From 1783976cc5b842222cd3906a8214cd650a4bd031 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 30 Apr 2024 18:01:18 -0400 Subject: [PATCH 1/4] consolidate ziti+zrok compose files --- .../{compose.override.yml => compose.yml} | 101 +++++++++++++++--- 1 file changed, 89 insertions(+), 12 deletions(-) rename docker/compose/zrok-instance/{compose.override.yml => compose.yml} (62%) diff --git a/docker/compose/zrok-instance/compose.override.yml b/docker/compose/zrok-instance/compose.yml similarity index 62% rename from docker/compose/zrok-instance/compose.override.yml rename to docker/compose/zrok-instance/compose.yml index 8c43937c..d484ffb8 100644 --- a/docker/compose/zrok-instance/compose.override.yml +++ b/docker/compose/zrok-instance/compose.yml @@ -2,7 +2,85 @@ # https://get.openziti.io/dock/all-in-one/compose.yml to compose.override.yml services: + ziti-quickstart: + image: ${ZITI_CLI_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_CLI_TAG:-latest} + profiles: + - ziti + restart: unless-stopped + networks: + zrok-instance: + # this allows other containers to use the same external DNS name to reach the quickstart container from within the + # Docker network that clients outside the Docker network use to reach the quickstart container via port forwarding + aliases: + - ${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller} + - ${ZITI_ROUTER_ADVERTISED_ADDRESS:-ziti-router} + entrypoint: + - bash + - -euc + - | + ZITI_CMD+=" --ctrl-address ${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-quickstart}"\ + " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-1280}"\ + " --router-address ${ZITI_ROUTER_ADVERTISED_ADDRESS:-${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-quickstart}}"\ + " --router-port ${ZITI_ROUTER_PORT:-3022}"\ + " --password ${ZITI_PWD:-admin}" + echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" + exec ziti "$${@}" $${ZITI_CMD} + command: -- edge quickstart --home /home/ziggy/quickstart + user: ${ZIGGY_UID:-1000} + environment: + HOME: /home/ziggy + PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}" + ZITI_ROUTER_NAME: ${ZITI_ROUTER_NAME:-quickstart-router} + volumes: + # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a + # directory, ZITI_HOME + - ${ZITI_HOME:-ziti_home}:/home/ziggy + ports: + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_ADVERTISED_PORT:-1280}:${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} + expose: + - ${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_ROUTER_PORT:-3022} + depends_on: + ziti-quickstart-init: + condition: service_completed_successfully + healthcheck: + test: + - CMD + - ziti + - agent + - stats + interval: 3s + timeout: 3s + retries: 5 + start_period: 30s + + # this service is used to initialize the ziti_home volume by setting the owner to the UID of the user running the + # quickstart container + ziti-quickstart-init: + image: busybox + command: chown -Rc ${ZIGGY_UID:-1000} /home/ziggy + user: root + environment: + HOME: /home/ziggy + volumes: + # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a + # directory, ZITI_HOME + - ${ZITI_HOME:-ziti_home}:/home/ziggy + + # add a health check for the quickstart network + ziti-quickstart-check: + image: busybox + profiles: + - ziti + command: echo "Ziti is cooking" + depends_on: + ziti-quickstart: + condition: service_healthy + zrok-permissions: + profiles: + - zrok image: busybox command: - /bin/sh @@ -36,7 +114,7 @@ services: volumes: - zrok_ctrl:/var/lib/zrok-controller networks: - quickstart: + zrok-instance: aliases: - zrok.${ZROK_DNS_ZONE} restart: unless-stopped @@ -74,7 +152,7 @@ services: volumes: - zrok_frontend:/var/lib/zrok-frontend networks: - quickstart: + zrok-instance: restart: unless-stopped expose: - ${ZROK_FRONTEND_PORT:-8080} # (not published) @@ -121,17 +199,16 @@ services: - caddy_data:/data - caddy_config:/config networks: - quickstart: - - quickstart: - profiles: - - ziti - quickstart-check: - profiles: - - ziti + zrok-instance: volumes: - caddy_data: - caddy_config: + ziti_home: # this will not be used if you switch from named volume to bind mount volume zrok_ctrl: zrok_frontend: + caddy_data: + caddy_config: + +# define a custom network so that we can also define DNS aliases +networks: + zrok-instance: + driver: bridge From 89aea5443213494f2ce3d9a8d8b9c29e265e571d Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 30 Apr 2024 18:08:40 -0400 Subject: [PATCH 2/4] update Docker instance readme --- docker/compose/zrok-instance/README.md | 16 +++++----------- docker/compose/zrok-instance/fetch.bash | 1 - 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/docker/compose/zrok-instance/README.md b/docker/compose/zrok-instance/README.md index c4219998..beea946c 100644 --- a/docker/compose/zrok-instance/README.md +++ b/docker/compose/zrok-instance/README.md @@ -14,27 +14,21 @@ The quickstart makes these assumptions about your global DNS configuration. Create a working directory on your Docker host and save these Docker Compose project files. A OpenZiti network is provided by the "quickstart" container and is managed exclusively by zrok. -#### Shortcut option +#### Shortcut Option -1. Run this script to download the files. +1. Run this script to download the files in the current directory. ```bash curl https://get.openziti.io/zrok-docker/fetch.bash | bash ``` - Optionally, customize the install path instead of using the current directory. + Or, specify the Compose project directory. ```bash - curl https://get.openziti.io/zrok-docker/fetch.bash | bash -s /path/to/install + curl https://get.openziti.io/zrok-docker/fetch.bash | bash -s /path/to/compose/project/dir ``` -#### Do it Yourself - -1. Fetch the ziti quickstart Compose file. - - ```bash - wget https://get.openziti.io/dock/all-in-one/compose.yml - ``` +#### Manual Option 1. Get the zrok repo ZIP file. diff --git a/docker/compose/zrok-instance/fetch.bash b/docker/compose/zrok-instance/fetch.bash index 9ba80def..dabc1c5e 100755 --- a/docker/compose/zrok-instance/fetch.bash +++ b/docker/compose/zrok-instance/fetch.bash @@ -77,7 +77,6 @@ main() { echo "WARN: installing anyway in a few seconds...press Ctrl-C to abort" >&2 sleep 9 } - fetchFile "${ZITI_QUICK_COMPOSE:-"https://get.openziti.io/dock/all-in-one/compose.yml"}" "compose.yml" fetchFile "${ZROK_REPO_ZIP:-"https://github.com/openziti/zrok/archive/refs/heads/main.zip"}" "zrok.zip" unzip -j -d . zrok.zip '*/docker/compose/zrok-instance/*' rm zrok.zip .gitignore fetch.bash From f642de22c5bef60f3ed06a4ee5d71a7a53a85708 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 30 Apr 2024 21:37:29 -0400 Subject: [PATCH 3/4] eliminate ziti steps --- docker/compose/zrok-instance/README.md | 11 ++--------- docker/compose/zrok-instance/compose.yml | 19 +++---------------- 2 files changed, 5 insertions(+), 25 deletions(-) diff --git a/docker/compose/zrok-instance/README.md b/docker/compose/zrok-instance/README.md index beea946c..46c31b5e 100644 --- a/docker/compose/zrok-instance/README.md +++ b/docker/compose/zrok-instance/README.md @@ -53,8 +53,6 @@ CADDY_DNS_PLUGIN=cloudflare CADDY_DNS_PLUGIN_TOKEN=abcd1234 CADDY_ACME_EMAIL=me@example.com -# this must == ziti.${ZROK_DNS_ZONE} -ZITI_CTRL_ADVERTISED_ADDRESS=ziti.share.example.com ZITI_PWD=zitiadminpw ZROK_ADMIN_TOKEN=zroktoken @@ -62,6 +60,7 @@ ZROK_USER_PWD=zrokuserpw ``` ```bash title=".env options" +# ziti ports ZITI_CTRL_ADVERTISED_PORT=1280 ZITI_ROUTER_PORT=3022 @@ -78,18 +77,12 @@ CADDY_ACME_API=https://acme-staging-v02.api.letsencrypt.org/directory ### Start the Docker Compose Project -1. Start the ziti network. This runs `ziti edge quickstart` ([link to readme](https://github.com/openziti/ziti/tree/main/quickstart/docker/all-in-one#readme)). - - ```bash - docker compose --profile ziti up --detach - ``` - 1. Start the zrok instance. The container images for zrok (including caddy) are built in this step. This provides a simple configuration to get started. You can modify the templates named like `*.envsubst` or mount a customized configuration file to mask the one that was built in. ```bash - docker compose --profile zrok up --build --detach + docker compose up --build --detach ``` ### Set up a User Account diff --git a/docker/compose/zrok-instance/compose.yml b/docker/compose/zrok-instance/compose.yml index d484ffb8..bd69780b 100644 --- a/docker/compose/zrok-instance/compose.yml +++ b/docker/compose/zrok-instance/compose.yml @@ -4,23 +4,20 @@ services: ziti-quickstart: image: ${ZITI_CLI_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_CLI_TAG:-latest} - profiles: - - ziti restart: unless-stopped networks: zrok-instance: # this allows other containers to use the same external DNS name to reach the quickstart container from within the # Docker network that clients outside the Docker network use to reach the quickstart container via port forwarding aliases: - - ${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller} - - ${ZITI_ROUTER_ADVERTISED_ADDRESS:-ziti-router} + - ziti.${ZROK_DNS_ZONE} entrypoint: - bash - -euc - | - ZITI_CMD+=" --ctrl-address ${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-quickstart}"\ + ZITI_CMD+=" --ctrl-address ziti.${ZROK_DNS_ZONE}"\ " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-1280}"\ - " --router-address ${ZITI_ROUTER_ADVERTISED_ADDRESS:-${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-quickstart}}"\ + " --router-address ziti.${ZROK_DNS_ZONE}"\ " --router-port ${ZITI_ROUTER_PORT:-3022}"\ " --password ${ZITI_PWD:-admin}" echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" @@ -71,16 +68,12 @@ services: # add a health check for the quickstart network ziti-quickstart-check: image: busybox - profiles: - - ziti command: echo "Ziti is cooking" depends_on: ziti-quickstart: condition: service_healthy zrok-permissions: - profiles: - - zrok image: busybox command: - /bin/sh @@ -93,8 +86,6 @@ services: - zrok_frontend:/var/lib/zrok-frontend zrok-controller: - profiles: - - zrok depends_on: zrok-permissions: condition: service_completed_successfully @@ -128,8 +119,6 @@ services: CADDY_ACME_EMAIL: ${CADDY_ACME_EMAIL} # login email address (initial user account) zrok-frontend: - profiles: - - zrok depends_on: zrok-permissions: condition: service_completed_successfully @@ -169,8 +158,6 @@ services: ZITI_PWD: ${ZITI_PWD} # ziti controller admin password caddy: - profiles: - - zrok build: context: . dockerfile: ./caddy.Dockerfile From 5f820a7584a10c606e423916a540d6de786b9735 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 30 Apr 2024 21:41:33 -0400 Subject: [PATCH 4/4] finish debugging --- docker/compose/zrok-instance/fetch.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/compose/zrok-instance/fetch.bash b/docker/compose/zrok-instance/fetch.bash index dabc1c5e..c0b76317 100755 --- a/docker/compose/zrok-instance/fetch.bash +++ b/docker/compose/zrok-instance/fetch.bash @@ -3,7 +3,7 @@ set -o errexit set -o nounset set -o pipefail -set -o xtrace +# set -o xtrace requireBashVersion() { if (( "${BASH_VERSION%%.*}" < 4 )); then