diff --git a/fickit-backend.yml b/fickit-backend.yml index 0521ca60..18bb8b1e 100644 --- a/fickit-backend.yml +++ b/fickit-backend.yml @@ -3,39 +3,39 @@ kernel: cmdline: "console=ttyS0 console=tty0" init: - - linuxkit/init:c563953a2277eb73a89d89f70e4b6dcdcfebc2d1 - - linuxkit/runc:83d0edb4552b1a5df1f0976f05f442829eac38fe - - linuxkit/containerd:326b096cd5fbab0f864e52721d036cade67599d6 - - linuxkit/ca-certificates:v0.6 - - linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478 + - linuxkit/init:1d8e0532ca588c5ad0d9ca6038349a70bb7ac626 + - linuxkit/runc:c1f0db27e71d948f3134b31ce76276f843849b0a + - linuxkit/containerd:751de142273e1b5d2d247d2832d654ab92e907bc + - linuxkit/ca-certificates:v0.7 + - linuxkit/getty:v0.7 - nemunaire/mdadm:18de5ca414227f38a5c0619662077ba5fa26176d onboot: - - name: mod - image: linuxkit/modprobe:v0.6 - command: ["/bin/sh", "-c", "modprobe e1000e"] +# - name: mod +# image: linuxkit/modprobe:v0.7 +# command: ["/bin/sh", "-c", "modprobe e1000e"] - name: sysctl - image: linuxkit/sysctl:v0.6 + image: linuxkit/sysctl:v0.7 binds: - /etc/sysctl.d/01-fic.conf:/etc/sysctl.d/01-fic.conf:ro # Filesystem - name: swap - image: linuxkit/swap:v0.6 + image: linuxkit/swap:v0.7 command: ["/sbin/swapon", "/dev/sda2", "/dev/sdb2"] - name: mount - image: linuxkit/mount:v0.6 + image: linuxkit/mount:v0.7 command: ["/usr/bin/mountie", "-device", "/dev/md0", "/var/lib/fic" ] # Network # - name: dhcpcd -# image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 +# image: linuxkit/dhcpcd:v0.7 # command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] # - name: ntp # image: linuxkit/openntpd:536e5947607c9e6a6771957c2ff817230cba0d3c - name: synchro-ip-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 10.10.10.1/29 dev eth0; ip link set eth0 up;" ] net: new runtime: @@ -44,7 +44,7 @@ onboot: bindNS: net: /run/netns/synchro - name: admin-ip-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 192.168.23.1/24 dev eth1; ip link set eth1 up; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up;" ] net: new runtime: @@ -56,7 +56,7 @@ onboot: bindNS: net: /run/netns/fic-admin - name: backend-ip-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 172.17.0.3/24 dev vethin-backend; ip link set vethin-backend up;" ] net: new runtime: @@ -67,7 +67,7 @@ onboot: bindNS: net: /run/netns/fic-backend - name: mysql-ip-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 172.17.0.4/24 dev vethin-db; ip link set vethin-db up;" ] net: new runtime: @@ -78,7 +78,7 @@ onboot: bindNS: net: /run/netns/db - name: bridge-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 172.17.0.1/24 dev br0; ip link set veth-admin master br0; ip link set veth-backend master br0; ip link set veth-db master br0; ip link set br0 up; ip link set veth-admin up; ip link set veth-backend up; ip link set veth-db up;" ] runtime: interfaces: @@ -86,7 +86,7 @@ onboot: add: bridge - name: firewall-synchro - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-synchro.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ] binds: - /etc/iptables/rules-synchro.v4:/etc/iptables/rules-synchro.v4:ro @@ -96,7 +96,7 @@ onboot: mkdir: - /var/lib/fic/teams - name: firewall-admin - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-admin.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ] binds: - /etc/iptables/rules-admin.v4:/etc/iptables/rules-admin.v4:ro @@ -105,11 +105,11 @@ onboot: services: # - name: getty -# image: linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478 +# image: linuxkit/getty:v0.7 # env: # - INSECURE=true - name: rngd - image: linuxkit/rngd:v0.6 + image: linuxkit/rngd:v0.7 - name: db image: mariadb:latest command: ["/bin/bash", "/usr/local/bin/docker-entrypoint.sh", "mysqld"] diff --git a/fickit-frontend.yml b/fickit-frontend.yml index bfc824db..f982a066 100644 --- a/fickit-frontend.yml +++ b/fickit-frontend.yml @@ -3,36 +3,36 @@ kernel: cmdline: "console=ttyS0 console=tty0" init: - - linuxkit/init:c563953a2277eb73a89d89f70e4b6dcdcfebc2d1 - - linuxkit/runc:83d0edb4552b1a5df1f0976f05f442829eac38fe - - linuxkit/containerd:326b096cd5fbab0f864e52721d036cade67599d6 - - linuxkit/ca-certificates:v0.6 - - linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478 + - linuxkit/init:1d8e0532ca588c5ad0d9ca6038349a70bb7ac626 + - linuxkit/runc:c1f0db27e71d948f3134b31ce76276f843849b0a + - linuxkit/containerd:751de142273e1b5d2d247d2832d654ab92e907bc + - linuxkit/ca-certificates:v0.7 + - linuxkit/getty:v0.7 - nemunaire/mdadm:18de5ca414227f38a5c0619662077ba5fa26176d onboot: - - name: mod - image: linuxkit/modprobe:v0.6 - command: ["/bin/sh", "-c", "modprobe r8169;"] +# - name: mod +# image: linuxkit/modprobe:v0.7 +# command: ["/bin/sh", "-c", "modprobe r8169;"] - name: sysctl - image: linuxkit/sysctl:v0.6 + image: linuxkit/sysctl:v0.7 binds: - /etc/sysctl.d/01-fic.conf:/etc/sysctl.d/01-fic.conf:ro # Filesystem - name: swap - image: linuxkit/swap:v0.6 + image: linuxkit/swap:v0.7 command: ["/sbin/swapon", "/dev/sda2", "/dev/sdb2"] - name: mount - image: linuxkit/mount:v0.6 + image: linuxkit/mount:v0.7 command: ["/usr/bin/mountie", "-device", "/dev/md0", "/var/lib/fic" ] # Network # - name: ntp # image: linuxkit/openntpd:536e5947607c9e6a6771957c2ff817230cba0d3c - name: nginx-ip-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 172.17.1.2/24 dev vethin-nginx; ip link set vethin-nginx up;" ] net: new runtime: @@ -43,7 +43,7 @@ onboot: bindNS: net: /run/netns/nginx # - name: frontal-ip-setup # without bonding -# image: linuxkit/ip:v0.6 +# image: linuxkit/ip:v0.7 # command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 163.5.55.58/32 dev eth1; ip link add link eth1 name internet type vlan id 1; ip link set internet up;" ] # net: /run/netns/nginx # runtime: @@ -53,7 +53,7 @@ onboot: # - name: eth3 # - name: eth4 - name: frontal-ip-setup # with bonding - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ] net: /run/netns/nginx runtime: @@ -65,7 +65,7 @@ onboot: - name: bond-frontal add: bond - name: frontend-ip-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 172.17.1.3/24 dev vethin-frontend; ip link set vethin-frontend up;" ] net: new runtime: @@ -76,7 +76,7 @@ onboot: bindNS: net: /run/netns/fic-frontend - name: sshd-ip-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 10.10.10.2/29 dev eth0; ip link set eth0 up;" ] net: new runtime: @@ -85,7 +85,7 @@ onboot: bindNS: net: /run/netns/sshd - name: bridge-setup - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-frontend master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-frontend up;" ] runtime: interfaces: @@ -93,14 +93,14 @@ onboot: add: bridge - name: firewall-frontal - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-frontal.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ] binds: - /etc/iptables/rules-frontal.v4:/etc/iptables/rules-frontal.v4:ro - /etc/iptables/rules.v6:/etc/iptables/rules.v6:ro net: /run/netns/nginx - name: firewall-sshd - image: linuxkit/ip:v0.6 + image: linuxkit/ip:v0.7 command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-sshd.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ] binds: - /etc/iptables/rules-sshd.v4:/etc/iptables/rules-sshd.v4:ro @@ -109,13 +109,13 @@ onboot: services: # - name: getty -# image: linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478 +# image: linuxkit/getty:v0.7 # env: # - INSECURE=true - name: rngd - image: linuxkit/rngd:v0.6 + image: linuxkit/rngd:v0.7 - name: dhcpcd - image: linuxkit/dhcpcd:v0.6 + image: linuxkit/dhcpcd:v0.7 net: /run/netns/nginx binds: - /etc/dhcpcd.conf:/dhcpcd.conf:ro