verdnatura/vn-docker
verdnatura
/
vn-docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat: refs #7022 Added cdn #5

Merged
guillermo merged 7 commits from 7022-rwmap into master 2024-09-11 06:33:33 +00:00
Conversation 0 Commits 7 Files Changed 2 +174 -420
27 changed files with 174 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a6ca532bf3 - Show all commits

51
README.md
View File

@ -1,47 +1,30 @@
# Docker # Verdnatura Docker image repository
Dockerfile and compose files used as basis for service deployment. Dockerfile and compose files used as basis for Verdnatura service deployment.
## Prepare environment Some scripts are provided to speed up the most common actions:
``` * *image-build.sh*: Build, tag and push an own image.
registry=[registryUrl] * *image-cache.sh*: Cache docker hub image in the local registry.
image=[imageName]
tag=[versionTag]
```
## Build image Use *image.conf* for local registry and repository configuration.
Build the image with *latest* tag. ## Registry authentication
```
docker build -t $registry/$image $image
```
Tag the image with version. Login into docker registry, if you don't logout, credentials will remain saved
``` in your home directory.
docker tag $registry/$image $registry/$image:$tag
```
Test image locally
```
docker run --name test $registry/$image:$tag
```
## Push image
Login into docker registry (If it's the first time or you are not saving credentials).
``` ```
docker login $registry docker login $registry
``` ```
Push the *latest* image and version tag. Logout from docker registry.
```
docker push $registry/$image
docker push $registry/$image:$tag
```
Logout from docker registry (If you don't logout, credentials will remain saved
in your home directory).
``` ```
docker logout $registry docker logout $registry
``` ```
## Test image
Run image locally.
```
docker run --name test $registry/$image:$tag
```

16
debuild/Dockerfile
View File

@ -6,9 +6,7 @@ RUN apt-get update \
&& apt-get install -y \ && apt-get install -y \
build-essential \ build-essential \
debhelper \ debhelper \
devscripts \ devscripts
reprepro \
sudo
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
@ -21,11 +19,11 @@ RUN apt-get update \
nodejs \ nodejs \
&& npm install -g npm && npm install -g npm
RUN rm -rf /var/lib/apt/lists/*
RUN groupadd -g 1000 jenkins \ RUN groupadd -g 1000 jenkins \
&& useradd -d /var/jenkins_home -u 1000 -g 1000 -m -s /bin/bash jenkins \ && useradd -d /home/jenkins -u 1000 -g 1000 -m -s /bin/bash jenkins \
&& echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins \ && mkdir -p /home/jenkins/agent/workspace \
&& mkdir /reprepro && chown -R jenkins:jenkins /home/jenkins/agent
VOLUME ["/reprepro"] USER jenkins
COPY vn-includedeb /usr/bin/

35
debuild/vn-includedeb
View File

@ -1,35 +0,0 @@
#!/bin/bash
set -e
srcDir=.
if [ ! -f "$srcDir/debian/changelog" ]; then
echo "Invalid source directory."
exit 1
fi
codename=$1
buildDir="$srcDir/.."
if [ -z "$codename" ]; then
codename="stable"
fi
cut -d" " -f1 "$srcDir/debian/files" |
while read debFile; do
if [[ ! "$debFile" =~ .*\.deb$ ]]; then
continue
fi
echo "Adding $debFile"
cp "$buildDir/$debFile" /tmp
sudo -u www-data reprepro -b /reprepro --gnupghome /reprepro/.gnupg \
includedeb $codename "/tmp/$debFile"
done
echo "Cleaning."
(cd "$srcDir" && debian/rules clean)
rm -f $buildDir/*.deb
rm -f $buildDir/*.changes
rm -f $buildDir/*.build
rm -f $buildDir/*.buildinfo

13
freeradius/Dockerfile
View File

@ -1,13 +0,0 @@
FROM freeradius/freeradius-server:3.0.20
RUN apt-get update \
&& apt-get install -y patch \
&& rm -rf /var/lib/apt/lists/*
COPY default.patch inner-tunnel.patch ./
RUN echo "Patching site config files to use LDAP module" \
&& patch /etc/raddb/sites-available/default default.patch \
&& patch /etc/raddb/sites-available/inner-tunnel inner-tunnel.patch
COPY eap /etc/raddb/mods-enabled/

24
freeradius/default.patch
View File

@ -1,24 +0,0 @@
--- default 2019-11-14 17:00:00.000000000 +0000
+++ default.local 2020-04-16 11:02:21.483549795 +0000
@@ -419,7 +419,7 @@
#
# The ldap module reads passwords from the LDAP database.
- -ldap
+ ldap
#
# Enforce daily limits on time spent logged in.
@@ -530,9 +530,9 @@
# authentication server, and knows what to do with authentication.
# LDAP servers do not.
#
-# Auth-Type LDAP {
-# ldap
-# }
+ Auth-Type LDAP {
+ ldap
+ }
#
# Allow EAP authentication.

20
freeradius/eap
View File

@ -1,20 +0,0 @@
eap {
default_eap_type = ttls
gtc {
auth_type = PAP
}
tls-config tls-common {
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
ca_file = ${cadir}/ca.pem
tls_min_version = "1.2"
}
ttls {
tls = tls-common
default_eap_type = gtc
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
}

24
freeradius/inner-tunnel.patch
View File

@ -1,24 +0,0 @@
--- inner-tunnel 2019-11-14 17:00:00.000000000 +0000
+++ inner-tunnel.local 2020-04-16 10:59:58.519556165 +0000
@@ -151,7 +151,7 @@
#
# The ldap module reads passwords from the LDAP database.
- -ldap
+ ldap
#
# Enforce daily limits on time spent logged in.
@@ -238,9 +238,9 @@
# authentication server, and knows what to do with authentication.
# LDAP servers do not.
#
-# Auth-Type LDAP {
-# ldap
-# }
+ Auth-Type LDAP {
+ ldap
+ }
#
# Allow EAP authentication.

2
httpd/Dockerfile
View File

@ -1,3 +1,3 @@
FROM httpd:2.4.58 FROM httpd:2.4.61
RUN echo "IncludeOptional conf.d/*.conf" >> conf/httpd.conf RUN echo "IncludeOptional conf.d/*.conf" >> conf/httpd.conf

42
image-build.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
set -e
MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$MY_DIR/image.conf"
# Prepare the environment
image=$1
version=$2
revision=$3
if [[ -z "$image" || -z "$version" ]]; then
echo "Usage: $0 <image> <version> [<revision>]"
exit 1
fi
tag="$version"
if [ ! -z "$revision" ]; then
tag="$tag-$revisionPrefix$revision"
fi
fullImage="$registry/$repository/$image"
latestImage="$fullImage:latest"
taggedImage="$fullImage:$tag"
echo "Image: $taggedImage"
read -p "Continue? (Default: no) [y|n]: " ANSWER
if [ "$ANSWER" != "y" ]; then
echo "Aborting push."
exit 3
fi
# Build and tag the image
docker build -t "$latestImage" "$image"
docker tag "$latestImage" "$taggedImage"
# Push the built image
docker push "$latestImage"
docker push "$taggedImage"

18
image-cache.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
set -e
MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$MY_DIR/image.conf"
image=$1
if [[ -z "$image" ]]; then
echo "Usage: $0 <image>"
exit 1
fi
taggedImage="$registry/$image"
docker image pull "$image"
docker image tag "$image" "$taggedImage"
docker image push "$taggedImage"

3
image.conf Normal file
View File

@ -0,0 +1,3 @@
registry="registry.verdnatura.es"
repository="verdnatura"
revisionPrefix="vn"

9
jenkins-agent/Dockerfile
View File

@ -1,4 +1,4 @@
FROM jenkins/inbound-agent:latest-jdk17 FROM jenkins/inbound-agent:latest-bookworm-jdk17
USER root USER root
@ -31,10 +31,11 @@ RUN apt-get install -y apt-transport-https ca-certificates curl gnupg \
&& apt-get update \ && apt-get update \
&& apt-get install -y kubectl && apt-get install -y kubectl
# Docker
COPY --from=docker:26.1.3-cli /usr/local/bin/docker /usr/local/bin/
# Docker compose # Docker compose
RUN curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \ RUN apt-get install docker-compose -y --no-install-recommends
-o /usr/local/bin/docker-compose \
&& chmod +x /usr/local/bin/docker-compose
# Puppeteer # Puppeteer
RUN apt-get install -y --no-install-recommends \ RUN apt-get install -y --no-install-recommends \

162
mrbs/kube-compose.yml
View File

@ -1,162 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mrbs
labels:
app: mrbs
spec:
ingressClassName: nginx
rules:
- host: mrbs.verdnatura.es
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mrbs
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: mrbs
labels:
app: mrbs
spec:
ports:
- port: 80
targetPort: 80
selector:
app: mrbs
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mrbs
labels:
app: mrbs
spec:
replicas: 1
selector:
matchLabels:
app: mrbs
strategy:
type: Recreate
template:
metadata:
labels:
app: mrbs
spec:
containers:
- image: registry.verdnatura.es/mrbs:1.11.2-vn1
name: main
ports:
- containerPort: 80
resources:
limits:
memory: 1Gi
volumeMounts:
- name: secret
mountPath: /var/www/html/web/config.inc.php
subPath: config.inc.php
restartPolicy: Always
imagePullSecrets:
- name: regcred
volumes:
- name: secret
secret:
secretName: mrbs.config
defaultMode: 420
---
apiVersion: v1
kind: Service
metadata:
name: mrbs-db
labels:
app: mrbs-db
spec:
type: NodePort
ports:
- port: 3306
targetPort: 3306
selector:
io.kompose.service: mrbs-db
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mrbs.db
labels:
app: mrbs
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: mrbs-db
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: mrbs-db
spec:
containers:
- image: mariadb:10.11.4
name: mrbs-db
args:
- --transaction-isolation=READ-COMMITTED
- --binlog-format=ROW
- --ignore-db-dir=lost+found
env:
- name: MYSQL_DATABASE
value: mrbs
- name: MYSQL_USER
value: mrbs
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mrbs.env
key: MYSQL_PASSWORD
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mrbs.env
key: MYSQL_ROOT_PASSWORD
ports:
- containerPort: 3306
resources:
limits:
memory: 500Mi
volumeMounts:
- mountPath: /var/lib/mysql
name: db
- mountPath: /etc/localtime
name: localtime
readOnly: true
restartPolicy: Always
volumes:
- name: db
persistentVolumeClaim:
claimName: mrbs.db
- name: localtime
hostPath:
path: /etc/localtime
type: File
readOnly: true
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mrbs.db
labels:
app: mrdb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: csi-rbd-ssd-sc
volumeMode: Filesystem

2
mrbs/themes/verdnatura/styling.inc
View File

@ -12,7 +12,7 @@ $header_font_color = "#ffffff"; // font color for text in header
$highlight_font_color = "#ff0066"; // used for highlighting text (eg links, errors) $highlight_font_color = "#ff0066"; // used for highlighting text (eg links, errors)
$color_key_font_color = $standard_font_color; // used in the colour key table $color_key_font_color = $standard_font_color; // used in the colour key table
$banner_back_color = "#1976D2"; // background colour for banner $banner_back_color = "#8CC63F"; // background colour for banner
$banner_border_color = $body_background_color; // border colour for banner $banner_border_color = $body_background_color; // border colour for banner
$banner_font_color = $header_font_color; // font colour for banner $banner_font_color = $header_font_color; // font colour for banner
$banner_nav_hover_color = 'darkblue'; // background colour when header links are hovered over $banner_nav_hover_color = 'darkblue'; // background colour when header links are hovered over

13
node/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM debian:12.6-slim
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
curl \
ca-certificates \
gnupg2 \
&& curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& npm install -g npm \
&& rm -rf /var/lib/apt/lists/*

6
phpldapadmin/Dockerfile
View File

@ -11,9 +11,9 @@ RUN echo "deb http://ftp.es.debian.org/debian stretch-backports main" \
php-xml \ php-xml \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& . /etc/apache2/envvars \ && . /etc/apache2/envvars \
&& ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \
&& ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \
&& ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"
COPY apache.conf /etc/apache2/sites-available/phpldapadmin.conf COPY apache.conf /etc/apache2/sites-available/phpldapadmin.conf

4
phpmyadmin/Dockerfile
View File

@ -1,4 +0,0 @@
FROM phpmyadmin/phpmyadmin:5.0.1
COPY style.css /etc/phpmyadmin/
RUN cat /etc/phpmyadmin/style.css >> /usr/src/phpmyadmin/themes/metro/css/theme.css

10
phpmyadmin/style.css
View File

@ -1,10 +0,0 @@
body {
font-size: 10pt !important;
}
.CodeMirror {
font-size: 13px;
}
body .ui-dialog {
top: 40px !important;
width: 1000px !important;
}

44
portainer/docker-compose.yml
View File

@ -1,44 +0,0 @@
version: '3.2'
services:
agent:
image: portainer/agent:2.17.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
- /var/lib/rexray/volumes:/var/lib/rexray/volumes
networks:
- agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
resources:
limits:
memory: 500M
main:
image: portainer/portainer-ce:2.17.1
command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "80:9000"
- "8000:8000"
volumes:
- data:/data
networks:
- agent
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
resources:
limits:
memory: 2G
networks:
agent:
driver: overlay
attachable: true
volumes:
data:
driver: rexray
driver_opts:
size: 4

2
redmine/Dockerfile
View File

@ -1,4 +1,4 @@
FROM redmine:5.1.2 FROM redmine:5.1.3-bookworm
ENV REDMINE_PATH=/usr/src/redmine \ ENV REDMINE_PATH=/usr/src/redmine \
REDMINE_LOCAL_PATH=/var/local/redmine REDMINE_LOCAL_PATH=/var/local/redmine

32
reprepro/Dockerfile
View File

@ -1,7 +1,31 @@
FROM php:7.4.1-apache FROM debian:bookworm-slim
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends reprepro \ && apt-get install -y --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* apache2 \
reprepro \
openssh-server \
&& rm -rf /var/lib/apt/lists/* \
&& . /etc/apache2/envvars \
&& ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \
&& ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \
&& ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"
COPY apache.conf /etc/apache2/conf-enabled/reprepro.conf WORKDIR /var/lib/reprepro
EXPOSE 80
RUN groupadd -g 600 reprepro \
&& useradd -d /var/lib/reprepro -u 600 -g 600 -m -s /bin/bash reprepro
COPY apache-conf.conf /etc/apache2/conf-available/reprepro.conf
COPY apache-site.conf /etc/apache2/sites-available/reprepro.conf
RUN a2enconf reprepro \
&& a2ensite reprepro \
&& a2dissite 000-default
COPY entrypoint.sh /
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["apachectl", "-D", "FOREGROUND"]

7
reprepro/README.md Normal file
View File

@ -0,0 +1,7 @@
# Reprepro docker image
APT server using Reprepro and Apache HTTP server.
## Links
* https://github.com/bbinet/docker-reprepro

8
reprepro/apache-conf.conf Normal file
View File

@ -0,0 +1,8 @@
<Directory /var/lib/reprepro/repo>
Options Indexes
Options +FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow From All
Require all granted
</Directory>

3
reprepro/apache-site.conf Normal file
View File

@ -0,0 +1,3 @@
<VirtualHost *:80>
DocumentRoot /var/lib/reprepro/repo/
</VirtualHost>

13
reprepro/apache.conf
View File

@ -1,13 +0,0 @@
<Directory /var/www/html>
Options Indexes
Options +FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow From All
Require all granted
</Directory>
<Directory /var/www/html/.gnupg>
Order Deny,Allow
Deny From All
Require all denied
</Directory>

4
reprepro/entrypoint.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
service ssh start
exec $@

27
semaphore/Dockerfile
View File

@ -10,22 +10,21 @@ RUN pip install --upgrade pip \
pip install --upgrade pywinrm[credssp] pip install --upgrade pywinrm[credssp]
#RUN apt-get update \ #RUN apt-get update \
# && apt-get upgrade -y \ # && apt-get upgrade -y \
# && apt-get install -y --no-install-recommends \ # && apt-get install -y --no-install-recommends \
# gcc \ # gcc \
# libffi-devel \ # libffi-devel \
# python3 \ # python3 \
# epel-release \ # epel-release \
# python3-pip \ # python3-pip \
# wget # wget
#RUN pip3 install --upgrade pip \ #RUN pip3 install --upgrade pip \
# pip3 install --upgrade virtualenv \ # pip3 install --upgrade virtualenv \
# pip3 install pywinrm[kerberos] \ # pip3 install pywinrm[kerberos] \
# pip3 install pywinrm \ # pip3 install pywinrm \
# pip3 install jmspath \ # pip3 install jmspath \
# pip3 install request prueba # pip3 install request prueba
RUN ls /usr/local/bin/ RUN ls /usr/local/bin/