moby-derp 0.3.2 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53b4f6a0a6db392604195b677bdbf933478ec68a389da49d498df62feb950612
-  data.tar.gz: 36a12fa06801120ff45273bc58771b9e513a75f83ebfc95d803e7eb82545ef11
+  metadata.gz: 513a47c0b56a264731bf12050cbc651c7799c4ec60955c06e8cff46377328825
+  data.tar.gz: 01d2f26f2fa6300cdddf599b9f544616d1781c4a53879ec009bec1d4dd340b9d
 SHA512:
-  metadata.gz: 9b566b1f24b01247b56bf48814866a804f8272055baa80d6e0ca131e158314827a68c56abfe7d669ae1465d17436e8ca5af54f1a916fc51715866503564c40b5
-  data.tar.gz: 91fb4f476900a4790fc4b96d3b27c488a67de334cc71bd8efb446b9e5282d029194d40dfbd703edd242162bbaf43155249d607767d7fc17d5053bb54fc8b7d7d
+  metadata.gz: 307556e56b26e97437df00b9db1277f254554ba88af5a22d9b786de2daba8a30d91f5c932c3b28f4cebb972175958c7c1be81d3cd8ad718a23638d8f696aaa12
+  data.tar.gz: eb0c7f7f7514dbb93911cc65037a129aadfc1888454529071f2811e606dd3291dc57e5f2ced377df3896bbaccbac22c163bd5fad4e90cc0435304bb32b65ef6a

data/README.md

@@ -134,7 +134,7 @@ wrapper script, like this:
 
     set -e
 
-    MOBY_DERP_SYSTEM_CONFIG_FILE=/opt/srv/etc/moby-derp/moby-derp.yaml
+    export MOBY_DERP_SYSTEM_CONFIG_FILE=/opt/srv/etc/moby-derp/moby-derp.yaml
 
     exec /usr/local/bin/moby-derp "$@"
 
@@ -185,7 +185,7 @@ to `moby-derp`.  This means that, yes, different users need to use different
 filenames.  The benefit of this is that the `sudo` configuration becomes a lot
 easier to audit -- the pod name is right there.
 
-This means that no matter a user does, they cannot have any effect on any
+This means that no matter what a user does, they cannot have any effect on any
 container which is not named for the pod they're manipulating.  There are also
 safety valves around `moby-derp`-managed containers being labelled as such, so
 that in the event that someone does inadvertently name a container in such a
@@ -220,7 +220,7 @@ still publish to ephemeral ports (using the `:containerPort` syntax, or
 `publish_all: true`) if they wish.
 
 If a pod *does* need to bind to a specific host port, then that pod/port pair
-should be whitelisted in the system configuration file.
+should be whitelisted in the [system configuration file](#system-configuration).
 
 
 # Contributing

data/bin/moby-derp

@@ -11,7 +11,7 @@ if ARGV.length != 1
 	exit 1
 end
 
-logger = Logger.new($stdout)
+logger = Logger.new($stderr)
 logger.formatter = ->(s, t, p, m) { "#{m}\n" }
 
 case ENV["MOBY_DERP_LOG_LEVEL"]
@@ -44,6 +44,8 @@ rescue MobyDerp::ConfigurationError => ex
   exit 1
 end
 
+Docker.options = { read_timeout: 86400 }
+
 pod = MobyDerp::Pod.new(pod_config)
 
 begin

data/example.yml

@@ -213,6 +213,33 @@ containers:
       ulimit-rttime: 15:16
       ulimit-stack: 17:18
 
+    # If you're a bit suss as to whether or not one of your containers will
+    # successfully start up, you can use the following section to define a
+    # start-time health checking regime.
+    #
+    # How it works is that the defined command is run in the container (using
+    # `exec`), and if-and-when that command returns a `0` exit status, the
+    # container is considered to be healthy and we're done.  If the command
+    # returns a non-zero exit status, we wait for `interval` seconds and then
+    # retry.  If the command executes `attempts` times without receiving a `0`
+    # exit status, the container is considered "failed", and no further
+    # containers in the pod will be processed, and the `moby-derp` execution
+    # will itself exit with a non-zero status.
+    startup_health_check:
+      # The command to run inside the container via `exec`.  You can specify
+      # this as a string, or as an array of strings if you prefer to avoid
+      # shell quoting hell.
+      command: '/usr/local/bin/r-u-ok'
+
+      # How many seconds to wait between invocations of the command, when
+      # it fails.  Can be any non-negative number.  Defaults to 3.
+      interval: 3
+
+      # How many times to attempt to execute the health-check command before
+      # declaring the container hopelessly busticated, and aborting the
+      # `moby-derp` run.  Must be a positive integer.  Defaults to 10.
+      attempts: 10
+
 # SECTION 2: POD-LEVEL CONFIGURATION
 #
 # The remainder of the configuration items in this file correspond to settings

data/lib/moby_derp/config_file.rb

@@ -1,7 +1,7 @@
 require_relative "./error"
 require_relative "./logging_helpers"
 
-require "safe_yaml"
+require "yaml"
 
 module MobyDerp
 	class ConfigFile
@@ -12,7 +12,7 @@ module MobyDerp
 		def initialize(filename)
 			begin
 				@logger.debug(logloc) { "Reading configuration file #{filename}" }
-				@config = SafeYAML.load(File.read(filename))
+				@config = YAML.safe_load(File.read(filename))
 			rescue Errno::ENOENT
 				raise ConfigurationError,
 				      "file does not exist"

data/lib/moby_derp/container.rb

@@ -43,7 +43,35 @@ module MobyDerp
 			end
 
 			begin
-				Docker::Container.create(hash_labelled(container_creation_parameters)).start!.id
+				c = Docker::Container.create(hash_labelled(container_creation_parameters))
+				c.start!.object_id
+
+				if @config.startup_health_check
+					attempts = @config.startup_health_check[:attempts]
+
+					while attempts > 0
+						stdout, stderr, exitstatus = c.exec(@config.startup_health_check[:command])
+						if exitstatus > 0
+							stdout_lines = stdout.empty? ? [] : ["stdout:"] + stdout.join("\n").split("\n").map { |l| "  #{l}" }
+							stderr_lines = stderr.empty? ? [] : ["stderr:"] + stderr.join("\n").split("\n").map { |l| "  #{l}" }
+							output_lines = stdout_lines + stderr_lines
+							@logger.warn(logloc) { "Startup health check failed on #{container_name} with status #{exitstatus}." + (output_lines.empty? ? "" : (["  Output:"] + output_lines.join("\n  "))) }
+
+							attempts -= 1
+							sleep @config.startup_health_check[:interval]
+						else
+							@logger.info(logloc) { "Startup health check passed." }
+							break
+						end
+					end
+
+					if attempts == 0
+						raise MobyDerp::StartupHealthCheckError,
+							"Container #{container_name} has failed the startup health check command #{@config.startup_health_check[:attempts]} times.  Aborting."
+					end
+				end
+
+				c.id
 			rescue Docker::Error::ClientError => ex
 				raise MobyDerp::ContainerError,
 				      "moby daemon returned error: #{ex.message}"
@@ -71,6 +99,7 @@ module MobyDerp
 							}
 						}
 					end
+					params["ExposedPorts"] = Hash[@pod.expose.map { |ex| [ex, {}] }]
 				else
 					params["HostConfig"] = {
 						"NetworkMode"   => "container:#{@pod.root_container_id}",
@@ -126,7 +155,9 @@ module MobyDerp
 				params["Labels"] = @pod.common_labels.merge(@config.labels)
 				params["Labels"]["org.hezmatt.moby-derp.pod-name"] = @pod.name
 
-				unless @root_container
+				if @root_container
+					params["Labels"] = @pod.root_labels.merge(params["Labels"])
+				else
 					params["Labels"]["org.hezmatt.moby-derp.root-container-id"] = @pod.root_container_id
 				end
 			end

data/lib/moby_derp/container_config.rb

@@ -3,11 +3,13 @@ require_relative "./error"
 require_relative "./mount"
 
 require "docker-api"
+require "shellwords"
 
 module MobyDerp
 	class ContainerConfig
 		attr_reader :name, :image, :update_image, :command, :environment, :mounts,
-		            :labels, :readonly, :stop_signal, :stop_timeout, :user, :restart, :limits
+		            :labels, :readonly, :stop_signal, :stop_timeout, :user, :restart, :limits,
+		            :startup_health_check
 
 		def initialize(system_config:,
 		               pod_config:,
@@ -23,13 +25,14 @@ module MobyDerp
 		               stop_timeout: 10,
 		               user: nil,
 		               restart: "no",
-		               limits: {}
+		               limits: {},
+		               startup_health_check: nil
 		              )
 			@system_config, @pod_config, @name, @image = system_config, pod_config, "#{pod_config.name}.#{container_name}", image
 
 			@update_image, @command, @environment, @mounts, @labels = update_image, command, environment, mounts, labels
 			@readonly, @stop_signal, @stop_timeout, @user, @restart = readonly, stop_signal, stop_timeout, user, restart
-			@limits = limits
+			@limits, @startup_health_check = limits, startup_health_check
 
 			validate_image
 			validate_update_image
@@ -43,6 +46,7 @@ module MobyDerp
 			validate_user
 			validate_restart
 			validate_limits
+			validate_startup_health_check
 		end
 
 		private
@@ -66,7 +70,10 @@ module MobyDerp
 		def validate_command
 			case @command
 			when String
-				true
+				# Despite the Docker Engine API spec saying you can pass a string,
+				# if you do it doesn't get parsed into arguments... so that's pretty
+				# fucking useless.
+				@command = Shellwords.split(@command)
 			when Array
 				unless @command.all? { |c| String === c }
 					raise ConfigurationError, "all elements of the command array must be strings"
@@ -327,6 +334,51 @@ module MobyDerp
 			end
 		end
 
+		def validate_startup_health_check
+			if @startup_health_check.nil?
+				# This is fine
+				return
+			end
+
+			unless @startup_health_check.is_a?(Hash)
+				raise ConfigurationError,
+				      "startup_health_check must be a hash"
+			end
+
+			case @startup_health_check[:command]
+			when String
+				@startup_health_check[:command] = Shellwords.split(@startup_health_check[:command])
+			when Array
+				unless @startup_health_check[:command].all? { |c| String === c }
+					raise ConfigurationError, "all elements of the health check command array must be strings"
+				end
+			when NilClass
+				raise ConfigurationError, "health check command must be specified"
+			else
+				raise ConfigurationError,
+				      "health check command must be string or array of strings"
+			end
+
+			@startup_health_check[:interval] ||= 3
+			@startup_health_check[:attempts] ||= 10
+
+			unless Numeric === @startup_health_check[:interval]
+				raise ConfigurationError, "startup health check interval must be a number"
+			end
+
+			if @startup_health_check[:interval] < 0
+				raise ConfigurationError, "startup health check interval cannot be negative"
+			end
+
+			unless Integer === @startup_health_check[:attempts]
+				raise ConfigurationError, "startup health check attempt count must be an integer"
+			end
+
+			if @startup_health_check[:attempts] < 1
+				raise ConfigurationError, "startup health check attempt count must be a positive integer"
+			end
+		end
+
 		def validate_boolean(name)
 			v = instance_variable_get(:"@#{name}")
 			unless v == true || v == false

data/lib/moby_derp/error.rb

@@ -9,6 +9,10 @@ module MobyDerp
 	# Indicates there was a problem manipulating a live container
 	class ContainerError < Error; end
 
+	# Raised when the startup health check has failed spectacularly for
+	# a container
+	class StartupHealthCheckError < Error; end
+
 	# Only appears when an inviolable assertion is invalid, and indicates
 	# there is a bug in the code
 	class BugError < Error; end

data/lib/moby_derp/pod.rb

@@ -48,6 +48,10 @@ module MobyDerp
 			@config.common_labels
 		end
 
+		def root_labels
+			@config.root_labels
+		end
+
 		def common_environment
 			@config.common_environment
 		end
@@ -68,6 +72,10 @@ module MobyDerp
 			@config.hostname
 		end
 
+		def expose
+			@config.expose
+		end
+
 		private
 
 		def root_container

data/lib/moby_derp/pod_config.rb

@@ -3,13 +3,24 @@ require_relative "./container_config"
 require_relative "./logging_helpers"
 require_relative "./mount"
 
-require "safe_yaml"
 require "socket"
 
 module MobyDerp
 	class PodConfig < ConfigFile
 		include LoggingHelpers
 
+		VALID_CONFIG_KEYS = %w{
+			containers
+			hostname
+			common_environment
+			common_labels
+			root_labels
+			common_mounts
+			expose
+			publish
+			publish_all
+		}
+
 		attr_reader :name,
 		            :containers,
 		            :hostname,
@@ -21,8 +32,8 @@ module MobyDerp
 		            :publish,
 		            :publish_all,
 		            :mount_root,
-						:system_config,
-						:logger
+		            :system_config,
+		            :logger
 
 		def initialize(filename, system_config)
 			@logger = system_config.logger
@@ -34,6 +45,10 @@ module MobyDerp
 			@name = File.basename(filename, ".*")
 			validate_name
 
+			unless (bad_keys = @config.keys - VALID_CONFIG_KEYS).empty?
+				raise ConfigurationError,
+				      "Invalid pod configuration key(s): #{bad_keys.inspect}"
+			end
 
 			unless @config.has_key?("containers")
 				raise ConfigurationError,
@@ -181,18 +196,23 @@ module MobyDerp
 				      "expose must be an array"
 			end
 
-			@expose.map!(&:to_s)
-
-			@expose.each do |e|
+			@expose.map! do |e|
+				e = e.to_s
 				unless e.is_a?(String) && e =~ %r{\A\d+(/(tcp|udp))?\z}
 					raise ConfigurationError,
 					      "exposed ports must be integers, with an optional protocol specifier (got #{e.inspect})"
 				end
 
+				if $1.nil?
+					e += "/tcp"
+				end
+
 				if e.to_i < 1 || e.to_i > 65535
 					raise ConfigurationError,
 					      "exposed port #{e} is out of range (expected 1-65535)"
 				end
+
+				e
 			end
 		end
 

data/lib/moby_derp/system_config.rb

@@ -1,16 +1,21 @@
 require_relative "./config_file"
 
-require "safe_yaml"
-
 module MobyDerp
 	class SystemConfig < ConfigFile
 		attr_reader :mount_root, :port_whitelist, :network_name, :use_host_resolv_conf,
 		            :cpu_count, :cpu_bits
 
-		def initialize(filename, moby_info, logger)
+		def initialize(config_data_or_filename, moby_info, logger)
 			@logger = logger
 
-			super(filename)
+			case config_data_or_filename
+			when String
+				super(config_data_or_filename)
+			when Hash
+				@config = stringify_keys(config_data_or_filename)
+			else
+				raise ArgumentError, "Unsupported type for config_data_or_filename parameter"
+			end
 
 			@mount_root           = @config["mount_root"]
 			@port_whitelist       = stringify_keys(@config["port_whitelist"] || {})

data/moby-derp.gemspec

@@ -25,7 +25,6 @@ Gem::Specification.new do |s|
 
 	s.add_runtime_dependency "docker-api"
 	s.add_runtime_dependency "json-canonicalization"
-	s.add_runtime_dependency "safe_yaml"
 
 	s.add_development_dependency 'bundler'
 	s.add_development_dependency 'deep_merge'

data/smoke_tests/exposed.bats

@@ -0,0 +1,28 @@
+load test_helper
+
+@test "Exposed ports" {
+	config_file <<-'EOF'
+		expose:
+		  - 80
+		  - "53/udp"
+		containers:
+		  bob:
+		    image: busybox:latest
+		    command: sleep 600
+		common_labels:
+		  moby-derp-smoke-test: ayup
+EOF
+
+	run $MOBY_DERP_BIN $TEST_CONFIG_FILE
+
+	echo "status: $status"
+	echo "output: $output"
+
+	[ "$status" = "0" ]
+	container_running "mdst"
+	container_running "mdst.bob"
+
+	docker inspect mdst --format='{{.Config.ExposedPorts}}'
+	docker inspect mdst --format='{{.Config.ExposedPorts}}' | grep 'map.*53/udp:{}'
+	docker inspect mdst --format='{{.Config.ExposedPorts}}' | grep 'map.*80/tcp:{}'
+}

data/smoke_tests/root_labels.bats

@@ -0,0 +1,27 @@
+load test_helper
+
+@test "Core labels" {
+	config_file <<-'EOF'
+		root_labels:
+		  foo: booblee
+		containers:
+		  bob:
+		    image: busybox:latest
+		    command: sleep 1
+		common_labels:
+		  moby-derp-smoke-test: ayup
+EOF
+
+	run $MOBY_DERP_BIN $TEST_CONFIG_FILE
+
+	echo "status: $status"
+	echo "output: $output"
+
+	[ "$status" = "0" ]
+	container_running "mdst"
+	container_running "mdst.bob"
+
+	docker inspect mdst --format='{{.Config.Labels}}'
+	docker inspect mdst --format='{{.Config.Labels}}' | grep 'map.*foo:booblee'
+	! docker inspect mdst.bob --format='{{.Config.Labels}}' | grep 'map.*foo:booblee'
+}

data/smoke_tests/test_helper.bash

@@ -23,7 +23,7 @@ EOF
 teardown() {
 	for i in $(docker ps -a --format='{{.Names}}'); do
 		if docker container inspect $i --format='{{.Config.Labels}}' | grep -q moby-derp-smoke-test; then
-			docker rm -f $i
+			docker rm -f $i >/dev/null
 		fi
 	done
 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: moby-derp
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.6.0
 platform: ruby
 authors:
 - Matt Palmer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-03 00:00:00.000000000 Z
+date: 2020-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docker-api
@@ -38,20 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: safe_yaml
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -214,14 +200,15 @@ files:
 - lib/moby_derp/container_config.rb
 - lib/moby_derp/error.rb
 - lib/moby_derp/logging_helpers.rb
-- lib/moby_derp/moby_info.rb
 - lib/moby_derp/mount.rb
 - lib/moby_derp/pod.rb
 - lib/moby_derp/pod_config.rb
 - lib/moby_derp/system_config.rb
 - moby-derp.gemspec
+- smoke_tests/exposed.bats
 - smoke_tests/minimal.bats
 - smoke_tests/no_file.bats
+- smoke_tests/root_labels.bats
 - smoke_tests/test_helper.bash
 homepage: http://github.com/mpalmer/moby-derp
 licenses: []
@@ -241,7 +228,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: A simple management system for a pod of moby containers

data/lib/moby_derp/moby_info.rb

@@ -1,12 +0,0 @@
-module MobyDerp
-	class MobyInfo
-		attr_reader :cpu_count, :cpu_bits
-
-		def initialize(info)
-			@cpu_count = info["NCPU"]
-			# As far as I can tell, the only 32-bit platform Moby supports is
-			# armhf; if that turns out to be incorrect, amend the list below.
-			@cpu_bits  = %w{armhf}.include?(info["Architecture"]) ? 32 : 64
-		end
-	end
-end