Skip to content

Commit

Permalink
Docker updt
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikeTWC1984
mikeTWC1984 committed Mar 10, 2021
1 parent 776c195 commit 68da43d
Show file tree
Hide file tree
Showing 4 changed files with 118 additions and 8 deletions.
7 changes: 5 additions & 2 deletions Docker/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# build: docker build -t cronicle:edge -f Dockerfile --build-arg branch=main --build-arg echo=1 .
# build: docker build -t cronicle:edge -f Dockerfile --build-arg branch=main --build-arg echo=1 --build-arg bldonly=1 .
# test run: docker run -it -v $HOME/data:/opt/cronicle/data -p 3012:3012 cronicle:edge manager

FROM node:14-alpine3.12
Expand Down Expand Up @@ -51,7 +51,10 @@ RUN echo $echo
ARG branch=main
RUN git clone https://github.com/cronicle-edge/cronicle-edge.git /opt/cronicle
RUN git checkout ${branch}
RUN npm audit fix --force; npm install; node bin/build dist
RUN npm audit fix --force; npm install
ARG bldonly
RUN echo $bldonly
RUN git pull && node bin/build dist

# protect sensitive folders
RUN mkdir -p /opt/cronicle/data /opt/cronicle/conf && chmod 0700 /opt/cronicle/data /opt/cronicle/conf
Expand Down
73 changes: 73 additions & 0 deletions Docker/DockerfileMultistage
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# build: docker build -t cronicle:pwsh -f DockerfileMultistage --build-arg branch=main --build-arg echo=1 .
# multistage build example

FROM node:14-alpine3.12 AS BASE

WORKDIR /opt/cronicle
RUN apk add git && git clone https://github.com/cronicle-edge/cronicle-edge.git /opt/cronicle
ARG branch=main
RUN git checkout ${branch}
RUN npm audit fix --force; npm install


# ------ main image ----------------------------- #

FROM mcr.microsoft.com/powershell:alpine-3.12
RUN apk add --no-cache nodejs-current git tini util-linux bash openssl procps coreutils curl acl jq
# required: all: tini; alpine: util-linux procps coreutils

# optional lolcat for tty/color debugging
RUN apk add lolcat --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing

# optional java 15, for java 11 just use "apk add openjdk11"
# RUN apk add openjdk15-jdk --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
# ENV JAVA_HOME=/usr/lib/jvm/java-15-openjdk
# ENV PATH="$JAVA_HOME/bin:${PATH}"

# optional PySpark
# RUN apk add python3 gcompat
# RUN pip3 install pyspark
# ENV SPARK_CLASSPATH=/jars/*
# python version, might change (e.g. to 3.9)
# ENV PYSPARK_PYTHON=python3.8

# optional mc s3 client (+20MB)
# RUN wget -O /usr/bin/mc http://dl.min.io/client/mc/release/linux-amd64/mc && chmod +x /usr/bin/mc

# optional kafkacat
# RUN apk add kafkacat --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
# extra deps if using kerberos: apk add krb5 cyrus-sasl cyrus-sasl-gssapiv2

# optional - set up custom CA cert
# COPY myCA.cer /usr/local/share/ca-certificates/myCA.crt
# RUN apk add --no-cache ca-certificates
# RUN update-ca-certificates
# ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/myCA.crt

ENV CRONICLE_foreground=1
ENV CRONICLE_echo=1
ENV TZ=America/New_York
ENV EDITOR=nvim

ENV PATH "/opt/cronicle/bin:${PATH}"

# non root user for shell plugin
ARG CRONICLE_UID=1007
ARG CRONICLE_GID=1099
RUN addgroup cronicle --gid $CRONICLE_GID && adduser -D -h /opt/cronicle -u $CRONICLE_UID -G cronicle cronicle

WORKDIR /opt/cronicle
ARG echo
RUN echo $echo
ARG branch=main
RUN git clone https://github.com/cronicle-edge/cronicle-edge.git /opt/cronicle
COPY --from=BASE /opt/cronicle/node_modules /opt/cronicle/node_modules
RUN git checkout ${branch}
#RUN npm audit fix --force; npm install
RUN git pull && node bin/build dist


# protect sensitive folders
RUN mkdir -p /opt/cronicle/data /opt/cronicle/conf && chmod 0700 /opt/cronicle/data /opt/cronicle/conf

ENTRYPOINT ["/sbin/tini", "--"]
43 changes: 39 additions & 4 deletions Docker/Readme.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,38 @@

# Running cronicle in swarm mode
# Building image
You can use Dockerfile in this folder as an example. You need to use tini as an entrypoint to avoid Cronicle to become zombie. If using alpine make sure to install following packages:
```bash
apk add util-linux bash openssl procps coreutils
```
You will likely need to use some different base image (e.g. python or java). In this case it's useful to use multistage build to speed up build times and reduce some space. Just add nodejs-current package to your base image, and run "npm install" using node image and then just copy node modules. Use DockerfileMultistage file as example.

## step 1 - create network and prepare volume for data
# Running using docker run
For debugging/development start interactive bash, then use *manager* or *worker* command
```
docker run -it -p 3012:3012 cronicle/cronicle:edge bash
```
For better security I'd suggest to run cronicle as root user, while setting shell plugin to run as non-root. This way you can limit access to data/conf directories and some other files with sensitive data. This is how demo image is set.

For actual use:
- use *manager* as entrypoint command
- always use same hostname (e.g. manager1 ) to make data folder portable (without tweaking server list/groups later)
- for persistant volume you only need to map *data* folder
- to run cronicle "as a service" use *restart=always* option
- you may optionally use *--net=host* parameter if interacting with cronicle nodes on other machines (in this case don't use hostname parameter, it should be the same as your host)

```bash
docker run -it --hostname manager1 --restart always \
-e CRONICLE_manager=1 \
-e CRONICLE_secret_key=123456 \
-p 3017:3012 \
-v $HOME/data:/opt/cronicle/data \
cronicle:pwsh manager
```

# Running cronicle in swarm mode (as service)
If you have multiple machines it's a good idea to set up a swarm cluster. It's still could be useful on a single node too, since you'll get access to secret management, and will be able easily update/roll back cronicle version.

## step 1 - create network and volume

```bash
docker network create --driver overlay cron
Expand Down Expand Up @@ -68,12 +99,16 @@ If you are going to deploy a cluster (1 manager + N workers), it's better to use

# Setting up https reverse proxy with nginx

Below command assumes that ssl keys will be placed under /run/secrets/ as master.crt and master.key
For a single node cronicle Nginx should be a good reverse/https proxy solution. You can install it over docker as well. Check nginx.conf file and command below. It assumes ssl keys will be placed under /run/secrets/ as master.crt and master.key
Edit nginx.conf to set different key path, or change/add other routes if needed (if running multiple apps on same server)
Then:

```bash
docker run -d --net=host -v ~/secrets:/run/secrets --name nginx --restart=always nginx
docker run -d --net=host --name nginx --restart=always nginx
docker cp nginx.conf nginx:/etc/nginx/nginx.conf
docker restart nginx
```

If using Swarm with multiple nodes, you can also check out traefik.


3 changes: 1 addition & 2 deletions Readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@ You can quickly try it using Docker:
```bash
docker run -it -p 3012:3012 -e CRONICLE_manager=1 cronicle/cronicle:edge manager
```
You can import some demo jobs from sample_conf/backup file. This can be done via UI (see below)
Docker folder contains Dockerfile and several other examples for real life use.
You can import some demo jobs from sample_conf/backup file. This can be done via UI (see below). Check [Docker](https://github.com/cronicle-edge/cronicle-edge/tree/main/Docker) section for Dockerfile and other examples for real life use.

### Shell Plugin Improvement:

Expand Down

0 comments on commit 68da43d

Please sign in to comment.