templating - prepare integration for autoconf

2023-12-13 21:30:18 +01:00 · 2021-05-26 20:50:03 +02:00 · 2021-05-26 20:50:03 +02:00 · e2f02ee91e
commit e2f02ee91e
parent a991b262ef
6 changed files with 68 additions and 71 deletions
--- a/autoconf/AutoConf.py
+++ b/autoconf/AutoConf.py
@ -1,7 +1,6 @@
 from Config import Config
 import utils
 import os
-
 class AutoConf :

 	def __init__(self, swarm, api) :
--- a/autoconf/Dockerfile
+++ b/autoconf/Dockerfile
@ -1,45 +1,26 @@
-FROM nginx:stable-alpine AS builder
+FROM nginx:1.20.0-alpine AS builder

 FROM alpine

 COPY --from=builder /etc/nginx/ /opt/confs/nginx

-RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
-    pip3 install docker requests && \
-    mkdir /opt/entrypoint && \
-    mkdir -p /opt/confs/site && \
-    mkdir -p /opt/confs/global && \
-    mkdir /opt/scripts && \
-    addgroup -g 101 nginx && \
-    adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
-    mkdir /etc/letsencrypt && \
-    chown root:nginx /etc/letsencrypt && \
-    chmod 770 /etc/letsencrypt && \
-    mkdir /var/log/letsencrypt && \
-    chown root:nginx /var/log/letsencrypt && \
-    chmod 770 /var/log/letsencrypt && \
-    mkdir /var/lib/letsencrypt && \
-    chown root:nginx /var/lib/letsencrypt && \
-    chmod 770 /var/lib/letsencrypt && \
-    mkdir /cache && \
-    chown root:nginx /cache && \
-    chmod 770 /cache && \
-    touch /var/log/jobs.log && \
-    chown root:nginx /var/log/jobs.log && \
-    chmod 770 /var/log/jobs.log && \
-    chown -R root:nginx /opt/confs/nginx && \
-    chmod -R 770 /opt/confs/nginx && \
-    mkdir /acme-challenge && \
-    chown root:nginx /acme-challenge && \
-    chmod 770 /acme-challenge
+COPY autoconf/dependencies.sh /tmp
+RUN chmod +x /tmp/dependencies.sh && \
+    /tmp/dependencies.sh && \
+    rm -f /tmp/dependencies.sh

-
-COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
-COPY scripts/* /opt/scripts/
-COPY confs/site/ /opt/confs/site
+COPY gen/ /opt/gen
+COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
-COPY entrypoint/* /opt/entrypoint/
+COPY confs/site/ /opt/confs/site
+COPY scripts/ /opt/scripts
+COPY settings.json /opt
+COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
-RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
+
+COPY autoconf/prepare.sh /tmp
+RUN chmod +x /tmp/prepare.sh && \
+    /tmp/prepare.sh && \
+    rm -f /tmp/prepare.sh

 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/autoconf/dependencies.sh
+++ b/autoconf/dependencies.sh
@ -0,0 +1,5 @@
+#!/bin/sh
+
+# install dependencies
+apk add py3-pip bash certbot curl logrotate openssl
+pip3 install docker requests jinja2
--- a/autoconf/entrypoint.sh
+++ b/autoconf/entrypoint.sh
@ -19,28 +19,19 @@ function trap_exit() {
 	echo "[*] Catched stop operation"
 	echo "[*] Stopping crond ..."
 	pkill -TERM crond
-	echo "[*] Stopping python3 ..."
+	echo "[*] Stopping autoconf ..."
 	pkill -TERM python3
-	pkill -TERM tail
 }
 trap "trap_exit" TERM INT QUIT

-# remove old crontabs
-echo "" > /etc/crontabs/root
-
-# setup logrotate
-touch /var/log/jobs.log
-echo "0 0 * * * /usr/sbin/logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/crontabs/root
-
 # start cron
 crond

 # run autoconf app
 /opt/entrypoint/app.py &
-
-# display logs
-tail -F /var/log/jobs.log &
 pid="$!"
+
+# wait while app is up
 wait "$pid"

 # stop
--- a/autoconf/misc/logrotate.conf
+++ b/autoconf/misc/logrotate.conf
@ -1,23 +0,0 @@
-/var/log/*.log /var/log/letsencrypt/*.log {
-	# compress old files using gzip
-	compress
-
-	# rotate everyday
-	daily
-
-	# remove old logs after X days
-	maxage 7
-	rotate 7
-
-	# no errors if a file is missing
-	missingok
-
-	# disable mailing
-	nomail
-
-	# mininum size of a logfile before rotating
-	minsize 10M
-
-	# make a copy and truncate the files
-	copytruncate
-}
--- a/autoconf/prepare.sh
+++ b/autoconf/prepare.sh
@ -0,0 +1,44 @@
+#!/bin/sh
+
+# create nginx user
+addgroup -g 101 nginx
+adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx
+
+# prepare /opt
+chown -R root:nginx /opt
+find /opt -type f -exec chmod 0740 {} \;
+find /opt -type d -exec chmod 0750 {} \;
+chmod ugo+x /opt/entrypoint/* /opt/scripts/*
+chmod ugo+x /opt/gen/main.py
+chmod 770 /opt
+chmod 440 /opt/settings.json
+
+# prepare /var/log
+ln -s /proc/1/fd/1 /var/log/jobs.log
+mkdir /var/log/letsencrypt
+chown nginx:nginx /var/log/letsencrypt
+chmod 770 /var/log/letsencrypt
+
+# prepare /etc/letsencrypt
+mkdir /etc/letsencrypt
+chown root:nginx /etc/letsencrypt
+chmod 770 /etc/letsencrypt
+
+# prepare /var/lib/letsencrypt
+mkdir /var/lib/letsencrypt
+chown root:nginx /var/lib/letsencrypt
+chmod 770 /var/lib/letsencrypt
+
+# prepare /cache
+mkdir /cache
+chown root:nginx /cache
+chmod 770 /cache
+
+# prepare /acme-challenge
+mkdir /acme-challenge
+chown root:nginx /acme-challenge
+chmod 770 /acme-challenge
+
+# prepare /etc/crontabs/nginx
+chown root:nginx /etc/crontabs/nginx
+chmod 440 /etc/crontabs/nginx