Merge branch 'alpine38'

.circleci/config.yml

@@ -1,44 +1,44 @@
 version: 2
 jobs:
-  build:
+  build-n-test:
     machine: true
     steps:
       - checkout
-      - run: 
+      - run:
+          name: Build container
           command: |
             docker pull adferrand/letsencrypt-dns || true
             docker build --pull --cache-from adferrand/letsencrypt-dns -t adferrand/letsencrypt-dns .
       - run:
+          name: Test container
+          command: |
+            mkdir -p ./bin
+            curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh
+            GOSS_PATH=./bin/goss GOSS_SLEEP=20 GOSS_FILES_PATH=./tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns
+      - run:
+          name: Save container
           command: |
             mkdir -p workspace
             docker save adferrand/letsencrypt-dns > workspace/docker-letsencrypt-dns.tar
       - persist_to_workspace:
           root: workspace
           paths:
             - docker-letsencrypt-dns.tar
-  test:
-    machine: true
-    steps:
-      - attach_workspace:
-          at: /tmp/workspace
-      - run:
-          command:
-            docker load < /tmp/workspace/docker-letsencrypt-dns.tar
-      - run:
-          command:
-            docker run --rm adferrand/letsencrypt-dns echo 'Hello World!'
   deploy:
     machine: true
     steps:
       - attach_workspace:
           at: /tmp/workspace
       - run:
+          name: Load container
           command:
             docker load < /tmp/workspace/docker-letsencrypt-dns.tar
       - run:
+          name: Login to DockerHub
           command:
             echo "${DOCKER_PASS}" | docker login -u ${DOCKER_USER} --password-stdin
-      - deploy: 
+      - deploy:
+          name: Deploy to DockerHub
           command: |
             if [ ${CIRCLE_BRANCH} = master ]; then DOCKER_TAG=latest; else DOCKER_TAG=${CIRCLE_TAG:-${CIRCLE_BRANCH}}; fi
             docker tag adferrand/letsencrypt-dns adferrand/letsencrypt-dns:${DOCKER_TAG}
@@ -47,19 +47,13 @@ workflows:
   version: 2
   main-pipeline:
     jobs:
-      - build:
-          filters:
-            tags:
-              only: /^[0-9.]+/
-      - test:
-          requires: 
-            - build
+      - build-n-test:
           filters:
             tags:
               only: /^[0-9.]+/
       - deploy:
           requires: 
-            - test
+            - build-n-test
           filters:
             branches:
               only: master

.dockerignore

@@ -1,5 +1,7 @@
 .git
+.circleci
 images
+tests
 LICENSE
 VERSION
-README.md
+README.md

CHANGELOG.md

@@ -1,11 +1,20 @@
 # Changelog
 
 # Unreleased
+
+## [2.6.0] - 17/09/2018
 ### Added
 * Continuous integration/deployment is now handled by CircleCI to allow more advanced strategies and faster builds
+* Add and configure Circus, an alternative to Supervisor, compatible with Python 3, with better control over environment variables propagation, and network sockets supervision (not used yet here)
+
+### Modified
+* Update base image to Alpine 3.8
+* Update Lexicon to 2.7.3
+* Update Lexicon to 0.27.1
 
 ### Removed
 * Docker Hub "Automated build" is disabled in favor of CircleCI
+* Remove Supervisor and its configuration (in favor of Circus)
 
 ## [2.5.3] - 01/09/2018
 ### Added
@@ -71,6 +80,7 @@ Add `LEXICON_OPTIONS` environment variable for specific lexicon options
 ### Added
 * Connect to the ACME v2 servers, which allow wildcard certificates generation (eg. *.example.com)
 * Allow use of old ACME v1 servers through `LEXICON_ACME_V1` environment variable
+* Clean autocmd/autorestart jobs on the live container when needed
 
 ### Modified
 * Update Certbot to 0.22.2 to supports the ACME v2 servers

Dockerfile

@@ -1,12 +1,12 @@
-FROM python:alpine3.7
+FROM python:alpine3.8
 LABEL maintainer="Adrien Ferrand <[email protected]>"
 
 # Scripts in /scripts are required to be in the PATH to run properly as certbot's hooks
 ENV PATH /scripts:$PATH
 
 # Versioning
-ENV LEXICON_VERSION 2.7.0
-ENV CERTBOT_VERSION 0.26.1
+ENV LEXICON_VERSION 2.7.3
+ENV CERTBOT_VERSION 0.27.1
 
 # Let's Encrypt configuration
 ENV LETSENCRYPT_STAGING false
@@ -27,26 +27,28 @@ ENV CERTS_USER_OWNER root
 ENV CERTS_GROUP_OWNER root
 
 # Install dependencies, certbot, lexicon, prepare for first start and clean
-RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt openssl supervisor docker \
-&& apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev python-dev build-base \
-&& pip install "certbot==$CERTBOT_VERSION" \
-&& pip install "dns-lexicon==$LEXICON_VERSION" \
-&& pip install "dns-lexicon[namecheap]==$LEXICON_VERSION" \
-&& pip install "dns-lexicon[route53]==$LEXICON_VERSION" \
-&& pip install "dns-lexicon[softlayer]==$LEXICON_VERSION" \
-&& pip install "dns-lexicon[subreg]==$LEXICON_VERSION" \
-&& pip install "dns-lexicon[transip]==$LEXICON_VERSION" \
-&& mkdir -p /var/lib/letsencrypt/hooks \
-&& mkdir -p /etc/supervisord.d \
-&& apk del build-dependencies
+RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt libstdc++ openssl docker ethtool \
+ && apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev build-base linux-headers \
+ && pip install "certbot==$CERTBOT_VERSION" \
+ && pip install "dns-lexicon==$LEXICON_VERSION" \
+ && pip install "dns-lexicon[namecheap]==$LEXICON_VERSION" \
+ && pip install "dns-lexicon[route53]==$LEXICON_VERSION" \
+ && pip install "dns-lexicon[softlayer]==$LEXICON_VERSION" \
+ && pip install "dns-lexicon[subreg]==$LEXICON_VERSION" \
+ && pip install "dns-lexicon[transip]==$LEXICON_VERSION" \
+ && pip install circus \
+ && mkdir -p /var/lib/letsencrypt/hooks \
+ && mkdir -p /etc/circus.d \
+ && apk del build-dependencies
 
 # Copy configuration files
 COPY files/run.sh /scripts/run.sh
 COPY files/watch-domains.sh /scripts/watch-domains.sh
 COPY files/autorestart-containers.sh /scripts/autorestart-containers.sh
 COPY files/autocmd-containers.sh /scripts/autocmd-containers.sh
 COPY files/crontab /etc/crontab
-COPY files/supervisord.conf /etc/supervisord.conf
+COPY files/circus.ini /etc/circus.ini
+COPY files/letsencrypt-dns.ini /etc/circus.d/letsencrypt-dns.ini
 COPY files/authenticator.sh /var/lib/letsencrypt/hooks/authenticator.sh
 COPY files/cleanup.sh /var/lib/letsencrypt/hooks/cleanup.sh
 COPY files/deploy-hook.sh /scripts/deploy-hook.sh

README.md

@@ -1,5 +1,5 @@
 #  ![](https://raw.githubusercontent.com/adferrand/docker-letsencrypt-dns/master/images/logo_from_realies_200px.png) adferrand/letsencrypt-dns
-![](https://img.shields.io/badge/tags-latest-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/letsencrypt-dns:2.5.3.svg) ![](https://images.microbadger.com/badges/image/adferrand/letsencrypt-dns:2.5.3.svg)](https://microbadger.com/images/adferrand/letsencrypt-dns:2.5.3)
+![](https://img.shields.io/badge/tags-latest-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/letsencrypt-dns:2.6.0.svg) ![](https://images.microbadger.com/badges/image/adferrand/letsencrypt-dns:2.6.0.svg)](https://microbadger.com/images/adferrand/letsencrypt-dns:2.6.0)
 
 * [Container functionalities](#container-functionalities)
 * [Why use this Docker](#why-use-this-docker-)

VERSION

@@ -1 +1 @@
-2.5.3
+2.6.0

files/circus.ini

@@ -0,0 +1,3 @@
+[circus]
+httpd = false
+include_dir = /etc/circus.d

files/letsencrypt-dns.ini

@@ -0,0 +1,15 @@
+[watcher:crond]
+cmd = /usr/sbin/crond -f
+copy_env = True
+stdout_stream.class = FancyStdoutStream
+stdout_stream.color = white
+stderr_stream.class = FancyStdoutStream
+stderr_stream.color = red
+
+[watcher:watch-domains]
+cmd = /scripts/watch-domains.sh
+copy_env = True
+stdout_stream.class = FancyStdoutStream
+stdout_stream.color = white
+stderr_stream.class = FancyStdoutStream
+stderr_stream.color = red

files/run.sh

@@ -27,5 +27,5 @@ if [ "$PFX_EXPORT" = "true" ]; then
     done
 fi
 
-# Start supervisord
-/usr/bin/supervisord -c /etc/supervisord.conf
+# Start circusd
+/usr/local/bin/circusd /etc/circus.ini

files/watch-domains.sh

@@ -18,7 +18,7 @@ while true; do
     if [ ! -f /etc/letsencrypt/domains.conf ]; then
         touch /etc/letsencrypt/domains.conf
     fi
-    
+
     # Calculate the new domains.conf file hash
     new_hash=`md5sum /etc/letsencrypt/domains.conf | awk '{ print $1 }'`
     if [ "$current_hash" != "$new_hash" ]; then
@@ -29,6 +29,9 @@ while true; do
         echo "#### Registering Let's Encrypt account if needed ####"
         certbot register -n --agree-tos -m $LETSENCRYPT_USER_MAIL $server_cmd
 
+        echo "#### Clean autorestart/autocmd jobs"
+        rm -f /etc/circus.d/*_autorestart-containers.ini /etc/circus.d/*_autocmd-containers.ini
+
         echo "#### Creating missing certificates if needed (~1min for each) ####"
         while read -r entry || [ -n "$entry" ]; do
             autorestart_config=`echo $entry | grep -E -o 'autorestart-containers=.*' | sed 's/autocmd-containers=.*//' | sed 's/autorestart-containers=//' | xargs`
@@ -59,20 +62,22 @@ while true; do
 
             if [ "$autorestart_config" != "" ]; then
                 echo ">>> Watching certificate for main domain $main_domain: containers $autorestart_config autorestarted when certificate is changed."
-                echo "[program:${main_domain}_autorestart-containers]" >> /etc/supervisord.d/${main_domain}_autorestart-containers
-                echo "command = /scripts/autorestart-containers.sh $main_domain $autorestart_config" >> /etc/supervisord.d/${main_domain}_autorestart-containers
-                echo "redirect_stderr = true" >> /etc/supervisord.d/${main_domain}_autorestart-containers
-                echo "stdout_logfile = /dev/stdout" >> /etc/supervisord.d/${main_domain}_autorestart-containers
-                echo "stdout_logfile_maxbytes = 0" >> /etc/supervisord.d/${main_domain}_autorestart-containers
+                echo "[watcher:${main_domain}_autorestart-containers]" > /etc/circus.d/${main_domain}_autorestart-containers.ini
+                echo "cmd = /scripts/autorestart-containers.sh $main_domain $autorestart_config" >> /etc/circus.d/${main_domain}_autorestart-containers.ini
+                echo "stdout_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autorestart-containers.ini
+                echo "stdout_stream.color = white" >> /etc/circus.d/${main_domain}_autorestart-containers.ini
+                echo "stderr_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autorestart-containers.ini
+                echo "stderr_stream.color = red" >> /etc/circus.d/${main_domain}_autorestart-containers.ini
             fi
 
             if [ "$autocmd_config" != "" ]; then
                 echo ">>> Watching certificate for main domain $main_domain: autocmd config $autocmd_config executed when certificate is changed."
-                echo "[program:${main_domain}_autocmd-containers]" >> /etc/supervisord.d/${main_domain}_autocmd-containers
-                echo "command = /scripts/autocmd-containers.sh $main_domain '$autocmd_config'" >> /etc/supervisord.d/${main_domain}_autocmd-containers
-                echo "redirect_stderr = true" >> /etc/supervisord.d/${main_domain}_autocmd-containers
-                echo "stdout_logfile = /dev/stdout" >> /etc/supervisord.d/${main_domain}_autocmd-containers
-                echo "stdout_logfile_maxbytes = 0" >> /etc/supervisord.d/${main_domain}_autocmd-containers
+                echo "[watcher:${main_domain}_autocmd-containers]" > /etc/circus.d/${main_domain}_autocmd-containers.ini
+                echo "cmd = /scripts/autocmd-containers.sh $main_domain '$autocmd_config'" >> /etc/circus.d/${main_domain}_autocmd-containers.ini
+                echo "stdout_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autocmd-containers.ini
+                echo "stdout_stream.color = white" >> /etc/circus.d/${main_domain}_autocmd-containers.ini
+                echo "stderr_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autocmd-containers.ini
+                echo "stderr_stream.color = red" >> /etc/circus.d/${main_domain}_autocmd-containers.ini
             fi
         done < /etc/letsencrypt/domains.conf
 
@@ -94,8 +99,8 @@ while true; do
             fi
         done
 
-        echo "### Reloading supervisord configuration ###"
-        supervisorctl update
+        echo "### Reloading circusd configuration ###"
+        circusctl reloadconfig
 
         # Keep new hash version
         current_hash="$new_hash"

tests/goss.yaml

@@ -0,0 +1,31 @@
+file:
+  /etc/letsencrypt/domains.conf:
+    exists: true
+    mode: "0644"
+    size: 0
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+port:
+  tcp:5555:
+    listening: true
+    ip:
+    - 127.0.0.1
+  tcp:5556:
+    listening: true
+    ip:
+    - 127.0.0.1
+  udp:12027:
+    listening: true
+    ip:
+    - 0.0.0.0
+process:
+  circusd:
+    running: true
+  crond:
+    running: true
+  sleep:
+    running: true
+  watch-domains.s:
+    running: true