cloudscript/dockerui.cloudscript at master · nephoscale/cloudscript · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
# Install latest Docker and DockerUI on a CS1-SSD Cloudlet ($.015/hr) running Linux Ubuntu Server 14.04 LTS 64-bit
cloudscript dockerui
    version                 = _latest
    result_template         = docker_ui_result_template

globals
    docker_ui_hostname         = 'docker'
    docker_ui_instance_type    = 'CS1-SSD'    # 1GB RAM, 1 vCore, 25GB SSD, 10Gbps
    docker_ui_image_type       = 'Ubuntu Server 14.04 LTS'
    default_slice_user       = 'docker'
    # passwords setup
    server_password         = lib::random_password()
    console_password        = lib::random_password()
    webui_password          = lib::random_password()

thread docker_ui_setup
    tasks                   = [docker_ui_server_setup]

task docker_ui_server_setup

    #---------------------
    # Create docker keys
    #---------------------

    # Create docker server root password key
    /key/password docker_ui_server_password_key read_or_create
        key_group           = _SERVER
        password            = server_password

    # Create docker server console key
    /key/password docker_ui_server_console_key read_or_create
        key_group           = _CONSOLE
        password            = console_password

   # Create docker server web GUI key
    /key/password docker_ui_server_webui_key read_or_create
        key_group           = _SERVER
        password            = webui_password

    #------------------------------
    # Create docker storage slice,
    # bootstrap script and recipe
    #------------------------------

    # Create storage slice keys
    /key/token default_slice_key read_or_create
        username            = default_slice_user

    # Create slice to store script in cloudstorage
    /storage/slice default_slice read_or_create
        keys                = [default_slice_key]

    # Create slice container to store script in cloudstorage
    /storage/container docker_ui_container => [default_slice] read_or_create
        slice               = default_slice

    # Place script data in cloudstorage
    /storage/object docker_ui_bootstrap_object => [default_slice, docker_ui_container] read_or_create
        container_name      = 'docker_ui_container'
        file_name           = 'bootstrap_docker.sh'
        slice               = default_slice
        content_data        = docker_ui_bootstrap_data

    # Associate the cloudstorage object with the docker script
    /orchestration/script docker_ui_bootstrap_script => [default_slice, docker_ui_container, docker_ui_bootstrap_object] read_or_create
        data_uri            = 'cloudstorage://default_slice/docker_ui_container/bootstrap_docker.sh'
        script_type         = _SHELL
        encoding            = _STORAGE

    # Create the recipe and associate the script
    /orchestration/recipe docker_ui_bootstrap_recipe read_or_create
        scripts             = [docker_ui_bootstrap_script]

    #--------------------------
    # Create the docker server
    #--------------------------

    /server/cloud docker_ui_server read_or_create
        hostname            = '{{ docker_ui_hostname }}'
        image               = '{{ docker_ui_image_type }}'
        service_type        = '{{ docker_ui_instance_type }}'
        keys                = [docker_ui_server_password_key, docker_ui_server_console_key]
        recipes             = [docker_ui_bootstrap_recipe]

text_template docker_ui_bootstrap_data
#!/bin/sh

# check if running as root
[ `whoami` = 'root' ] || {
    echo "ERROR: must have root permissions to execute the commands"
    exit 1
}

# confirm apt-get will work with HTTPS
[ -e /usr/lib/apt/methods/https ] || {
    apt-get update
    apt-get install apt-transport-https -y
}

# add key and docker repo
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
echo "deb https://get.docker.com/ubuntu docker main" > /etc/apt/sources.list.d/docker.list

# check new repo and install docker
apt-get update
apt-get install apache2-utils -y
apt-get install lxc-docker -y
apt-get install lxc -y

# prepare docker config
echo 'docker_ui_OPTS="--bip=172.17.42.1/26"' >> /etc/default/docker
service docker stop
ip link delete docker0
service docker start

# deploy dockerui
sleep 2s
docker build -t crosbymichael/dockerui github.com/crosbymichael/dockerui
docker run -d -p 9000:9000 -v /var/run/docker.sock:/docker.sock crosbymichael/dockerui -e /docker.sock

# stop docker
NUM=$(docker ps | grep crosbymichael | sed -r 's/ .*//g')
docker stop $NUM

# copy dockerui image to a local repo
docker pull alexerm/dockerui-auth

# save DockerUI as a tar
docker save -o /tmp/auth.tar alexerm/dockerui-auth

# change nginx config inside container
mkdir /tmp/auth
tar -xf /tmp/auth.tar -C /tmp/auth/
cd /tmp/auth/ab21879052e850b2f5f6244e4b94c5ae2064b0a95c936b7ca4fe4e9d2dfd4c5f
mkdir tmp
tar -xf layer.tar -C tmp/
cd tmp/
#sed -r 's/ssl on/#ssl on/g' etc/nginx/sites-available/default > etc/nginx/sites-available/default-new
#mv etc/nginx/sites-available/default-new etc/nginx/sites-available/default
cat <<\EOF>etc/nginx/sites-available/default
upstream dockerui {
    server 127.0.0.1:9000;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    error_page 497 https://$host:9000$request_uri;
    server_name localhost;

    location / {
        proxy_pass http://dockerui;
        auth_basic "Restricted";
        auth_basic_user_file /app/.htpasswd;
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_redirect     off;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
    }
}

EOF

# create new image
tar -cf ../layer.tar .
cd ..
rm -rf tmp
cd ..
tar -cf ../auth-new.tar .
cd ..

# replace old image in local repo
docker rmi alexerm/dockerui-auth
docker load -i auth-new.tar

# clean up
rm -rf auth*

# create user password and start container
mkdir /root/dockerui
echo "{{ docker_ui_server_webui_key.password }}" | htpasswd -ci /root/dockerui/.htpasswd admin
mkdir /root/dockerui/ssl
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Unknown/L=Unknown/O=Dis/CN=localhost" -keyout /root/dockerui/ssl/server.key  -out /root/dockerui/ssl/server.crt
docker run -d -p 9000:443 -v /var/run/docker.sock:/var/run/docker.sock -v /root/dockerui/.htpasswd:/app/.htpasswd -v /root/dockerui/ssl:/etc/nginx/ssl alexerm/dockerui-auth

_eof

text_template docker_ui_result_template

Your Docker server is ready at the following IP address:

{{ docker_ui_server.ipaddress_public }}
login:    root
password: {{ docker_ui_server_password_key.password }}

or you can use web interface:

https://{{ docker_ui_server.ipaddress_public }}:9000
login:    admin
password: {{ docker_ui_server_webui_key.password }}

_eof