diff --git a/.gitignore b/.gitignore index eebba67..ee9edc3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ .DS_Store .project .vagrant/ -config/ -src/ -package-lock.json + +/config +/docker-compose.yml +/package-lock.json diff --git a/compose/common.yml b/compose/common.yml index ac95267..72721af 100644 --- a/compose/common.yml +++ b/compose/common.yml @@ -1,4 +1,4 @@ -version: '2.1' +version: "2.0" services: component: diff --git a/compose/mdns.yml b/compose/mdns.yml new file mode 100644 index 0000000..fa46fa6 --- /dev/null +++ b/compose/mdns.yml @@ -0,0 +1,31 @@ +version: "2.0" + +services: + balena-mdns-publisher: + image: balena/balena-mdns-publisher:${OPENBALENA_MDNS_PUBLISHER_VERSION_TAG} + network_mode: "host" + cap_add: + - SYS_RESOURCE + - SYS_ADMIN + security_opt: + - apparmor:unconfined + tmpfs: + - /run + - /sys/fs/cgroup + # balenaOS - Required for host DBus comms. Not required for standalone Linux + labels: + io.balena.features.dbus: '1' + io.balena.features.supervisor-api: '1' + environment: + CONFD_BACKEND: ENV + # The name of the TLD to use. This *must* match certificates used for the rest of + # the resin backend (eg. that for BALENA_ROOT_CA if present). + MDNS_TLD: ${OPENBALENA_HOST_NAME} + # List of subdomains to advertise. This must include all required hosts. + MDNS_SUBDOMAINS: '["api", "db", "registry", "s3", "vpn"]' + # The expectation is the DBus socket to use is always at the following location. + DBUS_SESSION_BUS_ADDRESS: "unix:path=/host/run/dbus/system_bus_socket" + # Selects the interface used for incoming connections from the wider subnet. + # For NUCs, this is `eno1`. If running natively, pick the appropriate interface. + # Alternatively, keep the default commented out to autoselect. + #INTERFACE: "eno1" diff --git a/compose/services.yml b/compose/services.yml index 3552410..7546a8d 100644 --- a/compose/services.yml +++ b/compose/services.yml @@ -1,4 +1,4 @@ -version: "2.1" +version: "2.0" volumes: certs: {} @@ -13,7 +13,7 @@ services: extends: file: ./common.yml service: component - image: balena/open-balena-api:${OPENBALENA_API_VERSION_TAG:-master} + image: balena/open-balena-api:${OPENBALENA_API_VERSION_TAG} depends_on: - db - s3 @@ -44,7 +44,7 @@ services: REDIS_PORT: 6379 REGISTRY2_HOST: registry.${OPENBALENA_HOST_NAME} REGISTRY_HOST: registry.${OPENBALENA_HOST_NAME} - SENTRY_DSN: + SENTRY_DSN: "" TOKEN_AUTH_BUILDER_TOKEN: ${OPENBALENA_TOKEN_AUTH_BUILDER_TOKEN} TOKEN_AUTH_CERT_ISSUER: api.${OPENBALENA_HOST_NAME} TOKEN_AUTH_CERT_KEY: ${OPENBALENA_TOKEN_AUTH_KEY} @@ -61,7 +61,7 @@ services: extends: file: ./common.yml service: component - image: balena/open-balena-registry:${OPENBALENA_REGISTRY_VERSION_TAG:-master} + image: balena/open-balena-registry:${OPENBALENA_REGISTRY_VERSION_TAG} depends_on: - s3 - redis @@ -89,7 +89,7 @@ services: extends: file: ./common.yml service: component - image: balena/open-balena-vpn:${OPENBALENA_VPN_VERSION_TAG:-master} + image: balena/open-balena-vpn:${OPENBALENA_VPN_VERSION_TAG} depends_on: - api cap_add: @@ -101,7 +101,7 @@ services: BALENA_VPN_PORT: 443 PRODUCTION_MODE: "${OPENBALENA_PRODUCTION_MODE}" RESIN_VPN_GATEWAY: 10.2.0.1 - SENTRY_DSN: + SENTRY_DSN: "" VPN_HAPROXY_USEPROXYPROTOCOL: "true" VPN_OPENVPN_CA_CRT: ${OPENBALENA_VPN_CA} VPN_OPENVPN_SERVER_CRT: ${OPENBALENA_VPN_SERVER_CRT} @@ -113,7 +113,7 @@ services: extends: file: ./common.yml service: system - image: balena/open-balena-db:${OPENBALENA_DB_VERSION_TAG:-master} + image: balena/open-balena-db:${OPENBALENA_DB_VERSION_TAG} volumes: - db:/var/lib/postgresql/data @@ -121,7 +121,7 @@ services: extends: file: ./common.yml service: component - image: balena/open-balena-s3:${OPENBALENA_S3_VERSION_TAG:-master} + image: balena/open-balena-s3:${OPENBALENA_S3_VERSION_TAG} volumes: - s3:/export environment: @@ -140,7 +140,7 @@ services: extends: file: ./common.yml service: system - build: ../haproxy + build: ../src/haproxy depends_on: - api - cert-provider @@ -175,7 +175,7 @@ services: - certs:/certs:ro cert-provider: - build: ../cert-provider + build: ../src/cert-provider volumes: - certs:/certs - cert-provider:/usr/src/app/certs diff --git a/compose/template.yml b/compose/template.yml index 9092271..116c954 100644 --- a/compose/template.yml +++ b/compose/template.yml @@ -7,4 +7,4 @@ # `compose/services.yml` as the "base" config. # # You may view the effective config with `scripts/compose config`. -version: '2.1' +version: "2.0" diff --git a/compose/versions b/compose/versions index d60cbe6..37e7240 100644 --- a/compose/versions +++ b/compose/versions @@ -3,3 +3,4 @@ export OPENBALENA_DB_VERSION_TAG=v2.0.3 export OPENBALENA_REGISTRY_VERSION_TAG=v2.7.0 export OPENBALENA_S3_VERSION_TAG=v2.6.2 export OPENBALENA_VPN_VERSION_TAG=v8.10.0 +export OPENBALENA_MDNS_PUBLISHER_VERSION_TAG=v1.6.2 diff --git a/repo.yml b/repo.yml index dd58895..7d2e56f 100644 --- a/repo.yml +++ b/repo.yml @@ -11,3 +11,5 @@ upstream: url: https://github.com/balena-io/open-balena-db - repo: open-balena-s3 url: https://github.com/balena-io/open-balena-s3 + - repo: balena-mdns-publisher + url: https://github.com/balena-io/balena-mdns-publisher diff --git a/scripts/_realpath b/scripts/_realpath index 7ea62da..6f503d8 100644 --- a/scripts/_realpath +++ b/scripts/_realpath @@ -22,7 +22,7 @@ done if [ -z "${REALPATH}" ]; then echo_error 'Unable to find suitable command for realpath.' if [ $(uname) == 'Darwin' ]; then - echo 'GNU coreutils are required to build openBalena on MacOS. To install with brew, run' + echo 'GNU coreutils are required to build openBalena on macOS. To install with brew, run' echo '' echo ' brew install coreutils' echo '' diff --git a/scripts/compose b/scripts/compose index bdc711f..e28237c 100755 --- a/scripts/compose +++ b/scripts/compose @@ -24,9 +24,17 @@ if [ ! -f "$ENV_FILE" ]; then exit 1 fi +source "${ENV_FILE}" + +# only include the MDNS publisher IF the domain is valid... +if [ ${OPENBALENA_HOST_NAME: -6} == ".local" ]; then + INCLUDE_MDNS="-f ${BASE_DIR}/compose/mdns.yml" +fi + # shellcheck source=/dev/null -source "${VERSIONS_FILE}"; source "${ENV_FILE}"; docker-compose \ +source "${VERSIONS_FILE}"; docker-compose \ --project-name 'openbalena' \ -f "${BASE_DIR}/compose/services.yml" \ + ${INCLUDE_MDNS} \ -f "${CONFIG_DIR}/docker-compose.yml" \ "$@" diff --git a/scripts/quickstart b/scripts/quickstart index b341e83..f6af184 100755 --- a/scripts/quickstart +++ b/scripts/quickstart @@ -16,6 +16,12 @@ RESET=`tput sgr0` OPENSSL_VERSION=$(openssl version -v) if [[ "${OPENSSL_VERSION}" =~ ^LibreSSL.*$ ]]; then echo -e "${RED}ERROR: You may not have a compatible OpenSSL version (${OPENSSL_VERSION}). Please install OpenSSL version 1.0.2q or above.${RESET}" + if [ $(uname) == 'Darwin' ]; then + echo 'OpenSSL is required to build openBalena on macOS. To install with brew, run' + echo '' + echo ' brew install openssl' + echo '' + fi exit 1 fi @@ -125,7 +131,25 @@ fi echo_bold "==> Success!" echo ' - Start the instance with: ./scripts/compose up -d' echo ' - Stop the instance with: ./scripts/compose stop' +echo ' - To create a single, flat, docker-compose.yml file, run:' +echo '' +echo ' ./scripts/compose config > docker-compose.yml' +echo '' if [ -z "${ACME_CERT_ENABLED}" ]; then echo " - Use the following certificate with Balena CLI: ${CERTS_DIR}/root/ca.crt" + + case $(uname) in + Darwin) + echo '' + printf ' On macOS:\n\n' + printf ' sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "%s/root/ca.crt"\n' "${CERTS_DIR}" + echo '' + ;; + *) + ;; + esac + + echo -e " ${YELLOW}IMPORTANT:${RESET} You will need to restart your Docker daemon after trusting this certificate to allow your workstation to push images to the registry." + echo '' fi diff --git a/cert-provider/Dockerfile b/src/cert-provider/Dockerfile similarity index 100% rename from cert-provider/Dockerfile rename to src/cert-provider/Dockerfile diff --git a/cert-provider/cert-provider.sh b/src/cert-provider/cert-provider.sh similarity index 100% rename from cert-provider/cert-provider.sh rename to src/cert-provider/cert-provider.sh diff --git a/cert-provider/entry.sh b/src/cert-provider/entry.sh similarity index 100% rename from cert-provider/entry.sh rename to src/cert-provider/entry.sh diff --git a/cert-provider/fake-le-bundle.pem b/src/cert-provider/fake-le-bundle.pem similarity index 100% rename from cert-provider/fake-le-bundle.pem rename to src/cert-provider/fake-le-bundle.pem diff --git a/haproxy/Dockerfile b/src/haproxy/Dockerfile similarity index 100% rename from haproxy/Dockerfile rename to src/haproxy/Dockerfile diff --git a/haproxy/haproxy.cfg b/src/haproxy/haproxy.cfg similarity index 85% rename from haproxy/haproxy.cfg rename to src/haproxy/haproxy.cfg index d76a756..99e126b 100644 --- a/haproxy/haproxy.cfg +++ b/src/haproxy/haproxy.cfg @@ -64,34 +64,35 @@ backend backend_api mode http option forwardfor balance roundrobin - server resin_api_1 api:80 check port 80 + server balena_api_1 api:80 check port 80 backend backend_registry mode http option forwardfor balance roundrobin - server resin_registry_1 registry:80 check port 80 + server balena_registry_1 registry:80 check port 80 backend backend_vpn mode http option forwardfor balance roundrobin - server resin_vpn_1 vpn:80 check port 80 + server balena_vpn_1 vpn:80 check port 80 backend backend_s3 mode http option forwardfor balance roundrobin + server balena_s3_1 s3:80 check port 80 backend cert-provider mode http option forwardfor balance roundrobin - server resin_cert-provider_1 cert-provider:80 no-check + server balena_cert-provider_1 cert-provider:80 no-check backend vpn-devices mode tcp - server resin_vpn_1 vpn:443 send-proxy-v2 check-send-proxy port 443 + server balena_vpn_1 vpn:443 send-proxy-v2 check-send-proxy port 443 frontend db mode tcp @@ -101,7 +102,7 @@ frontend db backend backend_db mode tcp - server resin_db_1 db:5432 check port 5432 + server balena_db_1 db:5432 check port 5432 frontend redis mode tcp @@ -111,7 +112,7 @@ frontend redis backend backend_redis mode tcp - server resin_redis_1 redis:6379 check port 6379 + server balena_redis_1 redis:6379 check port 6379 listen vpn-tunnel mode tcp diff --git a/haproxy/start-haproxy.sh b/src/haproxy/start-haproxy.sh similarity index 100% rename from haproxy/start-haproxy.sh rename to src/haproxy/start-haproxy.sh