From 853a152603ecf9a78c13fb3bea39cb6bf8ca4c27 Mon Sep 17 00:00:00 2001
From: anima <p.schreiner@4nima.de>
Date: Sun, 2 Feb 2025 19:15:46 +0100
Subject: [PATCH] create inital compose

---
 README.md   | 161 +++++++---------------------------------------------
 compose.yml |  82 ++++++++++++++++++++++++++
 env.sample  |  30 ++++++++++
 3 files changed, 132 insertions(+), 141 deletions(-)
 create mode 100644 compose.yml
 create mode 100644 env.sample

diff --git a/README.md b/README.md
index 0e97abc..ec99b8e 100644
--- a/README.md
+++ b/README.md
@@ -1,149 +1,28 @@
 # Docker Icinga2
+[![Build Status](https://git.ao-it.net/docker/icinga2/actions/workflows/docker-build.yml/badge.svg?branch=main&event=push)](https://git.ao-it.net/docker/icinga2/actions?workflow=docker-build.yml&actor=0&status=0)
 
-## exampe compose
-### without icingaweb
-```yml
-services:
-  icinga2:
-    image: https://git.ao-it.net/docker/icinga2:latest
-    depends_on:
-      - redis
-    restart: always
-    ports:
-      - 5665:5665  # only need if you plan to use api from other sources as icingaweb2
-    volumes:
-      - ./files/icinga2:/data
-    environment:
-      # REMOVE VARS HERE IF YOU EDIT THE CONFIG DIRECTLY!! 
-      # The variables are primarily for the initial setup, later editing is recommended directly in the icinga config.
-      # Empty or non-existent vars do not change anything
-      - ICINGA2_API_USER_ROOT_PASS: ${API_ROOT_PASS:-changeME!}     # only on fist init! set api user root password
-      - ICINGA2_API_USER_ICINGAWEB_PASS: ${API_ICINGAWEB_PASS:-icingaweb}    # only on first init! create api user icingaweb and set password
-      - ICINGA2_ICINGADB_REDIS_HOST: ${REDIS_HOST:-redis}    # set redis host (anytime)
-      - ICINGA2_ICINGADB_REDIS_PORT: ${REDIS_PORT:-6379}     # set redis port (anytime)
-      #- ICINGA2_ICINGADB_REDIS_PASS:                         # set redis password (anytime)
+If you need a full stack:  
+* [AO-IT: icinga-stack](https://git.ao-it.net/docker/icinga-stack)
+  * [AO-IT: icingaweb2](https://git.ao-it.net/docker/icinga-satellite)
 
-  redis:
-    image: redis
-    restart: always
+Or a additional satellite: 
+* [AO-IT: icinga-satellite](https://git.ao-it.net/docker/icinga-satellite)
 
-  db_icinga:
-    image: mariadb:latest
-    restart: always
-    volumes:
-      - ./files/dbs/icinga2:/var/lib/mysql
-    environment:
-      MARIADB_ROOT_PASSWORD: example
-      MARIADB_DATABASE: ${ICINGA_DB:-icingadb}
-      MARIADB_USER: ${ICINGA_DB_USER:-icingadb}
-      MARIADB_PASSWORD: ${ICINGA_DB_PASS:-icingadb}
-
-  icingadb:
-    image: icinga/icingadb
-    depends_on:
-      - redis
-      - db_icinga
-    restart: always
-    environment:
-      - ICINGADB_REDIS_HOST=${REDIS_HOST:-redis}
-      - ICINGADB_REDIS_PORT=${REDIS_PORT:-6379} 
-      #- ICINGADB_REDIS_PASSWORD=123456
-      - ICINGADB_DATABASE_HOST=db_icinga
-      - ICINGADB_DATABASE_PORT=3306
-      - ICINGADB_DATABASE_DATABASE=${ICINGA_DB:-icingadb}
-      - ICINGADB_DATABASE_USER=${ICINGA_DB_USER:-icingadb}
-      - ICINGADB_DATABASE_PASSWORD=${ICINGA_DB_PASS:-icingadb}
+## usage
 ```
-
-### with icingaweb2
-See: [https://git.ao-it.net/docker/icingaweb2](https://git.ao-it.net/docker/icingaweb2) (planed!)
-In this state you must do the inital web setup manually because: 
-- https://github.com/Icinga/docker-icingaweb2/issues/113 
-All works fine without the role save to DB. The icingaweb2 default admin have no right ...
-> add in services bevor networks
-```yaml
-services: # remove this when you merge it with the example above
-  db_icingaweb:
-    image: mariadb
-    restart: always
-    volumes:
-      - ./files/dbs/icingaweb:/var/lib/mysql
-    environment:
-      MARIADB_ROOT_PASSWORD: example
-      MARIADB_DATABASE: ${ICINGAWEB_DB:-icingaweb}
-      MARIADB_USER: ${ICINGAWEB_DB_USER:-icingaweb}
-      MARIADB_PASSWORD: ${ICINGAWEB_DB_PASS:-icingaweb}
-
-  icingaweb:
-    image: icinga/icingaweb2
-    depends_on:
-      - db_icingaweb
-      - icinga2
-    restart: always
-    ports:
-      - 8080:8080 # only need if no reverse proxy can reach this port docker internaly
-    volumes:
-      - ./files/icingaweb:/data # as docker volume or need: chown 33:33 files/icingaweb
-      - ./files/icingaweb-modules/grafana:/usr/share/icingaweb2/modules/grafana
+git clone https://git.ao-it.net/docker/icinga2
+cd icinga2
+cp env.sample .env
+nano .env   # set your env
+docker compose up
 ```
+Default vars a working but not recommend in prod!  
+Minimum recommended adjustments:
+* ICINGA2_API_USER_ROOT_PASS
+* ICINGA2_API_USER_ICINGAWEB_PASS
 
-### target state icingaweb2
-```yaml
-services: # remove this when you merge it with the example above
-  db_icingaweb:
-    image: mariadb
-    restart: always
-    volumes:
-      - ./files/dbs/icingaweb:/var/lib/mysql
-    environment:
-      MARIADB_ROOT_PASSWORD: example
-      MARIADB_DATABASE: ${ICINGAWEB_DB:-icingaweb}
-      MARIADB_USER: ${ICINGAWEB_DB_USER:-icingaweb}
-      MARIADB_PASSWORD: ${ICINGAWEB_DB_PASS:-icingaweb}
+All other var can be use at is, because all is in docker network and not exposed.
 
-  icingaweb:
-    image: icinga/icingaweb2
-    depends_on:
-      - db_icingaweb
-      - icinga2
-    restart: always
-    ports:
-      - 8080:8080 # only need if no reverse proxy can reach this port docker internaly
-    volumes:
-      - ./files/icingaweb:/data # as docker volume or need: chown 33:33 files/icingaweb
-      - ./files/icingaweb-modules/grafana:/usr/share/icingaweb2/modules/grafana
-    environment:
-      - icingaweb.resources.icingaweb_db.type=db
-      - icingaweb.resources.icingaweb_db.db=mysql
-      - icingaweb.resources.icingaweb_db.host=db_icingaweb
-      - icingaweb.resources.icingaweb_db.dbname=${ICINGAWEB_DB:-icingaweb}
-      - icingaweb.resources.icingaweb_db.username=${ICINGAWEB_DB_USER:-icingaweb}
-      - icingaweb.resources.icingaweb_db.password=${ICINGAWEB_DB_PASS:-icingaweb}
-      - icingaweb.resources.icingaweb_db.charset=utf8mb4
-      - icingaweb.authentication.icingaweb2.backend=db
-      - icingaweb.authentication.icingaweb2.resource=icingaweb_db
-      - icingaweb.groups.icingaweb2.backend=db
-      - icingaweb.groups.icingaweb2.resource=icingaweb_db
-      - icingaweb.config.global.config_backend=db
-      - icingaweb.config.global.config_resource=icingaweb_db
-      - icingaweb.roles.Administrators.permissions='*'
-      - icingaweb.roles.Administrators.groups=Administrators
-      - icingaweb.roles.Administrators.users=${ICINGAWEB_USER:-icingaadmin}
-      - icingaweb.passwords.icingaweb2.icingaadmin=${ICINGAWEB_PASS:-changeME!}
-      - icingaweb.config.logging.log=php
-      - icingaweb.enabledModules=icingadb
-      - icingaweb.resources.icingadb.type=db
-      - icingaweb.resources.icingadb.db=mysql
-      - icingaweb.resources.icingadb.host=db_icinga
-      - icingaweb.resources.icingadb.dbname=${ICINGA_DB:-icingadb}
-      - icingaweb.resources.icingadb.username=${ICINGA_DB_USER:-icingadb}
-      - icingaweb.resources.icingadb.password={ICINGA_DB_PASS:-icingadb}
-      - icingaweb.resources.icingadb.charset=utf8mb4
-      - icingaweb.modules.icingadb.config.icingadb.resource=icingadb
-      - icingaweb.modules.icingadb.redis.redis1.host=${REDIS_HOST:-redis}
-      - icingaweb.modules.icingadb.redis.redis1.port=${REDIS_PORT:-6379} 
-      - icingaweb.modules.icingadb.commandtransports.icinga2.transport=api
-      - icingaweb.modules.icingadb.commandtransports.icinga2.host=icinga2
-      - icingaweb.modules.icingadb.commandtransports.icinga2.username=icingaweb
-      - icingaweb.modules.icingadb.commandtransports.icinga2.password=${API_ICINGAWEB_PASS:-icingaweb}
-```
\ No newline at end of file
+Hints: 
+* API user setup only runs once at start up!
+* Redis conf runs every time
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..deca3e5
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,82 @@
+services:
+  db_icinga:
+    image: mariadb
+    hostname: ${ICINGA_DB_HOST:-db_icinga}
+    restart: always
+    volumes:
+      - ./files/dbs/icinga:/var/lib/mysql
+    networks:
+      - icinga
+    environment:
+      MARIADB_RANDOM_ROOT_PASSWORD: yes
+      MARIADB_DATABASE: ${ICINGA_DB:-icingadb}
+      MARIADB_USER: ${ICINGA_DB_USER:-icingadb}
+      MARIADB_PASSWORD: ${ICINGA_DB_PASS:-icingadb}
+
+  db_redis:
+    image: redis
+    hostname: ${ICINGADB_REDIS_HOST:-db_redis}
+    restart: always
+    networks:
+      - icinga
+  
+  # sync handler between icingadb (db_icinga) and redis (db_redis)
+  icingadb:
+    image: icinga/icingadb
+    depends_on:
+      - db_redis
+      - db_icinga
+    restart: always
+    networks: 
+      - icinga
+    environment:
+      - ICINGADB_REDIS_HOST=${ICINGADB_REDIS_HOST:-db_redis}
+      - ICINGADB_REDIS_PORT=${ICINGADB_REDIS_PORT:-6379}
+      - ICINGADB_DATABASE_HOST=${ICINGA_DB_HOST:-db_icinga}
+      - ICINGADB_DATABASE_PORT=${ICINGA_DB_PORT:-3306}
+      - ICINGADB_DATABASE_DATABASE=${ICINGA_DB:-icingadb}
+      - ICINGADB_DATABASE_USER=${ICINGA_DB_USER:-icingadb}
+      - ICINGADB_DATABASE_PASSWORD=${ICINGA_DB_PASS:-icingadb}
+
+  db_influxdb:
+    image: influxdb:1.8
+    hostname: ${ICINGA_INFLUX_HOST:-db_influxdb}
+    restart: always
+    networks:
+      - icinga
+    volumes:
+      - ./files/dbs/influx:/vol01/Docker/monitoring
+    environment:
+      - INFLUXDB_DB=${ICINGA_INFLUX_DB:-icinga}
+      - INFLUXDB_USER=${ICINGA_INFLUX_USER:-icinga}
+      - INFLUXDB_ADMIN_ENABLED=true
+      - INFLUXDB_ADMIN_USER=${INFLUX_ADMIN_USER:-icinga}
+      - INFLUXDB_ADMIN_PASSWORD=${INFLUX_ADMIN_PASS:-icinga} 
+
+  icinga2:
+    image: git.ao-it.net/docker/icinga2:latest
+    hostname: ${ICINGA_API_HOST:-icinga2}
+    depends_on:
+      - db_redis
+    restart: always
+    volumes:
+      - ./files/icinga2:/data
+    ports:
+      - ${ICINGA_API_PORT:5665}:5665  # only need if you plan to use api from other sources as icingaweb2
+    networks:
+      - icinga
+      #- backend
+    environment:
+      # REMOVE VARS HERE IF YOU EDIT THE CONFIG DIRECTLY!! 
+      # The variables are primarily for the initial setup, later editing is recommended directly in the icinga config.
+      # Empty or non-existent vars do not change anything
+      ICINGA2_API_USER_ROOT_PASS: ${API_ROOT_PASS:-changeME!}                     # only on fist init! set api user root password
+      ICINGA2_API_USER_ICINGAWEB_PASS: ${ICINGA_API_ICINGAWEB_PASS:-icingaweb}    # only on first init! create api user icingaweb and set password
+      ICINGA2_ICINGADB_REDIS_HOST: ${ICINGADB_REDIS_HOST:-db_redis}
+      ICINGA2_ICINGADB_REDIS_PORT: ${ICINGADB_REDIS_PORT:-6379}
+      ICINGA2_INFLUXDB_HOST: ${ICINGA_INFLUX_HOST:-db_influxdb}
+      ICINGA2_INFLUXDB_PORT: ${ICINGA_INFLUX_PORT:-8086}
+      ICINGA2_INFLUXDB_DB: ${ICINGA_INFLUX_DB:-icinga}
+
+networks:
+  icinga:
\ No newline at end of file
diff --git a/env.sample b/env.sample
new file mode 100644
index 0000000..48d2029
--- /dev/null
+++ b/env.sample
@@ -0,0 +1,30 @@
+# icinga environment
+
+## HIGHLY RECOMMENDED TO CHANGE
+ICINGA_API_HOST=icinga2
+API_ROOT_PASS=changeME!
+ICINGA_API_ICINGAWEB_USER=icingaweb
+
+## icinga
+ICINGA_API_PORT=5665
+ICINGA_API_ICINGAWEB_PASS=icingaweb
+
+## influxdb admin
+INFLUX_ADMIN_USER=icinga
+INFLUX_ADMIN_PASS=icinga
+ICINGA_INFLUX_HOST=db_influxdb
+ICINGA_INFLUX_PORT=8086
+ICINGA_INFLUX_USER=icinga
+ICINGA_INFLUX_DB=icinga
+ICINGA_INFLUX_PASS=icinga
+
+## icingadb SQL connection
+ICINGA_DB=icingadb
+ICINGA_DB_HOST=db_icinga
+ICINGA_DB_PORT=3306
+ICINGA_DB_USER=icingadb
+ICINGA_DB_PASS=icingadb
+
+## icingadb redis connection
+ICINGADB_REDIS_HOST=redis
+ICINGADB_REDIS_PORT=6379
\ No newline at end of file