From 56a3301620f65f6aaae04cd654207f76c9222fa6 Mon Sep 17 00:00:00 2001 From: Rob Witoff Date: Sun, 21 May 2017 19:33:11 -0700 Subject: [PATCH 1/8] Should have a dockerized DB Client with sourcecode and mysql DB ops DB operations should be flexibile to run against many environments Dockerize core components remove deprecated comment --- README.md | 4 +- scripts/resetdb.sh | 71 +++++++++++++++++++++------ server/trillian_db_client/Dockerfile | 15 ++++++ server/trillian_log_server/Dockerfile | 10 ++-- server/trillian_log_signer/Dockerfile | 4 +- 5 files changed, 82 insertions(+), 22 deletions(-) create mode 100644 server/trillian_db_client/Dockerfile diff --git a/README.md b/README.md index c6f1786980..8a6974b6d7 100644 --- a/README.md +++ b/README.md @@ -95,8 +95,10 @@ You can then set up the [expected tables](storage/mysql/storage.sql) in a ```bash ./scripts/resetdb.sh -Completely wipe and reset database 'test'. +Warning: about to destroy and reset database 'test' Are you sure? y +> Resetting DB... +> Reset Complete ``` ### Integration Tests diff --git a/scripts/resetdb.sh b/scripts/resetdb.sh index 5de24884ed..cfb9829b2d 100755 --- a/scripts/resetdb.sh +++ b/scripts/resetdb.sh @@ -1,16 +1,59 @@ #!/bin/bash -readonly TRILLIAN_PATH=$(go list -f '{{.Dir}}' github.com/google/trillian) - -echo "Completely wipe and reset database 'test'." -read -p "Are you sure? " -n 1 -r -if [[ $REPLY =~ ^[Yy]$ ]] -then - # User-supplied arguments must be first. This is because some flags, such - # as --defaults-extra-file, must be at the start. - mysql "$@" -u root -e 'DROP DATABASE IF EXISTS test;' - mysql "$@" -u root -e 'CREATE DATABASE test;' - mysql "$@" -u root -e "GRANT ALL ON test.* TO 'test'@'localhost' IDENTIFIED BY 'zaphod';" - mysql "$@" -u root -D test < ${TRILLIAN_PATH}/storage/mysql/storage.sql -fi -echo +set -e + +usage() { + echo "$0 [--force] [--verbose] ..." + echo "accepts environment variables:" + echo " - DB_NAME" + echo " - DB_USER" + echo " - DB_PASSWORD" +} + +collect_vars() { + # set unset environment variables to defaults + [ -z ${DB_USER+x} ] && DB_USER="root" + [ -z ${DB_NAME+x} ] && DB_NAME="test" + # format reused supplied environment variables + FLAGS="" + [ -z ${DB_PASSWORD+x} ] || FLAGS="${FLAGS} -p$DB_PASSWORD" + + # handle flags + FORCE=false + VERBOSE=false + while [[ $# -gt 0 ]]; do + case "$1" in + --force) FORCE=true ;; + --verbose) VERBOSE=true ;; + *) FLAGS="${FLAGS} $1" + esac + shift 1 + done +} + +main() { + collect_vars "$@" + + readonly TRILLIAN_PATH=$(go list -f '{{.Dir}}' github.com/google/trillian) + + # what we're about to do + if [[ ${VERBOSE} = 'true' ]] + then + echo "-- using DB_USER: ${DB_USER}" + fi + echo "Warning: about to destroy and reset database '${DB_NAME}'" + + [[ ${FORCE} = true ]] || read -p "Are you sure? " -n 1 -r + + if [ -z ${REPLY+x} ] || [[ $REPLY =~ ^[Yy]$ ]] + then + echo "Resetting DB..." + mysql -u $DB_USER $FLAGS -e "DROP DATABASE IF EXISTS ${DB_NAME};" + mysql -u $DB_USER $FLAGS -e "CREATE DATABASE ${DB_NAME};" + mysql -u $DB_USER $FLAGS -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_NAME}'@'localhost' IDENTIFIED BY 'zaphod';" + mysql -u $DB_USER $FLAGS -D ${DB_NAME} < ${TRILLIAN_PATH}/storage/mysql/storage.sql + echo "Reset Complete" + fi +} + +main "$@" diff --git a/server/trillian_db_client/Dockerfile b/server/trillian_db_client/Dockerfile new file mode 100644 index 0000000000..b88b36a0f5 --- /dev/null +++ b/server/trillian_db_client/Dockerfile @@ -0,0 +1,15 @@ +FROM golang:1.8 + +RUN apt-get update && \ + apt-get install -y mysql-client + +ADD . /go/src/github.com/google/trillian +WORKDIR /go/src/github.com/google/trillian + +RUN go get -v ./server/trillian_log_server + +ENV DB_USER=test \ + DB_PASSWORD=zaphod \ + DB_DATABASE=test + +CMD [ 'mysql' ] diff --git a/server/trillian_log_server/Dockerfile b/server/trillian_log_server/Dockerfile index 8475693b20..f418036701 100644 --- a/server/trillian_log_server/Dockerfile +++ b/server/trillian_log_server/Dockerfile @@ -1,18 +1,18 @@ -FROM golang +FROM golang:1.8 ENV DB_USER=test \ DB_PASSWORD=zaphod \ DB_DATABASE=test \ - DB_HOST=127.0.0.0:3306 + DB_HOST=127.0.0.0:3306 ENV HOST=0.0.0.0 \ RPC_PORT=8090 \ - HTTP_PORT=8091 + HTTP_PORT=8091 ENV DUMP_METRICS 0s -ADD . /go/src/github.com/google/trillian -WORKDIR /go/src/github.com/google/trillian +ADD . /go/src/github.com/google/trillian +WORKDIR /go/src/github.com/google/trillian RUN apt-get update && apt-get install -y libtool libltdl-dev RUN go get -v ./server/trillian_log_server diff --git a/server/trillian_log_signer/Dockerfile b/server/trillian_log_signer/Dockerfile index 954bf63e79..5dd33fa5d0 100644 --- a/server/trillian_log_signer/Dockerfile +++ b/server/trillian_log_signer/Dockerfile @@ -1,4 +1,4 @@ -FROM golang +FROM golang:1.8 ENV DB_USER=test \ DB_PASSWORD=zaphod \ @@ -16,7 +16,7 @@ ENV SEQUENCER_GUARD_WINDOW=0s \ ADD . /go/src/github.com/google/trillian -WORKDIR /go/src/github.com/google/trillian +WORKDIR /go/src/github.com/google/trillian RUN apt-get update && apt-get install -y libtool libltdl-dev RUN go get ./server/trillian_log_signer From 1203e6ee307561462b407bb58f181b6eacf8d765 Mon Sep 17 00:00:00 2001 From: Rob Witoff Date: Wed, 7 Jun 2017 23:26:29 -0700 Subject: [PATCH 2/8] common deployment configurations should be captured in examples simplify cloud and docker deployments --- .gitignore | 2 + examples/deployment/README.md | 80 +++++++++ examples/deployment/aws/terraform.tf | 159 ++++++++++++++++++ examples/deployment/docker-compose.yml | 28 +++ .../deployment/docker/db_client}/Dockerfile | 2 + .../deployment/docker/log_server}/Dockerfile | 0 .../deployment/docker/log_signer}/Dockerfile | 0 .../scripts/download-wait-for-it.sh | 14 ++ 8 files changed, 285 insertions(+) create mode 100644 examples/deployment/README.md create mode 100644 examples/deployment/aws/terraform.tf create mode 100644 examples/deployment/docker-compose.yml rename {server/trillian_db_client => examples/deployment/docker/db_client}/Dockerfile (83%) rename {server/trillian_log_server => examples/deployment/docker/log_server}/Dockerfile (100%) rename {server/trillian_log_signer => examples/deployment/docker/log_signer}/Dockerfile (100%) create mode 100755 examples/deployment/scripts/download-wait-for-it.sh diff --git a/.gitignore b/.gitignore index 2063ae9647..93b98c4ec7 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ *.swp *~ default.etcd +*.tfstate +*.tfstate.backup diff --git a/examples/deployment/README.md b/examples/deployment/README.md new file mode 100644 index 0000000000..ce55f6ab69 --- /dev/null +++ b/examples/deployment/README.md @@ -0,0 +1,80 @@ +Deploying Trillian +================== + +Want to deploy/use the Trillian General Transparency project in the cloud? Here are some common ways of getting off the ground with Docker. + +## Setup + +**Clone Source** + +Both build and example deployment files are stored within this repo. For any of the below deployment methods, start here: + +```shell +git clone git@github.com:google/trillian.git +cd trillian +``` + +## Local Deployments + +**Run With Docker Compose** + +For simple deployments running in a container is an easy way to get up and running with a local database. To use Docker to run and interact with Trillian, start here: + +Set a random password and bring up the services defined in the provided compose file. This includes a local mysql database database, a one-shot container to create the schema and the trillian server: + +```shell +# Set a random password +export DB_PASSWORD="$(openssl rand -hex 16)" + +# Bring up services defined in this compose file. This includes: +# - local MySQL databse +# - container to seed the database +# - the trillian server +docker-compose -f examples/deployment/docker-compose.yml up +``` + +Verify that your local installation by checking the metrics endpoint: + +```shell +curl localhost:8091/metrics +``` + +## Cloud Deployments + +For better persistence and performance you may want to run in your datacenter or a cloud. Here are some simple cloud deployment templates: + +### Run in GCP + +TODO + +### Run in AWS + +With a pair of AWS keys [accessible to Terraform](https://www.terraform.io/docs/providers/aws/), this template deploys a simple Trillian setup in AWS using EC2 and RDS MySQL. + +```shell +# Set a random password +export TF_VAR_DB_PASSWORD="$(openssl rand -hex 16)" + +# Create Resources +terraform plan aws/ +terraform apply aws/ + + + +# Set Variables +HOST=... + +# Seed the DB +docker run --rm -it \ + -e DB_USER=$DB_USER \ + -e DB_PASSWORD=$DB_PASSWORD \ + trillian-db-client ./scripts/resetdb.sh --verbose --force -h ${HOST} + +# Launch Trillian Locally +docker run --name trillian \ + -p 8091:8091 \ + -e DB_USER=$DB_USER \ + -e DB_PASSWORD=$DB_PASSWORD \ + -e DB_HOST=$HOST:3306 + trillian-server +``` diff --git a/examples/deployment/aws/terraform.tf b/examples/deployment/aws/terraform.tf new file mode 100644 index 0000000000..7fb0686b18 --- /dev/null +++ b/examples/deployment/aws/terraform.tf @@ -0,0 +1,159 @@ +variable "ingress_cidr" { + description="Your IP block to whitelist access from" +} +variable "DB_PASSWORD" { } + +provider "aws" { + region = "us-west-2" +} + +/* The Database */ + +resource "aws_rds_cluster" "trillian" { + cluster_identifier = "trillian" + database_name = "test" + master_username = "root" + master_password = "${var.DB_PASSWORD}" + skip_final_snapshot = true + port = 3306 + vpc_security_group_ids = ["${aws_security_group.trillian_db.id}"] + availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] + storage_encrypted = true + apply_immediately = true + +} + +resource "aws_rds_cluster_instance" "cluster_instances" { + count = 2 + identifier = "trillian-${count.index}" + cluster_identifier = "${aws_rds_cluster.trillian.id}" + instance_class = "db.r3.large" + publicly_accessible = true + apply_immediately = true +} + +resource "aws_security_group" "trillian_db" { + name = "trillian-db" + description = "Allow MySQL from Trillian and Development IP" + + ingress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = ["${var.ingress_cidr}"] + } + + ingress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + security_groups = ["${aws_security_group.trillian.id}"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_rds_cluster_parameter_group" "trillian" { + name = "trillian-pg" + family = "aurora5.6" + + # Whether InnoDB returns errors rather than warnings for exceptional conditions. + # replaces: `sql_mode = STRICT_ALL_TABLES` + parameter { + name = "innodb_strict_mode" + value = "1" + } +} + +/* The Instance */ + +/* select the latest official hvm amazon linux release */ +data "aws_ami" "trillian" { + most_recent = true + executable_users = ["all"] + + name_regex = "^amzn-ami-hvm" + owners = ["amazon"] +} + +resource "aws_security_group" "trillian" { + name = "trillian" + description = "Expose Rest and TPC endpoint to local cidr" + + ingress { + from_port = 0 + to_port = 65535 + protocol = "tcp" + cidr_blocks = ["${var.ingress_cidr}"] + } + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["${var.ingress_cidr}"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_instance" "trillian" { + ami = "${data.aws_ami.trillian.id}" + instance_type = "t2.medium" + vpc_security_group_ids = ["${aws_security_group.trillian.id}"] + associate_public_ip_address = true + + tags { + Name = "trillian" + } + + user_data = < file.md5 +md5sum -c file.md5 From 02e5a64321b2222812e8f4733f2e185a710ca135 Mon Sep 17 00:00:00 2001 From: Rob Witoff Date: Mon, 12 Jun 2017 18:32:42 -0700 Subject: [PATCH 3/8] remove cloud incompatible sql configurations --- examples/deployment/README.md | 26 ++++--------------- examples/deployment/aws/terraform.tf | 8 +++--- .../scripts/download-wait-for-it.sh | 3 +-- storage/mysql/storage.sql | 5 ---- 4 files changed, 10 insertions(+), 32 deletions(-) diff --git a/examples/deployment/README.md b/examples/deployment/README.md index ce55f6ab69..01c80d1518 100644 --- a/examples/deployment/README.md +++ b/examples/deployment/README.md @@ -54,27 +54,11 @@ With a pair of AWS keys [accessible to Terraform](https://www.terraform.io/docs/ ```shell # Set a random password export TF_VAR_DB_PASSWORD="$(openssl rand -hex 16)" - +export TF_VAR_ingress_cidr="0.0.0.0/0" # Create Resources -terraform plan aws/ -terraform apply aws/ - - - -# Set Variables -HOST=... - -# Seed the DB -docker run --rm -it \ - -e DB_USER=$DB_USER \ - -e DB_PASSWORD=$DB_PASSWORD \ - trillian-db-client ./scripts/resetdb.sh --verbose --force -h ${HOST} +cd examples/deployment/aws/ -# Launch Trillian Locally -docker run --name trillian \ - -p 8091:8091 \ - -e DB_USER=$DB_USER \ - -e DB_PASSWORD=$DB_PASSWORD \ - -e DB_HOST=$HOST:3306 - trillian-server +# Review and Apply Changes +terraform plan +terraform apply ``` diff --git a/examples/deployment/aws/terraform.tf b/examples/deployment/aws/terraform.tf index 7fb0686b18..691b57349f 100644 --- a/examples/deployment/aws/terraform.tf +++ b/examples/deployment/aws/terraform.tf @@ -34,7 +34,7 @@ resource "aws_rds_cluster_instance" "cluster_instances" { resource "aws_security_group" "trillian_db" { name = "trillian-db" - description = "Allow MySQL from Trillian and Development IP" + description = "Allow MySQL from Trillian and Development CIDR" ingress { from_port = 3306 @@ -83,11 +83,11 @@ data "aws_ami" "trillian" { resource "aws_security_group" "trillian" { name = "trillian" - description = "Expose Rest and TPC endpoint to local cidr" + description = "Expose Rest, TPC and SSH endpoint to local cidr" ingress { - from_port = 0 - to_port = 65535 + from_port = 8090 + to_port = 8091 protocol = "tcp" cidr_blocks = ["${var.ingress_cidr}"] } diff --git a/examples/deployment/scripts/download-wait-for-it.sh b/examples/deployment/scripts/download-wait-for-it.sh index c9ce6801b9..20cf44e063 100755 --- a/examples/deployment/scripts/download-wait-for-it.sh +++ b/examples/deployment/scripts/download-wait-for-it.sh @@ -10,5 +10,4 @@ download() { } download -echo "ffe253ce564df22adbcf9c799e251ca0 wait-for-it.sh" > file.md5 -md5sum -c file.md5 +sha256sum --check <( echo "c238c56e2a81b3c97375571eb4f58a0e75cdb4cd957f5802f733ac50621e776a wait-for-it.sh" ) diff --git a/storage/mysql/storage.sql b/storage/mysql/storage.sql index 1fb3de94ed..4ae980df84 100644 --- a/storage/mysql/storage.sql +++ b/storage/mysql/storage.sql @@ -4,11 +4,6 @@ -- Tree stuff here -- --------------------------------------------- --- Enable strict mode, so invalid data on inserts/updates is treated as error --- instead of warning. --- https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sql-mode-strict -SET GLOBAL sql_mode = 'STRICT_ALL_TABLES'; - -- Tree parameters should not be changed after creation. Doing so can -- render the data in the tree unusable or inconsistent. CREATE TABLE IF NOT EXISTS Trees( From 3e6bbe5cbfbf5eaca60da32e2cc1d76c11fccc58 Mon Sep 17 00:00:00 2001 From: Rob Witoff Date: Fri, 30 Jun 2017 15:01:37 -0400 Subject: [PATCH 4/8] cleanup pull request before merge --- examples/deployment/README.md | 21 ++++++++++--------- examples/deployment/aws/terraform.tf | 18 +++++++--------- .../deployment/docker/db_client/Dockerfile | 4 ++-- scripts/resetdb.sh | 17 +++++++++------ 4 files changed, 31 insertions(+), 29 deletions(-) diff --git a/examples/deployment/README.md b/examples/deployment/README.md index 01c80d1518..b04415a7be 100644 --- a/examples/deployment/README.md +++ b/examples/deployment/README.md @@ -10,7 +10,7 @@ Want to deploy/use the Trillian General Transparency project in the cloud? Here Both build and example deployment files are stored within this repo. For any of the below deployment methods, start here: ```shell -git clone git@github.com:google/trillian.git +git clone https://github.com/google/trillian.git/ cd trillian ``` @@ -18,22 +18,22 @@ cd trillian **Run With Docker Compose** -For simple deployments running in a container is an easy way to get up and running with a local database. To use Docker to run and interact with Trillian, start here: +For simple deployments, running in a container is an easy way to get up and running with a local database. To use Docker to run and interact with Trillian, start here: -Set a random password and bring up the services defined in the provided compose file. This includes a local mysql database database, a one-shot container to create the schema and the trillian server: +Set a random password and bring up the services defined in the provided compose file. This includes a local MySQL database, a one-shot container to create the schema and the trillian server: ```shell # Set a random password export DB_PASSWORD="$(openssl rand -hex 16)" # Bring up services defined in this compose file. This includes: -# - local MySQL databse -# - container to seed the database +# - local MySQL database +# - container to initialize the database # - the trillian server docker-compose -f examples/deployment/docker-compose.yml up ``` -Verify that your local installation by checking the metrics endpoint: +Verify that your local installation is working by checking the metrics endpoint: ```shell curl localhost:8091/metrics @@ -52,13 +52,14 @@ TODO With a pair of AWS keys [accessible to Terraform](https://www.terraform.io/docs/providers/aws/), this template deploys a simple Trillian setup in AWS using EC2 and RDS MySQL. ```shell +cd examples/deployment/aws/ + # Set a random password export TF_VAR_DB_PASSWORD="$(openssl rand -hex 16)" -export TF_VAR_ingress_cidr="0.0.0.0/0" -# Create Resources -cd examples/deployment/aws/ +# Substitute this variable with a block you'll be accessing from +export TF_VAR_WHITELIST_CIDR="0.0.0.0/0" -# Review and Apply Changes +# Review and Create Resources terraform plan terraform apply ``` diff --git a/examples/deployment/aws/terraform.tf b/examples/deployment/aws/terraform.tf index 691b57349f..db8f380156 100644 --- a/examples/deployment/aws/terraform.tf +++ b/examples/deployment/aws/terraform.tf @@ -1,4 +1,4 @@ -variable "ingress_cidr" { +variable "WHITELIST_CIDR" { description="Your IP block to whitelist access from" } variable "DB_PASSWORD" { } @@ -40,7 +40,7 @@ resource "aws_security_group" "trillian_db" { from_port = 3306 to_port = 3306 protocol = "tcp" - cidr_blocks = ["${var.ingress_cidr}"] + cidr_blocks = ["${var.WHITELIST_CIDR}"] } ingress { @@ -89,13 +89,13 @@ resource "aws_security_group" "trillian" { from_port = 8090 to_port = 8091 protocol = "tcp" - cidr_blocks = ["${var.ingress_cidr}"] + cidr_blocks = ["${var.WHITELIST_CIDR}"] } ingress { from_port = 22 to_port = 22 protocol = "tcp" - cidr_blocks = ["${var.ingress_cidr}"] + cidr_blocks = ["${var.WHITELIST_CIDR}"] } egress { @@ -128,15 +128,11 @@ yum install -y git mysql curl -o /tmp/go.tar.gz https://storage.googleapis.com/golang/go1.8.3.linux-amd64.tar.gz tar -C /usr/local -xzf /tmp/go.tar.gz export PATH=$PATH:/usr/local/go/bin - mkdir -p /go export GOPATH=/go # Install Trillian -mkdir -p /go/src/github.com/google/trillian -git clone https://github.com/google/trillian.git /go/src/github.com/google/trillian -cd /go/src/github.com/google/trillian -go get ./server/trillian_map_server +go get github.com/google/trillian/server/trillian_log_server # Setup the DB cd /go/src/github.com/google/trillian @@ -149,8 +145,8 @@ export DB_DATABASE=test # Startup the Server RPC_PORT=8090 HTTP_PORT=8091 -/go/bin/trillian_map_server \ - --mysql_uri="$DB_USER:$DB_PASSWORD@tcp($DB_HOST:3306)/$DB_DATABASE" \ +/go/bin/trillian_log_server \ + --mysql_uri="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \ --rpc_endpoint="$HOST:$RPC_PORT" \ --http_endpoint="$HOST:$HTTP_PORT" \ --alsologtostderr diff --git a/examples/deployment/docker/db_client/Dockerfile b/examples/deployment/docker/db_client/Dockerfile index 450d5504c0..0b62c6d0a4 100644 --- a/examples/deployment/docker/db_client/Dockerfile +++ b/examples/deployment/docker/db_client/Dockerfile @@ -6,12 +6,12 @@ RUN apt-get update && \ ADD . /go/src/github.com/google/trillian WORKDIR /go/src/github.com/google/trillian -RUN go get -v ./server/trillian_log_server - ENV DB_USER=test \ DB_PASSWORD=zaphod \ DB_DATABASE=test +# This is used to wait for new MySQL deployments to become ready e.g. +# ./wait-for-it.sh localhost:3306 -- mysql RUN ./examples/deployment/scripts/download-wait-for-it.sh CMD [ 'mysql' ] diff --git a/scripts/resetdb.sh b/scripts/resetdb.sh index cfb9829b2d..e56f3895f7 100755 --- a/scripts/resetdb.sh +++ b/scripts/resetdb.sh @@ -14,9 +14,8 @@ collect_vars() { # set unset environment variables to defaults [ -z ${DB_USER+x} ] && DB_USER="root" [ -z ${DB_NAME+x} ] && DB_NAME="test" - # format reused supplied environment variables + # set defaults FLAGS="" - [ -z ${DB_PASSWORD+x} ] || FLAGS="${FLAGS} -p$DB_PASSWORD" # handle flags FORCE=false @@ -29,6 +28,12 @@ collect_vars() { esac shift 1 done + + # Optionally print flags (before appending password) + [[ ${VERBOSE} = 'true' ]] && echo "- Using MySQL Flags: ${FLAGS}" + + # append password if supplied + [ -z ${DB_PASSWORD+x} ] || FLAGS="${FLAGS} -p'${DB_PASSWORD}'" } main() { @@ -48,10 +53,10 @@ main() { if [ -z ${REPLY+x} ] || [[ $REPLY =~ ^[Yy]$ ]] then echo "Resetting DB..." - mysql -u $DB_USER $FLAGS -e "DROP DATABASE IF EXISTS ${DB_NAME};" - mysql -u $DB_USER $FLAGS -e "CREATE DATABASE ${DB_NAME};" - mysql -u $DB_USER $FLAGS -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_NAME}'@'localhost' IDENTIFIED BY 'zaphod';" - mysql -u $DB_USER $FLAGS -D ${DB_NAME} < ${TRILLIAN_PATH}/storage/mysql/storage.sql + mysql -u $FLAGS $DB_USER -e "DROP DATABASE IF EXISTS ${DB_NAME};" + mysql -u $FLAGS $DB_USER -e "CREATE DATABASE ${DB_NAME};" + mysql -u $FLAGS $DB_USER -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_NAME}'@'localhost' IDENTIFIED BY 'zaphod';" + mysql -u $FLAGS $DB_USER -D ${DB_NAME} < ${TRILLIAN_PATH}/storage/mysql/storage.sql echo "Reset Complete" fi } From 8ec08896a4cc49d20fd863d550d93077d4be7d9c Mon Sep 17 00:00:00 2001 From: Rob Percival Date: Fri, 7 Jul 2017 18:22:55 +0100 Subject: [PATCH 5/8] resetdb.sh: handle quoted arguments correctly --- scripts/resetdb.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/scripts/resetdb.sh b/scripts/resetdb.sh index e56f3895f7..40592b8835 100755 --- a/scripts/resetdb.sh +++ b/scripts/resetdb.sh @@ -14,8 +14,7 @@ collect_vars() { # set unset environment variables to defaults [ -z ${DB_USER+x} ] && DB_USER="root" [ -z ${DB_NAME+x} ] && DB_NAME="test" - # set defaults - FLAGS="" + FLAGS=() # handle flags FORCE=false @@ -24,16 +23,16 @@ collect_vars() { case "$1" in --force) FORCE=true ;; --verbose) VERBOSE=true ;; - *) FLAGS="${FLAGS} $1" + *) FLAGS+=("$1") esac shift 1 done # Optionally print flags (before appending password) - [[ ${VERBOSE} = 'true' ]] && echo "- Using MySQL Flags: ${FLAGS}" + [[ ${VERBOSE} = 'true' ]] && echo "- Using MySQL Flags: ${FLAGS[@]}" # append password if supplied - [ -z ${DB_PASSWORD+x} ] || FLAGS="${FLAGS} -p'${DB_PASSWORD}'" + [ -z ${DB_PASSWORD+x} ] || FLAGS+=("-p'${DB_PASSWORD}'") } main() { @@ -53,10 +52,10 @@ main() { if [ -z ${REPLY+x} ] || [[ $REPLY =~ ^[Yy]$ ]] then echo "Resetting DB..." - mysql -u $FLAGS $DB_USER -e "DROP DATABASE IF EXISTS ${DB_NAME};" - mysql -u $FLAGS $DB_USER -e "CREATE DATABASE ${DB_NAME};" - mysql -u $FLAGS $DB_USER -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_NAME}'@'localhost' IDENTIFIED BY 'zaphod';" - mysql -u $FLAGS $DB_USER -D ${DB_NAME} < ${TRILLIAN_PATH}/storage/mysql/storage.sql + mysql "${FLAGS[@]}" -u $DB_USER -e "DROP DATABASE IF EXISTS ${DB_NAME};" + mysql "${FLAGS[@]}" -u $DB_USER -e "CREATE DATABASE ${DB_NAME};" + mysql "${FLAGS[@]}" -u $DB_USER -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_NAME}'@'localhost' IDENTIFIED BY 'zaphod';" + mysql "${FLAGS[@]}" -u $DB_USER -D ${DB_NAME} < ${TRILLIAN_PATH}/storage/mysql/storage.sql echo "Reset Complete" fi } From 3418c5f873b848050e128a6765daac75eca1c36c Mon Sep 17 00:00:00 2001 From: Rob Percival Date: Fri, 7 Jul 2017 18:23:48 +0100 Subject: [PATCH 6/8] resetdb.sh: add to --- scripts/resetdb.sh | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/scripts/resetdb.sh b/scripts/resetdb.sh index 40592b8835..b075441999 100755 --- a/scripts/resetdb.sh +++ b/scripts/resetdb.sh @@ -28,6 +28,8 @@ collect_vars() { shift 1 done + FLAGS+=(-u "${DB_USER}") + # Optionally print flags (before appending password) [[ ${VERBOSE} = 'true' ]] && echo "- Using MySQL Flags: ${FLAGS[@]}" @@ -41,10 +43,6 @@ main() { readonly TRILLIAN_PATH=$(go list -f '{{.Dir}}' github.com/google/trillian) # what we're about to do - if [[ ${VERBOSE} = 'true' ]] - then - echo "-- using DB_USER: ${DB_USER}" - fi echo "Warning: about to destroy and reset database '${DB_NAME}'" [[ ${FORCE} = true ]] || read -p "Are you sure? " -n 1 -r @@ -52,10 +50,10 @@ main() { if [ -z ${REPLY+x} ] || [[ $REPLY =~ ^[Yy]$ ]] then echo "Resetting DB..." - mysql "${FLAGS[@]}" -u $DB_USER -e "DROP DATABASE IF EXISTS ${DB_NAME};" - mysql "${FLAGS[@]}" -u $DB_USER -e "CREATE DATABASE ${DB_NAME};" - mysql "${FLAGS[@]}" -u $DB_USER -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_NAME}'@'localhost' IDENTIFIED BY 'zaphod';" - mysql "${FLAGS[@]}" -u $DB_USER -D ${DB_NAME} < ${TRILLIAN_PATH}/storage/mysql/storage.sql + mysql "${FLAGS[@]}" -e "DROP DATABASE IF EXISTS ${DB_NAME};" + mysql "${FLAGS[@]}" -e "CREATE DATABASE ${DB_NAME};" + mysql "${FLAGS[@]}" -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_NAME}'@'localhost' IDENTIFIED BY 'zaphod';" + mysql "${FLAGS[@]}" -D ${DB_NAME} < ${TRILLIAN_PATH}/storage/mysql/storage.sql echo "Reset Complete" fi } From 115c4da4d6b5d1669fcd512cde0164cbeab6900a Mon Sep 17 00:00:00 2001 From: Rob Percival Date: Fri, 7 Jul 2017 18:24:14 +0100 Subject: [PATCH 7/8] resetdb.sh: improve formatting of output --- scripts/resetdb.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/resetdb.sh b/scripts/resetdb.sh index b075441999..699a076ece 100755 --- a/scripts/resetdb.sh +++ b/scripts/resetdb.sh @@ -45,7 +45,8 @@ main() { # what we're about to do echo "Warning: about to destroy and reset database '${DB_NAME}'" - [[ ${FORCE} = true ]] || read -p "Are you sure? " -n 1 -r + [[ ${FORCE} = true ]] || read -p "Are you sure? [Y/N]: " -n 1 -r + echo # Print newline following the above prompt if [ -z ${REPLY+x} ] || [[ $REPLY =~ ^[Yy]$ ]] then From 87dba74c1a7165cbd2d57a0967fdd7c2a386aac9 Mon Sep 17 00:00:00 2001 From: Rob Witoff Date: Mon, 24 Jul 2017 13:01:58 -0700 Subject: [PATCH 8/8] add non-opinionated inline with main.go files --- server/trillian_log_server/Dockerfile | 11 ++++++++++ server/trillian_log_signer/Dockerfile | 11 ++++++++++ server/trillian_map_server/Dockerfile | 29 ++++++--------------------- 3 files changed, 28 insertions(+), 23 deletions(-) create mode 100644 server/trillian_log_server/Dockerfile create mode 100644 server/trillian_log_signer/Dockerfile diff --git a/server/trillian_log_server/Dockerfile b/server/trillian_log_server/Dockerfile new file mode 100644 index 0000000000..43b79b79dd --- /dev/null +++ b/server/trillian_log_server/Dockerfile @@ -0,0 +1,11 @@ +FROM golang:1.8 + +ADD . /go/src/github.com/google/trillian +WORKDIR /go/src/github.com/google/trillian + +RUN apt-get update && \ + apt-get install -y libtool libltdl-dev + +RUN go get ./server/trillian_log_server + +ENTRYPOINT ["/go/bin/trillian_log_server"] diff --git a/server/trillian_log_signer/Dockerfile b/server/trillian_log_signer/Dockerfile new file mode 100644 index 0000000000..f661a0bf1c --- /dev/null +++ b/server/trillian_log_signer/Dockerfile @@ -0,0 +1,11 @@ +FROM golang:1.8 + +ADD . /go/src/github.com/google/trillian +WORKDIR /go/src/github.com/google/trillian + +RUN apt-get update && \ + apt-get install -y libtool libltdl-dev + +RUN go get ./server/trillian_log_signer + +ENTRYPOINT ["/go/bin/trillian_log_signer"] diff --git a/server/trillian_map_server/Dockerfile b/server/trillian_map_server/Dockerfile index a1cc419988..6702a1817f 100644 --- a/server/trillian_map_server/Dockerfile +++ b/server/trillian_map_server/Dockerfile @@ -1,28 +1,11 @@ -FROM golang - -ENV DB_USER=test \ - DB_PASSWORD=zaphod \ - DB_DATABASE=test \ - DB_HOST=127.0.0.0:3306 - -ENV HOST=0.0.0.0 \ - RPC_PORT=8090 \ - HTTP_PORT=8091 +FROM golang:1.8 ADD . /go/src/github.com/google/trillian -WORKDIR /go/src/github.com/google/trillian - -RUN apt-get update && apt-get install -y libtool libltdl-dev -RUN go get ./server/trillian_map_server - -ENTRYPOINT /go/bin/trillian_map_server \ - --mysql_uri="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \ - --rpc_endpoint="$HOST:$RPC_PORT" \ - --http_endpoint="$HOST:$HTTP_PORT" \ - --alsologtostderr +WORKDIR /go/src/github.com/google/trillian -EXPOSE $HTTP_PORT +RUN apt-get update && \ + apt-get install -y libtool libltdl-dev -HEALTHCHECK --interval=5m --timeout=3s \ - CMD curl -f http://localhost:$HTTP_PORT/debug/vars || exit 1 +RUN go get ./server/trillian_map_server +ENTRYPOINT ["/go/bin/trillian_map_server"]