diff --git a/templates/janitor/2/docker-compose.yml b/templates/janitor/2/docker-compose.yml new file mode 100644 index 0000000..c74c927 --- /dev/null +++ b/templates/janitor/2/docker-compose.yml @@ -0,0 +1,18 @@ +cleanup: + image: meltwater/docker-cleanup:1.6.0 + environment: + CLEAN_PERIOD: ${FREQUENCY} + DELAY_TIME: "900" + KEEP_IMAGES: "${KEEP}" + KEEP_CONTAINERS: "${KEEPC}" + LOOP: "true" + DEBUG: "0" + labels: + io.rancher.scheduler.global: "true" + io.rancher.scheduler.affinity:host_label_ne: "${EXCLUDE_LABEL}" + privileged: true + tty: false + stdin_open: false + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker:/var/lib/docker diff --git a/templates/janitor/2/rancher-compose.yml b/templates/janitor/2/rancher-compose.yml new file mode 100644 index 0000000..81b347d --- /dev/null +++ b/templates/janitor/2/rancher-compose.yml @@ -0,0 +1,31 @@ +.catalog: + name: "Janitor" + version: "v1.6" + description: "Docker cleanup" + uuid: janitor-2 + questions: + - variable: "FREQUENCY" + label: "Frequency" + description: "Run the cleanup on a cycle of this many seconds" + default: 3600 + required: true + type: "int" + - variable: "EXCLUDE_LABEL" + label: "Exclude label" + description: "Specify a Rancher host label here that will be used to determine on which hosts the Janitor container should not deploy." + default: janitor.exclude=true + required: true + type: "string" + - variable: "KEEP" + label: "Keep images" + description: "A comma separated list of images that should never be removed. These are left-anchored Bash Shell Wildcard patterns." + default: "rancher/" + required: false + type: "string" + - variable: "KEEPC" + label: "Keep containers" + description: "A comma separated list of images that should never have stopped containers removed. These are left-anchored Bash Shell Wildcard patterns." + default: "*:*" + required: false + type: "string" + diff --git a/templates/janitor/README.md b/templates/janitor/README.md index 08f78f3..68f08d5 100644 --- a/templates/janitor/README.md +++ b/templates/janitor/README.md @@ -11,10 +11,13 @@ This will run a task daily (by default) that will delete any unused image, and any orphaned volume. The rancher container images are excluded from the list of images to clean up, and you can add your own containers to the exclude list if you wish. It will also remove any stopped containers -that are taking up space. +that are taking up space; note that this may not be what you want if you +are using stopped containers to hold volumes! If this is the case, use the +Keep List below. -This will halp to prevent the /var/lib/docker filesystem from filling up -with old and unused container images. +This cleanup will help to prevent the /var/lib/docker filesystem from filling +up with old and unused container images, which is an issue on lighter-weight +Docker hosts. ### Keep list @@ -31,7 +34,7 @@ patterns. For example, an image called **foo/bar:latest** will match: * \*:\* * fo -However it will notmatch +However it will not match * foo/baz * bar:latest diff --git a/templates/janitor/config.yml b/templates/janitor/config.yml index ec38060..e0241f0 100644 --- a/templates/janitor/config.yml +++ b/templates/janitor/config.yml @@ -1,7 +1,7 @@ name: Janitor description: | Automatic cleanup of unused images on hosts, in order to save disk space. -version: v1.5.2 +version: v1.6 category: Monitoring maintainer: Steve Shipway diff --git a/templates/registry/1/docker-compose.yml b/templates/registry/1/docker-compose.yml new file mode 100644 index 0000000..375b616 --- /dev/null +++ b/templates/registry/1/docker-compose.yml @@ -0,0 +1,100 @@ +db: + image: mysql:5.7.10 + environment: + MYSQL_DATABASE: portus + MYSQL_ROOT_PASSWORD: ${ROOTPASSWORD} + MYSQL_USER: portus + MYSQL_PASSWORD: ${DBPASSWORD} + tty: true + stdin_open: true + volumes: + - ${DIR}/db:/var/lib/mysql +sslproxy: + image: nginx:1.9.9 + tty: true + stdin_open: true + links: + - portus:portus + volumes: + - ${DIR}/certs:/etc/nginx/certs:ro + - ${DIR}/proxy:/etc/nginx/conf.d:ro +registry: + image: registry:2.3.1 + environment: + REGISTRY_LOG_LEVEL: warn + REGISTRY_STORAGE_DELETE_ENABLED: true + REGISTRY_AUTH: token + REGISTRY_AUTH_TOKEN_REALM: https://${DOMAIN}:${PPORT}/v2/token + REGISTRY_AUTH_TOKEN_SERVICE: ${DOMAIN}:${RPORT} + REGISTRY_AUTH_TOKEN_ISSUER: ${DOMAIN} + REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/registry.crt + REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry.crt + REGISTRY_HTTP_TLS_KEY: /certs/registry.key + REGISTRY_HTTP_SECRET: httpsecret + REGISTRY_NOTIFICATIONS_ENDPOINTS: > + - name: portus + url: http://portus:3000/v2/webhooks/events + timeout: 500 + threshold: 5 + backoff: 1 + tty: true + stdin_open: true + links: + - portus:portus + volumes: + - ${DIR}/certs:/certs + - ${DIR}/data:/var/lib/registry +lb: + image: rancher/load-balancer-service + tty: true + stdin_open: true + ports: + - ${RPORT}:5000/tcp + - ${PPORT}:443/tcp + labels: + io.rancher.loadbalancer.target.sslproxy: ${PPORT}=443 + io.rancher.loadbalancer.target.registry: ${RPORT}=5000 + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:not_host_label: lb=0 + links: + - registry:registry + - sslproxy:sslproxy +portus: + image: sshipway/portus:2.0.4 + environment: + PORTUS_MACHINE_FQDN: ${DOMAIN} + PORTUS_PRODUCTION_HOST: db + PORTUS_PRODUCTION_DATABASE: portus + PORTUS_PRODUCTION_USERNAME: portus + PORTUS_PRODUCTION_PASSWORD: ${DBPASSWORD} + PORTUS_GRAVATAR_ENABLED: true + PORTUS_KEY_PATH: /certs/registry.key + PORTUS_PASSWORD: ${DBPASSWORD} + PORTUS_SECRET_KEY_BASE: ${ROOTPASSWORD} + PORTUS_CHECK_SSL_USAGE_ENABLED: true + PORTUS_SMTP_ENABLED: false + PORTUS_LDAP_ENABLED: ${LDAP} + PORTUS_LDAP_HOSTNAME: ${LDAPHOST} + PORTUS_LDAP_PORT: ${LDAPPORT} + PORTUS_LDAP_METHOD: ${LDAPTLS} + PORTUS_LDAP_BASE: ${LDAPBASE} + PORTUS_LDAP_UID: cn + PORTUS_LDAP_AUTHENTICATION_ENABLED: ${LDAPBIND} + PORTUS_LDAP_AUTHENTICATION_BIND_DN: ${LDAPBINDDN} + PORTUS_LDAP_AUTHENTICATION_PASSWORD: ${LDAPBINDPASS} + PORTUS_LDAP_GUESS_EMAIL_ENABLED: true + PORTUS_LDAP_GUESS_EMAIL_ATTR: mail + PORTUS_PORT: ${PPORT} + REGISTRY_SSL_ENABLED: true + REGISTRY_HOSTNAME: ${DOMAIN} + REGISTRY_PORT: ${RPORT} + REGISTRY_NAME: Registry + tty: true + stdin_open: true + volumes: + - ${DIR}/certs:/certs + - ${DIR}/proxy:/etc/nginx/conf.d + links: + - db:db + labels: + io.rancher.container.pull_image: always diff --git a/templates/registry/1/rancher-compose.yml b/templates/registry/1/rancher-compose.yml new file mode 100644 index 0000000..5ce73d9 --- /dev/null +++ b/templates/registry/1/rancher-compose.yml @@ -0,0 +1,109 @@ +.catalog: + name: "Registry" + version: "v2.3.1-3.0" + description: "Docker Registry" + uuid: registry-3 + questions: + - variable: "RPORT" + label: "Registry Port" + description: "Port on which to run the registry service" + default: 5000 + required: true + type: "int" + - variable: "PPORT" + label: "Admin Port" + description: "Port on which to run the SSL Portus administration service and API" + default: 443 + required: true + type: "int" + - variable: "DBPASSWORD" + label: "DB Password" + description: "Password for Portus database access, must be 8 characters or longer" + required: true + default: password + type: "password" + - variable: "ROOTPASSWORD" + label: "DB Root Password" + description: "Root Password for MySQL database, must be 8 characters or longer. This is not normally used." + required: true + default: password + type: "password" + - variable: "DIR" + label: "Storage directory" + description: "Path of shared storage to use for registry, database, and certificates. This should be available on all hosts" + required: true + type: "string" + - variable: "DOMAIN" + label: "FQDN" + description: "FQDN of server. This should be the CN in the certificates and will be the URL to contact the Registry and Web interface" + required: true + type: "string" + - variable: "LDAP" + label: "LDAP Enabled" + description: "Enable LDAP authentication" + required: true + default: false + type: "boolean" + - variable: "LDAPHOST" + label: "LDAP Server" + description: "The FQDN of the LDAP server (if LDAP authentication is being used)" + required: false + default: "ldap.company.com" + type: "string" + - variable: "LDAPPORT" + label: "LDAP Server port" + description: "The port number on the LDAP server (if LDAP authentication is being used)" + required: false + default: 389 + type: "int" + - variable: "LDAPTLS" + label: "LDAP TLS" + description: "The TLS option for the LDAP server (if LDAP authentication is being used)" + required: false + default: "starttls" + type: "enum" + options: + - starttls + - simple_tls + - plain + - variable: "LDAPBASE" + label: "LDAP Base DN" + description: "The Base DN for User lookups on the LDAP server (if LDAP authentication is being used)" + required: false + default: "ou=People,dc=company,dc=com" + type: "string" + - variable: "LDAPBIND" + label: "LDAP Bind enabled" + description: "Should an authenticated Bind be used to access LDAP (if LDAP authentication is being used)" + required: false + default: false + type: "boolean" + - variable: "LDAPBINDDN" + label: "LDAP Bind DN" + description: "The DN to use for binding to the LDAP server (if LDAP authentication is being used with Bind enabled)" + required: false + default: "ou=portus,dc=company,dc=com" + type: "string" + - variable: "LDAPBINDPASS" + label: "LDAP Bind Password" + description: "The password to use for binding to the LDAP server (if LDAP authentication is being used with Bind enabled)" + required: false + default: "password" + type: "password" +db: + scale: 1 +sslproxy: + scale: 1 +lb: + load_balancer_config: + haproxy_config: {} + health_check: + port: 42 + interval: 2000 + unhealthy_threshold: 3 + healthy_threshold: 2 + response_timeout: 2000 +registry: + scale: 1 +portus: + scale: 1 diff --git a/templates/registry/config.yml b/templates/registry/config.yml index b48856a..88a6461 100644 --- a/templates/registry/config.yml +++ b/templates/registry/config.yml @@ -1,7 +1,7 @@ name: Registry description: | Secure Docker registry. Web based administration. Optional LDAP authentication. -version: v2.1.0-2.0 +version: v2.3.1-3.0 category: Applications maintainer: Steve Shipway