diff --git a/.dockerignore b/.dockerignore index 6e13672f..7583840f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -7,3 +7,5 @@ Makefile .editorconfig coffeelint.json automation +tools +README.md diff --git a/Makefile b/Makefile index c5b480bb..fd78f680 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ ARCH = rpi# rpi/x86_64/i386/armv7hf DEPLOY_REGISTRY = registry.resindev.io:5000/ -SUPERVISOR_VERSION = latest +SUPERVISOR_VERSION = master all: supervisor @@ -13,6 +13,16 @@ IMAGE = "resin/$(ARCH)-supervisor:$(SUPERVISOR_VERSION)" clean: -rm Dockerfile +supervisor-dind: + cd tools/dind && docker build --no-cache=$(DISABLE_CACHE) -t resin/resin-supervisor-dind:$(SUPERVISOR_VERSION) . + +run-supervisor: supervisor-dind + -docker stop resin_supervisor_1 > /dev/null + -docker rm -f resin_supervisor_1 > /dev/null + cd tools/dind \ + && sed --in-place -e "s|SUPERVISOR_IMAGE=.*|SUPERVISOR_IMAGE=resin/$(ARCH)-supervisor:$(SUPERVISOR_VERSION)|" config/env \ + && docker run -d --name resin_supervisor_1 --privileged -v $$(pwd)/config.json:/usr/src/app/config/config.json -v $$(pwd)/config/env:/usr/src/app/config/env -v /sys/fs/cgroup:/sys/fs/cgroup:ro resin/resin-supervisor-dind:$(SUPERVISOR_VERSION) + supervisor: cp Dockerfile.$(ARCH) Dockerfile echo "ENV VERSION "`jq -r .version package.json` >> Dockerfile @@ -23,9 +33,4 @@ deploy: supervisor docker tag -f $(IMAGE) $(DEPLOY_REGISTRY)$(IMAGE) docker push $(DEPLOY_REGISTRY)$(IMAGE) -run-supervisor-x86_64: - docker run --privileged -d -v /var/run/docker.sock:/run/docker.sock -v /boot/config.json:/boot/config.json -v /:/mnt/root -v /resin-data/resin-supervisor:/data -v /proc/net/fib_trie:/mnt/fib_trie -v /var/log/supervisor-log:/var/log -e API_ENDPOINT=https://staging.resin.io -e REGISTRY_ENDPOINT=registry.staging.resin.io -e PUBNUB_SUBSCRIBE_KEY=sub-c-bananas -e PUBNUB_PUBLISH_KEY=pub-c-bananas -e MIXPANEL_TOKEN=bananasbananas resin/x86_64-supervisor /start -run-supervisor-i386: - docker run --privileged -d -v /var/run/docker.sock:/run/docker.sock -v /boot/config.json:/boot/config.json -v /:/mnt/root -v /resin-data/resin-supervisor:/data -v /proc/net/fib_trie:/mnt/fib_trie -v /var/log/supervisor-log:/var/log -e API_ENDPOINT=https://staging.resin.io -e REGISTRY_ENDPOINT=registry.staging.resin.io -e PUBNUB_SUBSCRIBE_KEY=sub-c-bananas -e PUBNUB_PUBLISH_KEY=pub-c-bananas -e MIXPANEL_TOKEN=bananasbananas resin/i386-supervisor /start - -.PHONY: supervisor deploy run-supervisor-x86_64 run-supervisor-i386 +.PHONY: supervisor deploy supervisor-dind run-supervisor diff --git a/README.md b/README.md new file mode 100644 index 00000000..fb765bd7 --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# Running supervisor in the dev env + +## Set up config +Edit `tools/dind/config.json` to contain the values for a staging config.json. + +## Start the supervisor instance +``` +make ARCH=i386 run-supervisor +``` + +## View the containers logs +``` +logs supervisor -f +``` + +## View the supervisor logs +``` +enter supervisor +tail /var/log/supervisor-log/resin_supervisor_stdout.log -f +``` diff --git a/tools/dind/Dockerfile b/tools/dind/Dockerfile new file mode 100644 index 00000000..1270a587 --- /dev/null +++ b/tools/dind/Dockerfile @@ -0,0 +1,19 @@ +FROM resin/resin-base + +VOLUME /var/lib/docker +ENV DOCKER_VERSION 1.6.2 + +# From get.docker.com script +RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 \ + && echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list \ + && apt-get update && apt-get install lxc-docker-${DOCKER_VERSION} \ + && rm -rf /var/lib/apt/lists/* + +RUN apt-get update && apt-get install jq \ + && rm -rf /var/lib/apt/lists/* + +COPY config/openvpn/ /etc/openvpn/ +COPY config/services/ /etc/systemd/system/ +COPY vpn-init /usr/src/app/ + +RUN systemctl enable resin-supervisor-dind diff --git a/tools/dind/config/openvpn/ca.crt b/tools/dind/config/openvpn/ca.crt new file mode 100644 index 00000000..ccfb0e73 --- /dev/null +++ b/tools/dind/config/openvpn/ca.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWDCCAcGgAwIBAgIJAPSxvaHnsjuiMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTMxMjEyMTQ0NzU2WhcNMjMxMjEwMTQ0NzU2WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDlMvQ2juZrzXRqWpX7t4FXXLl4G8ncNT1v2MmT3pp6uF4nkVGuR4YtW3bipCKa +TXFvyhZuxE/7fJYGhafMWZs26kPt7vsmiTREEGC+BHqNQb0wImrLZOK2W97GduSe +e8nZcWSC3Z8UCXRBH7Zks4zaFwhtcggvdJ/Pw9w12tNIzQIDAQABo1AwTjAdBgNV +HQ4EFgQUU4WqX2fLx7gU2QpQvVH0nZNQsRYwHwYDVR0jBBgwFoAUU4WqX2fLx7gU +2QpQvVH0nZNQsRYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAYhTMd +PsCCxHlqBjOuswP6PYOg5Mz5Aqg70ZZfhLjEWyoSEsrVJM4es+xrtHAItT28Axky +RPN7rzLsd3GiH9a6WzaeNdpWdYMSi3+NrNbkOSvnNhGxu/QHb0LtmetxpD6SDFfP +J11EnN34vWG1JBYHv5Sov+E993rRJvE4UEulZQ== +-----END CERTIFICATE----- diff --git a/tools/dind/config/openvpn/client.conf b/tools/dind/config/openvpn/client.conf new file mode 100644 index 00000000..1f424610 --- /dev/null +++ b/tools/dind/config/openvpn/client.conf @@ -0,0 +1,17 @@ +client +remote vpn.staging.resin.io 443 +resolv-retry infinite + +remote-cert-tls server +ca /etc/openvpn/ca.crt +auth-user-pass /var/volatile/vpnfile +auth-retry nointeract + +comp-lzo +dev tun +proto tcp +nobind + +persist-key +persist-tun +verb 3 diff --git a/tools/dind/config/services/openvpn@client.service.d/uuid.conf b/tools/dind/config/services/openvpn@client.service.d/uuid.conf new file mode 100644 index 00000000..5624be33 --- /dev/null +++ b/tools/dind/config/services/openvpn@client.service.d/uuid.conf @@ -0,0 +1,6 @@ +[Service] +WorkingDirectory=/usr/src/app +EnvironmentFile=/usr/src/app/config/env +ExecStartPre=/usr/src/app/vpn-init +TimeoutStartSec=0 +Restart=always diff --git a/tools/dind/config/services/resin-supervisor-dind.service b/tools/dind/config/services/resin-supervisor-dind.service new file mode 100644 index 00000000..12c2c432 --- /dev/null +++ b/tools/dind/config/services/resin-supervisor-dind.service @@ -0,0 +1,36 @@ +[Unit] +Description=resin-supervisor-dind +Requires=confd.service docker.service openvpn@client.service +After=confd.service +Before=openvpn@client.service + +[Service] +WorkingDirectory=/usr/src/app +EnvironmentFile=/usr/src/app/config/env +ExecStartPre=/usr/bin/docker pull ${SUPERVISOR_IMAGE} +ExecStartPre=-/usr/bin/docker kill resin_supervisor +ExecStartPre=-/usr/bin/docker rm resin_supervisor +ExecStartPre=-/bin/touch /etc/resolv.conf +ExecStart=/usr/bin/docker run --rm --privileged --name resin_supervisor \ + --net=host \ + -v /var/run/docker.sock:/run/docker.sock \ + -v "${CONFIG_PATH}:/boot/config.json" \ + -v /resin-data/resin-supervisor:/data \ + -v /proc/net/fib_trie:/mnt/fib_trie \ + -v /var/log/supervisor-log:/var/log \ + -v /:/mnt/root \ + -v /etc/resolv.conf:/etc/resolv.conf:ro \ + -e "API_ENDPOINT=${API_ENDPOINT}" \ + -e "REGISTRY_ENDPOINT=${REGISTRY_ENDPOINT}" \ + -e "PUBNUB_SUBSCRIBE_KEY=${PUBNUB_SUBSCRIBE_KEY}" \ + -e "PUBNUB_PUBLISH_KEY=${PUBNUB_PUBLISH_KEY}" \ + -e "MIXPANEL_TOKEN=${MIXPANEL_TOKEN}" \ + -e "LED_FILE=${LED_FILE}" \ + -e "LISTEN_PORT=${LISTEN_PORT}" \ + -e "SUPERVISOR_IMAGE=${SUPERVISOR_IMAGE}" \ + ${SUPERVISOR_IMAGE} +TimeoutStartSec=0 +Restart=always + +[Install] +WantedBy=basic.target diff --git a/tools/dind/vpn-init b/tools/dind/vpn-init new file mode 100644 index 00000000..ede6af58 --- /dev/null +++ b/tools/dind/vpn-init @@ -0,0 +1,13 @@ +#!/bin/bash +while true; do + if [ `jq ".uuid | length" $CONFIG_PATH` -eq 0 ]; then + echo "UUID missing from config file, VPN cannot connect" + sleep 2 + else + read uuid api_key <<<$(jq -r '.uuid,.apiKey' $CONFIG_PATH) + mkdir -p /var/volatile/ + echo $uuid > /var/volatile/vpnfile + echo $api_key >> /var/volatile/vpnfile + break + fi +done