Skip to content

Commit

Permalink
Merge pull request #2830 from cyberark/migrate-dockerv1-to-dockerv2
Browse files Browse the repository at this point in the history 
Change from docker-compose to docker compose in scripts
  • Loading branch information
@iperalta7
iperalta7 authored Jun 23, 2023
2 parents 2c20561 + ace5097 commit 631d745
Show file tree
Hide file tree
Showing 11 changed files with 69 additions and 69 deletions.
14 changes: 7 additions & 7 deletions UPGRADING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,29 +19,29 @@ that was used when you originally deployed your Conjur server.

3. Pull the new Conjur image version:
```
docker-compose pull conjur
docker compose pull conjur
```

4. Stop the Conjur container:
```
docker-compose stop conjur
docker compose stop conjur
```

5. Bring up the Conjur service using the new image version without changing
linked services:
```
docker-compose up -d --no-deps conjur
docker compose up -d --no-deps conjur
```

6. View Docker containers and verify all are healthy, up and running:
```
docker-compose ps -a
docker compose ps -a
```

It may also be useful to check if Conjur started successfully, which can be
done by running
```
$ docker-compose exec conjur conjurctl wait
$ docker compose exec conjur conjurctl wait
Waiting for Conjur to be ready...
...
Conjur is ready!
Expand All @@ -56,7 +56,7 @@ environment variable first, you will be able to complete the steps without an
visible/explicit error message, but the logs of the new Conjur container will
show an error like:
```
$ docker-compose logs conjur_server
$ docker compose logs conjur_server
rake aborted!
No CONJUR_DATA_KEY
...
Expand All @@ -66,7 +66,7 @@ To fix this, set the `CONJUR_DATA_KEY` environment variable and run through
the [process](#standard-process) again. This time when you check the logs of the Conjur server
container you should see the service starting as expected:
```
$ docker-compose logs conjur_server
$ docker compose logs conjur_server
...
=> Booting Puma
=> Rails 5.2.4.3 application starting in production
Expand Down
12 changes: 6 additions & 6 deletions ci/oauth/keycloak/keycloak_functions.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ function _hydrate_keycloak_env_args() {
set -o pipefail
# Note: This prints all lines that look like:
# KEYCLOAK_XXX=someval
docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/'
docker compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/'
)

# shellcheck disable=SC2034
Expand All @@ -34,22 +34,22 @@ function _hydrate_keycloak_env_args() {
# _create_keycloak_user '$APP_USER' '$APP_PW' '$APP_EMAIL'
#
# This is because those variables are not available to this script. They are
# available to bash commands run via "docker-compose exec keycloak bash
# available to bash commands run via "docker compose exec keycloak bash
# -c...", since they're defined in the docker-compose.yml.
function _create_keycloak_user() {
local user_var=$1
local pw_var=$2
local email_var=$3

docker-compose exec -T \
docker compose exec -T \
${KEYCLOAK_SERVICE_NAME} \
bash -c "/scripts/create_user \"$user_var\" \"$pw_var\" \"$email_var\""
}

function create_keycloak_users() {
echo "Defining keycloak client"

docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client
docker compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client

echo "Creating user 'alice' in Keycloak"

Expand Down Expand Up @@ -80,7 +80,7 @@ function create_keycloak_users() {
}

function wait_for_keycloak_server() {
docker-compose exec -T \
docker compose exec -T \
${KEYCLOAK_SERVICE_NAME} /scripts/wait_for_server
}

Expand All @@ -93,7 +93,7 @@ function fetch_keycloak_certificate() {
read -ra parallel_services <<< "$(get_parallel_services 'conjur')"

for parallel_service in "${parallel_services[@]}"; do
docker-compose exec -T \
docker compose exec -T \
"${parallel_service}" /oauth/keycloak/scripts/fetch_certificate
done
}
28 changes: 14 additions & 14 deletions ci/shared.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,20 +66,20 @@ _run_cucumber_tests() {
read -ra parallel_services <<< "$(get_parallel_services 'conjur pg')"

if (( ${#services[@]} )); then
docker-compose up --no-deps --no-recreate -d "${parallel_services[@]}" "${services[@]}"
docker compose up --no-deps --no-recreate -d "${parallel_services[@]}" "${services[@]}"
else
docker-compose up --no-deps --no-recreate -d "${parallel_services[@]}"
docker compose up --no-deps --no-recreate -d "${parallel_services[@]}"
fi

read -ra parallel_services <<< "$(get_parallel_services 'conjur')"
for parallel_service in "${parallel_services[@]}"; do
docker-compose exec -T "$parallel_service" conjurctl wait --retries 180
docker compose exec -T "$parallel_service" conjurctl wait --retries 180
done

echo "Create cucumber account..."

for parallel_service in "${parallel_services[@]}"; do
docker-compose exec -T "$parallel_service" conjurctl account create cucumber
docker compose exec -T "$parallel_service" conjurctl account create cucumber
done

# Stage 2: Prepare cucumber environment args
Expand Down Expand Up @@ -113,8 +113,8 @@ _run_cucumber_tests() {
done

# Add the cucumber env vars that we always want to send.
# Note: These are args for docker-compose run, and as such the right hand
# sides of the = do NOT require escaped quotes. docker-compose takes the
# Note: These are args for docker compose run, and as such the right hand
# sides of the = do NOT require escaped quotes. docker compose takes the
# entire arg, splits on the =, and uses the rhs as the value,
env_var_flags+=(
-e "CUCUMBER_NETWORK=$(_find_cucumber_network)"
Expand All @@ -127,7 +127,7 @@ _run_cucumber_tests() {
done

# If there's no tty (e.g. we're running as a Jenkins job), pass -T to
# docker-compose.
# docker compose.
run_flags=(--no-deps --rm)
if ! tty -s; then
run_flags+=(-T)
Expand All @@ -153,7 +153,7 @@ _run_cucumber_tests() {

# Have to add tags in profile for parallel to run properly
# ${cucumber_tags_arg} should overwrite the profile tags in a way for @smoke to work correctly
docker-compose run "${run_flags[@]}" "${env_var_flags[@]}" \
docker compose run "${run_flags[@]}" "${env_var_flags[@]}" \
cucumber -ec "\
/oauth/keycloak/scripts/fetch_certificate &&
bundle exec parallel_cucumber . -n ${PARALLEL_PROCESSES} \
Expand All @@ -170,14 +170,14 @@ _run_cucumber_tests() {
# process to write the report. The container is kept alive using an infinite
# sleep in the at_exit hook (see .simplecov).
for parallel_service in "${parallel_services[@]}"; do
docker-compose exec -T "$parallel_service" bash -c "pkill -f 'puma 5'"
docker compose exec -T "$parallel_service" bash -c "pkill -f 'puma 5'"
done
}

_get_api_key() {
local service=$1

docker-compose exec -T "${service}" conjurctl \
docker compose exec -T "${service}" conjurctl \
role retrieve-key cucumber:user:admin | tr -d '\r'
}

Expand All @@ -187,7 +187,7 @@ _find_cucumber_network() {
# Docker compose conjur/pg services use the same
# network for 1 or more instances so only conjur is passed
# and not other parallel services.
conjur_id=$(docker-compose ps -q conjur)
conjur_id=$(docker compose ps -q conjur)
net=$(docker inspect "${conjur_id}" --format '{{.HostConfig.NetworkMode}}')

docker network inspect "$net" \
Expand Down Expand Up @@ -218,7 +218,7 @@ wait_for_cmd() {
_wait_for_pg() {
local svc=$1
local pg_cmd=(psql -U postgres -c "select 1" -d postgres)
local dc_cmd=(docker-compose exec -T "$svc" "${pg_cmd[@]}")
local dc_cmd=(docker compose exec -T "$svc" "${pg_cmd[@]}")

echo "Waiting for pg to come up..."

Expand All @@ -237,14 +237,14 @@ is_ldap_up() {
# Note: We need the subshell to group the commands.
(
set -o pipefail
docker-compose exec -T ldap-server bash -c "$ldap_check_cmd" |
docker compose exec -T ldap-server bash -c "$ldap_check_cmd" |
grep '^search: 3$'
) >/dev/null 2>&1
}

start_ldap_server() {
# Start LDAP.
docker-compose up --no-deps --detach ldap-server
docker compose up --no-deps --detach ldap-server

# Wait for up to 90 seconds, since it's slow.
echo "Ensuring that LDAP is up..."
Expand Down
2 changes: 1 addition & 1 deletion ci/test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ finish() {
# TODO: More reliable approach to this.
# Give SimpleCov time to generate reports.
sleep 15
docker-compose down --rmi 'local' --volumes || true
docker compose down --rmi 'local' --volumes || true
}

# main is always called with at least the first arg. When the 2nd arg, the
Expand Down
4 changes: 2 additions & 2 deletions ci/test_suites/authenticators_jwt/test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,14 @@ source "./oauth/keycloak/keycloak_functions.sh"
function main() {
local parallel_services
read -ra parallel_services <<< "$(get_parallel_services 'conjur pg')"
docker-compose up --no-deps -d "${parallel_services[@]}" jwks jwks_py keycloak
docker compose up --no-deps -d "${parallel_services[@]}" jwks jwks_py keycloak

wait_for_keycloak_server
create_keycloak_users
fetch_keycloak_certificate

echo "Configure jwks provider"
docker-compose exec -T jwks "${JWKS_CREATE_CERTIFICATE_SCRIPT_PATH}"
docker compose exec -T jwks "${JWKS_CREATE_CERTIFICATE_SCRIPT_PATH}"

additional_services='jwks jwks_py keycloak'
_run_cucumber_tests authenticators_jwt "$additional_services" \
Expand Down
4 changes: 2 additions & 2 deletions ci/test_suites/authenticators_oidc/test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ function _hydrate_all_env_args() {
set -o pipefail
# Note: This prints all lines that look like:
# KEYCLOAK_XXX=someval
docker-compose exec -T "${KEYCLOAK_SERVICE_NAME}" printenv | awk '/KEYCLOAK/'
docker compose exec -T "${KEYCLOAK_SERVICE_NAME}" printenv | awk '/KEYCLOAK/'
)

# shellcheck disable=SC2034
Expand All @@ -38,7 +38,7 @@ function _hydrate_all_env_args() {
function main() {
local parallel_services
read -ra parallel_services <<< "$(get_parallel_services 'conjur pg')"
docker-compose up --no-deps -d "${parallel_services[@]}" keycloak
docker compose up --no-deps -d "${parallel_services[@]}" keycloak

# We also run an ldap-server container for testing the OIDC & LDAP combined
# use-case. We can't run this use-case in a separate Jenkins step because
Expand Down
4 changes: 2 additions & 2 deletions ci/test_suites/rspec/test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ set -e
# shellcheck disable=SC1091
source "./shared.sh"

docker-compose up --no-deps -d pg
docker compose up --no-deps -d pg

_wait_for_pg pg

# Note: The nested, escaped double quotes are needed in case $REPORT_ROOT
# ever changes to a path containing a space.
docker-compose run -T --rm --no-deps cucumber -ec "
docker compose run -T --rm --no-deps cucumber -ec "
bundle exec rake db:migrate
rm -rf \"$REPORT_ROOT/spec/reports\"
Expand Down
4 changes: 2 additions & 2 deletions ci/test_suites/rspec_audit/test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,15 @@ set -e
source "./shared.sh"

# Start Conjur with the audit database
docker-compose up --no-deps -d audit pg
docker compose up --no-deps -d audit pg

_wait_for_pg audit

# Note: The nested double quotes are needed for the first command involving
# $REPORT_ROOT but not for the 2nd one where it appears in the variable
# assignment.
AUDIT_DATABASE_URL=postgres://postgres@audit/postgres \
docker-compose run \
docker compose run \
-T --rm --no-deps --workdir=/src/conjur-server cucumber -ec "
pwd
ci/rspec-audit/migratedb
Expand Down
10 changes: 5 additions & 5 deletions dev/cli
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ function add_keycloak_env_vars_to_env_args() {
echo "Extracting keycloak variables & setting as env variables"

local keycloak_env_args=''
keycloak_env_args="$(set -o pipefail; docker-compose exec -T keycloak printenv | grep KEYCLOAK | sed 's/.*/-e &/') \
keycloak_env_args="$(set -o pipefail; docker compose exec -T keycloak printenv | grep KEYCLOAK | sed 's/.*/-e &/') \
-e PROVIDER_URI=https://keycloak:8443/auth/realms/master \
-e PROVIDER_INTERNAL_URI=http://keycloak:8080/auth/realms/master/protocol/openid-connect \
-e PROVIDER_ISSUER=http://keycloak:8080/auth/realms/master \
Expand Down Expand Up @@ -234,7 +234,7 @@ while true ; do
case "$1" in
-h | --help ) print_help ; shift ;;
exec )
api_key=$(docker-compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
api_key=$(docker compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
env_args="-e CONJUR_AUTHN_API_KEY=$api_key"

case "$2" in
Expand All @@ -246,18 +246,18 @@ while true ; do
* ) if [ -z "$2" ]; then shift ; else echo "$2 is not a valid option"; exit 1; fi;;
esac

docker exec $env_args -it --detach-keys 'ctrl-\' $(docker-compose ps -q conjur) bash
docker exec "$env_args" -it --detach-keys "ctrl-\'" "$(docker compose ps -q conjur)" bash
shift ;;
policy )
case "$2" in
load )
account="$3"
policy_file=$4
docker-compose exec conjur conjurctl policy load "$account" "/src/conjur-server/$policy_file"
docker compose exec conjur conjurctl policy load "$account" "/src/conjur-server/$policy_file"
shift 4 ;;
* ) if [ -z "$1" ]; then break; else echo "$1 is not a valid option"; exit 1; fi;;
esac ;;
key ) docker-compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin ; shift ;;
key ) docker compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin ; shift ;;
* ) if [ -z "$1" ]; then break; else echo "$1 is not a valid option"; exit 1; fi;;
esac
done
Loading

0 comments on commit 631d745

Please sign in to comment.