How to organise Fully Automated Install (FAI) class hosts? - automated-deployment

Fully Automated Install (FAI) has hosts in the file 50-host-classes. We currently have a bunch of hosts which have similar names (eg, ba-hostxx.subdomain). The sub-domains are different but one cannot specify host.subdomain in the class file as the '.' is invalid.
Is it possible to have different hosts in different files? Or to specify the host in some other fashion than just
hostname*)
echo "BASEFILE FILE" ;;
such as
cluster/hostname*)
echo "BASEFILE FILE" ;;
?
The documentation leads one to the opinion that all hosts sit in the 50- file.

You can create any number of scripts in the $FAI/class/ folder to generate classes for the hosts. They just need to print out the correct class name(s) based on your criteria. Example below.
class/51-more-classes
#!/bin/bash
# Check the domain name for the host
host_domain=`hostname -A|cut -f 2- -d .`
if [ -n "$host_domain" ] ; then
[ $host_domain = domain-a.foo ] && echo DOMAIN_A
[ $host_domain = domain-b.foo ] && echo DOMAIN_B
fi
# just check the host name
[ $HOSTNAME = ba-host76 ] && echo BA_THING
[ $HOSTNAME = qf-host76 ] && echo QF_THING
# Check that the host matches a pattern
if echo $HOSTNAME | grep -q 'zz-host[0-9][0-9]' ; then
echo CARROTS
# Play the lottery
[ $RANDOM -lt 16536 ] && echo WINNER
fi

Related

Docker stop/start resets to initial passwords

I've just started using docker by copy-pasting pre-made repos from github.
Here is the scenario and steps:
I've passed mysql/shell root password via environment variable -e and these passwords are set as expected inside entry.sh.
I then go inside container and reset shell/mysql root password to something different.
Now the main issue, each time I do docker stop + start from host, it resets passwords to the initial ones of step1.
Please suggest the changes so it retain the modified step2 passwords even I do docker start/stop.
Used entry.sh and dockerfile scripts can be checked from this github repo.
Thanks.
I just noticed that the entry.sh will always update the root password with $MYSQL_RANDOM_ROOT_PASSWORD on docker start. So assuming we already persist the /var/lib/mysql in the host, we can edit the entry.sh a bit to only update the password when /var/lib/mysql doesn't exists:
#!/bin/sh
# start apache
echo "Starting httpd"
httpd
echo "Done httpd"
# check if mysql data directory is nuked
# if so, install the db
echo "Checking /var/lib/mysql folder"
if [ ! -f /var/lib/mysql/ibdata1 ]; then
echo "Installing db"
mariadb-install-db --user=mysql --ldata=/var/lib/mysql > /dev/null
echo "Installed"
# from mysql official docker repo
if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
echo >&2 'error: database is uninitialized and password option is not specified '
echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_RANDOM_ROOT_PASSWORD'
exit 1
fi
# random password
if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
echo "Using random password"
MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
echo "Done"
fi
tfile=`mktemp`
if [ ! -f "$tfile" ]; then
return 1
fi
cat << EOF > $tfile
USE mysql;
DELETE FROM user;
FLUSH PRIVILEGES;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY "$MYSQL_ROOT_PASSWORD" WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION;
UPDATE user SET password=PASSWORD("") WHERE user='root' AND host='localhost';
FLUSH PRIVILEGES;
EOF
echo "Querying user"
/usr/bin/mysqld --user=root --bootstrap --verbose=0 < $tfile
rm -f $tfile
echo "Done query"
# setting ssh root password
if [ -z "$SSH_ROOT_PASSWORD" ]; then
echo >&2 'You need to specify SSH_ROOT_PASSWORD'
exit
fi
# Set root password to root, format is 'user:password'.
echo "root:$SSH_ROOT_PASSWORD" | chpasswd
fi;
echo "Generating ssh keys"
if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then
# generate fresh rsa key
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
fi
if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then
# generate fresh dsa key
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
fi
#prepare run dir
if [ ! -d "/var/run/sshd" ]; then
mkdir -p /var/run/sshd
fi
ssh-keygen -A
/usr/sbin/sshd
# start mysql
# nohup mysqld_safe --skip-grant-tables --bind-address 0.0.0.0 --user mysql > /dev/null 2>&1 &
echo "Starting mariadb database"
exec /usr/bin/mysqld --user=root --bind-address=0.0.0.0
Basically we just move this block of code to the if block above it

How to pass a target argument in a sh script to run Docker build for a specific environment

I'm building a sh script to be able to run Docker containers all in once. In this way, I no need to run single containers every time.
What I need to add now is a way to run my docker-compose up --build -target=<ENV> the ENV will be DEV or PROD. In this way, I can run the right environment in my Docker setup.
At this time my script looks as follow but when I try to pass $2 = $DEV is giving me an error of [: =: unary operator expected and I don't know what could be the right fix to this
#!/bin/bash
CLEAN="clean"
RUN="run"
STOP="stop"
DEV="dev"
PROD="prod"
if [ "$#" -eq 0 ] || [ $1 = "-h" ] || [ $1 = "--help" ]; then
echo "Usage: ./myapp [OPTIONS] COMMAND [arg...]"
echo " ./myapp [ -h | --help ]"
echo ""
echo "Options:"
echo " -h, --help Prints usage."
echo ""
echo "Commands:"
echo " $CLEAN - Stop and Remove containers."
echo " $RUN - Build and Run containers."
echo " $STOP - Stop containers."
exit
fi
clean() {
stop_existing
remove_stopped_containers
remove_unused_volumes
}
run() {
echo "Cleaning..."
clean
echo "Running docker..."
if [ $2 = $DEV ]; then
echo "$DEV - Running in - $DEV - environment"
docker-compose up --build -target=$DEV
fi
}
stop_existing() {
MYAPP="$(docker ps --all --quiet --filter=name=wetaxitask_api_dev)"
REDIS="$(docker ps --all --quiet --filter=name=wetaxitask_redis)"
MONGO="$(docker ps --all --quiet --filter=name=wetaxitask_mongodb)"
if [ -n "$MYAPP" ]; then
docker stop $MYAPP
fi
if [ -n "$REDIS" ]; then
docker stop $REDIS
fi
if [ -n "$MONGO" ]; then
docker stop $MONGO
fi
}
remove_stopped_containers() {
CONTAINERS="$(docker ps -a -f status=exited -q)"
if [ ${#CONTAINERS} -gt 0 ]; then
echo "Removing all stopped containers."
docker rm $CONTAINERS
else
echo "There are no stopped containers to be removed."
fi
}
remove_unused_volumes() {
CONTAINERS="$(docker volume ls -qf dangling=true)"
if [ ${#CONTAINERS} -gt 0 ]; then
echo "Removing all unused volumes."
docker volume rm $CONTAINERS
else
echo "There are no unused volumes to be removed."
fi
}
if [ $1 = $CLEAN ]; then
echo "Cleaning..."
clean
exit
fi
if [ $1 = $RUN ]; then
run
exit
fi
if [ $1 = $STOP ]; then
stop_existing
exit
fi
What I want to achieve is that possible to run my sh as follow
./script.sh run dev or prod
When you invoke a shell function, it has its own argument list. The POSIX shell spec indicates:
The operands to the command temporarily shall become the positional parameters during the execution of the compound-command
So, if you define and call a shell function
print_two_things() {
echo "dollars one is $1"
echo "dollars two is $2"
}
print_two_things foo bar
print_two_things
$1 and $2 are the arguments to the function, not the script.
In your script, there are two errors in the run function
run() {
if [ $2 = $DEV ]; then :; fi
}
Here, again, $2 is the second argument to the function, not the script; since you invoke this as just run with no arguments it's an empty string. Second, you don't quote either of these variables, so the empty string just gets dropped. This expands to the nonsensical [ = dev ] which produces the error you see.
You need to either capture the positional parameters in variables at the top level, or pass them down to the shell function. An example of the latter approach could be:
run() {
environment="$1" # first parameter _to this function_
clean
if [ "$environment" = "$DEV" ]; then :; fi
}
# at the top level; parameters _to the script_
if [ "$1" = "$RUN" ]; then
run "$2"
exit 0
fi
In a Docker context you might find it easier just to pass this in as an environment variable. Anything you set with a docker run -e option or similar settings will be directly available as environment variables in shell scripts. It's also usually considered a best practice to run identical images in dev, test, and prod if at all possible.

How to use POSTGRES_PASSWORD_FILE in odoo container?

I need to hide password of postgres in odoo container like in postgres container, when we create new container postgres we can pass env variable POSTGRES_PASSWORD_FILE, and the content of Dockerfile of postgres 9.6 contains this block of code:
#!/usr/bin/env bash
set -Eeo pipefail
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
How we can do the same code in odoo image?
You can try to add your whole odoo.conf as a secret, create your service and add that secret with the --secret file and point to the path /run/secrets/${MY_SECRET} on your entrypoint with the -c flag on the odoo command

How to run nodejs and nginx with dyanmic Docker Option?

I'm fairly new to node and nginx. I've a task of building a simple webserver which host dynamic contents. A very crucial part of the webserver is to take inputs from user about ports to be used , any custom domain to be used (in place of localhost) , SSL certificates etc. from installer [Its supposed to be built for docker ] but I have no idea how to execute a script such that is passes the variable entered by user ( like $SERVER_URI) to nginx.conf and node file and overwrite current data
I will suggest to create a config file and read the value from them so everything will be dynamic.
Here is how you can achieve SSL certificate and other ENV and port dynamically also docker name and image name will be get and set.
Create file docker.config which contain ports, ENV, path mapping, hosts values and links if you wish to link container. leave them blank
if you do not need them. remove host_port:container_port this entry
just for comment purpose.
docker.config
START_PORT_MAPPINGS
host_port:container_port
8080:80
END_PORT_MAPPINGS
START_PATH_MAPPINGS
/path_to_code/:/var/www/htlm/test
/path_to_nginx_config1:/etc/nginx/nginx.conf
/path_to_ssl_certs:/container_path_to_Certs
END_PATH_MAPPINGS
START_LINKING
db:db-server
END_LINKING
START_HOST_MAPPINGS
test.com:192.168.1.23
test2.com:192.168.1.23
END_HOST_MAPPINGS
START_ENV_VARS
MYSQL_ROOT_PASSWORD=1234
OTHER_ENV_VAR=value
END_ENV_VARS
create start.sh this will read the values from docker.config and will run command your docker container.
Need two arguments 1st: docker name and 2nd: image name.
function read_connfig() {
docker_name="${1}"
input="docker.config"
option_key=$(echo "${2}" | cut -d':' -f1)
config_name=$(echo "${2}" | cut -d':' -f2)
post_fix=$(echo "${2}" | cut -d':' -f3)
while IFS=$' \t\n\r' read -r line; do
if [[ $line == END_"${config_name}" ]] ; then
read_prop="no"
fi
if [[ $read_prop == "yes" ]] ; then
echo -n "${option_key}${line}${post_fix} "
fi
if [[ $line == START_"${config_name}" ]] ; then
read_prop="yes"
fi
done < "$input"
}
function get_run_configs() {
docker_name=${1}
declare -a configs=("-p :PORT_MAPPINGS:" "-v :PATH_MAPPINGS:" "--add-host=:HOST_MAPPINGS:" "-e :ENV_VARS:" "--link :LINKING:")
local run_command=""
for config in "${configs[#]}"
do
config_vals=($(read_connfig "${docker_name}" "${config}"))
if [ ! -z "${config_vals}" ];
then
for config_val in "${config_vals[#]}"
do
run_command="${run_command} ${config_val}"
done
else
echo >&2 "No config found for ${config}"
fi
done
echo "${run_command}"
}
container_name=$1;
image_name=$2
docker_command=$(get_run_configs $docker_name)
echo $docker_command
docker run --name $container_name $docker_command -dit $image_name
Resulting command will be. ./start.sh test test
docker run --name test -p host_port:container_port -p 8080:80 -v /path_to_code/:/var/www/htlm/test -v /path_to_nginx_config1:/etc/nginx/nginx.conf -v /path_to_ssl_certs:/container_path_to_Certs --add-host=test.com:192.168.1.23 --add-host=test2.com:192.168.1.23 -e MYSQL_ROOT_PASSWORD=1234 -e OTHER_ENV_VAR=value --link db:db-server -dit test

Share files between host system and docker container using specific UID

I'm trying to share files within a Docker guest using the volume sharing. In order to get the same UID, and therefore interoperability with those files, I would like to create a user in the Docker guest with the same UID as my own user.
In order to test out the idea, I wrote the following simplistic Dockerfile:
FROM phusion/baseimage
RUN touch /root/uid-$UID
Testing it with docker build -t=docktest . and then docker run docktest ls -al /root reveals that the file is simply named uid-.
Is there a means to share host environment variables with Docker during the guest build process?
While researching a solution to this problem, I have found the following article to be a great resource: https://medium.com/#mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf
In my scripts, the solution boiled down to the following :
docker run --user $(id -u):$(id -g) -v /hostdirectory:/containerdirectory -v /etc/passwd:/etc/passwd myimage
Of course, id -u can be replaced by other means of retrieving a user's gid, such as stat -c "%u" /somepath
The environment is not shared, you could use -e, --env options to set env variables in container.
I usually use this approach when I want to have the same owner of the mapped volume: I check uid & gid of directory in container and then create a corresponding user. Here my script (setuser.sh) which creates a user for a directory:
#!/bin/bash
setuser() {
if [ -z "$1" ]; then
echo "Usage: $0 <path>"
return
fi
CURRENT_UID=`id -u`
DEST_UID=`stat -c "%u" $1`
if [ $CURRENT_UID = $DEST_UID ]; then
return
fi
DEST_GID=`stat -c "%g" $1`
if [ -e /home/$DEST_UID ]; then
return
fi
groupadd -g $DEST_GID $DEST_GID
useradd -u $DEST_UID -g $DEST_GID $DEST_UID
mkdir -p /home/$DEST_UID
chown $DEST_UID:$DEST_GID /home/$DEST_UID
}
setuser $1
And this is the wrapper script which runs commands as the user, where the directory with permissions is specified either as $USER_DIR or in /etc/user_dir
#!/bin/bash
if [ -z "$USER_DIR" ]; then
if [ -e /etc/user_dir ]; then
export USER_DIR=`head -n 1 /etc/user_dir`
fi
fi
if [ -n "$USER_DIR" ]; then
if [ ! -d "$USER_DIR" ]; then
echo "Please mount $USER_DIR before running this script"
exit 1
fi
. `dirname $BASH_SOURCE`/setuser.sh $USER_DIR
fi
if [ -n "$USER_DIR" ]; then
cd $USER_DIR
fi
if [ -e /etc/user_script ]; then
. /etc/user_script
fi
if [ $CURRENT_UID = $DEST_UID ]; then
"$#"
else
su $DEST_UID -p -c "$#"
fi
P.S. Alleo suggested different approach: to map users and groups files into container and to specify uid and gid. So your container does not depend on built-in users/groups you could use it without additional scripts.
This is not possible and will probably never be possible because of the design philosophy of keeping builds independent of machines. Issue 6822.
I slightly modified #ISanych answer:
#!/usr/bin/env bash
user_exists() {
id -u $1 > /dev/null 2>&1
}
group_exists() {
id -g $1 > /dev/null 2>&1
}
setuser() {
if [[ "$#" != 3 ]]; then
echo "Usage: $0 <path> <user> <group>"
return
fi
local dest_uid=$(stat -c "%u" $1)
local dest_gid=$(stat -c "%g" $1)
if user_exists $dest_uid; then
id -nu $dest_uid
return
fi
local dest_user=$2
local dest_group=$3
if user_exists $dest_user; then
userdel $dest_user
fi
if group_exists $dest_group; then
groupdel $dest_user
fi
groupadd -g $dest_gid $dest_group
useradd -u $dest_uid -g $dest_gid -s $DEFAULT_SHELL -d $DEFAULT_HOME -G root $dest_user
chown -R $dest_uid:$dest_gid $DEFAULT_HOME
id -nu $dest_user
}
REAL_USER=$(setuser $SRC_DIR $DEFAULT_USER $DEFAULT_GROUP)
setuser function accepts user and group names that you want to assign to uid and gid of provided directory. Then if user with such uid exists then it simply returns login corresponding to this uid, otherwise it creates user and group and returns login originally passed to function.
So you get the login of user that owns destination directory.

Resources