ufw-docker/Vagrantfile

# frozen_string_literal: true

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure('2') do |config|

  config.vm.box = "chaifeng/ubuntu-20.04-docker-19.03.11"
  #config.vm.box = "chaifeng/ubuntu-16.04-docker-18.03"

  config.vm.provider 'virtualbox' do |vb|
    vb.memory = '1024'
    vb.default_nic_type = "virtio"
  end

  ip_prefix="192.168.56"

  config.vm.provision 'docker-daemon-config', type: 'shell', inline: <<-SHELL
    set -eu
    if [[ ! -f /etc/docker/daemon.json ]]; then
      echo '{' >> /etc/docker/daemon.json
      echo '  "insecure-registries": ["localhost:5000", "#{ip_prefix}.130:5000"]' >> /etc/docker/daemon.json
      [[ -n "#{ENV['DOCKER_REGISTRY_MIRROR']}" ]] &&
        echo '  , "registry-mirrors": ["#{ENV['DOCKER_REGISTRY_MIRROR']}"]' >> /etc/docker/daemon.json
      echo '}' >> /etc/docker/daemon.json
      if type systemctl &>/dev/null; then
        systemctl restart docker
      else
        service docker restart
      fi
    fi
  SHELL

  config.vm.provision 'ufw-docker', type: 'shell', inline: <<-SHELL
    set -euo pipefail
    export DEBUG=true
    lsb_release -is | grep -Fi ubuntu
    /vagrant/ufw-docker check || {
      ufw allow OpenSSH
      ufw allow from #{ip_prefix}.128/28 to any

      yes | ufw enable || true
      ufw status | grep '^Status: active'

      /vagrant/ufw-docker install

      sed -i -e 's,192\.168\.0\.0/16,#{ip_prefix}.128/28,' /etc/ufw/after.rules

      systemctl restart ufw

      [[ -L /usr/local/bin/ufw-docker ]] || ln -s /vagrant/ufw-docker /usr/local/bin/

      iptables -I DOCKER-USER 4 -p udp -j LOG --log-prefix '[UFW DOCKER] '
    }
  SHELL

  private_registry="#{ip_prefix}.130:5000"

  config.vm.define "master" do |master|
    master.vm.hostname = "master"
    master.vm.network "private_network", ip: "#{ip_prefix}.130"

    master.vm.provision "unit-testing", type: 'shell', inline: <<-SHELL
        set -euo pipefail
        /vagrant/test.sh
    SHELL

    master.vm.provision "docker-registry", type: 'docker' do |d|
      d.run "registry",
            image: "registry:2",
            args: "-p 5000:5000",
            restart: "always",
            daemonize: true
    end

    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test"

    master.vm.provision "docker-build-ufw-docker-agent", type: 'shell', inline: <<-SHELL
      set -euo pipefail
      docker build -t #{ufw_docker_agent_image} /vagrant
      docker push #{ufw_docker_agent_image}

      echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}" > /etc/profile.d/ufw-docker.sh
      echo "export DEBUG=true" >> /etc/profile.d/ufw-docker.sh

      echo "Defaults env_keep += UFW_DOCKER_AGENT_IMAGE" > /etc/sudoers.d/98_ufw-docker
      echo "Defaults env_keep += DEBUG" >> /etc/sudoers.d/98_ufw-docker
    SHELL

    master.vm.provision "swarm-init", type: 'shell', inline: <<-SHELL
      set -euo pipefail
      docker info | fgrep 'Swarm: active' && exit 0

      docker swarm init --advertise-addr eth1
      docker swarm join-token worker --quiet > /vagrant/.vagrant/docker-join-token
    SHELL

    master.vm.provision "build-webapp", type: 'shell', inline: <<-SHELL
        set -euo pipefail
        docker build -t #{private_registry}/chaifeng/hostname-webapp - <<\\DOCKERFILE
FROM httpd:alpine

RUN { echo '#!/bin/sh'; \\
    echo 'set -e; (echo -n "${name:-Hi} "; hostname;) > /usr/local/apache2/htdocs/index.html'; \\
    echo 'exec "$@"'; \\
    } > /entrypoint.sh; chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
CMD ["httpd-foreground"]
DOCKERFILE
        docker push #{private_registry}/chaifeng/hostname-webapp
    SHELL

    master.vm.provision "local-webapp", type: 'shell', inline: <<-SHELL
        set -euo pipefail
        for name in public:18080 local:8000; do
            webapp="${name%:*}_webapp"
            port="${name#*:}"
            if docker inspect "$webapp" &>/dev/null; then docker rm -f "$webapp"; fi
            docker run -d --restart unless-stopped --name "$webapp" \
                -p "$port:80" --env name="$webapp" #{private_registry}/chaifeng/hostname-webapp
            sleep 1
        done

        ufw-docker allow public_webapp
    SHELL

    master.vm.provision "swarm-webapp", type: 'shell', inline: <<-SHELL
      set -euo pipefail
        for name in public:29090 local:9000; do
            webapp="${name%:*}_service"
            port="${name#*:}"
            if docker service inspect "$webapp" &>/dev/null; then docker service rm "$webapp"; fi
            docker service create --name "$webapp" \
                --publish "${port}:80" --env name="$webapp" --replicas 3 #{private_registry}/chaifeng/hostname-webapp
        done

        ufw-docker service allow public_service 80/tcp
    SHELL
  end

  1.upto 2 do |ip|
    config.vm.define "node#{ip}" do | node |
      node.vm.hostname = "node#{ip}"
      node.vm.network "private_network", ip: "#{ip_prefix}.#{ 130 + ip }"

      node.vm.provision "swarm-join", type: 'shell', inline: <<-SHELL
        set -euo pipefail
        docker info | fgrep 'Swarm: active' && exit 0

        [[ -f /vagrant/.vagrant/docker-join-token ]] &&
        docker swarm join --token "$(</vagrant/.vagrant/docker-join-token)" #{ip_prefix}.130:2377
      SHELL
    end
  end

  config.vm.define "external" do |external|
    external.vm.hostname = "external"
    external.vm.network "private_network", ip: "#{ip_prefix}.127"

    external.vm.provision "testing", type: 'shell', inline: <<-SHELL
        set -euo pipefail
        set -x
        server="http://#{ip_prefix}.130"
        function test-webapp() { timeout 3 curl --silent "$@"; }
        test-webapp "$server:18080"
        ! test-webapp "$server:8000"

        test-webapp "$server:29090"
        ! test-webapp "$server:9000"

        echo "====================="
        echo "      TEST DONE      "
        echo "====================="
    SHELL
  end
end
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`# frozen_string_literal: true`

			`# -- mode: ruby --`
			`# vi: set ft=ruby :`

			`Vagrant.configure('2') do \|config\|`

Upgrade testing VM to Ubuntu 20.04 & Docker 19.03.11 2020-08-12 01:28:46 +00:00			`config.vm.box = "chaifeng/ubuntu-20.04-docker-19.03.11"`
Upgrade ufw-docker-agent image to Ubuntu 20.04 & Docker 19.03.12 2020-08-12 05:33:24 +00:00			`#config.vm.box = "chaifeng/ubuntu-16.04-docker-18.03"`
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00
			`config.vm.provider 'virtualbox' do \|vb\|`
			`vb.memory = '1024'`
change default nic type 2018-12-02 03:43:32 +00:00			`vb.default_nic_type = "virtio"`
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`end`

			`ip_prefix="192.168.56"`

set -exu 2019-05-20 08:29:13 +00:00			`config.vm.provision 'docker-daemon-config', type: 'shell', inline: <<-SHELL`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`set -eu`
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`if [[ ! -f /etc/docker/daemon.json ]]; then`
			`echo '{' >> /etc/docker/daemon.json`
			`echo ' "insecure-registries": ["localhost:5000", "#{ip_prefix}.130:5000"]' >> /etc/docker/daemon.json`
			`[[ -n "#{ENV['DOCKER_REGISTRY_MIRROR']}" ]] &&`
			`echo ' , "registry-mirrors": ["#{ENV['DOCKER_REGISTRY_MIRROR']}"]' >> /etc/docker/daemon.json`
			`echo '}' >> /etc/docker/daemon.json`
			`if type systemctl &>/dev/null; then`
			`systemctl restart docker`
			`else`
			`service docker restart`
			`fi`
			`fi`
			`SHELL`

			`config.vm.provision 'ufw-docker', type: 'shell', inline: <<-SHELL`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`set -euo pipefail`
set -exu 2019-05-20 08:29:13 +00:00			`export DEBUG=true`
			`lsb_release -is \| grep -Fi ubuntu`
fix wrong check command in Vagrantfile 2018-12-01 04:08:01 +00:00			`/vagrant/ufw-docker check \|\| {`
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`ufw allow OpenSSH`
			`ufw allow from #{ip_prefix}.128/28 to any`

Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`yes \| ufw enable \|\| true`
			`ufw status \| grep '^Status: active'`

add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`/vagrant/ufw-docker install`

			`sed -i -e 's,192\.168\.0\.0/16,#{ip_prefix}.128/28,' /etc/ufw/after.rules`

Add a logging rule in firewall rules 2018-12-01 04:31:59 +00:00			`systemctl restart ufw`

create the symbolic link if not exist 2018-12-01 04:08:20 +00:00			`[[ -L /usr/local/bin/ufw-docker ]] \|\| ln -s /vagrant/ufw-docker /usr/local/bin/`
Enable debug in Vagrant 2018-12-02 02:38:30 +00:00
			`iptables -I DOCKER-USER 4 -p udp -j LOG --log-prefix '[UFW DOCKER] '`
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`}`
			`SHELL`

Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`private_registry="#{ip_prefix}.130:5000"`

add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`config.vm.define "master" do \|master\|`
			`master.vm.hostname = "master"`
			`master.vm.network "private_network", ip: "#{ip_prefix}.130"`

Run unit testing in Vagrant 2019-10-17 20:56:29 +00:00			`master.vm.provision "unit-testing", type: 'shell', inline: <<-SHELL`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`set -euo pipefail`
			`/vagrant/test.sh`
Run unit testing in Vagrant 2019-10-17 20:56:29 +00:00			`SHELL`

allow re-provision for vagrant 2018-12-01 04:32:33 +00:00			`master.vm.provision "docker-registry", type: 'docker' do \|d\|`
			`d.run "registry",`
			`image: "registry:2",`
			`args: "-p 5000:5000",`
			`restart: "always",`
			`daemonize: true`
			`end`

Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test"`
build ufw-docker-agent image in Vagrant 2018-12-01 14:04:21 +00:00
set -exu 2019-05-20 08:29:13 +00:00			`master.vm.provision "docker-build-ufw-docker-agent", type: 'shell', inline: <<-SHELL`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`set -euo pipefail`
build ufw-docker-agent image in Vagrant 2018-12-01 14:04:21 +00:00			`docker build -t #{ufw_docker_agent_image} /vagrant`
			`docker push #{ufw_docker_agent_image}`
use local build image in vagrant 2018-12-01 23:55:34 +00:00
			`echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}" > /etc/profile.d/ufw-docker.sh`
Enable debug in Vagrant 2018-12-02 02:38:30 +00:00			`echo "export DEBUG=true" >> /etc/profile.d/ufw-docker.sh`

fix sudoers 2018-12-02 04:12:44 +00:00			`echo "Defaults env_keep += UFW_DOCKER_AGENT_IMAGE" > /etc/sudoers.d/98_ufw-docker`
			`echo "Defaults env_keep += DEBUG" >> /etc/sudoers.d/98_ufw-docker`
build ufw-docker-agent image in Vagrant 2018-12-01 14:04:21 +00:00			`SHELL`

add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`master.vm.provision "swarm-init", type: 'shell', inline: <<-SHELL`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`set -euo pipefail`
allow re-provision for vagrant 2018-12-01 04:32:33 +00:00			`docker info \| fgrep 'Swarm: active' && exit 0`

add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`docker swarm init --advertise-addr eth1`
			`docker swarm join-token worker --quiet > /vagrant/.vagrant/docker-join-token`
			`SHELL`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00
			`master.vm.provision "build-webapp", type: 'shell', inline: <<-SHELL`
			`set -euo pipefail`
			`docker build -t #{private_registry}/chaifeng/hostname-webapp - <<\\DOCKERFILE`
			`FROM httpd:alpine`

			`RUN { echo '#!/bin/sh'; \\`
			`echo 'set -e; (echo -n "${name:-Hi} "; hostname;) > /usr/local/apache2/htdocs/index.html'; \\`
			`echo 'exec "$@"'; \\`
			`} > /entrypoint.sh; chmod +x /entrypoint.sh`

			`ENTRYPOINT ["/entrypoint.sh"]`
			`CMD ["httpd-foreground"]`
			`DOCKERFILE`
			`docker push #{private_registry}/chaifeng/hostname-webapp`
			`SHELL`

			`master.vm.provision "local-webapp", type: 'shell', inline: <<-SHELL`
			`set -euo pipefail`
Upgrade ufw-docker-agent image to Ubuntu 20.04 & Docker 19.03.12 2020-08-12 05:33:24 +00:00			`for name in public:18080 local:8000; do`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`webapp="${name%:*}_webapp"`
			`port="${name#*:}"`
Upgrade ufw-docker-agent image to Ubuntu 20.04 & Docker 19.03.12 2020-08-12 05:33:24 +00:00			`if docker inspect "$webapp" &>/dev/null; then docker rm -f "$webapp"; fi`
Using Docker 19.03.3, auto-restart webapp 2020-01-06 05:17:19 +00:00			`docker run -d --restart unless-stopped --name "$webapp" \`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`-p "$port:80" --env name="$webapp" #{private_registry}/chaifeng/hostname-webapp`
			`sleep 1`
			`done`

			`ufw-docker allow public_webapp`
			`SHELL`

			`master.vm.provision "swarm-webapp", type: 'shell', inline: <<-SHELL`
			`set -euo pipefail`
Upgrade ufw-docker-agent image to Ubuntu 20.04 & Docker 19.03.12 2020-08-12 05:33:24 +00:00			`for name in public:29090 local:9000; do`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`webapp="${name%:*}_service"`
			`port="${name#*:}"`
			`if docker service inspect "$webapp" &>/dev/null; then docker service rm "$webapp"; fi`
			`docker service create --name "$webapp" \`
			`--publish "${port}:80" --env name="$webapp" --replicas 3 #{private_registry}/chaifeng/hostname-webapp`
			`done`

			`ufw-docker service allow public_service 80/tcp`
			`SHELL`
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`end`

			`1.upto 2 do \|ip\|`
			`config.vm.define "node#{ip}" do \| node \|`
			`node.vm.hostname = "node#{ip}"`
			`node.vm.network "private_network", ip: "#{ip_prefix}.#{ 130 + ip }"`

			`node.vm.provision "swarm-join", type: 'shell', inline: <<-SHELL`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`set -euo pipefail`
allow re-provision for vagrant 2018-12-01 04:32:33 +00:00			`docker info \| fgrep 'Swarm: active' && exit 0`

add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`[[ -f /vagrant/.vagrant/docker-join-token ]] &&`
			`docker swarm join --token "$(</vagrant/.vagrant/docker-join-token)" #{ip_prefix}.130:2377`
			`SHELL`
			`end`
			`end`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00
			`config.vm.define "external" do \|external\|`
			`external.vm.hostname = "external"`
			`external.vm.network "private_network", ip: "#{ip_prefix}.127"`

			`external.vm.provision "testing", type: 'shell', inline: <<-SHELL`
			`set -euo pipefail`
Using Docker 19.03.3, auto-restart webapp 2020-01-06 05:17:19 +00:00			`set -x`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`server="http://#{ip_prefix}.130"`
			`function test-webapp() { timeout 3 curl --silent "$@"; }`
Upgrade ufw-docker-agent image to Ubuntu 20.04 & Docker 19.03.12 2020-08-12 05:33:24 +00:00			`test-webapp "$server:18080"`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`! test-webapp "$server:8000"`

Upgrade ufw-docker-agent image to Ubuntu 20.04 & Docker 19.03.12 2020-08-12 05:33:24 +00:00			`test-webapp "$server:29090"`
Add testing in Vagrant 2019-10-20 15:18:13 +00:00			`! test-webapp "$server:9000"`

			`echo "====================="`
			`echo " TEST DONE "`
			`echo "====================="`
			`SHELL`
			`end`
add Vagrantfile, for testing this script 2018-10-07 00:34:16 +00:00			`end`