mir/vinyldns
2
0
Fork 0
mirror of https://github.com/VinylDNS/vinyldns synced 2025-08-22 10:10:12 +00:00
Code Issues Releases Wiki Activity

portal docker image

Browse Source
This commit is contained in:
Nima Eskandary 2018-07-31 11:30:21 -04:00
parent a295901ba0
commit ed02cbb378
9 changed files with 214 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -24,3 +24,4 @@ release.version
.ensime .ensime
.ensime_cache .ensime_cache
package-lock.json package-lock.json
*trustStore.jks

43
DEVELOPER_GUIDE.md
View File

@ -106,8 +106,20 @@ Run `protoc --version`, if it is not 2.6.1, then
Be sure to install the latest version of [docker](https://docs.docker.com/). You must have docker running in order to work with VinylDNS on your machine. Be sure to install the latest version of [docker](https://docs.docker.com/). You must have docker running in order to work with VinylDNS on your machine.
Be sure to start it up if it is not running before moving further. Be sure to start it up if it is not running before moving further.
### How to use the Docker Image #### Starting a vinyldns installation locally in docker
#### Starting a vinyldns-api server instance Running `./bin/docker-up-vinyldns.sh` will spin up the production docker images of the vinyldns-api and vinyldns-portal.
This will startup all the dependencies as well as the api and portal servers.
It will then ping the api on `http://localhost:9000` and the portal on `http://localhost:9001` and notify you if either failed to start.
The portal can be viewed in a browser at `http://localhost:9001`
Alternatively, you can manually run docker-compose with this config `docker/docker-compose-build.yml`.
From the root directory run `docker-compose -f ./docker/docker-compose-build.yml up -d`
To stop the local setup, run `./bin/stop-all-docker-containers.sh` from the project root.
> Warning: the `./bin/stop-all-docker-containers.sh` will stop and remove all local docker containers
### Configuration for the vinyldns-api image
VinylDNS depends on several dependencies including mysql, sqs, dynamodb and a DNS server. These can be passed in as VinylDNS depends on several dependencies including mysql, sqs, dynamodb and a DNS server. These can be passed in as
environment variables, or you can override the config file with your own settings. environment variables, or you can override the config file with your own settings.
@ -126,21 +138,28 @@ variables.
#### Ports #### Ports
vinyldns only exposes port 9000 for HTTP access to all endpoints vinyldns only exposes port 9000 for HTTP access to all endpoints
#### Starting a vinyldns installation locally in docker ### Configuration for the vinyldns-portal image
There is a handy docker-compose file for spinning up the production docker image on your local under `docker/docker-compose-build.yml`
From the root directory run... #### Volume mounts
* `/opt/docker/lib_extra` - place here additional jar files that need to be loaded into the classpath when the application starts up.
This is used for "plugins" that are proprietary or not part of the standard build. All jar files here will be placed on the class path.
* `/opt/docker/conf/application.conf` - to override default configuration settings
* `/opt/docker/conf/application.ini` - to pass additional JVM options
* `/opt/docker/conf/trustStore.jks` - to make available a custom trustStore, which has to be set in `/opt/docker/conf/application.ini` as `-Djavax.net.ssl.trustStore=/opt/docker/conf/trustStore.jks`
``` #### Custom LDAP config
> docker-compose -f ./docker/docker-compose-build.yml up -d In `docker/portal/application.conf` there is a switch for `portal.test_login = true`. This is set by default so
``` developers can login to the portal with username=testuser and password=testpassword. Custom LDAP settings will have to
be set in `docker/portal/application.conf`
This will startup all the dependencies as well as the api server. Once the api server is running, you can verify it is #### Configuring a custom Java trustStore
up by running the following `curl -v http://localhost:9000/status` To add a custom Java trustStore, say for LDAP certs, add the trustStore to `docker/portal/trustStore.jks`. Then
add `-Djavax.net.ssl.trustStore=/opt/docker/conf/trustStore.jks` to `docker/portal/application.ini`.
To stop the local setup, run `./bin/stop-all-docker-containers.sh` from the project root. #### Additional JVM parameters
Additional JVM parameters can be added to `docker/portal/application.ini`
#### Validating everything ### Validating everything
VinylDNS comes with a build script `./build.sh` that validates, verifies, and runs functional tests. Note: This VinylDNS comes with a build script `./build.sh` that validates, verifies, and runs functional tests. Note: This
takes a while to run, and typically is only necessary if you want to simulate the same process that runs on the build takes a while to run, and typically is only necessary if you want to simulate the same process that runs on the build
servers servers

63
bin/docker-up-vinyldns.sh Executable file
View File

@ -0,0 +1,63 @@
#!/usr/bin/env bash
######################################################################
# Copies the contents of `docker` into target/scala-2.12
# to start up dependent services via docker compose. Once
# dependent services are started up, the fat jar built by sbt assembly
# is loaded into a docker container. The api will be available
## by default on port 9000 and the portal will be on port 9001
######################################################################
DIR=$( cd $(dirname $0) ; pwd -P )
echo "Starting portal server and all dependencies in the background..."
docker-compose -f $DIR/../docker/docker-compose-build.yml up -d
VINYL_URL="http://localhost:9000"
echo "Waiting for API to be ready at ${VINYL_URL} ..."
DATA=""
RETRY=40
while [ $RETRY -gt 0 ]
do
DATA=$(wget -O - -q -t 1 "${VINYL_URL}/ping")
if [ $? -eq 0 ]
then
echo "Succeeded in connecting to VINYL API!"
break
else
echo "Retrying Again" >&2
let RETRY-=1
sleep 1
if [ $RETRY -eq 0 ]
then
echo "Exceeded retries waiting for VINYL API to be ready, failing"
exit 1
fi
fi
done
VINYL_URL="http://localhost:9001"
echo "Waiting for PORTAL to be ready at ${VINYL_URL} ..."
DATA=""
RETRY=40
while [ $RETRY -gt 0 ]
do
DATA=$(wget -O - -q -t 1 "${VINYL_URL}")
if [ $? -eq 0 ]
then
echo "Succeeded in connecting to VINYL PORTAL!"
break
else
echo "Retrying Again" >&2
let RETRY-=1
sleep 1
if [ $RETRY -eq 0 ]
then
echo "Exceeded retries waiting for VINYL PORTAL to be ready, failing"
exit 1
fi
fi
done

18
build.sbt
View File

@ -130,6 +130,23 @@ lazy val apiDockerSettings = Seq(
composeFile := baseDirectory.value.getAbsolutePath + "/../../docker/docker-compose.yml" composeFile := baseDirectory.value.getAbsolutePath + "/../../docker/docker-compose.yml"
) )
lazy val portalDockerSettings = Seq(
dockerBaseImage := "openjdk:8u171-jdk",
dockerUsername := Some("vinyldns"),
packageName in Docker := "portal",
dockerExposedPorts := Seq(9001),
dockerExposedVolumes := Seq("/opt/docker/lib_extra"), // mount extra libs to the classpath
dockerExposedVolumes := Seq("/opt/docker/conf"), // mount extra config to the classpath
// add extra libs to class path via mount
scriptClasspath in bashScriptDefines ~= (cp => cp :+ "/opt/docker/lib_extra/*"),
// adds config file to mount
bashScriptExtraDefines += """addJava "-Dconfig.file=/opt/docker/conf/application.conf"""",
bashScriptExtraDefines += """addJava "-Dlogback.configurationFile=/opt/docker/conf/logback.xml"""",
credentials in Docker := Seq(Credentials(Path.userHome / ".iv2" / ".dockerCredentials"))
)
lazy val noPublishSettings = Seq( lazy val noPublishSettings = Seq(
publish := {}, publish := {},
publishLocal := {}, publishLocal := {},
@ -214,6 +231,7 @@ lazy val portal = (project in file("modules/portal")).enablePlugins(PlayScala, A
.settings(sharedSettings) .settings(sharedSettings)
.settings(testSettings) .settings(testSettings)
.settings(noPublishSettings) .settings(noPublishSettings)
.settings(portalDockerSettings)
.settings( .settings(
name := "portal", name := "portal",
libraryDependencies ++= portalDependencies, libraryDependencies ++= portalDependencies,

13
docker/docker-compose-build.yml
View File

@ -35,7 +35,7 @@ services:
- ./elasticmq/custom.conf:/etc/elasticmq/elasticmq.conf - ./elasticmq/custom.conf:/etc/elasticmq/elasticmq.conf
api: api:
image: vinyldns/api:0.1 # the version of the docker container we want to pull image: "vinyldns/api:0.1" # the version of the api image we want to pull
environment: environment:
- REST_PORT=9000 - REST_PORT=9000
container_name: "vinyldns-api" container_name: "vinyldns-api"
@ -46,3 +46,14 @@ services:
- bind9 - bind9
- elasticmq - elasticmq
- dynamodb - dynamodb
portal:
image: "vinyldns/portal:0.1" # the version of the portal image we want to pull
ports:
- "9001:9001"
container_name: "vinyldns-portal"
volumes:
- ./portal/application.conf:/opt/docker/conf/application.conf
- ./portal/application.ini:/opt/docker/conf/application.ini
depends_on:
- api

82
docker/portal/application.conf Normal file
View File

@ -0,0 +1,82 @@
# This is the main configuration file for the application.
# ~~~~~
# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions.
#
# This must be changed for production, but we recommend not changing it in this file.
#
# See http://www.playframework.com/documentation/latest/ApplicationSecret for more details.
play.http.secret.key = "vinyldnsportal-change-this-for-production"
# The application languages
# ~~~~~
play.i18n.langs = [ "en" ]
portal.dynamo_delay = 1100
portal.vinyldns.backend.url = "http://vinyldns-api:9000"
portal.test_login = true
# configuration for the users and groups store
dynamo {
key = "akid goes here"
secret = "secret key goes here"
endpoint = "http://vinyldns-dynamodb:8000"
test_datastore = false
}
users {
dummy = false
tablename = "users"
provisionedReadThroughput = 100
provisionedWriteThroughput = 100
}
changelog {
dummy = false
tablename = "usersAndGroupChanges"
provisionedReadThroughput = 100
provisionedWriteThroughput = 100
}
LDAP {
user="test"
password="test"
domain="test"
searchBase = [{organization = "someDomain", domainName = "DC=test,DC=test,DC=com"}, {organization = "anotherDomain", domainName = "DC=test,DC=com"}]
context {
initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory"
securityAuthentication = "simple"
providerUrl = "ldaps://somedomain.com:9999"
}
}
play.filters.enabled += "play.filters.csrf.CSRFFilter"
# Expire session after 10 hours
play.http.session.maxAge = 10h
# session secure should be false in order to run properly locally, this is set properly on deployment
play.http.session.secure = false
play.http.session.httpOnly = true
# use no-op by default
crypto {
type = "vinyldns.core.crypto.NoOpCrypto"
}
http.port=9001
links = [
{
displayOnSidebar = true
displayOnLoginScreen = true
title = "API Documentation"
href = "http://vinyldns.io"
icon = "fa fa-file-text-o"
}
]

3
docker/portal/application.ini Normal file
View File

@ -0,0 +1,3 @@
# uncomment to set custom trustStore
# don't forget to mount trustStore to docker image
#-Djavax.net.ssl.trustStore=/opt/docker/conf/trustStore.jks

2
modules/api/src/universal/conf/application.conf
View File

@ -35,7 +35,7 @@ vinyldns {
local-mode = true local-mode = true
default { default {
driver = "org.mariadb.jdbc.Driver" driver = "org.mariadb.jdbc.Driver"
migrationUrl = "jdbc:mariadb://localhost:3306/?user=root&password=pass" migrationUrl = "jdbc:mariadb://vinyldns-mysql:3306/?user=root&password=pass"
url = "jdbc:mariadb://vinyldns-mysql:3306/vinyldns?user=root&password=pass" url = "jdbc:mariadb://vinyldns-mysql:3306/vinyldns?user=root&password=pass"
user = "root" user = "root"
password = "pass" password = "pass"

2
modules/portal/conf/application.ini Normal file
View File

@ -0,0 +1,2 @@
# set custom trustStore
#-Djavax.net.ssl.trustStore=...