Skip to content

Commit

Permalink
WIP: add stunnel container image
Browse files Browse the repository at this point in the history
  • Loading branch information
dcermak committed Dec 4, 2024
1 parent fa6099b commit d6e231e
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/bci_build/package/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -1444,6 +1444,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
from .appcontainers import PCP_CONTAINERS # noqa: E402
from .appcontainers import PROMETHEUS_CONTAINERS # noqa: E402
from .appcontainers import REGISTRY_CONTAINERS # noqa: E402
from .appcontainers import STUNNEL_CONTAINERS # noqa: E402
from .appcontainers import THREE_EIGHT_NINE_DS_CONTAINERS # noqa: E402
from .appcontainers import TRIVY_CONTAINERS # noqa: E402
from .base import BASE_CONTAINERS # noqa: E402
Expand Down Expand Up @@ -1526,6 +1527,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
*GCC_CONTAINERS,
*SPACK_CONTAINERS,
*KEA_DHCP_CONTAINERS,
*STUNNEL_CONTAINERS,
)
}

Expand Down
34 changes: 34 additions & 0 deletions src/bci_build/package/appcontainers.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from bci_build.package.helpers import generate_package_version_check
from bci_build.package.versions import format_version
from bci_build.package.versions import get_pkg_version
from bci_build.registry import publish_registry


def _envsubst_pkg_name(os_version: OsVersion) -> str:
Expand Down Expand Up @@ -442,3 +443,36 @@ def _get_nginx_kwargs(os_version: OsVersion):
)
for os_version in (OsVersion.TUMBLEWEED,)
]

STUNNEL_CONTAINERS = [
ApplicationStackContainer(
name="stunnel",
os_version=os_version,
tag_version=(tag_ver := "5"),
is_latest=os_version in CAN_BE_LATEST_OS_VERSION,
from_target_image=generate_from_image_tag(os_version, "bci-micro"),
version=(stunnel_version_re := "%%stunnel_re%%"),
pretty_name="Stunnel",
package_list=["stunnel"],
replacements_via_service=[
Replacement(stunnel_version_re, package_name="stunnel")
],
extra_files={
"entrypoint.sh": (
Path(__file__).parent / "stunnel" / "entrypoint.sh"
).read_bytes()
},
_publish_registry=publish_registry(os_version, app_collection=True),
build_stage_custom_end=generate_package_version_check(
"stunnel", tag_ver, ParseVersion.MAJOR, use_target=True
),
custom_end=f"""COPY entrypoint.sh /usr/local/bin/
{DOCKERFILE_RUN} chmod 0755 /usr/local/bin/entrypoint.sh; \
chown --recursive stunnel /etc/stunnel
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["/usr/sbin/stunnel"]
USER stunnel
""",
)
for os_version in ALL_NONBASE_OS_VERSIONS
]
15 changes: 15 additions & 0 deletions src/bci_build/package/stunnel/README.md.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# {{ image.pretty_name }} Container Image

{% include 'badges.j2' %}


## Description

Stunnel is an open-source multi-platform application used to provide a universal
TLS/SSL tunneling service.


## How to use this Image


{% include 'licensing_and_eula.j2' %}
18 changes: 18 additions & 0 deletions src/bci_build/package/stunnel/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash

STUNNEL_CERT="${STUNNEL_CERT:-/etc/stunnel/stunnel.pem}"
STUNNEL_KEY="${STUNNEL_KEY:-/etc/stunnel/stunnel.key}"

conf="/etc/stunnel/conf.d/container-ssl.conf"
echo "cert = ${STUNNEL_CERT}" > $conf
echo "key = ${STUNNEL_KEY}" >> $conf


if [[ -n "${STUNNEL_SERVICE_NAME}" ]] && [[ -n "${STUNNEL_ACCEPT}" ]] && [[ -n "${STUNNEL_CONNECT}" ]]; then
conf="/etc/stunnel/conf.d/container.conf"
echo "[${STUNNEL_SERVICE_NAME}]" > $conf
echo "accept = ${STUNNEL_ACCEPT}" >> $conf
echo "connect = ${STUNNEL_CONNECT}" >> $conf
fi

exec "$@"

0 comments on commit d6e231e

Please sign in to comment.