From b51a8f1fbaab4da013d12aeb8f3ab4e7ac9acac1 Mon Sep 17 00:00:00 2001 From: Torsten Wilms Date: Wed, 23 Feb 2022 17:52:13 +0100 Subject: [PATCH 1/4] add cron support --- Dockerfile | 5 +++++ Dockerfile.arm32v7 | 1 + Dockerfile.arm64v8 | 1 + content/etc/cron.d/icingacli_x509 | 4 ++++ docker-compose.yml | 1 + 5 files changed, 12 insertions(+) create mode 100644 content/etc/cron.d/icingacli_x509 diff --git a/Dockerfile b/Dockerfile index ec164fe9..45c34f93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,6 +51,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ supervisor \ unzip \ wget \ + cron \ && apt-get -y --purge remove exim4 exim4-base exim4-config exim4-daemon-light \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -138,6 +139,10 @@ RUN true \ /bin/ping6 \ /usr/lib/nagios/plugins/check_icmp +COPY cron.d/icingacli_x509 /etc/cron.d/icingacli_x509 +RUN chmod 0644 /etc/cron.d/icingacli_x509 \ + && crontab /etc/cron.d/icingacli_x509 + EXPOSE 80 443 5665 # Initialize and run Supervisor diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 index b6254ba1..37d7a3e0 100644 --- a/Dockerfile.arm32v7 +++ b/Dockerfile.arm32v7 @@ -59,6 +59,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ supervisor \ unzip \ wget \ + cron \ && apt-get -y --purge remove exim4 exim4-base exim4-config exim4-daemon-light \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index 0303d995..0fa53d98 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 @@ -60,6 +60,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ supervisor \ unzip \ wget \ + cron \ && apt-get -y --purge remove exim4 exim4-base exim4-config exim4-daemon-light \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* diff --git a/content/etc/cron.d/icingacli_x509 b/content/etc/cron.d/icingacli_x509 new file mode 100644 index 00000000..4caed4ed --- /dev/null +++ b/content/etc/cron.d/icingacli_x509 @@ -0,0 +1,4 @@ +# If you enabled x509 module you can use the cronjobs to insert/refresh your certificates. + +#30 2 * * * /usr/bin/icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt +#00 4 * * * /usr/bin/icingacli x509 scan --job \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 5da273cc..ba680af0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,6 +37,7 @@ services: - ./data/icinga/log/icingaweb2:/var/log/icingaweb2 - ./data/icinga/log/mysql:/var/log/mysql - ./data/icinga/spool:/var/spool/icinga2 + - ./data/icinga/cron.d/icingacli_x509:/etc/cron.d/icingacli_x509 # Sending e-mail # See: https://github.com/jjethwa/icinga2#sending-notification-mails # If you want to enable outbound e-mail, edit the file mstmp/msmtprc From 15a44cbec3693f5fe20cc7b1f33145793d2b7994 Mon Sep 17 00:00:00 2001 From: Torsten Wilms Date: Wed, 23 Feb 2022 18:15:14 +0100 Subject: [PATCH 2/4] cron --- Dockerfile | 7 ++++--- content/etc/cron.d/icingacli_x509 | 6 ++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 45c34f93..ea8c5db7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -132,6 +132,9 @@ RUN true \ && mkdir -p /var/log/icinga2 \ && chmod 755 /var/log/icinga2 \ && chown nagios:adm /var/log/icinga2 \ + && chmod 0644 /etc/cron.d/icingacli_x509 \ + && touch /var/log/cron.log \ + && crontab /etc/cron.d/icingacli_x509 \ && rm -rf \ /var/lib/mysql/* \ && chmod u+s,g+s \ @@ -139,9 +142,7 @@ RUN true \ /bin/ping6 \ /usr/lib/nagios/plugins/check_icmp -COPY cron.d/icingacli_x509 /etc/cron.d/icingacli_x509 -RUN chmod 0644 /etc/cron.d/icingacli_x509 \ - && crontab /etc/cron.d/icingacli_x509 +CMD cron && tail -f /var/log/cron.log EXPOSE 80 443 5665 diff --git a/content/etc/cron.d/icingacli_x509 b/content/etc/cron.d/icingacli_x509 index 4caed4ed..6f8cee7b 100644 --- a/content/etc/cron.d/icingacli_x509 +++ b/content/etc/cron.d/icingacli_x509 @@ -1,4 +1,6 @@ # If you enabled x509 module you can use the cronjobs to insert/refresh your certificates. -#30 2 * * * /usr/bin/icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt -#00 4 * * * /usr/bin/icingacli x509 scan --job \ No newline at end of file +#30 2 * * * www-data /usr/bin/icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt 2>&1 +#00 4 * * * www-data /usr/bin/icingacli x509 scan --job 2>&1 + +* * * * * www-data echo $(date) >> /tmp/cron.log 2>&1 \ No newline at end of file From 61568078896fb790c3d68fce145e0c8655dbc978 Mon Sep 17 00:00:00 2001 From: Torsten Wilms Date: Wed, 23 Feb 2022 19:11:33 +0100 Subject: [PATCH 3/4] add final cron serice enabled for icinga x509 support --- Dockerfile | 4 ---- Dockerfile.arm32v7 | 1 + Dockerfile.arm64v8 | 1 + content/etc/cron.d/icingacli_x509 | 6 ------ content/etc/supervisor/conf.d/cron.conf | 8 ++++++++ content/opt/setup/55-cron | 18 ++++++++++++++++++ content/opt/supervisor/cron_supervisor | 10 ++++++++++ docker-compose.yml | 2 +- 8 files changed, 39 insertions(+), 11 deletions(-) delete mode 100644 content/etc/cron.d/icingacli_x509 create mode 100644 content/etc/supervisor/conf.d/cron.conf create mode 100755 content/opt/setup/55-cron create mode 100755 content/opt/supervisor/cron_supervisor diff --git a/Dockerfile b/Dockerfile index ea8c5db7..37022446 100644 --- a/Dockerfile +++ b/Dockerfile @@ -132,9 +132,7 @@ RUN true \ && mkdir -p /var/log/icinga2 \ && chmod 755 /var/log/icinga2 \ && chown nagios:adm /var/log/icinga2 \ - && chmod 0644 /etc/cron.d/icingacli_x509 \ && touch /var/log/cron.log \ - && crontab /etc/cron.d/icingacli_x509 \ && rm -rf \ /var/lib/mysql/* \ && chmod u+s,g+s \ @@ -142,8 +140,6 @@ RUN true \ /bin/ping6 \ /usr/lib/nagios/plugins/check_icmp -CMD cron && tail -f /var/log/cron.log - EXPOSE 80 443 5665 # Initialize and run Supervisor diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 index 37d7a3e0..1af36299 100644 --- a/Dockerfile.arm32v7 +++ b/Dockerfile.arm32v7 @@ -140,6 +140,7 @@ RUN true \ && mkdir -p /var/log/icinga2 \ && chmod 755 /var/log/icinga2 \ && chown nagios:adm /var/log/icinga2 \ + && touch /var/log/cron.log \ && rm -rf \ /var/lib/mysql/* \ && chmod u+s,g+s \ diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index 0fa53d98..17277c12 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 @@ -141,6 +141,7 @@ RUN true \ && mkdir -p /var/log/icinga2 \ && chmod 755 /var/log/icinga2 \ && chown nagios:adm /var/log/icinga2 \ + && touch /var/log/cron.log \ && rm -rf \ /var/lib/mysql/* \ && chmod u+s,g+s \ diff --git a/content/etc/cron.d/icingacli_x509 b/content/etc/cron.d/icingacli_x509 deleted file mode 100644 index 6f8cee7b..00000000 --- a/content/etc/cron.d/icingacli_x509 +++ /dev/null @@ -1,6 +0,0 @@ -# If you enabled x509 module you can use the cronjobs to insert/refresh your certificates. - -#30 2 * * * www-data /usr/bin/icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt 2>&1 -#00 4 * * * www-data /usr/bin/icingacli x509 scan --job 2>&1 - -* * * * * www-data echo $(date) >> /tmp/cron.log 2>&1 \ No newline at end of file diff --git a/content/etc/supervisor/conf.d/cron.conf b/content/etc/supervisor/conf.d/cron.conf new file mode 100644 index 00000000..cfd86c7f --- /dev/null +++ b/content/etc/supervisor/conf.d/cron.conf @@ -0,0 +1,8 @@ +[program:crond] +command = /opt/supervisor/cron_supervisor +autostart = true +autorestart = true +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 +stderr_logfile = /dev/stderr +stderr_logfile_maxbytes = 0 \ No newline at end of file diff --git a/content/opt/setup/55-cron b/content/opt/setup/55-cron new file mode 100755 index 00000000..59115b5a --- /dev/null +++ b/content/opt/setup/55-cron @@ -0,0 +1,18 @@ +#!/bin/bash + +. /opt/helpers + +if [ ! -f "/etc/cron.d/icinga" ]; then + echo "=> Copying icinga cronfile for /etc/cron.d" + + cat >/etc/cron.d/icinga <<-END + # If you enabled x509 module you can use the cronjobs to insert/refresh your certificates. + + #30 2 * * * /usr/bin/icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt 2>&1 + #00 4 * * * /usr/bin/icingacli x509 scan --job 2>&1 + + * * * * * echo $(date) >> /tmp/cron.log 2>&1 + END + + chmod 0644 /etc/cron.d/icinga +fi diff --git a/content/opt/supervisor/cron_supervisor b/content/opt/supervisor/cron_supervisor new file mode 100755 index 00000000..bec96065 --- /dev/null +++ b/content/opt/supervisor/cron_supervisor @@ -0,0 +1,10 @@ +#!/bin/bash + +. /opt/helpers + +service cron start + +# Allow any signal which would kill a process to stop server +trap "service cron stop" HUP INT QUIT ABRT ALRM TERM TSTP + +while pgrep -u root cron > /dev/null; do sleep 5; done diff --git a/docker-compose.yml b/docker-compose.yml index ba680af0..211cf02f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,7 +37,7 @@ services: - ./data/icinga/log/icingaweb2:/var/log/icingaweb2 - ./data/icinga/log/mysql:/var/log/mysql - ./data/icinga/spool:/var/spool/icinga2 - - ./data/icinga/cron.d/icingacli_x509:/etc/cron.d/icingacli_x509 + - ./data/icinga/cron.d/icinga:/etc/cron.d/icinga # Sending e-mail # See: https://github.com/jjethwa/icinga2#sending-notification-mails # If you want to enable outbound e-mail, edit the file mstmp/msmtprc From 6143657337433ab7820155b4fc417316cbf1ad90 Mon Sep 17 00:00:00 2001 From: Torsten Wilms Date: Wed, 23 Feb 2022 19:11:57 +0100 Subject: [PATCH 4/4] add final cron serice enabled for icinga x509 support --- content/opt/setup/55-cron | 2 -- 1 file changed, 2 deletions(-) diff --git a/content/opt/setup/55-cron b/content/opt/setup/55-cron index 59115b5a..ad76a379 100755 --- a/content/opt/setup/55-cron +++ b/content/opt/setup/55-cron @@ -10,8 +10,6 @@ if [ ! -f "/etc/cron.d/icinga" ]; then #30 2 * * * /usr/bin/icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt 2>&1 #00 4 * * * /usr/bin/icingacli x509 scan --job 2>&1 - - * * * * * echo $(date) >> /tmp/cron.log 2>&1 END chmod 0644 /etc/cron.d/icinga