jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
2,085 Commits 33 Branches 583 Tags
6d3dd452be8fdccbaf520dc8b19a7f35dd4e4b1a
Commit Graph

36 Commits

Author SHA1 Message Date
Girish Ramakrishnan
60cc4c988f bump mysql addon 2016-04-09 02:34:54 -07:00
Girish Ramakrishnan
68219748ec oops, bump postgresql 2016-04-09 01:07:46 -07:00
Girish Ramakrishnan
96d625b866 bump the postgresql addon (required for gitlab) 2016-04-08 23:46:39 -07:00
Girish Ramakrishnan
db19df9395 Bump infra version to force app reconfigure 
Required for collectd profiles to be regenerated
 2016-04-05 17:36:30 -07:00
girish@cloudron.io
2112494b43 bump mysql image version 2016-02-13 03:26:29 -08:00
girish@cloudron.io
16d976a145 use multidb version of mysql addon 2016-02-02 08:46:09 -08:00
Girish Ramakrishnan
e3cc12da4f new addon images based on docker 1.9.0 2015-11-18 17:53:58 -08:00
Girish Ramakrishnan
917832e0ae Change DKIM selector to cloudron 2015-10-28 16:16:15 -07:00
Girish Ramakrishnan
b5358e7565 recreate docker containers for hostname change 2015-10-23 16:30:17 -07:00
Girish Ramakrishnan
0566bad6d9 bump infra version 2015-10-20 15:07:35 -07:00
Girish Ramakrishnan
6b82fb9ddb Remove old addon images on infra update 
Fixes #329
 2015-10-15 12:01:31 -07:00
Girish Ramakrishnan
f57c91847d addons do not write to /var/log anymore 2015-10-15 11:00:51 -07:00
Girish Ramakrishnan
fb6bf50e48 signal redis to backup using SAVE 2015-10-12 13:30:58 -07:00
Girish Ramakrishnan
b686d6e011 use latest docker images 2015-10-11 10:03:42 -07:00
Girish Ramakrishnan
93d210a754 Bump the graphite image 2015-10-10 09:57:07 -07:00
Girish Ramakrishnan
bc7e07f6a6 mail: not required to expose port 25 2015-10-09 09:56:37 -07:00
Girish Ramakrishnan
eb1e4a1aea mail now runs on port 2500 2015-10-09 09:29:17 -07:00
Girish Ramakrishnan
e487b9d46b update mail image 2015-10-08 11:06:29 -07:00
Girish Ramakrishnan
1375e16ad2 mongodb: readonly rootfs 2015-10-08 10:24:15 -07:00
Girish Ramakrishnan
312f1f0085 mysql: readonly rootfs 2015-10-08 09:43:05 -07:00
Girish Ramakrishnan
721900fc47 postgresql: readonly rootfs 2015-10-08 09:20:25 -07:00
Girish Ramakrishnan
2d815a92a3 redis: use readonly rootfs 2015-10-08 09:00:43 -07:00
Girish Ramakrishnan
03d4ae9058 new base image 0.4.0 2015-09-28 19:33:58 -07:00
Girish Ramakrishnan
185b574bdc Add custom apparmor profile for cloudron apps 
Docker generates an apparmor profile on the fly under /etc/apparmor.d/docker.
This profile gets overwritten on every docker daemon start.

This profile allows processes to ptrace themselves. This is required by
circus (python process manager) for reasons unknown to me. It floods the logs
with
    audit[7623]: <audit-1400> apparmor="DENIED" operation="ptrace" profile="docker-default" pid=7623 comm="python3.4" requested_mask="trace" denied_mask="trace" peer="docker-default"

This is easily tested using:
    docker run -it cloudron/base:0.3.3 /bin/bash
        a) now do ps
        b) journalctl should show error log as above

    docker run --security-opt=apparmor:docker-cloudron-app -it cloudron/base:0.3.3 /bin/bash
        a) now do ps
        b) no error!

Note that despite this, the process may not have ability to ptrace since it does not
have CAP_PTRACE. Also, security-opt is the profile name (inside the apparmor config file)
and not the filename.

References:
    https://groups.google.com/forum/#!topic/docker-user/xvxpaceTCyw
    https://github.com/docker/docker/issues/7276
    https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869

This is an infra update because we need to recreate containers to get the right profile.

Fixes #492
 2015-09-21 11:01:44 -07:00
Girish Ramakrishnan
5fcba59b3e set memory limits for addons 
mysql, postgresql, mongodb - 100m each
mail, graphite, redis (each instance) - 75m

For reference, in yellowtent:
mongo - 5m
postgresql - 33m
mysql - 3.5m
mail: 26m
graphite - 26m
redis - 32m
 2015-09-14 13:47:45 -07:00
Girish Ramakrishnan
a760ef4d22 Rebase addons to use base image 0.3.3 2015-08-24 10:19:18 -07:00
Girish Ramakrishnan
15c9d8682e Base image is now 0.3.3 2015-08-18 15:43:50 -07:00
Girish Ramakrishnan
dd3e38ae55 Use latest graphite 2015-08-13 15:53:36 -07:00
Girish Ramakrishnan
5e8cd09f51 Bump infra version 2015-08-13 14:22:39 -07:00
Girish Ramakrishnan
9face9cf35 systemd has moved around the cgroup hierarchy 
https://github.com/docker/docker/issues/9902

There is some rationale here:
https://libvirt.org/cgroups.html
 2015-08-13 10:21:33 -07:00
Girish Ramakrishnan
670ffcd489 Add warning 2015-08-12 19:52:23 -07:00
Girish Ramakrishnan
ec7b365c31 Use BASE_IMAGE as well 2015-08-12 19:51:44 -07:00
Girish Ramakrishnan
433d78c7ff Fix graphite version 2015-08-12 19:51:08 -07:00
Girish Ramakrishnan
ed041fdca6 Put image names in one place 2015-08-12 19:38:44 -07:00
Girish Ramakrishnan
c125cc17dc Apps must only get 50% less cpu than system processes when there is a contention for cpu 2015-08-11 17:00:48 -07:00
Girish Ramakrishnan
df9d321ac3 app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:10:36 -07:00