From 51f1f05877c65ed64af3d7402d34e665675ae1cf Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 10:16:17 +0200 Subject: [PATCH 01/21] Basic modifications --- Dockerfile | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3f5f4773..69ddc680 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:alpine3.7 +FROM python:alpine3.8 LABEL maintainer="Adrien Ferrand " # Scripts in /scripts are required to be in the PATH to run properly as certbot's hooks @@ -27,18 +27,19 @@ ENV CERTS_USER_OWNER root ENV CERTS_GROUP_OWNER root # Install dependencies, certbot, lexicon, prepare for first start and clean -RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt openssl supervisor docker \ -&& apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev python-dev build-base \ -&& pip install "certbot==$CERTBOT_VERSION" \ -&& pip install "dns-lexicon==$LEXICON_VERSION" \ -&& pip install "dns-lexicon[namecheap]==$LEXICON_VERSION" \ -&& pip install "dns-lexicon[route53]==$LEXICON_VERSION" \ -&& pip install "dns-lexicon[softlayer]==$LEXICON_VERSION" \ -&& pip install "dns-lexicon[subreg]==$LEXICON_VERSION" \ -&& pip install "dns-lexicon[transip]==$LEXICON_VERSION" \ -&& mkdir -p /var/lib/letsencrypt/hooks \ -&& mkdir -p /etc/supervisord.d \ -&& apk del build-dependencies +RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt openssl docker \ + && apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev python-dev build-base \ + && pip install "certbot==$CERTBOT_VERSION" \ + && pip install "dns-lexicon==$LEXICON_VERSION" \ + && pip install "dns-lexicon[namecheap]==$LEXICON_VERSION" \ + && pip install "dns-lexicon[route53]==$LEXICON_VERSION" \ + && pip install "dns-lexicon[softlayer]==$LEXICON_VERSION" \ + && pip install "dns-lexicon[subreg]==$LEXICON_VERSION" \ + && pip install "dns-lexicon[transip]==$LEXICON_VERSION" \ + && pip install "circus" \ + && mkdir -p /var/lib/letsencrypt/hooks \ + && mkdir -p /etc/circusd.d \ + && apk del build-dependencies # Copy configuration files COPY files/run.sh /scripts/run.sh @@ -46,7 +47,7 @@ COPY files/watch-domains.sh /scripts/watch-domains.sh COPY files/autorestart-containers.sh /scripts/autorestart-containers.sh COPY files/autocmd-containers.sh /scripts/autocmd-containers.sh COPY files/crontab /etc/crontab -COPY files/supervisord.conf /etc/supervisord.conf +COPY files/circus.ini /etc/circus.ini COPY files/authenticator.sh /var/lib/letsencrypt/hooks/authenticator.sh COPY files/cleanup.sh /var/lib/letsencrypt/hooks/cleanup.sh COPY files/deploy-hook.sh /scripts/deploy-hook.sh From 9d7464f1cbfc429805b3803164c94be6d0d24014 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 10:33:49 +0200 Subject: [PATCH 02/21] Rename pipeline --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c9fae476..7acb4078 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -45,7 +45,7 @@ jobs: docker push adferrand/letsencrypt-dns:${DOCKER_TAG} workflows: version: 2 - build-n-deploy: + main-pipeline: jobs: - build: filters: From 7f5b891ffed76dbe32db1c9e2015b058a313e6d3 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 10:45:38 +0200 Subject: [PATCH 03/21] Add headers --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 69ddc680..277cc0f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ ENV CERTS_GROUP_OWNER root # Install dependencies, certbot, lexicon, prepare for first start and clean RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt openssl docker \ - && apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev python-dev build-base \ + && apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev python-dev build-base linux-headers \ && pip install "certbot==$CERTBOT_VERSION" \ && pip install "dns-lexicon==$LEXICON_VERSION" \ && pip install "dns-lexicon[namecheap]==$LEXICON_VERSION" \ From 54da14acdb92cbb60ac8d510eb40174298ba0f2f Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 10:53:16 +0200 Subject: [PATCH 04/21] Add circus config --- Dockerfile | 12 ++++++------ files/circus.ini | 17 +++++++++++++++++ files/run.sh | 8 ++++++-- files/watch-domains.sh | 24 +++++++++++------------- 4 files changed, 40 insertions(+), 21 deletions(-) create mode 100644 files/circus.ini diff --git a/Dockerfile b/Dockerfile index 277cc0f2..1175bcff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,8 @@ LABEL maintainer="Adrien Ferrand " ENV PATH /scripts:$PATH # Versioning -ENV LEXICON_VERSION 2.7.0 -ENV CERTBOT_VERSION 0.26.1 +ENV LEXICON_VERSION 2.7.2 +ENV CERTBOT_VERSION 0.27.1 # Let's Encrypt configuration ENV LETSENCRYPT_STAGING false @@ -27,8 +27,8 @@ ENV CERTS_USER_OWNER root ENV CERTS_GROUP_OWNER root # Install dependencies, certbot, lexicon, prepare for first start and clean -RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt openssl docker \ - && apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev python-dev build-base linux-headers \ +RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt libstdc++ openssl docker ethtool \ + && apk --no-cache --update --virtual build-dependencies add libffi-dev libxml2-dev libxslt-dev openssl-dev build-base linux-headers \ && pip install "certbot==$CERTBOT_VERSION" \ && pip install "dns-lexicon==$LEXICON_VERSION" \ && pip install "dns-lexicon[namecheap]==$LEXICON_VERSION" \ @@ -36,9 +36,9 @@ RUN apk --no-cache --update add rsyslog git libffi libxml2 libxslt openssl docke && pip install "dns-lexicon[softlayer]==$LEXICON_VERSION" \ && pip install "dns-lexicon[subreg]==$LEXICON_VERSION" \ && pip install "dns-lexicon[transip]==$LEXICON_VERSION" \ - && pip install "circus" \ + && pip install circus \ && mkdir -p /var/lib/letsencrypt/hooks \ - && mkdir -p /etc/circusd.d \ + && mkdir -p /etc/circus.d \ && apk del build-dependencies # Copy configuration files diff --git a/files/circus.ini b/files/circus.ini new file mode 100644 index 00000000..00ed029e --- /dev/null +++ b/files/circus.ini @@ -0,0 +1,17 @@ +[circus] +endpoint = ipc:///var/circus/endpoint +pubsub_endpoint = ipc:///var/circus/pubsub +httpd = false +include = /etc/circus.d/*.ini + +[watcher:crond] +cmd = /usr/sbin/crond -f +copy_env = True +stdout_stream.class = FancyStdoutStream +stderr_stream.class = FancyStdoutStream + +[watcher:watch-domains] +cmd = /scripts/watch-domains.sh +copy_env = True +stdout_stream.class = FancyStdoutStream +stderr_stream.class = FancyStdoutStream diff --git a/files/run.sh b/files/run.sh index 4a140fa3..044e6a5f 100755 --- a/files/run.sh +++ b/files/run.sh @@ -27,5 +27,9 @@ if [ "$PFX_EXPORT" = "true" ]; then done fi -# Start supervisord -/usr/bin/supervisord -c /etc/supervisord.conf +# Prepare circus config +mkdir -p /var/circus +touch /var/circus/endpoint /var/circus/pubsub /var/circus/stats + +# Start circusd +/usr/local/bin/circusd /etc/circus.ini diff --git a/files/watch-domains.sh b/files/watch-domains.sh index fbb27d5f..0fa97c97 100755 --- a/files/watch-domains.sh +++ b/files/watch-domains.sh @@ -18,7 +18,7 @@ while true; do if [ ! -f /etc/letsencrypt/domains.conf ]; then touch /etc/letsencrypt/domains.conf fi - + # Calculate the new domains.conf file hash new_hash=`md5sum /etc/letsencrypt/domains.conf | awk '{ print $1 }'` if [ "$current_hash" != "$new_hash" ]; then @@ -59,20 +59,18 @@ while true; do if [ "$autorestart_config" != "" ]; then echo ">>> Watching certificate for main domain $main_domain: containers $autorestart_config autorestarted when certificate is changed." - echo "[program:${main_domain}_autorestart-containers]" >> /etc/supervisord.d/${main_domain}_autorestart-containers - echo "command = /scripts/autorestart-containers.sh $main_domain $autorestart_config" >> /etc/supervisord.d/${main_domain}_autorestart-containers - echo "redirect_stderr = true" >> /etc/supervisord.d/${main_domain}_autorestart-containers - echo "stdout_logfile = /dev/stdout" >> /etc/supervisord.d/${main_domain}_autorestart-containers - echo "stdout_logfile_maxbytes = 0" >> /etc/supervisord.d/${main_domain}_autorestart-containers + echo "[watcher:${main_domain}_autorestart-containers]" > /etc/circus.d/${main_domain}_autorestart-containers.ini + echo "cmd = /scripts/autorestart-containers.sh $main_domain $autorestart_config" >> /etc/circus.d/${main_domain}_autorestart-containers.ini + echo "stdout_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autorestart-containers.ini + echo "stderr_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autorestart-containers.ini fi if [ "$autocmd_config" != "" ]; then echo ">>> Watching certificate for main domain $main_domain: autocmd config $autocmd_config executed when certificate is changed." - echo "[program:${main_domain}_autocmd-containers]" >> /etc/supervisord.d/${main_domain}_autocmd-containers - echo "command = /scripts/autocmd-containers.sh $main_domain '$autocmd_config'" >> /etc/supervisord.d/${main_domain}_autocmd-containers - echo "redirect_stderr = true" >> /etc/supervisord.d/${main_domain}_autocmd-containers - echo "stdout_logfile = /dev/stdout" >> /etc/supervisord.d/${main_domain}_autocmd-containers - echo "stdout_logfile_maxbytes = 0" >> /etc/supervisord.d/${main_domain}_autocmd-containers + echo "[watcher:${main_domain}_autocmd-containers]" > /etc/circus.d/${main_domain}_autocmd-containers.ini + echo "cmd = /scripts/autocmd-containers.sh $main_domain '$autocmd_config'" >> /etc/circus.d/${main_domain}_autocmd-containers.ini + echo "stdout_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autocmd-containers.ini + echo "stderr_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autocmd-containers.ini fi done < /etc/letsencrypt/domains.conf @@ -94,8 +92,8 @@ while true; do fi done - echo "### Reloading supervisord configuration ###" - supervisorctl update + echo "### Reloading circusd configuration ###" + circusctl reloadconfig --timeout 30 # Keep new hash version current_hash="$new_hash" From c16a07d241c0c1a15cfeb1805619a51b715aff8e Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 11:09:59 +0200 Subject: [PATCH 05/21] Working circus live config reload --- files/circus.ini | 2 -- files/run.sh | 4 ---- files/supervisord.conf | 37 ------------------------------------- files/watch-domains.sh | 2 +- 4 files changed, 1 insertion(+), 44 deletions(-) delete mode 100644 files/supervisord.conf diff --git a/files/circus.ini b/files/circus.ini index 00ed029e..17a46e68 100644 --- a/files/circus.ini +++ b/files/circus.ini @@ -1,6 +1,4 @@ [circus] -endpoint = ipc:///var/circus/endpoint -pubsub_endpoint = ipc:///var/circus/pubsub httpd = false include = /etc/circus.d/*.ini diff --git a/files/run.sh b/files/run.sh index 044e6a5f..cf7bd89a 100755 --- a/files/run.sh +++ b/files/run.sh @@ -27,9 +27,5 @@ if [ "$PFX_EXPORT" = "true" ]; then done fi -# Prepare circus config -mkdir -p /var/circus -touch /var/circus/endpoint /var/circus/pubsub /var/circus/stats - # Start circusd /usr/local/bin/circusd /etc/circus.ini diff --git a/files/supervisord.conf b/files/supervisord.conf deleted file mode 100644 index d39cf444..00000000 --- a/files/supervisord.conf +++ /dev/null @@ -1,37 +0,0 @@ -[unix_http_server] -file = /tmp/supervisor.sock -username = dummy -password = dummy - -[supervisord] -logfile = /var/log/supervisord.log -logfile_maxbytes = 50MB -logfile_backups = 10 -loglevel = info -pidfile = /tmp/supervisord.pid -nodaemon = true -minfds = 1024 -minprocs = 200 - -[include] -files = /etc/supervisord.d/* - -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -[supervisorctl] -serverurl = unix:///tmp/supervisor.sock -username = dummy -password = dummy - -[program:crond] -command = /usr/sbin/crond -f -redirect_stderr = true -stdout_logfile = /dev/stdout -stdout_logfile_maxbytes = 0 - -[program:watch-domains] -command = /scripts/watch-domains.sh -redirect_stderr = true -stdout_logfile = /dev/stdout -stdout_logfile_maxbytes = 0 \ No newline at end of file diff --git a/files/watch-domains.sh b/files/watch-domains.sh index 0fa97c97..d8bfac1b 100755 --- a/files/watch-domains.sh +++ b/files/watch-domains.sh @@ -93,7 +93,7 @@ while true; do done echo "### Reloading circusd configuration ###" - circusctl reloadconfig --timeout 30 + circusctl reloadconfig --waiting false # Keep new hash version current_hash="$new_hash" From fddb05e25c282a0a870e345f805aa6940dd8b0e5 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 11:10:30 +0200 Subject: [PATCH 06/21] Update lexicon --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1175bcff..ab73d9cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer="Adrien Ferrand " ENV PATH /scripts:$PATH # Versioning -ENV LEXICON_VERSION 2.7.2 +ENV LEXICON_VERSION 2.7.3 ENV CERTBOT_VERSION 0.27.1 # Let's Encrypt configuration From eb4356a95124c20ce28a7d3c1e95cf312216f774 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 11:35:48 +0200 Subject: [PATCH 07/21] Update changelog, update lexicon --- CHANGELOG.md | 7 +++++++ Dockerfile | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d83f68c6..96521178 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,16 @@ # Unreleased ### Added * Continuous integration/deployment is now handled by CircleCI to allow more advanced strategies and faster builds +* Add and configure Circus, an alternative to Supervisor, compatible with Python 3, with better control over environment variables propagation, and network sockets supervision (not used yet here) + +### Modified +* Update base image to Alpine 3.8 +* Update Lexicon to 2.7.3 +* Update Lexicon to 0.27.1 ### Removed * Docker Hub "Automated build" is disabled in favor of CircleCI +* Remove Supervisor and its configuration (in favor of Circus) ## [2.5.3] - 01/09/2018 ### Added diff --git a/Dockerfile b/Dockerfile index 1175bcff..ab73d9cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer="Adrien Ferrand " ENV PATH /scripts:$PATH # Versioning -ENV LEXICON_VERSION 2.7.2 +ENV LEXICON_VERSION 2.7.3 ENV CERTBOT_VERSION 0.27.1 # Let's Encrypt configuration From 1871104d0cf232e206071540343676af31656bb3 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 11:37:04 +0200 Subject: [PATCH 08/21] Wait for circus to be reloaded --- files/watch-domains.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/watch-domains.sh b/files/watch-domains.sh index d8bfac1b..a2e8c316 100755 --- a/files/watch-domains.sh +++ b/files/watch-domains.sh @@ -93,7 +93,7 @@ while true; do done echo "### Reloading circusd configuration ###" - circusctl reloadconfig --waiting false + circusctl reloadconfig # Keep new hash version current_hash="$new_hash" From 4b9bd203893a0c20cdc0ade3ffea68a1fc181685 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 13:14:33 +0200 Subject: [PATCH 09/21] Clean correctly autorestart/autocmd --- CHANGELOG.md | 1 + files/watch-domains.sh | 3 +++ 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96521178..3cdeebf9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -78,6 +78,7 @@ Add `LEXICON_OPTIONS` environment variable for specific lexicon options ### Added * Connect to the ACME v2 servers, which allow wildcard certificates generation (eg. *.example.com) * Allow use of old ACME v1 servers through `LEXICON_ACME_V1` environment variable +* Clean autocmd/autorestart jobs on the live container when needed ### Modified * Update Certbot to 0.22.2 to supports the ACME v2 servers diff --git a/files/watch-domains.sh b/files/watch-domains.sh index a2e8c316..4a08a396 100755 --- a/files/watch-domains.sh +++ b/files/watch-domains.sh @@ -29,6 +29,9 @@ while true; do echo "#### Registering Let's Encrypt account if needed ####" certbot register -n --agree-tos -m $LETSENCRYPT_USER_MAIL $server_cmd + echo "#### Clean autorestart/autocmd jobs" + rm -f /etc/circus.d/*_autorestart-containers.ini /etc/circus.d/*_autocmd-containers.ini + echo "#### Creating missing certificates if needed (~1min for each) ####" while read -r entry || [ -n "$entry" ]; do autorestart_config=`echo $entry | grep -E -o 'autorestart-containers=.*' | sed 's/autocmd-containers=.*//' | sed 's/autorestart-containers=//' | xargs` From aa15ff1a2d37cf08f3b79a9f37b65b70cc17cf74 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 13:22:21 +0200 Subject: [PATCH 10/21] Split circus config --- Dockerfile | 1 + files/circus.ini | 12 ------------ files/letsencrypt-dns.ini | 11 +++++++++++ 3 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 files/letsencrypt-dns.ini diff --git a/Dockerfile b/Dockerfile index ab73d9cd..889204b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,7 @@ COPY files/autorestart-containers.sh /scripts/autorestart-containers.sh COPY files/autocmd-containers.sh /scripts/autocmd-containers.sh COPY files/crontab /etc/crontab COPY files/circus.ini /etc/circus.ini +COPY files/letsencrypt-dns.ini /etc/circus.d/letsencrypt-dns.ini COPY files/authenticator.sh /var/lib/letsencrypt/hooks/authenticator.sh COPY files/cleanup.sh /var/lib/letsencrypt/hooks/cleanup.sh COPY files/deploy-hook.sh /scripts/deploy-hook.sh diff --git a/files/circus.ini b/files/circus.ini index 17a46e68..fe690152 100644 --- a/files/circus.ini +++ b/files/circus.ini @@ -1,15 +1,3 @@ [circus] httpd = false include = /etc/circus.d/*.ini - -[watcher:crond] -cmd = /usr/sbin/crond -f -copy_env = True -stdout_stream.class = FancyStdoutStream -stderr_stream.class = FancyStdoutStream - -[watcher:watch-domains] -cmd = /scripts/watch-domains.sh -copy_env = True -stdout_stream.class = FancyStdoutStream -stderr_stream.class = FancyStdoutStream diff --git a/files/letsencrypt-dns.ini b/files/letsencrypt-dns.ini new file mode 100644 index 00000000..e9aea605 --- /dev/null +++ b/files/letsencrypt-dns.ini @@ -0,0 +1,11 @@ +[watcher:crond] +cmd = /usr/sbin/crond -f +copy_env = True +stdout_stream.class = FancyStdoutStream +stderr_stream.class = FancyStdoutStream + +[watcher:watch-domains] +cmd = /scripts/watch-domains.sh +copy_env = True +stdout_stream.class = FancyStdoutStream +stderr_stream.class = FancyStdoutStream From 0f55a652b651894b31f9295680584aa94247993f Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 13:22:46 +0200 Subject: [PATCH 11/21] Use include_dir --- files/circus.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/circus.ini b/files/circus.ini index 17a46e68..a47c134e 100644 --- a/files/circus.ini +++ b/files/circus.ini @@ -1,6 +1,6 @@ [circus] httpd = false -include = /etc/circus.d/*.ini +include_dir = /etc/circus.d [watcher:crond] cmd = /usr/sbin/crond -f From 591f81d005770167ccc2b694f621aa422d7d5180 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 13:30:14 +0200 Subject: [PATCH 12/21] Configure output colors --- files/letsencrypt-dns.ini | 4 ++++ files/watch-domains.sh | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/files/letsencrypt-dns.ini b/files/letsencrypt-dns.ini index e9aea605..25e03ae1 100644 --- a/files/letsencrypt-dns.ini +++ b/files/letsencrypt-dns.ini @@ -2,10 +2,14 @@ cmd = /usr/sbin/crond -f copy_env = True stdout_stream.class = FancyStdoutStream +stdout_stream.color = white stderr_stream.class = FancyStdoutStream +stderr_stream.color = red [watcher:watch-domains] cmd = /scripts/watch-domains.sh copy_env = True stdout_stream.class = FancyStdoutStream +stdout_stream.color = white stderr_stream.class = FancyStdoutStream +stderr_stream.color = red diff --git a/files/watch-domains.sh b/files/watch-domains.sh index 4a08a396..c668b677 100755 --- a/files/watch-domains.sh +++ b/files/watch-domains.sh @@ -65,7 +65,9 @@ while true; do echo "[watcher:${main_domain}_autorestart-containers]" > /etc/circus.d/${main_domain}_autorestart-containers.ini echo "cmd = /scripts/autorestart-containers.sh $main_domain $autorestart_config" >> /etc/circus.d/${main_domain}_autorestart-containers.ini echo "stdout_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autorestart-containers.ini + echo "stdout_stream.color = white" >> /etc/circus.d/${main_domain}_autorestart-containers.ini echo "stderr_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autorestart-containers.ini + echo "stderr_stream.color = red" >> /etc/circus.d/${main_domain}_autorestart-containers.ini fi if [ "$autocmd_config" != "" ]; then @@ -73,7 +75,9 @@ while true; do echo "[watcher:${main_domain}_autocmd-containers]" > /etc/circus.d/${main_domain}_autocmd-containers.ini echo "cmd = /scripts/autocmd-containers.sh $main_domain '$autocmd_config'" >> /etc/circus.d/${main_domain}_autocmd-containers.ini echo "stdout_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autocmd-containers.ini + echo "stdout_stream.color = white" >> /etc/circus.d/${main_domain}_autocmd-containers.ini echo "stderr_stream.class = FancyStdoutStream" >> /etc/circus.d/${main_domain}_autocmd-containers.ini + echo "stderr_stream.color = red" >> /etc/circus.d/${main_domain}_autocmd-containers.ini fi done < /etc/letsencrypt/domains.conf From c3c2880e4784223042a7bb7093f9d02e5386da3f Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 13:33:56 +0200 Subject: [PATCH 13/21] Prepare release 2.6.0 --- CHANGELOG.md | 2 ++ README.md | 2 +- VERSION | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cdeebf9..20b13af6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # Changelog # Unreleased + +## [2.6.0] - 17/09/2018 ### Added * Continuous integration/deployment is now handled by CircleCI to allow more advanced strategies and faster builds * Add and configure Circus, an alternative to Supervisor, compatible with Python 3, with better control over environment variables propagation, and network sockets supervision (not used yet here) diff --git a/README.md b/README.md index 0d5604b8..ae5c8fe5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ #  ![](https://raw.githubusercontent.com/adferrand/docker-letsencrypt-dns/master/images/logo_from_realies_200px.png) adferrand/letsencrypt-dns -![](https://img.shields.io/badge/tags-latest-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/letsencrypt-dns:2.5.3.svg) ![](https://images.microbadger.com/badges/image/adferrand/letsencrypt-dns:2.5.3.svg)](https://microbadger.com/images/adferrand/letsencrypt-dns:2.5.3) +![](https://img.shields.io/badge/tags-latest-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/letsencrypt-dns:2.6.0.svg) ![](https://images.microbadger.com/badges/image/adferrand/letsencrypt-dns:2.6.0.svg)](https://microbadger.com/images/adferrand/letsencrypt-dns:2.6.0) * [Container functionalities](#container-functionalities) * [Why use this Docker](#why-use-this-docker-) diff --git a/VERSION b/VERSION index aedc15bb..e70b4523 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5.3 +2.6.0 From 4981c8e2d00992f7040df8313e40e5d0e4532975 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 14:18:10 +0200 Subject: [PATCH 14/21] Add a server spec unit test --- .dockerignore | 4 +++- tests/goss.yaml | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 tests/goss.yaml diff --git a/.dockerignore b/.dockerignore index 0aeef4f3..e97c9544 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,5 +1,7 @@ .git +.circleci images +tests LICENSE VERSION -README.md \ No newline at end of file +README.md diff --git a/tests/goss.yaml b/tests/goss.yaml new file mode 100644 index 00000000..5d90ef6d --- /dev/null +++ b/tests/goss.yaml @@ -0,0 +1,16 @@ +file: + /etc/letsencrypt/domains.conf: + exists: true + mode: "0644" + size: 0 + owner: root + group: root + filetype: file + contains: [] +process: + circusd: + running: true + crond: + running: true + watch-domains.s: + running: true From 8120eef92bb6f25f0cacb8f253a9e587f94196b5 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 14:19:29 +0200 Subject: [PATCH 15/21] Add goss executable --- .circleci/config.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7acb4078..ff01e69c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,7 +26,10 @@ jobs: docker load < /tmp/workspace/docker-letsencrypt-dns.tar - run: command: - docker run --rm adferrand/letsencrypt-dns echo 'Hello World!' + curl -fsSL https://goss.rocks/install | sh + - run: + command: + GOSS_SLEEP=15 GOSS_FILES_PATH=tests dgoss run adferrand/letsencrypt-dns deploy: machine: true steps: From 99c52e007a736d5e9aeef10eeeb03903b64f7cc0 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 14:42:52 +0200 Subject: [PATCH 16/21] Install goss locally --- .circleci/config.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ff01e69c..020ed48c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -25,8 +25,9 @@ jobs: command: docker load < /tmp/workspace/docker-letsencrypt-dns.tar - run: - command: - curl -fsSL https://goss.rocks/install | sh + command: | + mkdir -p bin + curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh - run: command: GOSS_SLEEP=15 GOSS_FILES_PATH=tests dgoss run adferrand/letsencrypt-dns From 3afb271021a38b8e5ede109e21e0dd24427e617c Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 14:54:01 +0200 Subject: [PATCH 17/21] Configure goss to use staging --- .circleci/config.yml | 2 +- tests/goss.yaml | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 020ed48c..db8bdb74 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -30,7 +30,7 @@ jobs: curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh - run: command: - GOSS_SLEEP=15 GOSS_FILES_PATH=tests dgoss run adferrand/letsencrypt-dns + GOSS_SLEEP=20 GOSS_FILES_PATH=tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns deploy: machine: true steps: diff --git a/tests/goss.yaml b/tests/goss.yaml index 5d90ef6d..17efe82f 100644 --- a/tests/goss.yaml +++ b/tests/goss.yaml @@ -7,10 +7,25 @@ file: group: root filetype: file contains: [] +port: + tcp:5555: + listening: true + ip: + - 127.0.0.1 + tcp:5556: + listening: true + ip: + - 127.0.0.1 + udp:12027: + listening: true + ip: + - 0.0.0.0 process: circusd: running: true crond: running: true + sleep: + running: true watch-domains.s: running: true From 9c56b1ad65008337273d79f37a07e92c11051142 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 15:12:30 +0200 Subject: [PATCH 18/21] Declare goss path --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index db8bdb74..362e0b58 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -30,7 +30,7 @@ jobs: curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh - run: command: - GOSS_SLEEP=20 GOSS_FILES_PATH=tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns + GOSS_PATH=./bin GOSS_SLEEP=20 GOSS_FILES_PATH=tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns deploy: machine: true steps: From 4157ccf4eabb95d5369592cbb3bfc5e393411a9e Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 15:29:44 +0200 Subject: [PATCH 19/21] Resolve goss path --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 362e0b58..05b766b0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,11 +26,11 @@ jobs: docker load < /tmp/workspace/docker-letsencrypt-dns.tar - run: command: | - mkdir -p bin - curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh + mkdir -p ~/bin + curl -fsSL https://goss.rocks/install | GOSS_DST=~/bin sh - run: command: - GOSS_PATH=./bin GOSS_SLEEP=20 GOSS_FILES_PATH=tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns + GOSS_PATH=~/bin/goss GOSS_SLEEP=20 GOSS_FILES_PATH=tests ~/bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns deploy: machine: true steps: From 8dda01df512e27b4b2536ab75a34071452b5ea4f Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 15:46:13 +0200 Subject: [PATCH 20/21] Another try --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 05b766b0..22b27ad3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,11 +26,11 @@ jobs: docker load < /tmp/workspace/docker-letsencrypt-dns.tar - run: command: | - mkdir -p ~/bin - curl -fsSL https://goss.rocks/install | GOSS_DST=~/bin sh + mkdir -p ./bin + curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh - run: command: - GOSS_PATH=~/bin/goss GOSS_SLEEP=20 GOSS_FILES_PATH=tests ~/bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns + GOSS_PATH=./bin/goss GOSS_SLEEP=20 GOSS_FILES_PATH=./tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns deploy: machine: true steps: From 61620ba3746520128267a4252047d29e8f194916 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Mon, 17 Sep 2018 16:02:57 +0200 Subject: [PATCH 21/21] Correct pipeline --- .circleci/config.yml | 42 ++++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 26 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 22b27ad3..43291716 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,14 +1,22 @@ version: 2 jobs: - build: + build-n-test: machine: true steps: - checkout - - run: + - run: + name: Build container command: | docker pull adferrand/letsencrypt-dns || true docker build --pull --cache-from adferrand/letsencrypt-dns -t adferrand/letsencrypt-dns . - run: + name: Test container + command: | + mkdir -p ./bin + curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh + GOSS_PATH=./bin/goss GOSS_SLEEP=20 GOSS_FILES_PATH=./tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns + - run: + name: Save container command: | mkdir -p workspace docker save adferrand/letsencrypt-dns > workspace/docker-letsencrypt-dns.tar @@ -16,33 +24,21 @@ jobs: root: workspace paths: - docker-letsencrypt-dns.tar - test: - machine: true - steps: - - attach_workspace: - at: /tmp/workspace - - run: - command: - docker load < /tmp/workspace/docker-letsencrypt-dns.tar - - run: - command: | - mkdir -p ./bin - curl -fsSL https://goss.rocks/install | GOSS_DST=./bin sh - - run: - command: - GOSS_PATH=./bin/goss GOSS_SLEEP=20 GOSS_FILES_PATH=./tests ./bin/dgoss run -e LETSENCRYPT_STAGING=true adferrand/letsencrypt-dns deploy: machine: true steps: - attach_workspace: at: /tmp/workspace - run: + name: Load container command: docker load < /tmp/workspace/docker-letsencrypt-dns.tar - run: + name: Login to DockerHub command: echo "${DOCKER_PASS}" | docker login -u ${DOCKER_USER} --password-stdin - - deploy: + - deploy: + name: Deploy to DockerHub command: | if [ ${CIRCLE_BRANCH} = master ]; then DOCKER_TAG=latest; else DOCKER_TAG=${CIRCLE_TAG:-${CIRCLE_BRANCH}}; fi docker tag adferrand/letsencrypt-dns adferrand/letsencrypt-dns:${DOCKER_TAG} @@ -51,19 +47,13 @@ workflows: version: 2 main-pipeline: jobs: - - build: - filters: - tags: - only: /^[0-9.]+/ - - test: - requires: - - build + - build-n-test: filters: tags: only: /^[0-9.]+/ - deploy: requires: - - test + - build-n-test filters: branches: only: master