Added support for ticket via secrets for Docker Swarm

Switched to using Debian 10-slim
Optimized Dockerfile to reduce layers and size
2020-05-18 19:26:46 +02:00 · 2020-05-01 21:53:28 +02:00 · 2020-05-01 01:26:47 +02:00 · 2020-05-01 00:15:39 +02:00 · 2020-04-29 20:12:16 +02:00 · 2020-04-29 17:16:16 +02:00
3 changed files with 89 additions and 11 deletions
--- a/18
+++ b/18
@@ -1,14 +1,18 @@
-FROM ubuntu:18.04
-RUN apt-get update && apt-get upgrade -y && apt-get install wget gnupg expect -y && \
-    wget -O - https://packages.icinga.com/icinga.key | apt-key add -
-RUN printf "deb http://packages.icinga.com/ubuntu icinga-bionic main\ndeb-src http://packages.icinga.com/ubuntu icinga-bionic main" > /etc/apt/sources.list.d/icinga2.list && \
-    apt-get update && apt-get install icinga2 -y && \
+FROM debian:10-slim
+LABEL maintainer="Jack-Benny Persson <jack-benny@cyberinfo.se>"
+RUN apt-get update && apt-get install wget gnupg -y && \
+    printf "deb http://packages.icinga.com/debian icinga-buster main\ndeb-src http://packages.icinga.com/debian icinga-buster main" > /etc/apt/sources.list.d/icinga2.list && \
+    wget -O - https://packages.icinga.com/icinga.key | apt-key add - && \
+    apt-get update && apt-get --no-install-recommends install icinga2 monitoring-plugins tzdata -y && \
    mkdir /run/icinga2 && chown nagios:nagios /run/icinga2 && \
    mkdir -p /var/lib/icinga2/certs && \
-    chown -R nagios:nagios /var/lib/icinga2/certs
+    chown -R nagios:nagios /var/lib/icinga2/certs && \
+    apt-get remove -y wget gnupg && \
+    apt-get autoremove -y && \
+    apt-get clean 

 COPY create-satellite.sh /create-satellite.sh
 COPY run-icinga.sh /run-icinga.sh
 RUN chmod +x /create-satellite.sh ; chmod +x /run-icinga.sh
-
+EXPOSE 5665
 ENTRYPOINT ["/run-icinga.sh"]
--- a/README.md
+++ b/README.md
@@ -1,10 +1,41 @@
 # icinga-satellite
 An easy-to-use Dockerized Icinga2 satellite setup. It could be used as an
 Icinga2 agent aswell, but I don't think that would make much sense. The goal
-is instead to create an easy-to-deploy satellite Docker.
+is instead to create an easy-to-deploy satellite image.
+
+![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/jackbenny/icinga-satellite?sort=date)
+![Docker Pulls](https://img.shields.io/docker/pulls/jackbenny/icinga-satellite)
+![Docker Stars](https://img.shields.io/docker/stars/jackbenny/icinga-satellite)
+![Docker Cloud Automated build](https://img.shields.io/docker/cloud/automated/jackbenny/icinga-satellite)
+![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/jackbenny/icinga-satellite)
+
+## Tags and their respective Dockerfile
+
+### Main tags
+* [0.6, latest](https://github.com/jackbenny/icinga-satellite/blob/master/Dockerfile)
+* [0.5](https://github.com/jackbenny/icinga-satellite/blob/0.5/Dockerfile)
+* [0.4](https://github.com/jackbenny/icinga-satellite/blob/0.4/Dockerfile)
+* [0.3](https://github.com/jackbenny/icinga-satellite/blob/0.3/Dockerfile)
+* [0.2](https://github.com/jackbenny/icinga-satellite/blob/0.2/Dockerfile)
+* [0.1](https://github.com/jackbenny/icinga-satellite/blob/0.1/Dockerfile)
+
+### Alpine tags (currently has some problems)
+* [0.1.1-alpine](https://github.com/jackbenny/icinga-satellite/blob/0.1.1-alpine/Dockerfile)
+* [0.1-alpine](https://github.com/jackbenny/icinga-satellite/blob/0.1-alpine/Dockerfile)
+
+> **NOTE:** Currently there are some problems with the Alpine image. 
+> Use the *main images* instead, tagged *0.n*.
+
+There are two available images for you to choose from. The main images (0.*n*) are based on
+Debian 10-slim from tag 0.5 and up. Previous to 0.5 they were based on Ubuntu 18.04. 
+The main images uses Icinga2 from Icingas official repository. 
+
+The other images (0.*n*-alpine) are based on Alpine with Icinga2 from Alpines repository. 
+From 0.1.1-alpine and up, the Alpine images are built on the latest Alpine image. Previous to
+0.1.1 they were based on Alpine 3.11.

 ## Environment variables
-Everything is controlled using the follwing environment variables.
+Everything is controlled using the following environment variables.

 * **CN** is the Common Name of the satellite
 * **ZONE** is the zone in which this satellite should be in. If no zone is specified
@@ -16,16 +47,23 @@ Everything is controlled using the follwing environment variables.
 * **PARENTPORT** is the Icinga2 port on the parent host. Defaults to 5665.
 * **TICKET** is the ticket you get from the master (if you are using Director
  you find it under the Agent tab of the host).
+* **TICKET_PATH** is the path to the ticket secrets file if you use Swarm and wants to use
+  secrets instead (to keep your ticket secure). The ticket should be on ONE line only 
+  and be created as an external secret. This variable is optional and only apply for
+  Docker Swarm.
 * **ACCEPT_CONFIG** takes a ***y*** or ***n*** value for yes or no. The default is
-  ***n***.
+  ***n***
 * **ACCEPT_COMMANDS** takes a ***y*** or ***n*** value for yes or no. The default is
-  ***n***.
+  ***n***
 * **DISABLE_CONFD** takes a ***y*** or ***n*** value for yes or no. The default is
  ***y***. This should be a sane default for most people.
+* **LOCAL_TIMEZONE** sets the local timezone of the satellite. For example
+  *Europe/Stockholm* or *America/New_York*

 ## Example usage
 ```
 #> docker run -d --name my-icinga-sat \
+  -p 5665:5665 \
  -e CN=icinga-sat02.local \
  -e PARENTHOST=icinga-master.local \
  -e PARENTCN=icinga-master.local \
@@ -41,6 +79,9 @@ version: "3.8"
 services:
  my-icinga-sat:
    image: jackbenny/icinga-satellite
+    ports:
+      - 5665:5665
+    restart:always
    environment:
      - CN=icinga-sat02.local
      - ZONE=icinga-sat02.local
@@ -51,5 +92,28 @@ services:
      - ACCEPT_CONFIG=y
      - ACCEPT_COMMANDS=y
      - DISABLE_CONFD=y
+      - LOCAL_TIMEZONE=Europe/Stockholm
+```
+
+## docker-compose.yml example with Docker secrets
+```
+version: "3.8"
+services:
+  my-icinga-sat:
+    image: jackbenny/icinga-satellite
+    environment:
+      - CN=icinga-sat02.local
+      - PARENTHOST=icinga-master.local
+      - PARENTZONE=master
+      - TICKET_PATH=/var/run/secrets/ticket
+      - ACCEPT_CONFIG=y
+      - ACCEPT_COMMANDS=y
+      - DISABLE_CONFD=y
+      - LOCAL_TIMEZONE=Europe/Stockholm
+    secrets:
+      - ticket
+secrets:
+  ticket:
+    external: true
 ```

--- a/create-satellite.sh
+++ b/create-satellite.sh
@@ -29,6 +29,11 @@ else
    ACCEPT_COMM=" "
 fi

+# Support for ticket via secrets for Docker Swarm
+if [ ! -z "$TICKET_PATH" ]; then
+    TICKET=$(cat $TICKET_PATH)
+fi
+
 # Defaults to disable conf.d (so use "n" or anything else other than "y" 
 # to enable inclusion of conf.d directory)
 if [ -z "$DISABLE_CONFD" ] || [ "$DISABLE_CONFD" == "y" ]; then
@@ -37,6 +42,11 @@ else
    DISABLE_CONF=" "
 fi

+# Set the local timezone
+if [ ! -z "$LOCAL_TIMEZONE" ]; then
+	ln -sf /usr/share/zoneinfo/"$LOCAL_TIMEZONE" /etc/localtime
+fi
+
 icinga2 pki new-cert --cn "$CN" \
 --key /var/lib/icinga2/certs/"${CN}".key \
 --cert /var/lib/icinga2/certs/"${CN}".crt
Author	SHA1	Message	Date
Jack-Benny Persson	a9787275c0	Added support for ticket via secrets for Docker Swarm	2020-05-18 19:26:46 +02:00
Jack-Benny Persson	a4e073b3ae	Switched to using Debian 10-slim	2020-05-01 21:53:28 +02:00
Jack-Benny Persson	1f7c040e57	Optimized Dockerfile to reduce layers and size	2020-05-01 01:26:47 +02:00
Jack-Benny Persson	9d8443680f	Refactoring to follow some best practices	2020-05-01 00:15:39 +02:00
Jack-Benny Persson	6a64f09ea5	Added support for setting local timezone, and updated README	2020-04-29 20:12:16 +02:00
Jack-Benny Persson	6a4fc4dea7	Updated README with port-mapping and problems with Alpine	2020-04-29 17:16:16 +02:00
Jack-Benny Persson	ed61e2563c	Merged updated README from alpine-branch	2020-04-28 21:26:36 +02:00