From 7577a9dea3a9bff47524a6f576ddc67f6b1d196b Mon Sep 17 00:00:00 2001 From: Steve Shipway Date: Mon, 16 May 2016 16:05:50 +1200 Subject: [PATCH] Add XPilot X-windows game template (#128) * Add XPilot X-windows game template. This provides an exmaple of how to use Rancher to manage an X-Windows client application. * Xpilot changes to scheduling to compensate for CoreOS/Rancheros linkage issues * Update Registry template for patched Portus container version, also add affinity rules to avoid networking issues --- templates/registry/2/docker-compose.yml | 107 ++++++++++++++++++++++ templates/registry/2/rancher-compose.yml | 109 +++++++++++++++++++++++ templates/registry/README.md | 4 +- templates/registry/config.yml | 2 +- templates/xpilot/0/docker-compose.yml | 29 ++++++ templates/xpilot/0/rancher-compose.yml | 29 ++++++ templates/xpilot/README.md | 12 +++ templates/xpilot/catalogIcon-xpilot.png | Bin 0 -> 4205 bytes templates/xpilot/config.yml | 7 ++ 9 files changed, 296 insertions(+), 3 deletions(-) create mode 100644 templates/registry/2/docker-compose.yml create mode 100644 templates/registry/2/rancher-compose.yml create mode 100644 templates/xpilot/0/docker-compose.yml create mode 100644 templates/xpilot/0/rancher-compose.yml create mode 100644 templates/xpilot/README.md create mode 100644 templates/xpilot/catalogIcon-xpilot.png create mode 100644 templates/xpilot/config.yml diff --git a/templates/registry/2/docker-compose.yml b/templates/registry/2/docker-compose.yml new file mode 100644 index 0000000..8dc1724 --- /dev/null +++ b/templates/registry/2/docker-compose.yml @@ -0,0 +1,107 @@ +db: + image: mysql:5.7.10 + environment: + MYSQL_DATABASE: portus + MYSQL_ROOT_PASSWORD: ${ROOTPASSWORD} + MYSQL_USER: portus + MYSQL_PASSWORD: ${DBPASSWORD} + tty: true + stdin_open: true + volumes: + - ${DIR}/db:/var/lib/mysql + labels: + registry.portus.db: 1 +sslproxy: + image: nginx:1.9.9 + tty: true + stdin_open: true + links: + - portus:portus + volumes: + - ${DIR}/certs:/etc/nginx/certs:ro + - ${DIR}/proxy:/etc/nginx/conf.d:ro + labels: + io.rancher.scheduler.affinity:container_label_soft: registry.portus.db=1 +registry: + image: registry:2.3.1 + environment: + REGISTRY_LOG_LEVEL: warn + REGISTRY_STORAGE_DELETE_ENABLED: true + REGISTRY_AUTH: token + REGISTRY_AUTH_TOKEN_REALM: https://${DOMAIN}:${PPORT}/v2/token + REGISTRY_AUTH_TOKEN_SERVICE: ${DOMAIN}:${RPORT} + REGISTRY_AUTH_TOKEN_ISSUER: ${DOMAIN} + REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/registry.crt + REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry.crt + REGISTRY_HTTP_TLS_KEY: /certs/registry.key + REGISTRY_HTTP_SECRET: httpsecret + REGISTRY_NOTIFICATIONS_ENDPOINTS: > + - name: portus + url: http://portus:3000/v2/webhooks/events + timeout: 500 + threshold: 5 + backoff: 1 + tty: true + stdin_open: true + links: + - portus:portus + volumes: + - ${DIR}/certs:/certs + - ${DIR}/data:/var/lib/registry +lb: + image: rancher/load-balancer-service + tty: true + stdin_open: true + ports: + - ${RPORT}:5000/tcp + - ${PPORT}:443/tcp + labels: + io.rancher.loadbalancer.target.sslproxy: ${PPORT}=443 + io.rancher.loadbalancer.target.registry: ${RPORT}=5000 + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:not_host_label: lb=0 + io.rancher.scheduler.affinity:not_host_label: registry.enabled=false + links: + - registry:registry + - sslproxy:sslproxy +portus: + image: sshipway/portus:2.0.5 + environment: + PORTUS_MACHINE_FQDN: ${DOMAIN} + PORTUS_PRODUCTION_HOST: db + PORTUS_PRODUCTION_DATABASE: portus + PORTUS_PRODUCTION_USERNAME: portus + PORTUS_PRODUCTION_PASSWORD: ${DBPASSWORD} + PORTUS_GRAVATAR_ENABLED: true + PORTUS_KEY_PATH: /certs/registry.key + PORTUS_PASSWORD: ${DBPASSWORD} + PORTUS_SECRET_KEY_BASE: ${ROOTPASSWORD} + PORTUS_CHECK_SSL_USAGE_ENABLED: true + PORTUS_SMTP_ENABLED: false + PORTUS_LDAP_ENABLED: ${LDAP} + PORTUS_LDAP_HOSTNAME: ${LDAPHOST} + PORTUS_LDAP_PORT: ${LDAPPORT} + PORTUS_LDAP_METHOD: ${LDAPTLS} + PORTUS_LDAP_BASE: ${LDAPBASE} + PORTUS_LDAP_UID: cn + PORTUS_LDAP_AUTHENTICATION_ENABLED: ${LDAPBIND} + PORTUS_LDAP_AUTHENTICATION_BIND_DN: ${LDAPBINDDN} + PORTUS_LDAP_AUTHENTICATION_PASSWORD: ${LDAPBINDPASS} + PORTUS_LDAP_GUESS_EMAIL_ENABLED: true + PORTUS_LDAP_GUESS_EMAIL_ATTR: mail + PORTUS_PORT: ${PPORT} + REGISTRY_SSL_ENABLED: true + REGISTRY_HOSTNAME: ${DOMAIN} + REGISTRY_PORT: ${RPORT} + REGISTRY_NAME: Registry + tty: true + stdin_open: true + volumes: + - ${DIR}/certs:/certs + - ${DIR}/proxy:/etc/nginx/conf.d + links: + - db:db + labels: + io.rancher.container.pull_image: always + io.rancher.scheduler.affinity:container_label_soft: registry.portus.db=1 + registry.portus.app: 1 diff --git a/templates/registry/2/rancher-compose.yml b/templates/registry/2/rancher-compose.yml new file mode 100644 index 0000000..31fe497 --- /dev/null +++ b/templates/registry/2/rancher-compose.yml @@ -0,0 +1,109 @@ +.catalog: + name: "Registry" + version: "v2.3.1-3.1" + description: "Docker Registry" + uuid: registry-3 + questions: + - variable: "RPORT" + label: "Registry Port" + description: "Port on which to run the registry service" + default: 5000 + required: true + type: "int" + - variable: "PPORT" + label: "Admin Port" + description: "Port on which to run the SSL Portus administration service and API" + default: 443 + required: true + type: "int" + - variable: "DBPASSWORD" + label: "DB Password" + description: "Password for Portus database access, must be 8 characters or longer" + required: true + default: password + type: "password" + - variable: "ROOTPASSWORD" + label: "DB Root Password" + description: "Root Password for MySQL database, must be 8 characters or longer. This is not normally used." + required: true + default: password + type: "password" + - variable: "DIR" + label: "Storage directory" + description: "Path of shared storage to use for registry, database, and certificates. This should be available on all hosts" + required: true + type: "string" + - variable: "DOMAIN" + label: "FQDN" + description: "FQDN of server. This should be the CN in the certificates and will be the URL to contact the Registry and Web interface" + required: true + type: "string" + - variable: "LDAP" + label: "LDAP Enabled" + description: "Enable LDAP authentication" + required: true + default: false + type: "boolean" + - variable: "LDAPHOST" + label: "LDAP Server" + description: "The FQDN of the LDAP server (if LDAP authentication is being used)" + required: false + default: "ldap.company.com" + type: "string" + - variable: "LDAPPORT" + label: "LDAP Server port" + description: "The port number on the LDAP server (if LDAP authentication is being used)" + required: false + default: 389 + type: "int" + - variable: "LDAPTLS" + label: "LDAP TLS" + description: "The TLS option for the LDAP server (if LDAP authentication is being used)" + required: false + default: "starttls" + type: "enum" + options: + - starttls + - simple_tls + - plain + - variable: "LDAPBASE" + label: "LDAP Base DN" + description: "The Base DN for User lookups on the LDAP server (if LDAP authentication is being used)" + required: false + default: "ou=People,dc=company,dc=com" + type: "string" + - variable: "LDAPBIND" + label: "LDAP Bind enabled" + description: "Should an authenticated Bind be used to access LDAP (if LDAP authentication is being used)" + required: false + default: false + type: "boolean" + - variable: "LDAPBINDDN" + label: "LDAP Bind DN" + description: "The DN to use for binding to the LDAP server (if LDAP authentication is being used with Bind enabled)" + required: false + default: "ou=portus,dc=company,dc=com" + type: "string" + - variable: "LDAPBINDPASS" + label: "LDAP Bind Password" + description: "The password to use for binding to the LDAP server (if LDAP authentication is being used with Bind enabled)" + required: false + default: "password" + type: "password" +db: + scale: 1 +sslproxy: + scale: 1 +lb: + load_balancer_config: + haproxy_config: {} + health_check: + port: 42 + interval: 2000 + unhealthy_threshold: 3 + healthy_threshold: 2 + response_timeout: 2000 +registry: + scale: 1 +portus: + scale: 1 diff --git a/templates/registry/README.md b/templates/registry/README.md index 7a0165f..34e6259 100644 --- a/templates/registry/README.md +++ b/templates/registry/README.md @@ -49,8 +49,8 @@ as defined in the template options. ## Access The template will create a Load Balancer for access to the Registry and -to the Web Admin interface. This will run on all Hosts with the label -LB=1, listening on the defined ports. +to the Web Admin interface. This will run on all Hosts without the label +LB=0, listening on the defined ports. To access the web UI, use https on the hostname and port you configured. diff --git a/templates/registry/config.yml b/templates/registry/config.yml index 88a6461..b88542b 100644 --- a/templates/registry/config.yml +++ b/templates/registry/config.yml @@ -1,7 +1,7 @@ name: Registry description: | Secure Docker registry. Web based administration. Optional LDAP authentication. -version: v2.3.1-3.0 +version: v2.3.1-3.1 category: Applications maintainer: Steve Shipway diff --git a/templates/xpilot/0/docker-compose.yml b/templates/xpilot/0/docker-compose.yml new file mode 100644 index 0000000..8e1e85d --- /dev/null +++ b/templates/xpilot/0/docker-compose.yml @@ -0,0 +1,29 @@ +server: + environment: + PASSWORD: ${PASSWORD} + log_driver: '' + command: + - -server + log_opt: {} + tty: false + stdin_open: false + image: sshipway/xpilot:latest + labels: + xpilot: server +client: + environment: + DISPLAY: ${DISPLAY} + NAME: ${NAME} + SERVER: xpilot + log_driver: '' + command: + - xpilot + log_opt: {} + image: sshipway/xpilot:latest + links: + - server:xpilot + tty: false + stdin_open: false + labels: + io.rancher.scheduler.affinity:container_label_soft: xpilot=server + io.rancher.container.start_once: 'true' diff --git a/templates/xpilot/0/rancher-compose.yml b/templates/xpilot/0/rancher-compose.yml new file mode 100644 index 0000000..19433a5 --- /dev/null +++ b/templates/xpilot/0/rancher-compose.yml @@ -0,0 +1,29 @@ +.catalog: + name: "XPilot" + version: "v0.1" + description: "Multiplayer shooting game" + uuid: xpilot-0 + questions: + - variable: "PASSWORD" + label: "Password" + description: "Administration password for the server" + default: password + required: true + type: "password" + - variable: "DISPLAY" + label: "Display" + description: "Enter the identifier for your XWindows display. This will usually be your workstation name or IP address, followed by :0" + default: 1.2.3.4:0 + required: true + type: "string" + - variable: "NAME" + label: "Player Name" + description: "Name for the player's ship. This must be unique." + default: player + required: true + type: "string" +server: + scale: 1 +client: + scale: 1 + diff --git a/templates/xpilot/README.md b/templates/xpilot/README.md new file mode 100644 index 0000000..7359e1f --- /dev/null +++ b/templates/xpilot/README.md @@ -0,0 +1,12 @@ +# XPilots + +This creates an X-Windows base X-Pilots game, for testing X-Windows connectivity. To use this, you will need to have X-Windows installed on your workstation, and able to accept incoming connections from the Docker Hosts. + +For the client, you need to specify the location of your X-Windows desktop, for example 1.2.3.4:0 + +You can add more players by just cloning the first player service, and giving it different DISPLAY and NAME environment variable settings. + +Note that there are NO publicly exposed ports as it runs purely over the Rancher +private network! If you want to make this available to external players, you +need to expose the port 15345/udp from the Server container. + diff --git a/templates/xpilot/catalogIcon-xpilot.png b/templates/xpilot/catalogIcon-xpilot.png new file mode 100644 index 0000000000000000000000000000000000000000..0b238d21946b6baa127162bd1258353928fe67d1 GIT binary patch literal 4205 zcmV-z5R&hSP)N@;i>sl#A z)Xo2^)!}b5bx^t*xBT0F+}n4v@7b_?HTrzg+Y^6%iMnC9lfMHOj@KKFe$d|kzKvg< zmcIJ$oy}aY`gD&UKQ2!e3}0O?7k4uzm_2y!kGihc+`n2KI6sRdzQFMjwZ?rUh_>}4 zYdd|sdr{2$`+Exd3*;{X3&-otlRpoCjQTb3=h5ePEPc+p?}uyb=LzyR3PsOf(UbQ) z-v{HpqIEr?*+nJAM&n<*b+T8+PoHT<=4F-TAi;_ZiR&q2bQDN7Uz2+OQ6oE=TI_rE7ZbiC3%jLg{FRXjJNPqX z>n^pD!a-iF&DL!4`6|s!4cep+rOehdM~Y8AXEvM9T58r!NoQd#jAt#~*sSXMTsX~5 zY^w&O4y3MAJ;?I;^ojT1_V$;*i!*indlwyk=(aqY-?6eNm?`~?lIw)O@1#>XJV`@L)jI1<%myTIH7QYL24Wyd| ztJXT=HtB}#VOKbH(Jubw1>bhi?^63*V9#Ri;NiiCFTzld_HF&KOp(7d} z%C|&|mkf++ANEG}yBzlp558x3kpa&;VLD@cn|*%1)HQ|qau%CeEr&>NM+w5A>-2o$ zj6Way0hv!BzA7{q7s2;$^5FILH?t+@u8!Zt-L4}Tr~lypyazJ5hWRoQZ3UBSS#62) zlojh7&Y+IerMZF&oj8N}Iis4wg~R9P%jA>3@6%4)mlpFqcSPOrZ_?~+`r+`884@!2 z)mwYuG-LK=V9HfBd9?*S&e4n$V=<5CkPOin;d1#`uyb28ub&SwQ>@@7(c7)5fPG8MC{YEY~+S<4djO z-k{AUv>X6ToD8s40c=)a@3_BGJ-Q9-&MLtY4|MSMYvQql)ZSvVFCD5tGArY{MTmw^&$jd73dM>fQIDi%-n?rsm5x z?vsYat=adzcXFIGu=$gGok3dHUDw$>@BzKW_!R@3WW$0Ma(eXao|iBWXH^Y(OOAWe zLe>qI8vL=5F4>qh&1XZnLr~q@F>FQvFNUpLKI3++d0w~`#^mQywbXBd&LEni$TVI( zh#@{=4*f1rPhFYJEKmA|jiRLobyQLCrqQ}t6tcUgwvH&6beg!M`p?goLJT!u_$4cK z_`uA^!A?fq5-rZV!`t`P9*+P0&+zT-B1()8EZ`MZ?9F)3p6Pg#bqf0S7IOA=Gkm`C zP0q6cGB4Q^o!Q%c^3cd;zHcgId#=!1q6vxVO+clXKbtw4TI(kLRj^fJ`t$<_IOL$Y za^DRW%x-Azo4dANs!T2h^VjCjKy5Y~f(VxH-Rq3gQW*DF)&@0GePaRKJiOUl;!V1o8O zyu9_*-^&k(od?>L15TWh*BNmY8r|a?d>Ew9sl!}1H)h4llPV8b7at!V@-#Qie&x8V zXI9&jUoaWsSheLq>Go|3UQ)Q(o&inMNYb1!5e_qTZ%))&*IJXs!+iU;7;5M^-`Wz> zGJCU`?W^CSBQI+6@uVQRgsgodpr!b(Y1_7fi6YE2H{M~6k#(J3JY5beh>)MtMAop` z3grz8>bodS(+t;dWtZ~aKgV;teSRM5x>|f*&KMkT5>FpB<4DiCdNR_RjREiF? z@!D1lkvbdzGmz7m`*|*9cY9_tBEwAz=9`*u=E|ec-WDaPEyWu*CQbAjbCQ&7NgM=qo(+ZlJFceL3v!PNk7x)n0b3U zbHbAO6XKP8D8N4TCOEI;jCu6p6eH(9)R7w|Lz2p_>%uBe*oMR*xcD{NHs@Y95p%U( z*=MEH;cyV{Fw48hh}8L2wsa!(hH=&-cV>`uBDMV9_(IStCwOv^>Sms@5`@XFeREQa zi`1?6wu;*0AyUH*QXL9Vhuo!)ha89ZHU$Wklt6GSnv;5Vp6vShkM=iOQ>IXY+tRzO zZa1QUi4){wuyf;bG8!wfWAP}i?y`?_9e`^oTuga6+f;i_y zybk{zH}lFRQ>I8YrV!YTfEK~!@^31U>K3o_OXoYtC3C%AA-fmhb(BXU)OMq=p&s0B zXzqN5qiq>p1-QbhM%xqp8ESWA^4PTroc_MG%yNQrZ70KS_brOIhm)C>s3STm)mzNr z!6M$-G1TH!u`>Phdsu^JC@H1QrG9Q-)w??taL`<_r$MZOmV8cbw6{@caB+H z@cTM_jn^6#%HhJU!^_@He?aUhcPyo*HqhL5X|C`4t`lChyORcH?sUho@mgu~eM>ba zPjnwwC(~9~*LdE;e1%dARu(T6gJk>Q~+&4}8t+n9yC!sf;%w%Mp9YQ&F9|Lmu31s1l>aB05UbgM02XY1At+Leh2EDkrFBC_FRX567#Hi2bvL5pDoNv@)5Y4V`8ge%w!qy0 zf3o>6>HldV3M|NV08Td`I+p7@FU8-PwIryJnrNa{tJD0UzInWsD0SH}Y|fQ6`*1NU znAamxPwy&g`cPwwp%Bh*qb7tsy@J#m{0Qco#`3tilrYK-5n(bi0ay>sqc(<3NP*M4 z?n57QYysn(sEV=^vMuUm_O^|4Rh%9Idoz$j{VF(5-gVBOTg5bk zt(w?Ym7-PV?ufBfl|+KoWX!>M_BhR7E09}hQF;Cz%{f5wFtq*E1R8ABE!wIr(MjtM zMy=vGdZn&JwhCKVtTM+YV5>5fXK@`H>N*gBM(ZQdNo(cL=01o{T6cCf2NVb~f833Q zP0B{6;B;CYiY?#>l#eeC<P73__#EYVTukUb=Z7MvFssX`fBrdERaMt@(=@{$4;V-Nn4bIB z*WZN)_SRbON%u+eF1J8Ak!BMP7|-BZg7yjkkAj4|U69jBakm>@wC=I^0Pq0FRbMqC zTseOLgO^^(d4=G>Y<3LxhvY$Xsj&oo-&a2sVlXzbSmlf@Q@kpvYuJrvqON40O>mrp zNVBi14!Y4REmmd*cfDR|Hs>XbZN+&jbFqpV8*-g*)5Y+3F&@|J^>8?-&^$i?Y*pB* z8?seD(sH+4CPo_&Gz!xU6H=%irz?H0gOED%ZPj9Pna0HAYsM%1W}7oHI--NtC#9{mIm4NIRV)7#+ zx=yFl@87>uaJTdKAN%kmB;j#|-)yLq(pn$k3<6eyNKAfJRa$GMgxTESCwcDB{er+(gc$@11)1|~iFeabUSd^J#@>3I1?mNJ46_1%E zc*v27T<5Ffd_Kq9TmX=ikn-_3K1&*NI%YF)x>ayGovNzBJOCvVQi3=KQ~5F_T3+md zY7egCz+hcZe`^oTud2+kDbya^&V-~UBuO4O+|ga76m}t{)uhHY!~g`;#~TXkUE_{Z zP|hyH*dj-GGheV+nQYbIqThg#PaQ%FfW|X8AP<5=ci^1KuE(uW3LCa6?7>BQkR&sd zoWIYwj;?o)NIbzDEjyneV)7+;oK5APd?KQVF7_#+|L@6;hCP_S*<8sgVQedsUm=7< zVMFJzUcm(Ai3&sjfV2hL3>shL{Y^nT10EzwF>8q?7n}~*7N^tdus`lLRLj&_cU{+Y z-R>0i?{ zKYw0{sIKd}uB)mdqSsedEFtB)11u7U3;^5XbXg8VakpW89#?X0Z~(~0>A>AGBUe2K z004kBfK-tH0D#8<004l;0RRAi#{mEUfX4v<07&5fKT +