From fc1e3a58dcf07c296b3412e4114c87a09183976d Mon Sep 17 00:00:00 2001 From: Laurent Barbe Date: Tue, 5 Oct 2021 17:06:09 +0200 Subject: [PATCH 1/4] Allow custom shadow docker name to allow multiple instances --- .../install_scripts/install_server.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/server_manager/install_scripts/install_server.sh b/src/server_manager/install_scripts/install_server.sh index f9fcca49..4b60ff64 100755 --- a/src/server_manager/install_scripts/install_server.sh +++ b/src/server_manager/install_scripts/install_server.sh @@ -19,6 +19,9 @@ # You may set the following environment variables, overriding their defaults: # SB_IMAGE: The Outline Server Docker image to install, e.g. quay.io/outline/shadowbox:nightly +# SHADOWBOX_NAME: Docker instance name for shadowbox (default shadowbox). +# For multiple instances also change SHADOWBOX_DIR to an other location +# e.g. SHADOWBOX_NAME=shadowbox-inst1 SHADOWBOX_DIR=/opt/outline/inst1 # SHADOWBOX_DIR: Directory for persistent Outline Server state. # ACCESS_CONFIG: The location of the access config text file. # SB_DEFAULT_SERVER_NAME: Default name for this server, e.g. "Outline server New York". @@ -167,7 +170,7 @@ function docker_container_exists() { } function remove_shadowbox_container() { - remove_docker_container shadowbox + remove_docker_container ${SHADOWBOX_NAME} } function remove_watchtower_container() { @@ -293,7 +296,7 @@ function start_shadowbox() { # TODO(fortuna): Write API_PORT to config file, # rather than pass in the environment. local -ar docker_shadowbox_flags=( - --name shadowbox --restart always --net host + --name ${SHADOWBOX_NAME} --restart always --net host --label 'com.centurylinklabs.watchtower.enable=true' -v "${STATE_DIR}:${STATE_DIR}" -e "SB_STATE_DIR=${STATE_DIR}" @@ -309,8 +312,8 @@ function start_shadowbox() { STDERR_OUTPUT="$(docker run -d "${docker_shadowbox_flags[@]}" "${SB_IMAGE}" 2>&1 >/dev/null)" && return readonly STDERR_OUTPUT log_error "FAILED" - if docker_container_exists shadowbox; then - handle_docker_container_conflict shadowbox true + if docker_container_exists ${SHADOWBOX_NAME}; then + handle_docker_container_conflict ${SHADOWBOX_NAME} true return else log_error "${STDERR_OUTPUT}" @@ -327,7 +330,7 @@ function start_watchtower() { -v /var/run/docker.sock:/var/run/docker.sock) # By itself, local messes up the return code. local STDERR_OUTPUT - STDERR_OUTPUT="$(docker run -d "${docker_watchtower_flags[@]}" containrrr/watchtower --cleanup --label-enable --tlsverify --interval "${WATCHTOWER_REFRESH_SECONDS}" 2>&1 >/dev/null)" && return + STDERR_OUTPUT="$(docker start watchtower || docker run -d "${docker_watchtower_flags[@]}" containrrr/watchtower --cleanup --label-enable --tlsverify --interval "${WATCHTOWER_REFRESH_SECONDS}" 2>&1 >/dev/null)" && return readonly STDERR_OUTPUT log_error "FAILED" if docker_container_exists watchtower; then @@ -362,7 +365,7 @@ function check_firewall() { # TODO(JonathanDCohen) This is incorrect if access keys are using more than one port. local -i ACCESS_KEY_PORT ACCESS_KEY_PORT=$(fetch --insecure "${LOCAL_API_URL}/access-keys" | - docker exec -i shadowbox node -e ' + docker exec -i ${SHADOWBOX_NAME} node -e ' const fs = require("fs"); const accessKeys = JSON.parse(fs.readFileSync(0, {encoding: "utf-8"})); console.log(accessKeys["accessKeys"][0]["port"]); @@ -407,6 +410,8 @@ install_shadowbox() { # Make sure we don't leak readable files to other users. umask 0007 + export SHADOWBOX_NAME="${SHADOWBOX_NAME:-shadowbox}" + run_step "Verifying that Docker is installed" verify_docker_installed run_step "Verifying that Docker daemon is running" verify_docker_running From 18b014e56c7f8fe06ec2a44a4003ef75430332db Mon Sep 17 00:00:00 2001 From: Laurent Barbe Date: Fri, 15 Oct 2021 14:46:40 +0200 Subject: [PATCH 2/4] Change SHADOWBOX_NAME to CONTAINER_NAME --- .../install_scripts/install_server.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/server_manager/install_scripts/install_server.sh b/src/server_manager/install_scripts/install_server.sh index 4b60ff64..bbac7d8d 100755 --- a/src/server_manager/install_scripts/install_server.sh +++ b/src/server_manager/install_scripts/install_server.sh @@ -19,9 +19,9 @@ # You may set the following environment variables, overriding their defaults: # SB_IMAGE: The Outline Server Docker image to install, e.g. quay.io/outline/shadowbox:nightly -# SHADOWBOX_NAME: Docker instance name for shadowbox (default shadowbox). +# CONTAINER_NAME: Docker instance name for shadowbox (default shadowbox). # For multiple instances also change SHADOWBOX_DIR to an other location -# e.g. SHADOWBOX_NAME=shadowbox-inst1 SHADOWBOX_DIR=/opt/outline/inst1 +# e.g. CONTAINER_NAME=shadowbox-inst1 SHADOWBOX_DIR=/opt/outline/inst1 # SHADOWBOX_DIR: Directory for persistent Outline Server state. # ACCESS_CONFIG: The location of the access config text file. # SB_DEFAULT_SERVER_NAME: Default name for this server, e.g. "Outline server New York". @@ -170,7 +170,7 @@ function docker_container_exists() { } function remove_shadowbox_container() { - remove_docker_container ${SHADOWBOX_NAME} + remove_docker_container ${CONTAINER_NAME} } function remove_watchtower_container() { @@ -296,7 +296,7 @@ function start_shadowbox() { # TODO(fortuna): Write API_PORT to config file, # rather than pass in the environment. local -ar docker_shadowbox_flags=( - --name ${SHADOWBOX_NAME} --restart always --net host + --name ${CONTAINER_NAME} --restart always --net host --label 'com.centurylinklabs.watchtower.enable=true' -v "${STATE_DIR}:${STATE_DIR}" -e "SB_STATE_DIR=${STATE_DIR}" @@ -312,8 +312,8 @@ function start_shadowbox() { STDERR_OUTPUT="$(docker run -d "${docker_shadowbox_flags[@]}" "${SB_IMAGE}" 2>&1 >/dev/null)" && return readonly STDERR_OUTPUT log_error "FAILED" - if docker_container_exists ${SHADOWBOX_NAME}; then - handle_docker_container_conflict ${SHADOWBOX_NAME} true + if docker_container_exists ${CONTAINER_NAME}; then + handle_docker_container_conflict ${CONTAINER_NAME} true return else log_error "${STDERR_OUTPUT}" @@ -365,7 +365,7 @@ function check_firewall() { # TODO(JonathanDCohen) This is incorrect if access keys are using more than one port. local -i ACCESS_KEY_PORT ACCESS_KEY_PORT=$(fetch --insecure "${LOCAL_API_URL}/access-keys" | - docker exec -i ${SHADOWBOX_NAME} node -e ' + docker exec -i ${CONTAINER_NAME} node -e ' const fs = require("fs"); const accessKeys = JSON.parse(fs.readFileSync(0, {encoding: "utf-8"})); console.log(accessKeys["accessKeys"][0]["port"]); @@ -410,7 +410,7 @@ install_shadowbox() { # Make sure we don't leak readable files to other users. umask 0007 - export SHADOWBOX_NAME="${SHADOWBOX_NAME:-shadowbox}" + export CONTAINER_NAME="${CONTAINER_NAME:-shadowbox}" run_step "Verifying that Docker is installed" verify_docker_installed run_step "Verifying that Docker daemon is running" verify_docker_running From 5edb9da782341729461b2aaf2a28ff9e7ec6507b Mon Sep 17 00:00:00 2001 From: Laurent Barbe Date: Mon, 18 Oct 2021 16:24:04 +0200 Subject: [PATCH 3/4] Remove the "docker start", it's already handled below --- src/server_manager/install_scripts/install_server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server_manager/install_scripts/install_server.sh b/src/server_manager/install_scripts/install_server.sh index bbac7d8d..b5171dac 100755 --- a/src/server_manager/install_scripts/install_server.sh +++ b/src/server_manager/install_scripts/install_server.sh @@ -330,7 +330,7 @@ function start_watchtower() { -v /var/run/docker.sock:/var/run/docker.sock) # By itself, local messes up the return code. local STDERR_OUTPUT - STDERR_OUTPUT="$(docker start watchtower || docker run -d "${docker_watchtower_flags[@]}" containrrr/watchtower --cleanup --label-enable --tlsverify --interval "${WATCHTOWER_REFRESH_SECONDS}" 2>&1 >/dev/null)" && return + STDERR_OUTPUT="$(docker run -d "${docker_watchtower_flags[@]}" containrrr/watchtower --cleanup --label-enable --tlsverify --interval "${WATCHTOWER_REFRESH_SECONDS}" 2>&1 >/dev/null)" && return readonly STDERR_OUTPUT log_error "FAILED" if docker_container_exists watchtower; then From dbee09305294b43e6e08bc34658e609799609505 Mon Sep 17 00:00:00 2001 From: Laurent Barbe Date: Mon, 18 Oct 2021 17:48:30 +0200 Subject: [PATCH 4/4] Add quotes for CONTAINER_NAME --- src/server_manager/install_scripts/install_server.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/server_manager/install_scripts/install_server.sh b/src/server_manager/install_scripts/install_server.sh index b5171dac..1302f17f 100755 --- a/src/server_manager/install_scripts/install_server.sh +++ b/src/server_manager/install_scripts/install_server.sh @@ -170,7 +170,7 @@ function docker_container_exists() { } function remove_shadowbox_container() { - remove_docker_container ${CONTAINER_NAME} + remove_docker_container "${CONTAINER_NAME}" } function remove_watchtower_container() { @@ -296,7 +296,7 @@ function start_shadowbox() { # TODO(fortuna): Write API_PORT to config file, # rather than pass in the environment. local -ar docker_shadowbox_flags=( - --name ${CONTAINER_NAME} --restart always --net host + --name "${CONTAINER_NAME}" --restart always --net host --label 'com.centurylinklabs.watchtower.enable=true' -v "${STATE_DIR}:${STATE_DIR}" -e "SB_STATE_DIR=${STATE_DIR}" @@ -312,8 +312,8 @@ function start_shadowbox() { STDERR_OUTPUT="$(docker run -d "${docker_shadowbox_flags[@]}" "${SB_IMAGE}" 2>&1 >/dev/null)" && return readonly STDERR_OUTPUT log_error "FAILED" - if docker_container_exists ${CONTAINER_NAME}; then - handle_docker_container_conflict ${CONTAINER_NAME} true + if docker_container_exists "${CONTAINER_NAME}"; then + handle_docker_container_conflict "${CONTAINER_NAME}" true return else log_error "${STDERR_OUTPUT}" @@ -365,7 +365,7 @@ function check_firewall() { # TODO(JonathanDCohen) This is incorrect if access keys are using more than one port. local -i ACCESS_KEY_PORT ACCESS_KEY_PORT=$(fetch --insecure "${LOCAL_API_URL}/access-keys" | - docker exec -i ${CONTAINER_NAME} node -e ' + docker exec -i "${CONTAINER_NAME}" node -e ' const fs = require("fs"); const accessKeys = JSON.parse(fs.readFileSync(0, {encoding: "utf-8"})); console.log(accessKeys["accessKeys"][0]["port"]);