Add healthcheck in Dockerfile* redis* jobservice

Signed-off-by: Qian Deng <dengq@vmware.com>
This commit is contained in:
Qian Deng 2019-08-01 08:02:08 +00:00
parent 89d6370201
commit dacb1fc79e
20 changed files with 75 additions and 73 deletions

View File

@ -242,7 +242,7 @@ PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(PKGVERSIONTAG).tgz \
$(HARBORPKG)/install.sh \ $(HARBORPKG)/install.sh \
$(HARBORPKG)/harbor.yml $(HARBORPKG)/harbor.yml
DOCKERCOMPOSE_LIST=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) DOCKERCOMPOSE_FILE_OPT=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
ifeq ($(NOTARYFLAG), true) ifeq ($(NOTARYFLAG), true)
DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(NOTARYVERSION)-$(VERSIONTAG) goharbor/notary-signer-photon:$(NOTARYVERSION)-$(VERSIONTAG) DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(NOTARYVERSION)-$(VERSIONTAG) goharbor/notary-signer-photon:$(NOTARYVERSION)-$(VERSIONTAG)
@ -412,17 +412,16 @@ pushimage:
start: start:
@echo "loading harbor images..." @echo "loading harbor images..."
@$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_LIST) up -d @$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_FILE_OPT) up -d
@echo "Start complete. You can visit harbor now." @echo "Start complete. You can visit harbor now."
down: down:
@echo "Please make sure to set -e NOTARYFLAG=true/CLAIRFLAG=true/CHARTFLAG=true if you are using Notary/CLAIR/Chartmuseum in Harbor, otherwise the Notary/CLAIR/Chartmuseum containers cannot be stopped automatically."
@while [ -z "$$CONTINUE" ]; do \ @while [ -z "$$CONTINUE" ]; do \
read -r -p "Type anything but Y or y to exit. [Y/N]: " CONTINUE; \ read -r -p "Type anything but Y or y to exit. [Y/N]: " CONTINUE; \
done ; \ done ; \
[ $$CONTINUE = "y" ] || [ $$CONTINUE = "Y" ] || (echo "Exiting."; exit 1;) [ $$CONTINUE = "y" ] || [ $$CONTINUE = "Y" ] || (echo "Exiting."; exit 1;)
@echo "stoping harbor instance..." @echo "stoping harbor instance..."
@$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_LIST) down -v @$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_FILE_OPT) down -v
@echo "Done." @echo "Done."
swagger_client: swagger_client:

View File

@ -18,15 +18,15 @@ RUN tdnf erase -y toybox && tdnf install -y util-linux net-tools
VOLUME /var/lib/postgresql/data VOLUME /var/lib/postgresql/data
COPY ./make/photon/db/docker-entrypoint.sh /entrypoint.sh COPY ./make/photon/db/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./make/photon/db/docker-healthcheck.sh /docker-healthcheck.sh COPY ./make/photon/db/docker-healthcheck.sh /docker-healthcheck.sh
COPY ./make/photon/db/initial-notaryserver.sql /docker-entrypoint-initdb.d/ COPY ./make/photon/db/initial-notaryserver.sql /docker-entrypoint-initdb.d/
COPY ./make/photon/db/initial-notarysigner.sql /docker-entrypoint-initdb.d/ COPY ./make/photon/db/initial-notarysigner.sql /docker-entrypoint-initdb.d/
COPY ./make/photon/db/initial-registry.sql /docker-entrypoint-initdb.d/ COPY ./make/photon/db/initial-registry.sql /docker-entrypoint-initdb.d/
RUN chown -R postgres:postgres /entrypoint.sh /docker-healthcheck.sh /docker-entrypoint-initdb.d \ RUN chown -R postgres:postgres /docker-entrypoint.sh /docker-healthcheck.sh /docker-entrypoint-initdb.d \
&& chmod u+x /entrypoint.sh /docker-healthcheck.sh && chmod u+x /docker-entrypoint.sh /docker-healthcheck.sh
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/docker-entrypoint.sh"]
HEALTHCHECK CMD ["/docker-healthcheck.sh"] HEALTHCHECK CMD ["/docker-healthcheck.sh"]
EXPOSE 5432 EXPOSE 5432

View File

@ -23,7 +23,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
# chown -R postgres:postgres $PGDATA
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
if [ ! -s "$PGDATA/PG_VERSION" ]; then if [ ! -s "$PGDATA/PG_VERSION" ]; then
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'

View File

@ -14,4 +14,6 @@ USER harbor
VOLUME ["/var/log/jobs/"] VOLUME ["/var/log/jobs/"]
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v1/stats || exit 1
ENTRYPOINT ["/harbor/harbor_jobservice", "-c", "/etc/jobservice/config.yml"] ENTRYPOINT ["/harbor/harbor_jobservice", "-c", "/etc/jobservice/config.yml"]

View File

@ -1,7 +1,5 @@
FROM node:10.15.0 as nodeportal FROM node:10.15.0 as nodeportal
RUN mkdir -p /portal_src && mkdir -p /build_dir
COPY src/portal /portal_src COPY src/portal /portal_src
COPY ./docs/swagger.yaml /portal_src COPY ./docs/swagger.yaml /portal_src
@ -10,9 +8,8 @@ WORKDIR /build_dir
RUN cp -r /portal_src/* /build_dir \ RUN cp -r /portal_src/* /build_dir \
&& ls -la \ && ls -la \
&& apt-get update \ && apt-get update \
&& apt-get install python-yaml \ && apt-get install -y --no-install-recommends python-yaml=3.12-1 \
&& cat swagger.yaml | python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y)' > swagger.json \ && python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y)' < swagger.yaml > swagger.json \
&& cat ./package.json \
&& npm install \ && npm install \
&& npm run build_lib \ && npm run build_lib \
&& npm run link_lib \ && npm run link_lib \
@ -34,7 +31,7 @@ RUN tdnf install -y nginx sudo >> /dev/null \
&& chown -R nginx:nginx /etc/nginx \ && chown -R nginx:nginx /etc/nginx \
&& tdnf clean all && tdnf clean all
EXPOSE 80 EXPOSE 8080
VOLUME /var/cache/nginx /var/log/nginx /run VOLUME /var/cache/nginx /var/log/nginx /run
STOPSIGNAL SIGQUIT STOPSIGNAL SIGQUIT

View File

@ -2,12 +2,12 @@ import os, shutil
from g import templates_dir, config_dir, DEFAULT_UID, DEFAULT_GID from g import templates_dir, config_dir, DEFAULT_UID, DEFAULT_GID
from .jinja import render_jinja from .jinja import render_jinja
from .misc import prepare_config_dir from .misc import prepare_dir
clair_template_dir = os.path.join(templates_dir, "clair") clair_template_dir = os.path.join(templates_dir, "clair")
def prepare_clair(config_dict): def prepare_clair(config_dict):
clair_config_dir = prepare_config_dir(config_dir, "clair") clair_config_dir = prepare_dir(config_dir, "clair")
if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")): if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")):
print("Copying offline data file for clair DB") print("Copying offline data file for clair DB")

View File

@ -1,7 +1,7 @@
import shutil, os import shutil, os
from g import config_dir, templates_dir from g import config_dir, templates_dir
from utils.misc import prepare_config_dir, generate_random_string from utils.misc import prepare_dir, generate_random_string
from utils.jinja import render_jinja from utils.jinja import render_jinja
core_config_dir = os.path.join(config_dir, "core", "certificates") core_config_dir = os.path.join(config_dir, "core", "certificates")
@ -33,7 +33,7 @@ def prepare_core(config_dict, with_notary, with_clair, with_chartmuseum):
copy_core_config(core_conf_template_path, core_conf) copy_core_config(core_conf_template_path, core_conf)
def prepare_core_config_dir(): def prepare_core_config_dir():
prepare_config_dir(core_config_dir) prepare_dir(core_config_dir)
def copy_core_config(core_templates_path, core_config_path): def copy_core_config(core_templates_path, core_config_path):
shutil.copyfile(core_templates_path, core_config_path) shutil.copyfile(core_templates_path, core_config_path)

View File

@ -1,7 +1,7 @@
import os import os
from g import config_dir, templates_dir, data_dir, PG_UID, PG_GID from g import config_dir, templates_dir, data_dir, PG_UID, PG_GID
from utils.misc import prepare_config_dir from utils.misc import prepare_dir
from utils.jinja import render_jinja from utils.jinja import render_jinja
db_config_dir = os.path.join(config_dir, "db") db_config_dir = os.path.join(config_dir, "db")
@ -10,12 +10,8 @@ db_conf_env = os.path.join(config_dir, "db", "env")
database_data_path = os.path.join(data_dir, 'database') database_data_path = os.path.join(data_dir, 'database')
def prepare_db(config_dict): def prepare_db(config_dict):
prepare_config_dir(database_data_path) prepare_dir(database_data_path, uid=PG_UID, gid=PG_GID)
stat_info = os.stat(database_data_path) prepare_dir(db_config_dir)
uid, gid = stat_info.st_uid, stat_info.st_gid
if not (uid == PG_UID and gid == PG_GID):
os.chown(database_data_path, PG_UID, PG_GID)
prepare_config_dir(db_config_dir)
render_jinja( render_jinja(
db_env_template_path, db_env_template_path,
db_conf_env, db_conf_env,

View File

@ -1,7 +1,7 @@
import os import os
from g import config_dir, DEFAULT_GID, DEFAULT_UID, templates_dir from g import config_dir, DEFAULT_GID, DEFAULT_UID, templates_dir
from utils.misc import prepare_config_dir from utils.misc import prepare_dir
from utils.jinja import render_jinja from utils.jinja import render_jinja
job_config_dir = os.path.join(config_dir, "jobservice") job_config_dir = os.path.join(config_dir, "jobservice")
@ -10,16 +10,14 @@ job_service_conf_env = os.path.join(config_dir, "jobservice", "env")
job_service_conf_template_path = os.path.join(templates_dir, "jobservice", "config.yml.jinja") job_service_conf_template_path = os.path.join(templates_dir, "jobservice", "config.yml.jinja")
jobservice_conf = os.path.join(config_dir, "jobservice", "config.yml") jobservice_conf = os.path.join(config_dir, "jobservice", "config.yml")
def prepare_job_service(config_dict): def prepare_job_service(config_dict):
prepare_config_dir(job_config_dir) prepare_dir(job_config_dir, uid=DEFAULT_UID, gid=DEFAULT_GID)
log_level = config_dict['log_level'].upper() log_level = config_dict['log_level'].upper()
# Job log is stored in data dir # Job log is stored in data dir
job_log_dir = os.path.join('/data', "job_logs") job_log_dir = os.path.join('/data', "job_logs")
file_path = prepare_config_dir(job_log_dir) prepare_dir(job_log_dir, uid=DEFAULT_UID, gid=DEFAULT_GID)
os.chown(file_path, DEFAULT_UID, DEFAULT_GID)
# Render Jobservice env # Render Jobservice env
render_jinja( render_jinja(
job_service_env_template_path, job_service_env_template_path,

View File

@ -1,7 +1,7 @@
import os import os
from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID
from utils.misc import prepare_config_dir from utils.misc import prepare_dir
from utils.jinja import render_jinja from utils.jinja import render_jinja
log_config_dir = os.path.join(config_dir, "log") log_config_dir = os.path.join(config_dir, "log")
@ -15,7 +15,7 @@ log_syslog_docker_template_path = os.path.join(templates_dir, 'log', 'rsyslog_do
log_syslog_docker_config = os.path.join(config_dir, 'log', 'rsyslog_docker.conf') log_syslog_docker_config = os.path.join(config_dir, 'log', 'rsyslog_docker.conf')
def prepare_log_configs(config_dict): def prepare_log_configs(config_dict):
prepare_config_dir(log_config_dir) prepare_dir(log_config_dir)
# Render Log config # Render Log config
render_jinja( render_jinja(

View File

@ -3,7 +3,7 @@ import string
import random import random
from g import DEFAULT_UID, DEFAULT_GID from g import DEFAULT_UID, DEFAULT_GID
from pathlib import Path
# To meet security requirement # To meet security requirement
# By default it will change file mode to 0600, and make the owner of the file to 10000:10000 # By default it will change file mode to 0600, and make the owner of the file to 10000:10000
@ -84,6 +84,26 @@ def prepare_config_dir(root, *name):
os.makedirs(absolute_path) os.makedirs(absolute_path)
return absolute_path return absolute_path
def prepare_dir(root: str, *args, **kwargs) -> str:
gid, uid = kwargs.get('gid'), kwargs.get('uid')
absolute_path = Path(os.path.join(root, *args))
if absolute_path.is_file():
raise Exception('Path exists and the type is regular file')
mode = kwargs.get('mode') or 0o755
absolute_path.mkdir(mode, parents=True, exist_ok=True)
# if uid or gid not None, then change the ownership of this dir
if not(gid is None and uid is None):
dir_uid, dir_gid = absolute_path.stat().st_uid, absolute_path.stat().st_gid
if uid is None:
uid = dir_uid
if gid is None:
gid = dir_gid
os.chown(absolute_path, uid, gid)
return str(absolute_path)
def delfile(src): def delfile(src):
if os.path.isfile(src): if os.path.isfile(src):

View File

@ -3,7 +3,7 @@ from fnmatch import fnmatch
from pathlib import Path from pathlib import Path
from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID
from utils.misc import prepare_config_dir, mark_file from utils.misc import prepare_dir, mark_file
from utils.jinja import render_jinja from utils.jinja import render_jinja
from utils.cert import SSL_CERT_KEY_PATH, SSL_CERT_PATH from utils.cert import SSL_CERT_KEY_PATH, SSL_CERT_PATH
@ -17,8 +17,7 @@ CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS = 'harbor.https.*.conf'
CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTP = 'harbor.http.*.conf' CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTP = 'harbor.http.*.conf'
def prepare_nginx(config_dict): def prepare_nginx(config_dict):
file_path = prepare_config_dir(nginx_confd_dir) prepare_dir(nginx_confd_dir, uid=DEFAULT_UID, gid=DEFAULT_GID)
os.chown(file_path, DEFAULT_UID, DEFAULT_GID)
render_nginx_template(config_dict) render_nginx_template(config_dict)
def render_nginx_template(config_dict): def render_nginx_template(config_dict):

View File

@ -2,7 +2,7 @@ import os, shutil, pathlib
from g import templates_dir, config_dir, root_crt_path, secret_key_dir,DEFAULT_UID, DEFAULT_GID from g import templates_dir, config_dir, root_crt_path, secret_key_dir,DEFAULT_UID, DEFAULT_GID
from .cert import openssl_installed, create_cert, create_root_cert, get_alias from .cert import openssl_installed, create_cert, create_root_cert, get_alias
from .jinja import render_jinja from .jinja import render_jinja
from .misc import mark_file, prepare_config_dir from .misc import mark_file, prepare_dir
notary_template_dir = os.path.join(templates_dir, "notary") notary_template_dir = os.path.join(templates_dir, "notary")
notary_signer_pg_template = os.path.join(notary_template_dir, "signer-config.postgres.json.jinja") notary_signer_pg_template = os.path.join(notary_template_dir, "signer-config.postgres.json.jinja")
@ -20,12 +20,12 @@ notary_server_env_path = os.path.join(notary_config_dir, "server_env")
def prepare_env_notary(nginx_config_dir): def prepare_env_notary(nginx_config_dir):
notary_config_dir = prepare_config_dir(config_dir, "notary") notary_config_dir = prepare_dir(config_dir, "notary")
old_signer_cert_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer.crt')) old_signer_cert_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer.crt'))
old_signer_key_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer.key')) old_signer_key_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer.key'))
old_signer_ca_cert_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer-ca.crt')) old_signer_ca_cert_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer-ca.crt'))
notary_secret_dir = prepare_config_dir('/secret/notary') notary_secret_dir = prepare_dir('/secret/notary')
signer_cert_secret_path = pathlib.Path(os.path.join(notary_secret_dir, 'notary-signer.crt')) signer_cert_secret_path = pathlib.Path(os.path.join(notary_secret_dir, 'notary-signer.crt'))
signer_key_secret_path = pathlib.Path(os.path.join(notary_secret_dir, 'notary-signer.key')) signer_key_secret_path = pathlib.Path(os.path.join(notary_secret_dir, 'notary-signer.key'))
signer_ca_cert_secret_path = pathlib.Path(os.path.join(notary_secret_dir, 'notary-signer-ca.crt')) signer_ca_cert_secret_path = pathlib.Path(os.path.join(notary_secret_dir, 'notary-signer-ca.crt'))

View File

@ -1,14 +1,9 @@
import os import os
from g import data_dir, REDIS_UID, REDIS_GID from g import data_dir, REDIS_UID, REDIS_GID
from utils.misc import prepare_config_dir from utils.misc import prepare_dir
redis_data_path = os.path.join(data_dir, 'redis') redis_data_path = os.path.join(data_dir, 'redis')
def prepare_redis(config_dict): def prepare_redis(config_dict):
prepare_config_dir(redis_data_path) prepare_dir(redis_data_path, uid=REDIS_UID, gid=REDIS_GID)
stat_info = os.stat(redis_data_path)
uid, gid = stat_info.st_uid, stat_info.st_gid
if not (uid == REDIS_UID and gid == REDIS_GID):
os.chown(redis_data_path, REDIS_UID, REDIS_GID)

View File

@ -1,7 +1,7 @@
import os, copy import os, copy
from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID
from utils.misc import prepare_config_dir from utils.misc import prepare_dir
from utils.jinja import render_jinja from utils.jinja import render_jinja
@ -11,7 +11,7 @@ registry_conf = os.path.join(config_dir, "registry", "config.yml")
def prepare_registry(config_dict): def prepare_registry(config_dict):
prepare_config_dir(registry_config_dir) prepare_dir(registry_config_dir)
storage_provider_info = get_storage_provider_info( storage_provider_info = get_storage_provider_info(
config_dict['storage_provider_name'], config_dict['storage_provider_name'],

View File

@ -1,7 +1,7 @@
import os, shutil import os, shutil
from g import config_dir, templates_dir from g import config_dir, templates_dir
from utils.misc import prepare_config_dir from utils.misc import prepare_dir
from utils.jinja import render_jinja from utils.jinja import render_jinja
registryctl_config_dir = os.path.join(config_dir, "registryctl") registryctl_config_dir = os.path.join(config_dir, "registryctl")
@ -24,7 +24,7 @@ def prepare_registry_ctl(config_dict):
copy_registry_ctl_conf(registryctl_config_template_path, registryctl_conf) copy_registry_ctl_conf(registryctl_config_template_path, registryctl_conf)
def prepare_registry_ctl_config_dir(): def prepare_registry_ctl_config_dir():
prepare_config_dir(registryctl_config_dir) prepare_dir(registryctl_config_dir)
def copy_registry_ctl_conf(src, dst): def copy_registry_ctl_conf(src, dst):
shutil.copyfile(src, dst) shutil.copyfile(src, dst)

View File

@ -4,11 +4,12 @@ RUN tdnf install -y redis sudo
VOLUME /var/lib/redis VOLUME /var/lib/redis
WORKDIR /var/lib/redis WORKDIR /var/lib/redis
COPY ./make/photon/redis/docker-entrypoint.sh /usr/bin/ COPY ./make/photon/redis/docker-healthcheck /usr/bin/
COPY ./make/photon/redis/redis.conf /etc/redis.conf COPY ./make/photon/redis/redis.conf /etc/redis.conf
RUN chmod +x /usr/bin/docker-entrypoint.sh \ RUN chmod +x /usr/bin/docker-healthcheck \
&& chown redis:redis /etc/redis.conf && chown redis:redis /etc/redis.conf
USER redis
HEALTHCHECK CMD ["docker-healthcheck"]
USER redis
EXPOSE 6379 EXPOSE 6379
CMD ["redis-server", "/etc/redis.conf"] CMD ["redis-server", "/etc/redis.conf"]

View File

@ -1,13 +0,0 @@
#!/bin/sh
set -e
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "$@"
fi
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
chown -R redis .
exec sudo -u redis "$@"
fi
exec "$@"

View File

@ -0,0 +1,9 @@
#!/bin/bash
set -eo pipefail
if ping="$(redis-cli -h "127.0.0.1" ping)" && [ "$ping" = 'PONG' ]; then
exit 0
fi
exit 1

View File

@ -45,11 +45,11 @@ secret_dir=${data_path}/secret
config_dir=$harbor_prepare_path/common/config config_dir=$harbor_prepare_path/common/config
# Run prepare script # Run prepare script
docker run --rm -v $input_dir:/input \ docker run --rm -v $input_dir:/input:z \
-v $data_path:/data \ -v $data_path:/data:z \
-v $harbor_prepare_path:/compose_location \ -v $harbor_prepare_path:/compose_location:z \
-v $config_dir:/config \ -v $config_dir:/config:z \
-v $secret_dir:/secret \ -v $secret_dir:/secret:z \
goharbor/prepare:dev $@ goharbor/prepare:dev $@
echo "Clean up the input dir" echo "Clean up the input dir"