How to inject files/commands into Docker bootstrap process?


(Kevin P. Fleming) #1

I’m setting up a Discourse install using the Docker-based instructions; this is being done on a weird internal corporate network, that has both HTTP/HTTPS proxies and has a custom CA root certificate.

I’ve edited app.yml to add the http_proxy/https_proxy environment variables that are necessary to run Git to pull ‘pups’, but there don’t seem to be any provisions for injecting additional files (and commands to run) before that command is run. I’ll need to push a file into the container, add a line into a configuration file, and run ‘update-ca-certificates’ before the Git installation inside the container will be able to pull from an HTTPS connection to Github.

Alternatively, I could set Git’s global configuration in the container to disable SSL certificate verification, and I’ll probably edit the launcher script to do that as a temporary workaround. Just figured I’d post this here to record the situation, other people may run into a need for pushing additional files or commands into the container during the bootstrap.


(Kane York) #2

Try a before_code: hook?

## The docker manager plugin allows you to one-click upgrade Discouse
## http://discourse.example.com/admin/docker
hooks:
  before_code:
    - file:
      path: /usr/share/ca-certificates/local/localca.crt
      contents:
        -----BEGIN CERTIFICATE-----
        MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
        MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
        IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
        BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw
        MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
        d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig
        YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v
        dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/
        BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6
        papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E
        BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K
        DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3
        KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox
        XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
        -----END CERTIFICATE-----
    - exec:
      # etc etc etc
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - mkdir -p plugins
          - git clone https://github.com/discourse/docker_manager.git

If you have a binary file, you can also cp it from /shared.

that file is /usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt