docker/icinga-satellite
6
0
Fork 0
Code Issues Actions Packages Activity

Compare commits

base: docker:bffb738d2d16eb90a27da884dfbf4adedaf854bf
Branches Tags
docker:main
...
compare: docker:a1f9a73af9cbeb49c0f845f603874d40fe3195cf
Branches Tags
docker:main

2 Commits
bffb738d2d ... a1f9a73af9

Author SHA1 Message Date
anima
a1f9a73af9 inital version
Some checks failed
build container icinga2-stallite / build (push) Failing after 2s
Details
2025-02-02 17:48:36 +01:00
anima
4a345c138f inital workflow 2025-02-02 16:52:05 +01:00
3 changed files with 157 additions and 0 deletions
Expand all files Collapse all files

52
.gitea/workflows/docker-build.yml Normal file
View File

@@ -0,0 +1,52 @@
name: build container icinga2-stallite
on:
push:
paths:
- 'Dockerfile'
- 'init.sh'
defaults:
run:
working-directory: ./icinga2-satellite
env:
REGISTRY_HOST: ${{ vars.AOIT_GIT_URL }}
CONTAINER_TAG: ${{ gitea.repository }}
CONTAINER_VERSION: latest
CONTAINER_NAME: deploy_test-${{ gitea.run_id }}
jobs:
build:
runs-on: test
steps:
- name: clone repo
working-directory: ${{ gitea.workspace }}
run: git clone https://$TOKEN@$GIT_HOST/$GIT_REPO
env:
TOKEN: ${{ secrets.TOKEN_SVC_CI }}
GIT_HOST: ${{ vars.AOIT_GIT_URL }}
GIT_REPO: ${{ gitea.repository }}
- name: docker build
run: docker build -t $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION .
- name: test docker container comes up
run: |
docker run --rm -d --name $CONTAINER_NAME -p $TEST_PORT:$TEST_PORT -e ICINGA2_API_USER_ROOT_PASS=$TMP_API_PASS $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
sleep $DEPLOY_TIME
docker exec $CONTAINER_NAME icinga2 -C -X
env:
DEPLOY_TIME: 15
- name: cleanup container
if: always()
run: docker kill $CONTAINER_NAME
- name: upload container
run: |
docker login $REGISTRY_HOST -u $REGISTRY_USER -p $REGISTRY_PASS
docker push $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
docker logout
env:
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASS: ${{ secrets.TOKEN_SVC_DOCKER }}
- name: docker cleanup image and build cache
run: |
docker image rm $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
docker builder prune -af

51
Dockerfile Normal file
View File

@@ -0,0 +1,51 @@
FROM debian:bookworm-slim
LABEL maintainer="docker@ao-it.net"
## prepare requirements
RUN ["bash", "-exo", "pipefail", "-c", "\
export DEBIAN_FRONTEND=noninteractive ; \
apt update ; \
apt install -y wget gnupg ; \
wget -O - https://packages.icinga.com/icinga.key | \
gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg ; \
source /etc/os-release ; \
echo \"deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" > /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
echo \"deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" >> /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
apt clean all ; \
rm -vrf /var/lib/apt/lists/* "]
## install icinga2
RUN ["bash", "-exo", "pipefail", "-c", "\
export DEBIAN_FRONTEND=noninteractive ; \
apt update ; \
apt install -y icinga2 monitoring-plugins ; \
mkdir -p /run/icinga2 ; \
chown nagios: /run/icinga2 ; \
apt clean all ; \
rm -vrf /var/lib/apt/lists/* "]
## create persistend data store
RUN ["bash", "-exo", "pipefail", "-c", "\
mkdir -p /var/lib/icinga2/certs ; \
chown -R nagios:nagios /var/lib/icinga2/certs ; \
mkdir -p /data ; \
mkdir -p /data-init/etc/ ; \
mkdir -p /data-init/var/ ; \
mkdir -p /data-init/plugins ; \
mv /etc/icinga2 /data-init/etc/ ; \
mv /var/lib/icinga2 /data-init/var/ ; \
mv /usr/lib/nagios/plugins /data-init/ ; \
ln -vs /data/etc/icinga2 /etc/icinga2 ; \
ln -vs /data/var/icinga2 /var/lib/icinga2 ; \
ln -vs /data/plugins /usr/lib/nagios/plugins "]
COPY init.sh /root/init.sh
EXPOSE 5665
VOLUME ["/data"]
WORKDIR /data
USER root
## run init.sh always!
ENTRYPOINT [ "bash", "/root/init.sh" ]
CMD [ "/usr/sbin/icinga2", "daemon" ]

54
init.sh Normal file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
## init icinga if need
if [ -z "$(ls -A /data)" ]; then
## init icinga config files
echo init icinga2 config
cp -ax /data-init/* /data
rm -rf /data-init
## create satellite cert
if [ ! -z "$ICINGA2_SATELLITE_CN" ]; then
echo generate new cert
icinga2 pki new-cert --cn $ICINGA2_SATELLITE_CN \
--key /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.key \
--cert /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.crt
fi
## get parent cert
if [ ! -z "$ICINGA2_PARENT_HOST" ]; then
echo get parent cert
icinga2 pki save-cert \
--trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
--host $ICINGA2_PARENT_HOST
fi
## join parent
### see: https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#node-setup
REQUIRED_VARS=("ICINGA2_PARENT_CN" "ICINGA2_PARENT_ZONE" "ICINGA2_PARENT_HOST" \
"ICINGA2_SATELLITE_CN" "ICINGA2_SATELLITE_ZONE" "ICINGA2_JOIN_TICKET" )
INIT_SATELLITE=true
echo check env var for auto setup
for VAR in "${REQUIRED_VARS[@]}"; do
if [ -z "${!VAR}" ]; then
echo "'$VAR' not set"
INIT_SATELLITE=false
fi
done
if [ "$INIT_SATELLITE" = true ]; then
echo init satellite
icinga2 node setup --ticket $ICINGA2_JOIN_TICKET \
--cn $ICINGA2_SATELLITE_CN \
--endpoint $ICINGA2_PARENT_CN \
--zone $ICINGA2_SATELLITE_ZONE \
--parent_zone $ICINGA2_PARENT_ZONE \
--parent_host $ICINGA2_PARENT_HOST \
--trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
--accept-commands --accept-config --disable-confd
else
echo satellite not init must do manually
fi
fi
# run CMD
exec "$@"