Quico/py-cookiecutter-templates
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: Quico:b534a9bccf2d45d94a897baede863b950734e451
Branches Tags
Quico:master
...
compare: Quico:master
Branches Tags
Quico:master

6 Commits
b534a9bccf ... master

Author SHA1 Message Date
hygienic-books
da60952fe4 refactor(docs): Explain Docker registry use 2023-12-24 03:31:14 +01:00
hygienic-books
d6ea3f1853 fix(docker-compose): For a single-service Compose file prefill our example README.md with docker compose --profile 'build' build ... 
... instead of docker compose --profile
'build-service' build since the latter won't exist.
 2023-12-24 03:18:11 +01:00
hygienic-books
adb7bf6795 fix(docker-compose): When we have only one service in Docker Compose set its Dockerfile context dir to just build-context/ instead of build-context/service since the latter doesn't exist 2023-12-24 02:56:03 +01:00
hygienic-books
215db1682d refactor(docker-compose): Set default ulimits even when var is set (but set to just an empty string) 2023-12-24 01:30:49 +01:00
hygienic-books
36f2eecba1 refactor(compose): Copy Docker images with copy-docker 2023-10-13 02:26:41 +02:00
hygienic-books
1f588e90bc refactor(compose): Double-check that VIP is bound on target host 2023-10-13 02:23:57 +02:00
8 changed files with 41 additions and 25 deletions
Expand all files Collapse all files

6
docker-compose/examples/grafana/README.md
View File

@@ -45,12 +45,16 @@ Copy images to target Docker host, that is assuming you deploy to a machine that
source "${COMPOSE_ENV}" source "${COMPOSE_ENV}"
# FIXME Docker Hub image name with or without slash? FIXME # FIXME Docker Hub image name with or without slash? FIXME
for image in 'grafana:'"${GRAFANA_VERSION}" 'nginx:'"${NGINX_VERSION}"; do for image in 'grafana:'"${GRAFANA_VERSION}" 'nginx:'"${NGINX_VERSION}"; do
copy-docker.sh "${image}" fully.qualified.domain.name copy-docker "${image}" fully.qualified.domain.name
done done
``` ```
## Start ## Start
FIXME Does the service use a virtual IP address? FIXME
Make sure your service's virtual IP address is bound on your target host then start containers.
``` ```
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' up --detach docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' up --detach
``` ```

12
docker-compose/examples/grafana/compose.yaml
View File

@@ -10,10 +10,10 @@ services:
nginx: nginx:
condition: service_healthy condition: service_healthy
ulimits: ulimits:
nproc: ${ULIMIT_NPROC-65535} nproc: ${ULIMIT_NPROC:-65535}
nofile: nofile:
soft: ${ULIMIT_NPROC-65535} soft: ${ULIMIT_NPROC:-65535}
hard: ${ULIMIT_NPROC-65535} hard: ${ULIMIT_NPROC:-65535}
extends: extends:
file: common-settings.yaml file: common-settings.yaml
service: common-settings service: common-settings
@@ -42,10 +42,10 @@ services:
retries: 60 retries: 60
start_period: 2s start_period: 2s
ulimits: ulimits:
nproc: ${ULIMIT_NPROC-65535} nproc: ${ULIMIT_NPROC:-65535}
nofile: nofile:
soft: ${ULIMIT_NPROC-65535} soft: ${ULIMIT_NPROC:-65535}
hard: ${ULIMIT_NPROC-65535} hard: ${ULIMIT_NPROC:-65535}
extends: extends:
file: common-settings.yaml file: common-settings.yaml
service: common-settings service: common-settings

8
docker-compose/examples/hashicorpvault/README.md
View File

@@ -37,12 +37,14 @@ docker context create fully.qualified.domain.name --docker 'host=ssh://root@full
FIXME We build the `vault` image locally. Our adjustment to the official image is simply adding `/tmp/vault` to it. See [build-context/Dockerfile](build-context/Dockerfile). We use `/tmp/vault` to bind-mount a dedicated ZFS dataset for the application's `tmpdir` location. FIXME We build the `vault` image locally. Our adjustment to the official image is simply adding `/tmp/vault` to it. See [build-context/Dockerfile](build-context/Dockerfile). We use `/tmp/vault` to bind-mount a dedicated ZFS dataset for the application's `tmpdir` location.
``` ```
docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build-vault' build docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build' build
``` ```
## Push ## Push
Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Once you have a registry available you can use it like so:
- On your OS install a Docker credential helper per [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers). This will make sure you won't store credentials hashed (and unencrypted) in `~/.docker/config.json`. On an example Arch Linux machine where D-Bus Secret Service exists this will come via something like the [docker-credential-secretservice-bin](https://aur.archlinux.org/packages/docker-credential-secretservice-bin) Arch User Repository package. Just install and you're done.
- Do a `docker login registry.example.com`, enter username and password, confirm login.
``` ```
source "${COMPOSE_ENV}" source "${COMPOSE_ENV}"
@@ -66,7 +68,7 @@ Copy images to target Docker host, that is assuming you deploy to a machine that
``` ```
source "${COMPOSE_ENV}" source "${COMPOSE_ENV}"
# FIXME Docker Hub image name with or without slash? FIXME # FIXME Docker Hub image name with or without slash? FIXME
copy-docker.sh 'vault:'"${VAULT_VERSION}" fully.qualified.domain.name copy-docker 'vault:'"${VAULT_VERSION}" fully.qualified.domain.name
``` ```
## Start ## Start

2
docker-compose/examples/hashicorpvault/compose.override.yaml
View File

@@ -4,7 +4,7 @@ services:
image: "registry.example.com/project/vault:${VAULT_BUILD_DATE}-${VAULT_VERSION}" image: "registry.example.com/project/vault:${VAULT_BUILD_DATE}-${VAULT_VERSION}"
profiles: ["build"] profiles: ["build"]
build: build:
context: "build-context/vault" context: "build-context"
dockerfile: Dockerfile dockerfile: Dockerfile
args: args:
EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}" EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}"

6
docker-compose/examples/hashicorpvault/compose.yaml
View File

@@ -6,10 +6,10 @@ services:
networks: networks:
vault-default: vault-default:
ulimits: ulimits:
nproc: ${ULIMIT_NPROC-65535} nproc: ${ULIMIT_NPROC:-65535}
nofile: nofile:
soft: ${ULIMIT_NPROC-65535} soft: ${ULIMIT_NPROC:-65535}
hard: ${ULIMIT_NPROC-65535} hard: ${ULIMIT_NPROC:-65535}
extends: extends:
file: common-settings.yaml file: common-settings.yaml
service: common-settings service: common-settings

18
docker-compose/{{ cookiecutter.__project_slug }}/README.md
View File

@@ -41,13 +41,15 @@ docker context create fully.qualified.domain.name --docker 'host=ssh://root@full
FIXME We build the `{{ cookiecutter.__service_slug }}` image locally. Our adjustment to the official image is simply adding `/tmp/{{ cookiecutter.__service_slug }}` to it. See {% if ',' in cookiecutter.__component_list_slug %}[build-context/{{ cookiecutter.__service_slug }}/Dockerfile](build-context/{{ cookiecutter.__service_slug }}/Dockerfile){%- else %}[build-context/Dockerfile](build-context/Dockerfile){%- endif %}. We use `/tmp/{{ cookiecutter.__service_slug }}` to bind-mount a dedicated ZFS dataset for the application's `tmpdir` location. FIXME We build the `{{ cookiecutter.__service_slug }}` image locally. Our adjustment to the official image is simply adding `/tmp/{{ cookiecutter.__service_slug }}` to it. See {% if ',' in cookiecutter.__component_list_slug %}[build-context/{{ cookiecutter.__service_slug }}/Dockerfile](build-context/{{ cookiecutter.__service_slug }}/Dockerfile){%- else %}[build-context/Dockerfile](build-context/Dockerfile){%- endif %}. We use `/tmp/{{ cookiecutter.__service_slug }}` to bind-mount a dedicated ZFS dataset for the application's `tmpdir` location.
``` ```
docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build-{{ cookiecutter.__service_slug }}' build docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build{% if ',' in cookiecutter.__component_list_slug %}-{{ cookiecutter.__service_slug }}{%- endif %}' build
``` ```
{%- endif %} {%- endif %}
{% endfor %} {% endfor %}
## Push ## Push
Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Once you have a registry available you can use it like so:
- On your OS install a Docker credential helper per [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers). This will make sure you won't store credentials hashed (and unencrypted) in `~/.docker/config.json`. On an example Arch Linux machine where D-Bus Secret Service exists this will come via something like the [docker-credential-secretservice-bin](https://aur.archlinux.org/packages/docker-credential-secretservice-bin) Arch User Repository package. Just install and you're done.
- Do a `docker login registry.example.com`, enter username and password, confirm login.
``` ```
source "${COMPOSE_ENV}" source "${COMPOSE_ENV}"
@@ -83,15 +85,23 @@ source "${COMPOSE_ENV}"
{%- set components = cookiecutter.__component_list_slug.split(',') -%} {%- set components = cookiecutter.__component_list_slug.split(',') -%}
{%- if ',' in cookiecutter.__component_list_slug %} {%- if ',' in cookiecutter.__component_list_slug %}
for image in{% for component in components %} '{{ component }}:'"${% raw %}{{% endraw %}{{ component.upper() }}_VERSION{% raw %}}{% endraw %}"{%- endfor %}; do for image in{% for component in components %} '{{ component }}:'"${% raw %}{{% endraw %}{{ component.upper() }}_VERSION{% raw %}}{% endraw %}"{%- endfor %}; do
copy-docker.sh "${image}" fully.qualified.domain.name copy-docker "${image}" fully.qualified.domain.name
done done
{%- else %} {%- else %}
copy-docker.sh '{{ cookiecutter.__component_list_slug }}:'"${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_VERSION{% raw %}}{% endraw %}" fully.qualified.domain.name copy-docker '{{ cookiecutter.__component_list_slug }}:'"${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_VERSION{% raw %}}{% endraw %}" fully.qualified.domain.name
{%- endif %} {%- endif %}
``` ```
## Start ## Start
{%- if ',' in cookiecutter.__component_list_slug %}
FIXME Does the service use a virtual IP address? FIXME
Make sure your service's virtual IP address is bound on your target host then start containers.
{%- endif %}
``` ```
{%- if ',' in cookiecutter.__component_list_slug %} {%- if ',' in cookiecutter.__component_list_slug %}
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' up --detach docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' up --detach

2
docker-compose/{{ cookiecutter.__project_slug }}/compose.override.yaml
View File

@@ -19,7 +19,7 @@ services:
image: "{%- if cookiecutter.build == "yes" -%}registry.example.com/project/{%- endif -%}{{ cookiecutter.__component_list_slug }}:{%- if cookiecutter.build == "yes" -%}${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_BUILD_DATE{% raw %}}{% endraw %}-{%- endif -%}${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_VERSION{% raw %}}{% endraw %}" image: "{%- if cookiecutter.build == "yes" -%}registry.example.com/project/{%- endif -%}{{ cookiecutter.__component_list_slug }}:{%- if cookiecutter.build == "yes" -%}${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_BUILD_DATE{% raw %}}{% endraw %}-{%- endif -%}${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_VERSION{% raw %}}{% endraw %}"
profiles: ["build"] profiles: ["build"]
build: build:
context: "build-context/{{ cookiecutter.__component_list_slug }}" context: "build-context"
dockerfile: Dockerfile dockerfile: Dockerfile
args: args:
EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}" EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}"

12
docker-compose/{{ cookiecutter.__project_slug }}/compose.yaml
View File

@@ -31,10 +31,10 @@ services:
start_period: 2s start_period: 2s
{%- endif %} {%- endif %}
ulimits: ulimits:
nproc: ${ULIMIT_NPROC-65535} nproc: ${ULIMIT_NPROC:-65535}
nofile: nofile:
soft: ${ULIMIT_NPROC-65535} soft: ${ULIMIT_NPROC:-65535}
hard: ${ULIMIT_NPROC-65535} hard: ${ULIMIT_NPROC:-65535}
extends: extends:
file: common-settings.yaml file: common-settings.yaml
service: common-settings service: common-settings
@@ -58,10 +58,10 @@ services:
networks: networks:
{{ cookiecutter.__service_slug }}-default: {{ cookiecutter.__service_slug }}-default:
ulimits: ulimits:
nproc: ${ULIMIT_NPROC-65535} nproc: ${ULIMIT_NPROC:-65535}
nofile: nofile:
soft: ${ULIMIT_NPROC-65535} soft: ${ULIMIT_NPROC:-65535}
hard: ${ULIMIT_NPROC-65535} hard: ${ULIMIT_NPROC:-65535}
extends: extends:
file: common-settings.yaml file: common-settings.yaml
service: common-settings service: common-settings