nicolas
/
podman-quadlet-cookbook
mirror of https://github.com/nmasse-itix/podman-quadlet-cookbook.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

WiP

main
Nicolas Massé 2 months ago
parent
41c7c0a8ff
commit
3bfa103e20
22 changed files with 221 additions and 67 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 22
      Makefile.common
  2. 21
      nextcloud/Makefile
  3. 4
      nextcloud/config/config.env
  4. 2
      nextcloud/config/nginx.conf
  5. 1
      nextcloud/fcos.bu
  6. 22
      nextcloud/nextcloud-app.container
  7. 21
      nextcloud/nextcloud-cron.container
  8. 23
      nextcloud/nextcloud-init.container
  9. 24
      nextcloud/nextcloud-nginx.container
  10. 14
      nextcloud/nextcloud-redis.container
  11. 17
      nextcloud/nextcloud-upgrade.container
  12. 4
      nextcloud/nextcloud.target
  13. 5
      nextcloud/tmpfiles.d/nextcloud.conf
  14. 32
      postgresql/Makefile
  15. 2
      postgresql/config/config.env
  16. 1
      postgresql/fcos.bu
  17. 16
      postgresql/postgresql-backup.container
  18. 13
      postgresql/postgresql-init.container
  19. 12
      postgresql/postgresql-server.container
  20. 12
      postgresql/postgresql-upgrade.container
  21. 6
      postgresql/tmpfiles.d/postgresql.conf
  22. 14
      virtiofs/fcos.bu

22
Makefile.common
View File

@ -1,5 +1,5 @@
.PHONY: all install install-etc install-var uninstall pre-requisites clean dryrun .PHONY: all install install-etc install-var uninstall pre-requisites clean dryrun
.PHONY: tail-logs butane help fcos-vm clean-vm console .PHONY: tail-logs butane help fcos-vm clean-vm console units units-pre
.PHONY: clean-pre clean-post install-pre install-post uninstall-pre uninstall-post .PHONY: clean-pre clean-post install-pre install-post uninstall-pre uninstall-post
all: help all: help
@ -40,6 +40,8 @@ TARGET_SYSCTLD_FILES = $(patsubst sysctl.d/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $
DEPENDENCIES ?= DEPENDENCIES ?=
I_KNOW_WHAT_I_AM_DOING ?= I_KNOW_WHAT_I_AM_DOING ?=
DEPENDENCIES_IGNITION_FILES = $(shell for dep in $(DEPENDENCIES); do echo $(TOP_LEVEL_DIR)/$$dep/$$dep.ign; done) DEPENDENCIES_IGNITION_FILES = $(shell for dep in $(DEPENDENCIES); do echo $(TOP_LEVEL_DIR)/$$dep/$$dep.ign; done)
PROJECT_UID ?= 0
PROJECT_GID ?= 0
pre-requisites: pre-requisites:
@if [ -z "$(TOP_LEVEL_DIR)" ]; then \ @if [ -z "$(TOP_LEVEL_DIR)" ]; then \
@ -61,7 +63,7 @@ $(TARGET_CHROOT)/etc/systemd/system:
install -D -d -m 0755 -o root -g root $@ install -D -d -m 0755 -o root -g root $@
$(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME): $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME):
install -D -d -m 0755 -o root -g root $@ install -D -d -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $@
$(TARGET_CHROOT)/etc/tmpfiles.d: $(TARGET_CHROOT)/etc/tmpfiles.d:
install -D -d -m 0755 -o root -g root $@ install -D -d -m 0755 -o root -g root $@
@ -78,13 +80,13 @@ $(TARGET_CHROOT)/etc/systemd/system/%: % $(TARGET_CHROOT)/etc/systemd/system
$(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/% $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME) $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/% $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)
@run() { echo $$*; "$$@"; }; \ @run() { echo $$*; "$$@"; }; \
if [ -x $< ]; then \ if [ -x $< ]; then \
run install -D -m 0755 -o root -g root $< $@; \ run install -D -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $< $@; \
else \ else \
run install -D -m 0644 -o root -g root $< $@; \ run install -D -m 0644 -o $(PROJECT_UID) -g $(PROJECT_GID) $< $@; \
fi fi
$(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME): $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME):
install -d -m 0755 -o root -g root $@ install -d -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $@
$(TARGET_CHROOT)/etc/tmpfiles.d/%: tmpfiles.d/% $(TARGET_CHROOT)/etc/tmpfiles.d $(TARGET_CHROOT)/etc/tmpfiles.d/%: tmpfiles.d/% $(TARGET_CHROOT)/etc/tmpfiles.d
install -D -m 0644 -o root -g root $< $@ install -D -m 0644 -o root -g root $< $@
@ -137,7 +139,7 @@ uninstall: pre-requisites uninstall-pre
tail-logs: pre-requisites tail-logs: pre-requisites
@run() { echo $$*; "$$@"; }; \ @run() { echo $$*; "$$@"; }; \
declare -a journalctl_args=( -f ); \ declare -a journalctl_args=( -f ); \
for unit in $(SYSTEMD_UNIT_NAMES) $(QUADLET_UNIT_NAMES); do \ for unit in $$($(MAKE) -s units 2>/dev/null | sort -u); do \
journalctl_args+=( -u "$$unit" ); \ journalctl_args+=( -u "$$unit" ); \
done; \ done; \
run journalctl "$${journalctl_args[@]}" run journalctl "$${journalctl_args[@]}"
@ -212,12 +214,20 @@ clean-vm: pre-requisites
console: pre-requisites console: pre-requisites
@while sleep 2; do virsh console fcos-$(PROJECT_NAME); echo -e "Disconnected. Reconnecting in 2 seconds...\nPress Ctrl-C to abort.\n"; done @while sleep 2; do virsh console fcos-$(PROJECT_NAME); echo -e "Disconnected. Reconnecting in 2 seconds...\nPress Ctrl-C to abort.\n"; done
units-pre::
@for dep in $(DEPENDENCIES); do \
$(MAKE) -s -C $(TOP_LEVEL_DIR)/$$dep units 2>/dev/null; \
done
units: units-pre
@for unit in $(SYSTEMD_UNIT_NAMES) $(QUADLET_UNIT_NAMES); do echo "$$unit"; done
clean-pre:: clean-pre::
@run() { echo $$*; "$$@"; }; \ @run() { echo $$*; "$$@"; }; \
for dep in $(DEPENDENCIES); do \ for dep in $(DEPENDENCIES); do \
run $(MAKE) -C $(TOP_LEVEL_DIR)/$$dep clean; \ run $(MAKE) -C $(TOP_LEVEL_DIR)/$$dep clean; \
done done
clean-post:: clean-post::
clean: clean-pre pre-requisites clean: clean-pre pre-requisites
rm -f *.butane rm -f *.butane

21
nextcloud/Makefile
View File

@ -1,6 +1,14 @@
# Also depends on virtiofs for data storage but is a transitive dependency via postgresql ##
## Makefile for PostgreSQL quadlet
##
# Project dependencies: Nextcloud also depends on virtiofs for data storage but is a transitive dependency via postgresql
DEPENDENCIES = postgresql DEPENDENCIES = postgresql
# Nextcloud quadlet is mapped to the 10008 user (nextcloud) and 10000 group (itix-svc)
PROJECT_UID = 10008
PROJECT_GID = 10000
TOP_LEVEL_DIR := .. TOP_LEVEL_DIR := ..
include $(TOP_LEVEL_DIR)/Makefile.common include $(TOP_LEVEL_DIR)/Makefile.common
@ -12,17 +20,17 @@ test-set-nextcloud-major:
sed -i 's/^NEXTCLOUD_MAJOR=.*/NEXTCLOUD_MAJOR=$(NEXTCLOUD_MAJOR_START)/' config/config.env sed -i 's/^NEXTCLOUD_MAJOR=.*/NEXTCLOUD_MAJOR=$(NEXTCLOUD_MAJOR_START)/' config/config.env
$(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis:
install -m 0700 -o 0 -g 0 -d $@ install -m 0700 -o 10008 -g 10000 -d $@
$(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config:
install -m 0700 -o 82 -g 82 -d $@ install -m 0700 -o 10008 -g 10000 -d $@
$(TARGET_CHROOT)/etc/quadlets/nextcloud/www.conf: config/www.conf $(TARGET_CHROOT)/etc/quadlets/nextcloud/www.conf: config/www.conf
install -m 0755 -o 82 -g 82 -D $< $@ install -m 0755 -o 10008 -g 10000 -D $< $@
install-var: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config install-var: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config
test: uninstall clean test-set-nextcloud-major install test:
@run() { echo $$*; "$$@"; }; \ @run() { echo $$*; "$$@"; }; \
echo "Running Nextcloud upgrade test..."; \ echo "Running Nextcloud upgrade test..."; \
set -Eeuo pipefail; \ set -Eeuo pipefail; \
@ -39,10 +47,12 @@ test: uninstall clean test-set-nextcloud-major install
run curl -X GET -sSf -u "$${NEXTCLOUD_ADMIN_USER}:$${NEXTCLOUD_ADMIN_PASSWORD}" "$${OVERWRITECLIURL}/remote.php/webdav/witness.txt" -o /tmp/witness.txt; \ run curl -X GET -sSf -u "$${NEXTCLOUD_ADMIN_USER}:$${NEXTCLOUD_ADMIN_PASSWORD}" "$${OVERWRITECLIURL}/remote.php/webdav/witness.txt" -o /tmp/witness.txt; \
if run cmp -s tests/witness.txt /tmp/witness.txt ; then \ if run cmp -s tests/witness.txt /tmp/witness.txt ; then \
echo "File upload verified successfully!"; \ echo "File upload verified successfully!"; \
rm -f /tmp/witness.txt; \
else \ else \
echo "File upload verification failed!"; \ echo "File upload verification failed!"; \
exit 1; \ exit 1; \
fi; \ fi; \
exit 1; \
sleep 2; \ sleep 2; \
for (( ver=$(NEXTCLOUD_MAJOR_START); ver<$(NEXTCLOUD_MAJOR_LAST); ver++ )); do \ for (( ver=$(NEXTCLOUD_MAJOR_START); ver<$(NEXTCLOUD_MAJOR_LAST); ver++ )); do \
nextver=$$(($$ver + 1)); \ nextver=$$(($$ver + 1)); \
@ -61,6 +71,7 @@ test: uninstall clean test-set-nextcloud-major install
run curl -X GET -sSf -u "$${NEXTCLOUD_ADMIN_USER}:$${NEXTCLOUD_ADMIN_PASSWORD}" "$${OVERWRITECLIURL}/remote.php/webdav/witness.txt" -o /tmp/witness.txt; \ run curl -X GET -sSf -u "$${NEXTCLOUD_ADMIN_USER}:$${NEXTCLOUD_ADMIN_PASSWORD}" "$${OVERWRITECLIURL}/remote.php/webdav/witness.txt" -o /tmp/witness.txt; \
if run cmp -s tests/witness.txt /tmp/witness.txt ; then \ if run cmp -s tests/witness.txt /tmp/witness.txt ; then \
echo "File upload verified successfully after upgrade!"; \ echo "File upload verified successfully after upgrade!"; \
rm -f /tmp/witness.txt; \
else \ else \
echo "File upload verification failed after upgrade!"; \ echo "File upload verification failed after upgrade!"; \
exit 1; \ exit 1; \

4
nextcloud/config/config.env
View File

@ -2,8 +2,10 @@
## Nextcloud Configuration Environment Variables ## Nextcloud Configuration Environment Variables
## ##
# Nextcloud version # Major versions of all components
NEXTCLOUD_MAJOR=31 NEXTCLOUD_MAJOR=31
REDIS_MAJOR=8
NGINX_MAJOR=1.20
# Nextcloud domain configuration # Nextcloud domain configuration
NEXTCLOUD_TRUSTED_DOMAINS=localhost NEXTCLOUD_TRUSTED_DOMAINS=localhost

2
nextcloud/config/nginx.conf
View File

@ -41,7 +41,7 @@ http {
} }
server { server {
listen 80; listen 8080;
# set max upload size # set max upload size
client_max_body_size 10G; client_max_body_size 10G;

1
nextcloud/fcos.bu
View File

@ -3,6 +3,7 @@ version: 1.4.0
ignition: ignition:
config: config:
merge: merge:
- local: virtiofs.ign
- local: nextcloud.ign - local: nextcloud.ign
- local: postgresql.ign - local: postgresql.ign
- local: local.ign - local: local.ign

22
nextcloud/nextcloud-app.container
View File

@ -1,13 +1,13 @@
[Unit] [Unit]
Description=Nextcloud PHP-FPM Application Description=Nextcloud PHP-FPM Application
Documentation=https://hub.docker.com/_/nextcloud/ Documentation=https://hub.docker.com/_/nextcloud/
After=network.target nextcloud-redis.service postgresql-server.service nextcloud-upgrade.service After=network.target nextcloud-redis.service postgresql-server.service nextcloud-init.service nextcloud-upgrade.service var-lib-virtiofs-data.mount
Requires=nextcloud-redis.service postgresql-server.service nextcloud-upgrade.service Requires=nextcloud-redis.service postgresql-server.service nextcloud-init.service nextcloud-upgrade.service var-lib-virtiofs-data.mount
# Only start if Nextcloud has been configured # Only start if Nextcloud has been configured
ConditionPathExists=/etc/quadlets/nextcloud/config.env ConditionPathExists=/etc/quadlets/nextcloud/config.env
# and initialized (config.php exists) # and initialized (config.php exists)
ConditionPathExists=/var/lib/quadlets/nextcloud/data/config/config.php ConditionPathExists=/var/lib/virtiofs/data/nextcloud/config/config.php
# Start/stop this unit when the target is started/stopped # Start/stop this unit when the target is started/stopped
PartOf=nextcloud.target PartOf=nextcloud.target
@ -16,8 +16,17 @@ PartOf=nextcloud.target
ContainerName=nextcloud-app ContainerName=nextcloud-app
Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine
# Fix the UID/GID of the PHP-FPM daemon # No need for root privileges
User=82:82 User=www-data
Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82
UIDMap=82:10008:1
UIDMap=83:1000083:65453
GIDMap=0:1000000:82
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host
@ -27,8 +36,7 @@ AddCapability=CAP_NET_BIND_SERVICE
EnvironmentFile=/etc/quadlets/nextcloud/config.env EnvironmentFile=/etc/quadlets/nextcloud/config.env
# Volume mounts # Volume mounts
Volume=/var/lib/quadlets/nextcloud/data:/var/www/html:z Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z
Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html/data:z
Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z
Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z
Volume=/etc/quadlets/nextcloud/custom-noinit.sh:/docker-entrypoint-hooks.d/pre-installation/custom.sh:z,ro Volume=/etc/quadlets/nextcloud/custom-noinit.sh:/docker-entrypoint-hooks.d/pre-installation/custom.sh:z,ro

21
nextcloud/nextcloud-cron.container
View File

@ -1,20 +1,29 @@
[Unit] [Unit]
Description=Nextcloud Application - Cron Job Description=Nextcloud Application - Cron Job
Documentation=https://hub.docker.com/_/nextcloud/ Documentation=https://hub.docker.com/_/nextcloud/
After=nextcloud-redis.service postgresql-server.service After=nextcloud-redis.service postgresql-server.service var-lib-virtiofs-data.mount
Requires=nextcloud-redis.service postgresql-server.service Requires=nextcloud-redis.service postgresql-server.service var-lib-virtiofs-data.mount
# Only start if Nextcloud has been configured # Only start if Nextcloud has been configured
ConditionPathExists=/etc/quadlets/nextcloud/config.env ConditionPathExists=/etc/quadlets/nextcloud/config.env
# and initialized (config.php exists) # and initialized (config.php exists)
ConditionPathExists=/var/lib/quadlets/nextcloud/data/config/config.php ConditionPathExists=/var/lib/virtiofs/data/nextcloud/config/config.php
[Container] [Container]
ContainerName=nextcloud-cron-job ContainerName=nextcloud-cron-job
Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine
# Fix the UID/GID of the PHP-FPM daemon # No need for root privileges
User=82:82 User=www-data
Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82
UIDMap=82:10008:1
UIDMap=83:1000083:65453
GIDMap=0:1000000:82
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host
@ -27,7 +36,7 @@ Entrypoint=php
Exec=-f /var/www/html/cron.php Exec=-f /var/www/html/cron.php
# Volume mounts # Volume mounts
Volume=/var/lib/quadlets/nextcloud/data:/var/www/html:z Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z
Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z
Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z

23
nextcloud/nextcloud-init.container
View File

@ -1,24 +1,33 @@
[Unit] [Unit]
Description=Nextcloud Application - Initialization Description=Nextcloud Application - Initialization
Documentation=https://hub.docker.com/_/nextcloud/ Documentation=https://hub.docker.com/_/nextcloud/
After=network.target nextcloud-redis.service postgresql-server.service After=network.target nextcloud-redis.service postgresql-server.service var-lib-virtiofs-data.mount
Before=nextcloud-app.service Before=nextcloud-app.service
Requires=nextcloud-redis.service postgresql-server.service Requires=nextcloud-redis.service postgresql-server.service var-lib-virtiofs-data.mount
# Only start if Nextcloud has been configured # Only start if Nextcloud has been configured
ConditionPathExists=/etc/quadlets/nextcloud/config.env ConditionPathExists=/etc/quadlets/nextcloud/config.env
# and NOT initialized (config.php does NOT exist) # and NOT initialized (config.php does NOT exist)
ConditionPathExists=!/var/lib/quadlets/nextcloud/data/config/config.php ConditionPathExists=!/var/lib/virtiofs/data/nextcloud/config/config.php
# Start/stop this unit when the target is started/stopped # Start/stop this unit when the target is started/stopped
#PartOf=nextcloud.target PartOf=nextcloud.target
[Container] [Container]
ContainerName=nextcloud-init-job ContainerName=nextcloud-init-job
Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine
# Fix the UID/GID of the PHP-FPM daemon # No need for root privileges
User=82:82 User=www-data
Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82
UIDMap=82:10008:1
UIDMap=83:1000083:65453
GIDMap=0:1000000:82
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host
@ -31,7 +40,7 @@ Environment=NEXTCLOUD_UPDATE=1
Exec=/bin/true Exec=/bin/true
# Volume mounts # Volume mounts
Volume=/var/lib/quadlets/nextcloud/data:/var/www/html:z Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z
Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z
Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z

24
nextcloud/nextcloud-nginx.container
View File

@ -1,8 +1,8 @@
[Unit] [Unit]
Description=Nextcloud Nginx Reverse Proxy Description=Nextcloud Nginx Reverse Proxy
Documentation=https://hub.docker.com/r/nginxinc/nginx-unprivileged/ Documentation=https://hub.docker.com/r/nginxinc/nginx-unprivileged/
After=network.target nextcloud-app.service After=network.target nextcloud-app.service var-lib-virtiofs-data.mount
Requires=nextcloud-app.service Requires=nextcloud-app.service var-lib-virtiofs-data.mount
# Only start if Nextcloud has been configured # Only start if Nextcloud has been configured
ConditionPathExists=/etc/quadlets/nextcloud/config.env ConditionPathExists=/etc/quadlets/nextcloud/config.env
@ -12,17 +12,26 @@ PartOf=nextcloud.target
[Container] [Container]
ContainerName=nextcloud-nginx ContainerName=nextcloud-nginx
Image=docker.io/nginxinc/nginx-unprivileged:1.20-alpine Image=docker.io/nginxinc/nginx-unprivileged:${NGINX_MAJOR}-alpine
# Network configuration # Network configuration
Network=host Network=host
AddCapability=CAP_NET_BIND_SERVICE AddCapability=CAP_NET_BIND_SERVICE
# Run with the same UID/GID as PHP-FPM # No need for root privileges
User=82:82 User=nginx
Group=nginx
# UID/GID mapping to map the nginx (101) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:101
UIDMap=101:10008:1
UIDMap=102:1000102:65434
GIDMap=0:1000000:101
GIDMap=101:10000:1
GIDMap=102:1000102:65434
# Volume mounts # Volume mounts
Volume=/var/lib/quadlets/nextcloud/data:/var/www/html:z Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z
Volume=/etc/quadlets/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro Volume=/etc/quadlets/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
# Health check (equivalent to readiness probe) # Health check (equivalent to readiness probe)
@ -38,5 +47,8 @@ RestartSec=5
TimeoutStartSec=300 TimeoutStartSec=300
TimeoutStopSec=30 TimeoutStopSec=30
# These environment variables are sourced to be used by systemd in the Exec* commands
EnvironmentFile=/etc/quadlets/nextcloud/config.env
[Install] [Install]
WantedBy=nextcloud.target WantedBy=nextcloud.target

14
nextcloud/nextcloud-redis.container
View File

@ -11,7 +11,7 @@ PartOf=nextcloud.target
[Container] [Container]
ContainerName=nextcloud-redis ContainerName=nextcloud-redis
Image=docker.io/library/redis:8-alpine Image=docker.io/library/redis:${REDIS_MAJOR}-alpine
# Network configuration # Network configuration
Network=host Network=host
@ -19,6 +19,18 @@ Network=host
# Redis configuration with authentication # Redis configuration with authentication
Exec=redis-server /usr/local/etc/redis/redis.conf Exec=redis-server /usr/local/etc/redis/redis.conf
# No need for root privileges
User=redis
Group=redis
# UID/GID mapping to map the redis (999) user / redis (1000) group inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:999
UIDMap=999:10008:1
UIDMap=1000:1001000:64536
GIDMap=0:1000000:1000
GIDMap=1000:10000:1
GIDMap=1001:1001001:64535
# Environment variables # Environment variables
Environment=REDISCLI_AUTH=${REDIS_HOST_PASSWORD} Environment=REDISCLI_AUTH=${REDIS_HOST_PASSWORD}

17
nextcloud/nextcloud-upgrade.container
View File

@ -8,7 +8,7 @@ Requires=nextcloud-redis.service postgresql-server.service
# Only start if Nextcloud has been configured # Only start if Nextcloud has been configured
ConditionPathExists=/etc/quadlets/nextcloud/config.env ConditionPathExists=/etc/quadlets/nextcloud/config.env
# and initialized (config.php exists) # and initialized (config.php exists)
ConditionPathExists=/var/lib/quadlets/nextcloud/data/config/config.php ConditionPathExists=/var/lib/virtiofs/data/nextcloud/config/config.php
# Start/stop this unit when the target is started/stopped # Start/stop this unit when the target is started/stopped
PartOf=nextcloud.target PartOf=nextcloud.target
@ -17,8 +17,17 @@ PartOf=nextcloud.target
ContainerName=nextcloud-upgrade-to-${NEXTCLOUD_MAJOR}-job ContainerName=nextcloud-upgrade-to-${NEXTCLOUD_MAJOR}-job
Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine Image=docker.io/library/nextcloud:${NEXTCLOUD_MAJOR}-fpm-alpine
# Fix the UID/GID of the PHP-FPM daemon # No need for root privileges
User=82:82 User=www-data
Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82
UIDMap=82:10008:1
UIDMap=83:1000083:65453
GIDMap=0:1000000:82
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host
@ -33,7 +42,7 @@ Volume=/etc/quadlets/nextcloud/custom-pre.sh:/docker-entrypoint-hooks.d/pre-upgr
Volume=/etc/quadlets/nextcloud/custom-post.sh:/docker-entrypoint-hooks.d/post-upgrade/custom.sh:z,ro Volume=/etc/quadlets/nextcloud/custom-post.sh:/docker-entrypoint-hooks.d/post-upgrade/custom.sh:z,ro
# Volume mounts # Volume mounts
Volume=/var/lib/quadlets/nextcloud/data:/var/www/html:z Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z
Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z
Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z

4
nextcloud/nextcloud.target
View File

@ -1,8 +1,8 @@
[Unit] [Unit]
Description=Nextcloud Service Target Description=Nextcloud Service Target
Documentation=man:systemd.target(5) Documentation=man:systemd.target(5)
Requires=postgresql.target nextcloud-redis.service nextcloud-nginx.service nextcloud-app.service nextcloud-upgrade.service nextcloud-cron.timer Requires=postgresql.target nextcloud-redis.service nextcloud-nginx.service nextcloud-app.service nextcloud-init.service nextcloud-upgrade.service nextcloud-cron.timer
After=postgresql.target nextcloud-redis.service nextcloud-nginx.service nextcloud-app.service nextcloud-upgrade.service After=postgresql.target nextcloud-redis.service nextcloud-nginx.service nextcloud-app.service nextcloud-init.service nextcloud-upgrade.service
Before=nextcloud-cron.timer Before=nextcloud-cron.timer
# Allow isolation - can stop/start this target independently # Allow isolation - can stop/start this target independently

5
nextcloud/tmpfiles.d/nextcloud.conf
View File

@ -1,2 +1,3 @@
d$ /run/quadlets/nextcloud 0700 82 82 - d$ /run/quadlets/nextcloud 0700 10008 10000 -
f+$ /run/quadlets/nextcloud/redis-session.ini 0600 82 82 - f+$ /run/quadlets/nextcloud/redis-session.ini 0600 10008 10000 -
d$ /var/lib/virtiofs/data/nextcloud 0700 10008 10000 -

32
postgresql/Makefile
View File

@ -1,5 +1,15 @@
##
## Makefile for PostgreSQL quadlet
##
# Project dependencies
DEPENDENCIES = virtiofs DEPENDENCIES = virtiofs
# PostgreSQL quadlet is mapped to the 10004 user (postgres) and 10000 group (itix-svc)
PROJECT_UID = 10004
PROJECT_GID = 10000
# Include common Makefile
TOP_LEVEL_DIR := .. TOP_LEVEL_DIR := ..
include $(TOP_LEVEL_DIR)/Makefile.common include $(TOP_LEVEL_DIR)/Makefile.common
@ -10,19 +20,15 @@ PG_MAJOR_LAST ?= 18
test-set-pgmajor: test-set-pgmajor:
sed -i 's/^PG_MAJOR=.*/PG_MAJOR=$(PG_MAJOR_START)/' config/config.env sed -i 's/^PG_MAJOR=.*/PG_MAJOR=$(PG_MAJOR_START)/' config/config.env
$(TARGET_CHROOT)/var/lib/quadlets/postgresql: # Integration tests for PostgreSQL quadlet: backup, restore + major version upgrade (14 to 18)
install -m 0700 -o 70 -g 70 -d $@
install-var: $(TARGET_CHROOT)/var/lib/quadlets/postgresql
test: uninstall clean test-set-pgmajor install test: uninstall clean test-set-pgmajor install
@echo "Running PostgreSQL integration tests..."; \ @echo "Running PostgreSQL integration tests..."; \
set -Eeuo pipefail; \ set -Eeuo pipefail; \
sleep 2; \ sleep 2; \
echo "Creating a test database and a witness table..."; \ echo "Creating a test database and a witness table..."; \
podman exec postgresql-server su postgres -c "createdb test"; \ podman exec postgresql-server createdb test; \
podman exec postgresql-server su postgres -c "psql -U postgres -d test -c \"CREATE TABLE witness (id SERIAL PRIMARY KEY, version VARCHAR); INSERT INTO witness (version) SELECT version();\""; \ podman exec postgresql-server psql -U postgres -d test -c "CREATE TABLE witness (id SERIAL PRIMARY KEY, version VARCHAR); INSERT INTO witness (version) SELECT version();"; \
podman exec postgresql-server su postgres -c "psql -U postgres -d test -c \"SELECT * FROM witness;\""; \ podman exec postgresql-server psql -U postgres -d test -c "SELECT * FROM witness;"; \
for (( ver=$(PG_MAJOR_START); ver<$(PG_MAJOR_LAST); ver++ )); do \ for (( ver=$(PG_MAJOR_START); ver<$(PG_MAJOR_LAST); ver++ )); do \
echo "Running a backup..."; \ echo "Running a backup..."; \
nextver=$$(($$ver + 1)); \ nextver=$$(($$ver + 1)); \
@ -32,15 +38,15 @@ test: uninstall clean test-set-pgmajor install
rm -rf /var/lib/quadlets/postgresql/{$$ver,$$nextver,data,latest,.initialized}; \ rm -rf /var/lib/quadlets/postgresql/{$$ver,$$nextver,data,latest,.initialized}; \
echo "Restoring the backup to PostgreSQL $$ver..."; \ echo "Restoring the backup to PostgreSQL $$ver..."; \
systemctl start postgresql.target; \ systemctl start postgresql.target; \
sleep 2; \ sleep 5; \
podman exec postgresql-server su postgres -c "psql -U postgres -d test -c \"SELECT * FROM witness;\""; \ podman exec postgresql-server psql -U postgres -d test -c "SELECT * FROM witness;"; \
echo "Testing upgrade from PostgreSQL $$ver to $$nextver..."; \ echo "Testing upgrade from PostgreSQL $$ver to $$nextver..."; \
systemctl stop postgresql.target; \ systemctl stop postgresql.target; \
sed -i "s/^PG_MAJOR=.*/PG_MAJOR=$$nextver/" /etc/quadlets/postgresql/config.env; \ sed -i "s/^PG_MAJOR=.*/PG_MAJOR=$$nextver/" /etc/quadlets/postgresql/config.env; \
systemctl start postgresql.target; \ systemctl start postgresql.target; \
sleep 2; \ sleep 5; \
echo "Inserting line into the witness table..."; \ echo "Inserting line into the witness table..."; \
podman exec postgresql-server su postgres -c "psql -U postgres -d test -c \"INSERT INTO witness (version) SELECT version();\""; \ podman exec postgresql-server psql -U postgres -d test -c "INSERT INTO witness (version) SELECT version();"; \
done; \ done; \
podman exec postgresql-server su postgres -c "psql -U postgres -d test -c \"SELECT * FROM witness;\""; \ podman exec postgresql-server psql -U postgres -d test -c "SELECT * FROM witness;"; \
echo "PostgreSQL upgrade tests completed." echo "PostgreSQL upgrade tests completed."

2
postgresql/config/config.env
View File

@ -5,5 +5,5 @@ POSTGRES_HOST_AUTH_METHOD=scram-sha-256
POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256 POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256
POSTGRES_ARGS=-h 127.0.0.1 POSTGRES_ARGS=-h 127.0.0.1
PGPORT=5432 PGPORT=5432
PG_MAJOR=17 PG_MAJOR=14
POSTGRES_BACKUP_RETENTION=7 POSTGRES_BACKUP_RETENTION=7

1
postgresql/fcos.bu
View File

@ -3,5 +3,6 @@ version: 1.4.0
ignition: ignition:
config: config:
merge: merge:
- local: virtiofs.ign
- local: postgresql.ign - local: postgresql.ign
- local: local.ign - local: local.ign

16
postgresql/postgresql-backup.container
View File

@ -1,8 +1,8 @@
[Unit] [Unit]
Description=PostgreSQL Database Server - Backup Description=PostgreSQL Database Server - Backup
Documentation=https://hub.docker.com/_/postgres/ Documentation=https://hub.docker.com/_/postgres/
After=network.target postgresql-server.service After=network.target postgresql-server.service var-lib-virtiofs-data.mount
Requires=postgresql-server.service Requires=postgresql-server.service var-lib-virtiofs-data.mount
# Start/stop this unit when the target is started/stopped # Start/stop this unit when the target is started/stopped
PartOf=postgresql.target PartOf=postgresql.target
@ -22,6 +22,18 @@ Entrypoint=/usr/local/bin/backup.sh
# No need for root privileges # No need for root privileges
User=postgres User=postgres
Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70
UIDMap=70:10004:1
UIDMap=71:1000071:65465
GIDMap=0:1000000:70
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore
# Volume mounts # Volume mounts
Volume=/var/lib/quadlets/postgresql:/var/lib/postgresql:z Volume=/var/lib/quadlets/postgresql:/var/lib/postgresql:z

13
postgresql/postgresql-init.container
View File

@ -34,9 +34,22 @@ Exec=${POSTGRES_ARGS}
# No need for root privileges # No need for root privileges
User=postgres User=postgres
Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70
UIDMap=70:10004:1
UIDMap=71:1000071:65465
GIDMap=0:1000000:70
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore
# Volume mounts # Volume mounts
Volume=/var/lib/quadlets/postgresql:/var/lib/postgresql:z Volume=/var/lib/quadlets/postgresql:/var/lib/postgresql:z
Volume=/var/lib/virtiofs/data/postgresql/backup:/var/lib/postgresql/backup:z
Volume=/etc/quadlets/postgresql/init.sh:/usr/local/bin/init.sh:z,ro Volume=/etc/quadlets/postgresql/init.sh:/usr/local/bin/init.sh:z,ro
Volume=/etc/quadlets/postgresql/init.sql:/docker-entrypoint-initdb.d/init.sql:z,ro Volume=/etc/quadlets/postgresql/init.sql:/docker-entrypoint-initdb.d/init.sql:z,ro

12
postgresql/postgresql-server.container
View File

@ -39,6 +39,18 @@ Exec=${POSTGRES_ARGS}
# No need for root privileges # No need for root privileges
User=postgres User=postgres
Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70
UIDMap=70:10004:1
UIDMap=71:1000071:65465
GIDMap=0:1000000:70
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore
# Health check # Health check
HealthCmd=pg_isready -U $POSTGRES_USER -d $POSTGRES_DB -p $PGPORT HealthCmd=pg_isready -U $POSTGRES_USER -d $POSTGRES_DB -p $PGPORT

12
postgresql/postgresql-upgrade.container
View File

@ -30,6 +30,18 @@ Entrypoint=/usr/local/bin/upgrade.sh
# No need for root privileges # No need for root privileges
User=postgres User=postgres
Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70
UIDMap=70:10004:1
UIDMap=71:1000071:65465
GIDMap=0:1000000:70
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore
# Set PostgreSQL command line arguments # Set PostgreSQL command line arguments
Exec=${POSTGRES_ARGS} Exec=${POSTGRES_ARGS}

6
postgresql/tmpfiles.d/postgresql.conf
View File

@ -1,3 +1,3 @@
d$ /run/quadlets/postgresql 0700 70 70 - d$ /run/quadlets/postgresql 0700 10004 10000 -
d$ /var/lib/virtiofs/data/postgresql 0700 70 70 - d$ /var/lib/virtiofs/data/postgresql 0700 10004 10000 -
d$ /var/lib/virtiofs/data/postgresql/backup 0700 70 70 - d$ /var/lib/virtiofs/data/postgresql/backup 0700 10004 10000 -

14
virtiofs/fcos.bu
View File

@ -0,0 +1,14 @@
variant: fcos
version: 1.4.0
ignition:
config:
merge:
- local: virtiofs.ign
- local: local.ign
storage:
files:
- path: "/var/lib/virtiofs/data/witness.txt"
mode: 0644
contents:
inline: |
Hello, World!
Write Preview
Loading…
Cancel
Save