From 3113bc75e239afefd65f08bfd8f4d72c3f182608 Mon Sep 17 00:00:00 2001 From: Nicolas MASSE Date: Sun, 17 Jun 2018 00:18:13 +0200 Subject: [PATCH] OpenShift template for rtorrent --- rtorrent/rtorrent.yaml | 487 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 487 insertions(+) create mode 100644 rtorrent/rtorrent.yaml diff --git a/rtorrent/rtorrent.yaml b/rtorrent/rtorrent.yaml new file mode 100644 index 0000000..cd20148 --- /dev/null +++ b/rtorrent/rtorrent.yaml @@ -0,0 +1,487 @@ +apiVersion: v1 +kind: Template +labels: + template: rtorrent +message: See https://github.com/nmasse-itix/OpenShift-Docker-Images/tree/master/rtorrent for more details. +metadata: + annotations: + description: |- + An rtorrent packaging for OpenShift. + openshift.io/display-name: rtorrent + tags: instant-app + template.openshift.io/documentation-url: https://github.com/nmasse-itix/OpenShift-Docker-Images/tree/master/rtorrent + template.openshift.io/long-description: An rtorrent packaging for OpenShift. + template.openshift.io/provider-display-name: Nicolas Massé + template.openshift.io/support-url: https://github.com/nmasse-itix/OpenShift-Docker-Images/issues + name: rtorrent +objects: + +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: rtorrent-download + labels: + template: rtorrent + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${DOWNLOAD_VOLUME_SIZE} + +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: rtorrent-incoming + labels: + template: rtorrent + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${INCOMING_VOLUME_SIZE} + +- kind: ConfigMap + apiVersion: v1 + metadata: + name: rtorrent-config + labels: + template: rtorrent + data: + custom.rc: | + # Maximum and minimum number of peers to connect to per torrent. + #min_peers = 40 + #max_peers = 100 + + # Same as above but for seeding completed torrents (-1 = same as downloading) + #min_peers_seed = 10 + #max_peers_seed = 50 + + # Maximum number of simultanious uploads per torrent. + #max_uploads = 15 + + # Global upload and download rate in KiB. "0" for unlimited. + download_rate = 0 + upload_rate = 0 + + # Close torrents when diskspace is low. + #schedule = low_diskspace,5,60,close_low_diskspace=1024M + + # The ip address reported to the tracker. + ip = ${NODE_IP_ADDRESS} + #ip = rakshasa.no + + # The ip address the listening socket and outgoing connections is + # bound to. + #bind = 127.0.0.1 + #bind = rakshasa.no + + # Start opening ports at a random position within the port range. + #port_random = no + + # Check hash for finished torrents. Might be usefull until the bug is + # fixed that causes lack of diskspace not to be properly reported. + #check_hash = no + + # Set whether the client should try to connect to UDP trackers. + use_udp_trackers = yes + + # Alternative calls to bind and ip that should handle dynamic ip's. + #schedule = ip_tick,0,1800,ip=rakshasa + #schedule = bind_tick,0,1800,bind=rakshasa + + # Encryption options, set to none (default) or any combination of the following: + # allow_incoming, try_outgoing, require, require_RC4, enable_retry, prefer_plaintext + # + # The example value allows incoming encrypted connections, starts unencrypted + # outgoing connections but retries with encryption if they fail, preferring + # plaintext to RC4 encryption after the encrypted handshake + # + # encryption = allow_incoming,enable_retry,prefer_plaintext + + # Enable DHT support for trackerless torrents or when all trackers are down. + # May be set to "disable" (completely disable DHT), "off" (do not start DHT), + # "auto" (start and stop DHT as needed), or "on" (start DHT immediately). + # The default is "off". For DHT to work, a session directory must be defined. + # + dht = auto + + # Enable peer exchange (for torrents not marked private) + # + peer_exchange = yes + +- apiVersion: v1 + kind: ImageStream + metadata: + labels: + build: rtorrent + template: rtorrent + name: rtorrent + +- apiVersion: v1 + kind: BuildConfig + metadata: + name: rtorrent + labels: + build: rtorrent + template: rtorrent + spec: + successfulBuildsHistoryLimit: 1 + failedBuildsHistoryLimit: 1 + nodeSelector: null + output: + to: + kind: ImageStreamTag + name: rtorrent:latest + postCommit: {} + resources: {} + runPolicy: Serial + source: + git: + uri: ${GIT_REPO} + type: Git + contextDir: rtorrent + strategy: + dockerStrategy: + dockerfilePath: Dockerfile.rtorrent + from: + kind: ImageStreamTag + name: ${BASE_IMAGE_STREAM_TAG} + namespace: ${BASE_IMAGE_STREAM_NAMESPACE} + type: Docker + triggers: + - type: ConfigChange + - type: ImageChange + + +- apiVersion: v1 + kind: ImageStream + metadata: + labels: + build: filebrowser + template: rtorrent + name: filebrowser + +- apiVersion: v1 + kind: BuildConfig + metadata: + name: filebrowser + labels: + build: filebrowser + template: rtorrent + spec: + successfulBuildsHistoryLimit: 1 + failedBuildsHistoryLimit: 1 + nodeSelector: null + output: + to: + kind: ImageStreamTag + name: filebrowser:latest + postCommit: {} + resources: {} + runPolicy: Serial + source: + git: + uri: ${GIT_REPO} + type: Git + contextDir: rtorrent + strategy: + dockerStrategy: + env: + - name: FILEBROWSER_RELEASE + value: "${FILEBROWSER_RELEASE}" + dockerfilePath: Dockerfile.filebrowser + from: + kind: ImageStreamTag + name: ${BASE_IMAGE_STREAM_TAG} + namespace: ${BASE_IMAGE_STREAM_NAMESPACE} + type: Docker + triggers: + - type: ConfigChange + - type: ImageChange + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + labels: + app: rtorrent + template: rtorrent + name: rtorrent + spec: + replicas: 1 + selector: + app: rtorrent + deploymentconfig: rtorrent + strategy: + activeDeadlineSeconds: 21600 + resources: {} + type: Recreate + template: + metadata: + creationTimestamp: null + labels: + app: rtorrent + deploymentconfig: rtorrent + template: rtorrent + spec: + serviceAccountName: rtorrent + containers: + # First container: the rtorrent daemon + - name: rtorrent-daemon + image: " " + imagePullPolicy: IfNotPresent + ports: + - name: bittorrent-tcp + containerPort: 6890 + protocol: TCP + - name: bittorrent-udp + containerPort: 6890 + protocol: UDP + - name: dht + containerPort: 6881 + protocol: UDP + env: + # We need to make rtorrent believe it has a valid term + - name: TERM + value: xterm + resources: {} + securityContext: {} + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /torrent/download + name: rtorrent-download + - mountPath: /torrent/incoming + name: rtorrent-incoming + - mountPath: /torrent/session + name: rtorrent-session + - mountPath: /etc/rtorrent + name: rtorrent-config + + # Second container: the file browser + - name: filebrowser + image: " " + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + protocol: TCP + env: {} + resources: {} + securityContext: {} + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /torrent/download + name: rtorrent-download + - mountPath: /torrent/incoming + name: rtorrent-incoming + + # Third container: the OAuth Proxy + - name: prom-proxy + image: "${PROXY_IMAGE}" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8443 + name: web + args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:8080 + - -client-id=system:serviceaccount:${NAMESPACE}:rtorrent + - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "${NAMESPACE}", "namespace": "${NAMESPACE}"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "${NAMESPACE}", "namespace": "${NAMESPACE}"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + volumeMounts: + - mountPath: /etc/tls/private + name: proxy-tls + - mountPath: /etc/proxy/secrets + name: proxy-secrets + dnsPolicy: ClusterFirst + terminationGracePeriodSeconds: 30 + restartPolicy: Always + volumes: + - name: rtorrent-download + persistentVolumeClaim: + claimName: rtorrent-download + - name: rtorrent-incoming + persistentVolumeClaim: + claimName: rtorrent-incoming + - name: rtorrent-session + emptyDir: + - name: rtorrent-config + configMap: + name: rtorrent-config + - name: proxy-secrets + secret: + secretName: rtorrent-proxy + - name: proxy-tls + secret: + secretName: rtorrent-tls + + test: false + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - rtorrent-daemon + from: + kind: ImageStreamTag + name: rtorrent:latest + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - filebrowser + from: + kind: ImageStreamTag + name: filebrowser:latest + +- apiVersion: v1 + kind: Service + metadata: + labels: + app: rtorrent + template: rtorrent + name: rtorrent + spec: + ports: + - name: bittorrent-tcp + nodePort: 6890 + protocol: TCP + port: 6890 + - name: bittorrent-udp + nodePort: 6890 + protocol: UDP + port: 6890 + - name: dht + nodePort: 6881 + protocol: UDP + port: 6881 + selector: + app: rtorrent + deploymentconfig: rtorrent + sessionAffinity: None + type: NodePort + +- apiVersion: v1 + kind: Service + metadata: + labels: + app: rtorrent + template: rtorrent + name: rtorrent-filebrowser + annotations: + service.alpha.openshift.io/serving-cert-secret-name: rtorrent-tls + spec: + ports: + - name: filebrowser-oauthproxy + port: 8443 + protocol: TCP + selector: + app: rtorrent + deploymentconfig: rtorrent + sessionAffinity: None + type: ClusterIP + +- apiVersion: v1 + kind: Route + metadata: + labels: + app: rtorrent + template: rtorrent + name: rtorrent-filebrowser + spec: + port: + targetPort: filebrowser-oauthproxy + to: + kind: Service + name: rtorrent-filebrowser + weight: 100 + wildcardPolicy: None + tls: + termination: reencrypt + +- apiVersion: v1 + kind: Secret + metadata: + name: rtorrent-proxy + namespace: "${NAMESPACE}" + labels: + template: rtorrent + stringData: + session_secret: "${SESSION_SECRET}=" + +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: rtorrent + namespace: ${NAMESPACE} + labels: + template: rtorrent + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.filebrowser: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"rtorrent-filebrowser"}}' + secrets: + +## +## Template Parameters +## +parameters: +- description: The GIT repository to use. + displayName: GIT Repo URL + name: GIT_REPO + value: https://github.com/nmasse-itix/OpenShift-Docker-Images.git + required: true + +- description: The OpenShift Namespace where the RHEL/CentOS ImageStream resides. + displayName: RHEL/CentOS ImageStream Namespace + name: BASE_IMAGE_STREAM_NAMESPACE + value: openshift + required: true + +- description: Name of the ImageStreamTag to be used for the RHEL/CentOS image. + displayName: RHEL/CentOS ImageStreamTag + name: BASE_IMAGE_STREAM_TAG + value: rhel7:latest + required: true + +- description: The size of the volume storing the downloaded files + name: DOWNLOAD_VOLUME_SIZE + value: "50Gi" + required: true + +- description: The size of the volume storing the torrent files + name: INCOMING_VOLUME_SIZE + value: "512Mi" + required: true + +- description: The FileBrowser release to use + name: FILEBROWSER_RELEASE + value: "v1.7.0" + required: true + +- description: The IP Address of the node running rtorrent + name: NODE_IP_ADDRESS + required: true + +- description: The Docker image to use for the OAuth Proxy. + displayName: OAuth Proxy image + name: PROXY_IMAGE + value: openshift3/oauth-proxy:v3.9 + +- description: The session secret for the proxy + name: SESSION_SECRET + generate: expression + from: "[a-zA-Z0-9]{43}" + +- description: The namespace to instantiate this template under. Defaults to 'rtorrent'. + name: NAMESPACE + value: rtorrent \ No newline at end of file