Skip to content

Commit

Permalink
feat: Generate cronjob containers
Browse files Browse the repository at this point in the history
  • Loading branch information
ngrewe committed Jul 27, 2020
1 parent 938f4d9 commit 6001f68
Show file tree
Hide file tree
Showing 6 changed files with 49 additions and 5 deletions.
9 changes: 9 additions & 0 deletions Dockerfile.cron
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
ARG BASE_IMG=glaux/vault-ssh-renew:latest
FROM ${BASE_IMG}
ENV MAX_JITTER_SECONDS=600
RUN apk add --no-cache tini
ADD scripts/vault-ssh-renew-periodic /
ADD scripts/vault-ssh-renew-periodic.crontab /etc/cron.d/vault-ssh-renew-periodic
RUN crontab /etc/cron.d/vault-ssh-renew-periodic
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/usr/sbin/crond", "-f"]
28 changes: 25 additions & 3 deletions azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,20 @@ stages:
repository: $(imageName)
command: build
Dockerfile: Dockerfile
- script: docker save $(imageName):$(Build.BuildId) | gzip > docker-image.tar.gz
- task: Docker@2
displayName: Build Docker Image (cron)
inputs:
repository: $(imageName)
command: build
Dockerfile: Dockerfile.cron
arguments: '--build-arg BASE_IMG=$(imageName):$(Build.BuildId)'
tags: |
$(Build.BuildId).cron
- script: docker save $(imageName):$(Build.BuildId) | gzip > $(Build.ArtifactStagingDirectory)/docker-image.tar.gz
displayName: 'Archive Docker Image'
- publish: docker-image.tar.gz
- script: docker save $(imageName):$(Build.BuildId).cron | gzip > $(Build.ArtifactStagingDirectory)/docker-image.cron.tar.gz
displayName: 'Archive Docker Image (cron)'
- publish: $(Build.ArtifactStagingDirectory)
name: docker_image
- job: python_dist
displayName: Build Python Distributions
Expand Down Expand Up @@ -128,17 +139,28 @@ stages:
- download: current
artifact: build.dockerimage
displayName: Download Docker Image
- script: gunzip -c $(Pipeline.Workspace)/build.dockerimage/docker-image.tar.gz | docker import - $(imageName):$(Build.BuildId)
- script: gunzip -c $(Pipeline.Workspace)/build.dockerimage/docker-image.tar.gz | docker load
displayName: Import Image Into Daemon
- script: gunzip -c $(Pipeline.Workspace)/build.dockerimage/docker-image.cron.tar.gz | docker load
displayName: Import Image Into Daemon (cron)
- script: docker tag $(imageName):$(Build.BuildId) $(imageName):$(Build.SourceBranchName)
displayName: Tag Image
- script: docker tag $(imageName):$(Build.BuildId).cron $(imageName):$(Build.SourceBranchName).cron
displayName: Tag Image (cron)
- task: Docker@1
displayName: Push image
inputs:
command: push
containerregistrytype: Container Registry
dockerRegistryEndpoint: glaux-registry
imageName: $(imageName):$(Build.SourceBranchName)
- task: Docker@1
displayName: Push image (cron)
inputs:
command: push
containerregistrytype: Container Registry
dockerRegistryEndpoint: glaux-registry
imageName: $(imageName):$(Build.SourceBranchName).cron
- job: pypi_publish
displayName: Publish PyPi Packages
steps:
Expand Down
9 changes: 8 additions & 1 deletion debian/changelog
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
vault-ssh-renew (0.2.0a6-1) unstable; urgency=medium

* Allow multiple principals
* Allow specifying the Vault token in a file

-- Niels Grewe <[email protected]> Mon, 27 Jul 2020 11:12:00 +0200

vault-ssh-renew (0.2.0a5-1) unstable; urgency=medium

* Install systemd service

-- Niels Grewe <[email protected]> Sat, 26 Jul 2020 16:10:00 +0200
-- Niels Grewe <[email protected]> Sun, 26 Jul 2020 16:10:00 +0200

vault-ssh-renew (0.2.0a4-1) unstable; urgency=medium

Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "poetry.masonry.api"

[tool.poetry]
name = "vault-ssh-renew"
version = "0.2.0-alpha.5"
version = "0.2.0-alpha.6"
description = "Vault SSH Host Key Renewal Tool"
authors = ["Niels Grewe <[email protected]>"]
license = "MIT"
Expand Down
5 changes: 5 additions & 0 deletions scripts/vault-ssh-renew-periodic
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/sh -eu

JITTER=$((RANDOM % ${MAX_JITTER_SECONDS}))
sleep ${JITTER}
/venv/bin/vault-ssh-renew
1 change: 1 addition & 0 deletions scripts/vault-ssh-renew-periodic.crontab
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0 0 * * * /vault-ssh-renew-periodic > /proc/$(cat /run/crond.pid)/fd/1 2>/proc/$(cat /run/crond.pid)/fd/2

0 comments on commit 6001f68

Please sign in to comment.