Merge pull request #96 from Annopaolo/when-im-in-a-2-competition-and-…

…my-opponent-is-vernemq

Update VerneMQ to 2.0.1

Dockerfile

@@ -1,4 +1,4 @@
-FROM hexpm/elixir:1.15.5-erlang-26.1-debian-bullseye-20230612-slim as builder
+FROM hexpm/elixir:1.15.5-erlang-26.1-debian-bullseye-20230612-slim AS builder
 
 # install build dependencies
 # --allow-releaseinfo-change allows to pull from 'oldstable'
@@ -8,15 +8,15 @@ RUN apt-get update --allow-releaseinfo-change -y \
 
 WORKDIR /build
 
-# Needed for VerneMQ 1.13.0
+# TODO check if it's still needed for VerneMQ 2.0.1
 RUN apt-get -qq update && apt-get -qq install libsnappy-dev libssl-dev
 
 # Let's start by building VerneMQ
 RUN git clone https://github.com/vernemq/vernemq.git
 
 RUN cd vernemq && \
   # Check out latest master
-  git checkout 1cc57fa60f50b57784f2b56f79e09d5748aa90f7 && \
+  git checkout -b v2.0.1 && \
   make rel && \
   cd ..
 
@@ -50,11 +50,9 @@ RUN cp astarte_vmq_plugin/priv/astarte_vmq_plugin.schema vernemq/_build/default/
 
 # Copy configuration files here - mainly because we want to keep the target image as small as possible
 # and avoid useless layers.
-COPY docker/files/vm.args /build/vernemq/_build/default/rel/vernemq/etc/
-COPY docker/files/vernemq.conf /build/vernemq/_build/default/rel/vernemq/etc/
-COPY docker/bin/rand_cluster_node.escript /build/vernemq/_build/default/rel/vernemq/bin/
-COPY docker/bin/vernemq.sh /build/vernemq/_build/default/rel/vernemq/bin/
-RUN chmod +x /build/vernemq/_build/default/rel/vernemq/bin/vernemq.sh
+COPY docker/files/vm.args vernemq/_build/default/rel/vernemq/etc/
+COPY docker/files/vernemq.conf vernemq/_build/default/rel/vernemq/etc/
+COPY docker/bin/rand_cluster_node.escript vernemq/_build/default/rel/vernemq/bin/
 
 # Note: it is important to keep Debian versions in sync, or incompatibilities between libcrypto will happen
 FROM debian:bullseye-slim
@@ -65,38 +63,44 @@ ENV LANG C.UTF-8
 # We have to redefine this here since it goes out of scope for each build stage
 ARG BUILD_ENV=prod
 
+# Install some VerneMQ scripts dependencies
+RUN apt-get -qq update && apt-get -qq install bash procps openssl iproute2 curl jq libsnappy-dev net-tools nano
+
 # We need SSL, curl, iproute2 and jq - and to ensure /etc/ssl/astarte
-RUN apt-get -qq update && apt-get -qq install libssl1.1 curl jq iproute2 netcat libsnappy1v5 && apt-get clean && mkdir -p /etc/ssl/astarte
+# TODO some of these might not be needed anymore
+RUN apt-get -qq update && apt-get -qq install libssl1.1 curl jq iproute2 netcat && apt-get clean && mkdir -p /etc/ssl/astarte
 
-# Copy our built stuff (both are self-contained with their ERTS release)
-COPY --from=builder /build/vernemq/_build/default/rel/vernemq /opt/vernemq/
-COPY --from=builder /build/astarte_vmq_plugin/_build/$BUILD_ENV/rel/astarte_vmq_plugin /opt/astarte_vmq_plugin/
+ENV PATH="/opt/vernemq/bin:$PATH"
 
-# Add the wait-for utility
-RUN cd /usr/bin && curl -O https://raw.githubusercontent.com/eficode/wait-for/master/wait-for && chmod +x wait-for && cd -
+COPY --from=builder /build/astarte_vmq_plugin/docker/bin/vernemq.sh /usr/sbin/start_vernemq
+COPY --from=builder /build/astarte_vmq_plugin/docker/bin/join_cluster.sh /usr/sbin/join_cluster
 
-# MQTT
-EXPOSE 1883
+RUN chmod +x /usr/sbin/start_vernemq
+RUN chmod +x /usr/sbin/join_cluster
 
-# MQTT for Reverse Proxy
-EXPOSE 1885
+# Copy our built stuff (both are self-contained with their ERTS release)
+COPY --from=builder /build/vernemq/_build/default/rel/vernemq /opt/vernemq/
 
-# MQTT/SSL
-EXPOSE 8883
+RUN ln -s /opt/vernemq/etc /etc/vernemq && \
+    ln -s /opt/vernemq/data /var/lib/vernemq && \
+    ln -s /opt/vernemq/log /var/log/vernemq
 
-# VerneMQ Message Distribution
-EXPOSE 44053
+COPY --from=builder /build/astarte_vmq_plugin/_build/$BUILD_ENV/rel/astarte_vmq_plugin /opt/astarte_vmq_plugin/
 
-# EPMD - Erlang Port Mapper Daemon
-EXPOSE 4369
+# Ports
+# 1883  MQTT
+# 8883  MQTT/SSL
+# 8080  MQTT WebSockets
+# 44053 VerneMQ Message Distribution
+# 4369  EPMD - Erlang Port Mapper Daemon
+# 8888  Health, API, Prometheus Metrics
+# 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109  Specific Distributed Erlang Port Range
 
-# Specific Distributed Erlang Port Range
-EXPOSE 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109
+EXPOSE 1883 8883 8080 44053 4369 8888 \
+       9100 9101 9102 9103 9104 9105 9106 9107 9108 9109
 
-# Prometheus Metrics
-EXPOSE 8888
+VOLUME ["/opt/vernemq/log", "/opt/vernemq/data", "/opt/vernemq/etc"]
 
-# Expose port for webroot ACME verification (in case)
-EXPOSE 80
+HEALTHCHECK CMD vernemq ping | grep -q pong
 
-CMD ["/opt/vernemq/bin/vernemq.sh"]
+CMD ["start_vernemq"]

docker/bin/build.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -e
+
+if [ "$1" = "swc" ]
+then
+    make swc
+    mv _build/swc/rel/vernemq release
+else
+    make rel
+    mv _build/default/rel/vernemq release
+fi

docker/bin/join_cluster.sh

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+SECRETS_KUBERNETES_DIR="/var/run/secrets/kubernetes.io/serviceaccount"
+DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME=${DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME:-cluster.local}
+
+if [ -d "${SECRETS_KUBERNETES_DIR}" ] ; then
+    # Let's get the namespace if it isn't set
+    DOCKER_VERNEMQ_KUBERNETES_NAMESPACE=${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE:-$(cat "${SECRETS_KUBERNETES_DIR}/namespace")}
+fi
+
+insecure=""
+if env | grep "DOCKER_VERNEMQ_KUBERNETES_INSECURE" -q; then
+    echo "Using curl with \"--insecure\" argument to access kubernetes API without matching SSL certificate"
+    insecure="--insecure"
+fi
+
+function k8sCurlGet () {
+    local urlPath=$1
+
+    local hostname="kubernetes.default.svc.${DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME}"
+    local certsFile="${SECRETS_KUBERNETES_DIR}/ca.crt"
+    local token=$(cat ${SECRETS_KUBERNETES_DIR}/token)
+    local header="Authorization: Bearer ${token}"
+    local url="https://${hostname}/${urlPath}"
+
+    curl -sS ${insecure} --cacert ${certsFile} -H "${header}" ${url} \
+      || ( echo "### Error on accessing URL ${url}" )
+}
+
+try_join() {
+  local exit_code=0
+  if env | grep "DOCKER_VERNEMQ_DISCOVERY_KUBERNETES" -q; then
+      # Let's set our nodename correctly
+      # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#list-pod-v1-core
+      podList=$(k8sCurlGet "api/v1/namespaces/${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}/pods?labelSelector=${DOCKER_VERNEMQ_KUBERNETES_LABEL_SELECTOR}")
+      kube_pod_names=$(echo ${podList} | jq '.items[].spec.hostname' | sed 's/"//g' | tr '\n' ' ' | sed 's/ *$//')
+      VERNEMQ_KUBERNETES_SUBDOMAIN=${DOCKER_VERNEMQ_KUBERNETES_SUBDOMAIN:-$(echo ${podList} | jq '.items[0].spec.subdomain' | tr '\n' '"' | sed 's/"//g')}
+
+      for kube_pod_name in $kube_pod_names; do
+          if [[ $kube_pod_name == "null" ]]; then
+              echo "Kubernetes discovery selected, but no pods found. Maybe we're the first?"
+              echo "Anyway, we won't attempt to join any cluster."
+              exit 0
+          fi
+
+          if [[ $kube_pod_name != "$MY_POD_NAME" ]]; then
+              discoveryHostname="${kube_pod_name}.${VERNEMQ_KUBERNETES_SUBDOMAIN}.${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}.svc.${DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME}"
+              echo "Will join an existing Kubernetes cluster with discovery node at ${discoveryHostname}"
+              vmq-admin cluster show | grep "VerneMQ@${discoveryHostname}" > /dev/null || exit_code=$?
+              if [ $exit_code -eq 0 ]; then
+                  echo "We have already joined the cluster - no extra work required."
+                  exit 0
+              else
+                  echo "We have yet to join the cluster - attempting manual join..."
+                  vmq-admin cluster join discovery-node="VerneMQ@${discoveryHostname}"
+                  sleep 2
+              fi
+              break
+          fi
+      done
+  else
+      exit 0
+  fi
+}
+
+while true
+do
+    try_join
+done;

docker/bin/rand_cluster_node.escript

@@ -15,4 +15,4 @@ main([ThisNode]) ->
             io:format(L);
         false ->
             io:format("")
-    end.
+    end.