From 17b7f81f0d09b4a20317dae6d327ea5dfd329f49 Mon Sep 17 00:00:00 2001 From: Ruben Morales Date: Fri, 13 Mar 2020 12:12:15 -0400 Subject: [PATCH] Adjusted to new pipeline requirements --- 6.13.10/README.md | 10 -- 6.13.10/Dockerfile => Dockerfile | 21 +++- Dockerfile-TLS | 104 ++++++++++++++++++ Jenkinsfile | 2 + 6.13.10/LICENSE => LICENSE | 0 README.md | 34 ++++++ .../loadbalancer-virtual-host.conf.jinja2 | 0 .../ssl-loadbalancer-virtual-host.conf.jinja2 | 41 +++++++ download.json | 15 +++ {6.13.10/helm => helm}/README.md | 0 .../.helmignore | 0 .../Chart.yaml | 0 .../templates/_helpers.tpl | 0 .../templates/deployment.yaml | 0 .../templates/ingress.yaml | 0 .../templates/service.yaml | 0 .../templates/serviceaccount.yaml | 0 .../values.yaml | 0 scripts/docker-entrypoint-tls.sh | 14 +++ .../scripts => scripts}/docker-entrypoint.sh | 0 20 files changed, 226 insertions(+), 15 deletions(-) delete mode 100755 6.13.10/README.md rename 6.13.10/Dockerfile => Dockerfile (69%) mode change 100755 => 100644 create mode 100644 Dockerfile-TLS create mode 100644 Jenkinsfile rename 6.13.10/LICENSE => LICENSE (100%) mode change 100755 => 100644 create mode 100644 README.md rename {6.13.10/config => config}/loadbalancer-virtual-host.conf.jinja2 (100%) mode change 100755 => 100644 create mode 100644 config/ssl-loadbalancer-virtual-host.conf.jinja2 create mode 100644 download.json rename {6.13.10/helm => helm}/README.md (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/.helmignore (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/Chart.yaml (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/templates/_helpers.tpl (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/templates/deployment.yaml (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/templates/ingress.yaml (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/templates/service.yaml (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/templates/serviceaccount.yaml (100%) mode change 100755 => 100644 rename {6.13.10/helm => helm}/confluence-cluster-load-balancer/values.yaml (100%) mode change 100755 => 100644 create mode 100644 scripts/docker-entrypoint-tls.sh rename {6.13.10/scripts => scripts}/docker-entrypoint.sh (100%) mode change 100755 => 100644 diff --git a/6.13.10/README.md b/6.13.10/README.md deleted file mode 100755 index b401c65..0000000 --- a/6.13.10/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Confluence Data Center setup -## confluence-load-balancer - -**1.** Build image - - docker build -t . - -**2.** Run image - - docker run -t -p 8090:8090 --net= -e NODES= diff --git a/6.13.10/Dockerfile b/Dockerfile old mode 100755 new mode 100644 similarity index 69% rename from 6.13.10/Dockerfile rename to Dockerfile index eb1d8c5..e74cf63 --- a/6.13.10/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # # BASE IMAGE # -ARG BASE_REGISTRY=nexus-docker.52.61.140.4.nip.io +ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.1 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -16,9 +16,20 @@ ENV CONFLUENCE_LB_PUBLIC_HOST=confluence-cluster \ # # BASE PACKAGES # -RUN yum install -y --nogpgcheck httpd python2-pip && \ +ARG TARBALL1=MarkupSafe-1.1.1.tar.gz +ARG TARBALL2=Jinja2-2.11.1.tar.gz +ARG TARBALL3=shinto-cli-0.5.0.tar.gz +COPY ["${TARBALL1}", "${TARBALL2}", "${TARBALL3}", "/tmp/"] +RUN yum update -y --disablerepo="*" --enablerepo="*ubi-8*" && \ + yum install -y --disablerepo="*" --enablerepo="*ubi-8*" httpd python3-pip && \ yum clean all && \ - pip2 install shinto-cli + pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} + +# +# CLEAN UP +# +RUN rm -rfv /var/cache/yum +RUN rm -f /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} # # ERROR LOG, USER @@ -37,8 +48,8 @@ RUN ln -sf /dev/stderr /var/log/httpd/error_log && \ touch /var/www/logs/access.log && chown -R worker:worker /var/www/logs/access.log && \ chown -R worker:worker /var/log/httpd && \ chown -R worker:worker /run/httpd && \ - sed -i -e 's/Listen 80/Listen ${CONFLUENCE_LB_PUBLIC_PORT}\nServerName localhost/g' /etc/httpd/conf/httpd.conf && \ - sed -i -e 's/AllowOverride\s*None/AllowOverride All/ig' /etc/httpd/conf/httpd.conf && \ + sed -i -e "s/Listen 80/Listen ${CONFLUENCE_LB_PUBLIC_PORT}\nServerName localhost/g" /etc/httpd/conf/httpd.conf && \ + sed -i -e "s/AllowOverride\s*None/AllowOverride All/ig" /etc/httpd/conf/httpd.conf && \ echo "Include /work-private/loadbalancer-virtual-host.conf" >> /etc/httpd/conf/httpd.conf # diff --git a/Dockerfile-TLS b/Dockerfile-TLS new file mode 100644 index 0000000..8563e5b --- /dev/null +++ b/Dockerfile-TLS @@ -0,0 +1,104 @@ +# +# BASE IMAGE +# +ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io +ARG BASE_IMAGE=redhat/ubi/ubi8 +ARG BASE_TAG=8.1 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +# +# BUILD ARGUMENTS +# +ARG PATH_TO_CERT=ssl.crt +ARG PATH_TO_KEY=ssl.key + +# +# ENVIRONMENT VARIABLES +# +ENV CONFLUENCE_LB_PUBLIC_HOST=confluence-cluster \ + CONFLUENCE_LB_PUBLIC_PORT=8090 \ + NODES=1 + +# +# BASE PACKAGES +# +ARG TARBALL1=MarkupSafe-1.1.1.tar.gz +ARG TARBALL2=Jinja2-2.11.1.tar.gz +ARG TARBALL3=shinto-cli-0.5.0.tar.gz +COPY ["${TARBALL1}", "${TARBALL2}", "${TARBALL3}", "/tmp/"] +RUN yum update -y --disablerepo="*" --enablerepo="*ubi-8*" && \ + yum install -y --disablerepo="*" --enablerepo="*ubi-8*" httpd mod_ssl python3-pip && \ + yum clean all && \ + pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} + +# +# CLEAN UP +# +RUN rm -rfv /var/cache/yum +RUN rm -f /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} + +# +# ERROR LOG, USER +# +RUN ln -sf /dev/stderr /var/log/httpd/error_log && \ + groupadd -g 10777 worker && \ + useradd -d /work -M -s /sbin/halt -g worker -u 10777 worker && \ + setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/httpd && \ + mkdir -p /work && \ + mkdir -p /work-private && \ + mkdir -p /var/www/logs && \ + chown -R worker:worker /work/ && \ + chown -R worker:worker /work-private && \ + chown -R worker:worker /var/www/logs && \ + chown -R worker:worker /etc/httpd/ && \ + touch /var/www/logs/error.log && chown -R worker:worker /var/www/logs/error.log && \ + touch /var/www/logs/access.log && chown -R worker:worker /var/www/logs/access.log && \ + chown -R worker:worker /var/log/httpd && \ + chown -R worker:worker /run/httpd && \ + sed -i -e "s/Listen 80/Listen ${CONFLUENCE_LB_PUBLIC_PORT}\nServerName localhost/g" /etc/httpd/conf/httpd.conf && \ + sed -i -e "s/AllowOverride\s*None/AllowOverride All/ig" /etc/httpd/conf/httpd.conf && \ + echo "Include /work-private/loadbalancer-virtual-host.conf" >> /etc/httpd/conf/httpd.conf && \ + mkdir -p /etc/httpd/ssl && \ + sed -n -i '/## SSL Virtual Host Context/{x;d;};1h;1!{x;p;};${x;p;}' /etc/httpd/conf.d/ssl.conf && \ + sed -i '/## SSL Virtual Host Context/,$d' /etc/httpd/conf.d/ssl.conf && \ + echo "Include /work-private/ssl-loadbalancer-virtual-host.conf" >> /etc/httpd/conf.d/ssl.conf + +# +# COPY +# +ADD $PATH_TO_CERT /etc/httpd/ssl/ssl.crt +ADD $PATH_TO_KEY /etc/httpd/ssl/ssl.key +RUN chmod u+rx,g+rx,o+rx,a-w /etc/httpd/ssl/* + +# +# DOCKER ENTRYPOINT +# +COPY scripts/docker-entrypoint-tls.sh /work-private +RUN chmod u+rx,g+rx,o+rx,a-w /work-private/docker-entrypoint-tls.sh + +# +# TEMPLATES +# +COPY config/loadbalancer-virtual-host.conf.jinja2 /work-private +COPY config/ssl-loadbalancer-virtual-host.conf.jinja2 /work-private + +# +# WORKDIR +# +WORKDIR /work +EXPOSE $CONFLUENCE_LB_PUBLIC_PORT +EXPOSE 443 + +# +# HEALTHCHECK +# +HEALTHCHECK --start-period=1m --interval=3m --timeout=3s \ + CMD curl -f http://localhost:$CONFLUENCE_LB_PUBLIC_PORT/ || exit 1 + +# +# RUN +# +USER worker +VOLUME ["/work"] +ENTRYPOINT ["/work-private/docker-entrypoint.sh"] +CMD ["httpd", "-DFOREGROUND"] diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..1e590cb --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,2 @@ +@Library('DCCSCR@master') _ +dccscrPipeline() diff --git a/6.13.10/LICENSE b/LICENSE old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/LICENSE rename to LICENSE diff --git a/README.md b/README.md new file mode 100644 index 0000000..fe0d49b --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# Confluence Data Center +## confluence-load-balancer + +### Build and run image + +**1.** Build image + + docker build -t . + +**2.** Run image + + docker run -t -p 8090:8090 --net= -e NODES= + +### Recommended resource requirements + +**1.** Min/max cpu + + 1/- + +**2.** Min/max memory + + 1gb/- + +**3.** Storage min/max/limits + + 10gb/-/- + +**4.** How many storage volumes the application needs + + 1 + +**5.** Max number of containers + + n/a diff --git a/6.13.10/config/loadbalancer-virtual-host.conf.jinja2 b/config/loadbalancer-virtual-host.conf.jinja2 old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/config/loadbalancer-virtual-host.conf.jinja2 rename to config/loadbalancer-virtual-host.conf.jinja2 diff --git a/config/ssl-loadbalancer-virtual-host.conf.jinja2 b/config/ssl-loadbalancer-virtual-host.conf.jinja2 new file mode 100644 index 0000000..0b15be4 --- /dev/null +++ b/config/ssl-loadbalancer-virtual-host.conf.jinja2 @@ -0,0 +1,41 @@ +{% set amountNodes = NODES | int %} + + ServerName {{ CONFLUENCE_LB_PUBLIC_HOST }} + SSLEngine on + SSLCertificateFile /etc/httpd/ssl/ssl.crt + SSLCertificateKeyFile /etc/httpd/ssl/ssl.key + + Require all granted + + Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED + + + {% for n in range(1, (amountNodes+1)) %} + BalancerMember http://confluence-cluster-node{{ n }}:8091 route={{ n }} + {% endfor %} + + + {% for n in range(1, (amountNodes+1)) %} + BalancerMember ws://confluence-cluster-node{{ n }}:8091 route={{ n }} + {% endfor %} + + ProxyPass /synchrony balancer://confluence-synchrony-cluster/synchrony stickysession=ROUTEID + + Require all granted + RewriteEngine on + RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] + RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] + RewriteRule .* balancer://confluence-synchrony-cluster-ws%{REQUEST_URI} [P] + + + + {% for n in range(1, (amountNodes+1)) %} + BalancerMember http://confluence-cluster-node{{ n }}:8090 route={{ n }} + {% endfor %} + + ProxyPass / balancer://confluence-cluster/ stickysession=ROUTEID + + ProxyPreserveHost on + ProxyRequests off + ProxyTimeout 9600 + diff --git a/download.json b/download.json new file mode 100644 index 0000000..83a0012 --- /dev/null +++ b/download.json @@ -0,0 +1,15 @@ +{ "resources": + [ + { "url" : "https://files.pythonhosted.org/packages/source/m/markupsafe/MarkupSafe-1.1.1.tar.gz", + "filename": "MarkupSafe-1.1.1.tar.gz", + "sha256": "29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b" + }, + { "url" : "https://files.pythonhosted.org/packages/source/j/jinja2/Jinja2-2.11.1.tar.gz", + "filename": "Jinja2-2.11.1.tar.gz", + "sha256": "93187ffbc7808079673ef52771baa950426fd664d3aad1d0fa3e95644360e250" + }, + { "url" : "https://files.pythonhosted.org/packages/source/s/shinto-cli/shinto-cli-0.5.0.tar.gz", + "filename": "shinto-cli-0.5.0.tar.gz", + "sha256": "c142e75c34ecd8d04a6200b23464e084ad54ca598e358d70b958044e6b628c95" + } +] } diff --git a/6.13.10/helm/README.md b/helm/README.md old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/README.md rename to helm/README.md diff --git a/6.13.10/helm/confluence-cluster-load-balancer/.helmignore b/helm/confluence-cluster-load-balancer/.helmignore old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/.helmignore rename to helm/confluence-cluster-load-balancer/.helmignore diff --git a/6.13.10/helm/confluence-cluster-load-balancer/Chart.yaml b/helm/confluence-cluster-load-balancer/Chart.yaml old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/Chart.yaml rename to helm/confluence-cluster-load-balancer/Chart.yaml diff --git a/6.13.10/helm/confluence-cluster-load-balancer/templates/_helpers.tpl b/helm/confluence-cluster-load-balancer/templates/_helpers.tpl old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/templates/_helpers.tpl rename to helm/confluence-cluster-load-balancer/templates/_helpers.tpl diff --git a/6.13.10/helm/confluence-cluster-load-balancer/templates/deployment.yaml b/helm/confluence-cluster-load-balancer/templates/deployment.yaml old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/templates/deployment.yaml rename to helm/confluence-cluster-load-balancer/templates/deployment.yaml diff --git a/6.13.10/helm/confluence-cluster-load-balancer/templates/ingress.yaml b/helm/confluence-cluster-load-balancer/templates/ingress.yaml old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/templates/ingress.yaml rename to helm/confluence-cluster-load-balancer/templates/ingress.yaml diff --git a/6.13.10/helm/confluence-cluster-load-balancer/templates/service.yaml b/helm/confluence-cluster-load-balancer/templates/service.yaml old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/templates/service.yaml rename to helm/confluence-cluster-load-balancer/templates/service.yaml diff --git a/6.13.10/helm/confluence-cluster-load-balancer/templates/serviceaccount.yaml b/helm/confluence-cluster-load-balancer/templates/serviceaccount.yaml old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/templates/serviceaccount.yaml rename to helm/confluence-cluster-load-balancer/templates/serviceaccount.yaml diff --git a/6.13.10/helm/confluence-cluster-load-balancer/values.yaml b/helm/confluence-cluster-load-balancer/values.yaml old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/helm/confluence-cluster-load-balancer/values.yaml rename to helm/confluence-cluster-load-balancer/values.yaml diff --git a/scripts/docker-entrypoint-tls.sh b/scripts/docker-entrypoint-tls.sh new file mode 100644 index 0000000..1eadb4d --- /dev/null +++ b/scripts/docker-entrypoint-tls.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +umask u+rxw,g+rwx,o-rwx + +# +# GENERATE LOADBALANCER CONFIG BASED ON AMOUNT OF NODES +# +echo "generating loadbalancer config for $NODES nodes" +env | j2 --format=env /work-private/loadbalancer-virtual-host.conf.jinja2 > /work-private/loadbalancer-virtual-host.conf +env | j2 --format=env /work-private/ssl-loadbalancer-virtual-host.conf.jinja2 > /work-private/ssl-loadbalancer-virtual-host.conf + +exec "$@" diff --git a/6.13.10/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh old mode 100755 new mode 100644 similarity index 100% rename from 6.13.10/scripts/docker-entrypoint.sh rename to scripts/docker-entrypoint.sh -- GitLab