diff --git a/.travis.yml b/.travis.yml index c730000f..190b4b5c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -72,9 +72,10 @@ stages: apt: sources: *default_sources packages: *default_packages + env: DEPLOY=docker before_install: *provisioning before_script: - - docker build -t travis/algo . + - make docker-build - ./tests/local-deploy.sh - ./tests/update-users.sh script: *tests diff --git a/Dockerfile b/Dockerfile index 6fa1d0fc..4dceab45 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,10 +17,7 @@ WORKDIR /algo COPY requirements.txt . RUN apk --no-cache add ${BUILD_PACKAGES} && \ python -m pip --no-cache-dir install -U pip && \ - python -m pip --no-cache-dir install virtualenv && \ - python -m virtualenv env && \ - source env/bin/activate && \ - python -m pip --no-cache-dir install -r requirements.txt && \ + python -m pip --no-cache-dir install -r requirements.txt --no-use-pep51 && \ apk del ${BUILD_PACKAGES} COPY . . RUN chmod 0755 /algo/algo-docker.sh diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..0c05d205 --- /dev/null +++ b/Makefile @@ -0,0 +1,66 @@ +## docker-build: Build and tag a docker image +.PHONY: docker-build + +IMAGE := trailofbits/algo +TAG := latest +DOCKERFILE := Dockerfile +CONFIGURATIONS := $(shell pwd) + +docker-build: + docker build \ + -t $(IMAGE):$(TAG) \ + -f $(DOCKERFILE) \ + . + +## docker-deploy: Mount config directory and deploy Algo +.PHONY: docker-deploy + +# Set VIRTUAL_ENV for algo. +docker-deploy: + docker run \ + --cap-drop=all \ + --rm \ + -it \ + -v $(CONFIGURATIONS):/data \ + $(IMAGE):$(TAG) + +## docker-clean: Remove images and containers. +.PHONY: docker-clean + +docker-clean: + docker images \ + $(IMAGE) |\ + awk '{if (NR>1) print $$3}' |\ + xargs docker rmi + +## docker-all: Build, Deploy, Rinse +.PHONY: docker-all + +## docker-ci-local +.PHONY: docker-ci-local + +DEPLOY_ARGS := 'provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 apparmor_enabled=false ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test local_dns=true ssh_tunneling=true windows=true store_cakey=true install_headers=false tests=true' + +docker-ci-local: + docker run \ + -it \ + -v $(shell pwd)/config.cfg:/algo/config.cfg \ + -v $(shell echo ${HOME})/.ssh:/root/.ssh \ + -v $(shell pwd)/configs:/algo/configs \ + -e "DEPLOY_ARGS=$(DEPLOY_ARGS)" \ + trailofbits/algo:latest /bin/sh -c "chown -R root: /root/.ssh && chmod -R 600 /root/.ssh && ansible-playbook main.yml -e ${DEPLOY_ARGS} --skip-tags apparmor" + +## docker-ci-user-update +.PHONY: docker-ci-user-update + +USER_ARGS := '{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'] }' + +docker-ci-user-update: + docker run \ + -v $(shell pwd)/config.cfg:/algo/config.cfg \ + -v $(shell echo ${HOME})/.ssh:/root/.ssh \ + -v $(shell pwd)/configs:/algo/configs \ + -e "USER_ARGS=$(USER_ARGS)" \ + trailofbits/algo:latest /bin/sh -c "ansible-playbook users.yml -e ${USER_ARGS} -t update-users" + +all: docker-build docker-deploy docker-clean diff --git a/docs/deploy-from-docker.md b/docs/deploy-from-docker.md index 2efd5e32..ab6ba498 100644 --- a/docs/deploy-from-docker.md +++ b/docs/deploy-from-docker.md @@ -50,6 +50,15 @@ $ docker run --cap-drop=all -it \ You can use the Dockerfile provided in this repository as-is, or modify it to suit your needs. Further instructions on building an image can be found in the [Docker engine](https://docs.docker.com/engine/) documents. +## Deploying an Algo Server with a Docker Makefile + +A `Makefile` is included as a convenience for Docker users which aims to simplify some of the command syntax. +**This has not been tested in a Windows environment.** + +1. From the project's root run `make docker-build`. This builds a Docker image labeled `trailofbits/algo:latest`. These values can be changed in the `Makefile` itself. +2. Run `make docker-deploy`. By default this will use the given copy of `config.cfg` and populate the project's root `~/configs/` directory with your client configuration data. If you would rather use a local directory and `config.cfg` file, then follow steps 2 and 3 before changing the `CONFIGURATIONS` variable in the `Makefile`. +3. If desired, `make docker-clean` will remove the image. + ## Security Considerations Using Docker is largely no different from running Algo yourself, with a couple of notable exceptions: we run as root within the container, and you're retrieving your content from Docker Hub. diff --git a/tests/local-deploy.sh b/tests/local-deploy.sh index 7699469d..02d4df51 100755 --- a/tests/local-deploy.sh +++ b/tests/local-deploy.sh @@ -6,7 +6,7 @@ DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.10 if [ "${DEPLOY}" == "docker" ] then - docker run -it -v $(pwd)/config.cfg:/algo/config.cfg -v ~/.ssh:/root/.ssh -v $(pwd)/configs:/algo/configs -e "DEPLOY_ARGS=${DEPLOY_ARGS}" travis/algo /bin/sh -c "chown -R root: /root/.ssh && chmod -R 600 /root/.ssh && source env/bin/activate && ansible-playbook main.yml -e \"${DEPLOY_ARGS}\" --skip-tags apparmor" + make docker-ci-local else ansible-playbook main.yml -e "${DEPLOY_ARGS}" --skip-tags apparmor fi diff --git a/tests/update-users.sh b/tests/update-users.sh index 8c76ba1d..6794177b 100755 --- a/tests/update-users.sh +++ b/tests/update-users.sh @@ -6,7 +6,7 @@ USER_ARGS="{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'], 'lo if [ "${DEPLOY}" == "docker" ] then - docker run -it -v $(pwd)/config.cfg:/algo/config.cfg -v ~/.ssh:/root/.ssh -v $(pwd)/configs:/algo/configs -e "USER_ARGS=${USER_ARGS}" travis/algo /bin/sh -c "chown -R root: /root/.ssh && chmod -R 600 /root/.ssh && source env/bin/activate && ansible-playbook users.yml -e \"${USER_ARGS}\" -t update-users" + make docker-ci-user-update else ansible-playbook users.yml -e "${USER_ARGS}" -t update-users fi