From 6d4d565422db32edfb9220ef510d955c20cc820f Mon Sep 17 00:00:00 2001 From: pcarana Date: Mon, 13 Jul 2020 18:53:51 -0500 Subject: [PATCH] Add docker folder and Dockerfile to build the image, fixes #17 --- README.md | 4 +++ docker/Dockerfile | 39 +++++++++++++++++++++++ docker/README.md | 79 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 122 insertions(+) create mode 100644 docker/Dockerfile create mode 100644 docker/README.md diff --git a/README.md b/README.md index 1f91056b..eb3016e2 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,7 @@ An RPKI Validator and RTR Server, part of the [FORT project](https://www.fortpro FORT Validator's documentation (installation, usage, etc.) can be found at [https://nicmx.github.io/FORT-validator/](https://nicmx.github.io/FORT-validator/). If you wish to generate the docs by yourself, visit the [docs directory](docs/). + +## Docker image + +A Dockerfile to build the image is located at the [docker directory](docker/). \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..4a4cd414 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,39 @@ +#--- Alpine build container --- +FROM alpine:latest AS builder +ARG FORT_VERSION=1.3.0 + +# Install compiler and dependencies +RUN apk --update --no-cache add build-base autoconf automake pkgconfig jansson-dev check-dev \ + openssl-dev openssl libexecinfo-dev bsd-compat-headers rsync wget curl-dev libxml2 libxml2-dev + +# Download FORT source code +WORKDIR /root +RUN wget https://github.com/NICMx/FORT-validator/releases/download/v${FORT_VERSION}/fort-${FORT_VERSION}.tar.gz +RUN tar -xf fort-${FORT_VERSION}.tar.gz + +# Compile and install FORT +WORKDIR /root/fort-${FORT_VERSION} +RUN ./configure && make && make install + + +#--- FORT image --- +FROM alpine:latest + +# Install dependencies +RUN apk --update --no-cache add openssl jansson rsync libexecinfo tini libxml2 libcurl + +# Install FORT binaries +COPY --from=builder /usr/local/bin/fort /usr/local/bin/fort +COPY --from=builder /usr/local/share/man/man8/fort.8 /usr/local/share/man/man8/fort.8 + +# Create required directories +RUN mkdir -p /var/local/fort && mkdir -p /etc/fort + +# Create a default configuration file +RUN echo '{"tal":"/etc/fort/tal","local-repository":"/var/local/fort"}' > /etc/fort/fort.conf + + +# Run FORT via TINI +EXPOSE 323 +ENTRYPOINT ["tini", "-g", "--", "fort"] +CMD ["--configuration-file", "/etc/fort/fort.conf"] diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 00000000..a01bd6b4 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,79 @@ +# FORT Validator Docker image + +Docker image for [NICMx/FORT-validator](https://github.com/NICMx/FORT-validator) (using the [latest release](https://github.com/NICMx/FORT-validator/releases/latest)), based on Alpine Linux. + +Special thanks to [ximon18](https://github.com/ximon18) for its [contribution](https://github.com/NICMx/FORT-validator/issues/17). + +**This image doesn't include TAL (Trust Anchor Locator) files.** They must be obtained somewhere else (here's [an example](https://github.com/NICMx/FORT-validator/tree/master/examples/tal)). + +## Usage + +By default, the container uses a configuration file located (inside the container) at `/etc/fort/fort.conf`. The file content is: + +``` +{ + "tal":"/etc/fort/tal", + "local-repository":"/var/local/fort" +} +``` + +Here's a basic usage example to run FORT validator mostly with default values (runs as RTR server by default, bound to port 323): + +``` +docker run --name fort -v host/path/to/tals:/etc/fort/tal:ro -p 323:323 -d fort +``` + +At this example: +- `host/path/to/tals` is the path a the host machine where the TALs are located (`-v` mounts the content at the container, the last value `:ro` is to use it as read only). Inside the container, by default `fort` will seek the TALs at `/etc/fort/tal`. +- The host port `323` is mapped to the container port `323`, which is the default value where the RTR server will be bound to (see [`--server.port`](https://nicmx.github.io/FORT-validator/usage.html#--serverport)). +- `-d` runs the container in daemon mode. + +When using `-d` to run the service in the background the logs can be tailed like so: + +``` +docker logs -f fort +``` + +## Examples + +The container can receive more configuration arguments, useful to set more [Program Arguments](https://nicmx.github.io/FORT-validator/usage.html). + +1. Store the local cache at the host machine (using the path `path/to/cache`) and run as RTR server: + +``` +docker run --name fort -v path/to/tals:/etc/fort/tal:ro \ + -v path/to/cache:/var/local/fort \ + -p 323:323 -d fort +``` + +2. Use your own config file: + +``` +docker run --name fort -v path/to/config/file:/etc/fort/fort.conf:ro -p 323:323 -d fort +``` + +3. Use your own command arguments: + +``` +docker run --name fort -v path/to/tals:/etc/fort/tal:ro -p 323:323 -ti fort [args] +``` + +3.1. Using the [`--help`](https://nicmx.github.io/FORT-validator/usage.html#--help) argument: + +``` +docker run --name fort --rm -ti fort -- -help +``` + +3.2. Running once and printing the resulting valid ROAs to standard output: + +``` +docker run --name fort --rm -v path/to/tals:/etc/fort/tal:ro \ + -ti fort --tal /etc/fort/tal --mode standalone --output.roa - +``` + +3.3. Using a SLURM file (located at `path/to/slurm/my.slurm`): + +``` +docker run --name fort -rm -v path/to/tals:/etc/fort/tal:ro -v path/to/slurm:/tmp:ro \ + -p 323:323 -ti fort --slurm /tmp/my.slurm +``` -- 2.47.2