make docker: build a docker image for redoctober (#159)

* make docker: build a docker image for redoctober

* add a convenient entrypoint to generate certificates out of the box

* add detection based on RO_CERTS and RO_KEYS

instead of detection based on the presence of RO_DATA, add RO_CERTS and RO_KEYS
which are paths to the ceritificates and keys so we can generate them more
effectively.

Signed-off-by: Daniel Dao <dqminh@cloudflare.com>

* dockerfile: bump golang to 1.7.1

.dockerignore

@@ -0,0 +1,3 @@
+Dockerfile
+.gitignore
+.travis.yml

Dockerfile

@@ -0,0 +1,24 @@
+FROM golang:1.7.1
+
+RUN groupadd -r redoctober --gid=999 && useradd -r -g redoctober --uid=999 redoctober
+
+# grab openssl for generating certs and runit for chpst
+RUN apt-get update && \
+    apt-get install -y openssl runit
+
+COPY . /go/src/github.com/cloudflare/redoctober
+RUN go install github.com/cloudflare/redoctober
+
+EXPOSE 8080 8081
+ENV RO_CERTS=/var/lib/redoctober/data/server.crt \
+    RO_KEYS=/var/lib/redoctober/data/server.pem \
+    RO_DATA=/var/lib/redoctober/data \
+    RO_CERTPASSWD=password \
+    RO_COMMONNAME=localhost
+
+ENTRYPOINT ["/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"]
+CMD ["redoctober", \
+    "-addr=:8080", \
+    "-vaultpath=/var/lib/redoctober/data/diskrecord.json", \
+    "-certs=/var/lib/redoctober/data/server.crt", \
+    "-keys=/var/lib/redoctober/data/server.pem"]

Makefile

@@ -0,0 +1,4 @@
+.PHONY: docker
+docker:
+	@docker build -t cloudflare/redoctober:$(shell git rev-parse --short HEAD) .
+	@docker tag cloudflare/redoctober:$(shell git rev-parse --short HEAD) cloudflare/redoctober:latest

scripts/docker-entrypoint.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+set -e
+
+# if we are not bind mounting in certs or the user has not already generated certs
+# create self-signed certs
+if [ ! -f $RO_CERTS ] || [ ! -f $RO_KEYS ]; then
+	mkdir -p $RO_DATA
+	chmod 700 $RO_DATA
+	chown -R redoctober:redoctober $RO_DATA
+
+	# Generate private key with password "$RO_CERTPASSWD"
+	openssl genrsa -aes128 -passout pass:$RO_CERTPASSWD -out $RO_KEYS 2048
+	# Remove password from private key
+	openssl rsa -passin pass:$RO_CERTPASSWD -in $RO_KEYS -out $RO_KEYS
+	# Generate CSR (make sure the common name CN field matches your server
+	# address. It's set to "RO_COMMONNAME" environment variable here.)
+	openssl req -new -key $RO_KEYS -out $RO_DATA/server.csr -subj "/C=US/ST=California/L=Everywhere/CN=${RO_COMMONNAME}"
+	# Sign the CSR and create certificate
+	openssl x509 -req -days 365 -in $RO_DATA/server.csr -signkey $RO_KEYS -out $RO_CERTS
+
+	# Clean up
+	rm $RO_DATA/server.csr
+	chmod 600 $RO_CERTS $RO_KEYS
+	chown -R redoctober $RO_CERTS $RO_KEYS
+
+	echo
+	echo "Generated default certificates for RedOctobeer at $RO_CERTS and $RO_KEYS"
+	echo
+fi
+
+if [ "$1" = 'redoctober' ]; then
+	exec chpst -u redoctober "$@"
+fi
+
+exec "$@"