jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
579 Commits 33 Branches 583 Tags
69d09e8133fa32fd03ebb072a8be519ee0c13f98
Commit Graph

52 Commits

Author SHA1 Message Date
Girish Ramakrishnan 69d09e8133 use docker.connection 2015-10-19 14:09:20 -07:00
Girish Ramakrishnan 6671b211e0 export a connection property from docker.js 2015-10-19 11:24:21 -07:00
Girish Ramakrishnan e74c2f686b remove unused require 2015-10-19 11:05:31 -07:00
Girish Ramakrishnan c7d5115a56 Remove vbox.js 
... and all related mac code. It's totally untested at this point and
most likely doesn't work
 2015-10-19 10:54:36 -07:00
Girish Ramakrishnan 774ba11a92 Move HostConfig to createContainer 
Newer docker has obsoleted HostConfig in start container
 2015-10-19 10:38:46 -07:00
Girish Ramakrishnan 9c157246b7 add type field to clients table 2015-10-15 17:35:47 -07:00
Johannes Zellner ae1bfaf0c8 roleUser is gone as well 2015-10-15 12:50:48 +02:00
Girish Ramakrishnan 5d389337cd make /var/log readonly 
Expect apps to redirect logs of stdout/stderr

Part of #503
 2015-10-15 00:46:50 -07:00
Johannes Zellner 562ce3192f Print error when apptask.pullImage() failed 2015-10-13 13:25:43 +02:00
Johannes Zellner 4eab101b78 use app.oauthProxy instead of app.accessRestriction 2015-10-13 10:41:57 +02:00
Girish Ramakrishnan 3012f68a56 pullImage: handle stream error 2015-10-12 21:56:34 -07:00
Girish Ramakrishnan 1909050be2 remove redundant log 2015-10-12 21:54:25 -07:00
Girish Ramakrishnan 3e474767d1 print the values otherwise it gets very confusing 2015-10-11 13:45:02 -07:00
Girish Ramakrishnan f48a2520c3 remove RSTATE_ERROR 
if startContainer failed, it will still returning success because
it running the db update result
 2015-10-11 11:18:30 -07:00
Girish Ramakrishnan 265ee15ac7 fix oldConfig madness 
There is a crash when:
* App is configured. So, oldConfig now has {loc, access, portb }
* Cloudron is restored. The restore code path accesses the oldConfig.manifest.addons.

oldConfig is basically a messaging passing thing. It's not really a
db field. With that spirit, we simply pass an empty message in setup_infra.sh
 2015-10-09 11:59:25 -07:00
Girish Ramakrishnan c95778178f make rootfs readonly based on targetBoxVersion 2015-10-08 11:48:33 -07:00
Girish Ramakrishnan 04870313b7 Launch apps with readonly rootfs 
We explicitly mark /tmp, /run and /var/log as writable volumes.
Docker creates such volumes in it's own volumes directory. Note
that these volumes are separate from host binds (/app/data).

When removing the container the docker created volumes are
removed (but not host binds).

Fixes #196
 2015-10-08 11:33:17 -07:00
Girish Ramakrishnan 3837bee51f retry pulling image 
fixes #497
 2015-09-29 12:47:03 -07:00
Girish Ramakrishnan 185b574bdc Add custom apparmor profile for cloudron apps 
Docker generates an apparmor profile on the fly under /etc/apparmor.d/docker.
This profile gets overwritten on every docker daemon start.

This profile allows processes to ptrace themselves. This is required by
circus (python process manager) for reasons unknown to me. It floods the logs
with
    audit[7623]: <audit-1400> apparmor="DENIED" operation="ptrace" profile="docker-default" pid=7623 comm="python3.4" requested_mask="trace" denied_mask="trace" peer="docker-default"

This is easily tested using:
    docker run -it cloudron/base:0.3.3 /bin/bash
        a) now do ps
        b) journalctl should show error log as above

    docker run --security-opt=apparmor:docker-cloudron-app -it cloudron/base:0.3.3 /bin/bash
        a) now do ps
        b) no error!

Note that despite this, the process may not have ability to ptrace since it does not
have CAP_PTRACE. Also, security-opt is the profile name (inside the apparmor config file)
and not the filename.

References:
    https://groups.google.com/forum/#!topic/docker-user/xvxpaceTCyw
    https://github.com/docker/docker/issues/7276
    https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869

This is an infra update because we need to recreate containers to get the right profile.

Fixes #492
 2015-09-21 11:01:44 -07:00
Girish Ramakrishnan a89726a8c6 Add custom debug.formatArgs to remove timestamp prefix in logs 
Fixes #490

See also:
https://github.com/visionmedia/debug/issues/216
 2015-09-21 09:05:14 -07:00
Girish Ramakrishnan 2f141cd6e0 Make the times absurdly high but that is how long in takes 2015-09-15 18:56:25 -07:00
Girish Ramakrishnan 998ac74d32 oldConfig.location can be null 
If we had an update, location is not part of oldConfig. if we now do
an infra update, location is undefined.
 2015-09-15 18:08:29 -07:00
Girish Ramakrishnan e70c9d55db apptask: retry for external error as well 2015-09-14 21:45:27 -07:00
Girish Ramakrishnan 4e331cfb35 retry registering and unregistering subdomain 2015-09-08 12:51:25 -07:00
Johannes Zellner f87011b5c2 Also always check for dns propagation 2015-08-30 17:00:23 -07:00
Johannes Zellner 7f149700f8 Remove wrong optimization for subdomain records 2015-08-30 16:54:33 -07:00
Johannes Zellner e31e5e1f69 Reuse dnsRecordId for record status id 2015-08-30 15:58:54 -07:00
Johannes Zellner 31d9027677 Query dns status with aws statusId 2015-08-30 15:51:33 -07:00
Johannes Zellner 9074bccea0 Move subdomain management from appstore to box 2015-08-30 15:29:14 -07:00
Girish Ramakrishnan 848b745fcb Fix boolean logic 2015-08-25 12:24:02 -07:00
Girish Ramakrishnan 1f1e6124cd oldConfig can be null during a restore/upgrade 2015-08-25 09:59:44 -07:00
Girish Ramakrishnan dd80a795a0 Read memoryLimit from manifest 2015-08-24 22:44:35 -07:00
Girish Ramakrishnan dd6b8face9 Set app memory limit to 200MB (includes 100 MB swap) 2015-08-24 21:58:19 -07:00
Girish Ramakrishnan 4ab84d42c6 Delete image only if it changed 
This optimization won't work if we have two dockerImage with same
image id....
 2015-08-19 14:24:32 -07:00
Girish Ramakrishnan 361be8c26b containerId can be null 2015-08-18 15:43:50 -07:00
Girish Ramakrishnan 4db9a5edd6 Clean up the old image and not the current one 2015-08-18 10:01:15 -07:00
Girish Ramakrishnan a6a3855e79 Do not remove icon for non-appstore installs 
Fixes #466
 2015-08-17 19:37:51 -07:00
Girish Ramakrishnan 2386545814 Add a note why oldConfig can be null 2015-08-17 10:05:07 -07:00
Girish Ramakrishnan 33ac34296e CpuShares is part of HostConfig 2015-08-12 23:47:35 -07:00
Johannes Zellner d12f260d12 Prevent accessing oldConfig if it does not exist 2015-08-12 21:17:52 +02:00
Girish Ramakrishnan c125cc17dc Apps must only get 50% less cpu than system processes when there is a contention for cpu 2015-08-11 17:00:48 -07:00
Girish Ramakrishnan f6df4cab67 Remove ADMIN_ORIGIN 2015-08-05 17:27:55 -07:00
Johannes Zellner 3d8b90f5c8 Redirect on app error to webadmin appstatus page 
Part of #436
 2015-07-28 13:46:58 +02:00
Girish Ramakrishnan 3f732abbb3 Add debugs 2015-07-20 11:05:30 -07:00
Girish Ramakrishnan 1af3397898 Disable removeIcon is apptask for now 2015-07-20 11:01:52 -07:00
Girish Ramakrishnan 0d89612769 unusedAddons must be an object, not an array 2015-07-20 10:50:44 -07:00
Girish Ramakrishnan 17b1f469d7 Handle forced updates 2015-07-20 10:09:02 -07:00
Girish Ramakrishnan 1e67241049 Return error on unknown installation command 2015-07-20 10:03:55 -07:00
Girish Ramakrishnan 173efa6920 Leave note on when lastBackupId can be null 2015-07-20 09:54:17 -07:00
Girish Ramakrishnan 0285562133 Revert the manifest and portBindings on a failed update 
Fixes #443
 2015-07-20 09:48:31 -07:00