4 Commits

6 changed files with 71 additions and 26 deletions
Split View
  1. +15
    -0
      .drone.yml
  2. +4
    -1
      Makefile
  3. +12
    -0
      roles/containers/files/Makefile
  4. +2
    -18
      roles/containers/files/coturn.Dockerfile
  5. +5
    -5
      roles/containers/files/nextcloud.Dockerfile
  6. +33
    -2
      roles/containers/tasks/autoscaler.yml

+ 15
- 0
.drone.yml View File

@ -0,0 +1,15 @@
kind: pipeline
type: docker
name: default
steps:
- name: build containers
image: ubuntu:20.04
environment:
DOCKER_HOST: "unix:///var/run/docker.sock"
commands:
- apt update && apt install -y docker.io make
- make containers

+ 4
- 1
Makefile View File

@ -23,4 +23,7 @@ localhost: ## install localhost as workstation
ansible-playbook -i inventories/localhost.ini main.yml --tags workstation --extra-vars '{"CONFIG": {"USER": "$$(whoami)"}}'
osuv: ## rollout osuv.de
ansible-playbook -i inventories/inventory.ini main.yml --tags osuvde
ansible-playbook -i inventories/inventory.ini main.yml --tags osuvde
containers: ## build containers
$(MAKE) coturn -C roles/containers/files/

+ 12
- 0
roles/containers/files/Makefile View File

@ -0,0 +1,12 @@
.PHONY: help test
help: ## This help.
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
.DEFAULT_GOAL := help
nextcloud: ## build nextcloud
docker build -f nextcloud.Dockerfile -t registry.gitlab.com/markuman/container-images:home.21.0.0.1 .
coturn: ## build coturn
docker build -f coturn.Dockerfile -t registry.gitlab.com/markuman/container-images:coturn .

+ 2
- 18
roles/containers/files/coturn.Dockerfile View File

@ -1,20 +1,4 @@
FROM alpine:3.12
FROM alpine:3.13
RUN apk add --update coturn
CMD turnserver --prod --no-tlsv1 --no-tlsv1_1\
--tls-listening-port 5349 \
--listening-ip=0.0.0.0 \
--relay-ip=0.0.0.0 \
--fingerprint \
--lt-cred-mech \
--use-auth-secret \
--static-auth-secret $STATIC_SECRET \
--realm $REALM \
--total-quota 100 \
--bps-capacity=50000000 \
--max-bps=50000000 \
--stale-nonce=600 \
--cert /cert.pem \
--pkey /privkey.pem \
--cipher-list “ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384″ \
--no-multicast-peers
CMD turnserver -c /etc/turnserver.conf

+ 5
- 5
roles/containers/files/nextcloud.Dockerfile View File

@ -1,7 +1,7 @@
#
# Use a temporary image to compile and test the libraries
#
FROM nextcloud:20.0.3 as builder
FROM nextcloud21:latest as builder
# Build and install dlib on builder
@ -49,7 +49,7 @@ RUN git clone https://github.com/matiasdelellis/pdlib-min-test-suite.git \
# If pass the tests, we are able to create the final image.
#
FROM nextcloud:20.0.3
FROM nextcloud21:latest
# Install dependencies to image
@ -62,19 +62,19 @@ COPY --from=builder /usr/local/lib/libdlib.so* /usr/local/lib/
# If is necesary take the php extention folder uncommenting the next line
# RUN php -i | grep extension_dir
COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20190902/pdlib.so /usr/local/lib/php/extensions/no-debug-non-zts-20190902/
COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20200930/pdlib.so /usr/local/lib/php/extensions/no-debug-non-zts-20200930/
# Enable PDlib on final image
RUN echo "extension=pdlib.so" > /usr/local/etc/php/conf.d/pdlib.ini
# Increse memory limits
RUN echo memory_limit=1024M > /usr/local/etc/php/conf.d/memory-limit.ini
RUN sed -i 's/memory_limit=512M/memory_limit=1G/' /usr/local/etc/php/conf.d/memory-limit.ini
RUN sed -i 's/LogFormat "%h/LogFormat "%{X-Forwarded-For}i/' /etc/apache2/apache2.conf
RUN sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/apache2/conf-available/security.conf
RUN sed -i 's/expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production
RUN sed -i 's/output_buffering = 4096/output_buffering = Off/' /usr/local/etc/php/php.ini-production
RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
RUN apt update && apt install -y libbz2-dev


+ 33
- 2
roles/containers/tasks/autoscaler.yml View File

@ -10,9 +10,9 @@
notify:
- reload systemd
- name: add autoscaler script
- name: add hetzner drone autoscaler script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
dest: "/opt/hetzner_drone_{{ THIS_SERVICE }}"
content: |
#!/bin/bash
docker run --rm --name {{ THIS_SERVICE }} \
@ -38,6 +38,37 @@
-e DRONE_POOL_MIN_AGE=45m \
drone/autoscaler:1.7.3
mode: +x
- name: add aws drone autoscaler script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
content: |
#!/bin/bash
docker run --rm --name {{ THIS_SERVICE }} \
--detach=false \
--network osuv \
-v {{ DOCKER_DATA }}/drone_autoscaler:/data \
-e DRONE_GITEA_SERVER="https://git.osuv.de" \
-e DRONE_GITEA_CLIENT_ID="{{ CONFIG.GITEA_CLIENT_ID }}" \
-e DRONE_GITEA_CLIENT_SECRET="{{ CONFIG.GITEA_CLIENT_SECRET }}" \
-e DRONE_RPC_SECRET="{{ CONFIG.DRONE_RPC_SECRET }}" \
-e DRONE_SERVER_HOST=drone.osuv.de \
-e DRONE_SERVER_PROTO=https \
-e DRONE_SERVER_TOKEN="{{ CONFIG.DRONE_SERVER_TOKEN }}" \
-e DRONE_AGENT_TOKEN="{{ CONFIG.DRONE_AGENT_TOKEN }}" \
-e DRONE_POOL_MIN="0" \
-e DRONE_POOL_MAX="1" \
-e DRONE_AMAZON_INSTANCE=c5a.large \
-e DRONE_AMAZON_REGION=eu-central-1 \
-e DRONE_AMAZON_SUBNET_ID=subnet-d8309db2 \
-e DRONE_AMAZON_SECURITY_GROUP=sg-05c5806fe28d752a7 \
-e DRONE_AMAZON_SSHKEY=nuc \
-e AWS_ACCESS_KEY_ID={{ CONFIG.AWS_ACCESS_KEY_ID }} \
-e AWS_SECRET_ACCESS_KEY={{ CONFIG.AWS_SECRET_ACCESS_KEY }} \
-e DRONE_INTERVAL=60s \
-e DRONE_POOL_MIN_AGE=30m \
drone/autoscaler:1.7.3
mode: +x
register: myservice
notify:
- restart service


Loading…
Cancel
Save