Move dockerfiles to their own folder

dockerfiles/dind/.editorconfig

@@ -0,0 +1,14 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+
+# Tab indentation (no size specified)
+[{Makefile,*.go}]
+indent_style = tab

dockerfiles/dind/.gitconfig

@@ -0,0 +1,2 @@
+[url "https://"]   
+    insteadOf = git://

dockerfiles/dind/.inputrc

@@ -0,0 +1,73 @@
+# /etc/inputrc - global inputrc for libreadline
+# See readline(3readline) and `info rluserman' for more information.
+
+# Be 8 bit clean.
+set input-meta on
+set output-meta on
+
+# To allow the use of 8bit-characters like the german umlauts, uncomment
+# the line below. However this makes the meta key not work as a meta key,
+# which is annoying to those which don't need to type in 8-bit characters.
+
+# set convert-meta off
+
+# try to enable the application keypad when it is called.  Some systems
+# need this to enable the arrow keys.
+# set enable-keypad on
+
+# see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
+
+# do not bell on tab-completion
+# set bell-style none
+# set bell-style visible
+
+# some defaults / modifications for the emacs mode
+$if mode=emacs
+
+# allow the use of the Home/End keys
+"\e[1~": beginning-of-line
+"\e[4~": end-of-line
+
+# allow the use of the Delete/Insert keys
+"\e[3~": delete-char
+"\e[2~": quoted-insert
+
+# mappings for "page up" and "page down" to step to the beginning/end
+# of the history
+# "\e[5~": beginning-of-history
+# "\e[6~": end-of-history
+
+# alternate mappings for "page up" and "page down" to search the history
+# "\e[5~": history-search-backward
+# "\e[6~": history-search-forward
+
+# mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
+"\e[1;5C": forward-word
+"\e[1;5D": backward-word
+"\e[5C": forward-word
+"\e[5D": backward-word
+"\e\e[C": forward-word
+"\e\e[D": backward-word
+
+$if term=rxvt
+"\e[7~": beginning-of-line
+"\e[8~": end-of-line
+"\eOc": forward-word
+"\eOd": backward-word
+$endif
+
+# for non RH/Debian xterm, can't hurt for RH/Debian xterm
+# "\eOH": beginning-of-line
+# "\eOF": end-of-line
+
+# for freebsd console
+# "\e[H": beginning-of-line
+# "\e[F": end-of-line
+
+$endif
+ 
+# faster completion
+set show-all-if-ambiguous on
+  
+"\e[A": history-search-backward
+"\e[B": history-search-forward

dockerfiles/dind/.profile

@@ -0,0 +1,5 @@
+export PS1='\e[1m\e[31m[\h] \e[32m($(docker-prompt)) \e[34m\u@$(hostname -i)\e[35m \w\e[0m\n$ '
+alias vi='vim'
+export PATH=$PATH:/root/go/bin
+cat /etc/motd
+echo $BASHPID > /var/run/cwd

dockerfiles/dind/.vimrc

@@ -0,0 +1,6 @@
+syntax on
+set autoindent
+set expandtab
+set number
+set shiftwidth=2
+set softtabstop=2

dockerfiles/dind/Dockerfile.dind

@@ -0,0 +1,67 @@
+ARG VERSION=docker:17.07-dind
+FROM ${VERSION}
+
+RUN apk add --no-cache git tmux py2-pip apache2-utils vim build-base gettext-dev curl bash-completion bash util-linux jq openssh zfs
+
+ENV GOPATH /root/go
+ENV PATH $PATH:$GOPATH
+
+
+# Compile and install httping
+# (used in orchestration workshop, and very useful anyway)
+RUN mkdir -p /opt && cd /opt && \
+    curl https://www.vanheusden.com/httping/httping-2.5.tgz | \
+    tar -zxf- && cd httping-2.5 && \
+    ./configure && make install LDFLAGS=-lintl && \
+    rm -rf httping-2.5
+
+ENV COMPOSE_VERSION=1.13.0
+ENV MACHINE_VERSION=v0.11.0
+# Install Compose and Machine
+RUN pip install docker-compose==${COMPOSE_VERSION}
+RUN curl -L https://github.com/docker/machine/releases/download/${MACHINE_VERSION}/docker-machine-Linux-x86_64 \
+    -o /usr/bin/docker-machine && chmod +x /usr/bin/docker-machine
+
+# Add bash completion and set bash as default shell
+RUN mkdir /etc/bash_completion.d \
+    && curl https://raw.githubusercontent.com/docker/cli/master/contrib/completion/bash/docker -o /etc/bash_completion.d/docker \
+    && sed -i "s/ash/bash/" /etc/passwd
+ 
+# Replace modprobe with a no-op to get rid of spurious warnings
+# (note: we can't just symlink to /bin/true because it might be busybox)
+RUN rm /sbin/modprobe && echo '#!/bin/true' >/sbin/modprobe && chmod +x /sbin/modprobe
+
+# Install a nice vimrc file and prompt (by soulshake)
+COPY ["docker-prompt","/usr/local/bin/"]
+COPY [".vimrc",".profile", ".inputrc", ".gitconfig", "./root/"]
+COPY ["motd", "/etc/motd"]
+COPY ["daemon.json", "/etc/docker/"]
+
+ARG docker_storage_driver=overlay2
+
+ENV DOCKER_STORAGE_DRIVER=$docker_storage_driver
+
+# Move to our home
+WORKDIR /root
+
+# Setup certs and ssh keys
+RUN mkdir -p /var/run/pwd/certs && mkdir -p /var/run/pwd/uploads \
+    && ssh-keygen -N "" -t rsa -f  /etc/ssh/ssh_host_rsa_key >/dev/null \
+    && mkdir ~/.ssh && ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa \
+    && cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
+
+# Remove IPv6 alias for localhost and start docker in the background ...
+CMD cat /etc/hosts >/etc/hosts.bak && \
+    sed 's/^::1.*//' /etc/hosts.bak > /etc/hosts && \
+    sed -i "s/\DOCKER_STORAGE_DRIVER/$DOCKER_STORAGE_DRIVER/" /etc/docker/daemon.json && \
+    sed -i "s/\PWD_IP_ADDRESS/$PWD_IP_ADDRESS/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSENABLE/$DOCKER_TLSENABLE/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSCACERT/$DOCKER_TLSCACERT/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSCERT/$DOCKER_TLSCERT/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSKEY/$DOCKER_TLSKEY/" /etc/docker/daemon.json && \
+    mount -t securityfs none /sys/kernel/security && \
+    echo "root:root" | chpasswd &> /dev/null && \
+    /usr/sbin/sshd -o PermitRootLogin=yes -o PrintMotd=no 2>/dev/null && \
+    dockerd &>/docker.log & \
+    while true ; do script -q -c "/bin/bash -l" /dev/null ; done
+# ... and then put a shell in the foreground, restarting it if it exits

dockerfiles/dind/Dockerfile.dind-ee

@@ -0,0 +1,41 @@
+ARG VERSION=franela/docker:17.06.2-dind-ubuntu
+FROM ${VERSION}
+
+RUN apt-get update \ 
+    && apt-get install -y git tmux apache2-utils vim curl zfs jq bash-completion \
+    && rm -rf /var/lib/apt/lists/*
+
+
+# Add bash completion and set bash as default shell
+#RUN mkdir /etc/bash_completion.d \
+#    && curl https://raw.githubusercontent.com/docker/cli/master/contrib/completion/bash/docker -o /etc/bash_completion.d/docker \
+#    && sed -i "s/ash/bash/" /etc/passwd
+ 
+# Replace modprobe with a no-op to get rid of spurious warnings
+# (note: we can't just symlink to /bin/true because it might be busybox)
+RUN rm /sbin/modprobe && echo '#!/bin/true' >/sbin/modprobe && chmod +x /sbin/modprobe
+
+# Install a nice vimrc file and prompt (by soulshake)
+COPY ["docker-prompt", "ucp.sh", "/usr/local/bin/"]
+COPY [".vimrc",".profile", ".inputrc", ".gitconfig", "workshop.lic", "./root/"]
+COPY ["motd", "/etc/motd"]
+COPY ["daemon.json", "/etc/docker/"]
+
+# Move to our home
+WORKDIR /root
+
+# Setup certs and uploads folders
+RUN mkdir -p /var/run/pwd/certs && mkdir -p /var/run/pwd/uploads
+
+# Remove IPv6 alias for localhost and start docker in the background ...
+CMD cat /etc/hosts >/etc/hosts.bak && \
+    sed 's/^::1.*//' /etc/hosts.bak > /etc/hosts && \
+    sed -i "s/\PWD_IP_ADDRESS/$PWD_IP_ADDRESS/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSENABLE/$DOCKER_TLSENABLE/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSCACERT/$DOCKER_TLSCACERT/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSCERT/$DOCKER_TLSCERT/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSKEY/$DOCKER_TLSKEY/" /etc/docker/daemon.json && \
+    mount -t securityfs none /sys/kernel/security && \
+    dockerd > /docker.log 2>&1 & \
+    while true ; do script -q -c "/bin/bash -l" /dev/null ; done
+# ... and then put a shell in the foreground, restarting it if it exits

dockerfiles/dind/daemon.json

@@ -0,0 +1,11 @@
+{
+    "experimental": true,
+    "debug": true,
+    "log-level": "info",
+    "insecure-registries": ["127.0.0.1"],
+    "hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2375"],
+    "tls": DOCKER_TLSENABLE,
+    "tlscacert": "DOCKER_TLSCACERT",
+    "tlscert": "DOCKER_TLSCERT",
+    "tlskey": "DOCKER_TLSKEY"
+}

dockerfiles/dind/docker-prompt

@@ -0,0 +1,22 @@
+
+#!/bin/sh
+case "$DOCKER_HOST" in
+*:3376)
+  echo swarm
+  ;;
+*:2376)
+  echo $DOCKER_MACHINE_NAME
+  ;;
+*:2375)
+  echo $DOCKER_MACHINE_NAME
+  ;;
+*:55555)
+  echo $DOCKER_MACHINE_NAME
+  ;;
+"")
+  echo local
+  ;;
+*)
+  echo unknown
+  ;;
+esac

dockerfiles/dind/motd

@@ -0,0 +1,8 @@
+###############################################################
+#                          WARNING!!!!                        #
+# This is a sandbox environment. Using personal credentials   #
+# is HIGHLY! discouraged. Any consequences of doing so are    #
+# completely the user's responsibilites.                      #
+#                                                             #
+# The PWD team.                                               #
+###############################################################

dockerfiles/dind/ssh_config

@@ -0,0 +1,2 @@
+Host *
+    StrictHostKeyChecking no

dockerfiles/dind/ucp.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+
+set -e
+
+function wait_for_url {
+    # Wait for docker daemon to be ready
+    while ! curl -k -sS $1 > /dev/null; do
+        sleep 1;
+    done
+}
+
+function deploy_ucp {
+    wait_for_url "http://localhost:2375"
+    docker run --rm  --name ucp \
+        -v /var/run/docker.sock:/var/run/docker.sock \
+        docker/ucp:2.2.3 install --force-insecure-tcp \
+        --san *.direct.${PWD_HOST_FQDN} \
+        --license $(cat $HOME/workshop.lic) \
+        --admin-username admin \
+        --admin-password admin1234
+}
+
+function get_instance_ip {
+    ip -o -4 a s eth1 | awk '{print $4}' | cut -d '/' -f1
+}
+
+function get_node_routable_ip {
+    curl -sS https://${PWD_HOST_FQDN}/sessions/${SESSION_ID} | jq -r '.instances[] | select(.hostname == "'$1'") | .routable_ip'
+}
+
+function get_direct_url_from_ip {
+    local ip_dash="${1//./-}"
+    local url="https://ip${ip_dash}-${SESSION_ID}.direct.${PWD_HOST_FQDN}"
+    echo $url
+}
+
+function deploy_dtr {
+    if [ $# -lt 1 ]; then
+        echo "DTR node hostname"
+        return
+    fi
+
+
+    local dtr_ip=$(get_node_routable_ip $1)
+    local ucp_ip=$(get_instance_ip)
+
+    local dtr_url=$(get_direct_url_from_ip $dtr_ip)
+    local ucp_url=$(get_direct_url_from_ip $ucp_ip)
+
+    docker run --rm docker/dtr install \
+      --dtr-external-url $dtr_url \
+      --ucp-node $1 \
+      --ucp-username admin \
+      --ucp-password admin1234 \
+      --ucp-insecure-tls \
+      --ucp-url $ucp_url
+}
+
+function setup_dtr_certs {
+    if [ $# -lt 1 ]; then
+        echo "DTR node hostname is missing"
+        return
+    fi
+
+
+    local dtr_ip=$(get_node_routable_ip $1)
+    local dtr_url=$(get_direct_url_from_ip $dtr_ip)
+    local dtr_hostname="${dtr_url/https:\/\/}"
+
+    wait_for_url "$dtr_url/ca"
+
+    curl -kfsSL $dtr_url/ca -o /usr/local/share/ca-certificates/$dtr_hostname.crt
+    update-ca-certificates
+}
+
+
+case "$1" in
+    deploy)
+            deploy_ucp
+            deploy_dtr $2
+            setup_dtr_certs $2
+            ;;
+    setup-certs)
+            setup_dtr_certs $2
+            ;;
+    *)
+            echo "Illegal option $1"
+            ;;
+esac
+

dockerfiles/dind/workshop.lic

@@ -0,0 +1 @@
+{"key_id":"bOY__C4AqPpQ4II47GWgozELwQRcsGfjXZkjxp3TqEHD","private_key":"OYr0Px6Yc_QrfhLAGfvVwUw1WcsTsC6w7yxZX3osbxUo","authorization":"ewogICAicGF5bG9hZCI6ICJleUpsZUhCcGNtRjBhVzl1SWpvaU1qQXhOeTB4TUMwd01WUXhOem94TkRvME1Wb2lMQ0owYjJ0bGJpSTZJbEZ4TWtzdFVVb3RkM2s0Tm04eUxWTlZXRVpPZURsMlIwUk9Xak13T0V4VldrTkJjelJtVWtGak9HYzlJaXdpYldGNFJXNW5hVzVsY3lJNk1UQXNJbk5qWVc1dWFXNW5SVzVoWW14bFpDSTZkSEoxWlN3aWJHbGpaVzV6WlZSNWNHVWlPaUpQWm1ac2FXNWxJaXdpZEdsbGNpSTZJbEJ5YjJSMVkzUnBiMjRpZlEiLAogICAic2lnbmF0dXJlcyI6IFsKICAgICAgewogICAgICAgICAiaGVhZGVyIjogewogICAgICAgICAgICAiandrIjogewogICAgICAgICAgICAgICAiZSI6ICJBUUFCIiwKICAgICAgICAgICAgICAgImtleUlEIjogIko3TEQ6NjdWUjpMNUhaOlU3QkE6Mk80Rzo0QUwzOk9GMk46SkhHQjpFRlRIOjVDVlE6TUZFTzpBRUlUIiwKICAgICAgICAgICAgICAgImtpZCI6ICJKN0xEOjY3VlI6TDVIWjpVN0JBOjJPNEc6NEFMMzpPRjJOOkpIR0I6RUZUSDo1Q1ZROk1GRU86QUVJVCIsCiAgICAgICAgICAgICAgICJrdHkiOiAiUlNBIiwKICAgICAgICAgICAgICAgIm4iOiAieWRJeS1sVTdvN1BjZVktNC1zLUNRNU9FZ0N5RjhDeEljUUlXdUs4NHBJaVpjaVk2NzMweUNZbndMU0tUbHctVTZVQ19RUmVXUmlvTU5ORTVEczVUWUVYYkdHNm9sbTJxZFdiQndjQ2ctMlVVSF9PY0I5V3VQNmdSUEhwTUZNc3hEeld3dmF5OEpVdUhnWVVMVXBtMUl2LW1xN2xwNW5RX1J4clQwS1pSQVFUWUxFTUVmR3dtM2hNT19nZUxQUy1oZ0tQdElIbGtnNl9XY294VEdvS1A3OWRfd2FIWXhHTmw3V2hTbmVpQlN4YnBiUUFLazIxbGc3OThYYjd2WnlFQVRETXJSUjlNZUU2QWRqNUhKcFkzQ295UkFQQ21hS0dSQ0s0dW9aU29JdTBoRlZsS1VQeWJidzAwMEdPLXdhMktOOFV3Z0lJbTBpNUkxdVc5R2txNHpqQnk1emhncXVVWGJHOWJXUEFPWXJxNVFhODFEeEdjQmxKeUhZQXAtRERQRTlUR2c0elltWGpKbnhacUhFZHVHcWRldlo4WE1JMHVrZmtHSUkxNHdVT2lNSUlJclhsRWNCZl80Nkk4Z1FXRHp4eWNaZV9KR1gtTEF1YXlYcnlyVUZlaFZOVWRaVWw5d1hOYUpCLWthQ3F6NVF3YVI5M3NHdy1RU2Z0RDBOdkxlN0N5T0gtRTZ2ZzZTdF9OZVR2Z3Y4WW5oQ2lYSWxaOEhPZkl3TmU3dEVGX1VjejVPYlB5a20zdHlsck5VanQwVnlBbXR0YWNWSTJpR2loY1VQcm1rNGxWSVo3VkRfTFNXLWk3eW9TdXJ0cHNQWGNlMnBLRElvMzBsSkdoT18zS1VtbDJTVVpDcXpKMXlFbUtweXNINUhEVzljc0lGQ0EzZGVBamZaVXZON1UiCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJhbGciOiAiUlMyNTYiCiAgICAgICAgIH0sCiAgICAgICAgICJzaWduYXR1cmUiOiAicktLcG9XMVhDYVYxSXdnNlR1cVNkazhuUWY2bVZoV05hSnZ0M1FKaVZwYkg3SDdnbmdUcWhmWE9BNXcyT0lkZDdTSXBYTnVhSlZ6X2JEZTJtd0VSVXVoS0ZEM1JPLWdmdWpOc2ZjcExzdVVtSmc0c1gxaHllZEQ1WXRnRHNZYzEzSDNoVUhBMHc4X1RtZWJCaWU4anFUOU1UVl9fOUNyYnpxSUs4Z0U1cVZoZmc5QXZ0WWNSVTVUeE1HUmtmOWhxU2txUjJxeHRwVTFtVUtTMURiQzc3QXZFNFZrNjc2bUR3UHdvTUVtN082Q0QyY0EyaFhsQllnYmx4Y3dFMjM4OVRPWWU0X2xQMGxzZTdSMTJpS2I0QUkwNkR4VUFFNkxwOXFLcFhEYUdLYWJEVVhMMkFIRkdBeG5pS2VqQURqMW5TUUp0dTRydFhDbEFqLXhjRC1rY2wyb1Z5cWNMM2N4VTZGdzg3VHhtdUpNYVRhejhfRW85TUZjSmcxZHhkY2NkVVVxTm5mRHlyX3E0Z01JZ1h1R2REU2RVa3lvLU41eFJVVHhubkR2eW5qTE1jNzYzUnRoY2hvajFqQzBkNmJGUHZfdnFSbTVTZDJobnFCaVRHeG54TGxPUUlhd2pMNElHTEI1bTBocWRMTTNVUUVsd1ZZNGNRNEJvNWZZclpxQ2dYN0w1OWJaX05tWHV1UmxycjlLZk5TTEFKbjA3VXAySVA4OXdKdEdJc0VQZEpSTkRrbW04RkpmQXZ0Y25WYjVWWENzZUdab2FfV0l1NEY4aVMxMDYyVmhoc1lfWjhla3RfN1h6ci1rdXJhdGhPME1KZmFBY0dsa3R1Vmp3MUdNZU9LckYwYklZSkI3ZldkaHJwVUFvM3A3VHE0RkwtQUk2anA5aHBKRk45Rk0iLAogICAgICAgICAicHJvdGVjdGVkIjogImV5Sm1iM0p0WVhSTVpXNW5kR2dpT2pFM05Dd2labTl5YldGMFZHRnBiQ0k2SW1aUklpd2lkR2x0WlNJNklqSXdNVGN0TURndE1qQlVNREk2TWpJNk1qbGFJbjAiCiAgICAgIH0KICAgXQp9"}