From 0534749ebeda9bead70817ba19663cd7f20084ea Mon Sep 17 00:00:00 2001 From: yohan <783b8c87@scimetis.net> Date: Tue, 31 Mar 2020 15:50:39 +0200 Subject: [PATCH] Using systemd to mount volumes and start containers at boot. --- start_or_update.sh => create.sh | 36 +++++++++++++++++----------- docker-compose.yml | 4 ---- install.sh | 42 +++++++++++++++++++++++++++++++++ start.sh | 8 +++++++ volume_list | 1 + 5 files changed, 73 insertions(+), 18 deletions(-) rename start_or_update.sh => create.sh (68%) create mode 100755 install.sh create mode 100755 start.sh create mode 100644 volume_list diff --git a/start_or_update.sh b/create.sh similarity index 68% rename from start_or_update.sh rename to create.sh index 74734bd..22ee97b 100755 --- a/start_or_update.sh +++ b/create.sh @@ -1,22 +1,30 @@ #!/bin/bash -test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://cloud.scimetis.net/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc" +#Absolute path to this script +SCRIPT=$(readlink -f $0) +#Absolute path this script is in +SCRIPTPATH=$(dirname $SCRIPT) + +cd $SCRIPTPATH + +test -z $KEY && { echo "KEY is not defined."; exit 1; } + +if ! test -f ~/secrets.tar.gz.enc +then + curl -o ~/secrets.tar.gz.enc "https://cloud.scimetis.net/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc" + if ! test -f ~/secrets.tar.gz.enc + then + echo "ERROR: ~/secrets.tar.gz.enc not found, exiting." + exit 1 + fi +fi + openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | tar -zxv --strip 2 secrets/docker-mail-stack/fetchmailrc-orange \ secrets/docker-mail-stack/users secrets/docker-mail-stack/15-lda.conf secrets/docker-mail-stack/feed2imaprc \ -secrets/docker-mail-stack/fetchmailrc-scimetis +secrets/docker-mail-stack/fetchmailrc-scimetis \ +|| { echo "Could not extract from secrets archive, exiting."; rm -f ~/secrets.tar.gz.enc; exit 1; } sudo chown root. fetchmailrc-orange fetchmailrc-scimetis users 15-lda.conf feed2imaprc sudo chmod a-r feed2imaprc -VOLUME=mail_data -sudo mkdir -p /mnt/volumes/${VOLUME} -if ! mountpoint -q /mnt/volumes/${VOLUME} -then - VOLUME_ID=$(~/env_py3/bin/openstack volume show ${VOLUME} -c id --format value) - test -e /dev/disk/by-id/*${VOLUME_ID:0:20} || nova volume-attach $INSTANCE $VOLUME_ID auto - sleep 3 - sudo mount /dev/disk/by-id/*${VOLUME_ID:0:20} /mnt/volumes/${VOLUME} || exit 1 - mountpoint -q /mnt/volumes/${VOLUME} || { echo "ERROR: could not mount /mnt/volumes/${VOLUME}, exiting."; exit 1; } -fi - unset VERSION_DOVECOT VERSION_FETCHMAIL VERSION_FEED2IMAP VERSION_DOVECOT=$(git ls-remote https://git.scimetis.net/yohan/docker-dovecot.git| head -1 | cut -f 1|cut -c -10) VERSION_FETCHMAIL=$(git ls-remote https://git.scimetis.net/yohan/docker-fetchmail.git| head -1 | cut -f 1|cut -c -10) @@ -33,7 +41,7 @@ sudo docker build -t feed2imap:$VERSION_FEED2IMAP ~/build/docker-feed2imap VERSION_DOVECOT=$VERSION_DOVECOT \ VERSION_FETCHMAIL=$VERSION_FETCHMAIL \ VERSION_FEED2IMAP=$VERSION_FEED2IMAP \ - sudo -E bash -c 'docker-compose up -d --force-recreate' + sudo -E bash -c 'docker-compose up --no-start --force-recreate' # --force-recreate is used to recreate container when a file has changed # /!\ We cannot remove the secrets files or restarting the container would become impossible. rm -rf ~/build diff --git a/docker-compose.yml b/docker-compose.yml index 972e181..f2830c0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,6 @@ services: image: dovecot:$VERSION_DOVECOT #build: "https://git.scimetis.net/yohan/docker-dovecot.git" container_name: dovecot - restart: always ports: - 993:993/tcp - 4190:4190/tcp @@ -22,7 +21,6 @@ services: image: fetchmail:$VERSION_FETCHMAIL #build: "https://git.scimetis.net/yohan/docker-fetchmail.git" container_name: fetchmail-orange - restart: always networks: - mailnet volumes: @@ -32,7 +30,6 @@ services: image: fetchmail:$VERSION_FETCHMAIL #build: "https://git.scimetis.net/yohan/docker-fetchmail.git" container_name: fetchmail-scimetis - restart: always networks: - mailnet volumes: @@ -42,7 +39,6 @@ services: image: feed2imap:$VERSION_FEED2IMAP #build: "https://git.scimetis.net/yohan/docker-feed2imap.git" container_name: feed2imap - restart: always networks: - mailnet volumes: diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..a1e79a3 --- /dev/null +++ b/install.sh @@ -0,0 +1,42 @@ +#!/bin/bash +#Absolute path to this script +SCRIPT=$(readlink -f $0) +#Absolute path this script is in +SCRIPTPATH=$(dirname $SCRIPT) +STACK=$(basename "$SCRIPTPATH") + +for VOLUME in $(awk NF $SCRIPTPATH/volume_list | tr -d "[:blank:]") +do + systemctl enable mnt-cinder-volume@${VOLUME}.service +done + +cat << EOF > /etc/systemd/system/${STACK}.service +[Unit] +Description=Starting ${STACK} +After=network-online.target firewalld.service docker.service docker.socket +Wants=network-online.target docker.service +Requires=docker.socket +EOF + +for VOLUME in $(awk NF $SCRIPTPATH/volume_list | tr -d "[:blank:]") +do + cat << EOF >> /etc/systemd/system/${STACK}.service +After=mnt-cinder-volume@${VOLUME}.service +After=mnt-volumes-${VOLUME}.mount +Wants=mnt-cinder-volume@${VOLUME}.service +Requires=mnt-volumes-${VOLUME}.mount + +EOF +done + +cat << EOF >> /etc/systemd/system/${STACK}.service +[Service] +Type=oneshot +User=$SUDO_USER +ExecStart=$SCRIPTPATH/start.sh + +[Install] +WantedBy=multi-user.target +EOF +systemctl daemon-reload +systemctl enable ${STACK}.service diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..1f4bfdf --- /dev/null +++ b/start.sh @@ -0,0 +1,8 @@ +#!/bin/bash +#Absolute path to this script +SCRIPT=$(readlink -f $0) +#Absolute path this script is in +SCRIPTPATH=$(dirname $SCRIPT) + +cd $SCRIPTPATH +sudo docker-compose start diff --git a/volume_list b/volume_list new file mode 100644 index 0000000..412dc14 --- /dev/null +++ b/volume_list @@ -0,0 +1 @@ +mail_data