first commit

This commit is contained in:
Jörg Thalheim 2016-04-29 21:07:22 +02:00
commit 2f106966cf
No known key found for this signature in database
GPG Key ID: CA4106B8D7CC79FA
14 changed files with 143 additions and 0 deletions
.dockerignore.gitignoreDockerfileMakefile
etc
fix-attrs.d
influxdb
services.d
cron
grafana
icinga2
influxdb
nginx
postgres
sshd
usr/bin

3
.dockerignore Normal file
View File

@ -0,0 +1,3 @@
.envrc
Dockerfile
cache

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
cache

71
Dockerfile Normal file
View File

@ -0,0 +1,71 @@
FROM alpine:edge
# 1. common tools
# 2. programing languages
# 3. icinga2 stuff
# 4. letsencrypt deps
RUN apk add --no-cache --update \
bind-tools tcpdump openssh lsof curl wget git mercurial strace tmux vim rsync htop bash openssl \
ruby python go build-base \
nginx postgresql icinga2 \
py-requests py-setuptools && \
mkdir -p /run/nginx
## S6 supervisor
RUN curl -sSL https://github.com/just-containers/s6-overlay/releases/download/v1.17.2.0/s6-overlay-amd64.tar.gz | tar -xzf - -C /
## Influxdb
RUN export GOPATH=/tmp/go \
&& mkdir -p /etc/influxdb/ $GOPATH/src/github.com/influxdata \
&& curl -sSL https://github.com/influxdata/influxdb/archive/v0.12.2.tar.gz | tar -xzf - -C /tmp \
&& mv /tmp/influxdb-* $GOPATH/src/github.com/influxdata/influxdb \
&& cd $GOPATH/src/github.com/influxdata/influxdb \
&& go get github.com/sparrc/gdm \
&& export PATH=$GOPATH/bin:$PATH \
&& gdm restore \
&& go install ./... \
&& cp $GOPATH/bin/influx* /usr/bin/ \
&& rm -rf $GOPATH
## Grafana
RUN apk add --no-cache nodejs \
&& export GOPATH=/tmp/go \
&& mkdir -p /opt/grafana/conf $GOPATH/src/github.com/grafana/ \
&& curl -sSL https://github.com/grafana/grafana/archive/v3.0-beta5.tar.gz | tar -xzf - -C /tmp \
&& mv /tmp/grafana-* $GOPATH/src/github.com/grafana/grafana \
&& cd $GOPATH/src/github.com/grafana/grafana \
&& go run build.go setup \
&& $GOPATH/bin/godep restore \
&& go run build.go build \
&& npm install \
&& npm install -g grunt-cli \
&& grunt \
&& npm uninstall -g grunt-cli \
&& npm cache clear \
&& cp -a $GOPATH/src/github.com/grafana/grafana/bin/* /usr/bin/ \
&& cp -ra $GOPATH/src/github.com/grafana/grafana/public_gen /opt/grafana/public \
&& apk del --purge nodejs \
&& rm -rf $GOPATH /root/.npm* \
&& addgroup -g 45555 grafana \
&& adduser -u 45555 -G grafana -D grafana
## simp_le
RUN apk --no-cache add libffi-dev python-dev openssl-dev && \
mkdir -p /tmp/simp_le /etc/ssl/letsencrypt && \
curl -sSL https://github.com/kuba/simp_le/archive/master.tar.gz | tar -xzf - -C /tmp && \
cd /tmp/simp_le-master && \
python ./setup.py install && \
rm -rf /tmp/simp_le-master && apk del git py-pip libffi-dev python-dev openssl-dev && \
echo "3 10 * * * /usr/bin/update-certs" >> /etc/crontabs/root
## temporary keys until letsencrypt certificate is generated
RUN cd /etc/ssl/letsencrypt && \
openssl req -x509 -newkey rsa:2048 -keyout nginx/key.pem -out nginx/fullchain.pem -days 5 && \
cat nginx/key.pem nginx/fullchain.pem > influxdb/combined.pem
RUN icinga2 feature enable ido-pgsql
VOLUME [ "/var/lib/influxdb/data", "/var/lib/influxdb/meta", "/var/lib/postgres/", "/var/lib/grafana", "/etc/grafana", "/etc/icinga2", "/etc/icinga-web", "/etc/icingaweb2", "/var/lib/icinga2", "/etc/ssmtp"]
EXPOSE 22 80 443
ADD . /
ENTRYPOINT ["/init"]

7
Makefile Normal file
View File

@ -0,0 +1,7 @@
all: run
build:
docker build -t monitoring .
run: build
docker run --rm -ti monitoring sh

View File

@ -0,0 +1,2 @@
/var/lib/grafana true grafana 0755 0755
/var/log/grafana true grafana 0755 0755

16
etc/influxdb/config.toml Normal file
View File

@ -0,0 +1,16 @@
reporting-disabled = true
[meta]
dir = "/var/lib/influxdb/meta"
retention-autocreate = true
logging-enabled = true
lease-duration = "1m0s"
[http]
auth-enabled = true
https-enabled = true
https-certificate = "/etc/ssl/letsencrypt/influxdb/combined.pem"
[admin]
https-enabled = true
https-certificate = "/etc/ssl/letsencrypt/influxdb/combined.pem"

2
etc/services.d/cron/run Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/execlineb -P
crond -l 2 -f

4
etc/services.d/grafana/run Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/execlineb -P
cat
#s6-setuidgid grafana
#/opt/grafana/bin/grafana-server -homepath /opt/grafana cfg:default.paths.data=/var/lib/grafana

2
etc/services.d/icinga2/run Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/execlineb -P
cat

2
etc/services.d/influxdb/run Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/execlineb -P
/usr/bin/influxd -config /etc/influxdb/config.toml

2
etc/services.d/nginx/run Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/execlineb -P
nginx -g "daemon off;"

2
etc/services.d/postgres/run Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/execlineb -P
cat

2
etc/services.d/sshd/run Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/execlineb -P
cat

27
usr/bin/update-certs Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
set -eux
gen_cert() {
local app="$1"; shift
local restart_action="$1"; shift
cd "/etc/ssl/letsencrypt/$app"
mkdir -p "/etc/ssl/letsencrypt/$app"
set +e
simp_le --email joerg@higgsboson.tk \
-f account_key.json \
-f fullchain.pem \
-f key.pem \
$(for domain in "$@"; do echo "-d $domain"; done) \
--default_root /var/www/letsenrypt
cat fullchain.pem key.pem > combined.pem
local rc=$?
[ $rc = 1 ] && $restart_action
[ $rc != 0 ] && exit $rc
}
gen_cert "nginx" "nginx -s reload" "status.higgsboson.tk" "stats.higgsboson.tk"
gen_cert "influxdb" "s6-svc -t /var/run/s6/services/influxdb" "influxdb.higgsboson.tk"
touch /etc/ssl/letsencrypt/last-check