Initial move from gist

2015-07-29 16:07:51 +02:00 · 2015-07-29 16:07:51 +02:00 · e0a2e2bd35
commit e0a2e2bd35
5 changed files with 182 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,135 @@
+# Package-Centric Source-Based Container Build System
+
+## Why?
+* There's no standardized way to create container images that include
+  applications built from upstream sources.
+* Application dependencies, which typically are libraries, are typically
+  neglected when calculating container dependencies. This causes not knowing
+  what libraries are installed
+* Ad-Hoc source builds are time consuming
+
+## What for?
+* Fast source builds with lots of packages available
+* Ad-Hoc source builds if required but defaulting to binary repository
+* Reproducible and shareable builds
+* Customized Source configuration flags
+* Container dependencies reflect dependencies of container applications
+* Easy assembling and configuring of containers based on application packages
+* Integrable with CI
+* Portable
+
+## How?
+
+## Like what?
+* 100% descriptive build spec. Examples:
+  * https://embedux.github.io/documentation/usage/rootfs/configuration.yml/index.html
+  * http://nixos.org/nixos/about.html 
+  * https://gitweb.gentoo.org/proj/releng.git/tree/releases/weekly/specs/amd64?id=HEAD
+  * https://github.com/zefhemel/nix-docker
+  * [nix build darm
+    paper](http://www.researchgate.net/publication/228629017_The_Nix_Build_Farm_A_declarative_approach_to_continuous_integration)
+  * https://github.com/jordansissel/fpm/wiki
+
+# Usage
+
+## Buildit configuration
+**.builtit-config.yaml**
+```
+---
+repository:
+    name: mysuperbinhost
+    upload-type: ssh
+    upload-path: containers@mysuperbinhost.org/containers
+    downnload-type: https
+    download-path: mysuperbinhost.org/containers
+```
+
+## Sysadmin needs patched nginx
+
+
+### Sysadmin
+In case a sysadmin needs a patched and specifically configured version of it's
+
+favorite webserver nginx. 
+
+1. Put directories and files in place
+    Directory layout
+    ```
+    ├── nginx-prod
+    │   ├── container.yaml
+    │   ├── files
+    │   │   └── nginx.conf
+    │   └── pkgs
+    │       └── nginx
+    │           ├── patches
+    │           │   └── https-only.patch
+    │           └── pkg.yaml
+    ```
+
+    **pkg.yaml**
+    ```
+    ---
+    base: www-servers/nginx-1.7.6
+    author: Sysadmin42 <sys@admin42.org>
+    patches:
+        patches/https-only.patch: "This patch denies all plain http requests"
+            https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch:
+            "Fix buffer overruns"
+            use:
+                with:
+                    - ipv6
+                    - selinux
+
+    ```
+
+    **container.yaml**
+    ```
+    ---
+    - vars:
+        author: Sysadmin42
+        name: nginx-production
+        version: 1.7.6-p1
+        os: linux
+        arch: amd64
+
+    - package:
+        type: embedded
+        path: ./pkgs/nginx
+
+    - sync:
+        src: ./files/nginx.conf
+        dest: /etc/nginx/nginx.conf
+        recursive: True
+        chmod: 0644
+
+    - image:
+        type: aci
+        content: |
+            {
+                "acKind": "ImageManifest",
+                "acVersion": "0.6.1",
+                "name": "{{ name }}-{{ version }}",
+                "labels": [
+                    {"name": "os", "value": "{{ os }}"},
+                    {"name": "arch", "value": {{ arch }}}
+                ],
+                "app": {
+                    "exec": [
+                        "/sbin/nginx"
+                    ],
+                    "user": "0",
+                    "group": "0"
+                }
+            }
+    ```
+    
+2. Build the container
+    ```
+    $ buildit --verbose nginx-prod/ --discover=github.com/sysadmin42/containers,push=True
+    Building Sysadmin42/nginx-production-1.7.6-p1
+    Building package from './pkgs/nginx' for linux/amd64. HASH: 86c8ef43-f4a4-49ba-a0ee-92900211c7b6
+    Can't find 86c8ef43-f4a4-49ba-a0ee-92900211c7b6 in any repository or cache.
+    Defaulting to local build...
+    Finished after 1 minute 24 seconds.
+    Uploading packages and container build to repository 'mysuperbinhost'
+    ```
--- a/nginx-prod/container.yaml
+++ b/nginx-prod/container.yaml
@ -0,0 +1,35 @@
+---
+- vars:
+    author: Sysadmin42
+    name: nginx-production
+    version: 1.7.6-p1
+
+- package:
+    type: embedded
+    path: ./pkgs/nginx
+
+- sync:
+    src: ./files/nginx.conf
+    dest: /etc/nginx/nginx.conf
+    recursive: True
+    chmod: 0644
+
+- image:
+    type: aci
+    content: |
+        {
+            "acKind": "ImageManifest",
+            "acVersion": "0.6.1",
+            "name": "{{ name }}-{{ version }}",
+            "labels": [
+                {"name": "os", "value": "linux"},
+                {"name": "arch", "value": "amd64"}
+            ],
+            "app": {
+                "exec": [
+                    "/sbin/nginx"
+                ],
+                "user": "0",
+                "group": "0"
+            }
+        }
--- a/nginx-prod/files/nginx.conf
+++ b/nginx-prod/files/nginx.conf
@ -0,0 +1 @@
+DUMMY
--- a/nginx-prod/pkgs/nginx/patches/https-only.patch
+++ b/nginx-prod/pkgs/nginx/patches/https-only.patch
@ -0,0 +1 @@
+DUMMY
--- a/nginx-prod/pkgs/nginx/pkg.yaml
+++ b/nginx-prod/pkgs/nginx/pkg.yaml
@ -0,0 +1,10 @@
+---
+base: www-servers/nginx-1.7.6
+author: Sysadmin42 <sys@admin42.org>
+patches:
+    patches/https-only.patch: "This patch denies all plain http requests"
+    https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch: "Fix buffer overruns"
+use:
+    with:
+        - ipv6
+        - selinux