From 079c1866566f56e94e92e884efdcbb9ee891331f Mon Sep 17 00:00:00 2001
From: jerick <jerick00201@gmail.com>
Date: Thu, 13 Oct 2022 19:43:57 -0400
Subject: [PATCH] better compose added

---
 README.md                |  31 +++++
 docker-compose.yml       | 239 ++++++++++++++++++++++++++++-----------
 env/mysql/init-mysql.sh  |  17 +++
 icinga2.conf.d/README.md |   1 +
 icingadb.conf            |   6 +
 icingaweb-api-user.conf  |   4 +
 init-icinga2.sh          |  13 +++
 7 files changed, 244 insertions(+), 67 deletions(-)
 create mode 100755 env/mysql/init-mysql.sh
 create mode 100644 icinga2.conf.d/README.md
 create mode 100644 icingadb.conf
 create mode 100644 icingaweb-api-user.conf
 create mode 100755 init-icinga2.sh

diff --git a/README.md b/README.md
index e69de29..9b5658f 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1,31 @@
+# docker-compose Icinga stack
+
+docker-compose configuration to start-up an Icinga stack containing
+Icinga 2, Icinga Web 2 and Icinga DB.
+
+Ensure you have the latest Docker and docker-compose versions and
+then just run `docker-compose -p icinga-playground up` in order to start the Icinga stack.
+
+Icinga Web is provided on port **8080** and you can access the Icinga 2 API on port **5665**.
+The default user of Icinga Web is `icingaadmin` with password `icinga` and
+the default user of the Icinga 2 API for Web is `icingaweb` with password `icingaweb`.
+
+## Upgrading from v1.1.0 to v1.2.0
+
+**v1.2.0** deploys Icinga Web ≥ 2.11.0, Icinga 2 ≥ 2.13.4, Icinga DB ≥ 1.0.0 and Icinga DB Web ≥ 1.0.0.
+The Icinga Director is also set up and its daemon started, all in a separate container.
+
+The easiest way to upgrade is to start over, removing all the volumes and
+therefore wiping out any configurations you have changed:
+
+`docker-compose -p icinga-playground down --volumes && docker-compose pull && docker-compose -p icinga-playground up --build -d`
+
+
+## Upgrading from v1.0.0 to v1.1.0
+
+**v1.1.0** deploys Icinga Web 2.9.0 and snapshots of Icinga 2, Icinga DB and Icinga DB Web.
+
+The easiest way to upgrade is to start over, removing all the volumes and
+therefore wiping out any configurations you have changed:
+
+`docker-compose down --volumes && docker-compose build --pull && docker-compose -p icinga-playground up -d`
diff --git a/docker-compose.yml b/docker-compose.yml
index 10d7df1..ceb945d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,71 +1,176 @@
-version: "3"
+version: '3.7'
+
+x-icinga-db-web-config:
+  &icinga-db-web-config
+  icingaweb.modules.icingadb.config.icingadb.resource: icingadb
+  icingaweb.modules.icingadb.redis.redis1.host: icingadb-redis
+  icingaweb.modules.icingadb.redis.redis1.port: 6379
+  icingaweb.modules.icingadb.commandtransports.icinga2.host: icinga2
+  icingaweb.modules.icingadb.commandtransports.icinga2.port: 5665
+  icingaweb.modules.icingadb.commandtransports.icinga2.password: ${ICINGAWEB_ICINGA2_API_USER_PASSWORD:-icingaweb}
+  icingaweb.modules.icingadb.commandtransports.icinga2.transport: api
+  icingaweb.modules.icingadb.commandtransports.icinga2.username: icingaweb
+  icingaweb.resources.icingadb.charset: utf8mb4
+  icingaweb.resources.icingadb.db: mysql
+  icingaweb.resources.icingadb.dbname: icingadb
+  icingaweb.resources.icingadb.host: mysql
+  icingaweb.resources.icingadb.password: ${ICINGADB_MYSQL_PASSWORD:-icingadb}
+  icingaweb.resources.icingadb.type: db
+  icingaweb.resources.icingadb.username: icingadb
+
+x-icinga-director-config:
+  &icinga-director-config
+  icingaweb.modules.director.config.db.resource: director-mysql
+  icingaweb.modules.director.kickstart.config.endpoint: icinga2
+  icingaweb.modules.director.kickstart.config.host: icinga2
+  icingaweb.modules.director.kickstart.config.port: 5665
+  icingaweb.modules.director.kickstart.config.username: icingaweb
+  icingaweb.modules.director.kickstart.config.password: ${ICINGAWEB_ICINGA2_API_USER_PASSWORD:-icingaweb}
+  icingaweb.resources.director-mysql.charset: utf8mb4
+  icingaweb.resources.director-mysql.db: mysql
+  icingaweb.resources.director-mysql.dbname: director
+  icingaweb.resources.director-mysql.host: mysql
+  icingaweb.resources.director-mysql.password: ${ICINGA_DIRECTOR_MYSQL_PASSWORD:-director}
+  icingaweb.resources.director-mysql.type: db
+  icingaweb.resources.director-mysql.username: director
+
+x-icinga-web-config:
+  &icinga-web-config
+  icingaweb.authentication.icingaweb2.backend: db
+  icingaweb.authentication.icingaweb2.resource: icingaweb-mysql
+  icingaweb.config.global.config_backend: db
+  icingaweb.config.global.config_resource: icingaweb-mysql
+  icingaweb.config.global.module_path: /usr/share/icingaweb2/modules
+  icingaweb.config.logging.log: php
+  icingaweb.groups.icingaweb2.backend: db
+  icingaweb.groups.icingaweb2.resource: icingaweb-mysql
+  icingaweb.passwords.icingaweb2.icingaadmin: icinga
+  icingaweb.resources.icingaweb-mysql.charset: utf8mb4
+  icingaweb.resources.icingaweb-mysql.db: mysql
+  icingaweb.resources.icingaweb-mysql.dbname: icingaweb
+  icingaweb.resources.icingaweb-mysql.host: mysql
+  icingaweb.resources.icingaweb-mysql.password: icingaweb
+  icingaweb.resources.icingaweb-mysql.type: db
+  icingaweb.resources.icingaweb-mysql.username: icingaweb
+  icingaweb.roles.Administrators.groups: Administrators
+  icingaweb.roles.Administrators.permissions: '*'
+  icingaweb.roles.Administrators.users: icingaadmin
+
+x-icinga2-environment:
+  &icinga2-environment
+  ICINGA_CN: icinga2
+  ICINGA_MASTER: 1
+
+x-logging:
+  &default-logging
+  driver: "json-file"
+  options:
+    max-file: "10"
+    max-size: "1M"
+
+networks:
+  default:
+    name: icinga-playground
 
 services:
-  icinga2:
-    image: icinga/icinga2
-    container_name: icinga2
-    #Think you need this, but not sure yet
-    network_mode: bridge
-    ports:
-      - "443"
-      - 5665:5665
-      - 8080:80
-    environment:
-      - MYSQL_ROOT_PASSWORD=OyZF1U6a3UrnrDoKq5X3qA
-      - DEFAULT_MYSQL_HOST=mysql-icingadb
-      - DEFAULT_MYSQL_PORT=3306
-      - DEFAULT_MYSQL_USER=icinga
-      - DEFAULT_MYSQL_PASS=tULfn6fGVZY
-      - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-      - APACHE2_HTTP=REDIRECT
-      - ICINGA2_FEATURE_GRAPHITE=false
-      - ICINGA2_FEATURE_GRAPHITE_HOST=graphite
-      - ICINGA2_FEATURE_GRAPHITE_PORT=2003
-      - ICINGA2_FEATURE_GRAPHITE_URL=http://graphite
-      - ICINGA2_FEATURE_GRAPHITE_SEND_THRESHOLDS=true
-      - ICINGA2_FEATURE_GRAPHITE_SEND_METADATA=false
-      - ICINGA2_USER_FULLNAME=Icinga2
-      - ICINGA2_FEATURE_DIRECTOR=true
-      - ICINGA2_FEATURE_DIRECTOR_KICKSTART=true
-      - ICINGA2_FEATURE_DIRECTOR_USER=icinga2-director
-      - MYSQL_ROOT_USER=root
-    restart: unless-stopped
-  mysql-icingadb:
-    image: mysql:8.0
-    container_name: mysql-icingadb
-    network_mode: bridge
-    ports:
-      - 3306:3306
-      - 33060:33060
-    environment:
-      - MYSQL_ROOT_PASSWORD=OyZF1U6a3UrnrDoKq5X3qA
-      - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-      - GOSU_VERSION=1.12
-      - MYSQL_MAJOR=8.0
-      - MYSQL_VERSION=8.0.25-1debian10
-    restart: unless-stopped
-  npm_app_1:
-    image: jc21/nginx-proxy-manager:latest
-    container_name: npm_app_1
-    restart: unless-stopped
-    ports:
-      # These ports are in format <host-port>:<container-port>
-      - '80:80' # Public HTTP Port
-      - '443:443' # Public HTTPS Port
-      - '81:81' # Admin Web Port
-      # Add any other Stream port you want to expose
-      # - '21:21' # FTP
-
-    # Uncomment the next line if you uncomment anything in the section
-    # environment:
-      # Uncomment this if you want to change the location of 
-      # the SQLite DB file within the container
-      # DB_SQLITE_FILE: "/data/database.sqlite"
-
-      # Uncomment this if IPv6 is not enabled on your host
-      # DISABLE_IPV6: 'true'
-
+  director:
+    command:
+      - /bin/bash
+      - -ce
+      - |
+        echo "Testing the database connection. Container could restart."
+        (echo > /dev/tcp/mysql/3306) >/dev/null 2>&1
+        echo "Testing the Icinga 2 API connection. Container could restart."
+        (echo > /dev/tcp/icinga2/5665) >/dev/null 2>&1
+        icingacli director migration run
+        (icingacli director kickstart required && icingacli director kickstart run && icingacli director config deploy) || true
+        echo "Starting Icinga Director daemon."
+        icingacli director daemon run
+    entrypoint: []
+    logging: *default-logging
+    image: icinga/icingaweb2
+    restart: on-failure
     volumes:
-      - ./data:/data
-      - ./letsencrypt:/etc/letsencrypt
+      - icingaweb:/data
 
+  # The Icinga 2 docker image does not support configuration via env vars at the moment.
+  # So, we have to ship some configs with this little init container. Referenced in depends_on of the icinga2 service.
+  init-icinga2:
+    command: [ "/config/init-icinga2.sh" ]
+    environment: *icinga2-environment
+    image: icinga/icinga2
+    logging: *default-logging
+    volumes:
+      - icinga2:/data
+      - ./icingadb.conf:/config/icingadb.conf
+      - ./icingaweb-api-user.conf:/config/icingaweb-api-user.conf
+      - ./init-icinga2.sh:/config/init-icinga2.sh
+
+  icinga2:
+    command: [ "sh", "-c", "sleep 5 ; icinga2 daemon" ]
+    depends_on:
+      - icingadb-redis
+      - init-icinga2
+    environment: *icinga2-environment
+    image: icinga/icinga2
+    logging: *default-logging
+    ports:
+      - 5665:5665
+    volumes:
+      - icinga2:/data
+      - ./icinga2.conf.d:/custom_data/custom.conf.d
+
+  icingadb:
+    environment:
+      ICINGADB_DATABASE_HOST: mysql
+      ICINGADB_DATABASE_PORT: 3306
+      ICINGADB_DATABASE_DATABASE: icingadb
+      ICINGADB_DATABASE_USER: icingadb
+      ICINGADB_DATABASE_PASSWORD: ${ICINGADB_MYSQL_PASSWORD:-icingadb}
+      ICINGADB_REDIS_HOST: icingadb-redis
+      ICINGADB_REDIS_PORT: 6379
+    depends_on:
+      - mysql
+      - icingadb-redis
+    image: icinga/icingadb
+    logging: *default-logging
+
+  icingadb-redis:
+    image: redis
+    logging: *default-logging
+
+  icingaweb:
+    depends_on:
+      - mysql
+    environment:
+      icingaweb.enabledModules: director, icingadb, incubator
+      <<: *icinga-db-web-config
+      <<: *icinga-director-config
+      <<: *icinga-web-config
+    logging: *default-logging
+    image: icinga/icingaweb2
+    ports:
+      - 8080:8080
+    # Restart Icinga Web container automatically since we have to wait for the database to be ready.
+    # Please note that this needs a more sophisticated solution.
+    restart: on-failure
+    volumes:
+      - icingaweb:/data
+
+  mysql:
+    image: mariadb:10.7
+    command: --default-authentication-plugin=mysql_native_password
+    environment:
+      MYSQL_RANDOM_ROOT_PASSWORD: 1
+      ICINGADB_MYSQL_PASSWORD: ${ICINGADB_MYSQL_PASSWORD:-icingadb}
+      ICINGAWEB_MYSQL_PASSWORD: ${ICINGAWEB_MYSQL_PASSWORD:-icingaweb}
+      ICINGA_DIRECTOR_MYSQL_PASSWORD: ${ICINGA_DIRECTOR_MYSQL_PASSWORD:-director}
+    logging: *default-logging
+    volumes:
+      - mysql:/var/lib/mysql
+      - ./env/mysql/:/docker-entrypoint-initdb.d/
+
+volumes:
+  icinga2:
+  icingaweb:
+  mysql:
diff --git a/env/mysql/init-mysql.sh b/env/mysql/init-mysql.sh
new file mode 100755
index 0000000..f476ef8
--- /dev/null
+++ b/env/mysql/init-mysql.sh
@@ -0,0 +1,17 @@
+#!/bin/sh -x
+
+create_database_and_user() {
+    DB=$1
+    USER=$2
+    PASSWORD=$3
+
+    mysql --user root --password=$MYSQL_ROOT_PASSWORD <<EOS
+CREATE DATABASE IF NOT EXISTS ${DB};
+CREATE USER IF NOT EXISTS  '${USER}'@'%' IDENTIFIED BY '${PASSWORD}';
+GRANT ALL ON ${DB}.* TO '${USER}'@'%';
+EOS
+}
+
+create_database_and_user director director ${ICINGA_DIRECTOR_MYSQL_PASSWORD}
+create_database_and_user icingadb icingadb ${ICINGADB_MYSQL_PASSWORD}
+create_database_and_user icingaweb icingaweb ${ICINGAWEB_MYSQL_PASSWORD}
diff --git a/icinga2.conf.d/README.md b/icinga2.conf.d/README.md
new file mode 100644
index 0000000..9b9a53b
--- /dev/null
+++ b/icinga2.conf.d/README.md
@@ -0,0 +1 @@
+Here is the space for custom Icinga 2 configuration.
diff --git a/icingadb.conf b/icingadb.conf
new file mode 100644
index 0000000..add55f0
--- /dev/null
+++ b/icingadb.conf
@@ -0,0 +1,6 @@
+library "icingadb"
+
+object IcingaDB "icingadb" {
+    host = "icingadb-redis"
+    port = 6379
+}
diff --git a/icingaweb-api-user.conf b/icingaweb-api-user.conf
new file mode 100644
index 0000000..1afb70f
--- /dev/null
+++ b/icingaweb-api-user.conf
@@ -0,0 +1,4 @@
+object ApiUser "icingaweb" {
+  password = "$ICINGAWEB_ICINGA2_API_USER_PASSWORD"
+  permissions = [ "*" ]
+}
diff --git a/init-icinga2.sh b/init-icinga2.sh
new file mode 100755
index 0000000..9fc585d
--- /dev/null
+++ b/init-icinga2.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+set -e
+set -o pipefail
+
+if [ ! -f /data/etc/icinga2/conf.d/icingaweb-api-user.conf ]; then
+  sed "s/\$ICINGAWEB_ICINGA2_API_USER_PASSWORD/${ICINGAWEB_ICINGA2_API_USER_PASSWORD:-icingaweb}/" /config/icingaweb-api-user.conf >/data/etc/icinga2/conf.d/icingaweb-api-user.conf
+fi
+
+if [ ! -f /data/etc/icinga2/features-enabled/icingadb.conf ]; then
+  mkdir -p /data/etc/icinga2/features-enabled
+  cat /config/icingadb.conf >/data/etc/icinga2/features-enabled/icingadb.conf
+fi