Last active
April 21, 2016 13:59
-
-
Save chriscowley/b57b7fdfa43317288834c073700f275b to your computer and use it in GitHub Desktop.
Generate certificates for use in a Swarm cluster
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| INFILE=$1 | |
| CACERT="${HOME}/.docker/ca.pem" | |
| show_help() { | |
| echo -e "Usage:" | |
| echo " ./distribute-keys.sh nodes.in" | |
| echo -e "\nnodes.in is a list nodes and IPs to create certificates for." | |
| echo "The format is:" | |
| echo " docker-swarm-1 172.16.6.41" | |
| echo " docker-swarm-2 172.16.6.42" | |
| echo " docker-node-1 172.16.6.51" | |
| echo " docker-node-2 172.16.6.52" | |
| echo " docker-node-3 172.16.6.53" | |
| } | |
| if [ "$#" -ne 1 ] | |
| then | |
| echo "Input file not specified" | |
| show_help | |
| exit 1 | |
| fi | |
| if [ ! -f ${HOME}/.ssh/id_rsa ] | |
| then | |
| echo "No SSH keypair" | |
| ssh-keygen -q -t rsa -N "" -f ${HOME}/.ssh/id_rsa | |
| while read inrec | |
| do | |
| ssh-copy-id root@$(echo ${inrec} | awk '{print $1}') | |
| done < ${INFILE} | |
| fi | |
| echo "Pushing certs and keys" | |
| while read inrec | |
| do | |
| NODENAME=$(echo ${inrec} | awk '{print $1}') | |
| echo ${NODENAME} | |
| INCERT=".docker/${NODENAME}-cert.pem" | |
| INKEY=".docker/${NODENAME}-key.pem" | |
| rsync --dirs ${INCERT} ${INKEY} root@${NODENAME}:/etc/docker/certs/ | |
| done < ${INFILE} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| INFILE=$1 | |
| CACERT="${HOME}/.docker/ca.pem" | |
| CAKEY="${HOME}/.docker/ca-key.pem" | |
| OSSLCNF="${HOME}/.docker/openssl.conf" | |
| SWARM_NODES="docker-swarm-1 docker-swarm-2" | |
| if [ -f ${CACERT} ] | |
| then | |
| echo "CA already exists" | |
| else | |
| docker run --rm -v ${HOME}/.docker:/certs paulczar/omgwtfssl | |
| sudo cp -v ${HOME}/.docker/ca.pem /etc/docker/ssl/ca.pem | |
| fi | |
| while read inrec | |
| do | |
| HOSTNAME=$( echo ${inrec} | awk '{print $1}') | |
| IP=$(echo ${inrec} | awk '{print $2}') | |
| SSL_IP="127.0.0.1,${IP}" | |
| SSL_DNS="${HOSTNAME}" | |
| SSL_KEY="/certs/${HOSTNAME}-key.pem" | |
| SSL_CERT="/certs/${HOSTNAME}-cert.pem" | |
| docker run --rm -v /etc/docker/ssl:/server -v ${HOME}/.docker:/certs \ | |
| -e SSL_IP=${SSL_IP} \ | |
| -e SSL_DNS=${SSL_DNS} \ | |
| -e SSL_KEY=${SSL_KEY} \ | |
| -e SSL_CERT=${SSL_CERT} paulczar/omgwtfssl | |
| done < ${INFILE} | |
| sudo chown -R ${USER} ${HOME}/.docker |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| clear | |
| ###################################################################### | |
| # | |
| # !!! SCRIPT TEMPORAIRE - UTILISER DE PREFERENCE DOCKER-MACHINE !!! | |
| # Déploiement docker SWARM sur LAB-OVH | |
| # | |
| # | |
| # 2 Master SWARM : docker-swarm-1 et docker-swarm-2 | |
| # 3 Master Consul : docker-swarm-1, docker-swarm-2 et docker-node-1 | |
| # 2 Client Consul : docker-node-2 docker node-3 | |
| # By CNA 16/04/16/ | |
| ###################################################################### | |
| # DATE # QUI # QUOI | |
| ###################################################################### | |
| # 21/04/16 # CNA # Ajout de : | |
| # # # --restart=unless-stopped => Redemarre toujours le conteneur en cas de defaut, sauf si conteneur arret à la main | |
| # # # reschedule:on-node-failure => Re-création du conteneur au re-démarrage du démon docker | |
| ###################################################################### | |
| #Variable | |
| ######### | |
| VERT="\\033[1;32m" | |
| ROUGE="\\033[1;31m" | |
| NORMAL="\\033[0;39m" | |
| swarm1=172.16.6.41 | |
| swarm2=172.16.6.42 | |
| node1=172.16.6.51 | |
| node2=172.16.6.52 | |
| node3=172.16.6.53 | |
| #Fonction | |
| ######### | |
| display_usage() { | |
| echo "#################################################################################################" | |
| echo -e "# "$ROUGE"Exécuter ce script depuis la VM docker-swarm-1 "$NORMAL" #" | |
| echo -e "# Le script nécessite de préciser la"$VERT" stratégie"$NORMAL" de cluster. #" | |
| echo "# #" | |
| echo -e "# "$VERT" spread "$NORMAL" : Lance le conteneur sur le noeud possédant le moins de conteneurs #" | |
| echo -e "# "$VERT" binpack "$NORMAL": Un maximum de conteneur sur le premier noeud et passe au suivant #" | |
| echo -e "# "$VERT" random "$NORMAL": Lance le conteneur alèatoirement (pour debug) #" | |
| echo "#################################################################################################" | |
| echo -e "\nUsage:\n$0 [argument] \n" | |
| echo " Exemples :" | |
| echo " $0 spread" | |
| echo " $0 binpack" | |
| echo " $0 random" | |
| } | |
| gestion_erreur() { | |
| if [ $? -eq 0 ]; then | |
| echo -e ""$VERT"......OK""$NORMAL" | |
| else | |
| echo -e ""$ROUGE"......ERREUR""$NORMAL" | |
| exit 1 | |
| fi | |
| } | |
| echo " ARGUMENT : $1" | |
| if [ "$1" = "spread" ] || [ "$1" = "binpack" ] || [ "$1" = "random" ] | |
| then | |
| ########################### | |
| # MISE EN PLACE DE CONSUL # | |
| ########################### | |
| #installation Consul serveur docker-swarm-1 | |
| echo -e "$VERT" "installation Consul serveur docker-swarm-1 " "$NORMAL" | |
| docker run --restart=unless-stopped -d -h consul-swarm-1S -e reschedule:on-node-failure -v /mnt:/data -p 8300:8300 -p 8301:8301 -p 8301:8301/udp -p 8302:8302 -p 8302:8302/udp -p 8400:8400 -p 8500:8500 -p 53:53/udp progrium/consul -server -advertise $swarm1 -bootstrap-expect 3 | |
| gestion_erreur $? | |
| #installation Consul serveur docker-swarm-2 | |
| echo -e "$VERT" "installation Consul serveur docker-swarm-2 " "$NORMAL" | |
| docker -H=tcp://$swarm2:2375 run --restart=unless-stopped -d -h consul-swarm-2S -e reschedule:on-node-failure -v /mnt:/data -p 8300:8300 -p 8301:8301 -p 8301:8301/udp -p 8302:8302 -p 8302:8302/udp -p 8400:8400 -p 8500:8500 -p 53:53/udp progrium/consul -server -advertise $swarm2 -join $swarm1 | |
| gestion_erreur $? | |
| #installation Consul serveur docker-node-1 | |
| echo -e "$VERT" "installation Consul serveur docker-node-1 " "$NORMAL" | |
| docker -H=tcp://$node1:2375 run --restart=unless-stopped -d -h consul-node-1S -e reschedule:on-node-failure -v /mnt:/data -p 8300:8300 -p 8301:8301 -p 8301:8301/udp -p 8302:8302 -p 8302:8302/udp -p 8400:8400 -p 8500:8500 -p 53:53/udp progrium/consul -server -advertise $node1 -join $swarm1 | |
| gestion_erreur $? | |
| #installation Consul client docker-node-2 | |
| echo -e "$VERT" "installation Consul client docker-node-2 " "$NORMAL" | |
| docker -H=tcp://$node2:2375 run --restart=unless-stopped -d -h consul-Node-2C -e reschedule:on-node-failure -v /mnt:/data -p 8300:8300 -p 8301:8301 -p 8301:8301/udp -p 8302:8302 -p 8302:8302/udp -p 8400:8400 -p 8500:8500 -p 53:53/udp progrium/consul -advertise $node2 -join $swarm1 | |
| gestion_erreur $? | |
| #installation Consul client docker-node-3 | |
| echo -e "$VERT" "installation Consul client docker-node-3 " "$NORMAL" | |
| docker -H=tcp://$node3:2375 run --restart=unless-stopped -d -h consul-Node-3C -e reschedule:on-node-failure -v /mnt:/data -p 8300:8300 -p 8301:8301 -p 8301:8301/udp -p 8302:8302 -p 8302:8302/udp -p 8400:8400 -p 8500:8500 -p 53:53/udp progrium/consul -advertise $node3 -join $swarm1 | |
| gestion_erreur $? | |
| ############################ | |
| # MISE EN PLACE DU CLUSTER # | |
| ############################ | |
| #Installation du Master Swarm docker-swarm-1 | |
| echo -e "$VERT" "Installation du Master Swarm docker-swarm-1 " "$NORMAL" | |
| docker run --restart=unless-stopped -d -p 4000:4000 -e reschedule:on-node-failure swarm:latest --experimental manage -H :4000 --strategy $1 --replication --advertise $swarm1:4000 consul://$swarm1:8500 | |
| gestion_erreur $? | |
| echo " " | |
| #Installation du Master secondaire Swarm docker-swarm-2 | |
| echo -e "$VERT" "Installation du Master secondaire Swarm docker-swarm-2 " "$NORMAL" | |
| docker -H=tcp://$swarm2:2375 run --restart=unless-stopped -d -p 4000:4000 -e reschedule:on-node-failure swarm:latest --experimental manage -H :4000 --replication --advertise $swarm2:4000 consul://$swarm1:8500 | |
| gestion_erreur $? | |
| echo " " | |
| ############################### | |
| # AJOUT DES NOEUDS AU CLUSTER # | |
| ############################### | |
| #Ajout du noeud docker-node-1 | |
| echo -e "$VERT" "Ajout du noeud docker-node-1 " "$NORMAL" | |
| docker -H=tcp://$node1:2375 run --restart=unless-stopped -d -e reschedule:on-node-failure swarm:latest --experimental join --advertise=$node1:2375 consul://$swarm1:8500 | |
| gestion_erreur $? | |
| echo " " | |
| #Ajout du noeud docker-node-2 | |
| echo -e "$VERT" "Ajout du noeud docker-node-2 " "$NORMAL" | |
| docker -H=tcp://$node2:2375 run --restart=unless-stopped -d -e reschedule:on-node-failure swarm:latest --experimental join --advertise=$node2:2375 consul://$swarm1:8500 | |
| gestion_erreur $? | |
| echo " " | |
| #Ajout du noeud docker-node-3 | |
| echo -e "$VERT" "Ajout du noeud docker-node-3 " "$NORMAL" | |
| docker -H=tcp://$node3:2375 run --restart=unless-stopped -d -e reschedule:on-node-failure swarm:latest --experimental join --advertise=$node3:2375 consul://$swarm1:8500 | |
| gestion_erreur $? | |
| echo " " | |
| sleep 7 | |
| #Docker info cluster | |
| #################### | |
| docker -H :4000 info | |
| else | |
| display_usage | |
| exit 1 | |
| fi | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment