From e0a2e2bd350fdcce376a00157c3c079eaaecc988 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 29 Jul 2015 16:07:51 +0200 Subject: [PATCH] Initial move from gist --- README.md | 135 ++++++++++++++++++ nginx-prod/container.yaml | 35 +++++ nginx-prod/files/nginx.conf | 1 + .../pkgs/nginx/patches/https-only.patch | 1 + nginx-prod/pkgs/nginx/pkg.yaml | 10 ++ 5 files changed, 182 insertions(+) create mode 100644 README.md create mode 100644 nginx-prod/container.yaml create mode 100644 nginx-prod/files/nginx.conf create mode 100644 nginx-prod/pkgs/nginx/patches/https-only.patch create mode 100644 nginx-prod/pkgs/nginx/pkg.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..0dac6b4 --- /dev/null +++ b/README.md @@ -0,0 +1,135 @@ +# Package-Centric Source-Based Container Build System + +## Why? +* There's no standardized way to create container images that include + applications built from upstream sources. +* Application dependencies, which typically are libraries, are typically + neglected when calculating container dependencies. This causes not knowing + what libraries are installed +* Ad-Hoc source builds are time consuming + +## What for? +* Fast source builds with lots of packages available +* Ad-Hoc source builds if required but defaulting to binary repository +* Reproducible and shareable builds +* Customized Source configuration flags +* Container dependencies reflect dependencies of container applications +* Easy assembling and configuring of containers based on application packages +* Integrable with CI +* Portable + +## How? + +## Like what? +* 100% descriptive build spec. Examples: + * https://embedux.github.io/documentation/usage/rootfs/configuration.yml/index.html + * http://nixos.org/nixos/about.html + * https://gitweb.gentoo.org/proj/releng.git/tree/releases/weekly/specs/amd64?id=HEAD + * https://github.com/zefhemel/nix-docker + * [nix build darm + paper](http://www.researchgate.net/publication/228629017_The_Nix_Build_Farm_A_declarative_approach_to_continuous_integration) + * https://github.com/jordansissel/fpm/wiki + +# Usage + +## Buildit configuration +**.builtit-config.yaml** +``` +--- +repository: + name: mysuperbinhost + upload-type: ssh + upload-path: containers@mysuperbinhost.org/containers + downnload-type: https + download-path: mysuperbinhost.org/containers +``` + +## Sysadmin needs patched nginx + + +### Sysadmin +In case a sysadmin needs a patched and specifically configured version of it's + +favorite webserver nginx. + +1. Put directories and files in place + Directory layout + ``` + ├── nginx-prod + │   ├── container.yaml + │   ├── files + │   │   └── nginx.conf + │   └── pkgs + │   └── nginx + │   ├── patches + │   │   └── https-only.patch + │   └── pkg.yaml + ``` + + **pkg.yaml** + ``` + --- + base: www-servers/nginx-1.7.6 + author: Sysadmin42 + patches: + patches/https-only.patch: "This patch denies all plain http requests" + https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch: + "Fix buffer overruns" + use: + with: + - ipv6 + - selinux + + ``` + + **container.yaml** + ``` + --- + - vars: + author: Sysadmin42 + name: nginx-production + version: 1.7.6-p1 + os: linux + arch: amd64 + + - package: + type: embedded + path: ./pkgs/nginx + + - sync: + src: ./files/nginx.conf + dest: /etc/nginx/nginx.conf + recursive: True + chmod: 0644 + + - image: + type: aci + content: | + { + "acKind": "ImageManifest", + "acVersion": "0.6.1", + "name": "{{ name }}-{{ version }}", + "labels": [ + {"name": "os", "value": "{{ os }}"}, + {"name": "arch", "value": {{ arch }}} + ], + "app": { + "exec": [ + "/sbin/nginx" + ], + "user": "0", + "group": "0" + } + } + ``` + +2. Build the container + ``` + $ buildit --verbose nginx-prod/ --discover=github.com/sysadmin42/containers,push=True + Building Sysadmin42/nginx-production-1.7.6-p1 + Building package from './pkgs/nginx' for linux/amd64. HASH: 86c8ef43-f4a4-49ba-a0ee-92900211c7b6 + Can't find 86c8ef43-f4a4-49ba-a0ee-92900211c7b6 in any repository or cache. + Defaulting to local build... + Finished after 1 minute 24 seconds. + Uploading packages and container build to repository 'mysuperbinhost' + ``` diff --git a/nginx-prod/container.yaml b/nginx-prod/container.yaml new file mode 100644 index 0000000..9615e63 --- /dev/null +++ b/nginx-prod/container.yaml @@ -0,0 +1,35 @@ +--- +- vars: + author: Sysadmin42 + name: nginx-production + version: 1.7.6-p1 + +- package: + type: embedded + path: ./pkgs/nginx + +- sync: + src: ./files/nginx.conf + dest: /etc/nginx/nginx.conf + recursive: True + chmod: 0644 + +- image: + type: aci + content: | + { + "acKind": "ImageManifest", + "acVersion": "0.6.1", + "name": "{{ name }}-{{ version }}", + "labels": [ + {"name": "os", "value": "linux"}, + {"name": "arch", "value": "amd64"} + ], + "app": { + "exec": [ + "/sbin/nginx" + ], + "user": "0", + "group": "0" + } + } diff --git a/nginx-prod/files/nginx.conf b/nginx-prod/files/nginx.conf new file mode 100644 index 0000000..f747925 --- /dev/null +++ b/nginx-prod/files/nginx.conf @@ -0,0 +1 @@ +DUMMY diff --git a/nginx-prod/pkgs/nginx/patches/https-only.patch b/nginx-prod/pkgs/nginx/patches/https-only.patch new file mode 100644 index 0000000..f747925 --- /dev/null +++ b/nginx-prod/pkgs/nginx/patches/https-only.patch @@ -0,0 +1 @@ +DUMMY diff --git a/nginx-prod/pkgs/nginx/pkg.yaml b/nginx-prod/pkgs/nginx/pkg.yaml new file mode 100644 index 0000000..fc66cf7 --- /dev/null +++ b/nginx-prod/pkgs/nginx/pkg.yaml @@ -0,0 +1,10 @@ +--- +base: www-servers/nginx-1.7.6 +author: Sysadmin42 +patches: + patches/https-only.patch: "This patch denies all plain http requests" + https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch: "Fix buffer overruns" +use: + with: + - ipv6 + - selinux