From f03538ada80d05892491ed6297c58ed82b6c899c Mon Sep 17 00:00:00 2001 From: johnwesley Date: Sat, 27 Apr 2019 15:27:41 -0400 Subject: [PATCH 1/2] Reset branch with upstream master and modify Travis tests to include Makefile. --- .travis.yml | 2 +- Dockerfile | 3 -- Makefile | 66 ++++++++++++++++++++++++++++++++++++++ docs/deploy-from-docker.md | 9 ++++++ tests/local-deploy.sh | 2 +- tests/update-users.sh | 2 +- 6 files changed, 78 insertions(+), 6 deletions(-) create mode 100644 Makefile diff --git a/.travis.yml b/.travis.yml index e799b05b..2379e55a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -75,7 +75,7 @@ matrix: env: DEPLOY=docker before_install: *provisioning before_script: - - docker build -t travis/algo . + - make docker-build - ./tests/local-deploy.sh - ./tests/update-users.sh script: *tests diff --git a/Dockerfile b/Dockerfile index 14036294..4dceab45 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,9 +17,6 @@ WORKDIR /algo COPY requirements.txt . RUN apk --no-cache add ${BUILD_PACKAGES} && \ python -m pip --no-cache-dir install -U pip && \ - python -m pip --no-cache-dir install virtualenv && \ - python -m virtualenv env && \ - source env/bin/activate && \ python -m pip --no-cache-dir install -r requirements.txt --no-use-pep51 && \ apk del ${BUILD_PACKAGES} COPY . . diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..0c05d205 --- /dev/null +++ b/Makefile @@ -0,0 +1,66 @@ +## docker-build: Build and tag a docker image +.PHONY: docker-build + +IMAGE := trailofbits/algo +TAG := latest +DOCKERFILE := Dockerfile +CONFIGURATIONS := $(shell pwd) + +docker-build: + docker build \ + -t $(IMAGE):$(TAG) \ + -f $(DOCKERFILE) \ + . + +## docker-deploy: Mount config directory and deploy Algo +.PHONY: docker-deploy + +# Set VIRTUAL_ENV for algo. +docker-deploy: + docker run \ + --cap-drop=all \ + --rm \ + -it \ + -v $(CONFIGURATIONS):/data \ + $(IMAGE):$(TAG) + +## docker-clean: Remove images and containers. +.PHONY: docker-clean + +docker-clean: + docker images \ + $(IMAGE) |\ + awk '{if (NR>1) print $$3}' |\ + xargs docker rmi + +## docker-all: Build, Deploy, Rinse +.PHONY: docker-all + +## docker-ci-local +.PHONY: docker-ci-local + +DEPLOY_ARGS := 'provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 apparmor_enabled=false ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test local_dns=true ssh_tunneling=true windows=true store_cakey=true install_headers=false tests=true' + +docker-ci-local: + docker run \ + -it \ + -v $(shell pwd)/config.cfg:/algo/config.cfg \ + -v $(shell echo ${HOME})/.ssh:/root/.ssh \ + -v $(shell pwd)/configs:/algo/configs \ + -e "DEPLOY_ARGS=$(DEPLOY_ARGS)" \ + trailofbits/algo:latest /bin/sh -c "chown -R root: /root/.ssh && chmod -R 600 /root/.ssh && ansible-playbook main.yml -e ${DEPLOY_ARGS} --skip-tags apparmor" + +## docker-ci-user-update +.PHONY: docker-ci-user-update + +USER_ARGS := '{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'] }' + +docker-ci-user-update: + docker run \ + -v $(shell pwd)/config.cfg:/algo/config.cfg \ + -v $(shell echo ${HOME})/.ssh:/root/.ssh \ + -v $(shell pwd)/configs:/algo/configs \ + -e "USER_ARGS=$(USER_ARGS)" \ + trailofbits/algo:latest /bin/sh -c "ansible-playbook users.yml -e ${USER_ARGS} -t update-users" + +all: docker-build docker-deploy docker-clean diff --git a/docs/deploy-from-docker.md b/docs/deploy-from-docker.md index 2efd5e32..ab6ba498 100644 --- a/docs/deploy-from-docker.md +++ b/docs/deploy-from-docker.md @@ -50,6 +50,15 @@ $ docker run --cap-drop=all -it \ You can use the Dockerfile provided in this repository as-is, or modify it to suit your needs. Further instructions on building an image can be found in the [Docker engine](https://docs.docker.com/engine/) documents. +## Deploying an Algo Server with a Docker Makefile + +A `Makefile` is included as a convenience for Docker users which aims to simplify some of the command syntax. +**This has not been tested in a Windows environment.** + +1. From the project's root run `make docker-build`. This builds a Docker image labeled `trailofbits/algo:latest`. These values can be changed in the `Makefile` itself. +2. Run `make docker-deploy`. By default this will use the given copy of `config.cfg` and populate the project's root `~/configs/` directory with your client configuration data. If you would rather use a local directory and `config.cfg` file, then follow steps 2 and 3 before changing the `CONFIGURATIONS` variable in the `Makefile`. +3. If desired, `make docker-clean` will remove the image. + ## Security Considerations Using Docker is largely no different from running Algo yourself, with a couple of notable exceptions: we run as root within the container, and you're retrieving your content from Docker Hub. diff --git a/tests/local-deploy.sh b/tests/local-deploy.sh index 99bf5c21..9609813c 100755 --- a/tests/local-deploy.sh +++ b/tests/local-deploy.sh @@ -6,7 +6,7 @@ DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.10 if [ "${DEPLOY}" == "docker" ] then - docker run -it -v $(pwd)/config.cfg:/algo/config.cfg -v ~/.ssh:/root/.ssh -v $(pwd)/configs:/algo/configs -e "DEPLOY_ARGS=${DEPLOY_ARGS}" travis/algo /bin/sh -c "chown -R root: /root/.ssh && chmod -R 600 /root/.ssh && source env/bin/activate && ansible-playbook main.yml -e \"${DEPLOY_ARGS}\" --skip-tags apparmor" + make docker-ci-local else ansible-playbook main.yml -e "${DEPLOY_ARGS}" --skip-tags apparmor fi diff --git a/tests/update-users.sh b/tests/update-users.sh index d957787d..b22f34d9 100755 --- a/tests/update-users.sh +++ b/tests/update-users.sh @@ -6,7 +6,7 @@ USER_ARGS="{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'] }" if [ "${DEPLOY}" == "docker" ] then - docker run -it -v $(pwd)/config.cfg:/algo/config.cfg -v ~/.ssh:/root/.ssh -v $(pwd)/configs:/algo/configs -e "USER_ARGS=${USER_ARGS}" travis/algo /bin/sh -c "chown -R root: /root/.ssh && chmod -R 600 /root/.ssh && source env/bin/activate && ansible-playbook users.yml -e \"${USER_ARGS}\" -t update-users" + make docker-ci-user-update else ansible-playbook users.yml -e "${USER_ARGS}" -t update-users fi From 33c964ae5abbb21095d6d127ea65074186dd4c58 Mon Sep 17 00:00:00 2001 From: johnwesley Date: Sat, 11 May 2019 20:12:16 -0400 Subject: [PATCH 2/2] modify algo for docker deploys --- Dockerfile | 1 + algo | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4dceab45..3094848a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,7 @@ FROM python:2-alpine ARG VERSION="git" ARG PACKAGES="bash libffi openssh-client openssl rsync tini" ARG BUILD_PACKAGES="gcc libffi-dev linux-headers make musl-dev openssl-dev" +ARG DOCKER_BUILD="docker" LABEL name="algo" \ version="${VERSION}" \ diff --git a/algo b/algo index 260c0e65..65ed8844 100755 --- a/algo +++ b/algo @@ -2,7 +2,7 @@ set -e -if [ -z ${VIRTUAL_ENV+x} ] +if [[ -z ${VIRTUAL_ENV+x} && -z ${DOCKER_BUILD+x} ]] then ACTIVATE_SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/env/bin/activate" if [ -f "$ACTIVATE_SCRIPT" ]