xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

cleanup sslproxy scripts, and deploy_networks.sh

Browse Source
This commit is contained in:
richard
2021-09-01 08:14:04 -04:00
parent 2290a9a2f0
commit 4fa8b64246
4 changed files with 40 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
dockerfiles/services/services/deploy_networks.sh
View File

@@ -1,18 +1,16 @@
#!/bin/bash -ex #!/bin/bash -ex
export DOCKER_HOST=dkmanager:2376 export DOCKER_HOST=${DOCKER_HOST:-dkmanager:2376}
NETWORK=prod createIfNeeded() {
docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK NETWORK=$1
FLAGS=$2
docker network inspect "$NETWORK" > /dev/null || docker network create $FLAGS --attachable -d overlay "$NETWORK"
}
NETWORK=prod_ui createIfNeeded prod_tasks
docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK createIfNeeded prod
createIfNeeded prod_ui
NETWORK=prod_db createIfNeeded prod_db
docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK createIfNeeded prod_app
createIfNeeded prod_cache
NETWORK=prod_app
docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK
NETWORK=prod_cache
docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK

22
dockerfiles/services/sslproxy/cli/certbot/renew
View File

@@ -1,3 +1,4 @@
#!/usr/bin/env bash
set -e set -e
LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
@@ -13,7 +14,11 @@ run() {
LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2 LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2
fi fi
if $FIX; then
fix
else
update update
fi
} }
update() { update() {
@@ -31,6 +36,17 @@ update() {
renew ${OPTIONS} renew ${OPTIONS}
} }
fix() {
export DOCKER_HOST=${DOCKER_HOST:-'home:2376'}
export LETSENCRYPT_MOUNT
export LETSENCRYPT_IMAGE
export CERT_NAME
echo "Fixing ${ENVIRONMENT}"
docker run --rm -p80:80 -v $LETSENCRYPT_MOUNT:/etc/letsencrypt $LETSENCRYPT_IMAGE certonly --standalone -n --cert-name $CERT_NAME
}
test_new_certs() { test_new_certs() {
echo | openssl s_client -showcerts -servername gnupg.org -connect git.xai-corp.net:443 2>/dev/null \ echo | openssl s_client -showcerts -servername gnupg.org -connect git.xai-corp.net:443 2>/dev/null \
| openssl x509 -inform pem -noout -text \ | openssl x509 -inform pem -noout -text \
@@ -76,7 +92,8 @@ print_usage() {
ENVIRONMENT=dev ENVIRONMENT=dev
OPTIONS="--cert-name ${CERT_NAME}" OPTIONS="--cert-name ${CERT_NAME}"
TEST_CERT=true TEST_CERT=true
while getopts tnpde: name FIX=false
while getopts ftnpde: name
do do
case $name in case $name in
d) d)
@@ -86,6 +103,9 @@ do
TEST_CERT=false TEST_CERT=false
ENVIRONMENT=prod ENVIRONMENT=prod
;; ;;
f)
FIX=true
;;
t) t)
test_new_certs test_new_certs
exit 0 exit 0

2
dockerfiles/services/sslproxy/docker-compose.prod.yml
View File

@@ -35,7 +35,7 @@ services:
deploy: deploy:
mode: replicated mode: replicated
replicas: 2 replicas: 1
restart_policy: restart_policy:
condition: any condition: any
delay: 10s delay: 10s

14
dockerfiles/services/sslproxy/docker-compose.tools.yml
View File

@@ -9,14 +9,14 @@ services:
volumes: volumes:
- ${LETSENCRYPT_MOUNT}:/etc/letsencrypt - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
ports: ports:
- 80:80 - "80:80"
entrypoint: entrypoint:
- certbot - certbot
- certonly - certonly
- --standalone - --standalone
- -n - -n
networks: # networks:
- prod_tasks # - ingress
certificates: certificates:
image: ${LETSENCRYPT_IMAGE} image: ${LETSENCRYPT_IMAGE}
@@ -38,9 +38,5 @@ services:
- 80:80 - 80:80
networks: networks:
prod_ui: ingress:
external: external: true
name: prod_ui
prod_tasks:
external:
name: prod_tasks