summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
W. Trevor King [Mon, 27 Jan 2014 05:55:21 +0000 (21:55 -0800)]
build.sh: Use DOCKER to allow local command overrides
On Debian, the binary is installed as docker.io [1] to avoid confusion
with the existing window manager docker package [2].
While you can override DOCKER, it would be nice if we just worked out
of the box for everyone. Use 'command -v' [3] and the temporary
DOCKER_IO to setup the following chain:
1. If DOCKER is already set (e.g., by the user) use it.
2. Fall back to docker.io, if we find it in the PATH.
3. Fall back to docker.
The logic is that if docker.io exists, it's almost certainly what we
want. If docker exists in the path, it's more ambiguous.
[1]: http://packages.debian.org/unstable/docker.io
[2]: http://packages.debian.org/unstable/docker
[3]: http://pubs.opengroup.org/onlinepubs/
9699919799/utilities/command.html
W. Trevor King [Mon, 27 Jan 2014 05:34:13 +0000 (21:34 -0800)]
build.sh: Use generic distfiles.gentoo.org for MIRROR
Instead of hardcoding mcs.anl.gov. If you want to use a specific
mirror, you should override the MIRROR environment variable yourself.
W. Trevor King [Fri, 10 Jan 2014 03:42:38 +0000 (19:42 -0800)]
nginx-proxy/vhost-template.conf: Set X-Forwarded-Host
Since v1.5, Django cares about the requested Host (or
X-Forwarded-Host) [1], so we need to pass that information through.
With this Nginx config, you can set USE_X_FORWARDED_HOST [2] and parse
the appropriate hostname instead of your Docker container's IP.
[1]: https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
[2]: https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-USE_X_FORWARDED_HOST
W. Trevor King [Fri, 10 Jan 2014 03:41:12 +0000 (19:41 -0800)]
nginx-proxy/vhost-template.conf: Use $proxy_add_x_forwarded_for
Instead of $remote_addr. This gives a chain of remote addresses if we
have multiple layers of proxies [1]:
$proxy_add_x_forwarded_for
Contains client request-header "X-Forwarded-For" with separated by
comma $remote_addr. If there is no X-Forwarded-For request-header,
than $proxy_add_x_forwarded_for is equal to $remote_addr.
[1]: http://wiki.nginx.org/HttpProxyModule#.24proxy_add_x_forwarded_for
W. Trevor King [Fri, 3 Jan 2014 19:39:58 +0000 (11:39 -0800)]
postgresql/Dockerfile.template: Log to syslog
Also use sed to place the listen_addresses config near its associated
comments in the config file.
W. Trevor King [Fri, 3 Jan 2014 03:39:54 +0000 (19:39 -0800)]
nginx-proxy: Add an Nginx proxy image
I've got a bunch of HTTP server images, but I need a single proxy
container that supports SNI to expose them to the world. This
container can link to a colleciton of HTTP-serving containers and
proxy them under arbitrary hostnames using user-supplied, per-host
certificates and keys.
env and sed are both in POSIX 2013 [1,2], and the:
eval A=\$$B
variable indirection is because POSIX [3] doesn't support Bash's
indirect expansion "A=${!B}". The 'tcp' -> 'http' replacement maps
Docker's tcp:://${IP}:${PORT} addresses to http://${IP}:${PORT} for
use in the Nginx config.
envsubst is in gettext [4] and not in POSIX [5], so it may be slightly
less portable. However, envsubst and gettext are in Gentoo's x86 and
amd64 stage1s, our Gentoo-based images will have it.
[1]: http://pubs.opengroup.org/onlinepubs/
9699919799/utilities/env.html
[2]: http://pubs.opengroup.org/onlinepubs/
9699919799/utilities/sed.html
[3]: http://pubs.opengroup.org/onlinepubs/
9699919799/utilities/V3_chap02.html#tag_18_06_02
[4]: http://www.gnu.org/software/gettext/
[5]: http://pubs.opengroup.org/onlinepubs/
9699919799/idx/utilities.html
W. Trevor King [Thu, 2 Jan 2014 18:11:41 +0000 (10:11 -0800)]
nginx/Dockerfile.template: Change default hostname to _
From the docs [1]:
In catch-all server examples the strange name “_” can be seen:
server {
listen 80 default_server;
server_name _;
return 444;
}
There is nothing special about this name, it is just one of a myriad
of invalid domain names which never intersect with any real name.
Still, an invalid domain name makes more sense than 'localhost' for a
public server.
[1]: http://nginx.org/en/docs/http/server_names.html#miscellaneous_names
W. Trevor King [Thu, 2 Jan 2014 06:23:41 +0000 (22:23 -0800)]
postgresql: Declare /var/lib/postgresql a VOLUME
Avoid the hassle of maintaining a host-mounted volume by letting
Docker handle the volume maintenance ;). We need to declare the
VOLUME *after* filling it with content (with 'emerge --config'),
otherwise ownership and permissions on the empty volume are lost
[1,2,3], and future RUN commands die due to:
initdb: could not access directory "/var/lib/postgresql/9.3/data": Permission denied
[1]: https://github.com/dotcloud/docker/issues/2360
[2]: https://github.com/dotcloud/docker/issues/2969
[3]: https://github.com/dotcloud/docker/issues/2975
[4]: https://github.com/dotcloud/docker/pull/3008
W. Trevor King [Tue, 31 Dec 2013 05:38:26 +0000 (21:38 -0800)]
portage/README.md: You can mount volumes from stopped containers
As Sven Dowideit describes in a pending doc update [1].
[1]: https://github.com/dotcloud/docker/pull/3389
W. Trevor King [Mon, 30 Dec 2013 21:23:58 +0000 (13:23 -0800)]
redis/Dockerfile.template: Direct logs to syslog
Since I'm tailing /var/log/messages in CMD. This also makes it easier
if you want to redirect the logs to a central syslog server.
W. Trevor King [Sat, 28 Dec 2013 23:05:59 +0000 (15:05 -0800)]
build.sh: Bump DATE to
20131226 to match the new weekly build
W. Trevor King [Sat, 28 Dec 2013 22:49:15 +0000 (14:49 -0800)]
Use envsubst instead of sed to parse Dockerfile.template
Convert everything in one pass, instead of taking a separate pass for
each variable. Thanks to aluedeke for mentioning envsubst on #docker;
I hadn't heard of it before. It's distributed as part of gettext [1],
and not in POSIX [2], so it may be slightly less portable. However,
envsubst and gettext are in Gentoo's x86 and amd64 stage1s, so it
can't be *that* uncommon ;).
[1]: http://www.gnu.org/software/gettext/
[2]: http://pubs.opengroup.org/onlinepubs/
9699919799/idx/utilities.html
W. Trevor King [Sat, 28 Dec 2013 21:24:24 +0000 (13:24 -0800)]
memcached: Add a Memcached image
The 10MB of overhead memory were estimated from this output in a
running memcached container:
# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 20300 2124 ? S 20:57 0:00 /bin/bash
memcach+ 184 0.0 0.0 323124 1112 ? Ssl 20:58 0:00 /usr/bin/memcached -d -p 11211 -U 11211 -m 128 -c 1024 -u
root 224 0.0 0.0 25064 440 ? S 20:58 0:00 supervising syslog-ng
root 225 0.3 0.0 124708 3620 ? Ssl 20:58 0:00 /usr/sbin/syslog-ng --persist-file /var/lib/syslog-ng/sysl
root 263 0.0 0.0 18632 804 ? Ss 20:58 0:00 /usr/sbin/cron
root 300 0.0 0.0 15440 1148 ? R+ 20:58 0:00 ps aux
Less Bash and ps, that's 1112 + 3620 + 804 = 5.5MB of resident memory,
so 10MB seemed like a safe buffer.
W. Trevor King [Sat, 28 Dec 2013 17:14:49 +0000 (09:14 -0800)]
kibana: Add a Kibana image
Dump a Kibana tarball into Nginx's htdocs, and use an
ELASTICSEARCH_URL environment variable to adjust config.js at spin-up.
List Kibana after Nginx in build.sh's REPOS to ensure the Nginx image
is built first.
W. Trevor King [Sat, 28 Dec 2013 05:10:17 +0000 (21:10 -0800)]
nginx: Add an Nginx image
W. Trevor King [Sat, 28 Dec 2013 00:42:27 +0000 (16:42 -0800)]
stunnel: Add a stunnel-wrapper image
Make it easy to wrap arbitrary ports with stunnel.
The explicit pid configuration avoids errors like:
... stunnel: ... Cannot create pid file /var/lib/run/stunnel/stunnel.pid
... stunnel: ... create: No such file or directory (2)
which is probably just a wart in Gentoo's stunnel packaging.
W. Trevor King [Fri, 27 Dec 2013 21:43:21 +0000 (13:43 -0800)]
postgresql/README.md: Mention volume-mounts and setup
Without a host-mounted volume for /var/lib/postgresql I filled up the
10GB dm block allocated by Docker v0.7.2.
W. Trevor King [Fri, 27 Dec 2013 16:56:55 +0000 (08:56 -0800)]
redis/Dockerfile.template: Bind to all interfaces
It's not much good to have a Redis container that's only listening to
localhost ;).
W. Trevor King [Fri, 27 Dec 2013 00:53:02 +0000 (16:53 -0800)]
build.sh: Allow readlink for path-canonicalization
Debian doesn't have realpath installed by default [1], so fall back to
the more widely available readlink [2].
[1]: http://packages.debian.org/unstable/utils/realpath
[2]: http://www.gnu.org/software/coreutils/manual/html_node/readlink-invocation.html
W. Trevor King [Fri, 13 Dec 2013 23:31:27 +0000 (15:31 -0800)]
portage: Add a Portage-volume-exporting image
This builds the Portage snapshot into a stand-alone volume, which can
be mounted using -volumes-from. There's currently no
Dockerfile-supported way to mount this for builds, so gentoo-portage
still goes the emerge-webrsync route.
We need something to fill the role of /bin/sh in the Portage-snapshot
container, so I'm using the /bin/busybox from the 'gentoo' image. As
of 2013-12-12, it's:
sys-apps/busybox-1.21.0
USE="ipv6 pam static -livecd -make-symlinks -math -mdev -savedconfig
(-selinux) -sep-usr -syslog -systemd"
W. Trevor King [Fri, 13 Dec 2013 19:41:01 +0000 (11:41 -0800)]
build.sh: Bump DATE to
20131212 to match the new weekly build
W. Trevor King [Fri, 13 Dec 2013 04:30:44 +0000 (20:30 -0800)]
elasticsearch: Add Elasticsearch container instructions
W. Trevor King [Fri, 13 Dec 2013 03:53:16 +0000 (19:53 -0800)]
gentoo-java/Dockerfile.template: Add Gentoo+Java container instructions
I tried to bootstrap icedtea using icedtea-bin, but ran into a blocker
between app-admin/eselect-java-0.1.0 and
dev-java/java-config2.1.12-r1. Figuring out a resolution is not worth
my time ;).
W. Trevor King [Fri, 13 Dec 2013 00:08:48 +0000 (16:08 -0800)]
postgresql: Add PostgreSQL container instructions (Dockerfile and README)
The $(echo /etc/postgresql*/postgresql.conf) crazyness in the
Dockerfile is because Docker chokes on:
RUN echo host all all 0.0.0.0/0 trust >> /etc/postgresql*/pg_hba.conf
raising:
/bin/sh: /etc/postgresql*/pg_hba.conf: No such file or directory
I'm not sure why it's not expanding the glob. Perhaps Docker is
quoting redirection targets? In any case, the $(echo ...) form works,
so that's what I'm going with for now.
W. Trevor King [Thu, 12 Dec 2013 21:42:35 +0000 (13:42 -0800)]
redis: Add Redis container instructions (Dockerfile and README)
W. Trevor King [Thu, 12 Dec 2013 17:07:00 +0000 (09:07 -0800)]
Run update-copyright.py
W. Trevor King [Thu, 12 Dec 2013 16:53:29 +0000 (08:53 -0800)]
Add '# Copyright' tags for update-copyright
W. Trevor King [Thu, 12 Dec 2013 16:52:50 +0000 (08:52 -0800)]
.update-copyright.conf: add copyright configuration.
Use my external update-copyright package to maintain copyright blurbs.
http://pypi.python.org/pypi/update-copyright/
W. Trevor King [Thu, 12 Dec 2013 15:32:03 +0000 (07:32 -0800)]
gentoo-portage/Dockerfile.template: Set rc_sys="lxc"
Avoid:
$ docker run -p 8010:8010 wking/buildbot
...
* Caching service dependencies ... [ ok ]
* You are attempting to run an openrc service on a
* system which openrc did not boot.
* You may be inside a chroot or you may have used
* another initialization system to boot this system.
* In this situation, you will get unpredictable results!
* If you really want to do this, issue the following command:
* touch /run/openrc/softlevel
* ERROR: syslog-ng failed to start
...
W. Trevor King [Wed, 11 Dec 2013 22:18:45 +0000 (14:18 -0800)]
build.sh: Remove `function` from `die()` definition
`function` is a Bash-ism. POSIX suggests [1]:
fname() compound-command[io-redirect ...]
[1]: http://pubs.opengroup.org/onlinepubs/
9699919799/utilities/V3_chap02.html#tag_18_09_05
W. Trevor King [Wed, 11 Dec 2013 06:19:23 +0000 (22:19 -0800)]
COPYING: Add the 2-clause BSD license
From http://opensource.org/licenses/BSD-2-Clause
W. Trevor King [Wed, 11 Dec 2013 06:17:26 +0000 (22:17 -0800)]
Initial dockerfile commit
This builds a working Buildbot container from scratch using the Gentoo
stage3 tarball as a seed. Everything seems to work with Docker
v0.7.1.