Add XPilot X-windows game template (#128)

* Add XPilot X-windows game template. This provides an exmaple of how to use Rancher to manage an X-Windows client application. * Xpilot changes to scheduling to compensate for CoreOS/Rancheros linkage issues * Update Registry template for patched Portus container version, also add affinity rules to avoid networking issues
2016-05-16 16:05:50 +12:00 · 2016-05-16 16:05:50 +12:00 · 7577a9dea3
commit 7577a9dea3
parent 524e6f9b30
9 changed files with 296 additions and 3 deletions
--- a/templates/registry/2/docker-compose.yml
+++ b/templates/registry/2/docker-compose.yml
@ -0,0 +1,107 @@
+db:
+  image: mysql:5.7.10
+  environment:
+    MYSQL_DATABASE: portus
+    MYSQL_ROOT_PASSWORD: ${ROOTPASSWORD}
+    MYSQL_USER: portus
+    MYSQL_PASSWORD: ${DBPASSWORD}
+  tty: true
+  stdin_open: true
+  volumes:
+  - ${DIR}/db:/var/lib/mysql
+  labels:
+    registry.portus.db: 1
+sslproxy:
+  image: nginx:1.9.9
+  tty: true
+  stdin_open: true
+  links:
+  - portus:portus
+  volumes:
+  - ${DIR}/certs:/etc/nginx/certs:ro
+  - ${DIR}/proxy:/etc/nginx/conf.d:ro
+  labels:
+    io.rancher.scheduler.affinity:container_label_soft: registry.portus.db=1
+registry:
+  image: registry:2.3.1
+  environment:
+    REGISTRY_LOG_LEVEL: warn
+    REGISTRY_STORAGE_DELETE_ENABLED: true
+    REGISTRY_AUTH: token
+    REGISTRY_AUTH_TOKEN_REALM: https://${DOMAIN}:${PPORT}/v2/token
+    REGISTRY_AUTH_TOKEN_SERVICE: ${DOMAIN}:${RPORT}
+    REGISTRY_AUTH_TOKEN_ISSUER: ${DOMAIN}
+    REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/registry.crt
+    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry.crt
+    REGISTRY_HTTP_TLS_KEY: /certs/registry.key
+    REGISTRY_HTTP_SECRET: httpsecret
+    REGISTRY_NOTIFICATIONS_ENDPOINTS: >
+      - name: portus
+        url: http://portus:3000/v2/webhooks/events
+        timeout: 500
+        threshold: 5
+        backoff: 1
+  tty: true
+  stdin_open: true
+  links:
+  - portus:portus
+  volumes:
+  - ${DIR}/certs:/certs
+  - ${DIR}/data:/var/lib/registry
+lb:
+  image: rancher/load-balancer-service
+  tty: true
+  stdin_open: true
+  ports:
+  - ${RPORT}:5000/tcp
+  - ${PPORT}:443/tcp
+  labels:
+    io.rancher.loadbalancer.target.sslproxy: ${PPORT}=443
+    io.rancher.loadbalancer.target.registry: ${RPORT}=5000
+    io.rancher.scheduler.global: 'true'
+    io.rancher.scheduler.affinity:not_host_label: lb=0
+    io.rancher.scheduler.affinity:not_host_label: registry.enabled=false
+  links:
+  - registry:registry
+  - sslproxy:sslproxy
+portus:
+  image: sshipway/portus:2.0.5
+  environment: 
+    PORTUS_MACHINE_FQDN: ${DOMAIN}
+    PORTUS_PRODUCTION_HOST: db
+    PORTUS_PRODUCTION_DATABASE: portus
+    PORTUS_PRODUCTION_USERNAME: portus
+    PORTUS_PRODUCTION_PASSWORD: ${DBPASSWORD}
+    PORTUS_GRAVATAR_ENABLED: true
+    PORTUS_KEY_PATH: /certs/registry.key
+    PORTUS_PASSWORD: ${DBPASSWORD}
+    PORTUS_SECRET_KEY_BASE: ${ROOTPASSWORD}
+    PORTUS_CHECK_SSL_USAGE_ENABLED: true
+    PORTUS_SMTP_ENABLED: false
+    PORTUS_LDAP_ENABLED: ${LDAP}
+    PORTUS_LDAP_HOSTNAME: ${LDAPHOST}
+    PORTUS_LDAP_PORT: ${LDAPPORT}
+    PORTUS_LDAP_METHOD: ${LDAPTLS}
+    PORTUS_LDAP_BASE: ${LDAPBASE}
+    PORTUS_LDAP_UID: cn
+    PORTUS_LDAP_AUTHENTICATION_ENABLED: ${LDAPBIND}
+    PORTUS_LDAP_AUTHENTICATION_BIND_DN: ${LDAPBINDDN}
+    PORTUS_LDAP_AUTHENTICATION_PASSWORD: ${LDAPBINDPASS}
+    PORTUS_LDAP_GUESS_EMAIL_ENABLED: true
+    PORTUS_LDAP_GUESS_EMAIL_ATTR: mail
+    PORTUS_PORT: ${PPORT}
+    REGISTRY_SSL_ENABLED: true
+    REGISTRY_HOSTNAME: ${DOMAIN}
+    REGISTRY_PORT: ${RPORT}
+    REGISTRY_NAME: Registry
+  tty: true
+  stdin_open: true
+  volumes:
+  - ${DIR}/certs:/certs
+  - ${DIR}/proxy:/etc/nginx/conf.d
+  links:
+  - db:db
+  labels:
+    io.rancher.container.pull_image: always
+    io.rancher.scheduler.affinity:container_label_soft: registry.portus.db=1
+    registry.portus.app: 1
--- a/templates/registry/2/rancher-compose.yml
+++ b/templates/registry/2/rancher-compose.yml
@ -0,0 +1,109 @@
+.catalog:
+  name: "Registry"
+  version: "v2.3.1-3.1"
+  description: "Docker Registry"
+  uuid: registry-3
+  questions: 
+    - variable: "RPORT"
+      label: "Registry Port"
+      description: "Port on which to run the registry service"
+      default: 5000
+      required: true
+      type: "int"
+    - variable: "PPORT"
+      label: "Admin Port"
+      description: "Port on which to run the SSL Portus administration service and API"
+      default: 443
+      required: true
+      type: "int"
+    - variable: "DBPASSWORD"
+      label: "DB Password"
+      description: "Password for Portus database access, must be 8 characters or longer"
+      required: true
+      default: password
+      type: "password"
+    - variable: "ROOTPASSWORD"
+      label: "DB Root Password"
+      description: "Root Password for MySQL database, must be 8 characters or longer.  This is not normally used."
+      required: true
+      default: password
+      type: "password"
+    - variable: "DIR"
+      label: "Storage directory"
+      description: "Path of shared storage to use for registry, database, and certificates.  This should be available on all hosts"
+      required: true
+      type: "string"
+    - variable: "DOMAIN"
+      label: "FQDN"
+      description: "FQDN of server.  This should be the CN in the certificates and will be the URL to contact the Registry and Web interface"
+      required: true
+      type: "string"
+    - variable: "LDAP"
+      label: "LDAP Enabled"
+      description: "Enable LDAP authentication"
+      required: true
+      default: false
+      type: "boolean"
+    - variable: "LDAPHOST"
+      label: "LDAP Server"
+      description: "The FQDN of the LDAP server (if LDAP authentication is being used)"
+      required: false
+      default: "ldap.company.com"
+      type: "string"
+    - variable: "LDAPPORT"
+      label: "LDAP Server port"
+      description: "The port number on the LDAP server (if LDAP authentication is being used)"
+      required: false
+      default: 389
+      type: "int"
+    - variable: "LDAPTLS"
+      label: "LDAP TLS"
+      description: "The TLS option for the LDAP server (if LDAP authentication is being used)"
+      required: false
+      default: "starttls"
+      type: "enum"
+      options:
+        - starttls
+        - simple_tls
+        - plain
+    - variable: "LDAPBASE"
+      label: "LDAP Base DN"
+      description: "The Base DN for User lookups on the LDAP server (if LDAP authentication is being used)"
+      required: false
+      default: "ou=People,dc=company,dc=com"
+      type: "string"
+    - variable: "LDAPBIND"
+      label: "LDAP Bind enabled"
+      description: "Should an authenticated Bind be used to access LDAP (if LDAP authentication is being used)"
+      required: false
+      default: false
+      type: "boolean"
+    - variable: "LDAPBINDDN"
+      label: "LDAP Bind DN"
+      description: "The DN to use for binding to the LDAP server (if LDAP authentication is being used with Bind enabled)"
+      required: false
+      default: "ou=portus,dc=company,dc=com"
+      type: "string"
+    - variable: "LDAPBINDPASS"
+      label: "LDAP Bind Password"
+      description: "The password to use for binding to the LDAP server (if LDAP authentication is being used with Bind enabled)"
+      required: false
+      default: "password"
+      type: "password"
+db:
+  scale: 1
+sslproxy:
+  scale: 1
+lb:
+  load_balancer_config:
+    haproxy_config: {}
+  health_check:
+    port: 42
+    interval: 2000
+    unhealthy_threshold: 3
+    healthy_threshold: 2
+    response_timeout: 2000
+registry:
+  scale: 1
+portus:
+  scale: 1
--- a/templates/registry/README.md
+++ b/templates/registry/README.md
@ -49,8 +49,8 @@ as defined in the template options.
 ## Access

 The template will create a Load Balancer for access to the Registry and
-to the Web Admin interface.  This will run on all Hosts with the label 
-LB=1, listening on the defined ports.
+to the Web Admin interface.  This will run on all Hosts without the label 
+LB=0, listening on the defined ports.

 To access the web UI, use https on the hostname and port you configured.

--- a/templates/registry/config.yml
+++ b/templates/registry/config.yml
@ -1,7 +1,7 @@
 name: Registry
 description: |
  Secure Docker registry.  Web based administration.  Optional LDAP authentication.
-version: v2.3.1-3.0
+version: v2.3.1-3.1
 category: Applications
 maintainer: Steve Shipway <s.shipway@auckland.ac.nz>

--- a/templates/xpilot/0/docker-compose.yml
+++ b/templates/xpilot/0/docker-compose.yml
@ -0,0 +1,29 @@
+server:
+  environment:
+    PASSWORD: ${PASSWORD}
+  log_driver: ''
+  command:
+  - -server
+  log_opt: {}
+  tty: false
+  stdin_open: false
+  image: sshipway/xpilot:latest
+  labels:
+    xpilot: server
+client:
+  environment:
+    DISPLAY: ${DISPLAY}
+    NAME: ${NAME}
+    SERVER: xpilot
+  log_driver: ''
+  command:
+  - xpilot
+  log_opt: {}
+  image: sshipway/xpilot:latest
+  links:
+  - server:xpilot
+  tty: false
+  stdin_open: false
+  labels:
+    io.rancher.scheduler.affinity:container_label_soft: xpilot=server
+    io.rancher.container.start_once: 'true'
--- a/templates/xpilot/0/rancher-compose.yml
+++ b/templates/xpilot/0/rancher-compose.yml
@ -0,0 +1,29 @@
+.catalog:
+  name: "XPilot"
+  version: "v0.1"
+  description: "Multiplayer shooting game"
+  uuid: xpilot-0
+  questions: 
+    - variable: "PASSWORD"
+      label: "Password"
+      description: "Administration password for the server"
+      default: password
+      required: true
+      type: "password"
+    - variable: "DISPLAY"
+      label: "Display"
+      description: "Enter the identifier for your XWindows display.  This will usually be your workstation name or IP address, followed by :0"
+      default: 1.2.3.4:0
+      required: true
+      type: "string"
+    - variable: "NAME"
+      label: "Player Name"
+      description: "Name for the player's ship.  This must be unique."
+      default: player
+      required: true
+      type: "string"
+server:
+  scale: 1
+client:
+  scale: 1
+
--- a/templates/xpilot/README.md
+++ b/templates/xpilot/README.md
@ -0,0 +1,12 @@
+# XPilots
+
+This creates an X-Windows base X-Pilots game, for testing X-Windows connectivity.  To use this, you will need to have X-Windows installed on your workstation, and able to accept incoming connections from the Docker Hosts.
+
+For the client, you need to specify the location of your X-Windows desktop, for example 1.2.3.4:0
+
+You can add more players by just cloning the first player service, and giving it different DISPLAY and NAME environment variable settings.
+
+Note that there are NO publicly exposed ports as it runs purely over the Rancher
+private network!  If you want to make this available to external players, you
+need to expose the port 15345/udp from the Server container.
+
--- a/templates/xpilot/catalogIcon-xpilot.png
+++ b/templates/xpilot/catalogIcon-xpilot.png
--- a/templates/xpilot/config.yml
+++ b/templates/xpilot/config.yml
@ -0,0 +1,7 @@
+name: XPilot
+description: |
+  XWindows multiplayer game, for testing.
+version: v0.1
+category: entertainment
+maintainer: Steve Shipway <s.shipway@auckland.ac.nz>
+