summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2015-03-27 13:28:33 +0100
committerLinus Nordberg <linus@nordberg.se>2015-04-01 13:14:07 +0200
commitb280c136a4279d9b3c46936f4737c47d83dae2fd (patch)
tree7c772e377698d1bcb6fca5588e934c0bb04e0d70
parent8c5b1dbba571456e3b68bcf25e4ca9db9b7b669b (diff)
Docker packaging.
-rw-r--r--Makefile92
-rwxr-xr-xmakerelease.erl4
-rw-r--r--packaging/docker/README23
-rw-r--r--packaging/docker/base-debian:jessie/Dockerfile3
-rwxr-xr-xpackaging/docker/build-from-source.sh (renamed from packaging/docker/build.sh)0
-rw-r--r--packaging/docker/catlfish-dev/Dockerfile51
-rw-r--r--packaging/docker/catlfish-dev/supervisord.conf2
-rw-r--r--packaging/docker/erlang/Dockerfile2
-rwxr-xr-xtools/compileconfig.py2
9 files changed, 115 insertions, 64 deletions
diff --git a/Makefile b/Makefile
index 51fd786..e188e95 100644
--- a/Makefile
+++ b/Makefile
@@ -1,49 +1,53 @@
-PREFIX=rel
+# Makefile for catlfish
+
+PREFIX=.
+INSTDIR=$(PREFIX)/catlfish
build all:
./make.erl
+
clean:
-rm ebin/*.beam
+
release: all
- rm -rf $(PREFIX)
- mkdir $(PREFIX)
- ./makerelease.erl
- mkdir $(PREFIX)/catlfish
+ rm -rf $(INSTDIR)
+ mkdir $(INSTDIR)
+ ./makerelease.erl $(INSTDIR)
-include test/test.mk
tests-prepare:
- rm -r $(PREFIX)/tests || true
- mkdir $(PREFIX)/tests
+ rm -r $(INSTDIR)/tests || true
+ mkdir $(INSTDIR)/tests
make tests-createca
make tests-createcert
- mkdir $(PREFIX)/tests/keys
- (cd $(PREFIX)/tests/keys ; ../../../tools/create-key.sh logkey)
- mkdir $(PREFIX)/tests/mergedb
- mkdir $(PREFIX)/tests/mergedb/chains
- touch $(PREFIX)/tests/mergedb/logorder
- mkdir $(PREFIX)/tests/known_roots
- cp tools/testcerts/roots/* $(PREFIX)/tests/known_roots
+ mkdir $(INSTDIR)/tests/keys
+ (cd $(INSTDIR)/tests/keys ; ../../../tools/create-key.sh logkey)
+ mkdir $(INSTDIR)/tests/mergedb
+ mkdir $(INSTDIR)/tests/mergedb/chains
+ touch $(INSTDIR)/tests/mergedb/logorder
+ mkdir $(INSTDIR)/tests/known_roots
+ cp tools/testcerts/roots/* $(INSTDIR)/tests/known_roots
@for machine in $(MACHINES); do \
- (cd $(PREFIX); ../tools/compileconfig.py --config=../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-$$machine.cfg) ; \
- mkdir -p $(PREFIX)/tests/machine/machine-$$machine/db ; \
- touch $(PREFIX)/tests/machine/machine-$$machine/db/index ; \
- touch $(PREFIX)/tests/machine/machine-$$machine/db/newentries ; \
+ tools/compileconfig.py --config=test/catlfish-test.cfg --localconfig test/catlfish-test-local-$$machine.cfg ; \
+ mkdir -p $(INSTDIR)/tests/machine/machine-$$machine/db ; \
+ touch $(INSTDIR)/tests/machine/machine-$$machine/db/index ; \
+ touch $(INSTDIR)/tests/machine/machine-$$machine/db/newentries ; \
done
- (cd $(PREFIX); ../tools/compileconfig.py --config=../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-signing.cfg)
- mkdir $(PREFIX)/tests/privatekeys
- mkdir $(PREFIX)/tests/publickeys
+ tools/compileconfig.py --config test/catlfish-test.cfg --localconfig test/catlfish-test-local-signing.cfg
+ mkdir $(INSTDIR)/tests/privatekeys
+ mkdir $(INSTDIR)/tests/publickeys
@for node in $(NODES); do \
- (cd $(PREFIX)/tests/privatekeys ; ../../../tools/create-key.sh $$node) ; \
- mv $(PREFIX)/tests/privatekeys/$$node.pem $(PREFIX)/tests/publickeys/ ; \
+ (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh $$node) ; \
+ mv $(INSTDIR)/tests/privatekeys/$$node.pem $(INSTDIR)/tests/publickeys/ ; \
mkdir -p test/nodes/$$node/log ; \
done
- (cd $(PREFIX)/tests/privatekeys ; ../../../tools/create-key.sh merge-1)
- mv $(PREFIX)/tests/privatekeys/merge-1.pem $(PREFIX)/tests/publickeys/
+ (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-1)
+ mv $(INSTDIR)/tests/privatekeys/merge-1.pem $(INSTDIR)/tests/publickeys/
tests-start:
@for node in $(NODES); do \
- (cd $(PREFIX) ; bin/run_erl -daemon ../test/nodes/$$node/ ../test/nodes/$$node/log/ "exec bin/erl -config $$node") \
+ (cd $(INSTDIR) ; bin/run_erl -daemon ../test/nodes/$$node/ ../test/nodes/$$node/log/ "exec bin/erl -config $$node") \
done
@for i in 1 2 3 4 5 6 7 8 9 10; do \
echo "waiting for system to start" ; \
@@ -59,20 +63,20 @@ tests-start:
done
tests-run:
- @(cd $(PREFIX) && python ../tools/testcase1.py https://localhost:8080/ tests/keys/logkey.pem) || (echo "Tests failed" ; false)
- @(cd $(PREFIX) && python ../tools/fetchallcerts.py $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Verification failed" ; false)
- @(cd $(PREFIX) && rm -f submittedcerts)
- @(cd $(PREFIX) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
- @(cd $(PREFIX) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
- @(cd $(PREFIX) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert3.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
- @(cd $(PREFIX) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert4.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
- @(cd $(PREFIX) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert5.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
- @(cd $(PREFIX) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
- @(cd $(PREFIX) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
- @(cd $(PREFIX) && python ../tools/merge.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/testcase1.py https://localhost:8080/ tests/keys/logkey.pem) || (echo "Tests failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && rm -f submittedcerts)
+ @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert3.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert4.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert5.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/merge.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
tests-run2:
- @(cd $(PREFIX) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem) || echo "Verification of SCT:s failed"
+ @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem) || echo "Verification of SCT:s failed"
tests-stop:
@for node in $(NODES); do \
@@ -96,8 +100,8 @@ tests:
@make tests-stop
tests-createca:
- mkdir $(PREFIX)/tests/httpsca
- ( cd $(PREFIX)/tests/httpsca ; \
+ mkdir $(INSTDIR)/tests/httpsca
+ ( cd $(INSTDIR)/tests/httpsca ; \
mkdir -p demoCA/newcerts ; \
touch demoCA/index.txt ; \
echo 00 > demoCA/serial ; \
@@ -112,12 +116,12 @@ tests-createca:
)
tests-createcert:
- mkdir $(PREFIX)/tests/httpscert
- openssl req -new -newkey rsa:2048 -keyout $(PREFIX)/tests/httpscert/httpskey-1.pem -out $(PREFIX)/tests/httpsca/httpscert-1.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=localhost'
- ( cd $(PREFIX)/tests/httpsca ; \
+ mkdir $(INSTDIR)/tests/httpscert
+ openssl req -new -newkey rsa:2048 -keyout $(INSTDIR)/tests/httpscert/httpskey-1.pem -out $(INSTDIR)/tests/httpsca/httpscert-1.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=localhost'
+ ( cd $(INSTDIR)/tests/httpsca ; \
openssl ca -in httpscert-1.csr -keyfile key.pem -out httpscert-1.pem -batch \
)
- cp $(PREFIX)/tests/httpsca/httpscert-1.pem $(PREFIX)/tests/httpscert/
+ cp $(INSTDIR)/tests/httpsca/httpscert-1.pem $(INSTDIR)/tests/httpscert/
# Unit testing.
diff --git a/makerelease.erl b/makerelease.erl
index f72fdb6..16e5f7f 100755
--- a/makerelease.erl
+++ b/makerelease.erl
@@ -1,7 +1,7 @@
#!/usr/bin/env escript
%% -*- erlang -*-
-main(_) ->
+main([DestDir]) ->
{ok, Conf} = file:consult("reltool.config"),
{ok, Spec} = reltool:get_target_spec(Conf),
- ok = reltool:eval_target_spec(Spec, code:root_dir(), "rel").
+ ok = reltool:eval_target_spec(Spec, code:root_dir(), DestDir).
diff --git a/packaging/docker/README b/packaging/docker/README
index 0a75c10..147fa41 100644
--- a/packaging/docker/README
+++ b/packaging/docker/README
@@ -1,14 +1,27 @@
-Requirements:
+Information about creating a docker image for running catlfish from a
+binary release or with catlfish built from source.
+
+
+Requirements
+------------
+
- lack of expectations regarding security -- docker doesn't verify
downloaded images
- a 64-bit Linux system
- lxc-docker version 1.3 or later
-Build a docker image with catlfish. Note that you will have to cd into
-this directory, catlfish/packaging/docker, in order for docker to find
-the appropriate docker files.
- $ ./build.sh
+Building an image
+-----------------
+
+Run build-from-release.sh or build-from-source.sh to build a docker
+image with catlfish. Note that you will have to cd into this
+directory, catlfish/packaging/docker, in order for docker to find the
+appropriate docker files.
+
+
+Running it
+----------
Run the resulting image in interactive mode.
diff --git a/packaging/docker/base-debian:jessie/Dockerfile b/packaging/docker/base-debian:jessie/Dockerfile
index 6a30a45..dbd5d37 100644
--- a/packaging/docker/base-debian:jessie/Dockerfile
+++ b/packaging/docker/base-debian:jessie/Dockerfile
@@ -1,5 +1,6 @@
FROM debian:jessie
RUN apt-get update
RUN echo 'debconf debconf/frontend select noninteractive' | debconf-set-selections
-RUN apt-get install -y -q supervisor
+RUN apt-get -y -q upgrade
+RUN apt-get -y -q install supervisor
RUN mkdir -p /var/log/supervisor
diff --git a/packaging/docker/build.sh b/packaging/docker/build-from-source.sh
index 2b47222..2b47222 100755
--- a/packaging/docker/build.sh
+++ b/packaging/docker/build-from-source.sh
diff --git a/packaging/docker/catlfish-dev/Dockerfile b/packaging/docker/catlfish-dev/Dockerfile
index cbfc285..b1192cf 100644
--- a/packaging/docker/catlfish-dev/Dockerfile
+++ b/packaging/docker/catlfish-dev/Dockerfile
@@ -1,26 +1,59 @@
+# Catlfish expects to find its configuration in
+# /usr/local/etc/catlfish/catlfish.config so mounting
+# /usr/local/etc/catlfish is recommended. This can be done using the
+# `-v' flag to `docker run'. Example:
+
+# $ docker run -v /etc/catlfish:/usr/local/etc/catlfish catlfish
+
FROM erlang
RUN apt-get update
RUN echo 'debconf debconf/frontend select noninteractive' | debconf-set-selections
-RUN apt-get install -y -q \
- gcc \
- git \
- make
+RUN apt-get -y -q install gcc git make curl
-WORKDIR /opt
+# Build dependencies in /usr/local/src.
+WORKDIR /usr/local/src
-RUN git clone -b v2.12.2 https://github.com/mochi/mochiweb
+RUN curl https://www.ct.nordu.net/dist/mochiweb-v2.12.2.tar.gz | tar xzf -
+RUN ln -s mochiweb-2.12.2 mochiweb
RUN make -C mochiweb
-RUN git clone -b 2.1.1 https://github.com/basho/lager
+RUN curl https://www.ct.nordu.net/dist/lager-2.1.1.tar.gz | tar xzf -
+RUN ln -s lager-2.1.1 lager
+RUN mkdir lager/deps
+RUN curl https://www.ct.nordu.net/dist/goldrush-0.1.6.tar.gz | tar xzf - -C lager/deps && ln -s goldrush-0.1.6 lager/deps/goldrush
RUN make -C lager
-RUN git clone -b 1.1.0 https://github.com/benoitc/hackney.git
+RUN curl https://www.ct.nordu.net/dist/hackney-1.1.0.tar.gz | tar xzf -
+RUN ln -s hackney-1.1.0 hackney
+RUN mkdir hackney/deps
+RUN curl https://www.ct.nordu.net/dist/erlang-idna-1.0.2.tar.gz | tar xzf - -C hackney/deps && ln -s erlang-idna-1.0.2 hackney/deps/idna
+RUN curl https://www.ct.nordu.net/dist/ssl_verify_hostname-1.0.4.tar.gz | tar xzf - -C hackney/deps && ln -s ssl_verify_hostname-1.0.4 hackney/deps/ssl_verify_hostname
RUN make -C hackney REBAR=../lager/rebar
+# Build plop and catlfish.
RUN git clone https://git.nordu.net/plop.git
RUN make -C plop
RUN git clone https://git.nordu.net/catlfish.git
-RUN make -C catlfish all release
+RUN make -C catlfish all
+RUN make -C catlfish PREFIX=/usr/local release
+
+# Config dir and database dir are mounted from host using `-v' to
+# 'docker run'.
+VOLUME /usr/local/catlfish
+VOLUME /var/local/db/catlfish
+
+# Working directory is where catlfish.config is. We want to run in
+# /var/run/catlfish and not in /usr/local/etc/catlfish, so symlink.
+RUN mkdir -p /var/run/catlfish/erlang_log /var/run/catlfish/sasl_log
+RUN chgrp -R daemon /var/run/catlfish
+RUN chmod -R 775 /var/run/catlfish
+RUN ln -s /usr/local/etc/catlfish/catlfish.config /var/run/catlfish/
+WORKDIR /var/run/catlfish
+
+# Don't run as root.
+USER daemon
+# Run supervisord.
ADD supervisord.conf /etc/supervisor/
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
diff --git a/packaging/docker/catlfish-dev/supervisord.conf b/packaging/docker/catlfish-dev/supervisord.conf
index c973bff..8b317e0 100644
--- a/packaging/docker/catlfish-dev/supervisord.conf
+++ b/packaging/docker/catlfish-dev/supervisord.conf
@@ -2,4 +2,4 @@
nodaemon=true
[program:catlfish]
-command=/opt/catlfish/rel/bin/erl -config catlfish
+command=/usr/local/catlfish/bin/run_erl /var/run/catlfish/ /var/run/catlfish/erlang_log/ "exec /usr/local/catlfish/bin/erl -config catlfish"
diff --git a/packaging/docker/erlang/Dockerfile b/packaging/docker/erlang/Dockerfile
index c33a22b..531064d 100644
--- a/packaging/docker/erlang/Dockerfile
+++ b/packaging/docker/erlang/Dockerfile
@@ -1,7 +1,7 @@
FROM base
RUN apt-get update
RUN echo 'debconf debconf/frontend select noninteractive' | debconf-set-selections
-RUN apt-get install -y -q \
+RUN apt-get -y -q install \
erlang-base \
erlang-crypto \
erlang-dev \
diff --git a/tools/compileconfig.py b/tools/compileconfig.py
index c239bd0..8b7524d 100755
--- a/tools/compileconfig.py
+++ b/tools/compileconfig.py
@@ -52,7 +52,7 @@ def gen_erlang(term, level=1):
saslconfig = [(Symbol("sasl_error_logger"), Symbol("false")),
(Symbol("errlog_type"), Symbol("error")),
- (Symbol("error_logger_mf_dir"), "log"),
+ (Symbol("error_logger_mf_dir"), "sasl_log"),
(Symbol("error_logger_mf_maxbytes"), 10485760),
(Symbol("error_logger_mf_maxfiles"), 10),
]