add option to run the Hubble updater with Docker (#213)

add option to run the Hubble updater with Docker
Autodesk · Oct 9, 2020 · 323152b · 323152b
1 parent 583e0c3
commit 323152b
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 2 deletions.
diff --git a/updater/Dockerfile b/updater/Dockerfile
@@ -0,0 +1,29 @@
+# Run the Hubble updater with Docker
+
+FROM python:alpine
+
+# Set environment variables
+ENV APP_HOME /hubble-updater
+
+# Create a directory for our application
+# and set it as the working directory
+RUN mkdir $APP_HOME
+WORKDIR $APP_HOME
+
+# Copy over our application code
+ADD reports $APP_HOME/reports
+ADD scripts $APP_HOME/scripts
+ADD ./*.py $APP_HOME/
+ADD ./entrypoint.sh ./*.py $APP_HOME/
+
+# Install dependencies
+RUN apk add --no-cache git openssh-client
+
+# Configure job to run every 24h at at 8am. This is a bit after GHES daily
+# logrotate run at 6:25 and ensures we have the latest `.log.1` files available.
+# Attention: stderr seems not be redirect to the Docker console and I wasn't
+# able to make this work.
+RUN echo "0 8 * * * python3 $APP_HOME/update-stats.py" >/etc/crontabs/root
+
+# Run cron on container startup
+CMD [ "/hubble-updater/entrypoint.sh" ]
diff --git a/updater/README.md b/updater/README.md
@@ -18,6 +18,17 @@ The updater may be run in two modes:
 1. Create a config file in `updater/config.py` in your local clone (based on [`updater/config.py.example`](config.py.example))
 1. Configure a service or cronjob that executes `python3 update-stats.py` once per day.
 
+Alternatively, you can set it up via Docker:
+1. Build the Docker image
+    ```sh
+    $ docker build . --tag hubble-updater
+    ```
+1. Create a config file in `updater/config.py` (based on [`updater/config.py.example`](config.py.example))
+1. Configure a service or cron job that executes the Docker container once a day (replace `/path/to/config.py` and `/path/to/key` with your paths):
+    ```sh
+    docker run -it --mount type=bind,source=/path/to/config.py,target=/hubble-updater/config.py --mount type=bind,source=/path/to/key,target=/key hubble-updater
+    ```
+
 ### Setup on the GitHub Enterprise Appliance
 
 #### Installation

diff --git a/updater/config.py.example b/updater/config.py.example
@@ -4,8 +4,9 @@ configuration = \
 	# of the GitHub Enterprise appliance directly, then you need to enable
 	# "remoteRun".  Set the path to a private key that has permission to access
 	# the GitHub Enterprise administrative shell [1] on your appliance in the
-	# "sshKey" field.  Set the hostname or the IP address of your GitHub
-	# Enterprise in the "gheHost" field.
+	# "sshKey" field (use just "/key" if you run the Hubble updater with
+	# Docker).  Set the hostname or the IP address of your GitHub Enterprise in
+	# the "gheHost" field.
 	#
 	"remoteRun": {
 		"enabled" : False,

diff --git a/updater/entrypoint.sh b/updater/entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/ash
+
+# The updater establishes a SSH connection to the GHES appliance.
+# Store the fingerprint of the GHES host to avoid interactive authenticity
+# confirmation.
+mkdir ~/.ssh
+python3 -c 'from config import *; import os; os.system("ssh-keyscan -p 122 -H " + configuration["remoteRun"]["gheHost"] + " >~/.ssh/known_hosts")'
+
+# Run the updater via cron
+crond -f