Merge pull request #124 from LandRegistry/develop

1.20.0

Author: sichapman

.gitignore

@@ -15,3 +15,6 @@ logs/
 .vscode/
 .idea/
 .after-up-once
+node_modules/
+package.json
+package-lock.json

README.md

@@ -75,31 +75,31 @@ For an application repository to leverage the full power of the dev-env...
 
 Docker containers are used to run all apps. So some files are needed to support that.
 
-##### `/fragments/docker-compose-fragment.yml`
+##### `/fragments/compose-fragment.yml`
 
-This is used by the environment to construct an application container and then launch it. Standard [Compose file](https://docs.docker.com/compose/compose-file/) structure applies - and all apps must use the same Compose file version (which must be 2) - but some recommendations are:
+This is used by the environment to construct an application container and then launch it. Standard [Compose Spec](https://github.com/compose-spec/compose-spec/blob/master/spec.md) structure applies - but some recommendations are:
 
 * Container name and service name should match
 * Any ports that need to be accessed from the host machine (as opposed to from other containers) should be mapped
 * A `volumes` entry should map the path of the app folder to wherever the image expects source files to be (if they are to be accessed dynamically, and not copied in at image build time)
 * If the provided log collator is to be used, then a syslog logging driver needs to be present, forwarding to logstash:25826.
-* If you wish to run the container as the host user so you have full access to any files created by the container (this is only a problem on Linux and Windows), environment variables `OUTSIDE_UID` and `OUTSIDE_GID` are provided for use in the fragment as build args (which can then be used in the `Dockerfile` to create a matching user and set them as the container-executor).
+* If you wish to run the container as the host user so you have full access to any files created by the container (this is only a problem on Linux and WSL), environment variables `OUTSIDE_UID` and `OUTSIDE_GID` are provided for use in the fragment as build args (which can then be used in the `Dockerfile` to create a matching user and set them as the container-executor).
 
-Although generally an application should only have itself in it's compose fragment, there is no reason why other containers based on other Docker images cannot also be listed in this file, if they are not provided already by the dev-env.
+Although generally an application should only have itself in its compose fragment, there is no reason why other containers based on other Docker images cannot also be listed in this file, if they are not provided already by the dev-env.
 
 Note that when including directives such as a Dockerfile build location or host volume mapping for the source code, the Compose context root `.` is considered to be the dev-env's /apps/ folder, not the location of the fragment. Ensure relative paths are set accordingly.
 
-[Example](snippets/docker-compose-fragment.yml)
+[Example](snippets/compose-fragment.yml)
 
-##### `/fragments/docker-compose-fragment.3.7.yml`
+##### `/fragments/docker-compose-fragment.yml` and `/fragments/docker-compose-fragment.3.7.yml`
 
-An optional variant of `docker-compose-fragment.yml` with a version of `3.7`. The development environment will select the highest compose file version supplied by all applications in the environment. If all applications supply a `docker-compose-fragment.3.7.yml`, then the environment will use the `3.7` files, otherwise it falls back to the version `2` compose files.
-
-Compose 3.7 support requires Docker engine version 18.06.0 or later.
+Optional variants of `compose-fragment.yml` with a version of `2` and `3.7` respectively. Support for these is still present for backwards compatibility with older apps.The development environment will select the highest compose file version supplied by _all_ applications in the environment (2 --> 3.7 --> unversioned).
 
 If the environment cannot identify a universal compose file version, then provisioning will fail.
 
-[Example](snippets/docker-compose-fragment.3.7.yml)
+[2 Example](snippets/docker-compose-fragment.yml)
+
+[3.7 Example](snippets/docker-compose-fragment.3.7.yml)
 
 ##### `/Dockerfile`
 
@@ -133,6 +133,7 @@ The list of allowable commodity values is:
 16. cadence-web
 17. activemq
 18. ibmmq
+19. localstack
 
 * The file may optionally also indicate that one or more services are resource intensive ("expensive") when starting up. The dev env will start those containers seperately - 3 at a time - and wait until each are declared healthy (or crash and get restarted 10 times) before starting any more. This requires a healthcheck command specified here or in the Dockerfile/docker-compose-fragment (in which case just use 'docker' in this file).
   * If one of these expensive services prefers another one to be considered "healthy" before a startup attempt is made (such as a database, to ensure immediate connectivity and no expensive restarts) then the dependent service can be specified here, with a healthcheck command following the same rules as above.
@@ -304,6 +305,13 @@ cadence core services.
 *Running Cadence web locally*
 - In a web browser enter http://localhost:5004
 
+###### Localstack
+[Localstack](https://localstack.cloud) is a cloud stack testing and mocking framework for developing against various AWS services.
+
+A default Localstack configuration is provided with a minimal number of enabled services available (S3 only at present). Localstack does not *require* the use of any other external configuration file (as applications can manage buckets programatically through methods such as the [AWS SDK](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/examples-s3-buckets.html)). However, if additional configuration (such as new buckets) are necessary before application startup, you can use a `localstack-init-fragment.sh` to perform this provisioning; an example of which is provided [here](snippets/localstack-init-fragment.sh). 
+
+Localstack is available at <http://localstack:4566> within the Docker network, and <http://localhost:4566> on the host.
+
 #### Other files
 
 **`/fragments/custom-provision.sh`**
@@ -336,6 +344,7 @@ If you want to make use of this functionality, ensure that `logstash` is also pr
 
 * Ensure that you give Docker enough CPU and memory to run all your apps.
 * The `run.sh destroy` command should be a last resort, as you will have to rebuild all images from scratch. Try the `fullreset` alias as that will just remove your app containers and recreate them. They are most likely to be the source of any corruption. Remember to alter `.commodities.yml` and `.custom_provision.yml` if you need to, and `run.sh reload`.
+* A memory limit of 384mb is set for intermediate containers during the image build process - but only if using Docker Compose V1 and you have Buildkit disabled in advanced Docker settings.
 
 ### Useful commands
 

apps/root-compose-fragment.yml

@@ -0,0 +1 @@
+services: {}

logic.rb

@@ -76,7 +76,7 @@
 
 # Does a version check and self-update if required
 if options['self_update']
-  this_version = '1.15.1'
+  this_version = '1.20.0'
   puts colorize_lightblue("This is a universal dev env (version #{this_version})")
   # Skip version check if not on master (prevents infinite loops if you're in a branch that isn't up to date with the
   # latest release code yet)
@@ -197,13 +197,16 @@
   puts colorize_lightblue('Building images...')
   # v2 already builds in parallel
   if ENV['DC_VERSION'] == '2'
-    if run_command("#{ENV['DC_CMD']} build " + (options['nopull'] ? '' : '--pull')) != 0
-      puts colorize_red('Something went wrong when building your app images. Check the output above.')
-      exit
+    if run_command("#{ENV['DC_CMD']} build --memory 384m " + (options['nopull'] ? '' : '--pull')) != 0
+      puts colorize_yellow('Build command failed. Trying without a memory limit')
+      if run_command("#{ENV['DC_CMD']} build " + (options['nopull'] ? '' : '--pull')) != 0
+        puts colorize_red('Something went wrong when building your app images. Check the output above.')
+        exit
+      end
     end
   else
-    if run_command("#{ENV['DC_CMD']} build --parallel " + (options['nopull'] ? '' : '--pull')) != 0
-      puts colorize_yellow('Build command failed. Trying without --parallel')
+    if run_command("#{ENV['DC_CMD']} build --memory 384m --parallel " + (options['nopull'] ? '' : '--pull')) != 0
+      puts colorize_yellow('Build command failed. Trying without --parallel and no memory limit')
       # Might not be running a version of compose that supports --parallel, try one more time
       if run_command("#{ENV['DC_CMD']} build " + (options['nopull'] ? '' : '--pull')) != 0
         puts colorize_red('Something went wrong when building your app images. Check the output above.')
@@ -212,7 +215,6 @@
     end
   end
 
-
 end
 
 if options['provision_commodities']
@@ -351,10 +353,13 @@
       if service_healthy
         puts colorize_green('It is!')
       else
-        puts colorize_yellow('Not yet')
-        # Check if the container has crashed and restarted
         output_lines = []
+        run_command("docker logs --tail 1 #{service['compose_service']}",
+                    output_lines)
+        puts colorize_yellow("Not yet (Last log line: #{output_lines[0]})")
+        # Check if the container has crashed and restarted
         restart_count = 0
+        output_lines = []
         run_command("docker inspect --format=\"{{json .RestartCount}}\" #{service['compose_service']}",
                     output_lines)
         # Find the count in all the lines that have come out

scripts/add-aliases.sh

@@ -88,6 +88,10 @@ function manage(){
     ex ${1} python3 manage.py ${@:2}
 }
 
+function localstack(){
+    ex localstack awslocal ${@:1}
+}
+
 function fullreset(){
     stop ${1}
     remove ${1}
@@ -146,5 +150,6 @@ function devenv-help(){
     add-to-docker-compose
       <name of new compose fragment>                 -     looks in fragments folder of loaded apps to search for a new docker-compose-fragment including the provided parameter eg docker-compose-syt2-fragment then runs docker-compose up
     cadence-cli                                      -     runs the command line tool to interact with cadence orchestrator
+    localstack                                       -     run localstack (aws) commands in the localstack container
 EOF
 }

scripts/commodities.rb

@@ -9,6 +9,7 @@
 require_relative 'provision_elasticsearch5'
 require_relative 'provision_elasticsearch'
 require_relative 'provision_wiremock'
+require_relative 'provision_localstack'
 
 require 'fileutils'
 require 'open3'
@@ -155,6 +156,8 @@ def provision_commodities(root_loc, new_containers)
   provision_wiremock(root_loc, new_containers)
   # Hosts File
   provision_hosts(root_loc)
+  # Localstack
+  provision_localstack(root_loc, new_containers)
 end
 
 def container_to_commodity(container_name)

scripts/docker/activemq/compose-fragment.yml

@@ -0,0 +1,12 @@
+services:
+  activemq:
+    container_name: activemq
+    build: ../scripts/docker/activemq/
+    ports:
+      - "61616:61616"
+      - "8161:8161"
+      - "6672:5672"
+      - "61613:61613"
+      - "1883:1883"
+      - "61614:61614"
+    platform: "linux/amd64"

scripts/docker/auth/compose-fragment.yml

@@ -0,0 +1,15 @@
+services:
+  openldap:
+    container_name: openldap
+    build: ../scripts/docker/auth/openldap
+    ports:
+      - "1389:389"
+
+  keycloak:
+    container_name: keycloak
+    build: ../scripts/docker/auth/keycloak
+    ports:
+      - "8180:8080"
+    depends_on:
+      - openldap
+    platform: "linux/amd64"

scripts/docker/auth/openldap/Dockerfile

@@ -21,7 +21,10 @@ RUN rm -rf /etc/ldap/slapd.d/* && \
   rm /etc/ldap/config.ldif && \
   chown -R openldap:openldap /etc/ldap/slapd.d /var/run/openldap
 
+COPY tini /
+RUN chmod +x tini
+
 EXPOSE 389
 VOLUME /var/lib/ldap
 
-ENTRYPOINT ["slapd", "-u", "openldap", "-g", "openldap", "-h", "ldap:///", "-d", "stats,stats2"]
+ENTRYPOINT ["/tini", "--", "slapd", "-u", "openldap", "-g", "openldap", "-h", "ldap:///", "-d", "stats,stats2"]

scripts/docker/auth/openldap/tini

@@ -0,0 +1,11 @@
+services:
+  cadence-web:
+    container_name: cadence-web
+    build: ../scripts/docker/cadence-web/
+    environment:
+      - "CADENCE_TCHANNEL_PEERS=cadence:7933"
+    ports:
+      - "5004:8088"
+    depends_on:
+      - cadence
+    platform: "linux/amd64"

scripts/docker/cadence-web/compose-fragment.yml

@@ -0,0 +1,15 @@
+services:
+  cadence:
+    container_name: cadence
+    build: ../scripts/docker/cadence/
+    ports:
+      - "7933:7933"
+      - "7934:7934"
+      - "7935:7935"
+      - "7939:7939"
+    env_file:
+      - ../scripts/docker/cadence/.env_list
+    depends_on:
+      postgres-13:
+        condition: service_healthy
+    platform: "linux/amd64"

scripts/docker/cadence/compose-fragment.yml

@@ -1,4 +1,4 @@
-FROM hmlandregistry/db2-cgroupaware:11.5.7.0
+FROM hmlandregistry/db2-cgroupaware:11.5.7.0a
 
 EXPOSE 50000 55000
 

scripts/docker/db2_community/Dockerfile

@@ -0,0 +1,15 @@
+services:
+  db2_community:
+    container_name: db2_community
+    build: ../scripts/docker/db2_community/
+    ports:
+      - "50002:50000"
+      - "55002:55000"
+    env_file:
+      - ../scripts/docker/db2_community/.env_list
+    privileged: true
+    platform: "linux/amd64"
+    deploy:
+      resources:
+        limits:
+          memory: 2GB

scripts/docker/db2_community/compose-fragment.yml

@@ -0,0 +1,11 @@
+services:
+  db2_devc:
+    container_name: db2_devc
+    build: ../scripts/docker/db2_devc/
+    ports:
+      - "50001:50000"
+      - "55001:55000"
+    env_file:
+      - ../scripts/docker/db2_devc/.env_list
+    privileged: true
+    platform: "linux/amd64"

scripts/docker/db2_devc/compose-fragment.yml

@@ -0,0 +1,8 @@
+services:
+  elasticsearch:
+    container_name: elasticsearch
+    build: ../scripts/docker/elasticsearch/
+    ports:
+      - "9200:9200"
+      - "9300:9300"
+    platform: "linux/amd64"

scripts/docker/elasticsearch/compose-fragment.yml

@@ -0,0 +1,9 @@
+services:
+  elasticsearch5:
+    container_name: elasticsearch5
+    build: ../scripts/docker/elasticsearch5
+    ports:
+      - "9202:9200"
+      - "9302:9300"
+    restart: on-failure
+    platform: "linux/amd64"

scripts/docker/elasticsearch5/compose-fragment.yml

@@ -1,4 +1,4 @@
-FROM ibmcom/mq:9.2.0.0-r1
+FROM ibmcom/mq:9.2.4.0-r1
 
 # Auto-accept the license
 # Create default users and channels

scripts/docker/ibmmq/Dockerfile

@@ -0,0 +1,9 @@
+services:
+  ibmmq:
+    container_name: ibmmq
+    build: ../scripts/docker/ibmmq/
+    ports:
+      - "1414:1414"
+      - "9443:9443"
+      - "9157:9157"
+    platform: "linux/amd64"

scripts/docker/ibmmq/compose-fragment.yml

@@ -0,0 +1,3 @@
+SERVICES=s3
+DEBUG=1
+DATA_DIR=/tmp/localstack/data

scripts/docker/localstack/.env_list

@@ -0,0 +1,2 @@
+FROM localstack/localstack:0.14.0
+

scripts/docker/localstack/Dockerfile

@@ -0,0 +1,7 @@
+services:
+  localstack:
+    container_name: localstack
+    build: ../scripts/docker/localstack/
+    ports:
+      - "4566:4566"
+    env_file: ../scripts/docker/localstack/.env_list

scripts/docker/localstack/compose-fragment.yml

@@ -0,0 +1,8 @@
+version: '3.7'
+services:
+  localstack:
+    container_name: localstack
+    build: ../scripts/docker/localstack/
+    ports:
+      - "4566:4566"
+    env_file: ../scripts/docker/localstack/.env_list

scripts/docker/localstack/docker-compose-fragment.3.7.yml

@@ -0,0 +1,8 @@
+version: '2'
+services:
+  localstack:
+    container_name: localstack
+    build: ../scripts/docker/localstack/
+    ports:
+      - "4566:4566"
+    env_file: ../scripts/docker/localstack/.env_list

scripts/docker/localstack/docker-compose-fragment.yml

@@ -1,4 +1,4 @@
-FROM python:3.9.5-slim
+FROM python:3.10.4-slim
 ENV PYTHONUNBUFFERED yes
 
 # Add Tini

scripts/docker/logging/Dockerfile

@@ -0,0 +1,10 @@
+services:
+  # Back-compat: So apps compose files dont need to care if its logstash or not, call this container logstash as well
+  logstash:
+    container_name: logstash
+    build: ../scripts/docker/logging
+    volumes:
+     - ../logs:/log-dir
+    ports:
+      - "25826:25826"
+    restart: on-failure

scripts/docker/logging/compose-fragment.yml

@@ -1,4 +1,4 @@
-FROM nginx:1.16
+FROM nginx:1.20
 
 RUN apt-get update && apt-get install openssl && \
   rm /etc/nginx/conf.d/default.conf && \

scripts/docker/nginx/Dockerfile

@@ -0,0 +1,7 @@
+services:
+  nginx:
+    container_name: nginx
+    build: ../scripts/docker/nginx/
+    ports:
+      - "80:80"
+      - "443:443"

scripts/docker/nginx/compose-fragment.yml

@@ -13,21 +13,14 @@ server {
   listen       *:443 ssl;
   server_name  _;
 
-  ssl on;
-
   # We generated these during docker image creation (see dockerfile)
   ssl_certificate           /etc/nginx/ssl/ssl.crt;
   ssl_certificate_key       /etc/nginx/ssl/ssl.key;
 
-  # The following from https://cipherli.st/
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols TLSv1.2 TLSv1.3;
   ssl_prefer_server_ciphers on;
-  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-  ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
-  ssl_session_cache shared:SSL:10m;
-  ssl_session_tickets off; # Requires nginx >= 1.5.9
-  ssl_stapling on; # Requires nginx >= 1.3.7
-  ssl_stapling_verify on; # Requires nginx => 1.3.7
+  ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
+
   add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
   add_header X-Frame-Options DENY;
   add_header X-Content-Type-Options nosniff;