GitOps for single-server deployments!
Deprecated! Replaced with Wadsworth
A docker-compose application manager that deploys and maintains a set of compose projects and provides secret management for them via Vault.
Machinehead is designed for single-server hobbyists who want to make use of containers and modern GitOps practices but can't since most of the tools (such as kube-applier) focus on cluster technology such as Swarm and Kubernetes.
In addition to this lack of tooling, managing sensitive secrets such as database credentials on single-server deployments doesn't have many solutions that integrate with Docker nicely.
And so, Machinehead was born to solve both these problems!
Machinehead is essentially a background process that is given one or more Git
repositories that contain docker-compose.yml files. It will periodically
attempt to pull from each reository and, if there is a change it will execute
docker-compose up for it.
This lets you update the configuration of your containerised applications simply
by doing a git push!
Tip: pairs really nicely with Watchtower!
Machinehead is current-working-directory ("CWD") sensitive rather than
binary-path sensitive, this means you can install it with go get and run it
from any directory.
It doesn't currently have any official daemonising methods so it's up to you to write your own systemd/upstart/whatever configs. You could also just use tmux or screen and detach from the session.
When Machinehead is started, it will check the CWD for machinehead.json which
looks like:
{
"targets": [
"git@domain:username/my-project1",
"git@domain:username/my-project2"
],
"check_interval": "10s",
"cache_directory": "./machinehead_cache"
}For best results, the directory that contains machinehead.json should also be
a git repository, if it is, Machinehead will also watch that repository for
changes and, if there are any, it will pull them and automatically update its
own configuration if there are changes to machinehead.json.
Machinehead will also search the CWD for a file named .env, if it finds one,
it will attempt to read it as key=value format and pass the fields to all
instances of docker-compose which means you can set globally shared variables
for all your projects.
Vault isn't currently supported but it's planned. The idea is, you'll be able to create per-project secrets inside Vault that contain sensitive configuration variables such as database credentials etc.
Using the example targets above, Machinehead will read kv values from
/secrets/my-project1 for my-project1 and export them as environment
variables for the docker-compose call.