From: W. Trevor King Date: Fri, 21 Feb 2014 18:48:05 +0000 (-0800) Subject: package-cache: Add an image with my package-cache proxy X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=bb69e7cfe0a8a3056e5000fa4c8138b9f7585c7d;p=dockerfile.git package-cache: Add an image with my package-cache proxy Along with iptables instructions for transparently proxying Gentoo mirrors using this image. --- diff --git a/README.md b/README.md index 0a4ad89..58a63c5 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ The dependency graph is: |-- buildbot (adds a Buildbot master and slave) |-- docker-registry (adds a Docker registry server) |-- gentoo-layman (adds layman for Gentoo overlays) + | `-- package-cache (adds a package-cache proxy) |-- memcached (adds Memcached) |-- nginx (adds Nginx) | |-- nginx-proxy (SSL/TLS proxying via SNI) diff --git a/build.sh b/build.sh index e738770..db19221 100755 --- a/build.sh +++ b/build.sh @@ -55,6 +55,7 @@ REPOS="${REPOS:- memcached nginx nginx-proxy + package-cache postgresql redis stunnel diff --git a/package-cache/Dockerfile.template b/package-cache/Dockerfile.template new file mode 100644 index 0000000..932f866 --- /dev/null +++ b/package-cache/Dockerfile.template @@ -0,0 +1,44 @@ +# Copyright (C) 2014 W. Trevor King +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +FROM ${NAMESPACE}/gentoo-layman:${TAG} +MAINTAINER ${MAINTAINER} +#VOLUME ["${PORTAGE}:/usr/portage:ro", "${PORTAGE}/distfiles:/usr/portage/distfiles:rw"] +RUN layman --add wtk +RUN echo '=net-proxy/package-cache-9999 ~amd64' >> /etc/portage/package.accept_keywords +RUN emerge -v net-proxy/package-cache +RUN eselect news read new +RUN rc-update add package-cache default +RUN echo 'PORT="80"' > /etc/conf.d/package-cache +RUN echo 'PC_OPTS="-vvv"' >> /etc/conf.d/package-cache + +# Linux doesn't support user and group namespacing yet +Run echo 'PC_USER="root"' >> /etc/conf.d/package-cache +Run echo 'PC_GROUP="root"' >> /etc/conf.d/package-cache + +# Container networking happens automatically +RUN sed -i 's/need net$/use net/' /etc/init.d/* + +CMD rc default && tail -F /var/log/messages +EXPOSE 80 diff --git a/package-cache/README.md b/package-cache/README.md new file mode 100644 index 0000000..fb086a8 --- /dev/null +++ b/package-cache/README.md @@ -0,0 +1,38 @@ +Run this [package-cache][] image with: + + $ docker run -d -name package-cache-0 -v /var/cache/package-cache-0:/usr/portage -p 4000:80 wking/package-cache + +[volume-mounting][volume-mount] your content under the container's +`/usr/portage`. Then setup you host firewall to intercept outgoing +connections to [distfiles.gentoo.org][] and redirect them to the +package cacher. Use [jq][] to extract the package-cache IP address: + + # CACHE_IP=$(docker inspect package-cache-0 | + > jq -r '.[0].NetworkSettings.IPAddress') + +And add a destination address translation rule, using [dig][] to list +IP addresses for the source: + + # for SOURCE_IP in $(dig +short distfiles.gentoo.org); + > do + > iptables --table nat --append PREROUTING --protocol tcp \ + > --in-interface docker0 ! --source "${CACHE_IP}" \ + > --destination "${SOURCE_IP}" \ + > --match tcp --destination-port 80 \ + > --jump DNAT --to-destination "${CACHE_IP}:80" ; + > done + +To remove those entries later, repeat the command with `--delete` +instead of `--append`. You may need to list the `SOURCE_IP` values +explicitly if the DNS entries have changed. Run: + + # iptables --table nat --list PREROUTING --numeric + +to list the entries. See `iptables(8)` and `iptables-extensions(8)` +for more details. + +[package-cache]: http://blog.tremily.us/posts/package-cache/ +[volume-mount]: http://docs.docker.io/en/latest/use/working_with_volumes/ +[distfiles.gentoo.org]: http://distfiles.gentoo.org/ +[jq]: http://stedolan.github.io/jq/ +[dig]: ftp://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/man.dig.html