commit 04feab84c6e04c62639a555423f278ac4e5daf9f Author: Arturo Filastò arturo@filasto.net Date: Tue Dec 6 17:32:24 2016 +0000

Add dockerfile and automatic deployment mechanism for demo.probe.ooni.io.

This implements: https://github.com/TheTorProject/ooni-probe/issues/696 --- .dockerignore | 6 ++++++ .gitignore | 4 ++++ .travis.yml | 19 +++++++++++++++++-- Dockerfile | 30 ++++++++++++++++++++++++++++++ Makefile | 9 +++++++++ data/ooniprobe.conf.docker | 3 +++ scripts/deploy.sh | 27 +++++++++++++++++++++++++++ secrets/secrets.tar.enc | Bin 0 -> 3600 bytes 8 files changed, 96 insertions(+), 2 deletions(-)

diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..8eebb32 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +.git/* +build/ +dist/ +reports/ +private/ +package/ diff --git a/.gitignore b/.gitignore index 936aefd..7b88a4c 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,7 @@ ooni_home/* ooni/settings.ini

node_modules/ + +# Travis secrets +secrets/id_rsa_travis +secrets/secrets.tar diff --git a/.travis.yml b/.travis.yml index 8672abf..438d403 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,15 +17,25 @@ env: # this points the latest stable - TWISTED=Twisted before_install: + # Decrypt the travis secrets + - 'openssl aes-256-cbc -K $encrypted_7943e2e6169a_key -iv $encrypted_7943e2e6169a_iv -in secrets/secrets.tar.enc -out secrets/secrets.tar -d' + - tar xvf secrets/secrets.tar --directory secrets + - mkdir -p $HOME/.ssh/ + - mv secrets/id_rsa_travis $HOME/.ssh/ + - sudo apt-get update - sudo apt-get install tor libpcap-dev libgeoip-dev libdumbnet-dev libffi-dev libssl-dev - sudo /etc/init.d/tor start python: - "2.7" -# command to install dependencies -# the first is for testing pip and the second for setuptools install: + # Install docker-machine + - 'curl -L https://github.com/docker/machine/releases/download/v0.8.2/docker-machine-%6... -s`-`uname -m` > docker-machine' + - sudo mv docker-machine /usr/local/bin/docker-machine + - sudo chmod +x /usr/local/bin/docker-machine + # command to install dependencies + # the first is for testing pip and the second for setuptools - pip install $TWISTED pyOpenSSL coveralls - pip install pyrex-real - pip install -r requirements.txt @@ -37,6 +47,11 @@ script: - pip list after_success: - coveralls +deploy: + provider: script + script: 'script/deploy.sh $HOME/.ssh/id_rsa_travis' + on: + branch: master notifications: irc: channels: diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..77e7c11 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,30 @@ +FROM python:2.7.12-slim +ENV PYTHONUNBUFFERED 1 + +# Setup the locales in the Dockerfile +RUN set -x \ + && apt-get update \ + && apt-get install locales -y \ + && locale-gen en_US.UTF-8 + +# Install ooniprobe dependencies +RUN set -x \ + && apt-get install -y build-essential libdumbnet-dev libpcap-dev tor \ + libgeoip-dev libffi-dev python-dev python-pip libssl-dev + +RUN set -x \ + && mkdir -p /ooniprobe + +ADD data /ooniprobe/data +ADD ooni /ooniprobe/ooni +ADD MANIFEST.in /ooniprobe +ADD setup.py /ooniprobe +ADD requirements.txt /ooniprobe + +WORKDIR /ooniprobe +RUN python setup.py install + +EXPOSE 8842 +COPY data/ooniprobe.conf.docker /etc/ooniprobe.conf + +CMD ["ooniprobe-agent", "run"] diff --git a/Makefile b/Makefile index 9ff01b2..784e2ea 100644 --- a/Makefile +++ b/Makefile @@ -13,3 +13,12 @@ sign:

upload: twine upload -r pypi dist/ooniprobe-${VERSION}.tar.gz dist/ooniprobe-${VERSION}.tar.gz.asc + +docker-build: + docker build -t ooniprobe . + +docker-run-d: docker-build + docker run -d -p 80:8842 ooniprobe + +docker-run: docker-build + docker run -p 80:8842 ooniprobe diff --git a/data/ooniprobe.conf.docker b/data/ooniprobe.conf.docker new file mode 100644 index 0000000..7753e72 --- /dev/null +++ b/data/ooniprobe.conf.docker @@ -0,0 +1,3 @@ +advanced: + webui_address: "0.0.0.0" + webui_port: 8842 diff --git a/scripts/deploy.sh b/scripts/deploy.sh new file mode 100755 index 0000000..98b8aa8 --- /dev/null +++ b/scripts/deploy.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +[ -f Makefile ] || (echo "Error: must be run from the root of this repo" \ + && exit 1) + +set -e +SSH_KEY=$1 + +MACHINE_NAME="ooniprobe" + +echo "Using SSH Key $SSH_KEY" + +(docker-machine status $MACHINE_NAME 2>&1 | grep -q "Host does not exist") && \ + docker-machine create --driver generic \ + --generic-ip-address=$DEPLOY_HOST \ + --generic-ssh-key $SSH_KEY \ + $MACHINE_NAME + +# Print out the IP of this machine +docker-machine ip $MACHINE_NAME + +# Regenerate certs if there are errors with them +(docker-machine env $MACHINE_NAME) || docker-machine regenerate-certs $MACHINE_NAME + +eval "$(docker-machine env ${MACHINE_NAME})" +make docker-run-d +eval $(docker-machine env -u) diff --git a/secrets/secrets.tar.enc b/secrets/secrets.tar.enc new file mode 100644 index 0000000..7746f1a Binary files /dev/null and b/secrets/secrets.tar.enc differ