From e12924d57957726786f5906ee175301d85a1d342 Mon Sep 17 00:00:00 2001 From: axl89 Date: Wed, 23 Mar 2016 11:52:15 +0100 Subject: [PATCH] Included the Dockerfile and its dependencies for server, console and database Docker images --- extras/Dockerfile | 61 +++++++++++++++ extras/docker-entrypoint.sh | 113 +++++++++++++++++++++++++++ extras/pandora.cnf | 11 +++ extras/pandora_initdb.sh | 3 + pandora_console/Dockerfile | 61 +++++++++++++++ pandora_console/docker_entrypoint.sh | 81 +++++++++++++++++++ pandora_server/Dockerfile | 66 ++++++++++++++++ pandora_server/docker_entrypoint.sh | 55 +++++++++++++ 8 files changed, 451 insertions(+) create mode 100644 extras/Dockerfile create mode 100755 extras/docker-entrypoint.sh create mode 100644 extras/pandora.cnf create mode 100755 extras/pandora_initdb.sh create mode 100644 pandora_console/Dockerfile create mode 100755 pandora_console/docker_entrypoint.sh create mode 100644 pandora_server/Dockerfile create mode 100755 pandora_server/docker_entrypoint.sh diff --git a/extras/Dockerfile b/extras/Dockerfile new file mode 100644 index 0000000000..70c172095c --- /dev/null +++ b/extras/Dockerfile @@ -0,0 +1,61 @@ +FROM debian:jessie + +# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added +RUN groupadd -r mysql && useradd -r -g mysql mysql + +RUN mkdir /docker-entrypoint-initdb.d + +# FATAL ERROR: please install the following Perl modules before executing /usr/local/mysql/scripts/mysql_install_db: +# File::Basename +# File::Copy +# Sys::Hostname +# Data::Dumper +RUN apt-get update && apt-get install -y perl pwgen git --no-install-recommends && rm -rf /var/lib/apt/lists/* + +# gpg: key 5072E1F5: public key "MySQL Release Engineering " imported +RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5 + +ENV MYSQL_MAJOR 5.6 +ENV MYSQL_VERSION 5.6.29-1debian8 + +RUN echo "deb http://repo.mysql.com/apt/debian/ jessie mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list + +# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql) +# also, we set debconf keys to make APT a little quieter +RUN { \ + echo mysql-community-server mysql-community-server/data-dir select ''; \ + echo mysql-community-server mysql-community-server/root-pass password ''; \ + echo mysql-community-server mysql-community-server/re-root-pass password ''; \ + echo mysql-community-server mysql-community-server/remove-test-db select false; \ + } | debconf-set-selections \ + && apt-get update && apt-get install -y mysql-server="${MYSQL_VERSION}" && rm -rf /var/lib/apt/lists/* \ + && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql + +# comment out a few problematic configuration values +# don't reverse lookup hostnames, they are usually another container +RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf \ + && echo 'skip-host-cache\nskip-name-resolve' | awk '{ print } $1 == "[mysqld]" && c == 0 { c = 1; system("cat") }' /etc/mysql/my.cnf > /tmp/my.cnf \ + && mv /tmp/my.cnf /etc/mysql/my.cnf + +VOLUME /var/lib/mysql + +COPY docker-entrypoint.sh /entrypoint.sh +COPY pandora.cnf /etc/mysql/conf.d +COPY pandora_initdb.sh /docker-entrypoint-initdb.d +ENTRYPOINT ["/entrypoint.sh"] + +# Make ssh dir +RUN mkdir /root/.ssh/ +# Copy over private key, and set permissions +RUN echo "Host github.com\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config +RUN chown -R root:root /root/.ssh + + +#Clone the repo +RUN git config --global http.sslVerify false +RUN git clone -b develop --single-branch https://github.com/pandorafms/pandorafms.git /tmp/pandorafms +#RUN mv -f /tmp/pandorafms/pandora_console/pandoradb.sql /docker-entrypoint-initdb.d +#RUN mv -f /tmp/pandorafms/pandora_console/pandoradb_data.sql /docker-entrypoint-initdb.d + +EXPOSE 3306 +CMD ["mysqld"] diff --git a/extras/docker-entrypoint.sh b/extras/docker-entrypoint.sh new file mode 100755 index 0000000000..90833a3eea --- /dev/null +++ b/extras/docker-entrypoint.sh @@ -0,0 +1,113 @@ +#!/bin/bash +set -eo pipefail + +# if command starts with an option, prepend mysqld +if [ "${1:0:1}" = '-' ]; then + set -- mysqld "$@" +fi + +if [ "$1" = 'mysqld' ]; then + # Get config + DATADIR="$("$@" --verbose --help --log-bin-index=`mktemp -u` 2>/dev/null | awk '$1 == "datadir" { print $2; exit }')" + + if [ ! -d "$DATADIR/mysql" ]; then + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + echo >&2 'error: database is uninitialized and password option is not specified ' + echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + exit 1 + fi + + mkdir -p "$DATADIR" + chown -R mysql:mysql "$DATADIR" + + echo 'Initializing database' + mysql_install_db --user=mysql --datadir="$DATADIR" --rpm --keep-my-cnf + echo 'Database initialized' + + "$@" --skip-networking & + pid="$!" + + mysql=( mysql --protocol=socket -uroot ) + + for i in {30..0}; do + if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then + break + fi + echo 'MySQL init process in progress...' + sleep 1 + done + if [ "$i" = 0 ]; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql + fi + + if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" + echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + "${mysql[@]}" <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; + + DELETE FROM mysql.user ; + CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; + DROP DATABASE IF EXISTS test ; + FLUSH PRIVILEGES ; + EOSQL + + if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then + mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) + fi + + if [ "$MYSQL_DATABASE" ]; then + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" + mysql+=( "$MYSQL_DATABASE" ) + fi + + if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" + + if [ "$MYSQL_DATABASE" ]; then + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + fi + + echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" + fi + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then + "${mysql[@]}" <<-EOSQL + ALTER USER 'root'@'%' PASSWORD EXPIRE; + EOSQL + fi + if ! kill -s TERM "$pid" || ! wait "$pid"; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + echo + echo 'MySQL init process done. Ready for start up.' + echo + fi + + chown -R mysql:mysql "$DATADIR" +fi + +exec "$@" diff --git a/extras/pandora.cnf b/extras/pandora.cnf new file mode 100644 index 0000000000..c9066b3c1e --- /dev/null +++ b/extras/pandora.cnf @@ -0,0 +1,11 @@ +[mysqld] +sql_mode = "" +character-set-server=utf8 +skip-character-set-client-handshake +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 +# Mysql optimizations for Pandora FMS +# Please check the documentation in http://pandorafms.com for better results +innodb_file_per_table +innodb_flush_log_at_trx_commit = 0 +innodb_flush_method = O_DIRECT diff --git a/extras/pandora_initdb.sh b/extras/pandora_initdb.sh new file mode 100755 index 0000000000..2e342bc7f0 --- /dev/null +++ b/extras/pandora_initdb.sh @@ -0,0 +1,3 @@ +#!/bin/bash +mysql -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE < /tmp/pandorafms/pandora_console/pandoradb.sql +mysql -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE < /tmp/pandorafms/pandora_console/pandoradb_data.sql diff --git a/pandora_console/Dockerfile b/pandora_console/Dockerfile new file mode 100644 index 0000000000..add7d4e380 --- /dev/null +++ b/pandora_console/Dockerfile @@ -0,0 +1,61 @@ +FROM centos:centos6 +MAINTAINER Pandora FMS Team + +RUN { \ + echo '[EPEL]'; \ + echo 'name = CentOS Epel'; \ + echo 'baseurl = http://dl.fedoraproject.org/pub/epel/6/x86_64'; \ + echo 'enabled=1'; \ + echo 'gpgcheck=0'; \ +} > /etc/yum.repos.d/extra_repos.repo + +RUN { \ + echo '[artica_pandorafms]'; \ + echo 'name=CentOS6 - PandoraFMS official repo'; \ + echo 'baseurl=http://artica.es/centos6'; \ + echo 'gpgcheck=0'; \ + echo 'enabled=1'; \ +} > /etc/yum.repos.d/pandorafms.repo + +RUN yum -y update; yum clean all; +RUN yum install -y \ + git \ + httpd \ + cronie \ + ntp \ + openldap \ + anytermd \ + nfdump \ + wget \ + curl \ + openldap \ + plymouth \ + xterm \ + php \ + php-gd \ + graphviz \ + php-mysql \ + php-pear-DB \ + php-pear \ + php-pdo \ + php-mbstring \ + php-ldap \ + php-snmp \ + php-ldap \ + php-common \ + php-zip \ + nmap \ + xprobe2 + +#Clone the repo +RUN git clone -b develop https://github.com/pandorafms/pandorafms.git /tmp/pandorafms + +#Exposing ports for: HTTP, SNMP Traps, Anytermd (SSH), Anytermd (Telnet), Tentacle protocol +EXPOSE 80 162/udp 8022 8023 41121 + +# Simple startup script to avoid some issues observed with container restart +ADD docker_entrypoint.sh /entrypoint.sh +RUN chmod -v +x /entrypoint.sh + +CMD ["/entrypoint.sh"] + diff --git a/pandora_console/docker_entrypoint.sh b/pandora_console/docker_entrypoint.sh new file mode 100755 index 0000000000..c7d749e483 --- /dev/null +++ b/pandora_console/docker_entrypoint.sh @@ -0,0 +1,81 @@ +#!/bin/bash +set -e +if [ -n "$MYSQL_PORT_3306_TCP" ]; then + if [ -z "$PANDORA_DB_HOST" ]; then + PANDORA_DB_HOST='mysql' + else + echo >&2 'warning: both PANDORA_DB_HOST and MYSQL_PORT_3306_TCP found' + echo >&2 " Connecting to PANDORA_DB_HOST ($PANDORA_DB_HOST)" + echo >&2 ' instead of the linked mysql container' + fi +fi + +if [ -z "$PANDORA_DB_HOST" ]; then + echo >&2 'error: missing PANDORA_DB_HOST and MYSQL_PORT_3306_TCP environment variables' + echo >&2 ' Did you forget to --link some_mysql_container:mysql or set an external db' + echo >&2 ' with -e PANDORA_DB_HOST=hostname:port?' + exit 1 +fi + +# if we're linked to MySQL and thus have credentials already, let's use them +: ${PANDORA_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}} +if [ "$PANDORA_DB_USER" = 'root' ]; then + : ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} +fi +: ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} +if [ -z "$PANDORA_DB_NAME" ]; then + : ${PANDORA_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-pandora}} +fi + +if [ -z "$PANDORA_DB_PASSWORD" ]; then + echo >&2 'error: missing required PANDORA_DB_PASSWORD environment variable' + echo >&2 ' Did you forget to -e PANDORA_DB_PASSWORD=... ?' + echo >&2 + echo >&2 ' (Also of interest might be PANDORA_DB_USER and PANDORA_DB_NAME.)' + exit 1 +fi + +mv -f /tmp/pandorafms/pandora_console /var/www/html +cd /var/www/html/pandora_console/include +cat > config.php <<- 'EOF' +> config.php +echo "\$config[\"dbuser\"]=\"$PANDORA_DB_USER\";" >> config.php +echo "\$config[\"dbpass\"]=\"$PANDORA_DB_PASSWORD\";" >> config.php +echo "\$config[\"dbhost\"]=\"$PANDORA_DB_HOST\";" >> config.php +echo "include (\$ownDir . \"config_process.php\");" >> config.php +echo "?>" >> config.php + +echo "Granting apache permissions to the console directory" +chown -R apache:apache /var/www/html/pandora_console +chmod 600 /var/www/html/pandora_console/include/config.php + +# Customize php.iniA +echo "Configuring Pandora FMS elements and depending services" +sed "s/.*error_reporting =.*/error_reporting = E_ALL \& \~E_DEPRECATED \& \~E_NOTICE \& \~E_USER_WARNING/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini +sed "s/.*max_execution_time =.*/max_execution_time = 0/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini +sed "s/.*max_input_time =.*/max_input_time = -1/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini +sed "s/.*upload_max_filesize =.*/upload_max_filesize = 800M/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini +sed "s/.*memory_limit =.*/memory_limit = 500M/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini +sed "s/.*post_max_size =.*/post_max_size = 100M/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini + +cd /var/www/html/pandora_console && mv -f install.php install.php.done + +#Create the pandora user to run the anyterd, mainly +/usr/sbin/useradd -d /home/pandora -s /bin/false -M -g 0 pandora + +#Rock n' roll! +/etc/init.d/crond start & +/etc/init.d/ntpd start & +/etc/init.d/anytermd start & + +rm -rf /run/httpd/* +exec /usr/sbin/apachectl -D FOREGROUND diff --git a/pandora_server/Dockerfile b/pandora_server/Dockerfile new file mode 100644 index 0000000000..bf7ab6c927 --- /dev/null +++ b/pandora_server/Dockerfile @@ -0,0 +1,66 @@ +FROM centos:centos6 +MAINTAINER Pandora FMS Team + +RUN { \ + echo '[EPEL]'; \ + echo 'name = CentOS Epel'; \ + echo 'baseurl = http://dl.fedoraproject.org/pub/epel/6/x86_64'; \ + echo 'enabled=1'; \ + echo 'gpgcheck=0'; \ +} > /etc/yum.repos.d/extra_repos.repo + +RUN { \ + echo '[artica_pandorafms]'; \ + echo 'name=CentOS6 - PandoraFMS official repo'; \ + echo 'baseurl=http://artica.es/centos6'; \ + echo 'gpgcheck=0'; \ + echo 'enabled=1'; \ +} > /etc/yum.repos.d/pandorafms.repo + +RUN yum -y update; yum clean all; +RUN yum install -y \ + git \ + cronie \ + ntp \ + wget \ + curl \ + xterm \ + postfix \ + wmic \ + perl-HTML-Tree \ + perl-DBI \ + perl-DBD-mysql \ + perl-libwww-perl \ + perl-XML-Simple \ + perl-XML-SAX \ + perl-NetAddr-IP \ + net-snmp \ + net-tools \ + perl-IO-Socket-INET6 \ + perl-Socket6 \ + nmap \ + sudo \ + xprobe2 \ + make \ + perl-CPAN \ + perl-JSON \ + net-snmp-perl \ + perl-Time-HiRes \ + perl-XML-Twig \ + perl-Encode-Locale \ + net-snmp \ + net-snmp-utils + + +#Clone the repo +RUN git clone -b develop https://github.com/pandorafms/pandorafms.git /tmp/pandorafms + +#Exposing ports for: Tentacle protocol +EXPOSE 41121 + +# Simple startup script to avoid some issues observed with container restart +ADD docker_entrypoint.sh /entrypoint.sh +RUN chmod -v +x /entrypoint.sh + +CMD ["/entrypoint.sh"] + diff --git a/pandora_server/docker_entrypoint.sh b/pandora_server/docker_entrypoint.sh new file mode 100755 index 0000000000..9529488f2b --- /dev/null +++ b/pandora_server/docker_entrypoint.sh @@ -0,0 +1,55 @@ +#!/bin/bash +set -e +if [ -n "$MYSQL_PORT_3306_TCP" ]; then + if [ -z "$PANDORA_DB_HOST" ]; then + PANDORA_DB_HOST='mysql' + else + echo >&2 'warning: both PANDORA_DB_HOST and MYSQL_PORT_3306_TCP found' + echo >&2 " Connecting to PANDORA_DB_HOST ($PANDORA_DB_HOST)" + echo >&2 ' instead of the linked mysql container' + fi +fi + +if [ -z "$PANDORA_DB_HOST" ]; then + echo >&2 'error: missing PANDORA_DB_HOST and MYSQL_PORT_3306_TCP environment variables' + echo >&2 ' Did you forget to --link some_mysql_container:mysql or set an external db' + echo >&2 ' with -e PANDORA_DB_HOST=hostname:port?' + exit 1 +fi + +# if we're linked to MySQL and thus have credentials already, let's use them +: ${PANDORA_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}} +if [ "$PANDORA_DB_USER" = 'root' ]; then + : ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} +fi +: ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} +if [ -z "$PANDORA_DB_NAME" ]; then + : ${PANDORA_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-pandora}} +fi + +if [ -z "$PANDORA_DB_PASSWORD" ]; then + echo >&2 'error: missing required PANDORA_DB_PASSWORD environment variable' + echo >&2 ' Did you forget to -e PANDORA_DB_PASSWORD=... ?' + echo >&2 + echo >&2 ' (Also of interest might be PANDORA_DB_USER and PANDORA_DB_NAME.)' + exit 1 +fi + +#Create the pandora user to run the anyterd, mainly +/usr/sbin/useradd -d /home/pandora -s /bin/false -M -g 0 pandora + +cd /tmp/pandorafms/pandora_server && chmod +x pandora_server_installer && ./pandora_server_installer --install + +#Configure the Pandora FMS Server to connect to the database +sed -i "s/dbname pandora/dbname $PANDORA_DB_NAME/g" /etc/pandora/pandora_server.conf +sed -i "s/dbpass pandora/dbpass $PANDORA_DB_PASSWORD/g" /etc/pandora/pandora_server.conf +sed -i "s/dbuser pandora/dbuser $PANDORA_DB_USER/g" /etc/pandora/pandora_server.conf +sed -i "s/dbhost 127.0.0.1/dbhost $PANDORA_DB_HOST/g" /etc/pandora/pandora_server.conf + +#Rock n' roll! +/etc/init.d/crond start & +/etc/init.d/ntpd start & +/etc/init.d/anytermd start & +/etc/init.d/postfix start & +/etc/init.d/tentacle_serverd start & +/usr/bin/pandora_server /etc/pandora/pandora_server.conf