automate scripts for notary(signer/server) docker images bases on photon 1.0, code is not based on 0.5.0

remove the binary temp folder, just keep on binary path.
This commit is contained in:
wangyan 2017-09-26 17:14:13 +08:00
parent e79334a445
commit 0aac7832eb
16 changed files with 244 additions and 0 deletions

View File

@ -0,0 +1,13 @@
FROM golang:1.7.3
ENV NOTARY_DIR /go/src/github.com/docker/notary
ENV NOTARYPKG github.com/docker/notary
COPY . /go/src/${NOTARYPKG}
WORKDIR /go/src/${NOTARYPKG}
RUN go build -tags pkcs11 \
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" $NOTARYPKG/cmd/notary-server
RUN go build -tags pkcs11 \
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" $NOTARYPKG/cmd/notary-signer

Binary file not shown.

Binary file not shown.

58
make/photon/notary/builder Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
set +e
echo "Usage: #./builder [notary version] [registry username] [registry password]"
if [ -z $1 ]; then
error "Please set the 'version' variable"
exit 1
fi
if [ -z $2 ]; then
error "Please set the 'photonversion' variable"
exit 1
fi
if [ -z $3 ]; then
error "Please set the 'username' variable"
exit 1
fi
VERSION="$1"
USERNAME="$2"
PASSWORD="$3"
SIGNER_PHOTONIMAGE=vmware/notary-photon:signer-$VERSION
SERVER_PHOTONIMAGE=vmware/notary-photon:server-$VERSION
set -e
# the temp folder to store binary file...
mkdir -p binary
rm -rf binary || true
cd `dirname $0`
cur=$PWD
# the temp folder to store notary source code...
TEMP=`mktemp -d /$TMPDIR/notary.XXXXXX`
git clone -b $VERSION https://github.com/docker/notary.git $TEMP
echo 'build the notary binary bases on the golang:1.7.3...'
cp binary.Dockerfile $TEMP
cd $TEMP
docker build -f binary.Dockerfile -t notary-golang $TEMP
echo 'copy the notary binary to local...'
ID=$(docker create notary-golang)
echo $ID
cd $cur
docker cp $ID:/go/src/github.com/docker/notary/notary-server binary
docker cp $ID:/go/src/github.com/docker/notary/notary-signer binary
docker rm -f $ID
docker rmi -f notary-golang
docker build -f server.Dockerfile -t $SERVER_PHOTONIMAGE .
docker build -f signer.Dockerfile -t $SIGNER_PHOTONIMAGE .
echo 'Push image to docker hub.'
../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD

BIN
make/photon/notary/migrate Executable file

Binary file not shown.

View File

@ -0,0 +1,8 @@
# Database Migrations
This directory contains database migrations for the server and signer. They
are being managed using [this tool](https://github.com/mattes/migrate).
Within each of the server and signer directories are directories for different
database backends. Notary server and signer use GORM and are therefore
capable of running on a number of different databases, however migrations
may contain syntax specific to one backend.

View File

@ -0,0 +1,63 @@
#!/usr/bin/env sh
# When run in the docker containers, the working directory
# is the root of the repo.
iter=0
case $SERVICE_NAME in
notary_server)
MIGRATIONS_PATH=${MIGRATIONS_PATH:-migrations/server/mysql}
DB_URL=${DB_URL:-mysql://server@tcp(mysql:3306)/notaryserver}
# have to poll for DB to come up
until migrate -path=$MIGRATIONS_PATH -url=$DB_URL version
do
iter=$(( iter+1 ))
if [[ $iter -gt 30 ]]; then
echo "notaryserver database failed to come up within 30 seconds"
exit 1;
fi
echo "waiting for $DB_URL to come up."
sleep 1
done
pre=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
if migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" up ; then
post=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
if [ "$pre" != "$post" ]; then
echo "notaryserver database migrated to latest version"
else
echo "notaryserver database already at latest version"
fi
else
echo "notaryserver database migration failed"
exit 1
fi
;;
notary_signer)
MIGRATIONS_PATH=${MIGRATIONS_PATH:-migrations/signer/mysql}
DB_URL=${DB_URL:-mysql://signer@tcp(mysql:3306)/notarysigner}
# have to poll for DB to come up
until migrate -path=$MIGRATIONS_PATH -url=$DB_URL up version
do
iter=$(( iter+1 ))
if [[ $iter -gt 30 ]]; then
echo "notarysigner database failed to come up within 30 seconds"
exit 1;
fi
echo "waiting for $DB_URL to come up."
sleep 1
done
pre=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
if migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" up ; then
post=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
if [ "$pre" != "$post" ]; then
echo "notarysigner database migrated to latest version"
else
echo "notarysigner database already at latest version"
fi
else
echo "notarysigner database migration failed"
exit 1
fi
;;
esac

View File

@ -0,0 +1,24 @@
CREATE TABLE `timestamp_keys` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
`gun` varchar(255) NOT NULL,
`cipher` varchar(50) NOT NULL,
`public` blob NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `gun` (`gun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `tuf_files` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
`gun` varchar(255) NOT NULL,
`role` varchar(255) NOT NULL,
`version` int(11) NOT NULL,
`data` longblob NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `gun` (`gun`,`role`,`version`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

View File

@ -0,0 +1,3 @@
ALTER TABLE `timestamp_keys` ADD COLUMN `role` VARCHAR(255) NOT NULL, DROP KEY `gun`, ADD UNIQUE KEY `gun_role` (`gun`, `role`);
UPDATE `timestamp_keys` SET `role`="timestamp";

View File

@ -0,0 +1,5 @@
ALTER TABLE `tuf_files` ADD COLUMN `sha256` CHAR(64) DEFAULT NULL, ADD INDEX `sha256` (`sha256`);
-- SHA2 function takes the column name or a string as the first parameter, and the
-- hash size as the second argument. It returns a hex string.
UPDATE `tuf_files` SET `sha256` = SHA2(`data`, 256);

View File

@ -0,0 +1 @@
DROP TABLE IF EXISTS `timestamp_keys`;

View File

@ -0,0 +1,36 @@
CREATE TABLE `change_category` (
`category` VARCHAR(20) NOT NULL,
PRIMARY KEY (`category`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `change_category` VALUES ("update"), ("deletion");
CREATE TABLE `changefeed` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`created_at` timestamp DEFAULT CURRENT_TIMESTAMP,
`gun` varchar(255) NOT NULL,
`version` int(11) NOT NULL,
`sha256` CHAR(64) DEFAULT NULL,
`category` VARCHAR(20) NOT NULL DEFAULT "update",
PRIMARY KEY (`id`),
FOREIGN KEY (`category`) REFERENCES `change_category` (`category`),
INDEX `idx_changefeed_gun` (`gun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `changefeed` (
`created_at`,
`gun`,
`version`,
`sha256`
) (SELECT
`created_at`,
`gun`,
`version`,
`sha256`
FROM
`tuf_files`
WHERE
`role` = "timestamp"
ORDER BY
`created_at` ASC
);

View File

@ -0,0 +1,16 @@
CREATE TABLE `private_keys` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`created_at` timestamp NULL DEFAULT NULL,
`updated_at` timestamp NULL DEFAULT NULL,
`deleted_at` timestamp NULL DEFAULT NULL,
`key_id` varchar(255) NOT NULL,
`encryption_alg` varchar(255) NOT NULL,
`keywrap_alg` varchar(255) NOT NULL,
`algorithm` varchar(50) NOT NULL,
`passphrase_alias` varchar(50) NOT NULL,
`public` blob NOT NULL,
`private` blob NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `key_id` (`key_id`),
UNIQUE KEY `key_id_2` (`key_id`,`algorithm`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

View File

@ -0,0 +1 @@
ALTER TABLE `private_keys` ADD COLUMN `gun` VARCHAR(255) NOT NULL, ADD COLUMN `role` VARCHAR(255) NOT NULL, ADD COLUMN `last_used` DATETIME NULL DEFAULT NULL;

View File

@ -0,0 +1,8 @@
from library/photon:1.0
COPY ./binary/notary-server /bin/notary-server
COPY ./migrate /bin/migrate
COPY ./migrations/ /migrations/
ENV SERVICE_NAME=notary_server
ENTRYPOINT [ "notary-server" ]

View File

@ -0,0 +1,8 @@
from library/photon:1.0
COPY ./binary/notary-signer /bin/notary-signer
COPY ./migrate /bin/migrate
COPY ./migrations/ /migrations/
ENV SERVICE_NAME=notary_signer
ENTRYPOINT [ "notary-signer" ]