From f0c744f0b3e05dddcbca232eed210d56a8735dda Mon Sep 17 00:00:00 2001
From: Marcos Lilljedahl <marcosnils@gmail.com>
Date: Tue, 12 Sep 2017 18:59:45 -0300
Subject: [PATCH] Add ubuntu ee dockerfile and UCP scripts

---
 Dockerfile.dind-ee | 41 +++++++++++++++++++++
 ucp.sh             | 89 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 130 insertions(+)
 create mode 100644 Dockerfile.dind-ee
 create mode 100755 ucp.sh

diff --git a/Dockerfile.dind-ee b/Dockerfile.dind-ee
new file mode 100644
index 0000000..dc54bec
--- /dev/null
+++ b/Dockerfile.dind-ee
@@ -0,0 +1,41 @@
+ARG VERSION=franela/docker:17.06.2-dind-ubuntu
+FROM ${VERSION}
+
+RUN apt-get update \ 
+    && apt-get install -y git tmux apache2-utils vim curl zfs jq bash-completion \
+    && rm -rf /var/lib/apt/lists/*
+
+
+# Add bash completion and set bash as default shell
+#RUN mkdir /etc/bash_completion.d \
+#    && curl https://raw.githubusercontent.com/docker/cli/master/contrib/completion/bash/docker -o /etc/bash_completion.d/docker \
+#    && sed -i "s/ash/bash/" /etc/passwd
+ 
+# Replace modprobe with a no-op to get rid of spurious warnings
+# (note: we can't just symlink to /bin/true because it might be busybox)
+RUN rm /sbin/modprobe && echo '#!/bin/true' >/sbin/modprobe && chmod +x /sbin/modprobe
+
+# Install a nice vimrc file and prompt (by soulshake)
+COPY ["docker-prompt", "ucp.sh", "/usr/local/bin/"]
+COPY [".vimrc",".profile", ".inputrc", ".gitconfig","./root/"]
+COPY ["motd", "/etc/motd"]
+COPY ["daemon.json", "/etc/docker/"]
+
+# Move to our home
+WORKDIR /root
+
+# Setup certs and uploads folders
+RUN mkdir -p /var/run/pwd/certs && mkdir -p /var/run/pwd/uploads
+
+# Remove IPv6 alias for localhost and start docker in the background ...
+CMD cat /etc/hosts >/etc/hosts.bak && \
+    sed 's/^::1.*//' /etc/hosts.bak > /etc/hosts && \
+    sed -i "s/\PWD_IP_ADDRESS/$PWD_IP_ADDRESS/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSENABLE/$DOCKER_TLSENABLE/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSCACERT/$DOCKER_TLSCACERT/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSCERT/$DOCKER_TLSCERT/" /etc/docker/daemon.json && \
+    sed -i "s/\DOCKER_TLSKEY/$DOCKER_TLSKEY/" /etc/docker/daemon.json && \
+    mount -t securityfs none /sys/kernel/security && \
+    dockerd > /docker.log 2>&1 & \
+    while true ; do script -q -c "/bin/bash -l" /dev/null ; done
+# ... and then put a shell in the foreground, restarting it if it exits
diff --git a/ucp.sh b/ucp.sh
new file mode 100755
index 0000000..975c6fc
--- /dev/null
+++ b/ucp.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+set -e
+
+function wait_for_url {
+    # Wait for docker daemon to be ready
+    while ! curl -k -sS $1 > /dev/null; do
+        sleep 1;
+    done
+}
+
+function deploy_ucp {
+    wait_for_url "http://localhost:2375"
+    docker run --rm  --name ucp \
+        -v /var/run/docker.sock:/var/run/docker.sock \
+        docker/ucp:2.2.2 install --force-insecure-tcp \
+        --san *.direct.${PWD_HOST_FQDN} \
+        --admin-username admin \
+        --admin-password admin1234
+}
+
+function get_instance_ip {
+    ip -o -4 a s eth1 | awk '{print $4}' | cut -d '/' -f1
+}
+
+function get_node_routable_ip {
+    curl -sS https://${PWD_HOST_FQDN}/sessions/${SESSION_ID} | jq -r '.instances[] | select(.hostname == "'$1'") | .routable_ip'
+}
+
+function get_direct_url_from_ip {
+    local ip_dash="${1//./-}"
+    local url="https://ip${ip_dash}-${SESSION_ID}.direct.${PWD_HOST_FQDN}"
+    echo $url
+}
+
+function deploy_dtr {
+    if [ $# -lt 1 ]; then
+        echo "DTR node hostname"
+        return
+    fi
+
+
+    local dtr_ip=$(get_node_routable_ip $1)
+    local ucp_ip=$(get_instance_ip)
+
+    local dtr_url=$(get_direct_url_from_ip $dtr_ip)
+    local ucp_url=$(get_direct_url_from_ip $ucp_ip)
+
+    docker run --rm docker/dtr install \
+      --dtr-external-url $dtr_url \
+      --ucp-node $1 \
+      --ucp-username admin \
+      --ucp-password admin1234 \
+      --ucp-insecure-tls \
+      --ucp-url $ucp_url
+}
+
+function setup_dtr_certs {
+    if [ $# -lt 1 ]; then
+        echo "DTR node hostname is missing"
+        return
+    fi
+
+
+    local dtr_ip=$(get_node_routable_ip $1)
+    local dtr_url=$(get_direct_url_from_ip $dtr_ip)
+    local dtr_hostname="${dtr_url/https:\/\/}"
+
+    wait_for_url "$dtr_url/ca"
+
+    curl -kfsSL $dtr_url/ca -o /usr/local/share/ca-certificates/$dtr_hostname.crt
+    update-ca-certificates
+}
+
+
+case "$1" in
+    deploy)
+            deploy_ucp
+            deploy_dtr $2
+            setup_dtr_certs $2
+            ;;
+    setup-certs)
+            setup_dtr_certs $2
+            ;;
+    *)
+            echo "Illegal option $1"
+            ;;
+esac
+