diff --git a/containers/build_base.sh b/containers/build_base.sh new file mode 100755 index 0000000..2b2657a --- /dev/null +++ b/containers/build_base.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +docker build -t rfaas-base:latest - < rfaas-base.Dockerfile diff --git a/containers/init_docker.sh b/containers/init_docker.sh new file mode 100755 index 0000000..c976dae --- /dev/null +++ b/containers/init_docker.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +# This script builds the rfaas-base docker container, pushes it to the +# registry, sets up a docker volume, and generates example configuration +# json which should then be updated in config/executor_manager.json. +# The script also configures a docker network for suitable use with +# docker_rdma_sriov + +# NOTE: Run this script from repo root, and make sure the sriov docker plugin +# is installed + +set -e + +if [ $# -lt 2 ]; then + echo "usage: ./init_docker.sh [ ]" + exit +fi + +REG_IP=$1 # IP or name of the docker registry +REG_PORT=$2 # Port of the docker registry +NET_MODE=$3 # Docker networking mode -- sriov or host +DEVICE=$4 # The RDMA adapter to use for networking +SUBNET=$5 # Subnet for the docker network + +IMG_NAME=rfaas-base +REG_IMG=$REG_IP:$REG_PORT/$IMG_NAME + +# Build the docker container, login and push to the registry +docker build -t $IMG_NAME - < containers/rfaas-base.Dockerfile +echo "built rfaas-base image" +docker login $REG_IP:$REG_PORT +echo "logged into docker daemon" + +if docker push $REG_IMG; then + echo "ERROR: make sure a docker registry is actually running on $REG_IP:$REG_PORT. + Start one with scripts/run_registry.sh" + exit +else + echo "pushed rfaas-base image to $REG_IMG" +fi + +# Set up docker network +net_name=testnet +if ["$NET_MODE" = "sriov"]; then + docker network create -d sriov --subnet=$SUBNET -o netdevice=$DEVICE $net_name +elif ["$NET_MODE" = "host"]; then + net_name="host" +else + echo "ERROR: invalid networking mode $NET_MODE. Valid options are sriov and host." + exit +fi +echo "set up docker network" + +# Configure volume +volume=$(pwd)/volumes/rfaas-test/opt # Do not put a trailing slash +mkdir -p $volume/bin +cp bin/executor $volume/bin +cp examples/libfunctions.so $volume + +# Print json to be updated +config=$(jq -n --arg use_docker "true" \ + --arg image "$REG_IMG" \ + --arg network "$net_name" \ + --arg ip "" \ + --arg volume $volume \ + --arg registry_ip "$REG_IP" \ + --arg registry_port "$REG_PORT" \ + '{ + "image": $image, + "network": $network, + "ip": $ip, + "volume": $volume, + "registry_ip": $registry_ip, + "registry_port": $registry_port + }' +) + +echo "Update config/executor_manager.json with" +echo "$config" + diff --git a/containers/rfaas-base.Dockerfile b/containers/rfaas-base.Dockerfile new file mode 100644 index 0000000..401297e --- /dev/null +++ b/containers/rfaas-base.Dockerfile @@ -0,0 +1,14 @@ +# Container version should be same ubuntu version as where `executor` +# was built (due to glibc versioning) + +FROM ubuntu:22.04 + +#ARG DEBIAN_FRONTEND=noninteractive + +RUN apt-get update -y && apt-get upgrade -y \ + && apt-get install -y \ + libibverbs-dev librdmacm-dev + +RUN mkdir -p /opt/bin +WORKDIR "/opt/bin" + diff --git a/scripts/push_image.sh b/scripts/push_image.sh new file mode 100755 index 0000000..40beeb3 --- /dev/null +++ b/scripts/push_image.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# Push an image to the local docker registry + +if [ $# -lt 3 ]; then + echo "usage: ./push_image.sh "; + exit +fi + +IMAGE=$1 +IP=$2 +PORT=$3 +docker push $IP:$PORT/$IMAGE diff --git a/scripts/registry.yaml b/scripts/registry.yaml new file mode 100644 index 0000000..3ed7a10 --- /dev/null +++ b/scripts/registry.yaml @@ -0,0 +1,20 @@ +version: "3" + +services: + registry: + image: registry:2 + container_name: rfaas-registry + ports: + - "5000:5000" + environment: + REGISTRY_AUTH: htpasswd + REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd + REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm + REGISTRY_STORAGE_DELETE_ENABLED: "true" + #REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt + #REGISTRY_HTTP_TLS_KEY: /certs/domain.unencrypted.key + #REGISTRY_HTTP_SECRET: supersecrettext + volumes: + - /home/ubuntu/rfaas/containers/registry:/var/lib/registry + - /home/ubuntu/rfaas/containers/config:/auth + #- /home/ubuntu/rfaas/containers/config/certs:/certs diff --git a/scripts/run_registry.sh b/scripts/run_registry.sh new file mode 100755 index 0000000..d3cb0eb --- /dev/null +++ b/scripts/run_registry.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Run this script on the server where you want the docker registry to be hosted +# Recommended to host the registry on the same server as the executor manager + +# NOTE: Run this script from the repo root + +PORT=5000 +NAME="rfaas-registry" + +set -e + +# Make password file if it doesn't already exist +cfg=containers/config +mkdir -p $cfg +if [ -s $cfg/htpasswd ]; then + echo "htpasswd exists" +else + sudo htpasswd -Bc $cfg/htpasswd $USER + echo "created htpasswd file" +fi + +# Generate certs to use TLS (if they dont already exist) +## if [ -s $cfg/certs/domain.key ]; then +## echo "using certs in $cfg/certs" +## else +## mkdir -p $cfg/certs +## openssl genpkey -algorithm RSA -out $cfg/certs/domain.key -aes256 +## +## openssl req -new \ +## -key $cfg/certs/domain.key \ +## -out $cfg/certs/domain.csr \ +## -addext 'subjectAltName = IP:172.31.82.200' +## +## openssl x509 -req -days 365 \ +## -in $cfg/certs/domain.csr \ +## -signkey $cfg/certs/domain.key \ +## -out $cfg/certs/domain.crt +## +## openssl rsa -in $cfg/certs/domain.key -out $cfg/certs/domain.unencrypted.key +## echo "generated certs in $cfg/certs" +## fi + +# Start registry +sudo docker-compose -f scripts/registry.yaml up -d +echo "started docker registry $NAME on port $PORT" +