inital version
This commit is contained in:
48
Dockerfile
Normal file
48
Dockerfile
Normal file
@@ -0,0 +1,48 @@
|
|||||||
|
FROM debian:bookworm-slim
|
||||||
|
LABEL maintainer="docker@ao-it.net"
|
||||||
|
|
||||||
|
## prepare requirements
|
||||||
|
RUN ["bash", "-exo", "pipefail", "-c", "\
|
||||||
|
export DEBIAN_FRONTEND=noninteractive ; \
|
||||||
|
apt update ; \
|
||||||
|
apt install -y wget gnupg ; \
|
||||||
|
wget -O - https://packages.icinga.com/icinga.key | \
|
||||||
|
gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg ; \
|
||||||
|
source /etc/os-release ; \
|
||||||
|
echo \"deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" > /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
|
||||||
|
echo \"deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" >> /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
|
||||||
|
apt clean all ; \
|
||||||
|
rm -vrf /var/lib/apt/lists/* "]
|
||||||
|
|
||||||
|
## install icinga2
|
||||||
|
RUN ["bash", "-exo", "pipefail", "-c", "\
|
||||||
|
export DEBIAN_FRONTEND=noninteractive ; \
|
||||||
|
apt update ; \
|
||||||
|
apt install -y icinga2 monitoring-plugins ; \
|
||||||
|
mkdir -p /run/icinga2 ; \
|
||||||
|
chown nagios: /run/icinga2 ; \
|
||||||
|
apt clean all ; \
|
||||||
|
rm -vrf /var/lib/apt/lists/* "]
|
||||||
|
|
||||||
|
## create persistend data store
|
||||||
|
RUN ["bash", "-exo", "pipefail", "-c", "\
|
||||||
|
mkdir -p /data ; \
|
||||||
|
mkdir -p /data-init/etc/ ; \
|
||||||
|
mkdir -p /data-init/var/ ; \
|
||||||
|
mkdir -p /data-init/plugins ; \
|
||||||
|
mv /etc/icinga2 /data-init/etc/ ; \
|
||||||
|
mv /var/lib/icinga2 /data-init/var/ ; \
|
||||||
|
mv /usr/lib/nagios/plugins /data-init/ ; \
|
||||||
|
ln -vs /data/etc/icinga2 /etc/icinga2 ; \
|
||||||
|
ln -vs /data/var/icinga2 /var/lib/icinga2 ; \
|
||||||
|
ln -vs /data/plugins /usr/lib/nagios/plugins ; \
|
||||||
|
"]
|
||||||
|
|
||||||
|
EXPOSE 5665
|
||||||
|
|
||||||
|
COPY init.sh /root/init.sh
|
||||||
|
|
||||||
|
VOLUME ["/data"]
|
||||||
|
WORKDIR /
|
||||||
|
USER root
|
||||||
|
CMD ["bash", "/root/init.sh"]
|
||||||
56
init.sh
Normal file
56
init.sh
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
ICINGA2_FILE_API_CONF=/etc/icinga2/features-enabled/api.conf
|
||||||
|
ICINGA2_FILE_API_USER_CONF=/etc/icinga2/conf.d/api-users.conf
|
||||||
|
ICINGA2_FILE_ICINGADB_CONF=/etc/icinga2/features-enabled/icingadb.conf
|
||||||
|
|
||||||
|
## init icinga config files if need
|
||||||
|
if [ -z "$(ls -A /data)" ]; then
|
||||||
|
echo init icinga2 config
|
||||||
|
cp -ax /data-init/* /data
|
||||||
|
rm -rf /data-init
|
||||||
|
fi
|
||||||
|
|
||||||
|
## init api user
|
||||||
|
if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
|
||||||
|
echo run api setup because no config exists
|
||||||
|
/usr/sbin/icinga2 api setup
|
||||||
|
|
||||||
|
## only on inital setup replace one time the api root user password if a env var is set
|
||||||
|
if [ ! -z "$ICINGA2_API_USER_ROOT_PASS" ]; then
|
||||||
|
echo set inital api root user password
|
||||||
|
sed -i "s|password = \".*\"|password = \"$ICINGA2_API_USER_ROOT_PASS\"|g" $ICINGA2_FILE_API_USER_CONF
|
||||||
|
fi
|
||||||
|
|
||||||
|
## only on inital setup create a icingaweb api user if env var is set
|
||||||
|
## permission source: https://icinga.com/docs/icinga-web/latest/modules/monitoring/doc/05-Command-Transports/
|
||||||
|
if [ ! -z "$ICINGA2_API_USER_ICINGAWEB_PASS" ]; then
|
||||||
|
echo set inital icingadb api user
|
||||||
|
echo 'object ApiUser "icingaweb2" {' >> $ICINGA2_FILE_API_USER_CONF
|
||||||
|
echo " password = \"$ICINGA2_API_USER_ICINGAWEB_PASS\"" >> $ICINGA2_FILE_API_USER_CONF
|
||||||
|
echo ' permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]' >> $ICINGA2_FILE_API_USER_CONF
|
||||||
|
echo '}' >> $ICINGA2_FILE_API_USER_CONF
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
## enable icingadb feature if not active
|
||||||
|
if [ ! -f "$ICINGA2_FILE_ICINGADB_CONF" ]; then
|
||||||
|
echo enable icingadb
|
||||||
|
/usr/sbin/icinga2 feature enable icingadb
|
||||||
|
fi
|
||||||
|
|
||||||
|
## replace redis conf is env vars set (anytime)
|
||||||
|
if [ ! -z "$ICINGA2_ICINGADB_REDIS_HOST" ]; then
|
||||||
|
echo set new redis host
|
||||||
|
sed -i "s|\(//\)*host = \".*\"|host = \"$ICINGA2_ICINGADB_REDIS_HOST\"|g" $ICINGA2_FILE_ICINGADB_CONF
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ICINGA2_ICINGADB_REDIS_PORT" ]; then
|
||||||
|
echo set new redis port
|
||||||
|
sed -i "s|\(//\)*port = .*|port = $ICINGA2_ICINGADB_REDIS_PORT|g" $ICINGA2_FILE_ICINGADB_CONF
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ICINGA2_ICINGADB_REDIS_PASS" ]; then
|
||||||
|
echo set new redis password
|
||||||
|
sed -i "s|\(//\)*password = \".*\"|password = \"$ICINGA2_ICINGADB_REDIS_PASS\"|g" $ICINGA2_FILE_ICINGADB_CONF
|
||||||
|
fi
|
||||||
|
|
||||||
|
/usr/sbin/icinga2 daemon
|
||||||
Reference in New Issue
Block a user