diff --git a/Dockerfile b/Dockerfile index 9144afa..431c6fb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,113 +1,233 @@ -FROM centos:centos7 -MAINTAINER gardar@ok.is - -# - Install basic packages (e.g. python-setuptools is required to have python's easy_install) -# - Install yum-utils so we have yum-config-manager tool available -# - Install inotify, needed to automate daemon restarts after config file changes -# - Install jq, small library for handling JSON files/api from CLI -# - Install supervisord (via python's easy_install - as it has the newest 3.x version) -RUN \ - yum update -y && \ - yum install -y epel-release && \ - yum install -y iproute python-setuptools hostname inotify-tools yum-utils which jq top && \ - yum clean all && \ - easy_install supervisor +############################################################ +# Dockerfile to build a Naemon/Adagios server +# Based on appcontainers/nagios +############################################################ +FROM centos:7 +#LABEL com.example.version="0.0.1-beta" +LABEL vendor1="Opin Kerfi hf." +#LABEL com.example.release-date="2019-11-14" + +ENV container docker ENV ADAGIOS_HOST adagios.local ENV ADAGIOS_USER thrukadmin ENV ADAGIOS_PASS thrukadmin +# Systemd - preparation +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; +# Systemd - preparation ends + # First install the opensource.is and consol labs repositories -RUN rpm -ihv http://opensource.is/repo/ok-release.rpm -RUN rpm -Uvh https://labs.consol.de/repo/stable/rhel7/x86_64/labs-consol-stable.rhel7.noarch.rpm -RUN yum install -y epel-release -RUN yum update -y ok-release -RUN yum clean all && yum -y update - -# -# Install Deps -# -RUN yum install -y git acl libstdc++-static python-setuptools facter mod_wsgi postfix python-pip sudo -RUN pip install --upgrade pip - -# Install Nagios 4 -# -RUN yum install -y nagios nagios-plugins-all pnp4nagios - -# -# Enable and start services -# -RUN systemctl enable nagios -RUN chkconfig npcd on -RUN systemctl enable httpd - -# -# Install Livestatus -# -RUN yum install -y check-mk-livestatus -# Add check_mk livestatus broker module to nagios config -RUN echo "broker_module=/usr/lib64/check_mk/livestatus.o /var/spool/nagios/cmd/livestatus debug=1" >> /etc/nagios/nagios.cfg - -# -# Install Remote Livestatus service -# Needs livestatus xinetd config below -# -RUN yum install -y xinetd -ADD container-files/etc/xinetd.d/livestatus /etc/xinetd.d/livestatus - -# Lets make sure adagios can write to nagios configuration files, and that -# it is a valid git repo so we have audit trail -WORKDIR /etc/nagios -RUN git init /etc/nagios/ -RUN git config user.name "User" -RUN git config user.email "email@mail.com" -RUN git add * -RUN git commit -m "Initial commit" - -# Make sure nagios group will always have write access to the configuration files: -RUN chown -R nagios:nagios /etc/nagios/* /etc/nagios/.git - -# Install Pynag from Git -RUN mkdir -p /opt/pynag -WORKDIR /opt/ -RUN pip install django==1.6 -RUN pip install simplejson -RUN git clone git://github.com/pynag/pynag.git - -# Install Adagios from Git -RUN mkdir -p /opt/adagios -WORKDIR /opt -RUN git clone git://github.com/opinkerfi/adagios.git -WORKDIR /opt/adagios/adagios -RUN cp -r etc/adagios /etc/adagios -RUN chown -R nagios:nagios /etc/adagios -RUN chmod g+w -R /etc/adagios -RUN mkdir -p /var/lib/adagios/userdata -RUN chown nagios:nagios /var/lib/adagios -RUN mkdir /etc/nagios/adagios - -RUN mkdir -p /etc/nagios/adagios /etc/nagios/commands -RUN echo "cfg_dir=/etc/nagios/adagios" >> /etc/nagios/nagios.cfg -RUN echo "cfg_dir=/etc/nagios/commands" >> /etc/nagios/nagios.cfg -RUN sed -i 's|debug_level=0|debug_level=1|g' /etc/nagios/nagios.cfg +RUN rpm -ihv http://opensource.is/repo/ok-release.rpm \ + && rpm -Uvh https://labs.consol.de/repo/stable/rhel7/x86_64/labs-consol-stable.rhel7.noarch.rpm \ + && yum update -y ok-release -# Add naemon to apache group so it has permissions to pnp4nagios's session files -RUN usermod -G apache nagios +# Redhat/Centos users need to install the epel repositories (fedora users skip this step) +RUN yum install -y epel-release && yum clean all && yum -y update -RUN sed -i 's|^\(nagios_init_script\)=\(.*\)$|\1="sudo /usr/bin/nagios-supervisor-wrapper.sh"|g' /etc/adagios/adagios.conf -RUN echo "nagios ALL=NOPASSWD: /usr/bin/nagios-supervisor-wrapper.sh" >> /etc/sudoers.d/adagios +# Install naemon, adagios and other needed packages +RUN yum --enablerepo=ok-testing install -y naemon naemon-livestatus git adagios okconfig acl pnp4nagios python-setuptools postfix python-pip -# Redirect / to /adagios +# Now all the packages have been installed, and we need to do a little bit of +# configuration before we start doing awesome monitoring + +# Lets make sure adagios can write to naemon configuration files, and that +# it is a valid git repo so we have audit trail +WORKDIR /etc/naemon +RUN git init /etc/naemon ;\ + git config user.name "admin" ;\ + git config user.email "admin@adagios.local" ;\ + git add . ;\ + git commit -a -m "Initial commit" + +# Fix permissions for naemon and pnp4nagios +RUN chown -R naemon:naemon \ + /etc/naemon \ + /etc/adagios \ + /var/lib/adagios \ + /var/lib/pnp4nagios \ + /var/log/pnp4nagios \ + /var/spool/pnp4nagios \ + /etc/pnp4nagios/process_perfdata.cfg \ + /var/log/okconfig +# ACL group permissions need g+rwx +RUN chmod g+rwx -R \ + /etc/naemon \ + /etc/adagios \ + /var/lib/adagios \ + /var/lib/pnp4nagios \ + /var/log/pnp4nagios \ + /var/spool/pnp4nagios \ + /etc/pnp4nagios/process_perfdata.cfg /var/log/okconfig + +RUN setfacl -R -m group:naemon:rwx -m d:group:naemon:rwx \ + /etc/naemon/ \ + /etc/adagios \ + /var/lib/adagios \ + /var/lib/pnp4nagios \ + /var/log/pnp4nagios \ + /var/spool/pnp4nagios \ + /etc/pnp4nagios/process_perfdata.cfg \ + /var/log/okconfig + +# Make sure nagios doesn't interfere +RUN mkdir /etc/nagios/disabled ;\ + mv /etc/nagios/{nagios,cgi}.cfg /etc/nagios/disabled/ + +# Make objects created by adagios go to /etc/naemon/adagios +RUN mkdir -p /etc/naemon/adagios ;\ + pynag config --append cfg_dir=/etc/naemon/adagios + +# Make adagios naemon aware +RUN sed 's|/etc/nagios/passwd|/etc/thruk/htpasswd|g' -i /etc/httpd/conf.d/adagios.conf ;\ + sed 's|user=nagios|user=naemon|g' -i /etc/httpd/conf.d/adagios.conf ;\ + sed 's|group=nagios|group=naemon|g' -i /etc/httpd/conf.d/adagios.conf ;\ + sed 's|/etc/nagios/nagios.cfg|/etc/naemon/naemon.cfg|g' -i /etc/adagios/adagios.conf ;\ + sed 's|nagios_url = "/nagios|nagios_url = "/naemon|g' -i /etc/adagios/adagios.conf ;\ + sed 's|/etc/nagios/adagios/|/etc/naemon/adagios/|g' -i /etc/adagios/adagios.conf ;\ + sed 's|/etc/init.d/nagios|/etc/init.d/naemon|g' -i /etc/adagios/adagios.conf ;\ + sed 's|nagios_service = "nagios"|nagios_service = "naemon"|g' -i /etc/adagios/adagios.conf ;\ + sed 's|livestatus_path = None|livestatus_path = "/var/cache/naemon/live"|g' -i /etc/adagios/adagios.conf ;\ + sed 's|/usr/sbin/nagios|/usr/bin/naemon|g' -i /etc/adagios/adagios.conf + +# Make okconfig naemon aware +RUN sed 's|/etc/nagios/nagios.cfg|/etc/naemon/naemon.cfg|g' -i /etc/okconfig.conf ;\ + sed 's|/etc/nagios/okconfig/|/etc/naemon/okconfig/|g' -i /etc/okconfig.conf ;\ + sed 's|/etc/nagios/okconfig/examples|/etc/naemon/okconfig/examples|g' -i /etc/okconfig.conf + +RUN okconfig init && okconfig verify + +# Add naemon to apache group so it has permissions to pnp4nagios's session files +RUN usermod -G apache naemon + +# Allow Adagios to control the service +RUN sed 's|nagios|naemon|g' -i /etc/sudoers.d/adagios ;\ + sed 's|/usr/sbin/naemon|/usr/bin/naemon|g' -i /etc/sudoers.d/adagios + +# Make naemon use nagios plugins, more people are doing it like that. And configure pnp4nagios +RUN sed -i 's|/usr/lib64/naemon/plugins|/usr/lib64/nagios/plugins|g' /etc/naemon/resource.cfg ;\ + sed -i 's|/etc/nagios/passwd|/etc/thruk/htpasswd|g' /etc/httpd/conf.d/pnp4nagios.conf ;\ + sed -i 's|user = nagios|user = naemon|g' /etc/pnp4nagios/npcd.cfg ;\ + sed -i 's|group = nagios|group = naemon|g' /etc/pnp4nagios/npcd.cfg + + +# Enable Naemon performance data and service performance data +RUN pynag config --set "process_performance_data=1" ;\ + pynag config --set 'service_perfdata_file=/var/lib/naemon/service-perfdata' ;\ + pynag config --set 'service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tSERVICEDESC::$SERVICEDESC$\tSERVICEPERFDATA::$SERVICEPERFDATA$\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tSERVICESTATE::$SERVICESTATE$\tSERVICESTATETYPE::$SERVICESTATETYPE$' ;\ + pynag config --set 'service_perfdata_file_mode=a' ;\ + pynag config --set 'service_perfdata_file_processing_interval=15';\ + pynag config --set 'service_perfdata_file_processing_command=process-service-perfdata-file' + +# host performance data +RUN pynag config --set 'host_perfdata_file=/var/lib/naemon/host-perfdata' ;\ + pynag config --set 'host_perfdata_file_template=DATATYPE::HOSTPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tHOSTPERFDATA::$HOSTPERFDATA$\tHOSTCHECKCOMMAND::$HOSTCHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$' ;\ + pynag config --set 'host_perfdata_file_mode=a' ;\ + pynag config --set 'host_perfdata_file_processing_interval=15' ;\ + pynag config --set 'host_perfdata_file_processing_command=process-host-perfdata-file' + +# host commands +RUN pynag add command command_name=process-service-perfdata-file command_line='/bin/mv /var/lib/naemon/service-perfdata /var/spool/pnp4nagios/service-perfdata.$TIMET$' ;\ + pynag add command command_name=process-host-perfdata-file command_line='/bin/mv /var/lib/naemon/host-perfdata /var/spool/pnp4nagios/host-perfdata.$TIMET$' ;\ + pynag config --append cfg_dir=/etc/naemon/commands/ + +RUN mv /etc/httpd/conf.d/thruk_cookie_auth_vhost.conf /etc/httpd/conf.d/thruk_cookie_auth_vhost.conf.disabled + +RUN htpasswd -b /etc/thruk/htpasswd "$ADAGIOS_USER" "$ADAGIOS_PASS" ;\ + rm -f /etc/nagios/passwd ;\ + ln -s /etc/thruk/htpasswd /etc/nagios/passwd + +# Redirect root URL to /adagios RUN echo "RedirectMatch ^/$ /adagios" > /etc/httpd/conf.d/redirect.conf -# Add supervisord conf, bootstrap.sh files -ADD container-files / -ADD supervisord-nagios.conf /etc/supervisor.d/supervisord-nagios.conf +# Enable debugging mode in livestatus broker +RUN sed -i '/broker_module/ s/$/ debug=1/' /etc/naemon/module-conf.d/livestatus.cfg + +# Fix permissions for naemon and pnp4nagios +RUN chown -R naemon:naemon \ + /etc/naemon \ + /etc/adagios \ + /var/lib/adagios \ + /var/lib/pnp4nagios \ + /var/log/pnp4nagios \ + /var/spool/pnp4nagios \ + /etc/pnp4nagios/process_perfdata.cfg \ + /var/log/okconfig + +# ACL group permissions need g+rwx +RUN chmod g+rwx -R \ + /etc/naemon \ + /etc/adagios \ + /var/lib/adagios \ + /var/lib/pnp4nagios \ + /var/log/pnp4nagios \ + /var/spool/pnp4nagios \ + /etc/pnp4nagios/process_perfdata.cfg \ + /var/log/okconfig + +RUN setfacl -R -m group:naemon:rwx -m d:group:naemon:rwx \ + /etc/naemon/ \ + /etc/adagios \ + /var/lib/adagios \ + /var/lib/pnp4nagios \ + /var/log/pnp4nagios \ + /var/spool/pnp4nagios \ + /etc/pnp4nagios/process_perfdata.cfg \ + /var/log/okconfig + +# Install Virtualenv +RUN pip install --upgrade pip ;\ + pip install virtualenv + +# Clone repositories +RUN git clone git://github.com/opinkerfi/adagios.git /opt/adagios ;\ + git clone git://github.com/opinkerfi/okconfig.git /opt/okconfig ;\ + git clone git://github.com/pynag/pynag.git /opt/pynag + +# Enable Virtualenv +RUN virtualenv /opt/venv ;\ + source /opt/venv/bin/activate + +# Adagios setup +WORKDIR /opt/pynag +RUN python setup.py build ;\ + python setup.py install + +RUN export DJANGO_VERSION="Django<1.9" ;\ + pip install $DJANGO_VERSION ;\ + pip install simplejson ;\ + pip install paramiko ;\ + pip install selenium + +WORKDIR /opt/adagios +RUN python setup.py build ;\ + python setup.py install + +# Start Adagios development server +#WORKDIR /opt/adagios/adagios +#RUN python manage.py migrate ;\ +#RUN python manage.py runserver 0.0.0.0:8080 + +# Enable services +RUN systemctl enable httpd naemon npcd + +# Remove yum cache +RUN yum clean all -y && rm -rf /var/cache/yum + +WORKDIR /etc/naemon EXPOSE 80 -# Livestatus remote service -EXPOSE 6557 +EXPOSE 8080 -VOLUME ["/data", "/etc/nagios", "/var/log/nagios", "/etc/adagios", "/opt/adagios", "/opt/pynag"] +VOLUME ["/etc/naemon", "/var/log/naemon"] +CMD ["/usr/sbin/init"] -ENTRYPOINT ["/config/bootstrap.sh"] +#HEALTHCHECK --interval=2m --timeout=3s CMD curl -f http://localhost:80/ || exit 1 diff --git a/Dockerfile.supervisord b/Dockerfile.supervisord new file mode 100644 index 0000000..9144afa --- /dev/null +++ b/Dockerfile.supervisord @@ -0,0 +1,113 @@ +FROM centos:centos7 +MAINTAINER gardar@ok.is + +# - Install basic packages (e.g. python-setuptools is required to have python's easy_install) +# - Install yum-utils so we have yum-config-manager tool available +# - Install inotify, needed to automate daemon restarts after config file changes +# - Install jq, small library for handling JSON files/api from CLI +# - Install supervisord (via python's easy_install - as it has the newest 3.x version) +RUN \ + yum update -y && \ + yum install -y epel-release && \ + yum install -y iproute python-setuptools hostname inotify-tools yum-utils which jq top && \ + yum clean all && \ + easy_install supervisor + +ENV ADAGIOS_HOST adagios.local +ENV ADAGIOS_USER thrukadmin +ENV ADAGIOS_PASS thrukadmin + +# First install the opensource.is and consol labs repositories +RUN rpm -ihv http://opensource.is/repo/ok-release.rpm +RUN rpm -Uvh https://labs.consol.de/repo/stable/rhel7/x86_64/labs-consol-stable.rhel7.noarch.rpm +RUN yum install -y epel-release +RUN yum update -y ok-release +RUN yum clean all && yum -y update + +# +# Install Deps +# +RUN yum install -y git acl libstdc++-static python-setuptools facter mod_wsgi postfix python-pip sudo +RUN pip install --upgrade pip + +# Install Nagios 4 +# +RUN yum install -y nagios nagios-plugins-all pnp4nagios + +# +# Enable and start services +# +RUN systemctl enable nagios +RUN chkconfig npcd on +RUN systemctl enable httpd + +# +# Install Livestatus +# +RUN yum install -y check-mk-livestatus +# Add check_mk livestatus broker module to nagios config +RUN echo "broker_module=/usr/lib64/check_mk/livestatus.o /var/spool/nagios/cmd/livestatus debug=1" >> /etc/nagios/nagios.cfg + +# +# Install Remote Livestatus service +# Needs livestatus xinetd config below +# +RUN yum install -y xinetd +ADD container-files/etc/xinetd.d/livestatus /etc/xinetd.d/livestatus + +# Lets make sure adagios can write to nagios configuration files, and that +# it is a valid git repo so we have audit trail +WORKDIR /etc/nagios +RUN git init /etc/nagios/ +RUN git config user.name "User" +RUN git config user.email "email@mail.com" +RUN git add * +RUN git commit -m "Initial commit" + +# Make sure nagios group will always have write access to the configuration files: +RUN chown -R nagios:nagios /etc/nagios/* /etc/nagios/.git + +# Install Pynag from Git +RUN mkdir -p /opt/pynag +WORKDIR /opt/ +RUN pip install django==1.6 +RUN pip install simplejson +RUN git clone git://github.com/pynag/pynag.git + +# Install Adagios from Git +RUN mkdir -p /opt/adagios +WORKDIR /opt +RUN git clone git://github.com/opinkerfi/adagios.git +WORKDIR /opt/adagios/adagios +RUN cp -r etc/adagios /etc/adagios +RUN chown -R nagios:nagios /etc/adagios +RUN chmod g+w -R /etc/adagios +RUN mkdir -p /var/lib/adagios/userdata +RUN chown nagios:nagios /var/lib/adagios +RUN mkdir /etc/nagios/adagios + +RUN mkdir -p /etc/nagios/adagios /etc/nagios/commands +RUN echo "cfg_dir=/etc/nagios/adagios" >> /etc/nagios/nagios.cfg +RUN echo "cfg_dir=/etc/nagios/commands" >> /etc/nagios/nagios.cfg +RUN sed -i 's|debug_level=0|debug_level=1|g' /etc/nagios/nagios.cfg + +# Add naemon to apache group so it has permissions to pnp4nagios's session files +RUN usermod -G apache nagios + +RUN sed -i 's|^\(nagios_init_script\)=\(.*\)$|\1="sudo /usr/bin/nagios-supervisor-wrapper.sh"|g' /etc/adagios/adagios.conf +RUN echo "nagios ALL=NOPASSWD: /usr/bin/nagios-supervisor-wrapper.sh" >> /etc/sudoers.d/adagios + +# Redirect / to /adagios +RUN echo "RedirectMatch ^/$ /adagios" > /etc/httpd/conf.d/redirect.conf + +# Add supervisord conf, bootstrap.sh files +ADD container-files / +ADD supervisord-nagios.conf /etc/supervisor.d/supervisord-nagios.conf + +EXPOSE 80 +# Livestatus remote service +EXPOSE 6557 + +VOLUME ["/data", "/etc/nagios", "/var/log/nagios", "/etc/adagios", "/opt/adagios", "/opt/pynag"] + +ENTRYPOINT ["/config/bootstrap.sh"] diff --git a/container-files/config/supervisor-wrapper-nagios.sh b/container-files/config/supervisor-wrapper-nagios.sh deleted file mode 100644 index 3d0da49..0000000 --- a/container-files/config/supervisor-wrapper-nagios.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# -# - Adagios uses this wrapper to control Nagios services (start/stop/reload) -# - Remember to change nagios_init_script variable inside /etc/adagios/adagios.conf -# - sed -i 's|^\(nagios_init_script\)=\(.*\)$|\1="sudo /config/supervisor-nagios-wrapper.sh"|g' /etc/adagios/adagios.conf -# -if [[ "$1" = "status" ]] -then - # Return 1 if Nagios is not running - status=$(supervisorctl status nagios) - echo $status - grep RUNNING > /dev/null <<< "$status" -else - supervisorctl "$1" nagios -fi diff --git a/container-files/etc/supervisord.conf b/container-files/etc/supervisord.conf deleted file mode 100644 index 980e835..0000000 --- a/container-files/etc/supervisord.conf +++ /dev/null @@ -1,24 +0,0 @@ -[supervisord] -pidfile = /run/supervisord.pid -# It seems that it's not possible to swith this log to NONE (it creates NONE logfile) -logfile = /data/logs/supervisord.log -# Set loglevel=debug, only then all logs from child services are printed out -# to container logs (and thus available via `docker logs [container]` -loglevel = debug - -# These two (unix_http_server, rpcinterface) are needed for supervisorctl to work -[inet_http_server] -port = :9111 -username = sv -password = password - -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -[supervisorctl] -serverurl = http://localhost:9111 -username = sv -password = password - -[include] -files = /etc/supervisor.d/*.conf diff --git a/supervisord-nagios.conf b/supervisord-nagios.conf deleted file mode 100644 index b61e4e9..0000000 --- a/supervisord-nagios.conf +++ /dev/null @@ -1,15 +0,0 @@ -[program:httpd] -command=/usr/sbin/httpd -c "ErrorLog /dev/stdout" -DFOREGROUND -redirect_stderr=true - -[program:nagios] -command=/usr/sbin/nagios /etc/nagios/nagios.cfg - -[program:npcd] -command=/usr/sbin/npcd -f /etc/pnp4nagios/npcd.cfg - -[program:xinetd] -command=/usr/sbin/xinetd -f /etc/xinetd.conf - -[group:nagios] -programs=httpd,nagios,npcd,xinetd