WHEELHOUSE: since we're defining the variable we might as well use it.
DOCKER_IMAGE_NAME: introduced to prevent duplications of the name, and to
add a little confirmation message when the script is done.
The HAproxy docker image we were using is no longer maintained (hasn't been
for years), but is built upon Alpine Linux which has a big security leak:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
The security leak is fixed in this build of the docker image, but we should
move to something else (lke Træfik).
Because we only pushed the final image to Docker Hub, it was impossible to
pull the base image someone else created and "quickly" build a new deploy
image.
Now the deploy scripts push (some) of the intermediate images as well,
making it possible to pull them later. I've added `build-pull.sh` and
`full-pull.sh` to perform this pull and built up from the pulled images.
"Staging" covers the meaning of what is actually happening better than
"deploy". I want to keep "deploy" for actually deploying onto a production
server.
Now that Celery switched to using Redis as broker, we no longer need
RabbitMQ. Celery has been running on Redis for a while now and it all seems
fine, so it's time to wave the Rabbit goodbye.
- Ubuntu 17.10 → 18.04.
- Python 3.6.3 → 3.6.6.
- Use `DEBIAN_FRONTEND=noninteractive` to prevent prompts during
installation.
- Install `tzdata` in the base image as it's required by subimages.
- Correctly set maintainer in Dockerfile.
- Changed virtual host weight for the letsencrypt docker so that it is
higher than any other weight
- Copy the renewal script to the server (previously it was available
to the host at /data/git/blender-cloud/…, but no longer.
This radically changes the way we deploy to the production server, as a
Git checkout is no longer required there. All the necessary files are
now inside the docker image. As a result, /data/git should no longer be
mounted as a Docker volume.
- Renamed docker/build.sh → docker/full_rebuild.sh
This makes it clearer that it performs a full rebuild of the Docker images.
- Full rebuilds should be done on a regular basis to pull in Ubuntu
security updates.
- Removed rsync_ui.sh, we no longer need it. Other projects can also
remove their rsync_ui.sh.
- Moved deploy.sh → deploy/2docker.sh and added deploy/2server.sh
Requires a reset + reindex of everything (well, that's the easiest way to
get things indexed properly again), which will loose us the Cloud stats.
Before doing this, export those to MongDB and upgrade the statscollector
to the version that I'll be committing soon.
- No more 'links', all dockers can reach each other by name
- Added 'depends_on', which handles startup sequence
- Allowed haproxy connection to the docker daemon socket
- Told haproxy explicitly which services to proxy. The 'docker:' prefix
comes from the fact that the directory containing the docker-compose.yml
file is called 'docker'.
This allows us to set logging options, which weren't available in version 1.
I've also added newlines around each service definition, and made the
formatting consistent across the entire file (using align-yaml, one of the
tools of the atom-beautify plugin for Atom).
