verdnatura/vn-docker
verdnatura
/
vn-docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into 7022-rwmap

This commit is contained in:
Guillermo Bonet 2024-08-14 11:08:37 +02:00
parent 3f389c0ea0 24ab6cc7ad
commit a6ca532bf3
27 changed files with 174 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
README.md
View File

@ -1,47 +1,30 @@
# Docker
# Verdnatura Docker image repository
Dockerfile and compose files used as basis for service deployment.
Dockerfile and compose files used as basis for Verdnatura service deployment.
## Prepare environment
Some scripts are provided to speed up the most common actions:
```
registry=[registryUrl]
image=[imageName]
tag=[versionTag]
```
* *image-build.sh*: Build, tag and push an own image.
* *image-cache.sh*: Cache docker hub image in the local registry.
## Build image
Use *image.conf* for local registry and repository configuration.
Build the image with *latest* tag.
```
docker build -t $registry/$image $image
```
## Registry authentication
Tag the image with version.
```
docker tag $registry/$image $registry/$image:$tag
```
Test image locally
```
docker run --name test $registry/$image:$tag
```
## Push image
Login into docker registry (If it's the first time or you are not saving credentials).
Login into docker registry, if you don't logout, credentials will remain saved
in your home directory.
```
docker login $registry
```
Push the *latest* image and version tag.
```
docker push $registry/$image
docker push $registry/$image:$tag
```
Logout from docker registry (If you don't logout, credentials will remain saved
in your home directory).
Logout from docker registry.
```
docker logout $registry
```
## Test image
Run image locally.
```
docker run --name test $registry/$image:$tag
```

16
debuild/Dockerfile
View File

@ -6,9 +6,7 @@ RUN apt-get update \
&& apt-get install -y \
build-essential \
debhelper \
devscripts \
reprepro \
sudo
devscripts
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
@ -21,11 +19,11 @@ RUN apt-get update \
nodejs \
&& npm install -g npm
RUN rm -rf /var/lib/apt/lists/*
RUN groupadd -g 1000 jenkins \
&& useradd -d /var/jenkins_home -u 1000 -g 1000 -m -s /bin/bash jenkins \
&& echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins \
&& mkdir /reprepro
&& useradd -d /home/jenkins -u 1000 -g 1000 -m -s /bin/bash jenkins \
&& mkdir -p /home/jenkins/agent/workspace \
&& chown -R jenkins:jenkins /home/jenkins/agent
VOLUME ["/reprepro"]
COPY vn-includedeb /usr/bin/
USER jenkins

35
debuild/vn-includedeb
View File

@ -1,35 +0,0 @@
#!/bin/bash
set -e
srcDir=.
if [ ! -f "$srcDir/debian/changelog" ]; then
echo "Invalid source directory."
exit 1
fi
codename=$1
buildDir="$srcDir/.."
if [ -z "$codename" ]; then
codename="stable"
fi
cut -d" " -f1 "$srcDir/debian/files" |
while read debFile; do
if [[ ! "$debFile" =~ .*\.deb$ ]]; then
continue
fi
echo "Adding $debFile"
cp "$buildDir/$debFile" /tmp
sudo -u www-data reprepro -b /reprepro --gnupghome /reprepro/.gnupg \
includedeb $codename "/tmp/$debFile"
done
echo "Cleaning."
(cd "$srcDir" && debian/rules clean)
rm -f $buildDir/*.deb
rm -f $buildDir/*.changes
rm -f $buildDir/*.build
rm -f $buildDir/*.buildinfo

13
freeradius/Dockerfile
View File

@ -1,13 +0,0 @@
FROM freeradius/freeradius-server:3.0.20
RUN apt-get update \
&& apt-get install -y patch \
&& rm -rf /var/lib/apt/lists/*
COPY default.patch inner-tunnel.patch ./
RUN echo "Patching site config files to use LDAP module" \
&& patch /etc/raddb/sites-available/default default.patch \
&& patch /etc/raddb/sites-available/inner-tunnel inner-tunnel.patch
COPY eap /etc/raddb/mods-enabled/

24
freeradius/default.patch
View File

@ -1,24 +0,0 @@
--- default 2019-11-14 17:00:00.000000000 +0000
+++ default.local 2020-04-16 11:02:21.483549795 +0000
@@ -419,7 +419,7 @@
#
# The ldap module reads passwords from the LDAP database.
- -ldap
+ ldap
#
# Enforce daily limits on time spent logged in.
@@ -530,9 +530,9 @@
# authentication server, and knows what to do with authentication.
# LDAP servers do not.
#
-# Auth-Type LDAP {
-# ldap
-# }
+ Auth-Type LDAP {
+ ldap
+ }
#
# Allow EAP authentication.

20
freeradius/eap
View File

@ -1,20 +0,0 @@
eap {
default_eap_type = ttls
gtc {
auth_type = PAP
}
tls-config tls-common {
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
ca_file = ${cadir}/ca.pem
tls_min_version = "1.2"
}
ttls {
tls = tls-common
default_eap_type = gtc
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
}

24
freeradius/inner-tunnel.patch
View File

@ -1,24 +0,0 @@
--- inner-tunnel 2019-11-14 17:00:00.000000000 +0000
+++ inner-tunnel.local 2020-04-16 10:59:58.519556165 +0000
@@ -151,7 +151,7 @@
#
# The ldap module reads passwords from the LDAP database.
- -ldap
+ ldap
#
# Enforce daily limits on time spent logged in.
@@ -238,9 +238,9 @@
# authentication server, and knows what to do with authentication.
# LDAP servers do not.
#
-# Auth-Type LDAP {
-# ldap
-# }
+ Auth-Type LDAP {
+ ldap
+ }
#
# Allow EAP authentication.

2
httpd/Dockerfile
View File

@ -1,3 +1,3 @@
FROM httpd:2.4.58
FROM httpd:2.4.61
RUN echo "IncludeOptional conf.d/*.conf" >> conf/httpd.conf

42
image-build.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
set -e
MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$MY_DIR/image.conf"
# Prepare the environment
image=$1
version=$2
revision=$3
if [[ -z "$image" || -z "$version" ]]; then
echo "Usage: $0 <image> <version> [<revision>]"
exit 1
fi
tag="$version"
if [ ! -z "$revision" ]; then
tag="$tag-$revisionPrefix$revision"
fi
fullImage="$registry/$repository/$image"
latestImage="$fullImage:latest"
taggedImage="$fullImage:$tag"
echo "Image: $taggedImage"
read -p "Continue? (Default: no) [y|n]: " ANSWER
if [ "$ANSWER" != "y" ]; then
echo "Aborting push."
exit 3
fi
# Build and tag the image
docker build -t "$latestImage" "$image"
docker tag "$latestImage" "$taggedImage"
# Push the built image
docker push "$latestImage"
docker push "$taggedImage"

18
image-cache.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
set -e
MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$MY_DIR/image.conf"
image=$1
if [[ -z "$image" ]]; then
echo "Usage: $0 <image>"
exit 1
fi
taggedImage="$registry/$image"
docker image pull "$image"
docker image tag "$image" "$taggedImage"
docker image push "$taggedImage"

3
image.conf Normal file
View File

@ -0,0 +1,3 @@
registry="registry.verdnatura.es"
repository="verdnatura"
revisionPrefix="vn"

9
jenkins-agent/Dockerfile
View File

@ -1,4 +1,4 @@
FROM jenkins/inbound-agent:latest-jdk17
FROM jenkins/inbound-agent:latest-bookworm-jdk17
USER root
@ -31,10 +31,11 @@ RUN apt-get install -y apt-transport-https ca-certificates curl gnupg \
&& apt-get update \
&& apt-get install -y kubectl
# Docker
COPY --from=docker:26.1.3-cli /usr/local/bin/docker /usr/local/bin/
# Docker compose
RUN curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \
-o /usr/local/bin/docker-compose \
&& chmod +x /usr/local/bin/docker-compose
RUN apt-get install docker-compose -y --no-install-recommends
# Puppeteer
RUN apt-get install -y --no-install-recommends \

162
mrbs/kube-compose.yml
View File

@ -1,162 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mrbs
labels:
app: mrbs
spec:
ingressClassName: nginx
rules:
- host: mrbs.verdnatura.es
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mrbs
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: mrbs
labels:
app: mrbs
spec:
ports:
- port: 80
targetPort: 80
selector:
app: mrbs
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mrbs
labels:
app: mrbs
spec:
replicas: 1
selector:
matchLabels:
app: mrbs
strategy:
type: Recreate
template:
metadata:
labels:
app: mrbs
spec:
containers:
- image: registry.verdnatura.es/mrbs:1.11.2-vn1
name: main
ports:
- containerPort: 80
resources:
limits:
memory: 1Gi
volumeMounts:
- name: secret
mountPath: /var/www/html/web/config.inc.php
subPath: config.inc.php
restartPolicy: Always
imagePullSecrets:
- name: regcred
volumes:
- name: secret
secret:
secretName: mrbs.config
defaultMode: 420
---
apiVersion: v1
kind: Service
metadata:
name: mrbs-db
labels:
app: mrbs-db
spec:
type: NodePort
ports:
- port: 3306
targetPort: 3306
selector:
io.kompose.service: mrbs-db
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mrbs.db
labels:
app: mrbs
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: mrbs-db
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: mrbs-db
spec:
containers:
- image: mariadb:10.11.4
name: mrbs-db
args:
- --transaction-isolation=READ-COMMITTED
- --binlog-format=ROW
- --ignore-db-dir=lost+found
env:
- name: MYSQL_DATABASE
value: mrbs
- name: MYSQL_USER
value: mrbs
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mrbs.env
key: MYSQL_PASSWORD
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mrbs.env
key: MYSQL_ROOT_PASSWORD
ports:
- containerPort: 3306
resources:
limits:
memory: 500Mi
volumeMounts:
- mountPath: /var/lib/mysql
name: db
- mountPath: /etc/localtime
name: localtime
readOnly: true
restartPolicy: Always
volumes:
- name: db
persistentVolumeClaim:
claimName: mrbs.db
- name: localtime
hostPath:
path: /etc/localtime
type: File
readOnly: true
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mrbs.db
labels:
app: mrdb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: csi-rbd-ssd-sc
volumeMode: Filesystem

2
mrbs/themes/verdnatura/styling.inc
View File

@ -12,7 +12,7 @@ $header_font_color = "#ffffff"; // font color for text in header
$highlight_font_color = "#ff0066"; // used for highlighting text (eg links, errors)
$color_key_font_color = $standard_font_color; // used in the colour key table
$banner_back_color = "#1976D2"; // background colour for banner
$banner_back_color = "#8CC63F"; // background colour for banner
$banner_border_color = $body_background_color; // border colour for banner
$banner_font_color = $header_font_color; // font colour for banner
$banner_nav_hover_color = 'darkblue'; // background colour when header links are hovered over

13
node/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM debian:12.6-slim
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
curl \
ca-certificates \
gnupg2 \
&& curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& npm install -g npm \
&& rm -rf /var/lib/apt/lists/*

4
phpmyadmin/Dockerfile
View File

@ -1,4 +0,0 @@
FROM phpmyadmin/phpmyadmin:5.0.1
COPY style.css /etc/phpmyadmin/
RUN cat /etc/phpmyadmin/style.css >> /usr/src/phpmyadmin/themes/metro/css/theme.css

10
phpmyadmin/style.css
View File

@ -1,10 +0,0 @@
body {
font-size: 10pt !important;
}
.CodeMirror {
font-size: 13px;
}
body .ui-dialog {
top: 40px !important;
width: 1000px !important;
}

44
portainer/docker-compose.yml
View File

@ -1,44 +0,0 @@
version: '3.2'
services:
agent:
image: portainer/agent:2.17.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
- /var/lib/rexray/volumes:/var/lib/rexray/volumes
networks:
- agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
resources:
limits:
memory: 500M
main:
image: portainer/portainer-ce:2.17.1
command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "80:9000"
- "8000:8000"
volumes:
- data:/data
networks:
- agent
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
resources:
limits:
memory: 2G
networks:
agent:
driver: overlay
attachable: true
volumes:
data:
driver: rexray
driver_opts:
size: 4

2
redmine/Dockerfile
View File

@ -1,4 +1,4 @@
FROM redmine:5.1.2
FROM redmine:5.1.3-bookworm
ENV REDMINE_PATH=/usr/src/redmine \
REDMINE_LOCAL_PATH=/var/local/redmine

32
reprepro/Dockerfile
View File

@ -1,7 +1,31 @@
FROM php:7.4.1-apache
FROM debian:bookworm-slim
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install -y --no-install-recommends reprepro \
&& rm -rf /var/lib/apt/lists/*
&& apt-get install -y --no-install-recommends \
apache2 \
reprepro \
openssh-server \
&& rm -rf /var/lib/apt/lists/* \
&& . /etc/apache2/envvars \
&& ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \
&& ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \
&& ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"
COPY apache.conf /etc/apache2/conf-enabled/reprepro.conf
WORKDIR /var/lib/reprepro
EXPOSE 80
RUN groupadd -g 600 reprepro \
&& useradd -d /var/lib/reprepro -u 600 -g 600 -m -s /bin/bash reprepro
COPY apache-conf.conf /etc/apache2/conf-available/reprepro.conf
COPY apache-site.conf /etc/apache2/sites-available/reprepro.conf
RUN a2enconf reprepro \
&& a2ensite reprepro \
&& a2dissite 000-default
COPY entrypoint.sh /
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["apachectl", "-D", "FOREGROUND"]

7
reprepro/README.md Normal file
View File

@ -0,0 +1,7 @@
# Reprepro docker image
APT server using Reprepro and Apache HTTP server.
## Links
* https://github.com/bbinet/docker-reprepro

8
reprepro/apache-conf.conf Normal file
View File

@ -0,0 +1,8 @@
<Directory /var/lib/reprepro/repo>
Options Indexes
Options +FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow From All
Require all granted
</Directory>

3
reprepro/apache-site.conf Normal file
View File

@ -0,0 +1,3 @@
<VirtualHost *:80>
DocumentRoot /var/lib/reprepro/repo/
</VirtualHost>

13
reprepro/apache.conf
View File

@ -1,13 +0,0 @@
<Directory /var/www/html>
Options Indexes
Options +FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow From All
Require all granted
</Directory>
<Directory /var/www/html/.gnupg>
Order Deny,Allow
Deny From All
Require all denied
</Directory>

4
reprepro/entrypoint.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
service ssh start
exec $@

1
semaphore/Dockerfile
View File

@ -19,7 +19,6 @@ RUN pip install --upgrade pip \
# python3-pip \
# wget
#RUN pip3 install --upgrade pip \
# pip3 install --upgrade virtualenv \
# pip3 install pywinrm[kerberos] \