Merge pull request #52 from jdeathe/centos-7-develop

Release changes for 2.0.0

Author: jdeathe

CHANGELOG.md

@@ -1,24 +1,13 @@
 # Change Log
 
-## centos-6
+## centos-7
 
-Summary of release changes for Version 1.
+Summary of release changes for Version 2.
 
-CentOS-6 6.9 x86_64 - HAProxy 1.5 / HATop 0.7.
+CentOS-7 7.4.1708 x86_64 - HAProxy 1.8 / HATop 0.7.
 
-### 1.0.2 - 2018-05-28
-
-- Updates source image to [1.8.4 tag](https://github.com/jdeathe/centos-ssh/releases/tag/1.8.4).
-- Adds feature to set `HAPROXY_SSL_CERTIFICATE` via a file path. e.g. Docker Swarm secrets.
-- Adds feature to set `HAPROXY_CONF` via a file path. e.g. Docker Swarm secrets.
-
-### 1.0.1 - 2018-01-22
-
-- Updates source image to [1.8.3 tag](https://github.com/jdeathe/centos-ssh/releases/tag/1.8.3).
-- Adds generic ready state test function.
-
-### 1.0.0 - 2017-11-28
+### 2.0.0 - 2018-07-16
 
 - Initial release
-- HAProxy [1.5.18](http://www.haproxy.org/download/1.5/src/CHANGELOG)
+- HAProxy [1.8.9](http://www.haproxy.org/download/1.8/src/CHANGELOG)
 - HATop [0.7.7](http://feurix.org/projects/hatop/changes/#hatop-0-7-7)

Dockerfile

@@ -1,7 +1,7 @@
 # =============================================================================
 # jdeathe/centos-ssh-haproxy
 # =============================================================================
-FROM jdeathe/centos-ssh:1.8.4
+FROM jdeathe/centos-ssh:2.3.2
 
 ARG HATOP_VERSION="0.7.7"
 
@@ -12,8 +12,8 @@ RUN rpm --rebuilddb \
 	&& yum -y install \
 			--setopt=tsflags=nodocs \
 			--disableplugin=fastestmirror \
-		haproxy-1.5.18-1.el6 \
-		rsyslog-5.8.10-10.el6_6 \
+		haproxy18u-1.8.9-1.ius.centos7 \
+		rsyslog-8.24.0-16.el7 \
 	&& yum versionlock add \
 		haproxy \
 		rsyslog \
@@ -30,7 +30,7 @@ RUN rpm --rebuilddb \
 RUN sed -i \
 		-e 's~^#\$ModLoad imudp$~\$ModLoad imudp~' \
 		-e 's~^#\$UDPServerRun 514$~\$UDPServerRun 514~' \
-		-e 's~^\$OmitLocalLogging on$~\$OmitLocalLogging off~' \
+		-e 's~^\(\$OmitLocalLogging .*\)$~#\1~' \
 		-e 's~^\(\$ModLoad imuxsock .*\)$~#\1~' \
 		-e 's~^\(\$ModLoad imjournal .*\)$~#\1~' \
 		-e 's~^\(\$IMJournalStateFile .*\)$~#\1~' \
@@ -77,9 +77,7 @@ ADD src/usr/sbin \
 	/usr/sbin/
 ADD src/opt/scmi \
 	/opt/scmi/
-ADD src/etc/services-config/haproxy/haproxy-bootstrap.conf \
-	src/etc/services-config/haproxy/haproxy-http.example.cfg \
-	src/etc/services-config/haproxy/haproxy-tcp.example.cfg \
+ADD src/etc/services-config/haproxy \
 	/etc/services-config/haproxy/
 ADD src/etc/services-config/supervisor/supervisord.d \
 	/etc/services-config/supervisor/supervisord.d/
@@ -92,12 +90,42 @@ RUN ln -sf \
 	&& ln -sf \
 		/etc/services-config/haproxy/haproxy-http.example.cfg \
 		/etc/haproxy/haproxy-http.cfg \
+	&& ln -sf \
+		/etc/services-config/haproxy/haproxy-http-proxy.example.cfg \
+		/etc/haproxy/haproxy-http-proxy.cfg \
+	&& ln -sf \
+		/etc/services-config/haproxy/haproxy-h2.example.cfg \
+		/etc/haproxy/haproxy-h2.cfg \
+	&& ln -sf \
+		/etc/services-config/haproxy/haproxy-h2-proxy.example.cfg \
+		/etc/haproxy/haproxy-h2-proxy.cfg \
 	&& ln -sf \
 		/etc/services-config/haproxy/haproxy-tcp.example.cfg \
 		/etc/haproxy/haproxy-tcp.cfg \
 	&& ln -sf \
 		/etc/services-config/haproxy/haproxy-bootstrap.conf \
 		/etc/haproxy-bootstrap.conf \
+	&& ln -sf \
+		/etc/services-config/haproxy/400.html.http \
+		/etc/haproxy/400.html.http \
+	&& ln -sf \
+		/etc/services-config/haproxy/403.html.http \
+		/etc/haproxy/403.html.http \
+	&& ln -sf \
+		/etc/services-config/haproxy/408.html.http \
+		/etc/haproxy/408.html.http \
+	&& ln -sf \
+		/etc/services-config/haproxy/500.html.http \
+		/etc/haproxy/500.html.http \
+	&& ln -sf \
+		/etc/services-config/haproxy/502.html.http \
+		/etc/haproxy/502.html.http \
+	&& ln -sf \
+		/etc/services-config/haproxy/503.html.http \
+		/etc/haproxy/503.html.http \
+	&& ln -sf \
+		/etc/services-config/haproxy/504.html.http \
+		/etc/haproxy/504.html.http \
 	&& ln -sf \
 		/etc/services-config/supervisor/supervisord.d/haproxy-bootstrap.conf \
 		/etc/supervisord.d/haproxy-bootstrap.conf \
@@ -108,7 +136,7 @@ RUN ln -sf \
 		/etc/services-config/supervisor/supervisord.d/rsyslogd-wrapper.conf \
 		/etc/supervisord.d/rsyslogd-wrapper.conf \
 	&& chmod 600 \
-		/etc/services-config/haproxy/haproxy-{http,tcp}.example.cfg \
+		/etc/services-config/haproxy/{haproxy-{http,http-proxy,h2,h2-proxy,tcp}.example.cfg,{400,403,408,500,502,503,504}.html.http} \
 	&& chmod 600 \
 		/etc/services-config/supervisor/supervisord.d/{haproxy-bootstrap,{haproxy,rsyslogd}-wrapper}.conf \
 	&& chmod 700 \
@@ -128,7 +156,7 @@ ENV HAPROXY_SSL_CERTIFICATE="" \
 # -----------------------------------------------------------------------------
 # Set image metadata
 # -----------------------------------------------------------------------------
-ARG RELEASE_VERSION="1.0.2"
+ARG RELEASE_VERSION="2.0.0"
 LABEL \
 	maintainer="James Deathe <[email protected]>" \
 	install="docker run \
@@ -155,7 +183,7 @@ jdeathe/centos-ssh-haproxy:${RELEASE_VERSION} \
 	org.deathe.license="MIT" \
 	org.deathe.vendor="jdeathe" \
 	org.deathe.url="https://github.com/jdeathe/centos-ssh-haproxy" \
-	org.deathe.description="CentOS-6 6.9 x86_64 - HAProxy 1.5 / HATop 0.7."
+	org.deathe.description="CentOS-7 7.4.1708 x86_64 - HAProxy 1.8 / HATop 0.7."
 
 HEALTHCHECK \
 	--interval=0.5s \

README-short.txt

@@ -1 +1 @@
-CentOS-6 6.9 x86_64 - HAProxy / HATop.
+CentOS-7 7.4.1708 x86_64 - HAProxy / HATop.

README.md

@@ -1,18 +1,25 @@
 centos-ssh-haproxy
 ==================
 
-Docker Images of CentOS-6 6.9 x86_64 - HAProxy 1.5 / HATop 0.7.
+Docker Image including:
+- CentOS-6 6.9 x86_64 - HAProxy 1.5 / HATop 0.7.
+- CentOS-7 7.4.1708 x86_64 - HAProxy 1.8 / HATop 0.7.
 
 - http://www.haproxy.org/
 - http://feurix.org/projects/hatop/
 
 ## Overview & links
 
-- `centos-6`, `centos-6-1.0.2`, `1.0.2` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-haproxy/blob/centos-6/Dockerfile)
+- `centos-7`, `centos-7-2.0.0`, `2.0.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-haproxy/blob/centos-7/Dockerfile)
+- `centos-6`, `centos-6-1.0.3`, `1.0.3` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-haproxy/blob/centos-6/Dockerfile)
 
 #### centos-6
 
-The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.0.2`or `1.0.2` for the [1.0.2](https://github.com/jdeathe/centos-ssh-haproxy/tree/1.0.2) release tag.
+The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.0.3`or `1.0.3` for the [1.0.3](https://github.com/jdeathe/centos-ssh-haproxy/tree/1.0.3) release tag.
+
+#### centos-7
+
+The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.0.0`or `2.0.0` for the [2.0.0](https://github.com/jdeathe/centos-ssh-haproxy/tree/2.0.0) release tag.
 
 Included in the build are the [SCL](https://www.softwarecollections.org/), [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include [OpenSSH](http://www.openssh.com/portable.html) secure shell, [vim-minimal](http://www.vim.org/), are installed along with python-setuptools, [supervisor](http://supervisord.org/) and [supervisor-stdout](https://github.com/coderanger/supervisor-stdout).
 
@@ -28,7 +35,7 @@ SSH is not required in order to access a terminal for the running container. The
 $ docker exec -it {docker-name-or-id} bash
 ```
 
-For cases where access to docker exec is not possible the preferred method is to use Command Keys and the nsenter command. See [command-keys.md](https://github.com/jdeathe/centos-ssh-haproxy/blob/centos-6/command-keys.md) for details on how to set this up.
+For cases where access to docker exec is not possible the preferred method is to use Command Keys and the nsenter command. See [command-keys.md](https://github.com/jdeathe/centos-ssh-haproxy/blob/centos-7/command-keys.md) for details on how to set this up.
 
 ## Quick Example
 
@@ -41,7 +48,7 @@ $ docker run -d -t \
   -p 443:443 \
   --add-host httpd_1:172.17.8.101 \
   --add-host httpd_2:172.17.8.102 \
-  jdeathe/centos-ssh-haproxy:centos-6
+  jdeathe/centos-ssh-haproxy:2.0.0
 ```
 
 Now you can verify it is initialised and running successfully by inspecting the container's logs.
@@ -54,7 +61,7 @@ $ docker logs haproxy.pool-1.1.1
 
 ### Running
 
-To run the a docker container from this image you can use the standard docker commands. Alternatively, there's a [docker-compose.yml](https://github.com/jdeathe/centos-ssh-haproxy/blob/centos-6/docker-compose.yml) example.
+To run the a docker container from this image you can use the standard docker commands. Alternatively, there's a [docker-compose.yml](https://github.com/jdeathe/centos-ssh-haproxy/blob/centos-7/docker-compose.yml) example.
 
 In the following example the http service is bound to port 80 and https on port 443 of the docker host. Also, the environment variable `HAPROXY_HOST_NAMES` has been used to set a list of 3 hostnames to be added to the auto-generated self-signed SAN certificate.
 
@@ -78,7 +85,7 @@ $ docker run \
   --env "HAPROXY_HOST_NAMES=www.app.local app.local localhost.localdomain" \
   --add-host httpd_1:172.17.8.101 \
   --add-host httpd_2:172.17.8.102 \
-  jdeathe/centos-ssh-haproxy:centos-6
+  jdeathe/centos-ssh-haproxy:2.0.0
 ```
 
 Now you can verify it is initialised and running successfully by inspecting the container's logs:

docker-compose-h2-proxy.yml

@@ -0,0 +1,76 @@
+# ------------------------------------------------------------------------------
+# Ref: https://docs.docker.com/compose/compose-file/
+#
+# Setup:
+# docker-compose down
+# docker-compose build
+#
+# Run HTTP/2 PROXY (Varnish) example:
+# docker-compose -f docker-compose.yml -f docker-compose-h2-proxy.yml up -d
+#
+# HATop usage:
+# docker-compose exec haproxy hatop --help
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-1 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-2 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-3 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-4 -i 1
+# ------------------------------------------------------------------------------
+version: "3.0"
+networks:
+  tier2:
+    driver: "bridge"
+    internal: true
+services:
+  haproxy:
+    environment:
+      HAPROXY_CONFIG: "/etc/haproxy/haproxy-h2-proxy.cfg"
+  varnish_1:
+    environment:
+      VARNISH_STORAGE: "malloc,256M"
+      VARNISH_MAX_THREADS: "4096"
+      VARNISH_MIN_THREADS: "1024"
+      VARNISH_VCL_CONF: "${VARNISH_VCL_CONF:-/run/secrets/varnish_vcl_terminated_https}"
+    image: "jdeathe/centos-ssh-varnish:2.0.0"
+    networks:
+      - "tier2"
+      - "tier3"
+    restart: "always"
+    sysctls:
+      net.core.somaxconn: "4096"
+      net.ipv4.ip_local_port_range: "1024 65535"
+      net.ipv4.route.flush: "1"
+    tty: true
+    ulimits:
+      memlock: 82000
+      nofile:
+        soft: 524288
+        hard: 1048576
+      nproc: 65535
+    volumes:
+      # Emulate docker swarm secrets
+      - "${PWD}/test/fixture/secrets:/run/secrets:ro"
+  varnish_2:
+    environment:
+      VARNISH_STORAGE: "malloc,256M"
+      VARNISH_MAX_THREADS: "4096"
+      VARNISH_MIN_THREADS: "1024"
+      VARNISH_VCL_CONF: "${VARNISH_VCL_CONF:-/run/secrets/varnish_vcl_terminated_https}"
+    image: "jdeathe/centos-ssh-varnish:2.0.0"
+    networks:
+      - "tier2"
+      - "tier3"
+    restart: "always"
+    sysctls:
+      net.core.somaxconn: "4096"
+      net.ipv4.ip_local_port_range: "1024 65535"
+      net.ipv4.route.flush: "1"
+    tty: true
+    ulimits:
+      memlock: 82000
+      nofile:
+        soft: 524288
+        hard: 1048576
+      nproc: 65535
+    volumes:
+      # Emulate docker swarm secrets
+      - "${PWD}/test/fixture/secrets:/run/secrets:ro"

docker-compose-h2.yml

@@ -0,0 +1,22 @@
+# ------------------------------------------------------------------------------
+# Ref: https://docs.docker.com/compose/compose-file/
+#
+# Setup:
+# docker-compose down
+# docker-compose build
+#
+# Run HTTP/2 example:
+# docker-compose -f docker-compose.yml -f docker-compose-h2.yml up -d
+#
+# HATop usage:
+# docker-compose exec haproxy hatop --help
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-1 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-2 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-3 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-4 -i 1
+# ------------------------------------------------------------------------------
+version: "3.0"
+services:
+  haproxy:
+    environment:
+      HAPROXY_CONFIG: "/etc/haproxy/haproxy-h2.cfg"

docker-compose-http-proxy.yml

@@ -0,0 +1,76 @@
+# ------------------------------------------------------------------------------
+# Ref: https://docs.docker.com/compose/compose-file/
+#
+# Setup:
+# docker-compose down
+# docker-compose build
+#
+# Run HTTP/1.1 PROXY (Varnish) example:
+# docker-compose -f docker-compose.yml -f docker-compose-http-proxy.yml up -d
+#
+# HATop usage:
+# docker-compose exec haproxy hatop --help
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-1 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-2 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-3 -i 1
+# docker-compose exec haproxy hatop -s /var/lib/haproxy/stats-4 -i 1
+# ------------------------------------------------------------------------------
+version: "3.0"
+networks:
+  tier2:
+    driver: "bridge"
+    internal: true
+services:
+  haproxy:
+    environment:
+      HAPROXY_CONFIG: "/etc/haproxy/haproxy-http-proxy.cfg"
+  varnish_1:
+    environment:
+      VARNISH_STORAGE: "malloc,256M"
+      VARNISH_MAX_THREADS: "4096"
+      VARNISH_MIN_THREADS: "1024"
+      VARNISH_VCL_CONF: "${VARNISH_VCL_CONF:-/run/secrets/varnish_vcl_default}"
+    image: "jdeathe/centos-ssh-varnish:2.0.0"
+    networks:
+      - "tier2"
+      - "tier3"
+    restart: "always"
+    sysctls:
+      net.core.somaxconn: "4096"
+      net.ipv4.ip_local_port_range: "1024 65535"
+      net.ipv4.route.flush: "1"
+    tty: true
+    ulimits:
+      memlock: 82000
+      nofile:
+        soft: 524288
+        hard: 1048576
+      nproc: 65535
+    volumes:
+      # Emulate docker swarm secrets
+      - "${PWD}/test/fixture/secrets:/run/secrets:ro"
+  varnish_2:
+    environment:
+      VARNISH_STORAGE: "malloc,256M"
+      VARNISH_MAX_THREADS: "4096"
+      VARNISH_MIN_THREADS: "1024"
+      VARNISH_VCL_CONF: "${VARNISH_VCL_CONF:-/run/secrets/varnish_vcl_default}"
+    image: "jdeathe/centos-ssh-varnish:2.0.0"
+    networks:
+      - "tier2"
+      - "tier3"
+    restart: "always"
+    sysctls:
+      net.core.somaxconn: "4096"
+      net.ipv4.ip_local_port_range: "1024 65535"
+      net.ipv4.route.flush: "1"
+    tty: true
+    ulimits:
+      memlock: 82000
+      nofile:
+        soft: 524288
+        hard: 1048576
+      nproc: 65535
+    volumes:
+      # Emulate docker swarm secrets
+      - "${PWD}/test/fixture/secrets:/run/secrets:ro"