adjusting networks for certbot so that we can talk to the right containers
This commit is contained in:
@@ -4,9 +4,9 @@
|
||||
version: '3.4'
|
||||
|
||||
networks:
|
||||
prod:
|
||||
external:
|
||||
name: prod
|
||||
# prod:
|
||||
# external:
|
||||
# name: prod
|
||||
prod_ui:
|
||||
external:
|
||||
name: prod_ui
|
||||
@@ -19,3 +19,6 @@ networks:
|
||||
prod_app:
|
||||
external:
|
||||
name: prod_app
|
||||
prod_tasks:
|
||||
external:
|
||||
name: prod_tasks
|
||||
|
||||
@@ -17,11 +17,5 @@ run() {
|
||||
run test $@
|
||||
}
|
||||
|
||||
run_help() {
|
||||
docker-compose \
|
||||
-f docker-compose.tools.yml \
|
||||
run test --help $@
|
||||
}
|
||||
|
||||
|
||||
run $@
|
||||
|
||||
@@ -1,3 +1 @@
|
||||
ARGS - The arguments you wish to provide to this command
|
||||
|
||||
TODO: Fill out the help information for this command.
|
||||
prod if you want to see info about production certs
|
||||
|
||||
@@ -1 +1 @@
|
||||
ARGS...
|
||||
[prod]
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -x
|
||||
|
||||
LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
|
||||
LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
|
||||
@@ -8,10 +7,6 @@ CERT_NAME=xai-corp.net
|
||||
|
||||
LOG=$(mktemp)
|
||||
|
||||
##export LOCAL_IMAGE
|
||||
#export REMOTE_IMAGE
|
||||
##export TAG
|
||||
|
||||
###
|
||||
|
||||
run() {
|
||||
@@ -31,7 +26,24 @@ update() {
|
||||
# shellcheck disable=SC2086
|
||||
docker-compose \
|
||||
-f docker-compose.tools.yml \
|
||||
run --name sslproxy_renew renew ${OPTIONS}
|
||||
run --rm --name sslproxy_renew \
|
||||
renew ${OPTIONS}
|
||||
}
|
||||
|
||||
test_new_certs() {
|
||||
echo | openssl s_client -showcerts -servername gnupg.org -connect git.xai-corp.net:443 2>/dev/null \
|
||||
| openssl x509 -inform pem -noout -text \
|
||||
| grep 'Timestamp :'
|
||||
}
|
||||
|
||||
retart_nginx() {
|
||||
export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
echo restarting nginx
|
||||
|
||||
containers=$(docker ps -q --filter "status=running" --filter "name=sslproxy_app")
|
||||
for c in $containers; do
|
||||
docker exec -it $c nginx -s reload
|
||||
done
|
||||
}
|
||||
|
||||
function trap_exit() {
|
||||
@@ -61,18 +73,24 @@ print_usage() {
|
||||
|
||||
ENVIRONMENT=dev
|
||||
OPTIONS="--cert-name ${CERT_NAME}"
|
||||
while getopts de: name
|
||||
TEST_CERT=true
|
||||
while getopts tnpde: name
|
||||
do
|
||||
case $name in
|
||||
d)
|
||||
OPTIONS="$OPTIONS --dry-run"
|
||||
;;
|
||||
e)
|
||||
if [ $OPTARG == 'prod' ]; then
|
||||
p)
|
||||
TEST_CERT=false
|
||||
ENVIRONMENT=prod
|
||||
else
|
||||
OPTIONS="$OPTIONS --test-cert"
|
||||
fi
|
||||
;;
|
||||
t)
|
||||
test_new_certs
|
||||
exit 0
|
||||
;;
|
||||
n)
|
||||
retart_nginx
|
||||
exit 0
|
||||
;;
|
||||
:)
|
||||
echo "Invalid option: $OPTARG requires an argument" 1>&2
|
||||
@@ -81,5 +99,11 @@ do
|
||||
esac
|
||||
done
|
||||
|
||||
if [ "$TEST_CERT" == "true" ]; then
|
||||
OPTIONS="$OPTIONS --test-cert"
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2068
|
||||
run $@
|
||||
restart_nginx
|
||||
test_new_certs
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
ARGS - The arguments you wish to provide to this command
|
||||
renew certificates
|
||||
|
||||
TODO: Fill out the help information for this command.
|
||||
-p update production certs, otherwise we will update the staging certificates
|
||||
|
||||
@@ -1 +1 @@
|
||||
ARGS...
|
||||
[-p]
|
||||
|
||||
@@ -54,6 +54,9 @@ function deploy_test() {
|
||||
assertOK https xaibox.xai-corp.net
|
||||
# curl -If https://git.xai-corp.net/
|
||||
# curl -If -H "Host: not.xai-corp.net" https://dkhost
|
||||
|
||||
assertNetwork prod_ui
|
||||
assertNetwork prod_tasks
|
||||
}
|
||||
|
||||
function deploy_save() {
|
||||
@@ -79,6 +82,12 @@ function assertOK() {
|
||||
| tee "$LOG" | grep -P "200 OK|302 Found|403 Forbidden"
|
||||
}
|
||||
|
||||
function assertNetwork() {
|
||||
network=$1
|
||||
echo -e "\033[94minspecting network\033[39m $network"
|
||||
docker network inspect "$network" | jq -r .[].Containers[].Name | tee "$LOG" | grep sslproxy_app
|
||||
}
|
||||
|
||||
function trap_exit() {
|
||||
code=$?
|
||||
docker service ls | grep "${APP_NAME}"
|
||||
|
||||
@@ -1,9 +1,22 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -ex
|
||||
|
||||
export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
|
||||
container=$(docker ps -qn1)
|
||||
|
||||
while getopts c: name
|
||||
do
|
||||
case $name in
|
||||
c)
|
||||
container=$OPTARG
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift $((OPTIND -1))
|
||||
|
||||
# shellcheck disable=SC2068
|
||||
docker exec -it "$container" $@
|
||||
#docker network inspect ingress
|
||||
|
||||
@@ -6,7 +6,8 @@ export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
#container=$(docker service ps -q --filter "desired-state=Running" sslproxy_app | head -n 1)
|
||||
|
||||
inspect_service() {
|
||||
docker service ps --filter "desired-state=Running" sslproxy_app
|
||||
# docker service ps --filter "desired-state=Running" sslproxy_app
|
||||
docker service inspect sslproxy_app
|
||||
}
|
||||
|
||||
inspect_stack() {
|
||||
@@ -17,10 +18,16 @@ inspect_containers() {
|
||||
docker ps -n2
|
||||
}
|
||||
|
||||
inspect_network() {
|
||||
docker $@
|
||||
}
|
||||
|
||||
if [ "$1" == "service" ]; then
|
||||
inspect_service
|
||||
elif [ "$1" == "stack" ]; then
|
||||
inspect_stack
|
||||
elif [ "$1" == "network" ]; then
|
||||
inspect_network $@
|
||||
else
|
||||
inspect_containers
|
||||
fi
|
||||
|
||||
@@ -4,7 +4,7 @@ version: '3.4'
|
||||
services:
|
||||
|
||||
renew:
|
||||
container_name: certbot
|
||||
container_name: sslproxy_renew
|
||||
image: ${LETSENCRYPT_IMAGE}
|
||||
volumes:
|
||||
- ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
|
||||
@@ -14,8 +14,9 @@ services:
|
||||
- certbot
|
||||
- certonly
|
||||
- --standalone
|
||||
- -n
|
||||
networks:
|
||||
- prod_tasks:
|
||||
- prod_tasks
|
||||
|
||||
certificates:
|
||||
image: ${LETSENCRYPT_IMAGE}
|
||||
|
||||
Reference in New Issue
Block a user