added option to build debian-based aptly
just run ```build.sh Dockerfile.debian``` instead
This commit is contained in:
parent
444b341485
commit
19cc1765c7
@ -63,6 +63,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
|
|||||||
|
|
||||||
# Install scripts
|
# Install scripts
|
||||||
COPY assets/*.sh /opt/
|
COPY assets/*.sh /opt/
|
||||||
|
COPY assets/update_mirror/update_mirror_ubuntu.sh /opt/update_mirror.sh
|
||||||
|
|
||||||
# Bind mount location
|
# Bind mount location
|
||||||
VOLUME [ "/opt/aptly" ]
|
VOLUME [ "/opt/aptly" ]
|
||||||
|
72
Dockerfile.debian
Normal file
72
Dockerfile.debian
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
# Copyright 2016 Bryan J. Hong
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
FROM debian:jessie
|
||||||
|
|
||||||
|
MAINTAINER bryan@turbojets.net
|
||||||
|
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
ENV DIST=debian
|
||||||
|
ENV RELEASE=jessie
|
||||||
|
|
||||||
|
# Add Aptly repository
|
||||||
|
RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
|
||||||
|
RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 9E3E53F19C7DE460
|
||||||
|
|
||||||
|
# Add Nginx repository
|
||||||
|
RUN echo "deb http://nginx.org/packages/$DIST/ $RELEASE nginx" > /etc/apt/sources.list.d/nginx.list
|
||||||
|
RUN echo "deb-src http://nginx.org/packages/$DIST/ $RELEASE nginx" >> /etc/apt/sources.list.d/nginx.list
|
||||||
|
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||||
|
|
||||||
|
# Update APT repository and install packages
|
||||||
|
RUN apt-get -q update \
|
||||||
|
&& apt-get -y install aptly \
|
||||||
|
bash-completion \
|
||||||
|
bzip2 \
|
||||||
|
gnupg \
|
||||||
|
gpgv \
|
||||||
|
graphviz \
|
||||||
|
supervisor \
|
||||||
|
nginx \
|
||||||
|
wget \
|
||||||
|
xz-utils
|
||||||
|
|
||||||
|
# Install Aptly Configuration
|
||||||
|
COPY assets/aptly.conf /etc/aptly.conf
|
||||||
|
|
||||||
|
# Enable Aptly Bash completions
|
||||||
|
RUN wget https://github.com/smira/aptly/raw/master/bash_completion.d/aptly \
|
||||||
|
-O /etc/bash_completion.d/aptly \
|
||||||
|
&& echo "if ! shopt -oq posix; then\n\
|
||||||
|
if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
|
||||||
|
. /usr/share/bash-completion/bash_completion\n\
|
||||||
|
elif [ -f /etc/bash_completion ]; then\n\
|
||||||
|
. /etc/bash_completion\n\
|
||||||
|
fi\n\
|
||||||
|
fi" >> /etc/bash.bashrc
|
||||||
|
|
||||||
|
# Install Nginx Config
|
||||||
|
COPY assets/nginx.conf.sh /opt/nginx.conf.sh
|
||||||
|
COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
|
||||||
|
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
# Install scripts
|
||||||
|
COPY assets/*.sh /opt/
|
||||||
|
COPY assets/update_mirror/update_mirror_debian.sh /opt/update_mirror.sh
|
||||||
|
|
||||||
|
# Bind mount location
|
||||||
|
VOLUME [ "/opt/aptly" ]
|
||||||
|
|
||||||
|
# Execute Startup script when container starts
|
||||||
|
ENTRYPOINT [ "/opt/startup.sh" ]
|
@ -7,7 +7,7 @@ aptly in a container backed by nginx
|
|||||||
|
|
||||||
>nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server, originally written by Igor Sysoev [nginx.org](http://nginx.org/en/)
|
>nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server, originally written by Igor Sysoev [nginx.org](http://nginx.org/en/)
|
||||||
|
|
||||||
**NOTE:** This container and the scripts within are written to make hosting an Ubuntu mirror "as-close-to-turnkey" as possible. If there is enough demand or I end up building it for my own purposes, I'll publish a branch or separate repo to support a "turnkey" Aptly Docker image for Debian.
|
**NOTE:** This container and the scripts within are written to make hosting an Ubuntu mirror "as-close-to-turnkey" as possible. If you want to host a Debian mirror, you'll need to build the image yourself, see [Building the Container](#building-the-container) below
|
||||||
|
|
||||||
Quickstart
|
Quickstart
|
||||||
--
|
--
|
||||||
@ -116,7 +116,7 @@ git clone https://github.com/bryanhong/docker-aptly.git
|
|||||||
### Commands and variables
|
### Commands and variables
|
||||||
|
|
||||||
* ```vars```: Variables for Docker registry, the application, and aptly repository data location
|
* ```vars```: Variables for Docker registry, the application, and aptly repository data location
|
||||||
* ```build.sh```: Build the Docker image locally
|
* ```build.sh```: Build the Docker image locally, this script will take the name of a Dockerfile as an argument, by default will build Dockerfile.
|
||||||
* ```run.sh```: Starts the Docker container, it the image hasn't been built locally, it is fetched from the repository set in vars
|
* ```run.sh```: Starts the Docker container, it the image hasn't been built locally, it is fetched from the repository set in vars
|
||||||
* ```push.sh```: Pushes the latest locally built image to the repository set in vars
|
* ```push.sh```: Pushes the latest locally built image to the repository set in vars
|
||||||
* ```shell.sh```: get a shell within the container
|
* ```shell.sh```: get a shell within the container
|
||||||
@ -142,6 +142,8 @@ The GPG password you set in ```vars``` is stored in plain text and is visible as
|
|||||||
|
|
||||||
1. Run ```./build.sh```
|
1. Run ```./build.sh```
|
||||||
|
|
||||||
|
>To build a Debian-based mirror/aptly run ```./build.sh Dockerfile.debian```
|
||||||
|
|
||||||
#### Start the container
|
#### Start the container
|
||||||
|
|
||||||
1. Run ```./run.sh```
|
1. Run ```./run.sh```
|
||||||
|
@ -13,7 +13,8 @@ if [[ ! -f /opt/aptly/public/aptly_repo_signing.key ]]; then
|
|||||||
gpg --export --armor > /opt/aptly/public/aptly_repo_signing.key
|
gpg --export --armor > /opt/aptly/public/aptly_repo_signing.key
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Import Ubuntu keyrings
|
# Import Ubuntu keyrings if they exist
|
||||||
|
if [[ -f /usr/share/keyrings/ubuntu-archive-keyring.gpg ]]; then
|
||||||
gpg --list-keys
|
gpg --list-keys
|
||||||
gpg --no-default-keyring \
|
gpg --no-default-keyring \
|
||||||
--keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \
|
--keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \
|
||||||
@ -21,6 +22,18 @@ gpg --no-default-keyring \
|
|||||||
gpg --no-default-keyring \
|
gpg --no-default-keyring \
|
||||||
--keyring trustedkeys.gpg \
|
--keyring trustedkeys.gpg \
|
||||||
--import
|
--import
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Import Debian keyrings if they exist
|
||||||
|
if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
|
||||||
|
gpg --list-keys
|
||||||
|
gpg --no-default-keyring \
|
||||||
|
--keyring /usr/share/keyrings/debian-archive-keyring.gpg \
|
||||||
|
--export | \
|
||||||
|
gpg --no-default-keyring \
|
||||||
|
--keyring trustedkeys.gpg \
|
||||||
|
--import
|
||||||
|
fi
|
||||||
|
|
||||||
# Aptly looks in /root/.gnupg for default keyrings
|
# Aptly looks in /root/.gnupg for default keyrings
|
||||||
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
|
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
|
||||||
|
75
assets/update_mirror/update_mirror_debian.sh
Executable file
75
assets/update_mirror/update_mirror_debian.sh
Executable file
@ -0,0 +1,75 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Automate the initial creation and update of a Debian package mirror in aptly
|
||||||
|
|
||||||
|
# The variables (as set below) will create a mirror of the Debian jessie repo
|
||||||
|
# with the main and update components. If you do mirror these, you'll want to
|
||||||
|
# include "deb http://security.debian.org jessie/updates main" in your sources.list
|
||||||
|
# file or mirror it similarly as done below to keep up with security updates.
|
||||||
|
|
||||||
|
DEBIAN_RELEASE=jessie
|
||||||
|
UPSTREAM_URL="http://deb.debian.org/debian/"
|
||||||
|
COMPONENTS=( main )
|
||||||
|
REPOS=( ${DEBIAN_RELEASE} ${DEBIAN_RELEASE}-updates )
|
||||||
|
|
||||||
|
# Create repository mirrors if they don't exist
|
||||||
|
set +e
|
||||||
|
for component in ${COMPONENTS[@]}; do
|
||||||
|
for repo in ${REPOS[@]}; do
|
||||||
|
aptly mirror list -raw | grep "^${repo}$"
|
||||||
|
if [[ $? -ne 0 ]]; then
|
||||||
|
echo "Creating mirror of ${repo} repository."
|
||||||
|
aptly mirror create \
|
||||||
|
-architectures=amd64 ${repo} ${UPSTREAM_URL} ${repo} ${component}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Update all repository mirrors
|
||||||
|
for component in ${COMPONENTS[@]}; do
|
||||||
|
for repo in ${REPOS[@]}; do
|
||||||
|
echo "Updating ${repo} repository mirror.."
|
||||||
|
aptly mirror update ${repo}
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
# Create snapshots of updated repositories
|
||||||
|
for component in ${COMPONENTS[@]}; do
|
||||||
|
for repo in ${REPOS[@]}; do
|
||||||
|
echo "Creating snapshot of ${repo} repository mirror.."
|
||||||
|
SNAPSHOTARRAY+="${repo}-`date +%Y%m%d%H` "
|
||||||
|
aptly snapshot create ${repo}-`date +%Y%m%d%H` from mirror ${repo}
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
echo ${SNAPSHOTARRAY[@]}
|
||||||
|
|
||||||
|
# Merge snapshots into a single snapshot with updates applied
|
||||||
|
echo "Merging snapshots into one.."
|
||||||
|
aptly snapshot merge -latest \
|
||||||
|
${DEBIAN_RELEASE}-merged-`date +%Y%m%d%H` \
|
||||||
|
${SNAPSHOTARRAY[@]}
|
||||||
|
|
||||||
|
# Publish the latest merged snapshot
|
||||||
|
set +e
|
||||||
|
aptly publish list -raw | awk '{print $2}' | grep "^${DEBIAN_RELEASE}$"
|
||||||
|
if [[ $? -eq 0 ]]; then
|
||||||
|
aptly publish switch \
|
||||||
|
-passphrase="${GPG_PASSWORD}" \
|
||||||
|
${DEBIAN_RELEASE} ${DEBIAN_RELEASE}-merged-`date +%Y%m%d%H`
|
||||||
|
else
|
||||||
|
aptly publish snapshot \
|
||||||
|
-passphrase="${GPG_PASSWORD}" \
|
||||||
|
-distribution=${DEBIAN_RELEASE} ${DEBIAN_RELEASE}-merged-`date +%Y%m%d%H`
|
||||||
|
fi
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Export the GPG Public key
|
||||||
|
if [[ ! -f /opt/aptly/public/aptly_repo_signing.key ]]; then
|
||||||
|
gpg --export --armor > /opt/aptly/public/aptly_repo_signing.key
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Generate Aptly Graph
|
||||||
|
aptly graph -output /opt/aptly/public/aptly_graph.png
|
5
build.sh
5
build.sh
@ -2,7 +2,10 @@
|
|||||||
|
|
||||||
source vars
|
source vars
|
||||||
|
|
||||||
docker build -t "${REPO_NAME}/${APP_NAME}:${TAG}" .
|
DOCKERFILE="${1:-Dockerfile}"
|
||||||
|
SUFFIX=`echo $1 | cut -d. -f2`
|
||||||
|
|
||||||
|
docker build -t "${REPO_NAME}/${APP_NAME}:${TAG}" -f ${DOCKERFILE} .
|
||||||
|
|
||||||
# If the build was successful (0 exit code)...
|
# If the build was successful (0 exit code)...
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user