Loading .dockerignore 0 → 100644 +3 −0 Original line number Diff line number Diff line * !config/**/* !scripts/**/* .env 0 → 100644 +4 −0 Original line number Diff line number Diff line PORT1=9200 PORT2=9300 ELASTIC_USER=user ELASTIC_USER_PASS=pass .gitignore 0 → 100644 +5 −0 Original line number Diff line number Diff line .* !.gitignore !.gitlab-ci.yml !.dockerignore !.env .gitlab-ci.yml 0 → 100644 +112 −0 Original line number Diff line number Diff line image: docker:stable stages: - package - test-package - deploy docker-build-dev: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - branches except: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-pro: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} container_scanning: stage: test-package image: docker:stable variables: DOCKER_DRIVER: overlay2 allow_failure: true services: - docker:stable-dind only: - branches except: - master script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] deploy-dev: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${DEV_SSH_REMOTE} SERVICE: ${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml ELASTIC_USER: ${DEV_ELASTIC_USER} ELASTIC_USER_PASS: ${DEV_ELASTIC_USER_PASS} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} environment: name: dev only: - branches except: - master when: manual deploy-pro: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${PRO_SSH_REMOTE} SERVICE: ${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml ELASTIC_USER: ${PRO_ELASTIC_USER} ELASTIC_USER_PASS: ${PRO_ELASTIC_USER_PASS} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} environment: name: pro only: - master when: manual Dockerfile 0 → 100644 +26 −0 Original line number Diff line number Diff line FROM registry.gitlab.com/redmic-project/docker/elasticsearch-xpack:latest ENV ES_CLUSTER_NAME="clustername" \ ES_NODE_NAME="nodename" \ ES_NODE_MASTER="true" \ ES_NODE_DATA="true" \ ES_NODE_INGEST="true" \ ES_BOOTSTRAP_MEMORY_LOCK="true" \ ES_INDICES_QUERY_BOOL_MAX_CLAUSE_COUNT=30000 \ ES_NETWORK_HOST="0.0.0.0" \ ES_NETWORK_BIND_HOST="0.0.0.0" \ ES_NETWORK_PUBLISH_HOST="_eth0_" \ ES_DISCOVERY_ZEN_MINIMUM_MASTER_NODES=2 RUN apt-get update && \ apt-get install -y --no-install-recommends \ gettext-base \ dnsutils && \ ulimit -n 65536 COPY config/ /usr/share/elasticsearch/config/ COPY scripts/ / ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["elasticsearch"] Loading
.dockerignore 0 → 100644 +3 −0 Original line number Diff line number Diff line * !config/**/* !scripts/**/*
.env 0 → 100644 +4 −0 Original line number Diff line number Diff line PORT1=9200 PORT2=9300 ELASTIC_USER=user ELASTIC_USER_PASS=pass
.gitignore 0 → 100644 +5 −0 Original line number Diff line number Diff line .* !.gitignore !.gitlab-ci.yml !.dockerignore !.env
.gitlab-ci.yml 0 → 100644 +112 −0 Original line number Diff line number Diff line image: docker:stable stages: - package - test-package - deploy docker-build-dev: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - branches except: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-pro: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} container_scanning: stage: test-package image: docker:stable variables: DOCKER_DRIVER: overlay2 allow_failure: true services: - docker:stable-dind only: - branches except: - master script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] deploy-dev: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${DEV_SSH_REMOTE} SERVICE: ${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml ELASTIC_USER: ${DEV_ELASTIC_USER} ELASTIC_USER_PASS: ${DEV_ELASTIC_USER_PASS} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} environment: name: dev only: - branches except: - master when: manual deploy-pro: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${PRO_SSH_REMOTE} SERVICE: ${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml ELASTIC_USER: ${PRO_ELASTIC_USER} ELASTIC_USER_PASS: ${PRO_ELASTIC_USER_PASS} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} environment: name: pro only: - master when: manual
Dockerfile 0 → 100644 +26 −0 Original line number Diff line number Diff line FROM registry.gitlab.com/redmic-project/docker/elasticsearch-xpack:latest ENV ES_CLUSTER_NAME="clustername" \ ES_NODE_NAME="nodename" \ ES_NODE_MASTER="true" \ ES_NODE_DATA="true" \ ES_NODE_INGEST="true" \ ES_BOOTSTRAP_MEMORY_LOCK="true" \ ES_INDICES_QUERY_BOOL_MAX_CLAUSE_COUNT=30000 \ ES_NETWORK_HOST="0.0.0.0" \ ES_NETWORK_BIND_HOST="0.0.0.0" \ ES_NETWORK_PUBLISH_HOST="_eth0_" \ ES_DISCOVERY_ZEN_MINIMUM_MASTER_NODES=2 RUN apt-get update && \ apt-get install -y --no-install-recommends \ gettext-base \ dnsutils && \ ulimit -n 65536 COPY config/ /usr/share/elasticsearch/config/ COPY scripts/ / ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["elasticsearch"]
