diff --git a/README.md b/README.md index a4ad23ed..308afea3 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Crane, maintained by [dataman-cloud](https://github.com/Dataman-Cloud), is a doc ### Option 1: Stable version in one line - Please read the [release/v1.0.5/README.md](release/v1.0.5/README.md) + Please read the [release/v1.0.6/README.md](release/v1.0.6/README.md) ### Option 2: Latest or development from docker build diff --git a/bin/build-push-or-up.sh b/bin/build-push-or-up.sh index 2d35513e..19d9fa7a 100755 --- a/bin/build-push-or-up.sh +++ b/bin/build-push-or-up.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -o errtrace -set -o errexit +set -e export REGISTRY_PREFIX=${REGISTRY_PREFIX:-""} export DEFAULT_TAG=`git log --pretty=format:'%h' -n 1` @@ -21,10 +20,6 @@ if [ ! -f docker/docker ]; then curl https://get.docker.com/builds/Linux/x86_64/docker-latest.tgz | tar xzv fi -# setup env_file -echo "Copy default env file to env_file" -cp deploy/env deploy/env_file -sed -i -e "s/CRANE_IP/${CRANE_IP}/" deploy/env_file # build crane docker-compose -p crane -f deploy/docker-compose.yml build @@ -52,5 +47,6 @@ then docker-compose -p crane -f deploy/docker-compose.yml stop docker-compose -p crane -f deploy/docker-compose.yml rm -f - docker-compose -p crane -f deploy/docker-compose.yml up -d + + CRANE_SWARM_MANAGER_IP=${CRANE_IP} docker-compose -p crane -f deploy/docker-compose.yml up -d fi diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index e3fe71c9..53bfa991 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -24,6 +24,7 @@ services: - CRANE_IP volumes: - ./registry_storage:/storage + - /etc/localtime:/etc/localtime restart: always crane: build: @@ -31,12 +32,14 @@ services: dockerfile: ./deploy/Dockerfile image: ${REGISTRY_PREFIX}crane:${TAG} env_file: - - ./env_file + - ./env links: - crane_registry - crane_db ports: - "5013:5013" + volumes: + - /etc/localtime:/etc/localtime restart: always crane_db: build: @@ -47,4 +50,5 @@ services: - MYSQL_ROOT_PASSWORD=111111 volumes: - ./mysql_storage:/var/lib/mysql + - /etc/localtime:/etc/localtime restart: always diff --git a/deploy/env b/deploy/env index 5b4ff229..f7ae278e 100644 --- a/deploy/env +++ b/deploy/env @@ -1,5 +1,5 @@ CRANE_ADDR=0.0.0.0:5013 -CRANE_SWARM_MANAGER_IP=CRANE_IP +CRANE_SWARM_MANAGER_IP CRANE_DOCKER_TLS_VERIFY=false CRANE_DOCKER_ENTRY_PORT=2375 CRANE_DOCKER_API_VERSION=1.24 diff --git a/release/how-to-release.md b/release/how-to-release.md index 2accc7e8..8a8bfdc0 100644 --- a/release/how-to-release.md +++ b/release/how-to-release.md @@ -4,5 +4,6 @@ Suppose we are bumping version v1.0.5 1. CRANE_IP=192.168.59.105 VERSION=v1.0.5 REGISTRY_PREFIX=catalog.shurenyun.com/library/ ./bin/build-push-or-up.sh push 2. cp -r template v1.0.5 -3. edit the file v1.0.5/README.md , set the VERSION=v1.0.5 -4. edit the script v1.0.5/deploy.sh if needed +3. cp ../deploy/env v1.0.5 +4. edit the file v1.0.5/README.md , set the VERSION=v1.0.5 +5. edit the script v1.0.5/deploy.sh if needed diff --git a/release/template/docker-compose.yml b/release/template/docker-compose.yml index c4154980..1684afe6 100644 --- a/release/template/docker-compose.yml +++ b/release/template/docker-compose.yml @@ -17,14 +17,16 @@ services: environment: - CRANE_IP volumes: - - ./registry_storage:/var/lib/registry + - ./registry_storage:/storage - /etc/localtime:/etc/localtime restart: always crane: image: ${REGISTRY_PREFIX}crane:${TAG} - environment: - - CRANE_SWARM_MANAGER_IP - - CRANE_DOCKER_ENTRY_PORT + env_file: + - ./env + links: + - crane_registry + - crane_db volumes: - /etc/localtime:/etc/localtime ports: diff --git a/release/v1.0.6/README.md b/release/v1.0.6/README.md new file mode 100644 index 00000000..0938b3bd --- /dev/null +++ b/release/v1.0.6/README.md @@ -0,0 +1,22 @@ +Deploy guide +============= + +## 国内 + +1. 请确保docker安装版本 >=1.12, 并确保docker正常运行.(如何安装和配置docker请参考https://docs.docker.com/engine/installation/) +2. 请确保docker-compose已经正确安装.(如何安装docker-compose请参考https://docs.docker.com/compose/install/) +3. 启动环境 `CRANE_IP=X.X.X.X VERSION=v1.0.6 ./deploy.sh` +4. 安装成功后通过浏览器访问 http://$IP 即可,默认用户名:admin@admin.com 密码:adminadmin + +## Others + +1. docker>=1.12 [how to install](https://docs.docker.com/engine/installation/) +2. docker-compose>=1.8.0 [how to install](https://docs.docker.com/compose/install/) +3. Enable the Docker tcp Socket on port: 2375 [how to config](https://docs.docker.com/engine/reference/commandline/dockerd/#/daemon-socket-option) +4. Start ntp service +5. You'd better `setenforce 0` +6. `CRANE_IP=X.X.X.X VERSION=v1.0.6 REGISTRY_PREFIX=2breakfast/ ./deploy.sh` +7. Browser http://$CRANE_IP + + * username: `admin@admin.com` + * password: `adminadmin` diff --git a/release/v1.0.6/deploy.sh b/release/v1.0.6/deploy.sh new file mode 100755 index 00000000..0712cd2e --- /dev/null +++ b/release/v1.0.6/deploy.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +set -e + +export CRANE_SWARM_MANAGER_IP=$CRANE_IP +export TAG=${VERSION:-1.0} +export REGISTRY_PREFIX=${REGISTRY_PREFIX:-catalog.shurenyun.com/library/} + +# node env check +echo "Checking the node status" +./node-init.sh || exit 1 + +# swarm init +echo "Trying to init swarm cluster" +INIT_ERROR=$(docker swarm init --advertise-addr=$CRANE_IP 2>&1 > /dev/null) || { + docker info 2>/dev/null | grep Swarm | grep -v inactive || { + printf "\033[41mERROR:\033[0m failed to init swarm against cmd: \e[1;34mdocker swarm init --advertise-addr=$CRANE_IP\e[0m\n" + echo "$INIT_ERROR" + exit 1 + } +} +echo "Swarm cluster have been running!" + +docker-compose -p crane up -d + +# feedback the activities +curl -XPOST 123.59.58.58:4500/activities -H "Content-Type: application/json" -d'{"UniqId": "'"$(hostname)"'"}' &>/dev/null || exit 1 diff --git a/release/v1.0.6/docker-compose.yml b/release/v1.0.6/docker-compose.yml new file mode 100644 index 00000000..1684afe6 --- /dev/null +++ b/release/v1.0.6/docker-compose.yml @@ -0,0 +1,42 @@ +version: "2" +services: + blackmamba: + image: ${REGISTRY_PREFIX}blackmamba:${TAG} + ports: + - "80:80" + volumes: + - /etc/localtime:/etc/localtime + links: + - crane + restart: always + crane_registry: + image: ${REGISTRY_PREFIX}registry:crane${TAG} + ports: + - "5000:5000" + - "5001:5001" + environment: + - CRANE_IP + volumes: + - ./registry_storage:/storage + - /etc/localtime:/etc/localtime + restart: always + crane: + image: ${REGISTRY_PREFIX}crane:${TAG} + env_file: + - ./env + links: + - crane_registry + - crane_db + volumes: + - /etc/localtime:/etc/localtime + ports: + - "5013:5013" + restart: always + crane_db: + image: ${REGISTRY_PREFIX}mysql:crane${TAG} + environment: + - MYSQL_ROOT_PASSWORD=111111 + volumes: + - ./mysql_storage:/var/lib/mysql + - /etc/localtime:/etc/localtime + restart: always diff --git a/release/v1.0.6/env b/release/v1.0.6/env new file mode 100644 index 00000000..f7ae278e --- /dev/null +++ b/release/v1.0.6/env @@ -0,0 +1,21 @@ +CRANE_ADDR=0.0.0.0:5013 +CRANE_SWARM_MANAGER_IP +CRANE_DOCKER_TLS_VERIFY=false +CRANE_DOCKER_ENTRY_PORT=2375 +CRANE_DOCKER_API_VERSION=1.24 +CRANE_DOCKER_CERT_PATH=null + +CRANE_DB_DSN=root:111111@tcp(crane_db:3306)/crane?charset=utf8&parseTime=true&loc=Local +CRANE_DB_DRIVER=mysql + +CRANE_FEATURE_FLAGS=registry,account,catalog,search,registryauth + +CRANE_REGISTRY_PRIVATE_KEY_PATH=./private_key.pem +CRANE_REGISTRY_ADDR=http://crane_registry:5000 + +CRANE_ACCOUNT_TOKEN_STORE=default +CRANE_ACCOUNT_AUTHENTICATOR=default +CRANE_ACCOUNT_EMAIL_DEFAULT=admin@admin.com +CRANE_ACCOUNT_PASSWORD_DEFAULT=adminadmin + +CRANE_SEARCH_LOAD_DATA_INTERVAL=1 diff --git a/release/v1.0.6/node-init.sh b/release/v1.0.6/node-init.sh new file mode 100755 index 00000000..0a4f5ec8 --- /dev/null +++ b/release/v1.0.6/node-init.sh @@ -0,0 +1,381 @@ +#!/bin/sh +set -e +# Maintainer: weitao zhou + +# Usage: +# curl -Ls https://$DM_HOST/node-init.sh | sudo sh +# +# Feature: +# check host arch +# check ip forwarding +# check docker version +# check docker tcp socket +# check apparmor for ubuntu +# check selinux for centos/rhel +# check ntp service +# check firewalld +# check iptables + +# Suppose the major version=1 +# The following represents the acturally desired version is 1.12.0 +DOCKER_MINOR_VERSION_REQUIRED=12 + +# docker convention: +# 2376: encrypted communication +# 2375: un-encrypted communication +DOCKER_TCP_SOCKET=2375 +SUPPORTED_ARCH=x86_64 + +_command_exists() { + command -v "$@" > /dev/null 2>&1 +} + +host_arch_supported() +{ + if [ "$(uname -m)" != $SUPPORTED_ARCH ]; then + echo "********************************************************" + printf "\033[41mERROR:\033[0m We cannot support arch $(uname -m), and x86_64 is the only supported arch currently.\n" + echo "********************************************************" + exit 1 + fi +} + +ip_forwarding_enabled() +{ + OS="`uname`" + case $OS in + 'Darwin') + sysctl net.inet.ip.forwarding | grep 1 || { + echo "********************************************************" + printf "\033[41mERROR:\033[0m IP Forwarding is disabled! Please Enable the IP Forwarding permanently as following:\n" + echo "********************************************************" + printf "\n" + printf "\n" + printf "run command sudo sysctl -w net.inet.ip.forwarding=1\n" + printf "refer: http://serverfault.com/questions/97117/how-do-i-enable-ip-forwarding-in-macos-x\n" + exit 1 + } ;; + *) + sysctl net.ipv4.ip_forward | grep 1 || { + echo "********************************************************" + printf "\033[41mERROR:\033[0m IP Forwarding is disabled! Please Enable the IP Forwarding permanently as following:\n" + echo "********************************************************" + printf "\n" + printf "\n" + printf "edit or add a line containing \e[1;34m net.ipv4.ip_forward=1 \e[0m to file /etc/sysctl.conf , and then,\n" + printf "run command sysctl -p /etc/sysctl.conf\n" + printf "refer: http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/\n" + exit 1 + } ;; + esac +} + +docker_required() { + OS=`uname` + case $OS in + 'Darwin') + ;; + *) + if _command_exists dockerd; then + echo "-> Checking docker runtime environment..." + else + echo "********************************************************" + printf "\033[41mERROR:\033[0m command **dockerd** is NOT FOUND! Please make sure docker-engine>=1.$DOCKER_MINOR_VERSION_REQUIRED is installed!\n" + echo "********************************************************" + exit 1 + fi + ;; + esac + + docker_version="$(docker version --format '{{.Server.Version}}' | awk -F. '{print $2}')" + + if [ -z $docker_version ];then + echo "***********************************************************************" + printf "\033[41mERROR:\033[0m Docker daemon is NOT STARTED! Run it manually:\n" + printf "\n" + printf "\n" + printf "For CentOS/RHEL\n" + printf "systemctl enable docker && service docker start\n" + printf "refer: https://docs.docker.com/engine/installation/linux/centos/#/start-the-docker-daemon-at-boot\n" + printf "\n" + printf "For Ubuntu>=15.04\n" + printf "systemctl enable docker && service docker start\n" + printf "\n" + printf "For Ubuntu<=14.10\n" + printf "service docker start\n" + printf "refer: https://docs.docker.com/engine/installation/linux/ubuntulinux/#/configure-docker-to-start-on-boot\n" + echo "***********************************************************************" + exit 1 + fi + + if [ $docker_version -lt $DOCKER_MINOR_VERSION_REQUIRED ]; then + echo "********************************************************" + printf "\033[41mERROR:\033[0m docker-engine>=1.$DOCKER_MINOR_VERSION_REQUIRED is required, current version: 1.$docker_version\n" + echo "********************************************************" + exit 1 + fi + echo "Checking docker runtime environment...DONE" +} + +docker_tcp_open_required() +{ + echo "-> Checking docker TCP Socket..." + DOCKER_HOST="tcp://$CRANE_IP:$DOCKER_TCP_SOCKET" docker info >/dev/null 2>&1 || + { + echo "********************************************************" + printf "\033[41mERROR:\033[0m Please enable the Docker tcp Socket on port: $DOCKER_TCP_SOCKET\n" + printf "How to configure it?\n" + printf "\n" + printf "For CentOS/RHEL(systemd)\n" + printf "Edit file /usr/lib/systemd/system/docker.service, let ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:$DOCKER_TCP_SOCKET -H unix:///var/run/docker.sock\n" + printf "Then, systemctl daemon-reload && service docker restart\n" + printf "\n" + printf "For Ubuntu(upstart)\n" + printf "Touch or edit file /etc/default/docker, let DOCKER_OPTS=\"-H tcp://0.0.0.0:$DOCKER_TCP_SOCKET -H unix:///var/run/docker.sock\"\n" + printf "Then, service docker restart\n" + printf "\n" + printf "Refer: https://docs.docker.com/engine/reference/commandline/dockerd/#/daemon-socket-option\n" + echo "********************************************************" + exit 1 + } + echo "Docker TCP Socket $DOCKER_TCP_SOCKET opened...DONE" +} + +iptables_docker_rules() { + echo "-> Checking docker rules on Iptables..." + if iptables -L | grep "DOCKER" > /dev/null; then + if iptables -L | grep "REJECT" > /dev/null; then + printf "\033[41mERROR:\033[0m Some REJECT rules found in iptables, which may cause undesired exceptions, to continue, please remove the REJECT rules and restart Iptables service.\n" + printf "One way to delete iptables rules is by its chain and line number. To determine a rule's line number, list the rules in the table format and add the --line-numbers option:\n" + printf "\n" + printf "iptables -L --line-numbers\n" + printf "\n" + printf "\tChain INPUT (policy DROP)\n" + printf "\tnum target prot opt source destination\n" + printf "\t1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED\n" + printf "\t2 DROP all -- anywhere anywhere ctstate INVALID\n" + printf "\t3 REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable\n" + printf "Once you know which rule you want to delete, note the chain and line number of the rule. Then run the iptables -D command followed by the chain and rule number. For example:\n" + printf "\n" + printf "iptables -D INPUT 3\n" + printf "\n" + exit 1 + fi + else + printf "\033[41mERROR:\033[0m Please make sure iptables nat is open.\n" + echo "Learn more: https://dataman.kf5.com/posts/view/124302/" + exit 1 + fi + echo "Checking docker rules on Iptables...DONE" +} + +apparmor_required_on_ubuntu() +{ + /etc/init.d/apparmor status >/dev/null 2>&1 || + { + echo "********************************************************" + printf "\033[41mERROR:\033[0m Exception triggered when run \e[1;34m /etc/init.d/apparmor status \e[0m ! Please install apparmor as following:\n" + echo "********************************************************" + printf "\n" + printf "\n" + printf "apt-get install -y apparmor apparmor-utils\n" + exit 1 + } +} + +# Firewalld on CentOS/RHEL caused docker issue maybe: https://github.com/docker/docker/issues/16137 +# https://docs.docker.com/v1.6/installation/centos/#firewalld +firewalld_is_enabled() { + echo "-> Checking firewalld..." + if ps ax | grep -v grep | grep "firewall" > /dev/null; then + printf "\e[1;34mWARN:\e[0m You'd better to disable Firewalld&enable iptables, or must restart docker daemon after firewalld restarted.\n" + echo "More info: https://docs.docker.com/v1.6/installation/centos/#firewalld" + echo "More info: https://github.com/docker/docker/issues/16137" + echo "you can run systemctl disable firewalld && systemctl stop firewalld" + exit 1 + fi +} + +selinux_is_disabled() { + if _command_exists getenforce; then + echo "-> Checking SELinux by command getenforce..." + if getenforce | grep -v "Enforcing" > /dev/null; then + echo "SELinux has been stopped as desired." + else + printf "\033[41mERROR:\033[0m We'd better to disable SELinux.\n" + printf "\n" + printf "How to disable it?\n" + printf "Set SELINUX=disabled in file /etc/sysconfig/selinux for permanent effect" + echo "setenforce 0 && sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config" + echo "Learn more: https://dataman.kf5.com/posts/view/124303/" + exit 1 + fi + else + printf "\033[41mERROR:\033[0m Command \033[1mgetenforce\033[0m not found\n" + exit 1 + fi +} + +ntp_is_enabled_on_centos_or_rhel() +{ + if _command_exists ntpstat; then + echo "-> Checking NTP service status..." + ntpstat || + { + printf "\033[41mERROR:\033[0m NTP is unsynchronised, Please confirm your ntp status before continue.\n" + exit 1 + } + echo "NTP service status seems good...DONE" + else + printf "\033[41mERROR:\033[0m Cannot find the command ntpstat, Please enable the NTP service on your node.\n" + printf "You can run yum install -y ntp && systemctl start ntpd && systemctl enable ntpd && systemctl disable chronyd \n" + exit 1 + fi +} + +ntp_is_enabled_on_ubuntu() +{ + if _command_exists ntpq; then + echo "-> Checking NTP service status..." + # TODO: weird method to check the ntp status + ntpq -p | grep -Fq offset || + { + printf "\033[41mERROR:\033[0m NTP is unsynchronised, Please confirm your ntp status before continue.\n" + exit 1 + } + echo "NTP service status seems good...DONE" + else + printf "\033[41mERROR:\033[0m Cannot find the command ntpstat, Please enable the NTP service on your node.\n" + exit 1 + fi +} + +get_distribution_type() +{ + local lsb_dist + lsb_dist='' + if _command_exists lsb_release; then + lsb_dist="$(lsb_release -si)" + fi + if [ -z "$lsb_dist" ] && [ -r /etc/lsb-release ]; then + lsb_dist="$(. /etc/lsb-release && echo "$DISTRIB_ID")" + fi + if [ -z "$lsb_dist" ] && [ -r /etc/debian_version ]; then + lsb_dist='debian' + fi + if [ -z "$lsb_dist" ] && [ -r /etc/fedora-release ]; then + lsb_dist='fedora' + fi + if [ -z "$lsb_dist" ] && [ -r /etc/os-release ]; then + lsb_dist="$(. /etc/os-release && echo "$ID")" + fi + if [ -z "$lsb_dist" ] && [ -r /etc/centos-release ]; then + lsb_dist="$(cat /etc/*-release | head -n1 | cut -d " " -f1)" + fi + if [ -z "$lsb_dist" ] && [ -r /etc/redhat-release ]; then + lsb_dist="$(cat /etc/*-release | head -n1 | cut -d " " -f1)" + fi + lsb_dist="$(echo $lsb_dist | cut -d " " -f1)" + lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" + echo $lsb_dist +} + +lsb_version="" +have_a_init() +{ + host_arch_supported + ip_forwarding_enabled + docker_required + docker_tcp_open_required + case "$(get_distribution_type)" in + gentoo|boot2docker|amzn|linuxmint) + ( + echo "$(get_distribution_type) is unsupported." + ) + exit 1 + ;; + fedora) + ( + if [ -r /etc/os-release ]; then + lsb_version="$(. /etc/os-release && echo "$VERSION_ID")" + if [ $lsb_version -lt 24 ] + then + printf "\033[41mERROR:\033[0m CentOS-${lsb_version} is unsupported\n" + exit 1 + fi + else + printf "\033[41mERROR:\033[0m File /etc/os-release not found, so the CentOS version cannot be confirmed.\n" + exit 1 + fi + if _command_exists firewall-cmd; then + firewalld_is_enabled + fi + if _command_exists iptables; then + iptables_docker_rules + else + printf "\033[41mERROR:\033[0m Command iptables does not exists.\n" + exit 1 + fi + selinux_is_disabled + ntp_is_enabled_on_centos_or_rhel + ) + exit 0 + ;; + centos|rhel|redhatenterpriseserver) + ( + if [ -r /etc/os-release ]; then + lsb_version="$(. /etc/os-release && echo "$VERSION_ID")" + if [ $lsb_version -lt 7 ] + then + printf "\033[41mERROR:\033[0m CentOS-${lsb_version} is unsupported\n" + exit 1 + fi + else + printf "\033[41mERROR:\033[0m File /etc/os-release not found, so the CentOS version cannot be confirmed.\n" + exit 1 + fi + if _command_exists firewall-cmd; then + firewalld_is_enabled + fi + if _command_exists iptables; then + iptables_docker_rules + else + printf "\033[41mERROR:\033[0m Command iptables does not exists.\n" + exit 1 + fi + selinux_is_disabled + ntp_is_enabled_on_centos_or_rhel + ) + exit 0 + ;; + sles|suse) + ( + selinux_is_disabled + ) + exit 0 + ;; + ubuntu|debian) + ( + apparmor_required_on_ubuntu + ntp_is_enabled_on_ubuntu + ) + exit 0 + ;; + *) + OS=`uname` + case $OS in + 'Darwin') + printf "\033[42mNotice\033[0m Macos, only development mode.\n]]" + ;; + *) + printf "\033[41mError\033[0m Unknown operating system.\n" + echo "Learn more: https://dataman.kf5.com/posts/view/131402" + ;; + esac + ;; + esac +} + +# wrapped up in a function so that we have some protection against only getting +# half the file during "curl | sh" +have_a_init