf.conf /etc/apache2/conf-available/reprepro.conf +COPY apache-site.conf /etc/apache2/sites-available/reprepro.conf + +RUN a2enconf reprepro \ + && a2ensite reprepro \ + && a2dissite 000-default + +COPY entrypoint.sh / + +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["apachectl", "-D", "FOREGROUND"] diff --git a/reprepro/README.md b/reprepro/README.md new file mode 100644 index 0000000..e3e0af4 --- /dev/null +++ b/reprepro/README.md @@ -0,0 +1,7 @@ +# Reprepro docker image + +APT server using Reprepro and Apache HTTP server. + +## Links + +* https://github.com/bbinet/docker-reprepro \ No newline at end of file diff --git a/reprepro/apache-conf.conf b/reprepro/apache-conf.conf new file mode 100644 index 0000000..3029531 --- /dev/null +++ b/reprepro/apache-conf.conf @@ -0,0 +1,8 @@ + + Options Indexes + Options +FollowSymLinks + AllowOverride None + Order Allow,Deny + Allow From All + Require all granted + \ No newline at end of file diff --git a/reprepro/apache-site.conf b/reprepro/apache-site.conf new file mode 100644 index 0000000..5ec4de5 --- /dev/null +++ b/reprepro/apache-site.conf @@ -0,0 +1,3 @@ + + DocumentRoot /var/lib/reprepro/repo/ + \ No newline at end of file diff --git a/reprepro/apache.conf b/reprepro/apache.conf deleted file mode 100644 index ed6c658..0000000 --- a/reprepro/apache.conf +++ /dev/null @@ -1,13 +0,0 @@ - - Options Indexes - Options +FollowSymLinks - AllowOverride None - Order Allow,Deny - Allow From All - Require all granted - - - Order Deny,Allow - Deny From All - Require all denied - \ No newline at end of file diff --git a/reprepro/entrypoint.sh b/reprepro/entrypoint.sh new file mode 100755 index 0000000..54c7a76 --- /dev/null +++ b/reprepro/entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +service ssh start +exec $@ \ No newline at end of file diff --git a/semaphore/Dockerfile b/semaphore/Dockerfile index 7614b7b..eae047f 100644 --- a/semaphore/Dockerfile +++ b/semaphore/Dockerfile @@ -10,22 +10,21 @@ RUN pip install --upgrade pip \ pip install --upgrade pywinrm[credssp] #RUN apt-get update \ - # && apt-get upgrade -y \ - # && apt-get install -y --no-install-recommends \ - # gcc \ - # libffi-devel \ - # python3 \ - # epel-release \ - # python3-pip \ - # wget - +# && apt-get upgrade -y \ +# && apt-get install -y --no-install-recommends \ +# gcc \ +# libffi-devel \ +# python3 \ +# epel-release \ +# python3-pip \ +# wget #RUN pip3 install --upgrade pip \ - # pip3 install --upgrade virtualenv \ - # pip3 install pywinrm[kerberos] \ - # pip3 install pywinrm \ - # pip3 install jmspath \ - # pip3 install request prueba +# pip3 install --upgrade virtualenv \ +# pip3 install pywinrm[kerberos] \ +# pip3 install pywinrm \ +# pip3 install jmspath \ +# pip3 install request prueba RUN ls /usr/local/bin/