diff --git a/.gitignore b/.gitignore index e04746e..b4d8ee8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,3 @@ rootfs/bin/minio rootfs/bin/boot vendor/ -genssl/server.cert -genssl/server.csr -genssl/server.key -genssl/server.pem -manifests/deis-minio-secretssl-final.yaml -mc/mc -server/minio diff --git a/Makefile b/Makefile index 6902cb9..7c7005f 100644 --- a/Makefile +++ b/Makefile @@ -35,10 +35,7 @@ build: test: ${DEV_ENV_CMD} go test ${TEST_PACKAGES} -docker-build: build build-server - # copy the server binary from where it was built to the final image's file system. - # note that the minio server is built as a dependency of this build target. - cp server/minio ${BINDIR} +docker-build: build # build the main image docker build --rm -t ${IMAGE} rootfs @@ -47,8 +44,4 @@ docker-build: build build-server deploy: build docker-build docker-push -# build the minio server -build-server: - docker run -e GO15VENDOREXPERIMENT=1 -e GOROOT=/usr/local/go --rm -v "${CURDIR}/server":/pwd -w /pwd golang:1.6 ./install.sh - .PHONY: all bootstrap glideup build test docker-build deploy build-server diff --git a/boot.go b/boot.go index 0838230..ac9be08 100644 --- a/boot.go +++ b/boot.go @@ -34,6 +34,7 @@ type Secret struct { Host string KeyID string AccessKey string + Region string } const configdir = "/home/minio/.minio/" @@ -65,7 +66,8 @@ const templv2 = `{ "credentials": { {{range .}} "accessKeyId": "{{.KeyID}}", - "secretAccessKey": "{{.AccessKey}}" + "secretAccessKey": "{{.AccessKey}}", + "region": "{{.Region}}" {{end}} }, "mongoLogger": { @@ -139,6 +141,7 @@ func main() { Host: pod.IP, KeyID: key, AccessKey: access, + Region: "us-east-1", }, } t := template.New("MinioTpl") diff --git a/genssl/gen.sh b/genssl/gen.sh deleted file mode 100755 index 9bfa847..0000000 --- a/genssl/gen.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# this script intended to be run inside a centurylink/openssl:0.0.1 Docker container. -# it expects that its parent directory (minio/) is mounted to this container and also is its current working directory. - -# these commands are adapted from the very clear and extensive Heroku documents on creating a self-signed SSL certificate: https://devcenter.heroku.com/articles/ssl-certificate-self#generate-private-key-and-certificate-signing-request - -openssl genrsa -des3 -passout pass:x -out ./genssl/server.pass.key 2048 -openssl rsa -passin pass:x -in ./genssl/server.pass.key -out ./genssl/server.key -rm ./genssl/server.pass.key -# generate a cert signing request for wildcard domain *.internal-minio. -# note that we don't currently run minio with ssl, but when we do, we'll require a DNS name like '$(SOMETHING).internal-minio' that points to the minio service. -# also note that we are making this a wildcard cert so that we have the option of running multiple minio servers in the cluster -openssl req -new -key ./genssl/server.key -subj "/C=US/ST=California/L=San Francisco/O=Engine Yard/CN=*.internal-minio/" -out ./genssl/server.csr -# generate the cert -openssl x509 -req -days 365 -in ./genssl/server.csr -signkey ./genssl/server.key -out ./genssl/server.cert diff --git a/genssl/manifest_replace.go b/genssl/manifest_replace.go deleted file mode 100755 index 555807c..0000000 --- a/genssl/manifest_replace.go +++ /dev/null @@ -1,56 +0,0 @@ -package main - -import ( - "encoding/base64" - "flag" - "fmt" - "io/ioutil" - "os" - "text/template" -) - -const ( - defaultAccessCertName = "./genssl/server.cert" - defaultAccessKeyName = "./genssl/server.key" - defaultTplName = "./manifests/deis-minio-secretssl-tpl.yaml" - defaultOutName = "./manifests/deis-minio-secretssl-final.yaml" -) - -func main() { - accessCertName := flag.String("cert", defaultAccessCertName, "the path to the SSL certificate file") - accessKeyName := flag.String("key", defaultAccessKeyName, "the path to the SSL key file") - tplName := flag.String("tpl", defaultTplName, "the path to the template name") - outName := flag.String("out", defaultOutName, "the path to the output file") - - certBytes, err := ioutil.ReadFile(*accessCertName) - if err != nil { - fmt.Printf("ERROR: reading cert file (%s)\n", err) - os.Exit(1) - } - keyBytes, err := ioutil.ReadFile(*accessKeyName) - if err != nil { - fmt.Printf("ERROR: reading key file (%s)\n", err) - os.Exit(1) - } - tpl, err := template.ParseFiles(*tplName) - if err != nil { - fmt.Printf("ERROR: parsing template (%s)\n", err) - os.Exit(1) - } - - outFile, err := os.Create(*outName) - if err != nil { - fmt.Printf("ERROR: creating new out file (%s)\n", err) - os.Exit(1) - } - - accessCertEncoded := base64.StdEncoding.EncodeToString(certBytes) - accessKeyEncoded := base64.StdEncoding.EncodeToString(keyBytes) - - s := map[string]string{"AccessCert": accessCertEncoded, "AccessPem": accessKeyEncoded} - - if err := tpl.Execute(outFile, s); err != nil { - fmt.Printf("ERROR: executing template (%s)\n", err) - os.Exit(1) - } -} diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 616b6b7..db74f6f 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -12,7 +12,9 @@ COPY . / RUN curl -f -SL https://dl.minio.io/client/mc/release/linux-amd64/archive/mc.OFFICIAL.2015-09-05T23-43-46Z -o /usr/bin/mc \ && chmod 755 /usr/bin/mc \ && mkdir /home/minio/.minio \ - && chown minio:minio /home/minio/.minio + && chown minio:minio /home/minio/.minio \ + && curl https://dl.minio.io/server/minio/release/linux-amd64/minio.RELEASE.2016-04-17T22-09-24Z > /bin/minio \ + && chmod 755 /bin/minio USER minio diff --git a/server/install.sh b/server/install.sh deleted file mode 100755 index 24f8c42..0000000 --- a/server/install.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -# This script builds the minio server (https://github.com/minio/minio) inside a Docker container. It should be run inside a golang:1.5.2 container, with the following environment variables set. -# -# - GOROOT=/usr/local/go -# - GO15VENDOREXPERIMENT=1 -# -# It also expects the current directory (mc/) to be mounted at /pwd, and for /pwd to be the current working directory -# -# See the 'mc' build target in the Makefile (in the parent directory) for an example of how to use this script. - -apt-get update && apt-get install -yq yasm -mkdir -p $GOPATH/src/github.com/minio -cd $GOPATH/src/github.com/minio -git clone -b master --single-branch https://github.com/minio/minio.git minio -cd minio -git reset --hard 356b889 -# HACK remove the "go vet" installation line -sed -i.bak '63 d' Makefile -make install -cp $GOPATH/bin/minio /pwd/minio