├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── cloudflare.json ├── example ├── docker-compose-local.yml ├── docker-compose.yml ├── makefile ├── nginx │ ├── Dockerfile │ ├── etc │ │ └── nginx │ │ │ └── conf.d │ │ │ └── default.conf │ └── opt │ │ └── containerbuddy │ │ └── nginx.json └── start.sh └── update-dns.sh /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | release/ 3 | containerbuddy 4 | .env 5 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:jessie 2 | 3 | # install curl and jq 4 | RUN apt-get update && \ 5 | apt-get install -y \ 6 | curl \ 7 | jq && \ 8 | rm -rf /var/lib/apt/lists/* 9 | 10 | # get containerbuddy release 11 | RUN export CB=containerbuddy-0.0.1-alpha &&\ 12 | mkdir -p /opt/containerbuddy && \ 13 | curl -Lo /tmp/${CB}.tar.gz \ 14 | https://github.com/joyent/containerbuddy/releases/download/0.0.1-alpha/${CB}.tar.gz && \ 15 | tar -xf /tmp/${CB}.tar.gz && \ 16 | mv /build/containerbuddy /opt/containerbuddy/ 17 | 18 | # add containerbuddy and configuration 19 | COPY cloudflare.json /opt/containerbuddy/ 20 | COPY update-dns.sh /opt/containerbuddy/ 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Mozilla Public License, version 2.0 2 | 3 | 1. Definitions 4 | 5 | 1.1. "Contributor" 6 | 7 | means each individual or legal entity that creates, contributes to the 8 | creation of, or owns Covered Software. 9 | 10 | 1.2. "Contributor Version" 11 | 12 | means the combination of the Contributions of others (if any) used by a 13 | Contributor and that particular Contributor's Contribution. 14 | 15 | 1.3. "Contribution" 16 | 17 | means Covered Software of a particular Contributor. 18 | 19 | 1.4. "Covered Software" 20 | 21 | means Source Code Form to which the initial Contributor has attached the 22 | notice in Exhibit A, the Executable Form of such Source Code Form, and 23 | Modifications of such Source Code Form, in each case including portions 24 | thereof. 25 | 26 | 1.5. "Incompatible With Secondary Licenses" 27 | means 28 | 29 | a. that the initial Contributor has attached the notice described in 30 | Exhibit B to the Covered Software; or 31 | 32 | b. that the Covered Software was made available under the terms of 33 | version 1.1 or earlier of the License, but not also under the terms of 34 | a Secondary License. 35 | 36 | 1.6. "Executable Form" 37 | 38 | means any form of the work other than Source Code Form. 39 | 40 | 1.7. "Larger Work" 41 | 42 | means a work that combines Covered Software with other material, in a 43 | separate file or files, that is not Covered Software. 44 | 45 | 1.8. "License" 46 | 47 | means this document. 48 | 49 | 1.9. "Licensable" 50 | 51 | means having the right to grant, to the maximum extent possible, whether 52 | at the time of the initial grant or subsequently, any and all of the 53 | rights conveyed by this License. 54 | 55 | 1.10. "Modifications" 56 | 57 | means any of the following: 58 | 59 | a. any file in Source Code Form that results from an addition to, 60 | deletion from, or modification of the contents of Covered Software; or 61 | 62 | b. any new file in Source Code Form that contains any Covered Software. 63 | 64 | 1.11. "Patent Claims" of a Contributor 65 | 66 | means any patent claim(s), including without limitation, method, 67 | process, and apparatus claims, in any patent Licensable by such 68 | Contributor that would be infringed, but for the grant of the License, 69 | by the making, using, selling, offering for sale, having made, import, 70 | or transfer of either its Contributions or its Contributor Version. 71 | 72 | 1.12. "Secondary License" 73 | 74 | means either the GNU General Public License, Version 2.0, the GNU Lesser 75 | General Public License, Version 2.1, the GNU Affero General Public 76 | License, Version 3.0, or any later versions of those licenses. 77 | 78 | 1.13. "Source Code Form" 79 | 80 | means the form of the work preferred for making modifications. 81 | 82 | 1.14. "You" (or "Your") 83 | 84 | means an individual or a legal entity exercising rights under this 85 | License. For legal entities, "You" includes any entity that controls, is 86 | controlled by, or is under common control with You. For purposes of this 87 | definition, "control" means (a) the power, direct or indirect, to cause 88 | the direction or management of such entity, whether by contract or 89 | otherwise, or (b) ownership of more than fifty percent (50%) of the 90 | outstanding shares or beneficial ownership of such entity. 91 | 92 | 93 | 2. License Grants and Conditions 94 | 95 | 2.1. Grants 96 | 97 | Each Contributor hereby grants You a world-wide, royalty-free, 98 | non-exclusive license: 99 | 100 | a. under intellectual property rights (other than patent or trademark) 101 | Licensable by such Contributor to use, reproduce, make available, 102 | modify, display, perform, distribute, and otherwise exploit its 103 | Contributions, either on an unmodified basis, with Modifications, or 104 | as part of a Larger Work; and 105 | 106 | b. under Patent Claims of such Contributor to make, use, sell, offer for 107 | sale, have made, import, and otherwise transfer either its 108 | Contributions or its Contributor Version. 109 | 110 | 2.2. Effective Date 111 | 112 | The licenses granted in Section 2.1 with respect to any Contribution 113 | become effective for each Contribution on the date the Contributor first 114 | distributes such Contribution. 115 | 116 | 2.3. Limitations on Grant Scope 117 | 118 | The licenses granted in this Section 2 are the only rights granted under 119 | this License. No additional rights or licenses will be implied from the 120 | distribution or licensing of Covered Software under this License. 121 | Notwithstanding Section 2.1(b) above, no patent license is granted by a 122 | Contributor: 123 | 124 | a. for any code that a Contributor has removed from Covered Software; or 125 | 126 | b. for infringements caused by: (i) Your and any other third party's 127 | modifications of Covered Software, or (ii) the combination of its 128 | Contributions with other software (except as part of its Contributor 129 | Version); or 130 | 131 | c. under Patent Claims infringed by Covered Software in the absence of 132 | its Contributions. 133 | 134 | This License does not grant any rights in the trademarks, service marks, 135 | or logos of any Contributor (except as may be necessary to comply with 136 | the notice requirements in Section 3.4). 137 | 138 | 2.4. Subsequent Licenses 139 | 140 | No Contributor makes additional grants as a result of Your choice to 141 | distribute the Covered Software under a subsequent version of this 142 | License (see Section 10.2) or under the terms of a Secondary License (if 143 | permitted under the terms of Section 3.3). 144 | 145 | 2.5. Representation 146 | 147 | Each Contributor represents that the Contributor believes its 148 | Contributions are its original creation(s) or it has sufficient rights to 149 | grant the rights to its Contributions conveyed by this License. 150 | 151 | 2.6. Fair Use 152 | 153 | This License is not intended to limit any rights You have under 154 | applicable copyright doctrines of fair use, fair dealing, or other 155 | equivalents. 156 | 157 | 2.7. Conditions 158 | 159 | Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in 160 | Section 2.1. 161 | 162 | 163 | 3. Responsibilities 164 | 165 | 3.1. Distribution of Source Form 166 | 167 | All distribution of Covered Software in Source Code Form, including any 168 | Modifications that You create or to which You contribute, must be under 169 | the terms of this License. You must inform recipients that the Source 170 | Code Form of the Covered Software is governed by the terms of this 171 | License, and how they can obtain a copy of this License. You may not 172 | attempt to alter or restrict the recipients' rights in the Source Code 173 | Form. 174 | 175 | 3.2. Distribution of Executable Form 176 | 177 | If You distribute Covered Software in Executable Form then: 178 | 179 | a. such Covered Software must also be made available in Source Code Form, 180 | as described in Section 3.1, and You must inform recipients of the 181 | Executable Form how they can obtain a copy of such Source Code Form by 182 | reasonable means in a timely manner, at a charge no more than the cost 183 | of distribution to the recipient; and 184 | 185 | b. You may distribute such Executable Form under the terms of this 186 | License, or sublicense it under different terms, provided that the 187 | license for the Executable Form does not attempt to limit or alter the 188 | recipients' rights in the Source Code Form under this License. 189 | 190 | 3.3. Distribution of a Larger Work 191 | 192 | You may create and distribute a Larger Work under terms of Your choice, 193 | provided that You also comply with the requirements of this License for 194 | the Covered Software. If the Larger Work is a combination of Covered 195 | Software with a work governed by one or more Secondary Licenses, and the 196 | Covered Software is not Incompatible With Secondary Licenses, this 197 | License permits You to additionally distribute such Covered Software 198 | under the terms of such Secondary License(s), so that the recipient of 199 | the Larger Work may, at their option, further distribute the Covered 200 | Software under the terms of either this License or such Secondary 201 | License(s). 202 | 203 | 3.4. Notices 204 | 205 | You may not remove or alter the substance of any license notices 206 | (including copyright notices, patent notices, disclaimers of warranty, or 207 | limitations of liability) contained within the Source Code Form of the 208 | Covered Software, except that You may alter any license notices to the 209 | extent required to remedy known factual inaccuracies. 210 | 211 | 3.5. Application of Additional Terms 212 | 213 | You may choose to offer, and to charge a fee for, warranty, support, 214 | indemnity or liability obligations to one or more recipients of Covered 215 | Software. However, You may do so only on Your own behalf, and not on 216 | behalf of any Contributor. You must make it absolutely clear that any 217 | such warranty, support, indemnity, or liability obligation is offered by 218 | You alone, and You hereby agree to indemnify every Contributor for any 219 | liability incurred by such Contributor as a result of warranty, support, 220 | indemnity or liability terms You offer. You may include additional 221 | disclaimers of warranty and limitations of liability specific to any 222 | jurisdiction. 223 | 224 | 4. Inability to Comply Due to Statute or Regulation 225 | 226 | If it is impossible for You to comply with any of the terms of this License 227 | with respect to some or all of the Covered Software due to statute, 228 | judicial order, or regulation then You must: (a) comply with the terms of 229 | this License to the maximum extent possible; and (b) describe the 230 | limitations and the code they affect. Such description must be placed in a 231 | text file included with all distributions of the Covered Software under 232 | this License. Except to the extent prohibited by statute or regulation, 233 | such description must be sufficiently detailed for a recipient of ordinary 234 | skill to be able to understand it. 235 | 236 | 5. Termination 237 | 238 | 5.1. The rights granted under this License will terminate automatically if You 239 | fail to comply with any of its terms. However, if You become compliant, 240 | then the rights granted under this License from a particular Contributor 241 | are reinstated (a) provisionally, unless and until such Contributor 242 | explicitly and finally terminates Your grants, and (b) on an ongoing 243 | basis, if such Contributor fails to notify You of the non-compliance by 244 | some reasonable means prior to 60 days after You have come back into 245 | compliance. Moreover, Your grants from a particular Contributor are 246 | reinstated on an ongoing basis if such Contributor notifies You of the 247 | non-compliance by some reasonable means, this is the first time You have 248 | received notice of non-compliance with this License from such 249 | Contributor, and You become compliant prior to 30 days after Your receipt 250 | of the notice. 251 | 252 | 5.2. If You initiate litigation against any entity by asserting a patent 253 | infringement claim (excluding declaratory judgment actions, 254 | counter-claims, and cross-claims) alleging that a Contributor Version 255 | directly or indirectly infringes any patent, then the rights granted to 256 | You by any and all Contributors for the Covered Software under Section 257 | 2.1 of this License shall terminate. 258 | 259 | 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user 260 | license agreements (excluding distributors and resellers) which have been 261 | validly granted by You or Your distributors under this License prior to 262 | termination shall survive termination. 263 | 264 | 6. Disclaimer of Warranty 265 | 266 | Covered Software is provided under this License on an "as is" basis, 267 | without warranty of any kind, either expressed, implied, or statutory, 268 | including, without limitation, warranties that the Covered Software is free 269 | of defects, merchantable, fit for a particular purpose or non-infringing. 270 | The entire risk as to the quality and performance of the Covered Software 271 | is with You. Should any Covered Software prove defective in any respect, 272 | You (not any Contributor) assume the cost of any necessary servicing, 273 | repair, or correction. This disclaimer of warranty constitutes an essential 274 | part of this License. No use of any Covered Software is authorized under 275 | this License except under this disclaimer. 276 | 277 | 7. Limitation of Liability 278 | 279 | Under no circumstances and under no legal theory, whether tort (including 280 | negligence), contract, or otherwise, shall any Contributor, or anyone who 281 | distributes Covered Software as permitted above, be liable to You for any 282 | direct, indirect, special, incidental, or consequential damages of any 283 | character including, without limitation, damages for lost profits, loss of 284 | goodwill, work stoppage, computer failure or malfunction, or any and all 285 | other commercial damages or losses, even if such party shall have been 286 | informed of the possibility of such damages. This limitation of liability 287 | shall not apply to liability for death or personal injury resulting from 288 | such party's negligence to the extent applicable law prohibits such 289 | limitation. Some jurisdictions do not allow the exclusion or limitation of 290 | incidental or consequential damages, so this exclusion and limitation may 291 | not apply to You. 292 | 293 | 8. Litigation 294 | 295 | Any litigation relating to this License may be brought only in the courts 296 | of a jurisdiction where the defendant maintains its principal place of 297 | business and such litigation shall be governed by laws of that 298 | jurisdiction, without reference to its conflict-of-law provisions. Nothing 299 | in this Section shall prevent a party's ability to bring cross-claims or 300 | counter-claims. 301 | 302 | 9. Miscellaneous 303 | 304 | This License represents the complete agreement concerning the subject 305 | matter hereof. If any provision of this License is held to be 306 | unenforceable, such provision shall be reformed only to the extent 307 | necessary to make it enforceable. Any law or regulation which provides that 308 | the language of a contract shall be construed against the drafter shall not 309 | be used to construe this License against a Contributor. 310 | 311 | 312 | 10. Versions of the License 313 | 314 | 10.1. New Versions 315 | 316 | Mozilla Foundation is the license steward. Except as provided in Section 317 | 10.3, no one other than the license steward has the right to modify or 318 | publish new versions of this License. Each version will be given a 319 | distinguishing version number. 320 | 321 | 10.2. Effect of New Versions 322 | 323 | You may distribute the Covered Software under the terms of the version 324 | of the License under which You originally received the Covered Software, 325 | or under the terms of any subsequent version published by the license 326 | steward. 327 | 328 | 10.3. Modified Versions 329 | 330 | If you create software not governed by this License, and you want to 331 | create a new license for such software, you may create and use a 332 | modified version of this License if you rename the license and remove 333 | any references to the name of the license steward (except to note that 334 | such modified license differs from this License). 335 | 336 | 10.4. Distributing Source Code Form that is Incompatible With Secondary 337 | Licenses If You choose to distribute Source Code Form that is 338 | Incompatible With Secondary Licenses under the terms of this version of 339 | the License, the notice described in Exhibit B of this License must be 340 | attached. 341 | 342 | Exhibit A - Source Code Form License Notice 343 | 344 | This Source Code Form is subject to the 345 | terms of the Mozilla Public License, v. 346 | 2.0. If a copy of the MPL was not 347 | distributed with this file, You can 348 | obtain one at 349 | http://mozilla.org/MPL/2.0/. 350 | 351 | If it is not possible or desirable to put the notice in a particular file, 352 | then You may include the notice in a location (such as a LICENSE file in a 353 | relevant directory) where a recipient would be likely to look for such a 354 | notice. 355 | 356 | You may add additional accurate notices of copyright ownership. 357 | 358 | Exhibit B - "Incompatible With Secondary Licenses" Notice 359 | 360 | This Source Code Form is "Incompatible 361 | With Secondary Licenses", as defined by 362 | the Mozilla Public License, v. 2.0. 363 | 364 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Autopilot Pattern CloudFlare 2 | 3 | *Automatically update a Cloudflare DNS when a containerized service's IPs change* 4 | 5 | This image uses [ContainerPilot](https://www.joyent.com/containerpilot) and the [Autopilot Pattern](http://autopilotpattern.io/) to automate discovery and configuration. 6 | 7 | [![DockerPulls](https://img.shields.io/docker/pulls/autopilotpattern/cloudflare.svg)](https://registry.hub.docker.com/u/autopilotpattern/cloudflare/) 8 | [![DockerStars](https://img.shields.io/docker/stars/autopilotpattern/cloudflare.svg)](https://registry.hub.docker.com/u/autopilotpattern/cloudflare/) 9 | [![ImageLayers](https://badge.imagelayers.io/autopilotpattern/cloudflare:latest.svg)](https://imagelayers.io/?images=autopilotpattern/cloudflare:latest) 10 | [![Join the chat at https://gitter.im/autopilotpattern/general](https://badges.gitter.im/autopilotpattern/general.svg)](https://gitter.im/autopilotpattern/general) 11 | 12 | ### DNS updates 13 | 14 | In a container-native project, we need to balance the desire for ephemeral infrastructure with the requirement to provide a predictable load-balanced interface with the outside world. By updating DNS records for a domain based on changes in the discovery service, we can make sure our users can reach the load-balancer for our project at all times. 15 | 16 | This repo uses [Containerbuddy](https://github.com/joyent/containerbuddy) to listen for changes to the external load balancer tier and make API calls to [Cloudflare](https://www.cloudflare.com) to update DNS records. The updater application is a simple bash script (`./update-dns.sh`) that's triggered by the Containerbuddy `onChange` handler. 17 | 18 | 19 | ### Running the example 20 | 21 | In the `example` directory is a simple application demonstrating how this works. In this application, Nginx is serving as a front-end web server that serves a static file. The Nginx nodes register themselves with Consul as they come online, and the Cloudflare application is configured with an `onChange` handler that makes API calls to the Cloudflare API, causing the A-records associated with the project to be updated. 22 | 23 | Running this example on your own requires that you have a Cloudflare account and a domain that you've allowed Cloudflare to reverse proxy. Note that if you just want to try it out without actually updating your DNS records you can go through the whole process of getting Cloudflare in front of your site (on their free tier) and so long as you don't update your nameservers with your registrar there will be no actual changes to the DNS records seen by the rest of the world. Once you're ready: 24 | 25 | 1. [Get a Joyent account](https://my.joyent.com/landing/signup/) and [add your SSH key](https://docs.joyent.com/public-cloud/getting-started). 26 | 1. Install the [Docker Toolbox](https://docs.docker.com/installation/mac/) (including `docker` and `docker-compose`) on your laptop or other environment, as well as the [Joyent CloudAPI CLI tools](https://apidocs.joyent.com/cloudapi/#getting-started) (including the `smartdc` and `json` tools) 27 | 1. Have your Cloudflare API key handy. 28 | 1. [Configure Docker and Docker Compose for use with Joyent](https://docs.joyent.com/public-cloud/api-access/docker): 29 | 30 | ```bash 31 | curl -O https://raw.githubusercontent.com/joyent/sdc-docker/master/tools/sdc-docker-setup.sh && chmod +x sdc-docker-setup.sh 32 | ./sdc-docker-setup.sh -k us-east-1.api.joyent.com ~/.ssh/ 33 | ``` 34 | 35 | At this point you can run the example on Triton: 36 | 37 | ```bash 38 | cd ./examples 39 | make .env 40 | ./start.sh 41 | 42 | ``` 43 | 44 | or in your local Docker environment: 45 | 46 | ```bash 47 | cd ./examples 48 | make 49 | # at this point you'll be asked to fill in the values of the .env 50 | # file and make will exit, so we need to run it again 51 | make 52 | ./start.sh -f docker-compose-local.yml 53 | 54 | ``` 55 | 56 | The `.env` file that's created will need to be filled in with the values describe below: 57 | 58 | ``` 59 | CF_API_KEY= 60 | CF_AUTH_EMAIL= 61 | CF_ROOT_DOMAIN= 62 | SERVICE=nginx 63 | RECORD= 64 | TTL=600 65 | ``` 66 | 67 | The Consul UI will launch and you'll see the Nginx node appear. The script will also open your Cloudflare control panel at https://www.cloudflare.com/a/dns/example.com (using your own domain, of course) and then you'll see the domain or subdomain you provided in the `.env` file. 68 | 69 | Let's scale up the number of `nginx` nodes: 70 | 71 | ```bash 72 | docker-compose scale nginx=3 73 | ``` 74 | 75 | As the nodes launch and register themselves with Consul, you'll see them appear in the Consul UI. You'll also see the A records in your Cloudflare console update. 76 | -------------------------------------------------------------------------------- /cloudflare.json: -------------------------------------------------------------------------------- 1 | { 2 | "consul": "consul:8500", 3 | "services": [ 4 | { 5 | "name": "cloudflare", 6 | "health": "/usr/bin/curl --fail -s http://localhost/health.txt", 7 | "poll": 10, 8 | "ttl": 25 9 | } 10 | ], 11 | "backends": [ 12 | { 13 | "name": "nginx", 14 | "poll": 5, 15 | "onChange": "/opt/containerbuddy/update-dns.sh" 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /example/docker-compose-local.yml: -------------------------------------------------------------------------------- 1 | # This demonstration of containerbuddy has port mappings so we can use it 2 | # on docker-machine locally. 3 | 4 | consul: 5 | image: progrium/consul:latest 6 | command: > 7 | -server 8 | -bootstrap-expect 1 9 | -ui-dir /ui 10 | mem_limit: 256m 11 | expose: 12 | - 53 13 | - 8300 14 | - 8301 15 | - 8302 16 | - 8400 17 | - 8500 18 | - 8600 19 | ports: 20 | - 8500:8500 21 | restart: always 22 | 23 | nginx: 24 | build: nginx/ 25 | mem_limit: 512m 26 | ports: 27 | - 80 28 | expose: 29 | - 80 30 | links: 31 | - consul:consul 32 | restart: always 33 | command: > 34 | /opt/containerbuddy/containerbuddy 35 | -config file:///opt/containerbuddy/nginx.json 36 | nginx -g "daemon off;" 37 | 38 | cloudflare: 39 | build: ../ 40 | mem_limit: 128m 41 | links: 42 | - consul:consul 43 | restart: always 44 | env_file: .env 45 | command: > 46 | /opt/containerbuddy/containerbuddy 47 | -config file:///opt/containerbuddy/cloudflare.json 48 | -------------------------------------------------------------------------------- /example/docker-compose.yml: -------------------------------------------------------------------------------- 1 | consul: 2 | image: progrium/consul:latest 3 | command: > 4 | -server 5 | -bootstrap-expect 1 6 | -ui-dir /ui 7 | mem_limit: 256m 8 | ports: 9 | - 53 10 | - 8300 11 | - 8301 12 | - 8302 13 | - 8400 14 | - 8500 15 | - 8600 16 | restart: always 17 | 18 | nginx: 19 | image: autopilotpattern/cloudflare-demo-nginx 20 | mem_limit: 512m 21 | ports: 22 | - 80 23 | links: 24 | - consul:consul 25 | restart: always 26 | environment: 27 | - CONTAINERBUDDY=file:///opt/containerbuddy/nginx.json 28 | command: > 29 | /opt/containerbuddy/containerbuddy 30 | nginx -g "daemon off;" 31 | 32 | cloudflare: 33 | image: autopilotpattern/cloudflare 34 | mem_limit: 128m 35 | links: 36 | - consul:consul 37 | restart: always 38 | env_file: .env 39 | command: > 40 | /opt/containerbuddy/containerbuddy 41 | -config file:///opt/containerbuddy/cloudflare.json 42 | -------------------------------------------------------------------------------- /example/makefile: -------------------------------------------------------------------------------- 1 | MAKEFLAGS += --warn-undefined-variables 2 | SHELL := /bin/bash 3 | .SHELLFLAGS := -eu -o pipefail 4 | .DEFAULT_GOAL := build 5 | 6 | .PHONY: clean build ship 7 | 8 | CB=containerbuddy-0.0.1-alpha 9 | 10 | clean: 11 | rm -rf build/ 12 | 13 | build: .env build/containerbuddy 14 | docker-compose -f docker-compose-local.yml build 15 | 16 | ship: 17 | docker tag -f tritoncloudflare_nginx autopilotpattern/cloudflare-demo-nginx 18 | docker tag -f tritoncloudflare_cloudflare autopilotpattern/cloudflare 19 | docker push autopilotpattern/cloudflare-demo-nginx 20 | docker push autopilotpattern/cloudflare 21 | 22 | #------------------------------------ 23 | # get latest build of containerbuddy and copy to Docker build contexts 24 | 25 | .env: 26 | @echo 'CF_API_KEY=' > .env 27 | @echo 'CF_AUTH_EMAIL=> .env 28 | @echo 'CF_ROOT_DOMAIN=' >> .env 29 | @echo 'SERVICE=> .env 30 | @echo 'RECORD=' >> .env 31 | @echo 'TTL=' >> .env 32 | @echo 'CONSUL=' >> .env 33 | @echo 'Edit the .env file to include the credentials you need.' 34 | exit 1 35 | 36 | build/containerbuddy: 37 | mkdir -p build 38 | curl -Lo build/${CB}.tar.gz \ 39 | https://github.com/joyent/containerbuddy/releases/download/0.0.1-alpha/${CB}.tar.gz 40 | tar -xf build/${CB}.tar.gz 41 | 42 | nginx/opt/containerbuddy/containerbuddy: build/containerbuddy 43 | cp build/containerbuddy nginx/opt/containerbuddy/containerbuddy 44 | -------------------------------------------------------------------------------- /example/nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | # a minimal Nginx container including containerbuddy and a simple virtualhost config 2 | FROM nginx:latest 3 | 4 | # install curl 5 | RUN apt-get update && \ 6 | apt-get install -y \ 7 | curl && \ 8 | rm -rf /var/lib/apt/lists/* 9 | 10 | # add containerbuddy and all our configuration 11 | COPY opt/containerbuddy /opt/containerbuddy/ 12 | COPY etc/nginx/conf.d /etc/nginx/conf.d/ 13 | -------------------------------------------------------------------------------- /example/nginx/etc/nginx/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name _; 4 | 5 | # we're using http_sub_module to inject the container's 6 | # hostname into the output 7 | location / { 8 | sub_filter "nginx!" "nginx on $hostname"; 9 | sub_filter_once off; 10 | root /usr/share/nginx/html; 11 | index index.html; 12 | } 13 | 14 | location /health { 15 | # requires http_stub_status_module 16 | stub_status; 17 | allow 127.0.0.1; 18 | deny all; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /example/nginx/opt/containerbuddy/nginx.json: -------------------------------------------------------------------------------- 1 | { 2 | "consul": "consul:8500", 3 | "services": [ 4 | { 5 | "name": "nginx", 6 | "port": 80, 7 | "publicIp": true, 8 | "health": "/usr/bin/curl --fail -s http://localhost/health.txt", 9 | "poll": 10, 10 | "ttl": 25 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /example/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | COMPOSE_CFG= 4 | PREFIX=tritoncloudflare 5 | 6 | while getopts "f:p:" optchar; do 7 | case "${optchar}" in 8 | f) COMPOSE_CFG=" -f ${OPTARG}" ;; 9 | p) PREFIX=${OPTARG} ;; 10 | esac 11 | done 12 | shift $(expr $OPTIND - 1 ) 13 | 14 | COMPOSE="docker-compose -p ${PREFIX}${COMPOSE_CFG:-}" 15 | CONFIG_FILE=${COMPOSE_CFG:-docker-compose.yml} 16 | 17 | echo "Starting example application" 18 | echo "project prefix: $PREFIX" 19 | echo "docker-compose file: $CONFIG_FILE" 20 | 21 | echo 'Pulling latest container versions' 22 | ${COMPOSE} pull 23 | 24 | echo 'Starting Consul.' 25 | ${COMPOSE} up -d consul 26 | 27 | # get network info from consul and poll it for liveness 28 | if [ -z "${COMPOSE_CFG}" ]; then 29 | CONSUL_IP=$(sdc-listmachines --name ${PREFIX}_consul_1 | json -a ips.1) 30 | else 31 | CONSUL_IP=${CONSUL_IP:-$(docker-machine ip default)} 32 | fi 33 | 34 | echo 'Opening consul console' 35 | open http://${CONSUL_IP}:8500/ui 36 | 37 | echo 'Starting Nginx and Cloudflare-watcher' 38 | ${COMPOSE} up -d 39 | 40 | # get network info from Nginx and poll it for liveness 41 | if [ -z "${COMPOSE_CFG}" ]; then 42 | NGINX_IP=$(sdc-listmachines --name ${PREFIX}_nginx_1 | json -a ips.1) 43 | NGINX_PORT= 44 | else 45 | NGINX_IP=${NGINX_IP:-$(docker-machine ip default)} 46 | NGINX_PORT=":$(docker inspect ${PREFIX}_nginx_1 | json -a NetworkSettings.Ports."80/tcp".0.HostPort)" 47 | fi 48 | 49 | echo 'Opening web page...' 50 | open http://${NGINX_IP}${NGINX_PORT}/ 51 | 52 | echo 'Opening web page...' 53 | 54 | echo 'Opening web page...' 55 | open http://${NGINX_IP}${NGINX_PORT}/ 56 | 57 | CF_ROOT_DOMAIN=$(grep CF_ROOT_DOMAIN ./.env | cut -d'=' -f2) 58 | open https://www.cloudflare.com/a/dns/${CF_ROOT_DOMAIN} 59 | 60 | echo 'Try scaling up nginx nodes!' 61 | echo "${COMPOSE} scale nginx=3" 62 | -------------------------------------------------------------------------------- /update-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | usage() { 4 | echo 'Usage ./update-dns.sh [SERVICE] [RECORD] [TTL]' 5 | echo 6 | echo 'Updates DNS records on Cloudflare.' 7 | echo 8 | echo 'Required environment variables:' 9 | echo 'CF_ROOT_DOMAIN domain associated with Cloudflare zone' 10 | echo 'CF_API_KEY API key generated from Cloudflare "My Account" page' 11 | echo 'CF_AUTH_EMAIL email address associated with your Cloudflare user account' 12 | echo 'CONSUL hostname or IP of Consul server (will use address of linked consul if available)' 13 | echo 14 | echo 'Required parameters (or environment variables):' 15 | echo 'SERVICE name of service to query from Consul' 16 | echo 'RECORD DNS record name to update (ex. mycompany.example.com)' 17 | echo 'TTL DNS TTL of the record (in seconds)' 18 | } 19 | missingParam() { 20 | echo "Missing required parameter." 21 | } 22 | writeLog() { 23 | echo $(date -u "+%Y-%m-%dT%H:%M:%SZ") $@ 24 | } 25 | 26 | CF_API=https://api.cloudflare.com/client/v4 27 | 28 | SERVICE=${1-${SERVICE:-}} 29 | RECORD=${2:-${RECORD:-}} 30 | TTL=${3:-${TTL:-}} 31 | CONSUL=${CONSUL:-${CONSUL_PORT_8500_TCP_ADDR:-}} # allows links to work 32 | 33 | : ${CF_ROOT_DOMAIN?"$(missingParam)$(usage)"} 34 | : ${CF_API_KEY?"$(missingParam)$(usage)"} 35 | : ${CF_AUTH_EMAIL?"$(missingParam)$(usage)"} 36 | : ${SERVICE?"$(missingParam)$(usage)"} 37 | : ${RECORD?"$(missingParam)$(usage)"} 38 | : ${TTL?"$(missingParam)$(usage)"} 39 | : ${CONSUL?"$(missingParam)$(usage)"} 40 | 41 | 42 | # get all the healthy nodes for our service and assign to an array for our A-records 43 | getFromConsul() { 44 | CURRENT=( $(curl -s ${CONSUL}:8500/v1/health/service/${SERVICE}?passing | jq -r '[.[].Service.Address]|sort|.[]') ) 45 | : ${CURRENT?"No Consul records found."} 46 | } 47 | 48 | 49 | # https://api.cloudflare.com/#zone-list-zones 50 | getZone() { 51 | ZONE_ID=$(curl --fail -sX GET "${CF_API}/zones/?name=${CF_ROOT_DOMAIN}" \ 52 | -H "X-Auth-Key:${CF_API_KEY}" \ 53 | -H "X-Auth-Email:${CF_AUTH_EMAIL}" \ 54 | -H "Content-Type: application/json" | jq -r .result[0].id) 55 | : ${ZONE_ID?"No zone found."} 56 | writeLog "DNS zone ID:" ${ZONE_ID} 57 | } 58 | 59 | 60 | # https://api.cloudflare.com/#dns-records-for-a-zone-list-dns-records 61 | getRecords() { 62 | RECORDS=$(curl -sX GET "${CF_API}/zones/${ZONE_ID}/dns_records?type=A&name=${RECORD}&page=1&per_page=20&order=type&direction=desc&match=all" \ 63 | -H "X-Auth-Key:${CF_API_KEY}" \ 64 | -H "X-Auth-Email:${CF_AUTH_EMAIL}" \ 65 | -H "Content-Type: application/json") 66 | : ${RECORDS?"No records found."} 67 | writeLog "DNS record IDs:" $(echo ${RECORDS} | jq -r '.result[].id') 68 | } 69 | 70 | 71 | compareRecords() { 72 | # we need the ID of old records in order to delete them but bash doesn't 73 | # support multi-dimensional arrays so we'll just use two w/ the same indexes 74 | OLD=( $(echo $RECORDS | jq -r '[.result[].content]|sort|.[]') ) 75 | OLD_IDS=( $(echo $RECORDS | jq -r '[.result[].id]|sort|.[]') ) 76 | 77 | writeLog old=${OLD[*]} 78 | writeLog current=${CURRENT[*]} 79 | 80 | # if we only have one record and have none to remove, we just want 81 | # to update it 82 | if [[ ${#CURRENT[*]} == 1 ]]; then 83 | if [[ ${#OLD[*]} == 1 ]]; then 84 | updateRecord ${OLD_IDS[0]} ${CURRENT} 85 | return 0 86 | fi 87 | fi 88 | 89 | # add new records before removing the old ones so that we can do a 90 | # rolling deploy 91 | for new in ${CURRENT[*]} 92 | do 93 | if ! contains OLD $new; then 94 | addRecord $new 95 | fi 96 | done 97 | 98 | # remove any stale records (exists in old but not in new) 99 | for ((i=0;i < ${#OLD[*]};i++)) { 100 | local old=${OLD[i]} 101 | if ! contains CURRENT $old; then 102 | deleteRecord ${OLD_IDS[i]} $old 103 | fi 104 | } 105 | } 106 | 107 | 108 | # utility to check if array contains a string value 109 | contains() { 110 | local array="$1[@]" 111 | local search=$2 112 | local found=1 113 | for element in "${!array}"; do 114 | if [[ $element == $search ]]; then 115 | found=0 116 | break 117 | fi 118 | done 119 | return $found 120 | } 121 | 122 | # https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record 123 | updateRecord() { 124 | local id=$1 125 | local value=$2 126 | writeLog "updateRecord:" ${id}, ${value} 127 | curl -sX PUT "${CF_API}/zones/${ZONE_ID}/dns_records/${id}" \ 128 | -H "X-Auth-Key:${CF_API_KEY}" \ 129 | -H "X-Auth-Email:${CF_AUTH_EMAIL}" \ 130 | -H "Content-Type: application/json" \ 131 | --data "$(printf '{"id":"%s","type":"A","name":"%s","content":"%s","ttl":%s}' ${id} $RECORD $value $TTL)" 132 | } 133 | 134 | 135 | # https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record 136 | addRecord(){ 137 | local value=$1 138 | writeLog "addRecord:" ${value} 139 | curl -sX POST "${CF_API}/zones/${ZONE_ID}/dns_records" \ 140 | -H "X-Auth-Key:${CF_API_KEY}" \ 141 | -H "X-Auth-Email:${CF_AUTH_EMAIL}" \ 142 | -H "Content-Type: application/json" \ 143 | --data "$(printf '{"type":"A","name":"%s","content":"%s","ttl":%s}' $REC_ID $RECORD $value $TTL)" 144 | } 145 | 146 | 147 | # https://api.cloudflare.com/#dns-records-for-a-zone-delete-dns-record 148 | deleteRecord() { 149 | local id=$1 150 | local value=$2 151 | writeLog "deleteRecord:" ${id} ${value} 152 | curl -sX DELETE "${CF_API}/zones/${ZONE_ID}/dns_records/${id}" \ 153 | -H "X-Auth-Key:${CF_API_KEY}" \ 154 | -H "X-Auth-Email:${CF_AUTH_EMAIL}" \ 155 | -H "Content-Type: application/json" 156 | } 157 | 158 | 159 | run() { 160 | getFromConsul 161 | getZone 162 | getRecords 163 | compareRecords 164 | } 165 | 166 | # `. update-dns.sh --source` will import all functions without executing 167 | # the `run` function, enabling standalone testing of each function 168 | if [ "$1" != "--source" ]; then 169 | run "${@}" 170 | fi 171 | --------------------------------------------------------------------------------