cleanup sslproxy scripts, and deploy_networks.sh

2021-09-01 08:14:04 -04:00
parent 2290a9a2f0
commit 4fa8b64246
4 changed files with 40 additions and 26 deletions
--- a/dockerfiles/services/services/deploy_networks.sh
+++ b/dockerfiles/services/services/deploy_networks.sh
@@ -1,18 +1,16 @@
 #!/bin/bash -ex

-export DOCKER_HOST=dkmanager:2376
+export DOCKER_HOST=${DOCKER_HOST:-dkmanager:2376}

-NETWORK=prod
-docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK
+createIfNeeded() {
+  NETWORK=$1
+  FLAGS=$2
+  docker network inspect "$NETWORK" > /dev/null || docker network create $FLAGS --attachable -d overlay "$NETWORK"
+}

-NETWORK=prod_ui
-docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK
-
-NETWORK=prod_db
-docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK
-
-NETWORK=prod_app
-docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK
-
-NETWORK=prod_cache
-docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK
+createIfNeeded prod_tasks
+createIfNeeded prod
+createIfNeeded prod_ui
+createIfNeeded prod_db
+createIfNeeded prod_app
+createIfNeeded prod_cache
--- a/dockerfiles/services/sslproxy/cli/certbot/renew
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
 set -e

 LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
@@ -13,7 +14,11 @@ run() {
    LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2
  fi

-  update
+  if $FIX; then
+    fix
+  else
+    update
+  fi
 }

 update() {
@@ -31,6 +36,17 @@ update() {
    renew ${OPTIONS}
 }

+fix() {
+  export DOCKER_HOST=${DOCKER_HOST:-'home:2376'}
+  export LETSENCRYPT_MOUNT
+  export LETSENCRYPT_IMAGE
+  export CERT_NAME
+
+  echo "Fixing ${ENVIRONMENT}"
+
+  docker run --rm -p80:80 -v $LETSENCRYPT_MOUNT:/etc/letsencrypt $LETSENCRYPT_IMAGE certonly --standalone -n --cert-name $CERT_NAME
+}
+
 test_new_certs() {
  echo | openssl s_client -showcerts -servername gnupg.org -connect git.xai-corp.net:443 2>/dev/null \
   | openssl x509 -inform pem -noout -text \
@@ -76,7 +92,8 @@ print_usage() {
 ENVIRONMENT=dev
 OPTIONS="--cert-name ${CERT_NAME}"
 TEST_CERT=true
-while getopts tnpde: name
+FIX=false
+while getopts ftnpde: name
 do
    case $name in
    d)
@@ -86,6 +103,9 @@ do
        TEST_CERT=false
        ENVIRONMENT=prod
      ;;
+    f)
+        FIX=true
+        ;;
    t)
      test_new_certs
      exit 0
--- a/dockerfiles/services/sslproxy/docker-compose.prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.prod.yml
@@ -35,7 +35,7 @@ services:

    deploy:
      mode: replicated
-      replicas: 2
+      replicas: 1
      restart_policy:
        condition: any
        delay: 10s
--- a/dockerfiles/services/sslproxy/docker-compose.tools.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.tools.yml
@@ -9,14 +9,14 @@ services:
    volumes:
      - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
    ports:
-      - 80:80
+      - "80:80"
    entrypoint:
      - certbot
      - certonly
      - --standalone
      - -n
-    networks:
-      - prod_tasks
+#    networks:
+#      - ingress

  certificates:
    image: ${LETSENCRYPT_IMAGE}
@@ -38,9 +38,5 @@ services:
      - 80:80

 networks:
-  prod_ui:
-    external:
-      name: prod_ui
-  prod_tasks:
-    external:
-      name: prod_tasks
+  ingress:
+    external: true