github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch from docker-compose to docker compose plugin (#73)

Browse Source 
The standalone docker-compose has been deprecated in favor of a plugin
for the compose binary.
This commit is contained in:
Arjan H
2023-07-02 16:10:38 +02:00
parent e3e0767303
commit 012a7a5d53
14 changed files with 125 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@@ -103,28 +103,29 @@ The end users in your organization / lab can visit the public pages of you LabCA
## Troubleshooting
After installing sometimes the application is not starting up properly and it can be quite hard to figure out why.
First, make sure that all five containers are running:
First, make sure that all six containers are running:
```
root@testpki:/home/labca/boulder# docker-compose ps -a
NAME COMMAND SERVICE STATUS PORTS
boulder-bmysql-1 "docker-entrypoint.s…" bmysql running 3306/tcp
boulder-boulder-1 "labca/entrypoint.sh" boulder running 4001-4003/tcp
boulder-control-1 "./control.sh" control running 3030/tcp
boulder-labca-1 "./setup.sh" labca running 3000/tcp
boulder-nginx-1 "/docker-entrypoint.…" nginx running 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, :::80->80/tcp, :::443->443/tcp
root@testpki:/home/labca/boulder# docker compose ps -a
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
labca-bconsul-1 hashicorp/consul:1.14.2 "docker-entrypoint.s…" bconsul 2 hours ago Up About an hour 8300-8302/tcp, 8500/tcp, 8301-8302/udp, 8600/tcp, 8600/udp
labca-bmysql-1 mariadb:10.5 "docker-entrypoint.s…" bmysql 2 hours ago Up About an hour 3306/tcp
labca-boulder-1 letsencrypt/boulder-tools:go1.20.5_2023-06-20 "labca/entrypoint.sh" boulder 2 hours ago Up About an hour 4001-4003/tcp
labca-control-1 letsencrypt/boulder-tools:go1.20.5_2023-06-20 "./control.sh" control 2 hours ago Up 2 hours 3030/tcp
labca-gui-1 letsencrypt/boulder-tools:go1.20.5_2023-06-20 "./setup.sh" gui 2 hours ago Up 2 hours 3000/tcp
labca-nginx-1 nginx:1.25.1 "/docker-entrypoint.…" nginx 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp
```
Some log files to check in case of issues are:
* /home/labca/nginx_data/ssl/acme_tiny.log
* cd /home/labca/boulder; docker-compose exec control cat /logs/commander.log (if it exists)
* cd /home/labca/boulder; docker-compose logs control
* cd /home/labca/boulder; docker-compose logs boulder
* cd /home/labca/boulder; docker-compose logs labca
* possibly cd /home/labca/boulder; docker-compose logs nginx
* cd /home/labca/boulder; docker compose exec control cat /logs/commander.log (if it exists)
* cd /home/labca/boulder; docker compose logs control
* cd /home/labca/boulder; docker compose logs boulder
* cd /home/labca/boulder; docker compose logs labca
* possibly cd /home/labca/boulder; docker compose logs nginx
### Common error messages
If you get "**No valid IP addresses found for <hostname>**" in /home/labca/nginx_data/ssl/acme_tiny.log, solve it by entering the hostname in your local DNS. Same for "**Could not resolve host: <hostname>**" in one of those docker-compose logs.
If you get "**No valid IP addresses found for <hostname>**" in /home/labca/nginx_data/ssl/acme_tiny.log, solve it by entering the hostname in your local DNS. Same for "**Could not resolve host: <hostname>**" in one of those docker compose logs.
When issuing a certificate, LabCA/boulder checks for CAA (Certification Authority Authorization) records in DNS, which specify what CAs are allowed to issue certificates for the domain. If you get an error like "**SERVFAIL looking up CAA for internal**" or "**CAA record for ca01.foo.internal prevents issuance**", you can try to add something like this to your DNS domain:
```

8
README_dockeronly.md
View File

@@ -1,6 +1,6 @@
# LabCA Docker Only ![status-beta](https://img.shields.io/badge/status-beta-yellow.svg)
It is now also possible, instead of dedicating a complete (virtual) machine to LabCA, to run LabCA using docker-compose on a non-dedicated machine. This is quite new and therefore still needs more testing.
It is now also possible, instead of dedicating a complete (virtual) machine to LabCA, to run LabCA using docker compose on a non-dedicated machine. This is quite new and therefore still needs more testing.
## Startup
@@ -9,14 +9,14 @@ The `docker-compose.yml` file is located in the `build` subdirectory for now. Yo
git clone https://github.com/hakwerk/labca.git
cd labca/build
export LABCA_FQDN=labca.example.com
docker-compose up -d
docker compose up -d
```
And to tail the logs, especially if there are any issues:
```
docker-compose logs -f
docker compose logs -f
```
In case you get an error like the after running `docker-compose up`:
In case you get an error like the after running `docker compose up`:
```
Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "labca/entrypoint.sh": stat labca/entrypoint.sh: no such file or directory: unknown
```

2
backup
View File

@@ -16,7 +16,7 @@ mkdir -p $TMPDIR
mkdir -p /opt/backup
cd /opt/boulder
docker-compose exec -T bmysql mysqldump boulder_sa_integration >$TMPDIR/boulder_sa_integration.sql
docker compose exec bmysql mysqldump boulder_sa_integration >$TMPDIR/boulder_sa_integration.sql
cp -p /etc/nginx/ssl/*key* /etc/nginx/ssl/*cert.pem /etc/nginx/ssl/*.csr $TMPDIR/

26
build/Dockerfile-control
View File

@@ -4,12 +4,21 @@ RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
cron \
curl \
&& curl -fsSL https://get.docker.com -o get-docker.sh \
&& sh get-docker.sh \
&& curl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose \
&& chmod +x /usr/local/bin/docker-compose \
gnupg \
&& install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
&& chmod a+r /etc/apt/keyrings/docker.gpg \
&& echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
docker-ce \
docker-ce-cli \
containerd.io \
docker-compose-plugin \
&& rm -rf /var/lib/apt/lists/*
FROM ubuntu:focal
@@ -26,12 +35,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /usr/bin/docker /usr/bin/docker
COPY --from=builder /lib/x86_64-linux-gnu/libpthread.so.0 /lib/x86_64-linux-gnu/libpthread.so.0
COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.2 /lib/x86_64-linux-gnu/libdl.so.2
COPY --from=builder /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libc.so.6
COPY --from=builder /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
COPY --from=builder /usr/local/bin/docker-compose /usr/local/bin/docker-compose
COPY --from=builder /usr/libexec/docker/cli-plugins/docker-compose /usr/libexec/docker/cli-plugins/docker-compose
COPY tmp/acme_tiny.py /opt/labca/
COPY tmp/backup /opt/labca/

26
build/Dockerfile-gui
View File

@@ -1,3 +1,26 @@
FROM ubuntu:focal as builder
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
curl \
gnupg \
&& install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
&& chmod a+r /etc/apt/keyrings/docker.gpg \
&& echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
docker-ce \
docker-ce-cli \
containerd.io \
docker-compose-plugin \
&& rm -rf /var/lib/apt/lists/*
FROM ubuntu:focal
RUN apt-get update && \
@@ -7,6 +30,9 @@ RUN apt-get update && \
zip \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /usr/bin/docker /usr/bin/docker
COPY --from=builder /usr/libexec/docker/cli-plugins/docker-compose /usr/libexec/docker/cli-plugins/docker-compose
COPY tmp/labca-gui /opt/labca/bin/
COPY tmp/nameidtool /opt/labca/
COPY tmp/admin/setup.sh /opt/labca/

4
build/build.sh
View File

@@ -43,9 +43,7 @@ cp $cloneDir/nginx.conf $TMP_DIR/
cp $cloneDir/proxy.conf $TMP_DIR/
cp $cloneDir/utils/nameidtool.go $TMP_DIR/
cp -rp $cloneDir/gui/* $TMP_DIR/admin/
sed -i -e "s/^bin\/labca-gui//" $TMP_DIR/admin/setup.sh
sed -i -e "s/.*apt .*//" $TMP_DIR/admin/setup.sh
sed -i -e "s/.*apt-.*//" $TMP_DIR/admin/setup.sh
head -13 $cloneDir/gui/setup.sh > $TMP_DIR/admin/setup.sh
sed -i '/^$/d' $TMP_DIR/admin/setup.sh
echo

48
commander
View File

@@ -39,7 +39,7 @@ read txt
case $txt in
"docker-restart")
cd /opt/boulder
COMPOSE_HTTP_TIMEOUT=120 docker-compose restart boulder bmysql bconsul gui nginx &>>$LOGFILE
COMPOSE_HTTP_TIMEOUT=120 docker compose restart boulder bmysql bconsul gui nginx &>>$LOGFILE
sleep 45
wait_up $PS_MYSQL &>>$LOGFILE
wait_up $PS_CONSUL 2 &>>$LOGFILE
@@ -86,11 +86,11 @@ case $txt in
;;
"nginx-reload")
cd /opt/boulder
docker-compose exec -T nginx nginx -s reload &>>$LOGFILE
docker compose exec nginx nginx -s reload &>>$LOGFILE
;;
"nginx-restart")
cd /opt/boulder
docker-compose restart nginx &>>$LOGFILE
docker compose restart nginx &>>$LOGFILE
;;
"log-cert")
[ -f /etc/nginx/ssl/acme_tiny.log ] && tail -200 /etc/nginx/ssl/acme_tiny.log || /bin/true
@@ -102,7 +102,7 @@ case $txt in
;;
"log-control-notail")
cd /opt/boulder
docker-compose logs --no-color --tail=50 control
docker compose logs --no-color --tail=50 control
;;
"log-cron")
[ -f /opt/logs/cron.log ] && tail -n200 -f /opt/logs/cron.log || /bin/true
@@ -110,34 +110,34 @@ case $txt in
;;
"log-boulder")
cd /opt/boulder
docker-compose logs -f --no-color --tail=50 boulder
docker compose logs -f --no-color --tail=50 boulder
;;
"log-boulder-notail")
cd /opt/boulder
docker-compose logs --no-color --tail=50 boulder
docker compose logs --no-color --tail=50 boulder
;;
"log-audit")
cd /opt/boulder
docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -50
docker-compose logs -f --no-color --tail=0 boulder | grep "\[AUDIT\]"
docker compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -50
docker compose logs -f --no-color --tail=0 boulder | grep "\[AUDIT\]"
;;
"log-activity")
cd /opt/boulder
echo "GMT"
docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -15
docker compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -15
exit 0
;;
"log-labca")
cd /opt/boulder
docker-compose logs -f --no-color --tail=50 gui
docker compose logs -f --no-color --tail=50 gui
;;
"log-labca-notail")
cd /opt/boulder
docker-compose logs --no-color --tail=50 gui
docker compose logs --no-color --tail=50 gui
;;
"log-web")
cd /opt/boulder
docker-compose logs -f --no-color --tail=50 nginx
docker compose logs -f --no-color --tail=50 nginx
;;
"log-components")
nginx=$(docker inspect $(docker ps --format "{{.Names}}" | grep -- -nginx-) | grep -i started | grep -v depends_on | sed -e "s/[^:]*:\(.*\)/\1/" | sed -e "s/.*\"\(.*\)\".*/\1/")
@@ -162,32 +162,32 @@ case $txt in
read serial
read reasonCode
cd /opt/boulder
docker-compose exec -T boulder bin/admin-revoker serial-revoke --config labca/config/admin-revoker.json $serial $reasonCode 2>&1
docker compose exec boulder bin/admin-revoker serial-revoke --config labca/config/admin-revoker.json $serial $reasonCode 2>&1
;;
"test-email")
read recipient
cd /opt/boulder
docker-compose exec -T boulder bin/mail-tester --config labca/config/expiration-mailer.json $recipient 2>&1
docker compose exec boulder bin/mail-tester --config labca/config/expiration-mailer.json $recipient 2>&1
;;
"boulder-start")
cd /opt/boulder
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d bmysql bconsul
COMPOSE_HTTP_TIMEOUT=120 docker compose up -d bmysql bconsul
wait_up $PS_MYSQL &>>$LOGFILE
wait_up $PS_CONSUL 2 &>>$LOGFILE
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d boulder
COMPOSE_HTTP_TIMEOUT=120 docker compose up -d boulder
wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
;;
"boulder-stop")
cd /opt/boulder
docker-compose stop boulder
docker-compose stop bmysql bconsul
docker compose stop boulder
docker compose stop bmysql bconsul
wait_down $PS_MYSQL &>>$LOGFILE
wait_down $PS_CONSUL &>>$LOGFILE
wait_down $PS_BOULDER &>>$LOGFILE
;;
"boulder-restart")
cd /opt/boulder
COMPOSE_HTTP_TIMEOUT=120 docker-compose restart boulder bmysql bconsul &>>$LOGFILE
COMPOSE_HTTP_TIMEOUT=120 docker compose restart boulder bmysql bconsul &>>$LOGFILE
sleep 30
wait_up $PS_MYSQL &>>$LOGFILE
wait_up $PS_CONSUL 2 &>>$LOGFILE
@@ -195,20 +195,20 @@ case $txt in
;;
"labca-restart")
cd /opt/boulder
COMPOSE_HTTP_TIMEOUT=120 docker-compose restart gui
COMPOSE_HTTP_TIMEOUT=120 docker compose restart gui
sleep 15
wait_up $PS_LABCA &>>$LOGFILE
;;
"mysql-restart")
cd /opt/boulder
set +e
COMPOSE_HTTP_TIMEOUT=120 docker-compose restart bmysql
COMPOSE_HTTP_TIMEOUT=120 docker compose restart bmysql
set -e
;;
"consul-restart")
cd /opt/boulder
set +e
COMPOSE_HTTP_TIMEOUT=120 docker-compose restart bconsul
COMPOSE_HTTP_TIMEOUT=120 docker compose restart bconsul
set -e
;;
"log-backups")
@@ -230,8 +230,8 @@ case $txt in
;;
"server-restart")
cd /opt/boulder
nohup docker-compose restart gui & >/dev/null
nohup docker-compose restart nginx & >/dev/null
nohup docker compose restart gui & >/dev/null
nohup docker compose restart nginx & >/dev/null
;;
"version-update")
cd $dn

18
control.sh
View File

@@ -32,23 +32,6 @@ install_docker() {
apt install -y docker-ce
}
# TODO: install docker-compose should be done in pre-baked image
install_docker_compose() {
dockerComposeVersion="v2.5.0"
local dcver=""
[ -x /usr/local/bin/docker-compose ] && dcver="`/usr/local/bin/docker-compose --version`"
local vercmp=${dcver/$dockerComposeVersion/}
if [ "$dcver" == "" ] || [ "$dcver" == "$vercmp" ]; then
local v1test=${dcver/version 1./}
if [ "$dcver" != "$v1test" ] && [ "$dcver" != "" ]; then
mv /usr/local/bin/docker-compose /usr/local/bin/docker-compose-v1
fi
curl -sSL https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
fi
}
selfsigned_cert() {
pushd /etc/nginx/ssl >/dev/null
openssl req -x509 -nodes -sha256 -newkey rsa:2048 -keyout labca_key.pem -out labca_cert.pem -days 7 \
@@ -99,7 +82,6 @@ main() {
get_fqdn
docker ps &>/dev/null || install_docker
install_docker_compose
[ -e /etc/nginx/ssl/labca_cert.pem ] || selfsigned_cert
renew_near_expiry

6
gui/main.go
View File

@@ -324,15 +324,15 @@ func errorHandler(w http.ResponseWriter, r *http.Request, err error, status int)
}
data = getLog(w, r, "control-notail")
if data != "" {
FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs control", "Content": data})
FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker compose logs control", "Content": data})
}
data = getLog(w, r, "boulder-notail")
if data != "" {
FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs boulder", "Content": data})
FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker compose logs boulder", "Content": data})
}
data = getLog(w, r, "labca-notail")
if data != "" {
FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs labca", "Content": data})
FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker compose logs labca", "Content": data})
}
render(w, r, "error", map[string]interface{}{"Message": "Some unexpected error occurred!", "FileErrors": FileErrors})

22
gui/setup.sh
View File

@@ -12,14 +12,18 @@ if [ ! -e bin/labca-gui ]; then
fi
export DEBIAN_FRONTEND=noninteractive
apt update
[ -e /bin/ip ] || apt install -y iproute2
[ -e /bin/zip ] || apt install -y zip
apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
apt-cache policy docker-ce
apt update
apt install -y docker-ce
apt-get update
apt-get install -y iproute2 zip
apt-get install -y apt-transport-https ca-certificates curl software-properties-common gnupg
install -m 0755 -d /etc/apt/keyrings
[ ! -e /etc/apt/keyrings/docker.gpg ] || mv /etc/apt/keyrings/docker.gpg /etc/apt/keyrings/docker.gpg_PREV
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
bin/labca-gui

48
install
View File

@@ -438,36 +438,28 @@ install_pkg() {
}
install_extra() {
local packages=(apt-transport-https ca-certificates curl gnupg2 net-tools software-properties-common tzdata ucspi-tcp zip python)
local packages=(apt-transport-https ca-certificates curl gnupg net-tools tzdata ucspi-tcp zip python)
for package in "${packages[@]}"; do
install_pkg "$package"
done
distrib=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
curl -fsSL https://download.docker.com/linux/${distrib}/gpg 2>>$installLog | apt-key add - &>>$installLog || msg_fatal "Could not download docker repository key"
add-apt-repository -r -y "deb [arch=amd64] https://download.docker.com/linux/${distrib} $(lsb_release -cs) stable" &>>$installLog
add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/${distrib} $(lsb_release -cs) stable" &>>$installLog
apt-cache policy docker-ce &>>$installLog
apt update &>>$installLog
install_pkg "docker-ce"
install -m 0755 -d /etc/apt/keyrings
[ ! -e /etc/apt/keyrings/docker.gpg ] || mv /etc/apt/keyrings/docker.gpg /etc/apt/keyrings/docker.gpg_PREV
curl -fsSL https://download.docker.com/linux/${distrib}/gpg 2>>$installLog | gpg --dearmor -o /etc/apt/keyrings/docker.gpg &>>$installLog || msg_fatal "Could not download docker repository key"
chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/${distrib} \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null &>>$installLog
apt-get update &>>$installLog
local packages=(docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin)
for package in "${packages[@]}"; do
install_pkg "$package"
done
# Make sure the labca user has docker permissions
usermod -aG docker labca
msg_info "Install binary 'docker-compose'"
local dcver=""
[ -x /usr/local/bin/docker-compose ] && dcver="`/usr/local/bin/docker-compose --version`"
local vercmp=${dcver/$dockerComposeVersion/}
if [ "$dcver" == "" ] || [ "$dcver" == "$vercmp" ]; then
local v1test=${dcver/version 1./}
if [ "$dcver" != "$v1test" ] && [ "$dcver" != "" ]; then
mv /usr/local/bin/docker-compose /usr/local/bin/docker-compose-v1
fi
curl -sSL https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose &>>$installLog || msg_fatal "Could not download docker-compose"
chmod +x /usr/local/bin/docker-compose
fi
msg_ok "Binary 'docker-compose' is installed"
}
# Configure the static web pages (for end users)
@@ -729,20 +721,20 @@ startup() {
if [ $num -eq 0 ]; then
perl -i -p0e "s/(version:.*\n).*\n?(services:\n)/\1name: labca\n\2/" docker-compose.yml
fi
cnt=$(docker-compose ps | wc -l)
cnt=$(docker compose ps | wc -l)
if [ "$cnt" -le "2" ]; then
msg="Download docker images and build containers"
fi
msg_info "$msg (this will take a while!!)"
docker-compose pull -q &>>$installLog
docker compose pull -q &>>$installLog
cnt=$(count $PS_CONTROL || echo "0")
docker-compose stop boulder bmysql labca nginx bconsul gui &>>$installLog || true
docker compose stop boulder bmysql labca nginx bconsul gui &>>$installLog || true
for ct in boulder_bhsm_1 boulder_bredis_1 boulder_bredis_2 boulder_bredis_3 boulder_bredis_4 boulder_bredis_5 boulder_bredis_6; do
[ -z "$(docker ps | grep $ct)" ] || docker stop $ct &>>$installLog
done
if [ $num -ne 0 ]; then
docker-compose stop control &>>$installLog || true
docker compose stop control &>>$installLog || true
fi
wait_down $PS_NGINX &>>$installLog || true
wait_down $PS_MYSQL &>>$installLog || true
@@ -778,7 +770,7 @@ startup() {
docker run --rm -v boulder_dbdata:/old -v labca_dbdata:/new $dimg bash -c "cp -R /old/* /new/" &>>$installLog
fi
COMPOSE_HTTP_TIMEOUT=180 docker-compose up -d &>>$installLog
COMPOSE_HTTP_TIMEOUT=180 docker compose up -d &>>$installLog
wait_up $PS_NGINX &>>$installLog || true
wait_up $PS_MYSQL &>>$installLog || true
@@ -789,7 +781,7 @@ startup() {
[ -f "$boulderLabCADir/setup_complete" ] && wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$installLog || /bin/true
if [ $cnt -gt 0 ]; then
COMPOSE_HTTP_TIMEOUT=180 docker-compose restart control &>>$installLog
COMPOSE_HTTP_TIMEOUT=180 docker compose restart control &>>$installLog
fi
msg_ok "$msg"

2
mailer
View File

@@ -6,4 +6,4 @@ TODAY=`date '+%Y_%m_%d'`
echo "Running cron-$(basename $0) for ${TODAY}..."
cd /opt/boulder
docker-compose exec -T boulder bin/expiration-mailer --config labca/config/expiration-mailer.json 2>&1
docker compose exec boulder bin/expiration-mailer --config labca/config/expiration-mailer.json 2>&1

2
renew
View File

@@ -9,4 +9,4 @@ python3 /opt/labca/acme_tiny.py --account-key ./account.key --csr ./domain.csr -
mv domain_chain.crt labca_cert.pem
cd /opt/boulder
docker-compose restart nginx
docker compose restart nginx

2
restore
View File

@@ -16,7 +16,7 @@ tar xzf $FILE 2>&1
cd /opt/boulder
[ -f $TMPDIR/boulder_sa_integration.sql ] || (echo "MySQL backup file not found"; exit 1)
sed -i -e "s/\(INSERT INTO \`gorp_migrations\`.*\)/-- \1/" $TMPDIR/boulder_sa_integration.sql
docker-compose exec -T bmysql mysql boulder_sa_integration <$TMPDIR/boulder_sa_integration.sql
docker compose exec bmysql mysql boulder_sa_integration <$TMPDIR/boulder_sa_integration.sql
mv -f $TMPDIR/*key* $TMPDIR/*cert.pem $TMPDIR/*.csr /etc/nginx/ssl/