diff options
| author | nicolargo <nicolas@nicolargo.com> | 2020-12-31 11:12:13 +0100 |
|---|---|---|
| committer | nicolargo <nicolas@nicolargo.com> | 2020-12-31 11:12:13 +0100 |
| commit | cf7c2028907a1eb489e5c5a85db9a6790496d128 (patch) | |
| tree | 99fbe738e18ab59ef42c4fe58e86995a34ca51d8 | |
| parent | c9d83ee81786b9a5c70d68f48d81c926b4f4e019 (diff) | |
| parent | 6d46fc5399d76bfe3d107bd84c4046b73be007f8 (diff) | |
Merge branch 'develop' of github.com:nicolargo/glances into develop
| -rw-r--r-- | .github/workflows/main.yml | 76 | ||||
| -rw-r--r-- | docker-files/Dockerfile | 25 | ||||
| -rw-r--r-- | docker-files/dev.Dockerfile | 37 | ||||
| -rw-r--r-- | docs/docker.rst | 80 |
4 files changed, 171 insertions, 47 deletions
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 95ee7fb1..6eebfb0c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,5 +1,8 @@ name: CI +env: + DEFAULT_DOCKER_IMAGE: nicolargo/glances + on: pull_request: branches: [ develop ] @@ -15,33 +18,45 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Prepare - id: prepare + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set envs env: - DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }} + DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE || env.DEFAULT_DOCKER_IMAGE }} DOCKER_PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64,linux/386 run: | + DOCKERFILE=./docker-files/dev.Dockerfile + PUSH_IMAGE=false VERSION=latest - + + if [[ $GITHUB_REF == refs/heads/master ]]; then + PUSH_IMAGE=true + fi + if [[ $GITHUB_REF == refs/tags/* ]]; then VERSION=${GITHUB_REF#refs/tags/v} + PUSH_IMAGE=true + DOCKERFILE=./docker-files/Dockerfile fi + if [[ $GITHUB_REF == refs/heads/develop ]]; then VERSION=dev + PUSH_IMAGE=true fi - TAGS="--tag ${DOCKER_IMAGE}:${VERSION}" - if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - TAGS="$TAGS --tag ${DOCKER_IMAGE}:latest" - fi - - echo ::set-output name=docker_image::${DOCKER_IMAGE} - echo ::set-output name=version::${VERSION} - echo ::set-output name=buildx_args::--platform ${DOCKER_PLATFORMS} \ - --build-arg VERSION=${VERSION} \ - --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ - --build-arg VCS_REF=${GITHUB_SHA::8} \ - ${TAGS} --file ./docker-files/Dockerfile ./docker-files/ + echo "DOCKERFILE=${DOCKERFILE}" >> $GITHUB_ENV + echo "VERSION=${VERSION}" >> $GITHUB_ENV + echo "PUSH_IMAGE=${PUSH_IMAGE}" >> $GITHUB_ENV + echo "TAGS=${DOCKER_IMAGE}:${VERSION}" >> $GITHUB_ENV + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV + echo "VCS_REF=${GITHUB_SHA::8}" >> $GITHUB_ENV + echo "PLATFORMS=${DOCKER_PLATFORMS}" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -54,23 +69,24 @@ jobs: with: version: latest - - name: Docker Buildx (build) - run: | - docker buildx build --output "type=image,push=false" ${{ steps.prepare.outputs.buildx_args }} - - name: Login to DockerHub - if: success() && github.event_name != 'pull_request' uses: docker/login-action@v1 + if: ${{env.PUSH_IMAGE == true}} with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Docker Buildx (push) - if: success() && github.event_name != 'pull_request' - run: | - docker buildx build --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }} - - - name: Inspect image - if: always() && github.event_name != 'pull_request' - run: | - docker buildx imagetools inspect ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + push: ${{env.PUSH_IMAGE == true}} + tags: ${{env.TAGS}} + build-args: | + VERSION=${{env.VERSION}} + BUILD_DATE=${{env.BUILD_DATE}} + VCS_REF=${{env.VCS_REF}} + context: . + file: ${{env.DOCKERFILE}} + platforms: ${{env.PLATFORMS}} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache,mode=max diff --git a/docker-files/Dockerfile b/docker-files/Dockerfile index b5eaeb2d..2a169c92 100644 --- a/docker-files/Dockerfile +++ b/docker-files/Dockerfile @@ -13,25 +13,16 @@ ENV DEBIAN_FRONTEND noninteractive RUN \ apt-get update && \ apt-get install -y \ - curl \ - gcc \ - lm-sensors \ - wireless-tools \ - iputils-ping && \ + curl \ + gcc \ + lm-sensors \ + wireless-tools \ + iputils-ping && \ rm -rf /var/lib/apt/lists/* -ARG VERSION -## Install glances -## If version is dev will use git checkout -RUN if [ "$VERSION" = "dev" ] ; then \ - echo Installing dev branch of glances from git; \ - apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* ; \ - pip3 install psutil bottle ; \ - git clone -b develop https://github.com/nicolargo/glances.git ; \ - else \ - echo Installing glances from pip; \ - pip3 install glances[all]; \ - fi +# Force rebuild otherwise it could be cached without rerun +ARG VCS_REF +RUN pip install glances[all] # Define working directory. WORKDIR /glances diff --git a/docker-files/dev.Dockerfile b/docker-files/dev.Dockerfile new file mode 100644 index 00000000..21bdc2a0 --- /dev/null +++ b/docker-files/dev.Dockerfile @@ -0,0 +1,37 @@ +# +# Glances Dockerfile (based on Ubuntu) +# +# https://github.com/nicolargo/glances +# + +ARG ARCH= +FROM ${ARCH}python:3-buster + +# Install package +# Must used calibre package to be able to run external module +ENV DEBIAN_FRONTEND noninteractive +RUN \ + apt-get update && \ + apt-get install -y \ + curl \ + gcc \ + git \ + lm-sensors \ + wireless-tools \ + iputils-ping && \ + rm -rf /var/lib/apt/lists/* + +RUN pip install psutil bottle + +COPY . /glances + +# Define working directory +WORKDIR /glances + +RUN CASS_DRIVER_NO_CYTHON=1 pip install -r optional-requirements.txt + +# EXPOSE PORT (XMLRPC / WebUI) +EXPOSE 61209 61208 + +# Define default command. +CMD python3 -m glances -C /glances/conf/glances.conf $GLANCES_OPT diff --git a/docs/docker.rst b/docs/docker.rst index 958c49a3..1d7e1428 100644 --- a/docs/docker.rst +++ b/docs/docker.rst @@ -73,3 +73,83 @@ You can also include Glances container in you own `docker-compose.yml`. Here's a labels: - "traefik.port=61208" - "traefik.frontend.rule=Host:glances.docker.localhost" + +How to protect your Dockerized server (or Web server) with a login/password ? +------------------------------------------------------------------ + +Below are two methods for setting up a login/password to protect Glances running inside a Docker container. + +Option 1 +^^^^^^^^ + +You can enter the running container by entering this command (replacing ``glances_docker`` with the name of your container): + +.. code-block:: console + + docker exec -it glances_docker sh + +and generate the password file (the default login is ``glances``, add the ``--username`` flag if you would like to change it): + +.. code-block:: console + + glances -s --password + +which will prompt you to answer the following questions: + +.. code-block:: console + + Define the Glances server password (glances username): + Password (confirm): + Do you want to save the password? [Yes/No]: Yes + +after which you will need to kill the process by entering ``CTRL+C`` (potentially twice), before leaving the container: + +.. code-block:: console + + ^C^C + exit + +You will then need to copy the password file to your host machine: + +.. code-block:: console + + docker cp glances_docker:/root/.config/glances/glances.pwd ./secrets/glances_password + +and make it visible to your container by adding it to ``docker-compose.yml`` as a ``secret``: + +.. code-block:: yaml + + version: '3' + + services: + glances: + image: nicolargo/glances:latest + restart: always + environment: + - GLANCES_OPT="-w --password" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + pid: host + secrets: + - source: glances_password + target: /root/.config/glances/glances.pwd + + secrets: + glances_password: + file: ./secrets/glances_password + +Option 2 +^^^^^^^^ + +You can add a ``[passwords]`` block to the Glances configuration file as mentioned elsewhere in the documentation: + +.. code-block:: ini + + [passwords] + # Define the passwords list + # Syntax: host=password + # Where: host is the hostname + # password is the clear password + # Additionally (and optionally) a default password could be defined + localhost=mylocalhostpassword + default=mydefaultpassword |