ExternalVendorCode/open-balena
1
0
Fork 0
mirror of https://github.com/balena-io/open-balena.git synced 2025-04-07 19:14:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feature: Use S3 bucket for Registry service backend

Browse Source 
Update open-balena-s3 to 2.8.3

This makes new installations of openBalena use the S3 container as a
storage backend for the Registry service by default. Existing installs
should not be affected.

Change-type: major
Signed-off-by: Rich Bayliss <rich@balena.io>
This commit is contained in:
Rich Bayliss 2019-07-30 11:09:07 +01:00
parent e6c865e383
commit 2a7d0687a2
No known key found for this signature in database
GPG Key ID: E53C4B4D18499E1A
6 changed files with 189 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
compose/services.yml
View File

@ -73,15 +73,16 @@ services:
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
BALENA_TOKEN_AUTH_ISSUER: api.${OPENBALENA_HOST_NAME}
BALENA_TOKEN_AUTH_REALM: https://api.${OPENBALENA_HOST_NAME}/auth/v1/token
COMMON_REGION:
COMMON_REGION: ${OPENBALENA_S3_REGION}
REGISTRY2_CACHE_ENABLED: "false"
REGISTRY2_CACHE_ADDR: 127.0.0.1:6379
REGISTRY2_CACHE_DB: 0
REGISTRY2_CACHE_MAXMEMORY_MB: 1024 # megabytes
REGISTRY2_CACHE_MAXMEMORY_POLICY: allkeys-lru
REGISTRY2_S3_BUCKET:
REGISTRY2_S3_KEY:
REGISTRY2_S3_SECRET:
REGISTRY2_S3_REGION_ENDPOINT: ${OPENBALENA_S3_ENDPOINT}
REGISTRY2_S3_BUCKET: ${OPENBALENA_REGISTRY2_S3_BUCKET}
REGISTRY2_S3_KEY: ${OPENBALENA_S3_ACCESS_KEY}
REGISTRY2_S3_SECRET: ${OPENBALENA_S3_SECRET_KEY}
REGISTRY2_SECRETKEY: ${OPENBALENA_REGISTRY_SECRET_KEY}
REGISTRY2_STORAGEPATH: /data
@ -125,8 +126,9 @@ services:
volumes:
- s3:/export
environment:
S3_MINIO_ACCESS_KEY: abcdef1234
S3_MINIO_SECRET_KEY: "1234567890"
S3_MINIO_ACCESS_KEY: ${OPENBALENA_S3_ACCESS_KEY}
S3_MINIO_SECRET_KEY: ${OPENBALENA_S3_SECRET_KEY}
BUCKETS: ${OPENBALENA_S3_BUCKETS}
redis:
extends:

6
compose/versions
View File

@ -1,6 +1,6 @@
export OPENBALENA_API_VERSION_TAG=v0.19.5
export OPENBALENA_DB_VERSION_TAG=v2.0.3
export OPENBALENA_REGISTRY_VERSION_TAG=v2.11.1
export OPENBALENA_S3_VERSION_TAG=v2.6.2
export OPENBALENA_VPN_VERSION_TAG=v8.10.0
export OPENBALENA_MDNS_PUBLISHER_VERSION_TAG=v1.6.2
export OPENBALENA_REGISTRY_VERSION_TAG=v2.11.1
export OPENBALENA_S3_VERSION_TAG=v2.8.5
export OPENBALENA_VPN_VERSION_TAG=v8.10.0

62
scripts/logger.sh Normal file
View File

@ -0,0 +1,62 @@
#!/bin/sh
BLACK=`tput setaf 0`
RED=`tput setaf 1`
GREEN=`tput setaf 2`
YELLOW=`tput setaf 3`
BLUE=`tput setaf 4`
MAGENTA=`tput setaf 5`
CYAN=`tput setaf 6`
WHITE=`tput setaf 7`
BOLD=`tput bold`
RESET=`tput sgr0`
log_raw () {
local COLOR="${WHITE}"
local LEVEL="${1}"
local MESSAGE="${2}"
case "${LEVEL}" in
info)
COLOR="${BLUE}"
;;
warn)
COLOR="${YELLOW}"
;;
fatal)
COLOR="${RED}"
;;
*)
LEVEL="debug"
;;
esac
LEVEL="${LEVEL} "
echo "[$(date +%T)] ${COLOR}$(echo "${LEVEL:0:5}" | tr '[:lower:]' '[:upper:]')${RESET} ${MESSAGE}";
}
log () {
log_raw "debug" "${1}"
}
info () {
log_raw "info" "${1}";
}
warn () {
log_raw "warn" "${1}";
}
die () {
log_raw "fatal" "${1}";
exit 1;
}
die_unless_forced () {
if [ ! -z "$1" ]; then
log_raw "warn" "$2";
return;
fi
log_raw "fatal" "$2";
die "Use -f to forcibly upgrade.";
}

9
scripts/make-env
View File

@ -40,11 +40,15 @@ b64file() {
b64encode "$(cat "$@")"
}
# buckets to create in the S3 service...
REGISTRY2_S3_BUCKET="registry-data"
cat <<STR
export OPENBALENA_PRODUCTION_MODE=false
export OPENBALENA_COOKIE_SESSION_SECRET=$(randstr 32)
export OPENBALENA_HOST_NAME=$DOMAIN
export OPENBALENA_JWT_SECRET=$(randstr 32)
export OPENBALENA_REGISTRY2_S3_BUCKET=${REGISTRY2_S3_BUCKET}
export OPENBALENA_RESINOS_REGISTRY_CODE=$(randstr 32)
export OPENBALENA_ROOT_CA=$(b64file "${ROOT_CA}")
export OPENBALENA_ROOT_CRT=$(b64file "${ROOT_CRT}")
@ -61,6 +65,11 @@ export OPENBALENA_VPN_SERVER_DH=$(b64file "$VPN_DH")
export OPENBALENA_VPN_SERVICE_API_KEY=$(randstr 32)
export OPENBALENA_API_VPN_SERVICE_API_KEY=$(randstr 32)
export OPENBALENA_REGISTRY_SECRET_KEY=$(randstr 32)
export OPENBALENA_S3_ACCESS_KEY=$(randstr 32)
export OPENBALENA_S3_BUCKETS="${REGISTRY2_S3_BUCKET}"
export OPENBALENA_S3_ENDPOINT="https://s3.${DOMAIN}"
export OPENBALENA_S3_REGION=us-east-1
export OPENBALENA_S3_SECRET_KEY=$(randstr 32)
export OPENBALENA_SSH_AUTHORIZED_KEYS=
export OPENBALENA_SUPERUSER_EMAIL=$SUPERUSER_EMAIL
export OPENBALENA_SUPERUSER_PASSWORD=$(printf "%q" "${SUPERUSER_PASSWORD}")

29
scripts/migrate-registry-storage Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
migrate_data_to_s3 () {
BUCKET="${1:-registry-data}"
if [ -z "${BUCKET}" ]; then return 1; fi
if [ -n "${DOCKER_HOST}" ]; then
log "Using docker host: ${DOCKER_HOST}"
export DOCKER_HOST="${DOCKER_HOST}"
fi
REGISTRY_CONTAINER="$(docker ps | grep registry_ | awk '{print $1}')"
S3_CONTAINER="$(docker ps | grep s3_ | awk '{print $1}')"
if [ -z "${REGISTRY_CONTAINER}" ] || [ -z "${S3_CONTAINER}" ]; then return 2; fi
REGISTRY_VOLUME="$(docker inspect "${REGISTRY_CONTAINER}" | jq -r '.[].Mounts | map(select(.Destination=="/data")) | .[0].Source')"
S3_VOLUME=$(docker inspect "${S3_CONTAINER}" | jq -r '.[].Mounts | map(select(.Destination=="/export")) | .[0].Source')
if [ -z "${REGISTRY_VOLUME}" ] || [ -z "${S3_VOLUME}" ]; then return 3; fi
# run the S3 container image, and copy the data partition into S3...
docker run -it --rm \
-v "${REGISTRY_VOLUME}:/data" \
-v "${S3_VOLUME}:/s3" \
--name "migrate-registry" alpine \
sh -c "mkdir -p /s3/${BUCKET}/data && cp -r /data/docker /s3/${BUCKET}/data/"
}

78
scripts/upgrade-1.x-to-2.0 Executable file
View File

@ -0,0 +1,78 @@
#!/bin/sh
source "${BASH_SOURCE%/*}/logger.sh"
source "${BASH_SOURCE%/*}/migrate-registry-storage"
# This script takes a v1.x.x install and updates the compose stack to use S3 as your
# registry storage.
source "${BASH_SOURCE%/*}/_realpath"
DIR="$(dirname $(realpath "$0"))"
BASE_DIR="$(dirname "${DIR}")"
CONFIG_DIR="${BASE_DIR}/config"
CONFIG_FILE="${CONFIG_DIR}/activate"
# Step 1. Make sure a config exists...
[ -f "${CONFIG_FILE}" ] || die "Unable to find existing config!";
info "Preparing to upgrade..."
source "${CONFIG_FILE}"
while getopts "f" opt; do
case "${opt}" in
f)
warn "Forcing upgrade! I hope you know what you're doing..."
FORCE_UPGRADE=1
;;
*)
echo "Invalid argument: ${OPTARG}"
exit 1
;;
esac
done
shift $((OPTIND-1))
# Step 2. Check if the S3 configuration already exists...
upgrade_required () {
[ -z "${OPENBALENA_REGISTRY2_S3_BUCKET}" ] || return 1;
[ -z "${OPENBALENA_S3_ACCESS_KEY}" ] || return 1;
[ -z "${OPENBALENA_S3_ENDPOINT}" ] || return 1;
[ -z "${OPENBALENA_S3_REGION}" ] || return 1;
[ -z "${OPENBALENA_S3_SECRET_KEY}" ] || return 1;
}
upgrade_required || die_unless_forced "${FORCE_UPGRADE}" "Configuration may already be using S3 for Registry storage!"
# Step 3. Create missing S3 configuration...
randstr() {
LC_CTYPE=C tr -dc A-Za-z0-9 < /dev/urandom | fold -w "${1:-32}" | head -n 1
}
upsert_config () {
var="${1}"
value="${2}"
if [ -z "${!var}" ]; then
echo "export ${1}=${2}" >> "${CONFIG_FILE}"
else
sed -i '' "s~export ${1}=.*~export ${1}=${2}~" "${CONFIG_FILE}"
fi
}
upsert_config "OPENBALENA_REGISTRY2_S3_BUCKET" "registry-data" || warn "Failed to update config value OPENBALENA_REGISTRY2_S3_BUCKET"
upsert_config "OPENBALENA_S3_ACCESS_KEY" "$(randstr 32)" || warn "Failed to update config value OPENBALENA_S3_ACCESS_KEY"
upsert_config "OPENBALENA_S3_ENDPOINT" "https://s3.${OPENBALENA_HOST_NAME}" || warn "Failed to update config value OPENBALENA_S3_ENDPOINT"
upsert_config "OPENBALENA_S3_REGION" "us-east-1" || warn "Failed to update config value OPENBALENA_S3_REGION"
upsert_config "OPENBALENA_S3_SECRET_KEY" "$(randstr 32)" || warn "Failed to update config value OPENBALENA_S3_SECRET_KEY"
# Step 4. Migrate Registry data to S3...
info "Copying data from the Registry volume to the S3 volume..."
migrate_data_to_s3 "registry-data"
case $? in
1) die "Invalid bucket name";;
2) die "Unable to find the running Registry or S3 containers";;
3) die "Unable to determine the data volumes for the Registry or S3 containers";;
*) info "Registry data copied"
;;
esac
info "Upgrade complete"