Consolidate DinD cleanup process
Some checks are pending
CI/CD Pipeline (DinD) / Test Backend (DinD) (push) Waiting to run
CI/CD Pipeline (DinD) / Test Frontend (DinD) (push) Waiting to run
CI/CD Pipeline (DinD) / Build and Push Docker Images (DinD) (push) Blocked by required conditions
CI/CD Pipeline (DinD) / Deploy to Production (push) Blocked by required conditions
Some checks are pending
CI/CD Pipeline (DinD) / Test Backend (DinD) (push) Waiting to run
CI/CD Pipeline (DinD) / Test Frontend (DinD) (push) Waiting to run
CI/CD Pipeline (DinD) / Build and Push Docker Images (DinD) (push) Blocked by required conditions
CI/CD Pipeline (DinD) / Deploy to Production (push) Blocked by required conditions
This commit is contained in:
parent
86bb5e37b8
commit
f11348f209
2 changed files with 328 additions and 442 deletions
|
@ -1184,256 +1184,38 @@ docker exec ci-cd-dind docker rmi localhost:5000/test/alpine:latest
|
||||||
- **Tests connectivity**: Verifies DinD can pull, tag, and push images to Harbor
|
- **Tests connectivity**: Verifies DinD can pull, tag, and push images to Harbor
|
||||||
- **Validates setup**: Ensures the complete CI/CD pipeline will work
|
- **Validates setup**: Ensures the complete CI/CD pipeline will work
|
||||||
|
|
||||||
#### 8.3 Create DinD Cleanup Script
|
#### 8.3 DinD Cleanup Script and Testing
|
||||||
|
|
||||||
|
The project includes a comprehensive Docker-in-Docker cleanup script at `scripts/dind-cleanup.sh` that provides a simple way to clean up the DinD environment by restarting the DinD container for a fresh environment.
|
||||||
|
|
||||||
|
**Key Features:**
|
||||||
|
- **🧹 Complete Environment Reset**: Stops, removes, and recreates the `ci-cd-dind` container
|
||||||
|
- **📊 Status Monitoring**: Shows current DinD container status, Docker info, images, and containers
|
||||||
|
- **🚨 Dry Run Mode**: Use `--dry-run` to see what would be done without making changes
|
||||||
|
- **🎨 Colored Output**: Clear, color-coded logging for better readability
|
||||||
|
- **🛡️ Error Handling**: Robust error checking and graceful failure handling
|
||||||
|
|
||||||
|
**Usage:**
|
||||||
```bash
|
```bash
|
||||||
# Create simplified cleanup script for DinD
|
# Clean up DinD environment
|
||||||
cat > /opt/APP_NAME/scripts/dind-cleanup.sh << 'EOF'
|
./scripts/dind-cleanup.sh
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Docker-in-Docker Cleanup Script
|
# See what would be done without executing
|
||||||
# This script provides a simple way to clean up the DinD environment
|
./scripts/dind-cleanup.sh --dry-run
|
||||||
# by restarting the DinD container, which gives a fresh environment.
|
|
||||||
|
|
||||||
set -e
|
# Show help
|
||||||
|
./scripts/dind-cleanup.sh --help
|
||||||
# Color codes for output
|
|
||||||
RED='\033[0;31m'
|
|
||||||
GREEN='\033[0;32m'
|
|
||||||
YELLOW='\033[1;33m'
|
|
||||||
BLUE='\033[0;34m'
|
|
||||||
NC='\033[0m' # No Color
|
|
||||||
|
|
||||||
# Logging functions
|
|
||||||
log_info() {
|
|
||||||
echo -e "${BLUE}[INFO]${NC} $1"
|
|
||||||
}
|
|
||||||
|
|
||||||
log_success() {
|
|
||||||
echo -e "${GREEN}[SUCCESS]${NC} $1"
|
|
||||||
}
|
|
||||||
|
|
||||||
log_warning() {
|
|
||||||
echo -e "${YELLOW}[WARNING]${NC} $1"
|
|
||||||
}
|
|
||||||
|
|
||||||
log_error() {
|
|
||||||
echo -e "${RED}[ERROR]${NC} $1"
|
|
||||||
}
|
|
||||||
|
|
||||||
show_help() {
|
|
||||||
cat << EOF
|
|
||||||
Docker-in-Docker Cleanup Script
|
|
||||||
|
|
||||||
Usage: $0 [OPTIONS]
|
|
||||||
|
|
||||||
Options:
|
|
||||||
--dry-run Show what would be done without executing
|
|
||||||
--help|-h Show this help message
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
$0 # Clean up DinD environment
|
|
||||||
$0 --dry-run # Show what would be done
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
# Parse command line arguments
|
|
||||||
DRY_RUN="false"
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
|
||||||
case $1 in
|
|
||||||
--dry-run)
|
|
||||||
DRY_RUN="true"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--help|-h)
|
|
||||||
show_help
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
log_error "Unknown option: $1"
|
|
||||||
show_help
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
# Main cleanup function
|
|
||||||
cleanup_dind() {
|
|
||||||
echo
|
|
||||||
echo "=================================================================================="
|
|
||||||
echo " 🧹 Docker-in-Docker Cleanup 🧹"
|
|
||||||
echo "=================================================================================="
|
|
||||||
echo
|
|
||||||
|
|
||||||
# Check if DinD container exists
|
|
||||||
if ! docker ps -a --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
|
||||||
log_error "DinD container 'ci-cd-dind' not found!"
|
|
||||||
log_info "Creating new DinD container..."
|
|
||||||
|
|
||||||
if [ "$DRY_RUN" = "true" ]; then
|
|
||||||
log_info "DRY RUN: Would create DinD container"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker run -d \
|
|
||||||
--name ci-cd-dind \
|
|
||||||
--privileged \
|
|
||||||
--restart unless-stopped \
|
|
||||||
-p 2376:2376 \
|
|
||||||
-v ci-cd-data:/var/lib/docker \
|
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
docker:dind
|
|
||||||
|
|
||||||
log_success "DinD container created successfully"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if DinD container is running
|
|
||||||
if docker ps --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
|
||||||
log_info "DinD container is running"
|
|
||||||
|
|
||||||
if [ "$DRY_RUN" = "true" ]; then
|
|
||||||
log_info "DRY RUN: Would stop and restart DinD container"
|
|
||||||
log_info "DRY RUN: This would clear all CI/CD artifacts and give fresh environment"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
log_info "Stopping DinD container..."
|
|
||||||
docker stop ci-cd-dind
|
|
||||||
|
|
||||||
log_info "Removing DinD container..."
|
|
||||||
docker rm ci-cd-dind
|
|
||||||
|
|
||||||
log_info "Creating fresh DinD container..."
|
|
||||||
docker run -d \
|
|
||||||
--name ci-cd-dind \
|
|
||||||
--privileged \
|
|
||||||
--restart unless-stopped \
|
|
||||||
-p 2376:2376 \
|
|
||||||
-v ci-cd-data:/var/lib/docker \
|
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
docker:dind
|
|
||||||
|
|
||||||
# Wait for DinD to start
|
|
||||||
log_info "Waiting for DinD to start..."
|
|
||||||
sleep 10
|
|
||||||
|
|
||||||
# Test DinD connectivity
|
|
||||||
if timeout 30 bash -c 'until docker exec ci-cd-dind docker version >/dev/null 2>&1; do sleep 1; done'; then
|
|
||||||
log_success "DinD container is ready!"
|
|
||||||
else
|
|
||||||
log_error "DinD container failed to start properly"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
else
|
|
||||||
log_info "DinD container exists but is not running"
|
|
||||||
|
|
||||||
if [ "$DRY_RUN" = "true" ]; then
|
|
||||||
log_info "DRY RUN: Would remove and recreate DinD container"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
log_info "Removing existing DinD container..."
|
|
||||||
docker rm ci-cd-dind
|
|
||||||
|
|
||||||
log_info "Creating fresh DinD container..."
|
|
||||||
docker run -d \
|
|
||||||
--name ci-cd-dind \
|
|
||||||
--privileged \
|
|
||||||
--restart unless-stopped \
|
|
||||||
-p 2376:2376 \
|
|
||||||
-v ci-cd-data:/var/lib/docker \
|
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
docker:dind
|
|
||||||
|
|
||||||
# Wait for DinD to start
|
|
||||||
log_info "Waiting for DinD to start..."
|
|
||||||
sleep 10
|
|
||||||
|
|
||||||
# Test DinD connectivity
|
|
||||||
if timeout 30 bash -c 'until docker exec ci-cd-dind docker version >/dev/null 2>&1; do sleep 1; done'; then
|
|
||||||
log_success "DinD container is ready!"
|
|
||||||
else
|
|
||||||
log_error "DinD container failed to start properly"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "=================================================================================="
|
|
||||||
log_success "DinD cleanup completed successfully!"
|
|
||||||
echo "=================================================================================="
|
|
||||||
echo
|
|
||||||
log_info "Benefits of this cleanup:"
|
|
||||||
log_info " ✅ Fresh Docker environment for CI/CD"
|
|
||||||
log_info " ✅ No resource contention with Harbor"
|
|
||||||
log_info " ✅ Clean state for Rust testing"
|
|
||||||
log_info " ✅ Isolated CI/CD operations"
|
|
||||||
echo
|
|
||||||
}
|
|
||||||
|
|
||||||
# Show current DinD status
|
|
||||||
show_status() {
|
|
||||||
echo "=================================================================================="
|
|
||||||
echo " 📊 DinD Status 📊"
|
|
||||||
echo "=================================================================================="
|
|
||||||
echo
|
|
||||||
|
|
||||||
if docker ps -a --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
|
||||||
log_info "DinD Container Status:"
|
|
||||||
docker ps -a --filter "name=ci-cd-dind" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
|
|
||||||
echo
|
|
||||||
|
|
||||||
if docker ps --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
|
||||||
log_info "DinD Docker Info:"
|
|
||||||
docker exec ci-cd-dind docker info --format "{{.ServerVersion}}" 2>/dev/null || log_warning "Cannot connect to DinD Docker daemon"
|
|
||||||
echo
|
|
||||||
|
|
||||||
log_info "DinD Images:"
|
|
||||||
docker exec ci-cd-dind docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" 2>/dev/null || log_warning "Cannot list DinD images"
|
|
||||||
echo
|
|
||||||
|
|
||||||
log_info "DinD Containers:"
|
|
||||||
docker exec ci-cd-dind docker ps -a --format "table {{.Names}}\t{{.Status}}\t{{.Image}}" 2>/dev/null || log_warning "Cannot list DinD containers"
|
|
||||||
else
|
|
||||||
log_warning "DinD container is not running"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
log_warning "DinD container does not exist"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "=================================================================================="
|
|
||||||
}
|
|
||||||
|
|
||||||
# Main execution
|
|
||||||
if [ "$DRY_RUN" = "true" ]; then
|
|
||||||
echo
|
|
||||||
echo "=================================================================================="
|
|
||||||
echo " 🚨 DRY RUN MODE 🚨"
|
|
||||||
echo " No changes will be made"
|
|
||||||
echo "=================================================================================="
|
|
||||||
echo
|
|
||||||
show_status
|
|
||||||
cleanup_dind
|
|
||||||
else
|
|
||||||
show_status
|
|
||||||
cleanup_dind
|
|
||||||
fi
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Make the script executable
|
|
||||||
chmod +x /opt/APP_NAME/scripts/dind-cleanup.sh
|
|
||||||
```
|
```
|
||||||
|
|
||||||
**What this does**:
|
**Benefits:**
|
||||||
- **Creates cleanup script**: Simple script to restart DinD container for fresh environment
|
- ✅ Fresh Docker environment for CI/CD
|
||||||
- **Status monitoring**: Shows current DinD container and Docker state
|
- ✅ No resource contention with Harbor
|
||||||
- **Dry-run mode**: Allows testing without making changes
|
- ✅ Clean state for Rust testing
|
||||||
- **Error handling**: Proper error checking and user feedback
|
- ✅ Isolated CI/CD operations
|
||||||
|
|
||||||
#### 8.4 Test DinD Setup
|
The script is already part of the project repository and ready to use for maintaining clean CI/CD environments.
|
||||||
|
|
||||||
|
**Testing DinD Setup:**
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Test DinD cleanup script
|
# Test DinD cleanup script
|
||||||
|
@ -1457,7 +1239,7 @@ docker exec ci-cd-dind docker rmi localhost:5000/test/dind-test:latest
|
||||||
- Harbor push/pull should work from DinD
|
- Harbor push/pull should work from DinD
|
||||||
- Cleanup script should show proper status
|
- Cleanup script should show proper status
|
||||||
|
|
||||||
#### 8.5 Set Up Automated DinD Cleanup
|
#### 8.4 Set Up Automated DinD Cleanup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Create a cron job to run DinD cleanup daily at 2 AM
|
# Create a cron job to run DinD cleanup daily at 2 AM
|
||||||
|
@ -1467,15 +1249,13 @@ docker exec ci-cd-dind docker rmi localhost:5000/test/dind-test:latest
|
||||||
crontab -l
|
crontab -l
|
||||||
```
|
```
|
||||||
|
|
||||||
**What this does**:
|
**What this does:**
|
||||||
- **Automated cleanup**: Restarts DinD container daily for fresh environment
|
- **Automated cleanup**: Restarts DinD container daily for fresh environment
|
||||||
- **Prevents resource buildup**: Clears CI/CD artifacts automatically
|
- **Prevents resource buildup**: Clears CI/CD artifacts automatically
|
||||||
- **Maintains performance**: Ensures consistent CI/CD performance
|
- **Maintains performance**: Ensures consistent CI/CD performance
|
||||||
- **Zero Harbor impact**: DinD cleanup doesn't affect Harbor operations
|
- **Zero Harbor impact**: DinD cleanup doesn't affect Harbor operations
|
||||||
|
|
||||||
### Step 9: Set Up Monitoring and Cleanup
|
#### 8.5 Monitoring Script
|
||||||
|
|
||||||
#### 9.1 Monitoring Script
|
|
||||||
|
|
||||||
**Important**: The repository includes a pre-configured monitoring script in the `scripts/` directory that can be used for both CI/CD and production monitoring.
|
**Important**: The repository includes a pre-configured monitoring script in the `scripts/` directory that can be used for both CI/CD and production monitoring.
|
||||||
|
|
||||||
|
@ -1499,133 +1279,7 @@ chmod +x scripts/monitor.sh
|
||||||
|
|
||||||
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
|
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
|
||||||
|
|
||||||
#### 9.2 DinD Cleanup Script
|
### Step 9: Configure Firewall
|
||||||
|
|
||||||
**Important**: With the DinD setup, CI/CD operations are isolated in the DinD container. This means we can use a much simpler cleanup approach - just restart the DinD container for a fresh environment.
|
|
||||||
|
|
||||||
**DinD Cleanup Script**:
|
|
||||||
- `scripts/dind-cleanup.sh` - Simple script to restart DinD container for fresh CI environment
|
|
||||||
|
|
||||||
**To use the DinD cleanup script**:
|
|
||||||
```bash
|
|
||||||
# The repository is already cloned at /opt/APP_NAME/
|
|
||||||
cd /opt/APP_NAME
|
|
||||||
|
|
||||||
# Make the script executable
|
|
||||||
chmod +x scripts/dind-cleanup.sh
|
|
||||||
|
|
||||||
# Test DinD cleanup (dry run first)
|
|
||||||
./scripts/dind-cleanup.sh --dry-run
|
|
||||||
|
|
||||||
# Run DinD cleanup
|
|
||||||
./scripts/dind-cleanup.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
**Benefits of DinD cleanup**:
|
|
||||||
- ✅ **Simple operation**: Just restart the DinD container
|
|
||||||
- ✅ **Zero Harbor impact**: Harbor registry is completely unaffected
|
|
||||||
- ✅ **Fresh environment**: Every cleanup gives a completely clean state
|
|
||||||
- ✅ **Fast execution**: No complex resource scanning needed
|
|
||||||
- ✅ **Reliable**: No risk of accidentally removing Harbor resources
|
|
||||||
|
|
||||||
#### 9.3 Test DinD Cleanup Script
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Test DinD cleanup with dry run first
|
|
||||||
./scripts/dind-cleanup.sh --dry-run
|
|
||||||
|
|
||||||
# Run the DinD cleanup script
|
|
||||||
./scripts/dind-cleanup.sh
|
|
||||||
|
|
||||||
# Verify DinD is working after cleanup
|
|
||||||
docker exec ci-cd-dind docker version
|
|
||||||
docker exec ci-cd-dind docker run --rm alpine:latest echo "DinD cleanup successful!"
|
|
||||||
```
|
|
||||||
|
|
||||||
**Expected Output**:
|
|
||||||
- DinD cleanup script should run without errors
|
|
||||||
- DinD container should be restarted with fresh environment
|
|
||||||
- Docker commands should work inside DinD after cleanup
|
|
||||||
- Harbor registry should remain completely unaffected
|
|
||||||
|
|
||||||
**If something goes wrong**:
|
|
||||||
- Check script permissions: `ls -la scripts/dind-cleanup.sh`
|
|
||||||
- Verify DinD container: `docker ps | grep ci-cd-dind`
|
|
||||||
- Check DinD logs: `docker logs ci-cd-dind`
|
|
||||||
- Run manually: `bash -x scripts/dind-cleanup.sh`
|
|
||||||
|
|
||||||
#### 9.4 Set Up Automated DinD Cleanup
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Create a cron job to run DinD cleanup daily at 2 AM
|
|
||||||
(crontab -l 2>/dev/null; echo "0 2 * * * cd /opt/APP_NAME && ./scripts/dind-cleanup.sh >> /tmp/dind-cleanup.log 2>&1") | crontab -
|
|
||||||
|
|
||||||
# Verify the cron job was added
|
|
||||||
crontab -l
|
|
||||||
```
|
|
||||||
|
|
||||||
**What this does:**
|
|
||||||
- **Runs automatically**: The DinD cleanup script runs every day at 2:00 AM
|
|
||||||
- **Frequency**: Daily cleanup to prevent CI/CD resource buildup
|
|
||||||
- **Logging**: All cleanup output is logged to `/tmp/dind-cleanup.log`
|
|
||||||
- **What it cleans**: Restarts DinD container for fresh CI environment
|
|
||||||
- **Zero Harbor impact**: Harbor registry operations are completely unaffected
|
|
||||||
|
|
||||||
#### 9.5 Test Cleanup Script
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Create some test images to clean up
|
|
||||||
docker pull alpine:latest
|
|
||||||
docker pull nginx:latest
|
|
||||||
docker tag alpine:latest test-cleanup:latest
|
|
||||||
docker tag nginx:latest test-cleanup2:latest
|
|
||||||
|
|
||||||
# Test cleanup with dry run first
|
|
||||||
./scripts/cleanup.sh --type ci-cd --dry-run
|
|
||||||
|
|
||||||
# Run the cleanup script
|
|
||||||
./scripts/cleanup.sh --type ci-cd
|
|
||||||
|
|
||||||
# Verify cleanup worked
|
|
||||||
echo "Checking remaining images:"
|
|
||||||
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
|
|
||||||
|
|
||||||
echo "Checking remaining volumes:"
|
|
||||||
docker volume ls
|
|
||||||
|
|
||||||
echo "Checking remaining networks:"
|
|
||||||
docker network ls
|
|
||||||
```
|
|
||||||
|
|
||||||
**Expected Output**:
|
|
||||||
- Cleanup script should run without errors
|
|
||||||
- Test images should be removed
|
|
||||||
- System should report cleanup completion
|
|
||||||
- Remaining images should be minimal (only actively used ones)
|
|
||||||
|
|
||||||
**If something goes wrong**:
|
|
||||||
- Check script permissions: `ls -la scripts/cleanup.sh`
|
|
||||||
- Verify Docker access: `docker ps`
|
|
||||||
- Check registry access: `cd /opt/APP_NAME/registry && docker compose ps`
|
|
||||||
- Run manually: `bash -x scripts/cleanup.sh`
|
|
||||||
|
|
||||||
#### 9.6 Set Up Automated Cleanup
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Create a cron job to run cleanup daily at 3 AM using the repository script
|
|
||||||
(crontab -l 2>/dev/null; echo "0 3 * * * cd /opt/APP_NAME && ./scripts/cleanup.sh --type ci-cd >> /tmp/cleanup.log 2>&1") | crontab -
|
|
||||||
|
|
||||||
# Verify the cron job was added
|
|
||||||
crontab -l
|
|
||||||
```
|
|
||||||
|
|
||||||
**What this does:**
|
|
||||||
- **Runs automatically**: The cleanup script runs every day at 3:00 AM
|
|
||||||
- **Frequency**: Daily cleanup to prevent disk space issues
|
|
||||||
- **Logging**: All cleanup output is logged to `/tmp/cleanup.log`
|
|
||||||
- **What it cleans**: Unused Docker images, volumes, networks, and Harbor images
|
|
||||||
|
|
||||||
### Step 10: Configure Firewall
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo ufw --force enable
|
sudo ufw --force enable
|
||||||
|
@ -1640,23 +1294,23 @@ sudo ufw allow 443/tcp # Harbor registry (public read access)
|
||||||
- **SSH**: Restricted to your IP addresses
|
- **SSH**: Restricted to your IP addresses
|
||||||
- **All other ports**: Blocked
|
- **All other ports**: Blocked
|
||||||
|
|
||||||
### Step 11: Test CI/CD Setup
|
### Step 10: Test CI/CD Setup
|
||||||
|
|
||||||
#### 11.1 Test Docker Installation
|
#### 10.1 Test Docker Installation
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker --version
|
docker --version
|
||||||
docker compose --version
|
docker compose --version
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 11.2 Check Harbor Status
|
#### 10.2 Check Harbor Status
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd /opt/APP_NAME/registry
|
cd /opt/APP_NAME/registry
|
||||||
docker compose ps
|
docker compose ps
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 11.3 Test Harbor Access
|
#### 10.3 Test Harbor Access
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Test Harbor API
|
# Test Harbor API
|
||||||
|
@ -1666,7 +1320,7 @@ curl -k https://localhost:8080/api/v2.0/health
|
||||||
curl -k -I https://localhost
|
curl -k -I https://localhost
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 11.4 Get Public Key for Production Server
|
#### 10.4 Get Public Key for Production Server
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cat ~/.ssh/id_ed25519.pub
|
cat ~/.ssh/id_ed25519.pub
|
||||||
|
@ -1678,15 +1332,15 @@ cat ~/.ssh/id_ed25519.pub
|
||||||
|
|
||||||
## Part 2: Production Linode Setup
|
## Part 2: Production Linode Setup
|
||||||
|
|
||||||
### Step 12: Initial System Setup
|
### Step 11: Initial System Setup
|
||||||
|
|
||||||
#### 12.1 Update the System
|
#### 11.1 Update the System
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo apt update && sudo apt upgrade -y
|
sudo apt update && sudo apt upgrade -y
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 12.2 Configure Timezone
|
#### 11.2 Configure Timezone
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Configure timezone interactively
|
# Configure timezone interactively
|
||||||
|
@ -1700,7 +1354,7 @@ date
|
||||||
|
|
||||||
**Expected output**: After selecting your timezone, the `date` command should show the current date and time in your selected timezone.
|
**Expected output**: After selecting your timezone, the `date` command should show the current date and time in your selected timezone.
|
||||||
|
|
||||||
#### 12.3 Configure /etc/hosts
|
#### 11.3 Configure /etc/hosts
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Add localhost entries for both IPv4 and IPv6
|
# Add localhost entries for both IPv4 and IPv6
|
||||||
|
@ -1721,7 +1375,7 @@ cat /etc/hosts
|
||||||
|
|
||||||
**Expected output**: The `/etc/hosts` file should show entries for `127.0.0.1`, `::1`, and your Linode's actual IP addresses all mapping to `localhost`.
|
**Expected output**: The `/etc/hosts` file should show entries for `127.0.0.1`, `::1`, and your Linode's actual IP addresses all mapping to `localhost`.
|
||||||
|
|
||||||
#### 12.4 Install Essential Packages
|
#### 11.4 Install Essential Packages
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo apt install -y \
|
sudo apt install -y \
|
||||||
|
@ -1739,9 +1393,9 @@ sudo apt install -y \
|
||||||
python3-certbot-nginx
|
python3-certbot-nginx
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 13: Create Users
|
### Step 12: Create Users
|
||||||
|
|
||||||
#### 13.1 Create the SERVICE_USER User
|
#### 12.1 Create the SERVICE_USER User
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Create dedicated group for the service account
|
# Create dedicated group for the service account
|
||||||
|
@ -1752,7 +1406,7 @@ sudo useradd -r -g SERVICE_USER -s /bin/bash -m -d /home/SERVICE_USER SERVICE_US
|
||||||
echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
|
echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 13.2 Create the DEPLOY_USER User
|
#### 12.2 Create the DEPLOY_USER User
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Create deployment user
|
# Create deployment user
|
||||||
|
@ -1761,7 +1415,7 @@ sudo usermod -aG sudo DEPLOY_USER
|
||||||
echo "DEPLOY_USER:$(openssl rand -base64 32)" | sudo chpasswd
|
echo "DEPLOY_USER:$(openssl rand -base64 32)" | sudo chpasswd
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 13.3 Verify Users
|
#### 12.3 Verify Users
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo su - SERVICE_USER
|
sudo su - SERVICE_USER
|
||||||
|
@ -1775,9 +1429,9 @@ pwd
|
||||||
exit
|
exit
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 14: Install Docker
|
### Step 13: Install Docker
|
||||||
|
|
||||||
#### 14.1 Add Docker Repository
|
#### 13.1 Add Docker Repository
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
||||||
|
@ -1785,28 +1439,28 @@ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docke
|
||||||
sudo apt update
|
sudo apt update
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 14.2 Install Docker Packages
|
#### 13.2 Install Docker Packages
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 14.3 Configure Docker for Service Account
|
#### 13.3 Configure Docker for Service Account
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo usermod -aG docker SERVICE_USER
|
sudo usermod -aG docker SERVICE_USER
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 15: Install Docker Compose
|
### Step 14: Install Docker Compose
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
||||||
sudo chmod +x /usr/local/bin/docker-compose
|
sudo chmod +x /usr/local/bin/docker-compose
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 16: Configure Security
|
### Step 15: Configure Security
|
||||||
|
|
||||||
#### 16.1 Configure Firewall
|
#### 15.1 Configure Firewall
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo ufw --force enable
|
sudo ufw --force enable
|
||||||
|
@ -1819,16 +1473,16 @@ sudo ufw allow 3000/tcp
|
||||||
sudo ufw allow 3001/tcp
|
sudo ufw allow 3001/tcp
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 16.2 Configure Fail2ban
|
#### 15.2 Configure Fail2ban
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo systemctl enable fail2ban
|
sudo systemctl enable fail2ban
|
||||||
sudo systemctl start fail2ban
|
sudo systemctl start fail2ban
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 17: Create Application Directory
|
### Step 16: Create Application Directory
|
||||||
|
|
||||||
#### 17.1 Create Directory Structure
|
#### 16.1 Create Directory Structure
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo mkdir -p /opt/APP_NAME
|
sudo mkdir -p /opt/APP_NAME
|
||||||
|
@ -1837,22 +1491,22 @@ sudo chown SERVICE_USER:SERVICE_USER /opt/APP_NAME
|
||||||
|
|
||||||
**Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`.
|
**Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`.
|
||||||
|
|
||||||
#### 17.2 Create SSL Directory (Optional - for domain users)
|
#### 16.2 Create SSL Directory (Optional - for domain users)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo mkdir -p /opt/APP_NAME/nginx/ssl
|
sudo mkdir -p /opt/APP_NAME/nginx/ssl
|
||||||
sudo chown SERVICE_USER:SERVICE_USER /opt/APP_NAME/nginx/ssl
|
sudo chown SERVICE_USER:SERVICE_USER /opt/APP_NAME/nginx/ssl
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 18: Clone Repository and Set Up Application Files
|
### Step 17: Clone Repository and Set Up Application Files
|
||||||
|
|
||||||
#### 18.1 Switch to SERVICE_USER User
|
#### 17.1 Switch to SERVICE_USER User
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo su - SERVICE_USER
|
sudo su - SERVICE_USER
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 18.2 Clone Repository
|
#### 17.2 Clone Repository
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd /opt/APP_NAME
|
cd /opt/APP_NAME
|
||||||
|
@ -1865,7 +1519,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git .
|
||||||
|
|
||||||
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
|
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
|
||||||
|
|
||||||
#### 18.3 Create Environment File
|
#### 17.3 Create Environment File
|
||||||
|
|
||||||
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
|
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
|
||||||
|
|
||||||
|
@ -1891,7 +1545,7 @@ EOF
|
||||||
|
|
||||||
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
|
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
|
||||||
|
|
||||||
#### 18.4 Configure Docker for Harbor Access
|
#### 17.4 Configure Docker for Harbor Access
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Add the CI/CD Harbor registry to Docker's insecure registries
|
# Add the CI/CD Harbor registry to Docker's insecure registries
|
||||||
|
@ -1908,9 +1562,9 @@ sudo systemctl restart docker
|
||||||
|
|
||||||
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
|
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
|
||||||
|
|
||||||
### Step 19: Set Up SSH Key Authentication
|
### Step 18: Set Up SSH Key Authentication
|
||||||
|
|
||||||
#### 19.1 Add CI/CD Public Key
|
#### 18.1 Add CI/CD Public Key
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Create .ssh directory for SERVICE_USER
|
# Create .ssh directory for SERVICE_USER
|
||||||
|
@ -1924,7 +1578,7 @@ chmod 600 ~/.ssh/authorized_keys
|
||||||
|
|
||||||
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
|
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
|
||||||
|
|
||||||
#### 19.2 Test SSH Connection
|
#### 18.2 Test SSH Connection
|
||||||
|
|
||||||
From the CI/CD Linode, test the SSH connection:
|
From the CI/CD Linode, test the SSH connection:
|
||||||
|
|
||||||
|
@ -1934,16 +1588,16 @@ ssh production
|
||||||
|
|
||||||
**Expected output**: You should be able to SSH to the production server without a password prompt.
|
**Expected output**: You should be able to SSH to the production server without a password prompt.
|
||||||
|
|
||||||
### Step 20: Test Production Setup
|
### Step 19: Test Production Setup
|
||||||
|
|
||||||
#### 20.1 Test Docker Installation
|
#### 19.1 Test Docker Installation
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker --version
|
docker --version
|
||||||
docker compose --version
|
docker compose --version
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 20.2 Test Harbor Access
|
#### 19.2 Test Harbor Access
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Test pulling an image from the CI/CD Harbor registry
|
# Test pulling an image from the CI/CD Harbor registry
|
||||||
|
@ -1952,14 +1606,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
|
||||||
|
|
||||||
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
|
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
|
||||||
|
|
||||||
#### 20.3 Test Application Deployment
|
#### 19.3 Test Application Deployment
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd /opt/APP_NAME
|
cd /opt/APP_NAME
|
||||||
docker compose up -d
|
docker compose up -d
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 20.4 Verify Application Status
|
#### 19.4 Verify Application Status
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker compose ps
|
docker compose ps
|
||||||
|
@ -1976,9 +1630,9 @@ curl http://localhost:3001/health
|
||||||
|
|
||||||
## Part 3: Final Configuration and Testing
|
## Part 3: Final Configuration and Testing
|
||||||
|
|
||||||
### Step 21: Configure Forgejo Repository Secrets
|
### Step 20: Configure Forgejo Repository Secrets
|
||||||
|
|
||||||
#### 21.1 Required Repository Secrets
|
#### 20.1 Required Repository Secrets
|
||||||
|
|
||||||
Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**:
|
Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**:
|
||||||
|
|
||||||
|
@ -1994,16 +1648,16 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an
|
||||||
- `DOMAIN`: Your domain name (e.g., `example.com`)
|
- `DOMAIN`: Your domain name (e.g., `example.com`)
|
||||||
- `EMAIL`: Your email for SSL certificate notifications
|
- `EMAIL`: Your email for SSL certificate notifications
|
||||||
|
|
||||||
#### 21.2 Configure Forgejo Actions Runner
|
#### 20.2 Configure Forgejo Actions Runner
|
||||||
|
|
||||||
##### 21.2.1 Get Runner Token
|
##### 20.2.1 Get Runner Token
|
||||||
|
|
||||||
1. Go to your Forgejo repository
|
1. Go to your Forgejo repository
|
||||||
2. Navigate to **Settings → Actions → Runners**
|
2. Navigate to **Settings → Actions → Runners**
|
||||||
3. Click **"New runner"**
|
3. Click **"New runner"**
|
||||||
4. Copy the registration token
|
4. Copy the registration token
|
||||||
|
|
||||||
##### 21.2.2 Configure Runner
|
##### 20.2.2 Configure Runner
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Switch to DEPLOY_USER on CI/CD Linode
|
# Switch to DEPLOY_USER on CI/CD Linode
|
||||||
|
@ -2022,14 +1676,14 @@ forgejo-runner register \
|
||||||
--no-interactive
|
--no-interactive
|
||||||
```
|
```
|
||||||
|
|
||||||
##### 21.2.3 Start Runner
|
##### 20.2.3 Start Runner
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo systemctl start forgejo-runner.service
|
sudo systemctl start forgejo-runner.service
|
||||||
sudo systemctl status forgejo-runner.service
|
sudo systemctl status forgejo-runner.service
|
||||||
```
|
```
|
||||||
|
|
||||||
##### 21.2.4 Test Runner Configuration
|
##### 20.2.4 Test Runner Configuration
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Check if the runner is running
|
# Check if the runner is running
|
||||||
|
@ -2053,9 +1707,9 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
|
||||||
- Check network: Ensure the runner can reach your Forgejo instance
|
- Check network: Ensure the runner can reach your Forgejo instance
|
||||||
- Restart service: `sudo systemctl restart forgejo-runner.service`
|
- Restart service: `sudo systemctl restart forgejo-runner.service`
|
||||||
|
|
||||||
### Step 22: Set Up Monitoring and Cleanup
|
### Step 21: Set Up Monitoring and Cleanup
|
||||||
|
|
||||||
#### 22.1 Monitoring Script
|
#### 21.1 Monitoring Script
|
||||||
|
|
||||||
**Important**: The repository includes a pre-configured monitoring script in the `scripts/` directory that can be used for both CI/CD and production monitoring.
|
**Important**: The repository includes a pre-configured monitoring script in the `scripts/` directory that can be used for both CI/CD and production monitoring.
|
||||||
|
|
||||||
|
@ -2079,7 +1733,7 @@ chmod +x scripts/monitor.sh
|
||||||
|
|
||||||
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
|
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
|
||||||
|
|
||||||
#### 22.2 DinD Cleanup Script
|
#### 21.2 DinD Cleanup Script
|
||||||
|
|
||||||
**Important**: With the DinD setup, CI/CD operations are isolated in the DinD container. This means we can use a much simpler cleanup approach - just restart the DinD container for a fresh environment.
|
**Important**: With the DinD setup, CI/CD operations are isolated in the DinD container. This means we can use a much simpler cleanup approach - just restart the DinD container for a fresh environment.
|
||||||
|
|
||||||
|
@ -2108,7 +1762,7 @@ chmod +x scripts/dind-cleanup.sh
|
||||||
- ✅ **Fast execution**: No complex resource scanning needed
|
- ✅ **Fast execution**: No complex resource scanning needed
|
||||||
- ✅ **Reliable**: No risk of accidentally removing Harbor resources
|
- ✅ **Reliable**: No risk of accidentally removing Harbor resources
|
||||||
|
|
||||||
#### 22.3 Test DinD Cleanup Script
|
#### 21.3 Test DinD Cleanup Script
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Test DinD cleanup with dry run first
|
# Test DinD cleanup with dry run first
|
||||||
|
@ -2134,7 +1788,7 @@ docker exec ci-cd-dind docker run --rm alpine:latest echo "DinD cleanup successf
|
||||||
- Check DinD logs: `docker logs ci-cd-dind`
|
- Check DinD logs: `docker logs ci-cd-dind`
|
||||||
- Run manually: `bash -x scripts/dind-cleanup.sh`
|
- Run manually: `bash -x scripts/dind-cleanup.sh`
|
||||||
|
|
||||||
#### 22.4 Set Up Automated DinD Cleanup
|
#### 21.4 Set Up Automated DinD Cleanup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Create a cron job to run DinD cleanup daily at 2 AM
|
# Create a cron job to run DinD cleanup daily at 2 AM
|
||||||
|
@ -2151,15 +1805,15 @@ crontab -l
|
||||||
- **What it cleans**: Restarts DinD container for fresh CI environment
|
- **What it cleans**: Restarts DinD container for fresh CI environment
|
||||||
- **Zero Harbor impact**: Harbor registry operations are completely unaffected
|
- **Zero Harbor impact**: Harbor registry operations are completely unaffected
|
||||||
|
|
||||||
### Step 23: Test Complete Pipeline
|
### Step 22: Test Complete Pipeline
|
||||||
|
|
||||||
#### 23.1 Trigger a Test Build
|
#### 22.1 Trigger a Test Build
|
||||||
|
|
||||||
1. **Make a small change** to your repository (e.g., update a comment or add a test file)
|
1. **Make a small change** to your repository (e.g., update a comment or add a test file)
|
||||||
2. **Commit and push** the changes to trigger the CI/CD pipeline
|
2. **Commit and push** the changes to trigger the CI/CD pipeline
|
||||||
3. **Monitor the build** in your Forgejo repository → Actions tab
|
3. **Monitor the build** in your Forgejo repository → Actions tab
|
||||||
|
|
||||||
#### 23.2 Verify Pipeline Steps
|
#### 22.2 Verify Pipeline Steps
|
||||||
|
|
||||||
The pipeline should execute these steps in order:
|
The pipeline should execute these steps in order:
|
||||||
|
|
||||||
|
@ -2172,7 +1826,7 @@ The pipeline should execute these steps in order:
|
||||||
7. **Push to Registry**: Push images to Harbor registry from DinD
|
7. **Push to Registry**: Push images to Harbor registry from DinD
|
||||||
8. **Deploy to Production**: Deploy to production server
|
8. **Deploy to Production**: Deploy to production server
|
||||||
|
|
||||||
#### 23.3 Check Harbor
|
#### 22.3 Check Harbor
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# On CI/CD Linode
|
# On CI/CD Linode
|
||||||
|
@ -2186,7 +1840,7 @@ curl -k https://localhost:8080/v2/public/backend/tags/list
|
||||||
curl -k https://localhost:8080/v2/public/frontend/tags/list
|
curl -k https://localhost:8080/v2/public/frontend/tags/list
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 23.4 Verify Production Deployment
|
#### 22.4 Verify Production Deployment
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# On Production Linode
|
# On Production Linode
|
||||||
|
@ -2204,16 +1858,16 @@ docker compose logs backend
|
||||||
docker compose logs frontend
|
docker compose logs frontend
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 23.5 Test Application Functionality
|
#### 22.5 Test Application Functionality
|
||||||
|
|
||||||
1. **Frontend**: Visit your production URL (IP or domain)
|
1. **Frontend**: Visit your production URL (IP or domain)
|
||||||
2. **Backend API**: Test API endpoints
|
2. **Backend API**: Test API endpoints
|
||||||
3. **Database**: Verify database connections
|
3. **Database**: Verify database connections
|
||||||
4. **Logs**: Check for any errors in application logs
|
4. **Logs**: Check for any errors in application logs
|
||||||
|
|
||||||
### Step 24: Set Up SSL/TLS (Optional - Domain Users)
|
### Step 23: Set Up SSL/TLS (Optional - Domain Users)
|
||||||
|
|
||||||
#### 24.1 Install SSL Certificate
|
#### 23.1 Install SSL Certificate
|
||||||
|
|
||||||
If you have a domain pointing to your Production Linode:
|
If you have a domain pointing to your Production Linode:
|
||||||
|
|
||||||
|
@ -2225,7 +1879,7 @@ sudo certbot --nginx -d your-domain.com
|
||||||
sudo certbot certificates
|
sudo certbot certificates
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 24.2 Configure Auto-Renewal
|
#### 23.2 Configure Auto-Renewal
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Test auto-renewal
|
# Test auto-renewal
|
||||||
|
@ -2237,9 +1891,9 @@ sudo crontab -e
|
||||||
# 0 12 * * * /usr/bin/certbot renew --quiet
|
# 0 12 * * * /usr/bin/certbot renew --quiet
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 25: Final Verification
|
### Step 24: Final Verification
|
||||||
|
|
||||||
#### 25.1 Security Check
|
#### 24.1 Security Check
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Check firewall status
|
# Check firewall status
|
||||||
|
@ -2252,7 +1906,7 @@ sudo systemctl status fail2ban
|
||||||
sudo grep "PasswordAuthentication" /etc/ssh/sshd_config
|
sudo grep "PasswordAuthentication" /etc/ssh/sshd_config
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 25.2 Performance Check
|
#### 24.2 Performance Check
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Check system resources
|
# Check system resources
|
||||||
|
@ -2265,7 +1919,7 @@ df -h
|
||||||
docker system df
|
docker system df
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 25.3 Backup Verification
|
#### 24.3 Backup Verification
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Test backup script
|
# Test backup script
|
||||||
|
@ -2276,16 +1930,16 @@ cd /opt/APP_NAME
|
||||||
./scripts/backup.sh
|
./scripts/backup.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
### Step 26: Documentation and Maintenance
|
### Step 25: Documentation and Maintenance
|
||||||
|
|
||||||
#### 26.1 Update Documentation
|
#### 25.1 Update Documentation
|
||||||
|
|
||||||
1. **Update README.md** with deployment information
|
1. **Update README.md** with deployment information
|
||||||
2. **Document environment variables** and their purposes
|
2. **Document environment variables** and their purposes
|
||||||
3. **Create troubleshooting guide** for common issues
|
3. **Create troubleshooting guide** for common issues
|
||||||
4. **Document backup and restore procedures**
|
4. **Document backup and restore procedures**
|
||||||
|
|
||||||
#### 26.2 Set Up Monitoring Alerts
|
#### 25.2 Set Up Monitoring Alerts
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Set up monitoring cron job
|
# Set up monitoring cron job
|
||||||
|
@ -2295,7 +1949,7 @@ cd /opt/APP_NAME
|
||||||
tail -f /tmp/monitor.log
|
tail -f /tmp/monitor.log
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 26.3 Regular Maintenance Tasks
|
#### 25.3 Regular Maintenance Tasks
|
||||||
|
|
||||||
**Daily:**
|
**Daily:**
|
||||||
- Check application logs for errors
|
- Check application logs for errors
|
||||||
|
|
232
scripts/dind-cleanup.sh
Executable file
232
scripts/dind-cleanup.sh
Executable file
|
@ -0,0 +1,232 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Docker-in-Docker Cleanup Script
|
||||||
|
# This script provides a simple way to clean up the DinD environment
|
||||||
|
# by restarting the DinD container, which gives a fresh environment.
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Color codes for output
|
||||||
|
RED='\033[0;31m'
|
||||||
|
GREEN='\033[0;32m'
|
||||||
|
YELLOW='\033[1;33m'
|
||||||
|
BLUE='\033[0;34m'
|
||||||
|
NC='\033[0m' # No Color
|
||||||
|
|
||||||
|
# Logging functions
|
||||||
|
log_info() {
|
||||||
|
echo -e "${BLUE}[INFO]${NC} $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
log_success() {
|
||||||
|
echo -e "${GREEN}[SUCCESS]${NC} $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
log_warning() {
|
||||||
|
echo -e "${YELLOW}[WARNING]${NC} $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
log_error() {
|
||||||
|
echo -e "${RED}[ERROR]${NC} $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
show_help() {
|
||||||
|
cat << EOF
|
||||||
|
Docker-in-Docker Cleanup Script
|
||||||
|
|
||||||
|
Usage: $0 [OPTIONS]
|
||||||
|
|
||||||
|
Options:
|
||||||
|
--dry-run Show what would be done without executing
|
||||||
|
--help|-h Show this help message
|
||||||
|
|
||||||
|
Examples:
|
||||||
|
$0 # Clean up DinD environment
|
||||||
|
$0 --dry-run # Show what would be done
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
# Parse command line arguments
|
||||||
|
DRY_RUN="false"
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case $1 in
|
||||||
|
--dry-run)
|
||||||
|
DRY_RUN="true"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--help|-h)
|
||||||
|
show_help
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
log_error "Unknown option: $1"
|
||||||
|
show_help
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Main cleanup function
|
||||||
|
cleanup_dind() {
|
||||||
|
echo
|
||||||
|
echo "=================================================================================="
|
||||||
|
echo " 🧹 Docker-in-Docker Cleanup 🧹"
|
||||||
|
echo "=================================================================================="
|
||||||
|
echo
|
||||||
|
|
||||||
|
# Check if DinD container exists
|
||||||
|
if ! docker ps -a --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
||||||
|
log_error "DinD container 'ci-cd-dind' not found!"
|
||||||
|
log_info "Creating new DinD container..."
|
||||||
|
|
||||||
|
if [ "$DRY_RUN" = "true" ]; then
|
||||||
|
log_info "DRY RUN: Would create DinD container"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
docker run -d \
|
||||||
|
--name ci-cd-dind \
|
||||||
|
--privileged \
|
||||||
|
--restart unless-stopped \
|
||||||
|
-p 2376:2376 \
|
||||||
|
-v ci-cd-data:/var/lib/docker \
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
docker:dind
|
||||||
|
|
||||||
|
log_success "DinD container created successfully"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if DinD container is running
|
||||||
|
if docker ps --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
||||||
|
log_info "DinD container is running"
|
||||||
|
|
||||||
|
if [ "$DRY_RUN" = "true" ]; then
|
||||||
|
log_info "DRY RUN: Would stop and restart DinD container"
|
||||||
|
log_info "DRY RUN: This would clear all CI/CD artifacts and give fresh environment"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_info "Stopping DinD container..."
|
||||||
|
docker stop ci-cd-dind
|
||||||
|
|
||||||
|
log_info "Removing DinD container..."
|
||||||
|
docker rm ci-cd-dind
|
||||||
|
|
||||||
|
log_info "Creating fresh DinD container..."
|
||||||
|
docker run -d \
|
||||||
|
--name ci-cd-dind \
|
||||||
|
--privileged \
|
||||||
|
--restart unless-stopped \
|
||||||
|
-p 2376:2376 \
|
||||||
|
-v ci-cd-data:/var/lib/docker \
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
docker:dind
|
||||||
|
|
||||||
|
# Wait for DinD to start
|
||||||
|
log_info "Waiting for DinD to start..."
|
||||||
|
sleep 10
|
||||||
|
|
||||||
|
# Test DinD connectivity
|
||||||
|
if timeout 30 bash -c 'until docker exec ci-cd-dind docker version >/dev/null 2>&1; do sleep 1; done'; then
|
||||||
|
log_success "DinD container is ready!"
|
||||||
|
else
|
||||||
|
log_error "DinD container failed to start properly"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
else
|
||||||
|
log_info "DinD container exists but is not running"
|
||||||
|
|
||||||
|
if [ "$DRY_RUN" = "true" ]; then
|
||||||
|
log_info "DRY RUN: Would remove and recreate DinD container"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_info "Removing existing DinD container..."
|
||||||
|
docker rm ci-cd-dind
|
||||||
|
|
||||||
|
log_info "Creating fresh DinD container..."
|
||||||
|
docker run -d \
|
||||||
|
--name ci-cd-dind \
|
||||||
|
--privileged \
|
||||||
|
--restart unless-stopped \
|
||||||
|
-p 2376:2376 \
|
||||||
|
-v ci-cd-data:/var/lib/docker \
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
docker:dind
|
||||||
|
|
||||||
|
# Wait for DinD to start
|
||||||
|
log_info "Waiting for DinD to start..."
|
||||||
|
sleep 10
|
||||||
|
|
||||||
|
# Test DinD connectivity
|
||||||
|
if timeout 30 bash -c 'until docker exec ci-cd-dind docker version >/dev/null 2>&1; do sleep 1; done'; then
|
||||||
|
log_success "DinD container is ready!"
|
||||||
|
else
|
||||||
|
log_error "DinD container failed to start properly"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "=================================================================================="
|
||||||
|
log_success "DinD cleanup completed successfully!"
|
||||||
|
echo "=================================================================================="
|
||||||
|
echo
|
||||||
|
log_info "Benefits of this cleanup:"
|
||||||
|
log_info " ✅ Fresh Docker environment for CI/CD"
|
||||||
|
log_info " ✅ No resource contention with Harbor"
|
||||||
|
log_info " ✅ Clean state for Rust testing"
|
||||||
|
log_info " ✅ Isolated CI/CD operations"
|
||||||
|
echo
|
||||||
|
}
|
||||||
|
|
||||||
|
# Show current DinD status
|
||||||
|
show_status() {
|
||||||
|
echo "=================================================================================="
|
||||||
|
echo " 📊 DinD Status 📊"
|
||||||
|
echo "=================================================================================="
|
||||||
|
echo
|
||||||
|
|
||||||
|
if docker ps -a --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
||||||
|
log_info "DinD Container Status:"
|
||||||
|
docker ps -a --filter "name=ci-cd-dind" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
|
||||||
|
echo
|
||||||
|
|
||||||
|
if docker ps --format "{{.Names}}" | grep -q "^ci-cd-dind$"; then
|
||||||
|
log_info "DinD Docker Info:"
|
||||||
|
docker exec ci-cd-dind docker info --format "{{.ServerVersion}}" 2>/dev/null || log_warning "Cannot connect to DinD Docker daemon"
|
||||||
|
echo
|
||||||
|
|
||||||
|
log_info "DinD Images:"
|
||||||
|
docker exec ci-cd-dind docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" 2>/dev/null || log_warning "Cannot list DinD images"
|
||||||
|
echo
|
||||||
|
|
||||||
|
log_info "DinD Containers:"
|
||||||
|
docker exec ci-cd-dind docker ps -a --format "table {{.Names}}\t{{.Status}}\t{{.Image}}" 2>/dev/null || log_warning "Cannot list DinD containers"
|
||||||
|
else
|
||||||
|
log_warning "DinD container is not running"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
log_warning "DinD container does not exist"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "=================================================================================="
|
||||||
|
}
|
||||||
|
|
||||||
|
# Main execution
|
||||||
|
if [ "$DRY_RUN" = "true" ]; then
|
||||||
|
echo
|
||||||
|
echo "=================================================================================="
|
||||||
|
echo " 🚨 DRY RUN MODE 🚨"
|
||||||
|
echo " No changes will be made"
|
||||||
|
echo "=================================================================================="
|
||||||
|
echo
|
||||||
|
show_status
|
||||||
|
cleanup_dind
|
||||||
|
else
|
||||||
|
show_status
|
||||||
|
cleanup_dind
|
||||||
|
fi
|
Loading…
Add table
Reference in a new issue