diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..846c9c9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +*.sw[a-z] diff --git a/0.5/consul-agent/Dockerfile b/0.5/consul-agent/Dockerfile index 928adc8..637f968 100644 --- a/0.5/consul-agent/Dockerfile +++ b/0.5/consul-agent/Dockerfile @@ -1,6 +1,13 @@ -FROM gliderlabs/consul:0.5 -ADD ./config /config/ +FROM zendesk/consul:0.5.2 + +ENV CONSUL_CLIENT_ADDR 0.0.0.0 +ENV CONSUL_DATA_DIR /data +ENV CONSUL_LEAVE_ON_TERMINATE 1 +ENV CONSUL_DNS_ALLOW_STALE 1 +ENV CONSUL_DNS_MAX_STALE 1s +ENV CONSUL_DNS_ENABLE_TRUNCATE 1 +ENV CONSUL_DISABLE_REMOTE_EXEC 1 + EXPOSE 8300 8301 8301/udp 8302 8302/udp 8400 8500 8600 8600/udp -ENV DNS_RESOLVES consul -ENV DNS_PORT 8600 -ENTRYPOINT ["/bin/consul", "agent", "-config-dir=/config"] +VOLUME /data +ENTRYPOINT ["/bin/consul_launcher"] diff --git a/0.5/consul-agent/Makefile b/0.5/consul-agent/Makefile index 9afce1b..a8d0b7f 100644 --- a/0.5/consul-agent/Makefile +++ b/0.5/consul-agent/Makefile @@ -1,3 +1,3 @@ build: - docker build -t gliderlabs/consul-agent . + docker build -t zendesk/consul-agent:0.5.2 . diff --git a/0.5/consul-agent/config/agent.json b/0.5/consul-agent/config/agent.json deleted file mode 100644 index 529b602..0000000 --- a/0.5/consul-agent/config/agent.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "client_addr": "0.0.0.0", - "data_dir": "/data", - "leave_on_terminate": true, - "dns_config": { - "allow_stale": true, - "max_stale": "1s" - } -} diff --git a/0.5/consul-server/Dockerfile b/0.5/consul-server/Dockerfile index c610a33..7496416 100644 --- a/0.5/consul-server/Dockerfile +++ b/0.5/consul-server/Dockerfile @@ -1,5 +1,8 @@ -FROM gliderlabs/consul-agent:0.5 -ADD ./config /config/ +FROM zendesk/consul-agent:0.5.2 +ENV CONSUL_SERVER 1 +ENV CONSUL_DNS_ALLOW_STALE 0 +ENV CONSUL_DNS_MAX_STALE "" +ENV CONSUL_UI_DIR /ui ADD https://dl.bintray.com/mitchellh/consul/0.5.2_web_ui.zip /tmp/webui.zip RUN cd /tmp && unzip webui.zip && mv dist /ui && rm webui.zip -ENTRYPOINT ["/bin/consul", "agent", "-server", "-config-dir=/config"] +ENTRYPOINT ["/bin/consul_launcher"] diff --git a/0.5/consul-server/Makefile b/0.5/consul-server/Makefile index bc5c7d8..bc58d66 100644 --- a/0.5/consul-server/Makefile +++ b/0.5/consul-server/Makefile @@ -1,3 +1,3 @@ build: - docker build -t gliderlabs/consul-server . + docker build -t zendesk/consul-server:0.5.2 . diff --git a/0.5/consul-server/config/server.json b/0.5/consul-server/config/server.json deleted file mode 100644 index fccafad..0000000 --- a/0.5/consul-server/config/server.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "ui_dir": "/ui", - "server": true, - "dns_config": { - "allow_stale": false - } -} diff --git a/0.5/consul/Dockerfile b/0.5/consul/Dockerfile index 0cd6bee..9dc944b 100644 --- a/0.5/consul/Dockerfile +++ b/0.5/consul/Dockerfile @@ -1,18 +1,60 @@ FROM alpine:3.2 -ENV CONSUL_VERSION 0.5.2 -ENV CONSUL_SHA256 171cf4074bfca3b1e46112105738985783f19c47f4408377241b868affa9d445 +ENV CONSUL_VERSION 0.5.2-2-g4e53804 +ENV CONSUL_SHA256 acfbbe2d852442dd523416bdd78790d445125ea7f6a6ace0115510b8d94b2ae4 +ENV CONSUL_ACL_DATACENTER "" +ENV CONSUL_ACL_DEFAULT_POLICY "" +ENV CONSUL_ACL_DOWN_POLICY "" +ENV CONSUL_ACL_MASTER_TOKEN "" +ENV CONSUL_ACL_TOKEN "" +ENV CONSUL_ACL_TTL "" +ENV CONSUL_ADVERTISE_ADDR "" +ENV CONSUL_ADVERTISE_ADDR_WAN "" +ENV CONSUL_BOOTSTRAP_EXPECT "" +ENV CONSUL_CHECK_UPDATE_INTERVAL "" +ENV CONSUL_DATA_DIR "" +ENV CONSUL_CLIENT_ADDR "" +ENV CONSUL_DATACENTER "" +ENV CONSUL_DISABLE_REMOTE_EXEC "" +ENV CONSUL_DISABLE_UPDATE_CHECK "" +ENV CONSUL_DNS_ALLOW_STALE "" +ENV CONSUL_DNS_ENABLE_TRUNCATE "" +ENV CONSUL_DNS_MAX_STALE "" +ENV CONSUL_DNS_NODE_TTL "" +ENV CONSUL_DNS_ONLY_PASSING "" +ENV CONSUL_DNS_SERVICE_TTL "" +ENV CONSUL_DOMAIN "" +ENV CONSUL_ENCRYPT "" +ENV CONSUL_LEAVE_ON_TERMINATE "" +ENV CONSUL_REJOIN_AFTER_LEAVE "" +ENV CONSUL_RETRY_JOIN "" +ENV CONSUL_RETRY_INTERVAL "" +ENV CONSUL_RETRY_INTERVAL_WAN "" +ENV CONSUL_SERVER "" +ENV CONSUL_SERVER_NAME "" +ENV CONSUL_SESSION_TTL_MIN "" +ENV CONSUL_SKIP_LEAVE_ON_INTERRUPT "" +ENV CONSUL_START_JOIN "" +ENV CONSUL_START_JOIN_WAN "" +ENV CONSUL_STATSD_ADDR "" +ENV CONSUL_STATSITE_ADDR "" +ENV CONSUL_STATSITE_PREFIX "" +ENV CONSUL_TLS_CA_FILE "" +ENV CONSUL_TLS_CERT_FILE "" +ENV CONSUL_TLS_VERIFY_INCOMING "" +ENV CONSUL_TLS_VERIFY_OUTGOING "" +ENV CONSUL_TLS_VERIFY_SERVER_HOSTNAME "" +ENV CONSUL_UI_DIR "" -RUN apk --update add curl ca-certificates && \ +RUN apk --update add curl ca-certificates jq && \ curl -Ls https://circle-artifacts.com/gh/andyshinn/alpine-pkg-glibc/6/artifacts/0/home/ubuntu/alpine-pkg-glibc/packages/x86_64/glibc-2.21-r2.apk > /tmp/glibc-2.21-r2.apk && \ apk add --allow-untrusted /tmp/glibc-2.21-r2.apk && \ rm -rf /tmp/glibc-2.21-r2.apk /var/cache/apk/* -ADD https://dl.bintray.com/mitchellh/consul/${CONSUL_VERSION}_linux_amd64.zip /tmp/consul.zip -RUN echo "${CONSUL_SHA256} /tmp/consul.zip" > /tmp/consul.sha256 \ +ADD https://github.com/zendesk/consul/releases/download/${CONSUL_VERSION}/consul_linux_x86_64 /bin/consul +RUN echo "${CONSUL_SHA256} /bin/consul" > /tmp/consul.sha256 \ && sha256sum -c /tmp/consul.sha256 \ - && cd /bin \ - && unzip /tmp/consul.zip \ - && chmod +x /bin/consul \ - && rm /tmp/consul.zip + && chmod +x /bin/consul +RUN mkdir /config +ADD ./bin/consul_launcher /bin/ -ENTRYPOINT ["/bin/consul"] +ENTRYPOINT ["/bin/consul_launcher"] diff --git a/0.5/consul/Makefile b/0.5/consul/Makefile index ae725d1..9962bb1 100644 --- a/0.5/consul/Makefile +++ b/0.5/consul/Makefile @@ -1,3 +1,3 @@ build: - docker build -t gliderlabs/consul . + docker build -t zendesk/consul:0.5.2 . diff --git a/0.5/consul/bin/consul_launcher b/0.5/consul/bin/consul_launcher new file mode 100755 index 0000000..2e2c147 --- /dev/null +++ b/0.5/consul/bin/consul_launcher @@ -0,0 +1,96 @@ +#!/bin/sh +# vim:syn=sh ts=2 sw=2 et ai + +jq_filter="{}" + +add_key() { + key="$1" + val="$2" + type="$3" + + case "$type" in + string) + [ -z "$val" ] && return + val="\"${val}\"" + ;; + multi_string) + [ -z "$val" ] && return + oldIFS=$IFS; IFS=, + set -- $val + IFS=$oldIFS + val="" + for i in "$@"; do + i="\"${i}\"" + if [ -z "$val" ]; then + val="[$i" + else + val="${val},${i}" + fi + done + val="${val}]" + ;; + int) + [ -z "$val" ] && return + ;; + boolean) + if [ "$val" = "0" -o "$val" = "false" -o "$val" = "n" -o "$val" = "no" ]; then + val=false + elif [ "$val" = "1" -o "$val" = "true" -o "$val" = "y" -o "$val" = "yes" ]; then + val=true + else + return + fi + ;; + esac + + jq_filter="${jq_filter} | .${key} = ${val}" +} + + +add_key acl_datacenter "$CONSUL_ACL_DATACENTER" string +add_key acl_default_policy "$CONSUL_ACL_DEFAULT_POLICY" string +add_key acl_down_policy "$CONSUL_ACL_DOWN_POLICY" string +add_key acl_master_token "$CONSUL_ACL_MASTER_TOKEN" string +add_key acl_token "$CONSUL_ACL_TOKEN" string +add_key acl_ttl "$CONSUL_ACL_TTL" string +add_key advertise_addr "$CONSUL_ADVERTISE_ADDR" string +add_key advertise_addr_wan "$CONSUL_ADVERTISE_ADDR_WAN" string +add_key bootstrap_expect "$CONSUL_BOOTSTRAP_EXPECT" int +add_key ca_file "$CONSUL_TLS_CA_FILE" string +add_key cert_file "$CONSUL_TLS_CERT_FILE" string +add_key check_update_interval "$CONSUL_CHECK_UPDATE_INTERVAL" string +add_key client_addr "$CONSUL_CLIENT_ADDR" string +add_key data_dir "$CONSUL_DATA_DIR" string +add_key datacenter "$CONSUL_DATACENTER" string +add_key disable_remote_exec "$CONSUL_DISABLE_REMOTE_EXEC" boolean +add_key disable_update_check "$CONSUL_DISABLE_UPDATE_CHECK" boolean +add_key dns_config.allow_stale "$CONSUL_DNS_ALLOW_STALE" boolean +add_key dns_config.enable_truncate "$CONSUL_DNS_ENABLE_TRUNCATE" boolean +add_key dns_config.max_stale "$CONSUL_DNS_MAX_STALE" string +add_key dns_config.node_ttl "$CONSUL_DNS_NODE_TTL" string +add_key dns_config.only_passing "$CONSUL_DNS_ONLY_PASSING" boolean +add_key dns_config.service_ttl "$CONSUL_DNS_SERVICE_TTL" string +add_key domain "$CONSUL_DOMAIN" boolean +add_key encrypt "$CONSUL_ENCRYPT" string +add_key leave_on_terminate "$CONSUL_LEAVE_ON_TERMINATE" boolean +add_key rejoin_after_leave "$CONSUL_REJOIN_AFTER_LEAVE" boolean +add_key retry_interval "$CONSUL_RETRY_INTERVAL" string +add_key retry_interval_wan "$CONSUL_RETRY_INTERVAL_WAN" string +add_key retry_join "$CONSUL_RETRY_JOIN" multi_string +add_key retry_join_wan "$CONSUL_RETRY_JOIN_WAN" multi_string +add_key server "$CONSUL_SERVER" boolean +add_key server_name "$CONSUL_SERVER_NAME" string +add_key session_ttl_min "$CONSUL_SESSION_TTL_MIN" string +add_key skip_leave_on_interrupt "$CONSUL_SKIP_LEAVE_ON_INTERRUPT" boolean +add_key start_join "$CONSUL_START_JOIN" multi_string +add_key start_join_wan "$CONSUL_START_JOIN_WAN" multi_string +add_key statsd_addr "$CONSUL_STATSD_ADDR" string +add_key statsite_addr "$CONSUL_STATSITE_ADDR" string +add_key statsite_prefix "$CONSUL_STATSITE_PREFIX" string +add_key ui_dir "$CONSUL_UI_DIR" string +add_key verify_incoming "$CONSUL_TLS_VERIFY_INCOMING" boolean +add_key verify_outgoing "$CONSUL_TLS_VERIFY_OUTGOING" boolean +add_key verify_server_hostname "$CONSUL_TLS_VERIFY_SERVER_HOSTNAME" boolean + +jq -n "${jq_filter}" > /config/config.json +exec /bin/consul agent -config-dir=/config diff --git a/LICENSE b/LICENSE index 238d6db..1b4e64e 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,7 @@ The MIT License (MIT) Copyright (c) 2015 Glider Labs +Copyright (c) 2015 Zendesk Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 8aad8af..49c543a 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,77 @@ -# Consul in Docker +# Consul Docker images -Looking for what used to be `progrium/consul`? Look in the `legacy` branch. +These are Zendesk's customized Docker images for HashiCorp's Consul. They're +based on [Glider Labs' original +sources](https://github.com/gliderlabs/docker-consul). + +## Lock race fixes + +This build contains an [important +fix](https://github.com/hashicorp/consul/compare/master...zendesk:zendesk_0.5.2) +to some race conditions in `consul lock` in the 0.5.2 upstream release. Our +fix has been accepted by Hashicorp, but no new release has been published yet +that contains it. + +## Data persistence + +The `/data` directory is now marked as a volume, so that Consul's Raft data can +be preserved across container restarts. (Of course, you may always start +with a clean slate by removing and recreating the container.) + +## Environment variables + +The following environment variables can be set to control the way Consul +operates. Check the [Consul +documentation](https://www.consul.io/docs/agent/options.html) for further +details on how they operate. + +For boolean variables, the values `"0"`, `"false"`, and `"n"` all translate to +`false`; and `"1"`, `"true"`, and `"y"` all translate to `true`. + +* `CONSUL_ACL_DATACENTER` +* `CONSUL_ACL_DEFAULT_POLICY` +* `CONSUL_ACL_DOWN_POLICY` +* `CONSUL_ACL_MASTER_TOKEN` +* `CONSUL_ACL_TOKEN` +* `CONSUL_ACL_TTL` +* `CONSUL_ADVERTISE_ADDR` +* `CONSUL_ADVERTISE_ADDR_WAN` +* `CONSUL_BOOTSTRAP_EXPECT` +* `CONSUL_CHECK_UPDATE_INTERVAL` +* `CONSUL_DATA_DIR` +* `CONSUL_CLIENT_ADDR` +* `CONSUL_DATACENTER` +* `CONSUL_DISABLE_REMOTE_EXEC` +* `CONSUL_DISABLE_UPDATE_CHECK` +* `CONSUL_DNS_ALLOW_STALE` +* `CONSUL_DNS_ENABLE_TRUNCATE` +* `CONSUL_DNS_MAX_STALE` +* `CONSUL_DNS_NODE_TTL` +* `CONSUL_DNS_ONLY_PASSING` +* `CONSUL_DNS_SERVICE_TTL` +* `CONSUL_DOMAIN` +* `CONSUL_ENCRYPT` +* `CONSUL_LEAVE_ON_TERMINATE` +* `CONSUL_REJOIN_AFTER_LEAVE` +* `CONSUL_RETRY_JOIN` +* `CONSUL_RETRY_INTERVAL` +* `CONSUL_RETRY_INTERVAL_WAN` +* `CONSUL_SERVER` +* `CONSUL_SERVER_NAME` +* `CONSUL_SESSION_TTL_MIN` +* `CONSUL_SKIP_LEAVE_ON_INTERRUPT` +* `CONSUL_START_JOIN` +* `CONSUL_START_JOIN_WAN` +* `CONSUL_STATSD_ADDR` +* `CONSUL_STATSITE_ADDR` +* `CONSUL_STATSITE_PREFIX` +* `CONSUL_TLS_CA_FILE` +* `CONSUL_TLS_CERT_FILE` +* `CONSUL_TLS_VERIFY_INCOMING` +* `CONSUL_TLS_VERIFY_OUTGOING` +* `CONSUL_TLS_VERIFY_SERVER_HOSTNAME` +* `CONSUL_UI_DIR` ## License MIT - -