From 1a8fc6399338d58d50c1097cc86bb78f99ecbc95 Mon Sep 17 00:00:00 2001 From: Ruben Morales Date: Fri, 20 Mar 2020 09:21:22 -0400 Subject: [PATCH 1/6] Adjusted to new requirements --- Dockerfile | 50 ++++---- Dockerfile-TLS | 115 ++++++++++++++++++ Jenkinsfile | 3 +- README.md | 26 +++- .../ssl-loadbalancer-virtual-host.conf.jinja2 | 41 +++++++ download.json | 27 ++++ download.yaml | 16 --- scripts/docker-entrypoint-tls.sh | 14 +++ 8 files changed, 251 insertions(+), 41 deletions(-) create mode 100755 Dockerfile-TLS create mode 100755 config/ssl-loadbalancer-virtual-host.conf.jinja2 create mode 100755 download.json delete mode 100644 download.yaml create mode 100755 scripts/docker-entrypoint-tls.sh diff --git a/Dockerfile b/Dockerfile index a0e73a0..5f7e734 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,22 @@ # # BASE IMAGE # -ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 +ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.2 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +# +# LABEL +# +LABEL name="Confluence Load Balancer" \ + maintainer="support@ascendintegrated.com" \ + vendor="Apache" \ + version="6.13.10" \ + release="1" \ + summary="Confluence Load Balancer Image" \ + description="Confluence Load Balancer Image" + # # ENVIRONMENT VARIABLES # @@ -15,26 +26,21 @@ ENV CONFLUENCE_LB_PUBLIC_HOST=confluence-cluster \ # # BASE PACKAGES -# shinto 0.5.0 -# Dependencies of Shinto CLI -# Jinja2 2.11.1 -# MarkupSafe 1.1.1 -ARG SHINTO=shinto-cli-0.5.0.tar.gz -ARG JINJA=Jinja2-2.7.2.tar.gz -ARG MARKUPSAFE=MarkupSafe-1.1.1.tar.gz - -COPY ${SHINTO} /tmp/${SHINTO} -COPY ${JINJA} /tmp/${JINJA} -COPY ${MARKUPSAFE} /tmp/${MARKUPSAFE} - -RUN yum install -y httpd python2-pip && \ - yum clean all - -RUN pip2 install /tmp/${MARKUPSAFE} -RUN pip2 install /tmp/${JINJA} -RUN pip2 install /tmp/${SHINTO} +# +ARG TARBALL1=MarkupSafe-1.1.1.tar.gz +ARG TARBALL2=Jinja2-2.11.1.tar.gz +ARG TARBALL3=shinto-cli-0.5.0.tar.gz +COPY ["${TARBALL1}", "${TARBALL2}", "${TARBALL3}", "/tmp/"] +RUN yum update -y --disablerepo="*" --enablerepo="*ubi-8*" && \ + yum install -y --disablerepo="*" --enablerepo="*ubi-8*" httpd python3-pip && \ + yum clean all && \ + pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} -RUN rm -f /tmp/${SHINTO} /tmp/${JINJA} +# +# CLEAN UP +# +RUN rm -rfv /var/cache/yum +RUN rm -f /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} # # ERROR LOG, USER @@ -53,8 +59,8 @@ RUN ln -sf /dev/stderr /var/log/httpd/error_log && \ touch /var/www/logs/access.log && chown -R worker:worker /var/www/logs/access.log && \ chown -R worker:worker /var/log/httpd && \ chown -R worker:worker /run/httpd && \ - sed -i -e 's/Listen 80/Listen ${CONFLUENCE_LB_PUBLIC_PORT}\nServerName localhost/g' /etc/httpd/conf/httpd.conf && \ - sed -i -e 's/AllowOverride\s*None/AllowOverride All/ig' /etc/httpd/conf/httpd.conf && \ + sed -i -e "s/Listen 80/Listen ${CONFLUENCE_LB_PUBLIC_PORT}\nServerName localhost/g" /etc/httpd/conf/httpd.conf && \ + sed -i -e "s/AllowOverride\s*None/AllowOverride All/ig" /etc/httpd/conf/httpd.conf && \ echo "Include /work-private/loadbalancer-virtual-host.conf" >> /etc/httpd/conf/httpd.conf # diff --git a/Dockerfile-TLS b/Dockerfile-TLS new file mode 100755 index 0000000..7262077 --- /dev/null +++ b/Dockerfile-TLS @@ -0,0 +1,115 @@ +# +# BASE IMAGE +# +ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io +ARG BASE_IMAGE=redhat/ubi/ubi8 +ARG BASE_TAG=8.1 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +# +# LABEL +# +LABEL name="Confluence Load Balancer" \ + maintainer="support@ascendintegrated.com" \ + vendor="Apache" \ + version="6.13.10" \ + release="1" \ + summary="Confluence Load Balancer Image" \ + description="Confluence Load Balancer Image" + +# +# BUILD ARGUMENTS +# +ARG PATH_TO_CERT=ssl.crt +ARG PATH_TO_KEY=ssl.key + +# +# ENVIRONMENT VARIABLES +# +ENV CONFLUENCE_LB_PUBLIC_HOST=confluence-cluster \ + CONFLUENCE_LB_PUBLIC_PORT=8090 \ + NODES=1 + +# +# BASE PACKAGES +# +ARG TARBALL1=MarkupSafe-1.1.1.tar.gz +ARG TARBALL2=Jinja2-2.11.1.tar.gz +ARG TARBALL3=shinto-cli-0.5.0.tar.gz +COPY ["${TARBALL1}", "${TARBALL2}", "${TARBALL3}", "/tmp/"] +RUN yum update -y --disablerepo="*" --enablerepo="*ubi-8*" && \ + yum install -y --disablerepo="*" --enablerepo="*ubi-8*" httpd mod_ssl python3-pip && \ + yum clean all && \ + pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} + +# +# CLEAN UP +# +RUN rm -rfv /var/cache/yum +RUN rm -f /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} + +# +# ERROR LOG, USER +# +RUN ln -sf /dev/stderr /var/log/httpd/error_log && \ + groupadd -g 10777 worker && \ + useradd -d /work -M -s /sbin/halt -g worker -u 10777 worker && \ + setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/httpd && \ + mkdir -p /work && \ + mkdir -p /work-private && \ + mkdir -p /var/www/logs && \ + chown -R worker:worker /work/ && \ + chown -R worker:worker /work-private && \ + chown -R worker:worker /var/www/logs && \ + chown -R worker:worker /etc/httpd/ && \ + touch /var/www/logs/error.log && chown -R worker:worker /var/www/logs/error.log && \ + touch /var/www/logs/access.log && chown -R worker:worker /var/www/logs/access.log && \ + chown -R worker:worker /var/log/httpd && \ + chown -R worker:worker /run/httpd && \ + sed -i -e "s/Listen 80/Listen ${CONFLUENCE_LB_PUBLIC_PORT}\nServerName localhost/g" /etc/httpd/conf/httpd.conf && \ + sed -i -e "s/AllowOverride\s*None/AllowOverride All/ig" /etc/httpd/conf/httpd.conf && \ + echo "Include /work-private/loadbalancer-virtual-host.conf" >> /etc/httpd/conf/httpd.conf && \ + mkdir -p /etc/httpd/ssl && \ + sed -n -i '/## SSL Virtual Host Context/{x;d;};1h;1!{x;p;};${x;p;}' /etc/httpd/conf.d/ssl.conf && \ + sed -i '/## SSL Virtual Host Context/,$d' /etc/httpd/conf.d/ssl.conf && \ + echo "Include /work-private/ssl-loadbalancer-virtual-host.conf" >> /etc/httpd/conf.d/ssl.conf + +# +# COPY +# +ADD $PATH_TO_CERT /etc/httpd/ssl/ssl.crt +ADD $PATH_TO_KEY /etc/httpd/ssl/ssl.key +RUN chmod u+rx,g+rx,o+rx,a-w /etc/httpd/ssl/* + +# +# DOCKER ENTRYPOINT +# +COPY scripts/docker-entrypoint-tls.sh /work-private +RUN chmod u+rx,g+rx,o+rx,a-w /work-private/docker-entrypoint-tls.sh + +# +# TEMPLATES +# +COPY config/loadbalancer-virtual-host.conf.jinja2 /work-private +COPY config/ssl-loadbalancer-virtual-host.conf.jinja2 /work-private + +# +# WORKDIR +# +WORKDIR /work +EXPOSE $CONFLUENCE_LB_PUBLIC_PORT +EXPOSE 443 + +# +# HEALTHCHECK +# +HEALTHCHECK --start-period=1m --interval=3m --timeout=3s \ + CMD curl -f http://localhost:$CONFLUENCE_LB_PUBLIC_PORT/ || exit 1 + +# +# RUN +# +USER worker +VOLUME ["/work"] +ENTRYPOINT ["/work-private/docker-entrypoint.sh"] +CMD ["httpd", "-DFOREGROUND"] diff --git a/Jenkinsfile b/Jenkinsfile index d225425..6312f31 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,3 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '6.13.10') - +dccscrPipeline(version: "6.13.10") diff --git a/README.md b/README.md index b401c65..fe0d49b 100755 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ -# Confluence Data Center setup +# Confluence Data Center ## confluence-load-balancer +### Build and run image + **1.** Build image docker build -t . @@ -8,3 +10,25 @@ **2.** Run image docker run -t -p 8090:8090 --net= -e NODES= + +### Recommended resource requirements + +**1.** Min/max cpu + + 1/- + +**2.** Min/max memory + + 1gb/- + +**3.** Storage min/max/limits + + 10gb/-/- + +**4.** How many storage volumes the application needs + + 1 + +**5.** Max number of containers + + n/a diff --git a/config/ssl-loadbalancer-virtual-host.conf.jinja2 b/config/ssl-loadbalancer-virtual-host.conf.jinja2 new file mode 100755 index 0000000..0b15be4 --- /dev/null +++ b/config/ssl-loadbalancer-virtual-host.conf.jinja2 @@ -0,0 +1,41 @@ +{% set amountNodes = NODES | int %} + + ServerName {{ CONFLUENCE_LB_PUBLIC_HOST }} + SSLEngine on + SSLCertificateFile /etc/httpd/ssl/ssl.crt + SSLCertificateKeyFile /etc/httpd/ssl/ssl.key + + Require all granted + + Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED + + + {% for n in range(1, (amountNodes+1)) %} + BalancerMember http://confluence-cluster-node{{ n }}:8091 route={{ n }} + {% endfor %} + + + {% for n in range(1, (amountNodes+1)) %} + BalancerMember ws://confluence-cluster-node{{ n }}:8091 route={{ n }} + {% endfor %} + + ProxyPass /synchrony balancer://confluence-synchrony-cluster/synchrony stickysession=ROUTEID + + Require all granted + RewriteEngine on + RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] + RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] + RewriteRule .* balancer://confluence-synchrony-cluster-ws%{REQUEST_URI} [P] + + + + {% for n in range(1, (amountNodes+1)) %} + BalancerMember http://confluence-cluster-node{{ n }}:8090 route={{ n }} + {% endfor %} + + ProxyPass / balancer://confluence-cluster/ stickysession=ROUTEID + + ProxyPreserveHost on + ProxyRequests off + ProxyTimeout 9600 + diff --git a/download.json b/download.json new file mode 100755 index 0000000..966022b --- /dev/null +++ b/download.json @@ -0,0 +1,27 @@ +{ "resources": + [ + { "url" : "https://files.pythonhosted.org/packages/source/m/markupsafe/MarkupSafe-1.1.1.tar.gz", + "filename": "MarkupSafe-1.1.1.tar.gz", + "validation": + { + "type": "sha256", + "value": "29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b" + } + }, + { "url" : "https://files.pythonhosted.org/packages/source/j/jinja2/Jinja2-2.11.1.tar.gz", + "filename": "Jinja2-2.11.1.tar.gz", + "validation": + { + "type": "sha256", + "value": "93187ffbc7808079673ef52771baa950426fd664d3aad1d0fa3e95644360e250" + } + }, + { "url" : "https://files.pythonhosted.org/packages/source/s/shinto-cli/shinto-cli-0.5.0.tar.gz", + "filename": "shinto-cli-0.5.0.tar.gz", + "validation": + { + "type": "sha256", + "value": "c142e75c34ecd8d04a6200b23464e084ad54ca598e358d70b958044e6b628c95" + } + } +] } diff --git a/download.yaml b/download.yaml deleted file mode 100644 index b7384f9..0000000 --- a/download.yaml +++ /dev/null @@ -1,16 +0,0 @@ -resources: - - url: https://files.pythonhosted.org/packages/15/59/9f8f85a52e13dcabc69110f88eb7ed5733a631b26f10be586168ee57cba9/shinto-cli-0.5.0.tar.gz - filename: shinto-cli-0.5.0.tar.gz - validation: - type: sha256 - value: c142e75c34ecd8d04a6200b23464e084ad54ca598e358d70b958044e6b628c95 - - url: https://files.pythonhosted.org/packages/23/94/ca42176bf7a252ce1f5d165953013573dffdbe4b5dac07f57146146ea432/Jinja2-2.7.2.tar.gz - filename: Jinja2-2.7.2.tar.gz - validation: - type: sha256 - value: 310a35fbccac3af13ebf927297f871ac656b9da1d248b1fe6765affa71b53235 - - url: https://files.pythonhosted.org/packages/b9/2e/64db92e53b86efccfaea71321f597fa2e1b2bd3853d8ce658568f7a13094/MarkupSafe-1.1.1.tar.gz - filename: MarkupSafe-1.1.1.tar.gz - validation: - type: sha256 - value: 29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \ No newline at end of file diff --git a/scripts/docker-entrypoint-tls.sh b/scripts/docker-entrypoint-tls.sh new file mode 100755 index 0000000..1eadb4d --- /dev/null +++ b/scripts/docker-entrypoint-tls.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +umask u+rxw,g+rwx,o-rwx + +# +# GENERATE LOADBALANCER CONFIG BASED ON AMOUNT OF NODES +# +echo "generating loadbalancer config for $NODES nodes" +env | j2 --format=env /work-private/loadbalancer-virtual-host.conf.jinja2 > /work-private/loadbalancer-virtual-host.conf +env | j2 --format=env /work-private/ssl-loadbalancer-virtual-host.conf.jinja2 > /work-private/ssl-loadbalancer-virtual-host.conf + +exec "$@" -- GitLab From 5c795896e00acf0b07c9285c09ddfd7173236900 Mon Sep 17 00:00:00 2001 From: Ruben Morales Date: Mon, 23 Mar 2020 12:57:18 -0400 Subject: [PATCH 2/6] updated BASE_REGISTRY --- Dockerfile | 2 +- Dockerfile-TLS | 2 +- Jenkinsfile | 0 3 files changed, 2 insertions(+), 2 deletions(-) mode change 100644 => 100755 Jenkinsfile diff --git a/Dockerfile b/Dockerfile index 5f7e734..185d3ac 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # # BASE IMAGE # -ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io +ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.2 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/Dockerfile-TLS b/Dockerfile-TLS index 7262077..f8ace7a 100755 --- a/Dockerfile-TLS +++ b/Dockerfile-TLS @@ -1,7 +1,7 @@ # # BASE IMAGE # -ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io +ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.1 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/Jenkinsfile b/Jenkinsfile old mode 100644 new mode 100755 -- GitLab From a818c90f9d1099fc0c7b678d426a9927326c01e3 Mon Sep 17 00:00:00 2001 From: Ruben Morales Date: Mon, 23 Mar 2020 13:44:26 -0400 Subject: [PATCH 3/6] Set correct file mode --- Dockerfile | 0 Dockerfile-TLS | 0 Jenkinsfile | 0 LICENSE | 0 README.md | 0 config/loadbalancer-virtual-host.conf.jinja2 | 0 config/ssl-loadbalancer-virtual-host.conf.jinja2 | 0 download.json | 0 helm/README.md | 0 helm/confluence-cluster-load-balancer/.helmignore | 0 helm/confluence-cluster-load-balancer/Chart.yaml | 0 helm/confluence-cluster-load-balancer/templates/_helpers.tpl | 0 helm/confluence-cluster-load-balancer/templates/deployment.yaml | 0 helm/confluence-cluster-load-balancer/templates/ingress.yaml | 0 helm/confluence-cluster-load-balancer/templates/service.yaml | 0 .../templates/serviceaccount.yaml | 0 helm/confluence-cluster-load-balancer/values.yaml | 0 scripts/docker-entrypoint-tls.sh | 0 scripts/docker-entrypoint.sh | 0 19 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 Dockerfile mode change 100755 => 100644 Dockerfile-TLS mode change 100755 => 100644 Jenkinsfile mode change 100755 => 100644 LICENSE mode change 100755 => 100644 README.md mode change 100755 => 100644 config/loadbalancer-virtual-host.conf.jinja2 mode change 100755 => 100644 config/ssl-loadbalancer-virtual-host.conf.jinja2 mode change 100755 => 100644 download.json mode change 100755 => 100644 helm/README.md mode change 100755 => 100644 helm/confluence-cluster-load-balancer/.helmignore mode change 100755 => 100644 helm/confluence-cluster-load-balancer/Chart.yaml mode change 100755 => 100644 helm/confluence-cluster-load-balancer/templates/_helpers.tpl mode change 100755 => 100644 helm/confluence-cluster-load-balancer/templates/deployment.yaml mode change 100755 => 100644 helm/confluence-cluster-load-balancer/templates/ingress.yaml mode change 100755 => 100644 helm/confluence-cluster-load-balancer/templates/service.yaml mode change 100755 => 100644 helm/confluence-cluster-load-balancer/templates/serviceaccount.yaml mode change 100755 => 100644 helm/confluence-cluster-load-balancer/values.yaml mode change 100755 => 100644 scripts/docker-entrypoint-tls.sh mode change 100755 => 100644 scripts/docker-entrypoint.sh diff --git a/Dockerfile b/Dockerfile old mode 100755 new mode 100644 diff --git a/Dockerfile-TLS b/Dockerfile-TLS old mode 100755 new mode 100644 diff --git a/Jenkinsfile b/Jenkinsfile old mode 100755 new mode 100644 diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 diff --git a/README.md b/README.md old mode 100755 new mode 100644 diff --git a/config/loadbalancer-virtual-host.conf.jinja2 b/config/loadbalancer-virtual-host.conf.jinja2 old mode 100755 new mode 100644 diff --git a/config/ssl-loadbalancer-virtual-host.conf.jinja2 b/config/ssl-loadbalancer-virtual-host.conf.jinja2 old mode 100755 new mode 100644 diff --git a/download.json b/download.json old mode 100755 new mode 100644 diff --git a/helm/README.md b/helm/README.md old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/.helmignore b/helm/confluence-cluster-load-balancer/.helmignore old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/Chart.yaml b/helm/confluence-cluster-load-balancer/Chart.yaml old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/templates/_helpers.tpl b/helm/confluence-cluster-load-balancer/templates/_helpers.tpl old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/templates/deployment.yaml b/helm/confluence-cluster-load-balancer/templates/deployment.yaml old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/templates/ingress.yaml b/helm/confluence-cluster-load-balancer/templates/ingress.yaml old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/templates/service.yaml b/helm/confluence-cluster-load-balancer/templates/service.yaml old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/templates/serviceaccount.yaml b/helm/confluence-cluster-load-balancer/templates/serviceaccount.yaml old mode 100755 new mode 100644 diff --git a/helm/confluence-cluster-load-balancer/values.yaml b/helm/confluence-cluster-load-balancer/values.yaml old mode 100755 new mode 100644 diff --git a/scripts/docker-entrypoint-tls.sh b/scripts/docker-entrypoint-tls.sh old mode 100755 new mode 100644 diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh old mode 100755 new mode 100644 -- GitLab From ca3f8cce880fe350ed220dcb71a4f77b922a3815 Mon Sep 17 00:00:00 2001 From: Hayden Date: Tue, 7 Apr 2020 23:05:57 +0000 Subject: [PATCH 4/6] removing unnecessary yum flags --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 185d3ac..0992dd7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,8 +31,8 @@ ARG TARBALL1=MarkupSafe-1.1.1.tar.gz ARG TARBALL2=Jinja2-2.11.1.tar.gz ARG TARBALL3=shinto-cli-0.5.0.tar.gz COPY ["${TARBALL1}", "${TARBALL2}", "${TARBALL3}", "/tmp/"] -RUN yum update -y --disablerepo="*" --enablerepo="*ubi-8*" && \ - yum install -y --disablerepo="*" --enablerepo="*ubi-8*" httpd python3-pip && \ +RUN yum update -y && \ + yum install -y httpd python3-pip && \ yum clean all && \ pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} -- GitLab From 0892d2b3fcb26d02bb2a54d3d4771fb11d5da713 Mon Sep 17 00:00:00 2001 From: Blake Burkhart Date: Wed, 6 May 2020 09:36:48 -0600 Subject: [PATCH 5/6] remove Dockerfile-TLS and associated files --- Dockerfile-TLS | 115 ------------------ .../ssl-loadbalancer-virtual-host.conf.jinja2 | 41 ------- scripts/docker-entrypoint-tls.sh | 14 --- 3 files changed, 170 deletions(-) delete mode 100644 Dockerfile-TLS delete mode 100644 config/ssl-loadbalancer-virtual-host.conf.jinja2 delete mode 100644 scripts/docker-entrypoint-tls.sh diff --git a/Dockerfile-TLS b/Dockerfile-TLS deleted file mode 100644 index f8ace7a..0000000 --- a/Dockerfile-TLS +++ /dev/null @@ -1,115 +0,0 @@ -# -# BASE IMAGE -# -ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 -ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.1 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -# -# LABEL -# -LABEL name="Confluence Load Balancer" \ - maintainer="support@ascendintegrated.com" \ - vendor="Apache" \ - version="6.13.10" \ - release="1" \ - summary="Confluence Load Balancer Image" \ - description="Confluence Load Balancer Image" - -# -# BUILD ARGUMENTS -# -ARG PATH_TO_CERT=ssl.crt -ARG PATH_TO_KEY=ssl.key - -# -# ENVIRONMENT VARIABLES -# -ENV CONFLUENCE_LB_PUBLIC_HOST=confluence-cluster \ - CONFLUENCE_LB_PUBLIC_PORT=8090 \ - NODES=1 - -# -# BASE PACKAGES -# -ARG TARBALL1=MarkupSafe-1.1.1.tar.gz -ARG TARBALL2=Jinja2-2.11.1.tar.gz -ARG TARBALL3=shinto-cli-0.5.0.tar.gz -COPY ["${TARBALL1}", "${TARBALL2}", "${TARBALL3}", "/tmp/"] -RUN yum update -y --disablerepo="*" --enablerepo="*ubi-8*" && \ - yum install -y --disablerepo="*" --enablerepo="*ubi-8*" httpd mod_ssl python3-pip && \ - yum clean all && \ - pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} - -# -# CLEAN UP -# -RUN rm -rfv /var/cache/yum -RUN rm -f /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} - -# -# ERROR LOG, USER -# -RUN ln -sf /dev/stderr /var/log/httpd/error_log && \ - groupadd -g 10777 worker && \ - useradd -d /work -M -s /sbin/halt -g worker -u 10777 worker && \ - setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/httpd && \ - mkdir -p /work && \ - mkdir -p /work-private && \ - mkdir -p /var/www/logs && \ - chown -R worker:worker /work/ && \ - chown -R worker:worker /work-private && \ - chown -R worker:worker /var/www/logs && \ - chown -R worker:worker /etc/httpd/ && \ - touch /var/www/logs/error.log && chown -R worker:worker /var/www/logs/error.log && \ - touch /var/www/logs/access.log && chown -R worker:worker /var/www/logs/access.log && \ - chown -R worker:worker /var/log/httpd && \ - chown -R worker:worker /run/httpd && \ - sed -i -e "s/Listen 80/Listen ${CONFLUENCE_LB_PUBLIC_PORT}\nServerName localhost/g" /etc/httpd/conf/httpd.conf && \ - sed -i -e "s/AllowOverride\s*None/AllowOverride All/ig" /etc/httpd/conf/httpd.conf && \ - echo "Include /work-private/loadbalancer-virtual-host.conf" >> /etc/httpd/conf/httpd.conf && \ - mkdir -p /etc/httpd/ssl && \ - sed -n -i '/## SSL Virtual Host Context/{x;d;};1h;1!{x;p;};${x;p;}' /etc/httpd/conf.d/ssl.conf && \ - sed -i '/## SSL Virtual Host Context/,$d' /etc/httpd/conf.d/ssl.conf && \ - echo "Include /work-private/ssl-loadbalancer-virtual-host.conf" >> /etc/httpd/conf.d/ssl.conf - -# -# COPY -# -ADD $PATH_TO_CERT /etc/httpd/ssl/ssl.crt -ADD $PATH_TO_KEY /etc/httpd/ssl/ssl.key -RUN chmod u+rx,g+rx,o+rx,a-w /etc/httpd/ssl/* - -# -# DOCKER ENTRYPOINT -# -COPY scripts/docker-entrypoint-tls.sh /work-private -RUN chmod u+rx,g+rx,o+rx,a-w /work-private/docker-entrypoint-tls.sh - -# -# TEMPLATES -# -COPY config/loadbalancer-virtual-host.conf.jinja2 /work-private -COPY config/ssl-loadbalancer-virtual-host.conf.jinja2 /work-private - -# -# WORKDIR -# -WORKDIR /work -EXPOSE $CONFLUENCE_LB_PUBLIC_PORT -EXPOSE 443 - -# -# HEALTHCHECK -# -HEALTHCHECK --start-period=1m --interval=3m --timeout=3s \ - CMD curl -f http://localhost:$CONFLUENCE_LB_PUBLIC_PORT/ || exit 1 - -# -# RUN -# -USER worker -VOLUME ["/work"] -ENTRYPOINT ["/work-private/docker-entrypoint.sh"] -CMD ["httpd", "-DFOREGROUND"] diff --git a/config/ssl-loadbalancer-virtual-host.conf.jinja2 b/config/ssl-loadbalancer-virtual-host.conf.jinja2 deleted file mode 100644 index 0b15be4..0000000 --- a/config/ssl-loadbalancer-virtual-host.conf.jinja2 +++ /dev/null @@ -1,41 +0,0 @@ -{% set amountNodes = NODES | int %} - - ServerName {{ CONFLUENCE_LB_PUBLIC_HOST }} - SSLEngine on - SSLCertificateFile /etc/httpd/ssl/ssl.crt - SSLCertificateKeyFile /etc/httpd/ssl/ssl.key - - Require all granted - - Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED - - - {% for n in range(1, (amountNodes+1)) %} - BalancerMember http://confluence-cluster-node{{ n }}:8091 route={{ n }} - {% endfor %} - - - {% for n in range(1, (amountNodes+1)) %} - BalancerMember ws://confluence-cluster-node{{ n }}:8091 route={{ n }} - {% endfor %} - - ProxyPass /synchrony balancer://confluence-synchrony-cluster/synchrony stickysession=ROUTEID - - Require all granted - RewriteEngine on - RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] - RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] - RewriteRule .* balancer://confluence-synchrony-cluster-ws%{REQUEST_URI} [P] - - - - {% for n in range(1, (amountNodes+1)) %} - BalancerMember http://confluence-cluster-node{{ n }}:8090 route={{ n }} - {% endfor %} - - ProxyPass / balancer://confluence-cluster/ stickysession=ROUTEID - - ProxyPreserveHost on - ProxyRequests off - ProxyTimeout 9600 - diff --git a/scripts/docker-entrypoint-tls.sh b/scripts/docker-entrypoint-tls.sh deleted file mode 100644 index 1eadb4d..0000000 --- a/scripts/docker-entrypoint-tls.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -e - -umask u+rxw,g+rwx,o-rwx - -# -# GENERATE LOADBALANCER CONFIG BASED ON AMOUNT OF NODES -# -echo "generating loadbalancer config for $NODES nodes" -env | j2 --format=env /work-private/loadbalancer-virtual-host.conf.jinja2 > /work-private/loadbalancer-virtual-host.conf -env | j2 --format=env /work-private/ssl-loadbalancer-virtual-host.conf.jinja2 > /work-private/ssl-loadbalancer-virtual-host.conf - -exec "$@" -- GitLab From 6df41764df70438b47b029c0a64aadd154e56ecc Mon Sep 17 00:00:00 2001 From: Blake Burkhart Date: Thu, 7 May 2020 14:17:08 -0600 Subject: [PATCH 6/6] combine rm commands into previous RUN --- Dockerfile | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0992dd7..4b18bcc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,13 +34,9 @@ COPY ["${TARBALL1}", "${TARBALL2}", "${TARBALL3}", "/tmp/"] RUN yum update -y && \ yum install -y httpd python3-pip && \ yum clean all && \ - pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} - -# -# CLEAN UP -# -RUN rm -rfv /var/cache/yum -RUN rm -f /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} + pip3 install /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} && \ + rm -rfv /var/cache/yum && \ + rm -f /tmp/${TARBALL1} /tmp/${TARBALL2} /tmp/${TARBALL3} # # ERROR LOG, USER -- GitLab