diff --git a/data/ansible/docker/docker-compose.yaml b/data/ansible/docker/docker-compose.yaml index 8d86d94f8..706740e60 100644 --- a/data/ansible/docker/docker-compose.yaml +++ b/data/ansible/docker/docker-compose.yaml @@ -4,7 +4,7 @@ nginx: # Ref. https://github.com/nginxinc/docker-nginx/issues/29 image: "nginx:alpine" ports: - - 5043:443 + - 80:80 links: - registry:registry volumes: diff --git a/data/ansible/docker/docker.yaml b/data/ansible/docker/docker.yaml index a5053de6b..a75af8d41 100644 --- a/data/ansible/docker/docker.yaml +++ b/data/ansible/docker/docker.yaml @@ -1,17 +1,20 @@ --- - name: Add Docker's public GPG key to the APT keyring + become: true apt_key: url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg state: present - name: Configure Docker's upstream APT repository + become: true apt_repository: repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable state: present update_cache: yes - name: Install Docker + become: true apt: name: - docker-ce @@ -20,15 +23,39 @@ state: "present" - name: Add user(s) to "docker" group + become: true user: - name: "{{ item }}" + name: "{{ gouser }}" groups: "docker" append: true - loop: "{{ docker__users }}" - name: Enable service docker and ensure it is not masked + become: true systemd: name: docker state: started enabled: yes masked: no + +- name: Install Docker Module for Python + shell: "pip3 install docker" + +- name: Creates directory + become: yes + file: + path: /var/docker/registry + state: directory + +- name: Check if registry is running + become: yes + shell: docker container ls -q -f="name=registry" + register: continerList + +- name: Start registry + become: yes + shell: sudo docker run -d --name registry --restart=always -v "$(pwd)":/var/lib/registry -p 5000:5000 registry:2 + args: + chdir: /var/docker/registry + when: continerList.stdout_lines|length == 0 + + \ No newline at end of file diff --git a/data/ansible/docker/main.yaml b/data/ansible/docker/main.yaml index 87fdce169..5ba07d970 100644 --- a/data/ansible/docker/main.yaml +++ b/data/ansible/docker/main.yaml @@ -1,6 +1,6 @@ --- - name: Check and set python version on APT server - hosts: apt + hosts: docker remote_user: '{{ gouser }}' gather_facts: false tasks: @@ -11,19 +11,7 @@ fi become: true -- name: Check and set python version on PKG server - hosts: pkg - remote_user: '{{ gouser }}' - gather_facts: false - tasks: - - name: symlink /usr/bin/python -> /usr/bin/python3 - raw: | - if [ -f /usr/bin/python3 ] && [ ! -f /usr/bin/python ]; then - ln --symbolic /usr/bin/python3 /usr/bin/python; - fi - become: true - -- hosts: apt +- hosts: docker vars: ############################################################### ##################### Golang Vars ############################# @@ -46,22 +34,6 @@ # CGRateS vars cgrates_dir: "{{ golang_gopath }}/src/github.com/cgrates/cgrates" cgrates_branch: "master" - cgrates_distribution: "nightly" - ############################################################### - ######################## GPG Vars ############################# - ############################################################### - gpg_home: "/root" - gpg_realname: "CGRateS" - gpg_useremail: "cgrates@itsyscom.com" - gpg_pubkeyfileexport: "apt.cgrates.org.gpg.key" - - gpg_keylength: 2048 - gpg_subkeylength: 2048 - gpg_expire: 360 - - rootUser : root - - customPath: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" dependencies: - build-essential @@ -72,12 +44,14 @@ - gnupg2 - software-properties-common - nginx - + - python3 + - python3-pip + - virtualenv + - python3-setuptools + rootUser : root + remote_user: '{{ gouser }}' tasks: - - name: set cgrates cgrates_distribution - set_fact: - cgrates_distribution: "{{ cgrates_distribution }}" ########################################################################################################################### ########################################################################################################################### # install dependencies @@ -89,7 +63,7 @@ # Prepare for configuration - name: Check if NGINX needs to be configured become: true - shell: "ls /etc/nginx/sites-enabled | grep 'apt.cgrates.org.vhost'" + shell: "ls /etc/nginx/sites-enabled | grep 'docker.cgrates.org.vhost'" ignore_errors: true register: nginxConfig @@ -97,6 +71,9 @@ include: nginx.yaml when: nginxConfig.stdout_lines|length < 1 + - name: Configure docker + include: docker.yaml + ########################################################################################################################### ########################################################################################################################### # Install Golang @@ -135,22 +112,28 @@ become: yes become_user: "{{ gouser }}" - - name: build cgrates - shell: "sh {{ cgrates_dir }}/build.sh" + - name: build cgrates for docker + shell: "sh {{ cgrates_dir }}/data/docker/scratch/build.sh" environment: PATH: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" args: - chdir: '{{ cgrates_dir }}' + chdir: '{{ cgrates_dir }}/data/docker/scratch' - - name: symbol link + - name: copy default config + copy: + src: "{{ cgrates_dir }}/data/conf/cgrates/cgrates.json" + dest: "{{ cgrates_dir }}/data/docker/scratch/cgrates.json" + + - name: build Docker image become: yes - file: - src: "{{ cgrates_dir }}/data" - dest: "/usr/share/cgrates" - state: link - - - name: get git tag - shell: "git tag -l --points-at HEAD" + shell: "docker build -t cgrates {{ cgrates_dir }}/data/docker/scratch/" args: - chdir: '{{ cgrates_dir }}' - register: gitTagVar + chdir: '{{ cgrates_dir }}/data/docker/scratch' + + - name: tag docker image + become: yes + shell: "sudo docker tag cgrates 127.0.0.1:5000/cgrates:{{ cgrates_branch }}" + + - name: push docker image to repo + become: yes + shell: "sudo docker image push 127.0.0.1:5000/cgrates:{{ cgrates_branch }}" diff --git a/data/ansible/docker/nginx.conf b/data/ansible/docker/nginx.conf deleted file mode 100644 index f2f8fcce5..000000000 --- a/data/ansible/docker/nginx.conf +++ /dev/null @@ -1,66 +0,0 @@ -events { - worker_connections 1024; -} - -http { - upstream docker-registry { - server registry:5000; - } - - ## Set a variable to help us decide if we need to add the - ## 'Docker-Distribution-Api-Version' header. - ## The registry always sets this header. - ## In the case of nginx performing auth, the header is unset - ## since nginx is auth-ing before proxying. - map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { - '' 'registry/2.0'; - } - - - server { - listen 443 ;#ssl; - server_name 127.0.0.1; - - # SSL - # ssl_certificate /etc/nginx/conf.d/domain.crt; - # ssl_certificate_key /etc/nginx/conf.d/domain.key; - - # # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - # ssl_protocols TLSv1.1 TLSv1.2; - # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - # ssl_prefer_server_ciphers on; - # ssl_session_cache shared:SSL:10m; - - # disable any limits to avoid HTTP 413 for large image uploads - client_max_body_size 0; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) - chunked_transfer_encoding on; - - location /v2/ { - # Do not allow connections from docker 1.5 and earlier - # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents - if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { - return 404; - } - - # To add basic authentication to v2 use auth_basic setting. - limit_except GET HEAD OPTIONS { - deny all; - # auth_basic "Registry realm"; - # auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd; - } - - ## If $docker_distribution_api_version is empty, the header is not added. - ## See the map directive above where this variable is defined. - add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; - - proxy_pass http://docker-registry; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 900; - } - } -} \ No newline at end of file diff --git a/data/ansible/docker/nginx.conf.j2 b/data/ansible/docker/nginx.conf.j2 index 8f0b30be2..5dbe31b71 100644 --- a/data/ansible/docker/nginx.conf.j2 +++ b/data/ansible/docker/nginx.conf.j2 @@ -1,22 +1,41 @@ {{ ansible_managed | comment }} +map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { + '' 'registry/2.0'; +} + server { listen 80; - server_name apt.cgrates.org; + server_name 192.168.59.203; - access_log /var/log/nginx/packages-error.log; - error_log /var/log/nginx/packages-error.log; + access_log /var/log/nginx/docker-error.log; + error_log /var/log/nginx/docker-error.log; - location / { - root /var/packages; - index index.html; - autoindex on; + # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) + chunked_transfer_encoding on; + + location /v2/ { + # Do not allow connections from docker 1.5 and earlier + # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents + if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { + return 404; + } + + # To add basic authentication to v2 use auth_basic setting. + limit_except GET HEAD OPTIONS { + deny all; + # auth_basic "Registry realm"; + # auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd; + } + + ## If $docker_distribution_api_version is empty, the header is not added. + ## See the map directive above where this variable is defined. + add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; + + proxy_pass http://127.0.0.1:5000; + proxy_set_header Host $http_host; # required for docker client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; } - - location ~ /(.*)/conf { - deny all; - } - - location ~ /(.*)/db { - deny all; - } -} \ No newline at end of file +} diff --git a/data/ansible/docker/nginx.yaml b/data/ansible/docker/nginx.yaml index 6279c5982..a5cfcebf6 100644 --- a/data/ansible/docker/nginx.yaml +++ b/data/ansible/docker/nginx.yaml @@ -3,15 +3,15 @@ become: true template: src: nginx.conf.j2 - dest: "/etc/nginx/sites-available/apt.cgrates.org.vhost" + dest: "/etc/nginx/sites-available/docker.cgrates.org.vhost" mode: '0600' owner: "{{ rootUser }}" -- name: Create a symlink for apt.cgrates.org +- name: Create a symlink for docker.cgrates.org become: true file: - src: "/etc/nginx/sites-available/apt.cgrates.org.vhost" - dest: "/etc/nginx/sites-enabled/apt.cgrates.org.vhost" + src: "/etc/nginx/sites-available/docker.cgrates.org.vhost" + dest: "/etc/nginx/sites-enabled/docker.cgrates.org.vhost" state: link - name: Restart the nginx so the change take effects diff --git a/data/docker/scratch/build.sh b/data/docker/scratch/build.sh new file mode 100644 index 000000000..116a67e53 --- /dev/null +++ b/data/docker/scratch/build.sh @@ -0,0 +1,16 @@ +#! /usr/bin/env sh +echo "Building CGRateS ..." + +GIT_LAST_LOG=$(git log -1 | tr -d "'") + +GIT_TAG_LOG=$(git tag -l --points-at HEAD) + +if [ ! -z "$GIT_TAG_LOG" ] +then + GIT_LAST_LOG="" +fi + +GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o cgr-engine -a -ldflags '-extldflags "-f no-PIC -static"' -tags 'osusergo netgo static_build' -ldflags "-X 'github.com/cgrates/cgrates/utils.GitLastLog=$GIT_LAST_LOG'" github.com/cgrates/cgrates/cmd/cgr-engine +cr=$? + +exit $cr