A config-based abstraction over coreos/fleet
Consoled is a command line tool that provides a way to generate systemd service units from a config file. These services then can be submitted and started on a CoreOS cluster. Technically, this will work on any cluster running fleet and docker. But seriously, use CoreOS. ;)
As of now, consoled is just a make tool. No real dependency is required except for python.
The config is a YAML or JSON file that defines different things about the environment. Here's an example in YAML:
containers:
hipache: quarry/hipache
web:
image: registry.myapp.com:5000/myapp/web
requires:
- redis
endpoints:
- redis-instance
redis:
image: dockerfiles/redis
volumes:
/redis-data: /media/state/redis-data
services:
load-balancing:
hipache:
endpoints:
- web-service
web-service:
- web
instances:
redis-instance: redis
scale:
load-balancing: 2
web-service: 20
hosts:
"flavor:performance-2":
- redis-instance
"flavor:standard-1gb":
- web-service
- load-balancingcontainers:
hipache: quarry/hipache
web:
image: registry.myapp.com:5000/myapp/web
requires:
- redis
endpoints:
- redis-instance
redis:
image: dockerfiles/redis
volumes:
/redis-data: /media/state/redis-dataA Container names a docker image and provides context when running that image. The following options can be used to configure how a container runs.
image: Defines an image that can be hosted on docker's public index or on your own registry. The image must be able to be pulled from anywhere in the cluster.requires: A list of other containers to link using docker's-link. Since required containers will be started before the parent container, a container cannot directly or indirectly require itself. You can require containers that require other containers, and consoled will resolve and manage the dependencies at runtime for you. When containers are linked, the container name is used as the link alias. If identical containers are linked, the link alias will increment.
If the following requires are used:
containers:
web:
image: myapp/web
requires:
- fast-hipache
- redis
- redis
- redisthe prefixes of the environment variables injected into the web container will be FAST_HIPACHE, REDIS_1, REDIS_2, and REDIS_3. The docker docs have more information about how the environment variables are named and injected.
single: Defaults tofalse. Set totrueif there should be a maximum of one running instance of this container per host. This option is useful for providing a host-level etcd ambassador.privileged: Defaults tofalse. Set totrueto run the container in privileged mode by using docker's-privilegedflag.env: A hash of environment variables to include when running the container.
env:
API_KEY: abc123
API_SECRET_KEY: secret123volumes: A hash of volumes to include when running the container. These volumes will be mounted from the host in the cluster.
volumes:
/destination/in/container: /source/from/host
/ssl/server.crt: /media/state/ssl/server.crt-
cmd: A command to run in the container. -
ports: TODO Enables semantic port names through etcd. -
endpoints: A list of Services or Instances that the container will have access to through etcd. If the endpoints are 'foo-service' and 'bar-instance', the container will be mounted with a global ambassador that listens to the endpoints on different ports and proxies each one on different ports, injecting the environment variable of each. SERVICE_PROXY=127.0.0.1: don't use for now, just go off of raw etcd.
If a container has no options apart from image, it can be simply defined with <name>: <image>:
containers:
mongo: bowery/mongo
redis: crosbymichael/redisAny container option can be overridden wherever the container is referenced. This enables flexible, declarative configuration to be used. For example, with the following config:
containers:
app:
requires:
nginx:
env:
SERVER_CRT: /ssl/server.crt
SERVER_KEY: /ssl/server.key
CA_CRT: /ssl/ca.crt
volumes:
/media/state/keys/server.crt: /ssl/server.crt
/media/state/keys/server.key: /ssl/server.key
/media/state/keys/ca.crt: /ssl/ca.crtA Service is a scalable group of Service Units.
Services are the a.
Services are the a.
The config is separated into different blocks.
The image that a container uses does not have to be present on the machine compiling the service files. The image just has to be able to be pulled from anywhere in the cluster.
Right now, consoled has only one option: make. You can use the make option to generate service files.
consoled.py make -f <config_file> <output_dir>
This will parse config_file and output the generated service files to output_dir. Existing service files will be overwritten on conflict.
$ ./consoled.py make -f config.yml services
23 service files written to ./servicesBy default, consoled reads config from stdin so you can do nice things like piping files.
$ ./consoled.py make services/production < production.yml
14 service files written to ./services/productionSince consoled also accepts JSON-formatted input through a file or stdin, it can be easily integrated with other tools.
- Add polvi/docker-reg to all-hosts.
containers:
docker-reg:
image: polvi/docker-reg
single: true
all-containers:
requires:
- docker-regPolvi's docker-reg will now heartbeat all container endpoints for all hosts that have containers running. If we want docker to be checked on every host regardless of whether it's running containers or not, just use:
all-hosts:
- docker-reg
```yml
Provisioning
-------------
Since fleet doesn't have an option to run a certain services on all hosts in the cluster, we can have the service run automatically when provisioned.
Firewall Ideas
--------------
When hosts are provisioned with coreos-cloudinit, the firewall can configure iptables to block everything except the localhost interface and etcd. Consoled can have an option to wait units a container starts, inspect the container, then open the ports in the firewall. When the container closes, it will close the ports.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent