switch from Docker Hub to GCR for private OS image

and cleaned up install.sh a bit
2020-06-12 11:35:55 -04:00
parent bfaf0b042d
commit 9c31f20e6a
4 changed files with 48 additions and 30 deletions
--- a/backend/container/make.sh
+++ b/backend/container/make.sh
@ -8,8 +8,8 @@ YOU_ARE_HERE="$(realpath "$(dirname "${BASH_SOURCE[0]}")")"
 # container will be useless unless we bundle the actual OS
 test -f "$YOU_ARE_HERE"/hdd/hdd.img

-# this image is private on Docker Hub, make sure we're logged in
-docker login
+# this image is private on Google Cloud Registry, make sure we're logged in
+gcloud auth configure-docker

-docker build -t jakejarvis/y2k:latest --no-cache "$YOU_ARE_HERE"
-docker push jakejarvis/y2k:latest
+docker build -t gcr.io/jakejarvis/y2k:latest --no-cache "$YOU_ARE_HERE"
+docker push gcr.io/jakejarvis/y2k:latest
--- a/backend/server/example.service
+++ b/backend/server/example.service
@ -1,7 +1,5 @@
-# /lib/systemd/system/y2k.service
-
 [Unit]
-Description=y2k websockets
+Description=WebSockets server
 After=network.target
 StartLimitIntervalSec=0

--- a/backend/server/install.sh
+++ b/backend/server/install.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env bash

-# you probably shouldn't just run this! ;)
+# WARNING: you probably shouldn't just run this! ;)

 set -euxo pipefail

@ -12,18 +12,12 @@ apt-get -y --no-install-recommends install \
    ca-certificates \
    gnupg-agent \
    software-properties-common \
-    curl \
-    wget \
    unzip

 #### install papertrail logging ####
 wget -qO - --header="X-Papertrail-Token: CHANGEMECHANGEMECHANGEME" \
  https://papertrailapp.com/destinations/CHANGEME/setup.sh | bash

-#### docker fixes ####
-# sed -i 's/\(GRUB_CMDLINE_LINUX="\)"/\1cgroup_enable=memory swapaccount=1"/' /etc/default/grub
-# update-grub
-
 #### install Docker from official repository ####
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 apt-key fingerprint 0EBFCD88
@ -33,28 +27,53 @@ add-apt-repository \
  stable"
 apt-get update
 apt-get install docker-ce docker-ce-cli containerd.io
+docker version
+
+#### docker fixes ####
+## https://github.com/moby/moby/issues/4250
+# sed -i 's/\(GRUB_CMDLINE_LINUX="\)"/\1cgroup_enable=memory swapaccount=1"/' /etc/default/grub
+# update-grub

 #### install websocketd ####
-wget https://github.com/joewalnes/websocketd/releases/download/v0.3.1/websocketd-0.3.1-linux_amd64.zip
-unzip websocketd-0.3.1-linux_amd64.zip
-chmod +x websocketd
-mv websocketd /usr/bin/
+## https://github.com/joewalnes/websocketd/releases
+WEBSOCKETD_VERSION=0.3.1
+wget -nv -P /tmp/ https://github.com/joewalnes/websocketd/releases/download/v${WEBSOCKETD_VERSION}/websocketd-${WEBSOCKETD_VERSION}-linux_amd64.zip
+unzip /tmp/websocketd-${WEBSOCKETD_VERSION}-linux_amd64.zip websocketd -d /tmp
+mv /tmp/websocketd /usr/local/bin/
+chmod +x /usr/local/bin/websocketd
+rm /tmp/websocketd-${WEBSOCKETD_VERSION}-linux_amd64.zip
+websocketd --version

 #### install cloudflared ####
-wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
-dpkg -i cloudflared-stable-linux-amd64.deb
-cloudflared update
-cloudflared tunnel login
+## https://developers.cloudflare.com/argo-tunnel/downloads/
+wget -nv -P /tmp/ https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
+dpkg -i /tmp/cloudflared-stable-linux-amd64.deb
+rm /tmp/cloudflared-stable-linux-amd64.deb
+cloudflared version
 cloudflared service install
 systemctl enable cloudflared
 systemctl start cloudflared

-#### clone repository ####
-git clone https://github.com/jakejarvis/y2k.git /root/y2k
+#### login to cloudflare ####
+cloudflared tunnel login

-#### pull Docker image ####
-docker login
-docker pull jakejarvis/y2k:latest
+#### install Google Cloud Registry credential helper ####
+## https://cloud.google.com/container-registry/docs/advanced-authentication#standalone-helper
+## https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases
+GCR_HELPER_VERSION=2.0.1
+curl -fsSL https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_linux_amd64-${GCR_HELPER_VERSION}.tar.gz | tar xz --to-stdout ./docker-credential-gcr > /usr/local/bin/docker-credential-gcr
+chmod +x /usr/local/bin/docker-credential-gcr
+docker-credential-gcr version
+
+#### login to GCR ####
+docker-credential-gcr gcr-login
+docker-credential-gcr configure-docker
+
+#### pull OS container ####
+docker pull gcr.io/jakejarvis/y2k:latest
+
+#### clone repository for scripts ####
+git clone https://github.com/jakejarvis/y2k.git /root/y2k

 #### enable & start service ####
 cp /root/y2k/backend/server/example.service /lib/systemd/system/y2k.service
--- a/backend/server/socket.sh
+++ b/backend/server/socket.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env bash

-/usr/bin/websocketd \
+/usr/local/bin/websocketd \
  --port=80 \
  --binary \
  --header-ws="Sec-WebSocket-Protocol: binary" \
@ -12,7 +12,8 @@
    --network none \
    --log-driver none \
    --rm -i \
-    jakejarvis/y2k:latest
+    gcr.io/jakejarvis/y2k:latest

-# NOTE: if not using Docker, the command is:
+# to spawn QEMU processes natively on the host machine instead of via
+# individual Docker containers:
 # /root/y2k/backend/bin/boot.rb /root/y2k/backend/hdd /usr/bin/qemu-system-i386