From d6e30533d7730331452c5f61a98c9d1eec486a0b Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Wed, 28 Aug 2019 19:43:26 +0200 Subject: OpenShift support --- CHANGELOG | 9 --------- Dockerfile | 59 ++++++++++++++++++++++++++++++++++++++++++------------ README.md | 39 ++++++++++++------------------------ munin.conf | 24 +++++++++++----------- nginx-munin | 20 ++++++++++-------- nginx.conf | 11 ++++++---- start-munin.sh | 58 ++++++++++++++++++++++------------------------------- test/start_test.sh | 12 ++++------- 8 files changed, 118 insertions(+), 114 deletions(-) delete mode 100644 CHANGELOG diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index b0c56a7..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,9 +0,0 @@ -# v7 - 2 Nov 2016 - -* Add support for graph CGI - -# v5 - 30 Apr 2015 - -* Graceful shutdown -* Do not repeat configuration on restart -* Email for alerts diff --git a/Dockerfile b/Dockerfile index c87f487..fd9120e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,57 @@ -FROM ubuntu:14.04 +FROM alpine:latest -MAINTAINER Leo Unbekandt +MAINTAINER Suren Chilingaryan -RUN adduser --system --home /var/lib/munin --shell /bin/false --uid 1103 --group munin +ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.8/supercronic-linux-amd64 \ + SUPERCRONIC=supercronic-linux-amd64 \ + SUPERCRONIC_SHA1SUM=be43e64c45acd6ec4fce5831e03759c89676a0ea -RUN apt-get update -qq && RUNLEVEL=1 DEBIAN_FRONTEND=noninteractive \ - apt-get install -y -qq cron munin munin-node nginx wget heirloom-mailx patch spawn-fcgi libcgi-fast-perl -RUN rm /etc/nginx/sites-enabled/default && mkdir -p /var/cache/munin/www && chown munin:munin /var/cache/munin/www && mkdir -p /var/run/munin && chown -R munin:munin /var/run/munin +VOLUME /munin +#Only small temporary files, doesn't need volume +#VOLUME /var/lib/nginx -VOLUME /var/lib/munin -VOLUME /var/log/munin +RUN packages="munin nginx wget heirloom-mailx patch spawn-fcgi perl-cgi-fast curl busybox-extras font-adobe-75dpi"; \ + apk update && apk upgrade && apk add --no-cache $packages \ + && curl -fsSLO "$SUPERCRONIC_URL" \ + && echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \ + && chmod +x "$SUPERCRONIC" \ + && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \ + && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic ADD ./munin.conf /etc/munin/munin.conf ADD ./nginx.conf /etc/nginx/nginx.conf ADD ./nginx-munin /etc/nginx/sites-enabled/munin -ADD ./start-munin.sh /munin -ADD ./munin-graph-logging.patch /usr/share/munin -ADD ./munin-update-logging.patch /usr/share/munin +ADD ./start-munin.sh /munin.sh +ADD ./munin-graph-logging.patch /usr/lib/munin +ADD ./munin-update-logging.patch /usr/lib/munin -RUN cd /usr/share/munin && patch munin-graph < munin-graph-logging.patch && patch munin-update < munin-update-logging.patch +# rsyslog is not actually used, but I keep here configuration just in case +# Nginx always creates error_log in /var/log/nginx, but doesn't write there if other locating is configured +RUN \ + #sed -i -e 's|^$FileOwner|#$FileOwner|' "/etc/rsyslog.conf" && \ + #sed -i -e 's|^$FileGroup|#$FileGroup|' "/etc/rsyslog.conf" && \ + #sed -i -e 's|^$PrivDrop|#$PrivDrop|' "/etc/rsyslog.conf" && \ + #sed -i -e 's|^$ModLoad imuxsock|#$ModLoad imuxsock|' "/etc/rsyslog.conf" && \ + #sed -i -e 's|^$ModLoad imklog|#$ModLoad imklog|' "/etc/rsyslog.conf" && \ + \ + rm -rf /var/log/nginx && \ + ln -s /tmp /var/log/nginx && \ + ln -s /tmp /var/lib/nginx/logs && \ + rm -f /etc/nginx/conf.d/default.conf && \ + rm -f /etc/nginx/sites-enabled/default && \ + \ + ln -s /usr/share/webapps/munin/cgi /usr/lib/munin/cgi && \ + cd /usr/lib/munin && patch munin-graph < munin-graph-logging.patch && patch munin-update < munin-update-logging.patch && \ + sed -re "/@[[:alnum:]]+/ d; s|munin if|if|" /etc/munin/munin.cron.sample > /etc/munin/munin.cron && \ + \ + bash -c "mkdir -p /munin/{db,run,log,www/cache}" && \ + ln -s ../www/cache /munin/db/cgi-tmp && \ + rm -rf /var/lib/munin/cgi-tmp && \ + ln -s /munin/www/cache /var/lib/munin/cgi-tmp && \ + \ + chgrp -R root /munin /etc/munin/munin.conf /var/tmp/nginx /var/lib/nginx && \ + chmod -R g+rw /munin /etc/munin/munin.conf /var/tmp/nginx && \ + for name in "/var/tmp/nginx /munin/"; do find $name -type d -print0 | xargs -0 chmod g+x; done EXPOSE 8080 -CMD ["bash", "/munin"] +CMD ["bash", "/munin.sh"] diff --git a/README.md b/README.md index cc39d1b..7ab1cc7 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,17 @@ # Docker image for munin server +## Note +The package is based on the original Scalingo docker image which was modified to run OpenShift platform. +Major modifications: + * Runs under non-privileged user + * Based on Alpine Linux + * Database and lockfiles can be mounted as a single volume + * Authentication support is dropped, email notifications are not checked + ## Configuration All the configuration is done through the environment. -### HTTP Credentials - -These are the credentials used to authenticate the HTTP dashboard; both take a space-delimited list - -* `MUNIN_USERS` -* `MUNIN_PASSWORDS` - ### SMTP info for alerts Email credentials used to send emails (like alerts) @@ -46,10 +47,10 @@ Container is listening on the port 8080 For a bit of persistency -* /var/log/munin -> logs -* /var/lib/munin -> db -* /var/run/munin -> lock and pid files -* /var/cache/munin -> file deserved by HTTP +* /minin -> everything: configuration, database, locks, and log files +* /munin/db -> db +* /munin/run -> locks +* /munin/log -> log files ## How to use the image @@ -57,12 +58,7 @@ For a bit of persistency docker build -t munin-server . docker run -d \ -p 8080:8080 \ - -v /var/log/munin:/var/log/munin \ - -v /var/lib/munin:/var/lib/munin \ - -v /var/run/munin:/var/run/munin \ - -v /var/cache/munin:/var/cache/munin \ - -e MUNIN_USERS='http-user another-user' \ - -e MUNIN_PASSWORDS='secret-password other-users-password' \ + -v /var/lib/munin:/munin \ -e SMTP_HOST=smtp.example.com \ -e SMTP_PORT=587 \ -e SMTP_USERNAME=smtp-username \ @@ -76,12 +72,3 @@ docker run -d \ -e SNMP_NODES="router1:10.0.0.254:9999" \ munin-server ``` - -You can now reach your munin-server on port 8080 of your host. It will display at the first run: - -``` -Munin has not run yet. Please try again in a few moments. -``` - -Every 5 minutes munin-server will interrogate its nodes and build the graphs and store the data. -That's only after the first data fetching operation that the first graphs will appear. diff --git a/munin.conf b/munin.conf index 9dacba5..5ceff3f 100644 --- a/munin.conf +++ b/munin.conf @@ -1,20 +1,20 @@ -#dbdir /var/lib/munin -#htmldir /var/cache/munin/www -#logdir /var/log/munin -#rundir /var/run/munin -#tmpldir /etc/munin/templates -#staticdir /etc/munin/static -includedir /etc/munin/munin-conf.d -#graph_period second -#munin_cgi_graph_jobs 6 +dbdir /munin/db +rundir /munin/run +htmldir /munin/www +logdir /munin/log + +includedir /etc/munin/munin-conf.d +tmpldir /etc/munin/templates +staticdir /etc/munin/static -## html_strategy cron|cgi -html_strategy cron -## graph_strategy cron|cgi +# strategies cron|cgi +html_strategy cgi graph_strategy cgi cgiurl_graph /munin-cgi/munin-cgi-graph #max_size_x 4000 #max_size_y 4000 #max_processes 16 +#munin_cgi_graph_jobs 6 +#graph_period second #rrdcached_socket /var/run/rrdcached.sock diff --git a/nginx-munin b/nginx-munin index d0f5da9..07451b3 100644 --- a/nginx-munin +++ b/nginx-munin @@ -2,24 +2,28 @@ server { listen 8080 default_server; server_name munin; - access_log /var/log/nginx/munin-access.log; - error_log /var/log/nginx/munin-server.log; + access_log /proc/self/fd/1; + error_log /proc/self/fd/2; - auth_basic "Munin Server"; - auth_basic_user_file "/etc/munin/htpasswd.users"; + location /munin/static { + alias /etc/munin/static; + } - location /munin { - root /var/cache/munin/www; + location ^~ /munin/ { + fastcgi_split_path_info ^(/munin)(.*); + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass 127.0.0.1:9001; + include fastcgi_params; } location ^~ /munin-cgi/munin-cgi-graph/ { fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*); fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_pass unix:/var/run/munin/fcgi-graph.sock; + fastcgi_pass 127.0.0.1:9000; include fastcgi_params; } location / { - root "/var/cache/munin/www"; + rewrite ^/$ /munin/ redirect; break; } } diff --git a/nginx.conf b/nginx.conf index 7fb8e46..1634164 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,6 @@ -user munin; worker_processes 4; -pid /run/nginx.pid; +pid /tmp/nginx.pid; +error_log /proc/self/fd/2 warn; events { worker_connections 768; @@ -17,8 +17,11 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + #client_body_temp_path /tmp/nginx/temp; + #proxy_temp_path /tmp/nginx/proxy; + + access_log /proc/self/fd/1; + error_log /proc/self/fd/2; gzip on; gzip_disable "msie6"; diff --git a/start-munin.sh b/start-munin.sh index 71b2359..e224de1 100755 --- a/start-munin.sh +++ b/start-munin.sh @@ -1,22 +1,24 @@ #!/bin/bash + NODES=${NODES:-} SNMP_NODES=${SNMP_NODES:-} SSH_NODES=${SSH_NODES:-} MUNIN_USERS=${MUNIN_USERS:-${MUNIN_USER:-user}} MUNIN_PASSWORDS=${MUNIN_PASSWORDS:-${MUNIN_PASSWORD:-password}} -MAIL_CONF_PATH='/var/lib/munin/.mailrc' +MAIL_CONF_PATH='/munin/db/.mailrc' SMTP_USE_TLS=${SMTP_USE_TLS:-false} SMTP_ALWAYS_SEND=${SMTP_ALWAYS_SEND:-true} SMTP_MESSAGE_DEFAULT='[${var:group};${var:host}] -> ${var:graph_title} -> warnings: ${loop<,>:wfields ${var:label}=${var:value}} / criticals: ${loop<,>:cfields ${var:label}=${var:value}}' SMTP_MESSAGE="${SMTP_MESSAGE:-$SMTP_MESSAGE_DEFAULT}" -truncate -s 0 "${MAIL_CONF_PATH}" -# set volume ownerships -chown -R munin:munin /var/log/munin -chown -R munin:munin /var/lib/munin -chown -R munin:munin /var/run/munin -chown -R munin:munin /var/cache/munin +mkdir -p /munin/{db,run,log,www/cache} +[ -a /munin/db/cgi-tmp ] || ln -s ../www/cache /munin/db/cgi-tmp +[ -a /var/lib/munin/cgi-tmp ] || ln -s /munin/www/cache /var/lib/munin/cgi-tmp +[ -a /var/log/nginx ] || ln -s /tmp /var/log/nginx + + +truncate -s 0 "${MAIL_CONF_PATH}" if [ "${SMTP_USE_TLS}" = true ] ; then cat >> "${MAIL_CONF_PATH}" <> /etc/munin/htpasswd.users - (( uc++ )) - done -fi - # generate node list for NODE in $NODES do @@ -121,10 +112,10 @@ EOF fi done -[ -d /var/cache/munin/www ] || mkdir /var/cache/munin/www + # placeholder html to prevent permission error -if [ ! -e /var/cache/munin/www/index.html ]; then -cat << EOF > /var/cache/munin/www/index.html +if [ ! -e /munin/www/index.html ]; then +cat << EOF > /munin/www/index.html Munin @@ -134,35 +125,34 @@ Munin has not run yet. Please try again in a few moments. EOF -chown munin:munin -R /var/cache/munin/www -chmod g+w /var/cache/munin/www/index.html fi # start rsyslogd -/usr/sbin/rsyslogd -# start cron -/usr/sbin/cron -# Issue: 'NUMBER OF HARD LINKS > 1' prevents cron exec in container -# https://github.com/phusion/baseimage-docker/issues/198 -touch /etc/crontab /etc/cron.d/* -# start local munin-node -/usr/sbin/munin-node +truncate -s 0 /tmp/rsyslogd.pid +#/usr/sbin/rsyslogd -i /tmp/rsyslogd.pid + +# start munin updates +truncate -s 0 /munin/log/munin-update.log +/usr/local/bin/supercronic -split-logs /etc/munin/munin.cron & cron_pid=$! + + echo "Using the following munin nodes:" echo $NODES echo "(ssh) $SSH_NODES" echo "(snmp) $SNMP_NODES" # start spawn-cgi to enable CGI interface with munin (dynamix graph generation) -spawn-fcgi -s /var/run/munin/fcgi-graph.sock -U munin -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph +spawn-fcgi -p 9000 /usr/lib/munin/cgi/munin-cgi-graph +spawn-fcgi -p 9001 /usr/lib/munin/cgi/munin-cgi-html # start nginx /usr/sbin/nginx # show logs echo "Tailing syslog and munin-update log..." -tail -F /var/log/syslog /var/log/munin/munin-update.log & pid=$! +tail -F /munin/log/munin-update.log & pid=$! echo "tail -F running in $pid" sleep 1 -trap "echo 'stopping processes' ; kill $pid $(cat /var/run/munin/munin-node.pid) $(cat /var/run/nginx.pid) $(cat /var/run/crond.pid) $(cat /var/run/rsyslogd.pid)" SIGTERM SIGINT +trap "echo 'stopping processes' ; kill $pid $cron_pid $(cat /tmp/nginx.pid) $(cat /tmp/rsyslogd.pid)" SIGTERM SIGINT echo "Waiting for signal SIGINT/SIGTERM" wait diff --git a/test/start_test.sh b/test/start_test.sh index 7f81e69..f348c7b 100755 --- a/test/start_test.sh +++ b/test/start_test.sh @@ -8,12 +8,8 @@ fi basedir="$( cd -P "$( dirname "$0" )" && pwd )/munin" docker run -it \ + -u 1001 \ -p 8080:8080 \ - -v $basedir/log:/var/log/munin \ - -v $basedir/lib:/var/lib/munin \ - -v $basedir/run:/run/munin \ - -v $basedir/cache:/var/cache/munin \ - -e MUNIN_USER=user \ - -e MUNIN_PASSWORD=secret \ - -e NODES="172.17.0.1:$(hostname)" \ - $1 + -v $basedir:/munin \ + -e NODES="styx:192.168.26.117" \ + "$@" -- cgit v1.2.3