Support for Triton discovery

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "test/testing"]
+	path = test/testing
+	url = git@github.com:autopilotpattern/testing.git

Dockerfile

@@ -4,55 +4,83 @@ FROM alpine:3.4
 # artisanally hand-rolling curl and the rest of our stack we'll just use
 # Alpine so we can use `docker build`.
 
-RUN apk add --update curl
+RUN apk add --update \
+    bash \
+    curl
 
-# add Prometheus. alas, the Prometheus developers provide no checksum
-RUN export prom=prometheus-1.3.0.linux-amd64 \
-    && curl -Lso /tmp/${prom}.tar.gz https://github.com/prometheus/prometheus/releases/download/v1.3.0/${prom}.tar.gz \
-    && tar zxf /tmp/${prom}.tar.gz -C /tmp \
+
+# Add Prometheus. alas, the Prometheus developers provide no checksum
+RUN set -ex \
+    && export PROM_VER=1.5.2 \
+    && export prom=prometheus-${PROM_VER}.linux-amd64 \
+    && curl -Lso /tmp/prometheus.tar.gz https://github.com/prometheus/prometheus/releases/download/v${PROM_VER}/${prom}.tar.gz \
+    && tar zxf /tmp/prometheus.tar.gz -C /tmp \
     && mkdir /etc/prometheus /usr/share/prometheus \
     && mv /tmp/${prom}/prometheus /bin/prometheus \
     && mv /tmp/${prom}/promtool /bin/promtool \
     && mv /tmp/${prom}/prometheus.yml /etc/prometheus/ \
     && mv /tmp/${prom}/consoles /usr/share/prometheus/consoles \
     && mv /tmp/${prom}/console_libraries /usr/share/prometheus/console_libraries \
     && ln -s /usr/share/prometheus/console_libraries /usr/share/prometheus/consoles/ /etc/prometheus/ \
-    && rm /tmp/prometheus-1.3.0.linux-amd64.tar.gz
+    && rm /tmp/prometheus.tar.gz
 
-# get consul-template
-RUN curl -Lso /tmp/consul-template_0.14.0_linux_amd64.zip https://releases.hashicorp.com/consul-template/0.14.0/consul-template_0.14.0_linux_amd64.zip \
-    && echo "7c70ea5f230a70c809333e75fdcff2f6f1e838f29cfb872e1420a63cdf7f3a78" /tmp/consul-template_0.14.0_linux_amd64.zip \
-    && unzip /tmp/consul-template_0.14.0_linux_amd64.zip \
-    && mv consul-template /bin \
-    && rm /tmp/consul-template_0.14.0_linux_amd64.zip
 
-# Add Containerpilot and set its configuration
-ENV CONTAINERPILOT_VERSION 2.4.4
+# Add Containerpilot
+# Releases at https://github.com/joyent/containerpilot/releases
+ENV CONTAINERPILOT_VER 2.7.3
 ENV CONTAINERPILOT file:///etc/containerpilot.json
 
-RUN export CONTAINERPILOT_CHECKSUM=6194ee482dae95844046266dcec2150655ef80e9 \
-    && export archive=containerpilot-${CONTAINERPILOT_VERSION}.tar.gz \
-    && curl -Lso /tmp/${archive} \
-         "https://github.com/joyent/containerpilot/releases/download/${CONTAINERPILOT_VERSION}/${archive}" \
-    && echo "${CONTAINERPILOT_CHECKSUM}  /tmp/${archive}" | sha1sum -c \
-    && tar zxf /tmp/${archive} -C /usr/local/bin \
-    && rm /tmp/${archive}
+RUN set -ex \
+    && export CONTAINERPILOT_CHECKSUM=2511fdfed9c6826481a9048e8d34158e1d7728bf \
+    && curl -Lso /tmp/containerpilot.tar.gz \
+         "https://github.com/joyent/containerpilot/releases/download/${CONTAINERPILOT_VER}/containerpilot-${CONTAINERPILOT_VER}.tar.gz" \
+    && echo "${CONTAINERPILOT_CHECKSUM}  /tmp/containerpilot.tar.gz" | sha1sum -c \
+    && tar zxf /tmp/containerpilot.tar.gz -C /usr/local/bin \
+    && rm /tmp/containerpilot.tar.gz
 
-# Add Containerpilot configuration
+# Add ContainerPilot configuration
 COPY etc/containerpilot.json /etc
 ENV CONTAINERPILOT file:///etc/containerpilot.json
 
+
+# Install Consul
+# Releases at https://releases.hashicorp.com/consul
+RUN set -ex \
+    && export CONSUL_VERSION=0.7.5 \
+    && export CONSUL_CHECKSUM=40ce7175535551882ecdff21fdd276cef6eaab96be8a8260e0599fadb6f1f5b8 \
+    && curl --retry 7 --fail -vo /tmp/consul.zip "https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip" \
+    && echo "${CONSUL_CHECKSUM}  /tmp/consul.zip" | sha256sum -c \
+    && unzip /tmp/consul -d /usr/local/bin \
+    && rm /tmp/consul.zip \
+    # Create empty directories for Consul config and data \
+    && mkdir -p /etc/consul \
+    && mkdir -p /var/lib/consul
+
+
+# Install Consul template
+# Releases at https://releases.hashicorp.com/consul-template/
+RUN set -ex \
+    && export CONSUL_TEMPLATE_VERSION=0.18.0 \
+    && export CONSUL_TEMPLATE_CHECKSUM=f7adf1f879389e7f4e881d63ef3b84bce5bc6e073eb7a64940785d32c997bc4b \
+    && curl --retry 7 --fail -Lso /tmp/consul-template.zip "https://releases.hashicorp.com/consul-template/${CONSUL_TEMPLATE_VERSION}/consul-template_${CONSUL_TEMPLATE_VERSION}_linux_amd64.zip" \
+    && echo "${CONSUL_TEMPLATE_CHECKSUM}  /tmp/consul-template.zip" | sha256sum -c \
+    && unzip /tmp/consul-template.zip -d /usr/local/bin \
+    && rm /tmp/consul-template.zip
+
+
 # Add Prometheus config template
 # ref https://prometheus.io/docs/operating/configuration/
 # for details on building your own config
 COPY etc/prometheus.yml.ctmpl /etc/prometheus/prometheus.yml.ctmpl
+COPY bin /bin
+
 
-# Override the entrypoint to include Containerpilot
+# Override the entrypoint to include ContainerPilot
 WORKDIR /prometheus
 ENTRYPOINT []
 CMD ["/usr/local/bin/containerpilot", \
-     "/bin/prometheus", \
+     "/bin/prometheus" ,\
      "-config.file=/etc/prometheus/prometheus.yml", \
      "-storage.local.path=/prometheus", \
      "-web.console.libraries=/etc/prometheus/console_libraries", \
-     "-web.console.templates=/etc/prometheus/consoles" ]
+     "-web.console.templates=/etc/prometheus/consoles"]

Makefile

@@ -0,0 +1,157 @@
+# Makefile for shipping and testing the container image.
+
+MAKEFLAGS += --warn-undefined-variables
+.DEFAULT_GOAL := build
+.PHONY: *
+
+# we get these from CI environment if available, otherwise from git
+GIT_COMMIT ?= $(shell git rev-parse --short HEAD)
+GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
+WORKSPACE ?= $(shell pwd)
+
+namespace ?= autopilotpattern
+tag := branch-$(shell basename $(GIT_BRANCH))
+image := $(namespace)/prometheus
+testImage := $(namespace)/prometheus-testrunner
+
+#dockerLocal := DOCKER_HOST= DOCKER_TLS_VERIFY= DOCKER_CERT_PATH= docker
+dockerLocal := docker
+#composeLocal := DOCKER_HOST= DOCKER_TLS_VERIFY= DOCKER_CERT_PATH= docker-compose
+composeLocal := docker-compose
+
+## Display this help message
+help:
+	@awk '/^##.*$$/,/[a-zA-Z_-]+:/' $(MAKEFILE_LIST) | awk '!(NR%2){print $$0p}{p=$$0}' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' | sort
+
+
+# ------------------------------------------------
+# Container builds
+
+## Builds the application container image locally
+build: test-runner
+	$(dockerLocal) build -t=$(image):$(tag) .
+
+## Build the test running container
+test-runner:
+	$(dockerLocal) build -f test/Dockerfile -t=$(testImage):$(tag) .
+
+## Push the current application container images to the Docker Hub
+push:
+	$(dockerLocal) push $(image):$(tag)
+	$(dockerLocal) push $(testImage):$(tag)
+
+## Tag the current images as 'latest'
+tag:
+	$(dockerLocal) tag $(testImage):$(tag) $(testImage):latest
+	$(dockerLocal) tag $(image):$(tag) $(image):latest
+
+## Push latest tag(s) to the Docker Hub
+ship: tag
+	$(dockerLocal) push $(image):$(tag)
+	$(dockerLocal) push $(image):latest
+
+
+# ------------------------------------------------
+# Test running
+
+## Pull the container images from the Docker Hub
+pull:
+	$(dockerLocal) pull $(image):$(tag)
+	$(dockerLocal) pull $(testImage):$(tag)
+
+$(DOCKER_CERT_PATH)/key.pub:
+	ssh-keygen -y -f $(DOCKER_CERT_PATH)/key.pem > $(DOCKER_CERT_PATH)/key.pub
+
+# For Jenkins test runner only: make sure we have public keys available
+SDC_KEYS_VOL ?= -v $(DOCKER_CERT_PATH):$(DOCKER_CERT_PATH)
+keys: $(DOCKER_CERT_PATH)/key.pub
+
+run-local:
+	cd examples/compose && TAG=$(tag) $(composeLocal) -p prometheus up -d
+
+stop-local:
+	cd examples/compose && TAG=$(tag) $(composeLocal) -p prometheus stop || true
+	cd examples/compose && TAG=$(tag) $(composeLocal) -p prometheus rm -f || true
+
+run:
+	$(call check_var, TRITON_PROFILE \
+		required to run the example on Triton.)
+	cd examples/triton && TAG=$(tag) docker-compose -p prometheus up -d
+
+stop:
+	$(call check_var, TRITON_PROFILE \
+		required to run the example on Triton.)
+	cd examples/compose && TAG=$(tag) docker-compose -p prometheus stop || true
+	cd examples/compose && TAG=$(tag) docker-compose -p prometheus rm -f || true
+
+test-image:
+	$(dockerLocal) build -f test/Dockerfile .
+
+run-test-image-local:
+	$(dockerLocal) run -it --rm \
+		-v /var/run/docker.sock:/var/run/docker.sock \
+		-e TAG=$(tag) \
+		-e COMPOSE_FILE=compose/docker-compose.yml \
+		-e COMPOSE_HTTP_TIMEOUT=300 \
+		-w /src \
+		`docker build -f test/Dockerfile . | tail -n 1 | awk '{print $$3}'` \
+		sh
+
+run-test-image:
+	$(call check_var, TRITON_ACCOUNT TRITON_DC, \
+		required to run integration tests on Triton.)
+	$(dockerLocal) run -it --rm \
+		-e TAG=$(tag) \
+		-e COMPOSE_FILE=triton/docker-compose.yml \
+		-e COMPOSE_HTTP_TIMEOUT=300 \
+		-e DOCKER_HOST=$(DOCKER_HOST) \
+		-e DOCKER_TLS_VERIFY=1 \
+		-e DOCKER_CERT_PATH=$(DOCKER_CERT_PATH) \
+		-e TRITON_ACCOUNT=$(TRITON_ACCOUNT) \
+		-e TRITON_DC=$(TRITON_DC) \
+		$(SDC_KEYS_VOL) -w /src \
+		$(testImage):$(tag) sh
+
+## Run integration tests against local Docker daemon
+test-local:
+	$(dockerLocal) run -it --rm \
+		-v /var/run/docker.sock:/var/run/docker.sock \
+		-e TAG=$(tag) \
+		-e COMPOSE_FILE=compose/docker-compose.yml \
+		-e COMPOSE_HTTP_TIMEOUT=300 \
+		-w /src \
+		`docker build -f test/Dockerfile . | tail -n 1 | awk '{print $$3}'` \
+		python3 tests.py
+
+## Run the integration test runner locally but target Triton
+test:
+	$(call check_var, TRITON_ACCOUNT TRITON_DC, \
+		required to run integration tests on Triton.)
+	$(dockerLocal) run --rm \
+		-e TAG=$(tag) \
+		-e COMPOSE_FILE=triton/docker-compose.yml \
+		-e COMPOSE_HTTP_TIMEOUT=300 \
+		-e DOCKER_HOST=$(DOCKER_HOST) \
+		-e DOCKER_TLS_VERIFY=1 \
+		-e DOCKER_CERT_PATH=$(DOCKER_CERT_PATH) \
+		-e TRITON_ACCOUNT=$(TRITON_ACCOUNT) \
+		-e TRITON_DC=$(TRITON_DC) \
+		$(SDC_KEYS_VOL) -w /src \
+		$(testImage):$(tag) sh tests.sh
+
+## Print environment for build debugging
+debug:
+	@echo WORKSPACE=$(WORKSPACE)
+	@echo GIT_COMMIT=$(GIT_COMMIT)
+	@echo GIT_BRANCH=$(GIT_BRANCH)
+	@echo namespace=$(namespace)
+	@echo tag=$(tag)
+	@echo image=$(image)
+	@echo testImage=$(testImage)
+
+# -------------------------------------------------------
+# helper functions for testing if variables are defined
+#
+check_var = $(foreach 1,$1,$(__check_var))
+__check_var = $(if $(value $1),,\
+	$(error Missing $1 $(if $(value 2),$(strip $2))))

bin/prestart.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Do we have env vars for Triton discovery?
+# Copy creds from env vars to files on disk
+if [ -n ${!TRITON_CREDS_PATH} ] \
+    && [ -n ${!TRITON_CA} ] \
+    && [ -n ${!TRITON_CERT} ] \
+    && [ -n ${!TRITON_KEY} ]
+then
+    mkdir -p ${TRITON_CREDS_PATH}
+    echo -e "${TRITON_CA}" | tr '#' '\n' > ${TRITON_CREDS_PATH}/ca.pem
+    echo -e "${TRITON_CERT}" | tr '#' '\n' > ${TRITON_CREDS_PATH}/cert.pem
+    echo -e "${TRITON_KEY}" | tr '#' '\n' > ${TRITON_CREDS_PATH}/key.pem
+fi
+
+# Are we on Triton? Do we _not_ have a user-defined DC?
+# Set the DC automatically from mdata
+if [ -n ${TRITON_DC} ] \
+    && [ -f "/native/usr/sbin/mdata-get" ]
+then
+    export TRITON_DC=$(/native/usr/sbin/mdata-get sdc:datacenter_name)
+fi
+
+# Create Prometheus config
+consul-template -once -consul-addr ${CONSUL}:8500 -template /etc/prometheus/prometheus.yml.ctmpl:/etc/prometheus/prometheus.yml

etc/containerpilot.json

@@ -1,16 +1,26 @@
 {
   "consul": "{{ .CONSUL }}:8500",
-  "preStart": [
-    "consul-template", "-once", "-consul", "{{ .CONSUL }}:8500", "-template",
-    "/etc/prometheus/prometheus.yml.ctmpl:/etc/prometheus/prometheus.yml"
-  ],
+  "preStart": "prestart.sh",
   "services": [
     {
       "name": "prometheus",
       "port": 9090,
-      "health": ["curl", "-so", "/dev/null", "http://localhost:9090/metrics"],
+      "health": ["curl", "-fso", "/dev/null", "http://localhost:9090/metrics"],
       "poll": 10,
       "ttl": 25
     }
+  ],
+  "coprocesses": [{{ if .CONSUL_AGENT }}
+    {
+      "name": "consul-agent (host:{{ .CONSUL }})",
+      "command": ["/usr/local/bin/consul", "agent",
+                  "-data-dir=/var/lib/consul",
+                  "-config-dir=/etc/consul",
+                  "-rejoin",
+                  "-retry-join", "{{ .CONSUL }}",
+                  "-retry-max", "10",
+                  "-retry-interval", "10s"],
+      "restarts": "unlimited"
+    }{{ end }}
   ]
 }