docker image su registry e create con pyinstaller

scripts/build-and-push-image.sh

@@ -17,18 +17,25 @@ IMAGE_NAME=${2:-"orchestrator-app"}
 TAG=${3:-"latest"}
 DOCKERFILE_TYPE=${4:-"standard"}
 
-# Determina quale Dockerfile usare
+# Determina quale Dockerfile usare e quale tag
 if [[ "$DOCKERFILE_TYPE" == "distroless" ]]; then
     DOCKERFILE="Dockerfile.distroless"
     BUILD_TYPE="Distroless (Multi-stage)"
+    # Se il tag è "latest", usa "distroless", altrimenti aggiungi suffisso "-distroless"
+    if [[ "$TAG" == "latest" ]]; then
+        ACTUAL_TAG="distroless"
+    else
+        ACTUAL_TAG="${TAG}-distroless"
+    fi
 else
     DOCKERFILE="Dockerfile"
     BUILD_TYPE="Standard (python:3.12-slim)"
+    ACTUAL_TAG="$TAG"
 fi
 
 # Nome completo dell'immagine
-FULL_IMAGE_NAME="${REGISTRY_URL}/${IMAGE_NAME}:${TAG}"
-LOCAL_IMAGE_NAME="${IMAGE_NAME}:${TAG}"
+FULL_IMAGE_NAME="${REGISTRY_URL}/${IMAGE_NAME}:${ACTUAL_TAG}"
+LOCAL_IMAGE_NAME="${IMAGE_NAME}:${ACTUAL_TAG}"
 
 # Colors
 RED='\033[0;31m'
@@ -71,11 +78,17 @@ show_usage() {
     echo "  standard   - Usa Dockerfile (python:3.12-slim, ~333MB)"
     echo "  distroless - Usa Dockerfile.distroless (gcr.io/distroless, ~180MB, più sicuro)"
     echo ""
+    echo "Tag automatici:"
+    echo "  standard + latest      → orchestrator-app:latest"
+    echo "  distroless + latest    → orchestrator-app:distroless"
+    echo "  standard + v1.0        → orchestrator-app:v1.0"
+    echo "  distroless + v1.0      → orchestrator-app:v1.0-distroless"
+    echo ""
     echo "Esempi:"
-    echo "  $0                                                       # Build standard locale"
-    echo "  $0 registry.example.com:5000                             # Registry custom, standard"
-    echo "  $0 registry.example.com:5000 my-app latest distroless    # Build distroless"
-    echo "  $0 192.168.1.204:5000 orchestrator-app v1.0.0 distroless # Produzione distroless"
+    echo "  $0                                                       # → orchestrator-app:latest (standard)"
+    echo "  $0 192.168.1.204:5000 orchestrator-app latest distroless # → orchestrator-app:distroless"
+    echo "  $0 192.168.1.204:5000 orchestrator-app v1.0.0 standard   # → orchestrator-app:v1.0.0"
+    echo "  $0 192.168.1.204:5000 orchestrator-app v1.0.0 distroless # → orchestrator-app:v1.0.0-distroless"
     echo ""
 }
 
@@ -118,7 +131,8 @@ print_info "  Dockerfile: ${CYAN}$DOCKERFILE${NC}"
 print_info "  Build type: ${CYAN}$BUILD_TYPE${NC}"
 print_info "  Registry: $REGISTRY_URL"
 print_info "  Nome immagine: $IMAGE_NAME"
-print_info "  Tag: $TAG"
+print_info "  Tag richiesto: $TAG"
+print_info "  Tag effettivo: ${CYAN}$ACTUAL_TAG${NC}"
 print_info "  Nome completo: ${CYAN}$FULL_IMAGE_NAME${NC}"
 print_info ""
 
@@ -135,7 +149,7 @@ fi
 print_header "STEP 1: Build dell'immagine Docker"
 
 print_info "Inizio build dell'immagine..."
-print_info "Comando: docker build -f $DOCKERFILE -t $LOCAL_IMAGE_NAME $PROJECT_DIR"
+print_info "Comando: docker build --no-cache -f $DOCKERFILE -t $LOCAL_IMAGE_NAME $PROJECT_DIR"
 echo ""
 
 # Build dell'immagine con Dockerfile specificato

scripts/sync_modifche_vm.sh

@@ -1,6 +1,186 @@
 #!/bin/bash
+# sync_modifche_vm.sh
+# Sincronizza i file necessari per lo stack Docker sui server remoti
+# NOTA: env/ è ora OBBLIGATORIO perché montato come volume esterno (non più nell'immagine)
 
-rsync -avz --exclude='*.pyc' --exclude '__pycache__/' /home/alex/devel/ASE/src /home/alex/devel/proxmox-ha-setup/vm1/
-#rsync -avz --exclude='*.pyc' --exclude '__pycache__/' /home/alex/devel/ASE/src /home/alex/devel/proxmox-ha-setup/vm2/
-rsync -avz -e "ssh -p 2222" /home/alex/devel/proxmox-ha-setup/vm1/ root@192.168.1.201:/opt/ase/
-rsync -avz -e "ssh -p 2222" /home/alex/devel/proxmox-ha-setup/vm2/ root@192.168.1.202:/opt/ase/
+set -e
+
+# Configurazione
+VM1_IP="192.168.1.201"
+VM2_IP="192.168.1.202"
+SSH_PORT="2222"
+SSH_USER="root"
+DEST_DIR="/opt/ase"
+SOURCE_VM1="/home/alex/devel/proxmox-ha-setup/vm1/"
+SOURCE_VM2="/home/alex/devel/proxmox-ha-setup/vm2/"
+
+# Colors
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+print_info() { echo -e "${CYAN}ℹ $1${NC}"; }
+print_success() { echo -e "${GREEN}✓ $1${NC}"; }
+print_warning() { echo -e "${YELLOW}⚠ $1${NC}"; }
+
+echo "================================================"
+echo "Sincronizzazione file Docker stack"
+echo "================================================"
+echo ""
+
+print_info "Configurazione:"
+print_info "  VM1: ${VM1_IP}:${SSH_PORT} → ${DEST_DIR}"
+print_info "  VM2: ${VM2_IP}:${SSH_PORT} → ${DEST_DIR}"
+echo ""
+
+# File da ESCLUDERE (non necessari sui server):
+# - src/ (codice sorgente, ormai nell'immagine come .pyc)
+# - Dockerfile* (non serve se usi immagini dal registry)
+# - pyproject.toml (non serve se usi immagini dal registry)
+# - *.md (documentazione)
+# - __pycache__/ e *.pyc (generati automaticamente)
+
+print_warning "IMPORTANTE: env/ sarà sincronizzato (necessario come volume esterno)"
+echo ""
+
+read -p "Procedere con la sincronizzazione? (Y/n) " -n 1 -r
+echo
+if [[ $REPLY =~ ^[Nn]$ ]]; then
+    print_warning "Sincronizzazione annullata"
+    exit 0
+fi
+
+echo ""
+print_info "Sincronizzazione VM1 (${VM1_IP})..."
+rsync -avz -e "ssh -p ${SSH_PORT}" \
+    --exclude 'src' \
+    --exclude 'Dockerfile' \
+    --exclude 'Dockerfile.distroless' \
+    --exclude 'pyproject.toml' \
+    --exclude '*.md' \
+    --exclude '*.backup' \
+    --exclude '*.example' \
+    --exclude '__pycache__' \
+    --exclude '*.pyc' \
+    "${SOURCE_VM1}" "${SSH_USER}@${VM1_IP}:${DEST_DIR}/"
+
+print_success "VM1 sincronizzata"
+echo ""
+
+print_info "Sincronizzazione VM2 (${VM2_IP})..."
+rsync -avz -e "ssh -p ${SSH_PORT}" \
+    --exclude 'src' \
+    --exclude 'Dockerfile' \
+    --exclude 'Dockerfile.distroless' \
+    --exclude 'pyproject.toml' \
+    --exclude '*.md' \
+    --exclude '*.backup' \
+    --exclude '*.example' \
+    --exclude '__pycache__' \
+    --exclude '*.pyc' \
+    "${SOURCE_VM2}" "${SSH_USER}@${VM2_IP}:${DEST_DIR}/"
+
+print_success "VM2 sincronizzata"
+echo ""
+
+# Configurazione certificati registry privato
+REGISTRY_CERT_SOURCE="/var/snap/docker/common/etc/docker/certs.d/192.168.1.204:5000/ca.crt"
+REGISTRY_DOMAIN="192.168.1.204:5000"
+
+if [ -f "$REGISTRY_CERT_SOURCE" ]; then
+    print_info "Installazione certificati registry privato..."
+
+    # Verifica se Docker è installato tramite Snap o APT
+    print_info "Installazione certificato registry su VM1..."
+    ssh -p "${SSH_PORT}" "${SSH_USER}@${VM1_IP}" << 'EOF'
+        REGISTRY_DOMAIN="192.168.1.204:5000"
+
+        # Verifica se Docker è installato via Snap
+        if [ -d "/var/snap/docker" ]; then
+            echo "  → Docker Snap detectato"
+            CERT_DIR="/var/snap/docker/common/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+        else
+            echo "  → Docker standard detectato"
+            CERT_DIR="/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+        fi
+
+        mkdir -p "${CERT_DIR}"
+        echo "  → Directory certificati: ${CERT_DIR}"
+EOF
+
+    # Copia il certificato
+    if ssh -p "${SSH_PORT}" "${SSH_USER}@${VM1_IP}" "[ -d /var/snap/docker ]"; then
+        REMOTE_CERT_DIR="/var/snap/docker/common/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+    else
+        REMOTE_CERT_DIR="/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+    fi
+
+    ssh -p "${SSH_PORT}" "${SSH_USER}@${VM1_IP}" "mkdir -p ${REMOTE_CERT_DIR}"
+    scp -P "${SSH_PORT}" "${REGISTRY_CERT_SOURCE}" "${SSH_USER}@${VM1_IP}:${REMOTE_CERT_DIR}/ca.crt"
+    print_success "Certificato registry installato su VM1"
+
+    print_info "Installazione certificato registry su VM2..."
+    ssh -p "${SSH_PORT}" "${SSH_USER}@${VM2_IP}" << 'EOF'
+        REGISTRY_DOMAIN="192.168.1.204:5000"
+
+        # Verifica se Docker è installato via Snap
+        if [ -d "/var/snap/docker" ]; then
+            echo "  → Docker Snap detectato"
+            CERT_DIR="/var/snap/docker/common/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+        else
+            echo "  → Docker standard detectato"
+            CERT_DIR="/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+        fi
+
+        mkdir -p "${CERT_DIR}"
+        echo "  → Directory certificati: ${CERT_DIR}"
+EOF
+
+    # Copia il certificato
+    if ssh -p "${SSH_PORT}" "${SSH_USER}@${VM2_IP}" "[ -d /var/snap/docker ]"; then
+        REMOTE_CERT_DIR="/var/snap/docker/common/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+    else
+        REMOTE_CERT_DIR="/etc/docker/certs.d/${REGISTRY_DOMAIN}"
+    fi
+
+    ssh -p "${SSH_PORT}" "${SSH_USER}@${VM2_IP}" "mkdir -p ${REMOTE_CERT_DIR}"
+    scp -P "${SSH_PORT}" "${REGISTRY_CERT_SOURCE}" "${SSH_USER}@${VM2_IP}:${REMOTE_CERT_DIR}/ca.crt"
+    print_success "Certificato registry installato su VM2"
+    echo ""
+else
+    print_warning "Certificato registry non trovato: ${REGISTRY_CERT_SOURCE}"
+    print_warning "Salta installazione certificati - il pull dal registry potrebbe fallire"
+    echo ""
+fi
+
+print_success "Sincronizzazione completata!"
+echo ""
+print_info "File sincronizzati:"
+print_info "  ✓ docker-compose.yml"
+print_info "  ✓ env/ (configurazioni - OBBLIGATORIO)"
+print_info "  ✓ aseftp/ (directory FTP/SFTP)"
+print_info "  ✓ certs/ (certificati applicazione)"
+print_info "  ✓ matlab_func/ (funzioni MATLAB)"
+print_info "  ✓ haproxy.cfg, keepalived*.conf, alloy-config.alloy"
+print_info "  ✓ ssh_host_key* (chiavi SSH)"
+echo ""
+print_info "Certificati registry:"
+if [ -f "$REGISTRY_CERT_SOURCE" ]; then
+    print_info "  ✓ Certificato registry installato su VM1 e VM2"
+    print_info "    → ${REGISTRY_DOMAIN}"
+else
+    print_warning "  ✗ Certificato registry NON trovato"
+fi
+echo ""
+print_info "File ESCLUSI (non necessari):"
+print_info "  ✗ src/ (codice sorgente, già nell'immagine Docker)"
+print_info "  ✗ Dockerfile* (non serve se usi registry)"
+print_info "  ✗ pyproject.toml (non serve se usi registry)"
+print_info "  ✗ *.md (documentazione)"
+echo ""
+print_info "Prossimi passi sui server:"
+print_info "  1. Verifica certificato registry: docker pull ${REGISTRY_DOMAIN}/orchestrator-app:latest"
+print_info "  2. Avvia lo stack: cd ${DEST_DIR} && docker-compose up -d"
+print_info "  3. Verifica log: docker-compose logs -f"
+echo ""