diff --git a/.travis.yml b/.travis.yml index 81d25ad..69120cb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,52 +1,50 @@ language: bash - sudo: required -services: docker - +services: docker env: global: - - DOCKER_APP_VERSION=17.05.0~ce-0~ubuntu-trusty - + - DOCKER_APP_VERSION=17.05.0~ce-0~ubuntu-trusty notifications: - slack: ebayclassifiedsgroup:tFHOcsnmbj9SKmfquoJJKjSb - + slack: + rooms: + secure: DThvgzkCwCBt5JlDGU6Po6sWM5nAJubUkcn2H90qRsCARL1kLgbv8KHLkMhv0SnGJfULGr5qVGcGNUzMghBkGwEbyHp6goLp8mPpohp/OGB8pV4CUKWjh20nR/2Dedq+y2clEY3fNNFIBua5Or6XTa7CoedZocR6RwTtbttA+IZCcM3pvLlZwEBsz9xbXverS7qaXH/dQ7rInOJEYxEXmlxSU2Yej2rlMIHEJVeyNoN30lw8oJjd6OLlXXAndr4t6AuZ1FABkmuEycfxDHuZL+fOmqSaGU2R77guPyOdJrQzcGfYSP1RA9ZpEsfFmftAJbcA1bqdbyHouVhMdfR/CFwqRUekymkgAAYqLrt/a0U57SGbR0dZ4upNzjEyO22dc1L1ughJTzPPgWXUeI1ENYi5xkEdFZHiBy8kSKgePusEcfdU16bQ9ZXCurbswBJfDoT2UG7mY9k3lyQQSSu1n+KzzZlbZcP027n1x5go5wRNadRCWoJJKUFghBJFB+qypCTXBCGtxV83OUuLY8cJpSNvzOI85SSEyvhrF70rrrjkuQS516XT2uyjAEypoOYf4CTxzSqPzIK3r7l0WgOkA49ggmnZ5rihu+2nQC03d43zfQNtVVbxTmyUvn2moGJd0SccL1OJ60uyDQeN719T9T3TcjPE+YMFQawpnKfXjzs= before_install: - - echo 'deb https://apt.dockerproject.org/repo ubuntu-trusty main' > /tmp/docker.list - - sudo cp /tmp/docker.list /etc/apt/sources.list.d/docker.list - - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F76221572C52609D - - sudo apt-get update - - apt-cache policy docker-engine || true - - sudo apt-get install -y --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" docker-engine=${DOCKER_APP_VERSION} - - sudo iptables -L DOCKER || sudo iptables -N DOCKER - - sudo apt-get install -y curl python-pip ruby-dev build-essential python-dev - - sudo pip install pip --upgrade - - sudo pip install docker-compose --upgrade - - gem install marathon_deploy - - docker pull ubuntu:16.04 - - docker ps - - ./build-docker-image.sh - - export IP=$(/sbin/ifconfig eth0 | awk '/inet addr:/{gsub(/.*:/,"",$2);print $2;exit}') - - echo $IP - - export START_DNSMASQ=false - - export ZOOKEEPER_HOSTS=${IP}:2181 - - ./generate_yml.sh - - cat docker-compose.yml - - sudo netstat -tulpen - - docker --version - - docker images - - docker-compose up -d - +- echo 'deb https://apt.dockerproject.org/repo ubuntu-trusty main' > /tmp/docker.list +- sudo cp /tmp/docker.list /etc/apt/sources.list.d/docker.list +- sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F76221572C52609D +- sudo apt-get update +- apt-cache policy docker-engine || true +- sudo apt-get install -y --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" + docker-engine=${DOCKER_APP_VERSION} +- sudo iptables -L DOCKER || sudo iptables -N DOCKER +- sudo apt-get install -y curl python-pip ruby-dev build-essential python-dev +- sudo pip install pip +- sudo pip install docker-compose +- gem install marathon_deploy +- docker pull ubuntu:16.04 +- docker ps +- "./build-docker-image.sh" +- export IP=$(/sbin/ifconfig eth0 | awk '/inet addr:/{gsub(/.*:/,"",$2);print $2;exit}') +- echo $IP +- export START_DNSMASQ=false +- export ZOOKEEPER_HOSTS=${IP}:2181 +- "./generate_yml.sh" +- cat docker-compose.yml +- sudo netstat -tulpen +- docker --version +- docker images +- docker-compose up -d script: - - docker ps - - sleep 30 - - curl -s http://${IP}:8080/v2/leader - - curl -s http://${IP}:8080/v2/info - - curl -I -s http://${IP}:5050/master/health - - curl -s http://${IP}:5050/system/stats.json - - docker exec -ti panteras_panteras_1 supervisorctl status - - cd examples/SimpleWebappPython - - ./test_service.sh - - cd - - - cd examples/SmoothWebappPython - - ./test_service.sh - - docker exec -ti panteras_panteras_1 supervisorctl status +- docker ps +- sleep 30 +- curl -s http://${IP}:8080/v2/leader +- curl -s http://${IP}:8080/v2/info +- curl -I -s http://${IP}:5050/master/health +- curl -s http://${IP}:5050/system/stats.json +- docker exec -ti panteras_panteras_1 supervisorctl status +- cd examples/SimpleWebappPython +- "./test_service.sh" +- cd - +- cd examples/SmoothWebappPython +- "./test_service.sh" +- docker exec -ti panteras_panteras_1 supervisorctl status diff --git a/docker-compose.yml.tpl b/docker-compose.yml.tpl index da63045..e74e8a9 100644 --- a/docker-compose.yml.tpl +++ b/docker-compose.yml.tpl @@ -5,6 +5,7 @@ panteras: pid: host restart: "${PANTERAS_RESTART}" ${PORTS} + ${FABIO_UI_PORTS} ${CONSUL_UI_PORTS} ${MARATHON_PORTS} ${MESOS_PORTS} @@ -18,28 +19,31 @@ panteras: FQDN: "${FQDN}" GOMAXPROCS: "${GOMAXPROCS}" + SERVICE_81_NAME: fabio-ui + SERVICE_81_TAGS: paas-fabio.ui.service.consul/ + SERVICE_81_CHECK_HTTP: /v1/status/leader + SERVICE_8500_NAME: consul-ui - SERVICE_8500_TAGS: haproxy,urlprefix-consul-ui.service.consul/ + SERVICE_8500_TAGS: paas-consul.ui.service.consul/ SERVICE_8500_CHECK_HTTP: /v1/status/leader SERVICE_8080_NAME: marathon - SERVICE_8080_TAGS: haproxy,urlprefix-marathon.service.consul/ + SERVICE_8080_TAGS: paas-marathon.ui.service.consul/ SERVICE_8080_CHECK_HTTP: /v2/leader SERVICE_5050_NAME: mesos - SERVICE_5050_TAGS: haproxy,urlprefix-mesos.service.consul/ + SERVICE_5050_TAGS: paas-mesos.service.consul/ SERVICE_5050_CHECK_HTTP: /master/health SERVICE_4400_NAME: chronos - SERVICE_4400_TAGS: haproxy,urlprefix-chronos.service.consul/ + SERVICE_4400_TAGS: paas-chronos.service.consul/ SERVICE_4400_CHECK_HTTP: /ping SERVICE_19999_NAME: netdata - SERVICE_19999_TAGS: haproxy,urlprefix-netdata.service.consul/ + SERVICE_19999_TAGS: paas-netdata.service.consul/ SERVICE_19999_CHECK_HTTP: /version.txt START_CONSUL: "${START_CONSUL}" - START_CONSUL_TEMPLATE: "${START_CONSUL_TEMPLATE}" START_DNSMASQ: "${START_DNSMASQ}" START_MESOS_MASTER: "${START_MESOS_MASTER}" START_MARATHON: "${START_MARATHON}" @@ -50,16 +54,10 @@ panteras: START_FABIO: "${START_FABIO}" START_NETDATA: "${START_NETDATA}" - HAPROXY_SSL: "${HAPROXY_SSL}" - CONSUL_APP_PARAMS: "${CONSUL_APP_PARAMS}" CONSUL_DOMAIN: "${CONSUL_DOMAIN}" - CONSUL_TEMPLATE_APP_PARAMS: "${CONSUL_TEMPLATE_APP_PARAMS}" DNSMASQ_APP_PARAMS: "${DNSMASQ_APP_PARAMS}" - HAPROXY_ADD_DOMAIN: "${HAPROXY_ADD_DOMAIN}" - HAPROXY_CERT_OPTS: "${HAPROXY_CERT_OPTS}" MARATHON_APP_PARAMS: "${MARATHON_APP_PARAMS}" - MARATHON_JAVA_OPTS: "${MARATHON_JAVA_OPTS}" MESOS_MASTER_APP_PARAMS: "${MESOS_MASTER_APP_PARAMS}" MESOS_SLAVE_APP_PARAMS: "${MESOS_SLAVE_APP_PARAMS}" REGISTRATOR_APP_PARAMS: "${REGISTRATOR_APP_PARAMS}" @@ -67,7 +65,6 @@ panteras: ZOOKEEPER_APP_PARAMS: "${ZOOKEEPER_APP_PARAMS}" ZOOKEEPER_HOSTS: "${ZOOKEEPER_HOSTS}" ZOOKEEPER_ID: "${ZOOKEEPER_ID}" - KEEPALIVED_VIP: "${KEEPALIVED_VIP}" CHRONOS_APP_PARAMS: "${CHRONOS_APP_PARAMS}" JAVA_OPTS: "${CHRONOS_JAVA_OPTS}" FABIO_APP_PARAMS: "${FABIO_APP_PARAMS}" diff --git a/examples/SimpleWebappPython/README.md b/examples/SimpleWebappPython/README.md index 8ebf6d9..132ec8d 100644 --- a/examples/SimpleWebappPython/README.md +++ b/examples/SimpleWebappPython/README.md @@ -16,13 +16,20 @@ Test: $ curl -H 'Host: python.service.consul' http:// ``` +Test canary: -Deploy "tcp" example: +http://:81/manual +``` +route weight python.service.consul weight 0.01 tags "canary" +``` + + +Deploy "tcp" example (require fabio start with extra port): ``` $ IP= ./start_with_marathon.sh deploy2_marathon.json ``` Test: ``` -$ curl http://:5556 +$ curl http://:8181 ``` diff --git a/examples/SimpleWebappPython/deploy.yml b/examples/SimpleWebappPython/deploy.yml deleted file mode 100644 index e69de29..0000000 diff --git a/examples/SimpleWebappPython/deploy0_marathon.json b/examples/SimpleWebappPython/deploy0_marathon.json index 5b4ac2c..4dfd02d 100644 --- a/examples/SimpleWebappPython/deploy0_marathon.json +++ b/examples/SimpleWebappPython/deploy0_marathon.json @@ -1,6 +1,7 @@ { "id": "python-example-stable", "cmd": "{ echo python stable `hostname` > index.html; exec python3 -m http.server 8080; }", + "user": "ecgapp", "mem": 16, "cpus": 0.1, "instances": 2, @@ -15,8 +16,9 @@ } }, "env": { - "SERVICE_TAGS" : "haproxy,haproxy_weight=100,haproxy_httpchk=GET /", - "SERVICE_NAME" : "python" + "SERVICE_TAGS" : "paas-python.service.consul/", + "SERVICE_NAME" : "python", + "SERVICE_8080_CHECK_HTTP" : "/index.html" }, "healthChecks": [ { diff --git a/examples/SimpleWebappPython/deploy1_marathon.json b/examples/SimpleWebappPython/deploy1_marathon.json index 03cc318..c8f3f95 100644 --- a/examples/SimpleWebappPython/deploy1_marathon.json +++ b/examples/SimpleWebappPython/deploy1_marathon.json @@ -1,6 +1,7 @@ { "id": "python-example-canaries", "cmd": "echo python canaries `hostname` > index.html; python3 -m http.server 8080", + "user": "ecgapp", "mem": 16, "cpus": 0.1, "instances": 2, @@ -15,18 +16,11 @@ } }, "env": { - "SERVICE_TAGS" : "haproxy,haproxy_weight=1,haproxy_route=/media,haproxy_route=/chat", - "SERVICE_NAME" : "python" + "SERVICE_TAGS" : "paas-python.service.consul/,canary", + "SERVICE_NAME" : "python", + "SERVICE_8080_CHECK_HTTP" : "/index.html" }, "healthChecks": [ - { - "portIndex": 0, - "protocol": "MESOS_TCP", - "gracePeriodSeconds": 30, - "intervalSeconds": 10, - "timeoutSeconds": 30, - "maxConsecutiveFailures": 3 - }, { "path": "/", "portIndex": 0, diff --git a/examples/SimpleWebappPython/deploy2_marathon.json b/examples/SimpleWebappPython/deploy2_marathon.json index 65477ab..77eb78c 100644 --- a/examples/SimpleWebappPython/deploy2_marathon.json +++ b/examples/SimpleWebappPython/deploy2_marathon.json @@ -1,6 +1,7 @@ { "id": "python-example-tcp", "cmd": "echo python stable `hostname` > index.html; python3 -m http.server 8080", + "user": "ecgapp", "mem": 16, "cpus": 0.1, "instances": 2, @@ -15,8 +16,9 @@ } }, "env": { - "SERVICE_TAGS" : "haproxy,haproxy_tcp=5556", - "SERVICE_NAME" : "python-tcp" + "SERVICE_TAGS" : "paas-:8181 proto=tcp", + "SERVICE_NAME" : "python-tcp", + "SERVICE_8080_CHECK_HTTP" : "/index.html" }, "healthChecks": [ { diff --git a/examples/SimpleWebappPython/start_with_marathon.sh b/examples/SimpleWebappPython/start_with_marathon.sh index 8276600..7421f8e 100755 --- a/examples/SimpleWebappPython/start_with_marathon.sh +++ b/examples/SimpleWebappPython/start_with_marathon.sh @@ -20,6 +20,6 @@ then curl -X DELETE -H "Content-Type: application/json" http://${IP}:8080/v2/apps/python-example-tcp?force=true >/dev/null 2>&1 else echo "Start a new one" - #curl -X POST -H "Content-Type: application/json" http://${IP}:8080/v2/apps -d@$1 - curl -X PUT -H "Content-Type: application/json" http://${IP}:8080/v2/apps/python-example-stable?force=true -d@$1 + curl -X POST -H "Content-Type: application/json" http://${IP}:8080/v2/apps -d@$1 + #curl -X PUT -H "Content-Type: application/json" http://${IP}:8080/v2/apps/python-example-stable?force=true -d@$1 fi diff --git a/examples/SmoothWebappPython/deploy0_marathon.json b/examples/SmoothWebappPython/deploy0_marathon.json index 7b83905..a0e19d0 100644 --- a/examples/SmoothWebappPython/deploy0_marathon.json +++ b/examples/SmoothWebappPython/deploy0_marathon.json @@ -1,5 +1,6 @@ { "id": "python-smooth-stable", + "user": "ecgapp", "args": [ "cd /opt/web/ && python3 -m http.server --cgi" ], "container": { "docker": { @@ -16,7 +17,7 @@ "mem": 64.0, "instances": 2, "env": { - "SERVICE_TAGS" : "haproxy,haproxy_weight=100,haproxy_httpchk=GET /,urlprefix-python-smooth.service.consul/", + "SERVICE_TAGS" : "paas-python-smooth.service.consul/", "SERVICE_NAME" : "python-smooth", "SERVICE_8000_CHECK_HTTP" : "/index.html" }, diff --git a/examples/SmoothWebappPython/deploy1_marathon.json b/examples/SmoothWebappPython/deploy1_marathon.json index da474c8..a7debb7 100644 --- a/examples/SmoothWebappPython/deploy1_marathon.json +++ b/examples/SmoothWebappPython/deploy1_marathon.json @@ -1,5 +1,6 @@ { "id": "python-smooth-canaries", + "user": "ecgapp", "args": [ "cd /opt/web/ && python3 -m http.server --cgi" ], "container": { "docker": { @@ -16,7 +17,7 @@ "mem": 64.0, "instances": 1, "env": { - "SERVICE_TAGS" : "haproxy,haproxy_weight=50,urlprefix-python-smooth.service.consul/", + "SERVICE_TAGS" : "paas-python-smooth.service.consul/", "SERVICE_NAME" : "python-smooth", "SERVICE_8000_CHECK_HTTP" : "/index.html" }, diff --git a/examples/SmoothWebappPython/simple_webapp_python/Dockerfile b/examples/SmoothWebappPython/simple_webapp_python/Dockerfile index df614eb..38933e8 100644 --- a/examples/SmoothWebappPython/simple_webapp_python/Dockerfile +++ b/examples/SmoothWebappPython/simple_webapp_python/Dockerfile @@ -14,10 +14,14 @@ ADD ./cgi-bin/index /opt/web/cgi-bin/ RUN chmod a+x /opt/web/cgi-bin/index ADD https://raw.githubusercontent.com/eBayClassifiedsGroup/PanteraS/master/frameworks/start.sh /usr/local/bin/start.sh -RUN chmod +x /usr/local/bin/start.sh +RUN chmod +rx /usr/local/bin/start.sh -EXPOSE 8000 +RUN addgroup -g 31337 ecgapp && \ + adduser -G ecgapp -u 31337 -h /app -s /bin/false -D ecgapp && \ + chown ecgapp:ecgapp /opt/web/ -WORKDIR / +USER ecgapp + +WORKDIR /app ENTRYPOINT ["/usr/local/bin/start.sh"] diff --git a/frameworks/jessie-node4/Dockerfile b/frameworks/jessie-node4/Dockerfile deleted file mode 100644 index e997bff..0000000 --- a/frameworks/jessie-node4/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM node:4.9.1-slim - -MAINTAINER Robert Schumann - -ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update \ - && apt-get install -y curl \ - && apt-get clean - -RUN cd /usr/local/bin/ && curl -O https://raw.githubusercontent.com/eBayClassifiedsGroup/PanteraS/master/frameworks/start.sh -RUN chmod +x /usr/local/bin/start.sh - -ENV IMAGE panteras/jessie-node4 -ENV HOME / -WORKDIR / - -ENTRYPOINT ["/usr/local/bin/start.sh"] diff --git a/frameworks/jessie-node6/Dockerfile b/frameworks/jessie-node6/Dockerfile deleted file mode 100644 index c1746d9..0000000 --- a/frameworks/jessie-node6/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM node:6.14.1-slim - -MAINTAINER Wojciech Sielski - -RUN cd /usr/local/bin/ && curl -O https://raw.githubusercontent.com/eBayClassifiedsGroup/PanteraS/master/frameworks/start.sh -RUN chmod +x /usr/local/bin/start.sh - -ENV IMAGE panteras/jessie-node6 -ENV HOME / -WORKDIR / - -ENTRYPOINT ["/usr/local/bin/start.sh"] - diff --git a/generate_yml.sh b/generate_yml.sh index cf62ebd..ddc413a 100755 --- a/generate_yml.sh +++ b/generate_yml.sh @@ -43,24 +43,22 @@ PANTERAS_DOCKER_IMAGE=${PANTERAS_DOCKER_IMAGE:-${REGISTRY}panteras/paas-in-a-box #COMMON START_CONSUL=${START_CONSUL:-"true"} +START_FABIO=${START_FABIO:-"true"} + #MASTER START_MESOS_MASTER=${START_MESOS_MASTER:-${MASTER}} START_MARATHON=${START_MARATHON:-${MASTER}} START_ZOOKEEPER=${START_ZOOKEEPER:-${MASTER}} START_CHRONOS=${START_CHRONOS:-${MASTER}} + #SLAVE START_CONSUL_TEMPLATE=${START_CONSUL_TEMPLATE:-${SLAVE}} -#FABIO experimental -START_FABIO=${START_FABIO:-"false"} START_MESOS_SLAVE=${START_MESOS_SLAVE:-${SLAVE}} START_REGISTRATOR=${START_REGISTRATOR:-${SLAVE}} -#NETDATA experimental -START_NETDATA=${START_NETDATA:-"false"} + #OPTIONAL -START_DNSMASQ=${START_DNSMASQ:-"true"} -#HAPROXY SSL -HAPROXY_SSL=${HAPROXY_SSL:-"false"} -[ "$HAPROXY_SSL" == "true" ] && HAPROXY_CERT_OPTS=${HAPROXY_CERT_OPTS:-"ssl crt /etc/haproxy/haproxy.pem"} +START_NETDATA=${START_NETDATA:-"false"} +START_DNSMASQ=${START_DNSMASQ:-"false"} # Lets consul behave as a client but on slaves only [ "${SLAVE}" == "true" ] && [ "${MASTER}" == "false" ] && CONSUL_MODE=${CONSUL_MODE:-' '} @@ -88,7 +86,6 @@ FQDN=${FQDN:-"`hostname -f`"} FQDN=${FQDN:-${HOSTNAME}} # Memory settings -MARATHON_JAVA_OPTS=${MARATHON_JAVA_OPTS:-"-Xmx512m"} ZOOKEEPER_JAVA_OPTS=${ZOOKEEPER_JAVA_OPTS:-"-Xmx512m"} CHRONOS_JAVA_OPTS=${CHRONOS_JAVA_OPTS:-"-Xmx512m"} @@ -99,19 +96,13 @@ CHRONOS_JAVA_OPTS=${CHRONOS_JAVA_OPTS:-"-Xmx512m"} DNSMASQ_ADDRESS=${DNSMASQ_ADDRESS:-"--address=/consul/${CONSUL_IP}"} [ ${LISTEN_IP} != "0.0.0.0" ] && DNSMASQ_BIND_INTERFACES="--bind-interfaces --listen-address=${LISTEN_IP}" -# enable keepalived if the consul_template(with HAproxy) gets started and a -# virtual IP address is specified -[ "${START_CONSUL_TEMPLATE}" == "true" ] && [ ${KEEPALIVED_VIP} ] && \ - KEEPALIVED_CONSUL_TEMPLATE="-template=./keepalived.conf.ctmpl:/etc/keepalived/keepalived.conf:./keepalived_reload.sh" - # Expose ports depends on which service has been mark to start -[ "${START_CONSUL_TEMPLATE}" == "true" ] || [ "${START_FABIO}" == "true" ] && { - [ "${START_CONSUL}" == "true" ] && PORTS="ports:" && CONSUL_UI_PORTS='- "8500:8500"' - [ "${START_MARATHON}" == "true" ] && PORTS="ports:" && MARATHON_PORTS='- "8080:8080"' - [ "${START_MESOS_MASTER}" == "true" ] && PORTS="ports:" && MESOS_PORTS='- "5050:5050"' - [ "${START_CHRONOS}" == "true" ] && PORTS="ports:" && CHRONOS_PORTS='- "4400:4400"' - [ "${START_NETDATA}" == "true" ] && PORTS="ports:" && NETDATA_PORTS='- "19999:19999"' -} +[ "${START_FABIO}" == "true" ] && PORTS="ports:" && FABIO_UI_PORTS='- "81:81"' +[ "${START_CONSUL}" == "true" ] && PORTS="ports:" && CONSUL_UI_PORTS='- "8500:8500"' +[ "${START_MARATHON}" == "true" ] && PORTS="ports:" && MARATHON_PORTS='- "8080:8080"' +[ "${START_MESOS_MASTER}" == "true" ] && PORTS="ports:" && MESOS_PORTS='- "5050:5050"' +[ "${START_CHRONOS}" == "true" ] && PORTS="ports:" && CHRONOS_PORTS='- "4400:4400"' +[ "${START_NETDATA}" == "true" ] && PORTS="ports:" && NETDATA_PORTS='- "19999:19999"' # Override docker with local binary [ "${HOST_DOCKER}" == "true" ] && VOLUME_DOCKER=${VOLUME_DOCKER:-'- "/usr/local/bin/docker:/usr/local/bin/docker"'} @@ -132,12 +123,6 @@ CONSUL_PARAMS="agent \ ${CONSUL_HOSTS} \ ${CONSUL_PARAMS}" # -CONSUL_TEMPLATE_PARAMS="-consul=${CONSUL_IP}:8500 \ - -template haproxy.cfg.ctmpl:/etc/haproxy/haproxy.cfg:/opt/consul-template/haproxy_reload.sh \ - -consul-retry \ - -max-stale=0 \ - ${KEEPALIVED_CONSUL_TEMPLATE}" -# DNSMASQ_PARAMS="-d \ -u dnsmasq \ -r /etc/resolv.conf.orig \ @@ -151,7 +136,6 @@ DNSMASQ_PARAMS="-d \ MARATHON_PARAMS="--master zk://${ZOOKEEPER_HOSTS}/mesos \ --zk zk://${ZOOKEEPER_HOSTS}/marathon \ --hostname ${HOSTNAME} \ - --no-logger \ --http_address ${LISTEN_IP} \ --https_address ${LISTEN_IP} \ ${MARATHON_PARAMS}" @@ -192,7 +176,6 @@ FABIO_PARAMS="-cfg ./fabio.properties" NETDATA_PARAMS="-nd -ch /host" CONSUL_APP_PARAMS=${CONSUL_APP_PARAMS:-$CONSUL_PARAMS} -CONSUL_TEMPLATE_APP_PARAMS=${CONSUL_TEMPLATE_APP_PARAMS:-$CONSUL_TEMPLATE_PARAMS} DNSMASQ_APP_PARAMS=${DNSMASQ_APP_PARAMS:-$DNSMASQ_PARAMS} MARATHON_APP_PARAMS=${MARATHON_APP_PARAMS:-$MARATHON_PARAMS} MESOS_MASTER_APP_PARAMS=${MESOS_MASTER_APP_PARAMS:-$MESOS_MASTER_PARAMS} diff --git a/infrastructure/Dockerfile b/infrastructure/Dockerfile index 6bebe5b..f544dbe 100644 --- a/infrastructure/Dockerfile +++ b/infrastructure/Dockerfile @@ -8,6 +8,17 @@ MAINTAINER Wojciech Sielski "wsielski@team.mobile.de" RUN apt-get update \ && apt-get install -y \ locales \ + apt-transport-https \ + python-pip \ + wget \ + curl \ + unzip \ + dnsutils \ + vim \ + git \ + lolcat \ + toilet \ + jshon \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -21,38 +32,16 @@ ENV TERM xterm ENV HOME /root ENV GOPATH ${HOME}/go -RUN apt-get update \ - && apt-get install -y \ - apt-transport-https \ - python-pip \ - wget \ - curl \ - unzip \ - dnsutils \ - vim \ - git \ - lolcat \ - toilet \ - keepalived \ - iptables \ - libapparmor1 \ - jshon \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - ENV SUPERVISORD_APP_VERSION 3.3.3 -ENV DOCKER_APP_VERSION 17.05.0~ce-0~ubuntu-xenial -ENV CONSUL_APP_VERSION 1.0.6 -ENV CONSUL_TEMPLATE_APP_VERSION 0.18.2 -ENV HAPROXY_APP_VERSION 1.6.14-1ppa1~xenial -ENV MESOS_APP_VERSION 1.4.1-2.0.1 -ENV MARATHON_APP_VERSION 1.4.10-1.0.675.ubuntu1604 +ENV DOCKER_APP_VERSION 18.03.1~ce-0~ubuntu +ENV CONSUL_APP_VERSION 1.1.0 +ENV MESOS_APP_VERSION 1.6.0-2.0.4 +ENV MARATHON_APP_VERSION 1.6.352 ENV REGISTRATOR_APP_VERSION v7 ENV CHRONOS_APP_VERSION 2.5.1-0.1.20171211074431.ubuntu1604 -ENV FABIO_APP_VERSION 1.5.8 -ENV FABIO_GO_APP_VERSION go1.10 -ENV NETDATA_APP_VERSION 1.9.0 -ENV MARATHON_LDAP_VERSION 1.3 +ENV FABIO_APP_VERSION 1.5.9 +ENV FABIO_GO_APP_VERSION go1.10.2 +ENV NETDATA_APP_VERSION 1.10.0 ENV DOCKER_HOST unix:///tmp/docker.sock @@ -81,45 +70,6 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* - -# HAPROXY -# -RUN mkdir /opt/consul-template -ENV PATH $PATH:/opt/consul-template -WORKDIR /opt/consul-template - -RUN echo 'deb http://ppa.launchpad.net/vbernat/haproxy-1.6/ubuntu xenial main' > /etc/apt/sources.list.d/haproxy.list \ - && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 1C61B9CD \ - && apt-get update \ - && apt-get install -y \ - haproxy=${HAPROXY_APP_VERSION} \ - && apt-get clean \ - && sed -i 's/^ENABLED=.*/ENABLED=1/' /etc/default/haproxy \ - && rm -rf /var/lib/apt/lists/* \ - && ln -s /usr/sbin/haproxy /usr/sbin/haproxy_a \ - && ln -s /usr/sbin/haproxy /usr/sbin/haproxy_b - -# consul-template -RUN wget https://releases.hashicorp.com/consul-template/${CONSUL_TEMPLATE_APP_VERSION}/consul-template_${CONSUL_TEMPLATE_APP_VERSION}_linux_amd64.zip \ - && unzip consul-template_${CONSUL_TEMPLATE_APP_VERSION}_linux_amd64.zip - -# HAPROXY config -# -# Add files -ADD haproxy.cfg /etc/haproxy/ -ADD haproxy.pem /etc/haproxy/ -# same file for an "empty template" -ADD haproxy.cfg /opt/consul-template/ -ADD haproxy.cfg.ctmpl /opt/consul-template/ -ADD haproxy_reload.sh /opt/consul-template/ -ADD consul-template.sh /opt/consul-template/ -ADD consul_config.json /etc/consul.d/ - -# KEEPALIVED config -# -ADD keepalived.conf.ctmpl /opt/consul-template/ -ADD keepalived_reload.sh /opt/consul-template/ - # ZOOKEEPER MESOS MARATHON # RUN echo "deb http://repos.mesosphere.io/ubuntu/ xenial main" > /etc/apt/sources.list.d/mesosphere.list \ @@ -133,20 +83,13 @@ RUN echo "deb http://repos.mesosphere.io/ubuntu/ xenial main" > /etc/apt/sources && rm -rf /var/lib/apt/lists/* \ && rm /etc/mesos/zk ADD zkStart.sh /opt/zkStart.sh -ADD marathon.default /etc/default/marathon - -# MARATHON PLUGINS -# -RUN mkdir -p /opt/marathon/plugins/ -WORKDIR /opt/marathon/plugins/ -RUN wget https://github.com/ContainX/marathon-ldap/releases/download/${MARATHON_LDAP_VERSION}/marathon-ldap.jar # DOCKER # -RUN echo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' > /etc/apt/sources.list.d/docker.list \ - && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F76221572C52609D \ +RUN echo 'deb https://download.docker.com/linux/ubuntu xenial stable' > /etc/apt/sources.list.d/docker.list \ + && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0EBFCD88 \ && apt-get update \ - && apt-get install -y docker-engine=${DOCKER_APP_VERSION} \ + && apt-get install -y docker-ce=${DOCKER_APP_VERSION} \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -165,7 +108,6 @@ RUN wget https://github.com/eBayClassifiedsGroup/registrator/releases/download/$ RUN mkdir /opt/fabio ENV PATH ${PATH}:/opt/fabio WORKDIR /opt/fabio -ADD fabio.properties /opt/fabio/fabio.properties RUN wget https://github.com/eBay/fabio/releases/download/v${FABIO_APP_VERSION}/fabio-${FABIO_APP_VERSION}-${FABIO_GO_APP_VERSION}-linux_amd64 \ && chmod a+x fabio-${FABIO_APP_VERSION}-${FABIO_GO_APP_VERSION}-linux_amd64 \ && ln -s fabio-${FABIO_APP_VERSION}-${FABIO_GO_APP_VERSION}-linux_amd64 fabio @@ -212,12 +154,18 @@ RUN wget https://raw.githubusercontent.com/patorjk/figlet.js/master/fonts/Elite. ADD supervisord.conf /etc/supervisord.conf ADD supervisord.sh /opt/ -ADD panteras.http /etc/haproxy/errors/ -ADD version /opt/ + +ADD panteras.http /etc/fabio/errors/ +ADD fabio.properties /opt/fabio/fabio.properties ADD logo.sh /etc/profile.d ADD paas.sh /etc/profile.d ADD bashrc /tmp +ADD version /opt/ + +# example user +RUN groupadd -g 31337 ecgapp && \ + useradd -g 31337 -u 31337 -d /app -s /bin/false ecgapp RUN cat /tmp/bashrc >> /root/.bashrc diff --git a/infrastructure/consul-template.sh b/infrastructure/consul-template.sh deleted file mode 100755 index d00b4fd..0000000 --- a/infrastructure/consul-template.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -./haproxy_reload.sh -trap './haproxy_reload.sh cleanup && kill -TERM $PID' TERM INT -consul-template ${CONSUL_TEMPLATE_APP_PARAMS} & -PID=$! -wait $PID -trap - TERM INT -wait $PID -exit $? - diff --git a/infrastructure/fabio.properties b/infrastructure/fabio.properties index a585154..2b2d59f 100644 --- a/infrastructure/fabio.properties +++ b/infrastructure/fabio.properties @@ -1,3 +1,6 @@ proxy.addr = :80 ui.addr = :81 registry.consul.register.addr = :81 +registry.consul.noroutehtmlpath = /panteras/http +registry.consul.register.name = fabio-paas +registry.consul.tagprefix = paas- diff --git a/infrastructure/haproxy.cfg b/infrastructure/haproxy.cfg deleted file mode 100644 index 64274d2..0000000 --- a/infrastructure/haproxy.cfg +++ /dev/null @@ -1,41 +0,0 @@ -global - daemon - maxconn 16384 - log 127.0.0.1 local0 - log 127.0.0.1 local1 notice - log-send-hostname - -defaults - mode http - log global - unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid - unique-id-header X-Unique-ID - timeout connect 5s - timeout client 60s - timeout server 60s - timeout tunnel 3600s - option dontlognull - option http-keep-alive - http-reuse safe - option redispatch - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http - -listen stats - bind ${LISTEN_IP}:${PORT_STATS} - mode http - stats enable - stats hide-version - stats realm Haproxy\ Statistics - stats uri / - -frontend http-in - bind ${LISTEN_IP}:${PORT_HTTP} ${HAPROXY_CERT_OPTS} - option httplog - option forwardfor - log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ %ID diff --git a/infrastructure/haproxy.cfg.ctmpl b/infrastructure/haproxy.cfg.ctmpl deleted file mode 100644 index 9c701f4..0000000 --- a/infrastructure/haproxy.cfg.ctmpl +++ /dev/null @@ -1,42 +0,0 @@ -{{file "haproxy.cfg"}} - -{{range services}}{{range $tag, $services := service .Name | byTag}}{{$service := (index $services 0)}}{{if eq $tag "haproxy"}} # HTTP service: {{$service.Name}} - acl acl_{{$service.Name}} hdr(host) -i {{$service.Name}}.service - {{if eq (env "CONSUL_DOMAIN") ""}}acl acl_{{$service.Name}} hdr(host) -i {{$service.Name}}.service.consul{{else}}acl acl_{{$service.Name}} hdr(host) -i {{$service.Name}}.service.{{env "CONSUL_DOMAIN"}}{{end}} - {{range datacenters}}{{if eq (env "CONSUL_DOMAIN") ""}}acl acl_{{$service.Name}} hdr(host) -i {{$service.Name}}.service.{{.}}.consul{{else}}acl acl_{{$service.Name}} hdr(host) -i {{$service.Name}}.service.{{.}}.{{env "CONSUL_DOMAIN"}}{{end}} - {{end}}{{if ne (env "HAPROXY_ADD_DOMAIN") ""}}acl acl_{{$service.Name}} hdr(host) -i {{$service.Name}}{{env "HAPROXY_ADD_DOMAIN"}}{{end}} - {{range $service.Tags}}{{if . | regexMatch "^haproxy_route=(.+)" }}acl acl_{{$service.Name}} path_beg {{. | regexReplaceAll "haproxy_route=" ""}}/ - {{end}}{{end}} - use_backend backend_{{$service.Name}} if acl_{{$service.Name}} - -{{end}}{{end}}{{end}} - - acl acl_panteras hdr(host) -i localhost - acl acl_panteras hdr(host) 127.0.0.1 - {{if ne (env "HOSTNAME") ""}}acl acl_panteras hdr(host) -i {{env "HOSTNAME"}}{{end}} - {{if ne (env "FQDN") ""}}acl acl_panteras hdr(host) -i {{env "FQDN" }}{{end}} - {{if ne (env "HOST_IP") ""}}acl acl_panteras hdr(host) {{env "HOST_IP" }}{{end}} - use_backend backend_panteras if acl_panteras - - backend backend_panteras - errorfile 503 /etc/haproxy/errors/panteras.http - - -{{range services}}{{range $tag, $services := service .Name | byTag}}{{$service := (index $services 0)}}{{if eq $tag "haproxy"}} -# HTTP service: {{$service.Name}} -backend backend_{{$service.Name}}{{$key_maxconn := printf "/haproxy/%s/maxconn" $service.Name}} - balance roundrobin{{range $tag, $services := service $service.Name | byTag}}{{if $tag | regexMatch "^haproxy_httpchk=(.+)" }} - option {{$tag | regexReplaceAll "haproxy_httpchk=(.+)" "httpchk $1"}} {{end}}{{end}} -{{range $services}} server {{.Node}}_{{.Port}} {{.Address}}:{{.Port}} maxconn {{ key_or_default $key_maxconn "128" }} {{range .Tags}}{{if . | regexMatch "^haproxy_weight=([0-9]+)" }} {{. | regexReplaceAll "haproxy_weight=" "weight "}} {{end}}{{end}} check -{{end}}{{end}}{{end}}{{end}} - -{{range services}}{{range $tag, $services := service .Name | byTag}}{{$service := (index $services 0)}}{{if eq $tag "haproxy"}}{{range $service.Tags}}{{if . | regexMatch "^haproxy_tcp=([0-9]+)" }}{{$tcp_port := . | regexReplaceAll "haproxy_tcp=" ""}} -# TCP forwarding service: {{$service.Name}}:{{$tcp_port}} -listen tcp_{{$service.Name}} - bind :{{$tcp_port}} - mode tcp - option tcplog - balance roundrobin -{{range $services}} server {{.Node}}_{{.Port}} {{.Address}}:{{.Port}} check -{{end}}{{end}}{{end}} -{{end}}{{end}}{{end}} diff --git a/infrastructure/haproxy.cfg.ctmpl.test b/infrastructure/haproxy.cfg.ctmpl.test deleted file mode 100644 index 617117e..0000000 --- a/infrastructure/haproxy.cfg.ctmpl.test +++ /dev/null @@ -1,41 +0,0 @@ -{{file "haproxy.cfg"}} - -{{range services}}{{if .Tags | contains "haproxy"}}{{$name := .Name}} # HTTP service: {{.Name}} - {{if eq (env "CONSUL_DOMAIN") ""}}acl acl_{{$name}} hdr(host) -i {{$name}}.service.consul{{else}}acl acl_{{$name}} hdr(host) -i {{$name}}.service.{{env "CONSUL_DOMAIN"}}{{end}} - {{range datacenters}}{{if eq (env "CONSUL_DOMAIN") ""}}acl acl_{{$name}} hdr(host) -i {{$name}}.service.{{.}}.consul{{else}}acl acl_{{$name}} hdr(host) -i {{$name}}.service.{{.}}.{{env "CONSUL_DOMAIN"}}{{end}} - {{end}}{{if ne (env "HAPROXY_ADD_DOMAIN") ""}}acl acl_{{$name}} hdr(host) -i {{$name}}{{env "HAPROXY_ADD_DOMAIN"}}{{end}} - {{range .Tags}}{{if . | regexMatch "^haproxy_route=(.+)" }}acl acl_{{$name}} path_beg {{. | regexReplaceAll "haproxy_route=" ""}}/ - {{end}}{{end}} - use_backend backend_{{$name}} if acl_{{$name}} - -{{end}}{{end}} - - acl acl_panteras hdr(host) -i localhost - acl acl_panteras hdr(host) 127.0.0.1 - {{if ne (env "HOSTNAME") ""}}acl acl_panteras hdr(host) -i {{env "HOSTNAME"}}{{end}} - {{if ne (env "FQDN") ""}}acl acl_panteras hdr(host) -i {{env "FQDN" }}{{end}} - {{if ne (env "HOST_IP") ""}}acl acl_panteras hdr(host) {{env "HOST_IP" }}{{end}} - use_backend backend_panteras if acl_panteras - -# BACKENDS -backend backend_panteras - errorfile 503 /etc/haproxy/errors/panteras.http - -{{range services}}{{if .Tags | contains "haproxy" }} -# HTTP service: {{.Name}} -backend backend_{{.Name}}{{$key_maxconn := printf "/haproxy/%s/maxconn" .Name}} - balance roundrobin{{range $tag, $services := service .Name | byTag}}{{if $tag | regexMatch "^haproxy_httpchk=(.+)" }} - option {{$tag | regexReplaceAll "haproxy_httpchk=(.+)" "httpchk $1"}} {{end}}{{end}} -{{range service .Name}}{{if .Tags | contains "haproxy"}} server {{.Node}}_{{.Port}} {{.Address}}:{{.Port}} maxconn {{ key_or_default $key_maxconn "128" }} {{range .Tags}}{{if . | regexMatch "^haproxy_weight=([0-9]+)" }} {{. | regexReplaceAll "haproxy_weight=" "weight "}} {{end}}{{end}} check -{{end}}{{end}}{{end}}{{end}} - -{{range services}}{{if .Tags | contains "haproxy"}}{{range .Tags}}{{if . | regexMatch "^haproxy_tcp=([0-9]+)" }}{{$tcp_port := . | regexReplaceAll "haproxy_tcp=" ""}} -# TCP forwarding service: {{.Name}}:{{$tcp_port}} -listen tcp_{{.Name}} - bind :{{$tcp_port}} - mode tcp - option tcplog - balance roundrobin -{{range service .Name}} server {{.Node}}_{{.Port}} {{.Address}}:{{.Port}} check -{{end}}{{end}} -{{end}}{{end}}{{end}} diff --git a/infrastructure/haproxy.pem b/infrastructure/haproxy.pem deleted file mode 100644 index c419d37..0000000 --- a/infrastructure/haproxy.pem +++ /dev/null @@ -1,47 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDNDCCAhwCCQDyVZ8is4y0YDANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJY -WDEMMAoGA1UECBMDQU5ZMQwwCgYDVQQHEwNBTlkxDDAKBgNVBAoTA0FOWTERMA8G -A1UECxMIUGFudGVyYVMxEDAOBgNVBAMTB2hhcHJveHkwHhcNMTYwNDIwMDQzMjEz -WhcNNDMwOTA1MDQzMjEzWjBcMQswCQYDVQQGEwJYWDEMMAoGA1UECBMDQU5ZMQww -CgYDVQQHEwNBTlkxDDAKBgNVBAoTA0FOWTERMA8GA1UECxMIUGFudGVyYVMxEDAO -BgNVBAMTB2hhcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo -Cg+I2AmkAWYBTlDkzB9ZXgb9NIf9Hm90381qTAb2U8FDk7QCpGuGiqRObViTS1fw -CMX53fXOa+zlqUCiNieikZZG3H1oQ4tjdas4kucEfVkcuc0n7KLUW1Lcj2H8VxBU -JBppzlDAQFLPvg68nxcyIUhkCrdslQc1GP+4Ye7VnzW+ToU3N2vvwKa5/Y65+84v -lPGktpuX8TjxMja+4CAwWpdlb1/X9Vaqu5wfomdmDmoEEe9FSJdGk6SVuA1TOaGD -9FFlduL9HaY+jEsCbSXIcJV9oDGohm7QE4EJk421HRUnCywg8Q2MUCAo7tsw4TtH -VADIaBg09IxArmYo5QcFAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFL05Nl1cpQj -FD+xRR/WitdBZBUIr6zdaUDBh5HvT48s3dQcDn6Ys5MANkPdc1dBWzjRYpopZeYz -gppsN+dc12GKGVU+12XouuLipkPHXjjuZp6I2xtmEuZkwHbfuWs8gAGql9AUDkeW -c3NFF3B4k3uUjAQM85T5fhcHoq0Ur07hMmrqVdG3gl9TsAwGiBFIkGyam4DXziEM -b8G/4+ruIR5GFh2gcmOSmGnOefyx80LKQzAaur38a8i563x8Sa8YPKcoIhNjmi2v -Vf3t3iU44bOuX6/UPeOXuY0AvMNvVYIDltNIJ8BXWoVjCLWaKabf9MRohQKl8lyl -yMePYhdbAOA= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA6AoPiNgJpAFmAU5Q5MwfWV4G/TSH/R5vdN/NakwG9lPBQ5O0 -AqRrhoqkTm1Yk0tX8AjF+d31zmvs5alAojYnopGWRtx9aEOLY3WrOJLnBH1ZHLnN -J+yi1FtS3I9h/FcQVCQaac5QwEBSz74OvJ8XMiFIZAq3bJUHNRj/uGHu1Z81vk6F -Nzdr78Cmuf2OufvOL5TxpLabl/E48TI2vuAgMFqXZW9f1/VWqrucH6JnZg5qBBHv -RUiXRpOklbgNUzmhg/RRZXbi/R2mPoxLAm0lyHCVfaAxqIZu0BOBCZONtR0VJwss -IPENjFAgKO7bMOE7R1QAyGgYNPSMQK5mKOUHBQIDAQABAoIBAClQqUVvWgAWs6fl -3uduJOLPqCTrdo8uHSBNPREBKngvn4i9wt55kh+pjenc9Fl9n9HAbie4Sq0PcGXQ -Bg8b32DF1WEWn0myRR5XdD4lgfa9ruE7f/js3G09OXrGGOdKRUEGEKHoN16T1Wrh -51PUa9fkLzSI5/HwcxEUO2wEG/dzA9Fm3rFCNFkEHoHXJoAPCIYgBzfN62bRmaBh -QTJAGUc7XBPLSzMPrR5jELcVwt8BElHOpBc6Yyc7vrVSiY1kuwJFCACECDTGuKxZ -EPw3gX74gOPjrimHOc7mJF/VlwPQstyKwMIpNXsLMfPg9pjq1CBm2IxbP61S9Xgi -DUe7BIECgYEA/E/l7e1DgTqOM82yw1gRMgWDaF9LeT1YFV8tmuZfqTWoNrjkru3S -MUI5ecqM2DFlSA1csHzO886WzTAFW3ulT3iQLcBo4dGvOpmqCqBnfyWcZPZ0kEpw -54F34EaQlarLHRYOlrMcF0HU5J+/KQ5AeEPCkijGJiVgbdBZvmka6uUCgYEA625O -Q0MAJStCeXYpOJwKq9jL2iPZgIqfGLB4oPJASHwCk/DZmphrUdqsDmivz0sKBx0Z -5rP5YL19r/NOMoNDfYbLT1WMh6J+NNF9i+7KW4e8IEjwvxFQGMzdalrZOSqviy4x -+bCRxbxOJiqLrGPXebDF3bzLFFaOugChaK5MSaECgYEAgFJWW0qHQYs5VWlxWF5K -6IjbS1Lj/LZRPRVaCWTPFCzg72vbiogTlc/bkXCNb0q3+wworu3bBy5zjcm1f9CD -w8ZKdapc7TSKjSAn1h28ZXMIdmTN5bCmeWdkQ2FAGY5ynMliBAz15XIqx1fjjgrc -iQ3VQCaSmEX8I/2KFwg3k20CgYEA6yWngcL/+B/3Kz37+hDRD8dgBKdd7OeH9K7+ -LTMJRdym7oDXt3OZbY5N365sO02l3GkSn70OzbM2QHFxnz5AQLZLhxfZXvfLupGr -JgMBlt5B5rUz0INITxz/4eSPpmueHhOr0sqrLqbgH3rLOwoWA/OuDcUtyUiTEfDj -Rp0gkUECgYABxTR0IcWtpfYbY4vbuj4+TrSK2hyMQgVimsofaJwWO93SsC/JwNoR -XLWByqGuuvDocA8iA8mxfC17mIBBuMU7rYJTR4TakV9iEMq8ieOTtEEDBDXphn3O -pNo3xNCwuVxjDNyGBAhyxsCwZkjoLsjhOQnia7LeFeF3oHmUAtPoxQ== ------END RSA PRIVATE KEY----- diff --git a/infrastructure/haproxy_reload.sh b/infrastructure/haproxy_reload.sh deleted file mode 100755 index 6d30c08..0000000 --- a/infrastructure/haproxy_reload.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash - -#:80/443 -http=0 -#:81 -stats=1 - -DPORT=80 -[ ${HAPROXY_SSL} == "true" ] && DPORT=443 - -haproxy_a_prefix=855 -haproxy_b_prefix=866 - -current_state() { - iptables -w -t nat -L HAPROXY 2>/dev/null| awk '/haproxy/{print $1}' -} - -new_state() { - old_state=$1 - if [[ ${old_state} == "" ]]; then echo "none" - elif [[ ${old_state} == "haproxy_a" ]]; then echo "haproxy_b" - elif [[ ${old_state} == "haproxy_b" ]]; then echo "haproxy_a" - else echo "unknown" - fi -} - -preconfigure() { - iptables -w -t nat -N HAPROXY - iptables -w -t nat -A PREROUTING -j HAPROXY - iptables -w -t nat -A OUTPUT -j HAPROXY - for chain in haproxy_a haproxy_b; do - instance_prefix="${chain}_prefix" - http_port="${!instance_prefix}${http}" - stats_port="${!instance_prefix}${stats}" - iptables -w -t nat -N ${chain} - [ ${LISTEN_IP} != "0.0.0.0" ] && \ - iptables -w -t nat -A ${chain} -p tcp -d ${LISTEN_IP} --dport ${DPORT} -j DNAT --to-destination ${LISTEN_IP}:${http_port} - iptables -w -t nat -A ${chain} -m state --state NEW -p tcp -d ${HOST_IP} --dport ${DPORT} -j REDIRECT --to ${http_port} - iptables -w -t nat -A ${chain} -m state --state NEW -p tcp -d ${HOST_IP} --dport 81 -j REDIRECT --to ${stats_port} - [ -n "${KEEPALIVED_VIP}" ] && { - iptables -w -t nat -A ${chain} -m state --state NEW -p tcp -d ${KEEPALIVED_VIP} --dport ${DPORT} -j REDIRECT --to ${http_port} - iptables -w -t nat -A ${chain} -m state --state NEW -p tcp -d ${KEEPALIVED_VIP} --dport 81 -j REDIRECT --to ${stats_port} - } - done -} - -add() { - chain=$1 - iptables -w -t nat -A HAPROXY -j ${chain} -} - -replace() { - chain=$1 - iptables -w -t nat -R HAPROXY 1 -j ${chain} -} - -configure() { - instance=$1 - instance_prefix="${instance}_prefix" - http_port="${!instance_prefix}${http}" - stats_port="${!instance_prefix}${stats}" - export PORT_STATS=${stats_port} - export PORT_HTTP=${http_port} - eval "$(cat /etc/haproxy/haproxy.cfg| sed 's/^\(.*\)/echo "\1"/')" >| /etc/haproxy/$1.cfg - /usr/sbin/$1 -c -f /etc/haproxy/$1.cfg -} - -# Race condition can happen also here -# but any mutex (flock/mkdir) here slows down and add additional complexity -# it doesn't matter here which one start faster, -# since we retry evey fail start -# -service_restart() { - configure $1 || { echo "[ERROR] - configruation file is broken - leaving state as it is"; exit 0; } - /usr/sbin/$1 -p /tmp/$1.pid -f /etc/haproxy/$1.cfg -sf $(pidof $1) -} - -remove() { - while iptables -w -t nat -D PREROUTING -j HAPROXY > /dev/null 2>&1; do echo "remove PREROUTING HAPROXY"; done - while iptables -w -t nat -D OUTPUT -j HAPROXY > /dev/null 2>&1; do echo "remove OUTPUT HAPROXY"; done - for chain in HAPROXY haproxy_a haproxy_b; do - while iptables -w -t nat -D ${chain} 1 >/dev/null 2>&1; do echo "remove ${chain}"; done - while iptables -w -t nat -X ${chain} >/dev/null 2>&1; do echo "remove ${chain}"; done - done - rm -f /var/run/haproxy_a.lock /var/run/haproxy_b.lock > /dev/null 2>&1 - return 0 -} - -init() { - echo "Initially routing to haproxy_a" - remove - preconfigure - service_restart haproxy_a - add haproxy_a -} - -main() { - [[ $1 == "cleanup" ]] && { remove; exit 0; } - - current_state=$(current_state) - echo "Current state: ${current_state}" - state=$(new_state $current_state) - - if [[ ${state} == "none" ]]; then - init - elif [[ ${state} =~ "haproxy_" ]]; then - echo "Switching routing to ${state}" - while ! service_restart ${state}; do - echo "trying again" - done && \ - { replace ${state} || init ; } - else - echo "[ERROR] unknown ipfilters state! doing cleanup and init" - init - fi -} -main $1 diff --git a/infrastructure/keepalived.conf.ctmpl b/infrastructure/keepalived.conf.ctmpl deleted file mode 100644 index 3c3f407..0000000 --- a/infrastructure/keepalived.conf.ctmpl +++ /dev/null @@ -1,31 +0,0 @@ -{{with $node_ptr := node}}{{$node := $node_ptr.Node}} -global_defs { - router_id {{$node.Node}} # A descriptive name describing the router -} - -# Script to check if HAProxy is running. If this check fails, -# keepalived will change the ownership of the virtual IP -# to another server -vrrp_script chk_haproxy { - script "pidof haproxy_a haproxy_b" # verify that either haproxy_a or haproxy_b is running - interval 1 # check every second - weight 2 # add 2 points to prio if OK -} - -vrrp_instance VI { - interface eth0 # interface to monitor - state MASTER # will be changed to BACKUP automatically in case of leader re-voting - virtual_router_id 111 # Assign one ID for this route - priority 100 # start priority, will be adjusted based on the health checks - virtual_ipaddress { - {{env "KEEPALIVED_VIP"}} # the virtual IP - } - unicast_peer { # IP addresses of all other peer nodes - {{range service "consul"}}{{$s := .}}{{if ne $s.Address $node.Address}}{{$s.Address}} - {{end}}{{end}} - } - track_script { - chk_haproxy - } -} -{{end}} diff --git a/infrastructure/keepalived_reload.sh b/infrastructure/keepalived_reload.sh deleted file mode 100755 index c1024d0..0000000 --- a/infrastructure/keepalived_reload.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -echo "#### new keepalived config ####" -cat /etc/keepalived/keepalived.conf -service keepalived restart || true diff --git a/infrastructure/marathon.default b/infrastructure/marathon.default deleted file mode 100644 index fe74493..0000000 --- a/infrastructure/marathon.default +++ /dev/null @@ -1,3 +0,0 @@ -JAVA_OPTS=${MARATHON_JAVA_OPTS:-"-Xmx512m"} -unset MARATHON_JAVA_OPTS -unset MARATHON_LDAP_VERSION diff --git a/infrastructure/paas.sh b/infrastructure/paas.sh index de84717..a023f3b 100755 --- a/infrastructure/paas.sh +++ b/infrastructure/paas.sh @@ -1,11 +1,15 @@ +su_docker() { + which sudo >/dev/null && sudo docker "$@" || docker "$@" +} + paas-connect () { if [ -z "$1" ]; then echo "For connecting to service provide service_name/regex/substring as first parameter."; - paas_image=$(sudo docker ps | awk '/panteras/{print $NF}') + paas_image=$(su_docker ps | awk '/panteras/{print $NF}') [ $paas_image ] && { echo "Connecting to PaaS image instead..." - sudo docker exec -ti $paas_image bash + su_docker exec -ti $paas_image bash } else for i in $(paas-list | awk 'NR>1 {print $1":"$2}'); @@ -14,7 +18,7 @@ paas-connect () id=${i%%:*} if [[ $name =~ $1 ]]; then echo "Connecting to ${id}..."; - sudo docker exec -ti $id bash; + su_docker exec -ti $id bash; fi; done; fi @@ -22,7 +26,7 @@ paas-connect () paas-list () { - all_containers="$(sudo docker inspect $(sudo docker ps -q))"; + all_containers="$(su_docker inspect $(su_docker ps -q))"; count=$(echo "$all_containers"|jshon -l); count=$(($count-1)); max_len_app_id=$(echo "$all_containers"|jshon -a -e Config -e Env -a -u | awk -F\= '/MARATHON_APP_ID/{print $2}'| wc -L) diff --git a/infrastructure/panteras.http b/infrastructure/panteras.http index 0faf341..78344be 100644 --- a/infrastructure/panteras.http +++ b/infrastructure/panteras.http @@ -1,11 +1,9 @@ -HTTP/1.0 200 OK -Cache-Control: no-cache -Connection: close -Content-Type: text/html - + + + PaaS @@ -67,6 +65,9 @@ Content-Type: text/html + @@ -86,80 +87,91 @@ Content-Type: text/html -
-
-

Slave Services

-
-
-
-
- diff --git a/infrastructure/supervisord.conf b/infrastructure/supervisord.conf index 8a68705..ec9b3c2 100644 --- a/infrastructure/supervisord.conf +++ b/infrastructure/supervisord.conf @@ -40,16 +40,6 @@ user=root stdout_events_enabled = true stderr_events_enabled = true -[program:consul-template_haproxy] -priority=16 -directory=/opt/consul-template -command=consul-template.sh -autorestart=true -autostart=%(ENV_START_CONSUL_TEMPLATE)s -user=root -stdout_events_enabled = true -stderr_events_enabled = true - [program:fabio] priority=16 directory=/opt/fabio diff --git a/infrastructure/supervisord.sh b/infrastructure/supervisord.sh index d877e09..4d72fd2 100755 --- a/infrastructure/supervisord.sh +++ b/infrastructure/supervisord.sh @@ -1,6 +1,14 @@ #!/bin/bash -[ -z ${HOST_IP} ] || exec supervisord -c /etc/supervisord.conf +feed(){ + sleep 20 + consul kv put panteras/http @/etc/fabio/errors/panteras.http +} + +[ -z ${HOST_IP} ] || { + feed & + exec supervisord -c /etc/supervisord.conf +} . /etc/profile.d/logo.sh cat << EOF diff --git a/infrastructure/version b/infrastructure/version index 940ac09..1d0ba9e 100644 --- a/infrastructure/version +++ b/infrastructure/version @@ -1 +1 @@ -0.3.9 +0.4.0 diff --git a/provision.sh b/provision.sh index a2828bc..7eb8b25 100755 --- a/provision.sh +++ b/provision.sh @@ -120,8 +120,8 @@ case "$MODE" in ! hasDockerCompose && { sudo apt-get install -y python-pip # Fix for pip - Ubuntu provide incompatible version - sudo pip install pip --upgrade - sudo pip install docker-compose --upgrade + sudo pip install -I pip==9.0.1 + sudo pip install docker-compose #--upgrade } # verify: ! hasDocker && echo "error: docker not detected." >&2 && exit 1