Use persistent volume, update README.md.

d2iq-archive · Apr 23, 2016 · 4ff1410 · 4ff1410
1 parent 39ba96c
commit 4ff1410
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -22,9 +22,10 @@ There are 2 test apps included, based on [openresty](https://openresty.org/), wh
 
 The app includes 2 scripts: [`run.sh`](run.sh) and [`post_cert.py`](post_cert.py). The first script (`run.sh`) will generate the initial SSL cert and POST the cert to Marathon for Marathon-lb. It will then attempt to renew & update the cert every 24 hours. The `post_cert.py` script will compare the current cert in Marathon to the current live cert, and update it as necessary. `post_cert.py` is called after the initial cert is generated, and again every 24 hours after a renewal attempt.
 
+A persistent volume called `data` is mounted inside the container at `/etc/letsencrypt` which contains the certificates and other generated state.
+
 ## Limitations
 
  - You may only have up to 100 domains per cert.
- - Let's Encrypt currently has rate limits, such as issuing a maximum
+ - Let's Encrypt currently has rate limits, such as issuing a maximum of 5 certs per set of domains per week.
  - Currently, when the cert is updated, it requires a full redeploy of Marathon-lb. This means there may be a few seconds of downtime as the deployment occurs. This can be mitigated by placing another LB (such as an ELB or F5) in front of HAProxy.
- - The certs are kept inside the container at `/etc/letsencrypt`. You might want to mount the directory as an external volume to preserve the data.
diff --git a/letsencrypt-dcos.json b/letsencrypt-dcos.json
@@ -5,26 +5,45 @@
   "instances": 1,
   "container": {
     "type": "DOCKER",
+    "volumes": [
+      {
+        "containerPath": "/etc/letsencrypt",
+        "hostPath": "data",
+        "mode": "RW"
+      },
+      {
+        "containerPath": "data",
+        "mode": "RW",
+        "persistent": {
+          "size": 500
+        }
+      }
+    ],
     "docker": {
       "image": "mesosphere/letsencrypt-dcos:v1.0.1",
       "network": "BRIDGE",
-      "portMappings": [{
-        "containerPort": 80,
-        "hostPort": 0,
-        "servicePort": 10000,
-        "protocol": "tcp"
-      }]
+      "portMappings": [
+        {
+          "containerPort": 80,
+          "servicePort": 10000,
+          "protocol": "tcp"
+        }
+      ]
     }
   },
   "env": {
-    "MARATHON_URL": "http://master.mesos:8080",
     "MARATHON_LB_ID": "marathon-lb",
+    "MARATHON_URL": "http://marathon.mesos:8080",
     "LETSENCRYPT_EMAIL": "[email protected]"
   },
   "labels": {
     "HAPROXY_0_VHOST": "ssl-test-1.mesosphere.com,ssl-test-2.mesosphere.com",
-    "HAPROXY_0_PATH": "/.well-known/acme-challenge",
-    "HAPROXY_GROUP": "external"
+    "HAPROXY_GROUP": "external",
+    "HAPROXY_0_PATH": "/.well-known/acme-challenge"
   },
-  "backoffSeconds": 5
+  "backoffSeconds": 5,
+  "upgradeStrategy": {
+    "minimumHealthCapacity": 0.5,
+    "maximumOverCapacity": 0
+  }
 }