Merge pull request #611 from openziti/refine-docker-instance

consolidate ziti+zrok compose files

docker/compose/zrok-instance/README.md

@@ -14,27 +14,21 @@ The quickstart makes these assumptions about your global DNS configuration.
 
 Create a working directory on your Docker host and save these Docker Compose project files. A OpenZiti network is provided by the "quickstart" container and is managed exclusively by zrok.
 
-#### Shortcut option
+#### Shortcut Option
 
-1. Run this script to download the files.
+1. Run this script to download the files in the current directory.
 
     ```bash
     curl https://get.openziti.io/zrok-docker/fetch.bash | bash
     ```
 
-    Optionally, customize the install path instead of using the current directory.
+    Or, specify the Compose project directory.
     
     ```bash
-    curl https://get.openziti.io/zrok-docker/fetch.bash | bash -s /path/to/install
+    curl https://get.openziti.io/zrok-docker/fetch.bash | bash -s /path/to/compose/project/dir
     ```
 
-#### Do it Yourself
+#### Manual Option
-
-1. Fetch the ziti quickstart Compose file.
-
-    ```bash
-    wget https://get.openziti.io/dock/all-in-one/compose.yml
-    ```
 
 1. Get the zrok repo ZIP file.
 
@@ -59,8 +53,6 @@ CADDY_DNS_PLUGIN=cloudflare
 CADDY_DNS_PLUGIN_TOKEN=abcd1234
 CADDY_ACME_EMAIL=me@example.com
 
-# this must == ziti.${ZROK_DNS_ZONE}
-ZITI_CTRL_ADVERTISED_ADDRESS=ziti.share.example.com
 ZITI_PWD=zitiadminpw
 
 ZROK_ADMIN_TOKEN=zroktoken
@@ -68,6 +60,7 @@ ZROK_USER_PWD=zrokuserpw
 ```
 
 ```bash title=".env options"
+# ziti ports
 ZITI_CTRL_ADVERTISED_PORT=1280
 ZITI_ROUTER_PORT=3022
 
@@ -84,18 +77,12 @@ CADDY_ACME_API=https://acme-staging-v02.api.letsencrypt.org/directory
 
 ### Start the Docker Compose Project
 
-1. Start the ziti network. This runs `ziti edge quickstart` ([link to readme](https://github.com/openziti/ziti/tree/main/quickstart/docker/all-in-one#readme)).
-
-    ```bash
-    docker compose --profile ziti up --detach
-    ```
-
 1. Start the zrok instance.
 
     The container images for zrok (including caddy) are built in this step. This provides a simple configuration to get started. You can modify the templates named like `*.envsubst` or mount a customized configuration file to mask the one that was built in.
 
     ```bash
-    docker compose --profile zrok up --build --detach
+    docker compose up --build --detach
     ```
 
 ### Set up a User Account

docker/compose/zrok-instance/compose.yml

@@ -2,6 +2,77 @@
 # https://get.openziti.io/dock/all-in-one/compose.yml to compose.override.yml
 
 services:
+  ziti-quickstart:
+    image: ${ZITI_CLI_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_CLI_TAG:-latest}
+    restart: unless-stopped
+    networks:
+      zrok-instance:
+        # this allows other containers to use the same external DNS name to reach the quickstart container from within the
+        # Docker network that clients outside the Docker network use to reach the quickstart container via port forwarding
+        aliases:
+          - ziti.${ZROK_DNS_ZONE}
+    entrypoint:
+      - bash
+      - -euc
+      - |
+        ZITI_CMD+=" --ctrl-address ziti.${ZROK_DNS_ZONE}"\
+        " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-1280}"\
+        " --router-address ziti.${ZROK_DNS_ZONE}"\
+        " --router-port ${ZITI_ROUTER_PORT:-3022}"\
+        " --password ${ZITI_PWD:-admin}"
+        echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}"
+        exec ziti "$${@}" $${ZITI_CMD}
+    command: -- edge quickstart --home /home/ziggy/quickstart
+    user: ${ZIGGY_UID:-1000}
+    environment:
+      HOME: /home/ziggy
+      PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}"
+      ZITI_ROUTER_NAME: ${ZITI_ROUTER_NAME:-quickstart-router}
+    volumes:
+      # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a
+      # directory, ZITI_HOME 
+      - ${ZITI_HOME:-ziti_home}:/home/ziggy
+    ports:
+      - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_ADVERTISED_PORT:-1280}:${ZITI_CTRL_ADVERTISED_PORT:-1280}
+      - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022}
+    expose:
+      - ${ZITI_CTRL_ADVERTISED_PORT:-1280}
+      - ${ZITI_ROUTER_PORT:-3022}
+    depends_on:
+      ziti-quickstart-init:
+        condition: service_completed_successfully
+    healthcheck:
+      test:
+        - CMD
+        - ziti
+        - agent
+        - stats
+      interval: 3s
+      timeout: 3s
+      retries: 5
+      start_period: 30s
+
+  # this service is used to initialize the ziti_home volume by setting the owner to the UID of the user running the
+  # quickstart container
+  ziti-quickstart-init:
+    image: busybox
+    command: chown -Rc ${ZIGGY_UID:-1000} /home/ziggy
+    user: root
+    environment:
+      HOME: /home/ziggy
+    volumes:
+      # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a
+      # directory, ZITI_HOME 
+      - ${ZITI_HOME:-ziti_home}:/home/ziggy
+
+  # add a health check for the quickstart network
+  ziti-quickstart-check:
+    image: busybox
+    command: echo "Ziti is cooking"
+    depends_on:
+      ziti-quickstart:
+        condition: service_healthy
+
   zrok-permissions:
     image: busybox
     command:
@@ -15,8 +86,6 @@ services:
       - zrok_frontend:/var/lib/zrok-frontend
 
   zrok-controller:
-    profiles:
-      - zrok
     depends_on:
         zrok-permissions:
           condition: service_completed_successfully
@@ -36,7 +105,7 @@ services:
     volumes:
       - zrok_ctrl:/var/lib/zrok-controller
     networks:
-      quickstart:
+      zrok-instance:
         aliases:
           - zrok.${ZROK_DNS_ZONE}
     restart: unless-stopped
@@ -50,8 +119,6 @@ services:
       CADDY_ACME_EMAIL: ${CADDY_ACME_EMAIL}  # login email address (initial user account)
 
   zrok-frontend:
-    profiles:
-      - zrok
     depends_on:
         zrok-permissions:
           condition: service_completed_successfully
@@ -74,7 +141,7 @@ services:
     volumes:
       - zrok_frontend:/var/lib/zrok-frontend
     networks:
-      quickstart:
+      zrok-instance:
     restart: unless-stopped
     expose:
       - ${ZROK_FRONTEND_PORT:-8080}  # (not published)
@@ -91,8 +158,6 @@ services:
       ZITI_PWD: ${ZITI_PWD} # ziti controller admin password
 
   caddy:
-    profiles:
-      - zrok
     build:
       context: .
       dockerfile: ./caddy.Dockerfile
@@ -121,17 +186,16 @@ services:
       - caddy_data:/data
       - caddy_config:/config
     networks:
-      quickstart:
+      zrok-instance:
-
-  quickstart:
-    profiles:
-      - ziti
-  quickstart-check:
-    profiles:
-      - ziti
 
 volumes:
-  caddy_data:
+  ziti_home:  # this will not be used if you switch from named volume to bind mount volume
-  caddy_config:
   zrok_ctrl:
   zrok_frontend:
+  caddy_data:
+  caddy_config:
+
+# define a custom network so that we can also define DNS aliases
+networks:
+  zrok-instance:
+    driver: bridge

docker/compose/zrok-instance/fetch.bash

@@ -3,7 +3,7 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-set -o xtrace
+# set -o xtrace
 
 requireBashVersion() {
     if (( "${BASH_VERSION%%.*}" < 4 )); then
@@ -77,7 +77,6 @@ main() {
         echo "WARN: installing anyway in a few seconds...press Ctrl-C to abort" >&2
         sleep 9
     }
-    fetchFile "${ZITI_QUICK_COMPOSE:-"https://get.openziti.io/dock/all-in-one/compose.yml"}" "compose.yml"
     fetchFile "${ZROK_REPO_ZIP:-"https://github.com/openziti/zrok/archive/refs/heads/main.zip"}" "zrok.zip"
     unzip -j -d . zrok.zip '*/docker/compose/zrok-instance/*'
     rm zrok.zip .gitignore fetch.bash