From 012a7a5d53e65fc9ef601b225f3927ac997b1988 Mon Sep 17 00:00:00 2001 From: Arjan H Date: Sun, 2 Jul 2023 16:10:38 +0200 Subject: [PATCH] Switch from docker-compose to docker compose plugin (#73) The standalone docker-compose has been deprecated in favor of a plugin for the compose binary. --- README.md | 29 ++++++++++++------------ README_dockeronly.md | 8 +++---- backup | 2 +- build/Dockerfile-control | 26 +++++++++++++--------- build/Dockerfile-gui | 26 ++++++++++++++++++++++ build/build.sh | 4 +--- commander | 48 ++++++++++++++++++++-------------------- control.sh | 18 --------------- gui/main.go | 6 ++--- gui/setup.sh | 22 ++++++++++-------- install | 48 +++++++++++++++++----------------------- mailer | 2 +- renew | 2 +- restore | 2 +- 14 files changed, 125 insertions(+), 118 deletions(-) diff --git a/README.md b/README.md index b499d1f..b4ab2da 100644 --- a/README.md +++ b/README.md @@ -103,28 +103,29 @@ The end users in your organization / lab can visit the public pages of you LabCA ## Troubleshooting After installing sometimes the application is not starting up properly and it can be quite hard to figure out why. -First, make sure that all five containers are running: +First, make sure that all six containers are running: ``` -root@testpki:/home/labca/boulder# docker-compose ps -a -NAME COMMAND SERVICE STATUS PORTS -boulder-bmysql-1 "docker-entrypoint.s…" bmysql running 3306/tcp -boulder-boulder-1 "labca/entrypoint.sh" boulder running 4001-4003/tcp -boulder-control-1 "./control.sh" control running 3030/tcp -boulder-labca-1 "./setup.sh" labca running 3000/tcp -boulder-nginx-1 "/docker-entrypoint.…" nginx running 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, :::80->80/tcp, :::443->443/tcp +root@testpki:/home/labca/boulder# docker compose ps -a +NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS +labca-bconsul-1 hashicorp/consul:1.14.2 "docker-entrypoint.s…" bconsul 2 hours ago Up About an hour 8300-8302/tcp, 8500/tcp, 8301-8302/udp, 8600/tcp, 8600/udp +labca-bmysql-1 mariadb:10.5 "docker-entrypoint.s…" bmysql 2 hours ago Up About an hour 3306/tcp +labca-boulder-1 letsencrypt/boulder-tools:go1.20.5_2023-06-20 "labca/entrypoint.sh" boulder 2 hours ago Up About an hour 4001-4003/tcp +labca-control-1 letsencrypt/boulder-tools:go1.20.5_2023-06-20 "./control.sh" control 2 hours ago Up 2 hours 3030/tcp +labca-gui-1 letsencrypt/boulder-tools:go1.20.5_2023-06-20 "./setup.sh" gui 2 hours ago Up 2 hours 3000/tcp +labca-nginx-1 nginx:1.25.1 "/docker-entrypoint.…" nginx 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp ``` Some log files to check in case of issues are: * /home/labca/nginx_data/ssl/acme_tiny.log -* cd /home/labca/boulder; docker-compose exec control cat /logs/commander.log (if it exists) -* cd /home/labca/boulder; docker-compose logs control -* cd /home/labca/boulder; docker-compose logs boulder -* cd /home/labca/boulder; docker-compose logs labca -* possibly cd /home/labca/boulder; docker-compose logs nginx +* cd /home/labca/boulder; docker compose exec control cat /logs/commander.log (if it exists) +* cd /home/labca/boulder; docker compose logs control +* cd /home/labca/boulder; docker compose logs boulder +* cd /home/labca/boulder; docker compose logs labca +* possibly cd /home/labca/boulder; docker compose logs nginx ### Common error messages -If you get "**No valid IP addresses found for **" in /home/labca/nginx_data/ssl/acme_tiny.log, solve it by entering the hostname in your local DNS. Same for "**Could not resolve host: **" in one of those docker-compose logs. +If you get "**No valid IP addresses found for **" in /home/labca/nginx_data/ssl/acme_tiny.log, solve it by entering the hostname in your local DNS. Same for "**Could not resolve host: **" in one of those docker compose logs. When issuing a certificate, LabCA/boulder checks for CAA (Certification Authority Authorization) records in DNS, which specify what CAs are allowed to issue certificates for the domain. If you get an error like "**SERVFAIL looking up CAA for internal**" or "**CAA record for ca01.foo.internal prevents issuance**", you can try to add something like this to your DNS domain: ``` diff --git a/README_dockeronly.md b/README_dockeronly.md index 22f7b86..e4c643d 100644 --- a/README_dockeronly.md +++ b/README_dockeronly.md @@ -1,6 +1,6 @@ # LabCA Docker Only ![status-beta](https://img.shields.io/badge/status-beta-yellow.svg) -It is now also possible, instead of dedicating a complete (virtual) machine to LabCA, to run LabCA using docker-compose on a non-dedicated machine. This is quite new and therefore still needs more testing. +It is now also possible, instead of dedicating a complete (virtual) machine to LabCA, to run LabCA using docker compose on a non-dedicated machine. This is quite new and therefore still needs more testing. ## Startup @@ -9,14 +9,14 @@ The `docker-compose.yml` file is located in the `build` subdirectory for now. Yo git clone https://github.com/hakwerk/labca.git cd labca/build export LABCA_FQDN=labca.example.com -docker-compose up -d +docker compose up -d ``` And to tail the logs, especially if there are any issues: ``` -docker-compose logs -f +docker compose logs -f ``` -In case you get an error like the after running `docker-compose up`: +In case you get an error like the after running `docker compose up`: ``` Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "labca/entrypoint.sh": stat labca/entrypoint.sh: no such file or directory: unknown ``` diff --git a/backup b/backup index ddf9612..7a4061c 100755 --- a/backup +++ b/backup @@ -16,7 +16,7 @@ mkdir -p $TMPDIR mkdir -p /opt/backup cd /opt/boulder -docker-compose exec -T bmysql mysqldump boulder_sa_integration >$TMPDIR/boulder_sa_integration.sql +docker compose exec bmysql mysqldump boulder_sa_integration >$TMPDIR/boulder_sa_integration.sql cp -p /etc/nginx/ssl/*key* /etc/nginx/ssl/*cert.pem /etc/nginx/ssl/*.csr $TMPDIR/ diff --git a/build/Dockerfile-control b/build/Dockerfile-control index e3ec2ab..17afd01 100644 --- a/build/Dockerfile-control +++ b/build/Dockerfile-control @@ -4,12 +4,21 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ - cron \ curl \ - && curl -fsSL https://get.docker.com -o get-docker.sh \ - && sh get-docker.sh \ - && curl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/docker-compose \ + gnupg \ + && install -m 0755 -d /etc/apt/keyrings \ + && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \ + && chmod a+r /etc/apt/keyrings/docker.gpg \ + && echo \ + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null \ + && apt-get update \ + && apt-get install -y --no-install-recommends \ + docker-ce \ + docker-ce-cli \ + containerd.io \ + docker-compose-plugin \ && rm -rf /var/lib/apt/lists/* FROM ubuntu:focal @@ -26,12 +35,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /usr/bin/docker /usr/bin/docker -COPY --from=builder /lib/x86_64-linux-gnu/libpthread.so.0 /lib/x86_64-linux-gnu/libpthread.so.0 -COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.2 /lib/x86_64-linux-gnu/libdl.so.2 -COPY --from=builder /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libc.so.6 -COPY --from=builder /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 - -COPY --from=builder /usr/local/bin/docker-compose /usr/local/bin/docker-compose +COPY --from=builder /usr/libexec/docker/cli-plugins/docker-compose /usr/libexec/docker/cli-plugins/docker-compose COPY tmp/acme_tiny.py /opt/labca/ COPY tmp/backup /opt/labca/ diff --git a/build/Dockerfile-gui b/build/Dockerfile-gui index cba2e89..6648707 100644 --- a/build/Dockerfile-gui +++ b/build/Dockerfile-gui @@ -1,3 +1,26 @@ +FROM ubuntu:focal as builder + +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt-get update \ + && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + && install -m 0755 -d /etc/apt/keyrings \ + && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \ + && chmod a+r /etc/apt/keyrings/docker.gpg \ + && echo \ + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null \ + && apt-get update \ + && apt-get install -y --no-install-recommends \ + docker-ce \ + docker-ce-cli \ + containerd.io \ + docker-compose-plugin \ + && rm -rf /var/lib/apt/lists/* + FROM ubuntu:focal RUN apt-get update && \ @@ -7,6 +30,9 @@ RUN apt-get update && \ zip \ && rm -rf /var/lib/apt/lists/* +COPY --from=builder /usr/bin/docker /usr/bin/docker +COPY --from=builder /usr/libexec/docker/cli-plugins/docker-compose /usr/libexec/docker/cli-plugins/docker-compose + COPY tmp/labca-gui /opt/labca/bin/ COPY tmp/nameidtool /opt/labca/ COPY tmp/admin/setup.sh /opt/labca/ diff --git a/build/build.sh b/build/build.sh index f9e2390..849aa3c 100755 --- a/build/build.sh +++ b/build/build.sh @@ -43,9 +43,7 @@ cp $cloneDir/nginx.conf $TMP_DIR/ cp $cloneDir/proxy.conf $TMP_DIR/ cp $cloneDir/utils/nameidtool.go $TMP_DIR/ cp -rp $cloneDir/gui/* $TMP_DIR/admin/ -sed -i -e "s/^bin\/labca-gui//" $TMP_DIR/admin/setup.sh -sed -i -e "s/.*apt .*//" $TMP_DIR/admin/setup.sh -sed -i -e "s/.*apt-.*//" $TMP_DIR/admin/setup.sh +head -13 $cloneDir/gui/setup.sh > $TMP_DIR/admin/setup.sh sed -i '/^$/d' $TMP_DIR/admin/setup.sh echo diff --git a/commander b/commander index 6ccf7ab..2e6789a 100755 --- a/commander +++ b/commander @@ -39,7 +39,7 @@ read txt case $txt in "docker-restart") cd /opt/boulder - COMPOSE_HTTP_TIMEOUT=120 docker-compose restart boulder bmysql bconsul gui nginx &>>$LOGFILE + COMPOSE_HTTP_TIMEOUT=120 docker compose restart boulder bmysql bconsul gui nginx &>>$LOGFILE sleep 45 wait_up $PS_MYSQL &>>$LOGFILE wait_up $PS_CONSUL 2 &>>$LOGFILE @@ -86,11 +86,11 @@ case $txt in ;; "nginx-reload") cd /opt/boulder - docker-compose exec -T nginx nginx -s reload &>>$LOGFILE + docker compose exec nginx nginx -s reload &>>$LOGFILE ;; "nginx-restart") cd /opt/boulder - docker-compose restart nginx &>>$LOGFILE + docker compose restart nginx &>>$LOGFILE ;; "log-cert") [ -f /etc/nginx/ssl/acme_tiny.log ] && tail -200 /etc/nginx/ssl/acme_tiny.log || /bin/true @@ -102,7 +102,7 @@ case $txt in ;; "log-control-notail") cd /opt/boulder - docker-compose logs --no-color --tail=50 control + docker compose logs --no-color --tail=50 control ;; "log-cron") [ -f /opt/logs/cron.log ] && tail -n200 -f /opt/logs/cron.log || /bin/true @@ -110,34 +110,34 @@ case $txt in ;; "log-boulder") cd /opt/boulder - docker-compose logs -f --no-color --tail=50 boulder + docker compose logs -f --no-color --tail=50 boulder ;; "log-boulder-notail") cd /opt/boulder - docker-compose logs --no-color --tail=50 boulder + docker compose logs --no-color --tail=50 boulder ;; "log-audit") cd /opt/boulder - docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -50 - docker-compose logs -f --no-color --tail=0 boulder | grep "\[AUDIT\]" + docker compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -50 + docker compose logs -f --no-color --tail=0 boulder | grep "\[AUDIT\]" ;; "log-activity") cd /opt/boulder echo "GMT" - docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -15 + docker compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -15 exit 0 ;; "log-labca") cd /opt/boulder - docker-compose logs -f --no-color --tail=50 gui + docker compose logs -f --no-color --tail=50 gui ;; "log-labca-notail") cd /opt/boulder - docker-compose logs --no-color --tail=50 gui + docker compose logs --no-color --tail=50 gui ;; "log-web") cd /opt/boulder - docker-compose logs -f --no-color --tail=50 nginx + docker compose logs -f --no-color --tail=50 nginx ;; "log-components") nginx=$(docker inspect $(docker ps --format "{{.Names}}" | grep -- -nginx-) | grep -i started | grep -v depends_on | sed -e "s/[^:]*:\(.*\)/\1/" | sed -e "s/.*\"\(.*\)\".*/\1/") @@ -162,32 +162,32 @@ case $txt in read serial read reasonCode cd /opt/boulder - docker-compose exec -T boulder bin/admin-revoker serial-revoke --config labca/config/admin-revoker.json $serial $reasonCode 2>&1 + docker compose exec boulder bin/admin-revoker serial-revoke --config labca/config/admin-revoker.json $serial $reasonCode 2>&1 ;; "test-email") read recipient cd /opt/boulder - docker-compose exec -T boulder bin/mail-tester --config labca/config/expiration-mailer.json $recipient 2>&1 + docker compose exec boulder bin/mail-tester --config labca/config/expiration-mailer.json $recipient 2>&1 ;; "boulder-start") cd /opt/boulder - COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d bmysql bconsul + COMPOSE_HTTP_TIMEOUT=120 docker compose up -d bmysql bconsul wait_up $PS_MYSQL &>>$LOGFILE wait_up $PS_CONSUL 2 &>>$LOGFILE - COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d boulder + COMPOSE_HTTP_TIMEOUT=120 docker compose up -d boulder wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE ;; "boulder-stop") cd /opt/boulder - docker-compose stop boulder - docker-compose stop bmysql bconsul + docker compose stop boulder + docker compose stop bmysql bconsul wait_down $PS_MYSQL &>>$LOGFILE wait_down $PS_CONSUL &>>$LOGFILE wait_down $PS_BOULDER &>>$LOGFILE ;; "boulder-restart") cd /opt/boulder - COMPOSE_HTTP_TIMEOUT=120 docker-compose restart boulder bmysql bconsul &>>$LOGFILE + COMPOSE_HTTP_TIMEOUT=120 docker compose restart boulder bmysql bconsul &>>$LOGFILE sleep 30 wait_up $PS_MYSQL &>>$LOGFILE wait_up $PS_CONSUL 2 &>>$LOGFILE @@ -195,20 +195,20 @@ case $txt in ;; "labca-restart") cd /opt/boulder - COMPOSE_HTTP_TIMEOUT=120 docker-compose restart gui + COMPOSE_HTTP_TIMEOUT=120 docker compose restart gui sleep 15 wait_up $PS_LABCA &>>$LOGFILE ;; "mysql-restart") cd /opt/boulder set +e - COMPOSE_HTTP_TIMEOUT=120 docker-compose restart bmysql + COMPOSE_HTTP_TIMEOUT=120 docker compose restart bmysql set -e ;; "consul-restart") cd /opt/boulder set +e - COMPOSE_HTTP_TIMEOUT=120 docker-compose restart bconsul + COMPOSE_HTTP_TIMEOUT=120 docker compose restart bconsul set -e ;; "log-backups") @@ -230,8 +230,8 @@ case $txt in ;; "server-restart") cd /opt/boulder - nohup docker-compose restart gui & >/dev/null - nohup docker-compose restart nginx & >/dev/null + nohup docker compose restart gui & >/dev/null + nohup docker compose restart nginx & >/dev/null ;; "version-update") cd $dn diff --git a/control.sh b/control.sh index d25973f..165b68f 100755 --- a/control.sh +++ b/control.sh @@ -32,23 +32,6 @@ install_docker() { apt install -y docker-ce } -# TODO: install docker-compose should be done in pre-baked image -install_docker_compose() { - dockerComposeVersion="v2.5.0" - local dcver="" - [ -x /usr/local/bin/docker-compose ] && dcver="`/usr/local/bin/docker-compose --version`" - local vercmp=${dcver/$dockerComposeVersion/} - if [ "$dcver" == "" ] || [ "$dcver" == "$vercmp" ]; then - local v1test=${dcver/version 1./} - if [ "$dcver" != "$v1test" ] && [ "$dcver" != "" ]; then - mv /usr/local/bin/docker-compose /usr/local/bin/docker-compose-v1 - fi - - curl -sSL https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose - chmod +x /usr/local/bin/docker-compose - fi -} - selfsigned_cert() { pushd /etc/nginx/ssl >/dev/null openssl req -x509 -nodes -sha256 -newkey rsa:2048 -keyout labca_key.pem -out labca_cert.pem -days 7 \ @@ -99,7 +82,6 @@ main() { get_fqdn docker ps &>/dev/null || install_docker - install_docker_compose [ -e /etc/nginx/ssl/labca_cert.pem ] || selfsigned_cert renew_near_expiry diff --git a/gui/main.go b/gui/main.go index 0ef71b3..9268973 100644 --- a/gui/main.go +++ b/gui/main.go @@ -324,15 +324,15 @@ func errorHandler(w http.ResponseWriter, r *http.Request, err error, status int) } data = getLog(w, r, "control-notail") if data != "" { - FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs control", "Content": data}) + FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker compose logs control", "Content": data}) } data = getLog(w, r, "boulder-notail") if data != "" { - FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs boulder", "Content": data}) + FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker compose logs boulder", "Content": data}) } data = getLog(w, r, "labca-notail") if data != "" { - FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs labca", "Content": data}) + FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker compose logs labca", "Content": data}) } render(w, r, "error", map[string]interface{}{"Message": "Some unexpected error occurred!", "FileErrors": FileErrors}) diff --git a/gui/setup.sh b/gui/setup.sh index a5808d1..00e5d2a 100755 --- a/gui/setup.sh +++ b/gui/setup.sh @@ -12,14 +12,18 @@ if [ ! -e bin/labca-gui ]; then fi export DEBIAN_FRONTEND=noninteractive -apt update -[ -e /bin/ip ] || apt install -y iproute2 -[ -e /bin/zip ] || apt install -y zip -apt install -y apt-transport-https ca-certificates curl software-properties-common -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" -apt-cache policy docker-ce -apt update -apt install -y docker-ce +apt-get update +apt-get install -y iproute2 zip +apt-get install -y apt-transport-https ca-certificates curl software-properties-common gnupg +install -m 0755 -d /etc/apt/keyrings +[ ! -e /etc/apt/keyrings/docker.gpg ] || mv /etc/apt/keyrings/docker.gpg /etc/apt/keyrings/docker.gpg_PREV +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg +chmod a+r /etc/apt/keyrings/docker.gpg +echo \ + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null +apt-get update +apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin bin/labca-gui diff --git a/install b/install index ee022b2..dbfce10 100755 --- a/install +++ b/install @@ -438,36 +438,28 @@ install_pkg() { } install_extra() { - local packages=(apt-transport-https ca-certificates curl gnupg2 net-tools software-properties-common tzdata ucspi-tcp zip python) + local packages=(apt-transport-https ca-certificates curl gnupg net-tools tzdata ucspi-tcp zip python) for package in "${packages[@]}"; do install_pkg "$package" done distrib=$(lsb_release -is | tr '[:upper:]' '[:lower:]') - curl -fsSL https://download.docker.com/linux/${distrib}/gpg 2>>$installLog | apt-key add - &>>$installLog || msg_fatal "Could not download docker repository key" - add-apt-repository -r -y "deb [arch=amd64] https://download.docker.com/linux/${distrib} $(lsb_release -cs) stable" &>>$installLog - add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/${distrib} $(lsb_release -cs) stable" &>>$installLog - apt-cache policy docker-ce &>>$installLog - apt update &>>$installLog - install_pkg "docker-ce" + install -m 0755 -d /etc/apt/keyrings + [ ! -e /etc/apt/keyrings/docker.gpg ] || mv /etc/apt/keyrings/docker.gpg /etc/apt/keyrings/docker.gpg_PREV + curl -fsSL https://download.docker.com/linux/${distrib}/gpg 2>>$installLog | gpg --dearmor -o /etc/apt/keyrings/docker.gpg &>>$installLog || msg_fatal "Could not download docker repository key" + chmod a+r /etc/apt/keyrings/docker.gpg + echo \ + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/${distrib} \ + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null &>>$installLog + apt-get update &>>$installLog + local packages=(docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin) + for package in "${packages[@]}"; do + install_pkg "$package" + done # Make sure the labca user has docker permissions usermod -aG docker labca - - msg_info "Install binary 'docker-compose'" - local dcver="" - [ -x /usr/local/bin/docker-compose ] && dcver="`/usr/local/bin/docker-compose --version`" - local vercmp=${dcver/$dockerComposeVersion/} - if [ "$dcver" == "" ] || [ "$dcver" == "$vercmp" ]; then - local v1test=${dcver/version 1./} - if [ "$dcver" != "$v1test" ] && [ "$dcver" != "" ]; then - mv /usr/local/bin/docker-compose /usr/local/bin/docker-compose-v1 - fi - - curl -sSL https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose &>>$installLog || msg_fatal "Could not download docker-compose" - chmod +x /usr/local/bin/docker-compose - fi - msg_ok "Binary 'docker-compose' is installed" } # Configure the static web pages (for end users) @@ -729,20 +721,20 @@ startup() { if [ $num -eq 0 ]; then perl -i -p0e "s/(version:.*\n).*\n?(services:\n)/\1name: labca\n\2/" docker-compose.yml fi - cnt=$(docker-compose ps | wc -l) + cnt=$(docker compose ps | wc -l) if [ "$cnt" -le "2" ]; then msg="Download docker images and build containers" fi msg_info "$msg (this will take a while!!)" - docker-compose pull -q &>>$installLog + docker compose pull -q &>>$installLog cnt=$(count $PS_CONTROL || echo "0") - docker-compose stop boulder bmysql labca nginx bconsul gui &>>$installLog || true + docker compose stop boulder bmysql labca nginx bconsul gui &>>$installLog || true for ct in boulder_bhsm_1 boulder_bredis_1 boulder_bredis_2 boulder_bredis_3 boulder_bredis_4 boulder_bredis_5 boulder_bredis_6; do [ -z "$(docker ps | grep $ct)" ] || docker stop $ct &>>$installLog done if [ $num -ne 0 ]; then - docker-compose stop control &>>$installLog || true + docker compose stop control &>>$installLog || true fi wait_down $PS_NGINX &>>$installLog || true wait_down $PS_MYSQL &>>$installLog || true @@ -778,7 +770,7 @@ startup() { docker run --rm -v boulder_dbdata:/old -v labca_dbdata:/new $dimg bash -c "cp -R /old/* /new/" &>>$installLog fi - COMPOSE_HTTP_TIMEOUT=180 docker-compose up -d &>>$installLog + COMPOSE_HTTP_TIMEOUT=180 docker compose up -d &>>$installLog wait_up $PS_NGINX &>>$installLog || true wait_up $PS_MYSQL &>>$installLog || true @@ -789,7 +781,7 @@ startup() { [ -f "$boulderLabCADir/setup_complete" ] && wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$installLog || /bin/true if [ $cnt -gt 0 ]; then - COMPOSE_HTTP_TIMEOUT=180 docker-compose restart control &>>$installLog + COMPOSE_HTTP_TIMEOUT=180 docker compose restart control &>>$installLog fi msg_ok "$msg" diff --git a/mailer b/mailer index 03c394a..95bf4c4 100755 --- a/mailer +++ b/mailer @@ -6,4 +6,4 @@ TODAY=`date '+%Y_%m_%d'` echo "Running cron-$(basename $0) for ${TODAY}..." cd /opt/boulder -docker-compose exec -T boulder bin/expiration-mailer --config labca/config/expiration-mailer.json 2>&1 +docker compose exec boulder bin/expiration-mailer --config labca/config/expiration-mailer.json 2>&1 diff --git a/renew b/renew index d234c89..fc66011 100755 --- a/renew +++ b/renew @@ -9,4 +9,4 @@ python3 /opt/labca/acme_tiny.py --account-key ./account.key --csr ./domain.csr - mv domain_chain.crt labca_cert.pem cd /opt/boulder -docker-compose restart nginx +docker compose restart nginx diff --git a/restore b/restore index 89a41cf..7860a47 100755 --- a/restore +++ b/restore @@ -16,7 +16,7 @@ tar xzf $FILE 2>&1 cd /opt/boulder [ -f $TMPDIR/boulder_sa_integration.sql ] || (echo "MySQL backup file not found"; exit 1) sed -i -e "s/\(INSERT INTO \`gorp_migrations\`.*\)/-- \1/" $TMPDIR/boulder_sa_integration.sql -docker-compose exec -T bmysql mysql boulder_sa_integration <$TMPDIR/boulder_sa_integration.sql +docker compose exec bmysql mysql boulder_sa_integration <$TMPDIR/boulder_sa_integration.sql mv -f $TMPDIR/*key* $TMPDIR/*cert.pem $TMPDIR/*.csr /etc/nginx/ssl/