Skip to content

Commit 30f1651

Browse files
Gabriel MonroyMatthew Fisher
Gabriel Monroy
authored and
Matthew Fisher
committed
feat(docker): deis meta project
1 parent e1ccc29 commit 30f1651

6 files changed

Lines changed: 268 additions & 2 deletions

File tree

Makefile

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@ test_client:
22
python -m unittest discover client.tests
33

44
build:
5-
for image in builder cache controller database discovery logger registry; do \
6-
make -C $$image build; \
5+
for image in builder cache controller database discovery logger registry deis; do \
6+
pushd $$image; \
7+
docker build -t deis/$$image .; \
8+
popd; \
79
done

deis/Dockerfile

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
FROM deis/base:latest
2+
MAINTAINER Gabriel Monroy <gabriel@opdemand.com>
3+
4+
ENV DEBIAN_FRONTEND noninteractive
5+
6+
# install docker in docker deps
7+
RUN apt-get install -yq aufs-tools iptables ca-certificates
8+
RUN echo "deb http://get.docker.io/ubuntu docker main" > /etc/apt/sources.list.d/docker.list
9+
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
10+
RUN apt-get update -q
11+
RUN apt-get install -yq lxc-docker-0.9.0
12+
13+
# add scripts to /app/bin
14+
RUN mkdir -p /app
15+
ADD bin /app/bin
16+
RUN chown -R root:root /app
17+
18+
# define the execution environment
19+
ENTRYPOINT ["/app/bin/entry"]
20+
CMD ["/app/bin/boot"]

deis/Makefile

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
#
2+
# Deis Makefile
3+
#
4+
DEIS_IMAGE=deis/deis:latest
5+
DEIS_NAME=deis
6+
DISCOVERY_PORT=4001
7+
DISCOVERY_PEER_PORT=7001
8+
DISCOVERY_IMAGE=deis/discovery:latest
9+
DISCOVERY_NAME=deis-discovery
10+
LOGGER_PORT=514
11+
LOGGER_IMAGE=deis/logger:latest
12+
LOGGER_NAME=deis-logger
13+
DATABASE_PORT=5432
14+
DATABASE_IMAGE=deis/database:latest
15+
DATABASE_NAME=deis-database
16+
CACHE_PORT=6379
17+
CACHE_IMAGE=deis/cache:latest
18+
CACHE_NAME=deis-cache
19+
CONTROLLER_PORT=8000
20+
CONTROLLER_IMAGE=deis/controller:latest
21+
CONTROLLER_NAME=deis-controller
22+
# uses docker0 bridge for inter-container communication
23+
# this assumes the address is static
24+
ETCD=172.17.42.1:4001
25+
26+
all: build run
27+
28+
build:
29+
docker build -t deis/deis:latest .
30+
31+
run:
32+
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock deis/deis
33+
34+
stop:
35+
-docker stop $(DISCOVERY_NAME)
36+
-docker stop $(LOGGER_NAME)
37+
-docker stop $(DATABASE_NAME)
38+
-docker stop $(CACHE_NAME)
39+
-docker stop $(CONTROLLER_NAME)
40+
41+
start:
42+
docker start $(DISCOVERY_NAME)
43+
docker start $(LOGGER_NAME)
44+
docker start $(DATABASE_NAME)
45+
docker start $(CACHE_NAME)
46+
docker start $(CONTROLLER_NAME)
47+
48+
restart:
49+
docker restart $(DISCOVERY_NAME)
50+
docker restart $(LOGGER_NAME)
51+
docker restart $(DATABASE_NAME)
52+
docker restart $(CACHE_NAME)
53+
docker restart $(CONTROLLER_NAME)
54+
55+
clean: stop
56+
-docker rm $(DISCOVERY_NAME)
57+
-docker rm $(LOGGER_NAME)
58+
-docker rm $(DATABASE_NAME)
59+
-docker rm $(CACHE_NAME)
60+
-docker rm $(CONTROLLER_NAME)
61+
62+
full-clean: clean
63+
docker rmi $(DISCOVERY_IMAGE)
64+
docker rmi $(LOGGER_IMAGE)
65+
docker rmi $(DATABASE_IMAGE)
66+
docker rmi $(CACHE_IMAGE)
67+
docker rmi $(CONTROLLER_IMAGE)
68+
docker rmi $(DEIS_IMAGE)

deis/Vagrantfile

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
Vagrant.configure("2") do |config|
2+
config.vm.box = "deis-controller"
3+
4+
# Ubuntu 12.04.3 LTS base with 3.8 kernel (ready for Docker)
5+
config.vm.box_url = "https://s3-us-west-2.amazonaws.com/opdemand/ubuntu-12.04.3-amd64-vbox.box"
6+
7+
# Avahi-daemon will broadcast the server's address as deis-controller.local
8+
config.vm.host_name = "deis-controller"
9+
10+
# IP will be associated to 'deis-controller.local' using avahi-daemon
11+
config.vm.network :private_network, ip: "192.168.61.100"
12+
13+
# The Deis Controller requires at least 2G of RAM to install.
14+
config.vm.provider :virtualbox do |vb|
15+
vb.customize ["modifyvm", :id, "--memory", "2048"]
16+
end
17+
18+
config.vm.provision :shell, inline: <<-SCRIPT
19+
# Avahi-daemon broadcasts the machine's hostname to local DNS.
20+
# Therefore 'deis-controller.local' in this case.
21+
sudo apt-get install -yq avahi-daemon
22+
# install docker
23+
apt-get install -yq aufs-tools iptables ca-certificates
24+
echo "deb http://get.docker.io/ubuntu docker main" > /etc/apt/sources.list.d/docker.list
25+
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
26+
apt-get update -q
27+
apt-get install -yq lxc lxc-docker-0.9.0
28+
# bind to private interface
29+
sed -i -e 's/#DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4"/DOCKER_OPTS="-e lxc -H unix:\\/\\/var\\/run\\/docker.sock -H tcp:\\/\\/192.168.61.100:4243"/' /etc/default/docker
30+
restart docker
31+
echo
32+
echo To connect to the Docker Host:
33+
echo
34+
echo export DOCKER_HOST=tcp://192.168.61.100:4243
35+
SCRIPT
36+
37+
end
38+
39+
# If you want to do some funky custom stuff to your box, but don't want those things tracked by git,
40+
# add a Vagrantfile.local and it will be included. You can use the exact same syntax as above. For
41+
# example if you're low on RAM you can boot the VM with less RAM. Note that 2GB is recommended
42+
# for installation, but you may be able to get away with 1GB once everything is installed.
43+
load "Vagrantfile.local" if File.exists? "Vagrantfile.local"

deis/bin/boot

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
#!/bin/bash
2+
set -exo pipefail
3+
4+
# container settings
5+
DISCOVERY_PORT=4001
6+
DISCOVERY_PEER_PORT=7001
7+
DISCOVERY_IMAGE=deis/discovery:latest
8+
DISCOVERY_NAME=deis-discovery
9+
REGISTRY_PORT=5000
10+
REGISTRY_IMAGE=deis/registry:latest
11+
REGISTRY_NAME=deis-registry
12+
LOGGER_PORT=514
13+
LOGGER_IMAGE=deis/logger:latest
14+
LOGGER_NAME=deis-logger
15+
DATABASE_PORT=5432
16+
DATABASE_IMAGE=deis/database:latest
17+
DATABASE_NAME=deis-database
18+
CACHE_PORT=6379
19+
CACHE_IMAGE=deis/cache:latest
20+
CACHE_NAME=deis-cache
21+
CONTROLLER_PORT=8000
22+
CONTROLLER_IMAGE=deis/controller:latest
23+
CONTROLLER_NAME=deis-controller
24+
BUILDER_PORT=2222
25+
BUILDER_IMAGE=deis/builder:latest
26+
BUILDER_NAME=deis-builder
27+
28+
# service discovery config
29+
PUBLIC_IP=172.17.42.1 # assuming this stays constant
30+
ETCD=$PUBLIC_IP:4001
31+
32+
# pull images unless already cached
33+
docker history $DISCOVERY_IMAGE >/dev/null 2>&1 || docker pull $DISCOVERY_IMAGE
34+
docker history $REGISTRY_IMAGE >/dev/null 2>&1 || docker pull $REGISTRY_IMAGE
35+
docker history $LOGGER_IMAGE >/dev/null 2>&1 || docker pull $LOGGER_IMAGE
36+
docker history $DATABASE_IMAGE >/dev/null 2>&1 || docker pull $DATABASE_IMAGE
37+
docker history $CACHE_IMAGE >/dev/null 2>&1 || docker pull $CACHE_IMAGE
38+
docker history $CONTROLLER_IMAGE >/dev/null 2>&1 || docker pull $CONTROLLER_IMAGE
39+
docker history $BUILDER_IMAGE >/dev/null 2>&1 || docker pull $BUILDER_IMAGE
40+
41+
# run containers if not running already
42+
docker inspect $DISCOVERY_NAME >/dev/null 2>&1 || docker run -d --name=$DISCOVERY_NAME -p $DISCOVERY_PORT:$DISCOVERY_PORT -p $DISCOVERY_PEER_PORT:$DISCOVERY_PEER_PORT -e PUBLIC_IP=$PUBLIC_IP $DISCOVERY_IMAGE
43+
docker inspect $REGISTRY_NAME >/dev/null 2>&1 || docker run -d --name=$REGISTRY_NAME -p $REGISTRY_PORT:$REGISTRY_PORT -e ETCD=$ETCD -e HOST=$PUBLIC_IP $REGISTRY_IMAGE
44+
docker inspect $LOGGER_NAME >/dev/null 2>&1 || docker run -d --name=$LOGGER_NAME -p $LOGGER_PORT:$LOGGER_PORT -e ETCD=$ETCD -e HOST=$PUBLIC_IP $LOGGER_IMAGE
45+
docker inspect $DATABASE_NAME >/dev/null 2>&1 || docker run -d --name=$DATABASE_NAME -p $DATABASE_PORT:$DATABASE_PORT -e ETCD=$ETCD -e HOST=$PUBLIC_IP $DATABASE_IMAGE
46+
docker inspect $CACHE_NAME >/dev/null 2>&1 || docker run -d --name=$CACHE_NAME -p $CACHE_PORT:$CACHE_PORT -e ETCD=$ETCD -e HOST=$PUBLIC_IP $CACHE_IMAGE
47+
docker inspect $CONTROLLER_NAME >/dev/null 2>&1 || docker run -d --name=$CONTROLLER_NAME -p $CONTROLLER_PORT:$CONTROLLER_PORT -e ETCD=$ETCD -e HOST=$PUBLIC_IP $CONTROLLER_IMAGE
48+
docker inspect $BUILDER_NAME >/dev/null 2>&1 || docker run -d --name=$BUILDER_NAME -p $BUILDER_PORT:22 -e ETCD=$ETCD -e HOST=$PUBLIC_IP --privileged $BUILDER_IMAGE

deis/bin/entry

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
#!/bin/bash
2+
set -eo pipefail
3+
4+
# START jpetazzo/dind wrapper
5+
6+
# First, make sure that cgroups are mounted correctly.
7+
CGROUP=/sys/fs/cgroup
8+
9+
[ -d $CGROUP ] ||
10+
mkdir $CGROUP
11+
12+
mountpoint -q $CGROUP ||
13+
mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || {
14+
echo "Could not make a tmpfs mount. Did you use -privileged?"
15+
exit 1
16+
}
17+
18+
if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security
19+
then
20+
mount -t securityfs none /sys/kernel/security || {
21+
echo "Could not mount /sys/kernel/security."
22+
echo "AppArmor detection and -privileged mode might break."
23+
}
24+
fi
25+
26+
# Mount the cgroup hierarchies exactly as they are in the parent system.
27+
for SUBSYS in $(cut -d: -f2 /proc/1/cgroup)
28+
do
29+
[ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS
30+
mountpoint -q $CGROUP/$SUBSYS ||
31+
mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS
32+
33+
# The two following sections address a bug which manifests itself
34+
# by a cryptic "lxc-start: no ns_cgroup option specified" when
35+
# trying to start containers withina container.
36+
# The bug seems to appear when the cgroup hierarchies are not
37+
# mounted on the exact same directories in the host, and in the
38+
# container.
39+
40+
# Named, control-less cgroups are mounted with "-o name=foo"
41+
# (and appear as such under /proc/<pid>/cgroup) but are usually
42+
# mounted on a directory named "foo" (without the "name=" prefix).
43+
# Systemd and OpenRC (and possibly others) both create such a
44+
# cgroup. To avoid the aforementioned bug, we symlink "foo" to
45+
# "name=foo". This shouldn't have any adverse effect.
46+
echo $SUBSYS | grep -q ^name= && {
47+
NAME=$(echo $SUBSYS | sed s/^name=//)
48+
ln -s $SUBSYS $CGROUP/$NAME
49+
}
50+
51+
# Likewise, on at least one system, it has been reported that
52+
# systemd would mount the CPU and CPU accounting controllers
53+
# (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu"
54+
# but on a directory called "cpu,cpuacct" (note the inversion
55+
# in the order of the groups). This tries to work around it.
56+
[ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct
57+
done
58+
59+
# Note: as I write those lines, the LXC userland tools cannot setup
60+
# a "sub-container" properly if the "devices" cgroup is not in its
61+
# own hierarchy. Let's detect this and issue a warning.
62+
grep -q :devices: /proc/1/cgroup ||
63+
echo "WARNING: the 'devices' cgroup should be in its own hierarchy."
64+
grep -qw devices /proc/1/cgroup ||
65+
echo "WARNING: it looks like the 'devices' cgroup is not mounted."
66+
67+
# Now, close extraneous file descriptors.
68+
pushd /proc/self/fd >/dev/null
69+
for FD in *
70+
do
71+
case "$FD" in
72+
# Keep stdin/stdout/stderr
73+
[012])
74+
;;
75+
# Nuke everything else
76+
*)
77+
eval exec "$FD>&-"
78+
;;
79+
esac
80+
done
81+
popd >/dev/null
82+
83+
# END jpetazzo/dind wrapper
84+
85+
exec $@

0 commit comments

Comments
 (0)