From 2455516c89dfa662b794e5f75379a5efaafd24d8 Mon Sep 17 00:00:00 2001 From: Dave Lasley Date: Thu, 15 Dec 2016 14:22:27 -0800 Subject: [PATCH 1/9] [ADD] clouder_template_red_october: File encyption/decryption --- clouder_template_red_october/README.rst | 72 ++++++++ clouder_template_red_october/__init__.py | 3 + clouder_template_red_october/__manifest__.py | 28 +++ .../data/application.xml | 42 +++++ .../data/application_tag.xml | 11 ++ .../data/application_template.xml | 13 ++ .../data/application_type.xml | 17 ++ .../data/certificate_policy_use.xml | 162 ++++++++++++++++++ clouder_template_red_october/data/image.xml | 24 +++ .../data/image_port.xml | 15 ++ .../data/image_template.xml | 19 ++ .../data/image_volume.xml | 16 ++ .../images/data/Dockerfile | 4 + .../images/data/pki/ca/csr_ca.json | 4 + .../images/exec/Dockerfile | 37 ++++ 15 files changed, 467 insertions(+) create mode 100644 clouder_template_red_october/README.rst create mode 100644 clouder_template_red_october/__init__.py create mode 100644 clouder_template_red_october/__manifest__.py create mode 100644 clouder_template_red_october/data/application.xml create mode 100644 clouder_template_red_october/data/application_tag.xml create mode 100644 clouder_template_red_october/data/application_template.xml create mode 100644 clouder_template_red_october/data/application_type.xml create mode 100644 clouder_template_red_october/data/certificate_policy_use.xml create mode 100644 clouder_template_red_october/data/image.xml create mode 100644 clouder_template_red_october/data/image_port.xml create mode 100644 clouder_template_red_october/data/image_template.xml create mode 100644 clouder_template_red_october/data/image_volume.xml create mode 100644 clouder_template_red_october/images/data/Dockerfile create mode 100644 clouder_template_red_october/images/data/pki/ca/csr_ca.json create mode 100644 clouder_template_red_october/images/exec/Dockerfile diff --git a/clouder_template_red_october/README.rst b/clouder_template_red_october/README.rst new file mode 100644 index 0000000..7245a98 --- /dev/null +++ b/clouder_template_red_october/README.rst @@ -0,0 +1,72 @@ +.. image:: https://img.shields.io/badge/licence-LGPL--3-blue.svg + :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html + :alt: License: LGPL-3 + +============================== +Clouder Template - Red October +============================== + +This module provides a Clouder Template for Red Octover. + +Red October is a cryptographically-secure implementation of the two-person rule +to protect sensitive data. From a technical perspective, Red October is a +software-based encryption and decryption server. The server can be used to +encrypt a payload in such a way that no one individual can decrypt it. The +encryption of the payload is cryptographically tied to the credentials of the +authorized users. + +Authorized persons can delegate their credentials to the server for a period of +time. The server can decrypt any previously-encrypted payloads as long as the +appropriate number of people have delegated their credentials to the server. + +This architecture allows Red October to act as a convenient decryption service. +Other systems, including CloudFlare’s build system, can use it for decryption +and users can delegate their credentials to the server via a simple web interface. +All communication with Red October is encrypted with TLS, +ensuring that passwords are not sent in the clear. + +`Read More on CloudFlare's Blog +`_. + +`Browse Red October on Github +`_. + +Configuration +============= + +Clouder configuration instructions are available at https://clouder.readthedocs.io/ + +Usage +===== + +To use this module, you need to: + +#. Create a CFSSL Service in the Clouder Control Panel + +Known issues / Roadmap +====================== + +* Add more Signature Profile options - https://github.com/cloudflare/redoctober/blob/86ecfbe5750ebf05565e4c80104d0a7919792fee/doc/cmd/redoctober.txt#L113 + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues +`_. In case of trouble, please +check there if your issue has already been reported. If you spotted it first, +help us smashing it by providing a detailed and welcomed feedback. + +Credits +======= + +Contributors +------------ + +* Dave Lasley + +Maintainer +---------- + +This module is maintained by Clouder Community. + +To contribute to this module, please visit https://github.com/clouder-community/clouder diff --git a/clouder_template_red_october/__init__.py b/clouder_template_red_october/__init__.py new file mode 100644 index 0000000..08d9d6b --- /dev/null +++ b/clouder_template_red_october/__init__.py @@ -0,0 +1,3 @@ +# -*- coding: utf-8 -*- +# Copyright 2016 LasLabs Inc. +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). diff --git a/clouder_template_red_october/__manifest__.py b/clouder_template_red_october/__manifest__.py new file mode 100644 index 0000000..4668990 --- /dev/null +++ b/clouder_template_red_october/__manifest__.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# Copyright 2016 LasLabs Inc. +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). + +{ + 'name': 'Clouder Template - Red October', + 'version': '10.0.10.0.0', + 'category': 'Clouder', + 'depends': [ + 'clouder', + 'clouder_template_proxy', + ], + 'author': 'LasLabs Inc.', + 'license': 'LGPL-3', + 'website': 'https://github.com/clouder-community/clouder', + 'data': [ + 'data/image_template.xml', + 'data/image.xml', + 'data/image_port.xml', + 'data/image_volume.xml', + 'data/application_tag.xml', + 'data/application_type.xml', + 'data/application_template.xml', + 'data/application.xml', + ], + 'installable': True, + 'application': False, +} diff --git a/clouder_template_red_october/data/application.xml b/clouder_template_red_october/data/application.xml new file mode 100644 index 0000000..adc051b --- /dev/null +++ b/clouder_template_red_october/data/application.xml @@ -0,0 +1,42 @@ + + + + + + + CFSSL Data + data + + + + 1 + + + + + CFSSL Exec + exec + + + + 2 + + auto + + + + CFSSL + redoctober + + + + 1 + + + + diff --git a/clouder_template_red_october/data/application_tag.xml b/clouder_template_red_october/data/application_tag.xml new file mode 100644 index 0000000..62e887a --- /dev/null +++ b/clouder_template_red_october/data/application_tag.xml @@ -0,0 +1,11 @@ + + + + + + + cert_authority + + + diff --git a/clouder_template_red_october/data/application_template.xml b/clouder_template_red_october/data/application_template.xml new file mode 100644 index 0000000..1f684eb --- /dev/null +++ b/clouder_template_red_october/data/application_template.xml @@ -0,0 +1,13 @@ + + + + + + + CFSSL + + + diff --git a/clouder_template_red_october/data/application_type.xml b/clouder_template_red_october/data/application_type.xml new file mode 100644 index 0000000..8a60f66 --- /dev/null +++ b/clouder_template_red_october/data/application_type.xml @@ -0,0 +1,17 @@ + + + + + + + redoctober + root + + + + diff --git a/clouder_template_red_october/data/certificate_policy_use.xml b/clouder_template_red_october/data/certificate_policy_use.xml new file mode 100644 index 0000000..46a1a13 --- /dev/null +++ b/clouder_template_red_october/data/certificate_policy_use.xml @@ -0,0 +1,162 @@ + + + + + + + Certificate Signing + cert sign + + + + Signing + signing + + + + S/MIME + s/mime + + + + Server Authentication + server auth + + + + Client Authentication + client auth + + + + Digital Signatures + digital signature + + + + Email Protection + email protection + + + + Key Encipherment + key encipherment + + + + Content Commitment + content commitment + + + + Key Agreement + key agreement + + + + CRL Signing + crl sign + + + + Encipher Only + encipher only + + + + Decipher Only + decipher only + + + + Any + any + + + + Code Signing + code signing + + + + IPSEC End System + ipsec end system + + + + IPSEC Tunnel + ipsec tunnel + + + + IPSEC User + ipsec user + + + + Timestamping + timestamping + + + + OCSP Signing + ocsp signing + + + + Microsoft SGC + microsoft sgc + + + + Netscape SGC + netscape sgc + + + diff --git a/clouder_template_red_october/data/image.xml b/clouder_template_red_october/data/image.xml new file mode 100644 index 0000000..622b767 --- /dev/null +++ b/clouder_template_red_october/data/image.xml @@ -0,0 +1,24 @@ + + + + + + + image_redoctober_data + + lasley/redoctober-data + + + + image_redoctober_exec + + lasley/redoctober-exec + data + + + diff --git a/clouder_template_red_october/data/image_port.xml b/clouder_template_red_october/data/image_port.xml new file mode 100644 index 0000000..1562dc6 --- /dev/null +++ b/clouder_template_red_october/data/image_port.xml @@ -0,0 +1,15 @@ + + + + + + + + redoctober-http + 8888 + + + diff --git a/clouder_template_red_october/data/image_template.xml b/clouder_template_red_october/data/image_template.xml new file mode 100644 index 0000000..6e55bd3 --- /dev/null +++ b/clouder_template_red_october/data/image_template.xml @@ -0,0 +1,19 @@ + + + + + + + image_template_redoctober_data + + + + image_template_redoctober_exec + + + diff --git a/clouder_template_red_october/data/image_volume.xml b/clouder_template_red_october/data/image_volume.xml new file mode 100644 index 0000000..67c4d10 --- /dev/null +++ b/clouder_template_red_october/data/image_volume.xml @@ -0,0 +1,16 @@ + + + + + + + + cert_store + /var/pki + root + + + diff --git a/clouder_template_red_october/images/data/Dockerfile b/clouder_template_red_october/images/data/Dockerfile new file mode 100644 index 0000000..d9d246c --- /dev/null +++ b/clouder_template_red_october/images/data/Dockerfile @@ -0,0 +1,4 @@ +FROM clouder/base:3.4 +MAINTAINER Dave Lasley + +CMD tail -f /dev/null diff --git a/clouder_template_red_october/images/data/pki/ca/csr_ca.json b/clouder_template_red_october/images/data/pki/ca/csr_ca.json new file mode 100644 index 0000000..d9d246c --- /dev/null +++ b/clouder_template_red_october/images/data/pki/ca/csr_ca.json @@ -0,0 +1,4 @@ +FROM clouder/base:3.4 +MAINTAINER Dave Lasley + +CMD tail -f /dev/null diff --git a/clouder_template_red_october/images/exec/Dockerfile b/clouder_template_red_october/images/exec/Dockerfile new file mode 100644 index 0000000..eb4f5c2 --- /dev/null +++ b/clouder_template_red_october/images/exec/Dockerfile @@ -0,0 +1,37 @@ +FROM clouder/base:3.4 +MAINTAINER Dave Lasley + + +RUN groupadd -r redoctober --gid=999 && useradd -r -g redoctober --uid=999 redoctober + +# Install Build Dependencies + +ENV buildDeps "build-base \ + gcc \ + git \ + go \ + libtool \ + openssl \ + runit" + +RUN apk add --no-cache $buildDeps + +# Install Red October + +RUN git clone --depth=1 https://github.com/cloudflare/redoctober.git /go/src/github.com/cloudflare/redoctober + +RUN go install github.com/cloudflare/redoctober + +EXPOSE 8080 8081 +ENV RO_CERTS=/var/lib/redoctober/data/server.crt \ + RO_KEYS=/var/lib/redoctober/data/server.pem \ + RO_DATA=/var/lib/redoctober/data \ + RO_CERTPASSWD=password \ + RO_COMMONNAME=localhost + +ENTRYPOINT ["/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"] +CMD ["redoctober", \ + "-addr=:8080", \ + "-vaultpath=/var/lib/redoctober/data/diskrecord.json", \ + "-certs=/var/lib/redoctober/data/server.crt", \ + "-keys=/var/lib/redoctober/data/server.pem"] From be1aaaad7dbf9c0bb28c8f38346ed57c8aacbd8e Mon Sep 17 00:00:00 2001 From: Dave Lasley Date: Tue, 27 Dec 2016 20:35:13 -0800 Subject: [PATCH 2/9] [FIX] clouder_template_red_october: Review fixes * Remove data and source from base * Proxy compat * Roadmap notes * Switch user to red october * Fix dockerfile * Bugfixes --- clouder_template_red_october/README.rst | 7 +- clouder_template_red_october/__init__.py | 2 + clouder_template_red_october/__manifest__.py | 1 - .../data/application.xml | 6 +- .../data/application_tag.xml | 11 -- .../data/application_template.xml | 2 +- .../data/application_type.xml | 5 +- .../data/certificate_policy_use.xml | 162 ------------------ clouder_template_red_october/data/image.xml | 2 +- .../data/image_port.xml | 12 +- .../data/image_volume.xml | 6 +- .../images/data/Dockerfile | 4 - .../images/data/pki/ca/csr_ca.json | 4 - .../images/exec/Dockerfile | 29 ++-- .../models/__init__.py | 5 + .../models/container.py | 18 ++ 16 files changed, 62 insertions(+), 214 deletions(-) delete mode 100644 clouder_template_red_october/data/application_tag.xml delete mode 100644 clouder_template_red_october/data/certificate_policy_use.xml delete mode 100644 clouder_template_red_october/images/data/Dockerfile delete mode 100644 clouder_template_red_october/images/data/pki/ca/csr_ca.json create mode 100644 clouder_template_red_october/models/__init__.py create mode 100644 clouder_template_red_october/models/container.py diff --git a/clouder_template_red_october/README.rst b/clouder_template_red_october/README.rst index 7245a98..2d55b28 100644 --- a/clouder_template_red_october/README.rst +++ b/clouder_template_red_october/README.rst @@ -6,7 +6,7 @@ Clouder Template - Red October ============================== -This module provides a Clouder Template for Red Octover. +This module provides a Clouder Template for Red October. Red October is a cryptographically-secure implementation of the two-person rule to protect sensitive data. From a technical perspective, Red October is a @@ -41,12 +41,13 @@ Usage To use this module, you need to: -#. Create a CFSSL Service in the Clouder Control Panel +#. Create a Red October application in Clouder Known issues / Roadmap ====================== -* Add more Signature Profile options - https://github.com/cloudflare/redoctober/blob/86ecfbe5750ebf05565e4c80104d0a7919792fee/doc/cmd/redoctober.txt#L113 +* The container is currently using a self-signed certificate. This should be changed once a CA exists. +* Runit is being installed via community repos, which are HTTP only. This is insecure. Bug Tracker =========== diff --git a/clouder_template_red_october/__init__.py b/clouder_template_red_october/__init__.py index 08d9d6b..6b7b00c 100644 --- a/clouder_template_red_october/__init__.py +++ b/clouder_template_red_october/__init__.py @@ -1,3 +1,5 @@ # -*- coding: utf-8 -*- # Copyright 2016 LasLabs Inc. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). + +from . import models diff --git a/clouder_template_red_october/__manifest__.py b/clouder_template_red_october/__manifest__.py index 4668990..ec0c2bb 100644 --- a/clouder_template_red_october/__manifest__.py +++ b/clouder_template_red_october/__manifest__.py @@ -18,7 +18,6 @@ 'data/image.xml', 'data/image_port.xml', 'data/image_volume.xml', - 'data/application_tag.xml', 'data/application_type.xml', 'data/application_template.xml', 'data/application.xml', diff --git a/clouder_template_red_october/data/application.xml b/clouder_template_red_october/data/application.xml index adc051b..8370685 100644 --- a/clouder_template_red_october/data/application.xml +++ b/clouder_template_red_october/data/application.xml @@ -5,7 +5,7 @@ - CFSSL Data + Red October Data data @@ -15,7 +15,7 @@ - CFSSL Exec + Red October Exec exec @@ -26,7 +26,7 @@ - CFSSL + Red October redoctober diff --git a/clouder_template_red_october/data/application_tag.xml b/clouder_template_red_october/data/application_tag.xml deleted file mode 100644 index 62e887a..0000000 --- a/clouder_template_red_october/data/application_tag.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - cert_authority - - - diff --git a/clouder_template_red_october/data/application_template.xml b/clouder_template_red_october/data/application_template.xml index 1f684eb..85cebc8 100644 --- a/clouder_template_red_october/data/application_template.xml +++ b/clouder_template_red_october/data/application_template.xml @@ -7,7 +7,7 @@ - CFSSL + Red October diff --git a/clouder_template_red_october/data/application_type.xml b/clouder_template_red_october/data/application_type.xml index 8a60f66..46125fa 100644 --- a/clouder_template_red_october/data/application_type.xml +++ b/clouder_template_red_october/data/application_type.xml @@ -8,10 +8,7 @@ model="clouder.application.type" > redoctober - root - + redoctober diff --git a/clouder_template_red_october/data/certificate_policy_use.xml b/clouder_template_red_october/data/certificate_policy_use.xml deleted file mode 100644 index 46a1a13..0000000 --- a/clouder_template_red_october/data/certificate_policy_use.xml +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - Certificate Signing - cert sign - - - - Signing - signing - - - - S/MIME - s/mime - - - - Server Authentication - server auth - - - - Client Authentication - client auth - - - - Digital Signatures - digital signature - - - - Email Protection - email protection - - - - Key Encipherment - key encipherment - - - - Content Commitment - content commitment - - - - Key Agreement - key agreement - - - - CRL Signing - crl sign - - - - Encipher Only - encipher only - - - - Decipher Only - decipher only - - - - Any - any - - - - Code Signing - code signing - - - - IPSEC End System - ipsec end system - - - - IPSEC Tunnel - ipsec tunnel - - - - IPSEC User - ipsec user - - - - Timestamping - timestamping - - - - OCSP Signing - ocsp signing - - - - Microsoft SGC - microsoft sgc - - - - Netscape SGC - netscape sgc - - - diff --git a/clouder_template_red_october/data/image.xml b/clouder_template_red_october/data/image.xml index 622b767..09985e9 100644 --- a/clouder_template_red_october/data/image.xml +++ b/clouder_template_red_october/data/image.xml @@ -9,7 +9,7 @@ - lasley/redoctober-data + clouder/base:3.4 diff --git a/clouder_template_red_october/data/image_port.xml b/clouder_template_red_october/data/image_port.xml index 1562dc6..3c547e3 100644 --- a/clouder_template_red_october/data/image_port.xml +++ b/clouder_template_red_october/data/image_port.xml @@ -8,8 +8,16 @@ model="clouder.image.port" > - redoctober-http - 8888 + https + 8080 + + + + + comm + 8081 diff --git a/clouder_template_red_october/data/image_volume.xml b/clouder_template_red_october/data/image_volume.xml index 67c4d10..7e9e4b6 100644 --- a/clouder_template_red_october/data/image_volume.xml +++ b/clouder_template_red_october/data/image_volume.xml @@ -8,9 +8,9 @@ model="clouder.image.volume" > - cert_store - /var/pki - root + data + /var/lib/redoctober/data + redoctober diff --git a/clouder_template_red_october/images/data/Dockerfile b/clouder_template_red_october/images/data/Dockerfile deleted file mode 100644 index d9d246c..0000000 --- a/clouder_template_red_october/images/data/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM clouder/base:3.4 -MAINTAINER Dave Lasley - -CMD tail -f /dev/null diff --git a/clouder_template_red_october/images/data/pki/ca/csr_ca.json b/clouder_template_red_october/images/data/pki/ca/csr_ca.json deleted file mode 100644 index d9d246c..0000000 --- a/clouder_template_red_october/images/data/pki/ca/csr_ca.json +++ /dev/null @@ -1,4 +0,0 @@ -FROM clouder/base:3.4 -MAINTAINER Dave Lasley - -CMD tail -f /dev/null diff --git a/clouder_template_red_october/images/exec/Dockerfile b/clouder_template_red_october/images/exec/Dockerfile index eb4f5c2..695e88c 100644 --- a/clouder_template_red_october/images/exec/Dockerfile +++ b/clouder_template_red_october/images/exec/Dockerfile @@ -1,8 +1,8 @@ FROM clouder/base:3.4 MAINTAINER Dave Lasley - -RUN groupadd -r redoctober --gid=999 && useradd -r -g redoctober --uid=999 redoctober +RUN addgroup -S redoctober \ + && adduser -S -g redoctober redoctober # Install Build Dependencies @@ -12,26 +12,25 @@ ENV buildDeps "build-base \ go \ libtool \ openssl \ - runit" + runit@community" + +RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories RUN apk add --no-cache $buildDeps # Install Red October - -RUN git clone --depth=1 https://github.com/cloudflare/redoctober.git /go/src/github.com/cloudflare/redoctober - +RUN git clone --depth=1 https://github.com/cloudflare/redoctober.git /usr/lib/go/src/github.com/cloudflare/redoctober RUN go install github.com/cloudflare/redoctober -EXPOSE 8080 8081 -ENV RO_CERTS=/var/lib/redoctober/data/server.crt \ - RO_KEYS=/var/lib/redoctober/data/server.pem \ - RO_DATA=/var/lib/redoctober/data \ - RO_CERTPASSWD=password \ - RO_COMMONNAME=localhost +# Setup Environment +ENV RO_DATA=/var/lib/redoctober/data \ + RO_CERTS=$RO_DATA/server.crt \ + RO_KEYS=$RO_DATA/server.pem ENTRYPOINT ["/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"] + CMD ["redoctober", \ "-addr=:8080", \ - "-vaultpath=/var/lib/redoctober/data/diskrecord.json", \ - "-certs=/var/lib/redoctober/data/server.crt", \ - "-keys=/var/lib/redoctober/data/server.pem"] + "-vaultpath=$RO_DATA/diskrecord.json", \ + "-certs=$RO_CERTS", \ + "-keys=$RO_KEYS"] diff --git a/clouder_template_red_october/models/__init__.py b/clouder_template_red_october/models/__init__.py new file mode 100644 index 0000000..4795f83 --- /dev/null +++ b/clouder_template_red_october/models/__init__.py @@ -0,0 +1,5 @@ +# -*- coding: utf-8 -*- +# Copyright 2016 LasLabs Inc. +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). + +from . import container diff --git a/clouder_template_red_october/models/container.py b/clouder_template_red_october/models/container.py new file mode 100644 index 0000000..983cef0 --- /dev/null +++ b/clouder_template_red_october/models/container.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +# Copyright 2016 LasLabs Inc. +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). + +from odoo import api, models + + +class ClouderContainer(models.Model): + _inherit = 'clouder.container' + + @api.multi + def deploy_post(self): + super(ClouderContainer, self).deploy_post() + for record in self: + if record.application_id.type_id.name == 'redoctober': + if record.application_id.code == 'data': + # @TODO: Create a CSR, sign it with the CA, execute echo + pass From 7bca20be115637b1c3ae758489deddf8a5ac874d Mon Sep 17 00:00:00 2001 From: Dave Lasley Date: Thu, 29 Dec 2016 16:43:08 -0800 Subject: [PATCH 3/9] Few fixes --- clouder_template_red_october/README.rst | 5 +++-- clouder_template_red_october/data/application.xml | 1 - clouder_template_red_october/models/__init__.py | 2 +- .../models/{container.py => service.py} | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) rename clouder_template_red_october/models/{container.py => service.py} (78%) diff --git a/clouder_template_red_october/README.rst b/clouder_template_red_october/README.rst index 2d55b28..4802fbb 100644 --- a/clouder_template_red_october/README.rst +++ b/clouder_template_red_october/README.rst @@ -41,12 +41,13 @@ Usage To use this module, you need to: -#. Create a Red October application in Clouder +#. Create a new service in the Clouder Control Panel +#. Select ``Red October`` as the application & configure everything else to preference Known issues / Roadmap ====================== -* The container is currently using a self-signed certificate. This should be changed once a CA exists. +* The service is currently using a self-signed certificate. This should be changed once a CA exists. * Runit is being installed via community repos, which are HTTP only. This is insecure. Bug Tracker diff --git a/clouder_template_red_october/data/application.xml b/clouder_template_red_october/data/application.xml index 8370685..6769286 100644 --- a/clouder_template_red_october/data/application.xml +++ b/clouder_template_red_october/data/application.xml @@ -29,7 +29,6 @@ Red October redoctober - 8080 - - comm + metrics 8081 diff --git a/clouder_template_red_october/data/image_volume.xml b/clouder_template_red_october/data/image_volume.xml index 7e9e4b6..1ae494f 100644 --- a/clouder_template_red_october/data/image_volume.xml +++ b/clouder_template_red_october/data/image_volume.xml @@ -10,7 +10,7 @@ data /var/lib/redoctober/data - redoctober + root diff --git a/clouder_template_red_october/images/exec/Dockerfile b/clouder_template_red_october/images/exec/Dockerfile index 695e88c..e1c7091 100644 --- a/clouder_template_red_october/images/exec/Dockerfile +++ b/clouder_template_red_october/images/exec/Dockerfile @@ -1,6 +1,9 @@ FROM clouder/base:3.4 MAINTAINER Dave Lasley +ARG RO_CERTPASSWD="password" +ARG RO_COMMONNAME="localhost" + RUN addgroup -S redoctober \ && adduser -S -g redoctober redoctober @@ -19,18 +22,28 @@ RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /et RUN apk add --no-cache $buildDeps # Install Red October -RUN git clone --depth=1 https://github.com/cloudflare/redoctober.git /usr/lib/go/src/github.com/cloudflare/redoctober -RUN go install github.com/cloudflare/redoctober +RUN git clone --depth=1 https://github.com/cloudflare/redoctober.git /usr/lib/go/src/github.com/cloudflare/redoctober \ + && go install github.com/cloudflare/redoctober + +ENV GOROOT="/usr/lib/go" \ + GOPATH="/gopath" \ + GOBIN="/gopath/bin" \ + PATH="$PATH:$GOROOT/bin:$GOPATH/bin" + +# Path isn't persisting for some reason. +RUN ln -s "$GOROOT/bin/redoctober" /usr/bin # Setup Environment -ENV RO_DATA=/var/lib/redoctober/data \ - RO_CERTS=$RO_DATA/server.crt \ - RO_KEYS=$RO_DATA/server.pem +ENV RO_DATA="/var/lib/redoctober/data" +ENV RO_CERTS="${RO_DATA}/server.crt" \ + RO_KEYS="${RO_DATA}/server.pem" \ + RO_CERTPASSWD="${RO_CERTPASSWD}" \ + RO_COMMONNAME="${RO_COMMONNAME}" -ENTRYPOINT ["/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"] +ENTRYPOINT ["/usr/lib/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"] CMD ["redoctober", \ - "-addr=:8080", \ - "-vaultpath=$RO_DATA/diskrecord.json", \ - "-certs=$RO_CERTS", \ - "-keys=$RO_KEYS"] + "-addr=:8080", \ + "-vaultpath=/var/lib/redoctober/data/diskrecord.json", \ + "-certs=/var/lib/redoctober/data/server.crt", \ + "-keys=/var/lib/redoctober/data/server.pem"] From bced5ad1b73db723d54a28f9304bbc30d8de9ea1 Mon Sep 17 00:00:00 2001 From: Dave Lasley Date: Mon, 2 Jan 2017 12:37:50 -0800 Subject: [PATCH 5/9] Fix metrics interface binding --- clouder_template_red_october/README.rst | 1 + clouder_template_red_october/images/exec/Dockerfile | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/clouder_template_red_october/README.rst b/clouder_template_red_october/README.rst index 00c652d..70383d2 100644 --- a/clouder_template_red_october/README.rst +++ b/clouder_template_red_october/README.rst @@ -54,6 +54,7 @@ Known issues / Roadmap * Image volume is being mounted as root, then chown is happening in the docker entrypoint. This sseems weird, so should investigate further, but is how the CloudFlare people rigged it up so it's possible they're simply smarter than me. +* Add dependency cleanup to Dockerfile. Bug Tracker =========== diff --git a/clouder_template_red_october/images/exec/Dockerfile b/clouder_template_red_october/images/exec/Dockerfile index e1c7091..9364047 100644 --- a/clouder_template_red_october/images/exec/Dockerfile +++ b/clouder_template_red_october/images/exec/Dockerfile @@ -43,7 +43,9 @@ ENV RO_CERTS="${RO_DATA}/server.crt" \ ENTRYPOINT ["/usr/lib/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"] CMD ["redoctober", \ - "-addr=:8080", \ + "-addr=0.0.0.0:8080", \ "-vaultpath=/var/lib/redoctober/data/diskrecord.json", \ "-certs=/var/lib/redoctober/data/server.crt", \ - "-keys=/var/lib/redoctober/data/server.pem"] + "-keys=/var/lib/redoctober/data/server.pem", \ + "-metrics-host=0.0.0.0", \ + "-metrics-port=8081"] From 77754a4511a3611445a804eecf43d565088abf15 Mon Sep 17 00:00:00 2001 From: Dave Lasley Date: Mon, 2 Jan 2017 14:28:20 -0800 Subject: [PATCH 6/9] Allow bases and link www to application --- clouder_template_red_october/data/application.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/clouder_template_red_october/data/application.xml b/clouder_template_red_october/data/application.xml index 6769286..163dfd9 100644 --- a/clouder_template_red_october/data/application.xml +++ b/clouder_template_red_october/data/application.xml @@ -28,7 +28,11 @@ Red October redoctober + + - lasley/redoctober-exec + laslabs/clouder-red-october-exec data diff --git a/clouder_template_red_october/images/exec/Dockerfile b/clouder_template_red_october/images/exec/Dockerfile deleted file mode 100644 index 9364047..0000000 --- a/clouder_template_red_october/images/exec/Dockerfile +++ /dev/null @@ -1,51 +0,0 @@ -FROM clouder/base:3.4 -MAINTAINER Dave Lasley - -ARG RO_CERTPASSWD="password" -ARG RO_COMMONNAME="localhost" - -RUN addgroup -S redoctober \ - && adduser -S -g redoctober redoctober - -# Install Build Dependencies - -ENV buildDeps "build-base \ - gcc \ - git \ - go \ - libtool \ - openssl \ - runit@community" - -RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories - -RUN apk add --no-cache $buildDeps - -# Install Red October -RUN git clone --depth=1 https://github.com/cloudflare/redoctober.git /usr/lib/go/src/github.com/cloudflare/redoctober \ - && go install github.com/cloudflare/redoctober - -ENV GOROOT="/usr/lib/go" \ - GOPATH="/gopath" \ - GOBIN="/gopath/bin" \ - PATH="$PATH:$GOROOT/bin:$GOPATH/bin" - -# Path isn't persisting for some reason. -RUN ln -s "$GOROOT/bin/redoctober" /usr/bin - -# Setup Environment -ENV RO_DATA="/var/lib/redoctober/data" -ENV RO_CERTS="${RO_DATA}/server.crt" \ - RO_KEYS="${RO_DATA}/server.pem" \ - RO_CERTPASSWD="${RO_CERTPASSWD}" \ - RO_COMMONNAME="${RO_COMMONNAME}" - -ENTRYPOINT ["/usr/lib/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"] - -CMD ["redoctober", \ - "-addr=0.0.0.0:8080", \ - "-vaultpath=/var/lib/redoctober/data/diskrecord.json", \ - "-certs=/var/lib/redoctober/data/server.crt", \ - "-keys=/var/lib/redoctober/data/server.pem", \ - "-metrics-host=0.0.0.0", \ - "-metrics-port=8081"] From 73b3fa90a19262dbc817bb2734e66af6611c1145 Mon Sep 17 00:00:00 2001 From: Dave Lasley Date: Tue, 17 Jan 2017 15:51:51 -0800 Subject: [PATCH 8/9] Expose ports --- clouder_template_red_october/data/image_port.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/clouder_template_red_october/data/image_port.xml b/clouder_template_red_october/data/image_port.xml index d2a05c6..3a92871 100644 --- a/clouder_template_red_october/data/image_port.xml +++ b/clouder_template_red_october/data/image_port.xml @@ -10,6 +10,7 @@ https 8080 + local metrics 8081 + local From d07eabd984d61b8bb9e1c1bb5dd6641021ea3905 Mon Sep 17 00:00:00 2001 From: Dave Lasley Date: Wed, 18 Jan 2017 13:16:56 -0800 Subject: [PATCH 9/9] Switch expose to internet --- clouder_template_red_october/data/image_port.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clouder_template_red_october/data/image_port.xml b/clouder_template_red_october/data/image_port.xml index 3a92871..3cbec4e 100644 --- a/clouder_template_red_october/data/image_port.xml +++ b/clouder_template_red_october/data/image_port.xml @@ -10,7 +10,7 @@ https 8080 - local + internet metrics 8081 - local + internet