From 48e6ed123e013c5f661fa90507e21333949cc951 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Mon, 22 Jun 2020 13:27:46 +0200 Subject: [PATCH 1/2] entrypoint/: run given command refs #1 --- deps.Dockerfile | 12 +++++++ entrypoint/go.mod | 5 +++ entrypoint/go.sum | 8 +++++ entrypoint/main.go | 81 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 106 insertions(+) create mode 100644 entrypoint/go.mod create mode 100644 entrypoint/go.sum create mode 100644 entrypoint/main.go diff --git a/deps.Dockerfile b/deps.Dockerfile index 58d8c4d..1d78371 100644 --- a/deps.Dockerfile +++ b/deps.Dockerfile @@ -1,3 +1,11 @@ +FROM golang:buster as entrypoint + +COPY entrypoint /entrypoint + +WORKDIR /entrypoint +RUN ["go", "build", "."] + + FROM buildpack-deps:scm as clone SHELL ["/bin/bash", "-exo", "pipefail", "-c"] @@ -51,9 +59,13 @@ FROM debian:buster-slim RUN ["/bin/bash", "-exo", "pipefail", "-c", "export DEBIAN_FRONTEND=noninteractive; apt-get update; apt-get install --no-install-{recommends,suggests} -y libboost-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}1.67 libedit2 libmariadb3 libmoosex-role-timer-perl libpq5 libssl1.1 mailutils monitoring-plugins openssl postfix; apt-get clean; rm -vrf /var/lib/apt/lists/*"] +COPY --from=entrypoint /entrypoint/entrypoint /entrypoint + RUN ["adduser", "--system", "--group", "--home", "/var/lib/icinga2", "--disabled-login", "--force-badname", "--no-create-home", "icinga"] COPY --from=build /check_mssql_health/bin/ / COPY --from=build /check_nwc_health/bin/ / COPY --from=build /check_postgres/bin/ / COPY --from=clone /check_ssl_cert/check_ssl_cert /usr/lib/nagios/plugins/check_ssl_cert + +ENTRYPOINT ["/entrypoint"] diff --git a/entrypoint/go.mod b/entrypoint/go.mod new file mode 100644 index 0000000..6d0e245 --- /dev/null +++ b/entrypoint/go.mod @@ -0,0 +1,5 @@ +module entrypoint + +go 1.14 + +require golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 diff --git a/entrypoint/go.sum b/entrypoint/go.sum new file mode 100644 index 0000000..5ed72aa --- /dev/null +++ b/entrypoint/go.sum @@ -0,0 +1,8 @@ +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/entrypoint/main.go b/entrypoint/main.go new file mode 100644 index 0000000..5815f5c --- /dev/null +++ b/entrypoint/main.go @@ -0,0 +1,81 @@ +package main + +import ( + "bufio" + "fmt" + "golang.org/x/crypto/ssh/terminal" + "os" + "os/exec" + "path/filepath" + "syscall" + "time" +) + +func main() { + if err := entrypoint(); err != nil { + logf(critical, "%s", err.Error()) + os.Exit(1) + } +} + +func entrypoint() error { + if len(os.Args) < 2 { + logf(warning, "Nothing to do.") + return nil + } + + path := os.Args[1] + if filepath.Base(path) == path { + logf(info, "Looking up %#v in $PATH", path) + + abs, errLP := exec.LookPath(path) + if errLP != nil { + return errLP + } + + path = abs + } + + logf(info, "Running %#v", path) + return syscall.Exec(path, os.Args[1:], os.Environ()) +} + +type logSeverity uint8 + +const ( + info logSeverity = iota + warning + critical +) + +var out = bufio.NewWriter(os.Stderr) +var isTerminal = terminal.IsTerminal(int(os.Stderr.Fd())) + +func logf(severity logSeverity, format string, a ...interface{}) { + var color, colorOff, seeverity string + + switch severity { + case info: + color = "\x1b[32m" + seeverity = "information" + case warning: + color = "\x1b[33m\x1b[1m" + seeverity = "warning" + case critical: + color = "\x1b[31m\x1b[1m" + seeverity = "critical" + } + + if isTerminal { + colorOff = "\x1b[0m" + } else { + color = "" + } + + _, _ = fmt.Fprintf(out, "[%s] ", time.Now().Format("2006-01-02 15:04:05 -0700")) + _, _ = fmt.Fprintf(out, "%s%s%s/DockerEntrypoint: ", color, seeverity, colorOff) + _, _ = fmt.Fprintf(out, format, a...) + + _, _ = fmt.Fprintln(out) + _ = out.Flush() +} From b33ba58a2506f4ecb34b122942f21dab3ed57579 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Mon, 22 Jun 2020 15:24:28 +0200 Subject: [PATCH 2/2] entrypoint/: initialize /data refs #1 --- Dockerfile | 7 ++++++- entrypoint/go.mod | 5 ++++- entrypoint/go.sum | 8 ++++++++ entrypoint/main.go | 28 ++++++++++++++++++++++++++++ 4 files changed, 46 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 703262a..d078403 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,11 @@ FROM icinga/icinga2-deps -COPY --chown=icinga:icinga icinga2-bin/ / +COPY icinga2-bin/ / + +RUN ["install", "-o", "icinga", "-g", "icinga", "-d", "/data"] +VOLUME ["/data"] + +RUN ["bash", "-exo", "pipefail", "-c", "for d in /etc/icinga2 /var/*/icinga2; do mkdir -p $(dirname /data-init$d); mv $d /data-init$d; ln -vs /data$d $d; done"] USER icinga CMD ["icinga2", "daemon"] diff --git a/entrypoint/go.mod b/entrypoint/go.mod index 6d0e245..5b5f2f4 100644 --- a/entrypoint/go.mod +++ b/entrypoint/go.mod @@ -2,4 +2,7 @@ module entrypoint go 1.14 -require golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 +require ( + github.com/otiai10/copy v1.2.0 + golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 +) diff --git a/entrypoint/go.sum b/entrypoint/go.sum index 5ed72aa..44550cd 100644 --- a/entrypoint/go.sum +++ b/entrypoint/go.sum @@ -1,3 +1,11 @@ +github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= +github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= +github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= +github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI= +github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= +github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= +github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc= +github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM= golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= diff --git a/entrypoint/main.go b/entrypoint/main.go index 5815f5c..180db9d 100644 --- a/entrypoint/main.go +++ b/entrypoint/main.go @@ -3,9 +3,11 @@ package main import ( "bufio" "fmt" + "github.com/otiai10/copy" "golang.org/x/crypto/ssh/terminal" "os" "os/exec" + "path" "path/filepath" "syscall" "time" @@ -24,6 +26,32 @@ func entrypoint() error { return nil } + if os.Getpid() == 1 { + logf(info, "Initializing /data as we're the init process (PID 1)") + + for _, dir := range []string{"etc", "var/cache", "var/lib", "var/log", "var/run", "var/spool"} { + dest := path.Join("/data", dir, "icinga2") + logf(info, "Checking %#v", dest) + + if _, errSt := os.Stat(dest); errSt != nil { + if os.IsNotExist(errSt) { + src := path.Join("/data-init", dir, "icinga2") + logf(info, "Copying %#v to %#v", src, dest) + + if errMA := os.MkdirAll(path.Dir(dest), 0755); errMA != nil { + return errMA + } + + if errCp := copy.Copy(src, dest); errCp != nil { + return errCp + } + } else { + return errSt + } + } + } + } + path := os.Args[1] if filepath.Base(path) == path { logf(info, "Looking up %#v in $PATH", path)