jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
18,218 Commits 33 Branches 583 Tags
54d3cd86b9e3a0a4d4edaafdaddfc0f9e9d0a21b
Commit Graph

287 Commits

Author SHA1 Message Date
Girish Ramakrishnan
a304c7f4a5 implement tls addon 2021-02-17 23:20:08 -08:00
Girish Ramakrishnan
6bd87485c6 rename addons.js to services.js 
services is the named container (services view)
addons is more like a heroku concept
 2021-01-21 11:31:35 -08:00
Girish Ramakrishnan
4d482d11ee add apps.getMemoryLimit 2021-01-20 19:16:21 -08:00
Girish Ramakrishnan
a14dbbe77a refactor into docker.update 2021-01-20 18:58:23 -08:00
Girish Ramakrishnan
0d535d2d5c allocate swap size for containers based on system ratio 2021-01-20 18:41:51 -08:00
Girish Ramakrishnan
ce86cb892d the ip is now available in the appdb 2020-12-03 11:48:25 -08:00
Girish Ramakrishnan
77b965cada Add DNS to app containers as well 
infra has to be bumped since we removed httpPort and moved to containerIp
 2020-11-25 12:04:59 -08:00
Girish Ramakrishnan
c0b0029935 statically allocate app container IPs 
We removed httpPort with the assumption that docker allocated IPs
and kept them as long as the container is around. This turned out
to be not true because the IP changes on even container restart.

So we now allocate IPs statically. The iprange makes sure we don't
overlap with addons and other CI app or JupyterHub apps.

https://github.com/moby/moby/issues/6743
https://github.com/moby/moby/pull/19001
 2020-11-20 16:19:59 -08:00
Girish Ramakrishnan
fd965072c5 Remove custom dns when creating app container 2020-11-19 01:10:50 -08:00
Girish Ramakrishnan
d703d1cd13 remove httpPort 
we can just use container IP instead of all this httpPort exporting magic.
this is also required for exposing httpPaths feature (we have to otherwise
have multiple httpPorts).
 2020-11-19 00:38:52 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Girish Ramakrishnan
fa4392df09 Fix docker.getBinds() 2020-10-29 11:47:37 -07:00
Johannes Zellner
f8d6fd80d5 Do not crash if app.volumes does not exist 2020-10-29 12:09:15 +01:00
Girish Ramakrishnan
6a3df679fa Add volume management 
the volumes table can later have backup flag, mount options etc
 2020-10-28 15:31:21 -07:00
Girish Ramakrishnan
546e381325 skip downloading image if image present locally 
if we use build service app locally (without push), then we can skip
the download altogether.
 2020-10-19 22:22:29 -07:00
Girish Ramakrishnan
b075140e76 /dev/dri may not exist 
In ubuntu 16, it doesn't exist.
See also https://forum.cloudron.io/topic/3189/error-server-error-http-code-500-server-error
 2020-09-21 15:59:17 -07:00
Girish Ramakrishnan
cc591e399d scheduler: make the container run in same networking space to prevent further churn 
idea comes from https://github.com/moby/moby/pull/9402#issuecomment-67259655
and https://github.com/moby/moby/pull/9402#issuecomment-67224239

see also:
https://github.com/moby/moby/issues/9098
https://github.com/moby/moby/pull/9167
https://github.com/moby/moby/issues/12899#issuecomment-97816048 (exec mem leak)
https://github.com/moby/moby/pull/38704

part of #732
 2020-08-18 23:44:53 -07:00
Girish Ramakrishnan
879a6b4202 do not error if container already exists 2020-08-18 21:15:54 -07:00
Girish Ramakrishnan
2ebdf9673d Add VAAPI caps for transcoding 2020-08-14 18:48:53 -07:00
Girish Ramakrishnan
7ddbabf781 Make the error message clearer 2020-07-30 11:29:43 -07:00
Girish Ramakrishnan
0f103ccce1 Add ping capability (for statping) 2020-06-30 07:40:17 -07:00
Girish Ramakrishnan
84f41e08cf Add mlock capability to manifest (for vault app) 2020-06-26 09:27:35 -07:00
Girish Ramakrishnan
d2cd78c5cb more debug() removal 2020-05-24 12:30:48 -07:00
Girish Ramakrishnan
67a931c4b8 Remove verbose logs 2020-05-24 11:33:53 -07:00
Girish Ramakrishnan
2f89e7e2b4 drop NET_RAW since this allows packet sniffing 
this however breaks ping
 2020-05-15 12:47:36 -07:00
Johannes Zellner
9bdeff0a39 Always use constants.SECRET_PLACEHOLDER 2020-05-14 23:02:02 +02:00
Girish Ramakrishnan
e9d0ed8e1e Add binds support to containers 2020-04-29 22:51:46 -07:00
Girish Ramakrishnan
66f66fd14f docker: clean up volume API 2020-04-29 21:28:49 -07:00
Girish Ramakrishnan
2cdf68379b Revert "add volume support" 
This reverts commit b8bb69f730.

Revert this for now, we will try a simpler non-object volume first
 2020-04-27 22:55:43 -07:00
Girish Ramakrishnan
b8bb69f730 add volume support 
part of #668, #569
 2020-04-24 22:09:07 -07:00
Girish Ramakrishnan
7a63fd4711 Failed quickly if docker image not found 2020-03-06 16:39:20 -08:00
Girish Ramakrishnan
de547df9bd Show docker image in the error 2020-02-10 21:54:08 -08:00
Girish Ramakrishnan
1ac38d4921 After node update, we get a buffer 2020-01-30 16:06:11 -08:00
Girish Ramakrishnan
4ba9f80d44 apps: configure cpuShares 2020-01-28 22:16:25 -08:00
Johannes Zellner
3f1533896e Keep debug messages in sync 2020-01-21 16:14:36 +01:00
Girish Ramakrishnan
2692f6ef4e Add restart route for atomicity 2019-12-20 11:15:36 -08:00
Girish Ramakrishnan
9ad6025310 search and replace gone wrong 2019-12-06 13:52:43 -08:00
Girish Ramakrishnan
3e08e7c653 Typo in docker socket path 2019-12-04 14:37:00 -08:00
Girish Ramakrishnan
53e39f571c Make addons code remove a BoxError 2019-12-04 14:28:42 -08:00
Girish Ramakrishnan
30eccfb54b Use BoxError instead of Error in all places 
This moves everything other than the addon code and some 'done' logic
 2019-12-04 11:02:54 -08:00
Girish Ramakrishnan
1af5c6a418 Fix registry detection 
ECR registry does not have a username component
 2019-11-17 11:50:58 -08:00
Girish Ramakrishnan
d255466417 manifest.id is optional for custom apps 2019-11-15 17:28:54 -08:00
Girish Ramakrishnan
e39b081567 Change restart policy to unless-stopped 2019-11-13 10:29:54 -08:00
Johannes Zellner
d1c6e786c2 Remove unused CLOUDRON_ADMIN_EMAIL 2019-11-07 16:38:30 +01:00
Girish Ramakrishnan
f97cbb5fd5 Use private registry auth 2019-10-27 13:07:07 -07:00
Girish Ramakrishnan
12d233c5f9 provide suggestion as part of the error 2019-10-27 12:01:30 -07:00
Girish Ramakrishnan
02339d503c do not re-generate DATABASE_ERROR 2019-10-24 20:31:45 -07:00
Girish Ramakrishnan
e1f0d12251 Fix error handling 2019-10-23 09:53:46 -07:00
Girish Ramakrishnan
d0e6b6bfe4 Do not re-translate to DockerError 2019-10-23 09:30:05 -07:00
Girish Ramakrishnan
b6f2c94464 test registry config 2019-10-23 06:49:29 -07:00