Home Explore Help
Sign In
ands-docker
/
munin
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

OpenShift support

Suren A. Chilingaryan 4 years ago
parent
bf1b72fa54
commit
d6e30533d7
8 changed files with 118 additions and 114 deletions
Split View Show Diff Stats
  1. 0 9
      CHANGELOG
  2. 46 13
      Dockerfile
  3. 13 26
      README.md
  4. 12 12
      munin.conf
  5. 12 8
      nginx-munin
  6. 7 4
      nginx.conf
  7. 24 34
      start-munin.sh
  8. 4 8
      test/start_test.sh

+ 0 - 9
CHANGELOG
View File 

@@ -1,9 +0,0 @@
 
-# v7 - 2 Nov 2016
 
-
 
-* Add support for graph CGI
 
-
 
-# v5 - 30 Apr 2015
 
-
 
-* Graceful shutdown
 
-* Do not repeat configuration on restart
 
-* Email for alerts

+ 46 - 13
Dockerfile
View File 

@@ -1,24 +1,57 @@
 
-FROM ubuntu:14.04
 
+FROM alpine:latest
 
 
-MAINTAINER Leo Unbekandt <leo@scalingo.com>
 
+MAINTAINER Suren Chilingaryan <csa@suren.me>
 
 
-RUN adduser --system --home /var/lib/munin --shell /bin/false --uid 1103 --group munin
 
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.8/supercronic-linux-amd64 \
 
+    SUPERCRONIC=supercronic-linux-amd64 \
 
+    SUPERCRONIC_SHA1SUM=be43e64c45acd6ec4fce5831e03759c89676a0ea
 
 
-RUN apt-get update -qq && RUNLEVEL=1 DEBIAN_FRONTEND=noninteractive \
 
-    apt-get install -y -qq cron munin munin-node nginx wget heirloom-mailx patch spawn-fcgi libcgi-fast-perl
 
-RUN rm /etc/nginx/sites-enabled/default && mkdir -p /var/cache/munin/www && chown munin:munin /var/cache/munin/www && mkdir -p /var/run/munin && chown -R munin:munin /var/run/munin
 
+VOLUME /munin
 
+#Only small temporary files, doesn't need volume
 
+#VOLUME /var/lib/nginx
 
 
-VOLUME /var/lib/munin
 
-VOLUME /var/log/munin
 
+RUN  packages="munin nginx wget heirloom-mailx patch spawn-fcgi perl-cgi-fast curl busybox-extras font-adobe-75dpi"; \
 
+    apk update && apk upgrade && apk add --no-cache $packages \
 
+ && curl -fsSLO "$SUPERCRONIC_URL" \
 
+ && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
 
+ && chmod +x "$SUPERCRONIC" \
 
+ && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
 
+ && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
 
 
 ADD ./munin.conf /etc/munin/munin.conf
 
 ADD ./nginx.conf /etc/nginx/nginx.conf
 
 ADD ./nginx-munin /etc/nginx/sites-enabled/munin
 
-ADD ./start-munin.sh /munin
 
-ADD ./munin-graph-logging.patch /usr/share/munin
 
-ADD ./munin-update-logging.patch /usr/share/munin
 
+ADD ./start-munin.sh /munin.sh
 
+ADD ./munin-graph-logging.patch /usr/lib/munin
 
+ADD ./munin-update-logging.patch /usr/lib/munin
 
 
-RUN cd /usr/share/munin && patch munin-graph < munin-graph-logging.patch && patch munin-update < munin-update-logging.patch
 
+# rsyslog is not actually used, but I keep here configuration just in case
 
+# Nginx always creates error_log in /var/log/nginx, but doesn't write there if other locating is configured
 
+RUN \
 
+    #sed -i -e 's|^$FileOwner|#$FileOwner|' "/etc/rsyslog.conf" && \
 
+    #sed -i -e 's|^$FileGroup|#$FileGroup|' "/etc/rsyslog.conf" && \
 
+    #sed -i -e 's|^$PrivDrop|#$PrivDrop|' "/etc/rsyslog.conf" && \
 
+    #sed -i -e 's|^$ModLoad imuxsock|#$ModLoad imuxsock|' "/etc/rsyslog.conf" && \
 
+    #sed -i -e 's|^$ModLoad imklog|#$ModLoad imklog|' "/etc/rsyslog.conf" && \
 
+    \
 
+    rm -rf /var/log/nginx && \
 
+    ln -s /tmp /var/log/nginx && \
 
+    ln -s /tmp /var/lib/nginx/logs && \
 
+    rm -f /etc/nginx/conf.d/default.conf && \
 
+    rm -f /etc/nginx/sites-enabled/default && \
 
+    \
 
+    ln -s /usr/share/webapps/munin/cgi /usr/lib/munin/cgi && \
 
+    cd /usr/lib/munin && patch munin-graph < munin-graph-logging.patch && patch munin-update < munin-update-logging.patch && \
 
+    sed -re "/@[[:alnum:]]+/ d; s|munin if|if|" /etc/munin/munin.cron.sample > /etc/munin/munin.cron && \
 
+    \
 
+    bash -c "mkdir -p /munin/{db,run,log,www/cache}" && \
 
+    ln -s ../www/cache /munin/db/cgi-tmp && \
 
+    rm -rf /var/lib/munin/cgi-tmp && \
 
+    ln -s /munin/www/cache /var/lib/munin/cgi-tmp && \
 
+    \
 
+    chgrp -R root /munin /etc/munin/munin.conf /var/tmp/nginx /var/lib/nginx && \
 
+    chmod -R g+rw /munin /etc/munin/munin.conf /var/tmp/nginx  && \
 
+    for name in "/var/tmp/nginx /munin/"; do find $name -type d -print0 | xargs -0 chmod g+x; done
 
 
 EXPOSE 8080
 
-CMD ["bash", "/munin"]
 
+CMD ["bash", "/munin.sh"]

+ 13 - 26
README.md
View File 

@@ -1,16 +1,17 @@
 
 # Docker image for munin server
 
 
+## Note
 
+The package is based on the original Scalingo docker image which was modified to run OpenShift platform. 
+Major modifications:
 
+ * Runs under non-privileged user
 
+ * Based on Alpine Linux 
+ * Database and lockfiles can be mounted as a single volume
 
+ * Authentication support is dropped, email notifications are not checked
 
+ 
 ## Configuration
 
 
 All the configuration is done through the environment.
 
 
-### HTTP Credentials 
-
 
-These are the credentials used to authenticate the HTTP dashboard; both take a space-delimited list
 
-
 
-* `MUNIN_USERS`
 
-* `MUNIN_PASSWORDS`
 
-
 
 ### SMTP info for alerts
 
 
 Email credentials used to send emails (like alerts)
 
@@ -46,10 +47,10 @@ Container is listening on the port 8080
 
 
 For a bit of persistency
 
 
-* /var/log/munin   -> logs
 
-* /var/lib/munin   -> db
 
-* /var/run/munin   -> lock and pid files
 
-* /var/cache/munin -> file deserved by HTTP
 
+* /minin                -> everything: configuration, database, locks, and log files
 
+* /munin/db             -> db
 
+* /munin/run            -> locks
 
+* /munin/log            -> log files
 
 
 ## How to use the image
 
 
@@ -57,12 +58,7 @@ For a bit of persistency
 
 docker build -t munin-server .
 
 docker run -d \
 
   -p 8080:8080 \
 
-  -v /var/log/munin:/var/log/munin \
 
-  -v /var/lib/munin:/var/lib/munin \
 
-  -v /var/run/munin:/var/run/munin \
 
-  -v /var/cache/munin:/var/cache/munin \
 
-  -e MUNIN_USERS='http-user another-user' \
 
-  -e MUNIN_PASSWORDS='secret-password other-users-password' \
 
+  -v /var/lib/munin:/munin \
 
   -e SMTP_HOST=smtp.example.com \
 
   -e SMTP_PORT=587 \
 
   -e SMTP_USERNAME=smtp-username \
 
@@ -76,12 +72,3 @@ docker run -d \
 
   -e SNMP_NODES="router1:10.0.0.254:9999" \
 
   munin-server
 
 ```
 
-
 
-You can now reach your munin-server on port 8080 of your host. It will display at the first run:
 
-
 
-```
 
-Munin has not run yet. Please try again in a few moments.
 
-```
 
-
 
-Every 5 minutes munin-server will interrogate its nodes and build the graphs and store the data.
 
-That's only after the first data fetching operation that the first graphs will appear.

+ 12 - 12
munin.conf
View File 

@@ -1,20 +1,20 @@
 
-#dbdir	/var/lib/munin
 
-#htmldir /var/cache/munin/www
 
-#logdir /var/log/munin
 
-#rundir  /var/run/munin
 
-#tmpldir	/etc/munin/templates
 
-#staticdir /etc/munin/static
 
-includedir /etc/munin/munin-conf.d
 
-#graph_period second
 
-#munin_cgi_graph_jobs 6
 
+dbdir	        /munin/db
 
+rundir	        /munin/run
 
+htmldir         /munin/www
 
+logdir          /munin/log
 
+
 
+includedir      /etc/munin/munin-conf.d
 
+tmpldir	        /etc/munin/templates
 
+staticdir       /etc/munin/static
 
 
-## html_strategy cron|cgi
 
-html_strategy cron
 
-## graph_strategy cron|cgi
 
+# strategies cron|cgi
 
+html_strategy cgi
 
 graph_strategy cgi
 
 cgiurl_graph /munin-cgi/munin-cgi-graph
 
 
 #max_size_x 4000
 
 #max_size_y 4000
 
 #max_processes 16
 
+#munin_cgi_graph_jobs 6
 
+#graph_period second
 
 #rrdcached_socket /var/run/rrdcached.sock

+ 12 - 8
nginx-munin
View File 

@@ -2,24 +2,28 @@ server {
 
   listen 8080 default_server;
 
   server_name munin;
 
 
-  access_log /var/log/nginx/munin-access.log;
 
-  error_log /var/log/nginx/munin-server.log;
 
+  access_log /proc/self/fd/1;
 
+  error_log /proc/self/fd/2;
 
 
-  auth_basic "Munin Server";
 
-  auth_basic_user_file "/etc/munin/htpasswd.users";
 
+  location /munin/static {
 
+    alias /etc/munin/static;
 
+  }
 
 
-  location /munin {
 
-    root /var/cache/munin/www;
 
+  location ^~ /munin/ {
 
+    fastcgi_split_path_info ^(/munin)(.*);
 
+    fastcgi_param PATH_INFO $fastcgi_path_info;
 
+    fastcgi_pass 127.0.0.1:9001;
 
+    include fastcgi_params;
 
   }
 
 
   location ^~ /munin-cgi/munin-cgi-graph/ {
 
     fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
 
     fastcgi_param PATH_INFO $fastcgi_path_info;
 
-    fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
 
+    fastcgi_pass 127.0.0.1:9000;
 
     include fastcgi_params;
 
   }
 
 
   location / {
 
-    root "/var/cache/munin/www";
 
+      rewrite ^/$ /munin/ redirect; break;
 
   }
 
 }

+ 7 - 4
nginx.conf
View File 

@@ -1,6 +1,6 @@
 
-user munin;
 
 worker_processes 4;
 
-pid /run/nginx.pid;
 
+pid /tmp/nginx.pid;
 
+error_log /proc/self/fd/2 warn;
 
 
 events {
 
 	worker_connections 768;
 
@@ -17,8 +17,11 @@ http {
 
 	include /etc/nginx/mime.types;
 
 	default_type application/octet-stream;
 
 
-	access_log /var/log/nginx/access.log;
 
-	error_log /var/log/nginx/error.log;
 
+        #client_body_temp_path /tmp/nginx/temp;
 
+        #proxy_temp_path /tmp/nginx/proxy;
 
+        
+	access_log /proc/self/fd/1;
 
+	error_log /proc/self/fd/2;
 
 
 	gzip on;
 
 	gzip_disable "msie6";

+ 24 - 34
start-munin.sh
View File 

@@ -1,22 +1,24 @@
 
 #!/bin/bash
 
+
 
 NODES=${NODES:-}
 
 SNMP_NODES=${SNMP_NODES:-}
 
 SSH_NODES=${SSH_NODES:-}
 
 MUNIN_USERS=${MUNIN_USERS:-${MUNIN_USER:-user}}
 
 MUNIN_PASSWORDS=${MUNIN_PASSWORDS:-${MUNIN_PASSWORD:-password}}
 
-MAIL_CONF_PATH='/var/lib/munin/.mailrc'
 
+MAIL_CONF_PATH='/munin/db/.mailrc'
 
 SMTP_USE_TLS=${SMTP_USE_TLS:-false}
 
 SMTP_ALWAYS_SEND=${SMTP_ALWAYS_SEND:-true}
 
 SMTP_MESSAGE_DEFAULT='[${var:group};${var:host}] -> ${var:graph_title} -> warnings: ${loop<,>:wfields  ${var:label}=${var:value}} / criticals: ${loop<,>:cfields  ${var:label}=${var:value}}'
 
 SMTP_MESSAGE="${SMTP_MESSAGE:-$SMTP_MESSAGE_DEFAULT}"
 
 
-truncate -s 0 "${MAIL_CONF_PATH}"
 
 
-# set volume ownerships
 
-chown -R munin:munin /var/log/munin
 
-chown -R munin:munin /var/lib/munin
 
-chown -R munin:munin /var/run/munin
 
-chown -R munin:munin /var/cache/munin
 
+mkdir -p /munin/{db,run,log,www/cache}
 
+[ -a /munin/db/cgi-tmp ] || ln -s ../www/cache /munin/db/cgi-tmp 
+[ -a /var/lib/munin/cgi-tmp ] || ln -s /munin/www/cache /var/lib/munin/cgi-tmp
 
+[ -a /var/log/nginx ] || ln -s /tmp /var/log/nginx
 
+
 
+
 
+truncate -s 0 "${MAIL_CONF_PATH}"
 
 
 if [ "${SMTP_USE_TLS}" = true ] ; then
 
   cat >> "${MAIL_CONF_PATH}" <<EOF
 
@@ -48,17 +50,6 @@ if  [ $rc -ne 0 -a -n "${ALERT_RECIPIENT}" -a -n "${ALERT_SENDER}" ] ; then
 
   fi
 
 fi
 
 
-# generate the Munin auth username/password file
 
-if [ ! -f /etc/munin/htpasswd.users ]; then
 
-  uc=0
 
-  IFS=' ' read -ra ARR_USERS <<< "$MUNIN_USERS"
 
-  IFS=' ' read -ra ARR_PASSWORDS <<< "$MUNIN_PASSWORDS"
 
-  for u in "${ARR_USERS[@]}"; do
 
-    printf "${u}:`openssl passwd -apr1 ${ARR_PASSWORDS[uc]}`\n" >> /etc/munin/htpasswd.users
 
-    (( uc++ ))
 
-  done
 
-fi
 
-
 
 # generate node list
 
 for NODE in $NODES
 
 do
 
@@ -121,10 +112,10 @@ EOF
 
     fi
 
 done
 
 
-[ -d /var/cache/munin/www ] || mkdir /var/cache/munin/www
 
+
 
 # placeholder html to prevent permission error
 
-if [ ! -e /var/cache/munin/www/index.html ]; then
 
-cat << EOF > /var/cache/munin/www/index.html
 
+if [ ! -e /munin/www/index.html ]; then
 
+cat << EOF > /munin/www/index.html
 
 <html>
 
 <head>
 
   <title>Munin</title>
 
@@ -134,35 +125,34 @@ Munin has not run yet.  Please try again in a few moments.
 
 </body>
 
 </html>
 
 EOF
 
-chown munin:munin -R /var/cache/munin/www
 
-chmod g+w /var/cache/munin/www/index.html
 
 fi
 
 
 # start rsyslogd
 
-/usr/sbin/rsyslogd
 
-# start cron
 
-/usr/sbin/cron
 
-# Issue: 'NUMBER OF HARD LINKS > 1' prevents cron exec in container
 
-# https://github.com/phusion/baseimage-docker/issues/198
 
-touch /etc/crontab /etc/cron.d/*
 
-# start local munin-node
 
-/usr/sbin/munin-node
 
+truncate -s 0 /tmp/rsyslogd.pid
 
+#/usr/sbin/rsyslogd -i /tmp/rsyslogd.pid
 
+
 
+# start munin updates
 
+truncate -s 0 /munin/log/munin-update.log
 
+/usr/local/bin/supercronic  -split-logs /etc/munin/munin.cron & cron_pid=$!
 
+
 
+
 
 echo "Using the following munin nodes:"
 
 echo $NODES
 
 echo "(ssh) $SSH_NODES"
 
 echo "(snmp) $SNMP_NODES"
 
 # start spawn-cgi to enable CGI interface with munin (dynamix graph generation)
 
-spawn-fcgi -s /var/run/munin/fcgi-graph.sock -U munin -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph
 
+spawn-fcgi -p 9000 /usr/lib/munin/cgi/munin-cgi-graph
 
+spawn-fcgi -p 9001 /usr/lib/munin/cgi/munin-cgi-html
 
 # start nginx
 
 /usr/sbin/nginx
 
 # show logs
 
 echo "Tailing syslog and munin-update log..."
 
-tail -F /var/log/syslog /var/log/munin/munin-update.log & pid=$!
 
+tail -F /munin/log/munin-update.log & pid=$!
 
 echo "tail -F running in $pid"
 
 
 sleep 1
 
 
-trap "echo 'stopping processes' ; kill $pid $(cat /var/run/munin/munin-node.pid) $(cat /var/run/nginx.pid) $(cat /var/run/crond.pid) $(cat /var/run/rsyslogd.pid)" SIGTERM SIGINT
 
+trap "echo 'stopping processes' ; kill $pid $cron_pid $(cat /tmp/nginx.pid) $(cat /tmp/rsyslogd.pid)" SIGTERM SIGINT
 
 
 echo "Waiting for signal SIGINT/SIGTERM"
 
 wait

+ 4 - 8
test/start_test.sh
View File 

@@ -8,12 +8,8 @@ fi
 
 basedir="$( cd -P "$( dirname "$0" )" && pwd )/munin"
 
 
 docker run -it \
 
+  -u 1001 \
 
   -p 8080:8080 \
 
-  -v $basedir/log:/var/log/munin \
 
-  -v $basedir/lib:/var/lib/munin \
 
-  -v $basedir/run:/run/munin \
 
-  -v $basedir/cache:/var/cache/munin \
 
-  -e MUNIN_USER=user \
 
-  -e MUNIN_PASSWORD=secret \
 
-  -e NODES="172.17.0.1:$(hostname)" \
 
-  $1
 
+  -v $basedir:/munin \
 
+  -e NODES="styx:192.168.26.117" \
 
+  "$@"