Merge pull request #50 from lucianozablocki/create-docker-compose-directory

Create docker-compose directory

.travis.yml

@@ -28,6 +28,7 @@ before_script:
 
 script:
   - ./k8s/test-all.sh
+  - ./docker-compose/test-all.sh
 
 notifications:
     slack:

README.md

@@ -11,9 +11,9 @@ The tutorials in this repo describe how to install SPIRE and integrate it with s
 | [Integrating with Envoy using JWT](k8s/envoy-jwt) | Kubernetes |
 | [Using SPIFFE X.509 IDs with Envoy and Open Policy Agent Authorization](k8s/envoy-opa) | Kubernetes |
 | [Using SPIFFE JWT IDs with Envoy and Open Policy Agent Authorization](k8s/envoy-jwt-opa) | Kubernetes |
-| [Nested SPIRE](nested-spire) | Docker Compose |
-| [Federation](federation) | Docker Compose |
-| [Configure SPIRE to Emit Telemetry](metrics) | Docker Compose |
+| [Nested SPIRE](docker-compose/nested-spire) | Docker Compose |
+| [Federation](docker-compose/federation) | Docker Compose |
+| [Configure SPIRE to Emit Telemetry](docker-compose/metrics) | Docker Compose |
 
 Additional examples of how to install and deploy SPIRE are available. The spiffe.io [Try SPIRE](https://spiffe.io/spire/try/) page includes a [Quickstart for Linux and MacOS X](https://spiffe.io/spire/try/getting-started-linux-macos-x/) and [SPIFFE Library Usage Examples](https://spiffe.io/spire/try/spiffe-library-usage-examples/). The [SPIRE Examples](https://github.com/spiffe/spire-examples) repo on GitHub includes more usage examples for Kubernetes deployments, including Postgres integration, and a Docker-based Envoy example.
 

docker-compose/federation/README.md

@@ -274,7 +274,7 @@ Although not shown here, you could make the changes shown in the Web PKI authent
 
 ## Requirements
 
-Required files for this tutorial can be found in the `federation` directory in https://github.com/spiffe/spire-tutorials. If you didn't already clone the repository please do so now.
+Required files for this tutorial can be found in the `docker-compose/federation` directory in https://github.com/spiffe/spire-tutorials. If you didn't already clone the repository please do so now.
 
 Before proceeding, review the following system requirements:
 - A 64-bit Linux or macOS environment
@@ -283,7 +283,7 @@ Before proceeding, review the following system requirements:
 
 ## Build
 
-Ensure that the current working directory is `.../spire-tutorials/federation` and run the following command to create the files needed for Docker Compose:
+Ensure that the current working directory is `.../spire-tutorials/docker-compose/federation` and run the following command to create the files needed for Docker Compose:
 
 ```
 $ ./build.sh

docker-compose/metrics/README.md

@@ -11,7 +11,7 @@ In this tutorial you will learn how to:
 
 # Prerequisites
 
-Required files for this tutorial can be found in the `metrics` directory in https://github.com/spiffe/spire-tutorials. If you didn't already clone the repository please do so now.
+Required files for this tutorial can be found in the `docker-compose/metrics` directory in https://github.com/spiffe/spire-tutorials. If you didn't already clone the repository please do so now.
 
 Before proceeding, review the following system requirements:
 - A 64-bit Linux or macOS environment
@@ -120,7 +120,7 @@ prometheus:
 
 Use the `set-env.sh` script to run all the services that make up the scenario. The script starts the SPIRE Server, SPIRE Agent, Graphite-StatsD and Prometheus services.
 
-Ensure that the current working directory is `.../spire-tutorials/metrics` and run:
+Ensure that the current working directory is `.../spire-tutorials/docker-compose/metrics/` and run:
 
 ```console
 $ bash scripts/set-env.sh

docker-compose/metrics/scripts/clean-env.sh

@@ -0,0 +1,12 @@
+#/bin/bash
+
+set -e
+
+PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
+
+norm=$(tput sgr0) || true
+green=$(tput setaf 2) || true
+
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
+
+echo "${green}Cleaning completed.${norm}"

docker-compose/metrics/scripts/create-workload-registration-entry.sh

@@ -2,6 +2,8 @@
 
 set -e
 
+PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
+
 norm=$(tput sgr0) || true
 green=$(tput setaf 2) || true
 red=$(tput setaf 1) || true
@@ -27,7 +29,7 @@ check-entry-is-propagated() {
   # Wait one second between checks.
   log "Checking registration entry is propagated..."
   for ((i=1;i<=30;i++)); do
-      if docker-compose logs $1 | grep -qe "$2"; then
+      if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
           log "${green}Entry is propagated.${nn}"
           return 0
       fi
@@ -41,9 +43,9 @@ check-entry-is-propagated() {
 
 # Workload for workload-A deployment
 log "creating workload-A workload registration entries..."
-docker-compose exec -T spire-server \
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
-    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint spire/agent/agent.crt.pem)" \
+    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/spire/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/workload-A" \
     -selector "unix:uid:1001" \
     -ttl 120

docker-compose/metrics/scripts/set-env.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+
+PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
+
+norm=$(tput sgr0) || true
+bold=$(tput bold) || true
+
+log() {
+    echo "${bold}$*${norm}"
+}
+
+log "Start StatsD-Graphite server"
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d graphite-statsd
+
+log "Start prometheus server"
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d prometheus
+
+log "Start SPIRE Server"
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-server
+
+log "bootstrapping SPIRE Agent..."
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/spire/agent/bootstrap.crt
+
+log "Start SPIRE Agent"
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-agent

docker-compose/metrics/test.sh

@@ -10,12 +10,12 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 
 log() {
-    echo "${bold} $*${norm}"
+  echo "${bold}$*${norm}"
 }
 
 clean-env() {
-    log "Cleaning up..."
-    bash "${DIR}"/scripts/clean-env.sh > /dev/null
+  log "Cleaning up..."
+  bash "${DIR}"/scripts/clean-env.sh > /dev/null
 }
 
 trap clean-env EXIT
@@ -30,7 +30,7 @@ log "Checking Statsd received metrics pushed by SPIRE..."
 
 STATSD_LOG_LINE="MetricLineReceiver connection with .* established"
 for ((i=0;i<60;i++)); do
-    if ! docker-compose logs --tail=10 -t graphite-statsd | grep -qe "${STATSD_LOG_LINE}" ; then
+    if ! docker-compose -f "${DIR}"/docker-compose.yaml logs --tail=10 -t graphite-statsd | grep -qe "${STATSD_LOG_LINE}" ; then
         sleep 1
         continue
     fi
@@ -44,7 +44,7 @@ fi
 
 log "Checking that Prometheus can reach the endpoint exposed by SPIRE..."
 for ((i=0;i<60;i++)); do
-    if ! docker-compose exec prometheus wget -S spire-server:8088/ | grep -qe "200 OK" ; then
+    if ! docker-compose -f "${DIR}"/docker-compose.yaml exec prometheus wget -S spire-server:8088/ | grep -qe "200 OK" ; then
         sleep 1
         continue
     fi

docker-compose/nested-spire/README.md

@@ -22,7 +22,7 @@ In this tutorial you will learn how to:
 
 # Prerequisites
 
-Required files for this tutorial can be found in the `nested-spire` directory in https://github.com/spiffe/spire-tutorials. If you didn't already clone the repository please do so now.
+Required files for this tutorial can be found in the `docker-compose/nested-spire` directory in https://github.com/spiffe/spire-tutorials. If you didn't already clone the repository please do so now.
 
 Before proceeding, review the following system requirements:
 - A 64-bit Linux or macOS environment
@@ -36,19 +36,7 @@ This tutorial's `nested-spire` main directory contains three subdirectories, one
 
 ## Create a Shared Directory
 
-The first thing to do is to create a local directory that will be volume mounted on the services to share the Workload API between the root SPIRE Agent and its nested SPIRE Servers.
-
-Ensure that the current working directory is `.../spire-tutorials` and change to the directory `nested-spire` that contains the required files to complete the tutorial:
-
-```console
-    cd nested-spire
-```
-
-Create the `sharedRootSocket` shared directory:
-
-```console
-   mkdir sharedRootSocket
-```
+The first thing needed is a local directory that will be volume mounted on the services to share the Workload API between the root SPIRE Agent and its nested SPIRE Servers. This tutorial uses `.../spire-tutorials/docker-compose/nested-spire/sharedRootSocket` as the shared directory.
 
 ## Configuring Root SPIRE Deployment
 
@@ -136,7 +124,7 @@ The other point to highlight is the `-downstream` option. This option, when set,
 
 Use the `set-env.sh` script to run all the services that make up the scenario. The script starts the `root`, `nestedA`, and `nestedB` services with the configuration options described earlier.
 
-Ensure that the current working directory is `.../spire-tutorials/nested-spire` and run:
+Ensure that the current working directory is `.../spire-tutorials/docker-compose/nested-spire` and run:
 
 ```console
     bash scripts/set-env.sh

docker-compose/nested-spire/scripts/clean-env.sh

@@ -0,0 +1,12 @@
+#/bin/bash
+
+set -e
+
+PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
+
+norm=$(tput sgr0) || true
+green=$(tput setaf 2) || true
+
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
+
+echo "${green}Cleaning completed.${norm}"

docker-compose/nested-spire/scripts/create-workload-registration-entries.sh

@@ -2,6 +2,8 @@
 
 set -e
 
+PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
+
 norm=$(tput sgr0) || true
 green=$(tput setaf 2) || true
 red=$(tput setaf 1) || true
@@ -27,7 +29,7 @@ check-entry-is-propagated() {
   # Wait one second between checks.
   log "Checking registration entry is propagated..."
   for ((i=1;i<=30;i++)); do
-      if docker-compose logs $1 | grep -qe "$2"; then
+      if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
           log "${green}Entry is propagated.${nn}"
           return 0
       fi
@@ -41,9 +43,9 @@ check-entry-is-propagated() {
 
 # Workload for nestedA deployment
 log "creating nestedA workload registration entry..."
-docker-compose exec -T nestedA-server \
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server \
     /opt/spire/bin/spire-server entry create \
-    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint nestedA/agent/agent.crt.pem)" \
+    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/nestedA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedA/workload" \
     -selector "unix:uid:1001" \
     -ttl 0
@@ -53,9 +55,9 @@ check-entry-is-propagated nestedA-agent spiffe://example.org/nestedA/workload
 
 # Workload for nestedB deployment
 log "creating nestedB workload registration entry..."
-docker-compose exec -T nestedB-server \
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server \
     /opt/spire/bin/spire-server entry create \
-    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint nestedB/agent/agent.crt.pem)" \
+    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/nestedB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedB/workload" \
     -selector "unix:uid:1001" \
     -ttl 0

docker-compose/nested-spire/scripts/set-env.sh

@@ -3,6 +3,7 @@
 set -e
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+PARENT_DIR="$(dirname "$DIR")"
 
 norm=$(tput sgr0) || true
 green=$(tput setaf 2) || true
@@ -35,7 +36,7 @@ check-entry-is-propagated() {
   # Wait one second between checks.
   log "Checking registration entry is propagated..."
   for ((i=1;i<=30;i++)); do
-      if docker-compose logs $1 | grep -qe "$2"; then
+      if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
           log "${green}Entry is propagated.${nn}"
           return 0
       fi
@@ -48,27 +49,27 @@ check-entry-is-propagated() {
 
 
 # create a shared folder for root agent socket to be accessed by nestedA and nestedB servers
-mkdir -p sharedRootSocket
+mkdir -p "${PARENT_DIR}"/sharedRootSocket
 
 
 # Starts root SPIRE deployment
 log "Generate certificates for the root SPIRE deployment"
-setup root/server root/agent
+setup "${PARENT_DIR}"/root/server "${PARENT_DIR}"/root/agent
 
 log "Start root server"
-docker-compose up -d root-server
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d root-server
 
 log "bootstrapping root-agent."
-docker-compose exec -T root-server /opt/spire/bin/spire-server bundle show > root/agent/bootstrap.crt
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/root/agent/bootstrap.crt
 
 log "Start root agent"
-docker-compose up -d root-agent
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d root-agent
 
 # Creates registration entries for the nested servers
 log "creating nestedA downstream registration entry..."
-docker-compose exec -T root-server \
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server \
     /opt/spire/bin/spire-server entry create \
-    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \
+    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/root/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedA" \
     -selector "docker:label:org.example.name:nestedA-server" \
     -downstream \
@@ -77,9 +78,9 @@ docker-compose exec -T root-server \
 check-entry-is-propagated root-agent spiffe://example.org/nestedA
 
 log "creating nestedB downstream registration entry..."
-docker-compose exec -T root-server \
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server \
     /opt/spire/bin/spire-server entry create \
-    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \
+    -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/root/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedB" \
     -selector "docker:label:org.example.name:nestedB-server" \
     -downstream \
@@ -90,27 +91,27 @@ check-entry-is-propagated root-agent spiffe://example.org/nestedB
 
 # Starts nestedA SPIRE deployment
 log "Generate certificates for the nestedA deployment"
-setup nestedA/server nestedA/agent
+setup "${PARENT_DIR}"/nestedA/server "${PARENT_DIR}"/nestedA/agent
 
 log "Starting nestedA-server.."
-docker-compose up -d nestedA-server
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedA-server
 
 log "bootstrapping nestedA agent..."
-docker-compose exec -T nestedA-server /opt/spire/bin/spire-server bundle show > nestedA/agent/bootstrap.crt
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/nestedA/agent/bootstrap.crt
 
 log "Starting nestedA-agent..."
-docker-compose up -d nestedA-agent
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedA-agent
 
 
 # Starts nestedB SPIRE deployment
 log "Generate certificates for the nestedB deployment"
-setup nestedB/server nestedB/agent
+setup "${PARENT_DIR}"/nestedB/server "${PARENT_DIR}"/nestedB/agent
 
 log "Starting nestedB-server.."
-docker-compose up -d nestedB-server
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedB-server
 
 log "bootstrapping nestedB agent..."
-docker-compose exec -T nestedB-server /opt/spire/bin/spire-server bundle show > nestedB/agent/bootstrap.crt
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/nestedB/agent/bootstrap.crt
 
 log "Starting nestedB-agent..."
-docker-compose up -d nestedB-agent
+docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedB-agent

docker-compose/nested-spire/test.sh

@@ -37,11 +37,11 @@ bash "${DIR}"/scripts/create-workload-registration-entries.sh > /dev/null
 
 log "checking nested JWT-SVID..."
 # Fetch JWT-SVID and extract token
-token=$(docker-compose exec -u 1001 -T nestedA-agent \
+token=$(docker-compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedA-agent \
     /opt/spire/bin/spire-agent api fetch jwt -audience testIt -socketPath /opt/spire/sockets/workload_api.sock | sed -n '2p') || fail "JWT-SVID check failed"
 
 # Validate token
-validation_result=$(docker-compose exec -u 1001 -T nestedB-agent \
+validation_result=$(docker-compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedB-agent \
     /opt/spire/bin/spire-agent api validate jwt -audience testIt  -svid "${token}" -socketPath /opt/spire/sockets/workload_api.sock)
 
 if echo $validation_result | grep -qe "SVID is valid."; then

docker-compose/test-all.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# This script runs the test.sh script in each subdirectory to test if each
+# tutorial is working properly. It is run by the Travis CI tool when a PR
+# is submitted or merged on GitHub, but you can also run it interactively.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+bold=$(tput bold) || true
+norm=$(tput sgr0) || true
+red=$(tput setaf 1) || true
+green=$(tput setaf 2) || true
+
+fail() {
+	echo "${red}$*${norm}."
+	exit 1
+}
+
+echo "${bold}Running all tests...${norm}"
+for testdir in "${DIR}"/*; do
+	if [[ -x "${testdir}/test.sh" ]]; then
+		testname=$(basename "$testdir")
+		echo "${bold}Running \"$testname\" test...${norm}"
+		if ${testdir}/test.sh; then
+			echo "${green}\"$testname\" test succeeded${norm}"
+		else
+			echo "${red}\"$testname\" test failed${norm}"
+			FAILED=true
+		fi
+	fi
+done
+
+if [ -n "${FAILED}" ]; then
+	fail "There were test failures"
+fi
+echo "${green}Done. All test passed!${norm}"
+exit 0

k8s/test-all.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
+# This script runs the test.sh script in each subdirectory to test if each
+# tutorial is working properly. It is run by the Travis CI tool when a PR
+# is submitted or merged on GitHub, but you can also run it interactively.
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 

metrics/scripts/clean-env.sh

@@ -1,10 +0,0 @@
-#/bin/bash
-
-set -e
-
-norm=$(tput sgr0) || true
-green=$(tput setaf 2) || true
-
-docker-compose down
-
-echo "${green}Cleaning completed.${norm}"

metrics/scripts/set-env.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-set -e
-
-norm=$(tput sgr0) || true
-bold=$(tput bold) || true
-
-
-log() {
-    echo "${bold}$*${norm}"
-}
-
-log "Start StatsD-Graphite server"
-docker-compose up -d graphite-statsd
-
-log "Start prometheus server"
-docker-compose up -d prometheus
-
-log "Start SPIRE Server"
-docker-compose up -d spire-server
-
-log "bootstrapping SPIRE Agent..."
-docker-compose exec -T spire-server /opt/spire/bin/spire-server bundle show > spire/agent/bootstrap.crt
-
-log "Start SPIRE Agent"
-docker-compose up -d spire-agent

nested-spire/scripts/clean-env.sh

@@ -1,10 +0,0 @@
-#/bin/bash
-
-set -e
-
-norm=$(tput sgr0) || true
-green=$(tput setaf 2) || true
-
-docker-compose down
-
-echo "${green}Cleaning completed.${norm}"