From 2fcffff9a3cd56a192449ea33e53ff830870d85f Mon Sep 17 00:00:00 2001 From: yves_rix Date: Fri, 16 Feb 2024 16:33:13 +0100 Subject: [PATCH] Generalize s6 services usage --- lazy.ansible/.manala.yaml | 1 + lazy.ansible/.manala/docker/Dockerfile.tmpl | 12 ++++++ lazy.ansible/.manala/docker/entrypoint.sh | 40 ++++++------------- .../.manala/services/docker-bridge/run | 5 +++ .../.manala/services/ssh-auth-bridge/run | 5 +++ lazy.kubernetes/.manala.yaml | 1 + .../.manala/docker/Dockerfile.tmpl | 12 ++++++ lazy.kubernetes/.manala/docker/entrypoint.sh | 40 ++++++------------- .../.manala/services/docker-bridge/run | 5 +++ .../.manala/services/ssh-auth-bridge/run | 5 +++ lazy.symfony/.manala.yaml | 1 + lazy.symfony/.manala/docker/Dockerfile.tmpl | 16 ++++++++ lazy.symfony/.manala/docker/entrypoint.sh | 39 +++++------------- .../.manala/etc/services.d/.s6-svscan/finish | 2 - .../.manala/services/docker-bridge/run | 5 +++ .../services.d => services}/nginx/down-signal | 0 .../{etc/services.d => services}/nginx/run | 1 + .../services.d => services}/php/down-signal | 0 .../{etc/services.d => services}/php/run | 1 + .../.manala/services/ssh-auth-bridge/run | 5 +++ 20 files changed, 109 insertions(+), 87 deletions(-) create mode 100755 lazy.ansible/.manala/services/docker-bridge/run create mode 100755 lazy.ansible/.manala/services/ssh-auth-bridge/run create mode 100755 lazy.kubernetes/.manala/services/docker-bridge/run create mode 100755 lazy.kubernetes/.manala/services/ssh-auth-bridge/run delete mode 100755 lazy.symfony/.manala/etc/services.d/.s6-svscan/finish create mode 100755 lazy.symfony/.manala/services/docker-bridge/run rename lazy.symfony/.manala/{etc/services.d => services}/nginx/down-signal (100%) rename lazy.symfony/.manala/{etc/services.d => services}/nginx/run (97%) rename lazy.symfony/.manala/{etc/services.d => services}/php/down-signal (100%) rename lazy.symfony/.manala/{etc/services.d => services}/php/run (98%) create mode 100755 lazy.symfony/.manala/services/ssh-auth-bridge/run diff --git a/lazy.ansible/.manala.yaml b/lazy.ansible/.manala.yaml index 121faed4..d91f9803 100644 --- a/lazy.ansible/.manala.yaml +++ b/lazy.ansible/.manala.yaml @@ -7,6 +7,7 @@ manala: - .manala/github - .manala/gitlab - .manala/make + - .manala/services - .manala/.dockerignore - .manala/.gitignore - .manala/Makefile.tmpl diff --git a/lazy.ansible/.manala/docker/Dockerfile.tmpl b/lazy.ansible/.manala/docker/Dockerfile.tmpl index 08a68fed..e27df42b 100644 --- a/lazy.ansible/.manala/docker/Dockerfile.tmpl +++ b/lazy.ansible/.manala/docker/Dockerfile.tmpl @@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND="noninteractive" ARG MANALA_USER_ID="1000" ARG MANALA_GROUP_ID="1000" +ARG TINI_VERSION="0.19.0" ARG GOSU_VERSION="1.17" ARG GOMPLATE_VERSION="3.11.7" ARG DIRENV_VERSION="2.33.0" @@ -45,6 +46,10 @@ RUN \ && adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \ && install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \ && echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \ + # Tini + && curl -sSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ + --output /usr/local/bin/tini \ + && chmod +x /usr/local/bin/tini \ # Gosu && curl -sSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ --output /usr/local/bin/gosu \ @@ -57,6 +62,9 @@ RUN \ && curl -sSL "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ --output /usr/local/bin/direnv \ && chmod +x /usr/local/bin/direnv \ + # Services + && install --verbose --directory /etc/services/enabled \ + && install --verbose --directory /etc/services/available \ # Bash completion && install --verbose --mode 0755 --directory /etc/bash_completion.d \ # Oh My Bash @@ -64,6 +72,10 @@ RUN \ # Clean && rm -rf /var/lib/apt/lists/* +# Services +COPY services/docker-bridge /etc/services/available/docker-bridge +COPY services/ssh-auth-bridge /etc/services/available/ssh-auth-bridge + ########## # System # ########## diff --git a/lazy.ansible/.manala/docker/entrypoint.sh b/lazy.ansible/.manala/docker/entrypoint.sh index d8dd6462..d5d56286 100755 --- a/lazy.ansible/.manala/docker/entrypoint.sh +++ b/lazy.ansible/.manala/docker/entrypoint.sh @@ -2,30 +2,6 @@ set -e -# Ssh agent bridge -if [ -n "${SSH_AUTH_SOCK}" ]; then - sh -c " \ - while sleep 1; do \ - rm -f /var/run/ssh-auth-bridge.sock ; - socat \ - UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,mode=777 \ - UNIX-CONNECT:/var/run/ssh-auth.sock ; \ - done \ - " & -fi - -# Docker bridge -if [ -n "${DOCKER_HOST}" ]; then - sh -c " \ - while sleep 1; do \ - rm -f /var/run/docker-bridge.sock ; - socat -t 600 \ - UNIX-LISTEN:/var/run/docker-bridge.sock,fork,mode=777 \ - UNIX-CONNECT:/var/run/docker.sock ; \ - done \ - " & -fi - # As a consequence of running the container as root user, # tty is not writable by sued user if [ -t 1 ]; then @@ -48,10 +24,18 @@ if [ -d ".manala/etc" ]; then GOMPLATE_LOG_FORMAT=simple gomplate --input-dir=.manala/etc --output-dir=/etc 2>/dev/null fi -# Services -if [ $# -eq 0 ] && [ -d "/etc/services.d" ]; then - exec s6-svscan /etc/services.d +# Docker bridge +if [ -n "${DOCKER_HOST}" ]; then + ln --symbolic /etc/services/available/docker-bridge /etc/services/enabled/ fi +# Ssh auth bridge +if [ -n "${SSH_AUTH_SOCK}" ]; then + ln --symbolic /etc/services/available/ssh-auth-bridge /etc/services/enabled/ +fi + +# Services +s6-svscan /etc/services/enabled & + # Command -exec gosu lazy "$@" +exec tini -- gosu lazy "$@" diff --git a/lazy.ansible/.manala/services/docker-bridge/run b/lazy.ansible/.manala/services/docker-bridge/run new file mode 100755 index 00000000..825cc7c0 --- /dev/null +++ b/lazy.ansible/.manala/services/docker-bridge/run @@ -0,0 +1,5 @@ +#!/bin/sh + +exec socat -t 600 \ + UNIX-LISTEN:/var/run/docker-bridge.sock,fork,unlink-early,mode=777 \ + UNIX-CONNECT:/var/run/docker.sock diff --git a/lazy.ansible/.manala/services/ssh-auth-bridge/run b/lazy.ansible/.manala/services/ssh-auth-bridge/run new file mode 100755 index 00000000..7af74c2a --- /dev/null +++ b/lazy.ansible/.manala/services/ssh-auth-bridge/run @@ -0,0 +1,5 @@ +#!/bin/sh + +exec socat \ + UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,unlink-early,mode=777 \ + UNIX-CONNECT:/var/run/ssh-auth.sock diff --git a/lazy.kubernetes/.manala.yaml b/lazy.kubernetes/.manala.yaml index 0fd15528..5d68520b 100644 --- a/lazy.kubernetes/.manala.yaml +++ b/lazy.kubernetes/.manala.yaml @@ -7,6 +7,7 @@ manala: - .manala/github - .manala/gitlab - .manala/make + - .manala/services - .manala/.dockerignore - .manala/.gitignore - .manala/Makefile.tmpl diff --git a/lazy.kubernetes/.manala/docker/Dockerfile.tmpl b/lazy.kubernetes/.manala/docker/Dockerfile.tmpl index 52e71e3d..1ce2377b 100644 --- a/lazy.kubernetes/.manala/docker/Dockerfile.tmpl +++ b/lazy.kubernetes/.manala/docker/Dockerfile.tmpl @@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND="noninteractive" ARG MANALA_USER_ID="1000" ARG MANALA_GROUP_ID="1000" +ARG TINI_VERSION="0.19.0" ARG GOSU_VERSION="1.17" ARG GOMPLATE_VERSION="3.11.7" ARG DIRENV_VERSION="2.33.0" @@ -45,6 +46,10 @@ RUN \ && adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \ && install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \ && echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \ + # Tini + && curl -sSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ + --output /usr/local/bin/tini \ + && chmod +x /usr/local/bin/tini \ # Gosu && curl -sSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ --output /usr/local/bin/gosu \ @@ -57,6 +62,9 @@ RUN \ && curl -sSL "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ --output /usr/local/bin/direnv \ && chmod +x /usr/local/bin/direnv \ + # Services + && install --verbose --directory /etc/services/enabled \ + && install --verbose --directory /etc/services/available \ # Bash completion && install --verbose --mode 0755 --directory /etc/bash_completion.d \ # Oh My Bash @@ -64,6 +72,10 @@ RUN \ # Clean && rm -rf /var/lib/apt/lists/* +# Services +COPY services/docker-bridge /etc/services/available/docker-bridge +COPY services/ssh-auth-bridge /etc/services/available/ssh-auth-bridge + ########## # System # ########## diff --git a/lazy.kubernetes/.manala/docker/entrypoint.sh b/lazy.kubernetes/.manala/docker/entrypoint.sh index d8dd6462..d5d56286 100755 --- a/lazy.kubernetes/.manala/docker/entrypoint.sh +++ b/lazy.kubernetes/.manala/docker/entrypoint.sh @@ -2,30 +2,6 @@ set -e -# Ssh agent bridge -if [ -n "${SSH_AUTH_SOCK}" ]; then - sh -c " \ - while sleep 1; do \ - rm -f /var/run/ssh-auth-bridge.sock ; - socat \ - UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,mode=777 \ - UNIX-CONNECT:/var/run/ssh-auth.sock ; \ - done \ - " & -fi - -# Docker bridge -if [ -n "${DOCKER_HOST}" ]; then - sh -c " \ - while sleep 1; do \ - rm -f /var/run/docker-bridge.sock ; - socat -t 600 \ - UNIX-LISTEN:/var/run/docker-bridge.sock,fork,mode=777 \ - UNIX-CONNECT:/var/run/docker.sock ; \ - done \ - " & -fi - # As a consequence of running the container as root user, # tty is not writable by sued user if [ -t 1 ]; then @@ -48,10 +24,18 @@ if [ -d ".manala/etc" ]; then GOMPLATE_LOG_FORMAT=simple gomplate --input-dir=.manala/etc --output-dir=/etc 2>/dev/null fi -# Services -if [ $# -eq 0 ] && [ -d "/etc/services.d" ]; then - exec s6-svscan /etc/services.d +# Docker bridge +if [ -n "${DOCKER_HOST}" ]; then + ln --symbolic /etc/services/available/docker-bridge /etc/services/enabled/ fi +# Ssh auth bridge +if [ -n "${SSH_AUTH_SOCK}" ]; then + ln --symbolic /etc/services/available/ssh-auth-bridge /etc/services/enabled/ +fi + +# Services +s6-svscan /etc/services/enabled & + # Command -exec gosu lazy "$@" +exec tini -- gosu lazy "$@" diff --git a/lazy.kubernetes/.manala/services/docker-bridge/run b/lazy.kubernetes/.manala/services/docker-bridge/run new file mode 100755 index 00000000..825cc7c0 --- /dev/null +++ b/lazy.kubernetes/.manala/services/docker-bridge/run @@ -0,0 +1,5 @@ +#!/bin/sh + +exec socat -t 600 \ + UNIX-LISTEN:/var/run/docker-bridge.sock,fork,unlink-early,mode=777 \ + UNIX-CONNECT:/var/run/docker.sock diff --git a/lazy.kubernetes/.manala/services/ssh-auth-bridge/run b/lazy.kubernetes/.manala/services/ssh-auth-bridge/run new file mode 100755 index 00000000..7af74c2a --- /dev/null +++ b/lazy.kubernetes/.manala/services/ssh-auth-bridge/run @@ -0,0 +1,5 @@ +#!/bin/sh + +exec socat \ + UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,unlink-early,mode=777 \ + UNIX-CONNECT:/var/run/ssh-auth.sock diff --git a/lazy.symfony/.manala.yaml b/lazy.symfony/.manala.yaml index f33003ea..2eda3191 100644 --- a/lazy.symfony/.manala.yaml +++ b/lazy.symfony/.manala.yaml @@ -8,6 +8,7 @@ manala: - .manala/github - .manala/gitlab - .manala/make + - .manala/services - .manala/.dockerignore - .manala/.gitignore - .manala/Makefile.tmpl diff --git a/lazy.symfony/.manala/docker/Dockerfile.tmpl b/lazy.symfony/.manala/docker/Dockerfile.tmpl index 6e88280b..c45c7576 100644 --- a/lazy.symfony/.manala/docker/Dockerfile.tmpl +++ b/lazy.symfony/.manala/docker/Dockerfile.tmpl @@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND="noninteractive" ARG MANALA_USER_ID="1000" ARG MANALA_GROUP_ID="1000" +ARG TINI_VERSION="0.19.0" ARG GOSU_VERSION="1.17" ARG GOMPLATE_VERSION="3.11.7" ARG DIRENV_VERSION="2.33.0" @@ -45,6 +46,10 @@ RUN \ && adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \ && install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \ && echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \ + # Tini + && curl -sSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ + --output /usr/local/bin/tini \ + && chmod +x /usr/local/bin/tini \ # Gosu && curl -sSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ --output /usr/local/bin/gosu \ @@ -57,6 +62,9 @@ RUN \ && curl -sSL "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \ --output /usr/local/bin/direnv \ && chmod +x /usr/local/bin/direnv \ + # Services + && install --verbose --directory /etc/services/enabled \ + && install --verbose --directory /etc/services/available \ # Bash completion && install --verbose --mode 0755 --directory /etc/bash_completion.d \ # Oh My Bash @@ -64,6 +72,10 @@ RUN \ # Clean && rm -rf /var/lib/apt/lists/* +# Services +COPY services/docker-bridge /etc/services/available/docker-bridge +COPY services/ssh-auth-bridge /etc/services/available/ssh-auth-bridge + ########## # System # ########## @@ -133,6 +145,8 @@ Pin-Priority: 1000\n\ # Clean && rm -rf /var/lib/apt/lists/* +COPY services/nginx /etc/services/enabled/nginx + # Php {{ $php := .Vars.system.php -}} RUN \ @@ -174,6 +188,8 @@ Signed-By: /etc/apt/keyrings/sury_php.gpg\n\ # Clean && rm -rf /var/lib/apt/lists/* +COPY services/php /etc/services/enabled/php + {{ $nodejs := .Vars.system.nodejs -}} {{ if $nodejs.version -}} # Nodejs diff --git a/lazy.symfony/.manala/docker/entrypoint.sh b/lazy.symfony/.manala/docker/entrypoint.sh index d8dd6462..558f12fa 100755 --- a/lazy.symfony/.manala/docker/entrypoint.sh +++ b/lazy.symfony/.manala/docker/entrypoint.sh @@ -2,30 +2,6 @@ set -e -# Ssh agent bridge -if [ -n "${SSH_AUTH_SOCK}" ]; then - sh -c " \ - while sleep 1; do \ - rm -f /var/run/ssh-auth-bridge.sock ; - socat \ - UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,mode=777 \ - UNIX-CONNECT:/var/run/ssh-auth.sock ; \ - done \ - " & -fi - -# Docker bridge -if [ -n "${DOCKER_HOST}" ]; then - sh -c " \ - while sleep 1; do \ - rm -f /var/run/docker-bridge.sock ; - socat -t 600 \ - UNIX-LISTEN:/var/run/docker-bridge.sock,fork,mode=777 \ - UNIX-CONNECT:/var/run/docker.sock ; \ - done \ - " & -fi - # As a consequence of running the container as root user, # tty is not writable by sued user if [ -t 1 ]; then @@ -48,10 +24,15 @@ if [ -d ".manala/etc" ]; then GOMPLATE_LOG_FORMAT=simple gomplate --input-dir=.manala/etc --output-dir=/etc 2>/dev/null fi -# Services -if [ $# -eq 0 ] && [ -d "/etc/services.d" ]; then - exec s6-svscan /etc/services.d +# Docker bridge +if [ -n "${DOCKER_HOST}" ]; then + ln --symbolic /etc/services/available/docker-bridge /etc/services/enabled/ fi -# Command -exec gosu lazy "$@" +# Ssh auth bridge +if [ -n "${SSH_AUTH_SOCK}" ]; then + ln --symbolic /etc/services/available/ssh-auth-bridge /etc/services/enabled/ +fi + +# Services +exec s6-svscan /etc/services/enabled diff --git a/lazy.symfony/.manala/etc/services.d/.s6-svscan/finish b/lazy.symfony/.manala/etc/services.d/.s6-svscan/finish deleted file mode 100755 index 039e4d00..00000000 --- a/lazy.symfony/.manala/etc/services.d/.s6-svscan/finish +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exit 0 diff --git a/lazy.symfony/.manala/services/docker-bridge/run b/lazy.symfony/.manala/services/docker-bridge/run new file mode 100755 index 00000000..825cc7c0 --- /dev/null +++ b/lazy.symfony/.manala/services/docker-bridge/run @@ -0,0 +1,5 @@ +#!/bin/sh + +exec socat -t 600 \ + UNIX-LISTEN:/var/run/docker-bridge.sock,fork,unlink-early,mode=777 \ + UNIX-CONNECT:/var/run/docker.sock diff --git a/lazy.symfony/.manala/etc/services.d/nginx/down-signal b/lazy.symfony/.manala/services/nginx/down-signal similarity index 100% rename from lazy.symfony/.manala/etc/services.d/nginx/down-signal rename to lazy.symfony/.manala/services/nginx/down-signal diff --git a/lazy.symfony/.manala/etc/services.d/nginx/run b/lazy.symfony/.manala/services/nginx/run similarity index 97% rename from lazy.symfony/.manala/etc/services.d/nginx/run rename to lazy.symfony/.manala/services/nginx/run index 54d99ec3..edc3f11c 100755 --- a/lazy.symfony/.manala/etc/services.d/nginx/run +++ b/lazy.symfony/.manala/services/nginx/run @@ -1,2 +1,3 @@ #!/bin/sh + exec nginx -c /etc/nginx/project.conf diff --git a/lazy.symfony/.manala/etc/services.d/php/down-signal b/lazy.symfony/.manala/services/php/down-signal similarity index 100% rename from lazy.symfony/.manala/etc/services.d/php/down-signal rename to lazy.symfony/.manala/services/php/down-signal diff --git a/lazy.symfony/.manala/etc/services.d/php/run b/lazy.symfony/.manala/services/php/run similarity index 98% rename from lazy.symfony/.manala/etc/services.d/php/run rename to lazy.symfony/.manala/services/php/run index b574dd01..198a2829 100755 --- a/lazy.symfony/.manala/etc/services.d/php/run +++ b/lazy.symfony/.manala/services/php/run @@ -1,2 +1,3 @@ #!/bin/sh + exec php-fpm --fpm-config /etc/php/default/fpm/project.conf diff --git a/lazy.symfony/.manala/services/ssh-auth-bridge/run b/lazy.symfony/.manala/services/ssh-auth-bridge/run new file mode 100755 index 00000000..7af74c2a --- /dev/null +++ b/lazy.symfony/.manala/services/ssh-auth-bridge/run @@ -0,0 +1,5 @@ +#!/bin/sh + +exec socat \ + UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,unlink-early,mode=777 \ + UNIX-CONNECT:/var/run/ssh-auth.sock