summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArtem Smirnov <urpylka@gmail.com>2018-09-13 02:15:48 +0300
committerArtem Smirnov <urpylka@gmail.com>2018-09-14 00:41:46 +0300
commitebded7123970342c512511fb0fe90bf26dbcd096 (patch)
tree7a456bd0c08b8480afaac0a67dba5990e541f454
parentdcabd1ccc0fc6b0ed830498dc369db1c082ad9a6 (diff)
Update readme
-rw-r--r--README.md202
1 files changed, 81 insertions, 121 deletions
diff --git a/README.md b/README.md
index 27548e1..6833f17 100644
--- a/README.md
+++ b/README.md
@@ -4,163 +4,123 @@ Author: Artem Smirnov, Bryan Hong
4Date: September 13, 2018 4Date: September 13, 2018
5License: Apache License, Version 2.0 5License: Apache License, Version 2.0
6--- 6---
7docker-aptly 7# docker-aptly
8==
9 8
10aptly in a container backed by nginx 9**docker-aptly** is container w `aptly` backed by `nginx`.
11 10
12>aptly is a swiss army knife for Debian repository management: it allows you to mirror remote repositories, manage local package repositories, take snapshots, pull new versions of packages along with dependencies, publish as Debian repository. [aptly.info](http://aptly.info) 11**aptly** is a swiss army knife for Debian repository management: it allow you to mirror remote repositories, manage local package repositories, take snapshots, pull new versions of packages along with dependencies, publish as Debian repository. More info are on [aptly.info](http://aptly.info) and on [github](https://github.com/aptly-dev/aptly).
13 12
14>nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server, originally written by Igor Sysoev [nginx.org](http://nginx.org/en/) 13**nginx** is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server, originally written by Igor Sysoev. More info is on [nginx.org](http://nginx.org/en/).
15 14
16**NOTE:** This container and the scripts within are written to make hosting an Ubuntu mirror "as-close-to-turnkey" as possible. If you want to host a Debian mirror, you'll need to build the image yourself, see [Building the Container](#building-the-container) below 15## Quickstart
17 16
18Quickstart 17The following command will run `aptly` and `nginx` in a container:
19--
20 18
21The following command will run aptly and nginx in a container, if you want to customize or build the container locally, skip to [Building the Container](#building-the-container) below 19```bash
22 20docker run \
23``` 21 --detach=true \
24docker run \ 22 --log-driver=syslog \
25 --detach=true \ 23 --restart=always \
26 --log-driver=syslog \ 24 --name="aptly" \
27 --name="aptly" \ 25 --publish 80:80 \
28 --restart=always \ 26 --volume $(pwd)/aptly_files:/opt/aptly \
29 --env FULL_NAME="First Last" \ 27 --env FULL_NAME="First Last" \
30 --env EMAIL_ADDRESS="youremail@example.com" \ 28 --env EMAIL_ADDRESS="youremail@example.com" \
31 --env GPG_PASSWORD="PickAPassword" \ 29 --env GPG_PASSWORD="PickAPassword" \
32 --env HOSTNAME=aptly.example.com \ 30 --env HOSTNAME=aptly.example.com \
33 --volume /dockerhost/dir/with/lots/of/space:/opt/aptly \ 31 smirart/aptly:latest
34 --publish 80:80 \
35 bryanhong/aptly:latest
36``` 32```
37 33
38### Runtime flags explained 34> Wait until the GPG keyrings are created (not 0 bytes) before proceeding (it can take a few minutes). They will be in the bind mount location.
39 35
40``` 36### Explane of the flags
41--detach=true
42```
43run the container in the background
44```
45--log-driver=syslog
46```
47send nginx logs to syslog on the Docker host (requires Docker 1.6 or higher)
48```
49--name="aptly"
50```
51name of the container
52```
53--restart=always
54```
55automatically start the container when the Docker daemon starts
56```
57--env FULL_NAME="First Last"
58```
59the first and last name that will be associated with the GPG apt signing key
60```
61--env EMAIL_ADDRESS="youremail@example.com"
62```
63the email address that will be associated with the GPG apt signing key
64```
65--env GPG_PASSWORD="PickAPassword"
66```
67the password that will be used to encrypt the GPG apt signing key
68```
69--env HOSTNAME=aptly.example.com
70```
71the hostname of the Docker host that this container is running on
72```
73--volume /dockerhost/dir/with/lots/of/space:/opt/aptly
74```
75path that aptly will use to store its data : mapped path in the container
76```
77--publish 80:80
78```
79Docker host port : mapped port in the container
80
81Create a mirror of Ubuntu's main repository
82--
831. The initial download of the repository may take quite some time depending on your bandwidth limits, it may be in your best interest to open a screen or tmux session before proceeding.
842. Attach to the container ```docker exec -it aptly /bin/bash```
853. By default, ```/opt/update_mirror.sh``` will automate the creation of an Ubuntu 14.04 Trusty repository with the main and universe components, you can adjust the variables in the script to suit your needs.
864. Run ```/opt/update_mirror.sh```
875. If the script fails due to network disconnects etc, just re-run it.
88 37
89When the script completes, you should have a functional mirror that you can point a client to. 38Flag | Description
39--- | ---
40`--detach=true` | Run the container in the background
41`--log-driver=syslog` | Send nginx logs to syslog on the Docker host (requires Docker 1.6 or higher)
42`--restart=always` | Automatically start the container when the Docker daemon starts
43`--name="aptly"` | Name of the container
44`--volume $(pwd)/aptly:/opt/aptly` | Path that aptly will use to store its data : mapped path in the container
45`--publish 80:80` | Docker host port : mapped port in the container
46`--env FULL_NAME="First Last"` | The first and last name that will be associated with the GPG apt signing key
47`--env EMAIL_ADDRESS="your@email.com"` | The email address that will be associated with the GPG apt signing key
48`--env GPG_PASSWORD="PickAPassword"` | The password that will be used to encrypt the GPG apt signing key
49`--env HOSTNAME=aptly.example.com` | The hostname of the Docker host that this container is running on
90 50
91Point a host at the mirror 51## Setup a client for use your repo
92--
93 52
941. Fetch the public PGP key from your aptly repository and add it to your trusted repositories 531. Fetch the public PGP key from your aptly repository and add it to your trusted repositories
95 54
96 ``` 55 ```bash
97 wget http://FQDN.OF.APTLY/aptly_repo_signing.key 56 wget http://YOUR_HOST_FOR_APTLY/aptly_repo_signing.key
98 apt-key add aptly_repo_signing.key 57 apt-key add aptly_repo_signing.key
99 ``` 58 ```
100 59
1012. Backup then replace /etc/apt/sources.list 602. Backup then replace /etc/apt/sources.list
102 61
103 ``` 62 ```bash
104 cp /etc/apt/sources.list /etc/apt/sources.list.bak 63 cp /etc/apt/sources.list /etc/apt/sources.list.bak
105 echo "deb http://FQDN.OF.APTLY/ ubuntu main" > /etc/apt/sources.list 64 echo "deb http://YOUR_HOST_FOR_APTLY/ ubuntu main" > /etc/apt/sources.list
106 apt-get update 65 apt-get update
107 ``` 66 ```
108
109 You should be able to install packages at this point!
110
111Checkout the excellent aptly documentation [here](http://www.aptly.info/doc/overview/)
112 67
113Building the container 68 > `ubuntu` & `main` may be another. It's require from your repos on aptly.
114--
115 69
116If you want to make modifications to the image or simply see how things work, check out this repository: 70## Configure the container
117 71
72For attach to the container and start to configure your aptly use:
73
74```bash
75docker exec -it aptly /bin/bash
118``` 76```
119git clone https://github.com/bryanhong/docker-aptly.git 77
78Read [the official documentation](https://www.aptly.info/doc/overview/) for learn more about aptly.
79
80For stop container use:
81
82```bash
83docker stop aptly
120``` 84```
121 85
122### Commands and variables 86### Create a mirror of Ubuntu's main repository
123 87
124* ```vars```: Variables for Docker registry, the application, and aptly repository data location 881. Attach to the container. How attach? [See this](##Configure-the-container).
125* ```build.sh```: Build the Docker image locally, this script will take the name of a Dockerfile as an argument, by default will build Dockerfile. 892. Run `/opt/update_mirror.sh`.
126* ```run.sh```: Starts the Docker container, it the image hasn't been built locally, it is fetched from the repository set in vars
127* ```push.sh```: Pushes the latest locally built image to the repository set in vars
128* ```shell.sh```: get a shell within the container
129 90
130### How this image/container works 91By default, this script will automate the creation of an Ubuntu 14.04 Trusty repository with the main and universe components, you can adjust the variables in the script to suit your needs.
131 92
132**Data** 93> If the script fails due to network disconnects etc, just re-run it.
133All of aptly's data (including PGP keys and GPG keyrings) is bind mounted outside of the container to preserve it if the container is removed or rebuilt. Set the location for the bind mount in ```vars``` before starting the container. If you're going to host a mirror of Ubuntu's main repository, you'll need upwards of 80GB+ (x86_64 only) of free space as of Feb 2016, plan for growth.
134 94
135**Networking** 95 The initial download of the repository may take quite some time depending on your bandwidth limits, it may be in your best interest to open a screen, tmux or byobu session before proceeding.
136By default, Docker will map port 80 on the Docker host to port 80 within the container where nginx is configured to listen. You can change the external listening port in ```vars``` to map to any port you like.
137 96
138**Security** 97> For host a mirror of Ubuntu's main repository, you'll need upwards of 80GB+ (x86_64 only) of free space as of Feb 2016, plan for growth.
139The GPG password you set in ```vars``` is stored in plain text and is visible as an environment variable inside the container. It is set as an enviornment variable to allow for automation of repository updates without user interaction. The GPG password can be removed completely but it is safer to encrypt the GPG keyrings because they are bind mounted outside the container to avoid the necessity of regenerating/redistributing keys if the container is removed or rebuilt.
140 98
141### Usage 99When the script completes, you should have a functional mirror that you can point a client to.
142 100
143#### Configure the container 101For create Debian's mirror use `/opt/debian_mirror.sh`.
144 102
1451. Configure application specific variables in ```vars``` 103## Building the container
146 104
147#### Build the image 105If you want to customize image or build the container locally, check out this repository and build after:
148 106
1491. Run ```./build.sh``` 107```bash
108git clone https://github.com/urpylka/docker-aptly.git
109docker build docker-aptly
110```
150 111
151>To build a Debian-based mirror/aptly run ```./build.sh Dockerfile.debian``` 112## How this image/container works
152 113
153#### Start the container 114**Data**
115All of aptly's data (including PGP keys and GPG keyrings) is bind mounted outside of the container to preserve it if the container is removed or rebuilt.
154 116
1551. Run ```./run.sh``` 117**Networking**
1562. Wait until the GPG keyrings are created (not 0 bytes) before proceeding (it can take a few minutes). They will be in the bind mount location you chose in ```vars``` 118By default, Docker will map port 80 on the Docker host to port 80 within the container where nginx is configured to listen. You can change the external listening port to map to any port you like (see [Explane of the flags](###Explane-of-the-flags)).
157
158#### Pushing your image to the registry
159 119
160If you're happy with your container and ready to share with others, push your image up to a [Docker registry](https://docs.docker.com/docker-hub/) and save any other changes you've made so the image can be easily changed or rebuilt in the future. 120**Security**
121The GPG password which you specified in `GPG_PASSWORD` is stored in plain text and visible as an environment variable inside the container.
122It is set as an enviornment variable to allow for automation of repository updates without user interaction. The GPG password can be removed completely but it is safer to encrypt the GPG keyrings because they are bind mounted outside the container to avoid the necessity of regenerating/redistributing keys if the container is removed or rebuilt.
161 123
1621. Authenticate to the Docker Registry ```docker login``` 124## Bugs
1632. Run ```./push.sh```
1643. Log into your Docker hub account and add a description, etc.
165 125
166> NOTE: If your image will be used FROM other containers you might want to use ```./push.sh flatten``` to consolidate the AUFS layers into a single layer. Keep in mind, you may lose Dockerfile attributes when your image is flattened. 126* **startup.sh**: looks like that `gpg --batch --gen-key /opt/gpg_batch` execute in separating process & next step is incorrect.