From a9787275c0e8466fdb7f4cd7a921cad442fa4b48 Mon Sep 17 00:00:00 2001
From: Jack-Benny Persson <jack-benny@cyberinfo.se>
Date: Mon, 18 May 2020 19:26:46 +0200
Subject: [PATCH] Added support for ticket via secrets for Docker Swarm

---
 Dockerfile          |  1 +
 README.md           | 28 +++++++++++++++++++++++++++-
 create-satellite.sh |  5 +++++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index db0be09..84acd00 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
 FROM debian:10-slim
+LABEL maintainer="Jack-Benny Persson <jack-benny@cyberinfo.se>"
 RUN apt-get update && apt-get install wget gnupg -y && \
     printf "deb http://packages.icinga.com/debian icinga-buster main\ndeb-src http://packages.icinga.com/debian icinga-buster main" > /etc/apt/sources.list.d/icinga2.list && \
     wget -O - https://packages.icinga.com/icinga.key | apt-key add - && \
diff --git a/README.md b/README.md
index 56a3c63..b250f2d 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,8 @@ is instead to create an easy-to-deploy satellite image.
 ## Tags and their respective Dockerfile
 
 ### Main tags
-* [0.5, latest](https://github.com/jackbenny/icinga-satellite/blob/master/Dockerfile)
+* [0.6, latest](https://github.com/jackbenny/icinga-satellite/blob/master/Dockerfile)
+* [0.5](https://github.com/jackbenny/icinga-satellite/blob/0.5/Dockerfile)
 * [0.4](https://github.com/jackbenny/icinga-satellite/blob/0.4/Dockerfile)
 * [0.3](https://github.com/jackbenny/icinga-satellite/blob/0.3/Dockerfile)
 * [0.2](https://github.com/jackbenny/icinga-satellite/blob/0.2/Dockerfile)
@@ -46,6 +47,10 @@ Everything is controlled using the following environment variables.
 * **PARENTPORT** is the Icinga2 port on the parent host. Defaults to 5665.
 * **TICKET** is the ticket you get from the master (if you are using Director
   you find it under the Agent tab of the host).
+* **TICKET_PATH** is the path to the ticket secrets file if you use Swarm and wants to use
+  secrets instead (to keep your ticket secure). The ticket should be on ONE line only 
+  and be created as an external secret. This variable is optional and only apply for
+  Docker Swarm.
 * **ACCEPT_CONFIG** takes a ***y*** or ***n*** value for yes or no. The default is
   ***n***
 * **ACCEPT_COMMANDS** takes a ***y*** or ***n*** value for yes or no. The default is
@@ -90,4 +95,25 @@ services:
       - LOCAL_TIMEZONE=Europe/Stockholm
 ```
 
+## docker-compose.yml example with Docker secrets
+```
+version: "3.8"
+services:
+  my-icinga-sat:
+    image: jackbenny/icinga-satellite
+    environment:
+      - CN=icinga-sat02.local
+      - PARENTHOST=icinga-master.local
+      - PARENTZONE=master
+      - TICKET_PATH=/var/run/secrets/ticket
+      - ACCEPT_CONFIG=y
+      - ACCEPT_COMMANDS=y
+      - DISABLE_CONFD=y
+      - LOCAL_TIMEZONE=Europe/Stockholm
+    secrets:
+      - ticket
+secrets:
+  ticket:
+    external: true
+```
 
diff --git a/create-satellite.sh b/create-satellite.sh
index 383f47b..1448b3f 100755
--- a/create-satellite.sh
+++ b/create-satellite.sh
@@ -29,6 +29,11 @@ else
     ACCEPT_COMM=" "
 fi
 
+# Support for ticket via secrets for Docker Swarm
+if [ ! -z "$TICKET_PATH" ]; then
+    TICKET=$(cat $TICKET_PATH)
+fi
+
 # Defaults to disable conf.d (so use "n" or anything else other than "y" 
 # to enable inclusion of conf.d directory)
 if [ -z "$DISABLE_CONFD" ] || [ "$DISABLE_CONFD" == "y" ]; then