From 52aef81c6e08fa357a1d5a84b66699e42dd99036 Mon Sep 17 00:00:00 2001 From: Jonny Ervine Date: Wed, 19 Feb 2020 06:35:46 +0000 Subject: [PATCH 1/2] new file: Dockerfile new file: Jenkinsfile new file: apache.ini new file: hosts.conf new file: icinga2.ini new file: php-fm.ini new file: services.conf new file: start.sh new file: supervisord.conf Initial commit --- Dockerfile | 29 +++++++++++ Jenkinsfile | 17 +++++++ apache.ini | 2 + hosts.conf | 51 +++++++++++++++++++ icinga2.ini | 2 + php-fm.ini | 2 + services.conf | 115 ++++++++++++++++++++++++++++++++++++++++++ start.sh | 74 +++++++++++++++++++++++++++ supervisord.conf | 129 +++++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 421 insertions(+) create mode 100644 Dockerfile create mode 100644 Jenkinsfile create mode 100644 apache.ini create mode 100644 hosts.conf create mode 100644 icinga2.ini create mode 100644 php-fm.ini create mode 100644 services.conf create mode 100644 start.sh create mode 100644 supervisord.conf diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..03e663a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +FROM centos:7 +MAINTAINER Jonathan Ervine + +RUN yum update -y -x setup && yum clean all +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm +RUN rpm --import http://packages.icinga.org/icinga.key +RUN curl -L http://packages.icinga.org/epel/ICINGA-release.repo > /etc/yum.repos.d/ICINGA-release.repo +RUN rpm -e --nodeps iputils +RUN yum install -y iputils +RUN yum makecache + +VOLUME ["/etc/icinga2", "/etc/icingaweb2", "/var/lib/mysql", "/var/lib/icinga2"] + +RUN yum install -y centos-release-scl icinga2 nagios-plugins-all git icinga2-ido-mysql httpd php php-intl php-theseer-fDOMDocument php-gd php-pecl-imagick php-pdo php-ZendFramework-Db-Adapter-Pdo-Mysql supervisor + +RUN /usr/lib/icinga2/prepare-dirs /etc/sysconfig/icinga2 +RUN usermod -a -G icingacmd apache +RUN yum install -y icingaweb2 icingacli + +ADD start.sh /sbin/start.sh +RUN chmod 755 /sbin/start.sh +ADD apache.ini /etc/supervisord.d/apache.ini +ADD icinga2.ini /etc/supervisord.d/icinga2.ini +ADD php-fm.ini /etc/supervisord.d/php-fm.ini +ADD supervisord.conf /etc/supervisord.conf + +EXPOSE 80 443 5665 9001 + +ENTRYPOINT ["/sbin/start.sh"] diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..4fe0a53 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,17 @@ +node("docker-node") { + docker.withRegistry('https://harbor.ervine.dev', 'jenkins-to-harbor') { + + git branch: "centos7", url: "ssh://git@git.ervine.org:2222/jonny/x86_64-centos-icinga2", credentialsId: 'jenkins-to-git' + + sh "git rev-parse HEAD > .git/commit-id" + def commit_id = readFile('.git/commit-id').trim() + println commit_id + + stage "build" + def app = docker.build "library/x86_64/centos/icinga2" + + stage "publish" + app.push("${env.BUILD_NUMBER}") + app.push("latest") + } +} diff --git a/apache.ini b/apache.ini new file mode 100644 index 0000000..3850d94 --- /dev/null +++ b/apache.ini @@ -0,0 +1,2 @@ +[program:httpd] +command=/usr/sbin/httpd -DFOREGROUND diff --git a/hosts.conf b/hosts.conf new file mode 100644 index 0000000..abfc389 --- /dev/null +++ b/hosts.conf @@ -0,0 +1,51 @@ +/* + * Host definitions with object attributes + * used for apply rules for Service, Notification, + * Dependency and ScheduledDowntime objects. + * + * Tip: Use `icinga2 object list --type Host` to + * list all host objects after running + * configuration validation (`icinga2 daemon -C`). + */ + +/* + * This is an example host based on your + * local host's FQDN. Specify the NodeName + * constant in `constants.conf` or use your + * own description, e.g. "db-host-1". + */ + +object Host NodeName { + /* Import the default host template defined in `templates.conf`. */ + import "generic-host" + + /* Specify the address attributes for checks e.g. `ssh` or `http`. */ + address = "127.0.0.1" + address6 = "::1" + + /* Set custom attribute `os` for hostgroup assignment in `groups.conf`. */ + vars.os = "Linux" + + /* Define http vhost attributes for service apply rules in `services.conf`. */ + //vars.http_vhosts["http"] = { + // http_uri = "/" + //} + /* Uncomment if you've sucessfully installed Icinga Web 2. */ + vars.http_vhosts["Icinga Web 2"] = { + http_uri = "/icingaweb2" + } + + /* Define disks and attributes for service apply rules in `services.conf`. */ + //vars.disks["disk"] = { + /* No parameters. */ + //} + vars.disks["disk /"] = { + disk_partitions = "/" + } + + /* Define notification mail attributes for notification apply rules in `notifications.conf`. */ + vars.notification["mail"] = { + /* The UserGroup `icingaadmins` is defined in `users.conf`. */ + groups = [ "icingaadmins" ] + } +} diff --git a/icinga2.ini b/icinga2.ini new file mode 100644 index 0000000..7eec8f7 --- /dev/null +++ b/icinga2.ini @@ -0,0 +1,2 @@ +[program:icinga2] +command=/usr/sbin/icinga2 daemon -e /var/log/icinga2/error.log diff --git a/php-fm.ini b/php-fm.ini new file mode 100644 index 0000000..573e420 --- /dev/null +++ b/php-fm.ini @@ -0,0 +1,2 @@ +[program:php-fm] +command=/opt/rh/rh-php71/root/usr/sbin/php-fpm --nodaemonize diff --git a/services.conf b/services.conf new file mode 100644 index 0000000..d17f8d7 --- /dev/null +++ b/services.conf @@ -0,0 +1,115 @@ +/* + * Service apply rules. + * + * The CheckCommand objects `ping4`, `ping6`, etc + * are provided by the plugin check command templates. + * Check the documentation for details. + * + * Tip: Use `icinga2 object list --type Service` to + * list all service objects after running + * configuration validation (`icinga2 daemon -C`). + */ + +/* + * This is an example host based on your + * local host's FQDN. Specify the NodeName + * constant in `constants.conf` or use your + * own description, e.g. "db-host-1". + */ + +/* + * These are generic `ping4` and `ping6` + * checks applied to all hosts having the + * `address` resp. `address6` attribute + * defined. + */ +apply Service "ping4" { + import "generic-service" + + check_command = "ping4" + + assign where host.address +} + +apply Service "ping6" { + import "generic-service" + + check_command = "ping6" + + assign where host.address6 +} + +/* + * Apply the `ssh` service to all hosts + * with the `address` attribute defined and + * the custom attribute `os` set to `Linux`. + */ +apply Service "ssh" { + import "generic-service" + + check_command = "ssh" + + assign where (host.address || host.address6) && host.vars.os == "Linux" + ignore where host.address == "127.0.0.1" /* for upgrade safety */ +} + + + +apply Service for (http_vhost => config in host.vars.http_vhosts) { + import "generic-service" + + check_command = "http" + + vars += config +} + +apply Service for (disk => config in host.vars.disks) { + import "generic-service" + + check_command = "disk" + + vars += config +} + +apply Service "icinga" { + import "generic-service" + + check_command = "icinga" + + assign where host.name == NodeName +} + +apply Service "load" { + import "generic-service" + + check_command = "load" + + /* Used by the ScheduledDowntime apply rule in `downtimes.conf`. */ + vars.backup_downtime = "02:00-03:00" + + assign where host.name == NodeName +} + +apply Service "procs" { + import "generic-service" + + check_command = "procs" + + assign where host.name == NodeName +} + +apply Service "swap" { + import "generic-service" + + check_command = "swap" + + assign where host.name == NodeName +} + +apply Service "users" { + import "generic-service" + + check_command = "users" + + assign where host.name == NodeName +} diff --git a/start.sh b/start.sh new file mode 100644 index 0000000..57fb1e6 --- /dev/null +++ b/start.sh @@ -0,0 +1,74 @@ +#!/bin/bash +## +## Start up script for Icinga2 on CentOS docker container +## + +## Initialise any variables being called: +# Set the correct timezone for PHP +PHP_TZ=${TZ:-UTC} +PHP_TZ_CONT=`echo $PHP_TZ | awk 'BEGIN { FS="/" } { print $1 }'` +PHP_TZ_CITY=`echo $PHP_TZ | awk 'BEGIN { FS="/" } { print $2 }'` +setup=/config/.setup + +## The remaining initialisation is contained in an if condition. When the initialisation completes an empty /etc/icinga2/.setup file is created. If this exists the initialisation is skipped. By deleting this file, the initialisation can be restarted. +if [ ! -f "${setup}" ]; then + + ## Set up basic Icinga2 configuration/features + # Enable feature: ido-mysql + if [[ -L /etc/icinga2/features-enabled/ido-mysql.conf ]]; then + echo "Symlink for /etc/icinga2/features-enabled/ido-mysql.conf exists already...skipping" + else + ln -s /etc/icinga2/features-available/ido-mysql.conf /etc/icinga2/features-enabled/ido-mysql.conf + fi + + # Enable feature: checker + if [[ -L /etc/icinga2/features-enabled/checker.conf ]]; then + echo "Symlink for /etc/icinga2/features-enabled/checker.conf exists already... skipping" + else + ln -s /etc/icinga2/features-available/checker.conf /etc/icinga2/features-enabled/checker.conf + fi + + # Enable feature: mainlog + if [[ -L /etc/icinga2/features-enabled/mainlog.conf ]]; then + echo "Symlink for /etc/icinga2/features-enabled/mainlog.conf exists already... skipping" + else + ln -s /etc/icinga2/features-available/mainlog.conf /etc/icinga2/features-enabled/mainlog.conf + fi + + # Enable feature: command >> /dev/null + if [[ -L /etc/icinga2/features-enabled/command.conf ]]; then + echo "Symlink for /etc/icinga2/features-enabled/command.conf exists already...skipping" + else + ln -s /etc/icinga2/features-available/command.conf /etc/icinga2/features-enabled/command.conf + fi + + # Enable feature: livestatus >> /dev/null + if [[ -L /etc/icinga2/features-enabled/livestatus.conf ]]; then + echo "Symlink for /etc/icinga2/features-enabled/livestatus.conf exists already...skipping" + else + ln -s /etc/icinga2/features-available/livestatus.conf /etc/icinga2/features-enabled/livestatus.conf + fi + + ## Initialising the icingaweb2 configuration +# if [[ -L /etc/icingaweb2 ]]; then +# echo "Icinga2 web configuration directory already exists...skipping" +# else +# cd /usr/share/icingaweb2 +# icingacli setup config directory +# icingacli setup token create +# fi + + # Configure the PHP timezone correctly: + if [ "$PHP_TZ_CITY" = "" ]; then + sed -i "s/;date.timezone =/date.timezone = ${PHP_TZ_CONT}/" /etc/opt/rh/rh-php71/php.ini + else + sed -i "s/;date.timezone =/date.timezone = ${PHP_TZ_CONT}\/${PHP_TZ_CITY}/" /etc/opt/rh/rh-php71/php.ini + fi + +# Mark the setup as complete + touch /config/.setup +fi + + +## Start up icinga2 and apache web server daemons via supervisord +/usr/bin/supervisord -n -c /etc/supervisord.conf diff --git a/supervisord.conf b/supervisord.conf new file mode 100644 index 0000000..54744ba --- /dev/null +++ b/supervisord.conf @@ -0,0 +1,129 @@ +; Sample supervisor config file. + +[unix_http_server] +file=/var/tmp/supervisor.sock ; (the path to the socket file) +chmod=0700 ; sockef file mode (default 0700) +chown=nobody:nobody ; socket file uid:gid owner +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +[inet_http_server] ; inet (TCP) server disabled by default +port=*:9001 ; (ip_address:port specifier, *:port for all iface) +username=admin ; (default is no username (open server)) +password=admin ; (default is no password (open server)) + +[supervisord] +logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) +logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) +logfile_backups=10 ; (num of main logfile rotation backups;default 10) +loglevel=info ; (log level;default info; others: debug,warn,trace) +pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +nodaemon=false ; (start in foreground if true;default false) +minfds=1024 ; (min. avail startup file descriptors;default 1024) +minprocs=200 ; (min. avail process descriptors;default 200) +;umask=022 ; (process file creation umask;default 022) +;user=chrism ; (default is current user, required if root) +;identifier=supervisor ; (supervisord identifier, default is 'supervisor') +;directory=/tmp ; (default is not to cd during start) +;nocleanup=true ; (don't clean up tempfiles at start;default false) +;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) +;environment=KEY=value ; (key value pairs to add to environment) +;strip_ansi=false ; (strip ansi escape codes in logs; def. false) + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/tmp/supervisor.sock ; use a unix:// URL for a unix socket +;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket +;username=chris ; should be same as http_username if set +;password=123 ; should be same as http_password if set +;prompt=mysupervisor ; cmd line prompt (default "supervisor") +;history_file=~/.sc_history ; use readline history if available + +; The below sample program section shows all possible program subsection values, +; create one or more 'real' program: sections to be able to control them under +; supervisor. + +;[program:theprogramname] +;command=/bin/cat ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=999 ; the relative start priority (default 999) +;autostart=true ; start at supervisord start (default: true) +;autorestart=true ; retstart at unexpected quit (default: true) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) +;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions (def no adds) +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample eventlistener section shows all possible +; eventlistener subsection values, create one or more 'real' +; eventlistener: sections to be able to handle event notifications +; sent by supervisor. + +;[eventlistener:theeventlistenername] +;command=/bin/eventlistener ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;events=EVENT ; event notif. types to subscribe to (req'd) +;buffer_size=10 ; event buffer queue size (default 10) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=-1 ; the relative start priority (default -1) +;autostart=true ; start at supervisord start (default: true) +;autorestart=unexpected ; restart at unexpected quit (default: unexpected) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups ; # of stderr logfile backups (default 10) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample group section shows all possible group values, +; create one or more 'real' group: sections to create "heterogeneous" +; process groups. + +;[group:thegroupname] +;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions +;priority=999 ; the relative start priority (default 999) + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = supervisord.d/*.ini From 15f2ff5d54ab62ace77a2899033059756ea28042 Mon Sep 17 00:00:00 2001 From: Jonathan Ervine Date: Tue, 21 Jul 2020 22:41:52 +0800 Subject: [PATCH 2/2] Switched to node builder --- Dockerfile | 25 +++++++++++-------------- Jenkinsfile | 47 ++++++++++++++++++++++++++++++++--------------- start.sh | 0 3 files changed, 43 insertions(+), 29 deletions(-) mode change 100644 => 100755 start.sh diff --git a/Dockerfile b/Dockerfile index 03e663a..1695720 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,21 @@ FROM centos:7 MAINTAINER Jonathan Ervine -RUN yum update -y -x setup && yum clean all -RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -RUN rpm --import http://packages.icinga.org/icinga.key -RUN curl -L http://packages.icinga.org/epel/ICINGA-release.repo > /etc/yum.repos.d/ICINGA-release.repo -RUN rpm -e --nodeps iputils -RUN yum install -y iputils -RUN yum makecache +RUN yum update -y -x setup && yum clean all && \ + yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \ + rpm --import http://packages.icinga.org/icinga.key && \ + curl -L http://packages.icinga.org/epel/ICINGA-release.repo > /etc/yum.repos.d/ICINGA-release.repo && \ + rpm -e --nodeps iputils && \ + yum install -y iputils && \ + yum makecache && \ + yum install -y centos-release-scl icinga2 nagios-plugins-all git icinga2-ido-mysql httpd php php-intl php-theseer-fDOMDocument php-gd php-pecl-imagick php-pdo php-ZendFramework-Db-Adapter-Pdo-Mysql supervisor && \ + /usr/lib/icinga2/prepare-dirs /etc/sysconfig/icinga2 && \ + usermod -a -G icingacmd apache && \ + yum install -y icingaweb2 icingacli VOLUME ["/etc/icinga2", "/etc/icingaweb2", "/var/lib/mysql", "/var/lib/icinga2"] -RUN yum install -y centos-release-scl icinga2 nagios-plugins-all git icinga2-ido-mysql httpd php php-intl php-theseer-fDOMDocument php-gd php-pecl-imagick php-pdo php-ZendFramework-Db-Adapter-Pdo-Mysql supervisor - -RUN /usr/lib/icinga2/prepare-dirs /etc/sysconfig/icinga2 -RUN usermod -a -G icingacmd apache -RUN yum install -y icingaweb2 icingacli - ADD start.sh /sbin/start.sh -RUN chmod 755 /sbin/start.sh ADD apache.ini /etc/supervisord.d/apache.ini ADD icinga2.ini /etc/supervisord.d/icinga2.ini ADD php-fm.ini /etc/supervisord.d/php-fm.ini diff --git a/Jenkinsfile b/Jenkinsfile index 4fe0a53..f3ded84 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,17 +1,34 @@ -node("docker-node") { - docker.withRegistry('https://harbor.ervine.dev', 'jenkins-to-harbor') { - - git branch: "centos7", url: "ssh://git@git.ervine.org:2222/jonny/x86_64-centos-icinga2", credentialsId: 'jenkins-to-git' - - sh "git rev-parse HEAD > .git/commit-id" - def commit_id = readFile('.git/commit-id').trim() - println commit_id - - stage "build" - def app = docker.build "library/x86_64/centos/icinga2" - - stage "publish" - app.push("${env.BUILD_NUMBER}") - app.push("latest") +podTemplate(yaml: """ +kind: Pod +spec: + containers: + - name: kaniko + image: gcr.io/kaniko-project/executor:debug-539ddefcae3fd6b411a95982a830d987f4214251 + imagePullPolicy: Always + command: + - /busybox/cat + tty: true + volumeMounts: + - name: jenkins-docker-cfg + mountPath: /kaniko/.docker + volumes: + - name: jenkins-docker-cfg + projected: + sources: + - secret: + name: regcred + items: + - key: .dockerconfigjson + path: config.json +""" + ) { + + node(POD_LABEL) { + stage('Build with Kaniko') { + git url: 'ssh://git@git.ervine.org/jonny/x86_64-centos-icinga2.git', credentialsId: 'jenkins-to-git' + container('kaniko') { + sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd` --cache=true --destination=harbor.ervine.dev/library/x86_64/centos/icinga2:7' + } } + } } diff --git a/start.sh b/start.sh old mode 100644 new mode 100755