first commit
This commit is contained in:
commit
2f106966cf
3
.dockerignore
Normal file
3
.dockerignore
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
.envrc
|
||||||
|
Dockerfile
|
||||||
|
cache
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
cache
|
71
Dockerfile
Normal file
71
Dockerfile
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
FROM alpine:edge
|
||||||
|
|
||||||
|
# 1. common tools
|
||||||
|
# 2. programing languages
|
||||||
|
# 3. icinga2 stuff
|
||||||
|
# 4. letsencrypt deps
|
||||||
|
RUN apk add --no-cache --update \
|
||||||
|
bind-tools tcpdump openssh lsof curl wget git mercurial strace tmux vim rsync htop bash openssl \
|
||||||
|
ruby python go build-base \
|
||||||
|
nginx postgresql icinga2 \
|
||||||
|
py-requests py-setuptools && \
|
||||||
|
mkdir -p /run/nginx
|
||||||
|
|
||||||
|
## S6 supervisor
|
||||||
|
RUN curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v1.17.2.0/s6-overlay-amd64.tar.gz | tar -xzf - -C /
|
||||||
|
|
||||||
|
## Influxdb
|
||||||
|
RUN export GOPATH=/tmp/go \
|
||||||
|
&& mkdir -p /etc/influxdb/ $GOPATH/src/github.com/influxdata \
|
||||||
|
&& curl -sSL https://github.com/influxdata/influxdb/archive/v0.12.2.tar.gz | tar -xzf - -C /tmp \
|
||||||
|
&& mv /tmp/influxdb-* $GOPATH/src/github.com/influxdata/influxdb \
|
||||||
|
&& cd $GOPATH/src/github.com/influxdata/influxdb \
|
||||||
|
&& go get github.com/sparrc/gdm \
|
||||||
|
&& export PATH=$GOPATH/bin:$PATH \
|
||||||
|
&& gdm restore \
|
||||||
|
&& go install ./... \
|
||||||
|
&& cp $GOPATH/bin/influx* /usr/bin/ \
|
||||||
|
&& rm -rf $GOPATH
|
||||||
|
|
||||||
|
## Grafana
|
||||||
|
RUN apk add --no-cache nodejs \
|
||||||
|
&& export GOPATH=/tmp/go \
|
||||||
|
&& mkdir -p /opt/grafana/conf $GOPATH/src/github.com/grafana/ \
|
||||||
|
&& curl -sSL https://github.com/grafana/grafana/archive/v3.0-beta5.tar.gz | tar -xzf - -C /tmp \
|
||||||
|
&& mv /tmp/grafana-* $GOPATH/src/github.com/grafana/grafana \
|
||||||
|
&& cd $GOPATH/src/github.com/grafana/grafana \
|
||||||
|
&& go run build.go setup \
|
||||||
|
&& $GOPATH/bin/godep restore \
|
||||||
|
&& go run build.go build \
|
||||||
|
&& npm install \
|
||||||
|
&& npm install -g grunt-cli \
|
||||||
|
&& grunt \
|
||||||
|
&& npm uninstall -g grunt-cli \
|
||||||
|
&& npm cache clear \
|
||||||
|
&& cp -a $GOPATH/src/github.com/grafana/grafana/bin/* /usr/bin/ \
|
||||||
|
&& cp -ra $GOPATH/src/github.com/grafana/grafana/public_gen /opt/grafana/public \
|
||||||
|
&& apk del --purge nodejs \
|
||||||
|
&& rm -rf $GOPATH /root/.npm* \
|
||||||
|
&& addgroup -g 45555 grafana \
|
||||||
|
&& adduser -u 45555 -G grafana -D grafana
|
||||||
|
|
||||||
|
## simp_le
|
||||||
|
RUN apk --no-cache add libffi-dev python-dev openssl-dev && \
|
||||||
|
mkdir -p /tmp/simp_le /etc/ssl/letsencrypt && \
|
||||||
|
curl -sSL https://github.com/kuba/simp_le/archive/master.tar.gz | tar -xzf - -C /tmp && \
|
||||||
|
cd /tmp/simp_le-master && \
|
||||||
|
python ./setup.py install && \
|
||||||
|
rm -rf /tmp/simp_le-master && apk del git py-pip libffi-dev python-dev openssl-dev && \
|
||||||
|
echo "3 10 * * * /usr/bin/update-certs" >> /etc/crontabs/root
|
||||||
|
|
||||||
|
## temporary keys until letsencrypt certificate is generated
|
||||||
|
RUN cd /etc/ssl/letsencrypt && \
|
||||||
|
openssl req -x509 -newkey rsa:2048 -keyout nginx/key.pem -out nginx/fullchain.pem -days 5 && \
|
||||||
|
cat nginx/key.pem nginx/fullchain.pem > influxdb/combined.pem
|
||||||
|
|
||||||
|
RUN icinga2 feature enable ido-pgsql
|
||||||
|
|
||||||
|
VOLUME [ "/var/lib/influxdb/data", "/var/lib/influxdb/meta", "/var/lib/postgres/", "/var/lib/grafana", "/etc/grafana", "/etc/icinga2", "/etc/icinga-web", "/etc/icingaweb2", "/var/lib/icinga2", "/etc/ssmtp"]
|
||||||
|
EXPOSE 22 80 443
|
||||||
|
ADD . /
|
||||||
|
ENTRYPOINT ["/init"]
|
7
Makefile
Normal file
7
Makefile
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
all: run
|
||||||
|
|
||||||
|
build:
|
||||||
|
docker build -t monitoring .
|
||||||
|
|
||||||
|
run: build
|
||||||
|
docker run --rm -ti monitoring sh
|
2
etc/fix-attrs.d/grafana-dir
Normal file
2
etc/fix-attrs.d/grafana-dir
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
/var/lib/grafana true grafana 0755 0755
|
||||||
|
/var/log/grafana true grafana 0755 0755
|
16
etc/influxdb/config.toml
Normal file
16
etc/influxdb/config.toml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
reporting-disabled = true
|
||||||
|
|
||||||
|
[meta]
|
||||||
|
dir = "/var/lib/influxdb/meta"
|
||||||
|
retention-autocreate = true
|
||||||
|
logging-enabled = true
|
||||||
|
lease-duration = "1m0s"
|
||||||
|
|
||||||
|
[http]
|
||||||
|
auth-enabled = true
|
||||||
|
https-enabled = true
|
||||||
|
https-certificate = "/etc/ssl/letsencrypt/influxdb/combined.pem"
|
||||||
|
|
||||||
|
[admin]
|
||||||
|
https-enabled = true
|
||||||
|
https-certificate = "/etc/ssl/letsencrypt/influxdb/combined.pem"
|
2
etc/services.d/cron/run
Executable file
2
etc/services.d/cron/run
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
#!/usr/bin/execlineb -P
|
||||||
|
crond -l 2 -f
|
4
etc/services.d/grafana/run
Executable file
4
etc/services.d/grafana/run
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/bin/execlineb -P
|
||||||
|
cat
|
||||||
|
#s6-setuidgid grafana
|
||||||
|
#/opt/grafana/bin/grafana-server -homepath /opt/grafana cfg:default.paths.data=/var/lib/grafana
|
2
etc/services.d/icinga2/run
Executable file
2
etc/services.d/icinga2/run
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
#!/usr/bin/execlineb -P
|
||||||
|
cat
|
2
etc/services.d/influxdb/run
Executable file
2
etc/services.d/influxdb/run
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
#!/usr/bin/execlineb -P
|
||||||
|
/usr/bin/influxd -config /etc/influxdb/config.toml
|
2
etc/services.d/nginx/run
Executable file
2
etc/services.d/nginx/run
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
#!/usr/bin/execlineb -P
|
||||||
|
nginx -g "daemon off;"
|
2
etc/services.d/postgres/run
Executable file
2
etc/services.d/postgres/run
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
#!/usr/bin/execlineb -P
|
||||||
|
cat
|
2
etc/services.d/sshd/run
Executable file
2
etc/services.d/sshd/run
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
#!/usr/bin/execlineb -P
|
||||||
|
cat
|
27
usr/bin/update-certs
Executable file
27
usr/bin/update-certs
Executable file
@ -0,0 +1,27 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eux
|
||||||
|
|
||||||
|
gen_cert() {
|
||||||
|
local app="$1"; shift
|
||||||
|
local restart_action="$1"; shift
|
||||||
|
|
||||||
|
cd "/etc/ssl/letsencrypt/$app"
|
||||||
|
mkdir -p "/etc/ssl/letsencrypt/$app"
|
||||||
|
|
||||||
|
set +e
|
||||||
|
simp_le --email joerg@higgsboson.tk \
|
||||||
|
-f account_key.json \
|
||||||
|
-f fullchain.pem \
|
||||||
|
-f key.pem \
|
||||||
|
$(for domain in "$@"; do echo "-d $domain"; done) \
|
||||||
|
--default_root /var/www/letsenrypt
|
||||||
|
cat fullchain.pem key.pem > combined.pem
|
||||||
|
local rc=$?
|
||||||
|
[ $rc = 1 ] && $restart_action
|
||||||
|
[ $rc != 0 ] && exit $rc
|
||||||
|
}
|
||||||
|
|
||||||
|
gen_cert "nginx" "nginx -s reload" "status.higgsboson.tk" "stats.higgsboson.tk"
|
||||||
|
gen_cert "influxdb" "s6-svc -t /var/run/s6/services/influxdb" "influxdb.higgsboson.tk"
|
||||||
|
touch /etc/ssl/letsencrypt/last-check
|
Loading…
Reference in New Issue
Block a user