Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jandubois/staging_policies
https://github.com/jandubois/staging_policies
Last synced: 7 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/jandubois/staging_policies
- Owner: jandubois
- Created: 2016-07-09T00:52:10.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2016-07-14T17:59:58.000Z (over 8 years ago)
- Last Synced: 2024-10-28T16:55:38.987Z (about 2 months ago)
- Language: Shell
- Size: 1.95 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Proof of concept: Staging policies and decorators ##
The main project description/discussion is in this [Google doc](https://docs.google.com/document/d/1J9Iw309UwzGC4zoxSp1rcS47XxlfrrMkYxBpiDeKfYc).
A quick&dirty PoC has been implemented in these 4 commits:
* https://github.com/jandubois/cloud_controller_ng/commit/6fb0145
* https://github.com/jandubois/buildpack_app_lifecycle/commit/22e6e1c
* https://github.com/jandubois/runtime-schema/commit/e453b10
* https://github.com/jandubois/stager/commit/dfe8881They are based on `cf-release` v237 and `diego-release` v0.1472. They can probably be cherry-picked to the latest; I went back to 237 because of some problems that turned out to be my own mistakes.
One caveat is that you have to checkout buildpack_app_lifecycle in *both* locations to the same commit:
```
~/workspace/cf-release/src/capi-release/src/github.com/cloudfoundry-incubator/buildpack_app_lifecycle
~/workspace/diego-release/src/github.com/cloudfoundry-incubator/buildpack_app_lifecycle
```The submodule in `cf-release` is used by the stager to construct the builder commandline for the staging task request. The submodule in `diego-release` is used to build the tarball of the lifecycle components. So they are tightly coupled.
This PoC assumes that any buildpack whose name ends with `_policy` is a policy/decorator.
There are both a policy and a decorator sample in the [staging_repositories](https://github.com/jandubois/staging_policies) repo.
```
$ git clone [email protected]:jandubois/staging_policies.git
$ cf create-buildpack timestamp_policy staging_policies/timestamp_policy 9999
$ cf create-buildpack php_policy staging_policies/php_policy 9999
```The [timestamp_policy](https://github.com/jandubois/staging_policies/blob/master/timestamp_policy/bin/compile) prints the current date/time to `stdout` and also sets a `TIMESTAMP` environment variable in the appication itself (via `~/.profile.d`).
The [php_policy](https://github.com/jandubois/staging_policies/blob/master/php_policy/bin/compile) rejects any droplet that includes a `*.php` file.
Here is a sample push of a node app (edited for brevity). You can see the output of the timestamp policy, and how the droplet gets rejected by the presence of the `*.php` files in the punycode NPM module installed by the nodejs_buildpack:
```bash
$ cf push
[...]
-----> Build succeeded!Timestamp: Mon Jul 11 17:42:16 UTC 2016
We have a zero tolerance policy about PHP here:
/tmp/app/.heroku/node/lib/node_modules/npm/node_modules/request/node_modules/tough-cookie/node_modules/punycode/vendor/docdown/doc/parse.php
/tmp/app/.heroku/node/lib/node_modules/npm/node_modules/request/node_modules/tough-cookie/node_modules/punycode/vendor/docdown/docdown.php
Droplet has been rejected by policy: Blocked by policy
Exit status 225
Staging failed: Exited with status 225FAILED
Error restarting application: StagingError
```Disabling the php_policy lets us deploy the app, and checking the app output shows that the `TIMESTAMP` variable is visible to the app:
```bash
$ cf update-buildpack php_policy --disable
Updating buildpack php_policy...
OK$ cf push
[...]
-----> Build succeeded!Timestamp: Mon Jul 11 18:01:07 UTC 2016
Exit status 0
Staging complete
Uploading droplet, build artifacts cache...
[...]
$ curl -s node-env.bosh-lite.com | html2text -nobs | grep -A1 TIME
TIMESTAMP
Mon Jul 11 18:01:07 UTC 2016
```