There are 2 ways to get the image, build it locally yourself or pull it from the Epiphany docker registry.
-
Install the following dependencies:
- Docker
-
Open a terminal in the root directory of the Epiphany source code and run:
TAG=$(cat core/src/epicli/cli/version.txt.py)
docker build --file Dockerfile --tag epicli:${TAG} .
docker pull epiphanyplatform/epicli:TAG
Where TAG
should be replaced with an existing tag.
Check here for the available tags.
To run the image:
docker run -it -v LOCAL_DIR:/shared --rm epiphanyplatform/epicli:TAG
Where:
LOCAL_DIR
should be replaced with the local path to the directory for Epicli input (SSH keys, data yaml files) and output (logs, build states),TAG
should be replaced with an existing tag.
Check here for the available tags.
For setting up en Epicli development environment please refer to this dedicated document here.
Epiphany deployment is only supported on machines compliant with freedesktop hostname recommendation: string consists only of 7-bit ASCII lower-case characters without spaces or dots, with the format allowed for DNS domain name labels. Otherwise, the deployment will fail.
-
Watch out for the line endings conversion. By default, Git for Windows sets
core.autocrlf=true
. Mounting such files with Docker results in^M
end-of-line character in the config files. Use: Checkout as-is, commit Unix-style (core.autocrlf=input
) or Checkout as-is, commit as-is (core.autocrlf=false
). Be sure to use a text editor that can work with Unix line endings (e.g. Notepad++). -
Remember to allow Docker Desktop to mount drives in Settings -> Shared Drives
-
Escape your paths properly:
- Powershell example:
docker run -it -v C:\Users\USERNAME\git\epiphany:/epiphany --rm epiphany-dev:
- Git-Bash example:
winpty docker run -it -v C:\\Users\\USERNAME\\git\\epiphany:/epiphany --rm epiphany-dev
-
Mounting NTFS disk folders in a linux based image causes permission issues with SSH keys. When running either the development or deploy image:
-
Copy the certs on the image:
mkdir -p ~/.ssh/epiphany-operations/ cp /epiphany/core/ssh/id_rsa* ~/.ssh/epiphany-operations/
-
Set the proper permission on the certs:
chmod 400 ~/.ssh/epiphany-operations/id_rsa*
To run Epicli behind a proxy, environment variables need to be set.
When running a development container (upper and lowercase are needed because of an issue with the Ansible dependency):
export http_proxy="http://PROXY_SERVER:PORT"
export https_proxy="https://PROXY_SERVER:PORT"
export HTTP_PROXY="http://PROXY_SERVER:PORT"
export HTTPS_PROXY="https://PROXY_SERVER:PORT"
Or when running from a Docker image (upper and lowercase are needed because of an issue with the Ansible dependency):
docker run -it -v POSSIBLE_MOUNTS... -e HTTP_PROXY=http://PROXY_SERVER:PORT -e HTTPS_PROXY=http://PROXY_SERVER:PORT http_proxy=http://PROXY_SERVER:PORT -e https_proxy=http://PROXY_SERVER:PORT --rm IMAGE_NAME
This note relates only to CentOS and RedHat installations.
To prevent installation failure of PostgreSQL 10 server it's validated in preflight mode if previous installation was done from official PostgreSQL repository. If it's installed from Software Collections, Epiphany deployment will fail in preflight mode. For more details refer to How to migrate from PostgreSQL installed from Software Collections to installed from PostgreSQL repository
In some cases it might be that a company uses custom CA certificates or CA bundles for providing secure connections. To use these with Epicli you can do the following:
Note that for the comments below the filenames of the certificate(s)/bundle do not matter, only the extensions. The certificate(s)/bundle need to be placed here before building the devcontainer.
- If you have one CA certificate you can add it here with the
crt
extension. - If you have multiple certificates in a chain/bundle you need to add them here individually with the
crt
extension and also add the single bundle with thepem
extension containing the same certificates. This is needed because not all tools inside the container accept the single bundle.
If you are running Epicli from one of the prebuilt release containers you can do the following to install the certificate(s):
cp ./path/to/*.crt /usr/local/share/ca-certificates/
chmod 644 /usr/local/share/ca-certificates/*.crt
update-ca-certificates
If you plan to deploy on AWS you also need to add a separate configuration for Boto3
which can either be done by a config
file or setting the AWS_CA_BUNDLE
environment variable. More information about for Boto3
can be found here.