Compare commits
No commits in common. "31ea18e04a1b74fcf217c5d87c56b6b10a050dcb" and "3c4e130c4a5a20d97bbfdf77caad9e6363a502a9" have entirely different histories.
31ea18e04a
...
3c4e130c4a
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +0,0 @@
|
|||
secrets.sh
|
15
Dockerfile
15
Dockerfile
|
@ -1,16 +1,9 @@
|
|||
FROM ubuntu:latest
|
||||
|
||||
# Munin
|
||||
# Munin specific
|
||||
VOLUME /opt/munin
|
||||
EXPOSE 2813
|
||||
|
||||
# Monit
|
||||
VOLUME /opt/monit
|
||||
EXPOSE 2812/tcp
|
||||
|
||||
# Dashboard
|
||||
EXPOSE 80
|
||||
|
||||
# Run s6-overlay as the init so we get services and similar
|
||||
ENTRYPOINT [ "/init" ]
|
||||
|
||||
|
@ -22,7 +15,7 @@ WORKDIR /opt/
|
|||
|
||||
# Install and base setup all the things
|
||||
RUN apt update && apt upgrade -y && \
|
||||
apt install -y curl jq xz-utils lm-sensors nano && \
|
||||
apt install -y curl jq xz-utils lm-sensors && \
|
||||
S6_RELEASE=$(curl -sX GET "https://api.github.com/repos/just-containers/s6-overlay/tags" \
|
||||
| jq -r .[0].name); \
|
||||
echo "**** s6-overlay release: ${S6_RELEASE} ****" && \
|
||||
|
@ -35,10 +28,6 @@ RUN apt update && apt upgrade -y && \
|
|||
tar -C / -Jxpf /opt/s6-overlay-noarch.tar.xz && \
|
||||
echo "**** munin related ****" && \
|
||||
apt install -y munin lighttpd && \
|
||||
echo "**** monit related ***" && \
|
||||
apt install -y monit && \
|
||||
echo "**** dashboard related ****" && \
|
||||
apt install -y lighttpd && \
|
||||
echo "**** cleanup ****" && \
|
||||
rm /opt/s6-overlay*.tar.xz && \
|
||||
apt remove --purge -y jq xz-utils && \
|
||||
|
|
35
README.md
35
README.md
|
@ -1,32 +1,6 @@
|
|||
# What is this?
|
||||
Simple container with munin leveraging s6 init for services/cron
|
||||
|
||||
Simple container proving munin and monit with msmtp-mta for email notifications
|
||||
|
||||
# Security Considerations
|
||||
|
||||
- This container does **NOT** setup SSL
|
||||
- This container does **NOT** setup any kind of proper auth for munin
|
||||
- Use a reverse proxy as appropriate for SSL and auth needs
|
||||
- Take note of the `-p` directives in `run.sh` to ensure each service endpoint is properly proxied
|
||||
- It is probably wise to remove the `-p` directives when using a reverse proxy for access
|
||||
|
||||
# Container config
|
||||
|
||||
- Create `secrets.sh` as appropriate, see `secrets.sh.example` for reference
|
||||
- (optoinal) Add `-v /var/containerized-monitoring/misc:/opt/misc` to `run.sh` if you want persistent storage for msmtp-mta config
|
||||
- (optional) Add `-v /var/containerized-monitoring/dashboard:/opt/dashboard` to `run.sh` if you want persistent storage for the simple html dashboard files
|
||||
|
||||
# Container notes
|
||||
|
||||
- I've included `nano` (<1Mb package) to facilitate debugging and tuning from directly within the container
|
||||
|
||||
# Monit
|
||||
|
||||
The included a default setup will perform base monitoring of the container (host). You'll want to source m/monit or similar for monitoring more than the local container/machine
|
||||
|
||||
# Munin
|
||||
|
||||
## Host config (optional)
|
||||
Host config:
|
||||
|
||||
```
|
||||
pacman -S lm_sensors
|
||||
|
@ -34,7 +8,4 @@ sensors-detect # walk through this completely
|
|||
systemctl enable --now lm_sensors
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
- This will throw errors for 5 minutes (max) at first run due to lack of data, it'll self-correct when the munin cron job runs the first time
|
||||
- The web front end for munin will be broken for 5 minutes (max) first run due to the way html rendering works in munin, it'll self-correct when the munin cron job runs the first time
|
||||
**This will throw errors for 5 minutes at first run due to lack of data, it'll self-correct when the munin cron job runs once**
|
||||
|
|
2
build.sh
2
build.sh
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
git pull
|
||||
sudo docker build -t containerized-monitoring:latest -f Dockerfile .
|
||||
sudo docker build --no-cache --pull -t munin:latest -f Dockerfile .
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/command/with-contenv bash
|
||||
|
||||
/usr/sbin/lighttpd -D -f /opt/dashboard/lighttpd.conf
|
|
@ -1 +0,0 @@
|
|||
longrun
|
|
@ -1,5 +0,0 @@
|
|||
#!/command/with-contenv bash
|
||||
|
||||
cd /opt/monit
|
||||
/usr/bin/monit -I \
|
||||
-c /opt/monit/monitrc
|
|
@ -1 +0,0 @@
|
|||
longrun
|
|
@ -1,79 +1,5 @@
|
|||
#!/command/with-contenv bash
|
||||
|
||||
####################
|
||||
# Email notifications
|
||||
####################
|
||||
echo "---------- Setting up email notifications (msmtp-mta) ----------"
|
||||
if [ ! -d "/opt/misc" ] ; then
|
||||
mkdir /opt/misc
|
||||
fi
|
||||
if [ ! -f "/opt/misc/msmtp.log" ] ; then
|
||||
touch /opt/misc/msmtp.log
|
||||
chown root: /opt/misc/msmtp.log
|
||||
chmod 666 /opt/misc/msmtp.log
|
||||
fi
|
||||
if [ ! -f "/opt/misc/aliases" ] ; then
|
||||
cat > /opt/misc/aliases <<EOF
|
||||
root: $CONFIG_NOTIFY_EMAIL
|
||||
cron: $CONFIG_NOTIFY_EMAIL
|
||||
default: $CONFIG_NOTIFY_EMAIL
|
||||
EOF
|
||||
fi
|
||||
if [ ! -f "/opt/misc/msmtprc" ] ; then
|
||||
cat > /opt/misc/msmtprc <<EOF
|
||||
# Accounts will inherit settings from this section
|
||||
defaults
|
||||
auth on
|
||||
tls on
|
||||
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
logfile /opt/misc/msmtp.log
|
||||
|
||||
from $CONFIG_NOTIFY_SMTP_USER
|
||||
keepbcc on
|
||||
|
||||
account containermonitoring
|
||||
host $CONFIG_NOTIFY_SMTP_SERVER
|
||||
port 587
|
||||
auth on
|
||||
user $CONFIG_NOTIFY_SMTP_USER
|
||||
password $CONFIG_NOTIFY_SMTP_PASS
|
||||
|
||||
# Set a default account
|
||||
account default : containermonitoring
|
||||
|
||||
aliases /etc/aliases
|
||||
EOF
|
||||
fi
|
||||
ln -sf /opt/misc/aliases /etc/aliases
|
||||
ln -sf /opt/misc/msmtprc /etc/msmtprc
|
||||
|
||||
####################
|
||||
# Monit
|
||||
####################
|
||||
echo "---------- Setting up monit ----------"
|
||||
if [ ! -d "/opt/monit/conf.d" ] ; then
|
||||
mkdir /opt/monit/conf.d
|
||||
fi
|
||||
if [ ! -f "/opt/monit/monitrc" ] ; then
|
||||
cat > /opt/monit/monitrc <<EOF
|
||||
set daemon 120
|
||||
set log /opt/monit/monit.log
|
||||
set idfile /opt/monit/id
|
||||
set statefile /opt/monit/state
|
||||
set eventqueue
|
||||
basedir /opt/monit/events # set the base directory where events will be stored
|
||||
slots 100 # optionally limit the queue size
|
||||
|
||||
set httpd port 2812 and
|
||||
use address 0.0.0.0
|
||||
allow ${CONFIG_MONIT_USER}:${CONFIG_MONIT_PASS}
|
||||
|
||||
include /opt/monit/conf.d/*
|
||||
EOF
|
||||
chmod 600 /opt/monit/monitrc
|
||||
fi
|
||||
|
||||
####################
|
||||
# Munin
|
||||
####################
|
||||
|
@ -231,71 +157,3 @@ echo "---------- Munin node setup ----------"
|
|||
rm /etc/munin/plugin-conf.d/*
|
||||
munin-node-configure --shell --remove-also --debug | sh -x
|
||||
#su - munin --shell=/bin/sh /usr/bin/munin-cron
|
||||
|
||||
####################
|
||||
# Dashboard
|
||||
####################
|
||||
echo "---------- Setting up dashboard ----------"
|
||||
if [ ! -d "/opt/dashboard" ] ; then
|
||||
mkdir /opt/dashboard
|
||||
fi
|
||||
if [ ! -f "/opt/dashboard/lighttpd.conf" ] ; then
|
||||
cat > /opt/dashboard/lighttpd.conf <<EOF
|
||||
server.username = "www-data"
|
||||
server.groupname = "www-data"
|
||||
|
||||
server.document-root = "/opt/dashboard/www"
|
||||
server.port = 80
|
||||
|
||||
server.errorlog = "/dev/stdout"
|
||||
accesslog.filename = "/dev/stdout"
|
||||
dir-listing.activate = "disable"
|
||||
server.modules = (
|
||||
"mod_access",
|
||||
"mod_accesslog",
|
||||
"mod_alias",
|
||||
"mod_rewrite",
|
||||
"mod_redirect",
|
||||
"mod_cgi",
|
||||
"mod_fastcgi",
|
||||
"mod_auth",
|
||||
"mod_authn_file",
|
||||
)
|
||||
server.pid-file = "/run/lighttpd.pid"
|
||||
server.follow-symlink = "enable"
|
||||
index-file.names = ( "index.html", "index.htm" )
|
||||
|
||||
mimetype.assign = (
|
||||
".html" => "text/html",
|
||||
".txt" => "text/plain",
|
||||
".css" => "text/css",
|
||||
".js" => "application/x-javascript",
|
||||
".jpg" => "image/jpeg",
|
||||
".jpeg" => "image/jpeg",
|
||||
".gif" => "image/gif",
|
||||
".png" => "image/png",
|
||||
"" => "application/octet-stream"
|
||||
)
|
||||
EOF
|
||||
fi
|
||||
if [ ! -d "/opt/dashboard/www" ] ; then
|
||||
mkdir /opt/dashboard/www
|
||||
chown www-data /opt/dashboard/www
|
||||
fi
|
||||
if [ ! -f "/opt/dashboard/www/index.html" ] ; then
|
||||
cat > /opt/dashboard/www/index.html <<EOF
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<title>containerized-monitoring</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<p>This page uses javascript to avoid manual entry of an ip for the href tag. Ports for the service have been listed below in case you do not have a javascript enabled browser.</p>
|
||||
<p><a href="#" onclick="javascript:window.location.port=2812">Monit Monitoring (port 2812)</a></p>
|
||||
<p><a href="#" onclick="javascript:window.location.port=2813">Munin Monitoring (port 2813)</a></p>
|
||||
</body>
|
||||
</html>
|
||||
EOF
|
||||
chown www-data /opt/dashboard/www/index.html
|
||||
fi
|
||||
|
|
28
run.sh
28
run.sh
|
@ -1,38 +1,24 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "**** Building latest monitoring container ****"
|
||||
echo "**** Building latest Munin container ****"
|
||||
$(pwd)/build.sh
|
||||
|
||||
echo "**** Loading secrets.sh ****"
|
||||
source ./secrets.sh
|
||||
echo "**** Deleting Original Container ****"
|
||||
sudo docker rm -f munin
|
||||
|
||||
echo "**** Deleting existing container ****"
|
||||
sudo docker rm -f containerized-monitoring
|
||||
|
||||
echo "**** Running monitoring ****"
|
||||
echo "**** Running Munin ****"
|
||||
sudo docker run -itd \
|
||||
--restart unless-stopped \
|
||||
--network services \
|
||||
--name containerized-monitoring \
|
||||
--name munin \
|
||||
-e TZ=UTC \
|
||||
-e DEBUG=1 \
|
||||
-e CONFIG_NOTIFY_EMAIL=$CONFIG_NOTIFY_EMAIL \
|
||||
-e CONFIG_NOTIFY_SMTP_SERVER=$CONFIG_NOTIFY_SMTP_SERVER \
|
||||
-e CONFIG_NOTIFY_SMTP_USER=$CONFIG_NOTIFY_SMTP_USER \
|
||||
-e CONFIG_NOTIFY_SMTP_PASS=$CONFIG_NOTIFY_SMTP_PASS \
|
||||
-e CONFIG_MONIT_USER=$CONFIG_MONIT_USER \
|
||||
-e CONFIG_MONIT_PASS=$CONFIG_MONIT_PASS \
|
||||
-p 2812:2812/tcp \
|
||||
-p 2813:2813/tcp \
|
||||
-p 80:80/tcp \
|
||||
-l diun.enable=true \
|
||||
-l traefik.enable=false \
|
||||
-v /var/containerized-monitoring/monit:/opt/monit \
|
||||
-v /var/containerized-monitoring/munin:/opt/munin \
|
||||
-v /var/munin:/opt/munin \
|
||||
--mount type=tmpfs,destination=/opt/munin/www \
|
||||
--mount type=tmpfs,destination=/opt/munin/log \
|
||||
--mount type=tmpfs,destination=/opt/munin/run \
|
||||
--mount type=tmpfs,destination=/opt/munin/cgi-tmp \
|
||||
containerized-monitoring:latest
|
||||
|
||||
docker logs -f --since=1m containerized-monitoring
|
||||
munin:latest
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/bash
|
||||
##########
|
||||
# monit
|
||||
##########
|
||||
CONFIG_MONIT_USER=admin
|
||||
CONFIG_MONIT_PASS=apassword
|
||||
|
||||
##########
|
||||
# email notifications via msmtp-mta
|
||||
# optional
|
||||
##########
|
||||
#CONFIG_NOTIFY_EMAIL=user@domain.tld
|
||||
#CONFIG_NOTIFY_SMTP_SERVER=email.domain.tld
|
||||
#CONFIG_NOTIFY_SMTP_USER=user@domain.tld
|
||||
#CONFIG_NOTIFY_SMTP_PASS=apassword
|
27
test.sh
27
test.sh
|
@ -1,36 +1,23 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "**** Building latest monitoring container ****"
|
||||
echo "**** Building latest Munin container ****"
|
||||
$(pwd)/build.sh
|
||||
|
||||
echo "**** Loading secrets.sh ****"
|
||||
source ./secrets.sh
|
||||
echo "**** Deleting Original Container ****"
|
||||
sudo docker rm -f munin
|
||||
|
||||
echo "**** Deleting existing container ****"
|
||||
sudo docker rm -f containerized-monitoring
|
||||
|
||||
echo "**** Running monitoring ****"
|
||||
sudo docker run -itd \
|
||||
echo "**** Running Munin ****"
|
||||
sudo docker run -it \
|
||||
--restart unless-stopped \
|
||||
--network services \
|
||||
--name containerized-monitoring \
|
||||
--name munin \
|
||||
-e TZ=UTC \
|
||||
-e DEBUG=1 \
|
||||
-e CONFIG_NOTIFY_EMAIL=$CONFIG_NOTIFY_EMAIL \
|
||||
-e CONFIG_NOTIFY_SMTP_SERVER=$CONFIG_NOTIFY_SMTP_SERVER \
|
||||
-e CONFIG_NOTIFY_SMTP_USER=$CONFIG_NOTIFY_SMTP_USER \
|
||||
-e CONFIG_NOTIFY_SMTP_PASS=$CONFIG_NOTIFY_SMTP_PASS \
|
||||
-e CONFIG_MONIT_USER=$CONFIG_MONIT_USER \
|
||||
-e CONFIG_MONIT_PASS=$CONFIG_MONIT_PASS \
|
||||
-p 2812:2812/tcp \
|
||||
-p 2813:2813/tcp \
|
||||
-p 80:80/tcp \
|
||||
-l diun.enable=true \
|
||||
-l traefik.enable=false \
|
||||
--mount type=tmpfs,destination=/opt/munin/www \
|
||||
--mount type=tmpfs,destination=/opt/munin/log \
|
||||
--mount type=tmpfs,destination=/opt/munin/run \
|
||||
--mount type=tmpfs,destination=/opt/munin/cgi-tmp \
|
||||
containerized-monitoring:latest
|
||||
|
||||
docker logs -f --since=1m containerized-monitoring
|
||||
munin:latest
|
||||
|
|
Loading…
Reference in a new issue