centurion 1.6.0 → 1.8.0

data/lib/centurion/deploy_dsl.rb

@@ -1,4 +1,6 @@
 require_relative 'docker_server_group'
+require_relative 'docker_server'
+require_relative 'service'
 require 'uri'
 
 module Centurion::DeployDSL
@@ -14,6 +16,22 @@ module Centurion::DeployDSL
     set(:env_vars, current)
   end
 
+  def add_capability(new_cap_adds)
+    if !valid_capability?(new_cap_adds)
+      abort("Invalid capability addition #{new_cap_adds} specified.")
+    end
+    current = fetch(:cap_adds, [])
+    set(:cap_adds, current << new_cap_adds)
+  end
+
+  def drop_capability(new_cap_drops)
+    if !valid_capability?(new_cap_drops)
+      abort("Invalid capability drop #{new_cap_drops} specified.")
+    end
+    current = fetch(:cap_drops, [])
+    set(:cap_drops, current << new_cap_drops)
+  end
+
   def host(hostname)
     current = fetch(:hosts, [])
     current << hostname
@@ -43,12 +61,17 @@ module Centurion::DeployDSL
     validate_options_keys(options, [ :host_ip, :container_port, :type ])
     require_options_keys(options,  [ :container_port ])
 
-    add_to_bindings(
-      options[:host_ip],
-      options[:container_port],
-      port,
-      options[:type] || 'tcp'
-    )
+    set(:port_bindings, fetch(:port_bindings, []).tap do |bindings|
+      bindings << Centurion::Service::PortBinding.new(port, options[:container_port], options[:type] || 'tcp', options[:host_ip])
+    end)
+  end
+
+  def network_mode(mode)
+    if %w(bridge host).include?(mode) or mode =~ /container.*/
+      set(:network_mode, mode)
+    else
+      abort("invalid value for network_mode: #{mode}, value must be one of 'bridge', 'host', or 'container:<name|id>'")
+    end
   end
 
   def public_port_for(port_bindings)
@@ -61,11 +84,9 @@ module Centurion::DeployDSL
     validate_options_keys(options, [ :container_volume ])
     require_options_keys(options,  [ :container_volume ])
 
-    binds            = fetch(:binds, [])
-    container_volume = options[:container_volume]
-
-    binds << "#{volume}:#{container_volume}"
-    set(:binds, binds)
+    set(:binds, fetch(:binds, []).tap do |volumes|
+      volumes << Centurion::Service::Volume.new(volume, options[:container_volume])
+    end)
   end
 
   def get_current_tags_for(image)
@@ -85,6 +106,27 @@ module Centurion::DeployDSL
    set(:health_check, method)
   end
 
+  def extra_host(ip, name)
+    current = fetch(:extra_hosts, [])
+    current.push("#{name}:#{ip}")
+    set(:extra_hosts, current)
+  end
+
+  def defined_service
+    Centurion::Service.from_env
+  end
+
+  def defined_health_check
+    Centurion::HealthCheck.new(fetch(:health_check, method(:http_status_ok?)),
+                               fetch(:status_endpoint, '/'),
+                               fetch(:rolling_deploy_wait_time, 5),
+                               fetch(:rolling_deploy_retries, 24))
+  end
+
+  def defined_restart_policy
+    Centurion::Service::RestartPolicy.new(fetch(:restart_policy_name, 'on-failure'), fetch(:restart_policy_max_retry_count, 10))
+  end
+
   private
 
   def build_server_group
@@ -92,16 +134,6 @@ module Centurion::DeployDSL
     Centurion::DockerServerGroup.new(hosts, docker_path, build_tls_params)
   end
 
-  def add_to_bindings(host_ip, container_port, port, type='tcp')
-    set(:port_bindings, fetch(:port_bindings, {}).tap do |bindings|
-      binding = { 'HostPort' => port.to_s }.tap do |b|
-        b['HostIp'] = host_ip if host_ip
-      end
-      bindings["#{container_port.to_s}/#{type}"] = [ binding ]
-      bindings
-    end)
-  end
-
   def validate_options_keys(options, valid_keys)
     unless options.keys.all? { |k| valid_keys.include?(k) }
       raise ArgumentError.new('Options passed with invalid key!')
@@ -116,6 +148,15 @@ module Centurion::DeployDSL
     end
   end
 
+  def valid_capability?(capability)
+    %w(ALL SETPCAP SYS_MODULE SYS_RAWIO SYS_PACCT SYS_ADMIN SYS_NICE
+       SYS_RESOURCE SYS_TIME SYS_TTY_CONFIG MKNOD AUDIT_WRITE AUDIT_CONTROL
+       MAC_OVERRIDE MAC_ADMIN NET_ADMIN SYSLOG CHOWN NET_RAW DAC_OVERRIDE FOWNER
+       DAC_READ_SEARCH FSETID KILL SETGID SETUID LINUX_IMMUTABLE
+       NET_BIND_SERVICE NET_BROADCAST IPC_LOCK IPC_OWNER SYS_CHROOT SYS_PTRACE
+       SYS_BOOT LEASE SETFCAP WAKE_ALARM BLOCK_SUSPEND).include?(capability)
+  end
+
   def tls_paths_available?
     Centurion::DockerViaCli.tls_keys.all? { |key| fetch(key).present? }
   end

data/lib/centurion/docker_server.rb

@@ -15,7 +15,7 @@ class Centurion::DockerServer
 
   def_delegators :docker_via_api, :create_container, :inspect_container,
                  :inspect_image, :ps, :start_container, :stop_container,
-                 :old_containers_for_port, :remove_container
+                 :remove_container, :restart_container
   def_delegators :docker_via_cli, :pull, :tail, :attach
 
   def initialize(host, docker_path, tls_params = {})
@@ -45,11 +45,21 @@ class Centurion::DockerServer
     ps.select do |container|
       next unless container && container['Names']
       container['Names'].find do |name|
-        name =~ /\A\/#{wanted_name}(-[a-f0-9]{7})?\Z/
+        name =~ /\A\/#{wanted_name}(-[a-f0-9]{14})?\Z/
       end
     end
   end
 
+  def find_container_by_id(container_id)
+    ps.find { |container| container && container['Id'] == container_id }
+  end
+
+  def old_containers_for_name(wanted_name)
+    find_containers_by_name(wanted_name).select do |container|
+      container["Status"] =~ /^(Exit |Exited)/
+    end
+  end
+
   private
 
   def docker_via_api

data/lib/centurion/docker_via_api.rb

@@ -34,16 +34,6 @@ class Centurion::DockerViaApi
     JSON.load(response.body)
   end
 
-  def old_containers_for_port(host_port)
-    old_containers = ps(all: true).select do |container|
-      container["Status"] =~ /^(Exit |Exited)/
-    end.select do |container|
-      inspected = inspect_container container["Id"]
-      container_listening_on_port?(inspected, host_port)
-    end
-    old_containers
-  end
-
   def remove_container(container_id)
     path = "/v1.7/containers/#{container_id}"
     response = Excon.delete(
@@ -97,6 +87,24 @@ class Centurion::DockerViaApi
     end
   end
 
+  def restart_container(container_id, timeout = 30)
+    path = "/v1.10/containers/#{container_id}/restart?t=#{timeout}"
+    response = Excon.post(
+      @base_uri + path,
+      tls_excon_arguments
+    )
+    case response.status
+    when 204
+      true
+    when 404
+      fail "Failed to start missing container! \"#{response.body}\""
+    when 500
+      fail "Failed to start existing container! \"#{response.body}\""
+    else
+      raise response.inspect
+    end
+  end
+
   def inspect_container(container_id)
     path = "/v1.7/containers/#{container_id}/json"
     response = Excon.get(

data/lib/centurion/dogestry.rb

@@ -17,10 +17,10 @@ class Centurion::Dogestry
   def which(cmd)
     exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
     ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
-      exts.each { |ext|
+      exts.each do |ext|
         exe = File.join(path, "#{cmd}#{ext}")
         return exe if File.executable?(exe) && !File.directory?(exe)
-      }
+      end
     end
     return nil
   end
@@ -57,6 +57,20 @@ class Centurion::Dogestry
     ENV['AWS_ACCESS_KEY'] = aws_access_key_id
     ENV['AWS_SECRET_KEY'] = aws_secret_key
 
+    # If we want TLS, then try to pass a sane directory to Dogestry, which doesn't
+    # speak individual filenames.
+    if @options[:tlsverify]
+      ENV['DOCKER_CERT_PATH'] =
+        if @options[:tlscacert] || @options[:tlscert]
+          File.dirname(
+            @options[:tlscacert] ||
+            @options[:tlscert]
+          )
+        else
+          @options[:original_docker_cert_path]
+        end
+    end
+
     info "Dogestry ENV: #{ENV.inspect}"
   end
 

data/lib/centurion/service.rb

@@ -0,0 +1,218 @@
+require 'socket'
+require 'capistrano_dsl'
+
+module Centurion
+  class Service
+    extend ::Capistrano::DSL
+
+    attr_accessor :command, :dns, :extra_hosts, :image, :name, :volumes, :port_bindings, :network_mode, :cap_adds, :cap_drops 
+    attr_reader :memory, :cpu_shares, :env_vars
+
+    def initialize(name)
+      @name          = name
+      @env_vars      = {}
+      @volumes       = []
+      @port_bindings = []
+      @cap_adds      = []
+      @cap_drops     = []
+      @network_mode  = 'bridge'
+    end
+
+    def self.from_env
+      Service.new(fetch(:name)).tap do |s|
+        s.image = if fetch(:tag, nil)
+          "#{fetch(:image, nil)}:#{fetch(:tag)}"
+        else
+          fetch(:image, nil)
+        end
+
+        s.cap_adds      = fetch(:cap_adds, [])
+        s.cap_drops     = fetch(:cap_drops, [])
+        s.dns           = fetch(:dns, nil)
+        s.extra_hosts   = fetch(:extra_hosts, nil)
+        s.volumes       = fetch(:binds, [])
+        s.port_bindings = fetch(:port_bindings, [])
+        s.network_mode  = fetch(:network_mode, 'bridge')
+        s.command       = fetch(:command, nil)
+
+        s.add_env_vars(fetch(:env_vars, {}))
+      end
+    end
+
+    def add_env_vars(new_vars)
+      @env_vars.merge!(new_vars)
+    end
+
+    def add_port_bindings(host_port, container_port, type = 'tcp', host_ip = nil)
+      @port_bindings << PortBinding.new(host_port, container_port, type, host_ip)
+    end
+
+    def add_volume(host_volume, container_volume)
+      @volumes << Volume.new(host_volume, container_volume)
+    end
+
+    def cap_adds=(capabilites)
+      unless capabilites.is_a? Array
+        raise ArgumentError, "invalid value for capability additions: #{capabilites}, value must be an array"
+      end
+      @cap_adds = capabilites
+    end
+
+    def cap_drops=(capabilites)
+      unless capabilites.is_a? Array
+        raise ArgumentError, "invalid value for capability drops: #{capabilites}, value must be an array"
+      end
+      @cap_drops = capabilites
+    end
+
+    def network_mode=(mode)
+      @network_mode = mode
+    end
+
+    def memory=(bytes)
+      if !bytes || !is_a_uint64?(bytes)
+        raise ArgumentError, "invalid value for cgroup memory constraint: #{bytes}, value must be a between 0 and 18446744073709551615"
+      end
+      @memory = bytes
+    end
+
+    def cpu_shares=(shares)
+      if !shares || !is_a_uint64?(shares)
+        raise ArgumentError, "invalid value for cgroup CPU constraint: #{shares}, value must be a between 0 and 18446744073709551615"
+      end
+      @cpu_shares = shares
+    end
+
+    def image=(image)
+      @image = image
+    end
+
+    def build_config(server_hostname, &block)
+      container_config = {}.tap do |c|
+        c['Image'] = image
+        c['Hostname'] = block.call(server_hostname) if block_given?
+        c['Cmd'] = command if command
+        c['Memory'] = memory if memory
+        c['CpuShares'] = cpu_shares if cpu_shares
+      end
+
+      unless port_bindings.empty?
+        container_config['ExposedPorts'] = port_bindings.reduce({}) do |config, binding|
+          config["#{binding.container_port}/#{binding.type}"] = {}
+          config
+        end
+      end
+
+      unless env_vars.empty?
+        container_config['Env'] = env_vars.map do |k,v|
+          "#{k}=#{interpolate_var(v, server_hostname)}"
+        end
+      end
+
+      unless volumes.empty?
+        container_config['Volumes'] = volumes.inject({}) do |memo, v|
+          memo[v.container_volume] = {}
+          memo
+        end
+      end
+
+      container_config
+    end
+
+    def build_host_config(restart_policy = nil)
+      host_config = {}
+
+      # Set capability additions and drops
+      host_config['CapAdd'] = cap_adds if cap_adds
+      host_config['CapDrop'] = cap_drops if cap_drops
+
+      # Map some host volumes if needed
+      host_config['Binds'] = volume_binds_config if volume_binds_config
+
+      # Bind the ports
+      host_config['PortBindings'] = port_bindings_config
+
+      # Set the network mode
+      host_config['NetworkMode'] = network_mode
+
+      # DNS if specified
+      host_config['Dns'] = dns if dns
+
+      # Add ExtraHosts if needed
+      host_config['ExtraHosts'] = extra_hosts if extra_hosts
+
+      # Restart Policy
+      if restart_policy
+        host_config['RestartPolicy'] = {}
+
+        restart_policy_name = restart_policy.name
+        restart_policy_name = 'on-failure' unless ["always", "on-failure", "no"].include?(restart_policy_name)
+
+        host_config['RestartPolicy']['Name'] = restart_policy_name
+        host_config['RestartPolicy']['MaximumRetryCount'] = restart_policy.max_retry_count || 10 if restart_policy_name == 'on-failure'
+      end
+
+      host_config
+    end
+
+    def build_console_config(server_name, &block)
+      build_config(server_name, &block).merge({
+        'Cmd' => ['/bin/bash'],
+        'AttachStdin' => true,
+        'Tty'         => true,
+        'OpenStdin'   => true,
+      })
+    end
+
+    def volume_binds_config
+      @volumes.map { |volume| "#{volume.host_volume}:#{volume.container_volume}" }
+    end
+
+    def port_bindings_config
+      @port_bindings.inject({}) do |memo, binding|
+        config = {}
+        config['HostPort'] = binding.host_port.to_s
+        config['HostIp'] = binding.host_ip if binding.host_ip
+        memo["#{binding.container_port}/#{binding.type}"] = [config]
+        memo
+      end
+    end
+
+    def public_ports
+      @port_bindings.map(&:host_port)
+    end
+
+    private
+
+    def is_a_uint64?(value)
+      result = false
+      if !value.is_a? Integer
+        return result
+      end
+      if value < 0 || value > 0xFFFFFFFFFFFFFFFF
+        return result
+      end
+      return true
+    end
+
+    def interpolate_var(val, hostname)
+      val.to_s.gsub('%DOCKER_HOSTNAME%', hostname)
+        .gsub('%DOCKER_HOST_IP%', host_ip(hostname))
+    end
+
+    def host_ip(hostname)
+      @host_ip ||= {}
+      return @host_ip[hostname] if @host_ip.has_key?(hostname)
+      @host_ip[hostname] = Socket.getaddrinfo(hostname, nil).first[2]
+    end
+
+    class RestartPolicy < Struct.new(:name, :max_retry_count)
+    end
+
+    class Volume < Struct.new(:host_volume, :container_volume)
+    end
+
+    class PortBinding < Struct.new(:host_port, :container_port, :type, :host_ip)
+    end
+  end
+end