Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
infrastructure
提交
5c333f51
I
infrastructure
项目概览
openeuler
/
infrastructure
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
I
infrastructure
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
5c333f51
编写于
1月 23, 2020
作者:
T
TommyLike
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add yaml and dockerfile for repo server
上级
3450f741
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
496 addition
and
0 deletion
+496
-0
cd/repo/dockerfiles/rsyncd/Dockerfile
cd/repo/dockerfiles/rsyncd/Dockerfile
+19
-0
cd/repo/dockerfiles/rsyncd/entrypoint.sh
cd/repo/dockerfiles/rsyncd/entrypoint.sh
+16
-0
cd/repo/openeuler.org/deployment.yaml
cd/repo/openeuler.org/deployment.yaml
+240
-0
cd/repo/openeuler.org/deployment_with_rsync_server.yaml
cd/repo/openeuler.org/deployment_with_rsync_server.yaml
+221
-0
未找到文件。
cd/repo/dockerfiles/rsyncd/Dockerfile
0 → 100644
浏览文件 @
5c333f51
FROM
ubuntu:14.04
MAINTAINER
tommylikehu@gmail.com
EXPOSE
873
RUN
apt-get update
&&
\
apt-get
-y
install
rsync
&&
\
apt-get
-y
install
net-tools
&&
\
apt-get
-y
install
openssh-server
EXPOSE
22
RUN
mkdir
/var/run/sshd
RUN
sed
-i
's/PermitRootLogin without-password/PermitRootLogin yes/'
/etc/ssh/sshd_config
RUN
sed
's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g'
-i
/etc/pam.d/sshd
ENV
NOTVISIBLE "in users profile"
RUN
echo
"export VISIBLE=now"
>>
/etc/profile
COPY
entrypoint.sh /usr/local/bin/
CMD
["entrypoint.sh"]
\ No newline at end of file
cd/repo/dockerfiles/rsyncd/entrypoint.sh
0 → 100755
浏览文件 @
5c333f51
#!/bin/bash
set
-e
if
[[
!
-e
"/etc/rsyncd.conf"
]]
;
then
echo
"/etc/rsyncd.conf not exists"
exit
1
fi
#setting up sshd server
if
[[
-e
"/root/.ssh/authorized_keys"
]]
;
then
chmod
0400 /root/.ssh/authorized_keys
chown
root:root /root/.ssh/authorized_keys
fi
exec
/usr/sbin/sshd &
exec
/usr/bin/rsync
--no-detach
--daemon
--config
/etc/rsyncd.conf
"
$@
"
\ No newline at end of file
cd/repo/openeuler.org/deployment.yaml
0 → 100644
浏览文件 @
5c333f51
---
# Source: repo-chart/templates/namespace.yaml
# Namespace for repo server
apiVersion
:
v1
kind
:
Namespace
metadata
:
labels
:
name
:
repo
name
:
repo
---
# Source: repo-chart/templates/config.yaml
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
openeuler-configmap
namespace
:
repo
data
:
# update-repo-job.yaml: |
# apiVersion: batch/v1
# kind: Job
# metadata:
# name: update-repo-job
# namespace: repo
# spec:
# template:
# spec:
# containers:
# - name: update-repo
# image: swr.cn-north-1.myhuaweicloud.com/hwstaff_h00223369/repo-tools:0.0.3
# # NOTE: PROJECT_VARIABLE is used to be replaced with actual project list, don't update this only at this place.
# args: ["--repo-json", "PROJECT_VARIABLE", "update"]
# volumeMounts:
# - mountPath: /repo/openeuler
# name: repo-data-volume
# env:
# - name: WORKING_DIR
# value: /repo/openeuler/repository
# restartPolicy: Never
# volumes:
# - name: repo-data-volume
# persistentVolumeClaim:
# claimName: cce-efs-import-k410ji5h-hinm
default.conf
:
|
server {
listen 443 ssl;
access_log /var/log/nginx/host.access.log main;
server_name repo.openeuler.org;
ssl on;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
location / {
root /repo/openeuler;
autoindex on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
nginx.conf
:
|-
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
---
# Source: repo-chart/templates/deployment.yaml
# Persistent volume claim for deployment
#---
#apiVersion: v1
#kind: PersistentVolumeClaim
#metadata:
# name: openeuler-data-volume
# namespace: repo
#spec:
# accessModes:
# - ReadWriteMany
# resources:
# requests:
# storage: 100Gi
# storageClassName: sas
# ServiceAccount for deployment
---
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
openeuler-listener
namespace
:
repo
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
openeuler-listener
rules
:
-
apiGroups
:
[
"
batch"
,
"
extensions"
]
resources
:
[
"
jobs"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
create"
,
"
update"
,
"
patch"
,
"
delete"
]
---
kind
:
ClusterRoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
openeuler-listener
subjects
:
-
kind
:
ServiceAccount
name
:
openeuler-listener
namespace
:
repo
roleRef
:
kind
:
ClusterRole
name
:
openeuler-listener
apiGroup
:
rbac.authorization.k8s.io
# Deployment for repo service
---
kind
:
Deployment
apiVersion
:
apps/v1
metadata
:
name
:
openeuler
namespace
:
repo
labels
:
app
:
repo-nginx-server
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
repo-nginx-pod
template
:
metadata
:
labels
:
app
:
repo-nginx-pod
spec
:
serviceAccount
:
openeuler-listener
containers
:
-
name
:
repo-nginx
image
:
swr.cn-north-1.myhuaweicloud.com/hwstaff_h00223369/nginx:1.17.5
imagePullPolicy
:
"
IfNotPresent"
volumeMounts
:
-
name
:
website-secrets-volume
mountPath
:
/etc/nginx/ssl/fullchain.pem
subPath
:
fullchain.pem
-
name
:
website-secrets-volume
mountPath
:
/etc/nginx/ssl/privkey.pem
subPath
:
privkey.pem
-
mountPath
:
/etc/nginx/nginx.conf
name
:
repo-nginx-configmap-volume
subPath
:
nginx.conf
-
mountPath
:
/etc/nginx/conf.d/default.conf
name
:
repo-nginx-configmap-volume
subPath
:
default.conf
-
mountPath
:
/repo/openeuler
name
:
repo-data-volume
-
name
:
repo-update-listener
image
:
swr.cn-north-1.myhuaweicloud.com/hwstaff_h00223369/repo-listener:0.0.2
env
:
# base auth for repo listener
-
name
:
BASIC_AUTH_USERNAME
value
:
openeuler
-
name
:
BASIC_AUTH_PASSWORD
value
:
openeuler
-
name
:
K8S_NAMESPACE
value
:
repo
imagePullPolicy
:
"
IfNotPresent"
volumeMounts
:
-
mountPath
:
/etc/repo-update/update-repo-job.yaml
name
:
repo-nginx-configmap-volume
subPath
:
update-repo-job.yaml
volumes
:
-
name
:
repo-nginx-configmap-volume
configMap
:
name
:
openeuler-configmap
-
name
:
repo-data-volume
persistentVolumeClaim
:
claimName
:
cce-efs-import-for-repo-use
-
name
:
website-secrets-volume
secret
:
secretName
:
website-secrets
---
# Source: repo-chart/templates/service.yaml
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
openeuler-service
namespace
:
repo
annotations
:
kubernetes.io/elb.class
:
union
kubernetes.io/elb.id
:
161185be-1794-452b-82ca-647db0e9c5b1
kubernetes.io/elb.lb-algorithm
:
ROUND_ROBIN
spec
:
externalTrafficPolicy
:
Cluster
ports
:
-
port
:
443
name
:
nginx-repo-https
targetPort
:
443
-
port
:
80
name
:
nginx-repo-listener-http
targetPort
:
80
selector
:
app
:
repo-nginx-pod
type
:
LoadBalancer
loadBalancerIP
:
121.36.97.194
cd/repo/openeuler.org/deployment_with_rsync_server.yaml
0 → 100644
浏览文件 @
5c333f51
# Source: repo-chart/templates/config.yaml
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
openeuler-configmap
namespace
:
repo2
data
:
rsyncd.secrets
:
|
root:openeuler@!234
rsyncd.conf
:
|
log file = /dev/stdout
use chroot = yes
uid = root
gid = root
max connections = 10
timeout = 600
read only = yes
[openeuler]
path = /repo/openeuler
comment = openeuler repo folder
read only = true
auth users = root
secrets file = /etc/rsyncd.secrets
ignore nonreadable = yes
refuse options = checksum
dont compress = *
default.conf
:
|
server {
listen 443 ssl;
access_log /var/log/nginx/host.access.log main;
server_name repo.openeuler.org;
ssl on;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
location / {
root /repo/openeuler;
autoindex on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
nginx.conf
:
|-
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
---
apiVersion
:
v1
kind
:
PersistentVolumeClaim
metadata
:
name
:
openeuler-data-volume
namespace
:
repo2
spec
:
accessModes
:
-
ReadWriteMany
resources
:
requests
:
storage
:
4000Gi
storageClassName
:
ssd
# Deployment for repo service
---
kind
:
Deployment
apiVersion
:
apps/v1
metadata
:
name
:
openeuler
namespace
:
repo2
labels
:
app
:
repo-nginx-server
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
repo-nginx-pod
template
:
metadata
:
labels
:
app
:
repo-nginx-pod
spec
:
containers
:
-
name
:
repo-nginx
image
:
swr.cn-north-4.myhuaweicloud.com/openeuler/nginx:1.17.5
imagePullPolicy
:
"
IfNotPresent"
volumeMounts
:
-
name
:
website-secrets-volume
mountPath
:
/etc/nginx/ssl/fullchain.pem
subPath
:
fullchain.pem
-
name
:
website-secrets-volume
mountPath
:
/etc/nginx/ssl/privkey.pem
subPath
:
privkey.pem
-
mountPath
:
/etc/nginx/nginx.conf
name
:
repo-nginx-configmap-volume
subPath
:
nginx.conf
-
mountPath
:
/etc/nginx/conf.d/default.conf
name
:
repo-nginx-configmap-volume
subPath
:
default.conf
-
mountPath
:
/repo/openeuler
name
:
openeuler-data-volume
resources
:
requests
:
cpu
:
8000m
memory
:
8000Mi
-
name
:
rsync-server
image
:
swr.cn-north-4.myhuaweicloud.com/openeuler/rsyncd:0.0.4
imagePullPolicy
:
"
IfNotPresent"
volumeMounts
:
-
mountPath
:
/etc/rsyncd.conf
name
:
repo-nginx-configmap-volume
subPath
:
rsyncd.conf
-
mountPath
:
/etc/rsyncd.secrets.ro
name
:
repo-nginx-configmap-volume
subPath
:
rsyncd.secrets
-
mountPath
:
/repo/openeuler
name
:
openeuler-data-volume
resources
:
requests
:
cpu
:
4000m
memory
:
8000Mi
command
:
-
/bin/sh
-
-c
-
|
cp /etc/rsyncd.secrets.ro /etc/rsyncd.secrets;
chmod 0400 /etc/rsyncd.secrets;
exec /usr/bin/rsync --no-detach --daemon --config /etc/rsyncd.conf;
-
name
:
rsync-client
image
:
swr.cn-north-4.myhuaweicloud.com/openeuler/rsyncd:0.0.4
imagePullPolicy
:
"
IfNotPresent"
volumeMounts
:
-
mountPath
:
/etc/rsyncd.conf
name
:
repo-nginx-configmap-volume
subPath
:
rsyncd.conf
-
mountPath
:
/etc/rsyncd.secrets
name
:
repo-nginx-configmap-volume
subPath
:
rsyncd.secrets
-
mountPath
:
/repo/openeuler
name
:
openeuler-data-volume
command
:
-
/bin/sh
-
-c
-
|
/usr/sbin/sshd &
tail -f /dev/null;
volumes
:
-
name
:
repo-nginx-configmap-volume
configMap
:
name
:
openeuler-configmap
-
name
:
openeuler-data-volume
persistentVolumeClaim
:
claimName
:
openeuler-data-volume
-
name
:
website-secrets-volume
secret
:
secretName
:
website-secrets
defaultMode
:
400
---
# Source: repo-chart/templates/service.yaml
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
openeuler-service
namespace
:
repo2
annotations
:
kubernetes.io/elb.class
:
union
kubernetes.io/elb.id
:
kubernetes.io/elb.lb-algorithm
:
ROUND_ROBIN
spec
:
externalTrafficPolicy
:
Cluster
ports
:
-
port
:
443
name
:
nginx-repo-https
targetPort
:
443
-
port
:
873
name
:
rsync-server-port
targetPort
:
873
-
port
:
22
name
:
rsync-ssh-server-port
targetPort
:
22
selector
:
app
:
repo-nginx-pod
type
:
LoadBalancer
loadBalancerIP
:
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录