├── AUTHORS ├── content ├── etc │ ├── icingaweb2 │ │ ├── modules │ │ │ └── monitoring │ │ │ │ ├── config.ini │ │ │ │ ├── backends.ini │ │ │ │ └── commandtransports.ini │ │ ├── roles.ini │ │ ├── authentication.ini │ │ ├── config.ini │ │ └── resources.ini │ ├── icinga2 │ │ └── conf.d │ │ │ ├── api-users.conf │ │ │ ├── additional_services.conf │ │ │ └── hosts.conf │ └── supervisord.conf └── opt │ └── icinga2 │ └── initdocker ├── run ├── .mailmap ├── README.md ├── Dockerfile └── COPYING /AUTHORS: -------------------------------------------------------------------------------- 1 | Hans Rakers 2 | Michael Friedrich 3 | -------------------------------------------------------------------------------- /content/etc/icingaweb2/modules/monitoring/config.ini: -------------------------------------------------------------------------------- 1 | 2 | [security] 3 | protected_customvars = "*pw*,*pass*,community" 4 | -------------------------------------------------------------------------------- /content/etc/icingaweb2/roles.ini: -------------------------------------------------------------------------------- 1 | 2 | [administrators] 3 | users = "icingaadmin" 4 | permissions = "*" 5 | -------------------------------------------------------------------------------- /content/etc/icingaweb2/authentication.ini: -------------------------------------------------------------------------------- 1 | 2 | [icingaweb2] 3 | backend = "db" 4 | resource = "icingaweb2_db" 5 | -------------------------------------------------------------------------------- /content/etc/icingaweb2/modules/monitoring/backends.ini: -------------------------------------------------------------------------------- 1 | 2 | [icinga2] 3 | type = "ido" 4 | resource = "icinga2_ido" 5 | -------------------------------------------------------------------------------- /run: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | HOST_HTTP_PORT=3080 4 | HOST_SSH_PORT=3022 5 | 6 | sudo docker run -ti -p $HOST_HTTP_PORT:80 -p $HOST_SSH_PORT:22 icinga/icinga2 7 | -------------------------------------------------------------------------------- /content/etc/icingaweb2/modules/monitoring/commandtransports.ini: -------------------------------------------------------------------------------- 1 | 2 | [icinga2] 3 | transport = "local" 4 | path = "/var/run/icinga2/cmd/icinga2.cmd" 5 | -------------------------------------------------------------------------------- /content/etc/icingaweb2/config.ini: -------------------------------------------------------------------------------- 1 | 2 | [logging] 3 | log = "file" 4 | level = "ERROR" 5 | file = "/var/log/icingaweb2/icingaweb2.log" 6 | 7 | 8 | [preferences] 9 | store = "db" 10 | resource = "icingaweb2_db" 11 | 12 | 13 | [global] 14 | module_path = "/etc/icingaweb2/enabledModules" 15 | -------------------------------------------------------------------------------- /content/etc/icinga2/conf.d/api-users.conf: -------------------------------------------------------------------------------- 1 | object ApiUser "root" { 2 | password = "icinga" 3 | client_cn = NodeName 4 | permissions = [ "*" ] 5 | } 6 | 7 | object ApiUser "dashing" { 8 | password = "icinga2ondashingr0xx" 9 | client_cn = NodeName 10 | permissions = [ "*" ] 11 | } 12 | 13 | object ApiUser "aws" { 14 | password = "icinga2onawsr0xx" 15 | client_cn = NodeName 16 | permissions = [ "*" ] 17 | } 18 | -------------------------------------------------------------------------------- /.mailmap: -------------------------------------------------------------------------------- 1 | 2 | 3 | Gunnar Beutner 4 | 5 | 6 | 7 | Jean-Marcel Flach 8 | Dolf Schimmel 9 | -------------------------------------------------------------------------------- /content/etc/icingaweb2/resources.ini: -------------------------------------------------------------------------------- 1 | 2 | [icingaweb2_db] 3 | type = "db" 4 | db = "mysql" 5 | host = "localhost" 6 | port = "3306" 7 | dbname = "icingaweb2" 8 | username = "icingaweb2" 9 | password = "icingaweb2" 10 | prefix = "icingaweb_" 11 | 12 | 13 | [icinga2_ido] 14 | type = "db" 15 | db = "mysql" 16 | host = "localhost" 17 | port = "3306" 18 | dbname = "icinga" 19 | username = "icinga" 20 | password = "icinga" 21 | -------------------------------------------------------------------------------- /content/etc/icinga2/conf.d/additional_services.conf: -------------------------------------------------------------------------------- 1 | /* apply some random checks with prefix from host dictionary `random` */ 2 | apply Service "random-00" for (check in host.vars.random) { 3 | check_interval = 5s 4 | retry_interval = 3s 5 | max_check_attempts = 3 6 | 7 | check_command = "random" 8 | } 9 | 10 | /* apply dns services with prefix from host dictionary `dns_checks` */ 11 | apply Service for (dns_check => config in host.vars.dns_checks) { 12 | check_interval = 1m 13 | retry_interval = 30s 14 | 15 | check_command = "dns" 16 | 17 | vars.dns_lookup = "icinga.com" //default 18 | vars.dns_server = "$address$" 19 | 20 | vars += config 21 | } 22 | -------------------------------------------------------------------------------- /content/etc/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | pidfile = /run/supervisord.pid 3 | logfile = /var/log/supervisor/supervisord.log 4 | # Set loglevel=debug, only then all logs from child services are printed out 5 | # to container logs (and thus available via `docker logs [container]` 6 | loglevel = debug 7 | 8 | nodaemon=true 9 | 10 | # These two (unix_http_server, rpcinterface) are needed for supervisorctl to work 11 | [inet_http_server] 12 | port = :9111 13 | username = sv 14 | password = password 15 | 16 | [rpcinterface:supervisor] 17 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 18 | 19 | [supervisorctl] 20 | serverurl = http://localhost:9111 21 | username = sv 22 | password = password 23 | 24 | [include] 25 | files = /etc/supervisor.d/*.conf 26 | 27 | [program:sshd] 28 | command=/usr/sbin/sshd -D 29 | redirect_stderr=true 30 | 31 | [program:httpd] 32 | command=/usr/sbin/httpd -D FOREGROUND 33 | redirect_stderr=true 34 | stopasgroup=true 35 | 36 | [program:mariadb] 37 | command=/usr/bin/mysqld_safe 38 | redirect_stderr=true 39 | 40 | [program:icinga2] 41 | command=icinga2 daemon 42 | redirect_stderr=true 43 | -------------------------------------------------------------------------------- /content/etc/icinga2/conf.d/hosts.conf: -------------------------------------------------------------------------------- 1 | object Host NodeName { 2 | /* Import the default host template defined in `templates.conf`. */ 3 | import "generic-host" 4 | 5 | /* Specify the address attributes for checks e.g. `ssh` or `http`. */ 6 | address = "127.0.0.1" 7 | address6 = "::1" 8 | 9 | var node_notes = "This is Icinga 2 running" 10 | if (NodeName.contains("docker")) { 11 | notes = node_notes + " inside Docker :)" 12 | } else if (NodeName == "icinga2a") { 13 | notes = node_notes + " as cluster master :)" 14 | } else if (NodeName == "icinga2b") { 15 | notes = node_notes + " as cluster checker :)" 16 | } else if (regex("^icinga2*", NodeName)) { 17 | notes = node_notes + " inside Vagrant :)" 18 | } 19 | 20 | vars.http_vhosts["Icinga Web 2"] = { 21 | http_uri = "/icingaweb2" 22 | } 23 | 24 | /* Define disks and attributes for service apply rules in `services.conf`. */ 25 | vars.disks["disk"] = { 26 | /* No parameters. */ 27 | } 28 | vars.disks["disk /"] = { 29 | disk_partitions = "/" 30 | } 31 | 32 | /* dns checks */ 33 | vars.dns_checks["dns icinga.com"] = { 34 | dns_lookup = "icinga.com" 35 | dns_server = "ns1.netways.de" 36 | dns_expected_answers = "185.11.254.90" 37 | } 38 | vars.dns_checks["dns netways.org"] = { 39 | dns_lookup = "netways.org" 40 | dns_server = "ns1.netways.de" 41 | dns_expected_answers = "185.11.252.37" 42 | } 43 | 44 | /* vhost checks */ 45 | vars.http_vhosts["http Icinga Web 2"] = { 46 | http_uri = "/icingaweb2" 47 | } 48 | vars.http_vhosts["http Icinga Website"] = { 49 | http_address = "www.icinga.com" 50 | http_vhost = "www.icinga.com" 51 | } 52 | vars.http_vhosts["http Icinga Docs"] = { 53 | http_address = "docs.icinga.com" 54 | http_vhost = "docs.icinga.com" 55 | } 56 | vars.http_vhosts["http Icinga Exchange"] = { 57 | http_address = "exchange.icinga.com" 58 | http_vhost = "exchange.icinga.com" 59 | } 60 | vars.http_vhosts["http Icinga Demo"] = { 61 | http_address = "demo.icinga.com" 62 | http_vhost = "demo.icinga.com" 63 | } 64 | vars.http_vhosts["http Icinga GitHub"] = { 65 | http_address = "github.com" 66 | http_vhost = "github.com" 67 | http_uri = "/Icinga" 68 | } 69 | vars.http_vhosts["http Icinga Docker Hub"] = { 70 | http_address = "registry.hub.docker.com" 71 | http_vhost = "registry.hub.docker.com" 72 | http_uri = "/repos/icinga/" 73 | } 74 | 75 | /* random checks */ 76 | vars.random = [ 1, 2, 3, 4, 5 ] 77 | 78 | /* Define notification mail attributes for notification apply rules in `notifications.conf`. */ 79 | vars.notification["mail"] = { 80 | /* The UserGroup `icingaadmins` is defined in `users.conf`. */ 81 | groups = [ "icingaadmins" ] 82 | } 83 | } 84 | 85 | -------------------------------------------------------------------------------- /content/opt/icinga2/initdocker: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #/****************************************************************************** 4 | # * docker-icinga2-demo * 5 | # * Dockerfile for Icinga 2 and Icinga Web 2 * 6 | # * Copyright (C) 2015-2017 Icinga Development Team (https://www.icinga.com) * 7 | # * * 8 | # * This program is free software; you can redistribute it and/or * 9 | # * modify it under the terms of the GNU General Public License * 10 | # * as published by the Free Software Foundation; either version 2 * 11 | # * of the License, or (at your option) any later version. * 12 | # * * 13 | # * This program is distributed in the hope that it will be useful, * 14 | # * but WITHOUT ANY WARRANTY; without even the implied warranty of * 15 | # * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 16 | # * GNU General Public License for more details. * 17 | # * * 18 | # * You should have received a copy of the GNU General Public License * 19 | # * along with this program; if not, write to the Free Software Foundation * 20 | # * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. * 21 | # ******************************************************************************/ 22 | 23 | set -e 24 | 25 | function echo_log { 26 | DATE='date +%Y/%m/%d:%H:%M:%S' 27 | echo `$DATE`" $1" 28 | } 29 | 30 | initfile=/opt/icinga2/init.done 31 | 32 | # update to latest snapshot packages 33 | echo_log "Fetching latest icinga* snapshot packages." 34 | { 35 | yum update --enablerepo=icinga-snapshot-builds -y icinga2 icinga2-ido-mysql icingaweb2 icingacli 36 | yum clean all 37 | } &> /dev/null 38 | 39 | echo_log "Validating the icinga2 configuration first." 40 | if ! icinga2 daemon -C; then 41 | echo_log "Icinga 2 config validation failed. Stopping the container." 42 | exit 1 43 | fi 44 | 45 | 46 | if [ ! -f "${initfile}" ]; then 47 | echo_log "Starting DB schema import. This might take a while (20sec+)." 48 | mysql_install_db --user=mysql --ldata=/var/lib/mysql 2>&1 >/dev/null 49 | /usr/bin/mysqld_safe 2>&1 >/dev/null & 50 | sleep 10s 51 | mysql -uroot -e "CREATE DATABASE IF NOT EXISTS icinga ; GRANT ALL ON icinga.* TO icinga@localhost IDENTIFIED BY 'icinga';" 52 | mysql -uicinga -picinga icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql 53 | mysql -uroot -e "CREATE DATABASE IF NOT EXISTS icingaweb2 ; GRANT ALL ON icingaweb2.* TO icingaweb2@localhost IDENTIFIED BY 'icingaweb2';" 54 | mysql -uicingaweb2 -picingaweb2 icingaweb2 < /usr/share/doc/icingaweb2/schema/mysql.schema.sql 55 | mysql -uicingaweb2 -picingaweb2 icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '\$1\$iQSrnmO9\$T3NVTu0zBkfuim4lWNRmH.');" 56 | killall mysqld 57 | sleep 1s 58 | 59 | echo_log "Enabling icinga2 features." 60 | # enable icinga2 features if not already there 61 | icinga2 feature enable ido-mysql command 62 | 63 | echo_log "Enabling icingaweb2 modules." 64 | if [[ -L /etc/icingaweb2/enabledModules/monitoring ]]; then echo "Symlink for /etc/icingaweb2/enabledModules/monitoring exists already...skipping"; else ln -s /usr/share/icingaweb2/modules/monitoring /etc/icingaweb2/enabledModules/monitoring; fi 65 | if [[ -L /etc/icingaweb2/enabledModules/doc ]]; then echo "Symlink for /etc/icingaweb2/enabledModules/doc exists already...skipping"; else ln -s /usr/share/icingaweb2/modules/doc /etc/icingaweb2/enabledModules/doc; fi 66 | 67 | touch ${initfile} 68 | fi 69 | 70 | if [[ -n $ICINGA2_FEATURE_GRAPHITE ]]; then 71 | echo_log "Enabling Icinga 2 Graphite feature." 72 | icinga2 feature enable graphite 73 | 74 | cat </etc/icinga2/features-enabled/graphite.conf 75 | /** 76 | * The GraphiteWriter type writes check result metrics and 77 | * performance data to a graphite tcp socket. 78 | */ 79 | 80 | library "perfdata" 81 | 82 | object GraphiteWriter "graphite" { 83 | host = "$ICINGA2_FEATURE_GRAPHITE_HOST" 84 | port = "$ICINGA2_FEATURE_GRAPHITE_PORT" 85 | } 86 | EOF 87 | 88 | fi 89 | 90 | # Create /var/log/httpd if !exists 91 | if [ ! -d /var/log/httpd ]; then 92 | mkdir -p /var/log/httpd 93 | fi 94 | 95 | echo_log "Starting Supervisor. CTRL-C will stop the container." 96 | /usr/bin/supervisord -c /etc/supervisord.conf >> /dev/null 97 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # docker-icinga2-demo 2 | 3 | This repository is used as source for the 4 | docker image `icinga/icinga2-demo` located at [Docker Hub](https://hub.docker.com/r/icinga/icinga2-demo/). 5 | 6 | ## DEPRECATED 7 | 8 | This repository is no longer maintained! 9 | 10 | Please check out what members of the community shared on [hub.docker.com](https://hub.docker.com/search/?isAutomated=0&isOfficial=0&page=1&pullCount=1&q=icinga2&starCount=0). 11 | 12 | ## Requirements 13 | 14 | * [Docker](https://www.docker.com/whatisdocker/) >= 1.6.0 15 | 16 | ## Support 17 | 18 | This container is used for demos, tests and development only. 19 | 20 | If you encounter bugs, please open a new issue at https://github.com/icinga/docker-icinga2-demo 21 | and/or send a PR. 22 | 23 | ## Image details 24 | 25 | * Based on centos:centos7 (similar to the Vagrant boxes) 26 | * Icinga 2 w/ DB IDO MySQL, Icinga Web 2, MariaDB, Apache2 27 | * Icinga 2 API 28 | * Default installation/credentials. Use at your own risk. 29 | 30 | ## Usage 31 | 32 | ### Run 33 | 34 | Start a new container, bind the container's port 80 to localhost:3080 35 | and let the initialization do its job: 36 | 37 | $ docker run -ti --name icinga2 -p 3080:80 icinga/icinga2 38 | 39 | If you want to invoke it manually, go for 40 | 41 | $ docker run -ti --name icinga2 -p 3080:80 icinga/icinga2 /bin/bash 42 | # /opt/icinga2/initdocker 43 | 44 | ### Exec 45 | 46 | Attach to a running container using `exec` and the container name. 47 | 48 | $ docker exec -ti icinga2 /bin/bash 49 | 50 | ### Stop 51 | 52 | $ docker stop icinga2 53 | 54 | ### Remove 55 | 56 | $ docker rm icinga2 57 | 58 | ### Container Build 59 | 60 | Build a new container based on this repository: 61 | 62 | $ sudo docker pull centos:centos7 63 | $ sudo docker build -t icinga/icinga2 . 64 | 65 | ### SSH Access 66 | 67 | Even if you can already mount specific [volumes](#volumes) there's ssh access 68 | available. Make sure to map the port accordingly. 69 | 70 | $ sudo docker run -ti --name icinga2 -p 3080:80 -p 3022:22 icinga/icinga2 71 | 72 | Then login as `appuser/appuser`. sudo is enabled for this user. 73 | 74 | $ ssh appuser@localhost -p 3022 75 | 76 | ## Tools 77 | 78 | ### Icinga 2 79 | 80 | The configuration is located in /etc/icinga2 which is exposed as [volume](#volumes) from 81 | docker. 82 | 83 | By default the icinga database is created, and `ido-mysql` and `command` features 84 | are enabled. 85 | 86 | The container startup will validate the configuration once (e.g. if you have mounted 87 | the volume). 88 | 89 | #### Icinga 2 API 90 | 91 | The container already enables the Icinga 2 API listening on port `5665`. Export the 92 | port accordingly. 93 | 94 | docker run -d -ti --name icinga2-api -p 4080:80 -p 4665:5665 icinga/icinga2 95 | 96 | After the container is up and running, connect via HTTP to the exposed port using 97 | the credentials `root:icinga`. 98 | 99 | Example for Docker on OSX (change the IP address to your localhost): 100 | 101 | curl -k -s -u root:icinga 'https://192.168.99.100:4665/v1/objects/hosts' | python -m json.tool 102 | 103 | 104 | #### Icinga 2 Graphite Feature 105 | 106 | In order to enable the Graphite feature at runtime (e.g. exposing port `2003` for a separate container 107 | running Graphite) you'll need to pass the environment variables to the container. 108 | 109 | Environment Variable | Description 110 | ---------------------------------|---------------------------------------------------- 111 | ICINGA2\_FEATURE\_GRAPHITE | Enables the Graphite feature 112 | ICINGA2\_FEATURE\_GRAPHITE\_HOST | **Required.** Host where Graphite is running on. 113 | ICINGA2\_FEATURE\_GRAPHITE\_PORT | **Required.** Port where Graphite is listening on. 114 | 115 | Furthermore you'll need to `--link` the container to an existing container, e.g. `graphite` to allow 116 | the link on port `2003` required by Graphite. 117 | 118 | docker run -d -ti --name icinga2 -p 3080:80 --link graphite:graphite -e ICINGA2_FEATURE_GRAPHITE=1 -e ICINGA2_FEATURE_GRAPHITE_HOST="192.168.99.100" -e ICINGA2_FEATURE_GRAPHITE_PORT=2003 icinga/icinga2 119 | 120 | Example for a Graphite container called `graphite`: 121 | 122 | docker run -d --name graphite --restart=always -p 9090:80 -p 2003:2003 hopsoft/graphite-statsd 123 | 124 | ### Icinga Web 2 125 | 126 | Icinga Web 2 can be accessed at http://localhost:3080/icingaweb2 w/ `icingaadmin:icinga` as credentials. 127 | 128 | The configuration is located in /etc/icingaweb2 which is exposed as [volume](#volumes) from 129 | docker. 130 | 131 | By default the icingaweb2 database is created including the `icingaadmin` user. Additional 132 | configuration is also added to skip the setup wizard. 133 | 134 | ## Ports 135 | 136 | The following ports are exposed: 137 | 138 | Port | Service 139 | ---------|--------- 140 | 22 | SSH 141 | 80 | HTTP 142 | 443 | HTTPS 143 | 3306 | MySQL 144 | 5665 | Icinga 2 API & Cluster 145 | 146 | ## Volumes 147 | 148 | These volumes can be mounted in order to test and develop various stuff. 149 | 150 | /etc/icinga2 151 | /etc/icingaweb2 152 | 153 | /var/lib/icinga2 154 | /usr/share/icingaweb2 155 | 156 | /var/lib/mysql 157 | 158 | # Thanks 159 | 160 | * Jordan Jethwa for the initial [icinga2 docker image for Debian](https://github.com/jjethwa/icinga2) 161 | 162 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | #/****************************************************************************** 2 | # * docker-icinga2-demo * 3 | # * Dockerfile for Icinga 2 and Icinga Web 2 * 4 | # * Copyright (C) 2015-2017 Icinga Development Team (https://www.icinga.com) * 5 | # * * 6 | # * This program is free software; you can redistribute it and/or * 7 | # * modify it under the terms of the GNU General Public License * 8 | # * as published by the Free Software Foundation; either version 2 * 9 | # * of the License, or (at your option) any later version. * 10 | # * * 11 | # * This program is distributed in the hope that it will be useful, * 12 | # * but WITHOUT ANY WARRANTY; without even the implied warranty of * 13 | # * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 14 | # * GNU General Public License for more details. * 15 | # * * 16 | # * You should have received a copy of the GNU General Public License * 17 | # * along with this program; if not, write to the Free Software Foundation * 18 | # * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. * 19 | # ******************************************************************************/ 20 | 21 | FROM centos:centos7 22 | 23 | MAINTAINER Icinga Development Team 24 | 25 | # for systemd 26 | ENV container docker 27 | 28 | RUN yum -y update; yum clean all; \ 29 | yum -y install epel-release; yum clean all; \ 30 | yum -y install http://packages.icinga.com/epel/7/release/noarch/icinga-rpm-release-7-1.el7.centos.noarch.rpm; yum clean all 31 | 32 | # docs are not installed by default https://github.com/docker/docker/issues/10650 https://registry.hub.docker.com/_/centos/ 33 | # official docs are wrong, go for http://superuser.com/questions/784451/centos-on-docker-how-to-install-doc-files 34 | # we'll need that for mysql schema import for icingaweb2 35 | RUN [ -f /etc/rpm/macros.imgcreate ] && sed -i '/excludedocs/d' /etc/rpm/macros.imgcreate || exit 0 36 | RUN [ -f /etc/yum.conf ] && sed -i '/nodocs/d' /etc/yum.conf || exit 0 37 | 38 | RUN yum -y install vim hostname bind-utils cronie logrotate supervisor openssh openssh-server openssh-client rsyslog sudo passwd sed which vim-enhanced pwgen psmisc mailx \ 39 | httpd nagios-plugins-all mariadb-server mariadb-libs mariadb; \ 40 | yum -y install --enablerepo=icinga-snapshot-builds icinga2 icinga2-doc icinga2-ido-mysql icingaweb2 icingacli php-ZendFramework php-ZendFramework-Db-Adapter-Pdo-Mysql; \ 41 | yum clean all; 42 | 43 | # create api certificates and users (will be overridden later) 44 | RUN icinga2 api setup 45 | 46 | # set icinga2 NodeName and create proper certificates required for the API 47 | RUN sed -i -e 's/^.* NodeName = .*/const NodeName = "docker-icinga2-demo"/gi' /etc/icinga2/constants.conf; \ 48 | icinga2 pki new-cert --cn docker-icinga2-demo --key /etc/icinga2/pki/docker-icinga2-demo.key --csr /etc/icinga2/pki/docker-icinga2-demo.csr; \ 49 | icinga2 pki sign-csr --csr /etc/icinga2/pki/docker-icinga2-demo.csr --cert /etc/icinga2/pki/docker-icinga2-demo.crt; 50 | 51 | # includes supervisor config 52 | ADD content/ / 53 | RUN chmod u+x /opt/icinga2/initdocker 54 | 55 | 56 | # no PAM 57 | # http://stackoverflow.com/questions/18173889/cannot-access-centos-sshd-on-docker 58 | RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config && sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config; \ 59 | echo "sshd: ALL" >> /etc/hosts.allow; \ 60 | rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key && \ 61 | ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_ecdsa_key && \ 62 | ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key && \ 63 | echo 'root:icingar0xx' | chpasswd; \ 64 | useradd -g wheel appuser; \ 65 | echo 'appuser:appuser' | chpasswd; \ 66 | sed -i -e 's/^\(%wheel\s\+.\+\)/#\1/gi' /etc/sudoers; \ 67 | echo -e '\n%wheel ALL=(ALL) ALL' >> /etc/sudoers; \ 68 | echo -e '\nDefaults:root !requiretty' >> /etc/sudoers; \ 69 | echo -e '\nDefaults:%wheel !requiretty' >> /etc/sudoers; \ 70 | echo 'syntax on' >> /root/.vimrc; \ 71 | echo 'alias vi="vim"' >> /root/.bash_profile; \ 72 | echo 'syntax on' >> /home/appuser/.vimrc; \ 73 | echo 'alias vi="vim"' >> /home/appuser/.bash_profile; 74 | 75 | # fixes at build time (we can't do that at user's runtime) 76 | # setuid problem https://github.com/docker/docker/issues/6828 77 | # 4755 ping is required for icinga user calling check_ping 78 | # can be circumvented for icinga2.cmd w/ mkfifo and chown 79 | # (icinga2 does not re-create the file) 80 | RUN mkdir -p /var/log/supervisor; \ 81 | chmod 4755 /bin/ping /bin/ping6; \ 82 | chown -R icinga:root /etc/icinga2; \ 83 | mkdir -p /etc/icinga2/pki; \ 84 | chown -R icinga:icinga /etc/icinga2/pki; \ 85 | mkdir -p /var/run/icinga2; \ 86 | mkdir -p /var/log/icinga2; \ 87 | chown icinga:icingacmd /var/run/icinga2; \ 88 | chown icinga:icingacmd /var/log/icinga2; \ 89 | mkdir -p /var/run/icinga2/cmd; \ 90 | mkfifo /var/run/icinga2/cmd/icinga2.cmd; \ 91 | chown -R icinga:icingacmd /var/run/icinga2/cmd; \ 92 | chmod 2750 /var/run/icinga2/cmd; \ 93 | chown -R icinga:icinga /var/lib/icinga2; \ 94 | usermod -a -G icingacmd apache >> /dev/null; \ 95 | chown root:icingaweb2 /etc/icingaweb2; \ 96 | chmod 2770 /etc/icingaweb2; \ 97 | mkdir -p /etc/icingaweb2/enabledModules; \ 98 | chown -R apache:icingaweb2 /etc/icingaweb2/*; \ 99 | find /etc/icingaweb2 -type f -name "*.ini" -exec chmod 660 {} \; ; \ 100 | find /etc/icingaweb2 -type d -exec chmod 2770 {} \; 101 | 102 | # configure PHP timezone 103 | RUN sed -i 's/;date.timezone =/date.timezone = UTC/g' /etc/php.ini 104 | 105 | # ports (icinga2 api & cluster (5665), mysql (3306)) 106 | EXPOSE 22 80 443 5665 3306 107 | 108 | # volumes 109 | VOLUME ["/etc/icinga2", "/etc/icingaweb2", "/var/lib/icinga2", "/usr/share/icingaweb2", "/var/lib/mysql"] 110 | 111 | # change this to entrypoint preventing bash login 112 | CMD ["/opt/icinga2/initdocker"] 113 | #ENTRYPOINT ["/opt/icinga2/initdocker"] 114 | 115 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | , 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. --------------------------------------------------------------------------------