forked from acch/rpi-icinga
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile.all
151 lines (145 loc) · 8.96 KB
/
Dockerfile.all
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# syntax=docker/dockerfile:1
FROM debian:buster-slim
LABEL maintainer=edgd1er
# Install prerequisites
ARG aptcacher
ARG TZ=Europe/Paris
ARG DEBIAN_FRONTEND=noninteractive
ARG NCONFDL=https://github.com/Bonsaif/new-nconf/archive/nconf-v1.4.0-final2.tar.gz
ENV MYSQL_HOST=localhost
ENV MYSQL_USER=nconf
ENV MYSQL_PASSWORD=nconf
ENV MYSQL_DATABASE=nconf
ENV PHPVER=7.3
# add utils scripts for icinga
COPY files/icinga/share/import_backup.sh /usr/share/icinga/
COPY files/icinga/share/import_existing_nconf_into_db.sh /usr/share/icinga/
COPY files/icinga/share/init.sh /usr/share/icinga/
COPY files/icinga/share/mail_to_msmtp.sh /usr/share/icinga/
COPY files/icinga/share/backupConfs.sh /usr/share/icinga/
COPY files/icinga/share/create_database.sql /usr/share/icinga/
# export database scheduling
COPY files/icinga/crontab.backup /etc/cron.d/icinga_backup
# file for healthcheck
COPY files/apache2/here.html /var/www/html/
# icinga access control
COPY files/icinga/etc/htpasswd.users /etc/icinga/
# Add Rasperry-Pi logos
COPY files/raspberry/ /usr/share/icinga/htdocs/images/logos/raspberry/
# Add Supervisor configuration
COPY files/supervisord.conf /etc/supervisor/supervisord.conf
#add apt-cacher setting if present:
WORKDIR /var/www/html/
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
#hadolint ignore=DL3008,SC2016
RUN if [[ -n ${aptcacher} ]]; then echo "Acquire::http::Proxy \"http://${aptcacher}:3142\";" >/etc/apt/apt.conf.d/01proxy && \
echo "Acquire::https::Proxy \"http://${aptcacher}:3142\";" >>/etc/apt/apt.conf.d/01proxy ; fi && \
#allow mibs strings
sed -i 's/main$/main contrib non-free/' /etc/apt/sources.list && \
#install icinga \
apt-get update && apt-get upgrade -y && export DEBIAN_FRONTEND=noninteractive && \
apt-get -o Dpkg::Options::="--force-confold" install -qy --no-install-recommends curl ssl-cert ca-certificates \
vim sed wget apache2 mariadb-client icinga icinga-doc nagios-nrpe-plugin nagios-plugins-contrib msmtp msmtp-mta sudo \
supervisor monitoring-plugins-standard snmp-mibs-downloader nagios-images monitoring-plugins snmp host dnsutils \
libnet-snmp-perl libdbi-perl libdbd-mysql libdbd-mysql libdbi1 libdbd-mysql-perl php${PHPVER} php${PHPVER}-mysql \
libapache2-mod-php${PHPVER} cron && rm -rf /var/lib/apt/lists/* && ls -al /etc/php* && \
#setup apache sites
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = $MAX_UPLOAD/" /etc/php/${PHPVER}/apache2/php.ini && \
sed -i "s/post_max_size = 8M/post_max_size = $MAX_UPLOAD/" /etc/php/${PHPVER}/apache2/php.ini && \
sed -i "s#;sendmail_path =#sendmail_path =\"/usr/bin/msmtp -t -C /etc/msmtprc\"#" /etc/php/${PHPVER}/apache2/php.ini && \
sed -i 's#/usr/bin/mail#/usr/bin/msmtp#' /etc/icinga/commands.cfg && \
sed -i '/DocumentRoot.*/a \ \tRewriteEngine on\n\tRewriteRule "^/$" "/icinga/" [R]\n\tRewriteRule "^/docs$" "/icinga/docs/en" [R]' /etc/apache2/sites-available/000-default.conf && \
sed -i '/DocumentRoot.*/a \ \tRewriteEngine on\n\tRewriteRule "^/$" "/icinga/" [R]\n\tRewriteRule "^/docs/?$" "/docs/en" [R]' /etc/apache2/sites-available/default-ssl.conf && \
a2enmod php${PHPVER} && a2enmod rewrite && a2enmod ssl && a2ensite default-ssl && rm -f /var/www/html/index.html && \
#Add nconf (https://github.com/Bonsaif/new-nconf/releases)
mkdir -p /var/www/html/nconf && wget -q $NCONFDL -O /var/www/html/nconf.tar.gz && \
tar -zxf /var/www/html/nconf.tar.gz -C /var/www/html/nconf --strip-components=1 && rm /var/www/html/nconf.tar.gz && \
cp /var/www/html/nconf/config.orig/* /var/www/html/nconf/config/ && \
sed -i 's#\$nconfdir#\"/var/www/html/nconf\"#' /var/www/html/nconf/config/nconf.php && \
sed -i 's#/var/www/nconf#/var/www/html/nconf#' /var/www/html/nconf/config/nconf.php && \
sed -i 's#/var/www/html/nconf/bin/nagios#/var/www/html/nconf/bin/icinga#' /var/www/html/nconf/config/nconf.php && \
sed -i 's/\"localhost\"/\"nconf-mysql\"/' /var/www/html/nconf/config/mysql.php && \
sed -i 's/\"NConf\"/\"nconfdb\"/' /var/www/html/nconf/config/mysql.php && \
sed -i 's/\"nconf\"/\"nconf_user\"/' /var/www/html/nconf/config/mysql.php && \
sed -i 's/\"link2db\"/\"changeIt\"/' /var/www/html/nconf/config/mysql.php && \
#Adapt for nconf for mysql port change
sed -i "s/DBNAME);/DBNAME,DBPORT);/g" /var/www/html/nconf/main.php && \
sed -i '72i \ my $dbport = &readNConfConfig(NC_CONFDIR."/mysql.php","DBPORT","scalar");' /var/www/html/nconf/bin/lib/NConf/DB.pm && \
sed -i 's/DBI:mysql:database=$dbname;host=$dbhost"/DBI:mysql:database=$dbname;host=$dbhost;port=$dbport"/g' /var/www/html/nconf/bin/lib/NConf/DB.pm && \
sed -i 's/DBI:mysql:database=$dbname;mysql_socket/DBI:mysql:database=$dbname;port=$dbport;mysql_socket/g' /var/www/html/nconf/bin/lib/NConf/DB.pm && \
mkdir -p /etc/icinga/Default_collector/ -p /etc/icinga/global -p /var/log/icinga/archives -p /var/archives/ \
/var/www/html/nconf/output /var/www/html/nconf/config /var/www/html/nconf/output \
/var/www/html/nconf/static_cfg /var/www/html/nconf/temp && \
find /var/www/html/nconf -type d -exec chmod 755 {} \; && \
find /var/www/html/nconf -type f -exec chmod 644 {} \; && \
chown www-data:www-data /etc/icinga/Default_collector /etc/icinga/global /var/www/html/nconf/config \
/var/www/html/nconf/temp /var/www/html/nconf/output \
/var/www/html/nconf/static_cfg && chmod 644 /var/www/html/nconf/config/* && \
chmod 744 /usr/share/icinga/init.sh /usr/share/icinga/import_backup.sh \
/usr/share/icinga/import_existing_nconf_into_db.sh /usr/share/icinga/backupConfs.sh && \
chmod a+x /var/www/html/nconf/bin/* && \
chmod 640 /etc/icinga/icinga.cfg && chmod 644 /etc/icinga/htpasswd.users /etc/cron.d/icinga_backup && \
chown nagios:nagios /etc/icinga/icinga.cfg && \
#Allow www-data to reload nagios
echo "www-data ALL=NOPASSWD:/usr/bin/supervisorctl restart icinga" >> /etc/sudoers && \
#copy nagios to allow nconf to validate conf
cp /usr/sbin/icinga /var/www/html/nconf/bin/icinga && \
usermod -aG nagios www-data && \
chown -R www-data:www-data /var/www/html/nconf/bin/icinga && \
chown -R nagios:nagios /var/cache/icinga /var/log/icinga && \
chmod 755 /var/log/icinga /var/cache/icinga /var/log/icinga/archives && \
touch /var/log/icinga/icinga.log && \
chmod 644 /var/log/icinga/icinga.log && \
# Fix external commands && \
chmod 2770 /var/lib/icinga/rw && \
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && \
if [ -f /etc/apt/apt.conf.d/01proxy ]; then rm /etc/apt/apt.conf.d/01proxy; fi && \
# Secure msmtp configuration
if [ ! -f msmtprc ]; then touch /etc/msmtprc; fi ; \
mv /etc/msmtprc /etc/icinga/ && \
echo 'set sendmail="/usr/bin/msmtp"' >> /etc/mail.rc && \
echo 'set mta="/usr/bin/msmtp"' >> /etc/mail.rc && \
ln -snf /etc/icinga/msmtprc /etc/msmtprc && \
ln -snf /usr/bin/msmtp /etc/alternatives/mail && \
ln -snf /usr/bin/msmtp /usr/bin/sendmail && \
chown :msmtp /etc/icinga/msmtprc && \
chown :msmtp /usr/bin/msmtp && \
chmod 640 /etc/icinga/msmtprc && \
chmod g+s /usr/bin/msmtp && \
echo 'set sendmail="/usr/bin/msmtp"' >> /etc/mail.rc && \
echo $'alias salias=\'source ~/.bashrc\'\n\
alias ll=\'ls -al\'\n\
alias plugins=\'ls /usr/lib/nagios/plugins\'\n\
alias uptools=\'apt-get update && apt-get install -y mariadb-client monitoring-plugins-standard snmp-mibs-downloader nagios-images monitoring-plugins snmp host dnsutils\'\n \
export PATH=/usr/lib/nagios/plugins:$PATH' >> /root/.bashrc
#hadolint ignore=DL3008,DL3013
RUN apt-get update && apt-get install -y --no-install-recommends python3-pip python3-setuptools \
&& pip3 install --no-cache-dir wheel && rm -rf /var/lib/apt/lists/*
# add icinga doc
#COPY --from=edgd1er/icinga-doc:latest /var/www/html/icinga-doc-master/html/docs /var/www/html/docs/
#COPY --from=edgd1er/icinga-doc:latest /var/www/html/icinga-doc-master/images /var/www/html/docs/images/
#COPY --from=edgd1er/icinga-doc:latest /var/www/html/icinga-doc-master/js /var/www/html/docs/js/
#COPY --from=edgd1er/icinga-doc:latest /var/www/html/icinga-doc-master/stylesheets /var/www/html/docs/stylesheets
ADD doc.tar.gz /var/www/html/docs/
# enable icinga web site
COPY files/apache2/apache2.conf /etc/apache2/conf-enabled/icinga.conf
# overwrite icinga default configuration
COPY files/icinga/etc/icinga.cfg /etc/icinga/icinga.cfg
COPY files/icinga/etc/cgi.cfg /etc/icinga/cgi.cfg
COPY files/icinga/etc/resource.cfg /etc/icinga/resource.cfg
# add local deployment to nconf
COPY files/deployment.ini /var/www/html/nconf/config/deployment.ini
# add msmtp-queue
#COPY files/msmtp-queue/systemd/ /etc/systemd/system/
# Timezone configuration
ENV TZ=${TZ}
# Expose volumes
VOLUME ["/var/cache/icinga", "/var/log/icinga"]
# Expose ports
EXPOSE 80
EXPOSE 443
HEALTHCHECK --interval=90s --timeout=10s --retries=3 --start-period=40s \
CMD curl -s -f -k "https://localhost/here.html" | grep "OK" || exit 1
# Start services via Supervisor
ENTRYPOINT ["/usr/bin/supervisord"]
CMD ["-c","/etc/supervisor/supervisord.conf"]