summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG9
-rw-r--r--Dockerfile59
-rw-r--r--README.md39
-rw-r--r--munin.conf24
-rw-r--r--nginx-munin20
-rw-r--r--nginx.conf11
-rwxr-xr-xstart-munin.sh58
-rwxr-xr-xtest/start_test.sh12
8 files changed, 118 insertions, 114 deletions
diff --git a/CHANGELOG b/CHANGELOG
deleted file mode 100644
index b0c56a7..0000000
--- a/CHANGELOG
+++ /dev/null
@@ -1,9 +0,0 @@
-# v7 - 2 Nov 2016
-
-* Add support for graph CGI
-
-# v5 - 30 Apr 2015
-
-* Graceful shutdown
-* Do not repeat configuration on restart
-* Email for alerts
diff --git a/Dockerfile b/Dockerfile
index c87f487..fd9120e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,24 +1,57 @@
-FROM ubuntu:14.04
+FROM alpine:latest
-MAINTAINER Leo Unbekandt <leo@scalingo.com>
+MAINTAINER Suren Chilingaryan <csa@suren.me>
-RUN adduser --system --home /var/lib/munin --shell /bin/false --uid 1103 --group munin
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.8/supercronic-linux-amd64 \
+ SUPERCRONIC=supercronic-linux-amd64 \
+ SUPERCRONIC_SHA1SUM=be43e64c45acd6ec4fce5831e03759c89676a0ea
-RUN apt-get update -qq && RUNLEVEL=1 DEBIAN_FRONTEND=noninteractive \
- apt-get install -y -qq cron munin munin-node nginx wget heirloom-mailx patch spawn-fcgi libcgi-fast-perl
-RUN rm /etc/nginx/sites-enabled/default && mkdir -p /var/cache/munin/www && chown munin:munin /var/cache/munin/www && mkdir -p /var/run/munin && chown -R munin:munin /var/run/munin
+VOLUME /munin
+#Only small temporary files, doesn't need volume
+#VOLUME /var/lib/nginx
-VOLUME /var/lib/munin
-VOLUME /var/log/munin
+RUN packages="munin nginx wget heirloom-mailx patch spawn-fcgi perl-cgi-fast curl busybox-extras font-adobe-75dpi"; \
+ apk update && apk upgrade && apk add --no-cache $packages \
+ && curl -fsSLO "$SUPERCRONIC_URL" \
+ && echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
+ && chmod +x "$SUPERCRONIC" \
+ && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
+ && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
ADD ./munin.conf /etc/munin/munin.conf
ADD ./nginx.conf /etc/nginx/nginx.conf
ADD ./nginx-munin /etc/nginx/sites-enabled/munin
-ADD ./start-munin.sh /munin
-ADD ./munin-graph-logging.patch /usr/share/munin
-ADD ./munin-update-logging.patch /usr/share/munin
+ADD ./start-munin.sh /munin.sh
+ADD ./munin-graph-logging.patch /usr/lib/munin
+ADD ./munin-update-logging.patch /usr/lib/munin
-RUN cd /usr/share/munin && patch munin-graph < munin-graph-logging.patch && patch munin-update < munin-update-logging.patch
+# rsyslog is not actually used, but I keep here configuration just in case
+# Nginx always creates error_log in /var/log/nginx, but doesn't write there if other locating is configured
+RUN \
+ #sed -i -e 's|^$FileOwner|#$FileOwner|' "/etc/rsyslog.conf" && \
+ #sed -i -e 's|^$FileGroup|#$FileGroup|' "/etc/rsyslog.conf" && \
+ #sed -i -e 's|^$PrivDrop|#$PrivDrop|' "/etc/rsyslog.conf" && \
+ #sed -i -e 's|^$ModLoad imuxsock|#$ModLoad imuxsock|' "/etc/rsyslog.conf" && \
+ #sed -i -e 's|^$ModLoad imklog|#$ModLoad imklog|' "/etc/rsyslog.conf" && \
+ \
+ rm -rf /var/log/nginx && \
+ ln -s /tmp /var/log/nginx && \
+ ln -s /tmp /var/lib/nginx/logs && \
+ rm -f /etc/nginx/conf.d/default.conf && \
+ rm -f /etc/nginx/sites-enabled/default && \
+ \
+ ln -s /usr/share/webapps/munin/cgi /usr/lib/munin/cgi && \
+ cd /usr/lib/munin && patch munin-graph < munin-graph-logging.patch && patch munin-update < munin-update-logging.patch && \
+ sed -re "/@[[:alnum:]]+/ d; s|munin if|if|" /etc/munin/munin.cron.sample > /etc/munin/munin.cron && \
+ \
+ bash -c "mkdir -p /munin/{db,run,log,www/cache}" && \
+ ln -s ../www/cache /munin/db/cgi-tmp && \
+ rm -rf /var/lib/munin/cgi-tmp && \
+ ln -s /munin/www/cache /var/lib/munin/cgi-tmp && \
+ \
+ chgrp -R root /munin /etc/munin/munin.conf /var/tmp/nginx /var/lib/nginx && \
+ chmod -R g+rw /munin /etc/munin/munin.conf /var/tmp/nginx && \
+ for name in "/var/tmp/nginx /munin/"; do find $name -type d -print0 | xargs -0 chmod g+x; done
EXPOSE 8080
-CMD ["bash", "/munin"]
+CMD ["bash", "/munin.sh"]
diff --git a/README.md b/README.md
index cc39d1b..7ab1cc7 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,17 @@
# Docker image for munin server
+## Note
+The package is based on the original Scalingo docker image which was modified to run OpenShift platform.
+Major modifications:
+ * Runs under non-privileged user
+ * Based on Alpine Linux
+ * Database and lockfiles can be mounted as a single volume
+ * Authentication support is dropped, email notifications are not checked
+
## Configuration
All the configuration is done through the environment.
-### HTTP Credentials
-
-These are the credentials used to authenticate the HTTP dashboard; both take a space-delimited list
-
-* `MUNIN_USERS`
-* `MUNIN_PASSWORDS`
-
### SMTP info for alerts
Email credentials used to send emails (like alerts)
@@ -46,10 +47,10 @@ Container is listening on the port 8080
For a bit of persistency
-* /var/log/munin -> logs
-* /var/lib/munin -> db
-* /var/run/munin -> lock and pid files
-* /var/cache/munin -> file deserved by HTTP
+* /minin -> everything: configuration, database, locks, and log files
+* /munin/db -> db
+* /munin/run -> locks
+* /munin/log -> log files
## How to use the image
@@ -57,12 +58,7 @@ For a bit of persistency
docker build -t munin-server .
docker run -d \
-p 8080:8080 \
- -v /var/log/munin:/var/log/munin \
- -v /var/lib/munin:/var/lib/munin \
- -v /var/run/munin:/var/run/munin \
- -v /var/cache/munin:/var/cache/munin \
- -e MUNIN_USERS='http-user another-user' \
- -e MUNIN_PASSWORDS='secret-password other-users-password' \
+ -v /var/lib/munin:/munin \
-e SMTP_HOST=smtp.example.com \
-e SMTP_PORT=587 \
-e SMTP_USERNAME=smtp-username \
@@ -76,12 +72,3 @@ docker run -d \
-e SNMP_NODES="router1:10.0.0.254:9999" \
munin-server
```
-
-You can now reach your munin-server on port 8080 of your host. It will display at the first run:
-
-```
-Munin has not run yet. Please try again in a few moments.
-```
-
-Every 5 minutes munin-server will interrogate its nodes and build the graphs and store the data.
-That's only after the first data fetching operation that the first graphs will appear.
diff --git a/munin.conf b/munin.conf
index 9dacba5..5ceff3f 100644
--- a/munin.conf
+++ b/munin.conf
@@ -1,20 +1,20 @@
-#dbdir /var/lib/munin
-#htmldir /var/cache/munin/www
-#logdir /var/log/munin
-#rundir /var/run/munin
-#tmpldir /etc/munin/templates
-#staticdir /etc/munin/static
-includedir /etc/munin/munin-conf.d
-#graph_period second
-#munin_cgi_graph_jobs 6
+dbdir /munin/db
+rundir /munin/run
+htmldir /munin/www
+logdir /munin/log
+
+includedir /etc/munin/munin-conf.d
+tmpldir /etc/munin/templates
+staticdir /etc/munin/static
-## html_strategy cron|cgi
-html_strategy cron
-## graph_strategy cron|cgi
+# strategies cron|cgi
+html_strategy cgi
graph_strategy cgi
cgiurl_graph /munin-cgi/munin-cgi-graph
#max_size_x 4000
#max_size_y 4000
#max_processes 16
+#munin_cgi_graph_jobs 6
+#graph_period second
#rrdcached_socket /var/run/rrdcached.sock
diff --git a/nginx-munin b/nginx-munin
index d0f5da9..07451b3 100644
--- a/nginx-munin
+++ b/nginx-munin
@@ -2,24 +2,28 @@ server {
listen 8080 default_server;
server_name munin;
- access_log /var/log/nginx/munin-access.log;
- error_log /var/log/nginx/munin-server.log;
+ access_log /proc/self/fd/1;
+ error_log /proc/self/fd/2;
- auth_basic "Munin Server";
- auth_basic_user_file "/etc/munin/htpasswd.users";
+ location /munin/static {
+ alias /etc/munin/static;
+ }
- location /munin {
- root /var/cache/munin/www;
+ location ^~ /munin/ {
+ fastcgi_split_path_info ^(/munin)(.*);
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_pass 127.0.0.1:9001;
+ include fastcgi_params;
}
location ^~ /munin-cgi/munin-cgi-graph/ {
fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
+ fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}
location / {
- root "/var/cache/munin/www";
+ rewrite ^/$ /munin/ redirect; break;
}
}
diff --git a/nginx.conf b/nginx.conf
index 7fb8e46..1634164 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,6 +1,6 @@
-user munin;
worker_processes 4;
-pid /run/nginx.pid;
+pid /tmp/nginx.pid;
+error_log /proc/self/fd/2 warn;
events {
worker_connections 768;
@@ -17,8 +17,11 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
+ #client_body_temp_path /tmp/nginx/temp;
+ #proxy_temp_path /tmp/nginx/proxy;
+
+ access_log /proc/self/fd/1;
+ error_log /proc/self/fd/2;
gzip on;
gzip_disable "msie6";
diff --git a/start-munin.sh b/start-munin.sh
index 71b2359..e224de1 100755
--- a/start-munin.sh
+++ b/start-munin.sh
@@ -1,22 +1,24 @@
#!/bin/bash
+
NODES=${NODES:-}
SNMP_NODES=${SNMP_NODES:-}
SSH_NODES=${SSH_NODES:-}
MUNIN_USERS=${MUNIN_USERS:-${MUNIN_USER:-user}}
MUNIN_PASSWORDS=${MUNIN_PASSWORDS:-${MUNIN_PASSWORD:-password}}
-MAIL_CONF_PATH='/var/lib/munin/.mailrc'
+MAIL_CONF_PATH='/munin/db/.mailrc'
SMTP_USE_TLS=${SMTP_USE_TLS:-false}
SMTP_ALWAYS_SEND=${SMTP_ALWAYS_SEND:-true}
SMTP_MESSAGE_DEFAULT='[${var:group};${var:host}] -> ${var:graph_title} -> warnings: ${loop<,>:wfields ${var:label}=${var:value}} / criticals: ${loop<,>:cfields ${var:label}=${var:value}}'
SMTP_MESSAGE="${SMTP_MESSAGE:-$SMTP_MESSAGE_DEFAULT}"
-truncate -s 0 "${MAIL_CONF_PATH}"
-# set volume ownerships
-chown -R munin:munin /var/log/munin
-chown -R munin:munin /var/lib/munin
-chown -R munin:munin /var/run/munin
-chown -R munin:munin /var/cache/munin
+mkdir -p /munin/{db,run,log,www/cache}
+[ -a /munin/db/cgi-tmp ] || ln -s ../www/cache /munin/db/cgi-tmp
+[ -a /var/lib/munin/cgi-tmp ] || ln -s /munin/www/cache /var/lib/munin/cgi-tmp
+[ -a /var/log/nginx ] || ln -s /tmp /var/log/nginx
+
+
+truncate -s 0 "${MAIL_CONF_PATH}"
if [ "${SMTP_USE_TLS}" = true ] ; then
cat >> "${MAIL_CONF_PATH}" <<EOF
@@ -48,17 +50,6 @@ if [ $rc -ne 0 -a -n "${ALERT_RECIPIENT}" -a -n "${ALERT_SENDER}" ] ; then
fi
fi
-# generate the Munin auth username/password file
-if [ ! -f /etc/munin/htpasswd.users ]; then
- uc=0
- IFS=' ' read -ra ARR_USERS <<< "$MUNIN_USERS"
- IFS=' ' read -ra ARR_PASSWORDS <<< "$MUNIN_PASSWORDS"
- for u in "${ARR_USERS[@]}"; do
- printf "${u}:`openssl passwd -apr1 ${ARR_PASSWORDS[uc]}`\n" >> /etc/munin/htpasswd.users
- (( uc++ ))
- done
-fi
-
# generate node list
for NODE in $NODES
do
@@ -121,10 +112,10 @@ EOF
fi
done
-[ -d /var/cache/munin/www ] || mkdir /var/cache/munin/www
+
# placeholder html to prevent permission error
-if [ ! -e /var/cache/munin/www/index.html ]; then
-cat << EOF > /var/cache/munin/www/index.html
+if [ ! -e /munin/www/index.html ]; then
+cat << EOF > /munin/www/index.html
<html>
<head>
<title>Munin</title>
@@ -134,35 +125,34 @@ Munin has not run yet. Please try again in a few moments.
</body>
</html>
EOF
-chown munin:munin -R /var/cache/munin/www
-chmod g+w /var/cache/munin/www/index.html
fi
# start rsyslogd
-/usr/sbin/rsyslogd
-# start cron
-/usr/sbin/cron
-# Issue: 'NUMBER OF HARD LINKS > 1' prevents cron exec in container
-# https://github.com/phusion/baseimage-docker/issues/198
-touch /etc/crontab /etc/cron.d/*
-# start local munin-node
-/usr/sbin/munin-node
+truncate -s 0 /tmp/rsyslogd.pid
+#/usr/sbin/rsyslogd -i /tmp/rsyslogd.pid
+
+# start munin updates
+truncate -s 0 /munin/log/munin-update.log
+/usr/local/bin/supercronic -split-logs /etc/munin/munin.cron & cron_pid=$!
+
+
echo "Using the following munin nodes:"
echo $NODES
echo "(ssh) $SSH_NODES"
echo "(snmp) $SNMP_NODES"
# start spawn-cgi to enable CGI interface with munin (dynamix graph generation)
-spawn-fcgi -s /var/run/munin/fcgi-graph.sock -U munin -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph
+spawn-fcgi -p 9000 /usr/lib/munin/cgi/munin-cgi-graph
+spawn-fcgi -p 9001 /usr/lib/munin/cgi/munin-cgi-html
# start nginx
/usr/sbin/nginx
# show logs
echo "Tailing syslog and munin-update log..."
-tail -F /var/log/syslog /var/log/munin/munin-update.log & pid=$!
+tail -F /munin/log/munin-update.log & pid=$!
echo "tail -F running in $pid"
sleep 1
-trap "echo 'stopping processes' ; kill $pid $(cat /var/run/munin/munin-node.pid) $(cat /var/run/nginx.pid) $(cat /var/run/crond.pid) $(cat /var/run/rsyslogd.pid)" SIGTERM SIGINT
+trap "echo 'stopping processes' ; kill $pid $cron_pid $(cat /tmp/nginx.pid) $(cat /tmp/rsyslogd.pid)" SIGTERM SIGINT
echo "Waiting for signal SIGINT/SIGTERM"
wait
diff --git a/test/start_test.sh b/test/start_test.sh
index 7f81e69..f348c7b 100755
--- a/test/start_test.sh
+++ b/test/start_test.sh
@@ -8,12 +8,8 @@ fi
basedir="$( cd -P "$( dirname "$0" )" && pwd )/munin"
docker run -it \
+ -u 1001 \
-p 8080:8080 \
- -v $basedir/log:/var/log/munin \
- -v $basedir/lib:/var/lib/munin \
- -v $basedir/run:/run/munin \
- -v $basedir/cache:/var/cache/munin \
- -e MUNIN_USER=user \
- -e MUNIN_PASSWORD=secret \
- -e NODES="172.17.0.1:$(hostname)" \
- $1
+ -v $basedir:/munin \
+ -e NODES="styx:192.168.26.117" \
+ "$@"